The present invention relates generally to data communication systems and more particularly, relates to a method of optionally establishing a flow over a default routing path or a shortcut path in MPOA enabled ATM based networks.
The majority of networks, e.g., IP networks, are constructed from a plurality of nodes grouped together to form one or more subnets. Subnets are often built using various LAN technologies, with Ethernet and Token Ring being the most popular. Nodes in different subnets cannot normally communicate with each other. A router permits a node in one subnet to communicate with a node on a different subnet. Most internetwork layer protocols utilize routers to permit communications across subnet boundaries.
LAN Emulation (LE), as defined by the ATM Forum, provides Emulated LANs (ELANS) which emulate the services of Ethernet and Token Ring LANs across an ATM network. LE allows a subnet to be bridged across an ATM/LAN boundary. LE permits a single ATM network to support multiple ELANs. Utilizing ELANs, internetwork layer protocols can operate over an ATM network in essentially the same way they operate over Ethernet or Token Ring LANs. Although LE provides an effective means for bridging intra-subnet data across an ATM network, inter-network traffic still must be forwarded through routers.
The Next Hop Resolution Protocol (NHRP) and Multicast Address Resolution Server (MARS) protocols defined by the Internetworking Over NBMA (ION) Working Group, also permit internetwork layer protocols to operate over an ATM network. These protocols permit the ATM network to be divided into multiple ION subnets, also known as Logical IP Subnets (LISs) or Local Access Groups (LAGs). Routers are required, however, to interconnect these subnets. NHRP, however, allows intermediate routers to be bypassed on the data path. NHRP provides an extended address resolution protocol that permits Next Hop Clients (NHCs) to send queries between different subnets. Queries are propagated by Next Hop Servers (NHSs) along the routed path as determined by standard routing protocols. This enables the establishment of ATM VCCs across subnet boundaries, permitting inter-subnet communication without requiring routers in the data path.
Notwithstanding the availability of LANE and NHRP, a common situation exists wherein communicating LAN devices are behind LANE edge devices. The use of Multi-Protocol Over ATM (MPOA) permits these edge devices to perform internetwork layer forwarding and establish direct communications without requiring that the LANE edge devices comprise full function routers.
MPOA functions to provide an efficient transfer of inter-subnet unicast data in a LE environment. MPOA integrates LE and NHRP so as to preserve the benefits of LE, while allowing inter-subnet, internetwork layer protocol communication over ATM VCCs without requiring routers in the data path. MPOA provides a framework for effectively synthesizing bridging and routing with ATM in an environment of diverse protocols and network technologies. This framework provides a unified paradigm for overlaying internetwork layer protocols on ATM. MPOA is capable of using both routing and bridging information to select a shortcut through the ATM cloud to the egress MPC.
MPOA permits the physical separation of internetwork layer route calculation and forwarding, a technique known as virtual routing. This separation has the advantages of: (1) allowing efficient inter-subnet communications; (2) increasing manageability by decreasing the number of devices that must be configured to perform internetwork layer route calculation; (3) increases scalability by reducing the number of devices participating in internetwork layer route calculation; and (4) reduces the complexity of edge devices by eliminating the need to perform internetwork layer route calculation.
MPOA provides MPOA Clients (MPCs) and MPOA Servers (MPSs) and defines the protocols that are required for MPCs and MPSs to communicate. MPCs function to issue queries for shortcut ATM addresses and/to receive replies from the MPS using these protocols. MPOA also functions to ensure interoperability with the existing infrastructure of routers. MPOA Servers utilize routers that run standard internetwork layer routing protocols e.g., Open Shortest Path First (OSPF), providing a smooth integration with existing networks.
The primary function of the MPC is to source and sink internetwork shortcuts. The MPC performs internetwork layer forwarding but does not run internetwork layer routing protocols. The MPC detects ingress flows of packets that are forwarded over an ELAN to a router that comprises an MPS. When it recognizes a flow that could benefit from a shortcut that bypasses the routed path, it uses an NHRP based query/response protocol to request the information required to establish a shortcut to the destination. If a shortcut is available, the MPC caches the information in its ingress cache, sets up a shortcut VCC and forwards frames for the destination over the shortcut.
