[Top][Contents][Prev][Next][Last]Search

Configuring Packet Bridging

This chapter covers these topics:
Introduction to Ascend bridging
How the MAX establishes a bridged connection
Enabling bridging
Managing the bridge table
Configuring bridged connections

Introduction to Ascend bridging

This section provides an overview of packet bridging and explains how the MAX brings up a bridging connection.

The MAX is used as a bridge primarily to provide connectivity for protocols other than IP, IPX, and AppleTalk, although it can also be used for joining segments of an IP, IPX, or AppleTalk network. Because a bridging connection forwards packets at the hardware-address level (link layer), it does not distinguish between protocol types, and it requires no protocol-specific network configuration.

The most common uses of bridging in the MAX are to:

Disadvantages of bridging

 Bridges examine all packets on the LAN (termed promiscuous mode), so they incur greater processor and memory overhead than routers. On heavily loaded networks, this increased overhead can result in slower performance.

Routers have other advantages over bridging. Because they examine packets at the network layer (instead of the link layer), you can filter on logical addresses, providing enhanced security and control. In addition, routers support multiple transmission paths to a given destination, enhancing the reliability and performance of packet delivery.

Note: If you have a MAX running Multiband Simulation, bridging is disabled.

How a bridged WAN connection is initiated

When the MAX is configured for bridging, it accepts all packets on the Ethernet and forwards only those that have one of the following:

The important thing to remember about bridging connections is that they operate on physical and broadcast addresses, not on logical (network) addresses.

Physical addresses and the bridge table

A physical address is a unique hardware-level address associated with a specific network controller. A device's physical address is also called its Media Access Control (MAC) address. On Ethernet, the physical address is a six-byte hexadecimal number assigned by the Ethernet hardware manufacturer. For example:

If the MAX receives a packet whose destination MAC address is not on the local network, it first checks its internal bridge table (for a description of the table, see Transparent bridging). If it finds the packet's destination MAC address in its bridge table, the MAX dials the connection and bridges the packet.

If the address is not specified in its bridge table, the MAX checks for active sessions that have bridging enabled. If there are one or more active bridging links, the MAX forwards the packet across all active sessions that have bridging enabled.

Broadcast addresses

A broadcast address is recognized by multiple nodes in a network. For example, the Ethernet broadcast address at the physical level is:

All devices on the same network receive all packets with that destination address. When configured as a router only, the MAX discards broadcast packets. When configured as a bridge, it forwards packets with the broadcast destination address across all active sessions that have bridging enabled.

ARP broadcast packets that contain an IP address specified in the bridge table are a special case. For details, see Configuring proxy mode on the MAX.

How the MAX establishes a bridged connection

The MAX uses station names and passwords to sync up a bridging connection, as shown in Figure 8-1.

Figure 8-1. Negotiating a bridge connection (PPP encapsulation)

Note: The information exchange illustrated in Figure 8-1 differs slightly for Combinet bridging, where the bridges' MAC addresses are exchanged instead of station names, and passwords may be configured as optional. Otherwise, the way in which the MAX establishes a Combinet bridge connection across the WAN is very similar to the PPP bridged connection shown above. For more information about Combinet, see Chapter 3, Configuring WAN Links.

The system name assigned to the MAX in the Name parameter of System > Sys Config must exactly match the device name specified in the Connection profile on the remote bridge, including case changes. Similarly, the name assigned to the remote bridge must exactly match the name specified in the Station parameter of that Connection profile, including case changes.

Note: The most common cause of trouble when initially setting up a PPP bridging connection is that the wrong name is specified for the MAX or the remote device. Often case changes are not specified, or a dash, space, or underscore is not entered.

Enabling bridging

The MAX has a system-wide bridging parameter that must be enabled for any bridging connection to work. The Bridging parameter directs the MAX unit's Ethernet controller to run in promiscuous mode. In promiscuous mode, the Ethernet driver accepts all packets, regardless of address or packet type, and passes them up the protocol stack for a higher-layer decision on whether to route, bridge, or reject the packets. (Even if no packets are actually bridged, running in promiscuous mode incurs greater processor and memory overhead than the standard mode of operation for the Ethernet controller.)

You enable packet bridging by opening Ethernet > Mod Config and setting the Bridging parameter to Yes:

Managing the bridge table

To forward bridged packets to the correct destination network, the MAX uses a bridge table that associates end nodes with particular connections. It builds this table dynamically (transparent bridging). It also incorporates the entries found in its Bridge profiles. Bridge profiles are analogous to static routes in a routing environment. You can define up to 99 destination nodes and their connection information in Bridge profiles.

Transparent bridging

The MAX is a transparent bridge (also termed a learning bridge). It keeps track of where a particular address is located, and of the Connection profile that specifies the interface to which the packet should be forwarded. As it forwards a packet, the MAX logs the packet's source address and creates a bridge table that associates node addresses with a particular interface.

