Transparent Bridging (TB)
This section covers bridging between Ethernet networks, STP, CRB, and IRB.
Bridges and STP
Ethernet bridging occurs in the data-link layer of the OSI model. Switches perform the same function as bridges. For the rest of the chapter, the term switches refers to bridges. Bridges (and switches) forward frames from one interface to another based on the destination MAC address. For any incoming frame, bridges forward the frame out a specific port, if the destination MAC address is known, or it is flooded out all ports if the MAC address is unknown. If the destination MAC is unknown, the bridges forward the frame out all ports. This is known as flooding. Bridges have three primary functions:
To learn the MAC addresses of all nodes and their associated port
To filter incoming frames whose destination MAC addresses are located on the same incoming port
To forward incoming frames to the destination MAC through their associated port
Bridges keep a bridge table to track the MAC addresses available out each port.
An example of the table on a Catalyst switch is shown in Example 4-3. The switch creates a table that lists the MAC address and port for the stations. For example, the station with MAC address 00-10-7b-80-ba-d5 is located out port 2/10. This MAC table was created dynamically.
Example 4-3 Bridge MAC Table
cat5000: show cam dynamic VLAN Dest MAC/Route Des Destination Ports or VCs / [Protocol Type] ---- ------------------ -------------------------------------------- 710 <Anchor3>00-10-7b-80-ba-d5 2/10 [ALL] 34 00-10-7b-1b-6f-9c 2/3 [ALL] 59 00-10-7b-7e-cc-c3 2/5 [ALL] 59 00-e0-b0-64-6e-47 2/9 [ALL] 1 00-e0-b0-64-6e-49 2/12 [ALL] 1 00-10-7b-7e-cc-cd 2/11 [ALL] 710 00-e0-b0-64-6e-07 2/7 [ALL] 34 00-50-3e-e4-58-59 2/4 [ALL] Total Matching CAM Entries Displayed = 8
Routers can also be configured to bridge protocols. By default, if bridging is configured on an interface, the router bridges any protocol that is not routed on that interface.
The configuration in Example 4-4 bridges between Ethernet 1 and Ethernet 0. Bridge group 1 is configured for the IEEE STP with the bridge 1 protocol ieee command. Each interface is configured to bridge with the bridge-group 1 command.
Example 4-4 Configuration of Bridge Between Ethernet 0 and Ethernet 1
bridge 1 protocol ieee ! interface ethernet 0 bridge-group 1 ! interface ethernet 1 bridge-group 1
Transparent Bridge Modes
Bridges and switches can operate in two basic modes: store-and-forward and cut-through. The legacy mode is store-and-forward. The bridge stores the entire frame and verifies the CRC before forwarding the frame. If a CRC error is detected, the frame is discarded.
With the evolution of bridges and switches with fast integrated circuits, a new mode of operation is usually available: cut-through. In this mode, the switch does not wait for the entire frame to enter its buffer; instead, it forwards the frame just after it reads the destination MAC address. The advantage is that the switching operation is faster. The disadvantage is that the cut-through operation does not check for CRC errors, which increases the amount of runt and error frames on the network. Because of this problem, most switches provide the option to switch the mode back to store-and-forward if an error threshold is met. Switches in cut-through can track the CRC errors of forwarded frames to determine if there are too many errors. Other switches implement modified cut-through, which waits to receive 64 bytes before it begins transmission, which prevents the switch from sending runt frames.
STP
When multiple bridges connect the same LAN segments, bridge loops can occur. The STP is a Layer-2 link management protocol that discovers a loop free topology for connectivity between LANs. As shown in Figure 4-16, STP might place some redundant bridged interfaces in a blocked state. STP provides recovery from bridge failures by changing blocked interfaces to a forwarding state, if a primary link fails. Although a DEC and IBM version are available, the IEEE 802.1d standard is the default protocol.
)
Figure 4-16 STP
Root Bridge Election
A root bridge is elected as the root of the spanning-tree topology. All ports that are not needed to reach the root bridge are placed in blocking mode. The selection of the root bridge is based on the lowest numerical bridge priority. The bridge priority ranges from 0 to 65535. If all bridges have the same bridge priority, the bridge with the lowest MAC address is selected as the root. Physical changes of the network force spanning-tree recalculation.
The router interface priority can be changed with the priority keyword, with priority values ranging from 1 to 255:
R4(config-if)#bridge-group 1 priority ? <0-255>
Bridge Identifier (BID) and Path Costs
As shown in Figure 4-17, the BID is 8 bytes long and contains a bridge priority (2 bytes), along with one of the bridge's MAC addresses (6 bytes). With 2 bytes, the priority values range from 0 to 65,535. The default priority is 32,768.
)
Figure 4-17 BID Format
Each port is assigned a Port ID. Port IDs are 16 bits long and consist of two parts: a 6-bit priority setting and a 10-bit port number.
A path cost value is assigned to each port. The costs are accumulated to determine the total cost to reach the root. According to the original specification in 802.1d, cost is calculated by dividing 1000 Mbps (1 gigabit per second) by the bandwidth (in megabits per second) of the segment connected to the port. Using this formula, a 100 Mbps connection has a cost of 10 (1000 / 100 = 10). To accommodate higher speeds, such as GE, the IEEE adopted new values. Table 4-8 shows the revised path costs for STP.
