1. Field of the Invention
This invention relates to the field of information networks, and more particularly relates to a network device architecture for centralized packet processing, and a method of operating such a network device.
2. Description of the Related Art
Today's computer networks typically employ a hierarchical approach, allowing devices at a relatively lower level in the network hierarchy to perform as much of the packet processing functions as is reasonably possible. Typically, the network hierarchy employed follows the separation of layers in the network protocol employed. In fact, it can be argued that this arrangement flows naturally from the notion that processing is best performed as near to the source and/or destination of a packet as is reasonably possible. This philosophy is exemplified by the network architecture and its operation discussed in connection with FIGS. 1 and 2.
FIG. 1 is a block diagram of a network 100 of the prior art that includes several network devices. In FIG. 1, several clients (depicted as host network devices 102(1)-102(N) in FIG. 1) communicate with each other and with several servers 104(1)-104(N) via network 100. Host network devices 102(1)-102(N) can include a variety of different devices that access networked services. For example, host network device 102(1) can be a cell phone, a personal computer, a Personal Digital Assistant (PDA) or other computing device. Servers 104(1)-104(N) provide various services, such as various software-based services and/or access to shared storage devices.
Network 100, which includes elements that couple host network devices 102(1)-102(N) and servers 104(1)-104(N), can be described in terms of several network layers. The layer closest to host network devices 102(1)-102(N) is access layer 110. Access layer 110 includes several access layer network devices 120(1)-120(N). In this example, access layer 110 is the primary layer at which packets enter the network from host network devices 102(1)-102(N).
Distribution layer 112 aggregates flows received via access layer 110 and provides these aggregated flows to core layer 114. In this example, distribution layer 112 includes distribution layer network devices 122(1)-122(N). Core layer 114 is a logically centralized portion of the network through which various aggregated flows pass. Core layer 114 includes core network devices 124(1)-124(N).
In this example, data center 116 includes two sets of network devices: data center network devices 126(1)-126(N) and data center network devices 128(1)-128(N). Data center network devices 128(1)-128(N) provide various ones of servers 104(1)-104(N) access to network 100. Data center network devices 126(1)-126(N) aggregate flows from data center network devices 128(1)-128(N) and provide the aggregated flows to core layer 114.
It is noted that in some embodiments, a given network will not include the network layers illustrated in FIG. 1 (e.g., some of the layers can be combined and/or eliminated, and alternative layers can also be included in addition to and/or instead of those shown in FIG. 1). Additionally, clients and servers can be coupled to the network differently than shown in FIG. 1 (e.g., some clients and/or servers can be coupled to individual network devices in the core and/or distribution layers, or to multiple such devices). Additionally, the physical locations of devices relative to each other can differ from the logical locations shown in FIG. 1. For example, two devices in the same network layer can be physically located on different floors of a building, in different buildings, on different campuses, or at even greater physical distances from one another. Conversely, two devices in different network layers can be co-located with one another.
Typically, access layer network devices 120(1)-120(N) and data center network devices 128(1)-128(N), which are located at the outer edges of network 100, operate differently than distribution layer network devices 122(1)-122(N), core network devices 124(1)-124(N), and data center network devices 126(1)-126(N), which are located in the inner layers of network 100. Typically, in the case in which network 100 implements an Open Systems Interconnection (OSI) model, access layer network devices 120(1)-120(N) provide L2 (Layer 2) forwarding functionality, as can data center network devices 128(1)-128(N). In like manner, distribution layer network devices 122(1)-122(N) can provide L3 (Layer 3) routing functionality, as can data center network devices 126(1)-126(N). As will therefore be appreciated, access layer network devices 120(1)-120(N), distribution layer network devices 122(1)-122(N), core network devices 124(1)-124(N), and data center network devices 126(1)-126(N) and 128(1)-128(N) can include various routers, switches, gateways, and other network equipment.
FIG. 2 is a block diagram illustrating packet flow in a network architecture 200 of the prior art. Network architecture 200 includes a number of host network devices (depicted in FIG. 2 as host network devices 205(1)-(N)), an access layer 210, and a distribution layer 220. Access layer 210 includes a number of access layer devices (exemplified in FIG. 2 by switches 225(1)-(N)). Similarly, distribution layer 220 includes one or more distribution layer devices (exemplified in FIG. 2 by a router 230). Each of host network devices 205(1)-(N) is coupled to at least one of switches 225(1)-(N) by one of a number of network connections 235(1)-(N). Similarly, each of switches 225(1)-(N) is coupled to a device in distribution layer 220 (e.g., router 230) by one of a number of network connections 240(1)-(N).
An example of the flow of packets through network architecture 200 can be described using network architecture 200. This example is based on the use of an Open System Interconnection (OSI) model, in which switches 225(1)-(N) implement packet switching at the data link layer (i.e., OSI layer 2), while router 230 implements packet routing at the network layer (i.e., OSI layer 3; also referred to as the internetworking or IP layer). In the case in which a packet is to be switched at the data link layer, a packet is conveyed from a host network device (e.g., host network device 205(1)) to one of the switches in the access layer (e.g., switch 225(1)) along a path 250. Assuming that the destination of the packet is connected to switch 225(1), switch 225(1) can perform the switching functions necessary to convey the packet to its intended destination. In the case depicted in FIG. 2, the packet is switched along path 250 to the port to which host network device 205(2) is connected. Switch 225(1) thus conveys the packet, having been received from host network device 205(1), along path 250 to host network device 205(2).
