IP Routing Fundamentals
Author: Mark Sportack
Publisher: Cisco Press (53)
Although the preceding series of examples
seem a bit redundant, it is necessary to develop the context for better appreciating
the differences between a LAN's MAC broadcast and/or media access domains.
Although these two domains are so closely related as to be virtually synonymous
from a user's perspective, they can be intentionally and unambiguously separated.
This separation, as demonstrated throughout the preceding section's examples
and illustrations, is known as segmentation.
Segmentation is the process of splitting a LAN's domain(s) into two
or more separate domains. This allows a LAN to grow beyond its inherent limitations
without compromising its performance. It is possible to segment LANs' media
access domains, MAC broadcast domains, or both. Segmentation is usually done
to improve the performance of a LAN, although it could be done proactively
to ensure the continued scalability of the LAN.
Some of the devices that could be used to segment a LAN are bridges,
switches, and routers. The functional distinctions between these different
segmentation devices lie in the layers of the OSI reference model that they
operate in. The point is that there are different tools for segmenting different
aspects of a LAN. Selecting the right one for your particular needs absolutely
requires understanding the ways that each operates and the effects they have
on the LAN's domains.
A bridge is a hardware segmentation device that operates at the first two layers of the
OSI reference modelthe physical and data link layers. Bridges segment
a LAN's media access domain. Therefore, installing a bridge between two LAN
hubs results in two media access domains that share a common MAC broadcast
In general, all bridges work by building address
tables. These tables are built and maintained by a bridge. Each is populated
with a two-dimensional array or table. The bridging table maintains an up-to-date
listing of every MAC address on the LAN, as well as the physical bridge port
connected to the segment containing that address.
In operation, the bridge listens to all LAN traffic. The source and
destination MAC addresses of each frame received by the bridge are examined.
This allows the bridge to learn which MAC addresses reside on which port and,
consequently, which LAN segment.
The destination address is hashed against the bridging table to identify
the appropriate port to transmit it from. If the MAC address exists on the
same LAN segment that the frame came from, the bridge needs to do nothing
with it; it safely assumes that the frame has already been carried to its
If the bridging table identifies that MAC address as being on a different
segment, however, the bridge then forwards that frame to that segment. It
is important to note that the bridge, as far as media access is concerned,
must adhere to the media access protocol. In a token-passing network, the bridge
must await the token before it can forward the frame. In a contention-based
LAN, the bridge must compete for available bandwidth before it can forward
It is quite possible that the bridge will occasionally receive a frame
addressed to a MAC address that the bridge doesn't know about. This can happen
when a new device is connected to the network, a bridge's bridging table is “lost,”
or a new bridge is installed. In such cases, the bridge will propagate that
frame to all its attached LAN segments, except for the one the frame came
Bridging, in an IEEE 802-compliant LAN, occurs at the MAC layer.
For this reason, bridges are frequently referred to as MAC bridges. MAC bridging is an unnecessarily
broad technical term. It effectively describes the layer at which the device
operates but does not describe its functionality. In fact, there are three
types of MAC bridges:
Transparent bridges link
together segments of the same type of LAN. The simplest transparent bridge
contains just two ports, but transparent bridges may also contain more
ports. Figure 3-7
illustrates how a transparent bridge isolates the traffic of two LAN segments
by creating two media access domains.
3-7. Transparent bridges segment the media access domain of a single
The transparent bridge segments one LAN with one communications channel
into two distinct communications channels within a common architecture. This
is significant because it means that a bridge can reduce the number of devices
in a media access domain by creating two such domains.
It is important to note that transparent bridges do not segment a LAN's
MAC broadcast domain. Therefore, in Figure
3-7, MAC broadcasts are still carried throughout the entire LAN. Despite
this, the LANs on each side of the bridge function as separate media access
A translating bridge, sometimes also referred to as a translational
bridge, works in exactly the same manner as a transparent bridge,
but it has the added capability to provide the conversion processes needed
between two or more LAN architectures. It does this by literally translating
the frames of one LAN architecture into the frame structure of another. This
is useful for interconnecting Token Ring and Ethernet devices.
illustrates using a translating bridge to interconnect a Token Ring and
Ethernet LANs. The stations on both LANs may communicate with each other
through the bridge as easily as they communicate among themselves.
