WO2002019638A2 - Method and apparatus for searching a filtering database with one search operation - Google Patents

Method and apparatus for searching a filtering database with one search operation Download PDF

Info

Publication number
WO2002019638A2
WO2002019638A2 PCT/CA2001/001226 CA0101226W WO0219638A2 WO 2002019638 A2 WO2002019638 A2 WO 2002019638A2 CA 0101226 W CA0101226 W CA 0101226W WO 0219638 A2 WO0219638 A2 WO 0219638A2
Authority
WO
WIPO (PCT)
Prior art keywords
identifier
entry
data packet
switch
vid
Prior art date
Application number
PCT/CA2001/001226
Other languages
French (fr)
Other versions
WO2002019638A3 (en
Inventor
David A. Brown
Original Assignee
Mosaid Technologies Incorporated
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mosaid Technologies Incorporated filed Critical Mosaid Technologies Incorporated
Priority to GB0304263A priority Critical patent/GB2382495B/en
Priority to DE10196582T priority patent/DE10196582B3/en
Priority to KR1020037003068A priority patent/KR100863105B1/en
Priority to CA2420878A priority patent/CA2420878C/en
Priority to AU2001287434A priority patent/AU2001287434A1/en
Publication of WO2002019638A2 publication Critical patent/WO2002019638A2/en
Publication of WO2002019638A3 publication Critical patent/WO2002019638A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4604LAN interconnection over a backbone network, e.g. Internet, Frame Relay
    • H04L12/462LAN interconnection over a bridge based backbone
    • H04L12/4625Single bridge functionality, e.g. connection of two networks over a single bridge
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10TECHNICAL SUBJECTS COVERED BY FORMER USPC
    • Y10STECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10S707/00Data processing: database and file management or data structures
    • Y10S707/953Organization of data
    • Y10S707/959Network
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10TECHNICAL SUBJECTS COVERED BY FORMER USPC
    • Y10STECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10S707/00Data processing: database and file management or data structures
    • Y10S707/99931Database or file accessing
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10TECHNICAL SUBJECTS COVERED BY FORMER USPC
    • Y10STECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10S707/00Data processing: database and file management or data structures
    • Y10S707/99931Database or file accessing
    • Y10S707/99933Query processing, i.e. searching

