What is a bridge?
The bridge works at the data link layer, connects two LANs, and forwards frames according to the MAC address, which can be regarded as a low-level router (the router works at the network layer and forwards based on network addresses such as IP addresses).
The remote bridge connects two remote LANs through a usually slow link (such as a telephone line). For the local bridge, performance is more important. For the remote bridge, it can work normally over long distances. important.
Comparison of bridge and router The bridge does not understand the information of the high-level protocol in the forwarding frame, which allows it to handle IP, IPX and other protocols at the same time. It also provides a network without routing protocols (such as NetBEUI) Segmented function.
Because routers process data at the network layer, they are easier to interconnect different data link layers, such as token ring network segments and Ethernet segments. Bridges are usually more difficult to control than routers. Protocols such as IP have complex routing protocols that make network management easy to manage routing; protocols such as IP also provide more information on how the network is segmented (even if its address also provides such information). The bridge only works with MAC address and physical topology. Therefore, the bridge is generally suitable for a small and simple network. 2. Reasons for use Many units have multiple local area networks, and hope to connect them. There are 6 reasons why a unit has multiple LANs:
First, many university departments or company departments have their own local area networks, which are mainly used to connect their own personal computers, workstations and servers. Due to the different nature of the work of each department (or department), different LANs have been selected. These departments (or departments) need to communicate with each other sooner or later, so a network bridge is required.
Secondly, a unit is geographically dispersed and far apart. Rather than installing a coaxial cable network spread over all locations, it is better to establish a local area network at each location and connect it with a bridge and an infrared link, which may cost Lower.
Third, it may be necessary to divide a logically single LAN into multiple local area networks to adjust the load. For example, using multiple LANs connected by a bridge, each LAN has a set of workstations, and has its own file server, so most of the communication is limited to a single LAN, reducing the burden on the backbone network.
Fourth, in some cases, there is no problem with a single LAN in terms of load,
However, the physical distance between the farthest machines is too far (for example, exceeding the 2.5km specified in 802.3). Even if cable laying is not a problem, the network will still not work properly due to the long delays. The only way is to segment the LAN and place bridges between the segments. By using a bridge, the total physical distance of work can be increased.
Fifth, reliability issues. In a separate local area network, a defective node continuously outputting useless information flow will seriously damage the operation of the local area network. The bridge can be installed in a key part of the local area network, just like the fire door in the building, to prevent the entire system from being damaged due to the abnormality of a single node.
Sixth, the bridge contributes to security and confidentiality. Most LAN interfaces have a promiscuous mode, in this mode,
The computer receives all frames, including those that are not addressed to it. If you set up bridges at multiple locations on the network and carefully intercept important information that does not need to be forwarded, you can separate the network to prevent information from being stolen.
3. Compatibility issues Some people may naively think that the bridge from one 802 LAN to another 802 LAN is very simple, but in fact it is not. Among the nine combinations from 802.x to 802.y, each has its own special problem to be solved. Before discussing these special issues, let's take a look at the general issues that these bridges face.
First, various local area networks use different frame formats. This incompatibility is not caused by technical reasons, but only because the companies that support the three standards (Xerox, GM and IBM), no one is willing to change the standards they support. The result is: Copy frames between different LANs to rearrange the format, which requires CPU time, recalculation of checksums, and there may be undetectable errors caused by bridge storage errors.
The second problem is that interconnected LANs do not have to operate at the same data transmission rate. When a fast local area network sends a long series of consecutive frames to a slow local area network, the bridge processes the frame at a slower rate than the frame enters. Bridges must use buffers to store frames that are too late to process, and beware of running out of memory. Even a 10Mb / s 802.4 to 10Mb / s 802.3 bridge has this problem to some extent. Because 802.3 part of the bandwidth consumes conflicts. 802.3 is not actually 10Mb / s, and 802.4 (almost) is indeed 10Mb / s.
