The present invention relates generally to communications networks and more particularly to virtual local area networks with multicast protection.
Local area networks (LAN""s) are used to facilitate communications between a number of users. Individual LAN""s may be bridged together to allow a larger number of users to communicate amongst themselves. These bridged LAN""s may be further interconnected with other bridged LAN""s using routers to form even larger communications networks.
Prior art FIG. 1 depicts an exemplary interconnected bridged LAN system. The numerals 10, 20, 30, etc., are used to identify individual LAN""s. Bridges between LAN""s are designated by the numerals 5, 15, 25 and 35. A router between bridged LAN 100 and bridged LAN 200 is identified with the reference numeral 300. In the prior art bridged LAN system depicted, a user A is able to communicate with a user B without leaving the LAN 10. If user A desires to communicate with user C in LAN 20 or user D in LAN 30, the communication is transmitted via bridges 5 and/or 15.
If user A desires to communicate with user E, the communication must be routed via router 300 to bridged LAN 200. As will be understood by those skilled in the art, bridges operate at layer 2 of the network model and transparently bridge two LAN""s. It is transparent to users A and C that communications between them are ported over bridge 5 because layer 2 bridges do not modify packets, except as necessary to comply with the type of destination LAN. However, if user A wishes to communicate with user E, the communication must be ported via router 300 which operates at level 3 of the network model. Accordingly, communications over routers flow at a much slower rate than communications over a bridge, and are regulated by the routers.
Therefore, LAN network administrators generally attempt to connect together those users who frequently communicate with each other in bridged LAN""s. However, if the bridged LAN becomes too large, it becomes unscaleable and may experience various well-known problems. Accordingly, routers are used to interconnect bridged LAN""s so that the bridged LAN""s themselves can be kept to an acceptable size. This results in delays in communications between users which are transmitted via the router 300. If, for example, in FIG. 1, user E and user A need to communicate frequently, it would be advantageous to interconnect LAN 10 and LAN 50 via a bridge rather than the router 300. This would require the rewiring of the system which is costly and may be impracticable under many circumstances, such as, if users A and E will only need to frequently communicate for a limited period of time.
Virtual LAN""s (VLAN""s) have recently been developed to address the deficiencies in interconnected bridged LAN systems of the type depicted in FIG. 1. VLAN""s allow LAN""s to be bridged in virtually any desired manner independent of physical topography with switches operating at layer 2. Hence, the switches are transparent to the user. Furthermore, the bridging of LAN""s can be changed as desired without the need to rewire the network. Because members of one VLAN cannot transmit to the members of another VLAN, a fire wall is established to provide security which would not be obtainable in a hardwired interconnected bridged LAN system. Accordingly, VLAN systems provide many advantages over interconnected bridged LAN""s.
For example, as shown in prior art FIG. 2, individual LAN""s 10-90 are interconnected by layer 2 switches 5xe2x80x2-55xe2x80x2. A network management station (NMS) 290 controls the interconnection of the individual LAN""s such that LAN""s can be easily bridged to other LAN""s on a long term or short term basis without the need to rewire the network. As depicted in FIG. 2, the NMS 290 has configured two VLAN""s by instructing, e.g., programming, and thereby configuring the switches 5xe2x80x2-55xe2x80x2 such that LAN""s 10-60 are bridged together by switches 5xe2x80x2-35xe2x80x2 and 55xe2x80x2 to form VLAN 100xe2x80x2 and LAN""s 70-90 are bridged together by switches 45xe2x80x2 and 55xe2x80x2 to form VLAN 200xe2x80x2. This is possible because, unlike the bridges 5-35 of FIG. 1 which include only two ports, and accordingly are able to only transfer information from one LAN to another LAN, the switches 5xe2x80x2-55xe2x80x2 are multiported and programmable by the NMS 290 such that the network can be configured and reconfigured in any desired manner by simply changing the switch instructions.
As shown in FIG. 2, the switch 55xe2x80x2 has been instructed to transmit communications from user A of LAN 10 to user E of LAN 50, since both users are configured within VLAN 100xe2x80x2. User A, however, is not allowed to communicate with users H or F since these users are not configured within the VLAN 100xe2x80x2 user group. This does not, however, prohibit users F and H, both of whom are members of VLAN 200xe2x80x2, from communicating via switches 45xe2x80x2and 55xe2x80x2.
