1. The concept of bridging
Simply put, bridging is to "connect" several network interfaces on a machine. As a result, packets received by one network port will be copied to other network ports and sent out. So that packets between network ports can be forwarded to each other.
A switch is a device that has several network ports, and these network ports are bridged. Therefore, several hosts connected to the switch can communicate with each other through the switch's packet forwarding.
As shown below: The message sent by host A is sent to the eth0 port of switch S1. Since eth0 is bridged with eth1 and eth2, the message is copied to eth1 and eth2, sent out, and then received by host B and switch S2. arrive. S2 will forward the message to hosts C and D.
The switch does not tamper with the message data during the message forwarding process , but only copies it as it is. However, bridging is not implemented at the physical layer, but at the data link layer. The switch can understand the packets at the data link layer, so bridging is not simply packet forwarding.
The switch will care about the Mac address information (including source address and destination address) filled in the data link layer header of the message in order to understand where the host represented by each Mac address is located (which network port of the switch connected). When forwarding packets, the switch only needs to forward them to a specific network port, thereby avoiding unnecessary network interactions. This is the "address learning" of the switch. However, if the switch encounters an address that it has not learned, it will not know which network port the message should be forwarded from, and will have to forward the message to all network ports (except the network port that receives the message).
For example, host C sends a packet to host A, and the packet arrives at the eth2 network port of switch S1. Assuming that S1 has just started and has not learned any addresses yet, it will forward the packet to eth0 and eth1. At the same time, S1 will record "Host C is connected through the eth2 network port" based on the source Mac address of the message. So when host A sends a message to C, S1 only needs to forward the message to the eth2 network port. When host D sends a message to C, assuming that switch S2 forwards the message to the eth2 network port of S1 (in fact, S2 will probably not do this because of address learning), then S1 will directly discard the message without Do forwarding (because host C is connected from eth2).
However, network topology cannot never change. Suppose we change host B and host C. When host C sends a message (no matter who it is sent to), the eth1 port of switch S1 receives the message, so switch S1 will update the address it learned and replace the original " "Host C is connected through the eth2 network port" is changed to "Host C is connected through the eth1 network port".
But what if host C never sends messages? S1 will always think that "Host C is connected through the eth2 network port", so it will forward all the packets sent by other hosts to C out of eth2, and the packets will be lost. Therefore, the switch's address learning needs to have a timeout policy (FDB aging). For switch S1, if a certain amount of time has passed since the last message received from host C (the default is 5 minutes), then S1 needs to forget that "host C is connected through the eth2 network port". In this way, the packets sent to host C will be forwarded to all network ports, and the packets forwarded from eth1 will be received by host C.
2. Linux bridge implementation
The Linux kernel supports bridging of network ports (currently only Ethernet interfaces are supported). However, unlike a simple switch, a switch is only a Layer 2 device that either forwards or discards received packets. A small switch only requires a switching chip and does not require a CPU. The machine running the Linux kernel is itself a host and may be the destination of network packets. In addition to forwarding and discarding the packets it receives, it may also be sent to the upper layer (network layer) of the network protocol stack, thereby being digested by itself.
The Linux kernel implements bridging through a virtual bridge device. This virtual device can bind several Ethernet interface devices to bridge them.
The bridge device br0 is bound to eth0 and eth1. For the upper layer of the network protocol stack, only br0 is visible, because bridging is implemented at the data link layer, and the upper layer does not need to care about the details of bridging. So the message that needs to be sent by the upper layer of the protocol stack is sent to br0, and the processing code of the bridge device determines whether the message should be forwarded to eth0 or eth1, or both; conversely, the message received from eth0 or eth1 The packet is submitted to the bridge's processing code, where it is determined whether the packet should be forwarded, discarded, or submitted to the upper layer of the protocol stack.
Sometimes eth0 and eth1 may also be used as the source address or destination address of the message, directly participating in the sending and receiving of the message (thus bypassing the network bridge).
3. Functions of the bridge
In summary, the two most important points for network bridge implementation are:
1. MAC learning
Learning the MAC address. Initially, the bridge does not have any correspondence between the address and the port. When it sends data, it still has to be like a HUB, but every time it sends a piece of data, it will care about which port the source MAC of the data packet comes from. Due to learning, an address-port comparison table (CAM table) is established.
2. Message forwarding
Every time a data packet is sent, the bridge will extract its destination MAC address and find out which port the data packet is sent from its own address-port comparison table (CAM table).
4. Bridge configuration
Using a network bridge in Linux is very simple. You only need to do two things to configure it. The first is to turn on the CONFIG_BRIDGE or CONDIG_BRIDGE_MODULE compilation option in the compiled kernel; the second is to install the brctl tool. The first step is to enable the kernel protocol stack to support the bridge. The second step is to install user space tools and configure the bridge through a series of ioctl calls. A relatively simple example will be used throughout the text below to facilitate analysis of the code.
The Linux machine has 4 network cards, namely eth0~eth4, of which eth0 is used to connect to the external network, while eth1, eth2, and eth3 are all connected to a PC for configuring the network bridge. You only need to use the following command to complete the configuration of the bridge
Brctl addbr br0 (create a network bridge br0, and create a virtual network card br0 in the Linux kernel)
Brctl addif br0 eth1
Brctl addif br0 eth2
Brctl addif br0 eth3 (add interfaces eth1, eth2 and eth3 to bridge br0 respectively)
Among them, br0 serves as a bridge and a virtual network device. It can be used as the management port of the bridge or as the gateway of the LAN connected to the bridge. The specific situation depends on your needs. To use the br0 interface, you must assign an IP address to it . For normal operation, the IP addresses of PC1, PC2, PC3 and br0 are assigned on the same network segment.