A new feature in Windows XP is the Network Bridge, which allows you to connect two LAN segments—even if they use different media types—without buying expensive hardware or third-party software. In this Daily Drill Down, I’ll look at the difference between bridging and routing and discuss how you can use a bridge as a low-cost alternative to routing. I’ll also discuss how the network bridge works under the hood. After walking you through the process of configuring bridged connections, I’ll explain how to troubleshoot problems with the network bridge.

Understanding network bridging
In the “real world,” a bridge is a structure that spans the distance between two locations and provides a link or connection from one place to another. In networking terminology, a bridge serves a similar function in that it spans two local area networks and allows packets to get from one to the other.

How a bridge differs from a router
Bridges and routers are both network connectivity devices that connect network segments together. However, there are a number of differences between the two. First, traditional bridges work at the data link layer of the OSI model (layer 2), whereas routers operate at the higher network layer (layer 3). Both bridges and routers build and use address tables, but the bridge works with MAC (physical) addresses, and routers work with IP (logical) addresses.

Because these bridges work below the networking layer where routing takes place, nonroutable protocols such as NetBEUI can cross bridges. Routers are more sophisticated devices than bridges. A bridge generally provides a single path from one network segment to another; a router generally interconnects with other routers to reach many networks on a WAN and can provide several different paths to a destination. Bridges can be combined with routers to produce a brouter (rarely used today).

How a bridge differs from a repeater
A repeater is a connectivity device that operates at the physical layer (layer 1) of the OSI model and is used to extend the physical length of a network segment by repeating or regenerating the signals. A bridge also regenerates data when it forwards it across, but does so at the packet level rather than at the signal level. Repeaters can’t connect segments that use different media access methods (for example, Ethernet and token ring), but some types of bridges, called translating bridges, can. Most important, repeaters pass everything across without examining addresses or distinguishing between addresses as bridges do.

The purpose of bridging
You can use a bridge to segment a network in order to reduce traffic congestion. The bridge “learns” which MAC addresses reside on which side of the bridge and builds an address table. The first time a message is sent to a particular address, the bridge sends (broadcasts) it to all computers on both sides. In this way, it discovers which side the address belongs to and adds the address to its table. Port numbers are used to represent the different segments. Then, when subsequent messages are sent to that address, the bridge knows to forward the packet to the appropriate segment if the destination address is on a different segment from the source, or, if the source and destination computer are on the same segment, not to forward the packet across the bridge. Consequently, unnecessary traffic doesn’t cross the bridge.

Bridges can connect two network segments that use different media into a single subnet (for example, Ethernet and wireless), as long as they use the same network protocol (for example, TCP/IP). The bridge would also work to connect a group of computers networked together via Cat 5 cable with another group connected via thin coax.

You can use a bridge instead of buying a wireless access point. If you have a computer with a wireless NIC that needs to connect to the wired network, and one of the computers on the wired Ethernet network also has a wireless NIC, you can run the wireless adapters in ADHOC mode (no WAP required) and create the bridge on the computer that has both wired and wireless NICs.

How the XP Network Bridge works
Just as a router can be either a dedicated device or a software construct on a computer, so can a bridge. Microsoft has included bridging software in Windows XP (32-bit edition only) to make it easier for home and small business users, who don’t need the sophistication of a router, to connect small LAN segments without spending extra money for a separate connectivity device. XP’s Network Bridge is designed specifically for connecting LAN segments of mixed-media types. The bridge automates the process of forwarding data from one media type to another without requiring that you set up separate subnets for each media type and manually configure packet forwarding between the subnets.

The most common scenario consists of a small network that has both a cabled Ethernet LAN and an 802.11 wireless network that need to work together. Other possibilities include USB, IEEE 1394, or Home Phone Line Network Adapter (HPNA) networks. You need one computer that has network interfaces to both networks; this computer runs XP and has the bridge enabled. There can be only one bridge on an XP computer, but it can bridge multiple network connections as long as the computer has a network adapter installed for each.

Tip

XP’s Network Bridge works only with Ethernet-compatible adapters. Adapters on which certain features—such as the Internet connection firewall (ICF) and Internet connection sharing (ICS)—are enabled cannot be part of a bridge. If you want to bridge those connections, you must first disable ICF or ICS.

A peek under the hood of the Network Bridge
Windows XP’s bridge uses a combination of traditional layer 2 bridging, also called transparent bridging and defined in IEEE 802.1D. The bridge puts the network adapters that belong to it in “promiscuous mode.” This means that the adapter can intercept all packets that are transmitted—not just those addressed to it. The MAC address of every message is checked, and the bridge builds its database (address table) from the information.

Promiscuous mode requires that the adapters support that mode of operation. If they don’t, the XP bridge uses layer 3 bridging. This bridging uses the address resolution protocol (ARP) to resolve MAC addresses to IP addresses, with the bridge acting as an ARP proxy. In this situation, the bridge maintains a layer 3 forwarding table that contains both IP and MAC addresses. Layer 3 bridging works only with the TCP/IP protocols, for the obvious reason that only TCP/IP uses IP addresses.

