Hello Lukas
In its operation, STP relies on a continuous reception and transmission of BPDUs to determine the port role. Typically, a designated port transmits BPDUs and a non-designated port receives BPDUs.
Now when one of the ports in a redundant topology no longer receives BPDUs, STP believes that the topology is loop free. A blocked port in such a situation would become a designated port and move into ta forwarding state and this creates a loop. Now a topology is especially vulnerable to this when there is a unidirectional failure, that is, that traffic begins to flow only in one direction on a link.
Now loopguard makes additional checks. If BPDUs are not received on a non-designated port, and loop guard is enabled, that port is moved into an STP loop-inconsistent blocking state, thus maintaining the loop free topology.
Bridge Assurance adds additional check to this procedure. Specifically, unlike loopguard, BPDUs are sent out of ALL operational network ports wherever it is enabled including alternate and backup ports. Similarly to loopguard, if a port does not receive a BPDU for a specified period, the port moves into an inconsistent state.
This fact allows bridge assurance to perceive situations that loopguard cannot such as:
- the fact that loopguard can only be enabled on root and alternate ports and not on designated ports
- loopguard is ineffective at detecting a port that has been unidirectional since link-up.
Bridge Assurance causes BPDUs to travel in both directions on all ports verifying health and awareness of switches. In other words, in the worst case scenario, if STP fails for whatever reason, it will fail by blocking rather than by unblocking an port, thus ensuring that a loop is not inadvertently created.
I hope this has been helpful!
Laz