Configuring Transparent Bridging and Integrated Routing and Bridging

Learning

When a transparent bridge is first powered up, it knows nothing of the network topology. It learns which stations can be reached on each of its ports (or interfaces) by monitoring the source MAC addresses of all incoming frames. For this reason, a transparent bridge is sometimes also called a learning bridge.

A transparent bridge maintains a database of learned MAC addresses and their associated interfaces in a table. These table entries are cached. The bridge updates the table regularly when a station sends a frame, and flushes entries of stations not heard from within a specified (implementation-dependent) time period.

In Figure17-1, for example, the bridge has learned about four devices based on their initial startup communication. The bridge associates each of these devices with the interface closest to the device.

During the startup phase, when station .1111 sends to .2222, the bridge does not yet know where .2222 is located. So, in order to provide connectivity, it sends or floods the frame out to all connected interfaces except the interface on which the packet was received. Then, when it sees .2222 reply, the bridge adds .2222 to its table. Because it already knew the port location of .1111, the bridge has no need to flood again.

Forwarding

If the bridging table contains an association between the destination address and any of the bridge's interfaces (aside from the one on which the frame was received), a transparent bridge forwards frames from an inbound interface to the correct outbound interface to reach the destination.

A transparent bridge forwards out all interfaces (except the one from which the frame was received), all broadcast and multicast frames, and frames from unknown stations. (A station is unknown if it is not in the bridging table.) This action is also known as flooding.

How does a bridge learn addresses and forward traffic? If the source and destination address are located on different bridged segments, and if neither address is known to the bridge, the bridge does the following:

1. Notes the source address and updates its table.

2. Forwards the frame out to all interfaces (except the interface on which the frame was received).

3. If a reply comes back, the bridge examines the source address (which was the original target destination) and adds the entry to its table.

4. The bridge forwards subsequent communication between the devices.

Once again, refer to Figure17-1. If a packet destined for .4444 was sent from .1111, the bridge would forward it based on its forwarding table.

Filtering

A bridge will not forward a frame if the source and destination addresses are in the bridging table and are located on the same segment. This behavior is known as filtering.

A bridge learns addresses and filters traffic as follows (assume that the source and destination stations are located on the same segment, and only the destination address is unknown), as in the following:

1. The source sends a frame to the destination.

2. The bridge sees the frame and floods the frame out to all interfaces (except the interface on which the frame was received).

3. When the reply comes back, the bridge reads the source address and updates its table.

4. The bridge discards, or filters, subsequent frames between the devices.

The effect of this filtering is that it conserves bandwidth. In Figure17-1, for example, packets from .1111 that are destined to .2222 will not be forwarded.

Avoiding Bridging Loops with the Spanning-Tree Protocol

A bridging loop occurs when there is more than one path between any two bridged LANs in the network. A topology with loops can be useful as well as potentially harmful. Without loops, the topology has no redundancy. Without redundancy, if a bridge or LAN segment fails, connectivity is lost.

Without a bridge-to-bridge protocol, the transparent bridging algorithm fails when there are multiple paths of bridges and LANs between any two stations in the network. Recall that a bridge must flood all broadcast frames, by default. In a network containing a bridging loop, as shown in Figure17-2, a single broadcast frame can cause a broadcast storm—an undesirable network event in which many broadcasts are sent simultaneously across all network segments, consuming all available network bandwidth and resources and ultimately leading to a disruption in network service to users.

Loops occur in routed networks but are not as harmful. In routing, a packet is addressed to a specific router (and the MAC layer) and the router only forwards a packet out a single interface. As a result, routers do not procreate packets like bridges do. There also is generally a Time To Live (TTL) field in the routed packet so the router will eventually discard the looping packet. If such a field exists in the bridged packet, bridges do not see it or decrement it so a packet can loop indefinitely.

Figure17-2 shows how a broadcast frame can disrupt network service when the network has a loop:

1. Station X sends a broadcast frame looking for station Y.

2. Each bridge (by default) must forward the broadcast frame onto all connected segments. Now there are two broadcast frames on segment 2.

3. Both bridges see the broadcast frames again, and again forward the frames.

4. A broadcast storm ensues.

The spanning-tree protocol solves the problems associated with bridge loops by allowing redundant paths (loops), but ensuring a loop-free topology through a bridge-to-bridge protocol. The spanning-tree protocol creates this loop-free topology by blocking one path where duplicate paths exist between network segments and automatically activating backup paths if a link segment or bridge fails.

