Ethernet Bridges & Switches

bridge is a LAN interconnection device which operates at the data link layer (layer 2) of the OSI reference model. It may be used to join two LAN segments (A,B), constructing a larger LAN. A bridge is able to filter traffic passing between the two LANs and may enforce a security policy separating different work groups located on each of the LANs. Bridges were first specified in IEEE 802.1D (1990) and later by ISO (in 1993).
The format of PDUs at this layer in an Ethernet LAN is defined by the Ethernet frame format (also known as MAC - Medium Access Control). It consists of two 6 byte addresses and a one byte protocol ID / length field. The address field allows a frame to be sent to single and groups of stations. The MAC protocol is responsible for access to the medium and for the diagnosis of failure in either the medium or the transceiver which attaches to the medium.
Operation of a Bridge
The simplest type of bridge, and that most frequently used is the Transparent Bridge (meaning that the nodes using a bridge are unaware of its presence). The bridge therefore has to forward (receive and subsequently transmit) frames from one LAN (e.g. LAN A below) to another (e.g. LAN B). Obviously, the bridge could forward all frames, but then it would behave rather like a repeater; it would be much smarter if the bridge only forwarded frames which need to travel from one LAN to another. To do this, the bridge need to learn which computers are connected to which LANs. More formally, it need to learn whether to forward to each address.
A bridge connecting two LAN segments (A and B).
To learn which addresses are in use, and which ports (interfaces on the bridge) theory are closest to, the bridge observes the headers of received Ethernet frames. By examining the MAC source address of each received frame, and recording the port on which it was received, the bridge may learn which addresses belong to the computers connected via each port. This is called "learning". In the figure above, consider three computers X,Y,Z. Assume each sends frames to the other computers. The source addresses X,Y are observed to be on network A, while the address of computer Z will be observed to be on network B.
A bridge stores the hardware addresses observed from frames received by each interface and uses this information to learn which frames need to be forwarded by the bridge.
The learned addresses are stored in the an interface address table associated with each port (interface). Once this table has been setup, the bridge examines the destination address of all received frames, it then scans the interface tables to see if a frame has been received from the same address (i.e. a packet with a source address matching the current destination address). Three possibilities exist:
If the address is not found, no frames have been received from the source. The source may not exist, or it may not have sent any frames using this address. (The address may also have been deleted by the bridge because the bridge software was recently restarted, ran short of address entries in the interface table, or deleted the address because it was too old). Since the bridge does not know which port to use to forward the frame, it will send it to all output ports, except that on which it was received. (It is clearly unnecessary to send it back to the same cable segment from which it was received, since any other computer/bridges on this cable must already have received the packet.) This is called flooding.
If the address is found in an interface table and the address is associated with the port on which it was received, the frame is discarded. (It must already have been received by the destination.)
If the address is found in an interface table and the address is not associated with the port on which it was received, the bridge forwards the frame to the port associated with the address.
Packets with a source of X and destination of Y are received and discarded, since the computer Y is directly connected to the LAN A, whereas packets from X with a destination of Z are forwarded to network B by the bridge.
Broadcast and Multicast
Bridges forward a broadcast frame out of all connected ports except that on which the frame was received. The normal action for multicast frame is to treat them as broadcast frame. This is clearly suboptimal, since a bridge may send multicast frames to parts of the network for which there are no interested receivers. Some bridges implement extra processing to control the flooding of multicast frames.
Managing the Interface Tables
A bridge may implement an interface table using a software data structure or use a Contents Addressable Memory (CAM) chip. In either case, the size of the table is finite, and usually constrained to 1000's - 10 000's of entries. In a large LAN this may be a limit. To help keep the table small, most bridges maintain a check of how recently each address was used. Addresses which have not been used for a long period of time (e.g. minutes) are deleted. This has the effect of removing unused entries, but if the address is again used, before a frame is received from the same source, it will require the frame to be flooded to all ports.
A useful side effect of deleting old addresses is that the bridge interface table records only working MAC addresses. If a NIC stops sending, its address will be deleted from the table. If the NIC is subsequently reconnected, the entry will be restored, but if the connection is made to another port (the cable is changed) a different (updated) entry will be inserted corresponding to the actual port associated with the address. (The bridge always updates the interface table for each source address in a received MAC frame, therefore even if a computer changes the point at which it is connected without first having the interface table entry removed, the bridge will still update the table entry).
Filter Tables
In some bridges, a system administrator may override the normal forwarding by inserting entries in a filter table to inhibit forwarding between different work groups (for example to provide security for a particular set of MAC addresses). The filter table contains a list of source or destination addresses. Frames which match entries in the filter table will only be forwarded to specific configured ports.