13.1 Filtering

13.1 Filtering

Filtering is the most common transmission optimization technique incorporated into remote bridges and routers. Although most devices support a predefined filtering capability in which source and/or destination frame addresses are entered into a filtering table during the equipment installation process, other devices permit an authorized administrator to dynamically change the filtering tables because few networks are static.

13.1.1 Local versus Remote Filtering

Through the use of filtering you can control the number and types of packets that are forwarded across a transmission circuit linking two remote bridges or routers. Although you can also use filtering to control the flow of data between two LANs connected by a local bridge, we focus our attention on the application of filtering by devices interconnected via wide area network (WAN) transmission facilities. This is because the application of filtering by devices connected via WAN transmission facilities directly affects the required transmission rate linking the filtering devices. Because the monthly cost of a wide area transmission facility is proportional to its operating rate, the ability to lower the required operating rate through the use of filtering can be expected to reduce your organization's transmission cost. In comparison, the use of filtering by a local bridge has a less significant effect. First, it usually has no effect on cost because local cabling links each network at the common local bridge, as illustrated at the top of Figure 13.1. Second, the use of filtering has a lesser effect on performance when performed by a local bridge than when performed by a remote bridge. This is because the WAN link connecting two remote bridges or routers operates at a fraction of the operating rate of each network. Thus, the removal of frames via filtering, as illustrated in the lower portion of Figure 13.1, has a more pronounced effect on a lower operating rate circuit than local cable connecting two higher operating rate LANs.

Figure 13.1: Effect of Local versus Remote Bridge Filtering

13.1.2 Filtering Methods

There are several types of filtering supported by bridges and routers. Two of the most common methods of filtering frames are based on the use of the address and service fields in a frame. If you are working with packets at layer 3, then the port field in an IP environment would replace the service field.

13.1.2.1 Address Field Filtering

The most basic type of filtering is performed by bridges that operate at the MAC sublayer of the OSI Reference Model's data-link layer. Operating at this layer, bridges are transparent to high-level protocols that function at the network layer of the OSI Reference Model. Thus, the primary mechanism used for filtering is based on the use of the destination and source address fields within Token Ring and Ethernet/IEEE 802.3 frames. For example, consider the IEEE Token Ring functional addresses listed in Table 2.5 in Chapter 2. Assume that you want to preclude the transmission of Token Ring functional address frames from being forwarded onto the Ethernet network illustrated in Figure 13.1, because those frames are normally irrelevant to stations on the Ethernet network. To do so, you would set your bridge to filter all frames with destination addresses equivalent to the block of destination addresses assigned by the IEEE to the Token Ring functional addresses listed in Table 2.5 (Chapter 2).

To illustrate the effect of functional address filtering, consider the active monitor address listed in Table 2.5 (Chapter 2). The active monitor on a Token Ring network transmits an active monitor frame every seven seconds, or 12,343 times each day. This frame is used to notify the standby monitors that the active monitor is operational and the frame is irrelevant to an Ethernet network. Thus, the filtering of just this one frame reduces the flow of data from a Token Ring network onto an Ethernet network by approximately 13,000 frames per day. Even when two Token Ring networks are interconnected active monitor frames should be filtered because each network has its own active monitor. Thus, this filtering example is applicable to both Token Ring-to Ethernet as well as Token Ring-to-Token Ring bridging.

13.1.2.2 Service Access Point Filtering

Filtering based on destination and source address fields is supported by essentially all bridges. A more sophisticated level of filtering supported by some bridges is based on the DSAP (destination services access point) and SSAP (source services access point) addresses carried within the information field of Token Ring and Ethernet/IEEE 802.3 frames.

Figure 13.2 illustrates the general format of the conversion of a Token Ring frame into an Ethernet frame. The DSAP and SSAP can be considered post office boxes that identify locations where information is left and received to and from higher level layers of the OSI Reference Model. For example, the transportation of an electronic mail message used by a higher network process would have a defined DSAP. Thus, a bridge that includes the capability to perform filtering based on DSAP and SSAP addresses would provide the ability to perform filtering at the application level, as well as add a degree of security to your network if you want to restrict the movement of frames carrying certain types of information between networks.

Figure 13.2: Token Ring to IEEE 802.3 Frame Conversion