1. Field of the Invention
The present invention relates to a technique for assigning a VLAN based on a physical address on a network.
2. Description of the Related Art
There is known a VLAN (Virtual LAN) as a technique for dividing a network (broadcast domain) in a Layer 2 Ethernet® switch. The VLAN technique logically divides a network and thereby can divide a network on the same switch. Further, there is known a MAC VLAN as a function for assigning the VLAN based on the physical address (MAC address) of a terminal. The MAC VLAN assigns, to a terminal group consisting of terminals having a specifics physical address, a VLAN ID which is an identifier indicating the same VLAN, i.e., a specific VLAN. Further, the MAC VLAN has a function of assigning, to an unauthenticated terminal, i.e., a terminal whose MAC address has not been registered in the Ethernet switch, a VLAN ID different from the abovementioned VLAN ID.
A configuration of a conventional L2 (Layer 2) switch having a MAC VLAN function will be described using the drawings. FIG. 9 is a block diagram showing a configuration of the conventional L2 switch having a MAC VLAN function. FIG. 10 is a view showing a MAC VLAN table memory in the conventional L2 switch having a MAC VLAN function. FIG. 11 is a view showing an FDB (Forwarding DataBase) in the conventional L2 switch having a MAC VLAN function. FIG. 12 is a view showing a VLAN table memory in the conventional L2 switch having a MAC VLAN function.
As shown in FIG. 9, a conventional L2 switch 7 having the VLAN function includes a switch LSI 51, an input port 52, an output port 53, a CPU 54, and an external I/F 55. The switch LSI 51 includes a MAC VLAN table search section 511, a MAC VLAN table memory 512, a VLAN table memory 513, a VLAN table search section 514, an FDB 515, an FDB search section 516, and an output port determination section 517. The input port 52 is a port to which a packet is input. The output port 53 is a port that outputs a packet input via the input port. The CPU 54 passes, to the VLAN table search section 514, information received from a console via the external I/F 55 which is an interface between the Ethernet switch and console.
The MAC VLAN table memory 512 is a memory for storing an SA (Source address: address indicating transmission source of packet) formed by a MAC address which is a 48-bit physical address and a VLAN ID which is a 12-bit identifier in association with one another, as shown in FIG. 10. The MAC VLAN table memory 512 is constituted by a CAM or a hash table. The MAC VLAN table search section 511 searches the VLAN table memory 512 using the SA formed by a MAC address as a table search key to acquire the VLAN ID associated with the MAC address as data.
The FDB 515 is a database for managing the VLAN ID, a DA (Destination address: address indicating destination of packet) formed by the MAC address, and output port information indicating a specific output port in association with one another, as shown in FIG. 11. Since the FDB 515 has a large number of entries (up to 32K) and a large search key size (bit), it is generally constituted as a hash table. The FDB search section 516 searches the FDB 515 using the DA formed by the MAC address as a table search key to acquire the output port information associated with the MAC address as data.
The VLAN table memory 513 is a memory for managing the VLAN ID and VLAN member information indicating VLAN membership in association with one another, as shown in FIG. 12. Since the VLAN table memory 513 requires 4096 entries, it is constituted by an SRAM. The table controller 514 searches the VLAN table memory 513 using the VLAN ID as a table search key to acquire VLAN member information as data.
Operation of the conventional L2 switch having a MAC VLAN function will next be described. FIG. 13 is a flowchart showing operation of the conventional L2 switch having a MAC VLAN function.
When a packet is input to the input port, the MAC VLAN table search section 511 extracts the DA, SA, and VLAN ID (hereinafter, referred to as “VID”) from the packet that has been input (hereinafter, referred to as “input packet”) (S501). The DA and SA each are the MAC address. The MAC VLAN table search section 511 then determines whether a port to which the input packet has been input is a port for MAC VLAN (S502).
In the case where the port to which the input packet has been input is a port for MAC VLAN (YES in S502), the MAC VLAN table search section 511 searches the MAC VLAN table memory 512 using the MAC address (SA) as a table search key to acquire the VID as data (S503). Further, the MAC VLAN table search section 511 assigns the VID to a variable VID1 as VID′ (S504).
Subsequently, the FDB search section 516 searches the FDB 515 using the MAC address (as VID1 and DA) as a table search key to acquire the output port information as data (S505a). The table controller 514 searches the VLAN table memory 513 using the VID1 as a table search key to acquire the VLAN member information as data (S505b). The steps S505a and S505b are executed at the same timing.
After the output port information and VLAN member information are obtained by the FDB search section 516 and VLAN table search section 514, the output port determination section 506 determines an output port of the input packet based on the output port information and VLAN member information (S506).
In the case where it is determined in step S502 that the port to which the input packet has been input is not a port for MAC VLAN (NO in S502), the MAC VLAN table search section 511 assigns the VID included in the input packet to the variable VID1 (S507).
As described above, the conventional L2 switch having a VLAN function uses the SA as an argument to acquire the VID′ which is a previously set VID and obtain the output port information and VLAN member information based on the VID′ and DA. Further, the conventional L2 switch having a MAC VLAN function determines an output port based on the output port information and VLAN member information.
As a conventional art relating to the present invention, there is known a network switching system that reduces the traffic of a main router so as to reduce cost (refer to, e.g., Patent Document 1: Jpn. Pat. Appln. Laid-Open Publication No. 10-190715).
When the conventional L2 switch does not use the MAC VLAN function, it can obtain the output port information and VLAN information by using the VID and DA included in the input packet. On the other hand, when the conventional L2 switch uses the MAC VLAN function, it needs to perform a process of obtaining the VID′ by using the SA as an argument in order to acquire the output port information and VLAN information. The increase in the number of processes may increase latency in packet transfer as compared to the case where the MAC VLAN function is not used.