Network Bridge principle

In simple terms, bridging is the "connection" of several network interfaces on a single machine. As a result, messages received by one of the nets are replicated to other ports and sent out. So that the messages between the network can be forwarded to each other.

A switch is a device that has several web ports, and these are bridged. As a result, several hosts connected to the switch can communicate with each other via the switch's message forwarding.

The following figure: The message sent by host A is sent to the eth0 port of the switch S1, because eth0 and eth1, Eth2 Bridge together, so the message is copied to eth1 and eth2, and sent out, and then by the Host B and switch S2 received. And S2 will forward the message to the host C, D.

In the process of message forwarding, the switch does not tamper with the message data, just copy it as is. However, bridges are not implemented at the physical level, but at the data link layer. The switch is able to understand the data link layer's message, so the bridge is actually not a simple message forwarding.

The switch cares about the MAC address information (including the source and destination addresses) in the header of the datagram's data link layer to see where each MAC address represents (connected to which port of the switch). When message forwarding, the switch only needs to be forwarded to a specific network port, thus avoiding unnecessary network interaction. This is the "address learning" of the switch. However, if the switch encounters an address that it has not learned from, it will not know which network port the message should be forwarded from, and the message must be forwarded to all of the network ports (except for the one that receives the message).

For example, host C sent a message to host A, the message came to the switch S1 eth2 network port. Assuming that S1 has just started and has not learned any addresses, it will send the message to eth0 and eth1. At the same time, S1 will be based on the source of the message MAC address, record "Host C is through the ETH2 network access." So when host a sends a message to C, S1 only need to forward the message to the ETH2 network port. And when the host D send a message to C, assuming that the switch S2 the message to the S1 eth2 network port (in fact, most of the S2 will not do because of address learning), then the S1 will directly discard the message without forwarding (because host C is from the eth2 access).

However, the network topology cannot be immutable. Let's say we change Host B and host C to a different location, when the host C issued a message (regardless of who sent), the switch S1 eth1 Port received the message, so the switch S1 will update its learning address, the original "host C is through the ETH2 network access" to "host C is through the ETH1 network access."

But if the host C has not sent a paper. S1 will always think that "host C is through the ETH2 network access", so the other hosts sent to C messages are forwarded from the eth2, the result message is lost. So the address learning of a switch requires a time-out policy. For switch S1, if the last time you receive a message from host C has been over a certain period (the default is 5 minutes), then S1 need to forget that "host C is accessed through the Eth2 network" thing. As a result, messages destined for host C are forwarded to all Web ports, and messages forwarded from ETH1 will be received by host C. Bridge Implementation of 2.2 Linux

The Linux kernel supports the bridging of the network port (currently only Ethernet interfaces are supported). Unlike a simple switch, however, the switch is only a two-tier device, either forwarded or discarded for incoming packets. A small switch requires only a single switching chip, not a CPU. and running the Linux kernel of the machine itself is a host, may be the destination of network messages. The packets received in addition to forwarding and discarding, may also be sent to the top of the network protocol stack (network layer), and thus be digested by themselves.

The Linux kernel is bridged by a virtual network bridge device. This virtual device can bind several Ethernet interface devices to bridge them up. The following figure (excerpt from Ulni):

Bridge equipment Br0 bound eth0 and eth1. For the upper layer of the network protocol stack, see only Br0, because the bridge is implemented in the Data link layer, the upper layer does not need to care about the details of the bridge. The message sent by the upper layer of the protocol stack is sent to br0, the processing code of the bridge equipment to judge the message should be forwarded to the eth0 or eth1, or both; Conversely, messages received from Eth0 or eth1 are presented to the Network Bridge's processing code, where it is judged that the message is forwarded, discarded, or committed to the top of the protocol stack.
Sometimes eth0, eth1 may also be the source address or destination address of the message, directly participate in the sending and receiving of the message (thus bypassing the Network Bridge).

2.3 The function of the Network Bridge

In summary, the most important two points of the Network bridge:

1. Mac Learning: Learning the MAC address, at first, the Network bridge is not any address and port of the corresponding relationship, it sends the data, still want the hub, but each send a data, it will care about the source of the packet Mac from which port, because of learning, establish address-port table (CAM).

2. Message forwarding: Each send a packet, the network Bridge will extract its destination MAC address, from its own address-port comparison (Cam table) to find out from which port data packages sent out. 3 Network Bridge configuration

Using a network bridge in Linux is very simple, you need to do two things can be configured. One is to open the Config_bridge or condig_bridge_module compilation option in the compiler kernel, and the other is to install the Brctl tool. The first step is to enable the kernel protocol stack to support the Network Bridge, the second step is to install user space tools, through a series of IOCTL to configure the Network bridge. The following is a relatively simple example that runs through the text to analyze the code.

The Linux machine has 4 network adapters, respectively, Eth0~eth4, where eth0 is used to connect the extranet, and eth1, eth2, Eth3 are connected to a PC, used to configure the Network bridge. You can complete the configuration of the network Bridge only with the following command:

Brctl ADDBR Br0 (Build a bridge br0 and create a virtual network card br0 in the Linux kernel)

Brctl addif br0 eth1

Brctl addif br0 eth2

Brctl addif br0 Eth3 (bridge br0 Add interface eth1, eth2 and Eth3 respectively)

Br0 as a network bridge, but also virtual network equipment, it can be used as a network bridge management port, but also as a network bridge connected to the LAN gateway, depending on your needs. When you use the Br0 interface, you must assign it an IP address. For normal work, PC1, PC2,PC3 and BR0 IP addresses are assigned to the same network segment.