HANK@BARILVM.BITNET (Hank Nussbacher) (12/18/87)
I promised to post my results to the list. Here it is. Once again thanks to all those that supplied comments. Routers vs. Bridges revisited December 18th, 1988 Henry Nussbacher HANK@VM1.TAU.AC.IL Israel Network Information Center ================================= Acknowledgements: Rob Austein - MIT Bob Braden - ISI Scott Brim - Cornell University Charles Hedrick - Rutgers University John Lekashman - NASA Radia Perlman - MIT Yakov Rekhter - IBM G.A Sawkins, D. Crocker: Internetworking Connections: A Comparison of Options, May 1987 This paper will attempt to analyze the differences between routers and bridges. Routers operate at the Network Layer (level 3) and typically understand routing protocols inherent in Tcp/Ip or Decnet or XNS. Bridges operate at the Data Link Layer (level 2) and do not understand anything about any communications protocol other than the physical medium, which is typically an Ethernet. The difference with this paper will be the fact that in addition to "standard" routers and bridges, an attempt will be made to analyze multi-protocol routers and routing bridges. The differences between the two aspects (level II vs. level III) are slowly merging and in the near future the two technologies will meet somewhere in the middle. For further reading, look for the January 1988 issue of IEEE Network which is dedicated to the topic of bridges vs. routers. Performance: =========== Currently, bridges will outperform routers. The numbers generally quoted are that routers forward packets in the high hundreds, while bridges forward packets in the low thousands. Standard bridges like DEC's LANBRIDGE can easily forward 4,000 packets per second, whereas Rad's REB routing bridge claims to forward 2,500 pps. On the other hand, multiprotocol routers claim approximately 1200 pps (Proteon's p4200 and cisco's AGS) under peak conditions. Bridges need to examine every packet whereas routers only look at packets addressed to it. Since the time involved in scanning every packet is enormous, bridges must make use of specially designed hardware. But as bridges attempt to look deeper into each packet to perform such functions as security and access controls, their throughput will drop. As routers use faster technology (i.e. 68020) and special purpose hardware, their throughput should rise. But one aspect that is always ignored when examining the router vs. bridge controversy is the speed of the link used by the router or bridge. When dealing with 2 Ethernet segments connected via a T1 link, any bridge is able to pump out enough packets to utilize the full bandwidth of the T1 link. But when confronted with 64kb data links, both a router and a bridge can easily saturate a 64kb link to capacity. So the bottleneck is moved from the box to the line. If you purchase a bridge because it will pump 4 times as many packets through, but you work with 64kb links, you will be disappointed. On the other hand, if you have been using a router on a T1 link and upgrade to a bridge, you will notice a significant increase in throughput. Multi-media support =================== Routers have the ability to transcend differences in media. If one site runs a 50Mb Hyperchannel, another runs a token ring (i.e. Pronet-4) , and another runs an Ethernet, a router can be used to interconnect all of them. The address translation occurs at a layer above the MAC level, namely the IP layer. Proteon's p4200 supports Ethernet, token ring and x.25 networks. cisco's AGS supports Ethernet and X.25 and they are working on token ring. Current bridges cannot handle multi-media systems. Many bridge vendors are working on supporting multi-media networks. It is expected that both technologies will arrive at the same place in the very near future. The importance of being independent of other sites hardware requirements is a crucial factor in designing an adaptable network. Multi-protocol support ====================== A year ago, bridges were considered the only option if you had networks that needed to handle Tcp/Ip, Decnet and XNS, all at the same time. Today, there are routers available that can handle full Tcp/Ip, XNS's IDP (Internet Datagram Protocol - the equivelent of IP), and Decnet's specifications for a DNA Phase IV, Level 2 area router. These changes in routers required extensive software modifications and testing. Bridges have no problem accepting any new protocol thrown at them. They ignore anything above level II. This is one reason why bridges are ahead of routers in throughput. A "standard" bridge is inherently a simpler box. Software changes ================ Bridges almost never need software changes, since the basic operation is founded on the Ethernet packet format. Software changes are only necessary if new functions need to be added such as accounting, security, access controls or network management. Routers are almost all software. New releases of router software are very common as better algorithms and protocols are developed. This can either be viewed as a positive or negative aspect. The negative aspect is that you are always updating the software in the box and when you find a release level that works, you tend to fixate on it and reject all future updates (or until a major new function is introduced). The positive aspect is that you can easily implement new functionality with the ease of replacing a diskette. Broadcasts and Multicasts ========================= An Ethernet Broadcast is meant to be delivered to all nodes in the network. Bridges are