Chapter 36. Bridges
Bridges are both hardware and software devices. They can be stand alone devices --separate boxes specifically designed for bridging applications-- or they can be dedicated PCs (with 2 NICs and bridging software). Most server software will automatically act as a bridge when a second NIC card is installed.
Bridge OSI Operating Layer
Bridges operate on the OSI Model Data Link Layer. They look at the MAC addresses for Ethernet and Token Ring, and determine whether or not to forward--or ignore--a packet.
Purpose of a Bridge
The purposes of a Bridge are the following:
Isolates networks by MAC addresses
Manages network traffic by filtering packets
Translates from one protocol to another
Isolates networks by MAC addresses
For example, you have one segment called Segment 100: it has 50 users (in several departments) using this network segment. The Engineering Dept. is CAD (Computer Aided Design) -oriented, while the Accounting Dept. is into heavy number crunching (year end reports, month end statements, etc.).
On this network, any traffic between Client A, B or C and the Accounting File Server (in the Accounting Dept.) will be heard across the Segment 100. Likewise, any traffic between the Engineering Dept. Clients G, H or I (to the CAD File Server) will be heard throughout the Network Segment. The result is that "Other" Department accesses to the Generic File Server are incredibly slow: this is because of the unnecessary traffic that's being generated from other departments (Engineering & Accounting).
Note: The designations A, B, and C are used (instead of MAC addresses) for brevity. The actual MAC addresses would be hexadecimal numbers, such as 08-00-EF-45-DC-01.
The solution is to use one Bridge to isolate the Accounting Dept., and another bridge to isolate the Engineering Department. The Bridges will only allow packets to pass through that are not on the local segment. The bridge will first check its "routing" table to see if the packet is on the local segment. If it is, it will ignore the packet, and not forward it to the remote segment. If Client A sent a packet to the Accounting File Server then Bridge #1 will check its routing table (to see if the Accounting File Server is on the local port). If it is on the local port, then Bridge #1 will not forward the packet to the other segments.
If Client A sent a packet to the Generic File Server, Bridge #1 will again check its routing table to see if the Generic File Server is on the local port. If it is not, then Bridge #1 will forward the packet to the remote port.
Note: The terms local and remote ports are arbitrarily chosen to distinguish between the two network ports available on a bridge.
In this manner, the network is segmented, and the local department traffic is isolated from the rest of the network. Overall network bandwidth increases because the Accounting Dept. does not have to fight with the Engineering Dept. (for access to the segment). Each segment has reduced the amount of traffic on it and the result is faster access. Each department still has complete access to the other segments, but only when required.
Manages network traffic by filtering packets
Bridges listen to the network traffic, and build an image of the network on each side of the bridge. This image of the network indicates the location of each node (and the bridge's port that accesses it). With this information, a bridge can make a decision whether to forward the packet across the bridge --if the destination address is not on the same port-- or, it can decide to not forward the packet (if the destination is on the same port).
This process of deciding whether or not to forward a packet is termed "filtering packets." Network traffic is managed by deciding which packets can pass through the bridge; the bridge filters packets.
Translates from one protocol to another
The MAC layer also contains the bus arbitration method used by the network. This can be CSMA/CD, as used in Ethernet, or Token Passing, as used in Token Ring. Bridges are aware of the Bus Arbitration and special translation bridges can be used to translate between Ethernet and Token Ring.
Bridge Segment to Segment Characteristics
Bridges physically separate a network segment by managing the traffic (that's based on the MAC address).
Bridges are store and forward devices. They receive a packet on the local segment, store it, and wait for the remote segments to be clear before forwarding the packet.
The two physical types of bridges are Local and Remote Bridges.
Local Bridges are used (as in the previous examples) where the network is being locally (talking physical location now) segmented. The 2 segments are physically close together: same building, same floor, etc. Only one bridge is required.
Remote Bridges are used in pairs, and also used where the network is remotely segmented (again, talking physical locations). The two segments are physically far apart: different buildings, different floors, etc. 2 x Half Bridges are required: one at each segment. The Remote bridges are 1/2 of a normal bridge, and may use several different communications media in between.
Bridge Methodologies
There are 3 primary bridging methodologies used by bridges for connecting local area networks:
Transparent bridges
Spanning Tree Protocol
Source Routing
Transparent Bridges were originally developed to support the connection of Ethernet networks. The spanning tree protocol was developed to improve transparent bridging. Source Routing Bridges are used by Token Ring. Source routing bridges require a solid understanding of Token Ring concepts, and as such will be covered under the section discussing Token Ring.
