1. Field of the Invention
The invention relates generally to the field of networking devices. More particularly, the invention relates to a method and apparatus for forwarding network packets with a unified packet Internet Protocol (IP) flow-based cache using the cache lookup key as a packet tag.
2. Description of the Related Art
A number of different processes are performed by network devices, such as bridges, routers, switches, firewalls, gateways or other Internet access products, on each received or transmitted packet. For example a typical list of tasks performed by a router might include: (1) applying Network Address Translation (NAT), (2) applying packet filtering, and (3) routing the packet.
A lookup in a complete routing table of a network device can be quite slow. Therefore, many networking devices implement some kind of caching functionality to speedup packet processing. Typically, the most recent forwarding decisions are stored in separate table (the forwarding cache) that is optimized for fast lookup. If a packet flow has been classified and a subsequent packet can be handled using the cache information, the forwarding path is typically called the “fast path.” If no cache entry is present, the packet is forwarded based on the full routing table. This forwarding path is called the “slow path.” The same kind of caching mechanism can also be applied to NAT and filtering. Older products typically used independent caches for each type of functionality. An exemplary forwarding flow using separate caches is illustrated by the following:                Read header information from the packet.        Make lookup in the NAT cache. If cache hit, then perform NAT actions (e.g., translate addresses in the IP header). Otherwise, send the packet to the NAT module for slow path processing.        Make lookup in the filtering cache. If cache hit, then perform filtering actions (e.g., pass or discard packet). Otherwise, send the packet to the filtering module for slow path processing.        Make lookup in the forwarding/routing cache. If cache hit, then perform routing actions (e.g., forward packet on the interface specified in the cache entry). Otherwise, send the packet to the forwarding module for slow path processing.        
The fast/slow path concept in the context of routing will now be further described with reference to FIG. 1. In this simplified example, a forwarding flow 100 is illustrated in a router having (1) a fast path that includes processing of a received network packet 105 by a fast path forwarding module 110 and a cache lookup in a forwarding cache 115; and (2) a slow path that includes, in addition to the fast path processing, packet processing by a slow path forwarding module 120 and a full routing table lookup in a routing table 125.
In many cases, the fast path processing is located on a different processing unit than the slow path processing (for example, in a different microengine on the same network processor or on a different network processor). In single processor systems, the fast path code and slow path code are typically executed as different operating system processes. As a result, process scheduling is required when passing the packet to the slow path. While the notion of a fast path and a slow path remain, newer network products often use a concept commonly known as “flow-based forwarding.” The basic idea in flow-based forwarding is to classify the packet once and then perform a single lookup in an unified cache in which each cache entry contains all the information necessary to handle the packet (e.g., information regarding where to forward the packet). However, since the packet-processing functions are often located in separate modules (in some cases run by different processors and/or microengines), it can become quite complex to ensure that the unified cache remains consistent. Additionally, as will be discussed further below, there are other complications involved with the use of a unified cache when one or more of the packet-processing functions modify part of the packet header upon which the cache lookup key is based.