TWI738918B - Chassis switches, network interface cards, and methods for management of packet forwarding - Google Patents

Chassis switches, network interface cards, and methods for management of packet forwarding Download PDF

Info

Publication number
TWI738918B
TWI738918B TW106138950A TW106138950A TWI738918B TW I738918 B TWI738918 B TW I738918B TW 106138950 A TW106138950 A TW 106138950A TW 106138950 A TW106138950 A TW 106138950A TW I738918 B TWI738918 B TW I738918B
Authority
TW
Taiwan
Prior art keywords
packet
port
area network
identification tag
external
Prior art date
Application number
TW106138950A
Other languages
Chinese (zh)
Other versions
TW201919407A (en
Inventor
黃俊傑
Original Assignee
智邦科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 智邦科技股份有限公司 filed Critical 智邦科技股份有限公司
Priority to TW106138950A priority Critical patent/TWI738918B/en
Publication of TW201919407A publication Critical patent/TW201919407A/en
Application granted granted Critical
Publication of TWI738918B publication Critical patent/TWI738918B/en

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A chassis switch including a network interface card is provided. The network interface card includes a first Virtual Local Area Network (VLAN) ID to a first packet originated from an internal Internet Protocol (IP) address, so that the first packet is not transmitted to the outside of the chassis switch. In addition, the network interface card further includes a second VLAN ID to a second packet originated from an external IP address, so that the second packet is transmitted to the outside of the chassis switch.

Description

箱型交換機、網路介面卡、及封包轉送之管理方法 Box-type switch, network interface card, and packet forwarding management method

本申請主要關於封包轉送之管理技術,特別係有關於一種適用於箱型交換機的封包轉送之管理技術。 This application is mainly about the management technology of packet forwarding, especially a management technology of packet forwarding suitable for box-type switches.

隨著網路技術的快速發展,人們對於網路頻寬的需求不僅開始逐年提高且對於網路環境的需求也時常有所變化,因此,在網路環境的架設方面需要考量到可動態且簡易地進行調整。 With the rapid development of network technology, people's demand for network bandwidth has not only begun to increase year by year, but the demand for the network environment has also changed from time to time. Therefore, the network environment needs to be dynamic and easy to consider. Make adjustments accordingly.

由於箱型交換機(switch chassis)可視不同的網路環境需求而選擇性地搭載不同的通訊元件,例如:一或多張網路介面等。因此,箱型交換機被廣泛地應用在網路環境的架設,而因為箱形交換器通常包含多張卡,所以衍生出管理這些卡的需求。此外,若一網路環境中設置有多台箱形交換機,則除了管理每台箱型交換機內的多張卡之外,還有管理多台箱形交換機的需求。 Because the switch chassis can selectively carry different communication components, such as one or more network interfaces, depending on the requirements of different network environments. Therefore, box-type switches are widely used in the network environment, and because box-type switches usually contain multiple cards, there is a need to manage these cards. In addition, if multiple box-shaped switches are installed in a network environment, in addition to managing multiple cards in each box-shaped switch, there is also a need to manage multiple box-shaped switches.

一般來說,箱型交換機中的每張網路介面卡都至少會被分別配置一個內網(internal)網路協定(Internet Protocol,IP)位址及一個外網(external)網路協定位址,其 中外網網路協定位址是由動態主機組態協定(Dynamic Host Configuration Protocol,DHCP)伺服器所配置,在由包含至少二箱形交換器組成的網路環境中具有唯一的識別性,主要用於對他台箱型交換機的網路介面卡進行管理之用;相較之下,內網網路協定位址是根據每張網路介面卡在箱型交換機內的插槽位置而定,明確來說,每個插槽位置都各自對應到一固定的內網網路協定位址,而每張網路介面卡係根據其安裝的插槽位置而被配置內網網路協定位址,用於對箱型交換機內部的網路介面卡進行管理之用。 Generally speaking, each network interface card in the box-type switch will be configured with at least an internal network protocol (Internet Protocol, IP) address and an external network protocol address. , The Internet protocol address of the external network is configured by a Dynamic Host Configuration Protocol (DHCP) server, which is uniquely identifiable in a network environment composed of at least two box-shaped switches. Mainly used to manage the network interface cards of other box-type switches; in contrast, the intranet network protocol address is determined by the slot position of each network interface card in the box-type switch To be clear, each slot position corresponds to a fixed intranet network protocol address, and each network interface card is configured with an intranet network protocol address according to the slot position where it is installed , Used to manage the network interface card inside the box switch.

如此一來,每個箱型交換機內同一個插槽位置的網路介面卡就會被配置同一個內網網路協定位址。在一個由多個箱型交換機所構成的網路環境中,如果箱型交換機之間以內網網路協定位址來轉送封包時,即可能發生網路協定位址衝突(IP conflict)的問題。 In this way, the network interface cards in the same slot position in each box-type switch will be configured with the same intranet network protocol address. In a network environment composed of multiple box-type switches, if the box-type switches use an intranet network protocol address to forward packets between them, an IP conflict problem may occur.

第1圖係顯示箱型交換機之間的通訊因為使用內網網路協定位址而發生網路協定位址衝突的示意圖。如第1圖所示,當兩台箱型交換機內的相同插槽位置與內網網路協定位址的對應關係是採用相同的配置規則時,兩台箱型交換機內相同插槽位置的網路介面卡會被配置相同的內網網路協定位址。在此設定之下,首先由箱型交換機A中的網路介面卡1使用內網網路協定位址(如:169.254.251.1)轉送封包X,在封包X抵達路由器時,路由器會將封包X的來源網路協定位址以及抵達的埠口(如:port-1)紀錄在轉送表中;接著,箱型交換機B中的網路介面卡1使用了相同的內網網路協定位址(如: 169.254.251.1)轉送封包Y,在封包Y抵達路由器時,路由器會將封包Y的來源網路協定位址以及抵達的埠口(如:port-2)紀錄在轉送表中。 Figure 1 is a schematic diagram showing that the communication between box-type switches has a network protocol address conflict due to the use of an intranet network protocol address. As shown in Figure 1, when the corresponding relationship between the same slot position in two box-type switches and the intranet network protocol address is the same configuration rule, the network of the same slot position in the two box-type switches The road interface card will be configured with the same intranet network protocol address. Under this setting, the network interface card 1 in the box switch A first uses the intranet network protocol address (such as: 169.254.251.1) to forward the packet X. When the packet X arrives at the router, the router will send the packet X The source network protocol address and the arrival port (such as: port-1) are recorded in the forwarding table; then, the network interface card 1 in box switch B uses the same intranet network protocol address ( For example: 169.254.251.1) forwarding packet Y, when packet Y arrives at the router, the router will record the source network protocol address of packet Y and the port (such as port-2) of the packet Y in the forwarding table.

由於轉送表的紀錄方式是以來源網路協定位址為主鍵(primary key),所以先前封包X的資料會被封包Y的資料複寫,而使得轉送表所紀錄的內網網路協定位址169.254.251.1是關連到埠口port-2。之後,當有任何封包想要送往箱型交換機A中的網路介面卡1時,封包在路由器就會被錯誤地轉送到箱型交換機B中的網路介面卡1。 Since the recording method of the forwarding table is based on the primary key of the source network protocol address, the data of the previous packet X will be copied by the data of the packet Y, so that the intranet network protocol address recorded in the forwarding table 169.254.251.1 is connected to port-2. After that, when any packet wants to be sent to the network interface card 1 in the box switch A, the packet will be erroneously forwarded to the network interface card 1 in the box switch B in the router.

因此,極需有一種封包轉送之管理方法,可以有效解決上述問題。 Therefore, there is a great need for a packet forwarding management method that can effectively solve the above-mentioned problems.

為了解決上述問題,本申請提出一種適用於箱型交換機的封包轉送之管理方法,主要透過在箱型交換機之內建立虛擬區網(Virtual Local Area Network,VLAN)來阻擋使用內網網路協定位址的封包往外轉送,同時不影響到使用外網網路協定位址的封包轉送。 In order to solve the above problems, this application proposes a packet forwarding management method suitable for box-type switches, mainly by establishing a virtual local area network (VLAN) in the box-type switches to block the use of intranet network protocol bits. The packet of the address is forwarded outside, and it does not affect the packet forwarding using the protocol address of the external network.