Definitions

  • the first Ethernet LAN (“Local Area Network”) was implemented on a shared medium, such as a single co-axial cable connecting all devices in the LAN.
  • the shared medium imposed a signal length restriction on the physical medium and a limit to the number of devices that could be connected to the LAN because only one device could transmit data at a time on the shared medium.
  • a switch provides a means of increasing the size of a LAN by providing a bridge between groups of devices connected on the same physical medium or LAN segment.
  • the LAN can be viewed as multiple LAN segments connected together by one or more switches. For example, if a first port in the switch is connected to a first LAN segment and a second port in the switch is connected to a second LAN segment.
  • the switch acts as a bridge between the LAN segments by forwarding data packets destined for a device comiected to the second LAN segment from the first LAN segment.
  • Each device connected to the LAN segment in the LAN is assigned a unique Media Access Control ("MAC") address.
  • Each data packet includes a MAC source address assigned.to the device transmitting the data packet and the MAC destination address of the device to which the data packet is to be forwarded.
  • MAC Media Access Control
  • the switch determines whether a data packet received on one LAN segment is to be forwarded on another LAN segment by associating a destination MAC address with a port in the switch; that port is connected to the LAN segment on which the MAC address resides. This association may be stored in a static forwarding entry in a forwarding table in the switch.
  • a static forwarding entry is explicitly configured by management action and is not modified during the operation of the switch. For example, if device A is connected to LAN segment A and LAN segment A is connected to port 1 in the switch, a static forwarding entry for device A associates the MAC address for device A with port 1. If device A is physically moved to segment B connected to port 2 in the switch, the static entry in the forwarding table for device A is not automatically updated to forward to port 2 instead of port 1.
  • a reconfiguration of the switch by management action is required to update a static forwarding entry.
  • the association between a MAC address and a port in the switch can be learned during operation of the switch instead of being explicitly configured in a static forwarding entry in the switch. Learning allows associations between MAC addresses and ports in the switch to be dynamically created and modified during operation of the switch. A learned association is stored in a dynamic forwarding entry in the forwarding table in the switch, h order to learn MAC addresses, the switch listens to data packets transmitted on all LAN segments connected to ports in the switch. The dynamic entry associates the MAC address with the port connected to the LAN segment from which a data packet is sourced.
  • the switch creates a new dynamic forwarding entry in the forwarding table upon detecting a MAC address stored in the source address field included in a data packet which does not have a corresponding forwarding entry in the forwarding table.
  • the switch updates a dynamic forwarding entry associated with a MAC address each time it receives a data packet sourced from the MAC address.
  • the switch For example, if the switch sees a data packet on segment A connected to port 1 with MAC address A stored in the source address field , the switch creates a dynamic forwarding entry in the forwarding table for MAC address A.
  • the dynamic forwarding entry associates MAC address A with port 1. Subsequent data packets received from another port in the switch including MAC address A as the destination address are forwarded through port 1. If the device with MAC address A is moved to another LAN segment connected to port 2 in the switch, the switch learns the new association upon receiving a data packet on port 2 from MAC address A.
  • the switch updates the dynamic forwarding entry for MAC address A to forward data packets to MAC address A through port 2 instead of port 1.
  • Broadcast traffic increases because upon receiving a data packet for an unknown MAC address, a broadcast packet is forwarded to all devices connected to the LAN in order to learn forwarding information for the unknown MAC address.
  • the broadcast data packet includes a special MAC address sourced by one MAC address, which is forwarded to all other devices connected to the LAN.
  • unicast traffic that is, a data packet which is transmitted from a single source address to a single destination address, broadcast traffic cannot be limited to a single LAN segment.
  • a solution for reducing broadcast traffic in a LAN is provided by logically segmenting the LAN into Virtual Local Area Networks ("NLAN").
  • NLAN Virtual Local Area Networks
  • a method for logically segmenting a LAN into VLANs is described in the Institute of Electric and Electronic Engineers ("IEEE") P802.1Q standard, hi a switch supporting VLANS a broadcast data packet is only forwarded through a port if the port is a member of same VLAN from which the data packet was received. Thus, broadcast traffic is only forwarded to devices which are members of the same VLAN on which the broadcast data packet was sourced.
  • IEEE Institute of Electric and Electronic Engineers
  • each data packet forwarded on the LAN includes a VLAN Identifier ("VID") identifying the VLAN from which the data packet was sourced.
  • VID VLAN Identifier
  • Membership of a VLAN is based on an assigned logical address, the VID, rather than a physical address. Thus, members of a VLAN need not be members of the same physical LAN segment. All traffic on the LAN, including broadcast, unicast and Multicast data traffic is restricted to the virtual VLAN on which it is sourced, by limiting the forwarding of traffic to members of the VLAN identified by the VID included in the data packet.
  • a device can only communicate with a member of a VLAN if the device is also a member of the VLAN identified by the VID included in the received data packet.
  • a VLAN contains broadcast traffic within the VLAN in which the broadcast packet is sourced and provides security for data transfer between members of the VLAN.
  • a forwarding decision stored in a static forwarding entry or a dynamic forward entry is dependent on both the VID and the MAC address included in the received data packet.
  • a MAC address may be a member of more than one VLAN requiring either a static or dynamic forwarding entry in the forward table for each VLAN in which the MAC address is a member. If the switch implements independent learning, a plurality of dynamic forwarding entries are provided for a MAC address, one for each VLAN in which the MAC address is learned.
  • the switch may implement shared learning. Shared learning allows forwarding information learned for a MAC address on one VLAN to be shared by other VLANs in a given set of VLANs. The forwarding information is used for forwarding decisions taken for that MAC address.
  • each VLAN in the switch is associated with exactly one Filter Identifier ("FID").
  • FID Filter Identifier
  • a plurality of VIDs are assigned to a FID. Only the VID is forwarded in a data packet, the FID is randomly assigned by the switch and used internally in the switch, hi a shared learning switch all learned information for independent learning or shared learning is stored in a dynamic forwarding entry in the forwarding table associated with a FID instead of a VID.
  • Explicitly configured forwarding information is stored in a static forwarding entry associated with a VID.
  • a switch may simultaneously support both shared learning and independent learning.
  • Shared VLAN learning allows learned MAC address information to be shared amongst a set of VLANs because only one dynamic forwarding entry associated with a FED is stored in the forwarding table for the FID.
  • the switch even though the MAC address forwarding information is shared amongst the set of VLANs in the FID, the switch only forwards a data packet through a port that is a member of the VLAN from which the data packet was sourced. This forwarding decision can be made through the use of egress filtering.
  • broadcast traffic is restricted to the VLAN from which it is sourced and security is provided between VLANs.
  • Fig. 1A illustrates a prior art forwarding table 130 implemented in a shared learning switch.
  • the prior art forwarding table 130 includes static forwarding entries 130 and dynamic forwarding entries.
  • the static forwarding entry 132 associates a forward vector 140 with a MAC address 136b and a VID 138.
  • the dynamic entry 134 associates a forward vector 140 with a MAC address 136a and a FID 142.
  • the forward vector 140a, 140b is a bit map including a bit for each port in the switch indicating the port or ports through which the data packet is to be forwarded.
  • the VID 138 in the static forwarding entry 132 is the same VID included in the data packet received by the switch.
  • the FID 142 stored in the dynamic forwarding entry 134 is associated with set of VLDs or a single VID.
  • a forwarding entry associated with the MAC address and the VID included in a received data packet may be stored in a static forwarding entry 132 or a dynamic forwarding entry 134 dependent on whether the MAC address was learned by the switch or explicitly defined by management.
  • two searches of the forwarding table 130 are required to determine a forwarding decision for a forwarding entry associated with a MAC address and VID included in a received data packet.
  • the first search searches for a static forwarding entry 132 dependent on the VID 138 included in the data packet, or a default VID.
  • a default VID is assigned to the data packet dependent on the port at which the data packet was received if a VID is not included in the data packet.
  • a second search is performed for a dynamic forwarding entry 134 including the FID 142 assigned to the VID 138 by the switch and the MAC address 136a.
  • a switch including a translator and a filtering database which performs a single search.
  • the translator provides a translated identifier for an identifier associated with a data packet received by the switch.
  • the translated identifier includes a group identifier corresponding to a virtual LAN group (FID) and a group member number corresponding to an identified virtual LAN (VID).
  • the filter data base stores a static entry and a dynamic entry.
  • the static entry stores a forwarding decision for the data packet associated with the translated identifier.
  • the dynamic entry stores a forwarding decision for the data packet associated with the group identifier included in the translated identifier and the group member number set to don't care.
  • the translated identifier allows a filtering database to provide the forwarding decision stored in the static entry or the dynamic entry for the identifier from a single search operation.
  • the group identifier included in the translated identifier is stored in both the static entry and the dynamic entry, hi the dynamic entry the group member number is set to don't care.
  • a single search operation can be used to find a match for the identifier which can be stored in either the static entry or the dynamic entry in the filtering database.
  • the group member number identifies one of several members associated with the group identifier.
  • the filtering database may be a Content Addressable Memory.
  • the Content Addressable Memory may be a ternary Content Addressable Memory for supporting a don't care condition.
  • the identifier may be stored in a header included in the received data packet or a default identifier assigned to the received data packet by the switch.
  • Fig. 1 A illustrates a prior art forwarding table 130 implemented in a switch supporting shared learning
  • Fig. IB illustrates a prior art data packet which may be received on an ingress port in the switch
  • Fig. 1C illustrates a prior art Ethernet data link layer (L2) header which may be included in the data packet shown in Fig. 1 A;
  • L2 Ethernet data link layer
  • Fig. 2 is a block diagram of a switch including forwarding logic for forwarding received data packets to VLANs connected to ports in the switch;
  • Fig. 3 is a block diagram of the forwarding logic shown in Fig. 2;
  • Fig. 4 is a block diagram of the translator in the forwarding logic shown in Fig. 3;
  • Fig. 5 is a block diagram of the filtering database in the forwarding logic shown in
  • Fig. 6 is a flowchart illustrating a method for selecting a forward vector for a received data packet.
  • Fig. IB illustrates a prior art data packet 100.
  • the data packet includes a physical layer (LI) header 102, a data link layer (L2) header 104, a network layer (L3) header 106 and a transport layer (L4) header 108.
  • a payload for the data packet is stored in a data field 110 and the data packet 100 also includes a checksum 112.
  • Fig. IC illustrates a prior art Ethernet protocol header stored in the data link (L2) header 104 shown in Fig. IB.
  • the length of the Ethernet protocol header is a fixed number of bits which is specified by the standard Ethernet protocol.
  • the data link (L2) header 104 includes a 6-byte L2 destination address field 114, a 6-byte L2 source address field 116, a Virtual Local Area Network Identifier ("VID") field 118 and a 2-byte length/type field 120.
  • the VID 118 includes a Tag Protocol Identifier ("TPrO") 118a and Tag Control Information (“TCI”) 118b.
  • TPrO Tag Protocol Identifier
  • TCI Tag Control Information
  • FIG. 2 is a block diagram of a switch 200 including forwarding logic 210 for determining a forwarding decision for data packets received at ingress ports 206a-b.
  • the number of egress ports 208a-b and ingress ports 206a-b is not limited to the two shown in Fig. 2. hi one embodiment, twenty-six egress ports 208a-b and ingress ports 206a-b are provided in the switch 200.
  • the switch 200 includes an ingress ports engine 216, an egress ports engine
  • the forwarding logic 210 in the ingress ports filters the data packet 100 to determine if the data packet 100 is to be forwarded to an egress port 208a-b in the switch 100 or discarded; that is, dropped.
  • the forwarding logic 210 includes a filtering database 302.
  • the filter data base includes a static entry 500 and a dynamic entry 502.
  • Each static entry 500 and dynamic entry 502 includes a pointer to a forward vector 202.
  • the pointer to a forward vector is associated with a VLD 118 (Fig. IC) and MAC DA 114 (Fig. IC) included in the data link layer (L2) header 104 (Fig. IB) of the received data packet.
  • a static entry 500 is explicitly added to the filtering database 302 by management action.
  • a dynamic entry 502 is learned by the switch 200.
  • a data packet 100 is forwarded if there is a static entry 500 or a dynamic entry 502 stored in the filtering database 302 associated with a VID 118 (Fig. IC) and MAC DA 114 (Fig. IC) included in the data packet 100. If no static entry 500 or dynamic entry 502 is provided for the data packet 100, the data packet 100 is dropped. If there is a static entry 500 or a dynamic entry 502, the dynamic entry 500 or the static entry 502 provides the location of a forward vector 202 for the data packet 100. The forward vector 202 identifies one or more egress ports 208a-b through which the data packet 100 is to be forwarded.
  • Physical LAN segment 212a includes devices 204a-c and 204i-j.
  • Physical LAN segment 212b includes devices 204d-h.
  • a device 204a-j may be a host computer, a client computer, a terminal, a workstation or any other device which can be connected to a LAN.
  • Physical LAN segment 212a is connected to the switch 200 through ingress port 206b and egress port 208b.
  • Physical LAN segment 212b is connected to the switch through ingress port 206a and egress port 208a.
  • the devices 204a-j connected to physical LAN segments 212a-b are also members of Virtual Local Area Networks ("VLANs") 214a-e.
  • VLANs Virtual Local Area Networks
  • Members of a VLAN 214a-e need not be members of the same physical LAN segment 212a-b because membership of a NLAN 214a-e is based on a logical address rather than a physical address.
  • Members of a NLAN 214a-e are assigned the same logical address or VID.
  • the VID is definable and configurable by management action.
  • the NID can be stored in the NID field 118 (Fig. IC) in the data link layer (L2) header 104 of the data packet or can be assigned dependent on ingress port 206a-b by the switch 200 upon detecting a received data packet with no NID.
  • a NID allows members of the same NLA ⁇ 214a-e to communicate as if they were on the same physical LAN segment 212a-b.
  • Each device 204a-j can only communicate with a member of a Virtual LAN 214a-e if the device is also a member of the VLAN 214a-e.
  • VLAN 214a includes devices 204b, 204c and 204h.
  • Virtual LAN 214b includes devices 204a, 204e and 204h.
  • VLAN 214c includes devices 204f, 204g and 204h.
  • VLAN 214d includes devices 204d, 204e and 204h.
  • VLAN 214e includes devices 204i and 204j.
  • Device 204h and device 204e are members of more than one NLAN 214a-d.
  • Device 204h is a member of NLANs 214a-d and device 204e is a member of VLANs 214b and 214d.
  • a device 204a-j may be a member of more than one VLAN in order to provide a specific service or security within each VLAN.
  • device 204h may be a server computer and devices 204a-g client computers.
  • device 204h in order for device 204h to communicate with devices 204a-g, device 204h must be a member of at least one VLAN 214a-d in which each of the devices 204a-g is also a member.
