Packet based computer networks transmit information in packets that are formatted with a sequence of well-known header fields that direct the packets through the network. For example, a TCP/IP packet on an Ethernet network consists of three parts, an Ethernet header, an IP header, and a TCP header. The Ethernet header in turn includes three well-known fields. The source address, the destination address and the “EtherType” field. From the EtherType field the format of subsequent data may be determined. For instance, if the EtherType field indicates the packet contains an IP datagram, packet field values for the IP datagram allow the determination of source address, destination address and protocol fields. The protocol field identifies the type of data that follows, such as TCP, UDP, etc. The packet header information is used by network computer devices to route data through the network.
Network computing devices perform routing and switching functions based upon computations performed on the packet field values. For instance, router software on a general purpose computer sends packets to different output network interfaces based upon computations performed from header packet field values. To improve network transmission speeds, special purpose devices are used to perform simple, well specified functions at high speeds that direct network traffic. For instance, network appliances such as routers, switches and firewalls perform fixed functions based on one or more fixed fields using hard wired instructions that process packets in a substantially more rapid manner than software functions. As an example, a router computes the output interface for a packet based on the packet's destination address in the IP header.
Although hard wired instructions, such as those defined in application specific integrated circuits (ASICs) provide for rapid processing of packets through a network, ASIC designs are typically inflexible since the hard wired instructions generally cannot be reprogrammed through software. Thus, for example, networks that rely on routers have difficulty implementing services which generally call for varying packet processing behaviors since router functions are generally hard wired into ASICs. For instance, internet service providers that provide customer access to the Internet over router based networks have difficulty deploying services that provide for individual handling of packets related to specific customers.
In order to aid in the deployment of services to packet based networks, programmable network processors have been developed for use in network appliances such as routers, switches and firewalls. Network processors run a software program that determines the processing of packets but handles packets in a rapid manner by performing certain functions specific to processing of network packets through hardware implementations. For example, network processors support table look-up operations with hard wired instructions allowing routing functions that rely on table look-ups to occur at rates much faster than available through general purpose processors. Network processors support programs that look at packet field values and perform table look-up operations to determine the processing for the packet. For example, a program on a network processor classifies a packet by using information from IP source and destination address field values. The fields examined and the combination of the fields are determined by the program loaded on the network processor.
One difficulty with network processors is that loading a program on a network processor takes several seconds and brings the network processor off line so that packets are either dropped or passed through the network processor without processing. Thus, as an example, a network processor used in a router will not route packets while a new program is loaded. In systems that use fixed combinations of fields to process packets, the programming limitation of network processors does not present a substantial difficulty since the program running on the network processor need not change very often. However, in order to provide services to packet based networks, such as with the programmable network nodes disclosed in U.S. patwnt application Ser. No. 09/928,771, filed Aug. 13, 2001, entitled “System and Method for Programming Network Nodes,” which is incoporated herein by reference, the program running on the network processor may have to change more often.
Another difficulty with programming network processors is that newly added network processor programs must continue to process packets at line rates to avoid degrading network operations. For instance, if a program on a network processor fails to process packets at line rates, packets will be dropped and network performance severely degraded. The addition of new classifiers to a network processor program has an unpredictable effect on the speed at which the program operates on the network processor. Thus, especially in the case of complex packet processing behavior implementations, the reliability of new network processor programs is difficult to predict.