The MPC receives egress internetwork data frames from other MPCs to be forwarded to its local interface and/or users. For frames received over a shortcut, the MPC adds the appropriate encapsulation/header and forwards them to the higher layers. The encapsulation is provided to the MPC by the egress MPS and stored in the egress cache in the MPC. Note that an MPC is able to service multiple LECs and communicates with multiple MPSs. In addition, there may be multiple MPCs in an edge device. A given LEC, however, may be associated with only a single MPC.
An MPS is the logical component of a router that provides internetwork layer forwarding information to the MPCs. It comprises a full NHRP implementation with extensions as defined in the ATM Forum Multi-Protocol Over ATM Specification Version 1.0, AF-MPOA-0087.000, July 1997, incorporated herein in its entirety by reference. The MPS interacts with its local NHS and routing functions to reply to MPOA queries from ingress MPCs and provides encapsulation information to egress MPCs. Note that an MPS converts between MPOA requests and replies and NHRP requests and replies on behalf of MPCs. In addition, there may be multiple MPSs in a router. A given LEC, however, may be associated with only a single MPS.
An MPOA solution generally comprises a plurality of MPOA control flows and MPOA data flows. All control and data flows are carried over ATM VCCs. Control flows use MPOA control VCCs. Note that these VCCs can be used for other protocols (e.g., LE, etc.) as well in a multiplexed mode. Data flows, on the other hand, are carried over either LE VCCs (i.e., the default path) or over shortcut VCCs established via MPOA.
MPOA performs the following operations: configuration, discovery, target resolution, connection management and data transfer. Configuration is obtaining the appropriate configuration information in both MPC and MPS. Normally, MPOA components receive configuration information from the LECS. Discovery involves MPCs and MPSs learning of each other""s existence. MPOA components automatically discover each other using extensions to the LE LE_ARP protocol that carry the MPOA device type (i.e., MPS, MPC) and ATM address. This information may change and must be periodically verified and updated if necessary. An MPOA device type TLV can be included in the following LE messages: LE_REGISTER request and response, LE_ARP request and response and targetless LE_ARP request.
Target resolution denotes the determining of the mapping of a target to an egress ATM address, an optional tag and a set of parameters used to setup a shortcut to forward packets across subnet boundaries.
Connection management entails creating, maintaining and terminating VCCs for the purpose of transferring control information and data. MPOA components establish VCCs between each other as necessary to transfer control and data messages over the ATM network. The goal of MPOA is the efficient transfer of unicast data within the ATM cloud. Unicast data flow can comprise either the default flow or the shortcut flow. The default flow follows the routed path over the ATM network whereby the MPOA edge device functions as a layer 2 bridge. Shortcuts are established using the MPOA target resolution and cache management mechanisms. When an MPC has an internetwork protocol packet to send for which it has a shortcut, the MPOA edge device functions as an internetwork level forwarder and sends the packet over the shortcut.
A block diagram illustrating an example MPOA network comprising a plurality of MPSs and MPCs wherein the default path and shortcut path are highlighted, is shown in FIG. 1. The network, generally referenced 10, comprises a source end station 22, a plurality of MPCs 12, labeled MPC #1 and #2, a plurality of ELANs 14, a plurality of MPSs 16, labeled MPS #1 and #2, a destination end station 24 and an ATM cloud 26. The default path is represented by dashed arrow 18 while the shortcut is represented by solid arrow 20.
The ingress MPC (e.g., MPC #1) learns the MAC addresses of the MPSs (e.g., MPS #1) attached to its ELANs from the device type TLV in LE_ARP responses. The MPC performs flow detection, based on internetwork layer destination addresses, on packets destined for these learned MAC addresses. Although default forwarding is via routers, if an MPC becomes aware of a particular traffic flow that might benefit from a shortcut, the ingress MPC then determines the ATM address associated with the egress device. The ingress MPC sends an MPOA Resolution Request message to the appropriate ingress MPS in order to obtain the ATM address for a shortcut. The MPS resolves the MPOA Resolution Request and a reply is returned to the ingress MPC containing an ATM of the egress device.
The ingress MPS processes MPOA Resolution Requests sent by local MPCs. It may answer the request if the destination is local or it may re-originate the request along the routed path through its local NHS.
When an NHRP Resolution Request targeted for a local MPC arrives at the egress MPS serving that MPC, the egress MPS sources an MPOA Cache Imposition Request and sends it to the egress MPC. This request is part of the cache management protocol that serves to provide encapsulation and state maintenance information needed by the egress MPC (e.g., MPC #2 ). The corresponding reply provides status, address and ingress tagging information needed by the egress MPS (e.g., MPS #2 ) in forming the NHRP Resolution Reply.