XP’s bridge uses a common bridging algorithm called the spanning tree algorithm (STA). The STA is used to prevent bridging “loops” that can occur if there are multiple bridges on the network, a problem that arises when bridges receive duplicate copies of a message and update their address tables incorrectly in response. When a loop is formed, bridges forward traffic indefinitely. This causes unnecessary traffic that slows down network performance.

The STA creates a logical tree topology so that there will be only one path between any two segments. If a bridge fails, however, the algorithm allows the network to automatically reconfigure the topology for fault tolerance. The STA also ensures that the data will take the most efficient path.

Bridges communicate with each other about the network topology via STA packets, with each bridge identifying itself by its lowest-numbered MAC address (remember that a bridge has at least two network interfaces). The bridge with the lowest identification number is called the root bridge.

For more information about the STA, click here.

Tip

Note that it is possible for you to disable the STA by editing the registry. For instructions on how to do so, see “Manage Network Bridge Feature.” This article also contains instructions for disabling packet forwarding on the bridge.

Configuring bridged connections
XP makes it easy to configure bridged connections. If you have multiple network adapters installed (for example, an Ethernet 10BaseT card and an 802.11b wireless NIC), you can run the Network Setup Wizard, which will detect the multiple adapters and ask if you want to bridge the connections. To run the Network Setup Wizard, select Control Panel | Network Connections and choose Set Up A Home Or Small Office Network in the left pane under Network Tasks. (Note that this option will not appear if your XP computer belongs to a domain.)

In fact, the default is to bridge connections, which causes bridges to be created inadvertently. If you don’t want to create a bridge, you need to select Let Me Choose The Connections To My Network when you receive the message that “Your computer has multiple connections.” Then clear the check boxes for all except one of the network adapters listed.

Tip

You might have multiple adapters installed because you have a NIC that connects to a broadband Internet connection device, such as a DSL or cable modem. These adapters cannot be bridged.

Creating the bridge
To create a bridge, you must have two eligible connections. Open the Network Connections applet from Control Panel and highlight the connections you want to bridge by using [Ctrl] and clicking to select each. Right-click and select Bridge Connections from the context menu, as shown in Figure A.

Figure A
Select two connections you want to bridge, right-click, and choose Bridge Connections.

You will be asked to wait while Windows bridges the connections. This can take a few moments. Afterward, a new section titled Network Bridge will appear, with an icon representing the network bridge as well as the icons for the connections you have bridged, as shown in Figure B.

Figure B
After you create the bridge, a new icon will appear in your Network Connections.

Now, when you double-click either of the original connection icons and click the Properties button, you’ll no longer see the properties for the adapter. Instead, you’ll see a message that says: “This adapter is part of the Network Bridge. To remove this adapter from the Network Bridge, or to modify bridge settings, right-click the Network Bridge, and then click Properties.”

The properties sheet for the bridge will show the adapters that are part of the bridge and the network clients, services, and protocols used, as shown in Figure C.

Figure C
The properties for the bridged connections are now configured as part of the bridge.

Note that you can no longer add or remove items for the connections separately. Adding, removing, or changing the properties of any of the items used by the connection will apply to all adapters that belong to the bridge. You can view the connection status of the bridge, just as you can for any network connection, as shown in Figure D.

Figure D
You can view the status of the bridge as you can with any network connection.

What have you accomplished by bridging the connections? Now the computers on both network segments can communicate with one another, and computers on one segment can connect to the Internet through a shared connection on the other segment.

Modifying, disabling, and removing the bridge
To disable the bridge, right-click its icon and choose Disable from the context menu. If you remove one or more of the network adapters that are part of the bridge, and there is only one adapter left, the bridge will keep using your system resources even though it is not serving any useful function, until you disable it. To remove a connection from the bridge, right-click the connection’s icon (not the bridge icon) and select Remove From Bridge.

Tip

If you disable or remove the bridge, computers on different network segments may not be able to communicate with one another, and computers on the “wrong side” of the bridge may lose their connections to the Internet.

Troubleshooting bridge problems
If you are unable to create a network bridge, check the following:

  • You must be logged on as a member of the administrator’s group to create, modify, or remove the bridge.
  • Be sure that ICF and ICS are not enabled on the connections you are trying to bridge.
  • Group Policy settings must not prohibit the installation, configuration, and use of the network bridge. These settings are in the Computer Configuration\Administrative Templates\Network\Network Connections node of the local computer GPO. The settings are “location aware,” which means they apply only if you’re connected to the same network from which the settings were obtained. When the settings are enabled, the network bridge service won’t run, and the option to bridge connections won’t appear in the context menu. For more information about how Group Policy affects Windows XP networking features, see Microsoft’s online document “Using Group Policy Settings with Windows XP Home Networking Features.”
  • The computer on which the bridge is created must stay on in order for the bridge to work. If that computer is turned off, the network segments will no longer be connected.

Summary
The network bridge, a handy new feature in Windows XP, can save you the cost of buying additional hardware devices and the hassle of configuring routing on your network when you need to connect two or more segments that use different types of network media. Bridging connections is easy—in fact, so easy that the Network Setup Wizard sometimes creates unwanted bridges. XP’s Network Bridge software can use traditional layer 2 bridging or, if the network adapters don’t support the promiscuous mode that is needed, it can use layer 3 bridging that relies on IP addresses and ARP.