1. Field of the Invention
The present invention relates to transparent bridging technology, more particularly to arrangements for providing transparent bridging between local area networks having multiple proxy devices serving as entry points for communication across a wide area network.
2. Description of the Related Art
Transparent bridging technology is a popular mechanism for interconnecting local area networks. Transparent bridges, popular in Ethernet/IEEE 802.3 Networks, are so named because their presence and operation are transparent to network hosts. When transparent bridges are powered on, they learn the network topology by analyzing the source address of incoming frames from all attached networks. If, for example, a bridge sees a frame arrive on line 1 from host A, the bridge concludes that host A can be reached through the network connected to line 1. Through this process, transparent bridges build a table that can be used for traffic forwarding.
Once the bridge has built a forwarding table, the bridge can forward a frame, received on one of the bridge ports, by looking up the frame""s destination address in the forwarding table. If the forwarding table contains an association between the destination address and any bridge port other than the inbound port having received the frame, the bridge outputs the frame on the indicated port. If no association is found, the frame is flooded to all ports except the inbound port.
A design assumption with transparent bridging is for any particular media access control (MAC) address at any particular time, there will be at most one path through the transparent bridged network by which that MAC address can be reached. This design assumption is typically implemented through the use of the spanning-tree algorithm, which detects and eliminates any loops created by two or more transparent bridges by causing a sufficient number of bridge ports to enter a xe2x80x9cblockingxe2x80x9d mode. By eliminating all loops in the network, the only way a MAC address could be reachable through the multiple paths would be if more than one device advertised the same MAC address; since it is a violation of the IEEE 802.3 specification for an individual MAC address to be used by more than one device within a bridged network, the reachability of a MAC address by multiple paths is normally not an issue.
A limitation of transparent bridging technology is that there is no information contained within a packet to inform the bridge device the path from where the packet came, or the path to where the packet is destined. For example, the IEEE 802.5 token ring LAN specification describes source-route bridging (SRB) as a technique for bridging local area networks. Source-route bridging algorithms add the complete source-to-destination route in all inter-LAN frames sent by the source, such that all source route bridges store and forward the frames as indicated by the route appearing in the appropriate frame field.
FIG. 1 is a diagram illustrating an exemplary source-route bridged network 10. Assume that host X in FIG. 1 wishes to send a frame to host Y, and that initially host X does not know whether host Y resides on the same token ring (IEEE 802.5) local area network (LAN 1) or a different LAN segment. Hence, host X sends out a test frame onto LAN 1. If the test frame traverses around the token ring of LAN1 and returns to host X without a positive indication that host Y has seen the test frame, host X assumes that host Y is on a remote LAN segment. Different techniques may be used to learn a route through a source-route bridge, for example all-route explorers or single-route explorers. In the case of all-route explorers, host X sends an explorer frame to determine the remote location of host Y. Each bridge 12a, 12b receiving the explorer frame copies the frame onto all outbound ports. Route information is added to the explorer frames as they travel through the internetwork 10 via bridges 12c and 12d. When the explorer frames initially generated by host X reach host Y on LAN2, host Y replies to each received explorer frame using the accumulated route information. Upon receipt of all response frames that specify their respective paths, host X chooses a path based on predetermined criteria.
The route information is accumulated in a routing information field (RIF), specified under IEEE 802.5. A RIF is included only in those frames destined for other LANs, and the presence of routing information within the frame is indicated by the setting of the most significant bit within the source address field, called the routing information indicator (RII) bit.
As readily apparent from the foregoing, a limitation of transparent bridging technology is that there is no RIF functionality in IEEE 802.3 based networks, hence there is no information contained within a packet to inform the bridge device from where the packet came, or to where the packet is destined. This limitation is readily apparent from conventional Ethernet IEEE 802.3 networks as a packet will only have one path through a network.
New mechanisms have been developed for reliable transfer of traffic from an Ethernet IEEE 802.3 local area network across a wide area network. The consequences of these advances is that limitations which were not crucial for local operation of the Ethernet/802.3 local area network have become more cumbersome. For example, there are certain devices (e.g., and stations) in the network, referred to as xe2x80x9cproxiesxe2x80x9d, which represent a large number of other devices (e.g., end stations) elsewhere in the network; traffic destined for these end stations are accepted by the proxies, and traffic from these end stations enter the transparently bridged LAN through these proxies. One common example of this type of proxy device is a data link switching (DLSw) peer device, as described in RFC 1795.
Data link switching (DLSw) was developed as a means of transporting IBM Systems Network Architecture (SNA) and Network Basic Input/Output System (NetBIOS) traffic over a IP Network. The DLSw serves as an alternative to source route bridging protocols that were used for transporting SNA and NetBIOS traffic in token ring environments. The principal difference between source route bridging and DLSw revolves around support of local termination. SNA and NetBIOS traffic rely on link-layer acknowledgements and keep-alive messages to ensure the integrity of connections and the delivery of data. For connection-oriented data, the local DLSw node or router terminates data-link control. Therefore, link-layer acknowledgments and keep-alive messages do not need to traverse a wide area network. DLSw nodes or routers use a switch-to-switch protocol (SSP) for establishment and maintenance of DLSw circuits across a wide area network. The DLSw nodes encapsulate packets in TCP/IP for transport on IP based networks, using TCP as a means of reliable transport between DLSw nodes.
