What is RSTP?
RSTP stands for Rapid Spanning Tree Protocol and is a network protocol that detects and prevents loops in Ethernet networks. It is the faster successor to STP (Spanning Tree Protocol) and is essential in networks with redundant connections.
In OT networks, RSTP prevents broadcast storms or loops from bringing the network down when multiple Switches are interconnected via redundant paths.
🧠 How does RSTP work?
- RSTP detects the network structure and automatically determines a loop-free topology
- The switch with the lowest Bridge ID is chosen as the root bridge
- Other paths are marked as alternate or backup and kept inactive
- If an active path fails, RSTP automatically activates a backup path within seconds
- Unlike STP (30–50s convergence), RSTP often converges in less than 1 second to a few seconds
RSTP operates at layer 2 of the OSI model and is defined in IEEE 802.1w.
🏭 Use of RSTP in industrial networks
- Redundancy between Industrial Ethernet Switches in ring or mesh topologies
- Protection against loops caused by faulty cabling or accidental connections
- Network continuity between PLCs, SCADA, HMIs and Drives
- Compatible with standard Ethernet and many industrial protocols (e.g. Modbus TCP, OPC UA)
- Used in factory automation, the process industry, energy and transport networks
In industrial environments, RSTP is often used as a basic form of redundancy, before more advanced protocols such as MRP or PRP.
🔍 RSTP vs. STP vs. MRP
| Aspect | RSTP | STP | MRP (Media Redundancy Protocol) |
|---|---|---|---|
| Convergence time | <1 – 10 seconds | 30–50 seconds | <200 ms (ring-based) |
| Topology | Flexible (mesh, ring, tree) | Flexible | Ring only |
| Complexity | Moderate | Low | Slightly higher, but OT-specific |
| Use in OT | Common in standard configurations | Outdated, slow | Preferred for real-time applications |
🔐 Security considerations
- Traffic between switches can be abused for STP spoofing – use BPDU Guard and Root Guard
- Restrict RSTP traffic to trusted ports via ACL or Port Security
- Monitor RSTP topology changes via SNMP or Syslog
- Use SIEM to detect unwanted changes to the root bridge or paths
- In critical zones: consider a TAP for passive monitoring of RSTP behaviour
Although RSTP itself is not encrypted, you can monitor and restrict the network behaviour through switch configuration.
📌 In summary
RSTP prevents network loops and provides quick recovery options for connection failures, essential for reliable OT communication. It is easy to implement, compatible with standard Ethernet and offers a good balance of speed, stability and simplicity.