1. Field of the Invention
The present invention relates generally to digital communication networks, and more specifically to a system and method for assigning cell or packet data to one of several processors provided in a data switch.
2. Related Art
Data switches are often used in a telecommunication network to provide connectivity between different end systems. Computer systems accessing each other are examples of end systems. A telecommunication network may include different types of equipment such as access multiplexers, modems, and data switches as is well known in the relevant arts.
A data switch commonly refers to a device which receives data on one port and forwards the data on another port, depending on the desired destination (or target) end system. Data switches often include processors for processing the data to determine, among other aspects, whether to forward a received portion of the data and the port on which to forward the received data.
Data is often sent and received in the form of cells. Cells are commonly used in the context of Asynchronous Transfer Mode (ATM) protocols. ATM cells are maintained to be uniformly small (53 Bytes), which allows for fast and flexible processing of ATM cells from different end systems. For a detailed understanding of ATM, the reader is referred to a book entitled, xe2x80x9cATM: Theory and Applicationxe2x80x9d, (ISBN: 0070603626, Published September 1994 by McGraw-Hill Series on Computer Communications), by David E. McDysan and Darren L. Spohn, which is incorporated in its entirety herewith.
Cells may need to be assigned to one of the potentially several processors provided in a data switch. Such assignment may be required for several reasons. For example, one may wish to balance the load across the available processors. In some situations, some packets may need to be assigned to specialized processors to process the cells.
In yet some other situations, the cells related to a subscriber may need to be assigned to processors designed to provide a desired set of service policies specific to the subscriber. Example embodiments providing such desired set of services to each subscriber include, but are not limited to the following: the aggregate bandwidth which can be used by a subscriber or some of the systems used by the subscriber, firewall parameters (which applications/IP addresses are permitted out/in), security (anti-spoofing, virtual private network with encryption and tunneling) for specified conversations, priority in usage of buffer and bandwidth (e.g., higher priority to interactive applications such as telenet), traffic steering, etc.
Accordingly, it may be required to assign the cell data from a subscriber to one or more pre-specified processors. The assignment of cells to processors may need to be performed in a short duration, at least to avoid excessive buffer requirements. That is, as the cells may be received at a high rate, the assignment may need to be performed within a short duration.
Often, a determination of the subscriber associated with a cell may require examination of several bytes of data encoded in a cell. The determination may need to be performed quickly at least for reasons noted above. For example, a telecommunication network may be implemented using internet protocol (IP) and an IP packet related to a subscriber may be received as a sequence of cells. The determination of the subscriber associated with the IP packet may require examination of IP addresses, port numbers etc., which are located typically in the data in the first cell of the IP packet.
Thus, several bytes of the first cell may need to be examined for a determination of the subscriber to which an IP packet relates to. All the cells forming the IP packet may then need to be assigned to a processor capable of providing the service policies specific to the subscriber.
Therefore, what is needed is a fast and flexible mechanism which allows the assignment of ATM cells to processors contained in a data switch of a telecommunication network. The mechanism needs to permit the examination of several bytes of data encoded in the cells.
The present invention provides an efficient approach for assigning an IP packet to one of multiple processors provided in an internet service node (ISN). The IP packet may be received in the form of a sequence of cells. Each IP packet may be associated with a subscriber and the P packets corresponding to a subscriber may need to be assigned to a processor designed to provide the service policies desired by the subscriber.
The determination of the specific subscriber to which an IP packet relates to may require the examination of the header data of the IP packet. Such is the case at least when cell data destined for multiple subscribers is received on a shared ATM virtual connection as all cells may contain the same VPI/VCI data. In such a situation, the subscriber may be determined by examining the IP destination address located in the IP header.
However, in some situations data further inside the IP packet may need to be examined to determine the subscriber. For example, data related to a subscriber may be received on a specific call of a L2TP tunnel. In such a situation, a received packet may need to be examined for a UDP protocol type, a UDP port number specifying L2TP protocol, a tunnel ID and a Call ID specific to the subscriber.
The present invention enables such examinations to be performed efficiently by using a content addressable memory (CAM) having a search field, mask, and output field for each CAM location. The search field of each location may be configured to store the data identifying a subscriber, and the output field may be configured to store data identifying a processor or a group of processors capable of providing the desired service policies to the subscribers related to the CAM entry.
In addition, the mask for each CAM location may be setup for examination of the bits identifying the subscriber. As an illustration, when data for multiple subscribers is received on a shared ATM connection, a CAM location may be designed to examine only the destination IP address. On the other hand, when data for a subscriber is received on a L2TP tunnel, the mask field of the corresponding CAM location may be set up to examine several more bytes of data.
Thus, when a first (xe2x80x9cheaderxe2x80x9d) cell of an IP packet is received, the header data is provided as an input to the CAM, and the output data identifies a suitable processor. As different CAM entries can have different masks, a matching entry can be found in a single CAM access. The output of the matching entry may either represents a processor (group) identifier or may lead to further accesses to determine the processor.
When the output data does not represent a processor identifier, in the embodiments described herein, the output data either contains an index into an IP table or indicates that additional CAM searches are required to determine a processor (group) identifier. The index is useful to minimize the number of CAM entries. The index may be used to select an entry from a table stored in a fast memory (e.g., SRAM), and the retrieved value may represent the processor identifier or processor group identifier. As an illustration, the CAM entry may examine only the first three bytes of an IP address by choosing an appropriate mask, and thus present a matching entry for 255 IP addresses. The additional access to the fast memory may provide the specific processor identifier.
Additional CAM searches are generally required when a CAM does not contain sufficient number of bits in the search field to identify a subscriber. For example, when subscriber data is received using a L2TP tunnel, it may be required to examine more number of bits than that available in a search field of a single CAM location. In such circumstances, some of the bits may be examined in a first search and the others in a subsequent search. Only if a match is detected for all the searches, a match is deemed to have occurred.
In an embodiment described in the present application, only two searches may be required. However, embodiments requiring additional approaches are contemplated to be within the scope and spirit of the present invention. The searches may be required depending on the formats for the protocols and the number of bits which need to be examined.
The above-noted features can be implemented in either access ports receiving cells from subscribers or trunk ports receiving cells destined for the subscribers in an embodiment of an ISN. The ISN may include multiple processor groups, with a single group typically being configured to process IP packets related to a subscriber. In addition, a switch fabric may be designed to assign cells to one of the groups based on the header of the received cells. Specifically, the VPI/VCI field may uniquely identify the processor group to process the cells received by the switch fabric.
Accordingly, a replacement logic of the present invention determines the processor group by using the CAM, and replaces a portion (e.g., VPI) of the cell header of all cells of the IP packet with the processor group identifier. The switch fabric may then assign all the cells related to an IP packet to the processor group identified by the cell header (VCI/VPI).
Therefore, the present invention provides for a quick and efficient method to assign cells forming an IP packet to a pre-specified processor or processor group by using a CAM with masks for individual locations.
The present invention provides for the determination of an identifier in a single CAM access as each location can be configured with a mask corresponding to the bits which need to be searched for the subscriber (related to the location).
The present invention minimizes the number of required CAM locations by using a single CAM location for a group of IP addresses, and using the output of the CAM access as an index to retrieve the processor or processor group identifier.
The present invention enables a switch fabric to quickly forward IP packets to corresponding processors by substituting the determined processor identifier for the VPI in the cells and by having the switch fabric use the VPI to assign the cells to the processors.