1. Field of the Invention
The present invention relates to layer 2 and layer 3 switching of data packets in a non-blocking network switch configured for switching data packets between subnetworks.
2. Background Art
Local area networks use a network cable or other media to link stations on the network. Each local area network architecture uses a media access control (MAC) enabling network interface devices at each network node to access the network medium.
The Ethernet protocol IEEE 802.3 has evolved to specify a half-duplex media access mechanism and a full-duplex media access mechanism for transmission of data packets. The full-duplex media access mechanism provides a two-way, point-to-point communication link between two network elements, for example between a network node and a switched hub.
Switched local area networks are encountering increasing demands for higher speed connectivity, more flexible switching performance, and the ability to accommodate more complex network architectures. For example, commonly-assigned U.S. Pat. No. 5,953,335 discloses a network switch configured for switching layer 2 type Ethernet (IEEE 802.3) data packets between different network nodes; a received data packet may include a VLAN (virtual LAN) tagged frame according to IEEE 802.1q protocol that specifies another subnetwork (via a router) or a prescribed group of stations. Since the switching occurs at the layer 2 level, a router is typically necessary to transfer the data packet between subnetworks.
Efforts to enhance the switching performance of a network switch to include layer 3 (e.g., Internet protocol) processing may suffer serious drawbacks, as current layer 2 switches preferably are configured for operating in a non-blocking mode, where data packets can be output from the switch at the same rate that the data packets are received. Newer designs are needed to ensure that higher speed switches can provide both layer 2 switching and layer 3 switching capabilities for faster speed networks such as 100 Mbps or gigabit networks.
However, such design requirements risk loss of the non-blocking features of the network switch, as it becomes increasingly difficult for the switching fabric of a network switch to be able to perform layer 3 processing at the wire rates (i.e., the network data rate). For example, switching fabrics in layer 2 switches merely need to determine an output port for an incoming layer 2 data packet. Layer 3 processing, however, requires implementation of user-defined policies that specify what type of data traffic may be given priority accesses at prescribed intervals; for example, one user defined policy may limit Internet browsing by employees during work hours, and another user-defined policy may assign a high priority to e-mail messages from corporate executives.
Layer 3 processing in a network switch may be particularly difficult for layer 2 data packets carrying fragmented layer 3 frames, for example Internet Protocol (IP) frame fragments. In particular, only the first transmitted IP frame fragment of the group of fragments will include sufficient layer 3 information and layer 4 information (e.g., TCP/UDP source port and/or TCP/UDP destination port) for layer 3 processing of user-defined policies; subsequent IP frame fragments, however, will not have layer 4 information for layer 3 processing of user defined policies. Hence, the subsequent IP frame fragments normally cannot undergo Layer 3 processing, preventing the layer 3 switching of fragmented layer 3 frames according to user-defined policies.
There is a need for an arrangement that enables a network switch to provide layer 2 switching and layer 3 switching capabilities for 100 Mbps and gigabit links without blocking of the data packets.
There is also a need for an arrangement that enables a network switch to provide layer 2 switching and layer 3 switching capabilities with minimal buffering within the network switch that may otherwise affect latency of switched data packets.
There is also a need for an arrangement that enables a network switch to perform layer 3 processing of user-defined policies at the network wire rate on layer 2 data packets carrying fragmented layer 3 frames.
These and other needs are attained by the present invention, where a network switch includes network switch ports, each including a policy filter configured for obtaining layer 3 and layer 4 information from a received layer 2 frame. The layer 3 information and the layer 4 information are used to determine a policy identifier that specifies a layer 3 switching operation to be performed on the received layer 2 frame. Each network switch port also includes a flow identification module that caches portions of the layer 3 information and the corresponding policy identifier. The cached portions of the layer 3 information and the corresponding policy identifier are then used by the flow identification module to identify the appropriate policy for subsequent fragmented layer 3 frames that lack the layer 4 information necessary for performing another policy lookup, but that have sufficient layer 3 information to uniquely identify each layer three flow. Hence, each layer 3 fragment can be assigned a unique policy for execution of layer 3 switching decisions.
