Network Bridges

As the size of LANs grow and the amount of traffic on a network begins to have a noticeable effect on performance, a new way is needed to help separate or segment traffic. A bridge is a Layer 2 device that acts as an intermediary to which different network segments (or sections) are attached. Used to separate traffic, the role of a bridge is to inspect all frames as they reach one of its interfaces, and make a decision on whether to forward these frames to other connected segments. It does this by examining the destination MAC or BIA (Burned In Address) address of frames that it encounters. MAC Addresses are also known as Physical addresses. If the destination MAC address is connected to the same segment as the sender, the bridge will not forward the frame, thus helping to reduce unnecessary traffic on other segments. Note that the bridge doesn’t change the frames; it simply makes forwarding decisions based on the destination MAC address. However, a bridge does do error checking on frames – it will calculate a value in the frame called the Cyclic Redundancy Check (CRC). The CRC is a calculation added to the frame by the sender and recomputed by bridges as well as the destination system. If the value is always the same, the frame is valid. If not, the frame is corrupt and will be discarded.

A bridge keeps track of all systems on its connected segments in something referred to as its MAC address table. This table specifies the segment on which a system with a given MAC address is located. On older bridges, these tables needed to be created manually by inputting MAC addresses. On more recent bridges, this table is created dynamically as the bridge inspects frames that it receives. It does this by also looking at the source MAC address of frames, and adding them to its table according to the interface on which they were received. The table below provides a basic example of a bridging table.

Example MAC address (bridging) table:

Interface MAC Address
E0 010123E4A201
E1 010123E5AB07
E1 010123F4121A
E2 010123C14298

Note in the example above that there are 3 active interfaces on the bridge, and that interface E1 (Ethernet 1) has two connected systems that the bridge currently knows about.

There are limitations to the magic of a bridge. Some traffic will be destined for all computers, while other traffic will be meant for a select group of computers (referred to as broadcasts and multicasts respectively); a bridge will always forward these types of traffic to all connected segments. To that end, it can be said that a bridge segments the network into different collision domains, while all systems remain part of the same broadcast domain.

What is a collision domain? The answer is incredibly simple. A collision domain is the group of network systems between which data collisions can occur. On an Ethernet network, for example, a collision can occur if two systems attempt to communicate at the same time. Obviously the higher the number of collisions, the worse a network will perform.

Consider the figure below, which shows a bridge separating two collision domains. Computers A and B are susceptible to having their data collide with each other. However, this will not affect Computer C, since frames between A and B will not be forwarded to other segments by the bridge. Computers A and B exist in one collision domain, while C exists in another. When a network is segmented into a number of smaller collision domains, performance can increase dramatically.

Figure: Collision domain diagram.

A number of different types of bridges exist, in order to meet different network requirements:

Transparent Bridge. This is by far the most common type of bridge. It is referred to as transparent because it simply inspects frames for the purpose of making forwarding decisions, but doesn’t change them. When started, a transparent bridge learns about the computers on its connected segments (and builds its MAC table) by inspecting the source MAC addresses of systems as frames are sent.

Translational Bridge. This type of bridge is used to connect segments that use different network technologies, such as Ethernet and Token Ring. A translational bridge will not only forward frames as necessary, but will also reframe packets for the underlying network when moving between segments using different technologies. On most networks today, however, segments with dissimilar technologies are usually connected using routers rather than bridges.

Remote Bridge. In cases where large geographic distances separate LANs, a dial-up or wireless link might be used to connect segments. This can be accomplished with remote bridges, which use the connection as a type of extension between LAN segments. Remember that because the device is only a bridge, broadcasts and multicasts will still be forwarded across this (relatively) slow link, and may adversely affect performance. Again, routers are more commonly used to connect remote locations.

Author: Dan DiNicolo

Dan DiNicolo is a freelance author, consultant, trainer, and the managing editor of 2000Trainers.com. He is the author of the CCNA Study Guide found on this site, as well as many books including the PC Magazine titles Windows XP Security Solutions and Windows Vista Security Solutions. Click here to contact Dan.