A subtle and important issue related to the bottleneck of the bridge is the timer value of the layers above it. Suppose the network layer on the 802.4 LAN wants to send a very long message (frame sequence). After sending out the last frame, it starts a timer and waits for confirmation. If this message must be transferred to the slow 802.5 network through the bridge, then the timer may expire before the last frame is forwarded to the low-speed LAN. The network layer may retransmit the entire message due to frame loss. After several failed transmissions, the network layer will give up the transmission and tell the transport layer that the destination site has shut down.
Third, among all the problems, the most serious problem may be that the three 802 LANs have different maximum frame lengths. For 802.3, the maximum frame length depends on the configuration parameters, but for a standard 10M / bs system, the maximum payload is 1500 bytes.
The maximum frame length of 802.4 is fixed at 8191 bytes. There is no upper limit for 802.5, as long as the transmission time of the site does not exceed the token holding time. If the token time is 10ms by default, the maximum frame length is 5000 bytes. An obvious question arises: what happens when a long frame must be forwarded to a LAN that cannot receive long frames? In this layer, it is not considered to divide the frame into small segments. All protocols assume that the frame either arrives or does not arrive, and there are no provisions stipulating the reorganization of smaller units into frames. This is not to say that such a protocol cannot be designed. Such a protocol can be designed and already existed, but the 802 does not provide such a function. This problem is basically unsolvable, and frames that are too long to be forwarded must be discarded. That's how transparent it is.
Due to the particularity of various 802 LANs, such as: 802.4 frames with priority bits, 802.5 frame bytes with A and C bits, etc., the nine bridges have their own special problems, see the table below:
Destination LAN
802.3 (CSMA / CD 802.4 (token bus) 802.5 (token ring)
Source LAN 802.3 1,4 1,2,4,8
802.4 1,5,8,9,10 9 1,2,3,8,9,10
802.5 1,2,5,6,7,10 1,2,3,6,7 6,7
1. Reformat the frame and calculate a new checksum.
2. Reverse the bit order.
3. Copy the priority value, whether it is meaningful or not.
4. Generate a hypothetical priority.
5. Discard priority.
6. Flow to the ring (to some extent).
7. Set A and C bits.
8. Worry about congestion (fast LAN to slow LAN).
9. Worry about the token getting out because the exchange of ACK is delayed or impossible.
10. If the frame is too long for the destination LAN, discard it.
Set parameters:
802.3: 1500 byte frame 10Mb / s (minus the number of collisions)
802.4: 8191 byte frame 10Mb / s
802.5: 4 Mb / s for 5000 byte frame
When the IEEE802 committee began to formulate LAN standards, it failed to agree on a unified standard, but produced three mutually incompatible standards. This misstep has been severely criticized. Later, when formulating standards for the bridges connecting these three LANs, the committee was determined to do a better job. This time it was indeed more successful. They proposed two incompatible bridge solutions. So far, no one has asked the committee to develop a gateway standard that connects its two incompatible bridges.
Fourth, two kinds of bridges 1. The first type of 802 bridge is a transparent bridge (transparent bridge) or spanning tree bridge (spanning tree bridge). The primary concern of those who support this design is complete transparency. According to their point of view, after buying the IEEE standard bridge, the unit with multiple LANs only needs to insert the connection plug into the bridge, and everything is fine. No need to change hardware and software, no need to set address switch, no need to load routing table or parameters. In short, do nothing, just plug in the cable and you are done. The operation of the existing LAN is completely unaffected by the bridge. This is really incredible, they finally succeeded.
The transparent bridge works in a promiscuous manner. It receives every frame transmitted by all LANs connected to it. When a frame arrives, the bridge must decide whether to discard it or forward it. If you want to forward, you must decide which LAN to send to. This needs to be decided by querying the destination address in a large hash table in the bridge. The table lists each possible destination and which output line (LAN) it belongs to. At the beginning of the insertion of the bridge, all hash tables are empty. Since the bridge does not know the location of any destination, a flooding algorithm is used: each incoming frame with an unknown destination is output to all LANs connected to the bridge (except the LAN that sent the frame) . Over time, the bridge will understand the location of each destination. Once the destination location is known, the frames sent there will only be placed on the appropriate LAN, and will not be distributed again.
