This section introduces aspects that may be helpful in facilitating a better understanding of the invention. Accordingly, the statements of this section are to be read in this light and are not to be understood as admissions about what is in the prior art or what is not in the prior art.
Several technical terms and/or phrases will be used throughout this application and merit a brief explanation.
A Virtual Local Area Network (VLAN) is a group of clients that communicate as if they were connected irrespective of their actual geographical location. VLANs are like LANs but do not require VLAN members to be located on the same network switch.
A VLAN tag is an Institute of Electrical and Electronics Engineers (IEEE) 802.1Q tag inserted into a data frame or packet which includes a tag protocol identifier (TPI), a priority code point (PCP), a canonical format indicator (CFI) and a VLAN identifier (VID). The VID specifies the VLAN to which the frame belongs.
Internet Protocol (IP) multicast utilizes multicast addressing to allow IP packets to be sent to a group of receivers in a single transmission rather than unicasting from the source to each receiver individually.
An access control list (ACL) is a list that specifies which users are permitted access to objects and what operations are allowed on given objects.
Quality of Service (QoS) refers to a mechanism to control resources in a packet-switched telecommunications network and not to the achieved service quality. Quality of Service allows different priority to be given to different data flows from different users to guarantee a certain level of performance to a data flow from a given user.
Bridging permits packets to be forwarded over the Internet and relies on inspection of source addresses in received packet headers and broadcasting to locate devices in the network. A table is used to store the MAC addresses of located devices for further use when packets are received.
A Service Level Agreement (SLA) is a portion of a service contract in which the level of service is formally defined between a customer and a service provider.
File Transfer Protocol (FTP) is a network protocol for copying a file from one host to another over the Internet.
Hypertext Transfer Protocol (HTTP) is a network protocol that is the foundation for the World Wide Web. A computer submits a HTTP request to a server hosting a website and storing content such as HyperText Markup Language (HTML) files.
Secure Sockets Layer (SSL) is a network protocol for providing security over the Internet.
User Datagram Protocol (UDP) is a network protocol that allows computer programs to send datagrams to other hosts on the network without setting up a predetermined data path.
Transmission Control Protocol (TCP) is a network protocol that permits more reliable delivery of data packets than UDP from one computer to another computer.
Real-Time Transport Protocol (RTP) is a network protocol for delivering audio and video over the Internet.
A Uniform Resource Identifier (URI) is a string of characters for identifying a name or resource on the Internet.
A Uniform Resource Locator (URL) is a URI that identifies where a resource is available and how to access the resource.
A Network Management System (NMS) involves both hardware and software used for managing a network.
A bridge and a switch are devices used in a network to connect other network segments. A switch has numerous ports compared to a bridge.
A router is a device that connects two or more networks and permits data to be exchanged between the networks.
A residential gateway is a device used to connect devices in the home to the Internet and may include a modem, a switch and a router. A gateway router is a router that serves as an access point to another network.
Network devices traditionally classify received traffic into VLAN based traffic using the following classification methods: (1) port based VLAN or default VLAN assignment (for untagged traffic); (2) assignment based on the VLAN ID stored in the VLAN tag of the packet (for tagged traffic); (3) protocol based VLAN assignment; and (4) IP subnet based VLAN assignment.
These VLAN classification methods are based on fixed policies. All customer traffic, regardless of the content of the traffic, gets classified based on these policies. The traditional Ethernet network then sets up the bridging rules to setup the topology path for the customer traffic. In the Ethernet cloud, all the decisions related to Layer 2 switching, security and QoS are based on the VLAN that has been assigned to the traffic on the ingress enterprise switches.
The edge switches classify the packets/traffic based on the aforementioned VLAN classification techniques. No further sub-classification of the customer traffic based on the content of the traffic occurs. Thus, the FTP traffic, HTTP traffic to server X, HTTP traffic to server Y and voice traffic or video traffic might all be classified in the same VLAN. All the customer traffic is then switched through the customer network based on the VLAN classification performed on the edge switch.
Network administrator equipment might have the capability to use ACLs to apply QoS and security policies independently of the traffic flows, but these policies have to be distributed uniformly to all the edge switches and to some extent to the core switches, creating increased administrative overhead for the network administrator. Any change in user policies involves administrative work to create differential behavior to the traffic flows which are subscribing to a specific content.
The user traffic is often a mix of different traffic flows (e.g. FTP, HTTP, IP multicast and RTP). Even within the HTTP traffic, the content might be destined to different routing gateways thus requiring different bridging and QoS policies in the Ethernet cloud.
Current network solutions do not classify traffic into VLANs based on the content of the traffic. The network administrator does not have a mechanism to look deep into the packet and sub-classify the traffic (which can be destined to the same destination) into separate VLANs.
Hence, there is a need for devices and methodology that efficiently, reliably and affordably permits classifying traffic to a Virtual Local Area Network (VLAN) based on the content of the traffic and constructing a framework for a network based on content based bridging of traffic.