The present invention relates to computer networks, and more particularly, to a method and apparatus for connecting a computer station located on one network, to another station (or stations) located on another network.
Computer networks are made up of computer stations such as PCs, network servers and workstations. These stations are connected to each other via network devices such as repeaters, bridges, switches and routers, each of which is described below.
Communication between two stations connected through a computer network is initiated when one station sends out a request to establish a connection between itself and one or more other stations. That initiative may come from a human user requesting information located on another station, or it may be automatically initiated by a computer program when that program needs to exchange information with another program located on a different station.
The International Standard Organization (ISO) has created a reference model of communication between two stations over a network. This model breaks the communication into 7 layers, and is known as the Open Systems Interconnection (OSI) model. The first layer represents the physical medium at each of the stations. The second layer represents the Data Link. This refers to how the information is divided into packets. Each packet includes fields for the destination address and the source address. These addresses are also referred to as MAC addresses. These addresses are maintained, by convention, by the IEEE. The MAC address designates the vendor that manufactured the device and the device's serial number.
The third layer represents the Network layer. The function of the network layer is routing packets from the source station to the destination station. The Network layer includes network-layer addresses in addition to the MAC-Data Link layer addresses described above. Network layer addresses are composed of a network number (also referred to as a zone or domain) indicating the network on which the station resides and a host number indicating the address within the network of the particular station. As will presently be described below, the host number is different than the MAC (or Data Link layer) address because it is determined locally by the network supervisor, not the IEEE.
The administration of network layer addresses is under the responsibility of the organization that owns the network. Usually the network layer addresses designate a functional group with certain common characteristics, such as permission to access a particular server or share particular resources (printer, communications, etc.). When connecting to a global network such as the Internet, the organization that owns the network must receive a block of network layer addresses, universally administered from that global network administrator, so that there will be no duplication of network addresses.
Thus, there is a major difference in the allocation of addresses between MAC addresses and network layer addresses: MAC addresses are allocated by the device vendor and are thus randomly distributed; network addresses are assigned according to the network operator's wishes and therefore usually designate functional groups.
As mentioned above, communication between stations is performed in packets (also called frames). The source station sends frames, one at a time, to the destination station. Each frame is made up of the various addresses of both the source station and the destination station, as well as information to be transmitted between the two stations. Regarding the addresses, each standard defines the field structure differently. For example, at the MAC layer there are various standards, such as the IEEE 802.3, 802.5, and FDDI. At the network layer, there are many standards, such as the IP protocol, and the IPX protocol. A typical frame format is shown in FIG. 1.
As mentioned above, stations are connected through a network via a number of devices, particularly, repeaters, bridges and switches, and routers. Repeaters are devices that operate at the physical layer of the OSI model. They connect several segments to form a large distance to be covered by the network. Repeaters perform functions of signal processing, such as retiming and signal regeneration. The functions of the repeater do not interfere with the content of the data being transmitted.
Bridges are devices that operate at the Data Link layer of the OSI model. Their operation is defined in the IEEE 802.1D standard. Bridges are used to connect several physical domains (such as two segments) together. Bridges thus isolate physical segments and forward messages from one segment to the other based on the destination address of the frame.
Bridges having multiple ports are sometimes referred to as Switches. They operate as follows:
1. Station A sends a frame to station B (the frame format is described in FIG. 2).
2. The bridge receives the frame and looks at its database to find out through which port it connects to the destination station. (It does this by analyzing the MAC destination address (MDA).)
