The invention relates to transfer of packets over a computer network, and more particularly to the use of a virtual local area network (VLAN) to address packets to a desired group of users throughout a wide area network.
When a source computer transmits a packet onto a computer network, ordinarily the packet is transferred to every computer connected to the network as a potential destination computer. Each potential destination computer reads the destination address of the packet. In the event that the destination address indicates that the computer should receive the packet, the computer copies the packet into its memory and xe2x80x9creceivesxe2x80x9d the packet, otherwise the computer ignores the packet.
Two levels of addressing are typically used in computer networks, the physical address and the Internet Protocol (IP) address. The physical address is usually assigned to a computer by the manufacturer, and is referred to as the xe2x80x9clayer 2xe2x80x9d address as it is recognized and used by source and destination computers at layer 2 of the Internet Protocol communications model. A synonym of xe2x80x9clayer 2xe2x80x9d address is the term xe2x80x9cMedia Access Addressxe2x80x9d (MAC address). The xe2x80x9clayer 3xe2x80x9d address is referred to as the Internet Protocol address (IP address), and it is used by xe2x80x9clayer 3 proceduresxe2x80x9d of the Internet Protocol communications model.
During typical operation of a computer network, a packet is received by a computer based on its physical, or MAC, address. Computers connected to a computer network may be roughly categorized as xe2x80x9cend stationsxe2x80x9d, a xe2x80x9clayer 2 switchxe2x80x9d or bridge, and a xe2x80x9clayer 3 switchxe2x80x9d or router. When the IP address is for the same computer as the MAC address, the computer is typically an end station and receives the packet. A layer 2 switch, or bridge, typically joins to small local area networks, typically referred to as xe2x80x9csubnetsxe2x80x9d, and forwards the packet from a first subnet to a second subnet. A local area network is referred to as a xe2x80x9cLANxe2x80x9d (plural, LANS).
A layer 3 switch, or router, receives a packet having the MAC address of the router and an IP address of a computer on a different subnet. The router, in response to the IP address in the layer 3 address field of the packet, routes the packet on its journey to the computer designated by the IP address of the packet. The router routes the packet from a source network to a destination network, in response to the IP address carried in the packet.
The MAC destination address field of a packet may indicate that the packet is addressed to a specific computer (unicast address), or may indicate that all computers on the network are designated to receive the packet (multicast address). Virtual Local Area Networks (VLANs) were introduced in order to provide a convenient way to have a selected group of computers receive a packet, in contrast to having only two choices of one computer or all computers receive the packet.
The VLAN construction, in an exemplary VLAN implementation, uses a router to define VLANs. A router typically has a plurality of ports, and each port may be connected to a different subnet, to a wide area network, to another router, etc. The VLAN implementation defines selected ports of a router to be members of a particular VLAN. The router then forwards a packet arriving on a port defined as a member of a particular VLAN onto all ports having the same VLAN designation, and onto no other ports. A plurality of routers may connect different subnets belonging to the same VLAN by having the ports of each router designated as ports for that particular VLAN. For example, VLANs implemented using Ethernet subnets typically are implemented by using selected ports of a router to define each VLAN. It is a common practice to use a xe2x80x9ccolorxe2x80x9d designation to specify a VLAN. Thus, certain ports of a router may be designated as the xe2x80x9credxe2x80x9d VLAN ports, other ports the xe2x80x9cbluexe2x80x9d VLAN ports, still other ports the xe2x80x9cgreenxe2x80x9d VLAN ports, etc.
Another VLAN implementation is defined in IEEE Standard 802.1Q, (IEEE Draft Standard P802.1Q/D10, dated Mar. 22, 1998, all disclosures of which are incorporated herein by reference). Each packet carries a xe2x80x9ctagxe2x80x9d which identifies the packet as belonging to a VLAN. For example, a two byte field is defined as a xe2x80x9cTag Control Informationxe2x80x9d (TCI) format to carry VLAN, priority, and xe2x80x9ccanonicalxe2x80x9d information. The VLAN identification is 12 bits and is referred to as the xe2x80x9cVIDxe2x80x9d field. The priority field is 3 bits, and so can represent 8 priority layers, from 0 to 7. The xe2x80x9ccanonicalxe2x80x9d indicator is 1 bit and designates the method of ordering the significant bits in the fields (canonical or noncanonical). The canonical indicator is referred to herein as the xe2x80x9cCFIxe2x80x9d tag, or CFI tag field. The structure of the Tag Header is more fully described in Clause 9.3 of IEEE 802.1Q, especially for different types of frames, Ethernet, SNAP SAP encoded, etc.
Secure Data Exchange (SDE) is defined in the IEEE Standard 802.10 (IEEE Standard 802-10-1998, Approved 17 Sep. 1998, all disclosures of which are incorporated herein by reference). An SDE designator field in a packet occupies the first three octets in the LLC header, and a SDE packet has the values 0A0A03 in the SDE designator field. Non SDE entities, including stations, bridges, routers, etc., ignore a packet having a SDE designator. Accordingly, a SDE packet is transmitted by a computer which writes an SDE designator field, and is received by only those computers which interpret the SDE designator field. Therefore, packets with an SDE designator field behave much as do packets with a virtual local area network identification assignment, in that the SDE designator is equivalent to a VLAN ID.
