HANK@BARILVM.BITNET (Hank Nussbacher) (12/18/87)
I promised to post my results to the list. Here it is. Once again
thanks to all those that supplied comments.
Routers vs. Bridges revisited
December 18th, 1988
Henry Nussbacher
HANK@VM1.TAU.AC.IL
Israel Network Information Center
=================================
Acknowledgements:
Rob Austein - MIT
Bob Braden - ISI
Scott Brim - Cornell University
Charles Hedrick - Rutgers University
John Lekashman - NASA
Radia Perlman - MIT
Yakov Rekhter - IBM
G.A Sawkins, D. Crocker: Internetworking Connections: A Comparison
of Options, May 1987
This paper will attempt to analyze the differences between
routers and bridges. Routers operate at the Network Layer (level 3)
and typically understand routing protocols inherent in Tcp/Ip or
Decnet or XNS. Bridges operate at the Data Link Layer (level 2) and
do not understand anything about any communications protocol other
than the physical medium, which is typically an Ethernet.
The difference with this paper will be the fact that in addition
to "standard" routers and bridges, an attempt will be made to
analyze multi-protocol routers and routing bridges.
The differences between the two aspects (level II vs. level III)
are slowly merging and in the near future the two technologies will
meet somewhere in the middle.
For further reading, look for the January 1988 issue of IEEE
Network which is dedicated to the topic of bridges vs. routers.
Performance:
===========
Currently, bridges will outperform routers. The numbers
generally quoted are that routers forward packets in the high
hundreds, while bridges forward packets in the low thousands.
Standard bridges like DEC's LANBRIDGE can easily forward 4,000
packets per second, whereas Rad's REB routing bridge claims to
forward 2,500 pps. On the other hand, multiprotocol routers claim
approximately 1200 pps (Proteon's p4200 and cisco's AGS) under peak
conditions.
Bridges need to examine every packet whereas routers only look
at packets addressed to it. Since the time involved in scanning
every packet is enormous, bridges must make use of specially
designed hardware. But as bridges attempt to look deeper into each
packet to perform such functions as security and access controls,
their throughput will drop. As routers use faster technology (i.e.
68020) and special purpose hardware, their throughput should rise.
But one aspect that is always ignored when examining the router
vs. bridge controversy is the speed of the link used by the router
or bridge. When dealing with 2 Ethernet segments connected via a T1
link, any bridge is able to pump out enough packets to utilize the
full bandwidth of the T1 link. But when confronted with 64kb data
links, both a router and a bridge can easily saturate a 64kb link to
capacity. So the bottleneck is moved from the box to the line. If
you purchase a bridge because it will pump 4 times as many packets
through, but you work with 64kb links, you will be disappointed. On
the other hand, if you have been using a router on a T1 link and
upgrade to a bridge, you will notice a significant increase in
throughput.
Multi-media support
===================
Routers have the ability to transcend differences in media. If
one site runs a 50Mb Hyperchannel, another runs a token ring (i.e.
Pronet-4) , and another runs an Ethernet, a router can be used to
interconnect all of them. The address translation occurs at a layer
above the MAC level, namely the IP layer. Proteon's p4200 supports
Ethernet, token ring and x.25 networks. cisco's AGS supports
Ethernet and X.25 and they are working on token ring.
Current bridges cannot handle multi-media systems. Many bridge
vendors are working on supporting multi-media networks. It is
expected that both technologies will arrive at the same place in the
very near future.
The importance of being independent of other sites hardware
requirements is a crucial factor in designing an adaptable network.
Multi-protocol support
======================
A year ago, bridges were considered the only option if you had
networks that needed to handle Tcp/Ip, Decnet and XNS, all at the
same time. Today, there are routers available that can handle full
Tcp/Ip, XNS's IDP (Internet Datagram Protocol - the equivelent of
IP), and Decnet's specifications for a DNA Phase IV, Level 2 area
router. These changes in routers required extensive software
modifications and testing.
Bridges have no problem accepting any new protocol thrown at
them. They ignore anything above level II. This is one reason why
bridges are ahead of routers in throughput. A "standard" bridge is
inherently a simpler box.
Software changes
================
Bridges almost never need software changes, since the basic
operation is founded on the Ethernet packet format. Software
changes are only necessary if new functions need to be added such as
accounting, security, access controls or network management.
Routers are almost all software. New releases of router
software are very common as better algorithms and protocols are
developed. This can either be viewed as a positive or negative
aspect. The negative aspect is that you are always updating the
software in the box and when you find a release level that works,
you tend to fixate on it and reject all future updates (or until a
major new function is introduced). The positive aspect is that you
can easily implement new functionality with the ease of replacing a
diskette.
