Patent Grant
7817633
This application is related to U.S. patent application Ser. No. 11/324,159, entitled “METHOD OF PROVIDING VIRTUAL ROUTER FUNCTIONALITY,” filed Dec. 30, 2005; U.S. patent application Ser. No. 11/324,209, entitled “MAC ADDRESS DETECTION DEVICE FOR VIRTUAL ROUTERS,” filed Dec. 30, 2005; and U.S. patent application Ser. No. 11/324,205, entitled “METHOD OF EXTENDING DEFAULT FIXED NUMBER OF PROCESSING CYCLES IN PIPELINED PACKET PROCESSOR ARCHITECTURE,” filed Dec. 30, 2005, each of which is hereby incorporated by reference herein as though set forth in full.
1. Field of the Invention
This application relates generally to networking devices, and, more specifically, networking devices that present different virtual router configurations to different end users, classes of service or packets.
2. Related Art
Virtual router functionality refers to the capability of the same physical networking device of presenting different virtual router configurations to different end users, classes of desired service, or packets. As a result of this capability, the same physical device appears as a plurality of different virtual routers.
Current networking devices provide virtual router functionality through certain virtual identifiers, for example, VLAN and virtual port fields, which may be obtained or derived from information in an incoming packet. More specifically, current devices perform core virtual router functions responsive to these virtual identifiers. In fact, the VLAN field, which designates a virtual LAN, a collection of network elements that may be physically disparate but are logically related such that they may be considered part of the same LAN for OSI layer two routing/switching purposes, impacts almost every core virtual router function. Similarly, the virtual port field, which is the combination of the VLAN field and the ingress port field, also impacts other core virtual router functions.
This approach worked fine as long as network usage or standards remain static, and changes in the virtual identifier type and format occurred infrequently. However, in current TCP/IP or UDP/IP networks, where network usage and standards are dynamic and constantly evolving, the approach is problematic as changes in virtual identifier type or format, for example, VLAN type or format, occur frequently. Recently, for example, a 24-bit “super” VLAN field, the ESID field, was recognized as a valid Ethertype, marking an addition to the 12-bit VLAN field that had existed before. Therefore, with the current approach, the device has to be entirely retooled on a relatively frequent basis in order to provide the same virtual router functionality as before.
Another problem with the current approach is that it is not scaleable with an increase in the number of VLANs that may need to be accommodated. In the current approach, for example, an increase in the size of the VLAN field to allow for an increase in the number of VLANs multiplies in direct proportion the number of virtual port state tables, i.e., a tables indicating the state of each virtual port in the router, as well as other resources, that need to be maintained.
The invention provides a method of providing virtual router functionality to a packet responsive to one or more abstracted virtual identifiers. The method occurs in a networking device having a router core. The one or more abstracted virtual identifiers are abstracted from one or more virtual identifiers derived from the packet, thus insulating the router core from changes in the one or more virtual identifiers.
The method begins when a packet is received having a VLAN field. Upon receipt of the packet, a key is formed from the VLAN field and at least one additional packet field, for example, a VMAN field.
The key is then mapped into an abstracted virtual identifier using an indirection mapping process. According to this indirect mapping process, a table having a plurality of entries, each having a content value and an index value, is accessed to locate an entry having a content value that matches the key. The index value of the matching entry is then mapped into the abstracted virtual identifier using an associated data store element.
One or more core virtual router functions are then performed responsive to the abstracted virtual identifier. For example, in the case where the abstracted virtual identifier is an abstracted VLAN, the core functions might include one or more of the foregoing: qualifying OSI layer two MAC addresses using the AVID, limiting OSI layer two broadcast domains using the AVID, performing OSI layer three redirection using the AVID, performing router MAC address detection using the AVID, or classifying and forwarding the packet responsive to the AVID.
Other systems, methods, features and advantages of the invention will be or will become apparent to one with skill in the art upon examination of the following figures and detailed description. It is intended that all such additional systems, methods, features and advantages be included within this description, be within the scope of the invention, and be protected by the accompanying claims.
