Computer networks connect and provide a data communications service between addressable devices (or nodes), including computers, servers, printers and the like. Computer networks are generally classified according to their geographical extent as local area networks (LANs), metropolitan area networks (MANs) and wide area networks (WANs). The present invention is related to and can be implemented in any of these network classes.
Ethernet is one technology of choice upon which data networks are built. Ethernet is typically characterized as a multi-access packet-switched communications network for carrying data among locally distributed computers. The shared-communications channel in Ethernet is a passive broadcast medium with no packet address recognition or central control. The passive broadcast medium forms a backbone of the Ethernet network and a transmission medium that is shared between two or more addressable devices. A LAN in the Ethernet network is a network segment that covers a relatively small geographic area. Although LANs offer a high-speed communications and data sharing service, LANs have basic limitations such as the number of addressable devices, bandwidth and physical extent. By comparison, MANs and WANs offer a greater physical extent and larger number of addressable devices but slower communications speed.
To extend the benefits of a LAN beyond its basic limitations, forwarding devices (referred to also as stations) such as switching, routing or bridging devices are often used to form an extended network. Forwarding devices are multi-port addressable devices interposed between any number of LAN backbones or between LAN backbones and the long distance backbones of a MAN or WAN.
In making data traffic forwarding decisions, these devices use unique identifiers (UIDs) of the computers (also referred to as hosts or end stations). Specifically, computers communicate by sending and receiving packets or groups of packets that in addition to payload include MAC (media access control) addresses (or UID) of the source and destination computers (the MAC address is considered a low-level address as compared to an internet protocol, IP, address).
In forwarding data traffic, the forwarding devices distinguish packets by their destination address type. For example, a unicast packet is a packet with a particular host address as its destination. A packet that is sent to a group of hosts is a multicast packet. In this case, the packet includes a group address UID as its destination. A group address dedicated to the group of all hosts is a broadcast address and a multicast packet addressed to all hosts is a broadcast packet. One type of broadcast packet, known as an ARP (address resolution protocol) request, is sent for requesting the Ethernet address (UID or MAC address) of a host in the network. The ARP request contains the IP address of the host to be queried and that host, upon recognizing the IP address as it own returns a MAC address answer. ARP is the protocol used to map IP addresses to MAC (Ethernet) addresses for transport of data traffic from the Internet to hosts via the local network (Ethernet segment).
In providing the foregoing data communications service, networks can be distinguished based on the type of forwarding device(s) they include. Forwarding devices commonly used in networks include hubs, repeaters, switches, bridges and routers. A repeater is physical layer (layer 1) device used to interconnect the conductor segments of an extended network and enables them to be treated as a single conductor. The repeater amplifies and restores the timing margins of packet bit streams, but it does not use addressing for packets forwarding. A hub is a physical layer device that connects multiple hosts via dedicated conductor, and in some respects it functions as a multi-port repeater. The hub receives a packet in one port and re-transmits it to all of its other ports. However, in a shared media comprising a hub-connected Ethernet segment all hosts are competing for a limited amount of bandwidth.
A switch is also a physical layer device although more intelligent than the hub. A switch is a multi-port device designed with logic for knowing to which port of the switch each device (e.g., host or another switch) is connected. The switch isolates each port and makes it appear that the network attachment to that port is the only one. Any data received at one of the ports is then switched, using the logic in the switch, to a specific destination port. The switch will flood packets to every port if it is not sure where the destination of such packets is or if the destination address in the packets is a broadcast address. Since the switch operates at the physical layer it switches in hardware. Thus, in extended networks, this faster throughput and higher port density make switching technology a more dominant complement to routing than bridging.
A bridge is a data layer (layer 2) device that switches in software, and it is concerned with addresses of network devices and not the actual paths between them. The bridge enables devices on different LAN segments to communicate with each other as if they were on the same switch or hub, and it interconnects LANs of unlike bandwidth. The Bridge can filter packets based on data-layer information contained within the MAC address, protocol, etc. Moreover, the bridge will flood packets to every host in the topology network if it is not sure where the destination of such packets is or if the destination address in the packets is a broadcast address. Thus, bridges propagate ARP request broadcasts like any other Ethernet broadcast and transparently bridge (forward) the ARP answers. Bridges respond to ARP requests for hosts known to them or, alternatively, they send their own ARP requests on the network. Notably ARP requests are transparent to bridging but not to routers. In a bridge-based network, when the one or more bridges forward packets by flooding or forward broadcast traffic (including ARP requests), the bandwidth of the network is limited to the bandwidth of a single LAN. This limitation is present even with richly connected network segments, especially since redundant connections are inactive standby connections.