2.1. If the destination connects to the same port (segment) as the source, the bridge discards, or filters, the frame. PA1 2.2. If the destination connects to another port (segment), the bridge forwards the frame to the appropriate port. PA1 2.3. If the bridge cannot identify the destination location, or when the MDA designates a broadcast or multicast frame, the bridge forwards the frame to all its ports except for the port on which it received the frame. PA1 2.1. If the destination connects to the same port (segment) as the source, the bridge discards, or filters, the frame. PA1 2.2. If the destination connects to another port (segment), the bridge forwards the frame to the appropriate port. PA1 2.3. If the bridge cannot identify the destination location, or when the MDA designates a broadcast or multicast frame, the bridge forwards the frame to all its ports belonging to the same VLAN, and to all ports to which stations belonging to the same VLAN are connected, except for the port on which it received the frame. PA1 1.1. If network number (A)=network number (B), both (A) and (B) connect to the same DLC domain. Therefore, (A) now searches for (B)'s MAC address, and sends the message directly to (B). In this case the router is not involved in the communication between (A) and (B). If (A) does not know (B)'s MAC address, it broadcasts a query to all stations in its DLC domain asking (B) to respond with its MAC address. After (B) responds, (A) will send its frames directly. Device (A) will send the message frame to (B) with the following parameters: PA1 1.2. If network number (A).noteq.network number (B), then (A) and (B) belong to two different DLC domains. In such a case, (A) will communicate with (B) using the router. (A) sends the message frame to the nearest router (R.sub.1) with the following parameters: PA1 1.2.1. If the nearest router (R.sub.1) recognizes (B)'s network number and it knows (B)'s MAC address, it will transmit the frame to network number (B) with the following parameters: PA1 1.2.2. If the router (R.sub.1) does not recognize (B)'s network number, it communicates with the other routers in the global network, asking them for the way to communicate with network number (B). In some network standards, such as IP, if (R.sub.1) does not know where the destination resides, it sends the frame to a default address. When (R.sub.1) receives the information that (B) resides after Router (R.sub.i), it sends (A)'s frames to (R.sub.i) with the following parameters:
3. The switch now looks at the MAC source address (MSA) and registers the presence of the source station on the port where that frame was received in a database. This is a "Learning Process" in which the switch learns the topology of the network.
In some cases, the network supervisor may allow only particular connections within a Local network (LAN). For example, only stations connected to port X on the switch are allowed to communicate with stations connected to port Y. Yet another example is if station Z is allowed to communicate with station W. Such a configuration is called a Virtual LAN (VLAN). The allowed connections are stored in the bridge authorization table. In such a case, when a station initiates a communication with another station via the bridge, the bridge analyzes, in addition to the above, whether both the sending and receiving stations reside on the same VLAN. The bridge would operate as follows:
1. Station A transmits a frame to station B (the frame format is described in FIG. 2).
2. The bridge receives the frame and searches its database to find out if both the source and destination stations belong to the same VLAN. If they do, the bridge searches its database to find out through which port it connects to the destination station. (It does both searches by analyzing the MAC destination address (MDA).) If however, both stations do not belong to the same VLAN (i.e., they are not authorized to communicate with each other) the bridge discards the frame. Assuming both belong to the same VLAN, the process continues as follows:
3. The bridge now checks the MAC source address (MSA) and registers the presence of the source station on the port where that frame was received in a database. This is a "Learning Process" in which the bridge learns the topology of the network.
In addition to the filter and forwarding functions just described, bridges also communicate with other bridges in the network to learn the network topology and to detect closed loops. A closed loop is when bridges are connected in parallel creating a redundancy. Once a closed loop is detected, the bridges collectively decide which link will be operational and which will be stand-by. This mechanism is called "Spanning Tree" and is defined in the IEEE 802.1D standard.
Discussion now turns to Routers. Routers are devices that operate at the network layer. They connect two or more networks having different network numbers. Thus, Routers end the Data Link layer, by connecting several Data Link control domains (these domains are known as MAC, or Data Link Control (DLC), domains).
Routers operate in the following manner:
1. A device (A) connected to a network segment needs to send information to device (B) connected to a different network segment. Device (A) checks (B)'s Network address (NDA) for (B)'s network number.
______________________________________ MDA = MAC address (B) NDA = network address (B) MSA = MAC address (A) NSA = network address (A) ______________________________________
______________________________________ MDA = MAC address (R.sub.1) NDA = network address (B) MSA = MAC address (A) NSA = network address (A) ______________________________________
______________________________________ MDA = MAC address (B) NDA = network address (B) MSA = MAC address (R.sub.1) NSA = network address (A) ______________________________________
If the router does not know (B)'s MAC address, it uses the process described in 1.1 to ask (B) to respond with its MAC address. The different terms `forward` and `transmit,` are used to indicate the different operations of bridges and routers. Bridges forward frames, or packets, of data, meaning that they send an unmodified frame to its destination. By contrast, routers transmit frames, meaning that in addition to forwarding the packet, the packet is processed and is modified to reflect the processing results for the new route.
______________________________________ MDA = MAC address (R.sub.i) NDA = network address (B) MSA = MAC address (R.sub.1) NSA = network address (A) ______________________________________
If R.sub.i physically connects to (B)'s network number, it now follows the procedure described in paragraph 1.2.1. above to transmit the frames to (B). If R.sub.i is not physically connected to network number (B) it follows the procedure outlined in paragraph 1.2.2., until the frames reach Router (R.sub.x) that physically connects to network number (B).
