A hub (hub)

  • The hub operates at layer 1 of the OSI, and packets destined for the hub are broadcast to all ports
  • Hub is a direct physical connection to the network card for each device, all have low connection loss risk, because the hub is for all devices share the bandwidth of a device, so it is half – duplex, so he will there is a conflict, at the same time sent to the hub of inbound and outbound package will there is a conflict, need algorithm to resolve conflicts, and thus the performance of the hub is relatively less
  • In essence, a hub is a multi-port repeater. It does not care about the packet content, but simply broadcasts the packet received by one port to all other ports. Therefore, the content sent by one host to another host will be monitored by other irrelevant hosts. There are security issues

The bridge (bridge)

  • A physical world bridge is used to connect two sides of a river, while a computer world bridge is a network used to connect two physical network segments
  • The Bridge and switch work at the OSI data layer 2 (data link layer), where packets are sent to specified ports based on their MAC addresses. There are no security issues associated with hub broadcast
  • The bridge keeps track of the addresses of all hosts on the network plugged into its interface. When packets from one end of the bridge are sent to the bridge, the bridge filters them to ensure that packets from the other end of the bridge are not forwarded to the other end of the bridge.
  • When a bridge receives a packet from a network whose address does not belong to this end of the bridge, it sends it to the other end. But, in fact, it doesn’t know whether there is opposite this address, just guess that is not in the side, so may be on the other side, and then if there are other bridge across the network, then it will find that the package is not here, and will send the package to the other to the other side of the bridge, so a packet to reach the destination address of the host, takes more than one bridge
  • Because above this, broadcast and multicast (such as arp this all to find the address of package) of this kind of traffic must pass through all the bridge on the network, so all the host is a chance to read the broadcast packets, the network size (especially the more bridge network), a lot of package is has nothing to do with yourself, so will be likely to cause the broadcast storm, Thus blocking unicast traffic (i.e., purposeful packets)

Switch (switch)

  • In fact, the Switch itself is a bridge, which has the functions of the old bridge, but solves some of its problems

  • Switch overcomes the shortcomings of hub. It can allocate dedicated bandwidth for each connected host device and provide full-duplex connection. It uses MAC address table to make packet forwarding decision and ASICS and Content addressing register (CAM) table to improve frame processing rate

  • The Switch combines the advantages of the hub and bridge. The multi-port function of the hub and the filtering function of the bridge are used together. Only the target device can see unicast packets, so it does not block unicast packets as the bridge does

  • The switch allows redundant links and, thanks to the spanning tree protocol (STP) developed for the bridge, broadcast and multicast operations do not cause storms

  • Switches keep track of the MAC address in each interface, so they can quickly send traffic only to the destination of the packet

  • Because of these features, switch offers higher performance and security

  • In general, switch has the following advantages:

  • A switch is a plug and play device. Once the first packet arrives, they learn the interface or port to reach the desired address, which can then be used for subsequent filtering.

  • Switch provides an easy way to connect network segments that operate at different speeds, such as 10 Mbps, 100 Mbps, 1GB and 10 gb networks

  • Switches are replacing routers inside networks because they can forward frames more than 10 times faster over Ethernet networks

Other differences between Bridge and Switch

  • The old bridge only has 2 to 4 ports, while the Switch is actually a high-performance multi-port bridge, which can have hundreds of ports. In essence, the Switch is also a bridge device, which has the functions of bridge
  • The packet forwarding of the old Bridge is based on software, while the switch developed later is based on hardware and uses chips to make packet forwarding decisions, with far superior performance than the old Bridge
  • A new Switch can have multiple spanning tree instances. The old Bridge had only one.

So why didn’t switch continue to use the name Bridge? Because earlier manufacturers made Bridges that didn’t comply with IEEE specifications (the specification never had a timed bridge with only two ports), later manufacturers were in the same league and dropped the word bridge altogether. Switch directly, but essentially better implementation of the specification.

The concepts of the above three physical devices also correspond to virtual software implementation, such as virtual bridge network bridge and virtual switch. Distributed software such as Docker and K8S often use bridge to establish subnets and communicate with host computers