1. Field of the Invention
The present invention relates to transparent bridging technology, more particularly to arrangements for providing transparent bridging between local area networks having multiple proxy devices serving as entry points for communication across a wide area network.
2. Description of the Related Art
Transparent bridging technology is a popular mechanism for interconnecting local area networks. Transparent bridges, popular in Ethernet/IEEE 802.3 Networks, are so named because their presence and operation are transparent to network hosts. When transparent bridges are powered on, they learn the network topology by analyzing the source address of incoming frames from all attached networks. If, for example, a bridge sees a frame arrive on line 1 from host A, the bridge concludes that host A can be reached through the network connected to line 1. Through this process, transparent bridges build a table that can be used for traffic forwarding.
Once the bridge has built a forwarding table, the bridge can forward a frame, received on one of the bridge ports, by looking up the frame""s destination address in the forwarding table. If the forwarding table contains an association between the destination address and any bridge port other than the inbound port having received the frame, the bridge outputs the frame on the indicated port. If no association is found, the frame is flooded to all ports except the inbound port.
A design assumption with transparent bridging is for any particular media access control (MAC) address at any particular time, there will be at most one path through the transparent bridged network by which that MAC address can be reached. This design assumption is typically implemented through the use of the spanning-tree algorithm, which detects and eliminates any loops created by two or more transparent bridges by causing a sufficient number of bridge ports to enter a xe2x80x9cblockingxe2x80x9d mode. By eliminating all loops in the network, the only way a MAC address could be reachable through the multiple paths would be if more than one device advertised the same MAC address; since it is a violation of the IEEE 802.3 specification for an individual MAC address to be used by more than one device within a bridged network, the reachability of a MAC address by multiple paths is normally not an issue.
A limitation of transparent bridging technology is that there is no information contained within a packet to inform the bridge device the path from where the packet came, or the path to where the packet is destined. For example, the IEEE 802.5 token ring LAN specification describes source-route bridging (SRB) as a technique for bridging local area networks. Source-route bridging algorithms add the complete source-to-destination route in all inter-LAN frames sent by the source, such that all source route bridges store and forward the frames as indicated by the route appearing in the appropriate frame field.
FIG. 1 is a diagram illustrating an exemplary source-route bridged network 10. Assume that host X in FIG. 1 wishes to send a frame to host Y, and that initially host X does not know whether host Y resides on the same token ring (IEEE 802.5) local area network (LAN 1) or a different LAN segment. Hence, host X sends out a test frame onto LAN 1. If the test frame traverses around the token ring of LAN 1 and returns to host X without a positive indication that host Y has seen the test frame, host X assumes that host Y is on a remote LAN segment. To determine the remote location of host Y, host X then sends an explorer frame. Each bridge 12a, 12b receiving the explorer frame copies the frame onto all outbound ports. Route information is added to the explorer frames as they travel through the internetwork 10 via bridges 12c and 12d. When the explorer frames initially generated by host X reach host Y on LAN 2, host Y replies to each received explorer frame using the accumulated route information. Upon receipt of all response frames that specify their respective paths, host X chooses a path based on predetermined criteria.
The route information is accumulated in a routing information field (RIF), specified under IEEE 802.5. A RIF is included only in those frames destined for other LANs, and the presence of routing information within the frame is indicated by the setting of the most significant bit within the source address field, called the routing information indicator (RII) bit.
As readily apparent from the foregoing, a limitation of transparent bridging technology is that there is no RIF functionality in IEEE 802.3 based networks, hence there is no information contained within a packet to inform the bridge device from where the packet came, or to where the packet is destined. This limitation is readily apparent from conventional Ethernet IEEE 802.3 networks as a packet will only have one path through a network.
New mechanisms have been developed for reliable transfer of traffic from an Ethernet IEEE 802.3 local area network across a wide area network. The consequences of these advances is that limitations which were not crucial for local operation of the Ethernet/802.3 local area network have become more cumbersome. For example, there are certain devices (e.g., and stations) in the network, referred to as xe2x80x9cproxiesxe2x80x9d, which represent a large number of other devices (e.g., end stations) elsewhere in the network; traffic destined for these end stations are accepted by the proxies, and traffic from these end stations enter the transparently bridged LAN through these proxies. One common example of this type of proxy device is a data link switching (DLSw) peer device, as described in RFC 1795.
