In an Ethernet network, packets coming in and out of a broadband gateway or bridge need to be properly routed.
One way to achieve this is simply to use an Ethernet switch to direct packets to and from the Ethernet ports. Incoming packets are directed to the correct destination port by the switch according to their Layer 2 (Data Link Layer or Medium Access Control (MAC) Layer) address. This arrangement has the advantage that the processing is simple and takes few cycles, as the switch just directs the packets automatically without processor involvement. However, security may be low as the switch may allow unauthorized packets to be passed from one Ethernet port to the other or elsewhere. The packet content itself is only checked by the higher layer protocol.
An alternative method involves the use of a separate Ethernet controller for each Ethernet port. In that arrangement, incoming packets must be processed by a central processor in order to be directed correctly. Although this arrangement is more secure as the processor has the flexibility to inspect the entire packet, it requires more processing power and time.