In Figure 3-8,
the Token Ring LAN is depicted as a ring, and the Ethernet is depicted
as a bus. This visually reinforces the differences between these two
LAN architectures that would not otherwise be evident if they were illustrated
using the more familiar star topology.
3-8. Translating bridges interconnect dissimilar LAN architectures.
The Token Ring and Ethernet LANs in Figure
3-8 retain separate media access domains. Given the radical differences
in their media access arbitration techniques, this shouldn't be surprising.
What may be surprising, however, is that the bridge unifies their MAC
broadcast domains! Therefore, a Token Ring-connected computer can send
MAC broadcasts to Ethernet-connected machines.
Perhaps a more useful application of translation
bridging is using a more robust LAN architecture as a backbone for client/server
LANs. It is quite common, for example, to use FDDI
to interconnect Ethernet segments. This is illustrated in Figure
3-9. Translating bridges can also be used to interconnect client/server
LANs using a high-performance LAN architecture.
In this scenario, the use of translating bridges creates three separate
media access domains: two Ethernet and one FDDI. These bridges, however, do
not segment the LANs' MAC broadcast domains. Instead, the bridges unify the
three different LANs into a single MAC broadcast domain.
Translation bridging is only possible among LANs that adhere to the
IEEE's standards for MAC addressing.
Translating bridges are highly specialized devices. Therefore, unless
a bridge is specifically identified as a translating bridge, do not assume
that it can bridge dissimilar LAN architectures.
The last type of bridge is the speed-buffering
bridge. Speed-buffering bridges have long been used to interconnect LAN segments
with similar architectures but different transmission rates. Examples of this
include the following:
4 Mbps to 16 Mbps Token Ring
1 Mbps to 10 Mbps Ethernet
10 Mbps to 100 Mbps Ethernet
You could argue that translating
bridges are, in effect, also speed-buffering bridges. To the extent that most
of the translations occur between LAN architectures with different transmission
rates, translation bridges must also perform speed buffering. Their primary
function is translation, however; speed buffering is an adjunct task made
necessary by the translation.
illustrates a speed-buffering bridge interconnecting a 10 Mbps Ethernet
LAN with a 100
Mbps Ethernet LAN. In this illustration, the servers are concentrated
together on a single high-speed LAN segment, and the clients share a lower-speed
3-10. Using a speed-buffering bridge to interconnect 10 and 100
Mbps Ethernet LANs.
In Figure 3-10,
the clients and the servers enjoy separate media access domains, but now
share a common MAC broadcast domain.
Generally speaking, bridges are simple and inexpensive devices. They are self-learning, so
the administrative overheads are negligible. A bridge is usually a two-port
device, but bridges can also have more ports. Such multiport bridges are useful
in internetworking more than two LAN environments.
Bridges function transparently from both a user's and an administrator's
perspective. The variety of bridges makes them a flexible mechanism for improving
the performance of a LAN. Bridging is on the decline. This isn't due to their
functions no longer being needed. Quite the contrary: Their functionality
is required more today than ever before! Consequently, their functions have
been almost completely usurped by other networking devices.
Their functionality has been built in to routers, multitopology LAN
hubs, and, most importantly, LAN switches. Many stand- alone and stackable
hubs are also available with higher performance up-link ports. All are either
translating, speed-buffering, or transparent bridges in disguise.
A switch is a multiport, data link layer (Layer 2) device.
