Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!utgpu!water!watnot!watmath!clyde!rutgers!seismo!lll-lcc!ames!ucbcad!ucbvax!ANDREW.CMU.EDU!ddp# From: ddp#@ANDREW.CMU.EDU.UUCP Newsgroups: mod.protocols.tcp-ip Subject: danger of bridges Message-ID: <0UNp=iy00UoJyeY2t=@andrew.cmu.edu> Date: Tue, 24-Mar-87 22:45:50 EST Article-I.D.: andrew.0UNp=iy00UoJyeY2t= Posted: Tue Mar 24 22:45:50 1987 Date-Received: Thu, 26-Mar-87 07:30:30 EST Sender: daemon@ucbvax.BERKELEY.EDU Distribution: world Organization: The ARPA Internet Lines: 54 Approved: tcp-ip@sri-nic.arpa I've been hearing alot about people creating large networks using level 2 bridges (i.e. the DEC LANBridge). People are talking about connecting 1000's of hosts' to ethernet's connected via them. In Monterey I even heard about a 3 university consortium planning on using them to connect all their nets together! This is extremely dangerous! It really scares me. DEC, IBM and other companies promoting these boxes are being incredibly short sighted and are leading their customers down a dead-end road! These boxes are just great for small networks and connecting multiple nets together where repeaters won't work, but for large net's (greater than 100's of hosts) they are not efficient. The reason is because of broadcasts and multicasts which are passed through the boxes, as they must be. For example, ARP request broadcasts are passed through all bridges on the network so that they reach all hosts on all connected nets. If you have 1000's of hosts on your network that tend to talk to a large number of other hosts, you wind up with an incredible amount of arp traffic. For example, the CMU network is composed of >2000 hosts and >50 networks. Some of these nets are connected using LANBridges, but most of them are connected via CMU routers (gateways) which operate on a scheme similar to the extended arp black boxes propsed by John Postel in RFC 925 (although we had it first :-)). This scheme effectively operates as a level 2 bridge system for ARP packets but as a level 3 gateway for IP packets. I.e. routing is done via arp, sort of like as in "promiscuous arp" or the "arp hack". I say similar because we've put a lot of additional work into this scheme in order to suppress the number of arps. According to our statistics, we do limit a significant amount of arp to a single network rather than being forwarded through all connected nets. However, we still have an average rate of 20 arp's per second on all nets in the system! Yes, I typed that right, twenty. And of course every time someone's program goes crazy you wind up with even higher rates. Once a student hacking on a UNIX system wrote a program to send a UDP datagram to every host in the host table (since only setuid programs can send broadcasts in 4.2). It was truly amazing seeing 100 arp's/sec... That's the price paid for not having subnet's and level 3 routing with IP. We are definitely not going to reach our goal of 7000 hosts this way... And then there's DECnet. I won't claim to be a DECnet expert, but from my observations it appears to me that all Phase IV DECnet hosts connected to an ethernet transmit HELLO multicast messages every 15 seconds. These of course all pass through the bridge or else intra-area routing wouldn't work. We have somewhere around 100 DECnet hosts connected to our backbone ethernet system. Dividing these two numbers I expect to see about 6 HELLO's a second on the net. Using PCIP NETWATCH I indeed measured 5 per second. Of course, this is with only 100 hosts. Doing the same calculation with 1000 hosts one would see 66 HELLO's/sec. 2000 hosts would yield 133/sec, 4000 hosts would give 266/sec. Can you imagine EVERY DECnet machine on a network processing 266 routing packets/sec? I sure wouldn't want to try to get work done on such a machine. To summarize, level 2 bridges are very useful, but you have realize that they are not the perfect solution. You have to keep their limitations in mind. There are very good reasons for having level 3 routing. Drew