The algorithm adopted by the transparent bridge is backward learning. The bridge works in a mixed manner, so it can see the frames transmitted on any connected LAN. Check the source address to know which machine can be accessed on which LAN, so add an item to the hash table.
When computers and bridges are powered on, powered off or migrated, the network topology will change accordingly. To deal with the dynamic topology problem, whenever a hash table entry is added, the frame arrival time is noted in the entry. Whenever the destination arrives at a frame in the table, the entry will be updated with the current time. In this way, the time of the last frame of the machine can be known from the time of each item in the table. There is a process in the bridge that periodically scans the hash table, clearing all entries earlier than a few minutes before the current time. So, if you take down a computer from the LAN and reconnect to the LAN elsewhere, it can resume normal work within a few minutes without manual intervention. This algorithm also means that if the machine does not move within a few minutes, the frame sent to it will have to be distributed until it sends out a frame by itself.
The routing process of arriving frames depends on the sending LAN (source LAN) and the destination LAN (destination LAN), as shown below:
1. If the source LAN and the destination LAN are the same, discard the frame.
2. If the source LAN and the destination LAN are different, forward the frame.
3. If the destination LAN is unknown, perform diffusion.
In order to improve reliability, some people have set up two or more bridges in parallel between LANs. However, this configuration causes other problems because loops are generated in the topology and may cause infinite loops. The solution is the spanning tree algorithm described below.
2). The spanning tree bridge solves the infinite loop problem mentioned above by letting the bridges communicate with each other and covering the actual topology with a spanning tree reaching each LAN. Using spanning tree, you can ensure that there is only one path between any two LANs. Once the bridge agrees on the spanning tree, all transmissions between LANs follow this spanning tree. Since there is only a unique path from each source to each destination, there can be no more loops.
In order to build a spanning tree, you must first select a bridge as the root of the spanning tree. The way to achieve this is that each bridge broadcasts its serial number (the serial number is set by the manufacturer and is guaranteed to be unique globally), and the bridge with the lowest serial number is selected as the root. Then, the spanning tree is constructed by the shortest path from the root to each bridge. If a bridge or LAN fails, recalculate. Bridges communicate with each other through BPDU (Bridge Protocol Data Unit). Before the bridge makes its own configuration decision, each bridge and each port requires the following configuration data:
Bridge: Bridge ID (unique identification)
Port: Port ID (unique identification)
Port relative priority cost of each port (high bandwidth = low cost)
After configuring each bridge, the bridge will automatically determine the spanning tree according to the configuration parameters. This process has three stages:
1. Select the root bridge The bridge with the smallest bridge ID is selected as the root bridge. The bridge ID should be unique, but if two bridges have the same minimum ID, the bridge with the smallest MAC address is selected as the root.
2. Select the root port on all other bridges. All bridges except the root bridge need to select a root port. This should be the most suitable port for communication with the root bridge. By calculating the cost from each port to the root bridge, the smallest one is taken as the root port.
3. Select the designated bridge and designated port of each LAN. If there is only one bridge connected to a LAN, it must be the designated bridge of the LAN. If there is more than one, the minimum cost to the root bridge is Selected as the designated bridge for the LAN. The designated port connects the designated bridge and the corresponding LAN (if there is more than one such port, the lower priority is selected).
A port must be one of the following:
1. Root port 2, designated port 3 of a LAN, blocked port When a bridge is powered on, it assumes that it is the root bridge and sends out a CBPDU (ConfiguraTIon Bridge Protocol Data Unit) to inform it of the root bridge it thinks ID.
When a bridge receives a CBPDU whose root bridge ID is less than its known ID, it will update its own table. If the frame arrives from the root port (upload), it will be distributed to all designated ports (downlink). When a bridge receives a CBPDU with a root bridge ID greater than its known ID, the information is discarded. If the frame arrives from the designated port, a frame is sent back to inform the real root bridge of the lower ID. When the network is reconfigured intentionally or due to a line failure, the above process will be repeated to generate a new spanning tree.
2. The advantage of the source routing bridge transparent bridge is that it is easy to install, and you only need to plug in the cable and you are done. But on the other hand, such bridges do not make the best use of bandwidth because they only use a subset of the topology (spanning tree). The relative importance of these two (or other) factors has led to a split within the 802 committee. Supporters of CSMA / CD and Token Bus chose a transparent bridge, while supporters of Token Ring preferred a bridge called source routing (encouraged by IBM).
