1. Field of the Invention
The invention relates to a communication apparatus connected to a network and a reply communication apparatus and an ARP reply communication apparatus which achieves high-speed reply.
2. Description of the Related Art
In the field of communication through a line, various protocols are regulated to respective layers of an OSI reference model, and processes related to the respective protocols are united to constitute a considerable complex process as a whole. Even though all these processes are executed by hardware, the hardware for the processes cannot be easily designed. Therefore, protocols related to layer 2 (data link layer) and higher layers except for layer 1 (physical layer) are generally executed by software.
The present invention is applied to a communication apparatus in which Ethernet (registered trademark) of the protocols is mounted. The Ethernet includes protocols related to layers 1 and 2. The protocols generally include DIX standard and IEEE802.3 standard. The two standards are generally called the Ethernet.
As protocols of layer 3 (network layer) and higher layers, TCP/IP is known. The TCP/IP is defined in a standard recommendation document RFC issued by IAB (Internet Architecture Board).
In this specification, an electronic document used in the Ethernet (belonging to layer 2) is called a frame, and an electronic document used in IP (belonging to layer 3) is called a packet. Between apparatuses on a network, the packet is transmitted while being mounted on a frame. A simple expression “packet is transmitted” from a device to a destination device is an expression made with attention to an operation of layer 3. When the operation of layer 2 is included, the expression means that “packet is mounted on a frame, and the frame is transmitted”.
Furthermore, in the present invention, an internal header may be added to a frame in hardware processing. However, in this specification, frame Added with the internal header is called an internal packet.
For example, a communication apparatus 61 as shown in FIG. 6 has a PHY 62 which is connected to a line of a network and processes a frame serving as an electric signal to be input/output by layer 1, a MAC 63 which processes the frame transmitted from the PHY 62 by layer 2, a packet forwarding 64 which performs a layer 3 process with respect to a packet in the frame forwarded from the MAC 63, and a CPU 65. A process performed by the PHY 62 is called an L1 termination, a process performed by the MAC 63 is called an L2 termination, and a process performed by the packet forwarding 64 is called an L3 termination.
As one of protocols executed by the software, an address solution protocol (RFC826) called an ARP used between layer 2 and layer 3 is known. The ARP is a protocol which inquires about a destination MAC address at a destination the IP address of which is know and the MAC address is not known.
More specifically, in an ARP request packet, an operation field is set as an ARP request by an ARP request transmitting device, a self-apparatus port IP address is stored in a source IP address field, a self-apparatus port MAC address is stored in a source MAC address field, a destination IP address is stored in a destination IP address field, and a destination MAC address field is blank (i.e., 0 is stored in every field). When this ARP request packet is transmitted by broadcasting of the Ethernet, each communication apparatus on a network at which the ARP request packet arrives checks a type field in an Ethernet header and an operation field in the ARP packet to determine the ARP request packet. When the packet is an ARP request packet, the communication apparatus checks whether a self-apparatus port IP address is stored in the destination IP address field. In this manner, the communication apparatus which recognizes that the packet is an ARP request packet addressed to the apparatus itself returns an ARP reply packet.
In the ARP reply packet, an operation field is set as an ARP reply by an ARP request receiving device, a self-apparatus port IP address is stored in a source IP address field, a self-apparatus port MAC address is stored in a source MAC address field, a destination IP address is stored in a destination IP address field, and a destination MAC address is stored in a destination MAC address field. The destination IP address and the destination MAC address are the same as those stored in the ARP request packet. A communication apparatus which transmits the ARP request packet receives an ARP reply packet to make it possible to acquire a desired destination MAC address.
For example, as shown in FIG. 7, in a network in which a terminal D1 is connected to a router D serving as a connecting device (router or L3 switch) of layer 3, a terminal E1 is connected to a router E, the routers D and E are connected to a network F, and network interface cards (NIC) are incorporated in the terminals D1 and E1, when the terminal D1 serving as a communication apparatus in which ARP is mounted desires to transmit a normal frame to the terminal E1 serving as a communication apparatus on which ARP is mounted as in the terminal D1, even though the IP address of the terminal E1 is known, if the MAC address of the router D is not know, the normal frame cannot be transmitted to the router D. For this reason, the terminal D1 transmits an ARP request packet in which the IP address of the router D is stored in a destination IP address field by broadcasting of the Ethernet. Since the router D which receives the ARP request packet transmits an ARP reply packet to the terminal D1, the terminal D1 knows the MAC address of the router D to make it possible to transmit a normal frame to the router D.
Pieces of field information to be stored in the ARP request packet and the ARP reply packet are partially different from each other. However, the ARP request packet and the ARP reply packet basically have the same format. A set of the ARP request packet and the ARP reply packet is called an ARP packet.
Therefore, procedures to be executed in a communication apparatus with respect to an ARP reply will be described in classification by hardware (herein referred to as HW) and software (herein referred to as SW).
¥1. HW; All ARP packets arriving at a PHY by broadcasting are received and forwarded to a CPU.
¥2. SW; An ARP request packet is detected from the ARP packet forwarded to the CPU on the basis of an operation field.
¥3. SW; It is determined by a destination IP address field whether the detected ARP request packet is addressed to a self-apparatus port (the self apparatus has a plurality of ports, and respective ports have IP addresses, respectively).
¥4. SW; When the ARP request packet is not addressed to the self-apparatus port, the ARP request packet is discarded.
¥5. SW; When the ARP request packet is addressed to the self-apparatus port, an ARP reply packet to be transmitted is generated. The received ARP request packet is discarded.
¥6. HW; The generated ARP reply packet is transmitted from a PHY. The ARP reply packet is transmitted so as to be inserted into a flow of the packet of an internal line connected to the MAC 63. When there is another packet, the packet is temporarily stored in a packet buffer (not shown in FIG. 6), and the packet is transmitted after the ARP reply packet is transmitted.
A related art to the invention is JP-A-2002-208982.
When a communication apparatus on which an ARP is mounted receives an ARP request packet addressed to the self-apparatus, an ARP reply packet must be transmitted. However, the communication apparatus may be targeted for an attack using an ARP called a DOS attack by a malicious third party. In the DOS attack, a large number of ARP request packets are sequentially sent to the communication apparatus. The communication apparatus which receives the ARP request packets repeatedly executes the procedures ¥1 to ¥6. Since most of the processes are software processes, a load on a CPU increases to make the CPU impossible to execute other processes. As a result, the apparatus cannot receive the other packets to be essentially received, and transmission/reception of the other packets is largely delayed to insert an ARP reply packet. The ARP reply packet reaches an ARP request source in late. For this reason, a normal packet to be essentially transmitted to a reply side by the ARP request source is considerably delayed.
The above malfunction of the communication apparatus is an object of the DOS attack. However, as in not only a DOS attack, when ARP packets increase on a network, the function of the communication apparatus is deteriorated for the same reason as described above.
The present applicant conceives the following fact. That is, when a software processing part in the ARP reply procedure is replaced with hardware processing to increase a processing speed, a load on a CPU can be reduced, and the function of the communication apparatus can be prevented from being deteriorated by the DOS attack or the increase in number of ARP packets. However, even though the software processing is entirely replaced with the hardware processing, it is understood that the following problems are left unsolved. That is, a large-capacity packet buffer is disadvantageously necessary for insertion of an ARP reply packet, and control of the packet buffer is complex.