As follows, bridge mode and routing mode are very easy to distinguish.
1. A device that Traceroute can not see is a bridging device; otherwise, it is a routing device.
However, the above judgment method is not suitable for firewalls, and neither the bridge mode firewall nor the routing mode firewall can be found by traceroute.
2. The traffic ingress and egress of the bridging device are in the same network segment; the traffic ingress and egress of the routing device are not in the same network segment.
3. For those who look up the routing table to forward packets, the routing mode Routing table
The routing table is for the network layer forwarding service, and since the network layer is located at the third layer, the routing mode is also called the three-layer forwarding mode. Representatives include optical cats in routing mode and wireless routers. Wireless Router
Devices that do not use routing tables for packet forwarding are located below Layer 3, and typically work on Layer 2 devices such as Layer 2 switches, APs in bridge mode, etc. This bridging mode is also called the Layer 2 bridging mode. Of course, there are also bridge modes that work at the physical layer, such as signal amplifiers, hubshub
The routing mode works at three layers: the network layer, the IP layer, and Bridge mode works on the first or second layer, that is, the physical layer or the link layer.
There is also a NAT that does not answer. Generally speaking, only the route mode will support the NAT function. Bridge mode does not support the NAT function. NAT is actually a network layer proxy, working at three layers. For example, if your mobile phone uses mobile 4G and the mobile assigned IP = 10.8.8.8, and you use it to open a wireless hotspot, your mobile phone is the network layer proxy, and naturally, your mobile phone also works in routing mode. Network layer
Yes. Since your mobile phone is going to be an Internet proxy and the boss, it is natural to make arrangements for the connected little brother. The boss first starts the DHCP server and assigns the IP address.
The Internet parameters assigned by the boss DHCP to the younger brother:
- IP address = 172.16.1.100
- mask = 255.255.255.0
- gateway = 172.16.1.1
- DNS server = 172.16.1.1
So, the younger brothers can happily surf the Internet.
The story is over. If you don't explain it, some readers may not understand how the younger brothers get online.
The mobile phones of the younger brothers will dynamically generate a default route 0.0.0.0/0 pointing to 172.16.1.1 according to the above "gateway = 172.16.1.1". It means that all Internet traffic is sent to 172.16.1.1.
Who is 172.16.1.1?
Of course, the boss is the hot spot.
The boss receives the Internet traffic from the younger brothers, and after checking the routing table, can he send the Internet traffic of the younger brothers to the mobile base station?
Of course not. The IP used by my brother for Internet traffic is 172.16.1.100. If this traffic goes upstream to the central office, there is a high probability that it will be kicked. The central office only recognizes the boss's IP = 10.8.8.8, and will never recognize the younger brothers' 172.16.1.x.
In order to prevent the younger brothers from being kicked when the traffic is upstream, it is necessary to uniformly change the younger brothers' IP address from 172.16.1.x to the boss's IP address of 10.8.8.8. When the traffic goes down, it is replaced in the reverse direction. This is the NAT technology for address translation.
This combination of routing mode and NAT is very popular and common, in addition to:
- In routing mode, the light cat
- In router mode, a wireless router
- Enterprise-class routed-mode AP
- Virtual machine NAT mode
- NAT + Carrier Router
Why is the combination of "operator router + NAT" highlighted? The short story has an ending.
The boss modifies the IP address of the younger brothers' traffic to his own, that is, 10.8.8.8, and the traffic can enter the Internet.
dream
The traffic only enters the local area network of the operator. The boss uses 10.8.8.8. The scope of use is limited to the local area network and must not directly enter the Internet. And to get to the Internet, traffic must be routed to the carrier's Internet gateway.
At an Internet gateway, one interface is connected to the local area network and the other interface is connected to the Internet. Assuming that the Internet interface IP of the gateway is 2.2.2.2, the working principle is similar to that of the boss above. Replace 10.xxx with 2.2.2.2, and replace the transport layer port with your own (typical characteristics of the proxy). Then the traffic can enter the Internet. After all, the address 2.2.2.2 is a legal address in the eyes of the Internet giants (routers), and the polite ones will not be kicked and can freely reach any corner of the Internet.