What is a Network Bridge?

Updated on July 22, 2025

A network bridge is a Layer 2 (Data Link Layer) device that connects multiple network segments and forwards data based on Media Access Control (MAC) addresses. It learns the MAC addresses of devices on each segment and forwards frames only to the segment where the destination device is located, reducing unnecessary traffic.

Bridges play a key role in expanding and optimizing local area networks (LANs). They connect network segments transparently, allowing devices to communicate as if on the same physical network, with no configuration changes needed for end devices.

The bridge’s primary function revolves around MAC address learning and selective frame forwarding. This intelligent filtering reduces network congestion by ensuring that traffic only travels to segments where it’s actually needed, rather than flooding all segments with every frame.

JumpCloud’s simplified Cloud RADIUS solution gives you all the benefits of RADIUS with none of the traditional hassle.

See How it Works

Definition and Core Concepts

Understanding network bridges requires familiarity with several key networking concepts that define their operation and purpose.

Layer 2 (Data Link Layer)

Network bridges operate exclusively at Layer 2 of the Open Systems Interconnection (OSI) model. This layer handles frame formatting, error detection, and MAC addressing. Unlike routers that work at Layer 3 with Internet Protocol (IP) addresses, bridges make all forwarding decisions based on MAC addresses contained within Ethernet frames.

Network Segment

A network segment represents a portion of a network where devices share the same physical medium or collision domain. In traditional Ethernet networks, each segment typically consists of devices connected to the same hub or switch port. Bridges connect these separate segments to create a larger logical network.

MAC Address

Every network interface card (NIC) has a unique 48-bit MAC address assigned by the manufacturer. This address, also called a hardware address, enables Layer 2 communication between devices on the same network segment. Bridges use these addresses to make forwarding decisions without requiring any higher-layer protocol information.

Forwarding and Filtering

Forwarding describes the process of directing data frames from one network segment to another based on the destination MAC address. Filtering refers to the bridge’s ability to block unnecessary traffic from crossing between segments, improving overall network performance and security.

Learning Process

Network bridges build their knowledge through a learning process where they monitor traffic on all connected ports and record the source MAC addresses along with the port where each frame was received. This creates a dynamic forwarding table that enables intelligent traffic management.

Collision and Broadcast Domains

A collision domain encompasses all devices that compete for the same physical medium, where data collisions can occur. Bridges reduce collision domains by separating network segments. However, bridges extend broadcast domains, meaning broadcast traffic propagates across all connected segments.

Transparent Bridging

Bridges operate transparently, meaning they function without requiring configuration changes on end devices. Connected devices remain unaware of the bridge’s presence and communicate naturally across segments.

How It Works

Network bridges employ sophisticated mechanisms to manage traffic flow between connected segments through MAC address learning and intelligent forwarding decisions.

MAC Address Learning

When a bridge receives an Ethernet frame on any port, it examines the source MAC address and records this information in its MAC address table, also known as a forwarding table or Content Addressable Memory (CAM) table. The bridge associates each learned MAC address with the specific port where the frame was received.

This learning process occurs continuously as the bridge monitors all traffic. The MAC address table typically includes aging timers that remove entries after a predetermined period of inactivity, ensuring the table remains current as devices move or disconnect from the network.

Frame Reception and Processing

Upon receiving an Ethernet frame, the bridge extracts both the source and destination MAC addresses from the frame header. The source MAC address updates the learning table, while the destination MAC address determines the forwarding action.

The bridge then consults its MAC address table to determine the appropriate action for the frame based on the destination MAC address.

Forwarding and Filtering Decisions

The bridge follows specific rules when processing each frame:

• Known Destination: If the destination MAC address exists in the forwarding table and is associated with a different port than the ingress port, the bridge forwards the frame only out that specific port. This targeted forwarding reduces unnecessary traffic on other segments.
• Same Segment Destination: When the destination MAC address is associated with the same port where the frame was received, the bridge filters (drops) the frame. This filtering occurs because the frame has already reached its destination segment and doesn’t need to traverse the bridge.
• Unknown Destination: If the destination MAC address is not in the forwarding table, the bridge floods the frame out all ports except the ingress port. This flooding ensures the frame reaches its destination while allowing the bridge to learn the destination’s location when a response is received.

Collision Domain Reduction

By connecting separate network segments, bridges create individual collision domains for each segment. Traffic on one segment doesn’t interfere with simultaneous traffic on another segment, effectively multiplying the available bandwidth and reducing collision probability.

Broadcast Domain Extension

Unlike routers, bridges do not break up broadcast domains. Broadcast frames, multicast frames, and flooded unicast frames are forwarded to all connected segments, creating a single large broadcast domain spanning all bridged segments.

