I can't find any authoritative source that can concisely explain the difference between a bridge and a switch. As far as I can tell, most devices commonly referred to as "switches" fit the description of "bridge" as defined by the IEEE 802.1D standard. While it may be the case that a device can be both a bridge and a switch (perhaps "switch" is a subset of "bridge"?), I can only find "hand-wavy" explanations of the difference. The most commonly cited differences I have come across boil down to one of these two:
- Switches have many ports, bridges only have two (or some other small number)
- Switches perform forwarding in hardware, while bridges perform it in software
I'm unsatisfied with these answers because:
- The IEEE standards clearly don't state or assume that bridges will have only two ports. If anything, the assumption is that there will be many more than two ports. So this explanation is simply absurd. (Even Cisco attempts to pass this off as one of the differences).
- The IEEE standards seem to define "bridge" by what it does, not by how it does it. There's nothing in the standard that I could find that says bridging must or should be done in software. So a bridge that forwards in hardware would still be a bridge as far as the standard is concerned.
In fact, when I searched the IEEE 802.1D standard, there was no mention of the word "switch" at all. So "bridge" seems to be the technically correct term. However, since the word "switch" seems to be more commonly used (by far) I can't help but wonder if there is some actual differentiating factor. Or is this just a case of different words being used to describe the same thing?
References to sources would be especially appreciated.
EDIT: I should add that I am fully aware of the fact that bridges are not the same thing as repeaters.
You are correct. Actually, you can see a bridge with three ports in IEEE 802.1D standard. ( See Figure 7-1—A Bridged Local Area Network ).
Okay, I found this article: "The 10 Most Important Products of the Decade":
It sheds some light on the origin of the term "switch" and some quick quotes from the article will clarify several important points which cause endless confusion...
An ethernet switch is a multiport ethernet bridge. A bridge is a device that splits collision domains but not broadcast domains. A switch is simply a bridge with lots of ports. Other examples of bridges are wireless access points and dual speed hubs. I don't think implementation (store&forward vs fast forwarding, software vs hardware, 2 ports vs many ports etc) makes it difference in kind, only a difference in degree (ie faster bridge or more ports on a bridge, etc).
Ethernet was originally an "everyone sees all traffic" protocol. That's how traffic management happened -- if someone else is using the network, you wait until they're not; if two people try to use the network at the same time, both wait a random amount of time before attempting to use the network again. This was a "collision domain" or what people now call a "broadcast domain" because everything is switched and there are no more collisions (two simultaneous initiators of traffic).
A bridge, in this context, only forwards traffic to stations on the other side of the bridge if it has learned that that station is on the other side of the bridge. If it hasn't seen the target MAC, it will send it over the bridge (flooding) or if it is a broadcast / multicast, it will also send it over the bridge.
In ethernet, it is useful to remember how the technology was invented and deployed. First came shared media such as 10base5 and 10base2, both of which are coaxial cables that physically carry all traffic to all stations as an RF signal. Because vampire taps on 10base5 connections were expensive, people also used AUI repeaters that acted somewhat like hubs, but weren't. None of this equipment had any memory at all; the traffic went through or it didn't (and if it didn't the sender was expected to retransmit).
Only much later did people start using twisted pair and deploying ethernet 10baseT hubs. A common topology was to use 10base5 as a building backbone and 10baseT to some locations, and connect different 10base5 backbone networks to each other using bridges or repeaters, depending on the traffic patterns and local budgets.
I don't see any specific reason for confusion here - the standards refer to bridging and they define how bridging works, switches are generally just fast multi-port bridges - both are L2 devices that extend broadcast domains but limit collision domains. Cisco have a pretty good document on their view of the differences here.
For Ethernet, the term "switch" is a marketing term used to distinguish the hardware from a "hub". A switch provides dedicated bandwidth per port whereas the hub shares bandwidth among the ports. The term "switch" also usually implies that forwarding of known MAC addresses is done in hardware.
Bridging is a function that may be implemented by a switch. Back in the bad old days there used to be separate software-centric boxes called "bridges" but that function has pretty much been taken up by Layer 2 switches. In fact, with 802.1q there can now be multiple bridges in a single switch.
There is a pretty good explanation of how the terms got munged together here:
http://en.wikipedia.org/wiki/Network_bridge#Bridge_versus_Layer_2_switch
"Bridge" has a clear definition given by the standards, it is more a concept than an object, a bridge is "something that acts in a certain way" and the way is defined by the standard; no matter how many ports it has, if it does it in hardware or software, etc.
At the time networks where mostly "one collision domain per LAN" (think of the coax ethernet or of a network of machines attached to an hub) some industry did put on the market "an object which contained a bridge with as any ports as the number of physical interfaces it had", for an analogy with the telco terminology where this resembled much the behavior of a "telephone switchboard", and to distinguish it on the market from the existing habit to "put a bridge with two/few ports between two/few hubs" (which was very common at the time to split the collision domain in parts) ... they called it "switch".
Note that the term "switch" is commercial, it does not have a standard or formal definition. Note also how nowadays in a world with dot1q tagging, port aggregations, "layer 3 switches" (which are nothing else than "routers with many interfaces in marketing terminolgy :)"), etc ... what we call a "switch" can actually contain in formal network design terms several bridges, one or more routers, some hub, various hosts and other stuff; all packaged in a dedicated device.
A.
Bridge historically meant a device that forwarded packets between two types of media. Your typical wireless AP with built in ethernet port(s) would be the best example of that. Both the wireless and the wired side would be in the same broadcast and collision domain. There's no inspection, filtering, etc going on, just whatever shows up on one port goes to some other ports.
Switch is a bunch of ports of (usually) the same type. As far as hubs are concerned, I like the old name of 'repeaters' as they repeat a packet incoming on one port to all other ports on the hub. There's no media changing here, just simple repeating. The only difference between switches and hubs is that switches are more intelligent; they 'learn' MAC addresses answering on a particular port, so when a new packet comes in for that MAC addr, the packet gets forwarded there, and only there. A switch would blindly blast the packet to every other port on the hub. This is beneficial for both security and performance.
Then there's 'Layer 3 switches.' So far bridges, hubs, and regular switches were all Layer 2, but these guys are more intelligent yet. They actually inspect the IP headers (thus Layer 3), and can make decisions based on the information found in the IP headers. This is how all the routing, ACL's, and some simple filtering can be done at the switch level without needing a packet filtering firewall or a router.
So as you can see, theory is one thing, and what the products end up doing can be quite different, and make it difficult to keep track of all the little nuances.
Bridges were historically used to reduce the size of collision domain created by hubs, when people still used hubs that is.
Switches were just the next step which eliminated the collision domain completely.
The main differences in my opinion is bridges were not used for direct client access, a bridge would connect to hubs. Hubs provided direct client access.
This is my opinion. It is not about the number of ports. It is not about doing it in hardware/software. It is about which layer is being handled and what protocols. A bridge generally works at L2 and converts (bridges) between disparate protocols. A switch generally works at L2 and moves (switches) packets around for networks of the same protocol. For more info, read these articles.