1. Field
Embodiments of the invention relate to the field of network processing; and more specifically, to counting Media Access Control (MAC) addresses moves.
2. Background
A layer 2 network bridge (data link layer in the Open Systems Interconnection Basic Reference Model (OSI MODEL), ISO/IEC 7498-1, Nov. 15, 1994) is a device used to connect multiple computing devices from one network to other network(s). The bridge scans incoming data frames for the source MAC address and the destination MAC address. A MAC address is typically a globally unique address of a physical network interface card inside a computing device and usually does not change for the life of the computing device.
A network bridge dynamically builds a forwarding structure based upon the source MAC addresses of the frames it receives and the ports associated with those MAC addresses. A typical architecture of a network bridge includes at least one control card and multiple line cards. The control card includes a parent bridge forwarding structure which stores a master version of the associations between MAC addresses and ports. The control card distributes the content of the parent bridge forwarding structure to each of the line cards (e.g., to child bridge forwarding structures). Thus, each line card typically has an equivalent child bridge forwarding structure that reflects the information in the parent bridge forwarding structure.
Upon receiving a frame, a processor on the line card performs a lookup in its child bridge forwarding structure to determine if the source MAC address is associated with the port the frame was received on. A source MAC address miss is determined if the source MAC address is not associated with the port the frame was received on. For example, a source MAC address miss exists if the MAC address is associated with a different port than the frame was received on, or if the MAC address is not associated with any ports. If the MAC address is associated with a different port than the frame was received on, the source MAC address has moved. This is referred to as a source MAC address move (e.g., the source MAC address has moved between ports). Source MAC address moves may occur for expected (legitimate) reasons (e.g., the computing device associated with that source MAC address has physically moved locations) and/or unexpected (illegitimate) reasons (e.g., a bridge forwarding loop). A bridge forwarding loop may cause many source MAC address misses in a short amount of time (e.g., at line rate). If there is a source MAC address miss (e.g., either the MAC has moved, or the MAC is unknown) the line card sends a source MAC address miss message to the central processing unit (CPU) of the control card. The CPU updates the parent bridge forwarding structure and distributes the update to each of the line cards, and increments a source MAC address move counter (in case the source MAC has moved to a different port). Depending on the load on the CPU, this process may take several seconds.
Applications exist that attempt to prevent bridge forwarding loops. For example, the Spanning Tree Protocol (STP) (described in Institute of Electrical and Electronics Engineers (IEEE) standard 802.1D, Jun. 9, 2004) is a commonly used scheme to prevent network loops. A STP application, when performed correctly, may prevent a bridge forwarding loop by blocking one or more ports. However, in some circumstances, a STP application or other network loop prevention applications are unable to prevent a bridge forwarding loop. For example, STP must be configured at each of the ports of the network in the bridge to prevent bridge forwarding loops. On some occasions, a network administrator may incorrectly configure STP which may lead to STP not being configured on each of the ports. As another example, other types of bugs (hardware or software), and/or other configuration errors, cause the loop prevention application to fail (i.e., to not detect the loop).
As an additional safeguard to the loop prevention applications, many network bridges also perform a source MAC address move detection application. Typically, the source MAC address move detection applications blocks ports in a similar fashion as a STP application to resolve a bridge forwarding loop. Since not all source MAC address moves are for unexpected reasons, the source MAC address move detection algorithm is not performed until a certain threshold of source MAC address moves are met over a given time interval (e.g., five source address MAC moves in a period of time of 5 seconds). Typically a CPU in the control card of the network bridge counts the source address MAC moves and determines whether to execute the MAC address move detection application.