WO2005003882A2

WO2005003882A2 - Dynamic mac addressing

Info

Publication number: WO2005003882A2
Application number: PCT/IL2004/000587
Authority: WO
Inventors: Yair Lahav; Yoram Gadassi; Shaul Ben-Haim
Original assignee: Yair Lahav; Yoram Gadassi; Shaul Ben-Haim
Priority date: 2003-07-01
Filing date: 2004-07-01
Publication date: 2005-01-13
Also published as: IL156727A0; WO2005003882A3

Abstract

A method (Fig. 2) of handling packets in a network. The Method includes receiving a packet (200) including an IEEE MAC address field, which carries a MAC address of a network element, examining at least one sub-portion (204, 206) of the IEEE MAC address field, which sub-portion represents a set of elements to which the network element belongs within the network (204, 206), but does not allow unique identification of the network element in the network and handling the packet responsive to the at least one examined sub-portion.

Description

DYNAMIC MAC ADDRESSING FIELD OF THE INVENTION The present invention relates to communication systems and in particular to addressing schemes for communication networks. BACKGROUND OF THE INVENTION Packet communication networks generally operate according to a multi-layer protocol scheme. Generally, a data link layer, referred to also as a medium access control (MAC) layer or layer 2, manages the delivery of packets between neighboring entities (e.g., terminals, routers, switches). A network layer, known as layer 3, manages the delivery of packets between end units through a network, such as the Internet. The prevailing network layer protocol is the Internet protocol (IP). In recent years, the use of the MAC layer was expanded to communication between non-neighboring entities belonging to the same local area network (LAN). There exist various contradictory data-link layer protocols. Some data-link layer protocols are used solely for point to point links and do not use any addressing scheme. Other data-link layer protocols are used in cornmunicating among multiple network entities and therefore define address fields. Although various addressing schemes were suggested and implemented, at the moment the IEEE MAC addressing method, described in the 802-2001 standard, is most prevalent. In the IEEE MAC addressing method, each network entity is assigned a 48-bit address. The IEEE MAC address is assigned to the network entity at the time of manufacture. Packets that use the IEEE MAC address scheme generally include a 14-byte header, which includes 6 bytes (i.e., 48 bits) for the source address and 6 bytes for the destination address. In some cases it is desired to add additional fields in the MAC layer header. Such additional fields (e.g., VLAN fields) are added after the 14 byte MAC header, such that switches that do not support these additional fields will ignore them as if they belong to higher protocol layers. In other cases, proprietary fields (e.g., internal address fields) are added before the 14 bytes of the IEEE MAC address header. Packets to which such proprietary fields are added, cannot be handled by standard switches. In addition, such proprietary fields increase the sizes of the transmitted packets. The second bit of the IEEE MAC address is used to signify whether the address is local or global and a first bit is used to signify multicast (or broadcast) packets. Therefore, in assigning the MAC addresses to entities, the first two bits are always '0'. The next 22 bits of the MAC address are organizationally unique identifier (OUI) bits which the manufacturer purchases from a central address-assigning authority. For each network entity, the manufacturer chooses a unique set of 24 bits for the higher order bits of the address. Thus, each entity is assigned a unique address that no other network entity has. As the addresses are assigned at the time of manufacture, there is generally no relation between the addresses of network entities and their position in a network. This is in contrast to IP network addresses which can be assigned at least partially with relation to the location of the entity assigned the address. Some layer 2 switches broadcast received packets having an address that the switch does not recognize throughout the network, in order to make sure they are received by their destination entity. In other cases, layer 2 switches send packets only in the direction of the recipient and manage large switching tables that require complex hardware and/or software for implementation. U.S. patent publication 2002/0156612 to Schulter et al., the disclosure of which is incorporated herein by reference, describes a virtual network system in which a plurality of parallel processing nodes operate together. The processing nodes are assigned virtual IEEE MAC addresses which include a local bit indication, an ID of a control switch assigning the MAC address and a specific entity field. When a processing node boots, it receives its virtual MAC address from a control switch of the network. U.S. patent 5,835,725 to Chiang et al., the disclosure of which is incorporated herein by reference, describes an intermediate station that assigns MAC addresses to end stations. U.S. patent publication 2003/0018804 to Laxman et al., the disclosure of which is incorporated herein by reference, describes slots that change the IEEE MAC addresses of cards inserted into the slots. Thus, when cards are changed, the MAC addresses do not change. When a card fails, the MAC address of the slot in which the failing card is located can be determined and the location of the slot is then known. Japanese patent publication 11-027310, titled High speed LAN Switching Control Method and its System, the disclosure of which is incorporated herein by reference, describes a system in which instead of using the original MAC addresses of units, a fake ARP procedure is used to assign local MAC addresses that utilize only some of the bits of the MAC addresses. This allows use of smaller forwarding tables than if all 48 bits of the MAC addresses are used in each entry of the table. This method, however, does not reduce the number of entries in the table and does not simplify the forwarding of packets in large networks. PCT patent publication WO02/35795, titled "Transparent Proxy Server", the disclosure of which is incorporated herein by reference, describes a transparent proxy server that changes MAC addresses of packets it receives without performing IP switching. U.S. patent publication 2004/0002877 to Angelo et al., the disclosure of which is incorporated herein by reference, describes the use of MAC addresses of equipment, for determining the warranty extent of the equipment. PCT publication WO03/101122, the disclosure of which is incorporated herein by reference, describes a hierarchical MAC addressing scheme which reduces the size of Content

Addressable Memory (CAM) tables used for switching decisions. PCT publication WO03/101122 relates to a proprietary MAC addressing scheme and does not relate to IEEE

