This invention relates to communication networks, and, more particularly to apparatus and methods for filtering packets in a connection-based switching network that includes a shared-media subnetwork.
As businesses have realized the economic advantages of sharing expensive computer resources, cabling systems (including wireless cabling systems) have proliferated in order to enable the sharing of such resources over a computer network. A network for permitting this communication may be referred to as a local area network or xe2x80x9cLAN.xe2x80x9d LAN refers to an interconnection data network that is usually confined to a moderately-sized geographical area, such as a single office building or a campus area. Larger networks are often referred to as wide area networks or xe2x80x9cWANs.xe2x80x9d
Networks may be formed using a variety of different interconnection elements, such as unshielded twisted pair cables, shielded twisted pair cables, coaxial cable, fiber optic cable or even wireless interconnect elements. The configuration of these cabling elements, and the interfaces for the communication medium, may follow one (or more) of many topologies, such as star, ring or bus. In addition, a number of different protocols for accessing the networking medium have evolved. For example, the Institute of Electrical and Electronics Engineers, IEEE, has developed a number of standards for networks, including IEEE 802.3 relating to Ethernet buses using carrier sense multiple access and collision detection, IEEE 802.4 relating to token buses using token passing and IEEE 802.5 relating to token ring networks using token passing. The American National Standards Institute (ANSI) has also developed a standard for fiber distributed data interface (FDDI) using multiple token passing.
As demand has grown, communication networks have gotten bigger and bigger. Eventually, the number of stations on the network use up the available bandwidth for that network, or approach limits imposed by the physical medium employed. In addition, it is often desirable to combine two existing networks into one larger network. Accordingly, methods and apparatus for connecting two separate networks have developed. One such method involves the use of a bridge.
Generally, a xe2x80x9cbridgexe2x80x9d refers to a link between (at least) two networks. Thus, when a bridge receives information on one network, it may forward that information to the second network. In this fashion, two separate networks can be made to function as one larger network.
FIG. 1A illustrates one example of networks being interconnected. A first network NW 1 is shown as a network cloud NW1. End station ES1 is located within that network. Similarly, the figure illustrates a second network NW2 containing a second end station ES2; a third network NW3 containing a third end station ES3; and a fourth network NW4 containing a fourth end station ES4.
In FIG. 1A, the four networks NW1, NW2, NW3 and NW4, are interconnected using a shared media network F. (As discussed in more detail below, information on a shared media network is made available to all switches on that network.) The strategy for connecting networks NW1-NW4 in the topology of FIG. 1A uses a xe2x80x9cbackbone.xe2x80x9d That is, a separate network is disposed between each of the existing networks NW1-NW4. Communication traffic between the networks, therefore, is sent over the network backbone F. In the illustration, shared media network F is an FDDI token ring. Since shared media network F (or any of networks NW1-NW4) constitutes a communication network within a larger communication network, shared-media network F may also be referred to as a subnetwork.
Interconnections may be achieved using switches S1, S2, S3 and S4. The switch S1 may include two components. The FDDI components F1-F4 process and manage communications over the FDDI ring F, according to methods known in the art. The bridging components B1-B4 manage the bridging of traffic from the networks NW1-NW4 to the FDDI ring F, and vice-versa.
Bridging strategies are well known in the art, and are the subject of a standard promulgated by the IEEE, IEEE 802.1, concerning transparent or self-learning bridges. A useful background discussion of bridges can be found in Radia Perlman, Interconnections: Bridges and Routers, Edison Wellesley Professional Computing Series, Reading, Mass. (1992). To aid in understanding the present invention, a discussion of transparent bridges follows. This discussion is not intended to limit the scope or application of the present invention and claims.
One possible strategy for connecting two networks with a bridging board would be for the bridging board to forward all communications (often referred to as xe2x80x9cpacketsxe2x80x9d or xe2x80x9cdata packetsxe2x80x9dxe2x80x94both of these terms, as used in the specification and the claims, are intended to include traditional data packets and their functional equivalents, such as xe2x80x9ccells,xe2x80x9d xe2x80x9cdatagrams,xe2x80x9d or the like) to all other networks connected to that board. For example, whenever a communication is sent from end station ES1, that communication would be forwarded via the shared media subnetwork F to each of the other networks NW2, NW3 and NW4, regardless of who is the intended recipient. In this fashion, the shared-media subnetwork F would serve to combine the four networks NW1-NW4 as though they were only one network. Unfortunately, the duplication of every message sent on the network would quickly clog up the available bandwidth on each of the networks.