The egress MPC (e.g., MPC #2 ) checks to determine whether it has sufficient resources to maintain the cache entry and potentially receive a new VCC and replies accordingly. The Egress MPS sends an MPOA Cache Imposition Reply for every MPOA Cache Imposition Request.
With reference to FIG. 1, a packet generated by the source end station enters the MPOA system at the ingress MPC (MPC #1 ). The MPC creates a new cache entry for new flows that are detected. If a valid shortcut does not already exist for the flow, the MPC begins counting frames. When a threshold is exceeded, a MPOA Resolution Request is sent to the MPS to request a shortcut. By default, the packet is bridged via LE to a router. If the packet is not to follow the default path, i.e., it is part of a flow for which a shortcut has previously been established, it is send via the shortcut. If the packet comprises a new flow, each packet sent to an MPS is logged and counted (by internetwork layer destination address) as it is being sent via LE. When a threshold (a number of packets within a given period of time) is exceeded, the MPC sends an MPOA Resolution Request to obtain the ATM address to be used for establishing a shortcut to a particular downstream element (e.g., an egress MPC).
When the packet arrives at the egress MPC (e.g., MPC #2) via the shortcut, it is examined and either a matching egress cache entry is found or the packet is dropped and an error is indicated. If a match is found, the packet is encapsulated using the information in the egress cache and then forwarded to a higher layer.
An ingress MPC examines all packets destined for MAC addresses that belong to MPSs. When it detects a packet destined for an internetwork layer destination for which it does not already have a cache entry, it creates a new ingress cache entry for that internetwork layer destination. When the MPC detects a flow to a given internetwork layer destination, it sends an MPOA Resolution Request. When the MPOA Resolution Reply is received, the internetwork layer destination address, destination ATM address, source holding time and MPOA egress cache tag extension are used to complete the ingress cache entry.
Any existing VCC may be used for data forwarding if its source and destination ATM addresses match those in the MPOA Resolution Reply and the VCC signaling parameters are suitable. Otherwise, the MPC must signal the creation of a new VCC before the shortcut can be used. Note that ingress cache entries are aged using the source holding time and can be withdrawn in the ingress MPS or deleted by the ingress MPC at any time for local reasons.
A diagram illustrating the structure of the prior art ingress MPOA Client cache table is shown in FIG. 2. The table, generally referenced 40, comprises an MPS control ATM address 42, internetwork layer destination address 44, destination ATM address or VCC 46, encapsulation information 48 and any other information 49 needed for control purposes, e.g., flow count and holding time.
As described hereinabove, MPOA is a mechanism having a client/server architecture wherein MPCs and MPSs are connected via LE. In its ingress role, an MPC detects flows of packets that are being forwarded over an ELAN to a router that comprises an MPS. When it recognizes a flow that can benefit from a shortcut that bypasses the routed path, it uses an NHRP based query-response protocol to request information necessary to establish the shortcut to the destination.
Given that the destination of the flow is served by an egress MPC, a successful handling of the MPOA protocol would result in either establishing a new shortcut VCC or utilize an existing VCC. This VCC connects the ingress MPC and the egress MPC. In the future, packets are forwarded over the shortcut, bypassing the routers on the original traffic path.
There are, however, several scenarios whereby the end result is not an active data shortcut VCC. Several example possible reasons for this include:
1. The destination device is not served by an MPC, thus there is no egress MPC device to which a shortcut can be established.
2. An MPOA device that participates in the MPOA protocol resolution suffers from lack of resources, resulting in failure responses.
3. An MPS device that participates in the MPOA protocol resolution, locally decides not to allow a data shortcut VCC. Such local decisions may result from security reasons, for example where an MPS decides that it wishes to inspect traffic destined to a particular IP destination.
Further, the ingress MPC stores relevant information from successful attempts at creating shortcuts in its ingress cache. Data related to unsuccessful attempts at creating a shortcut, however, are not stored in the ingress MPC according to the MPOA standard. A failure to create a shortcut likely results in a new query (due to other flows) which places a substantial load on the network.