MAC addresses. SUMMARY OF THE INVENTION An aspect of some embodiments of the present invention relates to assigning units of a network with IEEE MAC addresses having a plurality of sub-portions that carry data relating to the units. The data in the sub-portions is used by one or more bridging devices (e.g., switches) in handling packets within the network. Using the IEEE MAC address of the unit to signal the way packets of the unit are to be handled allows including the handling information in the transmitted packets without enlarging the layer 2 header of packets and/or without diverging from standard packet formats. In addition, the use of different sub-portions allows using smaller routing tables in the switches handling the packets. Bridging devices of the network optionally use sub-portions of the IEEE MAC addresses of the packets they receive in deteπnining in which directions the packets are to be forwarded. Alternatively or additionally, the bridging devices use the sub-portions of the IEEE MAC addresses in determining the precedence of packets and/or the security rating of packets. In some embodiments of the invention, bridging devices verify the legality of IEEE MAC addresses and/or determine whether a IEEE MAC address is internal or external to the network, by examining the OUI field and/or any other field of the IEEE MAC addresses. In some embodiments of the invention, the IEEE MAC addresses of the present invention are configured into the network units. Optionally, when units have original IEEE MAC addresses not in accordance with schemes of the present invention, the units are configured to perform IEEE MAC address replacements in their protocol stack. In other embodiments of the invention, the network units operate with their original IEEE MAC addresses and replacement to the IEEE MAC addresses of the present invention is performed by a bridging device servicing the network unit. Thus, there is no need to make changes in the network units. In some embodiments of the invention, the data of at least two sub-portions is used by a single bridging device. Alternatively or additionally, a plurality of different bridging devices use different sub-portions of the IEEE MAC addresses of a packet in determining the handling of the packet. In some embodiments of the invention, a plurality of the sub-portions of the IEEE MAC addresses relate to the locations of units in the network. For example, a first sub-portion may relate to the LAN to which the unit is connected while a second sub-portion provides an ID of the unit within the LAN. Alternatively or additionally, one or more of the sub-portions relates to a multicast group to which the unit belongs, to a quality of service (QoS) rating of the unit or of the packet, to a security rating of the unit and/or to a virtual network to which the unit belongs. Optionally, each of the plurality of sub-portions can receive more than two values, i.e., is represented by more than one bit. In some embodiments of the invention, the sub-portions are assigned sub-groups (consecutive or non-consecutive) of bits of the IEEE MAC addresses. Alternatively or additionally, the value of one or more bit fields of the IEEE MAC addresses identifies the value of a plurality of sub-portions, using a mathematical division operation (not division by a power of two). In some embodiments of the invention, the IEEE MAC addresses include a unique OUI field which was purchased from a regulation authority, such that no other entity may have the same address. Optionally, the purchased OUI value is used for the IEEE MAC addresses of all the units of a network. Alternatively or additionally, the IEEE MAC addresses according to the present invention are used only within a local network. Further alternatively or additionally, the IEEE MAC addresses of the present invention have their local bit set. An aspect of some embodiments of the invention relates to configuring elements of a local area network, such that all the units of the network have the same value in at least one multi-bit sub-field of their IEEE MAC address. Optionally, the sub-field has at least 8 bits or even 16 bits. In some embodiments of the invention, the sub-field having a same value for all the units of the network includes the 22 bits of the OUI field, or a number close to 22 bits, e.g., between 20-24. In some embodiments of the invention, the number of bits in the sub-field depends on the number of bits required for the information carried by the IEEE MAC address. That is, the bits not required for information include the same value common to all the units. An aspect of some embodiments of the present invention relates to determining how to handle a packet with regard to tasks other than packet forwarding, based on portions of IEEE MAC addresses of the packets. Using the IEEE MAC address fields of a packet to convey non- forwarding information, allows switches that access only the layer-2 header of packets to perform non-forwarding tasks. By using the IEEE MAC address fields, there is no need to change the standard structure of the packet in order to convey non-forwarding information. Accessing only the layer 2 header makes the switches much simpler than if they need to access upper layer portions of the packets. In some embodiments of the invention, the non-forwarding information includes a QoS rating of the packet (e.g., based on the protocol of the packet and/or the station from which the packet was received). Alternatively or additionally, the non-forwarding information includes security information identifying the areas of the network that the packet is allowed to access. Optionally, one or more bridging devices in the network manages a list stating for each security value, to which ports it may be forwarded. The term non-forwarding information relates to information not used in determining the direction in which a packet is to be directed. The non- forwarding information may include information on whether a packet is to be forwarded through a specific port. The setting of the non-forwarding information in the IEEE MAC address field is optionally performed in the source unit of the packet or in a switch neighboring the source unit, where the load is relatively low. The access to the non-forwarding information is performed also in heavily loaded switches. The use of the IEEE MAC address field for non-forwarding information reduces the load on the heavily loaded switches, by passing the task of examining the packet to less loaded elements of the network. An aspect of some embodiments of the present invention relates to using a plurality of different IEEE MAC addresses in the source address field of packets generated by a source unit and forwarded through a port of the unit having a single configured IEEE MAC address. The plurality of different IEEE MAC addresses used optionally include different field values used for signaling non-forwarding information, such as security and/or QoS information. In some embodiments of the invention, the unit itself assigns one of the different IEEE MAC addresses to the packets it generates. Alternatively, one of the different IEEE MAC addresses is used to replace the configured IEEE MAC address in a switch servicing the unit. An aspect of some embodiments of the present invention relates to a bridging device that performs a unique one-to-one table translation of the IEEE MAC address fields of at least some of the packets passing through the bridging device. The translation by the bridging device allows central translation of originally configured IEEE MAC addresses into other IEEE MAC addresses that are more conveniently used for forwarding, filtering and/or prioritizing tasks. Optionally, the MAC address translation includes changing IEEE MAC addresses configured into network elements at the time of manufacture, into dynamically assigned IEEE MAC addresses based on the location of the network element and/or any other attributes of the network element. The term bridging device refers herein to devices that selectively forward packets between their ports. In some embodiments of the invention, the bridging device performing the address translation has more than two ports. An aspect of some embodiments of the invention relates to assigning IEEE MAC addresses to a network, such that all the units of the network have a same value in a multi-bit field. Optionally, the value of the multi-bit field is used to verify that the addresses belong to the network. In some embodiments of the invention, all the network elements are assigned MAC addresses that have a same OUI value. In some embodiments of the invention, OUI values are purchased from an address distribution authority for use in networks. Using such OUI values ensures that no other elements around the world have the same MAC addresses as those used in the network. One advantage of the uniqueness of MAC addresses is that it allows connection of different LAN networks without requiring an intermediate router and without requiring adaptations of the networks. In some embodiments of the invention, a manufacturer configures the network elements (e.g., switches) it produces with MAC addresses having OUIs purchased by or for the clients, rather than with an OUI of the manufacturer. There is therefore provided in accordance with an exemplary embodiment of the invention, a method of handling packets in a network, comprising receiving a packet including an IEEE MAC address field, which carries a MAC address of a network element, examining at least one sub-portion of the IEEE MAC address field, which sub-portion represents a set of elements to which the network element belongs within the network, but does not allow unique identification of the network element in the network and handling the packet responsive to the at least one examined sub-portion. Optionally, the at least one sub-portion comprises at least two sub-portions and wherein the handling of the packet comprises handling responsive to the values of the at least two sub- portions. Optionally, the handling responsive to the at least two examined sub-portions comprises performing two different handling tasks, each of which uses respectively a single one of the sub-portions. Optionally, the at least one sub-portion comprises at least one multi-bit sub-field. Optionally, the MAC address field comprises a destination IEEE MAC address field. Alternatively or additionally, the MAC address field comprises a source IEEE MAC address field. Optionally, the at least one sub-portion relates to a location of the network entity in the network. Optionally, the at least one sub-portion may receive a plurality of different values for a single network element. Optionally, examining the at least one sub-portion comprises determining a forwarding direction of the packet and/or whether to forward the packet. Alternatively or additionally, the at least one sub-portion represents a LAN segment to which the network entity represented by the MAC address belongs. Possibly, the at least one sub-portion represents a group of network elements allowed to communicate with each other, to which the network entity represented by the MAC address belongs. Possibly, a local bit of the MAC address is not set. Alternatively, a local bit of the MAC address is set. There is further provided in accordance with an exemplary embodiment of the invention, a method of assigning an IEEE MAC address to be placed in a source address field of a packet generated by a network element, comprising determining at least one sub-set of a plurality of network elements to which the network element belongs in the network; and assigning an IEEE MAC address having a sub-portion selected responsive to the determined at least one sub-set. Optionally, the determining and assigning are performed by the network element. Optionally, the determining comprises transmitting one or more probing packets. Optionally, the determining comprises accessing information configured into a unit performing the determination. Optionally, the determining and assigning are performed by a bridging device servicing the network element. Optionally, determining the at least one sub-set comprises determining a multicast group to which the network element belongs. Optionally, determining the at least one sub-set comprises determining a sub-group of network elements allowed to communicate with each other. Optionally, determining the at least one sub-set comprises determining a location of the network element in the network and/or determining a quality of service rating of the network element, in the network. Possibly, the assigned MAC address is different from all legally hardware configured MAC addresses around the world. Optionally, the assigned MAC address does not have the local bit set. Alternatively, the assigned MAC address has a local indicating bit set. There is further provided in accordance with an exemplary embodiment of the invention, a bridging-device, comprising an input interface for receiving a packet including an IEEE MAC address field, including a MAC address of a network element, a packet examination unit adapted to examine at least one sub-portion of the IEEE MAC address field, which sub-portion represents a set of elements to which the network element belongs within the network, but does not allow unique identification of the network element in the network and a packet handling unit adapted to handle the packet responsive to the examination of the at least one examined sub-portion. Optionally, the packet examination unit is adapted to examine a source and/or destination IEEE MAC address field of packets. There is further provided in accordance with an exemplary embodiment of the invention, a method of handling packets in a network, comprising providing a packet including an IEEE MAC address field, including a MAC address of a network element, examining at least two multi-bit sub-portions of the IEEE MAC address field, by one or more handling network elements along a path of the packet and handling the packet responsive to the at least two examined sub-portions, each sub-portion relating to a different respective attribute of the handling. Optionally, the at least two sub-portions comprise sub-portions that represent attributes of the network element. Optionally, at least one of the sub-portions represents a relationship between the network element and a network in which it is employed. Optionally, the handling responsive to the at least two examined sub-portions comprises handling by a first handling network element responsive to a first sub-portion and handling by a second handling network element responsive to a second sub-portion. Optionally, the handling responsive to the at least two examined sub-portions comprises handling by a single handling network element. Optionally, the handling responsive to the at least two examined sub-portions comprises performing two different handling tasks each of which uses respectively a single one of the sub- portions. Optionally, at least one of the sub-portions represents a security rating of the packet and/or a quality of service rating of the packet. Optionally, at least one of the sub-portions represents an attribute not usable to determine a forwarding direction. Optionally, at least one of the sub-portions represents an ID value common to all network entities in the network. Optionally, the ID value comprises a 22 bit OUI value. Optionally, at least one of the sub-portions represents an attribute used to determine a forwarding direction of the and/or whether to forward the packet. Optionally, at least one of the sub-portions represents an attribute of the packet. There is further provided in accordance with an exemplary embodiment of the invention, a method of assigning an IEEE MAC address representing a network element, which address is to be placed in a source or destination address field of a packet, comprising determining a first attribute of the packet or of the network element, determining a second attribute of the packet or of the network element, generating first and second multi-bit sub- portions responsive to the first and second attributes, respectively and assigning an IEEE MAC address including the first and second multi-bit sub-portions. Optionally, the first and second attributes are attributes of the network element. Optionally, at least one of the first and second attributes is an attribute of the packet. Optionally, the packet attribute is determined responsive to an application to which the packet belongs. Optionally, the packet attribute comprises a quality of service of the packet. Optionally, the packet attribute comprises a security rating of the network element. Optionally, at least one of the first and second attributes comprises an ID of the network to which the network element belongs. Optionally, the ID of the network to which the network element belongs comprises a value of the OUI field. Optionally, at least one of the first and second attributes comprises a location of the network element. Optionally, at least one of the first and second attributes comprises a quality of service rating. Optionally, the generating and assigning are performed by the network element. Optionally, the generating and assigning are performed by a switch servicing the network element. Optionally, the generating and assigning are performed by a controller of a network including the network element. There is further provided in accordance with an exemplary embodiment of the invention, a bridging-device, comprising an input interface for receiving packets, a packet examination unit adapted to examine in each of at least some of the received packets, at least two multi-bit sub-fields of IEEE MAC address fields of the packet; and a packet handling unit adapted to make at least two decisions on a handling method of the packet responsive to the at least two multi-bit sub-fields, respectively, and to handle the packet according to the decisions. Optionally, the at least two decisions include a decision as to whether the IEEE MAC address belongs to a network of the bridging device. Optionally, the at least two decisions include at least one decision related to a forwarding direction of the packet. There is further provided in accordance with an exemplary embodiment of the invention, a method of handling a packet by a bridging device, comprising receiving a packet, examining at least a portion of an IEEE MAC address field of the packet, determining a handling attribute of the packet, other than a forwarding direction, based on the examining; and handling the packet at least partially according to the determined attribute. Optionally, determining a handling attribute based on examining the address field comprises determining the attribute based on a sub-portion of the address field. Optionally, determining a handling attribute comprises determining whether to forward the packet and/or determining a precedence of the handling of the packet. Optionally, determining a handling attribute based on the examining comprises determining the attribute based on a multi-bit sub- field of the address field. There is further provided in accordance with an exemplary embodiment of the invention, a bridging device, comprising an input interface for receiving packets, a packet examination unit adapted to examine in each of at least some of the received packets, a sub- field of an IEEE MAC address field of the packet; and a packet handling unit adapted to handle the packet with at least one handling decision, other than a forwarding direction, being selected responsive to the examined sub-field. Optionally, the at least one handling decision comprises a decision on the priority of the packet. Optionally, the at least one handling decision comprises a security related decision. There is further provided in accordance with an exemplary embodiment of the invention, a method of assigning an IEEE MAC address to be placed in a source address field of a packet generated by a network element, comprising determining at least one attribute not related to the location of the network element in a network and assigning an IEEE MAC address having a multi-bit sub-field selected responsive to the determined at least one attribute. Optionally, determining the attribute comprises determining an attribute of an application to which the packet belongs. Optionally, determining the attribute comprises determining a quality of service rating of the packet. Optionally, assigning the MAC address comprises assigning by the network element. Optionally, assigning the MAC address comprises assigning by a network control unit. Optionally, the method includes inserting the MAC address into the source address field of the packet by the network element. Optionally, the method includes inserting the MAC address into the source address field of the packet by a switch servicing the network element. There is further provided in accordance with an exemplary embodiment of the invention, a method of generating packets, comprising generating a plurality of packets by a network entity, transmitting the plurality of packets through a port of the network entity associated with a single IEEE MAC address and forwarding the plurality of packets with different source IEEE MAC addresses. Optionally, the packets are transmitted through the port already with the different source

