danger of bridges


Drew Daniel Perkins (ddp#@andrew.cmu.edu)
Tue, 24 Mar 87 22:45:50 est


I've been hearing alot about people creating large networks using level 2
bridges (i.e. the DEC LANBridge). People are talking about connecting 1000's
of hosts' to ethernet's connected via them. In Monterey I even heard about a
3 university consortium planning on using them to connect all their nets
together! This is extremely dangerous! It really scares me. DEC, IBM and
other companies promoting these boxes are being incredibly short sighted and
are leading their customers down a dead-end road!

These boxes are just great for small networks and connecting multiple nets
together where repeaters won't work, but for large net's (greater than 100's
of hosts) they are not efficient. The reason is because of broadcasts and
multicasts which are passed through the boxes, as they must be. For example,
ARP request broadcasts are passed through all bridges on the network so that
they reach all hosts on all connected nets. If you have 1000's of hosts on
your network that tend to talk to a large number of other hosts, you wind up
with an incredible amount of arp traffic. For example, the CMU network is
composed of >2000 hosts and >50 networks. Some of these nets are connected
using LANBridges, but most of them are connected via CMU routers (gateways)
which operate on a scheme similar to the extended arp black boxes propsed by
John Postel in RFC 925 (although we had it first :-)). This scheme
effectively operates as a level 2 bridge system for ARP packets but as a
level 3 gateway for IP packets. I.e. routing is done via arp, sort of like
as in "promiscuous arp" or the "arp hack". I say similar because we've put a
lot of additional work into this scheme in order to suppress the number of
arps. According to our statistics, we do limit a significant amount of arp
to a single network rather than being forwarded through all connected nets.
However, we still have an average rate of 20 arp's per second on all nets in
the system! Yes, I typed that right, twenty. And of course every time
someone's program goes crazy you wind up with even higher rates. Once a
student hacking on a UNIX system wrote a program to send a UDP datagram to
every host in the host table (since only setuid programs can send broadcasts
in 4.2). It was truly amazing seeing 100 arp's/sec... That's the price paid
for not having subnet's and level 3 routing with IP. We are definitely not
going to reach our goal of 7000 hosts this way...

And then there's DECnet. I won't claim to be a DECnet expert, but from my
observations it appears to me that all Phase IV DECnet hosts connected to an
ethernet transmit HELLO multicast messages every 15 seconds. These of course
all pass through the bridge or else intra-area routing wouldn't work. We
have somewhere around 100 DECnet hosts connected to our backbone ethernet
system. Dividing these two numbers I expect to see about 6 HELLO's a second
on the net. Using PCIP NETWATCH I indeed measured 5 per second. Of course,
this is with only 100 hosts. Doing the same calculation with 1000 hosts one
would see 66 HELLO's/sec. 2000 hosts would yield 133/sec, 4000 hosts would
give 266/sec. Can you imagine EVERY DECnet machine on a network processing
266 routing packets/sec? I sure wouldn't want to try to get work done on
such a machine.

To summarize, level 2 bridges are very useful, but you have realize that they
are not the perfect solution. You have to keep their limitations in mind.
There are very good reasons for having level 3 routing.

Drew



This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:37:45 GMT