The use of DLSw type proxy devices does not create a problem in conjunction with transparent bridging, so long as there is only one such proxy device connected to the transparently-bridged LAN, or so long as no set of two or more of these devices can provide proxy services for a particular MAC address. Hence, only a single proxy device may provide proxy services for a transparently-bridged local area network segment, resulting in reliability concerns if the proxy device fails. As such, failure of a single network device such as the proxy could result in a loss of connectivity from a large number of end stations. However, efforts at improving network reliability by adding a redundant proxy seem unattainable as it violates the basic design assumption of transparent bridging, since the added proxy would give the appearance of providing two separate paths to a single resource in a transparent bridged network.
This problem is readily apparent from the example of a proxy device being unable to determine whether an incoming frame originated from an end station on the local LAN, or originated from a second proxy device on that same LAN. This results in two separate problems. First, assuming the proxy device uses source address information from the packet to xe2x80x9clearnxe2x80x9d the location of the source device using that MAC address (as a transparent bridge normally does), this could cause the source proxy device to mistakenly conclude that the source device was attached to the local LAN, when in fact the source device is attached to a completely different LAN that is reachable by the second proxy device via a wide area network. This could cause the proxy device to make an incorrect forwarding decision for future packets.
In addition, if the received frame is a type to xe2x80x9cexplorexe2x80x9d for a certain device device (e.g., LLC1 TEST frame, NetBIOS Name Query frame, etc.) and it originated from another proxy on the network, the receiving proxy device, believing the frame to have been generated locally, may forward the explore frame back to the remote LAN which originated the explorer frame; at best this is wasteful of proxy processor and bandwidth resources, and at worst this could result in an xe2x80x9cexplorer loopxe2x80x9d, where the same explorer frame circles continuously across the wide area network, using vast amounts of local and wide area network resources and risking a system-wide crash.
There is a need for an arrangement in a transparently-bridged wide area network, where proxy devices attached to the same LAN can effectively learn the location of a device by its MAC address, without generation of errors due to the presence of multiple proxy devices.
There is also a need for an arrangement enabling explorer frames to be used by end stations for location of other end stations, without the occurrence of explorer looping in local area networks having multiple proxy devices coupled to a local area network, for communication with other proxy devices across a wide area network.
There is also need for an arrangement where proxy devices can distinguish between explorer frames originated from an end station on a transparent bridging domain, as opposed to other proxy devices coupled to an associated local area network.
These and other needs are obtained by the present invention, where an address substitution is performed in a frame, received by a proxy device from a wide area network, for transmission onto a local area network having multiple proxy devices. Hence, proxy devices connected to the same local area network may distinguish between frames output by another proxy device and frames generated by end stations on the local area network.
According to one aspect of the present invention, a method is provided of determining a reachability between first and second end stations coupled to respective first and second local area networks. The method includes outputting from the first end station onto the first local area network a first frame having a source address identifying the first end station and a destination address identifying the second end station. The first frame is received by first and second proxy devices coupled to the first local area network. The first frame is sent by the first and second proxy devices, via a wide area network, to respective third and fourth proxy devices coupled to the second local area network. Each of the third and fourth proxy devices outputs a modified first frame onto the second local area network for reception by the second end station. In particular, the modified first frame is generated by replacing the source address identifying the first end station in the first frame with a new source address identifying the corresponding proxy device. The replacement of the source address with a new source address identifying the corresponding proxy device enables the third and fourth proxy devices to be able to identify that the modified first frame detected on the second local area network was generated by another proxy device, as opposed to an end station on the second local area network. Hence, the duplicate generation of frames across the wide area network is eliminated, providing a robust and stable internetworking system that enables multiple proxy devices to be connected on a single local area network.
Another specific feature of this aspect is the selective processing of frames or response frames received by a proxy device based on a detected correlation between the received frame and information stored in caches or databases associated with processing states in the network. For example, any frame received by a proxy device on a local area network is compared to a proxy list to determine if the source address of the received frame corresponds to another proxy device, enabling the proxy device having received the frame to distinguish between frames generated by end stations and frames forwarded by proxy devices on the local area network. In addition, each proxy device includes an associated pending request database, enabling the proxy device to associate a response frame to a pending request issued by the proxy device. As such, this aspect enables each of the proxy devices to maintain an inventory of outstanding requests, such that a remote reachability cache is updated only if a response frame is associated with a previously-submitted frame. Hence, the possible generation of loops within the wide area network is eliminated by selective generation of the response frame in the proxy devices based on stored requests in the pending request database.
Another aspect of the present invention provides an internetworking system including a wide area network, a first local area network, and a second local area network. The first local area network includes (1) a first end station configured for outputting a first frame having a source MAC address identifying the first end station and a destination MAC address, and (2) first and second proxy devices coupled to the first local area network for outputting the first frame as first and second canureach frames onto the wide area network, respectively, based on the destination MAC address. The second local area network includes (1) a second end station having a MAC address corresponding to the destination MAC address of the first frame, (2) a third proxy device configured for outputting a first modified frame onto the second local area network, having a MAC address of the third proxy device as the corresponding source MAC address and the MAC address of the second end station as the corresponding destination MAC address, in response to reception of the first canureach frame, and (3) a fourth proxy device configured for outputting a second modified frame onto the second local area network, having a MAC address of the fourth proxy device as the corresponding source MAC address and the MAC address of the second end station as the corresponding destination MAC address, in response to reception of the second canureach frame.
Additional advantages and novel features of the invention will be set forth in part in the description which follows, and in part will become apparent to those skilled in the art upon examination of the following or may be learned by practice of the invention. The advantages of the invention may be realized and attained by means of the instrumentalities and combinations particularly pointed out in the appended claims.