MAC addresses. Optionally, the packets are transmitted through the port with a single MAC address, and are changed by a bridging device connected to the network entity. Optionally, the plurality of packets differ in a field representing a quality of service rating of the packet and/or in a field representing a security rating of the packet. There is further provided in accordance with an exemplary embodiment of the invention, a method of handling a packet, comprising receiving a packet including an IEEE MAC address field, which carries a MAC address of a network element, changing a sub-field of the IEEE MAC address field, without changing the remaining portions of the IEEE MAC address field and forwarding the packet to its destination. Optionally, changing the sub-field comprises changing by a switch directly connected to an entity whose address is in the MAC address field after the changing. Optionally, changing the sub-field comprises changing fewer than half the bits of the MAC address field. Optionally, changing the sub-field comprises changing to a predetermined value used for a plurality of different packets having different addresses in the MAC address field. Optionally, changing the sub-field comprises changing a sub-field of the source MAC address field of the packet. There is further provided in accordance with an exemplary embodiment of the invention, a bridging device, comprising at least one port through which packets are received, a table listing a one to one correlation between IEEE MAC addresses and a translation unit adapted to change an IEEE MAC address field of at least some of the packets according to a one-to-one translation of the table. Optionally, all the IEEE MAC addresses on one side of the table include a same value in at least 6 bits of the address. There is further provided in accordance with an exemplary embodiment of the invention, an IEEE MAC address server, comprising a plurality of network communication ports, an input interface for receiving requests for IEEE MAC addresses through at least one of the ports, a processor adapted to generate IEEE MAC addresses, responsive to the requests, wherein at least some of the bits of the MAC addresses are generated responsive to data in the requests and a forwarding unit adapted to forward, through at least one of the ports, responses to the requests, which responses include MAC addresses generated by the processor. Optionally, the requests include at least one piece of information on a network element for which the address is generated and wherein the processor generates the MAC address responsive to the at least one piece of information. Optionally, the processor generates the requests such that fewer than all of the bits of the MAC address are generated responsive to data in the requests. There is further provided in accordance with an exemplary embodiment of the invention, a method of forwarding multicast packets by a bridging device, comprising receiving a packet having a multicast bit set in a destination IEEE MAC address of the packet, examining at least one multi-bit sub-field of an IEEE MAC address of the packet; and forwarding the packet through one or more ports of the bridging device, which ports are selected responsive to the examination of the multi-bit sub-field. Optionally, examining the at least one sub-field comprises examining a sub-field of a destination address field. Alternatively or additionally, examining the at least one sub-field comprises examining a sub-field of a source address field. Optionally, the examining comprises examining a sub-field of the source address, which represents a group to which a network element with which the source address is associated belongs. There is further provided in accordance with an exemplary embodiment of the invention, a method of handling a packet, comprising deteπnining whether a sub-field of an IEEE MAC address of the packet has a predetermined value and handling of the packet responsive to the determination. Optionally, handling the packet comprises discarding the packet if the sub-field of the address does not have the predetermined value. Optionally, the sub-field includes at least 8 bits. There is further provided in accordance with an exemplary embodiment of the invention, a method of assigmng IEEE MAC addresses to elements of a network, comprising providing a network of network elements having different configured IEEE MAC addresses; and assigning all the network elements of the network with IEEE MAC addresses having a same value in a sub-field of at least 8 bits. Optionally, the assigned MAC addresses all have same OUI value. Optionally, the OUI value is purchased from a OUI distribution authority for employment in entire networks. BRIEF DESCRIPTION OF FIGURES Exemplary non-limiting embodiments of the invention will be described with reference to the following description of embodiments in conjunction with the figures. Identical structures, elements or parts which appear in more than one figure are preferably labeled with a same or similar number in all the figures in which they appear, in which: Fig. 1 is a schematic illustration of a network useful in explaining MAC address assignment, in accordance with an exemplary embodiment of the invention; Fig. 2 is a schematic illustration of a format of assigned IEEE MAC addresses, in accordance with an exemplary embodiment of the invention; Fig. 3 is a flowchart of packet forwarding acts performed in accordance with an exemplary embodiment of the invention; Fig. 4 is a schematic signal chart of a process of assigning a MAC address to a client by a controller, in accordance with an exemplary embodiment of the invention; and Fig. 5 is a schematic illustration of a wide area network, in which embodiments of the invention may be employed. DETAILED DESCRIPTION OF EMBODIMENTS Fig. 1 is a schematic illustration of an organizational network 100, in which a MAC address scheme is implemented, in accordance with an exemplary embodiment of the invention. Organizational network 100 includes a plurality of local area network (LAN) segments 102 (marked 102A, 102B, 102C, 102D and 102E), connected through switches 104.