Still further, the MPOA specification does not provide a mechanism for an MPC to decide, based on loading consideration, whether to direct a flow over the default path or via the shortcut path. In some cases, depending on the congestion state of both the default path and the shortcut path, it may be more desirable to forward packets over the default path rather than over the shortcut VCC, notwithstanding the fact that a shortcut path was previously established. Further, no mechanism for assigning priorities to flows is provided in the MPOA specification.
The present invention is a method of controlling the route used for a flow in an environment comprising a default routing path and a shortcut path in an MPOA enabled ATM based network. In accordance with the present invention, a data field is added to the Ingress Cache table in the Ingress MPOA/Client (I-MPC). The data field indicates whether the flow is to be routed through an MPOA shortcut towards the Egress MPOA Client(E-MPC) or should be routed through the default path towards the Ingress MPOA Server (I-MPS). The present invention presents three example application embodiments illustrating the application of the invention to various networking functions.
The first example embodiment comprises method of controlling the routing of a data flow from a source to a destination for security purposes. This example embodiment is well suited for security applications where it is desirable to decide on a flow-by-flow basis whether a particular flow should be routed over the default path or the shortcut path. In some situations, it is desirable to have one or more of the MPOA Servers (i.e., routers) along the default path provide one or more security functions. Example of security functions include monitoring flows, filtering the contents of the flows, data probing, security access, security authorization, security verification, etc. Thus, a mechanism for controlling which flows are permitted to be routed over a shortcut path, thus bypassing the MPOA Servers, is provided. A security field(i.e., flow route field) is configured in the ingress cache table to indicate whether the flow should use the default path or in the alternative, can be routed over the shortcut path.
The second example embodiment comprises a method of load sharing a plurality of data flows wherein a portion of the flows are routed over the default path and a portion are routed over the shortcut path. The decision to route over either path is made based on the level of congestion of each path and the value of a priority field assigned to the particular flow. Periodically, the level of congestion on the default path and the shortcut path are re-analyzed and, congestion levels permitting, a flow previously routed over the default path can be re-directed over the shortcut path.
The third example embodiment comprises a method of learning about past MPOA resolution successes and failures and utilizing this establishment history to bypass the time consuming MPOA resolution process. Based on the past history, a current flow is either routed over the default path or the shortcut path. This method avoids the necessity of performing the complete MPOA resolution process only to determine that a shortcut path cannot be established to the destination (i.e., E-MPC). Using the previous history in such a fashion to determine whether or not to use the shortcut or the default path is particularly useful since with some types of failures, receiving one error is an indication that additional are likely to be received.
There is provided in accordance with the present invention, in an Asynchronous Transfer Mode (ATM) based Multiple Protocol Over ATM (MPOA) network running LAN Emulation (LE) and having an ingress MPOA Client (I-MPC), ingress MPOA Server (I-MPS), egress MPS (E-MPS) and an egress MPC (E-MPC), a method of establishing a data flow from a source to a destination, the method comprising the steps of establishing a data path from the source to the destination via a default path established between the I-MPC, the I-MPS, the E-MPS and the E-MPC, establishing a data path from the source to the destination via a shortcut path established directly between the I-MPC and the E-MPC, providing a flow route field for indicating whether the flow is to be routed through the default path or the shortcut path and routing the flow over the default path or the shortcut path in accordance with the contents of the flow route field.
There is also provided in accordance with the present invention, in an Asynchronous Transfer Mode (ATM) based Multiple Protocol Over ATM (MPOA) network running LAN Emulation (LE) and having an ingress MPOA Client (I-MPC), ingress MPOA Server (I-MPS), egress MPS (E-MPS) and an egress MPC (E-MPC), a method of controlling the routing of a data flow from a source to a destination, the method comprising the steps of establishing a data path from the source to the destination via a default path established between the I-MPC, the I-MPS, the E-MPS and the E-MPC, establishing a data path from the source to the destination via a shortcut path established directly between the I-MPC and the E-MPC, providing a security field for indicating whether the flow is permitted to be routed via the shortcut path rather than the default path and routing the flow over the default path or the shortcut path in accordance with the contents of the security field.
