1. Technical Field of the Invention
The present invention generally relates to communications networks. More particularly, and not by way of any limitation, the present invention is directed to system and method for port mapping in switches of such networks.
2. Description of Related Art
In the past, it has been common communications network engineering practice to separate traffic belonging to different users using a router, which is a Layer 3 (“L3”) device by assigning each user to a different subnet identified by a unique L3 address. The router would then transmit each user's packets out through a port assigned to the user's subnet. In view of the fact that only a limited number of bits in the L3 address are used for the subnet mask, the number of subnets that may be addressed by a single router is limited.
It will be recognized that in a communications network, there are many users of the network who require that their traffic be kept absolutely separate from the traffic of other users. For example, an Internet service provider (“ISP”) will typically have many customers who want to connect to a server farm. Access to the ISP is through a router connected to a common external computer network, such as the Internet. This router must route each customer's traffic to that customer's local area network (“LAN”) in such a manner as to maintain security and privacy between the data of different customers. It is imperative that the ISP prevent traffic originating from one customer's server from being received by another customer's server. As previously indicated, a limitation in the use of subnets in this scenario is that there is only a limited number of subnets which can be defined from standard Layer 3 addresses. In modern computer network systems, this numerical limitation severely restricts the number of individual users that can be serviced and also have their data traffic maintained separately. Further, the management of a large number of subnets by a network manager quickly becomes burdensome, especially in the event that the network has thousands of customers whose packet traffic must be kept separate.
Another means by which users traffic may be kept separate is through use private Virtual Local Area Networks (VLANs) defined within a network switch, or bridge, which is a Layer 2 (“L2”) device. A private VLAN is a VLAN feature in which access ports of a switch are allowed to communicate only with certain designated router ports. The security implementation with a Private VLAN is conducted at the hardware layer and does not allow for any frame of any sort to pass between adjacent access ports within a Private VLAN. Private VLANs provide port-based security and isolation between ports within the assigned VLAN. Data traffic on downlink ports can only be forwarded to, and from, uplink ports. A deficiency of private VLANs is that they can be difficult to configure and may not provide a complete solution in some cases.