1. Field of the Invention
The present invention relates to a filter apparatus for controlling packet traffic across a computer network, and more particularly to a hardware-only filter apparatus that allows only desired packets to pass through.
2. Description of Related Art
Various hardware-only and hardware and software combination apparatuses are known in the general art of directing packets throughout a network system. A number of these devices are designed to optimize the performance of the network by evaluating packets and either determining a specific location where the packet should be sent, or providing a filter, or xe2x80x98gate,xe2x80x99 to only allow designated packets to pass through. One such device is known to the patent to Ready U.S. Pat. No. 5,825,774 which discloses a method and apparatus for increasing the throughput of a communications internetworking device. The method involves the generating, by internetworking device hardware, of a predetermined code vector in response to the current state of the communications internetworking device and information contained in a data packet received by the internetworking device. In response to the hardware generated predetermined code vector, a predetermined software routine is executed by a microprocessor in the internetworking device which controls how the data packet is to be transmitted to its destination. By using hardware to generate the code vector, time is saved over having software determine how the internetworking device is to handle the data packet.
An additional known device relates to the patent to Lundberg U.S. Pat. No. 5,761,534 which discloses a client interface that supports a plurality of peripheral channels and a network channel. The peripheral channels include a maintenance channel, message input channel, message output channel, express channel and several DMA channels. The client interface routes packets from the network to the peripheral resources and prioritizes the dispatching of packets onto the network. Express packets and message packets are given priority over DMA type packets. Priority to dispatch is rotated among the DMA channels.
Still further, the patent to Finney U.S. Pat. No. 5,845,072 discloses a common macro interface between chips that have design features in common and communicate with each other. The common macro interface (CMI) uses VHDL which is the industry standard hardware design language. A common protocol is provided to resolve communications problems and comprises four signals: request, acknowledge request, data acknowledge, and read/write.
Each of these devices teaches as its primary function the application of manipulating packets traveling across a network medium to optimize the performance characteristics of the overall network. The disclosed invention addresses this challenge of increasing the performance of a network by increasing the speed at which evaluating and directing the packets traveling across the medium is accomplished. This device achieves this desired goal, and differentiates itself from the known art by utilizing a grid means to evaluate each octet of the packet as it arrives at the apparatus.
The purpose of a Local Area Network (LAN) is to allow different nodes (users) to communicate across a shared medium. Nodes on the network transmit packets to other nodes on the network across this medium, and when a node on the network sees a packet with its own address in the packet header, it saves and processes the packet.
As more users share the medium, the volume of traffic increases, and as the medium becomes congested, it is subdivided into segments. Different devices are used to interconnect these segments, including bridges, hubs, and routers. Such devices make decisions on where to send the data based on addressing in the packet header.
All these decisions, whether made by nodes or interconnecting devices, are based on address, and are usually made with a combination of computer hardware and software. In the past, the computational power of the hardware/software combination provided by computer systems was adequate for processing the traffic across a 10 Megabit per second Ethernet local area network. Now, with 100 Megabit per second data rates becoming more common and 1 Gigabit on the horizon, these data rate increases are outpacing hardware/software computation speed increases.
There are multiple methods to characterize network traffic, in addition to address. One such method is by content. Network traffic items such as file transfers, print jobs, and e-mail have unique characteristics that allow the processing software to identify such a transaction (series of packets) and to separate the individual packets within the transaction from other traffic on the network before turning them into a useful piece of data. In order to do this, it is necessary to utilize a computer equipped with a hardware network card, a microprocessor, and network packet-processing software.
Performing the packet directing functions with a hardware-only device would increase the efficiency of the process by making it faster, smaller, and consume less power. The difficultly in achieving this performance is finding an efficient algorithm which can select the appropriate packets from the continuous stream of packets traveling across the network media. Previously, it was thought that the flow of transactions is better geared for processing with a microprocessor than with a hardware-only logic device.
This invention overcomes and surpasses the microprocessor design by selecting desirable packets from network traffic with a hardware-only device.
Accordingly, a primary object of the present invention is to provide a hardware-only filter system including grid means having columns and rows, and grid populating means for introducing into the squares of the grid, respectively, binary numbers that are a function of the comparison between an incoming data packet and the column and row headers of the grid, characterized by the provision of offset positioning means which control the insertion of the numbers into the columns in accordance with the predetermined offset instructions.
According to a more specific object of the invention, converter means serve to break down successive data packets into eight-bit octets that are identified and placed in the column headers of the grid means, and predetermined row header information is placed in the row headers of the grid. Comparison means compare the row and column header to produce positive and negative binary numbers in the event of a match and a non-match, respectively. These numbers are placed in the grid squares by the grid populating means as controlled by the offset positioning means. Evaluating means determine when all the square of any column are ones and release the data packet from a memory device in which it was temporarily retained. In the event that, upon completion of the grid population, no column of the grid has squares that are all ones, memory clear means are activated to clear the data packet from the memory means.