  • a set of VLANs 214a-e maybe associated with a filter identifier ("FID") to allow shared learning amongst the set of VLANs.
  • FID filter identifier
  • each VLAN 214a-e is associated with exactly one FID 230a-b.
  • VLANs 214a-d are members of FID 230a and VLAN 214e is a member of FID 230b.
  • the switch assigns a FID 230a to the set of VLAN s 214a-d.
  • Shared learning allows information learned for a MAC address on one VLAN to be shared amongst all VLANs associated with a FID 230a-b. For example, as shown in Fig.
  • device 204h is connected to physical LAN segment 212b and is a member of VLANs 214a-d and FID 230a.
  • a data packet including a VTD for any of VLANs 214a-d and a destination address set to the MAC Destination Address ("DA") for device 204h is forwarded through egress port 208a.
  • DA MAC Destination Address
  • device 204h is moved to physical LAN segment 212a and the new port information is learned through a data packet received from device 204h with VID set to the identifier for VLAN 214a, this information is shared with the other VLANs 214b-d in the FID 230a because the set of VLANS share a dynamic forwarding entry associated with the MAC address for device 204h.
  • VLAN 214e associated with FID 230b supports independent learning.
  • the VLAN 214a-e to which a data packet 100 is to be forwarded by the switch 200 is identified by the VID stored in the VID field 118 in the data link layer (L2) header 104 in the received data packet 100.
  • L2 data link layer
  • device 204e Before transmitting the data packet, device 204e stores the VID for VLAN 214b in the VID field 118 and the MAC address for device 204a in the destination address field 114 of the data link (L2) layer header 104.
  • the data packet 100 is received at ingress port 206a by the ingress ports engine 216.
  • the forwarding logic 210 in the ingress ports engine 216 selects a forward vector 202 to forward the data packet through egress port 208b.
  • the forward vector 202 is associated with a static entry 500 or a dynamic entry 502 in a filtering database 302 in the forwarding logic 210.
  • the forward vector 202 selected is dependent on the VID and the MAC destination address included in the data packet.
  • the switch 200 Having selected a forward vector 202 for the received data packet 100, the switch 200 stores the data packet 100 forwarded on data_in 228 in segment buffer memory 224.
  • the location at which the data packet is stored is selected by the packet storage manager 220 through segment buffer address 226.
  • the packet storage manager 220 is described in co-pending U.S. Patent Application Serial Number 09/386,589 filed on August 31, 1999 entitled "Method and Apparatus for an Interleaved Non-Blocking Packet Buffer" by David A. Brown which is incorporated herein by reference in its entirety.
  • the egress ports engine 218 reads the data packet 100 stored in segment buffer memory on data-out 232 and then forwards the stored data packet to one or more egress ports 208a-b selected by the forward vector.
  • Fig. 3 is a block diagram of the forwarding logic 210 shown in Fig. 2.
  • the forwarding logic 210 includes a VID to VID' translator 300, a filtering database 302 and a forward vector table 304.
  • the filtering database 302 includes a static entry 500 and a dynamic entry 502.
  • a static entry 500 includes a MAC address and a VID.
  • a static entry 500 is explicitly configured by management action.
  • a dynamic entry 502 includes a MAC address and a FID.
  • a dynamic entry 502 is learned by the switch 200.
  • a static entry 500 is selected dependent on the VID associated with the data packet.
  • the VID may be included in the received data packet 100 or assigned by the switch 200.
  • a dynamic entry 502 is selected dependent on the FID assigned by the switch 200 to the VID associated with data packet 100.
  • Filtering database 302 is preferably a ternary Content Addressable Memory ("CAM") supporting a don't care state.
  • CAM ternary Content Addressable Memory
  • a search key is supplied to the memory through a special comparand register.
  • the CAM returns an address associated with the search key if data stored in the memory matches the search key.
  • the returned address is a pointer to a forward vector stored in the forward vector table 304 associated with the contents of the dynamic entry 502 or the static entry 500.
  • the entire CAM is searched for either a static entry 500 or a dynamic entry 502 matching the search key in a single clock cycle.
  • a ternary CAM is capable of storing and searching either a logic 0,1, or 'don't care' ("x") in a single cell. If one of the bits stored in static entry 500 or a dynamic entry 502 is set to 'x', a match occurs for a search key storing a T or '0' in the bit. For example, if an entry stores "lOOx", a search key set to "1001" or to
  • the filtering database 302 is described later in conjunction with Fig. 5.
  • the static entry 500 and the dynamic entry 502 stores a translated VID (a VID') associated with a MAC address according to the principles of the present invention.
  • the translated VID is provided by the VID to VID' translator 300.
  • a data packet 100 received at ingress port 206a or 206b may include a VID stored in the VID field 118 (Fig. IC). If a VID is stored in the received data packet 100, the VID is extracted from the data packet 100 by the ingress ports engine 216 in the switch 200 and forwarded on VID 306 to the VID to VID' translator 300. If there is no VID included in the data packet 100, a default VID is generated by the switch and forwarded on VID 306. In a port-based VLAN, the default VID may be selected dependent on the ingress port 206a-b at which the data packet 100 was received.
  • the VID 306 is translated to a VID' 310 by the VID to VID' translator 300.
  • the VID to VID' translator 300 is described later in conjunction with Fig. 4.
  • the VID' 310 and the Media Access Control ("MAC") Destination address (“DA") extracted by the ingress ports engine 216 from the L2 destination address 114 (Fig. IC) included in the received data packet 100 are forwarded to the filtering database 302.
  • MAC Media Access Control
  • DA Destination address
  • the address of the forward vector 312 is forwarded to the forward vector table 304.
  • the address of the forward vector 312 is used to select the forward vector 202 stored in the forward vector table 304 associated with the VID stored in the VID field 118 (Fig. 1 C) and the MAC DA 114 (Fig. IC) stored in the received data packet 100.
  • Fig. 4 is a block diagram of the VID to VID' translator 300 shown in Fig. 3.
  • the VID to VID' translator 300 includes translation entries 400a-e for each of the VLANs 214a-e shown in Fig. 2.
  • VLANs 214a-d are members of the same FID 230a.
  • Four translation entries 400a-d translate VLDs for VLANs 214a-d (Fig. 2) to the same FID 230a.
  • Translation entry 400e translates the VID assigned to VLAN 214e to another FID 230b.
  • Each VLAN 214a-e has a unique VID which may be assigned to the VLAN 214a-e by management action.
  • the VID assigned to each VLAN 214a-e is stored in the VID field 402a-e of the respective translation entry 400a-e.
  • Each translation entry 400a-e also includes a respective VID' field 404a-e.
  • the VID' field 404a-e includes a group identifier field 406a-e and a group member number field 408a-e.
  • the FID 230a assigned to the VLAN or group of VLANs is stored in the group field 406a-d of each VID' field 404a-d.
  • a group member number is stored in the respective group member number field 408a-e.
  • the group member number is unique to each member of a FID 230a-b.
  • the translation entries 400a-e are initialized during initialization of the switch 200 dependent on the switch configuration.
  • the translation entries 400a-e may be initialized by a switch management utility to map VLANs 214a-d to the same FID 230a in order to support shared learning.
  • the translation entries 400a-e may be modified by management action during operation of the switch. hi a shared learning switch, each VLAN in the switch 200 maps to only one FED 230a-b.
  • a FID 230a-b may include one or more VLANs 214 a-e.
  • Fig 4 illustrates translation entries 400a-e for VLANs 214a-e shown in Fig. 2. As shown, VLANs 214a-d are members of the same FED 230a.
  • VLAN 214e is the only member of another FID 230b.
  • the FED 230b assigned to VLAN 214e is '0010 1111 11'.
  • the FID 230a assigned to VLANs 214a-d is "llll 0011 11".
  • the assigned FID 230a, 230b is stored in the group identifier field 406a-e of each VID' field 404a-e in the respective translation entry 400a-e for the VLAN 214a-e.
  • the unique VID assigned to each VLAN 214a-e is stored in the VID field 402a-e in the respective translation entry.
  • the VID field 402a in the translation entry 400a for VLAN 214a stores ' 1011 1111 0011'.
  • the VID field 402b in the translation entry 400b for VLAN 214b stores ' 1010 0010 0011'.
  • the VXD field 402c in the translation entry 400c for VLAN 214c stores '0000 1001 1101'.
  • the VID field 402d in the translation entry 400d for VLAN 214d stores '0101 1011 1111'.
  • the VID field 402e in the translation entry 400e for VLAN 214e stores '0101 1000 1010'.
  • Each VLAN 214a-e in a group of VLANs is assigned a unique group member number.
  • the group member number assigned to VLAN 214a is '00' and is stored in group member number field 408a.
  • the group member number assigned to VLAN 214b is '01' and is stored in group member number field 408b.
  • the group member number assigned to VLAN 214c is ' 10' and is stored in group member number field 408c.
  • the group member number assigned to VLAN 214d is ' 11 'and is stored in group member number field 408d.
  • the group member number assigned to VLAN 214e is '00' and is stored in group member number field 408e.
  • each VID' field 404a-e includes a group identifier field 406a-e and a group member number field 408a-e for each VLAN 214a-e in a FID 230a, 230b.
  • there are two bits assigned to the group member number allowing a maximum of four VLDs per FID 230a-b.
  • the number of VLANs in a group identified by a FID is not limited to four as in the above example.
  • the number of bits in the group member number field 408a-d is log 2 (maximum number of VLANs per FED). For example, in order to support a maximum of eight VLANs per FID, the group member number requires 3 bits (log 2 (8)).
  • Fig. 5 is a block diagram of the filtering database 302 in the forwarding logic
  • the filtering database 302 includes a static entry 500 and a dynamic entry 502.
  • a static entry 500 is administered and remains constant while the switch 200 is operating.
  • device 204i (Fig. 2) can be configured as a static entry for VLAN 214e (Fig. 2).
  • a dynamic entry 502 is learned and may be overwritten with a new value while the switch 200 is operating.
  • a dynamic entry 502 for device 204a maybe overwritten if device 204a is physically moved to another port in the switch 200 requiring updating of the forward vector 202 for device 204a.
  • Both a static entry 500 and a dynamic entry 502 include a respective filtering database MAC DA field 504a-b and a respective filtering database VID' field 506a- b.
  • Each filtering database VID' field 506a-b includes a filtering database group field 508a-b and a filtering database group member number field 510a-b.
  • the database group member number field 510a of a static entry 500 stores the same group member number as is stored in the group member number field 408a-e in the VID' field 404a-e in the VID to VID' translator 300 (Fig. 4).
  • the contents of the VID' field 404a-e are forwarded as a VID' 310 to the filtering database 302.
  • both the group identifier 406a-e and the group member number 408a-e in the VID' 310; that is, the search key must be an exact match.
  • One dynamic filtering database entry 502 is stored per MAC DA associated with a FED 230a-b.
  • the dynamic filtering database entry 502 is shared amongst the set of VLANs in the FID 230a-b.
  • the bits in the filtering database group member number field 510b in a dynamic entry 502 are set to 'xx'; that is, don't cares because the group identifier field 508a is the same for all members of the FID 230a- b and there is only one dynamic filtering database entry 502 which is shared by each VLAN 214a-e in the FED 230a-b .
  • a dynamic filtering database entry match is found if only the group identifier field 406a-e in the VID' 310 matches the respective group identifier field 506b in the dynamic entry 502 because the group member number 510b is set to 'xx' and thus all members of the FID 230a match.
  • the FID assigned to the VID is ' 1111 0011 11'.
  • a matching static entry 500 is found for the VID if the filtering database group identifier 508a is set to '1111 0011 11' and the filtering database group member number is set to '00' in the static entry 500.
  • a matching dynamic entry 502 is found for the FID if the filtering database group identifier is set to " 1111 0011 11" and the group member number is set to 'xx'; that is, don't cares in the dynamic entry 502. Thus, in a single search for '111 0011 1100', a matching dynamic entry 502 or static entry 500 can be found.
  • the forward vector table 304 stores forward vector entries and forwards a forward vector 202 stored at the address of the forward vector 312 to the packet storage manager 220 as shown in Fig. 2.
  • a forward vector 202 is typically a set of bits, with one bit per port in the switch 200. The state of the corresponding port bit in the forward vector 202 determines whether the received data packet 100 is to be forwarded to the egress port 208a-b.
  • the forward vector 202 includes two bits, a bit for egress port 208a and a bit for egress port 208b. The respective port bit is set to "enable forwarding" to enable the received data packet
  • Fig. 6 is a flow chart illustrating a method for selecting a forward vector 202 for a received data packet 100. The method is described in conjunction with Figs. 3- 5.
  • the ingress ports engine 216 examines the received data packet
  • step 602. If there is a VID stored in the VID field 118 (Fig. IC), processing continues with step 602. If not, processing continues with step 604.
  • step 602 the ingress ports engine 216 extracts the VID stored in the VID field 118 (Fig. IC) of the received data packet 100. Processing continues with step
  • the ingress ports engine 216 generates a default VID for the received data packet 100.
  • the default VID may be generated dependent on the ingress port 206a-b (Fig. 2) at which the data packet 100 was received. Processing continues with step 606.
  • the VID to VID' translator 300 searches for a translation entry for the VED 306. Ifthe VDD 306 is known, processing continues with step 608. If not, processing continues with step 614. At step 608, the VID' 310 corresponding to the VID 306 stored in a translation entry 400a-e (Fig. 4) is forwarded to the filtering database 302.
  • step 610 Processing continues with step 610.
  • the filtering database 302 is searched once with a search key.
  • the search key is the MAC DA 308 and the VED' 310. Both static entries 500 and dynamic entries 502 are searched in the single search. A static entry match requires an exact match of the contents of the filtering database group field 508a and the filtering database group member number field 510a of the VED' 310 with the search key. A dynamic filtering database entry 502 match only requires an exact match of the filtering database group field 508b of the VID' 310 with the search key. It is possible to have both a static entry 500 and a dynamic entry 502 for a search key because a static entry 500 is entered by management action and a dynamic entry 502 is learned by the switch. The priority of the entries can be specified when the filtering database 302 is created. If the static entry has higher priority than the dynamic entry 500 and both a static entry 500 and a dynamic filtering database entry 502 are found, the static entry 500 is selected. After a match is found, processing continues with step 612.
  • the address of the matching filtering database entry stored in a static entry 500 or a dynamic entry 502 is forwarded on the address of the forward vector 312 to the forward vector table 304 (Fig. 5).
  • the forward vector 202 is stored at the address of the forward vector 312 in the forward vector table 304 (Fig. 5).
  • the forward vector 202 is the forward vector corresponding to the VID and the MAC DA associated with the received data packet 100.
  • the received data packet 100 is forwarded to the ports selected by the forward vector 202 in the switch 200. Processing is complete.
  • the VID 306 stored in the received data packet 100 is unknown, the data packet is dropped by the switch 200. Processing continues with step 616.
  • the switch 100 sends a data packet to every MAC DA in the VLAN in order to learn the forward vector for the MAC DA. After learning the forward vector, the switch 100 creates a dynamic entry 502 in the filtering database 302. Processing is complete. Each member of a FED is translated such that each member has the same group identifier and a unique group member number. The group member number is stored as 'xx' in a dynamic entry in a filtering database. A single search operation can be used to find a match for a search key stored in either a static entry or a dynamic entry.
  • a single search results in a match for any of the members of a group identified by a group identifier by storing x's for the group member number in the dynamic entry.
  • the number of searches required to find either a static entry or a dynamic entry in a filtering database in order to make a forwarding decision for a received data packet are reduced.

