The Institute of Electrical and Electronic Engineers (IEEE) has promulgated a number of standards regarding local area networks (LANs). LANs such as Ethernet (IEEE standard 802.3) provide for a multiplicity of interconnected endstations that allow a multiplicity of users to share information in an efficient and economical manner. Each endstation of a network can typically communicate with every other endstation that is physically connected to that network.
In some circumstances it is desirable to provide isolation between two or more groups of users. The simplest solution is to create a number of LANs that are physically isolated from one another. This solution is not cost-effective, however, because it typically leads to underutilization of the resources for each network. A second solution involves the establishment of a single physical "segmented network" and the creation of two or more "virtual network domains" within the segmented network.
A virtual network domain is a subset of the endstations coupled to a physical network, wherein each of the endstations in the subset may communicate with another but cannot communicate with endstations that are not part of the subset. Thus, a single physical network may be divided up into a multiplicity of conceptual or virtual networks, and the desired isolation between user groups can be provided in a single physical network.
Segmented networks are typically created to increase the throughput of a network that has a large number of endstations. As the number of endstations of a network increases, the effective throughput for each endstation of the network decreases. By breaking the network into smaller interconnected segments that each have fewer endstations, the load for each segment in the network is reduced, leading to increased throughput of the network. Interconnection of the segments of prior segmented networks is achieved by connecting several individual LAN segments to the ports of a "switching fabric circuit". The term "switching fabric circuit" as used here is meant to encompass any circuit that provides for the processing and forwarding of information between LAN segments in a segmented network. For example, one prior switching fabric circuit includes a number of conventional Ethernet bridges connected to a backbone network that is controlled by a system processor. The system processor is responsible for filtering and forwarding frames of data between LAN segments. A second prior switching fabric circuit is the Etherswitch.TM., sold by Kalpana, Inc., of Sunnyvale, Calif., and described in U.S. Pat. No. 5,274,631, of Bhardwaj, issued on Dec. 28, 1993, entitled Computer Network Switching System. The Etherswitch.TM. includes a number of packet processors, one for each port, that are each connected to multiplexor logic. A system processor manages forwarding tables and assists in the learning process whereby each packet processor "learns" the location of each endstation in the segmented network.
For a segmented network that employs a single switching fabric circuit, implementing virtual network domains is relatively straightforward. Each segment is assigned as being in a particular domain such that only endstations connected to segments of the same domain can communicate with one another. The switching fabric circuitry is physically configured such that only those ports that are connected to segments of like domain may be "connected" to one another for communication between segments.
Implementing virtual network domains in a segmented network that has more than one switching fabric circuit is a more complicated task. Conceptually, this requires extending domains across an interswitch link through ports that must support traffic for all domains in the network and therefore cannot be assigned to a single domain.
FIG. 1 shows a prior art segmented network having two switching fabric circuits that each support two virtual networks. Switching fabric circuit 100 has four ports. A first port is connected to LAN segment 110, which is assigned to domain "X". A second port is connected to LAN segment 120, which is assigned to domain "Y". A third port is connected to LAN segment 130, which, like LAN segment 110, is assigned to domain X. A fourth port is connected to switching fabric circuit 200 via interswitch link 300. Switching fabric circuit 200 has ports coupled to LAN segments 210, 220, and 230. LAN segments 210 and 230 are assigned to domain Y, wherein LAN segment 220 is assigned to domain X.
FIG. 2 shows the typical format of a frame 150 of data according to the IEEE 802 standard for LANs. The frame is the unit of network transactions. Each frame includes a destination address field 157 and a source address field 158. For segmented networks, the source address field is typically used only for the learning process in establishing forwarding tables for the switching fabric circuits. A typical prior learning process is defined in IEEE standard 802.1(d). The destination address field 157 is used for forwarding the frame to the appropriate endstations. The information contained in the destination address field determines whether the frame is to be an unicast transaction, a multicast transaction, or a broadcast transaction.
Intraswitch unicast transactions between LAN segments of the same domain present no inherent difficulties because the destination endstation is defined and the ports of the switching fabric circuit are manually configured such that only segments of the same domain can communicate with one another. Once the location of the destination endstation in the domain has been learned, packets bound for the destination endstation will consistently be forwarded to the port to which the LAN segment of the destination endstation is connected. The locations of endstations may be learned using prior transparent bridge learning techniques. Similarly, interswitch unicast transactions between remote LAN segments of the same domain present no problems because the location of the destination endstation can be learned.
Difficulties arise when a switching fabric circuit receives either a broadcast packet or a unicast packet specifying an unknown destination endstation from another switching fabric circuit. Broadcast packets by definition have no specific destination address. Unicast packets specifying unknown destination endstations are broadcasted to determine the location of the destination endstation during the learning process Therefore, a unicast packet specifying an unknown destination broadcast packet, express or implied, from switching fabric circuit 100 via interswitch link 300, switching fabric circuit 200 cannot, without more information, know where to forward the broadcast packet. The frame must either be broadcast to all LAN segments connected to switching fabric circuit 200, or it must not be forwarded. In the first case, the desired isolation of the virtual networks is violated and the load of the virtual networks are unnecessarily increased. In the second case, information is lost. Multicast packets present similar difficulties.
Prior art solutions for maintaining isolation without the loss of information focus on the interconnection between switching fabric circuits. These solutions require that additional information be sent with each packet that is transmitted between switching fabric circuits. As the maximum packet size that can be sent by an endstation is defined by the IEEE 802 standard implemented by the LAN segments, additional information typically cannot be included in the packet with a requisite guarantee that the maximum packet size will not be exceeded. One solution requires that the link between switching fabric circuits operate according to a different LAN protocol having a larger packet size such that each frame of data is encapsulated within a larger packet of data that contains equivalence class information. Such encapsulation 180 is shown in FIG. 3. Encapsulation necessitates the presence of additional circuitry in the interconnecting ports of the switching fabric circuits for encapsulating the LAN frames for transmission and for stripping the LAN frames from the packets upon receipt. Encapsulation may require that the interswitch link 300 be a proprietary link that does not support the LAN standard of the LAN segments.
A second solution allows the link between switching fabric circuits to be of the same LAN standard but requires an additional protocol to convey the equivalence class information. For example, each packet to be sent between switching fabric circuits is sent as two packets. The first packet conveys the equivalence class information and the second packet conveys the information of the original packet. The use of an additional protocol similarly require additional circuitry which may be proprietary.