The invention can be better understood with reference to the following figures. The components in the figures are not necessarily to scale, emphasis instead being placed upon illustrating the principles of the invention. Moreover, in the figures, like reference numerals designate corresponding parts throughout the different views.
a illustrates an example of a key format, and
Referring to
As previously explained, the VLAN field 106 designates a virtual LAN, a collection of network elements that may be physically disparate but are logically related such that they may be considered part of the same LAN for OSI layer two routing/switching purposes. Presently, the primary usage of the VLAN terminology is to uniquely identify logically related end user equipment within a VMAN (see below).
The VMAN field 108 designates a virtual metropolitan network, a collection of network elements that may be physically disparate but are logically related such that they may be considered part of the same network. Although the term originally applied only to metropolitan networks, that usage has evolved such that the term is now used to designate any network, metropolitan or non-metropolitan. In fact, as VMAN usage has proliferated, that term is now used primarily by service providers to designate logically related infrastructure equipment. At the same time, as explained above, the VLAN terminology is now primarily used to uniquely identify logically related end user equipment within a VMAN. Significantly, as a VLAN value uniquely identifies a VLAN within a VMAN, the same VLAN value may not be used to refer to different end user equipment within a VMAN.
The ingress port number 110 is an identifier of the physical port on which the packet was received at the device.
Returning to
The method begins when key generation logic 112 forms a key from the VLAN 106, VMAN 108 and ingress port 110 fields. In the particular embodiment illustrated, the key is formed by concatenating these three fields together, although it should be appreciated that other methods of forming the key are possible. Thus, for example, in one embodiment, an incoming packet received over ingress port X, having a VLAN of Y, and a VMAN of Z, has a key 200 formatted as illustrated in
Concurrently, in one embodiment, the ingress port 110 is input to a port state table (PST) 114 to determine a key type 116. In this embodiment, the key type functions as a mask, by indicating which of the three fields of the key are to be wildcarded, i.e., ignored in the subsequent processing, and which are to be used. In this particular embodiment, each of the three fields can be independently wild-carded or not. Thus, for example,
In the embodiment illustrated in
Moreover, as will be discussed in greater detail below, in the case where a ternary CAM is used to perform the indirection mapping process, whereby the key is indirectly mapped into a virtual router identifier, the just discussed key type generation and key masking processes are unnecessary as individual fields in the content values corresponding to the ternary CAM entries can be wildcarded, i.e., set as don't care values. In the case where a binary CAM is used to perform the indirection mapping process, the just discussed key type generation and key masking processes should generally be retained.
Referring again to
In the second step, the index value 122 of the matching entry 120b is mapped into the VRID 102, the AVPT 130 and the AVID 132 using an associated data store element 124. The associated data store element 124 has a plurality of entries 124a, 124b, each having an index value and a content value. In one embodiment, the mapping is performed by selecting the entry in the associated data store element 124 whose index value matches the index value 122 for the matching entry in the table 120. In the particular example illustrated in
In one implementation, the table 120 is stored on a CAM, and the first step of the two-step process occurs by having the CAM search for and locate the entry 120b whose content value matches the key 118. In the case where the CAM is a binary CAM, i.e., a CAM where each bit in the content value of an entry can only take on the binary values “0” and “1,” the previously described key type generation and masking processes should generally be performed as these functions are not available through the CAM. However, in the case where the CAM is a ternary CAM, i.e., a CAM where each bit in the content value of an entry can take on the binary values “0” and “1,” but also a “don't care” value, the previously described key type generation and masking processes are optional as these functions may be performed through suitable settings of the content values of the CAM entries.
In a second implementation, the table 120 is stored in RAM, and the first step of the two-step process occurs by applying a hash function to the key 118 to determine a table index for a starting entry, and then searching the table 120, beginning with the starting entry, to locate the entry 120b whose content value matches the key 118.
The AVPT 130 and AVID 132 are then each used to support one or more core router functions. Considering first the AVPT 130, that identifier is used to perform a spanning tree lookup operation for the virtual port. As is known, according to the spanning tree protocol, a software agent continuously detects for loops at the OSI layer two level. Upon detecting such a loop, the agent disables selected ports in the loop so prevent endless cycling of packets through the loop at the OSI layer two level. The spanning tree state of a port is the state whereby the port is either “on” or “off,” i.e., disabled, as determined by the software agent. The state can change over time. If for example, a port in a loop becomes disabled for a reason independent of spanning tree loop detection, it may be necessary to enable a port in the loop that was previously disabled as result of spanning tree loop detection. Thus, this state can dynamically change over time. Moreover, depending on the protocol, the state can be maintained for each physical port, or each virtual port.