Abstract

Multiple searches of a filtering database increase the time for filtering a data packet received by a switch. A switch including a translator and a filtering database for performing a single search is presented. The translator provides a translated identifier for an identifier associated with a data packet received by the switch. The translated identifier includes a group identifier corresponding to a virtual LAN group (FID) and a group member number corresponding to an identified virtual LAN (VID). The filter data base stores a static entry and a dynamic entry. The static entry stores a forwarding decision for the data packet associated with the translated identifier. The dynamic entry stores a forwarding decision for the data packet associated with the group identifier included in the translated identifier and the group member number set to don't care.

Description

METHOD AND APPARATUS FOR SEARCHING A FILTERING DATABASE WITH ONE SEARCH OPERATION
BACKGROUND OF THE INVENTION
The first Ethernet LAN ("Local Area Network") was implemented on a shared medium, such as a single co-axial cable connecting all devices in the LAN. The shared medium imposed a signal length restriction on the physical medium and a limit to the number of devices that could be connected to the LAN because only one device could transmit data at a time on the shared medium.
A switch provides a means of increasing the size of a LAN by providing a bridge between groups of devices connected on the same physical medium or LAN segment. The LAN can be viewed as multiple LAN segments connected together by one or more switches. For example, if a first port in the switch is connected to a first LAN segment and a second port in the switch is connected to a second LAN segment. The switch acts as a bridge between the LAN segments by forwarding data packets destined for a device comiected to the second LAN segment from the first LAN segment.
Each device connected to the LAN segment in the LAN is assigned a unique Media Access Control ("MAC") address. Each data packet includes a MAC source address assigned.to the device transmitting the data packet and the MAC destination address of the device to which the data packet is to be forwarded.
The switch determines whether a data packet received on one LAN segment is to be forwarded on another LAN segment by associating a destination MAC address with a port in the switch; that port is connected to the LAN segment on which the MAC address resides. This association may be stored in a static forwarding entry in a forwarding table in the switch. A static forwarding entry is explicitly configured by management action and is not modified during the operation of the switch. For example, if device A is connected to LAN segment A and LAN segment A is connected to port 1 in the switch, a static forwarding entry for device A associates the MAC address for device A with port 1. If device A is physically moved to segment B connected to port 2 in the switch, the static entry in the forwarding table for device A is not automatically updated to forward to port 2 instead of port 1. A reconfiguration of the switch by management action is required to update a static forwarding entry.
The association between a MAC address and a port in the switch can be learned during operation of the switch instead of being explicitly configured in a static forwarding entry in the switch. Learning allows associations between MAC addresses and ports in the switch to be dynamically created and modified during operation of the switch. A learned association is stored in a dynamic forwarding entry in the forwarding table in the switch, h order to learn MAC addresses, the switch listens to data packets transmitted on all LAN segments connected to ports in the switch. The dynamic entry associates the MAC address with the port connected to the LAN segment from which a data packet is sourced.
The switch creates a new dynamic forwarding entry in the forwarding table upon detecting a MAC address stored in the source address field included in a data packet which does not have a corresponding forwarding entry in the forwarding table. The switch updates a dynamic forwarding entry associated with a MAC address each time it receives a data packet sourced from the MAC address.
For example, if the switch sees a data packet on segment A connected to port 1 with MAC address A stored in the source address field , the switch creates a dynamic forwarding entry in the forwarding table for MAC address A. The dynamic forwarding entry associates MAC address A with port 1. Subsequent data packets received from another port in the switch including MAC address A as the destination address are forwarded through port 1. If the device with MAC address A is moved to another LAN segment connected to port 2 in the switch, the switch learns the new association upon receiving a data packet on port 2 from MAC address A. The switch updates the dynamic forwarding entry for MAC address A to forward data packets to MAC address A through port 2 instead of port 1.
Increasing the size of a LAN, by providing multiple LAN segments through the use of a switch, increases the bandwidth of the LAN and thus the number of devices that can be connected to the LAN. However, by increasing the number of devices connected to the LAN, the bandwidth consumed by broadcast traffic also increases. Broadcast traffic increases because upon receiving a data packet for an unknown MAC address, a broadcast packet is forwarded to all devices connected to the LAN in order to learn forwarding information for the unknown MAC address. The broadcast data packet includes a special MAC address sourced by one MAC address, which is forwarded to all other devices connected to the LAN. Unlike unicast traffic; that is, a data packet which is transmitted from a single source address to a single destination address, broadcast traffic cannot be limited to a single LAN segment. Thus, as the number of devices connected to a LAN increases, the amount of broadcast traffic increases, reducing the available bandwidth on the LAN regardless of the number of physical LAN segments in the LAN. A solution for reducing broadcast traffic in a LAN is provided by logically segmenting the LAN into Virtual Local Area Networks ("NLAN"). A method for logically segmenting a LAN into VLANs is described in the Institute of Electric and Electronic Engineers ("IEEE") P802.1Q standard, hi a switch supporting VLANS a broadcast data packet is only forwarded through a port if the port is a member of same VLAN from which the data packet was received. Thus, broadcast traffic is only forwarded to devices which are members of the same VLAN on which the broadcast data packet was sourced. h a LAN logically segmented into VLANs, each data packet forwarded on the LAN includes a VLAN Identifier ("VID") identifying the VLAN from which the data packet was sourced. Membership of a VLAN is based on an assigned logical address, the VID, rather than a physical address. Thus, members of a VLAN need not be members of the same physical LAN segment. All traffic on the LAN, including broadcast, unicast and Multicast data traffic is restricted to the virtual VLAN on which it is sourced, by limiting the forwarding of traffic to members of the VLAN identified by the VID included in the data packet. A device can only communicate with a member of a VLAN if the device is also a member of the VLAN identified by the VID included in the received data packet. Thus, a VLAN contains broadcast traffic within the VLAN in which the broadcast packet is sourced and provides security for data transfer between members of the VLAN. By applying VLANs to a LAN, a forwarding decision stored in a static forwarding entry or a dynamic forward entry is dependent on both the VID and the MAC address included in the received data packet. A MAC address may be a member of more than one VLAN requiring either a static or dynamic forwarding entry in the forward table for each VLAN in which the MAC address is a member. If the switch implements independent learning, a plurality of dynamic forwarding entries are provided for a MAC address, one for each VLAN in which the MAC address is learned.
In order to reduce the number of dynamic forwarding entries stored and updated for each learned MAC address, the switch may implement shared learning. Shared learning allows forwarding information learned for a MAC address on one VLAN to be shared by other VLANs in a given set of VLANs. The forwarding information is used for forwarding decisions taken for that MAC address.
To implement shared learning in a switch, each VLAN in the switch is associated with exactly one Filter Identifier ("FID"). For independent learning there is a one-to one correspondence between a VID and a FID. For shared learning, a plurality of VIDs are assigned to a FID. Only the VID is forwarded in a data packet, the FID is randomly assigned by the switch and used internally in the switch, hi a shared learning switch all learned information for independent learning or shared learning is stored in a dynamic forwarding entry in the forwarding table associated with a FID instead of a VID. Explicitly configured forwarding information is stored in a static forwarding entry associated with a VID. A switch may simultaneously support both shared learning and independent learning.
Shared VLAN learning allows learned MAC address information to be shared amongst a set of VLANs because only one dynamic forwarding entry associated with a FED is stored in the forwarding table for the FID. However, even though the MAC address forwarding information is shared amongst the set of VLANs in the FID, the switch only forwards a data packet through a port that is a member of the VLAN from which the data packet was sourced. This forwarding decision can be made through the use of egress filtering. Thus, in a shared learning switch, broadcast traffic is restricted to the VLAN from which it is sourced and security is provided between VLANs.
Fig. 1A illustrates a prior art forwarding table 130 implemented in a shared learning switch. The prior art forwarding table 130 includes static forwarding entries 130 and dynamic forwarding entries. The static forwarding entry 132 associates a forward vector 140 with a MAC address 136b and a VID 138. The dynamic entry 134 associates a forward vector 140 with a MAC address 136a and a FID 142. The forward vector 140a, 140b is a bit map including a bit for each port in the switch indicating the port or ports through which the data packet is to be forwarded. The VID 138 in the static forwarding entry 132 is the same VID included in the data packet received by the switch. The FID 142 stored in the dynamic forwarding entry 134 is associated with set of VLDs or a single VID. A forwarding entry associated with the MAC address and the VID included in a received data packet may be stored in a static forwarding entry 132 or a dynamic forwarding entry 134 dependent on whether the MAC address was learned by the switch or explicitly defined by management. Thus, two searches of the forwarding table 130 are required to determine a forwarding decision for a forwarding entry associated with a MAC address and VID included in a received data packet.
The first search searches for a static forwarding entry 132 dependent on the VID 138 included in the data packet, or a default VID. A default VID is assigned to the data packet dependent on the port at which the data packet was received if a VID is not included in the data packet. If there is no static forwarding entry 132 in the forwarding table 130 associated with the MAC address, a second search is performed for a dynamic forwarding entry 134 including the FID 142 assigned to the VID 138 by the switch and the MAC address 136a.
SUMMARY OF THE INVENTION
Multiple searches of a filtering database increase the time for filtering a data packet received by a switch. We present a switch including a translator and a filtering database which performs a single search. The translator provides a translated identifier for an identifier associated with a data packet received by the switch. The translated identifier includes a group identifier corresponding to a virtual LAN group (FID) and a group member number corresponding to an identified virtual LAN (VID). The filter data base stores a static entry and a dynamic entry. The static entry stores a forwarding decision for the data packet associated with the translated identifier. The dynamic entry stores a forwarding decision for the data packet associated with the group identifier included in the translated identifier and the group member number set to don't care. The translated identifier allows a filtering database to provide the forwarding decision stored in the static entry or the dynamic entry for the identifier from a single search operation. The group identifier included in the translated identifier is stored in both the static entry and the dynamic entry, hi the dynamic entry the group member number is set to don't care. Thus, a single search operation can be used to find a match for the identifier which can be stored in either the static entry or the dynamic entry in the filtering database. In certain embodiments, the group member number identifies one of several members associated with the group identifier. The filtering database may be a Content Addressable Memory. The Content Addressable Memory may be a ternary Content Addressable Memory for supporting a don't care condition. The identifier may be stored in a header included in the received data packet or a default identifier assigned to the received data packet by the switch.
