Several chapters in this book cover the basic devices used to interconnect network segments: repeaters, bridges, switches, and routers. Each of these devices builds on the one previous to it so that together they span a continuum of functionality that you can use to solve problems with a LAN or WAN. Standard bridges were developed to enable you to extend the reach of a LAN and to limit traffic to local segments, therefore building on the function of repeaters. Switches took this concept further by enabling each workstation or server to have its own physical LAN segment, thus limiting the broadcast domain (just the workstation and the switch). Routers enable you to extend the reach of a LAN by connecting it to a wide area network. Note A switch that operates in full-duplex mode eliminates the collision domain between the switch port and the device attached to it. Instead of using the same set of wires for transmitting and receiving data (half-duplex), full-duplex switches use separate wires for transmitting and receiving, so both ends of the path can be sending information at the same time. Thus, a switch port and network card operating in full-duplex mode can essentially double the network bandwidth. | To quickly summarize: -
Repeaters are simple devices that connect network segments (usually two segments). They repeat all traffic and thus do nothing to help segment network traffic patterns. Repeaters are used to expand a LAN when it grows beyond the limitations imposed by a single network segment. Multiport repeaters function in the same way, but resemble a hub in that more than one segment can be connected to a multiport repeater. However, multiport repeaters are typically used in much older environments that use coaxial cables for the network media and use BNC connectors. Most hubs have RJ-45 jacks and receive twisted-pair wiring with RJ-45 modular connectors. If your network still uses repeaters of this type, you're long overdue for an upgrade. -
Bridges are similar to repeaters except that they apply a little intelligence to the packet-forwarding process: Bridges learn MAC addresses of devices on each segment when they make an initial transmission. From then on, a bridge will not pass traffic to another segment if it knows the recipient is on the segment local to the transmission. Bridges are helpful for expanding a LAN and can be used to group collections of computers and servers that commonly interact to lower overall bandwidth consumption. -
Routers work like bridges in that they're selective about which packets get forwarded on which ports. However, whereas bridges operate at layer 2 of the OSI reference model (the Data Link layer) and look only at the flat namespace provided by the MAC addresses, routers operate at layer 3 (the Network layer) and make decisions based on the addressing scheme provided by a higher-level networking protocol. Bridges are typically used to create larger local area networks. Connecting a LAN to other LANs or to a larger WAN can be done using a router. -
Switches are the current technology for connecting network LAN segments as well as for connecting individual network nodes to the network. Switches operate like bridges in that they keep track of which network node is located on each port by remembering MAC addresses. When retransmitting an incoming packet, the switch will send it out only on a port that will get it to its destination, provided that it has already learned the destination's MAC address. Whereas bridges usually have only two ports, switches are like hubs and contain many ports. Most switches will allow for full-duplex operation, thus effectively doubling the available network bandwidth for a single node connected on a segment. In a sense, a switch operates like a collection of bridges. And don't forget that you can connect one switch to another to further localize network traffic. A LAN today can consist of multiple layers of switches that eventually connect to a router. From this summary, you can see that it's easy to use repeaters or bridges to grow the small LAN, but when it becomes necessary to expand beyond certain limits or when it becomes necessary to make a connection to a larger LAN, you must incorporate routers or switches. Growth is not the only reason you might want to use a router or switch, however. These devices also can be used in a small LAN. For example, a small LAN that's experiencing network traffic congestion might find relief by replacing the hubs in the LAN with switches to cut down on the overall network traffic. Indeed, if you look at the price of a switch today, the benefits you will achieve in network bandwidth are well worth the price. When users begin to complain about network response time in a network that uses hubs, you should definitely consider replacing hubs with switches. In addition to connecting LANs to larger networks such as the Internet, routers can be used in a campus LAN to allow network administrators to logically group network segments using the addressing scheme provided by TCP/IP (subnetting), for example. Segmenting the Network Can Improve Performance You might need to segment devices on the network for many different reasons. These include the following: -
Topology limitations ” You need to add more nodes to the network but the expansion will break distance limitations or maximum nodes-per-segment rules. This is usually the case only in older Ethernet LANs where the broadcast domain was constrained by the round-trip time. For more information about topology limitations, refer to Chapter 14, "Ethernet: The Universal Standard." -
