Address
304 North Cardinal St.
Dorchester Center, MA 02124
Work Hours
Monday to Friday: 7AM - 7PM
Weekend: 10AM - 5PM
Are You Switching or Bridging? (Why Linux Blurs the Line)
If you search for “switch vs bridge vs router”, you’ll find hundreds of articles explaining the differences.
And almost all of them are technically correct.
And almost all of them are useless once you touch a modern Linux-based router.
Because in Linux, the line between switching and bridging is not just blurry — it is intentionally merged.
The Classic Explanation (And Why It Breaks)
The textbook definition says:
- A switch is a hardware device that forwards Ethernet frames
- A bridge is a software construct that does the same thing
- A router connects different networks (Layer 3)
That’s fine — in isolation.
But modern Linux networking doesn’t follow this clean separation anymore.
Linux Only Has One Model: The Bridge
In modern Linux (especially with DSA), everything revolves around the bridge.
br-lan ├── lan1 ├── lan2 └── wlan0
This looks like software glue — but it’s actually the central networking model.
Linux does not expose a “switch API”.
Instead, it says:
“Describe your Layer 2 topology using a bridge.”
So Where Is The Switch?
The switch still exists.
It’s just no longer the thing you configure directly.
With DSA:
- the switch is represented as normal interfaces (lan1, lan2…)
- the bridge defines connectivity
- the hardware executes forwarding
This leads to a surprising conclusion:
You are always configuring a bridge — even when you think you are configuring a switch.
The Illusion of Software Switching
At first glance, it looks like Linux is doing everything in software.
But when things are working correctly:
- MAC learning happens in hardware
- forwarding happens in hardware
- the CPU is mostly bypassed
The bridge is not forwarding packets.
It is describing how they should be forwarded.
When The Illusion Breaks
The illusion disappears when something cannot be offloaded.
For example:
- complex firewall rules
- unsupported VLAN setups
- deep packet inspection
Now traffic goes through the CPU — and suddenly your “switch” behaves like a very slow software bridge.
This is where many users think:
“Linux networking is slow.”
It isn’t.
You just fell off the hardware fast path.
Why This Matters More Than You Think
Misunderstanding this model leads to:
- broken configurations
- unexpected performance drops
- endless tweaking of the wrong layer
Especially on small routers, where CPU resources are limited, staying in the hardware path is critical.
RouterWRT’s Take: Stop Fighting The Model
Instead of exposing every possible configuration, RouterWRT takes a different approach:
- use the bridge as the single source of truth
- ensure configurations are offload-friendly
- avoid unnecessary abstractions
The goal is simple:
Make the “right” configuration also the fast one.
Conclusion
The question “switch vs bridge” made sense when hardware and software were separate worlds.
In modern Linux networking, they are not.
The bridge is the control plane.
The switch is the dataplane.
And if everything is configured correctly, they work together so seamlessly that you don’t notice the difference.
Until you do.
Understanding that boundary is the difference between a network that just works — and one that constantly fights you.
