Bridging Principles

1 By the end of this session you will be able to... n Define bridging modes

– Source

– Transparent

– Source Route Transparent (SRT) n Describe how Spanning Tree functions

Token Ring Bridging 2

2 Flexible Frame Forwarding Choice of Techniques

Source Route Source Route Transparent Transparent Bridging Bridging Bridging

n Transparent u and Token Ring u simple to implement u not easy to manage in a complex network n Source Routing u Token Ring u requires management effort to implement u trouble shooting is simplified n SRT u short term combination solution

Token Ring Bridging 3

Bridging Techniques Transparent Can be used on both Token Ring and Ethernet networks Nothing is identified so implementation is simple Nothing is identified so locating problems can be difficult on complex networks

Source Route Bridging Designed for Token Ring networks Requires each ring and bridge to be identified Locating potential and actual trouble spots is simplified

SRT Useful when combing transparent and source routing networks, e.g. when adding a department using ‘the other method’ to a company network. Allows bridges/switches to forward both source routed and transparent frames appropriately. Also allows the bridges/switches to communicate with each other. A short term solution, ultimately MAKE UP YOUR MIND; use source routing OR transparent for the whole network.

3 What is the purpose of a Bridge ?

2 4

1 Ring A Ring B 6

3 5

n Connects two physical rings n Forwards or Filters Frames n Single logical network n Keeps local traffic local

Token Ring Bridging 4

Bridges are used to physically connect two rings. It is invisible to the workstations on the rings so, in effect, it makes a single logical ring. Its job is to inspect each frame arriving on either ring and to decide whether it needs to be forwarded to the other or not (i.e. remain on it home ring). This will depend on where the destination address in the frame is. The bridge not only keeps local data traffic local, but MAC management is kept local too.

4 Transparent Bridge Operation

Addr Port Addr Port A 1 A 1 B 1 B 1 B C 1 C 1 E D 2 D 1 E 2 E 2 F 2 F 2

A 1 2 1 2

C D F

n Each bridge builds a table containing u Destination addresses it knows

u Port on which that address can be found

Token Ring Bridging 5

Transparent Bridging A Transparent bridge takes a note of every SOURCE address in each frame that arrives and stores it in a table against the port number at which it arrived. Over a period of time it LEARNS all the MAC addresses on each segment (if only from the AMP and SMPs). Thus if station A above is sending a frame to station F, the first bridge ‘knows’ that F is on its port 2. Now we know that F is on the third ring which is over another bridge, but as far as the first bridge is concerned frames with a source address of F have always arrived at port 2. The first bridge knows nothing of what is happening on the other side of the second bridge.

5 Source Route Bridge Operation

B HDR DA SA RIF LLC DATA Trailer E

A Ring 00A Ring 00B Ring 00C 1 2 1 2 1 2

C D F

n Ring and bridge numbers stored in RIF u Routing Information Field n Routing Information held in Frame u not in Bridge Table

Token Ring Bridging 6

Source Route Bridging In this form of bridging the bridge doesn’t need to store anything. Each ring is numbered (3 digits of hex) and each bridge has a 1 digit hex id. As the frame crosses each bridge, the Routing Information Field (RIF) is built up inside the frame.

6 Source Route Bridge Operation

RIF

B HDR DA SA Ring/bridge pairs LLC DATA Trailer E

A Ring 00A Ring 00B Ring 00C 1 2 1 2 1 2 Station

C D Server F n RIF built up as explorer frame is broadcast across the rings n Frame reaches server with complete RIF n Server uses RIF to get back to station

Token Ring Bridging 7

Workstations use explorer frames to find the address of an intended destination and as the frame crosses the network the RIF is incremented at each bridge. When the frame arrives at its destination the complete path will be stored in the RIF. The destination station can use this to route the reply.

The workstation sends out a basic source routing frame. This has the start of the routing information field (RIF) but no actual routing information (since the workstation knows none!) When the frame arrives at the first bridge/switch the lack of routing information tells the bridge that it is the first bridge to see this frame. It puts in the originating ring number, its own bridge number and the ring to which it is forwarding the frame. On a bridge this, of course, can only be one ring, but on a switch it could be one of many. A broadcast (explorer) frame will be forwarded to all output ports in a switch so each will have a different RIF. When the frame reaches the next, and every subsequent, bridge the bridge number and next ring number are added. Thus when the frame arrives at the destination machine it will have a complete path in the RIF.

