Key Points
- Network bridges connect network segments and route traffic across them as efficiently as possible.
- Although switches and routers have eclipsed them in recent years, network bridges remain a cost-effective solution for simpler use cases.
- Because network bridges blindly trust all devices on the network, it’s best to support them with a certificate-based authentication solution.
In the earliest days of network computing, if two computers sent messages to a third computer at the same exact moment, the signals would hit the cable simultaneously, and the information wouldn’t get through. The widespread adoption of Ethernet switches and full-duplex communication significantly reduced collisions.
What is a network bridge? In this article, we’ll explore what is a bridge in computer networking, outline its benefits, and show you how to overcome security risks.
What is a network bridge?
A network bridge is a device or application that reduces network congestion by connecting and filtering traffic across network segments. Network bridges treat segments as a single network and forward Ethernet frames between segments based on learned MAC address tables.
How does a network bridge work?
Network bridges operate at Layer 2 (the data link layer) of the Open Systems Interconnection (OSI) 7 Layer model. A network bridge monitors all traffic passing through it to dynamically builds a MAC address table by observing source MAC addresses on incoming frames. That table maps Media Access Control (MAC) addresses to specific network ports.
A bridge determines where to forward each Ethernet frame by reading the source and destination MAC addresses within the frame If the destination MAC address is associated with the same interface on which the frame was received, the bridge will filter the frame from passing through other segments. If both devices live on different segments, the network bridge will forward the frame directly to that segment.
What are the benefits of using a network bridge?
Network bridges help IT teams manage and optimize their local area networks (LANs). They also allow devices from separate networks to communicate as if they were on the same network. Here are some additional benefits:
- Ease of local network expansion. Organizations that want to provide network access across buildings or campuses can use network bridges to link LAN segments.
- Reduced network congestion. Network bridges use segmentation to create collision domains in which fewer devices compete for bandwidth, resulting in greater overall efficiency.
- Better network performance. By checking MAC addresses and forwarding data frames only when necessary, network bridges reduce overall network traffic.
- Flexibility to use different LAN technologies. Some network bridges can connect networks that use different physical media types, enabling organizations to increase communication without replacing equipment.
- Minimal demands on the IT team. Most network bridges are plug-and-play. They learn MAC addresses automatically and require minimal configuration.
Do organizations still use network bridges?
Network bridges still perform a valuable function today for many organizations. But in recent years, switches and routers with more sophisticated functionality have emerged.
Why use a network bridge instead of a switch?
Ethernet switches have become far more popular than network bridges. Technically, an Ethernet switch is a multi-port bridge implemented in hardware for higher performance. Switches can handle many connections simultaneously and make faster forwarding decisions. But bridges remain a cost-effective choice for simpler network scenarios.
Why use a network bridge instead of a router?
Routers use IP addresses to direct packets of information across different networks. They also provide better traffic isolation than bridges. But if you’re simply extending a network rather than connecting separate ones, a bridge would be an appropriate choice.
What is a bridge connection? What is an internet bridge?
A bridge connection turns a Windows PC into a network bridge. A wireless bridge connects two network segments over Wi-Fi at Layer 2, often used for building-to-building connectivity.
How to set up a network bridge
Most IT teams set up network bridges on Linux servers. Here’s a rough outline of the process:
- Identify all available network interfaces using the ip link show command.
- Install the bridge-utils package to create and manage your bridges.
- Configure your bridge by editing your network configuration files.
- Apply your changes by restarting your networking service.
- Assign an IP address to your new bridge interface.
Both Windows and macOS provide built-in support for creating network bridges.
What are the potential security risks of using a network bridge?
Like other Layer 2 devices, network bridges are highly trusting. Bridges operate at Layer 2 and do not perform Layer 3 or application-level inspection, limiting their ability to enforce access control policies. As a result, criminals target bridges in Address Resolution Protocol (ARP) poisoning attacks and use MAC spoofing to trick bridges into giving them access to segments of the network that contain sensitive data.
With limited filtering ability, network bridges let broadcast traffic travel into all the network segments they connect. This means broadcast storms and ARP-based attacks can travel far on the network.
How to secure your network bridge
Allowing your network bridges to trust MAC addresses will leave your network vulnerable to cyberattacks. Instead, require every device to authenticate using 802.1X port-based network access control with certificate-based authentication.
Our Cloud RADIUS and JoinNow give you a complete, cloud-based solution for deploying an authentication framework across all your wired and wireless segments. See how they work when you schedule your demo >
