Nov 23 2008
Routing Versus Bridging
Summary:
As wireless, cable and xDSL technologies emerge, a growing consideration is how to connect to the network. Although much can be said about different methods, it really boils down to two: bridging or routing. Now for those experienced in networking, they will know that this question has been around since routing and bridging technologies have been. However the new element here is that the discussions always centered on LAN’s and/or private WAN’s. When connecting to the Internet there are new considerations to keep in mind when making your decision. This technical document is geared for those who need assistance in the decision for choosing what equipment and how to connect to the cable or xDSL network.
Background:
Now before we can argue routing versus bridging (or vice versa for that matter) we need to be clear on what both devices are and how they behave. So let’s define each one:
Bridge:
A bridge is a device that connects two segments of the same network. The two networks being connected can be alike or dissimilar. Unlike routers, bridges are protocol-independent. They simply forward packets without analyzing and re-routing messages.
Router:
A router is a device that connects two distinct networks. Routers are similar to bridges, but provide additional functionality, such as the ability to filter messages and forward them to different places based on various criteria. The Internet uses routers extensively to forward packets from one host to another.
Based on these definitions we can see that key difference between a bridge and router is that a bridge does not look at protocols and a router does. A bridge does not look at traffic for the purpose of allowing or disallowing it, and it does not decide what to do with certain types of traffic; it simply moves data from one network to another. Whereas a router examines protocols and decides what to do with each packet based on defined criteria.
Router vs. Bridge in Cable & DSL Environments
When you order Internet access either via a cable or xDSL connection, they will offer you a bridge (although it may often be called a “modem,” it is a bridge). These are very low cost (usually around $200,) and will connect your machine to the ISP’s network. Now this is a cost-effective solution, however there are some very apparent reasons on why you should consider a router over a bridge. Let’s look at an example to illustrate this point
|
|
Security Risk: In this example, we have two different customers bridged to the Internet using the same ISP. You can see that both customers have IP addresses on the same IP network. This means that broadcast from Customer A’s network will propagate to Customer’s B network. For example if machines on both networks are utilizing file and print services through the Windows Network, it is perfectly plausible (and has happened) that machines from Customer A can show up in the Network Neighborhood of Machines on Customer B’s network. Now for security reasons alone this is a very undesirable situation.
Everyone is talking about firewalls, filtering, etc. Many people connecting to the Internet today do not realize how vulnerable they are to attacks from the Internet. When utilizing a dial up connection, the exposure is only for the time you are connected, however, along with the all the benefits of a permanent connection, there is a big drawback: your network is exposed to the Internet 24 hours a day, 7 days a week. When you are at home asleep, it could be quite possible someone out there is working away at your network in the hopes of destroying or stealing data. Although this is not a pleasant thought there are very simple means to prevent this happening.
The first thing is have a routed account. With a routed account you have a device examining all traffic before it enters your network. This means that traffic not destined for your network will not be routed to your LAN, broadcast storms, and other network related issues on other networks connecting to your ISP will not effect your network. Now the biggest gain from a routed account is security. A Router has the ability to filter Internet traffic. This means the router connecting you to the Internet can discriminate which traffic it will allow into your network, and which traffic it will not. A Router also has the ability to “hide” all of the IP addresses on your network and make them appear as if the were only one IP address out on the Internet. By doing this, you have just eliminated 90% of all security threats.
Other Benefits: Aside from security other benefits of using a Router over a bridge include:
· You will have a contiguous block of IP addresses, rather than sporadic address across a network.
· A Router can use DHCP to assign workstations addresses on the LAN, preventing specific configuration in each device.
· A router has the ability to use NAT (Network Address Translation), thus only requiring you to obtain 1 IP address from your ISP. Cost saving as well as security enhancement
For the above reasons it seems quite clear that a routed account has distinct advantages over a bridged connection. For wireless bridge connections an Ethernet broadband router can be placed between the bridge and the LAN, thus providing all the benefits of routing to cable, ADSL and other environments.
