The present invention relates to an apparatus that monitors data packets transmitted on a data network and processes the data packets. More particularly, the present invention relates to an apparatus that classifies the data packets, associates the classified data packets with a particular data flow, and processes the classified data packets via a particular packet processor that corresponds to the particular data flow. The apparatus is further optimized to operate at wire speeds. Furthermore, the present invention relates to a method employed by the apparatus.
In a digital communication network (e.g. the internet, wide area network (xe2x80x9cWANxe2x80x9d), local area network (xe2x80x9cLANxe2x80x9d), etc.), data packets are transmitted over the network between a source computer (e.g. a personal computer, router, server, etc.) and a destination computer (e.g. a personal computer, router, server, etc.). Furthermore, in a network that is capable of full duplex communications, data packets can be simultaneously transmitted from the source computer to the destination computer and from the destination computer to the source computer over the same data path or channel. The transmission of data from the source computer to the destination computer is typically referred to as a xe2x80x9cdownstreamxe2x80x9d transmission of the data packets. Conversely, the transmission of data from the destination computer to the source computer is generally referred to as an xe2x80x9cupstreamxe2x80x9d transmission.
Typically, data networks contain a relatively large number of computers, and each of the computers can operate as both a source computer and a destination computer. For example, in one instance, a particular computer in the network may perform an operation and output data to another computer in the network. In such a situation, the particular computer acts as a source computer. However, in another instance, the particular computer may receive data from another computer in the system, and in such a situation, the particular computer acts as a destination computer.
Often, each of the computers in the network forms at least part of a xe2x80x9cnodexe2x80x9d of the network, and data is transferred among the various nodes by transmitting data packets among the computers. For example, a first computer located at a first node may run a first application program that generates first data to be subsequently processed by a second computer at a second node. In order to transfer the first data to the second computer so that it can be processed, the first computer divides the first data into a plurality of data segments and forms one or more data packets corresponding to each of the data segments. Then, the data packets are transmitted downstream from the first computer to the second computer. After the second computer receives the data packets, it may respond by sending a corresponding confirmation packet upstream to the first computer. Also, if the network is capable of full duplex communications, the second computer may simultaneously transmit data packets upstream to the first computer when the first computer is transmitting data packets downstream to the second computer.
Each of the data packets transmitted from the first computer to the second computer (and transmitted from the second computer to the first computer) typically contains a data packet header. The header often includes data that identifies the type of data contained in the data packet, the source computer from which the data packet was transmitted, the intended destination computer of the data packet, etc. An example of a data packet header is illustrated in FIG. 1.
As shown in the figure, the header HDR comprises a source internet protocol (xe2x80x9cIPxe2x80x9d) address field 100, a destination IP address field 110, a protocol field 120, a source port field 130, and a destination port field 140. The source IP address field 100 contains a 32-bit source IP address that identifies the source computer transmitting the data packet. The destination IP address field 110 contains a 32-bit destination address that identifies the intended destination computer of the data packet. The protocol field 120 contains eight bits of protocol data that identify the data format and/or the transmission format of the data contained in the data packet. The source port field 130 includes sixteen bits of data that identify the computer port that physically outputs the data packet, and the destination port field 140 contains sixteen bits of data that represent the computer port that is supposed to input the data packet.
When data packets are transmitted over the network from the source computer to the destination computer, they are input by various network components that process the data packets and direct them to the appropriate destination computer. Such network components may be included in the destination computer and/or may be contained in an intermediate computer that processes the data as it is being transmitted from the source computer to the destination computer. If the data packets can be quickly and efficiently processed and routed between the various nodes of the network, the operation of the entire network is enhanced. For example, by quickly and efficiently transmitting data packets to the destination computer, the quality of real-time applications such as internet video conferencing and internet voice conferencing is improved. Also, the network components can quickly process the data packets to determine if they are authorized to be transmitted to the destination computer, and if they are not, the network components discard the data packets. As a result, the security of the network is greatly enhanced.
Before processing a data packet, a network component must xe2x80x9cclassifyxe2x80x9d the data packet according to various characteristics of the data packet and/or the data contained in the packet. Then, the network component processes the data packet based on its classification. Furthermore, the classification of the data packet enables the data packet to be associated with the other data packets belonging to a particular stream of packets. As a result, data packets belonging to a certain stream or flow can all be processed by the same packet processing unit.
A data packet is usually classified by evaluating the information contained in the data packet header. For example, if the data packet contains the header HDR shown in FIG. 1, a network component may classify the data packet as a first type of data packet if the source IP address falls within a first range of source IP addresses, the destination IP address falls within a first range of destination IP addresses, the protocol data falls within a first range of protocol data values, the source port data falls within a first range of source port data values, and the destination port data falls within a first range of destination port data values. On the other hand, the internet component may classify the data packet as a second type of data packet if the source IP address, destination IP address, protocol data, source port data, and destination port data respectively fall within a second range of source IP addresses, a second range of destination IP addresses, a second range of protocol data values, a second range of source port data values, and a second range of destination port data values.