By comparison, in a switch-based network switches are faster but switches do little to restrict passage of broadcast traffic in the network. Broadcast traffic is not restricted in a switch based network since switches will flood packets to every port if they are not sure where the destination of such packets is or if the destination address in the packets is a broadcast address. Generally, a switch-based network as shown in FIG. 1 is characterized in that it does not discard any packets except during reconfiguration of the network. FIG. 1 illustrates a switch-based network 10 where the forwarding devices (switches) 112 are interconnected in an arbitrary topology. Their larger scale makes switch-based networks particularly vulnerable to common network pathologies including broadcast storms, ARP fights, stolen MAC addresses or any other undesirable behavior. Such pathologies exist in traditional, shared broadcast media, but are more relevant in switch-based networks because of their large scale and modem pressure for Internet addresses. And, they may happen either by accident or through malice by rogue computers.
ARP fights occur when two hosts with different MAC (layer 2 hardware) addresses conflict for the same IP address. ARP fights occur for example as a result of misconfiguration or buggy implementations of DHCP (dynamic host configuration protocol) which is a protocol for dynamically allocating IP addresses to computers on a LAN.
A stolen Ethernet (MAC) address situation occurs when two IP addresses map to the same MAC address. ARP is not suited for resolving conflicting responses, and it could be used by an unruly host in a man-in-the-middle attack. Such attack is characterized in that the unruly host illegally intercepts the ARP request communications and adopts other hosts' MAC addresses.
Broadcast storms occur when a buggy or malevolent host emits a continuous stream of broadcast packets. With the emission of a broadcast storm, even a single host can impose a limit on the practical size of a network through consumption of too many network resources. For example, a single host can execute a denial-of-service attack on all other hosts on the same subnet. In larger networks, disruptive behavior, including behavior akin to broadcast storms, can be frequently exhibited simply because there are numerous hosts.
In order to isolate broadcast storms, a switch-based network (or bridge-based network) can be broken into discrete broadcast domains, referred to a virtual LANs (VLANs), which are connected through routers. A router is a network layer (layer 3) device that uses network addressing and a routing protocol in forwarding packets. Unlike a bridge, the router is concerned with the paths between devices. The router analyzes the addresses of all packet traffic coming in through its ports and if the traffic is not local, the router sends the traffic out through one of its other ports. Thus, when a host sends a packet to a router it sends that packet addressed to the router's physical layer (MAC) address with the network layer (protocol) address of the destination host. As it examines the destination hosts protocol address the router determines that it either knows or doesn't know how to forward the packet to the next hop (router). If the router knows the next hop, it changes the MAC address to that of the next hop and forwards the packet to that hop; and, alternatively, if it knows the destination address the router forwards the packet to the destination host. As mentioned before, ARP requests are transparent to bridging but not to routers. Routers do not propagate the ARP request broadcasts because routers are network level (3) devices, and Ethernet, Token-Ring, FDDI (fiber distributed data interface) and ATM (asynchronous transfer mode) are data-link protocols (data layer (2) protocols). For propagating a packet, the host must first use its routing protocols to select the proper router (i.e., the proper IP address of the proper router) that can be reached via Ethernet ARPs. The proper router responds to an ARP request containing its IP address with its MAC (Ethernet) address. Then, the packet is transmitted to the MAC address of the router through which it is re-transmitted toward its actual destination.
To improve throughput performance, many scaled networks utilize Ethernet switches (e.g., Gigabyte Ethernet switches) between routers in a routed backbone. Switch-based Ethernet networks that are scaled through routers isolate the broadcast domains and are able, in turn, to isolate traffic between different pairs of hosts for performance and security. Moreover, their aggregate bandwidth allows switched networks to scale larger than broadcast networks using hubs. However, routers are inherently slower because of the added processing they do in packet analysis. Namely, routers introduce bottlenecks in data traffic. And routers do not solve others of the above described network pathologies.
Accordingly, there remains a need to address network communications problems. To that end, the present invention provides solutions that address the above-mentioned pathologies.