BRIEF DESCRIPTION OF THE DRAWINGS The foregoing and other objects, features and advantages of the invention will be apparent from the following more particular description of preferred embodiments of the invention, as illustrated in the accompanying drawings in which like reference characters refer to the same parts throughout the different views. The drawings are not necessarily to scale, emphasis instead being placed upon illustrating the principles of the invention.
Fig. 1 A illustrates a prior art forwarding table 130 implemented in a switch supporting shared learning;
Fig. IB illustrates a prior art data packet which may be received on an ingress port in the switch; Fig. 1C illustrates a prior art Ethernet data link layer (L2) header which may be included in the data packet shown in Fig. 1 A;
Fig. 2 is a block diagram of a switch including forwarding logic for forwarding received data packets to VLANs connected to ports in the switch;
Fig. 3 is a block diagram of the forwarding logic shown in Fig. 2; Fig. 4 is a block diagram of the translator in the forwarding logic shown in Fig. 3;
Fig. 5 is a block diagram of the filtering database in the forwarding logic shown in
Fig. 3;
Fig. 6 is a flowchart illustrating a method for selecting a forward vector for a received data packet.
DETAILED DESCRIPTION OF THE INVENTION
A description of preferred embodiments of the invention follows. Fig. IB illustrates a prior art data packet 100. The data packet includes a physical layer (LI) header 102, a data link layer (L2) header 104, a network layer (L3) header 106 and a transport layer (L4) header 108. A payload for the data packet is stored in a data field 110 and the data packet 100 also includes a checksum 112.
Fig. IC illustrates a prior art Ethernet protocol header stored in the data link (L2) header 104 shown in Fig. IB. The length of the Ethernet protocol header is a fixed number of bits which is specified by the standard Ethernet protocol. The data link (L2) header 104 includes a 6-byte L2 destination address field 114, a 6-byte L2 source address field 116, a Virtual Local Area Network Identifier ("VID") field 118 and a 2-byte length/type field 120. The VID 118 includes a Tag Protocol Identifier ("TPrO") 118a and Tag Control Information ("TCI") 118b. Fig. 2 is a block diagram of a switch 200 including forwarding logic 210 for determining a forwarding decision for data packets received at ingress ports 206a-b. The number of egress ports 208a-b and ingress ports 206a-b is not limited to the two shown in Fig. 2. hi one embodiment, twenty-six egress ports 208a-b and ingress ports 206a-b are provided in the switch 200. The switch 200 includes an ingress ports engine 216, an egress ports engine
218, a packet storage manager 220 and a segment buffer memory 224. Upon receiving a data packet 100 at ingress port 206a or 206b, the forwarding logic 210 in the ingress ports filters the data packet 100 to determine if the data packet 100 is to be forwarded to an egress port 208a-b in the switch 100 or discarded; that is, dropped.
The forwarding logic 210 includes a filtering database 302. The filter data base includes a static entry 500 and a dynamic entry 502. Each static entry 500 and dynamic entry 502 includes a pointer to a forward vector 202. The pointer to a forward vector is associated with a VLD 118 (Fig. IC) and MAC DA 114 (Fig. IC) included in the data link layer (L2) header 104 (Fig. IB) of the received data packet. A static entry 500 is explicitly added to the filtering database 302 by management action. A dynamic entry 502 is learned by the switch 200.
A data packet 100 is forwarded if there is a static entry 500 or a dynamic entry 502 stored in the filtering database 302 associated with a VID 118 (Fig. IC) and MAC DA 114 (Fig. IC) included in the data packet 100. If no static entry 500 or dynamic entry 502 is provided for the data packet 100, the data packet 100 is dropped. If there is a static entry 500 or a dynamic entry 502, the dynamic entry 500 or the static entry 502 provides the location of a forward vector 202 for the data packet 100. The forward vector 202 identifies one or more egress ports 208a-b through which the data packet 100 is to be forwarded.
Two physical LAN segments 212a-b are connected to the switch 200. Physical LAN segment 212a includes devices 204a-c and 204i-j. Physical LAN segment 212b includes devices 204d-h. A device 204a-j may be a host computer, a client computer, a terminal, a workstation or any other device which can be connected to a LAN. Physical LAN segment 212a is connected to the switch 200 through ingress port 206b and egress port 208b. Physical LAN segment 212b is connected to the switch through ingress port 206a and egress port 208a.
The devices 204a-j connected to physical LAN segments 212a-b are also members of Virtual Local Area Networks ("VLANs") 214a-e. Members of a VLAN 214a-e need not be members of the same physical LAN segment 212a-b because membership of a NLAN 214a-e is based on a logical address rather than a physical address. Members of a NLAN 214a-e are assigned the same logical address or VID. The VID is definable and configurable by management action.
The NID can be stored in the NID field 118 (Fig. IC) in the data link layer (L2) header 104 of the data packet or can be assigned dependent on ingress port 206a-b by the switch 200 upon detecting a received data packet with no NID. A NID allows members of the same NLAΝ 214a-e to communicate as if they were on the same physical LAN segment 212a-b. Each device 204a-j can only communicate with a member of a Virtual LAN 214a-e if the device is also a member of the VLAN 214a-e.
VLAN 214a includes devices 204b, 204c and 204h. Virtual LAN 214b includes devices 204a, 204e and 204h. VLAN 214c includes devices 204f, 204g and 204h. VLAN 214d includes devices 204d, 204e and 204h. VLAN 214e includes devices 204i and 204j. Device 204h and device 204e are members of more than one NLAN 214a-d. Device 204h is a member of NLANs 214a-d and device 204e is a member of VLANs 214b and 214d.
A device 204a-j may be a member of more than one VLAN in order to provide a specific service or security within each VLAN. For example, device 204h may be a server computer and devices 204a-g client computers. Thus, in order for device 204h to communicate with devices 204a-g, device 204h must be a member of at least one VLAN 214a-d in which each of the devices 204a-g is also a member.
A set of VLANs 214a-e maybe associated with a filter identifier ("FID") to allow shared learning amongst the set of VLANs. hi a switch 200 supporting shared learning, each VLAN 214a-e is associated with exactly one FID 230a-b. As shown VLANs 214a-d are members of FID 230a and VLAN 214e is a member of FID 230b. hi order to provide shared learning between VLANs 214a-d, the switch assigns a FID 230a to the set of VLAN s 214a-d. Shared learning allows information learned for a MAC address on one VLAN to be shared amongst all VLANs associated with a FID 230a-b. For example, as shown in Fig. 2, device 204h is connected to physical LAN segment 212b and is a member of VLANs 214a-d and FID 230a. Thus, a data packet including a VTD for any of VLANs 214a-d and a destination address set to the MAC Destination Address ("DA") for device 204h is forwarded through egress port 208a. If device 204h is moved to physical LAN segment 212a and the new port information is learned through a data packet received from device 204h with VID set to the identifier for VLAN 214a, this information is shared with the other VLANs 214b-d in the FID 230a because the set of VLANS share a dynamic forwarding entry associated with the MAC address for device 204h. VLAN 214e associated with FID 230b supports independent learning. The VLAN 214a-e to which a data packet 100 is to be forwarded by the switch 200 is identified by the VID stored in the VID field 118 in the data link layer (L2) header 104 in the received data packet 100. Consider, for a source device 204e transmitting a data packet to destination device 204a on VLAN 214b. Before transmitting the data packet, device 204e stores the VID for VLAN 214b in the VID field 118 and the MAC address for device 204a in the destination address field 114 of the data link (L2) layer header 104. The data packet 100 is received at ingress port 206a by the ingress ports engine 216. The forwarding logic 210 in the ingress ports engine 216 selects a forward vector 202 to forward the data packet through egress port 208b. The forward vector 202 is associated with a static entry 500 or a dynamic entry 502 in a filtering database 302 in the forwarding logic 210. The forward vector 202 selected is dependent on the VID and the MAC destination address included in the data packet.
Having selected a forward vector 202 for the received data packet 100, the switch 200 stores the data packet 100 forwarded on data_in 228 in segment buffer memory 224. The location at which the data packet is stored is selected by the packet storage manager 220 through segment buffer address 226. The packet storage manager 220 is described in co-pending U.S. Patent Application Serial Number 09/386,589 filed on August 31, 1999 entitled "Method and Apparatus for an Interleaved Non-Blocking Packet Buffer" by David A. Brown which is incorporated herein by reference in its entirety. The egress ports engine 218 reads the data packet 100 stored in segment buffer memory on data-out 232 and then forwards the stored data packet to one or more egress ports 208a-b selected by the forward vector.
Fig. 3 is a block diagram of the forwarding logic 210 shown in Fig. 2. The forwarding logic 210 includes a VID to VID' translator 300, a filtering database 302 and a forward vector table 304.
The filtering database 302 includes a static entry 500 and a dynamic entry 502. A static entry 500 includes a MAC address and a VID. A static entry 500 is explicitly configured by management action. A dynamic entry 502 includes a MAC address and a FID. A dynamic entry 502 is learned by the switch 200. A static entry 500 is selected dependent on the VID associated with the data packet. The VID may be included in the received data packet 100 or assigned by the switch 200. A dynamic entry 502 is selected dependent on the FID assigned by the switch 200 to the VID associated with data packet 100.
Filtering database 302 is preferably a ternary Content Addressable Memory ("CAM") supporting a don't care state. In a CAM, a search key is supplied to the memory through a special comparand register. The CAM returns an address associated with the search key if data stored in the memory matches the search key. The returned address is a pointer to a forward vector stored in the forward vector table 304 associated with the contents of the dynamic entry 502 or the static entry 500. The entire CAM is searched for either a static entry 500 or a dynamic entry 502 matching the search key in a single clock cycle.
A ternary CAM is capable of storing and searching either a logic 0,1, or 'don't care' ("x") in a single cell. If one of the bits stored in static entry 500 or a dynamic entry 502 is set to 'x', a match occurs for a search key storing a T or '0' in the bit. For example, if an entry stores "lOOx", a search key set to "1001" or to
'1000' results in a match. The filtering database 302 is described later in conjunction with Fig. 5. The static entry 500 and the dynamic entry 502 stores a translated VID (a VID') associated with a MAC address according to the principles of the present invention. The translated VID is provided by the VID to VID' translator 300. By storing a translated VID in a dynamic entry 502 and a static entry 500 instead of a storing a VID in a static entry 500 and a FID in a dynamic entry 502, the filtering database 302 can be searched for either a static entry 500 or a dynamic entry 500 in a single search operation using a single search key; that is, a MAC address and a translated VID. A data packet 100 received at ingress port 206a or 206b (Fig. 2) may include a VID stored in the VID field 118 (Fig. IC). If a VID is stored in the received data packet 100, the VID is extracted from the data packet 100 by the ingress ports engine 216 in the switch 200 and forwarded on VID 306 to the VID to VID' translator 300. If there is no VID included in the data packet 100, a default VID is generated by the switch and forwarded on VID 306. In a port-based VLAN, the default VID may be selected dependent on the ingress port 206a-b at which the data packet 100 was received.
To search the filtering database 302 for a matching static entry 500 or a dynamic entry 502 associated with a VID and a MAC address in a single search operation, the VID 306 is translated to a VID' 310 by the VID to VID' translator 300. The VID to VID' translator 300 is described later in conjunction with Fig. 4. The VID' 310 and the Media Access Control ("MAC") Destination address ("DA") extracted by the ingress ports engine 216 from the L2 destination address 114 (Fig. IC) included in the received data packet 100 are forwarded to the filtering database 302.