Transparent Bridges
Transparent Bridges examine the MAC address of the frames to determine whether the packet is on the local Segment or on the distant Segment. Early bridges required the system administrator to manually build the routing table to tell a bridge which addresses were on which side of the bridge. Manually building a routing table is called fixed or static routing. Modern bridges are self-learning: they listen to the network frame source addresses to determine which side of the bridge the node is on, and build a routing table that way.
The following network will be used as an example of a self-learning transparent bridge's routing table construction.
As frames flow on Bridge #1's local port, Bridge #1 examines the source address of each frame. Eventually, after all nodes on the local port have become active, Bridge #1 associates their address as being on the local port. Any frames with a destination address (other than the nodes on the local port) are forwarded to the remote port. As far as Bridge #1 is concerned, nodes on Bridge #2's local port appear as if they were on Bridge #1's remote port.
Bridge #2 builds its routing table in a similar manner to Bridge #1. Note the differences.
Advantages of Transparent Bridges
Self learning: requires no manual configuration, considered plug and work
Independent of higher level protocols (TCP/IP, IPX/SPX, Netbeui, etc.)
Disadvantages of Transparent Bridges
Can only work with one path between segments: loops are not allowed. A loop would confuse the bridge as to which side of the bridge a node was really on (i.e. local or remote?).
Transparent Bridges are not acceptable for use on MANs or WANs, because many paths can be taken to reach a destination. In the above example, it is simple to determine that a loop occurs, but in a large corporate network (with several hundred bridges), it may be next to impossible to determine. As such, Bridges are most commonly used in LAN to LAN connectivity (and not in MANs or WANs).
Spanning Tree Protocol - IEEE 802.1D
The Spanning Tree Protocol was developed to address the problems of loops in Transparent Bridging. The IEEE 802.1D (Institute of Electrical and Electronic Engineers) committee formed the Spanning Tree Protocol.
The Spanning Tree Protocol (STP) converts a loop into a tree topology by disabling a bridge link. This action ensures that there is a unique path from any node to every other node (in a MAN or WAN). Disabled bridges are kept in a stand-by mode of operation until a network failure occurs. At that time, the Spanning Tree Protocol will attempt to construct a new tree, using any of the previously disabled links.
The Spanning Tree Protocol is a Bridge-to-Bridge communication where all bridges cooperate to form the overall bridge topology. The Spanning Tree algorithm is dynamic, and periodically checks every one to four seconds to see if the bridge topology has changed.
Bridge #3 & #5 are stand-by bridges, and have their links disabled. This results in only a single path to each network segment.
Each bridge is assigned an arbitrary number that assigns priority to the bridge in the Internetwork. The number is concatenated with the bridge MAC address. If 2 bridges have the same priority, the MAC address is used as a tie breaker mechanism. The lower the assigned number, the higher the bridge priority.
During initial power-up, a Bridge Protocol Data Unit (BPDU) is flooded out each network port of the bridge. The BPDU contains the following: the current spanning tree root, the distance to the root (measured in hops through other bridges), the bridge address information, and the age of the information in the BPDU. Bridge priorities are usually controlled manually so as to configure the traffic flow--over the Internetwork--on a preferred path.
Problems can arise where, for example, the Spanning Tree Algorithm may select a path from Los Angeles to New York City --and back to San Francisco--rather than the preferred route of Los Angeles to San Francisco.
Reasons to use a Bridge
There are four basic reasons to use a bridge:
Security: Stops networks from forwarding sensitive data
Bandwidth: Reduce traffic by segmentation
Reliability: If 1 segment goes down, it does not take down the complete LAN
Translation: Translate different Data Link protocols such as Token Ring to Ethernet
Bridge Addressing
Bridges work at the Data Link Layer and they recognize the MAC addresses. Spanning Tree Protocol adds a Bridge Protocol Data Unit (BPDU) for Bridge to Bridge communications. Source Route Bridges and Token Ring provide special Data Link layer communication (and will be discussed later).
Collapsed Backbones
Collapsed Backbones take the network backbone and electronically collapse it into a high speed electronic card cage. Usually, Collapsed Backbones operate at 100 Mbps. The card cage holds plug-in cards for repeaters, hubs, bridges, routers, brouters and gateways.
Software is provided to remotely configure all plug-in cards using SNMP. SNMP is a network management protocol that stands for Simple Network Management Protocol. It is a standard for intelligent network devices to communicate their configuration to administrators (who are operating from remote workstations). The workstations can be located thousands of miles away!
If this section was helpful, why not donate to further development?