1. Technical Field of the Invention
The present invention generally relates to communications networks. More particularly, and not by way of any limitation, the present invention is directed to system and method for port mapping in switches of such networks.
2. Description of Related Art
In the past, it has been common communications network engineering practice to separate traffic belonging to different users using a router, which is a Layer 3 (“L3”) device by assigning each user to a different subnet identified by a unique L3 address. The router would then transmit each user's packets out through a port assigned to the user's subnet. In view of the fact that only a limited number of bits in the L3 address are used for the subnet mask, the number of subnets that may be addressed by a single router is limited.
It will be recognized that in a communications network, there are many users of the network who require that their traffic be kept absolutely separate from the traffic of other users. For example, an Internet service provider (“ISP”) will typically have many customers who want to connect to a server farm. Access to the ISP is through a router connected to a common external computer network, such as the Internet. This router must route each customer's traffic to that customer's local area network (“LAN”) in such a manner as to maintain security and privacy between the data of different customers. It is imperative that the ISP prevent traffic originating from one customer's server from being received by another customer's server. As previously indicated, a limitation in the use of subnets in this scenario is that there is only a limited number of subnets which can be defined from standard Layer 3 addresses. In modern computer network systems, this numerical limitation severely restricts the number of individual users that can be serviced and also have their data traffic maintained separately. Further, the management of a large number of subnets by a network manager quickly becomes burdensome, especially in the event that the network has thousands of customers whose packet traffic must be kept separate.
Another means by which users traffic may be kept separate is through use private Virtual Local Area Networks (VLANs) defined within a network switch, or bridge, which is a Layer 2 (“L2”) device. A private VLAN is a VLAN feature in which access ports of a switch are allowed to communicate only with certain designated router ports. The security implementation with a Private VLAN is conducted at the hardware layer and does not allow for any frame of any sort to pass between adjacent access ports within a Private VLAN. Private VLANs provide port-based security and isolation between ports within the assigned VLAN. Data traffic on downlink ports can only be forwarded to, and from, uplink ports. A deficiency of private VLANs is that they can be difficult to configure and may not provide a complete solution in some cases.
One embodiment is a method of implementing a port mapping technique in a switch of a communications network, wherein the switch includes a plurality of ports including user ports and network ports. The method comprises identifying a first portion of the ports as user ports; identifying a second portion of the ports as network ports; assigning a plurality of the user ports to a first session; and preventing user ports assigned to the first session from interacting with one another.
Another embodiment is a method of implementing a port mapping technique in a switch of a communications network, wherein the switch includes a plurality of ports. The method comprises identifying a first portion of the ports as user ports; identifying a second portion of the ports as network ports; assigning a plurality of the user ports to a first session; preventing user ports assigned to the first session from interacting with one another; and permitting the user ports assigned to the first session to interact with ports not assigned to the first session as long as none of the network ports is assigned to the first session.
Another embodiment is a system for implementing a port mapping technique in a switch of a communications network, wherein the switch includes user ports for connecting to user devices and network ports for connecting to network devices. The system comprises means for assigning a plurality of the user ports to a first session; and means for preventing user ports assigned to the first session from interacting with one another.
A more complete understanding of the present invention may be had by reference to the following Detailed Description when taken in conjunction with the accompanying drawings wherein:
Embodiments of the invention will now be described with reference to various examples of how the invention can best be made and used. Like reference numerals are used throughout the description and several views of the drawings to indicate like or corresponding parts, wherein the various elements are not necessarily drawn to scale.
As will be described in detail hereinbelow, one embodiment is a system and method for port mapping in a communications network switch. In particular, the embodiments described herein distinguish between network ports (i.e., ports that connect a switch to other switches in a network) and user ports (i.e., ports to which user devices are connected to the switch) in connection with a port mapping session, identified by a session ID assigned to the port. In general, when only one side (i.e., user ports) of a session is created on a switch, the user ports of that session can communicate with any other ports on the switch, but not with each other. This situation is illustrated in
When two sides (i.e., user ports and network ports) of a session are created on a single switch, the user ports in the session can communicate only with the network ports in the same session and with no other ports on the switch. The session thus forms a closed entity on the switch with respect to the user ports. This situation is illustrated in
In particular, as shown in
In general, for user and network ports, the following rules are applied by the embodiments described herein for implementing port mapping using network and user ports.