According to the present technology, communication between stations having different network addresses can only be performed via a router, in the method described above. This is true even in a case in which two stations are physically connected by a bridge, because bridges do not process addresses from different networks. This is an undesirable limitation of the current system, because routers are more expensive than bridges. In addition, their transmission rate is low. Also, routers do not forward broadcast messages. Routers do have a much larger capacity for data and can learn complex network topologies spanning thousands of stations, because they maintain a database of networks, not a database of individual stations. There is therefore a widely recognized need for, and it would be highly advantageous to have, a device featuring the simplicity of a bridge and the potential to connect between networks like a router. It would be further advantageous to have such a device compatible with current network devices and structures.
One attempt at such a device is described in U.S. Pat. No. 5,309,437. Here a Bridge-Like Internet Protocol (BLIP) router is disclosed. This device operates like a bridge for non-TCP/IP traffic, and in a bridge-like manner for TCP/IP traffic. The objectives of the BLIP are two:
(1) Reduce the amount of inter-network broadcast frames that may lead to broadcast storms. The BLIP limits ARP broadcast requests to the local segment by responding to ARP requests, eliminating the need to forward such requests to the entire network; and
(2) Transmit even those IP packets too large to be transmitted by a bridge and would therefore have been discarded by a conventional bridge.
That patent indicates that the above objectives are solved using routers, yet routers are complex and expensive devices. Therefore it offers a new device--the BLIP, to achieve these objectives. The BLIP, however, operates as a router in route calculations, thus maintaining the router's adverse limitation of long processing and calculation time. It would be highly advantageous to have a device that reduces the router's long processing and route calculation times, thereby increasing the overall network throughput.
BLIPs operate under several assumptions:
(1) An IP "extended network" is sub-segmented into subnets, where each port of the BLIP corresponds with a different subnet.
(2) All hosts and routers are unaware of the subnet level of addressing, and all of the subnets in the extended network are perceived to be in the same network.
(3) The source host issues an ARP request to determine the MAC address of its intended destination.
Yet in real IP networks, where the extended network is sub-segmented into subnets, hosts and routers are aware of the subnet level. Therefore a source host will not issue an ARP request, but will direct any message addressed to a station located on a different subnet to a router. It would be highly advantageous to have a device that overcomes the limitations of prior-art bridges and routers, but does not limit itself to the BLIP operational assumptions.
The BLIP operates as follows:
(1) The BLIP re-directs all inter-subnet traffic to itself by intercepting all ARP requests and generating ARP replies using a special address code: "All Adjacent BLIPs" (AAB), as the requested destination's MAC address.
(2) The BLIP generates periodic ARP requests to update its databases.
(3) If the host station generates a message wherein the destination is located within the extended network on a different subnet, but uses an MDA other than the special AAB address, the BLIP will issue a special "redirect" command to that host station, in order to have the station send further frames directly to the BLIP.
(4) When the BLIP receives an IP frame, it ignores the MAC address, and makes routing decision based only on the IP NDA.
While the BLIP does accomplish the first objective of its design, it has many shortcomings:
(1) Analogous to a router, every BLIP makes route calculations based on the IP NDA. This takes a relatively long time, increases the delay of the network, reduces the network throughput, and increases the response time.
(2) The BLIP actively redirects each frame of inter-subnet traffic to itself, and actively generates periodic ARP requests to update its databases.
(3) The BLIP assumes that hosts and routers are unaware of the network subnets, and therefore the hosts initiate communications using an ARP request.
(4) The BLIP further assumes that every physical port has a different subnet address.
(5) The BLIP also assumes that all stations within its extended network belong to the same network number. Further, it learns only IP subnets that belong to the same extended network.
It would be highly advantageous to overcome the above limitations, and design a device that (1) enables faster routing decisions in order to reduce the network response time and increase the network throughput; (2) is a passive device that does not increase the network load; (3) assumes that all devices are aware of network subnets; and (4) enables the flexibility of connecting every station regardless of its location, and does not pose any limitation on network or subnet location.
There is thus still a widely recognized need for, and it would be highly advantageous to have, a network device for transferring packets maintaining the simplicity of a bridge, and still having the capacity to span networks as a router, particularly if the device would not impose its own limitations or restrictions on any network. The Network Switch addresses all the above issues, and satisfies the need for better LAN performance and connectivity flexibility.