CN100550829C - Port re-enabling by monitoring link status - Google Patents

Port re-enabling by monitoring link status Download PDF

Info

Publication number
CN100550829C
CN100550829C CN 200510117131 CN200510117131A CN100550829C CN 100550829 C CN100550829 C CN 100550829C CN 200510117131 CN200510117131 CN 200510117131 CN 200510117131 A CN200510117131 A CN 200510117131A CN 100550829 C CN100550829 C CN 100550829C
Authority
CN
Grant status
Grant
Patent type
Prior art keywords
port
link
blocked
adapted
data
Prior art date
Application number
CN 200510117131
Other languages
Chinese (zh)
Other versions
CN1819548A (en )
Inventor
杰格吉特·巴蒂亚
菲尔·加安格
蒂莫西·希克斯
Original Assignee
阿尔卡特公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Grant date

Links

Abstract

本发明特征是通过监控物理层接口的链路状态来自动重新启用一个被禁用的端口或物理媒体接口的实施例。 Feature of the present invention is to automatically re-enable a disabled embodiments port or physical media interface by monitoring the link status of the physical layer interface. 链路状态中的任何变化都自动重新启用一个先前被禁用的端口,从而允许通过先前被禁用端口进来的数据被接纳进入交换机并自动地转发或者路由/交换,而不必网络管理员手动发出任何命令来手动地重新启用该端口。 Any change in the link status automatically re-enable a previously disabled port, thereby allowing the previously disabled port through the incoming data is received into the switch and automatically forwarded or routed / switched, without the network administrator manually issuing any commands to manually re-enable the port.

Description

通过监控链路状态重新启用端口相关申请的交叉引用 Re-enable port-related applications by monitoring the status of cross-reference link

本申请要求2004年11月1日申请的序列号为No. 60/624,416、名称为"Port Re-enabling by Monitoring Link Status"的美国临时专利申请 This application claims priority from November 1, 2004 Serial No. No. 60 / 624,416, the name "Port Re-enabling by Monitoring Link Status" of US Provisional Patent Application

的优先权,将其通过参考引入本申请。 It filed, which is incorporated herein by reference.

技术领域 FIELD

本发明大体上涉及用于自动启用交换和/或路由设备中的媒体接口或端口的技术。 The present invention generally relates to techniques for automatically enable the media interface or port switching and / or routing devices. 特別地,本发明涉及用于在交换和/或路由设备内部提供链路状态监控系统并使用这样的链路状态来自动启用一个由于包括安全违规在内的各种违规而先前被禁用或被阻塞的端口的系统和方法。 In particular, the present invention relates to a monitoring system for providing a link state exchange inside and / or the routing device and use such to automatically enable a link state due to various irregularities including security violation, including the previously disabled or blocked the systems and methods ports.

背景技术 Background technique

当今,可以获得许多向网络管理员提供禁用或阻塞物理端口的能力的交换机。 Today, you can get a lot of switches to provide network administrators to disable or block the physical port capacity. 禁用或关闭端口通常意味着阻塞在那些端口上的所有网络通信。 Disable or close the port usually means blocking all network traffic on those ports. 这样做来防止网络因为由于从那些端口进来的安全或策略违规所? Because doing so prevents the network or security policy violations due from the ports of those coming in? I 起的不必要数据业务而服务中断。 I played unnecessary data traffic and service interruptions. 这些违规可以包括:病毒攻击、过度的ping请求、具有未与特定端口子网关联的一个因特网协议(IP)地址的过量的传入分组、指定到另一交换或路由设备的地址解析协议(ARP)数据单元、以及超过带宽限制或者其它网络门限的协议数据单元(PDU)。 These violations may include: virus attacks, excessive ping request, not having an excess of incoming packets associated with a particular port of a subnet Internet Protocol (IP) address, assigned to the ARP another switching or routing equipment (ARP ) data units, as well as exceed the bandwidth limit threshold or other network protocol data unit (PDU).

然而,这些被禁用的端口不是永久被禁用的。 However, these ports are not disabled permanently disabled. 如果违规或规定这些 If the violation of these regulations or

端口禁用的标准^皮纠正或者不再存在,则启用这些端口并将其用于网络入口和出口业务。 ^ Port disable the standard skin to correct or no longer exists, and these ports for ingress and egress network service is enabled.

