In a network, in order to enable a network device on layer 4 to layer 7 (hereinafter referred to as a L4˜L7 network device for simplicity) to perform various service processing to packets of a service stream, i.e. a session, a typical switch architecture inside the L4˜L7 network device is provided, which mainly includes a service control unit, a service processing unit and an interface.
FIG. 1 is a schematic diagram illustrating an internal structure of a L4˜L7 network device according to the prior art. As shown in FIG. 1, the typical switch architecture inside the L4˜L7 network device is presently as follows: in the L4˜L7 network device, an interface is connected with a service processing unit fixedly, and all the service processing units are connected with a service control unit through a connection unit. After receiving a packet, an interface, e.g. interface 1, of the L4˜L7 network device transmits the packet to service processing unit 1 which is fixedly connected with interface 1. After receiving the packet from interface 1, service processing unit 1 transmits the packet to the service control unit, if determining that the packet belongs to an unestablished session, i.e. the packet is a first packet of a session, and the service control unit will accomplish various session control processing including establishing a new session and a TCP half connection. Then, the service control unit transmits information about the session and session processing actions to service processing unit 1 through the connection unit, and service processing unit 1 performs corresponding service processing to packets according to the received information about the session and session processing actions. After receiving the packet from interface 1, service processing unit 1 will directly perform, if determining that the packet belongs to an established session, corresponding service processing to the packet according to stored session information and session processing actions.
It can be seen from the above description and FIG. 1 that, in the prior art, an interface and a service processing unit of the L4˜L7 network device are bound with each other, i.e. one service processing unit is fixedly connected with one interface. As such, each service processing unit can process only packets of the interface bound with it. If some interfaces of the L4˜L7 network device have a large traffic amount whereas others have a little traffic amount, service processing units corresponding to the interfaces with a large traffic amount will have a heavy load. Under this circumstance, the packet processing speed will decrease and a bottle neck appears. Other service processing units, however, are in idle state, which dramatically decreases the packet processing capability of the L4˜L7 network device.
In the prior art, if one service processing unit of the L4˜L7 network device fails, all services processed by the service processing unit are interrupted, which dramatically decreases the service quality of the L4˜L7 network device.
Furthermore, in the prior art, since the interface and the service processing unit are bound with each other, and the service processing capability rests on performance of a single service processing unit, it is impossible to provide high-speed speed-limited service processing port (e.g. 10GE port). Also, in the prior art, the service control unit processes packets centrally, which may cause a bottleneck on the processing capability, and it is hard to extend.