There is further provided in accordance with the present invention, in an Asynchronous Transfer Mode (ATM) based Multiple Protocol Over ATM (MPOA) network running LAN Emulation (LE) and having an ingress MPOA Client (I-MPC), ingress MPOA server (I-MPS), egress MPS (E-MPS) and an egress MPC (E-MPC), a method of load sharing a plurality of data flows, the method comprising the steps of establishing a data path from a source to a destination via a default path established between the I-MPC, the I-MPS, E-MPS and the E-MPC, establishing a data path from the source to the destination via a shortcut path established directly between the I-MPC and the E-MPC, providing a flow route field for indicating whether the flow is to be routed over the default path or the shortcut path, providing a flow priority field for indicating the level of priority assigned to the flow, determining whether the flow is to be routed via the default path or the shortcut path in accordance with the level of congestion on the default path and the shortcut path and with the value of the flow priority field associated with the flow and routing over the default path or the shortcut path in accordance with the results of the step of determining.
There is also provided in accordance with the present invention, in an Asynchronous Transfer Mode (ATM) based Multiple Protocol Over ATM (MPOA) network running LAN Emulation (LE) and having an ingress MPOA Client (I-MPC), ingress MPOA Server (I-MPS), egress MPS (E-MPS) and an egress MPC (E-MPC), a method of learning about past MPOA resolution successes and failures, the method comprising the steps of establishing a data path from the source to the destination via a default path established between the I-MPC, the I-MPS, the E-MPS and the E-MPC, establishing a data path from the source to the destination via a shortcut path established directly between the I-MPC and the E-MPC, providing a flow route field for indicating whether the flow is to be routed over the default path or the shortcut path, providing a success field for indicating whether the establishment of an MPOA shortcut route was successful or not for this particular flow, determining whether the current flow is to be routed over the shortcut route or the default route in accordance with the shortcut establishment successes and failures of one or more previous flows and routing the flow over the default path or the shortcut path in accordance with the results of the step of determining.
There is further provided in accordance with the present invention an ingress Multiple Protocol Over ATM (MPOA) Client (I-MPC) device comprising MPC means adapted to implement the client side of the MPOA protocol, an ingress cache table comprising a flow route field for indicating whether a flow is to be routed over a default path or a shortcut path and security means for determining whether a flow is to be routed via the default path or the shortcut path and for setting the flow route field in accordance thereto and means for routing the flow in accordance with the flow route field.
There is still further provided in accordance with the present invention an ingress Multiple Protocol Over ATM (MPOA) Client (I-MPC) device comprising MPC means adapted to implement the client side of the MPOA protocol, an ingress cache table comprising a flow route field for indicating whether a flow is to be routed over a default path or a shortcut path, measurement means for determining the congestion level of the default path and the shortcut path, load sharing means for determining, based on the output of the measurement means, whether a flow is to be routed via the default path or the shortcut path and for setting the flow route field in accordance thereto and means for routing the flow in accordance with the flow route field.
The device further comprises means for re-analyzing the congestion level of the default path and the shortcut path and, if traffic conditions permit, redirecting a flow previously routed over the default path over the shortcut path. The device further comprises means for re-analyzing the congestion level of the default path and the shortcut path and, if traffic conditions permit, redirecting a flow previously routed over the shortcut path over the default path.
There is also provided in accordance with the present invention an ingress Multiple Protocol Over ATM (MPOA) Client (I-MPC) device comprising MPC means adapted to implement the client side of the MPOA protocol, an ingress cache table comprising a flow route field for indicating whether a flow is to be routed over a default path or a shortcut path and a flow priority field for indicating the priority assigned to a flow, measurement means for determining the congestion level of the default path and the shortcut path, load sharing means for determining, based on the output of the measurement means and the value of the flow priority field, whether a flow is to be routed via the default path or the shortcut path and for setting the flow route field in accordance thereto and means for routing the flow in accordance with the flow route field.
In addition, there is provided in accordance with the present invention an ingress Multiple Protocol Over ATM (MPOA) Client (I-MPC) device comprising MPC means adapted to implement the client side of the MPOA protocol, an ingress cache table comprising a flow route field for indicating whether a flow is to be routed over a default path or a shortcut path and an establishment success field for indicating the success or failure of the establishment attempt of a shortcut path, recording means for storing the results of attempts to establish shortcut virtual circuits in the establishment success field of the ingress cache table, search means adapted to search the ingress cache table for similar flows upon the MPC means receiving a new flow, decision means for determining, based on the output of the search means, whether a flow is to be routed via the default path or the shortcut path and for setting the flow route field in accordance thereto and means for routing the flow in accordance with the flow route field.