One aspect of the present invention provides a method in a network switch. The method includes receiving a first layer 2 frame at a network switch port, the first layer 2 frame including first layer 3 information and layer 4 information that specify payload data characteristics within the first layer 2 frame. A policy identifier is determined in the network switch port for the first layer 2 frame based on the first layer 3 information and the layer 4 information, the policy identifier specifying a layer 3 switching operation to be performed on the first layer 2 frame. The method also includes receiving a second layer 2 frame at the network switch port, the second layer 2 frame including a portion of the first layer 3 information, and selecting the policy identifier of the first layer 2 frame for the second layer 2 frame by correlating the second layer 2 frame to the first layer 2 frame based on the portion of the first layer 3 information. The selection of the policy identifier for the second layer 2 frame based on correlation between the layer 3 information enables the second layer 2 frame, which may lack the layer 4 information for an independent policy identification, enables the network switch port to utilize the previously determined policy identifier by uniquely identifying the layer 3 information of the first and second layer 2 frames. Hence, layer 2 frames carrying layer 3 information can be switched according to the same layer 3 switching operation by identifying the layer 2 frames carrying higher level data for the same high level data flows.
Another aspect of the present invention provides a method of identifying a layer 3 switching decision within an integrated network switch. The method includes identifying within a network switch port a received layer 2 frame as having one of a plurality of layer 3 frame fragments of a layer 4 data stream. In response to the identification in the received layer 2 frame, first layer 3 information from a first of the layer 3 frame fragments is stored in a memory within the network switch port, along with a policy identifier that specifies a layer 3 switching operation to be performed on the corresponding layer 2 frame carrying the first of the layer 3 frame fragments based on the corresponding layer 3 information and layer 4 information. The method also includes selecting the policy identifier, for subsequent ones of the layer 3 frame fragments following the first of the layer 3 frame fragments, based on a portion of the first layer 3 information in each of the subsequent ones of the layer 3 frame fragments. Selection of the policy identifier based on the portion of the first layer 3 information enables the same layer 3 switching operation to be performed on the layer 2 frames carrying the layer 3 frame fragments of a layer 4 data stream, merely by comparing the layer 3 information to confirm that the layer 3 frame fragments are part of the same layer 4 data stream.
Still another aspect of the present invention provides an integrated network switch configured for executing layer 3 switching decisions, the integrated network switch having network switch ports. Each network switch port comprises a policy filter configured for obtaining layer 3 information and layer 4 information from a received layer 2 frame and determining, based on the obtained layer 3 information and layer 4 information, a policy identifier that specifies a layer 3 switching operation to be performed on the corresponding layer 2 frame. Each network switch port also includes a flow identification module configured for identifying the received layer 2 frame as having one of a plurality of layer 3 frame fragments of a layer 4 data stream. The flow identification module also includes a table for storing at least a portion of the obtained layer 3 information and the corresponding policy identifier, the flow identification module selecting the policy identifier for each of subsequent layer 3 frame fragments based on a match between the stored portion of the obtained layer 3 information and a corresponding portion of the layer 3 information in the corresponding layer 3 frame fragment. Use of the table enables the flow identification module to cache the obtained layer 3 information and the corresponding policy identifier for subsequent layer 3 frame fragments. Hence, each network switch port can easily determine layer 3 switching decisions for each of the received layer 3 frame fragments, optimizing non-blocking layer 3 switching in the network switch at the wire rate without imposing substantial burden on the layer 3 switching logic.
Additional advantages and novel features of the invention will be set forth in part in the description which follows and in part will become apparent to those skilled in the art upon examination of the following or may be learned by practice of the invention. The advantages of the present invention may be realized and attained by means of instrumentalities and combinations particularly pointed in the appended claims.