The core idea of ​​source routing is to assume that the sender of each frame knows whether the receiver is on the same LAN. When sending a frame to another LAN, the source machine sets the high-order bit of the destination address to 1 as a flag. In addition, it adds the actual path that this frame should take in the frame header.
The source routing bridge only cares about the frames whose destination address is high. When it sees such a frame, it scans the route in the frame header to find the number of the LAN that sent the frame.
If the LAN number that sent this frame is followed by the number of the local bridge, then forward this frame to the LAN that is behind itself in the routing table. If the LAN number is not followed by this bridge, the frame is not forwarded. There are three possible specific implementations of this algorithm: software, hardware, and hybrid. These three specific implementations vary in price and performance. The first one has no interface hardware overhead,
But it requires a fast CPU to process all incoming frames. The last implementation requires a special VLSI chip, which shares a lot of the work of the bridge, so the bridge can use a slower CPU, or it can connect more LANs.
The premise of source routing is that every machine on the Internet knows the best path for all other machines. How to get these routes is an important part of the source routing algorithm. The basic idea of ​​the routing algorithm is: if the location of the destination address is not known, the source machine issues a broadcast frame and asks where it is. Each bridge forwards the discovery frame so that the frame can reach every LAN on the Internet. When the reply comes back,
The passing bridges record their own identification in the reply frame, so the sender of the broadcast frame can get the exact route, and can choose the best route from it.
5. Remote bridges Bridges are sometimes used to connect two or more LANs that are far apart. For example, a company is distributed in multiple cities. The company has a local LAN in each city. The ideal situation is that all LANs are connected, and the entire system is like a large LAN.
This goal can be achieved by setting up a bridge in each LAN and connecting them two to two with a point-to-point connection (such as renting a telephone company's telephone line). Various protocols can be used for point-to-point connections. One way is to select a standard point-to-point data link protocol and add the complete MAC frame to the payload. If all LANs are the same, this method works best. Its only problem is that frames must be sent to the correct LAN. Another method is to remove the MAC header and tail in the source bridge, and add the rest to the payload of the point-to-point protocol, and then generate a new header and tail in the destination bridge. Its disadvantage is that the checksum arriving at the destination host is not the checksum calculated by the source host, so an error caused by a certain damage in the bridge memory may not be detected.
Although this algorithm can find the best route (it finds all routes), it also faces the problem of frame explosion. A similar situation can happen with transparent bridges,
But not so serious. The diffusion is based on the spanning tree, so the total number of frames transmitted is a linear function of the network size, unlike the exponential function of source routing.
Once the host finds a route to a destination, it will store it in the high-speed buffer without searching again. Although this method greatly curbed the frame explosion,
But it adds a transactional burden to all hosts, and the entire algorithm is definitely opaque.
Transparent bridges are generally used to connect Ethernet segments, while source routing bridges are generally used to connect token ring segments.
5. Remote bridges Bridges are sometimes used to connect two or more LANs that are far apart. For example, a company is distributed in multiple cities, the company has a local LAN in each city,
The ideal situation is that all LANs are connected, and the entire system is like a large LAN.
This goal can be achieved by the following method: a bridge is set in each LAN,
And use a point-to-point connection (such as renting a telephone company's telephone line) to connect them two or two.
Various protocols can be used for point-to-point connections. One way is to select a standard point-to-point data link protocol and add the complete MAC frame to the payload.
If all LANs are the same, this method works best. Its only problem is that frames must be sent to the correct LAN.
Another way is to remove the head and tail of the MAC in the source bridge,
And add the remaining part to the payload of the point-to-point protocol, and then generate a new header and tail in the destination bridge.
Its disadvantage is that the checksum arriving at the destination host is not the checksum calculated by the source host, so an error caused by a certain damage in the bridge memory may not be detected.
SHENZHEN CHONDEKUAI TECHNOLOGY CO.LTD , https://www.szfourinone.com