7 Flagging the frame for Source Routing

Token Ring HDR DA SA RIF LLC DATA Trailer Frame

Individual/Group bit in the I U Manufacturer ID Serial # Source Address is G L always Individual ...

R U So use it to indicate I Manufacturer ID Serial # presence of a RIF F L

Example: 0000F6123456 No RIF 8000F6123456 RIF present

Frame logger will show the true MAC address rather than the bit sequence

Token Ring Bridging 8

We need a way of indicating that there is a RIF, i.e. the source station is using Source Routing. This is done by the driver software when the frame is assembled. Although we can send to multiple addresses, we can’t send from multiple addresses, so the way we flag that the frame in a source routing frame is to make the source address a group address - this is obviously never going to happen genuinely. It has the added bonus that should the frame arrive at a transparent bridge, which reads the source address for its routing table, it will be discarded as having an invalid address.

8 Routing Information Field (RIF)

HDR DA SA RIF LLC DATA Trailer

Maximum of 18 bytes Routing Information Control Field 2 bytes 001 A 002 B 003 0 Ring Ring Ring Bridge Bridge Bridge n 2 bytes minimum u Control information only n 18 bytes maximum: u Control + Ring & Bridge pairs u i.e. maximum hop count (7 bridges ) reached n Last bridge number always 0 u destination is on a ring

Token Ring Bridging 9

The Routing Information Field The RIF consists of two bytes of control information (more later) and a number of ring-bridge combinations. If we are using the IBM definition of source routing this allows only 7 ‘hops’ i.e. allows a frame to cross 7 bridges. This means this part can be 7 ring-bridge combinations = 14 bytes plus the final ring number and a final bridge id of 0 - a further two bytes. Adding in the control byte we have a RIF of 18 bytes. If we are using the IEEE source routing specification, this allows 13 hops, i.e. a RIF of 30 bytes (26 +2 +2). The last bridge id is always 0 since the destination must be on a ring. If we stopped on the ring the RIF would be half a byte short so the 0 is added to complete to a sensible size. Since 0 is not a valid bridge id this could also act as an end of field character if necessary.

9 Constantly Circulating Frames Unique Ring Numbers

Control 002 1 004 2 002 0 Ring 004 n Ring number not allowed to be in RIF more than 1 2 3 once n Stops constantly Ring circulating frames 002

Token Ring Bridging 10

If we have more than one bridge between two rings, each bridge must be numbered differently so that the ring number-bridge number is a unique combination. The ring number is also only allowed to be in the RIF once. When the frame from ring 002 crosses bridge 1 and gets to ring 004 the RIF contains: [control] 002 1 004 0 Bridge 2 (or bridge 3) will not allow the frame back on to ring 002 because that ring number is already in the RIF. This check prevents endlessly circulating frames.

10 Source Route Bridging All Routes Explorer (ARE) Frames

ARE 2 2

001 3 002 3 003

A B

101 1 102 1 103

Token Ring Bridging 11

There are two types of explorer frames stations can use to find a destination. The first of these is the All Routes Explorer which is exactly what it does. It will be propagated (copied) to all output ports of all bridges/switches so that copies will arrive at the destination having covered all possible routes. In the above example the single ARE will become 4 by the time it reaches the server on ring 3 using the top route and a further one frame will get through the bottom route - one starts, five finish.

11 Source Route Bridging All Routes Explorer (ARE) Frames

2 2

001 3 002 3 003

A B

ARE: 001-2-002-2-003-B-103-0

ARE: 001-3-002-2-003-B-103-0 101 1 102 1 103 ARE: 001-2-002-3-003-B-103-0

ARE: 001-3-002-3-003-B-103-0

ARE: 001-A-101-1-102-1-103-0

Token Ring Bridging 12

12 Source Route Bridging Example Spanning Tree

= Standby Bridge 3

2 2 001 002 003 3 3

A B

101 1 102 1 103

Only one route from any ring to any other ring

Token Ring Bridging 13

The second type of explorer is the Spanning Tree Explorer (STE), also known as Single Route Explorer (SRE), but before we can use this the must be activated. This entails the bridges talking to each other and deciding which will be ‘designated’ and which ‘standby’ - under Source Routing, or ‘forwarding’ and ‘blocking’ under transparent bridging. Once this election is complete, there will be only one route between any two stations. In the picture above the striped bridges are in standby (or blocking), so a spanning tree explorer frame from a workstation in ring 001 can only use the route 001-2-002-2-003 (- 0). From 102 the route will be 102-1-101-A-001-2-002-2-003. There is a significant difference to be noted here between Source Routing and Transparent bridges using Spanning Tree. SR bridges which are standby will only stop Spanning Tree Explorer frames ALL OTHERS WILL PASS. In Transparent a bridge in blocking mode will stop ALL FRAMES.