For example, Figure 8-2 shows the physical addresses of some nodes on the local Ethernet and at a remote site. The MAX at site A is configured as a bridge.

Figure 8-2. How the MAX creates a bridging table

The MAX at site A gradually learns addresses on both networks by looking at each packet's source address, and it develops a bridge table like this:

Entries in the MAX unit's bridge table must be relearned within a fixed aging limit, or they are removed from the table.

Configuring bridged connections

Bridged connections require both Answer and Connection (or Name) profiles settings. They also require a method of recognizing when to dial the connection, which may be the dial-on-broadcast feature or a Bridge profile (Ethernet > Bridge Adrs). If a connection has an associated Bridge profile, it does not need dial-on-broadcast. You can define up to 100 Bridge profiles.

These are the bridging parameters with example values:

For more information on each parameter, see the MAX Reference Guide.

Understanding the bridging parameters

This section provides some background information on the bridging parameters.

Bridging in the Answer profile

Both the Bridge parameter and a form of password authentication must be enabled for the MAX to accept inbound bridged connections.

Note: Bridge = N/A in the Answer profile if the packet bridging has not already been enabled in the Ethernet profile. See Enabling bridging.

Station name and password

Name and password authentication is required, as described in How the MAX establishes a bridged connection.

Bridging and dial broadcast in a Connection profile

Bridge specifies that the Connection will bridge packets at the link level, provided that a method of bringing up the connection exists. Either the Connection profile must be specified in a static bridge table entry or Dial Brdcast must be turned on. See How the MAX establishes a bridged connection.

IPX bridging options

See IPX bridged configurations.

Names and passwords

The MAX uses station names and passwords to sync up a bridged connection. These may be provided in a Connection profile, a Name profile, or an external authentication profile.

Bridge profile parameters

If a Connection profile does not use dial broadcast, it must have a bridge table entry for the MAX to be able to bring up the connection on demand. The Bridge profile defines a bridge table entry by specifying three parameters:

Ethernet address

Each bridge table entry specifies an Ethernet (node) address that is not on the local segment. See Physical addresses and the bridge table for details on Ethernet addresses.

Network address

If you are bridging between two segments of the same IP network, you can use the Net Adrs parameter in a Bridge profile to enable the MAX to respond to ARP requests while bringing up the bridged connection. See Configuring proxy mode on the MAX.

Connection number

You associate bridge profiles with one Connection profile, which the MAX uses to bring up the connection to the specified node address. You specify a Connection profile by the unique portion of its number in the Connections menu.

Example bridged connection

An AppleTalk connection at the link level requires a bridge at either end of the connection. This is unlike a dial-in connection using AppleTalk Remote Access (ARA) encapsulation, in which the MAX acts as an ARA server negotiating a session with ARA client software on the dial-in Macintosh.

Figure 8-3 shows an example bridged connection between a branch office at site B, which supports Macintosh systems and printers, and a corporate network at site A. Both site A and site B support CHAP and require passwords for entry.

Figure 8-3. An example connection bridging AppleTalk

The most common cause of trouble when initially setting up a bridged connection is that you may have the wrong name specified for the MAX or the remote device. Often, you have not specified case changes, or you did not enter a dash, space, or underscore. Make sure you type the name exactly as it appears in the remote device.

Note: In this example, Dial Brdcast is turned off in the Connection profiles and a Bridge profile is specified. This is not required. You can turn on Dial Brdcast and omit the Bridge profile if you prefer.

To configure the site A MAX for a bridged connection:

  1. If necessary, assign the MAX a station name in System > Sys Config. This example uses the name SITEAGW for the MAX.

  2. Turn on bridging and specify an authentication protocol in Ethernet > Answer > PPP Options.

  3. Open Connection profile #5 and set these parameters:

    Note: Dial Brdcast is not needed because of the Bridge profile configured next.

  4. Configure password authentication.

  5. Close Connection profile #5.

  6. Open Ethernet > Bridge Adrs.

  7. Specify a node's Ethernet address on the remote network, and the number of the Connection profile to bring up a link to that network.

  8. Close the Bridge profile.

To configure the site B Pipeline unit for the bridged connection:

  1. If necessary, assign the remote Pipeline unit a station name in its System profile. This example uses the name SITEBGW for the remote unit.

  2. Turn on bridging and specify an authentication protocol in the Pipeline unit's Answer profile.

  3. Open Connection profile #2 on the Pipeline and set these parameters:

    Note: Dial Brdcast is not needed because of the Bridge profile, configured next.

  4. Configure password authentication.

  5. Close Connection profile #2.

  6. Open a Bridge profile.

  7. Specify a node's Ethernet address on the remote network, and the number of the Connection profile to bring up a link to that network.

  8. Close the Bridge profile.

IPX bridged configurations

 For NetWare WANs in which NetWare servers reside only on one side of the connection, you can configure an IPX bridged connection. IPX bridging has special requirements for facilitating NetWare client-server logins across the WAN and preventing IPX RIP and SAP broadcasts from keeping a bridged connection up indefinitely. These options vary depending on whether the local network supports NetWare servers, NetWare clients, or both.

Understanding the IPX bridging parameters

This section does not describe the general bridging parameters explained earlier, although those parameters do apply to an IPX bridging connection. It focuses only on IPX issues.

These are the related parameters:

Here is some background information about these parameters:

IPX frame type

Set the Handle IPX parameter to N/A if an IPX frame type is not specified in the Ethernet profile. For more information about IPX frame types and how they affect routing and bridging connections, see Chapter 9, Configuring IPX Routing,

Route IPX

If you set Route IPX to Yes in the Connection profile, the Handle IPX parameter sets to N/A, but acts as if set to Server.

How IPX bridged packets are handled

Handle IPX can be set to Server (IPX server bridging) or Client (IPX client bridging).

Use IPX server bridging when the local Ethernet supports NetWare servers (or a combination of clients and servers) and the remote network supports NetWare clients only.

Use IPX client bridging when the local Ethernet supports NetWare clients but no servers. In an IPX client bridging configuration, you want the local clients to be able to bring up the WAN connection by querying (broadcasting) for a NetWare server on a remote network. You also want to filter IPX RIP and SAP updates, so the connections do not remain up permanently.

Note: If NetWare servers are supported on both sides of the WAN connection, we strongly recommend that you use an IPX routing configuration instead of bridging IPX. If you bridge IPX in that type of environment, client-server logins will be lost when the MAX brings down an inactive WAN connection.

Netware t/o ("watchdog spoofing")

NetWare servers send out NCP watchdog packets to monitor client connections. Only clients that respond to watchdog packets remain logged into the server.

In an IPX server bridging configuration, you want the MAX to respond to NCP watchdog requests for remote clients, but to bring down inactive connections whenever possible. To enable this, set the Netware t/o timer. The timer begins counting down as soon as the link goes down. At the end of the specified time, the MAX stops responding to watchdog packets and the client-server connections may be released by the server. If there is a reconnection of the WAN session before the end of the selected time, the timer is reset.

Note: The MAX performs watchdog spoofing only for packets encapsulated in the IPX frame type specified in the Ethernet profile. For example, if IPX Frame=802.3, only logins to servers using that packet frame type will be spoofed.

Example IPX client bridge (local clients)

In this example, the local Ethernet supports NetWare clients, and the remote network supports both NetWare servers and clients, so the MAX requires IPX client bridging. When Handle IPX=Client, the MAX applies a data filter that discards RIP and SAP periodic broadcasts at its WAN interface, but forwards RIP and SAP queries. That way, local clients can locate a NetWare server across the WAN, but routine broadcasts do not keep the connection up unnecessarily.

Figure 8-4. An example IPX client bridged connection

To configure the site A MAX in this example:

  1. If necessary, assign the MAX a station name in the System profile. This example uses the name SITEAGW for the MAX.

  2. Set the IPX frame type in the Ethernet profile.

  3. Enable bridging and specify an authentication protocol in the Answer profile.

  4. Open a Connection profile and set these parameters:

    Note: Enable Dial Brdcast to allow service queries to bring up the connection.

  5. Configure password authentication.

  6. Specify IPX client bridging.

  7. Close the Connection profile.

Example IPX server bridge (local servers)

 In this example, the local network supports a combination of NetWare clients and servers, and the remote network supports clients only, so the MAX requires IPX server bridging. When Handle IPX=Server, the MAX applies a data filter that discards RIP and SAP broadcasts at its WAN interface, but forwards RIP and SAP queries. It also uses the value specified in the NetWare t/o parameter as the time limit for responding to NCP watchdog requests on behalf of clients on the other side of the bridge, a process called watchdog spoofing.

Figure 8-5. An example IPX server bridged connection

To configure the site A MAX in this example:

  1. If necessary, assign the MAX a station name in the System profile. This example uses the name SITEAGW for the MAX.

  2. Set the IPX frame type in the Ethernet profile.

  3. Enable bridging and specify an authentication protocol in the Answer profile.

  4. Open a Connection profile and set these parameters:

  5. Configure password authentication.

  6. Specify IPX server bridging and configure the timer for watchdog spoofing when an inactive connection has been brought down.

  7. Close the Connection profile.

Configuring proxy mode on the MAX

 If you are bridging between two segments of the same IP network, you can use the Net Address parameter in a Bridge profile to enable the MAX to respond to ARP requests while bringing up the bridged connection.

If an ARP packet contains an IP address that matches the Net Adrs parameter of a Bridge profile, the MAX responds to the ARP request with the Ethernet (physical) address specified in the Bridge profile, and brings up the specified connection. In effect, the MAX acts as a proxy for the node that actually has that address.


[Top][Contents][Prev][Next][Last]Search

techpubs@eng.ascend.com

Copyright © 1998, Ascend Communications, Inc. All rights reserved.