Application of the above-listed rules will now be illustrated in greater detail with reference to
On Switch S1:
Based on the configuration shown in
Referring now to
On Switch S1
Based on the foregoing configuration illustrated in
It will be recognized that if network ports N1, N2, and N3 are made part of both of the sessions on the switch S1 (i.e., sessions 1 and 2), which is configurable, then the ports N1, N2, and N3 will be able to interact with each other and the user ports C, D and Y on the switch S2 will be able to interact with all of the user ports on the switches S1, S3, and S4.
Referring now to
On Switch 1:
Based on the foregoing, the following situation is attained:
Referring now to
On Switch S1:
Based on the forgoing, the following situation is attained:
In step 704, the network administrator identifies user ports on the switch that should not be permitted to interact with one another and assigns a second session ID to those user ports. Step 704 may be repeated for any number of groups of user ports that are not to be permitted to interact with one another, but are permitted to interact with user ports of other sessions, general ports, and network ports.
In one embodiment, the rules are implemented by establishing the allowed ports by bitmap tables within generally available application specific integrated circuits (“ASICs”) in the switches. The configuration is managed so that the desired behavior is attained. For example, on one ASIC, when a packet is received at a port, the switch decides to which port to transmit the packet. In one embodiment, the corresponding entry in the port bitmap table that allows for transmit is set to zero for restricted ports and to one for allowed ports.
It is believed that the operation and construction of the present invention will be apparent from the Detailed Description set forth above. While the exemplary embodiments of the invention shown and described have been characterized as being preferred, it should be readily understood that various changes and modifications could be made therein without departing from the scope of the present invention as set forth in the following claims.
This nonprovisional application claims priority based upon the following prior United States provisional patent application entitled: “PORT MAPPING WITH USER/NETWORK PORTS,” Application No. 60/721,670, filed on Sep. 29, 2005, in the names of: Subash Bohra, Vincent Magret, and Steve Valentine which is hereby incorporated by reference.
Number | Name | Date | Kind |
---|---|---|---|
4387458 | Carbrey | Jun 1983 | A |
5305311 | Lyles | Apr 1994 | A |
5319644 | Liang | Jun 1994 | A |
5489896 | Sofer et al. | Feb 1996 | A |
5541928 | Kobayashi et al. | Jul 1996 | A |
5627824 | Arnold | May 1997 | A |
5633869 | Burnett et al. | May 1997 | A |
5781549 | Dai | Jul 1998 | A |
5805801 | Holloway et al. | Sep 1998 | A |
5822309 | Ayanoglu et al. | Oct 1998 | A |
5825772 | Dobbins et al. | Oct 1998 | A |
5941979 | Lentz et al. | Aug 1999 | A |
6009092 | Basilico | Dec 1999 | A |
6021495 | Jain et al. | Feb 2000 | A |
6026078 | Smith | Feb 2000 | A |
6084856 | Simmons et al. | Jul 2000 | A |
6229538 | McIntyre et al. | May 2001 | B1 |
6304973 | Williams | Oct 2001 | B1 |
6331983 | Haggerty et al. | Dec 2001 | B1 |