Broadcasts and Multicasts
=========================
An Ethernet Broadcast is meant to be delivered to all nodes in
the network. Bridges are designed to deliver all Broadcast and
Multicast messages to all Ethernet segments (although certain
bridges can be configured to filter some Multicasts). Routers do
not transmit Broadcasts and Multicasts. ARP (Address Resolution
Protocol), RWHO, and ROUTED are just three functions in Tcp/Ip that
generate a significant amount of Ethernet Broadcast traffic.
When analyzing router vs. bridge performance, care should be
taken to generate sizable Broadcast traffic. Routers will not be
affected, but bridges will.
Network Isolation
=================
In any network, a broken node can damage an entire network. A
node that is transmitting legal but spurrious packets can easily
saturate a network. With routers, that traffic is localized to the
Ethernet segment where the "badly behaved" host is situated. With
bridges, this traffic will propagate to the rest of the network.
The Internet has heard stories of ARP storms, meltdowns,
building firewalls and all sorts of exotic and dangerous sounding
events. Bridges make the entire network susceptible to these
events, while routers isolate the event to a specific Ethernet
segment.
Cost
====
Bridges usually cost less than routers, since most of the box is
customized hardware with very little software, while routers have
simpler hardware but extensive software. Most bridges come with 2
network interfaces vs. routers that usually come with four, so the
total system cost tend to get closer when examining the entire
network.
Security
========
IP (level 3) addresses are logical rather than MAC (level 2)
addresses, which are physical. Certain hosts may either
accidentally or on purpose, select an IP address that is being used
by another host. This is a security problem that has existed in
Tcp/Ip since its inception but bridges tend to make the problem
worse.
Routers separate hosts into subnets, therefore an impersonator
will be trapped inside a subnet. Since a bridge doesn't separate
hosts into subnets, an impersonator (accidental or malicious) can
inflict damage on all segments of the network.
Routing
=======
This is the area that has lately heated up. Simple bridges only
support tree style networks with no closed loops among the
Ethernets. Advanced bridges allow closing loops and support
redundant links.
Some of the advanced bridges handle loops by simply placing one
link into standby mode, thereby opening the loop. When one of the
links goes down, the "stand-by" link will be enabled for use. Other
advanced bridges (Rad's REB) allow for complete network loops. The
redundant path support is only supported between two adjacent
bridges which limits the amount of network load balancing that can
be accomplished.
Routers use two basic protocols for forwarding IP packets: RIP -
Routing Information Protocol and EGP - Exterior Gateway Protocol.
The IP header basically controls how an IP router will function.
Some of the fields that are used via routers are: TTL - Time to live
- to prevent network loops; security; precedence; TOS - type of
service; fragment - to assist transition between different types of
media network; record route - to record the list of IP addresses the
packet has passed through, useful as an audit trail.
Each field in an IP header is there to do a specific function to
assist in routing. Any bridge that attempts to perform routing
would have to use all of these fields - but at the MAC layer. These
bridges are basically reconstructing the IP layer at the MAC layer.
In that case, if a bridge supplies the same routing capabilities as
a router it would be a router, with the same slower performance
throughput. Intelligent bridges only supply a small subset of the
routing capabilities available at the IP layer and therefore can
claim signficant performance differences.
Bridges that attempt to perform routing need to keep track of
distinct MAC addresses. They learn as they go along. Initially,
the routing will not be optimal, but a learning bridge that performs
routing would learn the best path, over a period of time. In small
networks this may be feasible, but when interconnecting hundreds of
Ethernets, each with hundreds of MAC addresses, these systems cease
to function. The traffic between the bridges would be enough to
saturate any 64kb link. The Arpanet has seen saturation levels with
300 IP networks interconnected. If routing were performed via MAC
level addresses, saturation would have been achieved with but 10% of
the defined network.
Routers communicate with each other via RIP or EGP and can
therefore know the entire status of the network (busy links, high
cost links, down links, etc.) and route packets along various paths.
With an IP router, some packets may travel a completely different
path than others and it is up to the destination IP to reconstruct
the packets. Routers choose the best path for each packet based on
all the inforamtion they have at their disposal.
Routers use the Ip layer with the network structure being viewed
as a hierarchical tree. Therefore, routers do not need to cache all
IP addresses that exist.
Summary
=======
There are still major differences between routers and bridges.
If you have a small network (three to four Ethernet segments, with
no more than 25 MAC addresses) then a routing bridge is the best
solution.
But if your network comprises many segments and subnets and you
have hundreds of MAC addresses defined, then a multiprotocol router
is the best solution.
The exact metric of where one should be used instead of another
is the matter of a holy discussion, and one that I do not intend to
get into.