Networking protocol limitations ” Address space is fragmented and you need to connect segments that have different network addresses. This can happen when two companies merge and both already have an address space in place for their respective networks. It's much easier to simply place one or more routers between the two networks than it is to reassign network addresses to the many devices on the network. When using DHCP to configure workstations, this might not be a limitation, provided that you have an address space that can accommodate all the devices that will be placed on the larger network. -
Network bandwidth limitations ” When a few high-performance servers or workstations consume too much of the segment's available bandwidth, it's time to segment the LAN (create additional subnets) and thus limit network traffic to smaller segments that contain fewer devices. -
Security reasons ” An Ethernet adapter set to promiscuous mode can intercept all packets that are sent out on a particular segment, for example. You need to place a few high security workstations on their own segment, yet allow some kind of connection to the rest of the network. Keep in mind that in an Ethernet network that uses hubs as a wiring concentrator, every device on the hub (or hubs) can see every network frame that's broadcast on the LAN. It isn't difficult to download a program from an Internet source to read every packet that passes through the network. Note Security is an important topic in computer networks today. For more information about the issues you should consider, refer to Chapter 46, "Basic Security Measures Every Network Administrator Needs to Know," and Chapter 48, "Security Issues for Wide Area Networks." Other chapters that might help you understand how to protect your network include Chapter 49, "Firewalls," and Chapter 50, "Virtual Private Networks (VPNs) and Tunneling." | -
Geographically distant connections ” It's best to segment each geographic location to ensure that unnecessary traffic isn't being sent across the remote connection and wasting valuable bandwidth. Some routers provide a dial-up function so that a dedicated link isn't necessary, providing an inexpensive way to use routers to connect branch offices. Depending on which combination of these reasons applies to your situation, a router or switch might be the solution you need to segment the network. Connecting Remote Locations When a business expands geographically, you'll find that using bridges to connect remote locations isn't a feasible solution. There are many different technologies from which you can choose today ”from simple dedicated lines to ATM and Frame Relay ”to connect geographically distant locations. For these connections, you'll find it necessary to incorporate routers or switches. You'll also find these methods of transport expensive. Today, it isn't unreasonable to consider connecting the local network to the Internet with a router that provides virtual private network (VPN) capabilities. Thus, by using an inexpensive connection to the Internet (far cheaper than using leased dedicated lines), you can still provide a secure channel to remote branch locations. ATM (Asynchronous Transfer Mode) and Frame Relay are very common protocols used to send data across long distances. You can learn more about these in Chapter 16, "Dedicated Connections." When to Use a Router Routers are similar to bridges only in the fact that they can both be used to connect multiple network segments. Whereas bridges make all their decisions based on the MAC address of a particular network packet, routers access the addressing information provided by a higher-level protocol to decide how to best forward a packet. Using the OSI reference model (see Appendix A, "Overview of the OSI Seven-Layer Networking Reference Model"), you can see that the bridge operates at layer 2, the Data Link layer, whereas routers operate at layer 3, the Network layer. With bridges, the address space is flat: It's simply the MAC addresses associated with nodes on each segment, each one unique. For protocols operating at the Network layer, the address space becomes more complicated because there must be a mechanism for identifying the network as well as the individual node. Note To be more specific, routers operate at layer 3 of the OSI model by using higher-level addresses (such as IP) to make routing decisions. However, when the network frame reaches a router that can deliver it to its final destination, the router uses the MAC address to communicate with the destination node connected to the router's port. The Address Resolution Protocol (ARP) is used on local segments to translate between IP addresses and MAC addresses. For more information about ARP, refer to Chapter 25, "Overview of the TCP/IP Protocol Suite." | When to Use a Switch Switches are one of the fastest growing categories of network equipment. They can act as a wiring concentrator for a LAN just as a hub does, but they also can make available a much larger bandwidth to clients because they selectively forward traffic from one port to another based on the destination address of each packet. When you use a switch with only one node attached to each port, you are in effect creating a collection of broadcast domains that consist of only two network nodes: the switch and the client node connected to the port. For network adapters and switches that support full-duplex operation, the effective bandwidth is doubled for each client and there is no broadcast domain between the two. |