designed to deliver all Broadcast and Multicast messages to all Ethernet segments (although certain bridges can be configured to filter some Multicasts). Routers do not transmit Broadcasts and Multicasts. ARP (Address Resolution Protocol), RWHO, and ROUTED are just three functions in Tcp/Ip that generate a significant amount of Ethernet Broadcast traffic. When analyzing router vs. bridge performance, care should be taken to generate sizable Broadcast traffic. Routers will not be affected, but bridges will. Network Isolation ================= In any network, a broken node can damage an entire network. A node that is transmitting legal but spurrious packets can easily saturate a network. With routers, that traffic is localized to the Ethernet segment where the "badly behaved" host is situated. With bridges, this traffic will propagate to the rest of the network. The Internet has heard stories of ARP storms, meltdowns, building firewalls and all sorts of exotic and dangerous sounding events. Bridges make the entire network susceptible to these events, while routers isolate the event to a specific Ethernet segment. Cost ==== Bridges usually cost less than routers, since most of the box is customized hardware with very little software, while routers have simpler hardware but extensive software. Most bridges come with 2 network interfaces vs. routers that usually come with four, so the total system cost tend to get closer when examining the entire network. Security ======== IP (level 3) addresses are logical rather than MAC (level 2) addresses, which are physical. Certain hosts may either accidentally or on purpose, select an IP address that is being used by another host. This is a security problem that has existed in Tcp/Ip since its inception but bridges tend to make the problem worse. Routers separate hosts into subnets, therefore an impersonator will be trapped inside a subnet. Since a bridge doesn't separate hosts into subnets, an impersonator (accidental or malicious) can inflict damage on all segments of the network. Routing ======= This is the area that has lately heated up. Simple bridges only support tree style networks with no closed loops among the Ethernets. Advanced bridges allow closing loops and support redundant links. Some of the advanced bridges handle loops by simply placing one link into standby mode, thereby opening the loop. When one of the links goes down, the "stand-by" link will be enabled for use. Other advanced bridges (Rad's REB) allow for complete network loops. The redundant path support is only supported between two adjacent bridges which limits the amount of network load balancing that can be accomplished. Routers use two basic protocols for forwarding IP packets: RIP - Routing Information Protocol and EGP - Exterior Gateway Protocol. The IP header basically controls how an IP router will function. Some of the fields that are used via routers are: TTL - Time to live - to prevent network loops; security; precedence; TOS - type of service; fragment - to assist transition between different types of media network; record route - to record the list of IP addresses the packet has passed through, useful as an audit trail. Each field in an IP header is there to do a specific function to assist in routing. Any bridge that attempts to perform routing would have to use all of these fields - but at the MAC layer. These bridges are basically reconstructing the IP layer at the MAC layer. In that case, if a bridge supplies the same routing capabilities as a router it would be a router, with the same slower performance throughput. Intelligent bridges only supply a small subset of the routing capabilities available at the IP layer and therefore can claim signficant performance differences. Bridges that attempt to perform routing need to keep track of distinct MAC addresses. They learn as they go along. Initially, the routing will not be optimal, but a learning bridge that performs routing would learn the best path, over a period of time. In small networks this may be feasible, but when interconnecting hundreds of Ethernets, each with hundreds of MAC addresses, these systems cease to function. The traffic between the bridges would be enough to saturate any 64kb link. The Arpanet has seen saturation levels with 300 IP networks interconnected. If routing were performed via MAC level addresses, saturation would have been achieved with but 10% of the defined network. Routers communicate with each other via RIP or EGP and can therefore know the entire status of the network (busy links, high cost links, down links, etc.) and route packets along various paths. With an IP router, some packets may travel a completely different path than others and it is up to the destination IP to reconstruct the packets. Routers choose the best path for each packet based on all the inforamtion they have at their disposal. Routers use the Ip layer with the network structure being viewed as a hierarchical tree. Therefore, routers do not need to cache all IP addresses that exist. Summary ======= There are still major differences between routers and bridges. If you have a small network (three to four Ethernet segments, with no more than 25 MAC addresses) then a routing bridge is the best solution. But if your network comprises many segments and subnets and you have hundreds of MAC addresses defined, then a multiprotocol router is the best solution. The exact metric of where one should be used instead of another is the matter of a holy discussion, and one that I do not intend to get into.