Data link switching (DLSw) was developed as a means of transporting IBM Systems Network Architecture (SNA) and Network Basic Input/Output System (NetBIOS) traffic over a IP Network. The DLSw serves as an alternative to source route bridging protocols that were used for transporting SNA and NetBIOS traffic in token ring environments. The principal difference between source route bridging and DLSw revolves around support of local termination. SNA and NetBIOS traffic rely on link-layer acknowledgements and keep-alive messages to ensure the integrity of connections and the delivery of data. For connection-oriented data, the local DLSw node or router terminates data-link control. Therefore, link-layer acknowledgments and keep-alive messages do not need to traverse a wide area network. DLSw nodes or routers use a switch-to-switch protocol (SSP) for establishment and maintenance of DLSw circuits across a wide area network. The DLSw nodes encapsulate packets in TCP/IP for transport on IP based networks, using TCP as a means of reliable transport between DLSw nodes.
The use of DLSw type proxy devices does not create a problem in conjunction with transparent bridging, so long as there is only one such proxy device connected to the transparently-bridged LAN, or so long as no set of two or more of these devices can provide proxy services for a particular MAC address. Hence, only a single proxy device may provide proxy services for a local area network segment, resulting in reliability concerns if the proxy device fails. As such, failure of a single network device such as the proxy could result in a loss of connectivity from a large number of end stations. However, efforts at improving network reliability by adding a redundant proxy seem unattainable as it violates the basic design assumption of transparent bridging.
This problem is readily apparent from the example of a proxy device attempting to establish a circuit connection across the wide area network at the same time that another proxy device on the same local area network also attempts to establish a circuit connection via the wide area network. This contention for circuit establishment may arise, for example, in response to reception of a frame transmitted by an end station on the local area network. Since proxy devices on the same local area network may attempt to provide proxy service for the same remote device, both proxy devices in this case may attempt to establish a circuit connection for the same transmitted packet. The contending proxy devices will thus establish duplicate circuits, resulting in a destructive operation within the network. Hence, the attempt to add multiple proxy devices for redundancy may result in the more adverse impact of interfering with the attempted establishment of circuit connections across the wide area network.
There is a need for an arrangement in a transparently-bridged wide area network, where proxy devices attached to the same LAN can share proxy services for end stations on a local area network, without interfering with each other.
There is also a need for an arrangement that eliminates contention between multiple proxy devices coupled to a local area network for providing proxy services to an end station on the local area network.
There is also a need for an arrangement in a transparently-bridged wide area network, where multiple proxy devices connected to the same local area network are able to mediate for services to be provided to an end station on the local area network, thereby avoiding contention for proxy services.
These and other needs are attained by the present invention, where each proxy device on a local area network mediates with other proxy devices using tokens to provide authorizations for establishment of a circuit connection. Proxy devices initially establish a communication between each other. Upon receiving a frame from an end station connected to the LAN, each proxy device capable of reaching the destination identified by the frame determines whether it has possession of the token. Hence, only the proxy device holding the appropriate token will be permitted to act on the frame, eliminating proxy contention issues. In addition, tokens are generated if the proxy devices determine that no other proxy device posseses the appropriate token. Finally, multiple tokens may be used for different destinations, such that a single token may be used to represent a subset of end stations on one local area network that provide communications over a wide area network to another local area network. Hence, multiple tokens may be used by the proxy devices for respective local area networks reachable via the wide area network.
According to one aspect of the present invention, a method is provided in a proxy device coupled to a local area network and configured for establishing a circuit connection with a second local area network via a wide area network. The method includes establishing a communication with at least a second proxy device coupled to the local area network, determining whether one of the proxy device and the second proxy device possesses a token authorizing establishment of the circuit connection for transfer of a frame, received from a first end station on the local area network, to the second local area network, and selectively transferring the frame to the second local area network based on whether the proxy device possesses the token.
According to another aspect of the present invention, a proxy device is provided that is configured for establishing a circuit connection between a local area network and another local area network via a wide area network. The proxy device includes a first network port for communication with a second proxy device via the local area network, a second network port for communication with the other local area network via the wide area network, and a control unit. The control unit is configured for establishing a communication link with the second proxy device and determining a presence of a token possessed by one of the proxy device or the second proxy device for establishment of the circuit connection, the control unit selectively transferring a frame received from an end station on the local area network to the other local area network based on the proxy device possessing the token.
Additional advantages and novel features of the invention will be set forth in part in the description which follows, and in part will become apparent to those skilled in the art upon examination of the following or may be learned by practice of the invention. The advantages of the invention may be realized and attained by means of the instrumentalities and combinations particularly pointed out in the appended claims.