a. First understanding of the working principle of the bridge
l Cache : The bridge will first cache and process the received data frame ;
Learning: When a frame passes through a bridge, the bridge first looks up the source MAC address of the frame in the bridge table. If the address is not in the bridge table , the MAC address and its corresponding bridge port information will be added (reverse learning method) ;
l Filtering : Determine whether the target node of the incoming frame is located in the network segment that sent the frame (in the same port), if so, the bridge will not forward the frame to other ports of the bridge ;
l Forwarding : If the target node of the frame is located in another network, the bridge will send the frame to the correct network segment (forward to another port) ;
Each bridge maintains a filtering database based on MAC addresses, and the bridge forwards the received frames to the corresponding local area network (port) according to this database.
In the filter database, each possible destination (destination MAC address) is listed, and which output line it belongs to (a port number, which indicates which LAN it is forwarded to), and each entry has a timeout setting .
You can learn the changed address in time ;
Forwarding : If the destination address is found in the table , it will be directly forwarded to the port corresponding to the destination MAC address;
Forwarding : If the destination address is not found in the table, the data will be sent to all network segments connected to the bridge except the network segment that sends the data by means of diffusion .
Works in promiscuous mode (receives all frames transmitted on the LAN connected to this bridge).
b. The working process of the bridge
l Assuming that the bridge receives a MAC frame on port x, there are the following rules
1. Query the source MAC of the packet in the bridge table; if not, add the MAC address and its corresponding bridge port information; if so, continue to the next step;
2. Query the filtering database to determine whether the destination MAC address is in other ports except [ port x ] ; if the destination MAC address is in port x, no forwarding is performed;
3. During forwarding, if the destination MAC address is in a certain port y in the filtering database, determine whether port y is in a blocking or forwarding state ( Spanning Tree Protocol ) . [ We can see in later spanning tree algorithms that a port may sometimes be blocked to prevent it from receiving or sending frames ] If port y is non-blocking, forward the frame to the LAN it is connected to through port y middle.
4. During forwarding, if the destination MAC address is not found, the frame is sent to all ports except the port from which it came, that is, forwarding ( diffusion ) .
c. Scenario analysis of the bridge
Learning: Site A sends data to B, the bridge learns that A is on port 1 by checking the source address of the frame, and adds <A,1> to the filtering database.
Forwarding: The bridge doesn't know where B is, so it floods the frame to all other ports (ie, ports 2 and 3). (all ports connected by the bridge, except port 1)
Forwarding: After B receives the frame from A, it may respond, that is, B sends data to A. At this time, the bridge checks the source address and learns that B is on port 2, adds the entry <B,2>, and the frame The destination address of A exists in the filtering database and is on port 1, so the frame that B sends back to A is forwarded to port 1
Filtering: Now station C sends data to A. Since A, C and the bridge are connected to the same hub, the bridge will also receive the frame, check the source address C, record C on port 1, and add the entry <C, 1>, at the same time, the destination address A is in the filtering database and the port where it is located is the port that received the frame, so it will not be forwarded.
Aging: The TTL of the filtered database entry increases every second, and if it exceeds a certain value, it is cleared from the database. Generally, the default TTL is set to 300 seconds. Aging mainly takes into account the limited memory of the bridge and the movement of nodes.
d. Bridge explained one
Bridge (Bridge) is a device used for TCP/IP Layer 2 protocol switching on Linux, which is similar in function to switches in the real world. Bridge device instances can be connected to other network device instances on Linux, that is, attach a slave device, similar to connecting a network cable between a switch and a user terminal in the real world. When data arrives, Bridge will broadcast, forward and discard according to the MAC information in the message.
As shown in the figure, the function of Bridge is mainly implemented in the kernel. When a slave device is attached to the Bridge, it is the equivalent of a real-world switch port plugged into a network cable with a terminal attached. At this time in the kernel program, netdev_rx_handler_register() is called, and a callback function for receiving data is registered. In the future, this function will be called whenever the slave device receives data to forward the data to the Bridge. When Bridge receives this data, br_handle_frame() is called to perform a process similar to that of switches in the real world: determine the type of the packet (broadcast/single point), look up the internal MAC port mapping table, locate the target port number, Forward data to destination port or drop, automatically update internal MAC port mapping table for self-learning.