Each of LAN segments 102 is connected to one or more clients 110, which may be substantially any type of network element (e.g., terminals, computers, printers). In Fig. 1, LAN segments 102 are shown as being connected to relatively few clients 110, for clarity of the explanation. It is noted, however, that tens or even hundreds of clients 110 may be connected to a single LAN segment 102. In some embodiments of the invention, network 100 includes a dynamic MAC-address configuration server (referred to herein as a DMCS) 122, which is used to assign IEEE MAC addresses to clients 110. Alternatively or additionally, switches 104 request DMCS 122 to check whether an IEEE MAC address represents a client 110 belonging to network 100 and/or to verify correctness or legality of IEEE MAC addresses. Optionally, DMCS 122 is included in network 100 and is assigned an IEEE MAC address as are the other clients 110 of the network. Alternatively, DMCS 122 is external to the network and packets from the network are routed to DMCS 122. Regardless of where DMCS 122 is actually positioned, DMCS 122 is optionally accessible (optionally through other switches) by all the switches 104 of network 100, that need services of the DMCS. In some embodiments of the invention, each of clients 110 is assigned an IEEE MAC address, which optionally depends on the location of the client 110 in network 100. In Fig. 1, each client 110 is assigned a code word of the form N1G1S1, which represents the data used in determining the IEEE MAC address of the client 110. In the code word, the number after 'N' represents the LAN segment 102 to which the client 110 is connected, the number after 'G' represents a sub-group (e.g., a VLAN) of network 100 to which the client 110 belongs and the number after 'S' represents a specific identity of the client 110 on its LAN segment 102 and/or in its sub-group. Fig. 2 is a schematic illustration of a format 200 of assigned IEEE MAC addresses, in accordance with an exemplary embodiment of the invention. A first field in format 200 carries an organizationally unique identifier (OUI) 202, which is common to all clients 110 in network 100. A segment ID 204 identifies the LAN segment 102 to which the client 110 is connected and a station ID 208 identifies the specific client 110 on the LAN. A group ID 206 indicates a sub-group of network 100 to which the client belongs. A segmentation field 210 indicates the field division of the remaining bits of the IEEE MAC addresses. In an exemplary embodiment of the invention, segmentation field 210 is of a size of a single bit, such that there are two possible field divisions of the remaining bits. Alternatively, segmentation field 210 may have more bits, if more possible divisions of the bits between the fields are desired and/or different fields are desired. Further alternatively, segmentation field 210 may not be used at all, such that only a single field division is used. In an exemplary embodiment of the invention, segment ID field 204 is assigned 7 bits, station ID field 208 is assigned 7 bits and group ID field 206 is assigned 9 bits. It is noted, however, that any other bit division may be used, according to the expected number of LANs, groups and stations in the network 100. In addition, the order of the fields is shown as an example, and other orders may be used. For example, the order may be selected for the convenience of forwarding switches. Alternatively to using two location related fields, e.g., segment ID 204 and station ID 208, a larger number of fields may be used in order to allow for a greater hierarchy of addressing. This alternative is optionally used when the number of network segments 102 is greater than 512 or any other number which makes forwarding using direct access tables less efficient than hierarchical forwarding. In other embodiments of the invention, only a single field is used for identifying the client 110, such that the IEEE MAC address of the client does not identify the location of the client, beyond its being located within the network 100. In one of these embodiments, the field of the IEEE MAC address is divided into two fields: the OUI field 202 and an address field. OUI field 202 is optionally used to verify that the packet belongs to the network, while the address field is used for forwarding. Alternatively, the value of the OUI field 202 is not used by the switches through which the packet passes, but its use makes the assigned IEEE MAC address a legal address throughout the world. In some embodiments of the invention, the OUI 202 value is purchased from the IEEE such that no other network elements anywhere in the world legally have the same addresses as those assigned to clients 110. Alternatively or additionally, the OUI 202 has the local bit 212 set, such that the IEEE MAC addresses of clients 110 do not need to be unique outside network 100. Alternatively or additionally to setting the local bit 212, an edge router(s) of network 100 translate IEEE MAC addresses exiting the network into a universally unique address associated with the edge router. It is noted that, if desired, group ID field 206 is not used and more bits are used for defining the locations of clients 110. In an exemplary embodiment of the invention, in which group IDs are not used, segmentation ID field 204 is assigned 9 bits and station ID field 208 is assigned 14 bits. It is noted, however, that any other bit division may be used, according to the expected number of LANs and stations in the network 100. In some embodiments of the invention, group ID field 206 receives different values according to the software application to which the specific packet belongs. Alternatively, each network element has a specific group ID 206 which does not change unless the network element is reconfigured, for example when it is moved to a different network location and/or it is assigned a user from a different department In other embodiments of the invention, not all the first 24 bits in field 202 are the same for all clients 110 in network 100. Optionally, a bundle of OUI values are purchased from the IEEE, such that additional bits can be used for local purposes, e.g., expanding segment ID field 204. The bits used for local purposes may be least significant bits or may be from the middle of OUI field 202. Alternatively or additionally, local bit 212 is set and some or all of the bits of OUI field 202 are used for other purposes. A portion of the OUI field 202 may still be used for a network identification field in this alternative, in order to differentiate, to a great extent if not completely, from external IEEE MAC addresses. Group field 206 optionally states a multicast group to which the client 110 belongs. Alternatively or additionally, group field 206 indicates a virtual LAN to which the client 110 belongs, such that the client 110 is allowed to communicate only with clients belonging to the same group. This alternative may be used for example for security purposes, for example for an external lap-top hooking to the network. In some embodiments of the invention, a plurality of different group fields are defined for different group purposes (e.g., multicast, VLAN). Instead of using the bits of the IEEE MAC addresses assigned to each field for a single purpose, the values of one or more fields may be used to signify a plurality of different attributes. For example, the quotient of the value of a field divided by 50 may provide a first attribute value, while the remainder provides a second attribute value. The above examples of fields included in the IEEE MAC addresses assigned in accordance with the present invention are not exhaustive. In some embodiments of the invention, fields are assigned to indicate non-forwarding information, such as QoS and/or security ratings. In some embodiments of the invention, the non-forwarding information is associated with the client, such that at a single time, the non-forwarding information has a single value for each client. For example, the client may be assigned a QoS rating (encoded in the IEEE MAC address of the client) associated with the person using the client. Thus, packets from the client of the manager may receive faster handling than packets of lower ranked workers. In some embodiments of the invention, security ratings are encoded within the IEEE MAC address of each client, and accordingly the switches determine in which directions the packets may be forwarded. Alternatively or additionally, a sub-field of the IEEE MAC address of the client indicates whether the client belongs to a VPN and/or the number of the VPN. Alternatively or additionally, the IEEE MAC address of some or all of the clients includes a sub-field that varies between different packets transmitted by the client, for example according to the application to which the packets belong and/or the time of transmission of the packets. In an exemplary embodiment of the invention, real time packets are given an indication of a high quality of service (QoS) rating in the IEEE MAC address, while non-realtime packets are given a low quality of service rating. In some embodiments of the invention, the setting of IEEE MAC address fields which may be different for different packets of the same client is performed by the same entity assigning the remaining bits of the IEEE MAC address of the packet. Alternatively, a first entity (e.g., the client) assigns a first group of bits of the IEEE MAC address of the packet, while a different entity (e.g., a switch servicing the client) assigns a second group of bits of the IEEE MAC address. In an exemplary embodiment of the invention, the client assigns all the bits of the IEEE MAC address which do not change for different packets of the client, for example based on periodic instructions received from DMCS 122. The remaining bits are given predetermined values (e.g., all zeros) and are changed by a switch servicing the client, based on an analysis of the application of the packet, as appears in upper layer fields of the packet. Forwarding Fig. 3 is a flowchart of acts performed by switch 104 (or any other switching element of network 100), in accordance with an exemplary embodiment of the invention. When a packet 200 is received (300) by switch 104, the switch determines (302) whether the packet is a broadcast/multicast or unicast packet. Optionally, the determination of whether the packet is a broadcast/multicast or unicast packet is performed by examining the multicast bit of the destination address of the packet. If (302) the packet is a unicast packet, switch 104 examines (304) the segment ID 204 of the packet to determine the port through which the packet is to be directed. Optionally, switch 104 manages a table which lists for each LAN segment 102 the port through which the packet is forwarded (310) in order to reach its destination. For the example of Fig. 1, the table of switch 104 may have the form:

