Bridges

Why Bridge?

The most common reason to bridge is to improve network performance. Dividing one large network into two networks reduces the amount of traffic that flows over the entire LAN and therefore improves performance. Devices on both segments can still talk to each other via the bridge.

It is possible that a poorly placed bridge can reduce performance by creating a bottleneck. However, it doesn't take too much effort to discover the best place to put a bridge. For example, it doesn't make sense to split up 10 people whose workstations are physically close to each other if they frequently exchange information. A bridge between this workgroup and another workgroup, however, could improve performance dramatically. With the bridge, the two workgroups may still communicate transparently . Only communication between groups, not communication within groups, moves through the bridge.

Another reason to use a bridge is to change from one type of cable to another. For example, you may run twisted-pair cable in the offices and fiber- optic cable between buildings . Segments can be connected with a bridge, so "long distance" traffic can flow freely from one segment to another while local traffic stays local. Broadband and baseband Ethernet networks may be connected this way, too. A 16Mbps Token Ring backbone may use bridges to connect to several local 4Mbps Token Rings.

Protocol Ignorant

Because bridges operate at the MAC layer, they can interconnect LANs that use many different upper-layer protocols. Bridges are commonly referred to as protocol-independent . For example, the same bridge may connect networks running TCP/IP, DECnet, OSI, IPX, and XNS protocols. All these higher-layer protocols are encapsulated within the MAC layer. That is, the MAC layer is below the network layer where the upper-layer protocol information is kept.

A bridge will not allow a device speaking TCP/IP to talk to a device speaking IPX or OSI. That is a gateway's function. A gateway actually translates between protocols. A bridge simply passes frames back and forth, regardless of the protocols.

Many networks have more than one protocol running on them. For example, two groups of Sun workstation users may use TCP/IP most of the time and occasionally use OSI. A bridge between the groups will pass both TCP/IP and OSI frames. In fact, the bridge won't even know which protocol it is passing. But the two machines on either side of the bridge must use the same protocols for the message to make sense.

Learning And Filtering

A bridge is considered an intelligent device because it can make decisions based on situations it has already seen. To do this, a bridge refers to an address table. When a bridge is plugged in, it sends broadcast messages asking all the stations on the local segment of the network to respond. As the stations return the broadcast message, the bridge builds a table of local addresses. This process is called learning.

Once the bridge has built the local address table, it is ready to operate. When it receives a frame, it examines the source address. If the frame's address is local, the bridge ignores it. If the frame is addressed for another LAN, the bridge copies the frame onto the second LAN. Ignoring a frame is called filtering. Copying the frame is called forwarding.

The basic type of filtering is keeping local frames local, and sending remote frames to the other subnetwork. Another type of filtering is based on specific source and destination addresses. For example, a bridge might stop one station from sending frames outside of its local LAN. Or, a bridge might stop all "outside" frames destined for a particular station, thereby restricting the other stations with which it can communicate. Both types of filtering provide some control over internetwork traffic and can offer improved security.

Most Ethernet bridges can filter broadcast and multicast frames. Occasionally, a device will malfunction and continually send out broadcast frames, which are continuously copied around the network. A broadcast storm, as it is called, can bring network performance to zero. If a bridge can filter broadcast frames, a broadcast storm has less opportunity to brew.

Today, bridges are also able to filter according to the Network-layer protocol. This blurs the demarcation between bridges and routers. A router operates on the Network layer, and it uses a routing protocol to direct traffic around the network. A bridge that implements advanced filtering techniques is usually called a brouter. It filters by looking into the Network layer, but it does not use a routing protocol.

Other bridges are available that do true Network-layer routing. These routing/ bridges or bridging/routers are often used as the hub of an enterprise-wide network.

Source Routing

Some Token Ring bridges, notably those from IBM, use a routing scheme called source routing to get frames from one network to another. The bridges we've talked about so far use transparent routing, which all Ethernet, and some Token Ring and FDDI, bridges use. With transparent routing, the frame does not know the route it will travel, nor do the bridges it passes over. Each bridge will forward a frame that is not local, until it finally reaches its destination LAN.

With source routing, the frame itself contains routing information. This information specifies the LANs and the bridges through which the frame will travel to get to its destination. The sending machine is responsible for putting this information into the MAC-layer header, which is the part of the frame that contains the source and destination addresses along with some other information about the frame.