Further, VLAN identification is included in an encapsulating header, for example, an encapsulating header for Ethernet packets. The ISL format of Cisco Systems, Inc. provides a 12 bit VLAN identification in an encapsulating header for Ethernet packets, as set out in the document xe2x80x9cConfiguring Routing between VLANs with ISL Encapsulationxe2x80x9d, available on the Web page at www.cisco.com maintained by Cisco Systems, Inc., all disclosures of which are incorporated herein by reference.
VLANs are widely used today in communications using Ethernet (IEEE 802.3) LANs. Particularly, a VLAN may be implemented on geographically separated Ethernet LANs by the ISL format of Cisco Systems, Inc. used to provide a trunk connection between the two geographically separated Ethernet LANs. The xe2x80x9ctrunkxe2x80x9d connection is logically many VLANs sharing the same communications path. An example of geographically separated Ethernet LANs may be one LAN in New York City and the other in San Francisco, with a VLAN capable media connection between the two LANs implementing VLAN format. The IEEE 802.1Q standard protocol is similar to the Cisco Systems, Inc. ISL format and may also be used to join geographically separated LANs into a VLAN with tagged packets. The advantage of using the VLAN format is that only those computers receiving a particular tag, for example, red, or blue, or green, etc., will receive the tagged packets, and thereby reduces the number of computers receiving the tagged packets.
Data Link Switching (DLSw) is defined in RFC 1795 (Internet Engineering Task Force, Request for Comments 1795, April 1995, all disclosures of which are incorporated herein by reference) as a means for interconnecting a first network served by a first router to a second network served by a second router by operating a TCP/IP connection between the two routers. An encapsulating protocol referred to as Switch to Switch (SSP) protocol encapsulates the packets received from the networks before transmission over the TCP/IP connection, as set out in RFC 1795. These two routers are referred to as the xe2x80x9cDLSw routersxe2x80x9d because a port of each is used to establish the DLSw connection between the two networks. In a widely used configuration, both the first network and the second network are source routed networks such as an IEEE 802.5 Source Route Bridge (SRB) network. Accordingly, the first and second networks comprise IEEE 802.5 token rings connected by SRB bridges to form SRB subnets, and a plurality of SRB subnets may be interconnected by routers to form either the first network or the second network. In this exemplary embodiment, a DLSw connection over TCP/IP between two routers (layer 3 switches) interconnects two SRB networks. Each of the SRB networks may implement VLAN identification by use of one of the above mentioned VLAN methods, or by other methods. However the DLSw connection over TCP/IP does not preserve the VLAN identification.
Additionally, the DLSw routers may be connected to a variety of different types of networks. For example, a port of the DLSw router may connect to an SRB network, another port may connect to an Ethernet network, another port may connect to an IEEE 802.1Q network, etc. And each of the types of networks may implement VLAN identification by use of any of the VLAN identification methods mentioned above, or by other methods.
A problem in using DLSw communication over TCP/IP between two networks is that VLAN identification (Ethernet, SRB, or otherwise) which is established in the networks is not preserved over the DLSw connection. A further problem in attempting to establish VLAN identification over DLSw communication is that the protocols are established in legacy equipment. Any change in a protocol must interoperate with legacy equipment so as to not obsolete the installed base of existing equipment.
There is needed a simple method to provide VLAN identification over DLSw interconnection of a variety of networks, so that a packet routed from a VLAN within the source network will be received by only those stations identified as members of a corresponding VLAN within the destination network. And in the event that the packet is routed between other networks by a legacy router which does not preserve VLAN identification, then the method should interoperate correctly with the legacy router and with other legacy equipment.
The invention provides a Virtual Local Area Network (VLAN) over a DLSw interconnection so that VLAN identification is preserved as a packet is forwarded from a source VLAN over the TCP/IP link of the DLSw interconnection to a corresponding destination VLAN. Steps of the method include receiving a packet assigned to a VLAN by a first router. The first router determines the VLAN assignment of the packet, either by identifying the packet type (Ethernet, IEEE 802,5, etc.) and then parsing the packet header to learn the VLAN identification, or in routers having ports assigned to a VLAN by simply noting the port through which the packet arrived at the first router. An encapsulated packet is then built by the first router for transmission over a TCP/IP connection with an encapsulating SSP header. An indicia of the VLAN identification is written into the SSP header using previously reserved fields. The encapsulated packet is then transmitted over the TCP/IP network to a second router. The second router receives the encapsulated packet and parses the header of the received encapsulated packet, in order to read the VLAN identification from the header. The second router then builds a VLAN packet in response to the VLAN identification read from the header and transmits the packet onto a destination VLAN corresponding to the source VLAN.
The parser in the router receiving a VLAN packet from a local area network is universal as it responds to the type of packet and type of VLAN information of the received packet, and then parses the packet in order to learn the VLAN to which the packet is assigned. The parser then writes VLAN information into a data structure in the router memory. The parsed data from the received packet may include the following information: the VLAN identification field; a user priority identification field; a CFI tag field; etc., and these information fields are written into the data structure maintained in the router memory. The information fields in the data structure are assigned to the particular packet as it is processed by the router. Finally, as the outgoing encapsulated packet is being built by the router, the fields of the data structure are read by the processes building the packet, and the information read from the data structure is written into fields of the encapsulating header.
When the encapsulated packet is received by the second router, the VLAN fields are read from the encapsulating header, written into a data structure of the receiving second router and assigned to the particular packet. Processes building an outgoing packet then read the data structure and write the information into appropriate fields of the outgoing packet, in response to both the type of the outgoing packet and the type of the destination VLAN.
Other and further aspects of the present invention will become apparent during the course of the following description and by reference to the accompanying drawings.