然而,为了启用这些被禁用的端口,网络管理员必须识别每个被禁用端口的端口标识号码以及这些端口每一个的特定交换/路由设备。 However, to enable these disabled ports, each port of the network administrator must recognize the identification number of the disabled port and these ports each particular switching / routing equipment. 此外,管理员必须手动发出一组命令给交换/路由设备以便启用这些端口。 In addition, the administrator must manually issue a set of commands to the switching / routing equipment to enable these ports. 这个过程非常麻烦、劳动强度大,并且耗费时间,特别是当管理员是管理一个大型网络的时候。 This process is very cumbersome, labor intensive, and time consuming, especially when the administrator is to manage a large network of time.

因此需要一种避免需要手动启用端口并从而为管理员减轻负担的机制。 Therefore a need for a mechanism to avoid the need to manually enable ports and thereby to reduce the burden on the administrator. 本发明解决了此需要。 The present invention addresses this need.

发明内容 SUMMARY

本发明特征是通过监控物理层接口的链路状态来自动重新启用一个被禁用的端口或物理媒体接口的实施例。 Feature of the present invention is to automatically re-enable a disabled embodiments port or physical media interface by monitoring the link status of the physical layer interface. 链路状态中的任何变化都自动重新启用一个先前被禁用的端口,从而允许通过先前被禁用端口进来的数据被接纳进入交换机并自动地转发或者路由/交换,而不必网络管理员手动发出任何命令来手动地重新启用该端口。 Any change in the link status automatically re-enable a previously disabled port, thereby allowing the previously disabled port through the incoming data is received into the switch and automatically forwarded or routed / switched, without the network administrator manually issuing any commands to manually re-enable the port.

在第一实施例中,本发明提供一个转发设备,它包括一个或多个物理层接口、 一个或多个数据链路层控制器以及一个交换/路由模块。 In the first embodiment, the present invention provides a transponder apparatus which comprises one or more physical layer interfaces, the one or more data link layer controllers, and a switching / routing module. 这些物理层接口接收来自通信网的数据。 The physical layer interface receives data from the communication network. 数据链路层控制器包括一个或多个 The data link layer controller comprises one or more

媒体接入控制器(MAC)端口、端口指示符和至少一个MAC处理器。 Media access controller (MAC) ports, port indicator and the at least one MAC processor. 数据链路层控制器根据包含在端口指示符中的数值丟弃或者接纳基于物理层接口确定的链路状态的数据。 Controller discards the data link layer link state or receiving physical layer interface is determined based on the value of data contained in the indicator port. 另一方面,交换/路由模块适于转发被数据链路层控制器转发的这些数据单元。 On the other hand, switching / routing module is adapted to forward the data unit is forwarded data link layer controller.

在另一个实施例中,本发明提供了一种对转发设备中的一个先前被阻塞端口自动解除阻塞的方法。 In another embodiment, the present invention provides a method of forwarding one pair of devices previously automatically unblocking a blocked port. 被阻塞端口与一个指示被阻塞端口是否被阻塞的阻塞端口指示符相关联。 Blocked port is blocked with an indication of whether the port is blocked blocked indicator associated port. 该方法包括如下步骤:经由与被阻塞端口关联的一个物理层接口接收数据单元;监控物理层接口的链路状态;当在被监控的链路状态中发生变化时,自动重新设置阻塞端口指示符;以及当阻塞端口指示符指示解除阻塞时,接纳传入数据单元。 The method comprises the steps of: via a physical layer interface unit is receiving data associated with the blocked port; monitoring physical layer interface link state; when a change occurs in the monitored link status, the indicator automatically resets blocked port ; and when the indicator indicates that unblocks the blocked port, receiving incoming data units. 这个方法还可以包括以下附加步骤:接收在网络内部执行的一个或多个网络策略;设置阻塞端口指示符;以及当阻塞端口指示符指示阻塞时丢弃数据单元。 The method may further comprise the additional steps of: receiving one or more network policies executed within the network; blocked port indicator provided; and discarding the data unit when the indicator indicates a blocked port blocked.