If it becomes desirable to change the network configuration, this is easily accomplished by issuing commands from NMS 290 to the applicable switches 5xe2x80x2-55xe2x80x2. For example, if desired, user H could be easily added to VLAN 100xe2x80x2 by simply reconfiguring VLAN 100xe2x80x2 at the NMS 290 to cause an instruction to be issued to switch 55xe2x80x2 to allow communications to flow between users A-D and E and user H via switch 55xe2x80x2, i.e., to include LAN 90 in VLAN 100xe2x80x2 and remove it from VLAN 200xe2x80x2.
Because the switches 5xe2x80x2-55xe2x80x2 are layer 2 switches, the bridge formed by the switch is transparent to the users within the VLAN. Hence, the transmission delays normally associated with routers, such as the router 300 of FIG. 1, are avoided. The power of the VLAN lies in its ability to dynamically control the network configuration through software on the NMS 290. More particularly, in accordance with its programmed instructions, the NMS 290 generates and transmits signals to instruct the switches 5xe2x80x2-55xe2x80x2 to form the desired VLAN configurations.
Multicasting refers to the ability of a station on the network to simultaneously communicate a single message to a number of other stations on the network. In a typical LAN protocol, as shown in FIG. 3, the communication packet 400 includes a destination address 110 having six bytes, a source address 113, and a message portion 114. If the I/G (Individual Group) bit 112 is set to zero, the packet is directed to a single specified address. However, if the I/G bit 112 is set to one, the packet is identified as a multicast packet and is transmitted to all LAN""s of the bridged LAN.
For example, referring to FIG. 1, if member A of bridged LAN 100 wishes to multicast to members B and C of bridged LAN 100, the I/G bit of the destination address of the message packet would be set at one. If the I/G bit of the destination address, i.e., the multicast designator, is at one, the bridges 5 and 15 understand that the communication is a multicast communication and direct the communication to all LAN""s within the bridged LAN 100 for delivery to the members of the multicast group represented by the multicast address. It will be noted that multicast communications are not routed by routers such as router 300 of FIG. 1. Accordingly, in a conventional interconnected bridged LAN system, multicast communications cannot be distributed between bridged LAN""s. Further, because multicast communications within a bridged LAN are distributed to all individual LAN""s, e.g., 10-30 in FIG. 1, whether or not any member of the particular LAN within the bridged LAN is a member of the multicast group to whom the sender has addressed the message, network bandwidth may be unnecessarily utilized to communicate the message to the desired recipients.
In a VLAN network, the aforementioned problems are avoided. First, because all switching is done at level 2, i.e., no level 3 routers exist in the system, multicast communications may be transmitted to network members on any LAN within the VLAN. Further, using the NMS 290, a VLAN can be configured to include only those individual LAN""s which include members to whom it is desired to transmit the multicast. Thus, network bandwidth is not unnecessarily used to transmit multicast messages to individual LAN""s which lack members of the multicast group to whom the multicast communication is addressed. As will be recognized by those skilled in the art, as multicasting continues to grow in popularity, the amount of wasted bandwidth utilization in conventional LAN networks has increased. Hence, multicasting in a VLAN system requires less bandwidth utilization, i.e. multicast communications can be transmitted only to LAN""s associated with members of the multicast member group, while providing broader user coverage, i.e. multicast communications can be transmitted to any user within a VLAN, as compared to an interconnected bridged LAN system. Hence, VLAN""s offer a significant advantage over standard LAN architectures in this regard.
Further still, because VLAN""s can be rearranged or reconfigured dynamically, the members within a multicast group can be increased or decreased simply by modifying the multicast member group using the NMS 290 of FIG. 2. If multicasting becomes excessive over VLAN 100xe2x80x2, the NMS 290 can easily modify the multicast member group to exclude one or more LAN""s to reduce the multicasting overhead on the VLAN. VLAN 100xe2x80x2 can also be easily reconfigured to, for example, include LAN 60, thereby extending the multicast communications capabilities of the VLAN.
Prior art FIG. 4 is a schematic of an exemplary VLAN system. The VLAN system includes LAN""s 205-260 which are connected by switches 270-280 to a high-speed LAN backbone or trunk 265. An NMS 290 is interconnected to the switches 270-280 via LAN 260. A trunk station 285 is connected to the high-speed LAN backbone 265 via a trunk port 315. The LAN""s 205-215, and 230-235 have designated members F-J. Each of the switches 270-280 is capable of interconnecting the respective LAN""s connected to the switch by an access port 305 with each other, e.g. interconnecting LAN""s 205-220, and with other LAN""s connected by an access port to another of the switches via the high-speed LAN backbone 265, e.g. LAN 205 with LAN""s 225-260. For example, switch 270 can be instructed by the NMS 290 to interconnect LAN 205 to LAN 215 by configuring a VLAN including LAN""s 205 and 215, thereby facilitating communications between F and H. Switches 270 and 275 can also be instructed by the NMS 290 such that member F of LAN 205 can be interconnected to user I of LAN 230, by configuring a VLAN to include LAN""s 205 and 230.
