Figure 3.1 A bridge filters the packets passing between two LANs or two LAN segments by reading their data-link layer protocol headers. The bridge relays the packets destined for the other network segment and discards those that are not.
Bridging is a technique used to connect networks at the data-link layer. As explained in Chapter 2, "Network Hardware," hubs connect networks at the physical layer, and are unaware of the data structures operating at the higher layers. When you expand your network by adding another hub, the effect is no different than if you substituted a hub with more ports for the old one. Each packet generated by a computer on the network reaches every other computer. A bridge, on the other hand, provides packet filtering at the data-link layer, meaning that it only propagates the packets that are destined for the other side of the network. If you have a large LAN that is experiencing excessive collisions or delays due to high traffic levels, you can reduce the traffic by splitting the network in half with a bridge.
A bridge is a physical unit, typically with two ports, that you use to connect network segments together. You can use a bridge to join two existing LANs or to split one LAN into two segments. Bridges operate in what is called promiscuous mode, meaning that they read and process all of the packets transmitted over the network segments. Because a bridge functions at the data-link layer, it is capable of interpreting the information in the data-link layer protocol header. Data packets enter the bridge through either one of the ports, and the bridge then reads the destination address in each packet header and decides how to process that packet. This process is called packet filtering. If the destination address is that of a computer on the other network segment, the bridge propagates it out through the other port. If the destination address is that of a computer on the same network segment as the system that generated it, the bridge discards the packet.
Figure 3.1 shows two LANs connected by a bridge. When a computer on one LAN transmits a packet to a computer on the other, the bridge receives that packet and relays it to the other LAN. In this case, the destination system receives the packet just as if the two computers were on the same LAN. If a computer on one LAN transmits a packet to another computer on the same LAN, the bridge receives the packet and discards it, because there is no reason for the packet to go to the other LAN. The use of the bridge (theoretically) cuts in half the unnecessary traffic passing over each network segment, because packets not needed on the other network segment don't go there.
A collision domain is a network (or part of a network) that is constructed so that when two computers transmit packets at precisely the same time, a collision occurs. When you add a new hub to an existing network, the computers connected to that hub become part of the same collision domain as the original network. This is because hubs relay the signals that they receive immediately upon receiving them, without filtering packets.
Bridges, on the other hand, do not relay signals to the other network until they have received the entire packet. For this reason, two computers on different sides of a bridge that transmit at the same time do not cause a conflict. The two network segments connected by the bridge are thus said to be in different collision domains. On an Ethernet network, collisions are a normal and expected part of network operations, but when the number of collisions grows too large, the efficiency of the network goes down, because more packets must be retransmitted. An increase in the number of collisions on a network is a natural result of an increase in the number of computers on that network. The more systems there are sharing the network medium, the more likely it is that two will transmit at the same time. When the network is split into two collision domains with a bridge, the reduction in traffic on the two network segments results in fewer collisions, fewer retransmissions, and an overall increase in efficiency.
Another important concept in bridging technology is that of the broadcast domain. A broadcast message is a packet with a special destination address that causes it to be read and processed by every computer that receives it. By contrast, a unicast message is a packet addressed to a single computer on the network, and a multicast message is addressed to a group of computers on the network (but not necessarily all of them). A broadcast domain is a group of computers that will all receive a broadcast message transmitted by any one of the computers in a group.
Broadcasts are a crucial part of the networking process. The most common method computers use to locate a particular system on the local network is to transmit a broadcast that essentially asks, "Does any computer here have this Internet Protocol (IP) address or this NetBIOS name?" and wait for that computer to reply (see Figure 3.2). From that reply message, the broadcaster can determine the desired destination computer's hardware address and send subsequent packets to it as unicasts.
