Blade servers which have an enclosure capable of housing multiple removable servers called blades have been developed and are becoming widely used. Each of the blades in a blade server includes hardware components such as a central processing unit (CPU), a memory, an input/output (I/O) bus, and a storage that are required for the blade to function as a server. The blade server also contains a switch blade which aggregates networks of the blades and controls packet forwarding between blades and to an external switch. Each blade can be connected to another blade in the blade server or to an external network through the switch blade.
In many network environments, a single blade server is shared by multiple divisions or business operations, which requires the switch contained in the switch blade to perform traffic separation according to the divisions or business operations in addition to traffic separation using conventional VLANs. In order to enforce switch partitioning according to divisions or business operations, facility called extended VLAN has been provided that enables partitions different from those of conventional VLANs to be dynamically set on the same switch.
FIG. 28 illustrates settings of a conventional VLAN and an extended VLAN. As illustrated in FIG. 28, multiple ports (ports 1 to 16) are provided in a switch 2800 which constitutes a switch blade. While the ports are provided on the same switch 2800, they are logically partitioned into groups using VLANs. For example, on the downlink side of the switch 2800 in FIG. 28, ports 1 and 2 are logically partitioned into VLAN group 1, ports 3 and 4 into VLAN group 2, port 5 into VLAN group 3, ports 6 to 8 into VLAN group 4, and ports 9 and 10 into VLAN group 5. On the uplink side, ports 11 to 13 are set to VLAN groups 1 to 3 and ports 14 and 15 to VLAN groups 4 and 5 (Port 16 in the example in FIG. 28 is reserved).
Each of the ports logically partitioned into the groups using VLANs is assigned a VLAN ID indicating the VLAN group to which the port belongs as follows:
VLAN group 1: VLAN ID 10
VLAN group 2: VLAN ID 20
VLAN group 3: VLAN ID 30
VLAN group 4: VLAN ID 10
VLAN group 5: VLAN ID 50
To forward any packets to an intended destination through the use of the switch 2800, the Media Access Control (MAC) address of the destination written in the packets are referred to first. A MAC address table for packet routing is maintained in an internal memory of the switch 2800 or an external memory accessible to the switch 2800. The MAC address table contains MAC addresses associated with the ports on the switch 2800.
The switch 2800 searches the MAC address table for a port having a MAC address that matches the MAC address of the destination and the VLAN group and causes the packet to be output through that port. In addition, the switch 2800 allows logical partitions to be dynamically set using extended VLANs as mentioned previously.
In the exemplary switch 2800 in FIG. 28, ports 1 to 5 on the downlink side and ports 11 to 13 on the uplink side belong to extended VLAN group A (with the extended VLAN ID of A) and ports 6 to 10 on the downlink side and ports 14 to 16 on the uplink side belong to extended VLAN group B (with the extended VLAN ID of B). Accordingly, when one wants to use partitioning other than logical partitioning using VLANs, packet forwarding based on settings of extended VLAN IDs such as extended VLAN ID A for Division 1 and extended VLAN ID B for Division 2 can be performed.
The details of the related art depicted in Patent document 1 and Patent document 2.
[Patent Document 1]
National Publication of International Patent Application No. 2007-532070
[Patent Document 2]
Japanese Laid-Open Patent Publication No. 2004-336501
However, when multiple logical partitions using extended VLANs are applied to conventional switches, the combination of MAC address and VLAN ID needs to be unique. Specifically, the same combination of MAC address and VLAN ID cannot be associated with different extended VLAN IDs. This is because if the same combination of MAC address and VLAN ID exists for more than one set of partition information, the controller of the switch learns entries of a forwarding database (FDB) by using only the VLAN ID and MAC address as keys without reflecting the extended VLAN ID. As a result, the switch attempts to pass a packet to a wrong port beyond the extended VLAN boundary and therefore the packets are discarded due to the extended VLAN violation.
The problem described above arises when the same MAC address value and the same VLAN ID value are set and the switch 2800 determines the destination of packets by referring to only the MAC address and VLAN ID written in incoming packets. Suppose for example a packet with destination MAC address A1 which is logically partitioned using extended VLAN ID A is input in the switch 2800 in FIG. 28. The input packet is output through a port (for example port 1) that has been learned as the port associated with MAC address A1. Here, “learned” means that association between the MAC address and the port through which the packet is to be forwarded to the MAC address has been set in a particular table (for example the MAC address table described above).
Then, suppose that another packet with the same MAC address A1 is input into the switch 2800 in FIG. 28 through port 2 which belongs to VLAN group 1 (with VLAN ID 10) associated with extended VLAN ID A. At this time, the switch 2800, which has to forward the packet, learns that a station with VLAN ID 10 and MAC address A1 is connected to port 1, as described above. Accordingly, when a packet with destination MAC address A1 is input through port 2 which belongs to VLAN group 1, the packet is output through port 1 in accordance with the learned information in the MAC address table.
Suppose that a packet with the same destination MAC address A1 logically partitioned using extended VLAN ID B is input into the switch 2800 in the state described above. In this case, the packet needs to be forwarded to a port associated with extended VLAN ID B. However, port 1 which has previously been learned with extended VLAN ID A will be incorrectly recognized as the output port.
For example, suppose a packet with destination MAC address A1 is input in the switch 2800 through port 6 which is logically partitioned using extended VLAN ID B and belongs to VLAN group 4 with the same VLAN ID 10. This time it is to be expected that the port is not learned yet and that the packet is to be output to ports (7, 8 and either 14 or 15) that belong to VLAN 10 in the extended VLAN B. Note that if an uplink includes multiple physical ports, those ports are treated as a single logic port with a technique called link aggregation. Specifically, a packet is forwarded to one of the physical ports on the basis of the MAC address or other identification.
However, the packet associated with VLAN ID 10 and with MAC address A1 is incorrectly recognized as being connected to port 1. Based on the incorrect recognition, the switch 2800 attempts to forward the packet to port 1, resulting in an extended VLAN violation (forwarding beyond the extended VLAN boundary), therefore the packets are discarded. Consequently, there has been a problem that correct routing is inhibited and packets are discarded.
Furthermore, when more than one types of logical partitioning are used using extended VLANs, packets cannot be forwarded from one blade server to another through an external switch because there would be more than one combination of MAC address and VLAN ID.
FIG. 29A illustrates operation for requesting communication between blade servers through an external switch. When packets received on the switch 2800 are to be forwarded to another blade server through the external switch 2900, the packets received on the switch 2800 from a downlink would be forwarded to a port different from the port at which the packets were received through the external switch 2900 connected to an uplink as depicted as route R1 in FIG. 29A.
In this case, however, the combination of MAC address and VLAN ID exist in both of extended VLAN groups A and B and the port group boundary would be crossed. This operation is an extended VLAN setting violation and the packets will be discarded.
FIG. 29B illustrates actual operation in blade server communication through an external switch. As illustrated in FIG. 29B, a MAC address that causes packets to pass through the external switch 2900 is assigned to the packets input from a downlink. In this actual operation, an incorrect packet output port is recognized inside the switch 2800. Packets that attempt to go across the border between groups A and B are discarded and correct packet forwarding cannot be achieved.