For sending stations to know the route their frames will take, they must learn the layout of the entire network. This is done dynamically through a process called route discovery. During route discovery, frames are passed around the network. As they move from LAN to LAN, they are filled with information about the network. Each bridge puts three numbers into the frame: the numbers of the two LANs it connects and its bridge number. This information is then passed back to sending stations. Using this information, sending stations can then create a map of the network and appropriately route their frames.

Source routing is used primarily by IBM on its Token Ring LANs. Source routing does impose some overhead which might diminish network performance slightly. However, this is offset by the advantages of the routing scheme. Because the sending machine knows the route its frames will take, it can always choose the optimal path at the time of transmission, which is not possible with transparent routing. With transparent routing, the optimum path remains so until a bridge or a link fails. Also, source routing provides better management, since the path of a frame is immediately accessible from the frame itself. Finally, source routing bridges can be faster than transparent bridges, since they do not have to "look up" each frame to see if it must be bridged. The frame tells them immediately.

Remote And Local

So far we have discussed local bridges. Remote bridges connect two geographically separate LANs, mostly over a telecommunications link, such as a leased telephone line, a T1 link, a public data network, or microwave line. In remote bridging, the bridge is split into two devices. A bridge at one end puts frames destined for the other LAN out over the link. A bridge at the other end receives the frames and passes them to its local LAN. The process works in both directions.

Telecommunications links are not the only way to connect long distance LANs via bridge. Broadband networks and fiber-optic links can also bridge geographically distant networks. For example, bridges might be used to pass traffic over a fiber-optic backbone among the buildings of a university or business campus. Technically, this is not a remote connection, but the individual LANs may be several miles apart.

Either way, once bridges connect LANs over a longer distance, reliability and fault tolerance become more important. Bridges at both ends must take precautions against data corruption over the remote link.

Spanning The Globe

The first step in fault tolerance is redundant bridges. The IEEE 802.1D spanning tree algorithm allows redundant bridges to be configured on an Ethernet LAN. The stumbling block is that introducing parallel bridges creates a loop in the Ethernet topology, which is strictly forbidden by the rules of the Ethernet protocol. However, spanning tree manages those loops , so that frames don't circulate endlessly around the network. Without a backup bridge and spanning tree software, a failed bridge causes the network to be partitioned until the broken bridge is fixed.

According to the spanning tree algorithm, two bridges are set up, side by side. One is designated the primary bridge, and it is the only bridge to pass traffic. If the primary bridge fails, the traffic is automatically shunted to the backup bridge.

Spanning tree overcomes a major obstacle in bridging, but the backup bridge is idle as it waits for a failure. This is costly. If the backup link could carry traffic, the cost of the second link could be better justified. Here's where load balancing comes in. Using load balancing, traffic can be divided over the two remote parallel bridges. This provides much better performance, since not all traffic is going over one remote link. Since the spanning tree technology is still in place, if one bridge fails, the other can still carry all the traffic.

Managing Bridges

Since LAN configurations change constantly, it is crucial that bridges be easy to manage. A good bridge management package should allow bridges to be managed from a central location. A LAN manager should not have to be at the bridge but should be able to send instructions from a networked terminal or PC. Critical management functions include enabling and disabling bridges, changing security parameters, and changing the address filters and the protocol priorities dynamically. Many bridges allow the manager to download configuration information, thereby setting up the bridge to work as desired all at once.

Bridges should also provide information about what is happening on an internetwork. For example, a management package should report how much traffic is passing over the bridge, the type of traffic, how many errors occur and so on. With this information, the LAN manager can decide how to configure the network. It might be necessary to move the bridge and segment the network differently. Some bridges allow the LAN manager to set performance or error parameters. If these thresholds are exceeded, an alarm is sent to the manager's workstation.

Many bridges now support the Simple Network Management Protocol (SNMP). SNMP can be used to manage nearly any type of device, from a host computer to a multiport repeater. A bridge must implement the SNMP agent software, which sends information back to the SNMP management station. SNMP is most often used in TCP/IP networks.

Cooperation with an enterprise-wide management system is crucial. Such management systems include DEC's Enterprise Management Architecture, AT&T's Universal Network Management Architecture, IBM's NetView, HP OpenView, SunNet Manager, and the OSI Common Management Interface Protocol. These global management systems are essential to fill in the "big picture" of network management.

This tutorial, number 11, by Aaron Brenner, was originally published in the June 1989 issue of LAN Magazine/Network Magazine.