Routing Versus Bridging: Connecting to the xDSL or Cable Network
As cable and xDSL technologies emerge a growing consideration is how to connect to the network. Although much can be said about different methods it really boils down to two: bridging or routing. For those experienced in networking, they will know that this question has been around since routing and bridging technologies have been. However the new element here is that the discussions always centered on LANs and/or private WANs. When connecting to the Internet there are new considerations to keep in mind when making your decision. This technical document is geared for those who need assistance in the decision for choosing what equipment and how to connect to the cable or xDSL network.
Now before we can argue routing versus bridging (or vice versa for that matter) we need to be clear on what both devices are and how they behave. So let's define each one:
A bridge is a device that connects two segments of the same network. The two networks being connected can be alike or dissimilar. Unlike routers, bridges are protocolindependent. They simply forward packets without analyzing and re-routing messages.
A router is a device that connects two networks. Routers are similar to bridges, but provide additional functionality, such as the ability to filter messages and forward them to different places based on various criteria. The Internet uses routers extensively to forward packets from one host to another.
So based on these definitions we can see the key difference between a bridge and router is that a bridge does not look at protocols and a router does. A bridge does not look at traffic and allow it or disallow it, it does not decide what to do with certain types of traffic, it simply moves all data from one network to another. Whereas a router examines protocols (in this case TCP/IP is the only protocol we are concerned with) and decides what to do with each packet based on several things.
When you order Internet access either via a cable or xDSL connection, the vendor will offer you a bridge (although it may often be called a modem, it is a bridge). These are very low cost devices (usually around $200) and will connect your machine to the ISP's network. This is a cost-effective solution, however there are some very apparent reasons why you should consider a router rather than a bridge. Let's look at an example to illustrate this point.
In this example, we have two different customers bridged to the Internet using the same ISP. Both customers have IP addresses on the same IP network. This means that broadcasts from Customer A's network will propagate to Customer B's network. For example if machines on both networks are utilizing file and print services through the Windows Network, it is perfectly plausible (and has happened) that machines from Customer A can show up in the Network Neighborhood of machines on Customer B's network. For security reasons alone this is a very undesirable situation.
Everyone is talking about firewalls, filtering, and so on. Many people connecting to the Internet today do not realize how vulnerable they are to attacks from the Internet. When utilizing a dial-up connection, the exposure is only for the time you are connected, however, along with all the benefits of a permanent connection, there is a big drawback: your network is exposed to the Internet 24 hours a day, 7 days a week. When you are at home asleep, it could be quite possible someone out there is working away at your network in the hopes of destroying or stealing data. Although this is not a pleasant thought there are very simple means to prevent this happening.
The first thing is a routed account. With a routed account you have a device examining all traffic before it enters your network. This means that traffic not destined for your network will not be routed to your LAN. Broadcast storms and other network related issues on other networks connecting to your ISP will not effect your network. The biggest gain from a routed account is security. A router has the ability to filter Internet traffic. This means that the router connecting you to the Internet can discriminate between which traffic it will allow into your network, and which traffic it will not. A Router from Netopia also has the ability to "hide" all of the IP addresses on your network and make them appear as if the were only one IP address out on the Internet. By doing this, you have just eliminated 90% of all security threats.
Aside from security, other benefits of using a Netopia Router over a bridge include:
- You will have a contiguous block of IP addresses, rather than sporadic address across a network.
- A Netopia Router can use DHCP to assign workstations addresses on the LAN, preventing specific configuration in each device.
- A Netopia router has the ability to use NAT (Network Address Translation), thus only requiring you to obtain one IP address from your ISP. Cost saving as well as security enhancement.
For the above reasons it seems quite clear that a routed account has distinct advantages over a bridged connection. For those using SDSL or IDSL access technologies, some manufactures like Netopia offer routers that are compatible with the Copper Mountain CE200 DSLAM. For any other connection, these vendors can provide an Ethernet broadband router than can be placed between the bridge and the LAN, thus providing all the benefits of routing to cable, ADSL, and other environments.