Bridge 和现实世界中的二层交换机有一个区别,图中左侧画出了这种情况:数据被直接发到 Bridge 上,而不是从一个端口接受。这种情况可以看做 Bridge 自己有一个 MAC 可以主动发送报文,或者说 Bridge 自带了一个隐藏端口和寄主 Linux 系统自动连接,Linux 上的程序可以直接从这个端口向 Bridge 上的其他端口发数据。所以当一个 Bridge 拥有一个网络设备时,如 bridge0 加入了 eth0 时,实际上 bridge0 拥有两个有效 MAC 地址,一个是 bridge0 的,一个是 eth0 的,他们之间可以通讯。由此带来一个有意思的事情是,Bridge 可以设置 IP 地址。通常来说 IP 地址是三层协议的内容,不应该出现在二层设备 Bridge 上。但是 Linux 里 Bridge 是通用网络设备抽象的一种,只要是网络设备就能够设定 IP 地址。当一个 bridge0 拥有 IP 后,Linux 便可以通过路由表或者 IP 表规则在三层定位 bridge0,此时相当于 Linux 拥有了另外一个隐藏的虚拟网卡和 Bridge 的隐藏端口相连,这个网卡就是名为 bridge0 的通用网络设备,IP 可以看成是这个网卡的。当有符合此 IP 的数据到达 bridge0 时,内核协议栈认为收到了一包目标为本机的数据,此时应用程序可以通过 Socket 接收到它。一个更好的对比例子是现实世界中的带路由的交换机设备,它也拥有一个隐藏的 MAC 地址,供设备中的三层协议处理程序和管理程序使用。设备里的三层协议处理程序,对应名为 bridge0 的通用网络设备的三层协议处理程序,即寄主 Linux 系统内核协议栈程序。设备里的管理程序,对应 bridge0 寄主 Linux 系统里的应用程序。
Bridge 的实现当前有一个限制:当一个设备被 attach 到 Bridge 上时,那个设备的 IP 会变的无效,Linux 不再使用那个 IP 在三层接受数据。举例如下:如果 eth0 本来的 IP 是 192.168.1.2,此时如果收到一个目标地址是 192.168.1.2 的数据,Linux 的应用程序能通过 Socket 操作接受到它。而当 eth0 被 attach 到一个 bridge0 时,尽管 eth0 的 IP 还在,但应用程序是无法接受到上述数据的。此时应该把 IP 192.168.1.2 赋予 bridge0。
另外需要注意的是数据流的方向。对于一个被 attach 到 Bridge 上的设备来说,只有它收到数据时,此包数据才会被转发到 Bridge 上,进而完成查表广播等后续操作。当请求是发送类型时,数据是不会被转发到 Bridge 上的,它会寻找下一个发送出口。用户在配置网络时经常忽略这一点从而造成网络故障。
e. Bridge讲解二
如下图:主机A发送的报文被送到交换机S1的eth0口,由于eth0与eth1、eth2桥接在一起,故而报文被复制到eth1和eth2,并且发送出去,然后被主机B和交换机S2接收到。而S2又会将报文转发给主机C、D。
交换机在报文转发的过程中并不会篡改报文数据,只是做原样复制。然而桥接却并不是在物理层实现的,而是在数据链路层。交换机能够理解数据链路层的报文,所以实际上桥接却又不是单纯的报文转发。
交换机会关心填写在报文的数据链路层头部中的Mac地址信息(包括源地址和目的地址),以便了解每个Mac地址所代表的主机都在什么位置(与本交换机的哪个网口相连)。在报文转发时,交换机就只需要向特定的网口转发即可,从而避免不必要的网络交互。这个就是交换机的“地址学习”。但是如果交换机遇到一个自己未学习到的地址,就不会知道这个报文应该从哪个网口转发,则只好将报文转发给所有网口(接收报文的那个网口除外)。
比如主机C向主机A发送一个报文,报文来到了交换机S1的eth2网口上。假设S1刚刚启动,还没有学习到任何地址,则它会将报文转发给eth0和eth1。同时,S1会根据报文的源Mac地址,记录下“主机C是通过eth2网口接入的”。于是当主机A向C发送报文时,S1只需要将报文转发到eth2网口即可。而当主机D向C发送报文时,假设交换机S2将报文转发到了S1的eth2网口(实际上S2也多半会因为地址学习而不这么做),则S1会直接将报文丢弃而不做转发(因为主机C就是从eth2接入的)。
However, network topology cannot be permanent. Suppose we change the location of host B and host C. When host C sends a message (regardless of whom it is sent to), the eth1 port of switch S1 receives the message, so switch S1 will update its learned address and replace the original " "Host C is connected through the eth2 network port" is changed to "Host C is connected through the eth1 network port". But what if host C doesn't send packets all the time? S1 will always think that "host C is connected through the eth2 network port", so the packets sent by other hosts to C will be forwarded from eth2, and the packets will be lost. Therefore, the address learning of the switch needs to have a timeout policy. For switch S1, if a certain period of time has passed since the last time it received a packet from host C (the default is 5 minutes), S1 needs to forget that "host C is connected through the eth2 network port". In this way, the packets sent to host C will be forwarded to all network ports, and the packets forwarded from eth1 will be received by host C.