本申請之一實施例提供了一種箱型交換機,包括一網路介面卡。上述網路介面卡包括進行對上述箱型交換機以外之通訊所用之一對外埠口。上述網路介面卡用以處理源自一內網網路協定位址之一第一封包、以及源自一外網網路協定位址之一第二封包。上述第一封包之處理包括:在上述第一封包內加入一第一虛擬區網識別標籤,根據上述第一虛擬區網識別標籤以及上述第一封包所包括之一第一目的媒體存取控制 (Media Access Control,MAC)位址決定上述第一封包之一第一外出埠口(egress port),以及當上述第一外出埠口為上述對外埠口時丟棄上述第一封包。上述第二封包之處理包括:在上述第二封包內加入一第二虛擬區網識別標籤,根據上述第二虛擬區網識別標籤以及上述第二封包所包括之一第二目的媒體存取控制位址決定上述第二封包之一第二外出埠口,將上述第二識別標籤從上述第二封包中移除並透過上述第二外出埠口傳送上述第二封包。 An embodiment of the present application provides a box-type switch including a network interface card. The network interface card includes an external port used for communication outside the box-type switch. The network interface card is used for processing a first packet originating from an intranet network protocol address and a second packet originating from an external network protocol address. The processing of the first packet includes: adding a first virtual area network identification tag to the first packet, and according to the first virtual area network identification tag and a first destination media access control included in the first packet ( The Media Access Control (MAC) address determines a first egress port (egress port) of the first packet, and discards the first packet when the first egress port is the egress port. The processing of the second packet includes: adding a second virtual area network identification tag in the second packet, based on the second virtual area network identification tag and a second destination media access control bit included in the second packet The address determines a second exit port of the second packet, removes the second identification tag from the second packet, and transmits the second packet through the second exit port.

本申請之另一實施例提供了一種封包轉送之管理方法,適用於一箱型交換機中之一網路介面卡。上述封包轉送之管理方法包括以下步驟:處理源自一內網網路協定位址之一第一封包;以及處理源自一外網網路協定位址之一第二封包。上述第一封包之處理包括:在上述第一封包內加入一第一虛擬區網識別標籤,根據上述第一虛擬區網識別標籤以及上述第一封包所包括之一第一目的媒體存取控制位址決定上述第一封包之一第一外出埠口,以及當上述第一外出埠口為對上述箱型交換機以外之通訊所用之一對外埠口時丟棄上述第一封包。上述第二封包之處理包括:在上述第二封包內加入一第二虛擬區網識別標籤,根據上述第二虛擬區網識別標籤以及上述第二封包所包括之一第二目的媒體存取控制位址決定上述第二封包之一第二外出埠口,將上述第二虛擬區網識別標籤從上述第二封包中移除並透過上述第二外出埠口傳送上述第二封包。 Another embodiment of the present application provides a packet forwarding management method, which is suitable for a network interface card in a box-type switch. The above-mentioned packet forwarding management method includes the following steps: processing a first packet originating from an intranet network protocol address; and processing a second packet originating from an external network protocol address. The processing of the first packet includes: adding a first virtual area network identification tag in the first packet, according to the first virtual area network identification tag and a first destination media access control bit included in the first packet The address determines one of the first outgoing ports of the first packet, and discards the first packet when the first outgoing port is an external port used for communication other than the box-type switch. The processing of the second packet includes: adding a second virtual area network identification tag in the second packet, based on the second virtual area network identification tag and a second destination media access control bit included in the second packet The address determines a second outbound port of the second packet, removes the second virtual local area network identification tag from the second packet, and transmits the second packet through the second outbound port.

本申請之又一實施例提供了一種網路介面卡,設置於一箱型交換機中。上述網路介面卡包括:一對外埠口,用 以進行對上述箱型交換機以外之通訊所用;一控制器,用以產生源自一內網網路協定位址之一第一封包、以及源自一外網網路協定位址之一第二封包;以及一交換裝置,用以在上述第一封包內加入一第一虛擬區網識別標籤,根據上述第一虛擬區網識別標籤以及上述第一封包所包括之一第一目的媒體存取控制位址決定上述第一封包之一第一外出埠口,當上述第一外出埠口為上述對外埠口時丟棄上述第一封包,在上述第二封包內加入一第二虛擬區網識別標籤,根據上述第二虛擬區網識別標籤以及上述第二封包所包括之一第二目的媒體存取控制位址決定上述第二封包之一第二外出埠口,將上述第二虛擬區網識別標籤從上述第二封包中移除並透過上述第二外出埠口傳送上述第二封包。 Another embodiment of the present application provides a network interface card, which is set in a box-type switch. The network interface card includes: an external port for communication other than the box-type switch; a controller for generating a first packet derived from an intranet network protocol address, and source A second packet from a protocol address of an external network; and a switching device for adding a first virtual area network identification tag in the first packet, according to the first virtual area network identification tag and the first A first destination media access control address included in a packet determines a first outgoing port of the first packet. When the first outgoing port is the outer port, the first packet is discarded. A second virtual area network identification tag is added to the two packets, and one of the second packets is determined to go out according to the second virtual area network identification tag and a second destination media access control address included in the second packet Port, removing the second virtual local area network identification tag from the second packet and transmitting the second packet through the second outbound port.

關於本申請其他附加的特徵與優點,此領域之熟習技術人士,在不脫離本申請之精神和範圍內,當可根據本案實施方法中所揭露之箱型交換機、網路介面卡、及封包轉送之管理方法做些許的更動與潤飾而得到。 Regarding other additional features and advantages of this application, those skilled in the field, without departing from the spirit and scope of this application, can use the box-type switch, network interface card, and packet forwarding disclosed in the implementation method of this case The management method is obtained with a little modification and retouching.

200‧‧‧網路環境 200‧‧‧Network environment

10‧‧‧路由器 10‧‧‧ Router

20、30‧‧‧箱型交換機 20, 30‧‧‧Box type switch

310、320、410、420‧‧‧控制器 310, 320, 410, 420‧‧‧controller

330、430‧‧‧交換裝置 330、430‧‧‧Exchange device

340-1~340-8、440-1~440-4‧‧‧對內埠口 340-1~340-8、440-1~440-4‧‧‧Internal port

340-9‧‧‧對外埠口 340-9‧‧‧External port

S510~S570、S810~S890‧‧‧步驟編號 S510~S570, S810~S890‧‧‧Step number

6a~6f、7a~7e、9a~9f、10a~10f‧‧‧步驟編號 6a~6f, 7a~7e, 9a~9f, 10a~10f‧‧‧Step number

A、B‧‧‧箱型交換機 A, B‧‧‧Box type switch

第1圖係顯示箱型交換機之間的通訊因為使用內網網路協定位址而發生網路協定位址衝突的示意圖。 Figure 1 is a schematic diagram showing that the communication between box-type switches has a network protocol address conflict due to the use of an intranet network protocol address.

第2圖係根據本申請一實施例所述之網路環境架構圖。 Figure 2 is a diagram of the network environment architecture according to an embodiment of the present application.

第3圖係根據本申請一實施例所述之交換卡之示意圖。 Figure 3 is a schematic diagram of an exchange card according to an embodiment of the present application.

第4圖係根據本申請一實施例所述之線路卡之示意圖。 Figure 4 is a schematic diagram of a line card according to an embodiment of the present application.

第5圖係根據本申請一實施例所述針對使用內網網路協定 位址的封包進行轉送管理之方法流程圖。 Figure 5 is a flowchart of a method for forwarding management of packets using an intranet network protocol address according to an embodiment of the present application.

第6圖係根據本申請一實施例所述針對使用內網網路協定.位址的封包所進行之轉送管理之作業示意圖。 Fig. 6 is a schematic diagram of the operation of forwarding management of packets using an intranet network protocol. address according to an embodiment of the present application.

第7圖係根據本申請另一實施例所述針對使用內網網路協定位址的封包所進行之轉送管理之作業示意圖。 Figure 7 is a schematic diagram of the transfer management of packets using an intranet network protocol address according to another embodiment of the present application.

第8A~8B圖係根據本申請一實施例所述針對使用外網網路協定位址的封包進行轉送管理之方法流程圖。 Figures 8A to 8B are a flowchart of a method for forwarding management of packets using an external network protocol address according to an embodiment of the present application.

第9圖係根據本申請一實施例所述針對使用外網網路協定位址的封包所進行之轉送管理之作業示意圖。 FIG. 9 is a schematic diagram of the operation of forwarding management for packets using an external network protocol address according to an embodiment of the present application.

第10圖係根據本申請另一實施例所述針對使用外網網路協定位址的封包所進行之轉送管理之作業示意圖。 FIG. 10 is a schematic diagram of the operation of forwarding management for packets using an external network protocol address according to another embodiment of the present application.

本章節所敘述的是實施本申請之較佳方式,目的在於說明本申請之精神而非用以限定本申請之保護範圍,當可理解的是,使用於本說明書中的「包含」、「包括」等詞,係用以表示存在特定的技術特徵、數值、方法步驟、作業處理、元件以及/或組件,但並不排除可加上更多的技術特徵、數值、方法步驟、作業處理、元件、組件,或以上的任意組合。 The description in this chapter is a preferred way to implement this application, and the purpose is to illustrate the spirit of this application rather than to limit the scope of protection of this application. "" and other words are used to indicate the presence of specific technical features, values, method steps, operations, components, and/or components, but it does not exclude the possibility of adding more technical features, values, method steps, operations, and components , Components, or any combination of the above.

第2圖係根據本申請一實施例所述之網路環境架構圖。網路環境200為一區域網路,且包括路由器10、以及至少兩台箱型交換機20~30,其中箱型交換機20~30係透過路由器10而相連。 Figure 2 is a diagram of the network environment architecture according to an embodiment of the present application. The network environment 200 is a local area network and includes a router 10 and at least two box-type switches 20-30, wherein the box-type switches 20-30 are connected through the router 10.

