Open systems interconnect (OSI) layer 2 forwarding devices, such as Ethernet switches, maintain one or more forwarding tables to provide destination information for forwarding layer 2 packets. A typical forwarding table includes a list of destination addresses and corresponding forwarding information. The forwarding information can include an output port or other information for forwarding a received packet to its destination. For example, when a packet is received at the forwarding device, the packet can be examined to determine its destination address. Next, a lookup is performed in the forwarding table to determine the forwarding information corresponding to the destination address. The packet can then be forwarded to the port corresponding to the destination address in the forwarding table.
Conventional layer 2 forwarding devices, such as media access control (MAC) forwarding devices, build forwarding tables by learning the ports associated with destination addresses. Address learning may include building a forwarding table by associating the source address of a received packet with the port of the forwarding device on which the packet is received. Subsequently received packets having a destination address matching the learned source address of the received packet can be forwarded to the corresponding port listed in the forwarding table. If a packet arrives and there is no entry in the forwarding table for the packet's destination address, the packet will be flooded to all output ports. Because such flooding wastes bandwidth, it is desirable to learn MAC addresses as quickly as possible.
Conventional layer 2 MAC learning systems build and maintain forwarding tables by utilizing either a software-based or hardware-based approach. One software-based approach includes identifying that MAC learning is required by the absence of an entry corresponding to the MAC source address in a received packet and forwarding the packet to a central processor for software-based learning. Next, the central processor may implement a security policy to determine whether MAC learning is allowed. If MAC learning is allowed, the central processor can add the MAC source address to the hardware forwarding table associated with the appropriate source port. Subsequent packets with the same source MAC address will not require MAC learning because the MAC address is stored in the forwarding table.
One hardware-based approach utilizes a hardware module for learning MAC addresses. In particular, the hardware module can recognize that MAC address learning is required for a given MAC address by searching the MAC forwarding table for an entry corresponding to a source MAC address. If the entry is not present, the hardware adds the entry to the forwarding table. A software-managed shadow table can be utilized for user interface applications, such as displaying the MAC address forwarding table. Software polling or an interrupt mechanism may drive the software-managed shadow table. However, software is not utilized for learning or building the forwarding table.
The software-based approach described above has the advantage of flexibility over the hardware-based approach. For example, MAC security features, such as limiting the number of learned MAC addresses for a given port, VLAN, or port/VLAN combination, preventing learning of MAC addresses that have not been expressly allowed by an administrator, or providing 802.1x security, can be readily implemented using the software-based approach. 802.1x refers to a port-based access control protocol where devices must be authenticated before being granted access to a LAN. Software MAC learning may be implemented such that MAC address learning is only permitted for MAC addresses that have been authenticated. Utilizing the software-based approach, specific MAC addresses can be dynamically prevented from accessing the network. However, one disadvantage of the software-based-approach is that the MAC address learn rate is limited by the availability of the system processor. This may result in a delay between receiving a given source MAC address and incorporating the MAC address into the hardware forwarding table. As discussed above, undesirable layer 2 flooding of packets can result until software-learning is complete. In addition, software-based learning increases the burden on the system processor that performs the learning.
The hardware-based approach can be advantageous over the software-based approach for a number of reasons. For example, new MAC addresses can be learned at line rate. Another advantage is that there is no unnecessary layer 2 flooding because there is negligible delay between receiving a packet requiring MAC source learning and adding the entry to the hardware forwarding table. Finally, performing hardware-based learning decreases the load on the processor, thus allowing other software modules additional processing time. One disadvantage of the hardware-based approach is the lack of flexibility. For example, while hardware can be designed to implement MAC security features, it cannot be updated to implement new security features unless the hardware is designed to allow such flexibility. Regardless of the flexibility of the initial hardware design, there will always be new features that existing hardware cannot implement. For such features, a hardware redesign will be required.
Accordingly, in light of these problems associated with software-based and hardware-based layer 2 address learning, there exists a long felt need for improved methods and systems for layer 2 address learning, such as MAC address learning.