Table 4-8 STP Path Costs
|
Bandwidth |
STP Cost Value |
|
4 Mbps |
250 |
|
10 Mbps |
100 |
|
16 Mbps |
62 |
|
45 Mbps |
39 |
|
100 Mbps |
19 |
|
155 Mbps |
14 |
|
622 Mbps |
6 |
|
1 Gbps |
4 |
|
10 Gbps |
2 |
Bridge Protocol Data Unit (BPDU)
Transparent bridges performing STP communicate by exchanging BPDUs. BPDU packets contain information on ports, addresses, priorities and costs. Bridges do not forward received BPDUs, instead the information generates new BPDUs.
The BPDU contains the following information:
Root BID—The BID of the bridge that the transmitting bridge believes to be the root bridge.
Path Cost—The cost of the path to reach the root bridge. If the segment is attached to the root bridge, it has a cost of 0. For example, if the data has to travel over three 10 Mbps segments to reach the root bridge, the cost is 200 (100 + 100 + 0).
Sender BID—The BID of the bridge that sent this BPDU.
Port ID—The port ID on the bridge that sent this BPDU.
NOTE
BPDU destination addresses use the bridge group multicast MAC address 01-80-C2-00-00-00. These frames are copied by bridges but ignored by all other stations.
BPDU Types
The two types of a BPDU follow:
Configuration BPDU
Topology Change Notification (TCN) BPDU
Configuration BPDUs are sent from the root bridge with the root BID. The configuration BPDUs flow through all active paths, which provides the root BID and path cost information. The TCN BPDUs flow upstream to the root bridge to alert it of a topology change. The spanning-tree algorithm is recalculated by the bridges to determine any necessary changes in the path. After the network converges, no TCN BPDUs are present in the network.
Bridge Port States
Each port of a transparent bridge exists in the following states:
Disabled—The port is inactive and does not participate in STP.
Blocking—When a port is enabled, it first moves to the blocked state before listening to the network. In this state, it does not participate in frame forwarding. It receives bridge PDUs and sends them to the STP algorithm for processing.
Listening—When the bridge determines that the port should participate in frame forwarding, it changes to the listening state. In this state, the bridge does not forward frames and does not learn of network MAC addresses. The bridge does receive and process BPDUs and network management frames, but it does not send BPDUs.
Learning—The bridge port discards incoming frames. The bridge begins to add MAC addresses associated with this port into the table. BPDU and network management messages are processed. The bridge processes, generates, and sends BPDUs in this state.
Forwarding—The full functional state for a bridged port. In this state, the bridge does not discard incoming frames. The bridge forwards frames to other ports; the bridge also forwards frames out this port. BPDUs and network management frames are processed.
Designated Ports
If connected with more than one port to the same segment, bridges select a designated port. The designated port is the port that sends and receives frames on the segment; other ports are placed in the blocking state (nondesignated ports).
Multi-Instance Spanning-Tree Protocol (MISTP)
Each VLAN configured in a switch runs an independent instance of the STP. MISTP is a proprietary spanning-tree mode in Cisco switches, which allows the grouping of multiple VLANs under a single instance of the STP. The MISTP instance has its own root switch and forwarding ports. When VLANs are mapped into a MISTP instance, it reduces the number of BPDUs because only MISTP BPDUs are sent between the switches configured for MISTP, which allows STP to scale to larger networks such as MANs.
CRB
CRB, introduced in IOS 11.0, enables the administrator to both route and bridge the same protocol on separate interfaces. With CRB, the routed traffic is confined to the routed interfaces, and bridged traffic is confined to the interfaces configured with bridge groups. Prior to CRB, routers could only bridge or route the same protocol—but not both.
As shown in Figure 4-18, IP traffic is routed on Ethernet interfaces 0 and 1 and concurrently bridged between Ethernet interfaces 2 and 3.
)
Figure 4-18 CRB
The router configuration is displayed in Example 4-5.
Example 4-5 Configuration Example of CRB
bridge 1 protocol ieee bridge crb ! interface ethernet 0 ip address 192.168.1.1 255.255.255.0 ! interface ethernet 1 ip address 192.168.2.1 255.255.255.0 ! interface ethernet 2 bridge-group 1 no ip address ! interface ethernet 3 bridge-group 1 no ip address
CRB is enabled with the bridge crb global command. The decision to route or bridge is in the hands of the transparent bridge group, with the bridge number route ip command, which configures IP to be routed in a bridge group.
The show interfaces crb command shows information about which protocols are routed and which are bridged.
IRB
IRB was introduced in IOS 11.2 as an enhancement to CRB. With IRB, a protocol can be routed between routed interfaces, bridged interfaces, or different bridge groups. As shown in Figure 4-19, this permits routing of IP from routed interfaces to bridged interfaces.
)
Figure 4-19 IRB
IRB is enabled with the bridge irb global configuration command. A virtual IRB interface is created to have packets from the routed interfaces reach hosts in the bridge interfaces. The command to create the virtual bridge interface is interface bvi bridge-group.
The router configuration is shown in Example 4-6. In this example, the virtual bridge interface is created for Bridge group 1 with the interface bvi 1 command. IRB is enabled with the bridge irb command. With the bridge 1 route ip command, IP is routed between Ethernet 0, Ethernet 1, and the BVI interface; IP is bridged between Ethernet 2 and Ethernet 3.
Example 4-6 Configuration of IRB
bridge 1 protocol ieee bridge irb bridge 1 route ip ! interface ethernet 0 ip address 192.168.1.1 255.255.255.0 ! interface ethernet 1 ip address 192.168.2.1 255.255.255.0 ! interface ethernet 2 bridge-group 1 no ip address ! interface ethernet 3 bridge-group 1 no ip address ! interface bvi 1 ip address 192.168.3.1 255.255.255.0
The show interface irb displays information about the IRB interface.