Prior art FIG. 5 depicts a VLAN communications packet 400xe2x80x2 which is identical to the LAN communications packet 400 depicted in FIG. 3, except that a VLAN tag 116 has been added to the packet. The tag is appended by the initial switch to which the message packet is directed. The VLAN tag identifies the resulting packet as a xe2x80x9cVLANxe2x80x9d or xe2x80x9ctaggedxe2x80x9d packet, and represents the particular VLAN from which the packet originated.
For example, if LAN""s 205, 220 and 230 of FIG. 4 are within a single VLAN and member F of LAN 205 desires to communicate with member I of LAN 230, the message 114 of FIG. 5 with the MAP address 110 attached is directed to access port 305 of the switch 270. The switch determines, based upon instructions previously received from the NMS 290, that the member I address falls within the applicable VLAN and, accordingly, adds the appropriate VLAN header to the packet to form packet 400xe2x80x2, as shown in FIG. 5. The packet 400xe2x80x2 is then directed via trunk port 315 to the high-speed backbone LAN 265 and detected by switches 275 and 280.
Since switch 280 lacks any access ports connected to LAN""s within the applicable VLAN, switch 280 discards the communication. Switch 275 however, identifies the VLAN header 116 of packet 400xe2x80x2 as associated with a VLAN which includes LAN 230. The switch 275 accordingly removes the header and directs the communication, which now appears as message 400 of FIG. 3, to LAN 230 over which the member I receives the message.
Trunk stations, such as trunk station 285, are incapable of recognizing VLAN headers. Further, since no programmable switch is disposed between a trunk station and the trunk, communications with a VLAN header appended thereto will be ignored and/or discarded by the trunk station. Hence, in conventional VLAN systems, such as that shown in FIG. 4, the trunk stations, e.g. trunk station 285, form part of the default group, i.e. the group of system users not within any VLAN. Accordingly, in FIG. 4, any system user on LAN""s 205-260 can communicate with the trunk station.
Although conventional VLAN systems have numerous advantages over conventional interconnected bridged LAN systems, a need remains for a VLAN system in which access to trunk stations can be limited to only members of particular LAN""s within the system. For example, if the trunk station 285 is a secure server, it may be appropriate to limit access to trunk station 285 to only members of particular LAN""s. This need is addressed by the invention disclosed in the ""242 application. The ""242 application describes a general technique for limiting access to trunk stations to only members of a particular LAN""s within a VLAN system. However, a problem may arise in multicasting communications to a trunk station which is configured within the application VLAN multicast group where the VLAN system operates under special high efficiency protocols.
Accordingly, it is an object of the present invention to provide a VLAN system which facilitates multicast communications to trunk stations.
It is another object of the present invention to provide a VLAN system for multicasting communications to trunk stations in a manner which avoids corrupted data being processed by the recipient trunk station.
It is a further object of the present invention to provide a VLAN system in which trunk stations process multicast communications from system users in an efficient manner while avoiding the corruption of data.
Additional objects, advantages, novel features of the present invention will become apparent to those skilled in the art from this disclosure, including the following detailed description, as well as by practice of the invention. While the invention is described below with reference to preferred embodiment(s), it should be understood that the invention is not limited thereto. Those of ordinary skill in the art having access to the teachings herein will recognize additional implementations, modifications, and embodiments, as well as other fields of use, which are within the scope of the invention as disclosed and claimed herein and with respect to which the invention could be of significant utility.
In accordance with the present invention, a switch, which is preferably a multiported reconfigurable switch, is provided for use in a virtual communications system having multiple local area networks interconnected by multiple switches through a backbone trunk which has one or more trunk stations connected directly thereto. The switch includes a first communications port, e.g. an access port, for connecting directly to a first local area network and a second communications port, e.g. a trunk port for connecting directly to the trunk.
A switch control, e.g., a control console, is provided to detect a communication, received at the first port, from the local area network, having a multicast address representing desired destination addresses. The switch control appends, to the communication, a VLAN header having a destination address different than but corresponding to the multicast address to thereby form a VLAN communication. The switch control then directs transmission of the VLAN communication to the second communication port from which it is transmitted by a trunk to the addressees, typically, in the case of addressees other than trunk stations, via other switches.
For example, if the local area network is within a virtual area network configured to include another local area network and a trunk station, the switch control will detect a communication from the local area network having a multicast address representing desired destination addresses, which may include the trunk station and/or the other local area network.
