1. Field of the Invention
The present invention relates to a packet forwarding apparatus which interconnects a plurality of networks, and particularly relates to a packet forwarding apparatus which provides various packet controlling functions including filtering and service quality control.
2. Description of Related Art
A router as a portion of an IP (Internet Protocol) network requires a flow retrieval function which detects, from header information for an input packet, the flow to which the packet belongs. In this specification, we call a series of packets which are identified by a combination of header information included in the packet header as a “flow.” The router performs packet controlling functions for each flow such as service quality control, statistic information control, filtering, and policy routing.
Recently, in order to cope with rapidly increasing IP traffic, a method for quicker flow retrieval has been explored. One example is the flow identification method proposed in Proceeding SB-4-2, M. Uga et al. tilted as, “A flow identification method using content addressable memory”, Proceedings of the 2000 IEICE General Meeting. The method is based on a CAM (Content addressable Memory) storing plural flow entries which describe flow identification conditions, and a retrieval result holding table storing plural table entries describing processing operations to be performed on an input packet according to each flow entry.
In the above-mentioned prior art, all necessary header fields for flow identification are extracted from header information of an input packet as retrieval key information and the CAM is searched to retrieve flow entries which match with the above-mentioned retrieval key information. The CAM quickly retrieves flow entries whose flow identification conditions match with the retrieval key information, regardless of the number of flow entries registered, and outputs, as a retrieval result, the address of the flow entry whose CAM address is the smallest among the retrieved flow entries.
The input packet is processed according to the description in the table entry read from the retrieval result holding table, based on the above-mentioned flow entry address. Therefore, if a table entry as an instruction for filtering of packets is registered at a specific address in the retrieval result holding table, it is possible to perform filtering of a group of packets which satisfy the flow identification condition as indicated by a specific flow entry with the CAM address corresponding to that table entry.
If a table entry which specifies, for example, the type of service (TOS) is registered at another address in the retrieval result holding table, service quality can be controlled for packets which belong to a specific flow corresponding to the table entry, which matches the above TOS information. Also, if a table entry which specifies, for example, a next hop address is registered in the retrieval result holding table, policy routing can be done on packets which belong to a specific flow corresponding to that table entry, where policy routing is performed by applying the next hop address specified by the above table entry instead of the next hop address decided automatically by the routing protocol.
In the above-mentioned prior art, a flow entry address is outputted from the CAM according to input packet header information. Then a table entry is read out from the retrieval result holding table according to that front entry address. The input packet is then processed according to the description in the table entry. This means that according to the above-mentioned prior art, only a specific type of packet processing as specified by the table entry can be performed on an input packet whose flow is identified but not on two or more types of packet processing such as service quality control and policy routing, at a time.