Adding a bridge separates a network into two different collision domains, but the segments on either side of the bridge remain part of the same broadcast domain, because the bridge always relays all broadcast messages from both sides. This behavior mitigates the benefit of the bridge somewhat, because a portion of the broadcast traffic being relayed is not utilized by the systems on the other side of the network. However, the retention of a single broadcast domain is what enables the two network segments to remain part of the same LAN. This method is unlike using a router, which completely separates the network into two LANs.
The next logical question to ask when you're learning about how bridges filter packets is, "How do the bridges know which computers are located on each network segment?" The answer is that bridges have this information because they maintain an internal address table that lists the hardware addresses of the computers on both segments. When the bridge receives a packet and reads the destination address in the data-link layer protocol header, it checks that address against its lists. If the address is associated with a segment other than that from which the packet arrived, the bridge relays it to that segment.
The question still remains, however, of where the bridge gets its information about the locations of the computers. Originally, network administrators had to manually create the lists of hardware addresses for each segment connected to the bridge. This was obviously an onerous chore. Today, bridges use a technique called transparent bridging to automatically compile their own address lists. When you activate a transparent bridge for the first time, it begins processing packets. For each incoming packet, the bridge reads the source address in the data-link layer protocol header and adds it to the address list for the network segment over which the packet arrived. At first, the bridge doesn't have the information needed to decide whether it should relay the packet or discard it, so the bridge errs on the side of caution and relays the packet to all of the other network segments. When a sufficient number of packets pass through the bridge to enable the compilation of the address tables, the bridge begins using them to selectively forward packets.
It is a common practice for network administrators to install multiple bridges between network segments to provide redundancy in case of an equipment failure. However, this practice can cause data loss when multiple bridges process the same packets and determine that the source computer is on two different network segments. In addition, it's possible for multiple bridges to forward broadcast packets around the network endlessly, in what is called a bridge loop. To prevent these problems from occurring, bridges communicate among themselves using a protocol known as the spanning tree algorithm (SPA), which selects one bridge to process the packets. All other bridges on that network segment remain idle until the first one fails.
It is typical for Ethernet networks to use transparent bridging and the SPA, but Token Ring networks use a different system. Instead of the bridges themselves selecting a designated bridge between two segments, Token Ring systems select for themselves which bridge they will use. The technique these systems use is called source route bridging, and it works by each system transmitting packets called All Rings Broadcast (ARB) frames over the network. As each bridge processes these packets (by forwarding them to all connected segments, as with any broadcast), it adds a route designator to them, which identifies the bridge and the port through which it received the packet. When the packet arrives at its destination, the receiving system sends it back to the source. Bridges use the route designators to avoid sending packets to the same bridge twice, and the original source system uses them to select the most efficient route through the network to a given destination.
The standard type of bridge used to connect network segments of the same type and the same location is called a local bridge. This is the simplest type of bridge because it doesn't modify the data in the packets; it simply reads the addresses in the data-link layer protocol header and passes the packet on or discards it. There are also two other types of bridges that you can use to handle segments of different types and segments at different locations.
A translation bridge, as illustrated in Figure 3.3, is a data-link layer device that connects network segments using different network media or different protocols. This type of bridge is more complicated than a local bridge, because in addition to reading the headers in the packet, the bridge strips the data-link layer frame off the packets to be relayed to other network segments and constructs another frame. This way, the bridge can connect an Ethernet network to a Fiber Distributed Data Interface (FDDI) network or to two different types of Ethernet (such as 100BaseTX and 100BaseT4) while retaining a single broadcast domain. Because of the additional packet manipulations, translation bridging is slower than local bridging, and translation bridges are more expensive as well. Because there are other types of devices that can connect different network types, such as routers, the use of translation bridges is relatively rare.
A remote bridge is designed to connect two network segments at distant locations using some form of wide area network (WAN) link. The link can be a modem connection, leased telephone line, or any other type of WAN technology. The advantage of using a bridge in this manner is that you minimize the amount of traffic passing over the WAN link, which is usually far slower and more expensive than the local network.