The switch control duplicates the communication, forming first and second communications, and then appends a VLAN header, having a special destination address which is different than but corresponds to the multicast address, to only the first communication to form a VLAN communication. The control console next directs transmission of the VLAN communication and the second communication to the second communication port.
In this way, trunk stations within the VLAN multicast group will detect a VLAN header of the VLAN communication having a destination address which is not understood and will therefore ignore the VLAN communication. The trunk stations will however also detect the second communication which includes a multicast address which is understood and accordingly the second communication can be utilize by the trunk station to obtain the message.
On the other hand, if such communications are received from another switch, the switch control will detect the communications from the trunk at the second communications port. The switch control will discard the communication without the VLAN header, and if, based upon the special destination address, none of the LAN""s directly connected to the switch are within the multicast address, will also discard the VLAN communication. However, if the desired destination addresses, as indicated by the special destination address, include a local area network directly connected to the switch, e.g. by the first port, the switch control removes the VLAN header from the VLAN communication and directs transmission of the communication to the applicable port for delivery to the appropriate local area network and from there to the intended recipient. More particularly, in such a case the switch control detects the VLAN communication and recognizes from the special destination address that it is addressed to a user of a local area network to which it is connected via an access port. The switch control then removes the VLAN header from the VLAN communication, and directs transmission of the communication to the appropriate local area network for delivery to the addressee.
In accordance with other aspects of the present invention, a virtual communications system has a trunk, and first and second switches connected thereto by respective trunk ports. A trunk station is also connected to the trunk by another trunk port. A local area network is connected to the first switch by an access port and another local area network is connected to the second switch by an access port. A network manager is interconnected to the first and the second switches for configuring virtual area networks.
The network manager may configure a virtual area network to include both local area networks and the trunk station. In such a case, the local area network connected by access port to the first switch can issue a communication which has a multicast address representing desired destination addresses including the other local area network and/or the trunk station. The first switch detects the communication and duplicates it to form first and second communications. The switch appends a VLAN header, having a special destination address which is different than but corresponds to the multicast address, to the first communication to form a VLAN communication, and directs transmission of both the VLAN and non-VLAN communications to the trunk for delivery, as appropriate, to the other local area network and/or the trunk station.
The second switch detects the VLAN communication, and if the other local area network is included as a multicast addressee, as indicated by the special destination address, the second switch removes the VLAN header from the VLAN communication and directs transmission of the communication to the other local area network for delivery to the addressee. The second switch simply ignores and/or discards the non-VLAN communication. The trunk station also detects the VLAN and non-VLAN communications. Because the VLAN communication""s special destination address cannot be understood by the trunk station, the trunk station ignores and/or discards the VLAN communication. If the trunk station is a multicast addressee, it utilizes the non-VLAN communication to obtain the message.
Hence, in accordance with aspects of the invention, a virtual area network is configured to include first and the second local area networks and the trunk station. A communication from the first local area network having a multicast address representing desired destination addresses including the second local area network and/or trunk station can be detected. The detected communication is duplicated and one copy of the communication is appended with a VLAN header, having a special destination address which is different than but corresponds to the multicast address, to form a VLAN communication. Both communications, i.e, the communication with and without the VLAN header, are directed to the trunk for delivery to the multicast addressees. The VLAN communication is detected and the VLAN header removed before directing transmission of the communication to the second local area network. The trunk station detects only the transmitted communication which lacks the VLAN header.
According to other aspects of the invention, the VLAN communications packet includes a first portion, e.g. a communication issued from a LAN, having a multicast address, and a second portion, e.g. a VLAN header, appended to the first portion and including a special destination address which is different than but corresponds to the multicast address. The special destination address serves as a special multicast address which is understood by system switches but not by system trunk stations. Preferably, the first portion of the packet is sequentially arranged with a first section of a first bit length containing the multicast address, and a second section, e.g, the layers of the communication having the source address and protocol, of a second bit length, and a third section containing message data and having a third bit length. The second portion, preferably, is also sequentially arranged with a first layer of the first bit length containing the special destination address, and a second section, e.g., including the layers of the VLAN header having the source address, VLAN protocol and VLAN tag, of a second bit length. Hence, the bit lengths of the layers containing the multicast and special destination addresses are the same. Beneficially, the second portion is removable from the communications packet such that the special destination address is disposed at a head of the entire VLAN communication packet, while the multicast address is disposed at a head of a remainder of the VLAN communication packet, e.g., the original LAN communications packet, with the second portion removed therefrom.