If a static entry 500 or dynamic entry 502 including the VID' 310 and the MAC DA 308 is found in the filtering database, the address of the forward vector 312 is forwarded to the forward vector table 304. The address of the forward vector 312 is used to select the forward vector 202 stored in the forward vector table 304 associated with the VID stored in the VID field 118 (Fig. 1 C) and the MAC DA 114 (Fig. IC) stored in the received data packet 100.
Fig. 4 is a block diagram of the VID to VID' translator 300 shown in Fig. 3. The VID to VID' translator 300 includes translation entries 400a-e for each of the VLANs 214a-e shown in Fig. 2. VLANs 214a-d are members of the same FID 230a. Four translation entries 400a-d translate VLDs for VLANs 214a-d (Fig. 2) to the same FID 230a. Translation entry 400e translates the VID assigned to VLAN 214e to another FID 230b.
Each VLAN 214a-e has a unique VID which may be assigned to the VLAN 214a-e by management action. The VID assigned to each VLAN 214a-e is stored in the VID field 402a-e of the respective translation entry 400a-e. Each translation entry 400a-e also includes a respective VID' field 404a-e. The VID' field 404a-e includes a group identifier field 406a-e and a group member number field 408a-e. The FID 230a assigned to the VLAN or group of VLANs is stored in the group field 406a-d of each VID' field 404a-d. A group member number is stored in the respective group member number field 408a-e. The group member number is unique to each member of a FID 230a-b.
The translation entries 400a-e are initialized during initialization of the switch 200 dependent on the switch configuration. For example, the translation entries 400a-e may be initialized by a switch management utility to map VLANs 214a-d to the same FID 230a in order to support shared learning. The translation entries 400a-e may be modified by management action during operation of the switch. hi a shared learning switch, each VLAN in the switch 200 maps to only one FED 230a-b. A FID 230a-b may include one or more VLANs 214 a-e. Fig 4 illustrates translation entries 400a-e for VLANs 214a-e shown in Fig. 2. As shown, VLANs 214a-d are members of the same FED 230a. VLAN 214e is the only member of another FID 230b. The FED 230b assigned to VLAN 214e is '0010 1111 11'. The FID 230a assigned to VLANs 214a-d is "llll 0011 11". The assigned FID 230a, 230b is stored in the group identifier field 406a-e of each VID' field 404a-e in the respective translation entry 400a-e for the VLAN 214a-e.
The unique VID assigned to each VLAN 214a-e is stored in the VID field 402a-e in the respective translation entry. The VID field 402a in the translation entry 400a for VLAN 214a stores ' 1011 1111 0011'. The VID field 402b in the translation entry 400b for VLAN 214b stores ' 1010 0010 0011'. The VXD field 402c in the translation entry 400c for VLAN 214c stores '0000 1001 1101'. The VID field 402d in the translation entry 400d for VLAN 214d stores '0101 1011 1111'. The VID field 402e in the translation entry 400e for VLAN 214e stores '0101 1000 1010'.
Each VLAN 214a-e in a group of VLANs is assigned a unique group member number. The group member number assigned to VLAN 214a is '00' and is stored in group member number field 408a. The group member number assigned to VLAN 214b is '01' and is stored in group member number field 408b. The group member number assigned to VLAN 214c is ' 10' and is stored in group member number field 408c. The group member number assigned to VLAN 214d is ' 11 'and is stored in group member number field 408d. The group member number assigned to VLAN 214e is '00' and is stored in group member number field 408e.
Thus, each VID' field 404a-e includes a group identifier field 406a-e and a group member number field 408a-e for each VLAN 214a-e in a FID 230a, 230b. hi the example shown above there are two bits assigned to the group member number, allowing a maximum of four VLDs per FID 230a-b. However, the number of VLANs in a group identified by a FID is not limited to four as in the above example. The number of bits in the group member number field 408a-d is log2 (maximum number of VLANs per FED). For example, in order to support a maximum of eight VLANs per FID, the group member number requires 3 bits (log2 (8)). Fig. 5 is a block diagram of the filtering database 302 in the forwarding logic
210 shown in Fig. 3. The filtering database 302 includes a static entry 500 and a dynamic entry 502. A static entry 500 is administered and remains constant while the switch 200 is operating. For example, device 204i (Fig. 2) can be configured as a static entry for VLAN 214e (Fig. 2). A dynamic entry 502 is learned and may be overwritten with a new value while the switch 200 is operating. For example, a dynamic entry 502 for device 204a maybe overwritten if device 204a is physically moved to another port in the switch 200 requiring updating of the forward vector 202 for device 204a.
Both a static entry 500 and a dynamic entry 502 include a respective filtering database MAC DA field 504a-b and a respective filtering database VID' field 506a- b. Each filtering database VID' field 506a-b includes a filtering database group field 508a-b and a filtering database group member number field 510a-b.
The database group member number field 510a of a static entry 500 stores the same group member number as is stored in the group member number field 408a-e in the VID' field 404a-e in the VID to VID' translator 300 (Fig. 4). The contents of the VID' field 404a-e are forwarded as a VID' 310 to the filtering database 302. Thus, in order to find a matching static entry 500 in the filtering database 302 for a VID' 310, both the group identifier 406a-e and the group member number 408a-e in the VID' 310; that is, the search key must be an exact match. One dynamic filtering database entry 502 is stored per MAC DA associated with a FED 230a-b. The dynamic filtering database entry 502 is shared amongst the set of VLANs in the FID 230a-b. Thus, the bits in the filtering database group member number field 510b in a dynamic entry 502 are set to 'xx'; that is, don't cares because the group identifier field 508a is the same for all members of the FID 230a- b and there is only one dynamic filtering database entry 502 which is shared by each VLAN 214a-e in the FED 230a-b .
To find a matching dynamic entry for a VID' 310 and a MAC DA 308 only the group identifier 406a-e forwarded to the filtering database 302 in the VID' 310 must match the filtering database group identifier 508b stored in the dynamic filtering database entry 502 associated with the MAC DA 308. Thus, dynamic filtering database entries 502 and static filtering database entries 500 associated with a MAC DA can be searched with the same VED' 310. A static filtering database entry match is found if both the group field 406a-e and the group member number field 408a-e in the VID' 310 match the respective fields in the static entry 500; that is, there is a static entry associated with the VID 402a-e for the data packet 100. A dynamic filtering database entry match is found if only the group identifier field 406a-e in the VID' 310 matches the respective group identifier field 506b in the dynamic entry 502 because the group member number 510b is set to 'xx' and thus all members of the FID 230a match.
For example, a match for VID = '1011 llll 0011' which is translated to 'l l ll 0011 1100' in the VID to VID' translator may be stored in a static entry 500 or a dynamic entry 502. The FID assigned to the VID is ' 1111 0011 11'. A matching static entry 500 is found for the VID if the filtering database group identifier 508a is set to '1111 0011 11' and the filtering database group member number is set to '00' in the static entry 500. A matching dynamic entry 502 is found for the FID if the filtering database group identifier is set to " 1111 0011 11" and the group member number is set to 'xx'; that is, don't cares in the dynamic entry 502. Thus, in a single search for '111 0011 1100', a matching dynamic entry 502 or static entry 500 can be found.
After a matching static entry 500 or dynamic entry 502 is found, the address of the forward vector associated with the matching database entry is forwarded on address of forward vector 312 to the forward vector table 304. The forward vector table 304 stores forward vector entries and forwards a forward vector 202 stored at the address of the forward vector 312 to the packet storage manager 220 as shown in Fig. 2. A forward vector 202 is typically a set of bits, with one bit per port in the switch 200. The state of the corresponding port bit in the forward vector 202 determines whether the received data packet 100 is to be forwarded to the egress port 208a-b. For the switch configuration shown in Fig. 2, the forward vector 202 includes two bits, a bit for egress port 208a and a bit for egress port 208b. The respective port bit is set to "enable forwarding" to enable the received data packet
100 to be forwarded through the respective port.
Fig. 6 is a flow chart illustrating a method for selecting a forward vector 202 for a received data packet 100. The method is described in conjunction with Figs. 3- 5.
At step 600, the ingress ports engine 216 examines the received data packet
100 to determine if the data packet 100 includes a VID stored in the VID field 118
(Fig. IC). If there is a VID stored in the VID field 118 (Fig. IC), processing continues with step 602. If not, processing continues with step 604. At step 602, the ingress ports engine 216 extracts the VID stored in the VID field 118 (Fig. IC) of the received data packet 100. Processing continues with step
606.
At step 604, the ingress ports engine 216 generates a default VID for the received data packet 100. The default VID may be generated dependent on the ingress port 206a-b (Fig. 2) at which the data packet 100 was received. Processing continues with step 606.
At step 606, the VID to VID' translator 300 searches for a translation entry for the VED 306. Ifthe VDD 306 is known, processing continues with step 608. If not, processing continues with step 614. At step 608, the VID' 310 corresponding to the VID 306 stored in a translation entry 400a-e (Fig. 4) is forwarded to the filtering database 302.
Processing continues with step 610.
At step 610, the filtering database 302 is searched once with a search key.
The search key is the MAC DA 308 and the VED' 310. Both static entries 500 and dynamic entries 502 are searched in the single search. A static entry match requires an exact match of the contents of the filtering database group field 508a and the filtering database group member number field 510a of the VED' 310 with the search key. A dynamic filtering database entry 502 match only requires an exact match of the filtering database group field 508b of the VID' 310 with the search key. It is possible to have both a static entry 500 and a dynamic entry 502 for a search key because a static entry 500 is entered by management action and a dynamic entry 502 is learned by the switch. The priority of the entries can be specified when the filtering database 302 is created. If the static entry has higher priority than the dynamic entry 500 and both a static entry 500 and a dynamic filtering database entry 502 are found, the static entry 500 is selected. After a match is found, processing continues with step 612.
At step 612, the address of the matching filtering database entry stored in a static entry 500 or a dynamic entry 502 is forwarded on the address of the forward vector 312 to the forward vector table 304 (Fig. 5). The forward vector 202 is stored at the address of the forward vector 312 in the forward vector table 304 (Fig. 5). The forward vector 202 is the forward vector corresponding to the VID and the MAC DA associated with the received data packet 100. The received data packet 100 is forwarded to the ports selected by the forward vector 202 in the switch 200. Processing is complete. At step 614, the VID 306 stored in the received data packet 100 is unknown, the data packet is dropped by the switch 200. Processing continues with step 616.
At step 616, after the data packet is dropped, if learning mode is enabled, the switch 100 sends a data packet to every MAC DA in the VLAN in order to learn the forward vector for the MAC DA. After learning the forward vector, the switch 100 creates a dynamic entry 502 in the filtering database 302. Processing is complete. Each member of a FED is translated such that each member has the same group identifier and a unique group member number. The group member number is stored as 'xx' in a dynamic entry in a filtering database. A single search operation can be used to find a match for a search key stored in either a static entry or a dynamic entry. A single search results in a match for any of the members of a group identified by a group identifier by storing x's for the group member number in the dynamic entry. Thus, the number of searches required to find either a static entry or a dynamic entry in a filtering database in order to make a forwarding decision for a received data packet are reduced.
While this invention has been particularly shown and described with references to preferred embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the scope of the invention encompassed by the appended claims.

