This option allows multiple bridges to communicate with each other for network discovery and loop avoidance. This is useful to eliminate data cycles to provide optimal packet routing because with STP on, bridges can talk to each other and figure out how they are connected, and then provide the best routing possible for the data packet transmission. STP also allows fault tolerance since it checks the network topology if a bridge fails. To turn on the STP option, just modify the bridge configuration, as follows:

bridge_stp on 

STP increases bandwidth efficiency while posing security issues. Do not use STP when a virtual subnet requires isolation from the other virtual subnet in the same cluster and you do not want the bridges to talk to each other. It is a useful option when working inside the virtual environment of a company, where data can flow freely between departments' subnets.

STP does not have any authentication and assumes all network interfaces to be trustworthy. When a bridge inquires about the network topology from another bridge, information is freely shared without any authentication. Thus, a user in the bridge can potentially gather data of the entire network topology and other bridges in the network. This leads to a dangerous situation when bridging between the internal environment and the internet.