在另一个实施例中,本发明提供了一种转发设备,包括: 一个或多个物理层接口,适于接收来自通信网的一个或多个数据单元; 一个或多个数据链路层控制器;以及可操作地耦合到一个或多个数据链路层控制器的转发模块。 In another embodiment, the present invention provides a forwarding device, comprising: one or more physical layer interfaces adapted to receive one or more data units from the communication network; one or more data link layer controllers ; and operatively coupled to one or more data link layer controllers forwarding module. 每个数据链路层控制器包括一个或多个媒体接入控制器(MAC)端口,每个MAC端口适于可操作地耦合到一个或多个物理层接口; 一个或多个端口指示符,其中每个端口指示符与MAC端口之一相关联,并且每个端口指示符适于指示关联的MAC端口是被阻塞的还是解除阻塞的;以及至少一个MAC处理器,可操作地耦合到一个或多个MAC端口,适于读取一个或多个端口指示符并且适于基于该一个或多个端口指示符选择丟弃或接纳由一个或多个物理层接口接收到的一个 Each data link layer controller comprises one or more media access controller (MAC) ports, each MAC port adapted to be operatively coupled to one or more physical layer interfaces; one or more port indicators, wherein each port indicator is associated with one of the MAC ports and each port indicator adapted to indicate that the associated MAC port is blocked or unblocked; and at least one MAC processor, operatively coupled to one or multiple MAC ports, adapted to read one or more port indicators and adapted to receive selected or discarded based on the one or more indicators of one or more port interfaces to the physical layer receives a

或多个数据单元。 Or more data units. 转发模块适于接收被一个或多个数据链路层控制器接纳的一个或多个数据单元,并且适于转发从数据链路层控制器中接收到的一个或多个数据单元。 Forwarding module is adapted to receive one or more data units of one or more data receiving link layer controller, and is adapted to forward one or more data units received from the data link layer to the controller.

附图说明 BRIEF DESCRIPTION

在附图中以示例但不局限的方式示出了本发明,其中: 图1是根据本发明实施例的一个端口的高级状态转移图; 图2是示出根据本发明实施例的一个解除阻塞端口和两个被阻塞端口的高级框图; In the drawings, but not limited to the exemplary embodiment of the present invention is shown, wherein: FIG. 1 is a high level state transition diagram of the embodiment of a port according to the present invention; FIG. 2 is a diagram illustrating an embodiment of the present invention, a unblock ports and two high level block diagram is blocked ports;

图3是根据本发明实施例的一个转发设备的高级示意图; FIG. 3 is a high level schematic view of a forwarding device according to an embodiment of the present invention;

图4是示出根据本发明实施例的一个被阻塞端口的操作的高级流程 FIG 4 is a high level flow diagram illustrating, according to one embodiment of the present invention, the operation is blocked ports

图; Figure;

级流程图; Level flowchart;

图6是根据本发明实施例的一个交换/路由设备的框图,示出了该设备如何处理各种协议数据单元; FIG 6 is a block diagram / routing device embodiment of the present invention, a switching embodiment, the apparatus is shown how to handle a variety of protocol data units;

图7是示出根据本发明实施例的标志或指示符的数值的图表,其中该标志或指示符指示一个特定端口是否应被阻塞以及示出当链路状态改变发生时如何修改这样的数值; FIG 7 is a graph showing the value of a flag or indicator of an embodiment of the present invention, wherein the flag or indicator indicates whether a particular port should be blocked, and when the link state changes shown how to modify a numerical value occurs;

图8是根据本发明实施例的一个适于执行链路状态监控和端口重新启用操作的多层交换/路由或者转发设备的功能框图; FIG 8 is a functional block diagram showing the link state monitoring and re-enable operation of multi-port switching / routing or forwarding apparatus adapted to perform an embodiment of the present invention;

图9是根据本发明优选实施例的一个层1和层2处理机或模块的高级示意图;以及 FIG 9 is a high level schematic view of a module or processor 2 and layer 1 layer according to a preferred embodiment of the present invention; and

图10是示出根据本发明实施例的各个模块和部件的相互作用的高级功能框图。 FIG 10 is a functional block diagram illustrating the interaction of the various high-level modules and components of an embodiment of the present invention.

具体实施方式 detailed description

以下的详细描述以一种清楚地使得本领域技术人员能够实现并使 The following detailed description, in a clearly enable one skilled in the art and can be achieved

明,并且描述了本发明的多个实施例、修改、变形、可选方案以及用途, 包括目前被认为是实现本发明的最佳的模式。 Ming, and describes several embodiments of the present invention, modifications, variations, alternatives and uses, including what is presently considered to be the best mode of carrying out the invention.