區域網路可以是由乙太網、無線保真(Wireless Fidelity,WiFi)網路、雙絞線(Twisted Pair)網路、或同軸 電纜(Coaxial cable)網路等所建構的網路,又可稱為內網,其通常覆蓋局部區域,例如:辦公室、或建築物內的某樓層。 The local area network can be a network constructed by Ethernet, Wireless Fidelity (WiFi) network, twisted pair network, or coaxial cable network, etc. It is called an intranet, which usually covers a local area, such as an office or a certain floor in a building.

路由器10主要負責提供區域網路內的路由與轉送的功能,實現了箱型交換機20與30之間的封包交換、以及箱型交換機20/30與區域網路內的其他網路終端裝置之間的封包交換。此外,雖未繪示,路由器10還可橋接區域網路到外部的廣域網路,提供區域網路對外的路由與轉送的功能。 The router 10 is mainly responsible for providing routing and forwarding functions in the local area network, and realizes the packet exchange between the box-type switch 20 and 30, and between the box-type switch 20/30 and other network terminal devices in the local network. Packet exchange. In addition, although not shown, the router 10 can also bridge the local area network to an external wide area network to provide external routing and forwarding functions of the local area network.

箱型交換機20與30皆具有多個插槽(slot),每個插槽可供一網路介面卡的接入。舉例來說,網路介面卡可以是交換卡(fabric card)或線路卡(line card),而插槽可再細分為交換卡插槽以及線路卡插槽,分別用以供交換卡及線路卡的接入。特別是,箱型交換機20與30針對內部網路介面卡的內網網路協定位址的配置規則是相同的。也就是說,箱型交換機20與30內相同插槽位置的網路介面卡(如:線路卡/交換卡)會被配置相同的內網網路協定位址。 Both box-type switches 20 and 30 have multiple slots, and each slot can be accessed by a network interface card. For example, the network interface card can be a fabric card or a line card, and the slot can be subdivided into a switch card slot and a line card slot for the switch card and the line card respectively. Access. In particular, the box-type switches 20 and 30 have the same configuration rules for the intranet network protocol addresses of the internal network interface cards. In other words, the network interface cards (such as line cards/switch cards) in the same slot positions in the box-type switches 20 and 30 will be configured with the same intranet network protocol address.

箱型交換機20與30主要針對區域網路提供網路架構的可調變性,透過箱型交換機20與30內部的網路介面卡的組態,可動態適應區域網路的網路架構改變,以容納更多或更少的網路終端裝置。舉例來說,箱型交換機20與30之中的每一張網路介面卡(如:線路卡)皆可進一步耦接至一網路終端裝置,例如:筆記型電腦、桌上型電腦、智慧型手機、平板電腦、工作站、或伺服器等。 Box type switches 20 and 30 mainly provide network architecture variability for local area networks. Through the configuration of the network interface cards inside the box type switches 20 and 30, it can dynamically adapt to changes in the network structure of the local area network. To accommodate more or fewer network terminal devices. For example, each of the network interface cards (such as line cards) in the box-type switches 20 and 30 can be further coupled to a network terminal device, such as a notebook computer, a desktop computer, and a smart device. Mobile phones, tablets, workstations, or servers, etc.

第3圖係根據本申請一實施例所述之交換卡之示意圖。在此實施例,箱型交換機20與30皆包括4張交換卡以及8 張線路卡,其中每張交換卡的硬體架構如第3圖所示,包括控制器310、控制器320、交換裝置330、對內埠口340-1~340-8、以及對外埠口340-9。 Figure 3 is a schematic diagram of an exchange card according to an embodiment of the present application. In this embodiment, the box-type switches 20 and 30 both include 4 switch cards and 8 line cards. The hardware architecture of each switch card is shown in Figure 3, including a controller 310, a controller 320, and a switching device. 330. Internal ports 340-1~340-8, and external ports 340-9.

控制器310與320之任一者可為通用處理器、中央處理器(Central Processing Unit,CPU)、微處理器(Micro Control Unit,MCU)、應用處理器(Application Processor,AP)、或數位訊號處理器(Digital Signal Processor,DSP)等,其可包括各式電路邏輯,用以提供數據處理及運算之功能、控制交換裝置330的運作以進行封包轉送之管理作業。 Any one of the controllers 310 and 320 can be a general-purpose processor, a central processing unit (CPU), a microprocessor (Micro Control Unit, MCU), an application processor (AP), or a digital signal A processor (Digital Signal Processor, DSP), etc., may include various circuit logics to provide data processing and calculation functions, and to control the operation of the switching device 330 to perform packet transfer management operations.

另外,控制器310與320之每一者皆被配置一內網網路協定位址以及一外網網路協定位址。 In addition, each of the controllers 310 and 320 is configured with an intranet network protocol address and an external network protocol address.

交換裝置330係用以接收控制器310或320的控制信號以提供封包轉送之功能。在一實施例,交換裝置330可是是依循IEEE 802.3、802.3u、802.3ab、以及802.3x等標準規格的(千兆)乙太網((Gibabit)Ethernet)交換器,例如:博通(Broadcom)的BCM5396晶片。 The switching device 330 is used to receive control signals from the controller 310 or 320 to provide a packet forwarding function. In one embodiment, the switching device 330 may be a (Gibabit) Ethernet switch that complies with IEEE 802.3, 802.3u, 802.3ab, and 802.3x standards, such as Broadcom. BCM5396 wafer.

在一實施例,交換裝置330可包括一儲存裝置,例如:隨機存取記憶體(Random Access Memory,RAM)、快閃(flash)記憶體、快取(cache)記憶體、或其他類型的記憶體、或其他儲存媒體,用以儲存機器可讀取之指令或程式碼、以及數據,例如:紀錄封包參數的轉送表格(forwarding table)、以及虛擬區網設定參數的虛擬區網表格等。 In one embodiment, the switching device 330 may include a storage device, such as random access memory (RAM), flash memory, cache memory, or other types of memory Body, or other storage media, used to store machine-readable instructions or program codes and data, such as forwarding tables for recording packet parameters, and virtual network tables for setting parameters of virtual local area networks, etc.

對內埠口340-1~340-8係分別用以耦接至箱型交換機20或30內的8張線路卡,用以接收來自線路卡的封包、以及 傳送/轉送封包到線路卡。 The internal ports 340-1 to 340-8 are respectively used to couple to the 8 line cards in the box-type switch 20 or 30, to receive packets from the line cards, and to transmit/forward the packets to the line cards.

對外埠口340-9係用以耦接到箱型交換機20或30的對外通訊埠口,用以作為外部裝置對箱型交換機20或30進行網管的存取端口、以及傳送/轉送封包到箱型交換機20或30之外的其餘箱型交換機或網路終端裝置。 The external port 340-9 is used to couple to the external communication port of the box-type switch 20 or 30, and is used as an access port for the network management of the box-type switch 20 or 30 by an external device, and transmits/transmits packets to the box Box-type switches or network terminal devices other than the type switch 20 or 30.

值得注意的是,控制器310或320可執行交換裝置330內的設定檔,讓交換裝置330建立第一虛擬區網與第二虛擬區網、以及其所各自對應的成員埠口,其中第一虛擬區網係特別為了處理使用內網網路協定位址的封包而建立的,而第二虛擬區網係特別為了處理使用外網網路協定位址的封包而建立的。在一實施例,除了對外埠口340-9以外的所有埠口都設為第一虛擬區網之成員埠口,而所有埠口都設為第二虛擬區網之成員埠口。 It is worth noting that the controller 310 or 320 can execute the configuration file in the switching device 330 to allow the switching device 330 to establish the first virtual area network and the second virtual area network, and their respective member ports, where the first The virtual local area network is specially created to process packets using an intranet network protocol address, and the second virtual area network is specifically created to process packets using an external network protocol address. In one embodiment, all ports except the external port 340-9 are set as member ports of the first virtual area network, and all ports are set as member ports of the second virtual area network.

第4圖係根據本申請一實施例所述之線路卡之示意圖。在此實施例,箱型交換機20與30皆包括4張交換卡以及8張線路卡,其中每張線路卡的硬體架構如第4圖所示,包括控制器410、控制器420、交換裝置430、以及對內埠口440-1~440-4。 Figure 4 is a schematic diagram of a line card according to an embodiment of the present application. In this embodiment, the box-type switches 20 and 30 both include 4 switching cards and 8 line cards. The hardware architecture of each line card is shown in Figure 4, including a controller 410, a controller 420, and a switching device. 430, and the internal ports 440-1~440-4.

控制器410與420之任一者可為通用處理器、中央處理器、微處理器、應用處理器、或數位訊號處理器等,其可包括各式電路邏輯,用以提供數據處理及運算之功能、控制交換裝置430的運作以進行封包轉送之管理作業。另外,控制器410與420之每一者皆被配置一內網網路協定位址以及一外網網路協定位址。 Any one of the controllers 410 and 420 can be a general-purpose processor, a central processing unit, a microprocessor, an application processor, or a digital signal processor, etc., which can include various circuit logics to provide data processing and calculations. Function to control the operation of the switching device 430 to manage the packet forwarding. In addition, each of the controllers 410 and 420 is configured with an intranet network protocol address and an external network protocol address.