As shown in Fig. 3, the LAN segments 102 of network 100 are formed of shared media, such as Ethernet cables. In such cases, switches 104 of the network determine through which port to forward a packet based on the segment ID 204 of the destination address of the packet. Clients 110 determine whether a packet is directed to them based on the entire destination IEEE MAC address of the packet or based on the station ID 208 of the destination IEEE MAC address of the packet. In some embodiments of the invention, at least some of LAN segments 102 comprise switches having a single client 110 connected to each port of the switch. These switches have a segment ID 204 value associated with the switch. One or more of the ports of each switch connects to a different switch of the network, for example to a neighboring switch or a backbone switch. When a packet is received by a switch, the switch determines whether the segment ID 204 of the destination address of the packet is the segment ID of the switch. If the segment ID 204 of the packet is not equal to the segment ID of the switch, the packet is forwarded to a different switch, based on a forwarding table, such as shown above. If the segment ID 204 of the packet is equal to the segment ID of the switch, the packet is optionally forwarded based on the value of the station ID 208 of the destination IEEE MAC address of the packet, using a suitable forwarding table. If (at 302) the packet is a broadcast/multicast packet, the packet is optionally forwarded (306) through ports leading to clients belonging to the group ID 206 of the destination address of the packet. Switch 104 optionally manages a group ID table which lists, for each group, the ports leading to at least one client belonging to the group, except for the port through which the packet was received. For the example of Fig. 1, the group ID table may have the form:

