The problem of networking a set of devices has been divided into layers. The bottom layer is a physical layer. It handles the actual physical connections between devices. The second layer is the data link layer. It describes how the data is formatted on the physical medium that connects the devices. The third layer is the network layer. It handles cases where there is greater than one connection per machine. The fourth layer is the transport layer. This determines that all of the messages from a source reach the destination reliably and in an unduplicated fashion. Often the second layer is subdivided into a Logical Link Control (“LLC”) layer and a Media Access Control (“MAC”) layer. A MAC address is required in this layer. In the TCP/IP suite of protocols employed on the Internet, the third layer or network layer is the IP layer. This layer requires a globally unique IP address in order to route packets to the right physical machine. The IP address is issued by a central authority. The TCP layer additionally requires a machine port number so that the packet is sent to the correct port of a specific machine. The present invention is implemented in one embodiment by directing packets to a network appliance using a layer 2 bridge or switch.
Bridges or switches that operate in the data link layer may be used to connect networks using different MAC level protocols such as Ethernet, Token Ring or Token Bus. Such devices do not examine the network layer header to transfer packets between networks and thus can copy IP, IPX, and OSI packets to different networks in contrast to a network level router (level 3) that handles packets conforming to a specific network layer protocol.
A bridge discovers the layer 2 addresses of devices on networks connected to it by examining packets sent by the devices and storing the layer 2 source addresses of the devices in a memory. When a bridge receives a packet, the bridge checks the packet destination address against its table of layer 2 addresses for each network that is connected to the bridge to determine the network interface to which the packet should be transferred. A multiport bridge has multiple ports that may be connected to multiple networks and the bridge determines the port that receives each incoming packet based on the layer 2 destination address of the packet and the layer 2 addresses known to the bridge to be reachable on each of its ports. It should be noted that throughout this specification reference is made to a multiport bridge or layer 2 switch and that whenever such reference is made, either device may be substituted for the other and other similar multiport layer 2 network devices may also be substituted for the multiport bridge or layer 2 switch.
A two port bridge that stores layer 2 addresses of devices connected to the two networks that are bridged is described in detail in U.S. Pat. No. 4,627,052 issued to Hoare et al., which is herein incorporated by reference for all purposes. The bridge keeps track of the layer 2 addresses of devices that send messages from networks connected to either of its ports. A layer 2 switch or multiport bridge is an extension of such a device where more than 2 ports are connected to networks or subnetworks and the multiport bridge or switch keeps a table of the layer 2 addresses of devices sending messages to each of the ports. Packets sent to the switch are inspected and transferred to the port that is connected to a network or subnetwork where the device corresponding to packet destination address has been transmitting.
Many layer 2 switches and multiport bridges are configured to have one of their ports running at a higher rate than the rest of the ports. The faster port is referred to as an uplink port. For example, a switch with 12 Fast Ethernet (100 Base T) ports and 1 Gigabit Ethernet port may be used to connect a number of small Fast Ethernet networks to a single larger network via the Gigabit Ethernet port. Such a switch functions similarly to a layer 2 switch having ports all operating at the same speed. A separate table of layer 2 addresses is maintained that may be reached via the fast uplink port just as a table of addresses is maintained for addresses that may be reached via any of the slower ports.
A number of network appliances have been developed that process or monitor all packets that enter or leave a network. For example, a load balancer such as the Cisco Local Director described in U.S. patent application Ser. No. 08/850,248, entitled “Distributing Connections To A Group Of Machines”, filed May 2, 1997, is used to intercept and redirect packets sent to or from a network served by the Local Director. Similarly, a firewall may need to receive all packets sent to or from a protected network for the purpose of filtering packets. Packet monitors may also need to receive all packets sent to or from a network. In each of these cases, a traffic situation exists that is similar to the situation described above where multiple networks are connected through a layer 2 switch uplink to a larger network. Relatively light traffic is experienced in and out of the various subnetworks that comprise the network being serviced by the network appliance. Since all network traffic is seen by the network appliance, very heavy traffic is experienced on the interface that connects the network appliance to all of the subnetworks.
It would be useful if a layer 2 switch with an uplink port could be adapted for use with a network appliance that needs to receive all network traffic that enters and leaves a network.