The present invention relates to a packet routing apparatus and a routing method, and particularly to a packet routing apparatus and a routing method, which is effectively applied to a network connection equipment such as a router, a LAN switch or the like.
As an apparatus for connecting a plurality of networks, there is a packet routing apparatus for mutually connecting a plurality of networks in a network layer indicated by an Open System Interconnection (OSI) reference model. The packet routing apparatus selects a transmission route of a packet in accordance with an address for internetworking in the received packet and a routing table stored in the packet routing apparatus, and performs a routing processing of the packet. As a typical address for the internetworking, there is an IP address in accordance with an Internet Protocol (IP). The IP is often used for network construction in recent years.
Hereinafter, a general operation of routing of a data packet in accordance with the IP (hereinafter referred to as an IP packet) in the packet routing apparatus will be described.
The packet routing apparatus once stores an IP packet received from a certain communication port into a packet buffer memory. The packet routing apparatus includes a processing portion for performing route lookup of the IP packet. The processing portion performs lookup in a routing table by using a destination IP address set forth at a head of the IP packet as a lookup key. As a result of the lookup, a transmission destination network coincident with the destination IP address of the packet is obtained. The transmission destination network specifically includes an IP address (a next node IP address) indicating a packet routing apparatus for performing a routing processing of the packet next to the present packet routing apparatus, and an identifier (port number) of a communication port connected to the packet routing apparatus. The packet is transmitted in accordance with these pieces of information.
Here, as the amount of IP packet communication is remarkably increased in recent years, the packet routing apparatus for performing the routing processing of the IP packet is required to perform the routing processing of the IP packet at very high speed. As a technique for performing the routing processing of the IP packet at high speed, there is a technique disclosed in Japanese Patent Unexamined Publication No. 199230/1993 (U.S. Pat. No. 5,434,863). According to this, the packet routing apparatus includes a main processor and a plurality of routing accelerators. The main processor mainly performs apparatus management of the whole packet routing apparatus, such as route information management. The plurality of routing accelerators assist the main processor and dedicatedly perform the routing processing of packets. The main processor and the routing accelerators, and the respective routing accelerators are connected through a high speed router bus. The routing processing of packets are independently and dispersedly performed by the plurality of routing accelerators. The IP packet is subjected to the routing processing by the respective routing accelerators, and a packet in accordance with another protocol is transmitted to the main processor and its routing processing is performed.
That is, the routing accelerator is provided with a mechanism specialized for the routing processing of the IP packet, in order to perform especially the routing processing of the IP packet at high speed, and differentiates the IP packet from another packet and performs the routing processing at high speed. On the other hand, the packet other than the IP packet is transmitted to the main processor and is processed there. By the above technique, the packet routing apparatus can perform the routing processing of the IP packet at high speed.
As described above, while it is required to improve the routing performance of the IP packet to achieve high speed, various new additional functions have emerged in the IP network in addition to existing functions. For example, there is an IPsec function (set forth in Request for Comment (RFC) 2401) of encrypting a packet in an IP layer, for construction of Virtual Private Network (VPN), a Network Address Translator (NAT) function (set forth in RFC1631, RFC2391 and RFC2663) of mutually converting a private IP address and a global IP address, for private network construction, a server load balancing function of seamlessly using a plurality of servers by making the plurality of servers typified by one IP address for a client, an illegal packet detection, and a filtering function (set forth in RFC2267), or the like.
In these additional functions, a processing quite different from a normal routing processing of the IP packet must be carried out, for example, modification of an IP address, encryption/decryption of a data portion in the IP packet, comparison with a detailed table for detection of an illegal packet, or the like.
In the following description, various functions such as the foregoing Internet Protocol Security (IPsec) function, NAT function, load balance function, and illegal packet detection function are generally expressed by IP additional functions. Besides, a processing in relation to the IP additional function is expressed by an IP additional function processing.
In order to realize the IP additional function to the IP packet as described above, in addition to the normal IP packet routing processing, the IP additional function processing peculiar to the IP additional function must be performed for the IP packet. The IP additional function is complicated, and the processing is varied according to the function. Thus, in the foregoing packet routing apparatus, in order to perform the IP additional function processing for the IP packet, the IP packet is treated in the same manner as the packet other than the IP packet, and it must be transmitted to the main processor. The IP additional function processing and the routing processing are performed for these IP packets by software operating on the main processor.
However, in this method, although the IP packet is required to be subjected to the routing processing at high speed, it is transmitted to the main processor and is routed by the software processing. Thus, there is a technical problem that as compared with the routing processing by the routing accelerator, the throughput is lowered.
Originally, the main processor performs the apparatus management processing of the router itself, generation of all route information in the packet routing apparatus, change processing, and routing processing of the packet other than the IP packet. If the IP additional function processing, and the routing processing of the IP packet as the object of the IP additional function are performed by the main processor, there is a technical problem that a memory area, which ought to be used for storage of route information etc., is pressed, and a load is applied to the routing processing of the packet other than the IP packet.