In some embodiments of the invention, each client 110 may belong only to a single group. Alternatively, a client 110 may belong to a plurality of groups. In an exemplary embodiment of the invention, groups may be defined in a hierarchy, allowing the definition of large groups that include all the clients 110 in a plurality of smaller groups. Alternatively, the groups are mutually exclusive. In some embodiments of the invention, group ID field 206 includes a single group value. Alternatively, group ID field 206 includes a plurality of sub- portions (e.g., sub-groups of bits, sub-ranges of values), for indicating a plurality of groups to which the packet relates. In an exemplary embodiment of the invention, each bit of group ID field 206 indicates whether the packet belongs to a respective group. In another exemplary embodiment of the invention, each digit in base 10 (or any other base) of group ID field 206 indicates a group to which the packet belongs. Optionally, one of the groups is a broadcast group including all the clients 110 of network 100. In some embodiments of the invention, clients 110 are allowed to multicast to any of the defined groups, regardless of the group to which they belong. Alternatively or additionally, some or all of the clients 110 are allowed to multicast/broadcast messages only to their own group or only to a sub-list of groups with which their group is associated. Optionally, switches 104 examine the group ID field 206 of the source IEEE MAC address and accordingly determine whether the packet should be forwarded and/or to which groups it should be forwarded. Alternatively to referring to the group ID field 206 only for multicast packets, in some embodiments of the invention, the group ID is referred to for unicast packets. Optionally, switch 104 checks that the group ID field of the source address and the destination address are compatible, e.g., include at least one common group. Only if the source and destination group IDs 206 are the same, is the packet forwarded to its destination. The use of IEEE MAC addresses with sub-fields, allows the tables to be relatively small, such that there is no need to have a table entry for each client 110 in the network, as customary in the art. For the unicast forwarding table, the number of entries is optionally equal to the number of LAN segments 102, allowing simple and direct search in the table. In some embodiments of the invention, the table is indexed by the value of the sub-field, such that there is no need to search for the value of the sub-field in the table. This allows achieving fast and efficient forwarding using relatively cheap apparatus in switches 104. Alternatively, more complex apparatus may be used in switches 104, such as a CAM or more complex table indexing methods may be used, such as a hash method or a bitrieve method. These methods and/or apparatus may be used in a switch which performs both prior art methods and the methods of the present invention. Alternatively or additionally, these methods and apparatus may be used in order to achieve even faster handling, for example in very large networks. Other tasks of switch In some embodiments of the invention, one or more switches of network 100 enforce policies based on values of one or more fields of the IEEE MAC address of packets. Optionally, for example, switch 104 has a security rating for each of its ports. Before forwarding a packet through a port, switch 104 compares the security rating of the packet, as stated in its source (or destination) IEEE MAC address field, to the security rating of the port. Optionally, only packets having a sufficient security rating are forwarded. Switch 104, in some embodiments of the invention, also determines the priority of packets based on a QoS field in an IEEE MAC address field of the packets. For example, switch 104 may manage separate queues for different packets according to their QoS. Packets in accordance with the present invention, received by a legacy switch that does not support the present invention, are handled using standard methods known in the art. The IEEE MAC address in accordance with some embodiments of the present invention is unique, such that it is not possible, in these embodiments, that the legacy switch will encounter the same address for two different switches. Packets that carry IEEE MAC addresses not according to the present invention, are optionally handled using methods known in the art, rather than by the methods of the present invention. IEEE MAC addresses not according to the present invention are optionally identified, in those embodiments in which such identification is important, by examining the OUI field of the packets. Alternatively or additionally, in at least some of the switches of the network, addresses in received packets that are not according to the present invention are replaced in the switch by a virtual IEEE MAC address in accordance with the present invention. In response packets the replacement is performed in the opposite direction. Switches 104 are optionally configured with the OUI of network 100 and/or with other information on which IEEE MAC addresses belong to the network. In some embodiments of the invention, when necessary, switches 104 consult DMCS 122 to update their configuration and/or to determine information regarding a specific address. Alternatively or additionally, switches 104 that perform address conversion between hardware configured IEEE MAC addresses and JJBEE MAC addresses in accordance with the present invention consult DMCS 122 as to whether a hardware configured IEEE MAC address actually belongs to network 100. In some embodiments of the invention, when a client 110 may be represented by a plurality of different IEEE MAC addresses, for example for different QoS ratings, a switch that leads to a legacy entity not in accordance with the present invention is configured to change the QoS field (or other changing field of the IEEE MAC address) to a predetermined value (e.g., 0), such that the legacy entity only sees one IEEE MAC address for the client 110, namely one of the possible MAC address values of the client 110. MAC address assignment In some embodiments of the invention, each of clients 110 is manually assigned its IEEE MAC address, by a human system operator. Alternatively, the IEEE MAC address is assigned to client 110 dynamically by DMCS 122. The assigned IEEE MAC address is optionally assigned semi-permanently, such that the same IEEE MAC address is used even after rebooting or after long (e.g., a day, a week, a month) non-use periods. Alternatively, each time a IEEE MAC address is requested for a client 110, the client is assigned a IEEE MAC address without relation to its previously assigned MAC address, or giving low weight to the identity of the previously assigned IEEE MAC address. In some embodiments of the invention, the IEEE MAC addresses have limited life spans (e.g., hours, minutes, seconds). Optionally, MAC addresses not in use for a predetermined time are removed from forwarding tables of switches of the network, for security purposes. Optionally, in assigning the IEEE MAC address, DMCS 122 determines the group to which the client belongs and the LAN to which the client is connected. The group of the client is optionally determined from the client or from any other network entity configured with the group information of clients 110, for example the switch 104 directly connected to the client. The LAN to which the client is connected is optionally determined by transmission of probing packets. Alternatively or additionally, the LAN segment 102 to which the client 110 is connected is preconfigured. In some embodiments of the invention, clients 110 are manufactured without IEEE MAC addresses and IEEE MAC addresses in accordance with the present invention are configured into clients 110 at the time of installation. Alternatively, the assigned IEEE MAC address is overridden by a hardware add-on replacement unit, as described, for example, in the above mentioned U.S. patent publication 2003/0018804. Further alternatively, the IEEE MAC address is replaced in software, as described for example in above mentioned U.S. patent publication 2002/0156612. Further alternatively, the IEEE MAC address replacement is performed by a switch 104 servicing the client 110. The replacement is optionally performed by switch 104, without clients 110 being aware of the replacement. It is noted that different clients 110 in a single network may be assigned IEEE MAC addresses and/or may perform replacement of IEEE MAC addresses using different methods. Fig. 4 is a schematic signal chart of a process of assigning a MAC address to a client 110 by a controller (DMCS) 122, in accordance with an exemplary embodiment of the invention. When a client 110 starts up, the client optionally transmits a broadcast message 411 searching for IEEE MAC address controller (DMCS) 122 of network 100. The DMCS 122 responds with a controller-identified message 412, which includes the address of the DMCS. Client 110 then transmits a request 413 for a replacement MAC address to DMCS 122. DMCS 122 responds to the request with a MAC address assignment message 414. In some embodiments of the invention, the MAC address request 413 includes client identification information required to verify the identity of client 110 and its permission to access network 100. Alternatively or additionally, request 413 includes information on the QoS rating and/or the group of the client 110. DMCS 414 optionally compares the IEEE MAC address of the client 110 to a list of MAC addresses belonging to network 100. If the IEEE MAC address 110 is not in the list, the request for an IEEE MAC address in accordance with the present invention is refused or, optionally, the client 110 is given a "guest" IEEE MAC address. Optionally, switches 104 apply required security policies to the packets they receive, such that packets with original hardware IEEE MAC addresses and/or "guest" IEEE MAC addresses are handled suspiciously. Alternatively to transmitting broadcast message 411, client 110 may be configured with the identity of controller 122. In some embodiments of the invention, at the first time client 110 connects to the network, the client is updated with the address of controller 122.

Thereafter, broadcast messages are used only when the use of the updated address of controller

122 results in an error. In some embodiments of the invention in which the replacement is performed by a switch 104 connecting the client to the network, the MAC address assignment procedure of Fig. 4 is performed between the switch and controller 122. Optionally, the switch is configured with the address of controller (DMCS) 122 and/or receives periodic updates on the address of controller (DMCS) 122. Alternatively or additionally, when necessary, the switch 104 uses broadcast messages. Switch 104 optionally manages a MAC replacement table used in replacing MAC addresses of packets. For packets directed to a client 110, switch 104 optionally changes the destination MAC address in the packet to the original vendor configured MAC address of the client 110. For packets received from the client 110, switch 104 changes the source MAC address of the packet to the MAC address assigned according to the present invention. Thus, client 110 only sees and uses its vendor configured MAC address, while the rest of network 100, and the outside world in some cases, only sees and uses the MAC address assigned in accordance with the present invention. In some embodiments of the invention, the MAC addresses assigned in accordance with the present invention have a sub-field with a value common to all the table entries (e.g., having the same OUI field). Optionally, in order to reduce the size of the table, only the values which differ between entries are stored in the table. Switch 104 optionally identifies MAC addresses that require replacement according to the OUI field 202 of the packet. Addresses having a different OUI value than the value of network 100 are assumed to require replacement. If the address appears in the replacement table, the replacement is performed as described above. If the MAC address does not appear in the replacement table, switch 104 optionally generates a new entry to the table, by performing the MAC address assignment procedure of Fig. 4. Although the above description relates to local area networks, the present invention may be used also in other networks, including various wide area networks, such as access networks and metro networks. Fig. 5 is a schematic illustration of a wide area network 500, in which embodiments of the invention may be employed. Clients 110 connect to an access network 510, through a service provider switch 520. Access network 510 optionally runs layer 2 protocols over substantially any physical layer, such as SONET, SDH or VPLS/MPLS over SONET. When switch 520 receives a message from a client 110, switch 520 determines whether its source MAC address is known, e.g., appears in its translation table. For packets including an address having an entry in the translation table, switch 520 performs address translation of the source as described above relating to switch 104. Switch 520 forwards the packets by accessing a forwarding table, based on the destination MAC address of the packet, as described above. When the source MAC address is unknown to switch 520, the switch assigns the client 110 of the unknown MAC address, a MAC address according to an embodiment of the invention. The relation between the MAC addresses is stored in the address translation table and the packet is forwarded as described above with a replaced source MAC address. When a packet is received from within network 510, for transmission to a client 110, as evident from the destination address of the packet, the destination address of the packet is retranslated back to the original MAC address of the destination client. In some embodiments of the invention, when a client 110 assigns IEEE MAC addresses in accordance with procedures of the present invention, switch 520 identifies this fact, for example based on the OUI of the address, and does not perform address translation for the packet. Alternatively, for simplicity, switch 520 performs replacement for all addresses, even if they are already in accordance with a format of an embodiment of the present invention. Alternatively or additionally, packets from some clients do not undergo translation. Rather these packets are handled using methods known in the art. The term IEEE MAC address refers herein to the MAC addresses defined by the