A: None will arrive back on ring 001 since 001 is already in the RIF of each frame and so will be discarded by the bridges on ring 001.

13 Source Route Bridging Spanning Tree Explorer (STE) Frames

= Standby Bridge 3

2 2 001 002 003 3 3 STE: 001-2-002-2-003-0

A B

101 1 102 1 103 STE: 001-A-101-1-102-0

Token Ring Bridging 14

14 Source Route Bridging Specifically Routed Frames

SR: 001-2-002-2-003-0

2 2

001 3 002 3 003

A B

101 1 102 1 103

Token Ring Bridging 15

15 Source Route Bridging Routing Information Control Field

Token Ring frame Header DA SA RIF LLC Header Data Trailer

Control 0-8 Ring & Bridge Number fields

3 bits 5 bits 1 bit 3 bits Broadcast Length of Routing Direction Maximum Unused Indicator info (in bytes) bit Frame size

000 Specifically Routed Frame 000: 516 bytes 100: 8144 bytes 100 All Routes Explorer (SR return) 001: 1500 bytes 101: 11407 bytes 110 Spanning Tree Explorer (ARE return) 010: 2052 bytes 110: 17800 bytes 111 Spanning Tree Explorer (SR return) 011: 4472 bytes 111: Initial value

Token Ring Bridging 16

In this slide we see the content of the control bytes. The first three bits define the broadcast indicator: 000 specifies this frame as Specifically Routed i.e. the RIF is complete 100 says that an ARE will go out and we expect an SR back - if this is going from a workstation to a server, this can mean an enormous number of frames arriving at the server which will have to be processed. 110 says send an STE out and get an ARE back. This means that one frame will arrive at the server which will have traversed the best route, but which could become congested; the ARE returning will find all the routes. This could mean a lot of frames arriving at the workstation, but this is less of a problem since the workstation is far less busy than the server. This is the usual way of finding a destination address these days. 111 says use an STE out and we’ll assume that this is the best route so use an SR back. This is a less efficient way of using source routing since the alternative bridges will be doing nothing.

16 Spanning Tree Formation Election of Root Bridge

n Each bridge has a Bridge Priority

u 4 hex digits (8000h or C000h) n Each bridge has a number of MAC Addresses

u 12 hex digits (0000F6123456)

u read in non-canonical (MSB first) n Bridge ID is Bridge Priority + Mac Address

u (8000)(00006F482C6A)

u MAC Address read in Canonical (LSB first)

Lowest Bridge ID becomes Root Bridge

Token Ring Bridging 17

Each bridge has a bridge priority and is usually either 8000h or C000h. Bridges also have a number of MAC addresses, at least one for each port. The bridge is known by its bridge id which is made up of its priority concatenated with its base address (read canonically i.e. in the ethernet form) The MAC address shown is 0000F61213456 putting this in binary we have: 0000 0000 0000 0000 1111 0110 0001 0010 0011 0100 0101 0110 we read each BYTE in reverse order: 0000 0000 0000 0000 0110 1111 0100 1000 0010 1100 0110 1010 which is in hex 00006F482C6A The Bridge Id is therefore 800000006F482C6A When the bridges hold an election the lowest bridge id becomes the root bridge. All path costs are calculated from the root bridge so you should adjust the bridge label if you want to manage which bridge is the root. This should be the top bridge in a hierarchical network and somewhere near the centre in a mesh network. This will minimise path lengths and hence path costs. It is advisable to have one or two extra bridges in those areas which can take over should the original fail.

17 Spanning Tree Formation Election of Root Bridge

100000006fabcdef

Hello BPDU Ring 101 1 Ring 102

Hello BPDU 3 2 100008005aabcdef 800000006f123456 Hello BPDU Hello BPDU

Ring 103 4 Ring 104 Hello BPDU

800000006f654321

Token Ring Bridging 18

In the above example the lowest id is bridge 1 so after passing round the ‘hello bpdu’ (Bridge Protocol Data Unit) messages they each know all the bridge ids and the lowest will ‘win’. BPDUs have two key pieces of data: the root bridge information (including priority and MAC address) and the sending bridge information (MAC address and path cost).