Much like a bridge, a switch “learns” MAC addresses and stores
them in an internal lookup table. Temporary logical paths are constructed
between the frame's originator and its intended recipient, and the frames
are forwarded along that temporary path. The capability to create and sustain
temporary paths with their own dedicated bandwidth is what separates bridges
from switches. Bridges use a shared backplane to interconnect LAN segments.
Switches use temporary, but dedicated, logical paths to interconnect LAN segments
as needed. This architecture results in each port on a switch functioning
as a separate media access domain.
Beyond this architectural distinction, switches and bridges are similar
enough in their mechanics that switches are frequently described as nothing
more than fast bridges. This is a gross oversimplification, of course, that
does not adequately describe a switch's many benefits.
Switching can be used to interconnect either hubs or individual devices.
These approaches are known as segment switching and port switching, respectively.
Using a switch to interconnect shared hubs is known as segment switching.
This name indicates that each port functions as its own segment. In this scenario,
each hub connected to a switched port becomes its own media access domain
although that domain must include the switched port.
illustrates the media access and MAC broadcast domains of a segment-switched
As is now somewhat predictable with data link layer segmentation mechanisms,
segment switching does not segment the MAC broadcast domain. Segment switching
does, however, segment media access domains. The net effect is an increase
in the available bandwidth on the LAN, a decrease in the number of devices
sharing each segment's bandwidth, yet no compromise in the Layer 2 connectivity
(as defined by the MAC broadcast domain). A MAC broadcast would be propagated
throughout all the switched segments.
3-11. Media access and MAC broadcast domains in a segment-switched
In a port-switched LAN, each
port on the switching hub is connected to a single device. The switching
port and the device it connects to become their own self-contained media
access domain. All devices in the network remain part of the same MAC
broadcast domain, however. This is illustrated in Figure
Port switching is also sometimes referred to as microsegmentation because it chops a LAN's
media access domain into the smallest possible segments. Switching has proven
to be so successful at improving LAN performance in both segment and port-level
configurations that it has been broadly implemented. Today, it is easy to
find a switching hub for virtually every LAN architecture, including both contention-based and token-passing LAN architectures.
Media access and MAC broadcast domains in a port-switched LAN.
3-12. Media access and MAC broadcast domains in a port-switched
In a contention-based protocol, port switching effectively
reduces the collision domain to just the switch port and the device that it
connects to the network. The single greatest performance constraint in contention-based
networks, such as Ethernet networks, is competition for bandwidth. Therefore,
it shouldn't be a surprise that segmenting media access domains has always
been the preferred means of improving performance in such networks.
Switching builds on this success model and takes it to the extreme with
port segmentation. Competition for bandwidth, and the chaos that inevitably
ensues on busy networks no longer need to be the performance constraints that
they once were. In fact, port switches are frequently designed for full-duplex
operation. A separate physical wire path exists for both transmit and receive
operations. Therefore, even the competition between a switch port and its
attached peripheral is eliminated.
Port switching can improve token-passing LANs in much the same way it can improve contention-based
LANs. The number of devices that pass tokens is reduced to an absolute minimum
number of two: the switch port and the device connected to it. The only difference
is that these devices pass tokens back and forth, rather than compete with
each other for available bandwidth.
The last form of switching is called Layer 3 switching, or Internet
Protocol (IP) switching. Layer 3 switches are, essentially, a cross
between a LAN switch and a router. Each port on the switch is a separate LAN
port, but the forwarding engine actually calculates and stores routes based
on IP addresses, not MAC addresses.
Each LAN port functions as a port-switched LAN port. Layer 3 switches
available today tend to only support IP or both IP and IPX, to the exclusion
of other network layer protocols. Similarly, selection of LAN port technologies
is frequently limited to either 10 or 100 Mbps Ethernet.
It is important to note that, for the most part, segmentation doesn't create two separate LANs. LANs
exist only at the first two layers of the OSI reference model: the physical
and data link layers. The segmentation devices examined up to this point have
been limited to just these first two layers of the OSI reference model. However,
there's another way to segment LANs: by using routers.