交換裝置430係用以接收控制器410或420的控制信號以提供封包轉送之功能。在一實施例,交換裝置430可是是依循IEEE 802.3、802.3u、802.3ab、以及802.3x等標準規格的(千兆)乙太網交換器,例如:博通的BCM5389晶片。 The switching device 430 is used to receive control signals from the controller 410 or 420 to provide a packet forwarding function. In one embodiment, the switching device 430 may be a (Gigabit) Ethernet switch that complies with IEEE 802.3, 802.3u, 802.3ab, and 802.3x standards, such as Broadcom's BCM5389 chip.

在一實施例,交換裝置430可包括一儲存裝置,例如:隨機存取記憶體、快閃記憶體、快取記憶體、或其他類型的記憶體、或其他儲存媒體,用以儲存機器可讀取之指令或程式碼、以及數據。 In one embodiment, the switching device 430 may include a storage device, such as random access memory, flash memory, cache memory, or other types of memory, or other storage media for storing machine-readable Get the command or program code, and data.

對內埠口440-1~440-4係分別用以耦接至箱型交換機20或30內的4張交換卡,用以接收來自交換卡的封包、以及傳送/轉送封包到交換卡。 The internal ports 440-1 to 440-4 are respectively used to couple to the 4 switch cards in the box-type switch 20 or 30, to receive packets from the switch card, and to transmit/redirect the packets to the switch card.

值得注意的是,控制器410或420可執行交換裝置430內的設定檔,讓交換裝置430建立第一虛擬區網與第二虛擬區網、以及其所各自對應的成員埠口,其中第一虛擬區網係特別為了處理使用內網網路協定位址的封包而建立的,而第二虛擬區網係特別為了處理使用外網網路協定位址的封包而建立的。當可理解的是,雖然第4圖所示之線路卡並未包括對外埠口(如:對外埠口340-9),但是本申請不在此限,也就是說,在其他實施例,線路卡亦可包括一對外埠口,而當線路卡包括有對外埠口時,就可以把除了對外埠口以外的所有埠口都設為第一虛擬區網之成員埠口,且所有埠口都設為第二虛擬區網之成員埠口。 It is worth noting that the controller 410 or 420 can execute the configuration file in the switching device 430 to allow the switching device 430 to establish the first virtual area network and the second virtual area network, and their respective corresponding member ports, where the first The virtual local area network is specially created to process packets using an intranet network protocol address, and the second virtual area network is specifically created to process packets using an external network protocol address. It should be understood that although the line card shown in Figure 4 does not include external ports (such as external ports 340-9), this application is not limited to this, that is, in other embodiments, the line card It can also include an external port, and when the line card includes an external port, all ports except the external port can be set as member ports of the first virtual area network, and all ports are set It is a member port of the second virtual local area network.

該領域之熟習技藝人士當可理解,控制器310、320、410、420中的電路邏輯通常可包括多個電晶體,用以控 制該電路邏輯之運作以提供所需之功能及作業。更進一步的,電晶體的特定結構及其之間的連結關係通常是由編譯器所決定,例如:暫存器轉移語言(Register Transfer Language,RTL)編譯器可由處理器所運作,將類似組合語言碼的指令檔(script)編譯成適用於設計或製造該電路邏輯所需之形式。 Those skilled in the art should understand that the circuit logic in the controller 310, 320, 410, 420 usually includes a plurality of transistors to control the operation of the circuit logic to provide required functions and operations. Furthermore, the specific structure of the transistor and the connection relationship between them are usually determined by the compiler. For example, the register transfer language (RTL) compiler can be operated by the processor and will be similar to the assembly language. The script of the code is compiled into a form suitable for designing or manufacturing the circuit logic.

當可理解的是,第3、4圖所示之元件僅用以提供一說明之範例,並非用以限制本申請之保護範圍。舉例來說,交換卡或線路卡可僅包括單一控制器或更多控制器;或者,箱型交換機20與30所包括的交換卡數量可以少於多於4張、線路卡的數量可以少於多於8張,而交換卡與線路卡中的對內埠口數量則可相應調整。 It should be understood that the elements shown in Figures 3 and 4 are only used to provide an illustrative example, and are not used to limit the scope of protection of the present application. For example, the switch card or the line card may include only a single controller or more There are more than 8, and the number of internal ports in the switch card and line card can be adjusted accordingly.

第5圖係根據本申請一實施例所述針對使用內網網路協定位址的封包進行轉送管理之方法流程圖。在此實施例,封包轉送之管理方法係適用於箱型交換機內的網路介面卡(如:交換卡或線路卡)。 Fig. 5 is a flowchart of a method for forwarding management of packets using an intranet network protocol address according to an embodiment of the present application. In this embodiment, the packet forwarding management method is applicable to the network interface card (such as a switch card or a line card) in a box-type switch.

首先,接收到源自內網網路協定位址之封包(步驟S510),明確來說,封包的標頭部分帶有多個封包參數,包括來源網路協定位址、目的網路協定位址、來源媒體存取控制(Media Access Control,MAC)位址、以及目的媒體存取控制位址等,其中來源網路協定位址係用以指示該封包是從哪個網路協定位址所發起傳送,而當來源網路協定位址為內網網路協定位址時,則表示該封包是源自內網網路協定位址。 First, a packet originating from an intranet network protocol address is received (step S510). Specifically, the header part of the packet contains multiple packet parameters, including the source network protocol address and the destination network protocol address , Source Media Access Control (MAC) address, and destination Media Access Control address, etc., where the source network protocol address is used to indicate the network protocol address from which the packet was sent , And when the source network protocol address is an intranet network protocol address, it means that the packet originates from an intranet network protocol address.

接著,在封包內加入對應至第一虛擬區網之識別標籤(步驟S520),明確來說,此識別標籤係用以指示虛擬區 網識別碼,例如:可將第一虛擬區網的識別碼設為4088。 Then, an identification tag corresponding to the first virtual area network is added to the packet (step S520). Specifically, the identification tag is used to indicate the virtual area network identification code, for example: the identification code of the first virtual area network Set to 4088.

然後,決定封包的進入埠口(ingress port)是否為第一虛擬區網之成員埠口(步驟S530),若是,則根據識別標籤以及封包的目的媒體存取控制位址去查詢轉送表格以決定該封包之外出埠口(egress port)(步驟S540)。 Then, it is determined whether the ingress port of the packet is a member port of the first virtual area network (step S530), and if so, the forwarding table is inquired according to the identification tag and the destination media access control address of the packet to determine The egress port outside the packet (step S540).

接續步驟S540,決定外出埠口是否為第一虛擬區網之成員埠口(步驟S550),若是,則透過外出埠口轉送該封包(步驟S560),並結束流程。 Following step S540, it is determined whether the outbound port is a member port of the first virtual local area network (step S550), if so, the packet is forwarded through the outbound port (step S560), and the process ends.

接續步驟S550,若外出埠口不是第一虛擬區網之成員埠口,則將該封包直接丟棄不進行轉送(步驟S570),並結束流程。 Following step S550, if the outbound port is not a member port of the first virtual area network, the packet is directly discarded without forwarding (step S570), and the process ends.

接續步驟S530,若進入埠口不是第一虛擬區網之成員埠口,則流程進入步驟S570。 Following step S530, if the entry port is not a member port of the first virtual area network, the process proceeds to step S570.

第6圖係根據本申請一實施例所述針對使用內網網路協定位址的封包所進行之轉送管理之作業示意圖。在此實施例,當箱型交換機12內的一交換卡要PING一線路卡時,便會送出使用內網網路協定位址的封包,明確來說,此封包的來源網路協定位址是交換卡的一控制器(如:控制器310)被配置的內網網路協定位址,而目的網路協定位址是線路卡的一控制器(如:控制器410)被配置的內網網路協定位址。 Figure 6 is a schematic diagram of the transfer management of packets using an intranet network protocol address according to an embodiment of the present application. In this embodiment, when a switch card in the box-type switch 12 wants to ping a line card, it will send a packet using an intranet network protocol address. Specifically, the source network protocol address of this packet is The internal network protocol address where a controller of the switch card (such as controller 310) is configured, and the destination network protocol address is the internal network where a controller (such as controller 410) of the line card is configured Network protocol address.

首先,在步驟6a,控制器310決定要PING控制器410,於是產生第三層(指:開放式系統互聯通訊參考模型(Open System Interconnection Reference Model)中的網路層)封包(也就是第5圖所述使用內網網路協定位址的封包),並 於封包內加入虛擬區網識別標籤TAG。 First, in step 6a, the controller 310 decides to PING the controller 410, and then generates the third layer (referring to: the network layer in the Open System Interconnection Reference Model) packet (that is, the fifth layer). The picture shows a packet using an intranet network protocol address), and a virtual local area network identification tag TAG is added to the packet.

