The present invention relates generally to data communications, and particularly to network switches implementing multiple address databases.
A data communication network permits multiple devices, such as computers and the like, to communicate with each other by exchanging data, often organized as frames, over the network. Such networks include local area networks (LAN), which connect devices in close physical proximity, and wide area networks (WAN), which connect devices separated by greater distances.
It has recently become desirable to segregate the devices connected by such a physical network into smaller groups, referred to as Virtual LANs (VLAN). VLANs are configured using software and hardware so that traffic on one VLAN does not automatically propagate to other VLANs. For example, conventional network switch 100 shown in FIG. 1 includes a switch 102 and a CPU 104. Switch 100 includes six ports p0 through p5, a controller 112, and a memory 108 that stores an address database 110. Port p0 is connected to central processing unit (CPU) 104. Port p5 is connected to a WAN 106. Ports p1 through p4 are connected to devices d1 through d4 such as networks, network enabled computers, and the like.
Further, it is desirable to create two VLANs, VLAN A and VLAN B, such that VLAN A consists of devices d1 through d4 and VLAN B consists of WAN 106, and such that data is exchanged between the VLANs only through CPU 104. One conventional method for isolating the two VLANs in this manner is to provide a port register for each port. The contents of the port register identify the other ports in the switch with which that port can communicate. Because WAN 106 can communicate only with CPU 104, the port register for port p5 identifies only port p0, the CPU port. And because devices d1 through d4 can communicate only with each other and the CPU, the port registers for ports p1 through p4 identify only ports p0 through p4. And because CPU 104 can communicate with any port in switch 102, the port register for port p0 identifies ports p1 through p5.
In some applications it has also become desirable recently to permit the media access control (MAC) address of a device served by a network switch to be associated with multiple ports within the switch. Referring again to FIG. 1, assume that CPU 104 has MAC address 32, WAN 106 has MAC address 33, and devices d1 through d4 have MAC addresses 34 through 37, respectively. When device d1 sends a frame of data to WAN 106, VLAN isolation requires that frame to pass through CPU 104. The source MAC address of the frame sent from device d1 to CPU 104 is 34. However, in a conventional switch, the source MAC address of that frame, when forwarded from CPU 104 to WAN 106, is changed to 32, the source MAC address of the CPU. It is desirable in some applications that the source MAC address of the forwarded frame be 34, the source MAC address of device d1.
Of course, CPU 104 can change the source MAC address of the frame forwarded from CPU 102 to WAN 106 to be 34, but this confuses switch 102, which learns associations between MAC addresses and ports by monitoring the source MAC address of each frame traversing the switch, and by storing the source port identifier (SPID) and source MAC address as an entry in address database 110. Returning to the example, the source MAC address of the frame sent from device d1 to CPU 104 is 34; therefore switch 104 associates MAC address 34 with port p1. Thus switch 102 will send any frame having a destination address of 34 to device d1, as it should. But when CPU 104 forwards the frame to WAN 106, and forces the source address of the frame to be 34, switch 102 associates MAC address 34 with port p0, the CPU port, and will thereafter erroneously send any frame having a destination address of 34 to the CPU.
One approach to permitting a single MAC address to be associated with multiple ports is to employ multiple address databases. Each entry in the databases stores the MAC address, a port associated with that MAC address, and a VLAN identifier (VLAN ID) for that association. Returning to the example, it is desirable to associate MAC address 34 (the MAC address of device d1) with both port p1 (the port for device d1) in VLAN A, and with port p0 (the CPU port) in VLAN B. Therefore address databases 110 should contain two entries for MAC address 34. One of the entries would store MAC address 34, a port identifier for port p1, and VLAN ID=A. The other entry would store MAC address 34, a port identifier for port p0, and VLAN ID=B.
One disadvantage of this approach is that the size of the memory required by the address databases must be increased, sometimes doubling in size or halving the number of MAC addresses that can be stored in the same space. According to this approach, each entry in the address database must store not only the MAC address, port identifier, and VLAN ID, but must also store management bits used for other functions, such as entry locking and aging. The MAC address requires 48 bits. The VLAN ID requires up to 12 bits. If the address databases are implemented as a 64-bit wide memory, only 4 bits remain for the port identifier and the management bits, a number that is generally insufficient. The alternative is to increase memory width. The next generally-available memory width is 128 bits, requiring a two-fold increase in the memory resources (cost, real estate, and power) consumed by the address databases.