This invention relates to the field of computers. More particularly, apparatus and methods are provided for managing packet classification tables used to classify traffic traversing a multi-function network interface device.
Virtualized I/O devices provide considerable value because they allow a high-performance peripheral component to be shared among multiple applications, making it seem as if each application is receiving a separate, dedicated I/O device. From an application's perspective, each virtual device is completely isolated, and the device driver associated with each virtual device is unaware of the existence of any other. By isolating each virtual device's data from all other virtual devices, data privacy and integrity can be assured.
Peripheral Component Interconnect Express (PCIe) is a very widely used, standardized, computer system I/O technology. PCIe includes a virtualization model in which a host Function provides hardware traffic isolation and protection, as well as a standardized interface. Via this standard interface, system software can configure and manage anything from a monolithic device supporting a single Function to a high-throughput device supporting hundreds of virtual Functions. PCIe provides a mechanism entitled Function Level Reset (FLR), which provides a standardized means for system software to reset and reinitialize a Function.
To classify packets at layers 2 through 4 (or even deeper), a multi-function I/O device employs multiple tables, such as TCAMs (Ternary Content Addressable Memory) and SRAMs (Static Random Access Memory), which store information for determining how or where to transfer the packets. To support virtualization of the device across multiple Functions, some or all of these classification tables may be logically partitioned into regions or entries dedicated to different Functions; these regions may or may not be contiguous.
Due to hardware constraints, some of these tables may be built out of a single physical memory block. However, as the PCIe specification stipulates, when an application terminates and an FLR is performed to reinitialize a Function and prepare it for use with a different software image, the corresponding classification table resources (e.g., table entries) must be sanitized to prevent the later software image from seeing the previous image's data. The PCIe specification further requires hardware to be in a power-on state and the FLR completed within a bounded period of time.
However, a classification table used by a high-bandwidth I/O device may be quite large because it may support a large number of communication connections. In addition, table entries are not marked in any way to identify the Functions that own them, and entries owned by different Functions may be interleaved. Because classification tables must be searched entry-by-entry to find and clear entries affected by a change in status of a particular Function, it may be difficult to completely process an FLR within the allotted period of time.
One solution to the need to quickly and completely sanitize a Function's classification table data is to block other Functions from using the I/O device while the reinitialized Function's data is cleared. This solution is rarely acceptable because it may cause a significant amount of dropped traffic while the other Functions' communication connections are paused.
Another solution is to have a dedicated hardware component (e.g., a “walker”) search classification tables and clear entries as needed. This solution can be expensive because of the need for additional sophisticated hardware. Another suboptimal solution that requires additional hardware involves the use of multiple instances of a classification table, such as one for each Function.