1. Field of the Invention
The present invention relates to layer 2 and layer 3 switching of data packets in a nonblocking network switch configured for switching data packets between subnetworks.
2. Background Art
Local area networks use a network cable or other media to link stations on the network. Each local area network architecture uses a media access control (MAC) enabling network interface devices at each network node to access the network medium.
The Ethernet protocol IEEE 802.3 has evolved to specify a half-duplex media access mechanism and a full-duplex media access mechanism for transmission of data packets. The full-duplex media access mechanism provides a two-way, point-to-point communication link between two network elements, for example between a network node and a switched hub.
Switched local area networks are encountering increasing demands for higher speed connectivity, more flexible switching performance, and the ability to accommodate more complex network architectures. For example, commonly-assigned U.S. Pat. No. 5,953,335 discloses a network switch configured for switching layer 2 type Ethernet (IEEE 802.3) data packets between different network nodes; a received data packet may include a VLAN (virtual LAN) tagged frame according to IEEE 802.1q protocol that specifies another subnetwork (via a router) or a prescribed group of stations. Since the switching occurs at the layer 2 level, a router is typically necessary to transfer the data packet between subnetworks.
Efforts to enhance the switching performance of a network switch to include layer 3 (e.g., Internet protocol) processing may suffer serious drawbacks, as current layer 2 switches preferably are configured for operating in a non-blocking mode, where data packets can be output from the switch at the same rate that the data packets are received. Newer designs are needed to ensure that higher speed switches can provide both layer 2 switching and layer 3 switching capabilities for faster speed networks such as 100 Mbps or gigabit networks.
However, such design requirements risk loss of the non-blocking features of the network switch, as it becomes increasingly difficult for the switching fabric of a network switch to be able to perform layer 3 processing at the wire rates (i.e., the network data rate). For example, switching fabrics in layer 2 switches merely need to determine an output port for an incoming layer 2 data packet. Layer 3 processing, however, requires implementation of user-defined policies that specify what type of data traffic may be given priority accesses at prescribed intervals; for example, one user defined policy may limit Internet browsing by employees during work hours, and another user-defined policy may assign a high priority to e-mail messages from corporate executives. In addition, user-defined policies typically involve a large number of combinations of data fields and values that identifying each policy. Hence, policy searches for a given data packet may take a relatively long time, affecting the nonblocking features or latency of the network switch.
There is a need for an arrangement that enables a network switch to provide layer 2 switching and layer 3 switching capabilities for 100 Mbps and gigabit links without blocking of the data packets.
There is also a need for an arrangement that enables a network switch to provide layer 2 switching and layer 3 switching capabilities with minimal buffering within the network switch that may otherwise affect latency of switched data packets.
There is also a need for an arrangement that enables a network switch to perform layer 3 processing of user-defined policies at the network wire rate on layer 2 data packets while optimizing the use of network switch resources.
These and other needs are attained by the present invention, where a network switch includes network switch ports, each including a policy filter configured for obtaining layer 3 and layer 4 information from a received layer 2 frame. The layer 3 information and the layer 4 information are used to determine a policy identifier that specifies a layer 3 switching operation to be performed on the received layer 2 frame. Each network switch port also includes a policy cache that caches portions of the layer 3 information and the corresponding policy identifier. The policy filter and the policy cache are then simultaneously searched for subsequent layer 3 frames to find the appropriate policy; if the appropriate policy is located in the policy cache, the searching operation is completed, enabling the network switch port resources to begin searching operations for another packet. Hence, policy search performance can be improved by execution of simultaneous search operations in the policy filter and the policy cache.
One aspect of the present invention provides a method in a network switch. The method includes receiving a first layer 2 frame at a network switch port, the first layer 2 frame including layer 3 information and layer 4 information that specify payload data characteristics within the first layer 2 frame. The method also includes determining by a policy filter in the network switch port a policy identifier for the first layer 2 frame based on the layer 3 information and the layer 4 information, the policy identifier specifying a layer 3 switching operation to be performed on the first layer 2 frame. First information, identifying the first layer 3 information and the layer 4 information, and the policy identifier are stored in a policy cache in the network switch port. A second layer 2 frame is received at the network switch port, and a simultaneous search is performed for a second policy identifier for the second layer 2 frame by the policy filter and within the policy cache. The storage of the first information and the corresponding policy identifier in a policy cache within the network switch port increases the search efficiency for the policy identifier on a received data frame, since the searching operation is performed locally without the necessity of accessing remote tables. Moreover, the simultaneous searching by the policy filter and within the policy cache optimizes the searching operation, since cached policy identifiers can be quickly located, enabling the policy filter to a port the existing search and begin a new searching operation; if a policy identifier is not located within the policy cache (or has been removed by an aging function), the policy filter can determine the policy identifier for the received data frame and update the policy cache accordingly.
Another aspect of the present invention provides an integrated network switch configured for executing layer 3 switching decisions. The integrated network switch includes an index table that includes addresses of layer 3 switching entries that specify respective layer 3 switching operations based on selected data fields within a received data packet, the index table also including for each address entry a corresponding entry signature representing a combination of the selected data fields hashed according to a prescribed hashing operation. The integrated network switch also includes network switch ports, each comprising a policy filter and a policy cache. The policy filter is configured for obtaining layer 3 information and layer 4 information, corresponding to the selected data fields, from a received layer 2 frame and determining, based on generation of a second entry signature from the obtained layer 3 information and layer 4 information, a policy identifier that specifies the layer 3 switching operation to be performed on the corresponding layer 2 frame. The policy cache is configured for storing the policy identifier having been determined by the policy filter and the corresponding entry signature, the network switch port simultaneously searching using the policy filter and the policy cache for determining the policy identifier for each corresponding subsequently received layer 2 frame.
Additional advantages and novel features of the invention will be set forth in part in the description which follows and in part will become apparent to those skilled in the art upon examination of the following or may be learned by practice of the invention. The advantages of the present invention may be realized and attained by means of instrumentalities and combinations particularly pointed in the appended claims.