明確來說,封包的標頭部分包括了:目的網路協定位址、來源網路協定位址、虛擬區網識別標籤TAG、來源媒體存取控制位址、以及目的媒體存取控制位址,其中,目的網路協定位址為169.254.251.1,來源網路協定位址為169.254.251.33,虛擬區網識別標籤TAG係用以紀錄虛擬區網識別碼4088,來源媒體存取控制位址標示為FC1,目的媒體存取控制位址標示為LC1。 Specifically, the header part of the packet includes: destination network protocol address, source network protocol address, virtual local area network identification tag TAG, source media access control address, and destination media access control address. Among them, the destination network protocol address is 169.254.251.1, the source network protocol address is 169.254.251.33, the virtual local area network identification tag TAG is used to record the virtual local area network identification code 4088, and the source media access control address is marked as FC1, the destination media access control address is marked as LC1.

接著,在步驟6b,控制器310將封包送到交換裝置330的埠口14,也就是說,埠口14為進入埠口。 Then, in step 6b, the controller 310 sends the packet to the port 14 of the switching device 330, that is, the port 14 is the ingress port.

在步驟6c,交換裝置330對封包進行入口檢查(ingress check),明確來說,入口檢查係根據封包的虛擬區網識別碼4088以及進入埠口14去查詢虛擬區網表格(在圖中標示為VLAN表格),以決定進入埠口14是否為虛擬區網之合法埠口。在此實施例,虛擬區網表格中記載的,針對虛擬區網識別碼4088,除了對外埠口以外的所有埠口皆被設為合法埠口,其中對外埠口為埠口9,所以進入埠口14合法埠口,即該封包通過入口檢查。 In step 6c, the switching device 330 performs an ingress check on the packet. Specifically, the ingress check is based on the packet's virtual area network identification code 4088 and the entry port 14 to query the virtual area network table (marked as VLAN table) to determine whether the access port 14 is a legal port of the virtual local area network. In this embodiment, for the virtual LAN ID 4088, all ports except for the external port are set as legal ports as recorded in the virtual LAN table. The external port is port 9, so enter the port Port 14 is a legal port, that is, the packet passes the ingress inspection.

在步驟6d,交換裝置330對封包進行媒體存取控制中繼(relay)處理,明確來說,媒體存取控制中繼處理係根據封包的目的媒體存取控制位址LC1以及虛擬區網識別碼4088去查詢轉送表格,以決定封包的外出埠口。在此實施例,外出埠口為埠口5。 In step 6d, the switching device 330 performs media access control relay processing on the packet. Specifically, the media access control relay processing is based on the destination media access control address LC1 and the virtual area network identification code of the packet. 4088 to query the forwarding form to determine the outbound port of the packet. In this embodiment, the exit port is port 5.

接著,在步驟6e,交換裝置330對封包進行出口 檢查(egress check),明確來說,出口檢查係根據封包的虛擬區網識別碼4088以及外出埠口5去查詢虛擬區網表格,以決定外出埠口5是否為虛擬區網之合法埠口。在此實施例,由於外出埠口5並非埠口9,所以為合法埠口,即該封包通過出口檢查。 Next, in step 6e, the switching device 330 performs an egress check on the packet. Specifically, the egress check is based on the packet's virtual local area network identification code 4088 and the outbound port 5 to query the virtual local area network table to decide to go out. Whether port 5 is a legal port of the virtual local area network. In this embodiment, since the outgoing port 5 is not the port 9, it is a legal port, that is, the packet passes the egress inspection.

最後,在步驟6f,交換裝置330將封包透過埠口5進行轉送。 Finally, in step 6f, the switching device 330 forwards the packet through the port 5.

第7圖係根據本申請另一實施例所述針對使用內網網路協定位址的封包所進行之轉送管理之作業示意圖。 Figure 7 is a schematic diagram of the transfer management of packets using an intranet network protocol address according to another embodiment of the present application.

首先,在步驟7a,控制器310決定要使用內網網路協定位址去PING網路終端裝置13,於是產生第三層封包(也就是第5圖所述使用內網網路協定位址的封包),並於封包內加入虛擬區網識別標籤TAG。 First, in step 7a, the controller 310 decides to use the intranet protocol address to PING the network terminal device 13, and then generates the third layer packet (that is, the intranet protocol address described in Figure 5). Packet), and add a virtual local area network identification tag TAG to the packet.

明確來說,封包的標頭部分包括了:目的網路協定位址、來源網路協定位址、虛擬區網識別標籤TAG、來源媒體存取控制位址、以及目的媒體存取控制位址,其中,目的網路協定位址為169.254.251.99,來源網路協定位址為169.254.251.33,虛擬區網識別標籤TAG係用以紀錄虛擬區網識別碼4088,來源媒體存取控制位址標示為FC1,目的媒體存取控制位址標示為PC。 Specifically, the header part of the packet includes: destination network protocol address, source network protocol address, virtual local area network identification tag TAG, source media access control address, and destination media access control address. Among them, the destination network protocol address is 169.254.251.99, the source network protocol address is 169.254.251.33, the virtual local area network identification tag TAG is used to record the virtual local area network identification code 4088, and the source media access control address is marked as FC1, the destination media access control address is marked as PC.

接著,在步驟7b,控制器310將封包送到交換裝置330的埠口14,也就是說,埠口14為進入埠口。 Next, in step 7b, the controller 310 sends the packet to the port 14 of the switching device 330, that is, the port 14 is the ingress port.

在步驟7c,交換裝置330對封包進行入口檢查,明確來說,入口檢查係根據封包的虛擬區網識別碼4088以及 進入埠口14去查詢虛擬區網表格,以決定進入埠口14是否為虛擬區網之合法埠口。在此實施例,虛擬區網表格中記載的,針對虛擬區網識別碼4088,除了對外埠口以外的所有埠口皆被設為合法埠口,其中對外埠口為埠口9,所以進入埠口14合法埠口,即該封包通過入口檢查。 In step 7c, the switching device 330 performs an ingress inspection on the packet. Specifically, the ingress inspection is based on the virtual area network identification code 4088 of the packet and the entry port 14 to query the virtual area network table to determine whether the entry port 14 is virtual. The legal port of the local area network. In this embodiment, for the virtual LAN ID 4088, all ports except for the external port are set as legal ports as recorded in the virtual LAN table. The external port is port 9, so enter the port Port 14 is a legal port, that is, the packet passes the ingress inspection.

在步驟7d,交換裝置330對封包進行媒體存取控制中繼處理,明確來說,媒體存取控制中繼處理係根據封包的目的媒體存取控制位址PC以及虛擬區網識別碼4088去查詢轉送表格,以決定封包的外出埠口。在此實施例,外出埠口為埠口9。 In step 7d, the switching device 330 performs media access control relay processing on the packet. Specifically, the media access control relay processing is based on the destination media access control address PC of the packet and the virtual local area network identification code 4088 to query Forward the form to determine the outbound port of the packet. In this embodiment, the exit port is port 9.

接著,在步驟7e,交換裝置330對封包進行出口檢查,明確來說,出口檢查係根據封包的虛擬區網識別碼4088以及外出埠口9去查詢虛擬區網表格,以決定外出埠口9是否為虛擬區網之合法埠口。在此實施例,由於外出埠口9並非合法埠口,即該封包未通過出口檢查,所以直接丟棄(drop)該封包。 Then, in step 7e, the switching device 330 performs export inspection on the packet. Specifically, the export inspection is based on the packet's virtual area network identification code 4088 and the outgoing port 9 to query the virtual area network table to determine whether the outgoing port 9 is It is the legal port of the virtual local area network. In this embodiment, since the outbound port 9 is not a legal port, that is, the packet fails the egress inspection, so the packet is directly dropped.

值得注意的是,第5~7圖所述第一虛擬區網係特別為了處理使用內網網路協定位址的封包而建立的。明確來說,是為了避免使用內網網路協定位址的封包往外轉送,造成網路協定位址衝突。然而,對於使用外網網路協定位址的封包而言,上述第一虛擬區網將會造成使用外網網路協定位址的封包無法被順利轉送。因此,本申請除了在箱型交換機內建立上述第一虛擬區網之外,還建立了第二虛擬區網,以特別處理使用外網網路協定位址的封包。 It is worth noting that the first virtual area network described in Figures 5 to 7 is specially created to process packets using an intranet network protocol address. Specifically, it is to prevent packets that use the intranet network protocol address from being forwarded, causing network protocol address conflicts. However, for packets using an external network protocol address, the above-mentioned first virtual area network will cause the packet using the external network protocol address to be unable to be forwarded smoothly. Therefore, in addition to establishing the above-mentioned first virtual area network in the box-type switch, this application also establishes a second virtual area network to specifically process packets using an external network protocol address.

第8A~8B圖係根據本申請一實施例所述針對使用外網網路協定位址的封包進行轉送管理之方法流程圖。在此實施例,封包轉送之管理方法係適用於箱型交換機內的網路介面卡(如:交換卡或線路卡)。 Figures 8A to 8B are a flowchart of a method for forwarding management of packets using an external network protocol address according to an embodiment of the present application. In this embodiment, the packet forwarding management method is applicable to the network interface card (such as a switch card or a line card) in a box-type switch.