Each group of data value ranges by which a data packet is classified may be considered to be a xe2x80x9crulexe2x80x9d. Thus, in the examples above, the data packet is classified as the first type of data packet if its header HDR satisfies a first rule defined by the first range of source IP addresses, destination IP addresses, protocol data values, source port data values, and destination port data values. On the other hand, the data packet is classified as the second type of data packet if its header HDR satisfies a second rule defined by the second range of source IP addresses, destination IP addresses, protocol data values, source port data values, and destination port data values.
After the data packet is classified, the network component is able to determine how to handle or process the data. For instance, based on the classification of the data packet, the network component may associate the data packet with a certain queue of data packets and store the data packet at the end of the queue. Then, the data packets in the queue are processed in the order in which they were stored in the queue. For example, data packets that are stored in a particular queue may be output via a particular transmission path so that they quickly reach their intended destination computer, may be evaluated to determine if the data packets are authorized to be received and further processed by the network component, may be prevented from being forwarded on the network, may be processed in a particular manner, etc. Accordingly, the network component classifies incoming data packets according to various rules based on the specific data values contained in the data packet headers HDR and processes the data packets based on their classification.
Since the network component must classify each and every data packet that it receives, it should ideally classify the data packets at a speed that equals at least the speed at which the data packets are received. By classifying the data packets as quickly as they are received, data packets do not become xe2x80x9cbottleneckedxe2x80x9d at the input of the network component, and the overall operational speed of the network is not degraded.
However, as the speeds at which networks are capable of transmitting data packets increase, the speeds at which network components must be able to classify and process data packets must likewise increase. For example, on a high speed Sonet network that is capable of transmitting ten gigabits per second, data packets can be transmitted at a rate of 30 million packets per second, and on a full duplex line, data packets can be transmitted at about 60 million packets per second. Thus, network components must be able to classify data packets at extraordinary speeds.
In addition to classifying data packets at high speeds, network components must be able to classify the data packets based on several parameter fields within the packet. Currently, classifying the data packets based on the several parameter fields results in classifying the packets based on hundreds of rules. Thus, to properly classify the incoming data packets without creating a bottleneck at the input of the network component, the component must determine which rule of the hundreds of rules corresponds to each of the incoming data packets and must make such determination at a very high speed. Furthermore, as the number of network users and the number of different services available on the network increase, the number of rules that will need to be evaluated by standard network components is expected to grow to ten thousand or more in the near future. As a result, the network components will need to classify data packets according to an extremely large number of rules at incredible speeds.
In light of the above demands, network components must be designed that can efficiently classify and process the data packets that are transmitted at very high speeds. In the example described above in which classified data packets are classified and stored in particular queues based on their classification, the processing speed of the network component is somewhat enhanced. However, the network component is only able to perform basic operations on the data packets travelling in one direction on the network and cannot associate groups of data packets together so that they can be processed more efficiently. Furthermore, the network component is unable to associate data packets travelling downstream in the network with corresponding data packets travelling upstream in the network. As a result, the downstream data packets and upstream data packets are processed separately in accordance with separate processes, and the overall efficiency of the network components in the network is decreased.
One object of the present invention is to provide an apparatus that can quickly and efficiently process data packets transmitted on a data network.
Another object of the present invention is to provide an apparatus that can quickly and efficiently classify data packets transmitted upstream and downstream on a data network.
Yet another object of the present invention is to provide an apparatus that overcomes problems associated with existing network monitoring devices.
In order to achieve the above and other objects, a network interface that processes data packets transmitted on a network is provided. The network interface comprises: a first data path unit that inputs a first data packet transmitted on the network, wherein the first data packet comprises a first header; a second data path unit that receives a second data packet transmitted on the network, wherein the second data packet comprises a second header; a header processor unit that inputs the first header from the first data path unit and the second header from the second data path unit, evaluates the first header to determine which rules apply to such header, and evaluates the second header to determine which rules apply to such header; and a classifier unit that inputs the first header from the first data path unit and the second header from the second data path unit, evaluates the first header to determine a flow corresponding to the first data packet, and evaluates the second header to determine a flow corresponding to the second data packet.
In order to further achieve the above and other objects, a network interface that processes data packets transmitted on a network is provided. The network interface comprises: a first data path unit that inputs downstream data packets transmitted downstream on the network, wherein the downstream data packets comprise downstream headers, respectively; a second data path unit that inputs upstream data packets transmitted upstream on the network, wherein the upstream data packets comprise upstream headers, respectively; a header processor unit that inputs the first header from the first data path unit and the second header from the second data path unit, evaluates the first header to determine which rules apply to such header, and evaluates the second header to determine which rules apply to such header; a classifier unit that inputs the downstream headers from the first data path unit and the upstream headers from the second data path unit, evaluates the downstream headers to respectively determine flows corresponding to the downstream data packets, and evaluates the upstream headers to respectively determine flows corresponding to the upstream data packets; packet processors at least indirectly coupled to the classifier unit, wherein the classifier unit selects a first packet processor of said packet processors to process both upstream data packets and downstream data packets corresponding to a first flow, and is further capable of balancing the load between such packet processors.