portfast blocks a port from sending or receiving BPDUs (as defined by documentation).
1-When Switch creates BPDU packets, and floods them. is this CPU handeled?
2- are BPDUs still forwarded to interface configured with portfast & bpdufilter and interface drops this traffic or does the switch simply not send any BPDUs to these ports.
I am planning to reduce baselined CPU level by removing SPT where not needed.
There are two kinds of bpdufilter: per-port bpdufilter or global bpdufilter (effective on portfast ports).
- per port bpdufilter is dangerous. As it was stated earlier, it filters both outgoing and incoming bpdus and can result in STP failing from protecting your network against accidental cabling error or misconfiguration. Furthermore, bpdus are always handled in software. So even when bpdufilter is configured on a port, the bpdu will be sent to the cpu for inspection, and this will roughly take as much cpu to discard the bpdu with bpdufilter as it would take with no bpdufilter (that's a reason why bpduguard can be useful, because if an edge port is hammered by bpdus, you'd rather bring it down to protect your cpu).
- global bpdufilter does not filter incoming bpdus. In fact, as soon as a bpdu is received on a port, this feature is disabled. It just filters out the outgoing bpdus. This can provide some cpu relief if you are running pvst with lots of edge trunks (trunks configured for portfast, with no L2 neighbor). That's not a frequent scenario. If you are running MST or PVST with access edge ports, you are only sending one bpdu per physical port, and configuring the feature will not save much on your cpu utilization.