In one embodiment of the subject invention, the state is maintained for each abstracted virtual port in virtual port state table (VPST) 140. To access the VPST 140 to determine the spanning tree state for the abstracted virtual port identified by the AVPT 130, logic 138 generates an address in the VPST 140 for the particular entry in the VPST 140 that holds the state for that abstracted virtual port.
Logic 112 forms the address from the combination of the physical ingress port 110 and AVPT 130, allowing a separate state to be maintained for each VLAN to which the physical port is assigned. In this particular embodiment, the combination of the AVID 132 and the ingress port 110 was not used, as the latter might result in a VPST 114 that is wasteful of memory. In particular, an address formed from the combination of the AVID 132 and the ingress port 110 was not used in this embodiment because it assumes each port is assigned to the same number of VLANs, an assumption that might not always hold true.
For example, in the case of a port that is an uplink, it may be desirable to assign the port to a greater number of VLANs than to other ports. If the addressing required the same number of VLANs to be assigned to each physical port as to an uplink, vast portions of the VPST 138 would be wasted. Therefore, in the embodiment illustrated in
Another input to logic 138 is an indication, on signal line 134, of whether the ingress port 110 is an uplink or not. In the embodiment illustrated in
Once the address is determined, an access in made to VPST 140 to determine the spanning tree state of the abstracted virtual port identified by the AVPT 130. If the state is “on,” the packet is allowed to be forwarded to its destination. If the state is “off,” the packet is either killed or else sent to a CPU host or some other default destination for diagnostic purposes.
Turning back to
Second, the AVID 132 may be input to VLAN State Table (VST) 142, and thereby determine the quality of service (QoS) measure typically by that table and assigned to the packet.
Third, the AVID 132 may be used in support of other core virtual router functions performed by logic 144, for example, qualifying OSI layer two MAC addresses; limiting OSI layer two broadcasting or flooding domains; performing OSI layer three indirection; and performing router MAC address detection.
The foregoing embodiment overcomes the problems identified at the outset with the conventional approach for providing virtual router functionality.
First, the embodiment is flexible, easily accommodates changes in network usage or standards, and insulates the router core from these changes. Consider, for example, the recent addition of a super-wide (24 bit) VLAN field, i.e., the ESID field, to the list of permissible Ethertypes.
Second, the embodiment is scaleable as an increase in the number of possible VLANs would not necessarily require a commensurate increase in size of the VPST 140, or other resources, that are maintained. Instead, many different key values could be mapped into the same AVID through appropriate settings of the index values associated with the entries 120a, 120b, 120c in the table 120. For example, in
Third, the embodiment better handles sparse mappings as large number of possible VLANs would not necessarily require a commensurate size of the VPST 140, or other resources, that are maintained. Instead, as discussed, many different key values could be mapped into the same AVID through appropriate settings of the index values associated with the entries 120a, 120b, 120c in the table 120.
Step 306 comprises the two-step indirection mapping process, wherein the first step involves searching or having performed a search through table 120, which may or may not be stored on a CAM, to find the entry 120b whose content value matches the key 118, and the second step involves locating the entry 124b in the associated data store 124, typically a RAM, whose index value matches the index value 122 of the matching entry in the table 120.
Step 308 comprises outputting the AVPT 130 and AVID 132. In
Steps 306 and 308 are performed by logic 126 (illustrated in
Step 310 comprises performing one or more core router functions responsive to the AVPT 130 and/or AVID 132. As discussed, this step is perform by one or more of the logic 128, 138, 140, 142, and 144 illustrated in
The ingress portion 406 of the packet classification/forwarding system 402 is coupled, through interface 418, to one or more network-side devices 414, and the egress portion 408 of the packet classification/forwarding system 402 is coupled, through interface 420, to one or more switch-side devices 416. Similarly, the ingress portion 410 of the packet modification system 404 is coupled, through interface 422, to the one or more switch-side devices 416, and the egress portion 412 of the packet modification system 404 is coupled, through interface 423, to the one or more network-side devices 414.