6363081 | Gase | Mar 2002 | B1 |
6381218 | McIntyre et al. | Apr 2002 | B1 |
6421342 | Schwartz et al. | Jul 2002 | B1 |
6421735 | Jung et al. | Jul 2002 | B1 |
6430626 | Witkowski et al. | Aug 2002 | B1 |
6438132 | Vincent et al. | Aug 2002 | B1 |
6453371 | Hampson et al. | Sep 2002 | B1 |
6466583 | Laraqui | Oct 2002 | B1 |
6519051 | Wu et al. | Feb 2003 | B1 |
6564261 | Gudjonsson et al. | May 2003 | B1 |
6647018 | Juntunen et al. | Nov 2003 | B1 |
6741592 | Edsall et al. | May 2004 | B1 |
6766373 | Beadle et al. | Jul 2004 | B1 |
6810041 | Walker, III et al. | Oct 2004 | B2 |
6839747 | Blumenau et al. | Jan 2005 | B1 |
6850542 | Tzeng | Feb 2005 | B2 |
6892309 | Richmond et al. | May 2005 | B2 |
6907036 | Malalur | Jun 2005 | B1 |
6952401 | Kadambi et al. | Oct 2005 | B1 |
6956824 | Mark et al. | Oct 2005 | B2 |
6967949 | Davis et al. | Nov 2005 | B2 |
6993027 | Kadambi et al. | Jan 2006 | B1 |
7031297 | Shabtay et al. | Apr 2006 | B1 |
7031302 | Malalur | Apr 2006 | B1 |
7031327 | Lu | Apr 2006 | B2 |
7035255 | Tzeng | Apr 2006 | B2 |
7035286 | Tzeng | Apr 2006 | B2 |
7050431 | Tzeng | May 2006 | B2 |
7082133 | Lor et al. | Jul 2006 | B1 |
7145869 | Kadambi et al. | Dec 2006 | B1 |
7171504 | Ishii | Jan 2007 | B2 |
7174390 | Schulter et al. | Feb 2007 | B2 |
7197044 | Kadambi et al. | Mar 2007 | B1 |
7216161 | Peckham et al. | May 2007 | B1 |
7231430 | Brownell et al. | Jun 2007 | B2 |
7290283 | Copeland, III | Oct 2007 | B2 |
7310664 | Merchant et al. | Dec 2007 | B1 |
7339938 | Tzeng | Mar 2008 | B2 |
7380025 | Riggins et al. | May 2008 | B1 |
7394756 | Cook | Jul 2008 | B1 |
7424012 | Tzeng | Sep 2008 | B2 |
7447197 | Terrell et al. | Nov 2008 | B2 |
7460488 | Mayernick | Dec 2008 | B2 |
7469298 | Kitada et al. | Dec 2008 | B2 |
7516487 | Szeto et al. | Apr 2009 | B1 |
7633948 | Yokomitsu et al. | Dec 2009 | B2 |
7747836 | Rajan et al. | Jun 2010 | B2 |
7783735 | Sebes et al. | Aug 2010 | B1 |
20020191589 | Vassiliou | Dec 2002 | A1 |
20030142674 | Casey | Jul 2003 | A1 |
20030206523 | Lu | Nov 2003 | A1 |
20030227904 | Rabinovich et al. | Dec 2003 | A1 |
20040062257 | Nguyen | Apr 2004 | A1 |
20040210663 | Phillips et al. | Oct 2004 | A1 |
20040218539 | Anqud et al. | Nov 2004 | A1 |
20040243710 | Mao | Dec 2004 | A1 |
20040268140 | Zimmer et al. | Dec 2004 | A1 |
20050010811 | Zimmer et al. | Jan 2005 | A1 |
20050041596 | Yokomitsu et al. | Feb 2005 | A1 |
20050058118 | Davis et al. | Mar 2005 | A1 |
20050060414 | Phillips et al. | Mar 2005 | A1 |
20050078171 | Firestone et al. | Apr 2005 | A1 |
20050083949 | Dobbins et al. | Apr 2005 | A1 |
20050091387 | Abe | Apr 2005 | A1 |
20050169315 | Jiang et al. | Aug 2005 | A1 |
20050190788 | Wong et al. | Sep 2005 | A1 |
20050232254 | Korner | Oct 2005 | A1 |
20050232285 | Terrell et al. | Oct 2005 | A1 |
20060107108 | Geng et al. | May 2006 | A1 |
20060182118 | Lam et al. | Aug 2006 | A1 |
20060209807 | Lor et al. | Sep 2006 | A1 |
20060272014 | McRae et al. | Nov 2006 | A1 |
20070002899 | Raman et al. | Jan 2007 | A1 |
20070014290 | Dec et al. | Jan 2007 | A1 |
Number | Date | Country |
---|---|---|
1770913 | Apr 2007 | EP |
WO 9736407 | Oct 1997 | WO |
Number | Date | Country | |
---|---|---|---|
20090180471 A1 | Jul 2009 | US |
Number | Date | Country | |
---|---|---|---|
60721670 | Sep 2005 | US |