As is apparent, none of the other switches within access layer 210 need be involved in the foregoing operations, nor any of the devices in distribution layer 220. However, in the case, where the packet is destined for a destination host network device that is not connected to the same switch as the source host network device (or other network layer processing (e.g., routing) needs to be performed), such packets are forwarded to distribution layer 220 for processing (e.g., routing) by the devices therein (e.g., router 230). An example of a course such a packet might take is now discussed. In this example, host network device 205(1) wishes to send a packet to host network device 205(N). As can be seen, host network device 205(1) has no way to send this packet to host network device 205(N) using only the switches in access layer 210.
In this example, then, a device in distribution layer 220 (e.g., router 230) is called into action. Host network device 205(1) thus sends a packet to switch 225(1) along path 260. Switch 225(1) determines that the packet can not be forwarded to its destination by being forwarded to one of the front-end ports of switch 225(1). This being the case, switch 225(1) forwards the packet to router 230 via network connection 240(1) (which is shown in FIG. 2 as being part of path 260). Router 230 then determines which one of switches 225(1)-(N) is able to forward the packet to its intended destination (host network device 205(N)). Router 230 determines that this can be accomplished by forwarding the packet to switch 225(N) along path 260 (via network connection 240(N)). Router 230 thus forwards the packet along path 260 to switch 225(N) along path 260. Switch 225(N) then forwards the packet to its intended destination, host network device 205(N), via network connection 235(N) (again along path 260).
As is therefore apparent, switch 225(1)-(N) includes the functionality necessary to make determinations as to the forwarding of a packet received either from one of host network devices 205(1)-(N) or from a distribution layer device such as router 230. Moreover, each of switches 225(1)-(N) is capable of making “local” forwarding decisions (e.g., forwarding decisions regarding host network devices connected to the front-end ports of the given switch), without intervention or support from other of the network devices within network architecture 200.
As can be seen in FIGS. 1 and 2, the number of devices at the access layer can be quite large, and is typically significantly larger than the number of devices at the distribution layer. When combined with the philosophy of performing packet processing at the lower layers of the network hierarchy (regardless of the network topology), it will be appreciated that such an approach can encounter a number of difficulties. This is because such an approach creates a relatively large number of points of management for a given network protocol layer.
The most obvious problem encountered by such an approach is the need to manage what can become a very large number of access layer devices. As will be appreciated, the number of access layer devices can grow geometrically (and even exponentially) in relation to the number of distribution layer devices. Managing such a large number of devices can prove challenging, and as the number of such devices grows, the management tasks only become more unwieldy. Such management challenges include the upgrading of hardware and/or software (potentially for each one of the aforementioned large number of devices), as well as the potential need to analyze packet flows through large numbers of such devices in determining the source of errors or the cause of a failure.
A large number of access layer devices also translates into the need to replace a large numbers of devices, when such devices become outmoded. If the devices are replaced in such situations, not only is substantial effort required (both in terms of physical installation of the new devices, as well as in terms of their configuration), but the capital investment made in the existing devices is lost.
In addition to the substantial effort required to manage such access layer devices, substantial costs (e.g., on a per-port basis) are typically involved. Because each access layer device in such a network includes the functionality (i.e., the packet processing capabilities) required to process packets at the given network protocol layer, each such access layer device incurs the cost of the hardware and software necessary to support such functionality. Since each such access layer device can only support a certain number of ports, a corresponding portion of the cost of such hardware and software must be attributed to each such port, resulting in a higher per-port cost than might otherwise be the case. Moreover, this cost is incurred regardless the number of host network devices connected thereto (or more importantly, not connected thereto), potentially making the cost on a per-host network device basis even higher than the per-port cost.
Moreover, as depicted in FIG. 1, such a network architecture traditionally supports servers as “leaf nodes” (i.e., at the lowest level in the network hierarchy), requiring users to access such servers via the access and distribution layer devices to which the desired server is connected. As such, servers are coupled to the network in the same manner as host network devices. While such uniformity is logically consistent (a computing device is connected to the network via an access layer device and a distribution layer device, regardless of whether the device is a host network device or a server), which may provide conceptual simplicity, such an approach can obviously subject the access and distribution layer devices supporting a given server to significantly greater loads than might otherwise be the case. Such loads can lead to difficulties in accessing the server. Moreover, with each additional device in the path between a given host network device and a server, comes the greater possibility of failures along that path.
What is therefore needed is a method and system that minimize the administrative efforts needed to manage a given network topology, while providing the connectivity and functionality needed by end-users. Preferably, such an approach would also reduce the costs of such a network architecture (e.g., on a per-port or per-host basis). Such an approach should also provide the ability to balance network loads and reliability with ease of access and administration, and should provide at least some protection for the capital investment made in such systems.