首先,接收到源自外網網路協定位址之封包(步驟S810),明確來說,封包的標頭部分帶有多個封包參數,包括來源網路協定位址、目的網路協定位址、來源媒體存取控制位址、以及目的媒體存取控制位址等,其中來源網路協定位址係用以指示該封包是從哪個網路協定位址所發起傳送,而當來源網路協定位址為外網網路協定位址時,則表示該封包是源自外網網路協定位址。 First, a packet originating from an external network protocol address is received (step S810). Specifically, the header part of the packet contains multiple packet parameters, including the source network protocol address and the destination network protocol address , Source media access control address, and destination media access control address, etc., where the source network protocol address is used to indicate which network protocol address the packet is sent from, and when the source network protocol When the address is an external network protocol address, it means that the packet originates from an external network protocol address.

接著,決定該封包是否是從對外埠口所接收到的(步驟S820),若是,則決定該封包是否帶有虛擬區網之識別標籤(步驟S830)。若該封包未帶有虛擬區網之識別標籤,則在封包內加入對應至第二虛擬區網之識別標籤(步驟S840),明確來說,此識別標籤係用以指示虛擬區網識別碼,例如:可將第二虛擬區網的識別碼設為4089。 Next, it is determined whether the packet is received from the external port (step S820), and if so, it is determined whether the packet carries the identification tag of the virtual area network (step S830). If the packet does not carry the identification tag of the virtual area network, then the identification tag corresponding to the second virtual area network is added to the packet (step S840). Specifically, the identification tag is used to indicate the virtual area network identification code. For example: the identification code of the second virtual area network can be set to 4089.

接續步驟S820,若該封包不是由對外埠口所接收到的,則流程進入步驟S840。 Following step S820, if the packet is not received by the external port, the process proceeds to step S840.

接續步驟S830,若該封包已帶有虛擬區網之識別標籤,則流程進入步驟S850。 Following step S830, if the packet already carries the identification tag of the virtual area network, the flow proceeds to step S850.

在步驟S850,決定封包的進入埠口是否為第二虛擬區網之成員埠口(步驟S850),若是,則根據虛擬區網識別標籤以及封包的目的媒體存取控制位址去查詢轉送表格以決 定該封包之外出埠口(步驟S860)。 In step S850, it is determined whether the entry port of the packet is a member port of the second virtual area network (step S850). If so, the forwarding table is checked according to the virtual area network identification tag and the destination media access control address of the packet. Determine the outgoing port of the packet (step S860).

然後,決定外出埠口是否為第二虛擬區網之成員埠口(步驟S870),若是,則將虛擬區網識別標籤從封包中移除並透過外出埠口轉送封包(步驟S880),並結束流程。 Then, it is determined whether the outbound port is a member port of the second virtual area network (step S870), if so, the virtual area network identification tag is removed from the packet and the packet is forwarded through the outbound port (step S880), and the end Process.

接續步驟S850,若進入埠口不是第二虛擬區網之成員埠口,則將該封包直接丟棄不進行轉送(步驟S890),並結束流程。 Following step S850, if the entry port is not a member port of the second virtual area network, the packet is directly discarded without forwarding (step S890), and the process ends.

接續步驟S870,若外出埠口不是第二虛擬區網之成員埠口,則流程進入步驟S890,然後結束流程。 Following step S870, if the outbound port is not a member port of the second virtual local area network, the process proceeds to step S890, and then the process ends.

第9圖係根據本申請一實施例所述針對使用外網網路協定位址的封包所進行之轉送管理之作業示意圖。 FIG. 9 is a schematic diagram of the operation of forwarding management for packets using an external network protocol address according to an embodiment of the present application.

首先,在步驟9a,控制器310決定要使用外網網路協定位址去PING控制器410,於是產生第三層封包(也就是第5圖所述使用外網網路協定位址的封包)。 First, in step 9a, the controller 310 decides to use the external network protocol address to PING the controller 410, and then generates the third layer packet (that is, the packet using the external network protocol address described in Figure 5) .

明確來說,封包的標頭部分包括了:目的網路協定位址、來源網路協定位址、來源媒體存取控制位址、以及目的媒體存取控制位址,其中,目的網路協定位址為192.168.1.1,來源網路協定位址為191.168.1.33,來源媒體存取控制位址標示為FC1,目的媒體存取控制位址標示為LC1。 Specifically, the header part of the packet includes: the destination network protocol address, the source network protocol address, the source media access control address, and the destination media access control address. Among them, the destination network protocol address The address is 192.168.1.1, the source network protocol address is 191.1681.33, the source media access control address is marked as FC1, and the destination media access control address is marked as LC1.

接著,在步驟9b,控制器310將封包送到交換裝置330的埠口14,也就是說,埠口14為進入埠口。 Then, in step 9b, the controller 310 sends the packet to the port 14 of the switching device 330, that is, the port 14 is the ingress port.

在步驟9c,交換裝置330先針對使用外網網路協定位址的封包,在封包內加入虛擬區網識別標籤TAG,在此實施例,虛擬區網識別碼為4089。然後,再對封包進行入口檢查, 明確來說,入口檢查係根據封包的虛擬區網識別碼4089以及進入埠口14去查詢虛擬區網表格,以決定進入埠口14是否為虛擬區網之合法埠口。在此實施例,虛擬區網表格中記載的,針對虛擬區網識別碼4089,所有埠口皆被設為合法埠口,所以進入埠口14合法埠口,即該封包通過入口檢查。 In step 9c, the switching device 330 first adds a virtual local area network identification tag TAG to the packet using an external network protocol address. In this embodiment, the virtual local area network identification code is 4089. Then, the packet is checked for ingress. Specifically, the ingress check is based on the packet's virtual area network identification code 4089 and the entry port 14 to query the virtual area network table to determine whether the entry port 14 is legal for the virtual area network. Port. In this embodiment, as recorded in the virtual local area network table, for the virtual local area network identification code 4089, all ports are set as legal ports, so entering the legal port of port 14 means that the packet passes the ingress inspection.

在步驟9d,交換裝置330對封包進行媒體存取控制中繼處理,明確來說,媒體存取控制中繼處理係根據封包的目的媒體存取控制位址LC1以及虛擬區網識別碼4089去查詢轉送表格,以決定封包的外出埠口。在此實施例,外出埠口為埠口5。 In step 9d, the switching device 330 performs media access control relay processing on the packet. Specifically, the media access control relay processing is based on the destination media access control address LC1 of the packet and the virtual area network identification code 4089 to query Forward the form to determine the outbound port of the packet. In this embodiment, the exit port is port 5.

接著,在步驟9e,交換裝置330對封包進行出口檢查,明確來說,出口檢查係根據封包的虛擬區網識別碼4089以及外出埠口5去查詢虛擬區網表格,以決定外出埠口5是否為虛擬區網之合法埠口。在此實施例,由於外出埠口5為合法埠口,所以該封包通過出口檢查。然後,交換裝置330將虛擬區網識別標籤TAG從封包中移除。 Next, in step 9e, the switching device 330 performs export inspection on the packet. Specifically, the export inspection is based on the packet's virtual area network identification code 4089 and the outbound port 5 to query the virtual area network table to determine whether the outbound port 5 is It is the legal port of the virtual local area network. In this embodiment, since the outbound port 5 is a legal port, the packet passes the egress inspection. Then, the switching device 330 removes the virtual local area network identification tag TAG from the packet.

最後,在步驟9f,交換裝置330將封包透過埠口5進行轉送。 Finally, in step 9f, the switching device 330 forwards the packet through the port 5.

第10圖係根據本申請另一實施例所述針對使用外網網路協定位址的封包所進行之轉送管理之作業示意圖。 FIG. 10 is a schematic diagram of the operation of forwarding management for packets using an external network protocol address according to another embodiment of the present application.

首先,在步驟10a,控制器310決定要使用外網網路協定位址去PING網路終端裝置13,於是產生第三層封包(也就是第5圖所述使用外網網路協定位址的封包)。 First, in step 10a, the controller 310 decides to use the external network protocol address to PING the network terminal device 13, and then generates the third layer packet (that is, the external network protocol address described in Figure 5). Packet).

明確來說,封包的標頭部分包括了:目的網路協 定位址、來源網路協定位址、來源媒體存取控制位址、以及目的媒體存取控制位址,其中,目的網路協定位址為192.168.1.99,來源網路協定位址為191.168.1.33,來源媒體存取控制位址標示為FC1,目的媒體存取控制位址標示為PC。 Specifically, the header part of the packet includes: the destination network protocol address, the source network protocol address, the source media access control address, and the destination media access control address. Among them, the destination network protocol address The address is 192.168.1.99, the source network protocol address is 191.1681.33, the source media access control address is marked as FC1, and the destination media access control address is marked as PC.

接著,在步驟10b,控制器310將封包送到交換裝置330的埠口14,也就是說,埠口14為進入埠口。 Then, in step 10b, the controller 310 sends the packet to the port 14 of the switching device 330, that is, the port 14 is the ingress port.