Claims

CLADMSWhat is claimed is:
1. A switch comprising: a translator which provides a translated identifier for an identifier associated with a received data packet, the translated identifier including a group identifier corresponding to a virtual LAN group and a group member number corresponding to an identified virtual LAN; and a filtering database storing a static entry and a dynamic entry which provides a forwarding decision, for the received data packet, from a single search of the filtering database for a match for the forwarding decision associated with the translated identifier stored in the dynamic entry or the static entry, the dynamic entry storing the forwarding decision associated with the group identifier included in the translated identifier and the group member number set to a don't care, the static entry storing the forwarding decision associated with the translated identifier.
2. A switch as claimed in Claim 1 wherein the group member number identifies one of a plurality members associated with the group identifier.
3. A switch as claimed in Claim 1 wherein the filtering database is a Content Addressable Memory.
4. A switch as claimed in Claim 3 wherein the Content Addressable Memory is a ternary Content Addressable Memory.
5. A switch as claimed in Claim 1 wherein the identifier is stored in a header included in the received data packet.
6. A switch as claimed in Claim 1 wherein the identifier is a default identifier assigned by the switch to the received data packet.
7. A method for selecting a forward vector for a received data packet comprising the steps of: translating an identifier associated with the received data packet to a translated identifier, the translated identifier including a group identifier corresponding to a virtual LAN group and a group member number corresponding to an identified virtual LAN; storing in a filtering database a static entry and a dynamic entry, the forwarding decision associated with the translated identifier stored in the static entry associated with the translated identifier or the dynamic entry associated with the group identifier and the group member number set to don't care; and providing, from a single search operation for the translated identifier in the filtering database the forwarding decision for the received data packet stored in the static entry or the dynamic entry in the filtering database.
8. A method as claimed in Claim 7 wherein the group member number identifies one of a plurality of members associated with the group identifier.
9. A method as claimed in Claim 7 wherein the filtering database is a Content Addressable Memory.
10. A method as claimed in Claim 9 wherein the Content Addressable Memory is a ternary Content Addressable Memory.
11. A method as claimed in Claim 7 wherein the identifier is stored in a header included in the received data packet.
12. A method as claimed in Claim 9 wherein the identifier is a default identifier assigned by the switch for the received data packet.
13. A method for selecting a forward vector for a received data packet comprising the steps of: means for translating an identifier associated with the received data packet, the translated identifier including a group identifier corresponding to a virtual LAN and a group member number corresponding to an identified virtual LAN; means for storing a static entry and a dynamic entry, the forwarding decision associated with the translated identifier stored in the static entry associated with the translated identifier or in the dynamic entry associated with the group identifier and the group member number set to don't care; and means for providing, from a single search operation for the translated identifier in the filtering database the forwarding decision for the received data packet stored in the static entry or the dynamic entry in the filtering database.
14. A method as claimed in Claim 13 wherein the group member number identifies one of a plurality of members associated with the group identifier.
15. A method as claimed in Claim 13 wherein the filtering database is a Content Addressable Memory.
16. A method as claimed in Claim 15 wherein the Content Addressable Memory is a ternary Content Addressable Memory.
17. A method as claimed in Claim 13 wherein the identifier is stored in a header included in the received data packet.
8. A method as claimed in Claim 13 wherein the identifier is a default identifier assigned by the switch for the received data packet.
PCT/CA2001/001226 2000-08-31 2001-08-30 Method and apparatus for searching a filtering database with one search operation WO2002019638A2 (en)

Priority Applications (5)

Application Number Priority Date Filing Date Title
GB0304263A GB2382495B (en) 2000-08-31 2001-08-30 Method and apparatus for searching a filtering database with one search operation
DE10196582T DE10196582B3 (en) 2000-08-31 2001-08-30 Method and apparatus for searching a filter database with a search
KR1020037003068A KR100863105B1 (en) 2000-08-31 2001-08-30 A switch including a filtering database with one search operation, a apparatus for selecting a forward vector through the one search operation and a method thereof
CA2420878A CA2420878C (en) 2000-08-31 2001-08-30 Method and apparatus for searching a filtering database with one search operation
AU2001287434A AU2001287434A1 (en) 2000-08-31 2001-08-30 Method and apparatus for searching a filtering database with one search operation

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US09/652,196 2000-08-31
US09/652,196 US6633567B1 (en) 2000-08-31 2000-08-31 Method and apparatus for searching a filtering database with one search operation

Publications (2)

Publication Number Publication Date
WO2002019638A2 true WO2002019638A2 (en) 2002-03-07
WO2002019638A3 WO2002019638A3 (en) 2002-08-01

Family

ID=24615882

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CA2001/001226 WO2002019638A2 (en) 2000-08-31 2001-08-30 Method and apparatus for searching a filtering database with one search operation

Country Status (8)

Country Link
US (2) US6633567B1 (en)
KR (1) KR100863105B1 (en)
CN (1) CN1229948C (en)
AU (1) AU2001287434A1 (en)
CA (1) CA2420878C (en)
DE (1) DE10196582B3 (en)
GB (1) GB2382495B (en)
WO (1) WO2002019638A2 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20020081569A (en) * 2002-09-04 2002-10-28 (주)시큐어베이스 The Management Method of tables that have entries of same size on CAM in Network device
WO2004023732A1 (en) * 2002-09-06 2004-03-18 Infineon Technologies Ag Method and apparatus for storing a port identifier in a lan switch
WO2006106588A1 (en) * 2005-03-31 2006-10-12 Fujitsu Limited Frame transfer device
US10419267B2 (en) 2014-01-22 2019-09-17 Lenovo Enterprise Solutions (Singapore) Pte. Ltd. Network control software notification with advance learning
US10838942B2 (en) 2014-01-22 2020-11-17 International Business Machines Corporation Network control software notification and invalidation of static entries

