1. Field of the Invention
The present invention relates generally to switches and electronic communication. More specifically, the present invention relates to improving security and segregation of host-to-host communications in an intelligent PCIe switch.
2. Description of the Related Art
Computer architectures have advanced greatly over the years. Lately, it is becoming more and more commonplace for chip designers to include external data interfaces, such as Universal Serial Bus (USB) interface controllers into their motherboards. These interfaces are known as host controllers. The processor is typically then connected to the other components of the computer system via an input/output (I/O) interconnect system.
There are many different computer I/O interconnect standards available. One of the most popular over the years has been the peripheral component interconnect (PCI) standard. PCI allows the bus to act like a bridge, which isolates a local processor bus from the peripherals, allowing a Central Processing Unit (CPU) of the computer to connect to a host of IO devices through this interconnect.
Recently, a successor to PCI has been popularized, termed PCI Express (or, simply, PCIe). PCIe provides higher performance, increased flexibility and scalability for next-generation systems, while maintaining software compatibility with existing PCI applications. Compared to legacy PCI, the PCI Express protocol is considerably more complex, with three layers—the transaction, data link and physical layers.
In a PCI Express system, a root complex device connects the processor and memory subsystem to the PCI Express switch fabric comprised of one or more switch devices (embodiments are also possible without switches, however). In PCI Express, a point-to-point architecture is used. Similar to a host bridge in a PCI system, the root complex generates transaction requests on behalf of the processor, which is interconnected through a local I/O interconnect. Root complex functionality may be implemented as a discrete device, or may be integrated with the processor. A root complex may contain more than one PCI Express port and multiple switch devices can be connected to ports on the root complex or cascaded.
The Assignee of the present invention has developed various PCIe switches, described in U.S. patent application Ser. Nos. 13/624,781, 13/212,700, and 12/979,904, which provide general background information on PCIe switches. As an example, FIG. 1 is a block diagram depicting a normal shared IO architecture having a standard PCIe switch 102 controlled by a management host running switch management software. Switch 102 services one or more hosts, shown as connected host 106 and connected host 108 (also referred to as “local hosts”), for example servers, PCs, and other computing devices. Also connected to switch 102 are one or more devices 110-116 that typically provide some type of function or service for the connected hosts. Within switch 102 are virtual devices 118-124. Virtual devices 118 and 120 are connected to connected host 106, and virtual devices 122 and 124 are connected to connected host 108. Some of these virtual devices have data paths to physical devices 110-114. The functionality and roles of virtual devices 118-124 are described in co-pending application U.S. patent application Ser. No. 12/979,904, entitled “MULTI-ROOT SHARING OF SINGLE-ROOT INPUT/OUTPUT VIRTUALIZATION,” where a solution was described that used resource redirection methods when multiple hosts are connected using the non-transparent ports of a PCIe switch that supports shared I/O mechanisms.
As another example, FIG. 2 is a block diagram depicting a PCIe switch having a logical device and a management host system with logical device enabling software, and is described in U.S. patent application Ser. No. 13/624,781, entitled “PCI EXPRESS SWITCH WITH LOGICAL DEVICE CAPABILITY,” the content of which are incorporated by reference. Shown is an innovative PCIe switch 202 connected to a host 204 and three physical devices 206-210. A management system host 212 with logical device software, and other necessary software for operating the management system, is connected to switch 202. The logical device enabling software implements a logical device 214 (also referred to as a consolidated virtual device) shown by the dashed-line box. Logical device 214 operates virtually with connected host 204. It has data paths going to physical devices 206-210. Management system host 212 has control paths shown by the dashed lines to the physical devices 206-210 that implement logical device 214. These control paths are dashed to indicate that they essentially emanate from the logical device enabling software in management system 212, and are responsible for physically implementing logical (virtual) device 214. The logical device is also tied to a Direct Memory Access (DMA) engine.
U.S. patent application Ser. No. 13/212,700, filed Aug. 18, 2011, entitled, “SHARING MULTIPLE VIRTUAL FUNCTIONS TO A HOST USING A PSEUDO PHYSICAL FUNCTION” describes a PCIe switch having virtualized physical functions. The contents of U.S. patent application Ser. No. 13/212,700 are incorporated by reference to provide context on other PCIe switch implementations of the Assignee of the present invention.
As the cluster size and functionality of PCIe switches continues to increase, security of message flows is a potential concern. The inventors of the present patent application have recognized that conventional security approaches are inadequate to address these issues.