In addition to the ingress and egress portions 406, 408, the packet classification system 402 further comprises a first packet parser 104 (the same packet parser 104 illustrated in
Parser 104 is configured to parse an ingress packet and provide context pointers to the beginning of the packet layers, for example, pointers to the beginning of OSI layers 2, 3, and 4.
Packet processor 428 is configured to classify and forward the packet, responsive to the context pointer provided by parser 104.
Content Addressable Memory (CAM) 442 is used by the packet classification/forwarding system 402 to perform packet searches to arrive at a classification/forwarding decision for a packet. The CAM 442 may be ternary, binary, or combinations of binary and ternary.
The associated RAMS (ARAMs) 444a, 44b provide associated data for each entry in the CAM 442. The ARAMs 444a, 444b are accessed using the address (index value) returned by the CAM 442 as a result of a search operation. The ARAM 444a, 444b entry data is used to supply intermediate classification/forwarding information for the packet that is used by the packet processor 428 in making a final classification/forwarding decision for the packet.
The table 120, which may or may not be stored on a CAM, and the associated data store 124, which collectively may be referred to as a Virtual Router Indirection Mapper (VRIM), are the same elements previously discussed in relation to
In addition to the ingress and egress portions 410, 412, the packet modification system 404 further comprises a second packet parser 430 for parsing an egress packet, modification processor 432, a fragment processor 436, a third packet parser 436, Access Control Logic (“ACL”) 438a, and L3/L4 checksum logic 438b.
Parser 430 is configured to parse an egress packet and provide context pointers to the beginning of the packet layers, for example, pointers to the beginning of OSI layers 2, 3, and 4.
Modification processor 432 modifies some or all of an egress packet responsive to the context pointers provided by parser 430, in the process disassembling the packet into fragments. Fragment processor 436 re-assembles the fragmented packet.
The modification RAMs (“MRAMs”) 448a, 448b provides data and control structures for packet modification operations performed by the modification processors 432a, 432b.
Parser 436 is configured to parse the reassembled packet and provide context pointers to the beginning of the packet layers, for example, pointers to the beginning of OSI layers 2, 3, and 4.
ACL logic 438b arrives at an ACL decision with respect to a packet, such as CPU copy, mirror copy; and kill, responsive to the parsed packet layers provided by parser 436. The CPU copy action forwards a copy of the packet to a host 438 coupled to the system. The mirror copy action implements an egress mirroring function, in which a copy of the packet is forwarded to mirror FIFO 440 and then on to the egress portion 408 of the packet classification/forwarding system 402. The kill action either kills the packet or marks it for killing by a downstream Medium Access Control (MAC) processor.
L3/L4 checksum logic 438b is configured to compute a checksum for a modified packet. In one embodiment, logic 438b is configured to independently calculate a layer three (IP) and layer four (TCP/UDP) checksum.
In one implementation, the interfaces 418, 420, 422, 424, and one or more of the CAM, VRIM, ARAM, or MRAM interfaces (not identified, may be a QDR- or DDR-type interface as described in U.S. patent application Ser. No. 10/655,742, filed Sep. 4, 2003, which is hereby fully incorporated by reference herein as though set forth in full.
In one embodiment, the logic elements of
In a second embodiment, the logic elements of
While various embodiments of the invention have been described, it will be apparent to those of ordinary skill in the art that many more embodiments and implementations are possible that are within the scope of this invention. Accordingly, the invention is not to be restricted except in light of the attached claims and their equivalents.