为了更好地理解附图,不同附图以及描述中类似的已编号附图标记用于在以下描述中来指代相同或者类似的结构、动作、操作或者流程步骤。 For a better understanding of the drawings, process steps different drawings and description in which like numbered reference numerals are used to refer to in the following description the same or similar structure, operation, or operation. 另外, 一百系列内的附图标记,例如102和104,最初在图l中引入,二百系列的附图标记,例如222和224,最初在图2中引入,如此等等。 Further, in the one hundred series reference numerals, such as 102 and 104, first introduced in Figure l, the reference numerals of the two hundred series, for example, 222 and 224, first introduced in FIG. 2, and so on. 因此,九百系列的附图标记,例如920和940,最初在图9中引入。 Thus, 900 series reference numerals, such as 920 and 940, first introduced in FIG.

总的来说,本发明的一个实施例包括确定一个特定端口是否存在某些端口禁用条件。 In general, an embodiment of the present invention comprises determining whether a particular port port disable certain conditions exist. 如果任何这样的条件存在,则端口^C自动或手动禁用, 从而防止进一步接纳进入交换设备并且从交换或转发设备向外转发或发送接收数据单元。 If any such condition exists, the port is disabled ^ C automatically or manually, thereby preventing further into the switching device receiving and forwarding or sending or receiving data units from the switching device forwarding outwardly. 可是如果这个特定端口的链路状态从链路运行(link up)改变为链路关闭(link down),则只要没有禁用条件存在,这个端口就自动启用,从而能够进行接收数据单元的传输。 However, if this particular link from the link state of the port operation (link up) to change the Link Shutdown (link down), it is not disabled as long as the condition exists, the port is automatically enabled, thereby transmitting the received data unit. 从而,链路状态的切换触发端口的重新启用,而不必另外的网络管理员介入。 Thus, the switch trigger port link status re-enable, without additional network administrator intervention. 网络管理员从而不需要确定哪一端口是阻塞的或者哪一设备包含被阻塞端口,甚至不需要发出命令以便再激活先前被禁用的端口。 Eliminating the need for network administrators to determine which port is blocked or a device which includes a port is blocked, do not even need to issue commands to re-activate previously disabled the port.

图1是示出根据本发明实施例的一个端口的各个状态的高级状态图。 FIG 1 shows a high-level state diagram of a state of each port of the embodiment of the present invention. 在初始状态中,通常在系统启动期间,端口被启用或者被解除阻塞 In the initial state, typically during system startup, the port is enabled or is unblocked

102。 102. 但是如果任何端口阻塞条件104存在,则端口被禁用或阻塞106。 However, if any of the ports 104 blocked condition exists, the port 106 is disabled or blocked. 每当存在一个链路状态改变或者切换108——尤其是从链路运行到链路关闭或者从链路关闭到链路运行时,将一个被阻塞端口106变成解除阻塞或者再次被启用110。 Whenever there is a change or handover link state 108-- particular run off from link to link or from link to link off operation, a port 106 is blocked or unblocked again becomes enabled 110. 每当任何端口阻塞条件出现112时,然后将未阻塞的端口IIO变为被阻塞的或禁用的106。 When 112 occurs whenever a port blocking condition, and then unblocked ports IIO becomes blocked or disabled 106.

图2是根据本发明实施例的一个优选双工端口的高级框图。 FIG 2 is a high level block diagram of one preferred embodiment of the duplex port of the embodiment of the present invention. 在优选实施例中,双工端口有两个部件——接收部分被称为入口端口部件而传出部分#1称为出口端口部件。 In a preferred embodiment, the duplex port has two parts - the receiving portion is referred to the inlet port member outgoing portion outlet port # 1 is called member. 在该优选实施例中,一个解除阻塞端口200 具有处于解除阻塞状态的入口部件,在此被称为解除阻塞入口部件202、 和处于解除阻塞状况的出口部件,在此被称为解除阻塞出口部件204。 In this preferred embodiment, a port 200 having an inlet unblock unblocking member in the state, referred to herein as unblocked inlet member 202, and an outlet member in unblocking condition, referred to herein as unblocked outlet member 204.