802.2001 standard. It is noted that these addresses are used in a wide range of applications, such as Ethernet (with and without VLAN fields), Token ring and Token bus. One feature of some implementations that use IEEE MAC addresses is their uniqueness. Unless the rules are violated, no two units around the world should identify themselves using the same MAC address. Although the above description relates to IEEE MAC addresses, some of the innovations of the present invention may be advantageous with other types of MAC addresses. For example, the representation of non-forwarding information, e.g., QoS and/or security ratings, is advantageous also in other proprietary layer-2 MAC address fields. Instead of changing a standard MAC scheme in order to add additional fields for non-forwarding information to layer 2 headers, the MAC addresses may be changed to include in them the non- forwarding information. Naturally, such change is feasible only in MAC schemes that have superfluous bits in the MAC address fields. In the following claims, the term multicast includes broadcast, which is a private case of multicast in which the group of recipients includes all the elements of the network. In accordance with some embodiments of the present invention, hardware from different manufacturers, employed in a single network, are assigned MAC addresses having the same OUI values. In some embodiments of the invention, switches may check the OUI values of packets in order to determine whether the packets belong to the network. It will be appreciated that the above described methods may be varied in many ways, including, changing the order of steps, and/or performing a plurality of steps concurrently. It should also be appreciated that the above described description of methods and apparatus are to be interpreted as including apparatus for carrying out the methods and methods of using the apparatus. The present invention has been described using non-limiting detailed descriptions of embodiments thereof that are provided by way of example and are not intended to limit the scope of the invention. Many specific implementation details may be used. For example, the invention is not limited to switches and substantially any other bridging devices may be used in implementing the invention. Also, bit sub-fields in the IEEE MAC addresses do not necessarily include consecutive sets of bits. For example, a network address field may include the higher odd-place bits, while the even bits are used for terminal ID. It should be understood that features and/or steps described with respect to one embodiment may be used with other embodiments and that not all embodiments of the invention have all of the features and/or steps shown in a particular figure or described with respect to one of the embodiments. Variations of embodiments described will occur to persons of the art. Furthermore, the terms "comprise," "include," "have" and their conjugates, shall mean, when used in the claims, "including but not necessarily limited to." When the term "based on" is used in the claims it is to be interpreted as meaning "at least partially based on". It is noted that some of the above described embodiments may describe the best mode contemplated by the inventors and therefore may include structure, acts or details of structures and acts that may not be essential to the invention and which are described as examples. Structure and acts described herein are replaceable by equivalents which perform the same function, even if the structure or acts are different, as known in the art. Therefore, the scope of the invention is limited only by the elements and limitations as used in the claims.

Claims

1. A method of handling packets in a network, comprising: receiving a packet including an IEEE MAC address field, which carries a MAC address of a network element; examining at least one sub-portion of the IEEE MAC address field, which sub-portion represents a set of elements to which the network element belongs within the network, but does not allow unique identification of the network element in the network; and handling the packet responsive to the at least one examined sub-portion.

2. A method according to claim 1, wherein the at least one sub-portion comprises at least two sub-portions and wherein the handling of the packet comprises handling responsive to the values of the at least two sub-portions.

3. A method according to claim 2, wherein the handling responsive to the at least two examined sub-portions comprises performing two different handling tasks, each of which uses respectively a single one of the sub-portions.

4. A method according to claim 1, wherein the at least one sub-portion comprises at least one multi-bit sub-field.

5. A method according to claim 1, wherein the MAC address field comprises a destination IEEE MAC address field.

6. A method according to claim 1, wherein the MAC address field comprises a source IEEE MAC address field.

7. A method according to claim 1, wherein the at least one sub-portion relates to a location of the network entity in the network.

8. A method according to claim 1, wherein the at least one sub-portion may receive a plurality of different values for a single network element.

9. A method according to claim 1, wherein examining the at least one sub-portion comprises determining a forwarding direction of the packet.

10. A method according to claim 1, wherein examining the at least one sub-portion comprises determining whether to forward the packet.

11. A method according to claim 1, wherein the at least one sub-portion represents a LAN segment to which the network entity represented by the MAC address belongs.

12. A method according to claim 1, wherein the at least one sub-portion represents a group of network elements allowed to communicate with each other, to which the network entity represented by the MAC address belongs.

13. A method according to claim 1, wherein a local bit of the MAC address is not set.

14. A method according to claim 1, wherein a local bit of the MAC address is set.

15. A method of assigning an IEEE MAC address to be placed in a source address field of a packet generated by a network element, comprising: determining at least one sub-set of a plurality of network elements to which the network element belongs in the network; and assigning an IEEE MAC address having a sub-portion selected responsive to the determined at least one sub-set.

16. A method according to claim 15, wherein the determining and assigning are performed by the network element.

17. A method according to claim 15, wherein the determining comprises transmitting one or more probing packets.

18. A method according to claim 15, wherem the determining comprises accessing information configured into a unit performing the determination.

19. A method according to claim 15, wherein the determining and assigning are performed by a bridging device servicing the network element.

20. A method according to claim 15, wherein determining the at least one sub-set comprises determining a multicast group to which the network element belongs.

21. A method according to claim 15, wherein determining the at least one sub-set comprises determining a sub-group of network elements allowed to communicate with each other.

22. A method according to claim 15, wherein determining the at least one sub-set comprises determining a location of the network element in the network.

23. A method according to claim 15, wherein determining the at least one sub-set comprises determining a quality of service rating of the network element, in the network.

24. A method according to claim 15, wherein the assigned MAC address is different from all legally hardware configured MAC addresses around the world.

25. A method according to claim 15, wherein the assigned MAC address does not have the local bit set.

26. A method according to claim 15, wherein the assigned MAC address has a local indicating bit set.

27. A bridging-device, comprising: an input interface for receiving a packet including an IEEE MAC address field, including a MAC address of a network element; a packet examination unit adapted to examine at least one sub-portion of the IEEE MAC address field, which sub-portion represents a set of elements to which the network element belongs within the network, but does not allow unique identification of the network element in the network; and a packet handling unit adapted to handle the packet responsive to the examination of the at least one examined sub-portion.

28. A bridging device according to claim 27, wherein the packet examination unit is adapted to examine a source IEEE MAC address field of packets.

29. A bridging device according to claim 27, wherein the packet examination unit is adapted to examine a destination IEEE MAC address field of packets.

30. A method of handling packets in a network, comprising: providing a packet including an IEEE MAC address field, including a MAC address of a network element; examining at least two multi-bit sub-portions of the IEEE MAC address field, by one or more handling network elements along a path of the packet; and handling the packet responsive to the at least two examined sub-portions, each sub- portion relating to a different respective attribute of the handling.

31. A method according to claim 30, wherein the at least two sub-portions comprise sub- portions that represent attributes of the network element.

32. A method according to claim 31, wherein at least one of the sub-portions represents a relationship between the network element and a network in which it is employed.

33. A method according to claim 30, wherein the handling responsive to the at least two examined sub-portions comprises handling by a first handling network element responsive to a first sub-portion and handling by a second handling network element responsive to a second sub-portion.

34. A method according to claim 30, wherein the handling responsive to the at least two examined sub-portions comprises handling by a single handling network element.

35. A method according to claim 34, wherein the handling responsive to the at least two examined sub-portions comprises performing two different handling tasks each of which uses respectively a single one of the sub-portions.

36. A method according to claim 30, wherein at least one of the sub-portions represents a security rating of the packet.

37. A method according to claim 30, wherein at least one of the sub-portions represents a quality of service rating of the packet.

38. A method according to claim 30, wherein at least one of the sub-portions represents an attribute not usable to determine a forwarding direction.

39. A method accordmg to claim 30, wherein at least one of the sub-portions represents an ID value common to all network entities in the network.

40. A method according to claim 39, wherein the ID value comprises a 22 bit OUI value.

41. A method according to claim 30, wherein at least one of the sub-portions represents an attribute used to determine a forwarding direction of the packet.

42. A method according to claim 30, wherein at least one of the sub-portions represents an attribute used to determine whether to forward the packet.

43. A method according to claim 30, wherein at least one of the sub-portions represents an attribute of the packet.

44. A method of assigning an IEEE MAC address representing a network element, which address is to be placed in a source or destination address field of a packet, comprising: determining a first attribute of the packet or of the network element; determining a second attribute of the packet or of the network element; generating first and second multi-bit sub-portions responsive to the first and second attributes, respectively; and assigning an IEEE MAC address including the first and second multi-bit sub-portions.

