Segmenting LANs with Bridges

Segmenting LANs with Bridges

As discussed in the previous section, Ethernet rules limit the overall distance a network segment extends and the number of stations attached to a cable segment. What do you do if you need to go further or add more devices? Bridges provide a possible solution. When connecting networks as in Figure 2-7, significant differences exist when compared to repeater-connected networks. For example, whenever stations on the same segment transmit to each other in a repeated network, the frame appears on all other segments in the repeated network. But this does not normally happen in a bridged network. Bridges use a filter process to determine whether or not to forward a frame to other interfaces.

Figure 2-7. Interconnecting Segments with a Bridge

The filter process differs for access methods such as Ethernet and Token Ring. For example, Ethernet employs a process called transparent bridging that examines the destination MAC address and determines if a frame should be forwarded, filtered, or flooded. Bridges operate at Layer 2 of the OSI model, the data link layer. By functioning at this layer, bridges have the capability to examine the MAC headers of frames. They can, therefore, make forwarding decisions based on information in the header such as the MAC address. Token Ring can also use source-route bridging which determines frame flow differently from transparent bridges. These methods, and others, are discussed in more detail in Chapter 3, “Bridging Technologies.”

More importantly, though, bridges interconnect collision domains allowing independent collision domains to appear as if they were connected, without propagating collisions between them. Figure 2-8 shows the same network as in Figure 2-5, but with bridges interconnecting the segments. In the repeater-based network, all the segments belong to the same collision domain. The network bandwidth was divided between the four segments. In Figure 2-8, however, each segment belongs to a different collision domain. If this were a 10 Mbps legacy network, each segment would have its own 10 Mbps of bandwidth for a collective bandwidth of 40 Mbps.

Figure 2-8. Bridges Create Multiple Collision Domains and One Broadcast Domain

This significant improvement in bandwidth demonstrates why segmenting a LAN benefits users. The same number of users in the network in Figure 2-8 now have more available bandwidth than they did in the network in Figure 2-5. Although switching is discussed later in the chapter, it is valid to comment now that the ultimate bandwidth distribution occurs when you dedicate one user for each bridge interface. Each user then has all of the local bandwidth to himself; only one station and the bridge port belong to the collision domain. This is, in effect, what switching technology does.

Another advantage of bridges stems from their Layer 2 operation. In the repeater-based network, an end-to-end distance limitation prevents the network from extending indefinitely. Bridges allow each segment to extend a full distance. Each segment has its own slotTime value. Bridges do not forward collisions between segments. Rather, bridges isolate collision domains and reestablish slotTimes. Bridges can, in theory, extend networks indefinitely. Practical considerations prevent this, however.

Bridges filter traffic when the source and destination reside on the same interface. Broadcast and multicast frames are the exception to this. Whenever a bridge receives a broadcast or multicast, it floods the broadcast message out all interfaces. Again, consider ARP as in the repeater-based network. When a station in a bridged network wants to communicate with another IP station in the same bridged network, the source sends a broadcast ARP request. The request, a broadcast frame, passes through all bridges and out all bridge interfaces. All segments attached to a bridge belong to the same broadcast domain. Because they belong to the same broadcast domain, all stations should also belong to the same IP subnetwork.

A bridged network can easily become overwhelmed with broadcast and multicast traffic if applications generate this kind of traffic. For example, multimedia applications such as video conferencing over IP networks create multicast traffic. Frames from all participants propagate to every segment. In effect, this reduces the network to appear as one giant shared network. The bandwidth becomes shared bandwidth.

In most networks, the majority of frames are not broadcast frames. Some protocols generate more than others, but the bandwidth consumed by these protocol broadcast frames is a relatively small percentage of the LAN media bandwidth.

When should you use bridges? Are there any advantages of bridges over repeaters? What about stations communicating with unicast frames? How do bridges treat this traffic?

When a source and destination device are on the same interface, the bridge filters the frames and does not forward the traffic to any other interface. (Unless the frame is a broadcast or multicast.) If the source and destination reside on different ports relative to the bridge, the bridge forwards the frame to the appropriate interface to reach the destination. The processes of filtering and selective forwarding preserve bandwidth on other segments. This is a significant advantage of bridges over repeaters that offers no frame discrimination capabilities.

When a bridge forwards traffic, it does not change the frame. Like a repeater, a bridge does nothing more to the frame than to clean up the signal before it sends it to another port. Layer 2 and Layer 3 addresses remain unchanged as frames transit a bridge. In contrast, routers change the Layer 2 address. (This is shown in the following section on routers.)

A rule of thumb when designing networks with bridges is the 80/20 rule. This rule states that bridges are most efficient when 80 percent of the segment traffic is local and only 20 percent needs to cross a bridge to another segment. This rule originated from traditional network design where server resources resided on the same segments with the client devices they served, as in Figure 2-9.

Figure 2-9. The 80/20 Rule Demonstrated in a Traditional Network

The clients only infrequently needed to access devices on the other side of a bridge. Bridged networks are considered to be well designed when the 80/20 rule is observed. As long as this traffic balance is maintained, each segment in the network appears to have full media bandwidth. If however, the flow balance shifts such that more traffic gets forwarded through the bridge rather than filtered, the network behaves as if all segments operate on the same shared network. The bridge in this case provides nothing more than the capability to daisy-chain collision domains to extend distance, but without any bandwidth improvements.

Consider the worst case for traffic flow in a bridged network: 0/100 where none of the traffic remains local and all sources transmit to destinations on other segments. In the case of a two-port bridge, the entire system has shared bandwidth rather than isolated bandwidth. The bridge only extends the geographical extent of the network and offers no bandwidth gains. Unfortunately, many intranets see similar traffic patterns, with typical ratios of 20/80 rather than 80/20. This results from many users attempting to communicate with and through the Internet. Much of the traffic flows from a local segment to the WAN connection and crosses broadcast domain boundaries. Chapter 14, “Campus Design Models,” discusses the current traffic trends and the demise of the 80/20 rule of thumb in modern networks.

One other advantage of bridges is that they prevent errored frames from transiting to another segment. If the bridge sees that a frame has errors or that it violates the media access method size rules, the bridge drops the frame. This protects the destination network from bad frames that do nothing more than consume bandwidth for the destination device discards the frame anyway. Collisions on a shared legacy network often create frame fragments that are sometimes called runt frames. These frames violate the Ethernet minimum frame size rule of 64 bytes. Chapter 3, “Bridging Technologies,” shows the frame size rules in Table 3-5. Whereas a repeater forwards runts to the other segments, a bridge blocks them.

About the author


Leave a Comment