另一方面,笫一被阻塞端口210具有处于被阻塞或禁用状态的入口部件,在此被称为被阻塞入口部件212。 On the other hand, Zi having a blocked port 210 is blocked or disabled state in an inlet member, referred to herein as an inlet member 212 is blocked. 此实施例进行操作以使被发送到被阻塞入口端口部件的协议数据单元(PDU)被物理接口层或层一(PHY)接收但是不进一步被接纳进入交换设备中。 This embodiment operates so protocol data unit is transmitted to the inlet port member is blocked (PDU) is a physical interface layer or layer (PHY) is further received but not accepted into the switching device. 在此讨论的层次是指开放式系统互连(OSI)参考模型的七个层次。 Levels discussed herein refers to the seven levels of the Open Systems Interconnection (OSI) reference model. 如果一个出口端口部件214 被阻塞,它可以不被用来转发传出PDU。 If a member outlet port 214 is blocked, it can not be used to forward outgoing PDU. 但是,如果它被解除阻塞或启用,则它可用来进一步转发传出PDU。 However, if it is unblocked or enabled, it can be used to further forward the outgoing PDU.

在优选实施例中,第二被阻塞端口220具有被阻塞入口部件222和解除阻塞出口部件224。 In a preferred embodiment, the second having an inlet port 220 is blocked by the blocking member 222 and unblocking the outlet member 224. 在另一个实施例中,第一被阻塞端口210具有被配置来阻塞数据的入口部件212和出口部件214。 In another embodiment, the first inlet port 210 is blocked and the outlet member 212 having a member 214 is configured to block data. 在另一个实施例中, 端口是一个非双工端口,因此, 一个接收或传入端口被完全阻塞或者完全解除阻塞。 In another embodiment, the port is a non-duplex port, therefore, a received or incoming port is completely blocked or completely unblocked. 还有本发明的另一实施例也是可行的,其中入口端口部件被解除阻塞同时出口端口部件被阻塞。 Yet another embodiment of the present invention are possible in which the inlet port member is unblocked while the outlet port is blocked member.

图3是根据本发明实施例的具有一个被阻塞端口的转发设备300的高级示意图。 FIG 3 is a forwarding device having a blocked port 300 high level schematic diagram of an embodiment of the present invention. 在该优选实施例中,被阻塞端口只使其入口端口部件被阻塞—一出口部件解除阻塞,由此允许传出业务。 In the preferred embodiment, the port is blocked so that only the inlet port member is blocked - unblocking an outlet member, thereby allowing outgoing traffic. 即使入口端口部件被阻塞,也经由物理层接口/层一(PHY) 330接收传入或入站数据单元302。 Even if the inlet port member is blocked, and the incoming or inbound data units 302 physical layer interface / a layer (PHY) 330 via the reception.

本发明的转发设备300包括任何交换机、路由器或者任何优选地在OSI模型的多个层中进行操作(包括层2中的交换和层3中的路由)的转发设备。 Forwarding device 300 of the invention include any switches, routers or any preferably operated (including switching and layer 3 routing in layer 2) forwarding device in a plurality of layers of the OSI model. 此外,本发明的每个交换或转发设备300,优选地包含多个物理端口330,这些物理端口优选地以双工才莫式运行。 Further, each of the switching or forwarding device of the present invention 300 preferably comprises a plurality of physical ports 330, these ports are preferably physically in a duplex operation only Mohs.