在步驟10c,交換裝置330先針對使用外網網路協定位址的封包,在封包內加入虛擬區網識別標籤TAG,在此實施例,虛擬區網識別碼為4089。然後,再對封包進行入口檢查,明確來說,入口檢查係根據封包的虛擬區網識別碼4089以及進入埠口14去查詢虛擬區網表格,以決定進入埠口14是否為虛擬區網之合法埠口。在此實施例,虛擬區網表格中記載的,針對虛擬區網識別碼4089,所有埠口皆被設為合法埠口,所以進入埠口14合法埠口,即該封包通過入口檢查。 In step 10c, the switching device 330 first adds a virtual local area network identification tag TAG to the packet using an external network protocol address. In this embodiment, the virtual local area network identification code is 4089. Then, check the ingress of the packet. Specifically, the ingress check is based on the packet's virtual area network identification code 4089 and the entry port 14 to query the virtual area network table to determine whether the entry port 14 is legal for the virtual area network. Port. In this embodiment, as recorded in the virtual local area network table, for the virtual local area network identification code 4089, all ports are set as legal ports, so entering the legal port of port 14 means that the packet passes the ingress inspection.

在步驟10d,交換裝置330對封包進行媒體存取控制中繼處理,明確來說,媒體存取控制中繼處理係根據封包的目的媒體存取控制位址PC以及虛擬區網識別碼4089去查詢轉送表格,以決定封包的外出埠口。在此實施例,外出埠口為埠口9。 In step 10d, the switching device 330 performs media access control relay processing on the packet. Specifically, the media access control relay processing is based on the destination media access control address PC of the packet and the virtual area network identification code 4089 to query Forward the form to determine the outbound port of the packet. In this embodiment, the exit port is port 9.

接著,在步驟10e,交換裝置330對封包進行出口檢查,明確來說,出口檢查係根據封包的虛擬區網識別碼4089以及外出埠口9去查詢虛擬區網表格,以決定外出埠口9是否為該虛擬區網之合法埠口。在此實施例,由於所有埠口皆被設為該虛擬區網的合法埠口,所以該封包通過出口檢查。然後, 交換裝置330將虛擬區網識別標籤TAG從封包中移除。 Then, in step 10e, the switching device 330 performs export inspection on the packet. Specifically, the export inspection is based on the packet's virtual area network identification code 4089 and the outgoing port 9 to query the virtual area network table to determine whether the outgoing port 9 is It is the legal port of the virtual local area network. In this embodiment, since all ports are set as legal ports of the virtual area network, the packet passes the egress inspection. Then, the switching device 330 removes the virtual area network identification tag TAG from the packet.

最後,在步驟10f,交換裝置330將封包透過埠口9進行轉送。 Finally, in step 10f, the switching device 330 forwards the packet through the port 9.

根據前述第5~10圖之實施例,當可理解的是,本申請之封包轉送之管理方法藉由在箱型交換機建立虛擬區網的方式,不僅可阻擋使用內網網路協定位址的封包往外轉送,且同時還能夠不影響到使用外網網路協定位址的封包轉送。因此,有效解決了箱型交換機對外以內網網路協定位址來轉送封包時所存在的網路協定位址衝突的問題。 According to the embodiments in Figures 5-10, it should be understood that the packet forwarding management method of this application establishes a virtual area network on a box-type switch, which can not only block the use of intranet network protocol addresses The packet is forwarded outside, and at the same time, it can also not affect the packet forwarding using the protocol address of the external network. Therefore, it effectively solves the problem of network protocol address conflict that exists when the box-type switch uses the intranet network protocol address to forward packets to the outside.

本申請雖以各種實施例揭露如上,然而其僅為範例參考而非用以限定本申請的範圍,任何熟習此項技藝者,在不脫離本申請之精神和範圍內,當可做些許的更動與潤飾。例如:雖然第6~7、9~10圖之實施例係以交換卡為例進行說明,但只要線路卡的設計包括有對外埠口,亦可實施本申請所述之封包轉送之管理方法。因此上述實施例並非用以限定本申請之範圍,本申請之保護範圍當視後附之申請專利範圍所界定者為準。 Although this application discloses the above with various embodiments, it is only for reference and not to limit the scope of this application. Anyone who is familiar with this technique can make some changes without departing from the spirit and scope of this application. And retouch. For example, although the embodiments in Figures 6-7 and 9-10 are illustrated by using a switch card as an example, as long as the design of the line card includes an external port, the packet forwarding management method described in this application can also be implemented. Therefore, the above-mentioned embodiments are not used to limit the scope of this application, and the scope of protection of this application shall be subject to those defined by the attached patent scope.

於申請專利範圍中所使用的「第一」、「第二」等詞係用來修飾權利要求中的元件,並非用來表示之間具有優先權順序,先行關係,或者是一個元件先於另一個元件,或者是執行方法步驟時的時間先後順序,僅用來區別具有相同名字的元件。 The terms "first" and "second" used in the scope of the patent application are used to modify the elements in the claims. They are not used to indicate that there is an order of priority, an antecedent relationship, or that one element precedes another. An element, or the chronological order of execution of method steps, is only used to distinguish elements with the same name.

200‧‧‧網路環境 200‧‧‧Network environment

10‧‧‧路由器 10‧‧‧ Router

20、30‧‧‧箱型交換機 20, 30‧‧‧Box type switch

Claims (11)