To address this problem, it would be possible to program each bridging board with the location of each station on each network. In this way, every communication could be routed to the appropriate network. This is a viable option as discussed below for connection-based networks; however, it may require replacement of existing network hardware, at additional expense.
Another alternative is to have a bridging board watch traffic across the board in order to learn the location of each end station, as communications are made over the network. In this fashion bridges could be simply plugged into networks and left on their own to learn the proper connections to be made. This type of bridge is often referred to as a xe2x80x9ctransparentxe2x80x9d bridge or xe2x80x9cself-learningxe2x80x9d bridge.
FIG. 1B illustrates an example of end station ES1 sending a packet to end station ES2. Each packet of information includes a unique identifier that indicates the source station and destination station for the packet. In this example, the source address would be a unique address (such as a media access control, or xe2x80x9cMACxe2x80x9d address) for ES1 and the destination address is a unique identifier for ES2. In the example, the packet is first sent from network NW1 to the backbone switch S1, as indicated at 12a. From this packet, bridging component B1 learns that end station ES1 is located off of its network port, as indicated in the first two columns of the table illustrated at T1.
A function of the bridging components B1-B4 is to remove (i.e., refuse to forward or xe2x80x9cfilterxe2x80x9d) data traffic that should not be sent to an attached network. In the present example, when bridging component B1 determines that end station ES1 lies off of its network port, it should not filter subsequent traffic to network NW1xe2x80x94if that traffic has a destination address corresponding to end station ES1. Accordingly, a filter entry of the table T1 indicates that traffic to end station ES1 should not be filtered.
Because the destination address of the packet (which corresponds to end station ES2) is not present in the table T1, bridging component B1 forwards the packet to the FDDI ring F. As indicated at 12b, the FDDI component F1 forwards the packet along the FDDI ring. Because the bridging component B2 is not aware of where end station ES2 is located, the bridging component B2 forwards the packet onto network NW2, as indicated at 12c. In addition, bridging component B2 learns from the source address for the packet that end station ES1 is located off of the FDDI port. Accordingly, bridging component B2 should filter any future traffic received on the FDDI port and destined to ES1. Thus, bridging component B2 creates a table T2 that identifies end station ES1 as connected off of its FDDI connection (the FDDI port), and indicating in the filter column that future traffic destined to end station ES1 should be filtered from network NW2.
Meanwhile, FDDI component F2 forwards the packet on its FDDI connection, as indicated at 12e. Switches S3 and S4 process the packet in a similar manner as switch S2. As indicated at 12i, the packet is again forwarded to FDDI component F1. Since F1 initiated this packet on the FDDI ring F, FDDI component F1 terminates the packet.
FIG. 1C illustrates what happens when end station, ES3 then sends a packet to end station ES1. The packet is first forwarded from the network NW3 to the switch S3, as indicated at 13a. As before, bridging component B3 learns that end station ES3 is located off its network port. Accordingly, an entry is made in the table T3 indicating that end station ES3 is off of the network port and that communications destined to end station ES3 should not be filtered.
As before, the FDDI component F3 will forward the packet to FDDI component F4. because the destination address for the packet is end station ES1, and there is an entry in the able T4 indicating that packets with a destination address of ES1 should be filtered, this packet filtered at bridging component B4 and not forwarded to network NW4.
FDDI component F4 forwards the packet to FDDI component F1, as indicated at 13c. Bridging component B1 refers to its table T1. End station ES1 is a known destination address and is not a filter entry. Accordingly, the packet is forwarded onto network NW1, as indicated at 13d. 
As indicated at 13e, the packet is also forwarded to FDDI component F2. As before, this packet is filtered from network NW2, and bridging component B2 also learns that end station ES3 lies off of its FDDI portxe2x80x94thus, future communications to end station ES3 should also be filtered.