Routers can be used in two different ways to segment LANs:
Routers are designed to be a universal interconnector in both LANs and WANs. To support
their flexibility, they are available with interfaces for virtually every
standardized LAN architecture and WAN transmission facility imaginable. Therefore,
they can be configured with any or all the interfaces that are required to
mimic the functionality of all three types of LAN bridges.
Having already seen that all three types of bridges segment media access
domains while unifying MAC broadcast domains, it should be sufficient to say
that a router can be programmed to function exactly as
a bridge. That is to say, a router can isolate the media access domains of
two or more LANs while simultaneously bridging their MAC broadcast domains.
This is done by configuring the router interfaces for the two LANs. By virtue
of connecting to different router interfaces, the media access domains of
these LANs are automatically kept isolated from each other. However, the router
will forward any MAC broadcasts, or any other MAC-addressed frames, that a
bridge would propagate across the segments.
In deference to their bridging capabilities, routers were sometimes
This term is a shortened form of bridge-router. Because bridging,
as a LAN segmentation technique, has matured and declined, the term
brouter has disappeared. Today, it is rare to encounter anyone
who still uses it.
Using routers to emulate bridges has fallen out of favor for several
reasons. First, bridged networks were unable to scale to meet growing demand
for network connectivity. Second, the emergence of LAN switching provided
networks with a very cost-effective and highly scalable means of scaling upward.
Therefore, bridges became superfluous. Finally, routers tend to be more sophisticated
and expensive than bridges. Simple economics reveal that a router's resources
are better applied to more sophisticated uses. Using routers to interconnect
LANs was an invaluable step, however, in the evolution from flat networks
to switched networks.
Routers, unlike bridges or switches, have the capability to operate at
the first three layers of the OSI reference modelthe physical,
data link, and network layers. Consequently, they aren't as limited in
their segmentation capabilities as bridges and switches are. They can
interconnect two or more LANs without consolidating their MAC broadcast
domains! In fact, using a router to segment a LAN creates fully separate
LANs, each with its own media access and MAC broadcast domains. Figure
3-13 illustrates a router being used to segment a LAN.
3-13. Routers can segment both media access and MAC broadcast domains.
In Figure 3-13,
two Ethernet LANs are interconnected via a router. Each LAN's media access
domain now includes the hub port and router port that provide the interconnection.
The two LANs' MAC broadcast domains, however, remain fully separate.
Commonality between these LANs is established at the network layer.
In other words, a Layer 3 addressing architecture and protocol suite, such
as IP, is required for communications between any two devices that reside
on different LANs. Given this, a third domain must be considered whenever
segmenting a LAN: the network domain. A network domain consists of all the
networked devices that can communicate directly using IP (or other Layer 3
protocols) for addressing across a LAN. Implicit in this definition is that
IP packets are not routed to other networks, even though
they use a routable address format. Routers are unique in their capability
to segment network domains.
Routers can do several things that data link layer segmentation devices,
such as bridges and switches, can't:
Routers can look inside the payload of data frames and identify
the packets that are enveloped by the frame.
Routers strip away the framing and reconstruct the packets
contained in the frame's data field.
Routers can forward packets (as opposed to just frames).
Another key difference between bridges and routers is that routers
do not just identify which port they need to forward the packet or frame to.
They were designed for operation in a potentially more complex, and even circuitous,
environment: the WAN. In a WAN, there may be multiple paths through the network
to get from any point to any point. The router can identify all the potential
paths through the network to any given destination address. More significantly,
the router can discriminate between the alternatives and select the best path.
One of the primary architects of OpenCable, Michael
Adams, explains the key concepts of this initiative in his book
Broadband, Second Edition
by George Abe
Introduces the topics surrounding high-speed networks
to the home. It is written for anyone seeking a broad-based familiarity
with the issues of residential broadband (RBB) including product
developers, engineers, network designers, business people, professionals
in legal and regulatory positions, and industry analysts.