Chapter 16. Bridging: Linux Implementation

This chapter moves on from the general discussion of the bridging specifications and protocols to show how Linux does the job.

We saw in Chapter 10 how the bridging code can capture ingress packets in netif_receive_skb. In this chapter, we will see exactly how those ingress packets are processed. We will see how the bridging code manipulates device states and processes ingress traffic, both when the STP is enabled and when it is not.

For a performance evaluation of the bridging code, please refer to the paper “Performance Evaluation of Linux Bridge” by James T. Yu, which you can find with a web search.

Bridge Device Abstraction

In Linux, a bridge is a virtual device. As such, it cannot receive or transmit anything unless you bind one or more real devices to it. We will use the term enslave to refer to the process of binding a real device to a (virtual) bridge device.

Let’s suppose we want to implement the topology of Figure 16-1. A few points in the figure deserve emphasis:

  • The bridge merges two LANs. The hosts of LAN1 and LAN2 are configured on the same subnet,

  • The bridge is connected to a router so that the hosts of LAN1 and LAN2 can communicate with the hosts of LAN3.

  • From the router’s perspective, there is a single LAN on eth0.

Because Linux implements both routing and bridging, we can merge the two devices into a single Linux system and obtain something like the topology in Figure 16-2(a). The network connection between the bridge ...

Get Understanding Linux Network Internals now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.