Bridges

Bridges are both hardware and software devices. They can be standalone devices separate boxes specifically designed for bridging applications, or they can be dedicated PCs with 2 NICs and bridging software. Most servers software will automatically act as a bridge when a second NIC card is installed.

a. Bridge OSI Operating Layer

Bridges operate on the OSI Model Data Link Layer. They look at the MAC addresses for Ethernet and Token Ring to determine whether or not to forward or ignore a packet.

b. Purpose of a Bridge
The purposes of a Bridge are:

Isolates networks by MAC addresses Manages network traffic by filtering packets Translate from one protocol to another

Isolates networks by MAC addresses For example, you have 1 segment called Segment 100 with 50 users in several departments using this network segment. The Engineering Dept. is CAD (Computer Aided Design) oriented and the Accounting Dept. is into heavy number crunching: year end reports, month end statements etc.. Manages network traffic by filtering packets Bridges listen to the network traffic and build an image of the network on each side of the bridge. This image of the network indicates the location of each node and the bridge's port that accesses it. With this information, a bridge can make a decision whether to

forward the packet across the bridge if the destination address is not on the same port or it can decide to not forward the packet if the destination is on the same port. This process of deciding whether or not to forward a packet is termed filtering packets. Network traffic is managed by deciding which packets can pass through the bridge. The bridge filters packets. Translate from one protocol to another The MAC layer also contains the bus arbitration method used by the network. This can be CSMA/CD as used in Ethernet or Token Passing as used in Token Ring. Bridges are aware of the Bus Arbitration and special translation bridges can be used to translate between Ethernet and Token Ring.

c. Bridge Segment to Segment Characteristics

Bridges physically separate a network segments by managing the traffic based on the MAC address. Bridges are store and forward devices. They receive a packet on the local segment, store it and wait for the remote segment's to be clear before forwarding the packet. There are 2 physical types of bridges: Local and Remote Bridges. Local Bridges are used as in the previous examples where the network is being locally (talking physical location now) segmented. The 2 segments are physically close together: same building, same floor, etc... Only 1 bridge is required.

Remote Bridges are used in pairs and where the network is remotely segmented (again talking physical locations). The 2 segments are physically far apart: different buildings, different floors, etc... 2 x Half Bridges are required: one at each segment. The Remote bridges are 1/2 of a normal bridge and may use several different communications media inbetween.

On this network, any traffic between Client A, B or C and the Accounting File Server in the Accounting Dept. will be heard across the Segment 100. Likewise any traffic between the Engineering Dept.'s Clients G, H or I to the CAD File Server will be heard throughout the Network Segment. The result is that the "Other" Departments access to the Generic File Server is incredibly slow because of the unnecessary traffic occurring due to other departments: Engineering & Accounting. Note: The designations A, B, and C are used instead of MAC addresses for brevity. The actual MAC addresses would be hexadecimal numbers such as 08-00-EF-45-DC-01. The solution is to use a Bridge to isolate the Accounting Dept. and another bridge to isolate the Engineering Department. The Bridges will only allow packets to pass through that are not on the local segment. The bridge will first check its "routing" table to see if the packet is on the local segment, if it is, it will ignore the packet and not forward it to the remote segment. If Client A sent a packet to the Accounting File Server, Bridge #1 will check its routing table, to see if the Accounting File Server is on the local port. If it is on the local port, Bridge #1 will not forward the packet to the other segments.

d. Bridge Methodologies

There are 3 primary bridging methodologies used by bridges for connecting local area networks:

Transparent bridges Spanning Tree Protocol Source Routing

Transparent Bridges were originally developed to support the connection of Ethernet networks. The spanning tree protocol was developed to improve upon transparent bridging. Source Routing Bridges are used by Token Ring. Source routing bridges require a solid understanding of Token Ring concepts and as such will be covered under the section discussing Token Ring. Transparent Bridges Transparent Bridges examine the MAC address of the frames to determine whether the packet is on the local Segment or on the distant Segment. Early bridges required the system administrator to manually build the routing table to tell a bridge which addresses were on which side of the bridge. Manually building a routing table is called fixed or static routing. Modern bridges are self-learning, they listen to the network frame source addresses to determine which side of the bridge the node is on and build a routing table that way. The following network will be used as an example of a self-learning transparent bridge's routing table construction.

As frames flow on Bridge #1's local port, Bridge #1 examines the source address of each frame. Eventually after all nodes on the local port, have become active, Bridge #1 associates their address as being on the local port. Any frames with a destination address other than the nodes on the local port are forwarded to the remote port. As far as Bridge #1 is concerned, nodes on Bridge #2's local port appear as if they were on Bridge #1's remote port.

Bridge #2 builds its routing table in a similar manner to Bridge #1. Note the differences.

If Client A sent a packet to the Generic File Server, again Bridge #1 will check its routing table to see if the Generic File Server is on the local port. If it is not, then Bridge #1 will forward the packet to the remote port. Note: The terms local and remote ports are abitrarily chosen to distinguish between the two network ports available on a bridge. In this manner the network is segmented and the local department traffic is isolated from the rest of the network. Overall network bandwidth increases because the Accounting Dept. does not have to fight with the Engineering Dept. for access to the segment. Each segment has reduced the amount of traffic on it and the result is faster access. Each department still has complete access to the other segments but only when required. Advantages to Transparent Bridges

Self learning: requires no manual configuration, considered plug and work. Independent of higher level protocols (TCP/IP, IPX/SPX, Netbeui, etc..)

Disadvantages of Transparent Bridges

- Can only work with 1 path between segments: Loops are not allowed. A loop would confuse the bridge as to which side of the bridge a node was really on: local or remote?

Transparent Bridges are not acceptable for use on MANs or WANs, as many paths can be taken to reach a destination. In the above example, it is simple to determine that a loop occurs but in a large corporate network with several hundred bridges, it may be next to impossible to determine. As such, Bridges are most commonly used in LAN to LAN connectivity and not in MANs or WANs.

e. Reasons to use a Bridge

There are four basic reasons to use a bridge: 1. 2. 3. 4. Security: Stops networks from forwarding sensitive data Bandwidth: Reduce traffic by segmentation Reliability: If 1 segment goes down, it does not take down the complete LAN Translation: Translate different Data Link protocols such as Token Ring to Ethernet

f. Bridge Addressing
Bridges work at the Data Link Layer and recognize the MAC addresses. Spanning Tree Protocol adds a Bridge Protocol Data Unit (BPDU) for Bridge to Bridge communications. Source Route Bridges and Token Ring provide special Data Link layer communication and will be discussed later.

g. Collapsed Backbones

Collapsed Backbones take the network backbone and electronically collapse it into a high speed electronic card cage. Usually Collapsed Backbones operate at 100 Mbps. The card cage holds plug-in cards for repeaters, hubs, bridges, routers, brouters and gateways.

Software is provided to remotely configure all plug-in cards using SNMP. SNMP is a network management protocol that stands for Simple Network Management Protocol. It is a standard for intelligent network devices to communicate their configuration to administrators operating from remote workstations. The workstations can be thousands of miles away!