The table located at each switch (es, tables T1-T4) may be implemented as a bridge ASIC filter table or bridge address filter table (xe2x80x9cBAFxe2x80x9d table). A BAF may be implemented as a separate special-purpose hardware or software mechanism. A purpose of the BAF is to permit automatic filtering of packets. That is, the packet may be automatically filtered (or xe2x80x9cin-linexe2x80x9d filtered) when receivedxe2x80x94without intervention of a host CPU or other element implementing the switching functions of the device. The host CPU for the switch may then process more sophisticated procedures or functions while the BAF table and,mechanism in-line filter unwanted packetsxe2x80x94preventing these packets from swamping the host CPU. As a result, however, existing hardware and software for a switch may apply filtering based on entries in the BAF table, without providing any opportunity for implementing a more sophisticated filtering scheme on the host CPU.
The network described above employs a destination address-based form of switching. That is, the decision of where to route a packet is based on the destination address for that packet. Most existing network topologies employ destination address-based procedures for determining the flow of communication packets. Accordingly, when a switch receives a packet with a given destination address on a particular port, that switch will always handle the packet in the same mannerxe2x80x94filtering the packet or forwarding the packet to the same port, as determined, for example, by the BAF tables or their equivalents.
The network described above also includes a shared media network F. In a shared media network, switches or end stations may be exposed to communication traffic not intended for that switch or end station. For example, a bus, such as a conventional ethernet network, employs a shared media topology. Similarly, a conventional FDDI ring may be viewed as a shared media topologyxe2x80x94each station or switch located on the FDDI ring is exposed to all traffic that is present on the ring. As described above, shared media networks also may require some way of filtering packets not intended to cross that switch.
Most currently implemented networks follow a destination address-based scheme and include shared-media networks. An alternative, which is gaining increased acceptance, is to employ connection-based networking.
In a connection-based network, a specific path may be selected through the network for a given data packet. Thus, each packet follows a specific route or xe2x80x9cconnectionxe2x80x9d through the network. For example, the packet itself could specify a route through switches on the network. Alternatively, the source address (in combination with the destination address) for a packet could be used to identify a path through the switches. In this case, each source address/destination address pair could be used to uniquely identify a path through the communication network and each switch would know how to handle a packet corresponding to each source address/destination address combination that has a connection passing through that switch. Assignment of the path through the network could be done either through a central management site or through a distributed mechanism for determining a connection path for each source address/destination address pair that corresponds to a communication path that is currently being used.
U.S. Pat. No. 5,485,455 issued Jan. 16, 1996, illustrates a particularly advantageous embodiment of a connection-based network, using a centralized management agent to establish the mapping of destination address/source address pairs to a communication path. U.S. patent application Ser. No. 08/626,596, filed Apr. 2, 1996, which is now U.S. Pat. No. 5,825,772, and commonly owned, discloses a particularly advantageous connection-based networking system employing distributed determination of communication paths through the switched network. Each of the above-identified patents and applications are hereby incorporated by reference in their entirety.
Connection-based networks offer an opportunity to improve network efficiency (i.e., the effective bandwidth of the network) and to provide additional services to network users. Accordingly, many network administrators would like to implement connection-based networking systems. Unfortunately, replacing existing destination-based hardware and software components, including shared-media network infrastructure, in order to implement connection-based network topologies can be an expensive proposition. Accordingly, there is a great need for a method and apparatus utilizing existing destination-based components and shared media networks in a connection-based scheme, preferably in a way that permits efficient filtering of packets in a shared-media subnetwork. Such a method and apparatus could, for example, permit an existing shared media network to be integrated into a newer connection-based networking scheme.
According to one embodiment of the invention, a method for filtering a plurality of packets received by a switch having a set of known connections is provided. According to this method, information on known connections for the switch is maintained and packets that do not correspond to one of the known connections are filtered.
According to another embodiment of the invention, a method for routing a packet through a connection-based network that includes a shared-media subnetwork is provided. According to the method, the packet is routed through a switch on the shared-media network and filtered on another switch on the shared-media network.
According to another embodiment of the invention, a method of using a switch in a connection-based communication network is provided. According to this embodiment, a path through the network is identified; packets are forwarded according to the identified path; and a packet that does not correspond to the identified path is filtered.
According to another embodiment of the invention, a switch for a connection-based communication network is provided. The switch includes two communication ports, means for maintaining information on a set of known connections, means for forwarding packets corresponding to one of the known connections, and means for filtering packets that do not correspond to one of the known connections.