1. Field of the Invention
The present invention relates to a packet communication network, and more particularly to a packet switching apparatus used in a packet communication network.
2. Description of the Related Art
In a packet communication network which is represented by the Internet, the transmission of data is carried out in a packet unit. The packet contains the header which contains a source address and a destination address of the packet data. A packet switching apparatus such as a router transfers the packet to an appropriate network in the packet unit based on the destination address of the header. Thus, the packet routing process is conventionally carried out in the packet unit. In this way, the packet routing process is generally carried out as a software based process.
FIG. 1 shows a block diagram showing the structure of a conventional example of the packet switching apparatus for carrying out the packet routing process. Referring to FIG. 1, the packet switching apparatus is composed of a microprocessor 101, a main memory 102, a packet memory 105, lower layer processing sections 110 and a DMA controller 112. The main memory 102 stores a software program executed on the microprocessor 101 and routing data. The packet memory 105 stores received packets. Each of the lower layer processing sections 110 has the hardware structure which executes the processes for a data link layer and a physical layer. The DMA controller 112 transfers the packet between the lower layer processing section 110 and the a packet memory 105.
In a conventional router which has the structure shown in FIG. 1, when a packet is received by one of the lower layer processing sections 110, the DMA controller 112 transfers the received packet from the lower layer processing section 110 to the packet memory 105 once. After this, the microprocessor 101 copies the packet stored in the packet memory 105 in the main memory 102 via a processor bus 103. After that, a routing process is carried out by the microprocessor 101 under the software control. A packet whose header is replaced with a MAC (media access control) header is again copied into the packet memory 105. Next, the DMA controller 112 transfers the packet to one of the lower layer processing sections 110 based on the destination address of the packet. The lower layer processing section 110 is connected with a physical output port. The lower layer processing section 110 transmits the transferred packet to a network via the physical output port after processing of the lower layer processing section 110.
As described above, in the conventional example of the packet switching apparatus, the routing process to all packets is carried out by the microprocessor 101 under the software control. Therefore, the network speed depends on the performance of the microprocessor 101 itself.
As for the packet communication system, it is conventionally pointed out that the security of data is weak, compared with a line switching system. Also, with the rapid spread of use of the Internet in recent years, the data security in the packet communication is an urgent problem. For this reasons, the system for encrypting IP (Internet protocol) packet data or IPsec is standardized as the security measure in the network layer.
In the conventional packet switching apparatus, the processes including the process of encrypting and decrypting of a packet based on IPsec are all carried out by the microprocessor 101. Therefore, the increase of the communication traffic and the increase of the network speed are limited due to the performance of the microprocessor.
In the packet switching apparatus shown in FIG. 1, if the packet memory 105 and the main memory 102 are formed in a same memory device as a unit, the time necessary for the data transfer between the memories can be reduced. However, because all the processes for every packet still are the load of the microprocessor, there is remained the problem that there is the limit due to the performance of the microprocessor to increase of processing speed.
Also, the process of encrypting and decrypting the packet based on the above-mentioned IPsec is sometimes executed in the conventional packet switching apparatus to improve security of the packet communication. In this case, because a part of the ability of the microprocessor is used for the encrypting and decrypting process of the packet, the overall processing efficiency of the packet switching apparatus is decreased and there is the limit in high processing speed. More specifically, when the IPsec processing is newly added to the above conventional packet switching apparatus, the data throughput of the packet sometimes fell to about {fraction (1/10)}.
In conjunction with the above description, an encryption communication processing apparatus is disclosed in Japanese Laid Open Patent Application (JP-A-Heisei 1-152831). In this reference, an encrypted sentence is communicated between terminals connected to a branch type (bus type) network. In this case, an access control circuit carries out the identification and management of an address of the terminal and an encryption token. A mode control circuit sets an encrypt mode when an encrypted sentence is identified by the access control circuit. Thus, the reference solves the problem that a common address is received by a terminal other than target terminals because of an error when an encrypted sentence is broadcast using the common address.
Also, an information communication processing apparatus is in Japanese Laid Open Patent Application (JP-A-Heisei 9-149023). In this reference, a plurality of encrypting/decrypting methods are stored in each of tables (11 and 21). A selecting section (13) in a unit (1) selects one of the plurality of encrypting/decrypting methods stored in the table (11). A control section (14) notifies an offset value of the selected encrypting/decrypting method in the table to a control section (24) in a unit (2). Thus, the information communication processing apparatus is provided in which there is less possibility of leakage of secret.