Assume the bridges power up in numerical order. 1 will send ‘hello BPDU’ to 101 and 102 with itself as root bridge 2 comes up, sees 1’s BPDU and as his own Bridge id is higher will propagate 1’s BPDU to 104 as the root bridge part of the BPDU that it sends 3 comes up and sees 1’s BPDU and propagates it to 103 4 comes up and sees BPDUs from 2 and 3 indicating 1 as the Root Bridge. As its bridge id is higher 1 remains as Root bridge.

18 Spanning Tree Example

8000 00006f654321 Ring 101 1 Ring 102 5

8000 8000 1000 00006f123456 00006fabc123 08005aabcdef 3 4 2 10 15 20

15 Ring 103 5 Ring 104 1000 00006fabcdef

n Identify the Root and Designated bridges n Explain Why & How

Token Ring Bridging 19

A similar process goes on to decide which bridges will be designated (forwarding) and which standby (blocking). The decision is made first on path costs, if that doesn’t resolve it, then on ring number, finally by MAC address (in Transparent which doesn’t use ring numbers). In the above example Bridge 5 has the lowest bridge id so will become the root bridge. The path through bridge 2 has the highest cost so that will become designated (blocking). At least one of the bridges between rings 103 and 102 will have to be standby and bridge 4 has the higher path cost so bridge 3 will be designated (forwarding). (If both had had a higher path cost than bridge 2 they could both have been made standby.) This becomes a little more complex when switches are involved since they are multiport bridges. With bridges both ports will be designated (forwarding) or standby (blocking); with switches individual ports are managed. This means that the path through the switch is designated or standby and if a port on either end of that internal path is in standby then the path is in standby. On a standby path the port nearest to the root bridge will be designated, the further port will be standby. In the slide, if the bridges were switches, then ring 103 port on bridge 4 and ring 104 on bridge 2 will be designated and 101 on bridge 4 and 102 on bridge 2 will be standby. All other ports on the network will be designated.

19 Spanning Tree Support Spanning Tree types

Frames blocked by Bridging Mode SPT Frame Destination standby bridges

Bridge Functional Spanning Tree Source Routing Address Explorer Frames

Transparent Bridge Group Address All frames SRT, SRT+

n With Transparent, SRT and SRT standby bridge passes NO frames n Can you have 2 spanning trees?

Token Ring Bridging 20

Spanning Tree The Spanning Tree protocol is fully supported by each logical bridge in a switch. Note, however, that there are some fundamental differences between the way that Spanning Tree frames are handled in transparent and source-route bridging: In a source routed network only Spanning Tree Explorer (Single Route Explorer) frames are blocked by a standby port. In a transparent network all frames are blocked by a blocking port. The industry standard is to use the IEEE format for Spanning Tree frames except when performing pure source-route bridging, when the IBM standard is generally used. However this is usually configurable. Because the bridges will communicate using different addresses - SR uses the BFA, transparent uses the BGA - it is possible that in a mixed network two (or more!) spanning trees will be developed. This is not a recommended option. See next slide.

20 Spanning Tree Support 2 Spanning Trees

SPT frames from Source Routing bridges forwarded unchanged by Transparent bridges

SR T SR

SPT frames from Transparent bridges blocked by Source Routing bridges

n How many ring numbers are assigned? n Is this recommended?

Token Ring Bridging 21

Spanning Tree Certain customers may wish to deploy a mixture of source routed and non- source routed clients. However the two bridges have different methods for forming the Spanning Tree. Because different multicast addresses are employed by the two methods, there will be (at least) two separate spanning trees in effect in the case where both kinds of bridge are present in a network: · A source routing bridge will not forward transparent spanning tree frames (as there is no RIF) · A transparent bridge will forward source-routing spanning tree frames unchanged (it cannot update the RIF field) since it does not recognise the destination address (BFA) and therefore will forward to all output ports. Each ring in the slide will need a ring number since they are connected to source routing bridges. This will not affect the transparent bridge as it knows nothing about ring numbers. The SR bridges will see the middle two rings as a single segment - they don’t know about the transparent bridge since it uses a different address. So let’s say the rings are numbered 101, 102, 103 and 104 (left to right). The left hand SR bridge would see the combined ring as 102, the right had SR bridge would see it as 103 - this is obviously not allowed. So both rings would have to have the same ring number.

21 Spanning Tree Support SRT

SRT SRT SRT

n Supports a mixture of SR and Transparent clients n Single Spanning Tree

Token Ring Bridging 22

SRT With this method the IEEE spanning tree is used for both, so there are no dangers of having two or more spanning trees. This is a temporary expedient; it is not recommended as a long term solution. Make up your mind - SR or T!

22 23