Families Citing this family (42)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6667967B1 (en) 1999-05-14 2003-12-23 Omninet Capital, Llc High-speed network of independently linked nodes
US6931003B2 (en) * 2000-02-09 2005-08-16 Bookline Flolmstead Llc Packet prioritization protocol for a large-scale, high speed computer network
US6633567B1 (en) * 2000-08-31 2003-10-14 Mosaid Technologies, Inc. Method and apparatus for searching a filtering database with one search operation
US6947419B2 (en) * 2001-06-12 2005-09-20 Acute Technology Corp. Apparatus for multicast forwarding in a virtual local area network environment
US6834056B2 (en) * 2001-06-26 2004-12-21 Occam Networks Virtual local area network protection switching
US6732228B1 (en) * 2001-07-19 2004-05-04 Network Elements, Inc. Multi-protocol data classification using on-chip CAM
US7609689B1 (en) * 2001-09-27 2009-10-27 Cisco Technology, Inc. System and method for mapping an index into an IPv6 address
US8045565B1 (en) 2001-11-20 2011-10-25 Brookline Flolmstead Llc Method and apparatus for an environmentally hardened ethernet network system
US8713185B2 (en) * 2001-12-07 2014-04-29 Rockstar Bidco, LP Methods of establishing virtual circuits and of providing a virtual private network service through a shared network, and provider edge device for such network
US7313135B2 (en) * 2002-01-31 2007-12-25 Mosaid Technologies, Inc. Trunking in a matrix
US20030152075A1 (en) * 2002-02-14 2003-08-14 Hawthorne Austin J. Virtual local area network identifier translation in a packet-based network
US6871265B1 (en) * 2002-02-20 2005-03-22 Cisco Technology, Inc. Method and apparatus for maintaining netflow statistics using an associative memory to identify and maintain netflows
US20040006640A1 (en) * 2002-07-03 2004-01-08 Inderieden Daniel W. Notification to routing protocols of changes to routing information base
JP4101631B2 (en) * 2002-12-13 2008-06-18 富士通株式会社 Switching device
US7512078B2 (en) * 2003-10-15 2009-03-31 Texas Instruments Incorporated Flexible ethernet bridge
US7149214B2 (en) * 2003-11-04 2006-12-12 Cisco Technology, Inc. Dynamic unknown L2 flooding control with MAC limits
US7558273B1 (en) * 2003-12-23 2009-07-07 Extreme Networks, Inc. Methods and systems for associating and translating virtual local area network (VLAN) tags
WO2005086429A1 (en) * 2004-02-27 2005-09-15 Viadux, Inc. System and method for dynamic vlan multiplexing
US7460539B2 (en) * 2004-04-01 2008-12-02 Broadcom Corporation Individually programmable most significant bits of VLAN ID
US7554990B2 (en) * 2004-05-13 2009-06-30 Micrel, Inc. Static address reservation protocol in a data network
US7733855B1 (en) * 2004-06-08 2010-06-08 Oracle America, Inc. Community separation enforcement
US7639616B1 (en) 2004-06-08 2009-12-29 Sun Microsystems, Inc. Adaptive cut-through algorithm
US7602712B2 (en) * 2004-06-08 2009-10-13 Sun Microsystems, Inc. Switch method and apparatus with cut-through routing for use in a communications network
US7860096B2 (en) * 2004-06-08 2010-12-28 Oracle America, Inc. Switching method and apparatus for use in a communications network
US8964547B1 (en) 2004-06-08 2015-02-24 Oracle America, Inc. Credit announcement
US9043792B1 (en) * 2004-11-17 2015-05-26 Vmware, Inc. Virtual local area network (vlan) coordinator providing access to vlans
US10768958B2 (en) 2004-11-17 2020-09-08 Vmware, Inc. Using virtual local area networks in a virtual computer system
US7673068B2 (en) * 2005-04-18 2010-03-02 Alcatel Lucent Method and system for implementing a high availability VLAN
JP2006311066A (en) * 2005-04-27 2006-11-09 Toshiba Corp Electronic equipment
US7796590B1 (en) * 2006-02-01 2010-09-14 Marvell Israel (M.I.S.L.) Ltd. Secure automatic learning in ethernet bridges
US8792497B2 (en) * 2006-06-05 2014-07-29 Tellabs Operations, Inc. Method and apparatus for performing link aggregation
JP4259581B2 (en) * 2007-02-07 2009-04-30 日立電線株式会社 Switching hub and LAN system
US8681641B1 (en) * 2007-06-25 2014-03-25 Cisco Technology, Inc. Loop mitigation mechanism for ethernet networks
CN102771060B (en) 2009-11-24 2016-05-18 韩国电子通信研究院 Recover to transmit the method for failed frame for the wireless communication system based on multi-user's multiple-input and multiple-output
EP2506450A4 (en) * 2009-11-24 2012-11-07 Korea Electronics Telecomm Methods for transmitting a frame in a multi-user based wireless communication system
KR101948082B1 (en) 2009-11-24 2019-04-25 한국전자통신연구원 Data Protection in Multi-User MIMO based Wireless Communication System
WO2012131697A1 (en) * 2011-03-31 2012-10-04 Tejas Networks Limited Optimizing forward database for a bursty network traffic
US9590922B2 (en) * 2011-05-12 2017-03-07 Microsoft Technology Licensing, Llc Programmable and high performance switch for data center networks
US8891533B2 (en) * 2012-06-07 2014-11-18 Extreme Networks, Inc. Methods systems and apparatuses for dynamically tagging VLANs
US20150207664A1 (en) * 2014-01-22 2015-07-23 International Business Machines Corporation Network control software notification with denial of service protection
CN106230684B (en) * 2016-08-05 2019-06-14 锐捷网络股份有限公司 Message forwarding method, interchanger and system
US11757777B2 (en) * 2021-09-23 2023-09-12 Hewlett Packard Enterprise Development Lp Assigning security group tag for infrastructure traffic and preserving security group tag in snooped packets in dynamic segmentation

Family Cites Families (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5677910A (en) * 1992-08-07 1997-10-14 Plaintree Systems Inc. High performance two-port transport LAN bridge
ES2211725T3 (en) 1995-04-28 2004-07-16 Matsushita Electric Industrial Co., Ltd. DATA TRANSMISSION METHOD
JPH10512129A (en) * 1995-10-24 1998-11-17 フィリップス エレクトロニクス ネムローゼ フェンノートシャップ System for transferring data in reassignable groups, transmitters and receivers for use in such systems, methods for transferring, transmitting and receiving such data and signals comprising such data
KR0168927B1 (en) * 1995-12-23 1999-02-01 양승택 Atm vpi controlling apparatus
US6035105A (en) * 1996-01-02 2000-03-07 Cisco Technology, Inc. Multiple VLAN architecture system
KR980010816A (en) * 1996-07-31 1998-04-30 가네꼬 히사시 A local area network analyzer with a modified database
US5852607A (en) * 1997-02-26 1998-12-22 Cisco Technology, Inc. Addressing mechanism for multiple look-up tables
US5920886A (en) * 1997-03-14 1999-07-06 Music Semiconductor Corporation Accelerated hierarchical address filtering and translation using binary and ternary CAMs
US6308218B1 (en) * 1997-09-17 2001-10-23 Sony Corporation Address look-up mechanism in a multi-port bridge for a local area network
US6181699B1 (en) * 1998-07-01 2001-01-30 National Semiconductor Corporation Apparatus and method of assigning VLAN tags
KR100333250B1 (en) * 1998-10-05 2002-05-17 가나이 쓰토무 Packet forwarding apparatus with a flow detection table
US6237061B1 (en) * 1999-01-05 2001-05-22 Netlogic Microsystems, Inc. Method for longest prefix matching in a content addressable memory
US6798775B1 (en) * 1999-06-10 2004-09-28 Cisco Technology, Inc. Virtual LANs over a DLSw network
US6446131B1 (en) * 1999-06-19 2002-09-03 Hewlett-Packard Company Bridges and other layer-two devices for forwarding MAC frames
US6775281B1 (en) * 1999-09-30 2004-08-10 Mosaid Technologies, Inc. Method and apparatus for a four-way hash table
US6765866B1 (en) * 2000-02-29 2004-07-20 Mosaid Technologies, Inc. Link aggregation
US6252872B1 (en) * 2000-05-24 2001-06-26 Advanced Micro Devices, Inc. Data packet filter using contents addressable memory (CAM) and method
US6633567B1 (en) * 2000-08-31 2003-10-14 Mosaid Technologies, Inc. Method and apparatus for searching a filtering database with one search operation

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"IEEE standards for local and metropolitan area networks: virtual bridged local area networks" IEEE STD 802.1Q-1998, [Online] 8 October 1999 (1999-10-08), pages 40-52, XP002194951 ISBN: 0-7381-1538-X Retrieved from the Internet: <URL:http://standards.ieee.org/reading/iee e/std/lanman/802.1Q-1998.pdf> [retrieved on 2002-04-03] cited in the application *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20020081569A (en) * 2002-09-04 2002-10-28 (주)시큐어베이스 The Management Method of tables that have entries of same size on CAM in Network device
WO2004023732A1 (en) * 2002-09-06 2004-03-18 Infineon Technologies Ag Method and apparatus for storing a port identifier in a lan switch
WO2006106588A1 (en) * 2005-03-31 2006-10-12 Fujitsu Limited Frame transfer device
US7724736B2 (en) 2005-03-31 2010-05-25 Fujitsu Limited Frame forwarding apparatus
US10419267B2 (en) 2014-01-22 2019-09-17 Lenovo Enterprise Solutions (Singapore) Pte. Ltd. Network control software notification with advance learning
US10838942B2 (en) 2014-01-22 2020-11-17 International Business Machines Corporation Network control software notification and invalidation of static entries
US10877951B2 (en) 2014-01-22 2020-12-29 International Business Machines Corporation Network control software notification and invalidation of static entries

Also Published As

Publication number Publication date
US20040054655A1 (en) 2004-03-18
GB0304263D0 (en) 2003-03-26
KR20030096216A (en) 2003-12-24
WO2002019638A3 (en) 2002-08-01
GB2382495A (en) 2003-05-28
CA2420878A1 (en) 2002-03-07
GB2382495B (en) 2004-07-07
US6633567B1 (en) 2003-10-14
AU2001287434A1 (en) 2002-03-13
DE10196582B3 (en) 2013-04-04
CN1229948C (en) 2005-11-30
US7302432B2 (en) 2007-11-27
CN1468482A (en) 2004-01-14
DE10196582T1 (en) 2003-07-10
CA2420878C (en) 2010-06-22
KR100863105B1 (en) 2008-10-13

Similar Documents

Publication Publication Date Title
CA2420878C (en) Method and apparatus for searching a filtering database with one search operation
US6147993A (en) Method and apparatus for implementing forwarding decision shortcuts at a network switch
US8089963B2 (en) Packet forwarding apparatus and method
US5978378A (en) Method and apparatus for VLAN support
EP0537408B1 (en) Routing in a network of bridge-connected LAN segments
US6990102B1 (en) Parallel lookup tables for locating information in a packet switched network
US7515592B2 (en) Fast-path implementation for transparent LAN services using double tagging
US6181702B1 (en) Method and apparatus for capturing source and destination traffic
US5530703A (en) Remote communication server with automatic filtering
US20050232269A1 (en) System, apparatus and method for address forwarding for a computer network
CN1312631A (en) Privileged reprojection of data communication exchanger
CA2189394A1 (en) Virtual network management method
EP1221789A2 (en) Method and apparatus for enabling L3 switching by a network switch in a stacking environment
US7099325B1 (en) Alternately accessed parallel lookup tables for locating information in a packet switched network
WO1999013617A1 (en) Lan emulation subsystems for supporting multiple virtual lans
US7031325B1 (en) Method and apparatus for enabling a network device to operate in accordance with multiple protocols
US6807176B1 (en) Arrangement for switching data packets in a network switch based on subnet identifier
US7394810B2 (en) Layer 2 switch and method of processing expansion VLAN tag of layer 2 frame
EP1232612B1 (en) Table lookup mechanism for address resolution in a packet network switch
US7295562B1 (en) Systems and methods for expediting the identification of priority information for received packets
WO2004023732A1 (en) Method and apparatus for storing a port identifier in a lan switch
US9240898B1 (en) Integrating VLAN-unaware devices into VLAN-enabled networks
US7151774B1 (en) Method and apparatus for trunking links having different transmission rates
JPH09307579A (en) Multi-port repeater and network equipment
US7468977B1 (en) LAN/ATM switch having local packet switching and an ATM core fabric

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

ENP Entry into the national phase

Ref document number: 0304263

Country of ref document: GB

Kind code of ref document: A

Free format text: PCT FILING DATE = 20010830

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
AK Designated states

Kind code of ref document: A3

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

WWE Wipo information: entry into national phase

Ref document number: 1020037003068

Country of ref document: KR

Ref document number: 2420878

Country of ref document: CA

WWE Wipo information: entry into national phase

Ref document number: 018171354

Country of ref document: CN

RET De translation (de og part 6b)

Ref document number: 10196582

Country of ref document: DE

Date of ref document: 20030710

Kind code of ref document: P

WWE Wipo information: entry into national phase

Ref document number: 10196582

Country of ref document: DE

122 Ep: pct application non-entry in european phase
WWP Wipo information: published in national office

Ref document number: 1020037003068

Country of ref document: KR

NENP Non-entry into the national phase

Ref country code: JP