| Number | Name | Date | Kind |
|---|---|---|---|
| 5072443 | Hahne et al. | Dec 1991 | A |
| 5282270 | Oppenheimer et al. | Jan 1994 | A |
| 5764636 | Edsall | Jun 1998 | A |
| 5852607 | Chin | Dec 1998 | A |
| 5923660 | Shemla et al. | Jul 1999 | A |
| 5999518 | Nattkemper et al. | Dec 1999 | A |
| 6034957 | Haddock et al. | Mar 2000 | A |
| 6172980 | Flanders et al. | Jan 2001 | B1 |
| 6173333 | Jolitz et al. | Jan 2001 | B1 |
| 6198741 | Yoshizawa et al. | Mar 2001 | B1 |
| 6208649 | Kloth | Mar 2001 | B1 |
| 6275861 | Chaudri et al. | Aug 2001 | B1 |
| 6295299 | Haddock et al. | Sep 2001 | B1 |
| 6351801 | Christie et al. | Feb 2002 | B1 |
| 6381242 | Maher, III et al. | Apr 2002 | B1 |
| 6384750 | Brown | May 2002 | B1 |
| 6457058 | Ullum et al. | Sep 2002 | B1 |
| 6463067 | Hebb et al. | Oct 2002 | B1 |
| 6515963 | Bechtolsheim et al. | Feb 2003 | B1 |
| 6553002 | Bremer et al. | Apr 2003 | B1 |
| 6570877 | Kloth et al. | May 2003 | B1 |
| 6631465 | Chen et al. | Oct 2003 | B1 |
| 6658002 | Ross et al. | Dec 2003 | B1 |
| 6738892 | Coon et al. | May 2004 | B1 |
| 6763023 | Gleeson et al. | Jul 2004 | B1 |
| 6765881 | Rajakarunanayake | Jul 2004 | B1 |
| 6862280 | Bertagna | Mar 2005 | B1 |
| 6871262 | Oren et al. | Mar 2005 | B1 |
| 6882642 | Kejriwal et al. | Apr 2005 | B1 |
| 6888797 | Cao et al. | May 2005 | B1 |
| 6914905 | Yip | Jul 2005 | B1 |
| 6917617 | Jin et al. | Jul 2005 | B2 |
| 6957258 | Maher, III et al. | Oct 2005 | B2 |
| 6975581 | Medina et al. | Dec 2005 | B1 |
| 6976158 | Catherwood et al. | Dec 2005 | B2 |
| 6980552 | Belz et al. | Dec 2005 | B1 |
| 6999462 | Acharya | Feb 2006 | B1 |
| 7062398 | Rothberg | Jun 2006 | B1 |
| 7062641 | Devanagondi et al. | Jun 2006 | B1 |
| 7079407 | Dimitrelis | Jul 2006 | B1 |
| 7111101 | Cox | Sep 2006 | B1 |
| 7139271 | Parruck et al. | Nov 2006 | B1 |
| 7152191 | Kessler et al. | Dec 2006 | B2 |
| 7190696 | Manur et al. | Mar 2007 | B1 |
| 7212837 | Calhoun et al. | May 2007 | B1 |
| 7248584 | Hooper | Jul 2007 | B2 |
| 7248585 | Kohn et al. | Jul 2007 | B2 |
| 7274693 | Kloth et al. | Sep 2007 | B1 |
| 7296100 | Venkatesh et al. | Nov 2007 | B1 |
| 7304996 | Swenson et al. | Dec 2007 | B1 |
| 7444405 | Gangadharan | Oct 2008 | B2 |
| 7487938 | Brady et al. | Feb 2009 | B2 |
| 7515589 | Bacher et al. | Apr 2009 | B2 |
| 20010025315 | Jolitz | Sep 2001 | A1 |
| 20020191605 | Lunteren et al. | Dec 2002 | A1 |
| 20030069973 | Ganesan et al. | Apr 2003 | A1 |
| 20030152075 | Hawthorne et al | Aug 2003 | A1 |
| 20030154380 | Richmond et al. | Aug 2003 | A1 |
| 20030193949 | Kojima et al. | Oct 2003 | A1 |
| 20030214956 | Navada et al. | Nov 2003 | A1 |
| 20040003110 | Ozguner | Jan 2004 | A1 |
| 20040015683 | Emma et al. | Jan 2004 | A1 |
| 20040100956 | Watanabe | May 2004 | A1 |
| 20040205753 | Moore | Oct 2004 | A1 |
| 20040246981 | He et al. | Dec 2004 | A1 |
| 20040258062 | Narvaez | Dec 2004 | A1 |
| 20050074009 | Kanetake et al. | Apr 2005 | A1 |
| 20050198362 | Navada et al. | Sep 2005 | A1 |
| 20050226242 | Parker | Oct 2005 | A1 |
| 20060007917 | Saito et al. | Jan 2006 | A1 |
| 20060039374 | Belz et al. | Feb 2006 | A1 |
| 20070153808 | Parker et al. | Jul 2007 | A1 |
| 20080222094 | Cox | Sep 2008 | A1 |
| Number | Date | Country |
|---|---|---|
| WO 03081857 | Oct 2003 | WO |