45. A method according to claim 44, wherein the first and second attributes are attributes of the network element.

46. A method according to claim 44, wherein at least one of the first and second attributes is an attribute of the packet.

47. A method according to claim 46, wherein the packet attribute is determined responsive to an application to which the packet belongs.

48. A method according to claim 46, wherein the packet attribute comprises a quality of service of the packet.

49. A method according to claim 46, wherein the packet attribute comprises a security rating of the network element.

50. A method according to claim 44, wherein at least one of the first and second attributes comprises an ID of the network to which the network element belongs.

51. A method according to claim 50, wherein the ID of the network to which the network element belongs comprises a value of the OUI field.

52. A method according to claim 44, wherem at least one of the first and second attributes comprises a location of the network element.

53. A method according to claim 44, wherein at least one of the first and second attributes comprises a quality of service rating.

54. A method according to claim 44, wherein the generating and assigning are performed by the network element.

55. A method according to claim 44, wherein the generating and assigning are performed by a switch servicing the network element.

56. A method according to claim 44, wherein the generating and assigning are performed by a controller of a network including the network element.

57. A bridging-device, comprising: an input interface for receiving packets; a packet examination unit adapted to examine in each of at least some of the received packets, at least two multi-bit sub-fields of IEEE MAC address fields of the packet; and a packet handling unit adapted to make at least two decisions on a handling method of the packet responsive to the at least two multi-bit sub-fields, respectively, and to handle the packet according to the decisions.

58. A bridging device accordmg to claim 57, wherein the at least two decisions include a decision as to whether the IEEE MAC address belongs to a network of the bridging device.

59. A bridging device according to claim 57, wherein the at least two decisions include at least one decision related to a forwarding direction of the packet.

60. A method of handling a packet by a bridging device, comprising: receiving a packet; examining at least a portion of an IEEE MAC address field of the packet; determining a handling attribute of the packet, other than a forwarding direction, based on the examining; and handling the packet at least partially according to the determined attribute.

61. A method according to claim 60, wherein determining a handling attribute based on examining the address field comprises determining the attribute based on a sub-portion of the address field.

62. A method according to claim 60, wherein determining a handling attribute comprises determining whether to forward the packet.

63. A method according to claim 60, wherein determining a handling attribute comprises determining a precedence of the handling of the packet.

64. A method according to claim 60, wherein determining a handling attribute based on the examining comprises determining the attribute based on a multi-bit sub-field of the address field.

65. A bridging device, comprising: an input interface for receiving packets; a packet examination unit adapted to examine in each of at least some of the received packets, a sub-field of an IEEE MAC address field of the packet; and a packet handling unit adapted to handle the packet with at least one handling decision, other than a forwarding direction, being selected responsive to the examined sub-field.

66. A bridging device according to claim 65, wherein the at least one handling decision comprises a decision on the priority of the packet.

67. A bridging device according to claim 65, wherein the at least one handling decision comprises a security related decision.

68. A method of assigning an IEEE MAC address to be placed in a source address field of a packet generated by a network element, comprising: determining at least one attribute not related to the location of the network element in a network; and assigning an JJEEE MAC address having a multi-bit sub-field selected responsive to the determined at least one attribute.

69. A method according to claim 68, wherein determining the attribute comprises determining an attribute of an application to which the packet belongs.

70. A method according to claim 68, wherein determining the attribute comprises determining a quality of service rating of the packet.

71. A method according to claim 68, wherein assigning the MAC address comprises assigning by the network element.

72. A method according to claim 68, wherein assigning the MAC address comprises assigning by a network control unit.

73. A method according to claim 68, comprising inserting the MAC address into the source address field of the packet by the network element.

74. A method according to claim 68, comprising inserting the MAC address into the source address field of the packet by a switch servicing the network element.

75. A method of generating packets, comprising: generating a plurality of packets by a network entity; transmitting the plurality of packets through a port of the network entity associated with a single IEEE MAC address; and forwarding the plurality of packets with different source IEEE MAC addresses.

76. A method according to claim 75, wherein the packets are transmitted through the port already with the different source MAC addresses.

77. A method according to claim 75, wherein the packets are transmitted through the port with a single MAC address, and are changed by a bridging device connected to the network entity.

78. A method according to claim 75, wherein the plurality of packets differ in a field representing a quality of service rating of the packet.

79. A method according to claim 75, wherein the plurality of packets differ in a field representing a security rating of the packet.

80. A method of handling a packet, comprising: receiving a packet including an IEEE MAC address field, which carries a MAC address of a network element; changing a sub-field of the IEEE MAC address field, without changing the remaining portions of the IEEE MAC address field; and forwarding the packet to its destination.

81. A method according to claim 80, wherein changing the sub-field comprises changing by a switch directly connected to an entity whose address is in the MAC address field after the changing.

82. A method according to claim 80, wherein changing the sub-field comprises changing fewer than half the bits of the MAC address field.

83. A method according to claim 80, wherein changing the sub-field comprises changing to a predetermined value used for a plurality of different packets having different addresses in the MAC address field.

84. A method according to claim 80, wherein changing the sub-field comprises changing a sub-field of the source MAC address field of the packet.

85. A bridging device, comprising: at least one port through which packets are received; a table listing a one to one correlation between IEEE MAC addresses; and a translation unit adapted to change an IEEE MAC address field of at least some of the packets according to a one-to-one translation of the table.

86. A bridging device according to claim 85, wherein all the IEEE MAC addresses on one side of the table include a same value in at least 6 bits of the address.

87. An IEEE MAC address server, comprising: a plurality of network communication ports; an input interface for receiving requests for IEEE MAC addresses through at least one of the ports; a processor adapted to generate IEEE MAC addresses, responsive to the requests, wherein at least some of the bits of the MAC addresses are generated responsive to data in the requests; and a forwarding unit adapted to forward, through at least one of the ports, responses to the requests, which responses include MAC addresses generated by the processor.

88. A server according to claim 87, wherein the requests include at least one piece of information on a network element for which the address is generated and wherein the processor generates the MAC address responsive to the at least one piece of information.

89. A server according to claim 87, wherein the processor generates the requests such that fewer than all of the bits of the MAC address are generated responsive to data in the requests.

90. A method of forwarding multicast packets by a bridging device, comprising: receiving a packet having a multicast bit set in a destination IEEE MAC address of the packet; examining at least one multi-bit sub-field of an IEEE MAC address of the packet; and forwarding the packet through one or more ports of the bridging device, which ports are selected responsive to the examination of the multi-bit sub-field.

91. A method according to claim 90, wherein examimng the at least one sub-field comprises examining a sub-field of a destination address field.

92. A method according to claim 90 or 91, wherein examining the at least one sub-field comprises examining a sub-field of a source address field.

93. A method according to claim 90, wherein the examining comprises examining a sub- field of the source address, which represents a group to which a network element with which the source address is associated belongs.

94. A method of handling a packet, comprising: deteπnining whether a sub-field of an IEEE MAC address of the packet has a predetermined value; and handling of the packet responsive to the determination.

95. A method according to claim 94, wherein handling the packet comprises discarding the packet if the sub-field of the address does not have the predetermined value.

96. A method according to claim 94, wherein the sub-field includes at least 8 bits.

97. A method of assigning IEEE MAC addresses to elements of a network, comprising: providing a network of network elements having different configured IEEE MAC addresses; and assigning all the network elements of the network with IEEE MAC addresses having a same value in a sub-field of at least 8 bits.

98. A method according to claim 97, wherein the assigned MAC addresses all have same OUI value.

99. A method according to claim 98, wherein the OUI value is purchased from a OUI distribution authority for employment in entire networks.