一種箱型交換機(chassis switch),包括:一網路介面卡(fabric card),包括進行對上述箱型交換機以外之通訊所用之一對外埠口,並用以處理源自一內網(internal)網路協定(Internet Protocol,IP)位址之一第一封包、以及源自一外網(external)網路協定位址之一第二封包;其中上述第一封包之處理包括:在上述第一封包內加入一第一虛擬區網識別標籤,根據上述第一虛擬區網識別標籤以及上述第一封包所包括之一第一目的媒體存取控制(Media Access Control,MAC)位址決定上述第一封包之一第一外出埠口(egress port),以及當上述第一外出埠口為上述對外埠口時丟棄上述第一封包;以及其中上述第二封包之處理包括:在上述第二封包內加入一第二虛擬區網識別標籤,根據上述第二虛擬區網識別標籤以及上述第二封包所包括之一第二目的媒體存取控制位址決定上述第二封包之一第二外出埠口,將上述第二虛擬區網識別標籤從上述第二封包中移除並透過上述第二外出埠口轉送上述第二封包。 A chassis switch includes: a network interface card (fabric card), including an external port used for communication other than the box-type switch, and is used to process an internal network A first packet of an Internet Protocol (IP) address and a second packet derived from an external network protocol address; wherein the processing of the first packet includes: in the first packet A first virtual area network identification tag is added, and the first packet is determined based on the first virtual area network identification tag and a first destination media access control (MAC) address included in the first packet A first egress port (egress port), and discarding the first packet when the first egress port is the external port; and wherein the processing of the second packet includes: adding an egress port to the second packet The second virtual area network identification tag determines a second exit port of the second packet according to the second virtual area network identification tag and a second destination media access control address included in the second packet, and the The second virtual local area network identification tag is removed from the second packet and the second packet is forwarded through the second outbound port. 如申請專利範圍第1項所述之箱型交換機,其中上述第一封包之處理還包括:當上述第一外出埠口不是上述對外埠口時,透過上述第一外出埠口轉送上述第一封包。 For the box-type switch described in item 1 of the scope of patent application, the processing of the first packet further includes: when the first outbound port is not the outer port, forwarding the first packet through the first outbound port . 如申請專利範圍第1項所述之箱型交換機,其中上述網路介面卡還包括一控制器以及一交換裝置,上述控制器用以產 生上述第一封包以及上述第二封包,上述交換裝置用以執行上述第一封包之處理以及上述第二封包之處理。 For the box-type switch described in claim 1, wherein the network interface card further includes a controller and a switching device, the controller is used for generating the first packet and the second packet, and the switching device is used for Perform the above-mentioned first packet processing and the above-mentioned second packet processing. 如申請專利範圍第3項所述之箱型交換機,其中上述交換裝置還維護一轉送表格以紀錄上述第一虛擬區網識別標籤以及上述第一目的媒體存取控制位址所對應之外出埠口,當對應之外出埠口為上述對外埠口時,丟棄上述第一封包,以及當對應之外出埠口不是上述對外埠口時,則轉送上述第一封包。 The box-type switch described in item 3 of the scope of patent application, wherein the switch device also maintains a forwarding table to record the first virtual area network identification tag and the external outbound port corresponding to the first destination media access control address When the corresponding external port is the above-mentioned external port, discard the above-mentioned first packet, and when the corresponding external port is not the above-mentioned external port, then the above-mentioned first packet is forwarded. 一種封包轉送之管理方法,適用於一箱型交換機中之一網路介面卡,包括:處理源自一內網網路協定位址之一第一封包,其中上述第一封包之處理包括:在上述第一封包內加入一第一虛擬區網識別標籤,根據上述第一虛擬區網識別標籤以及上述第一封包所包括之一第一目的媒體存取控制位址決定上述第一封包之一第一外出埠口,以及當上述第一外出埠口為對上述箱型交換機以外之通訊所用之一對外埠口時丟棄上述第一封包;以及處理源自一外網網路協定位址之一第二封包,其中上述第二封包之處理包括:在上述第二封包內加入一第二虛擬區網識別標籤,根據上述第二虛擬區網識別標籤以及上述第二封包所包括之一第二目的媒體存取控制位址決定上述第二封包之一第二外出埠口,將上述第二虛擬區網識別標籤從上述第二封包中移除並透過上述第二外出埠口傳送上述第二封包。 A packet forwarding management method, applicable to a network interface card in a box-type switch, includes: processing a first packet originating from an intranet network protocol address, wherein the processing of the first packet includes: A first virtual area network identification tag is added to the first packet, and a first destination media access control address included in the first packet is determined based on the first virtual area network identification tag. An outgoing port, and discarding the first packet when the first outgoing port is an external port used for communication other than the box-type switch; and processing the first packet originating from an external network protocol address Two packets, wherein the processing of the second packet includes: adding a second virtual area network identification tag in the second packet, according to the second virtual area network identification tag and a second destination medium included in the second packet The access control address determines a second outbound port of the second packet, removes the second virtual local area network identification tag from the second packet, and transmits the second packet through the second outbound port. 如申請專利範圍第5項所述之封包轉送之管理方法,其中上述第一封包之處理還包括:當上述第一外出埠口不是上述對外埠口時,透過上述第一外出埠口傳送上述第一封包。 For example, the packet forwarding management method described in item 5 of the scope of patent application, wherein the processing of the first packet further includes: when the first outgoing port is not the external port, transmitting the first outgoing port through the first outgoing port A package. 如申請專利範圍第5項所述之封包轉送之管理方法,還包括:由上述網路介面卡之一控制器產生上述第一封包以及上述第二封包;以及由上述網路介面卡之一交換裝置執行上述第一封包之處理以及上述第二封包之處理。 The packet forwarding management method described in item 5 of the scope of patent application further includes: generating the first packet and the second packet by a controller of the network interface card; and switching by one of the network interface cards The device executes the processing of the first packet and the processing of the second packet. 如申請專利範圍第5項所述之封包轉送之管理方法,還包括:由上述交換裝置維護一轉送表格以紀錄上述第一虛擬區網識別標籤以及上述第一目的媒體存取控制位址所對應之外出埠口,當對應之外出埠口為上述對外埠口時,丟棄上述第一封包,以及當對應之外出埠口不是上述對外埠口時,轉送上述第一封包。 The packet forwarding management method described in item 5 of the scope of patent application further includes: maintaining a forwarding table by the switching device to record the corresponding first virtual area network identification tag and the first destination media access control address For the external port, when the corresponding external port is the above external port, the first packet is discarded, and when the corresponding external port is not the above external port, the first packet is forwarded. 一種網路介面卡,設置於一箱型交換機中,包括:一對外埠口,用以進行對上述箱型交換機以外之通訊所用;一控制器,用以產生源自一內網網路協定位址之一第一封包、以及源自一外網網路協定位址之一第二封包;以及一交換裝置,用以在上述第一封包內加入一第一虛擬區網識別標籤,根據上述第一虛擬區網識別標籤以及上述第一封包所包括之一第一目的媒體存取控制位址決定上述第一 封包之一第一外出埠口,當上述第一外出埠口為上述對外埠口時丟棄上述第一封包,在上述第二封包內加入一第二虛擬區網識別標籤,根據上述第二虛擬區網識別標籤以及上述第二封包所包括之一第二目的媒體存取控制位址決定上述第二封包之一第二外出埠口,將上述第二虛擬區網識別標籤從上述第二封包中移除並透過上述第二外出埠口傳送上述第二封包。 A network interface card, which is set in a box-type switch, includes: an external port for communication other than the box-type switch; and a controller for generating bits derived from an intranet network protocol A first packet of one address, and a second packet derived from an Internet protocol address; and a switching device for adding a first virtual local area network identification tag in the first packet, according to the first A virtual local area network identification tag and a first destination media access control address included in the first packet determine a first outgoing port of the first packet, when the first outgoing port is the external port Discard the first packet, add a second virtual area network identification tag to the second packet, and determine based on the second virtual area network identification tag and a second destination media access control address included in the second packet One of the second outbound ports of the second packet removes the second virtual local area network identification tag from the second packet and transmits the second packet through the second outbound port. 如申請專利範圍第9項所述之網路介面卡,其中上述交換裝置還當上述第一外出埠口不是上述對外埠口時,透過上述第一外出埠口轉送上述第一封包。 For the network interface card described in item 9 of the scope of patent application, the switching device further transmits the first packet through the first external port when the first external port is not the external port. 如申請專利範圍第10項所述之網路介面卡,其中上述交換裝置還維護一轉送表格以紀錄上述第一虛擬區網識別標籤以及上述第一目的媒體存取控制位址所對應之外出埠口,當對應之外出埠口為上述對外埠口時,丟棄上述第一封包,以及當對應之外出埠口不是上述對外埠口時,則轉送上述第一封包。 The network interface card described in item 10 of the scope of patent application, wherein the switching device also maintains a forwarding table to record the first virtual local area network identification tag and the external outbound port corresponding to the first destination media access control address When the corresponding external port is the aforementioned external port, the first packet is discarded, and when the corresponding external port is not the aforementioned external port, the aforementioned first packet is forwarded.
TW106138950A 2017-11-10 2017-11-10 Chassis switches, network interface cards, and methods for management of packet forwarding TWI738918B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW106138950A TWI738918B (en) 2017-11-10 2017-11-10 Chassis switches, network interface cards, and methods for management of packet forwarding

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW106138950A TWI738918B (en) 2017-11-10 2017-11-10 Chassis switches, network interface cards, and methods for management of packet forwarding

Publications (2)

Publication Number Publication Date
TW201919407A TW201919407A (en) 2019-05-16
TWI738918B true TWI738918B (en) 2021-09-11

Family

ID=67347853

Family Applications (1)

Application Number Title Priority Date Filing Date
TW106138950A TWI738918B (en) 2017-11-10 2017-11-10 Chassis switches, network interface cards, and methods for management of packet forwarding

Country Status (1)

Country Link
TW (1) TWI738918B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW575842B (en) * 2001-12-21 2004-02-11 Giga Byte Tech Co Ltd Method for protecting specific programming area or data area
TWI268078B (en) * 2001-11-30 2006-12-01 Ibm Method, apparatus and computer usable medium to protect user privacy
TWI569604B (en) * 2015-01-21 2017-02-01 智邦科技股份有限公司 Network switch system and operating method thereof

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI268078B (en) * 2001-11-30 2006-12-01 Ibm Method, apparatus and computer usable medium to protect user privacy
TW575842B (en) * 2001-12-21 2004-02-11 Giga Byte Tech Co Ltd Method for protecting specific programming area or data area
TWI569604B (en) * 2015-01-21 2017-02-01 智邦科技股份有限公司 Network switch system and operating method thereof

Also Published As

Publication number Publication date
TW201919407A (en) 2019-05-16

Similar Documents

Publication Publication Date Title
EP2206052B1 (en) Methods and apparatus for managing addresses related to virtual partitions of a session exchange device
US20200244569A1 (en) Traffic Forwarding Method and Traffic Forwarding Apparatus
US20190327109A1 (en) NSH Encapsulation for Traffic Steering
US9450780B2 (en) Packet processing approach to improve performance and energy efficiency for software routers
US8982703B2 (en) Routing support for lossless data traffic
KR101401874B1 (en) Communication control system, switching node, communication control method and communication control program
WO2016095345A1 (en) Method and network device for forwarding message
CN103347014A (en) Network fast forwarding module and network fast forwarding achieving method
US11121969B2 (en) Routing between software defined networks and physical networks
WO2017107871A1 (en) Access control method and network device
WO2021238746A1 (en) Network system and packet transmission method therein, and related apparatus
CN103475559A (en) Method and system for processing and transmitting message according to contents of message
US20230261981A1 (en) Group-based policies for inter-domain traffic
US20220398207A1 (en) Multi-plane, multi-protocol memory switch fabric with configurable transport
EP3262802B1 (en) Automatic discovery and provisioning of multi-chassis etherchannel peers
US9893998B2 (en) Packet transfer system
TWI738918B (en) Chassis switches, network interface cards, and methods for management of packet forwarding
US10965596B2 (en) Hybrid services insertion
CN108833284B (en) Communication method and device for cloud platform and IDC network
WO2022160876A1 (en) Interface management method for accessed user equipment, and accessed user equipment
CN109787877B (en) Box type switch, network interface card and management method for packet transfer
US7969994B2 (en) Method and apparatus for multiple connections to group of switches
US9531629B2 (en) Fibre channel over Ethernet switch system
JP5045939B2 (en) Communication device and relay device
WO2023107850A1 (en) Systems and methods for asymmetrical peer forwarding in an sd-wan environment

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees