The present invention is an improvement of the prior art for use in network switching that allows for the learning of destination MAC addresses on various network segments connected to a switching device. This standard mechanism allows for dynamic leaning of the location of destination MAC addresses and then once a destination is leaned allows the switching device to filter the frame from being sent on network segments other than the one containing the destination MAC.
There is substantial prior art concerning network switches and learning mechanisms and maintenance of forwarding tables. The following are some patents related to this topic and are hereby incorporated in their entirety by reference:
U.S. Pat. No. 6,735,198 titled Method and Apparatus for Updating and Synchronizing Forwarding Tables in a Distributed Network Switch, U.S. Pat. No. 6,807,172 titled Method and Apparatus for Learning and Switching Frames in a Distributed Network Switch, U.S. Pat. No. 6,829,651 titled Local MAC Address Learning in Layer 2 Frame Forwarding, and Unified Table for L2, L3, L4, Switching and Filtering.
FIG. 1 is a diagram of a prior art switch. The illustrated switch has multiple line cards connected to a switching fabric, but this invention can be used on a wide variety of switching platforms such as fixed switches as well. The depicted switch has multiple line cards each with a set of ports and a line card processor, a forwarding database or forwarding table, and target logic for selecting groups of ports for that line card. The line cards communicate over the switch fabric with the fabric processor and the central forwarding database and target logic. The synchronizing of the various forwarding tables is not the subject of this invention and is discussed in some of the referenced patents.
The prior art method for learning and filtering frames in a switching device is depicted in FIGS. 2-6. Forwarding tables would start out not knowing any dynamic destination addresses. Static entries in the forwarding table will not be discussed here.
As shown in FIG. 2, when an ingress port receives a frame for its connected network segment, the line card makes a forwarding decision based on the destination device address (typically a MAC address) and the content of the forwarding table. When there is an entry in the forwarding table, it typically will include the device address and the port that connects to the network segment where the device with that address is located. The switching device will also examine the source address for the frame and perform address learning for that source address.
FIG. 3 further illustrates the prior art forwarding decision process for a received frame. The destination addresses is looked up in the forwarding database or forwarding table. If the destination address is found in the forwarding table, the forwarding of the frame will be targeted to the port specified in the forwarding table. It the destination address is not in the forwarding database, then the forwarding of the frame will be flooded out all the ports so that if the device is connected to any of the ports on the switch it will see the frame. In this case, no filtering is performed except that the frame is not flooded back out the same port it was receive on.
After the Ingress line card has completed the forwarding decision, it will also perform address learning as depicted in FIG. 6. The processor looks up the source address in the forwarding database. If the source address is already in the forwarding database for the port the frame was received on, the processor updates a timer to indicate the source address has been seen again on that port. If the source address is not in the forwarding database the processor enters the source address into the forwarding database indicating the device with that address is on the port the frame was received from.
At the egress card, which could also be the same card as the ingress card, if the destination address was found in the forwarding table, a targeted forwarding is being performed as is depicted in FIG. 4. The egress line card receives the frame from the ingress line card and using the target logic and information contained in the frame or in the frame header (not shown) the line card is able to forward the frame on only the port indicated in the forwarding table.
As depicted in FIG. 5, if there was not any entry in the forwarding table for the destination device address or the frame is a multicast or broadcast frame, the frame is forwarded to all of the line cards and each line card forwards the frame out every port. This is referred to as flooding the frame out all the ports.
The discussion so far is the case when a switch is a part of only one broadcast domain. Many switches now support Virtual Local Area Networks or VLANs. VLANs allow the ports in the switched network to be grouped into multiple broadcast domains. When a frame needs to be flooded out the ports of a switch, it only needs to be flooded out the ports that are associated with the same VLAN as the VLAN on which the frame was received. This is also still prior art.
FIG. 7 depicts the process of flooding a frame out the ports associated with a VLAN instead of all the ports of the switch. A frame is received at the egress line card with either a destination address that is not in the forwarding table or with a multicast or broadcast address. Therefore the frame is to be flooded out all ports associated with the VLAN. One method of selecting the ports for flooding the frame is to maintain a VLAN port mask for each VLAN on a switch such as is depicted in FIG. 8. In this example, each line card maintains a VLAN Port mask for each VLAN in use by any of the ports on the line card. The mask includes a 1 value for each port that is a logical network segment for that VLAN and a 0 for each port that is not part of the VLAN. So in FIG. 7 when flooding a frame out the ports for a VLAN on the line card, the line card can use the VLAN port mask for selecting the ports for forwarding. The egress line card then forwards the frame out the selected VLAN ports on the line card.
The purpose of flooding the frame out all ports or all ports in the VLAN is to be sure the destination sees the frame if the destination address isn't in the forwarding table. The devise address is only added to the table dynamically if the device sends a frame causing the switch to see the device address as the source address in a frame. However, if it is known that the destination address is not on a particular port, there is no reason to flood the frame out that port.
An object of the present invention is to provide a method and mechanism for reducing the flooding of unicast frames for identified network segments on a switch.
Another object of the present invention is to provide a method and mechanism for identifying network segments for which unicast flooding of frames can be eliminated.
Another object of the present invention is to provide a method and mechanism for identifying ports to be excluded from unicast flooding at the time of frame forwarding.
Another object of the present invention is to provide a method and mechanism for preventing a dynamically learned MAC address from aging out of the forwarding table.
Another object of the present invention is to provide a method and mechanism for preventing the flooding of unicast frames on a network segment that supports multiple VLANs when not all VLANs even when not all configured VLANs are being utilized.
Finally, it is an object of the present invention to accomplish the foregoing objectives in a simple and cost effective manner.