The following two spanning-tree protocol versions exist for transparent bridging:

• DEC—Digital Equipment Corporation developed the first spanning tree protocol that was the basis for the IEEE 802.1D specification.

• IEEE 802.1D—The IEEE (Institute of Electrical and Electronic Engineers) approved spanning tree protocol to resolve bridging loops through bridge-to-bridge communications and path resolution.

Note that the DEC and IEEE 802.1D spanning tree versions differ enough that they cannot both run on the same network.

Cisco supports both protocol types. Although Digital's implementation served as the foundation for the IEEE implementation, the two are not compatible.

The basic operation of the spanning-tree algorithm is as follows:

1. The protocol elects a root bridge based on a unique bridge identifier. The bridge with the lowest identifier becomes the root. The first two bytes of the bridge identifier contain a user-configurable priority field, and the last six bytes contain one of the bridge's MAC addresses. The network administrator can configure the priority field to determine which bridge becomes the root (preferable) or allow the protocol to automatically determine it. If you configure a bridge to be root, select a bridge that is in the middle of the traffic flow, as defined by a protocol/network analyzer.

2. Each bridge selects the lowest-cost path to the root bridge based on a metric assigned to each link along the path to the root bridge.

3. Interfaces with alternate paths will block traffic to prevent loops. In Figure17-3, bridge A's E1 interface is blocked to prevent looping.

   
   Figure 17-3. The spanning-tree algorithm disables interfaces.

In Figure17-3, two bridges are in parallel, causing a loop. The spanning-tree algorithm will disable one of the bridge's interfaces to prevent the logical loop from affecting traffic. If something happened to bridge B, bridge A would act as a backup and would take over support of the network segment.

Step 1: Select a Spanning-Tree Protocol

Using the bridge protocol command, select either the DEC or IEEE spanning-tree implementation. Note that all routers must use the same implementation. The two implementations are not compatible, so the protocol must be set the same for all bridges that are to be part of the same spanning tree.

The bridge protocol command is run in global configuration mode and defines a specific spanning-tree algorithm for a bridge group:

Step 2: Assign a Priority to the Bridge (Optional)

To control which bridge becomes the root bridge, use the bridge priority command to set the priority on one bridge to be lower than all of the others. If you want to control which bridge takes over in case the root bridge fails, configure another bridge with the second-lowest priority field. Leave all other bridge priorities at their default value of 128 (for DEC), or if using IEEE, the value is 32768.

The bridge-group command assigns an interface to a particular bridge group:

where bridge-group number is a decimal number from 1 to 63.

Some things to note about bridge groups are as follows:

• Interfaces not participating in a bridge group will not forward bridged traffic.

• There is no communication between bridge groups.

• An interface can be part of only one bridge group.

Step 3: Assign the Interface to a Spanning-Tree Group

Determine which interfaces you want to belong to the same group, and use the bridge-group command to assign those interfaces to that group. These interfaces will all be a part of the same spanning tree. Interfaces not participating in a bridge group will not forward bridged traffic.

The bridge priority command assigns a specific priority to the bridge, assisting in the spanning-tree root definition. The lower the priority, the more likely the bridge will be selected as the root:

Step 4: Assign a Cost to the Outgoing Interface (Optional)

To control the path cost assigned to an interface, use the bridge-group path-cost command. Otherwise, the default values are used in calculating the best-cost path to reach the root bridge. The default is 1000Mbps divided by the data rate of the attached LAN. As a result, links supporting higher data rates have lower (preferred) costs.

The bridge-group path-cost command is used to assign a path cost to a particular interface. The cost is used in the spanning-tree algorithm to determine the best path to another area of the network. The default is 1000Mbps divided by the data rate of the attached LAN. Once the costs of all possible paths is determined, the spanning tree bridges consider the lowest-cost paths as the preferred path. Higher-cost paths are considered backup paths and are used should the preferred path become unavailable.

Transparent Bridging Example

Figure17-4 depicts a transparent bridging example. In this example, Cisco A becomes the root bridge because it has a lower priority.

The default path cost for Ethernet is 100. Because Cisco B has a lower path cost than the default configured on Ethernet 0 and on Ethernet 1, the blocked interface will occur on the right side of the network, eliminating the loop.

On Cisco B, the priority has been changed to 100 from the default of 128. The path costs for both Ethernet interfaces have been changed to 10 from the default of 100. To the devices connected to the network on which Cisco D and Cisco E reside, the path through Cisco D and Cisco B to reach the root Cisco A is clearly lower and preferred. Therefore, Cisco E will block frames originating on segment 1 and Cisco D will forward them.