Key Features and Components

Network bridges incorporate several essential features that enable their Layer 2 forwarding capabilities and network integration functionality.

Layer 2 Forwarding

All forwarding decisions rely exclusively on MAC addresses within Ethernet frames. Bridges examine frame headers but do not process higher-layer protocols like IP, making them protocol-independent for Layer 3 and above.

MAC Address Learning Table

The forwarding table serves as the bridge’s core database, storing MAC address-to-port mappings. This table updates dynamically as the bridge observes network traffic, adapting to network changes without manual intervention.

Collision Domain Segmentation

Each bridge port creates a separate collision domain, reducing contention and improving performance on shared media networks. This segmentation allows multiple conversations to occur simultaneously across different segments.

Transparent Operation

Bridges require no IP addressing or configuration on end devices. They operate invisibly to connected devices, maintaining network functionality while providing performance benefits.

LAN Extension Capabilities

Bridges effectively extend LANs by connecting disparate segments into a single logical network. This extension allows organizations to expand their networks beyond the physical limitations of individual segments.

Use Cases and Applications

Network bridges serve various networking scenarios, from traditional LAN expansion to modern virtualization environments.

Connecting Legacy LAN Segments

Bridges historically connected separate Ethernet segments to create larger logical LANs. This application was particularly common when organizations needed to expand beyond the physical limitations of single collision domains.

Wireless Access Points

Modern wireless access points (APs) frequently function as bridges, connecting wireless clients to wired LAN infrastructure. The AP receives wireless frames from clients and forwards them to the wired network, and vice versa.

Virtual Bridging in Virtualization

Hypervisors use virtual bridges to connect virtual machines (VMs) to each other and to physical networks. These software-based bridges provide the same Layer 2 forwarding functionality as physical bridges but operate entirely within the hypervisor environment.

Home Networking Applications

Consumer networking equipment often incorporates bridging functionality. Some home routers and network extenders use bridging to connect different network segments or extend wireless coverage.

Network Reach Extension

Bridges can extend network reach by connecting segments separated by longer distances than single cables allow. This application enables organizations to span larger physical areas while maintaining Layer 2 connectivity.

Advantages and Trade-offs

Network bridges offer significant benefits but also present certain limitations that network administrators must consider.

Advantages

• Collision Domain Reduction: By creating separate collision domains for each segment, bridges improve network throughput and reduce frame collisions, particularly beneficial in shared media environments.
• Simple Installation: Bridges typically require minimal configuration and provide plug-and-play functionality for basic network expansion needs.
• Distance Extension: Bridges enable network connections across longer distances than single cable segments allow, expanding network reach without requiring Layer 3 routing.
• Traffic Segmentation: Intelligent filtering reduces network congestion by ensuring traffic only crosses segments when necessary, improving overall network performance.

Limitations and Trade-offs

• Broadcast Domain Expansion: Bridges do not segment broadcast domains, meaning broadcast storms can affect all connected segments. This limitation can create scalability challenges in large networks.
• Single Point of Failure: The bridge itself can become a bottleneck or single point of failure. If the bridge fails, communication between segments stops entirely.
• Limited Intelligence: Compared to routers, bridges lack the ability to make intelligent routing decisions between different IP networks or implement complex traffic policies.
• Loop Susceptibility: Redundant bridge connections can create switching loops that cause broadcast storms and network instability. This requires Spanning Tree Protocol (STP) implementation to prevent loops.
• Scalability Constraints: Large bridged networks can become unwieldy due to extensive broadcast domains and the overhead associated with MAC address learning across many segments.

Key Terms Appendix

• Network Bridge: A Layer 2 device that connects network segments and forwards traffic based on MAC addresses.
• Layer 2 (Data Link Layer): The OSI model layer handling frame formatting and MAC addressing.
• Network Segment: A network portion where devices share the same physical medium or collision domain.
• MAC Address: The unique 48-bit hardware address assigned to network interface cards.
• Forwarding: The process of directing network frames to their destinations.
• Filtering: Blocking unnecessary network traffic from crossing between segments.
• Learning: The process of building and maintaining the MAC address table.
• Collision Domain: A network segment where frame collisions can occur between competing devices.
• Broadcast Domain: A logical network area where broadcast traffic propagates.
• MAC Address Table: The bridge’s database storing MAC address-to-port mappings.
• Flooding: Sending frames out all ports except the ingress port when the destination is unknown.
• Spanning Tree Protocol (STP): A protocol preventing loops in bridged networks.
• Virtual Bridge: A software-based bridge used in virtualization environments.
• Access Point (AP): A wireless device that often functions as a bridge between wireless and wired networks.