4

I know hubs are a thing of the past, but I'd like to know if my reasoning is correct and accurately describes how things worked 30+ years ago. Assume we have a classic two-port bridge, a hub connected to one port of the bridge, and at least two hosts connected to the hub. Initially, the bridge has an empty MAC table. When host A sends a frame with a destination MAC address of host B (both connected to the same hub), the frame reaches the hub which propagates the frame through all its ports other than the one it was received on. As a consequence, the frame reaches all hosts connected to the hub and also the bridge port to which the hub is connected. The bridge adds a mapping to its MAC table between the port to which the hub is attached and the source MAC address of the host A. Next, because the bridge doesn't know the egress port for the host B (it has no way of knowing hosts A and B are behind a common hub) it's forced to flood its other port with the frame directed to host B.

The problem I see with this approach emerges when one of the hosts behind the hub (say, B) keeps receiving frames from other hosts connected to the same hub, but it never sends any frames itself. Consequently, the bridge never sees any traffic from B and has no chance to associate its port with B's source MAC address which means all the traffic directed to B needlessly passes to the other side of the bridge every time which kind of defeats the purpose of the bridge as a traffic filtering device. Am I right that the only way for the bridge to start filtering traffic between its ports in this case is that it receives at least one frame from each host behind the hub? This will enable the bridge to map source MAC addresses of all the hosts behind the hub to its ingress port. Now, when a new frame gets sent from any host behind the hub, it reaches the bridge, which then consults its MAC table and learns that the destination MAC address is associated with the ingress port. Because the destination MAC address has been found in the table, the bridge won't flood its other port. Because the egress port turns out to be the ingress port, the frame won't be sent back and will get dropped instead as it should.

Is my description right? If it is, wasn't this kind of behaviour problematic, especially with multi-port hubs and/or daisy-chained hubs on both ends of a bridge and unequal distribution of traffic between hosts? Unless there's something very wrong with my reasoning, for such configurations a bridge started to act as a full-fledged bridge (i.e. filtered traffic between its ports) only after it saw at least one frame from every host behind every hub. Was this initial traffic somehow forced or was there simply an assumption that eventually every host would send something and nobody cared when exactly this would happen?

Improve this question
3
  • Is host B deliberately configured to not-reply ever (ie, its in monitor mode), or is there a multi-minute window when it simply has nothing to send ? Commented Nov 5, 2025 at 20:11
  • @Criggie It was a theoretical question, I just thought about a situation where host B wouldn't have anything/would be unable to send for a long time. Commented Nov 7, 2025 at 7:04
  • That's the downside of theoretical what-if questions - there's always going to be some traffic, or its time for an arp request.. The monitor port is the only situation where traffic won't eventually be sent. A port that doesn't send, and doesn't reply to arp is broken and won't work anyway. Commented Nov 7, 2025 at 9:44

1 Answer 1

Reset to default
8

when one of the hosts behind the hub (say, B) keeps receiving frames from other hosts connected to the same hub, but it never sends any frames itself

That's a general problem with or without a hub. Having no chance to learn B's MAC address as source, a bridge/switch would need to keep flooding frames with B as destination.

we end up with a perpetual single collision domain

No, we don't. A collision domain has nothing to do with flooding unknown MACs. The collision domain in your case ends at the switch port the repeater hub is connected to. The switch buffers frames and therefore separates collision domains (which are only present on ports in half-duplex mode).

the only way for the bridge to start filtering traffic between its ports in this case is that it receives at least one frame from each host behind the hub?

Yes, absolutely. Note that almost all scenarios require hosts to send frames rather early on after system or link up - DHCP, ARP, ...

Because the egress port turns out to be the ingress port, the frame won't be sent back and will get dropped instead as it should.

Yes, with 'destination port' rather than 'egress port'. 'Egress' implies sending rather than filtering.

wasn't this kind of behaviour problematic?

Not pratically, see above. Also, separation of collision domains is not directly connected to self-learning bridges. A hypothetical 'dumb' bridge without a port-MAC table could separate collision domains but would keep flooding all received frames all the time. You could simulate this using a switch configured with a zero-sized MAC table or a zero MAC-aging timer.

The main difference is that a repeater works on a bit-by-bit level. If there is a collision downstream (on an egress port) it must propagate that collision backwards to the ingress port since there's no buffer to save the frame in and the sender needs to be notified that its sending attempt failed. Furthermore, a repeater doesn't even know what a frame is.

A bridge or switch works on a frame-by-frame level. It receives a frame and then decides what to do with it. Any collision on an egress port doesn't need to be propagated back as the frame is still in the buffer and continues to be until it has been successfully sent out. A very simple bridge could mimic a repeater and flood every received frame to any other port, without looking at the MAC addresses. It would separate collision domains but couldn't optimize traffic in any way.

Since buffering requires some basic logic, we could use a bit more of that logic to implement a self-learning, intelligent bridge that learns sources and uses destinations to stop flooding and only forward a frame where it is needed. That is what nearly all bridges and all switches do.

Was this initial traffic somehow forced or was there simply an assumption that eventually every host would send something and nobody cared when exactly this would happen?

It's rather the other way around: a node starting up or activating a link is extremely likely to send something - a DHCP discovery, ARP request for its gateway or DNS server, some peer discovery or advertisement. That creates an excellent opportunity to have a bridge learn its MAC table automatically, so that's how it went.

Improve this answer
6
  • I conflated "collision domain" with "filtering/separation of traffic between ports of a bridge". You're right that there's no meaningful distinction between how things worked with and without hubs. For a moment I thought I came up with a case where the difference mattered, but it's just that my intuition played tricks on me - a bunch of hosts behind a single hub seemed somewhat more "wrong" to pass traffic to the other side of the bridge when communicating solely among themselves that if each host were connected directly to a switch. Commented Nov 4, 2025 at 14:16
  • 1
    All good, that's what questions are for. Please don't change your question substantially as then the answer wouldn't fit very well any more. I took the liberty to shorten your answer to convert it to a comment as I think that was the intention. Commented Nov 4, 2025 at 14:45
  • "a node starting up or activating a link is extremely likely to send something - a DHCP discovery, ARP request for its gateway or DNS server" - yes, and, conversely, a host that sends some packets to a given MAC address and doesn't ever get any response will probably stop sooner or later (eg because the connection attempt times out, or the ARP table entry ages out, etc...) Commented Nov 5, 2025 at 10:53
  • 2
    And even beyond the initial start up, a host receiving traffic is very unlikely to never respond: ARP requests will yield ARP replies, TCP connections will result in ACKs or RSTs, etc. It would be an extremely unusual setup where the host receives frames and never sends anything either before or after. Commented Nov 5, 2025 at 12:39
  • 1
    @jcaron: I've heard of that happening with dedicated UDP syslog servers in particular. Commented Nov 5, 2025 at 12:48

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.