When configuring a gateway for home use, you have the option to enable either bridge mode or pass-through mode. The choice between the two depends on your network configuration preferences. So, what is the bridge mode, and what is the pass-through mode?
Before we discuss bridge vs pass-through mode, we need to understand what a gateway is. In our previous article, we discussed gateway vs router and the differences between the two. A gateway is a device your ISP provides to you so that you can connect to the Internet. A gateway is a modem and router combo, which connects ISPs WAN (wide area network) to your home.
- A modem is a layer-2 device that converts the analog signal to digital (such as the cable modem and DSL) and delivers traffic to you without any filtering.
- A router is a layer-3 device that examines destination IP address, and either passes on to the adjacent network or discards it if it isn't.
What is a bridge mode?
An ISP provides you with a gateway which is a bundle of modem and router, and there are times when a customer may want to use their own router instead of the router built into the gateway. To accomplish this, an ISP may configure the gateway to a "bridge" mode, and pass the traffic through the gateway without performing the routing functions. By enabling the bridge mode, we're essentially disabling the router function (layer 3) and making the gateway function as a modem (layer 2). Since you're making the gateway a layer 2 device, you cannot assign a static IP address to your gateway in bridge mode. The network before the bridged gateway and after the gateway is in the same network.
As you're not filtering any traffic, you cannot use NAT feature in a bridge mode. However, you may still use the DHCP server functionality provided in most routers. Also, because you're disabling NAT on your gateway, you won't have a double NAT issue with the home router you may have connected to your gateway. A double NAT occurs when you have two devices requiring to be in the same LAN, but belonging to two different subnetwork due to having two routers. This is one of the primary reasons why you may want to place the gateway in bridge mode to avoid a double NAT issue.
Depending on the model of the gateway, you may be able to enable bridge mode yourself. Some ISPs choose to configure this themselves, and you may have to contact your ISP to make this change.
What is the IP pass-through mode?
IP pass-through works essentially the same as the bridged mode where customer can use their own router behind the ISP-provided gateway. However, in IP pass-through mode the signal is terminated (bridge mode signal is not terminated) at the gateway and allows the ISP to connect to the gateway with its own IP. The traffic will still pass through the gateway, and the ISP-provided public IP address will be assigned to the customer's router.
Some gateway vendors like 2wire call "IP Pass-through" as the DMZ Plus mode. This is because the entire network is set up as the passthrough to a DMZ node, and the untrusted Internet will be connected to a DMZ network.
What do gateways and routers do?
A gateway or a router allows you to connect your home network to a WAN, and the Internet. Together, gateways and routers enable devices within a local network to connect to and communicate with devices and services on the WAN. Gateways handle protocol translation and other network functions, while routers manage the forwarding of data packets between the LAN and the WAN, ensuring seamless connectivity between the two networks.
SD-WAN, or Software-Defined Wide Area Networking, is a technology that revolutionizes the management and operation of Wide Area Networks (WANs). By decoupling the networking hardware from its control mechanism, SD-WAN virtualizes the hardware and manages it through software. This approach simplifies network management, enhances scalability, and increases flexibility compared to traditional WAN setups. SD-WAN providers play a crucial role in enabling organizations to modernize their wide area network infrastructure, improve network performance, enhance security, and achieve greater agility and flexibility in managing their network resources.
Active Directory Integration and Authentication
In addition to configuring gateway modes like bridge or pass-through, another crucial aspect of network management, particularly in enterprise environments, involves integrating Active Directory (AD) authentication.
Active Directory, a service provided by Microsoft, serves as a directory service that authenticates and authorizes all users and computers within a network, providing a centralized platform for network management. In the context of gateway authentication, Active Directory integration enables seamless authentication processes, allowing users to access network resources using their AD credentials.
By leveraging Active Directory bridge authentication, organizations can extend their existing authentication infrastructure to gateways, ensuring that users adhere to network security policies and access controls. This integration streamlines user management processes, enhances security by enforcing uniform authentication standards across the network, and facilitates auditing and reporting functionalities.
Furthermore, Active Directory bridge authentication enhances user experience by eliminating the need for separate sets of credentials for accessing different network resources. Users can seamlessly authenticate themselves using their familiar AD credentials, irrespective of whether they are accessing internal network resources or external services through the gateway.
Integrating AD bridge and authentication into gateway configurations not only enhances security and compliance but also improves user productivity and simplifies network management processes, making it a vital component of modern network infrastructures.
How do you effectively manage your network?
Effectively managing your network is paramount for ensuring seamless operations and robust cybersecurity. Obtaining Microsoft certification for example will help organizations gain expertise in configuring, monitoring, and troubleshooting network resources, ensuring optimal performance and reliability. By leveraging Microsoft's comprehensive suite of tools and services, certified professionals can streamline network management tasks, automate routine processes, and proactively identify and address potential issues before they escalate.
Conclusion
The bridge mode and IP passthrough mode both provide similar functionality where entire traffic is pass-through the gateway and the public IP is assigned to the customer's router behind the gateway. The bridge mode does not terminate the traffic at the gateway while the IP passthrough does terminate the traffic at the gateway. In order for ISPs to connect to the gateway, the IP passthrough mode should be used instead of the bridge mode.
Share this post
Leave a comment
All comments are moderated. Spammy and bot submitted comments are deleted. Please submit the comments that are helpful to others, and we'll approve your comments. A comment that includes outbound link will only be approved if the content is relevant to the topic, and has some value to our readers.
Comments (1)
Good explanation.
Nov 27, 2021 at 10:24 AMStill, if the ISP is terminating at the gateway, then the data will have to be resent back into the pipeline to your router. I would think there would have to be some type of addressing recognition in order to handle this. It may not be NAT, but there has to be something to separate the data that the ISP doesnt want to go to the customer.
My system is a netgear "ATT" LTE router (MR-5100) that uses IP passthrough to my ASUS router. No matter how i configure it, the IP passthrough has NAT issues that slow the connection. When I use the LTE router instead of my ASUS, the connection is much faster and doesnt have NAT issues. Your explanation is the best I have seen on the internet, but still I would like to understand technically exactly what they are doing to the datastream when put into IP passthrough mode. It seems to be significantly different than a bridged device.