在一些实施例中,PHY接口330 #:具#^实现在一个合并一个或多个网络端口的集成电路芯片中,例如专用集成电路(ASIC),每个端口可操作地耦合到一个网络链路。 In some embodiments, a PHY interface 330 #: # ^ implemented with a merge one or more network ports of an integrated circuit chip, for example, application specific integrated circuit (ASIC), each port operatively coupled to a network link . 优选地,PHY接口330适于监控关联的链路状态,并且当链路为非运作的时通知网络管理员。 Preferably, a PHY interface 330 is adapted to monitor link status is associated, and notifies the network administrator when the link is non-functioning. 对于PHY芯片,如果PHY330被关闭,则物理链路状态通常不可能被监控。 For PHY chip, if PHY330 is closed, it is generally not possible physical link status monitoring. 因此,在本发明的优选实施例中,根据本发明的实施例,即使端口被阻塞,PHY层330不被禁用或关闭。 Thus, in a preferred embodiment of the present invention, according to an embodiment of the present invention, even if the port is blocked, a PHY layer 330 is not turned off or disabled. 相反,优选地,在媒体接入控制器(MAC)/层2级340处阻塞端口上的入口网络业务,而同时允许物理链路PHY 330保持活动,以启用本发明的实施例来监控链路状态。 Instead, preferably, the media access controller (MAC) level ingress network traffic on port 340 blocked 2 / layer, while allowing the physical link PHY 330 to remain active, to enable embodiments of the present invention to monitor the link status. 因此,传入数据单元302 在层2或MAC层340处被丟弃,并且由此不进一步将其进一步接纳进入转发设备300。 Thus, incoming data unit 302 in the MAC layer of layer 2 or 340 is discarded, and thus will not be further forwarded further into the receiving device 300.

可是在本发明的优选实施例中,即使入口部件处于被阻塞状态,传出数据单元304也可能仍然经由具有处于解除阻塞状态中的出口部件的一个端口从转发设备进行转发或发送。 However, in a preferred embodiment of the present invention, even if the inlet member is in the blocked state, the outgoing data units 304 may also be transmitted are forwarded from the forwarding device or via a member having an outlet port in the unblocking state. 传出数据单元304使用端口的解除阻塞出口部件发送出PHY 330。 Outgoing unblock the port outlet member 304 using a transmission data unit PHY 330. 因此,本发明的这个优选实施例使PDU或数据单元能够被PHY层处的入口端口部件接收,但是不由该转发设备进行转发,同一端口的出口端口部件仍然可以被利用来转发可能已经从其它端口(未示出)中接收到的传出PDU。 Thus, this preferred embodiment of the invention that the PDU or a data unit can be received ingress port component layer at a PHY, but not by the forwarding device for forwarding the same outlet port member ports can still be utilized to forward may have from other ports (not shown) received in the outgoing PDU.

本发明的转发设备300优选地还包括一组程序指令或程序模块310,如果其由处理器(优选地,计算机处理器)执行,则对网络层3 部件350、 MAC层340和PHY层330进行控制。 Forwarding device 300 of the present invention preferably further comprises a set of program instructions or program modules 310, which if executed by a processor (preferably, a computer processor), then to 350, MAC layer 340 and PHY layer 330 components network layer 3 control. 例如,程序模块310 控制MAC层306丢弃传入数据单元,并监控308 PHY层330的链路状态。 For example, the program module 310 controls the MAC layer, discarding incoming data unit 306, and monitor the link status 308 PHY layer 330. 在一个实施例中,程序模块以软件的形式具体实现。 In one embodiment, program modules embodied in software.

图4是示出禁用或阻塞一个端口的逻辑操作的高级流程图。 FIG 4 is a high level flow chart disabled or blocking a port of the logical operation is shown. 在第一操作450中,识别端口阻塞条件组。 In a first operation 450, the identified port blocking condition group. 这些阻塞条件与生效的和有效的网络利用相关,并且可以取决于数据业务门限值、病毒攻击、服务拒绝、 广播风暴、安全问题以及可能消极影响网络的其它活动。 These blocking conditions and the entry into force and effective use of network-related, and may depend on the data traffic threshold, virus attacks, denial of service, broadcast storm, safety issues and the possible negative impact on other network activity.

在一个实施例中,在转发或交换设备300内预定义阻塞条件。 In one embodiment, the predefined stall condition in forward or switching device 300. 但是,可以对这些预定义条件进行修改。 However, you can modify these predefined conditions. 附加的阻塞条件也可以被网络管理员,优选地通过一个设备配置管理器,手动定义并引入到设备中。 Additional conditions may also be blocking a network administrator, preferably by a device configuration manager, and manually introduced into the apparatus is defined.

在识别端口阻塞条件组之后(步骤450),判断入口数据单元或入口业务是否已经满足一个或多个阻塞条件,以及传入PDU是否应该被丢弃(检验452)。 After identifying the port blocking condition set (step 450), it is determined whether the data unit inlet or inlets of one or more services have been met stall condition, and whether the incoming PDU should be discarded (test 452). 如果PDU要被接纳进入到交换设备中或者从交换设备中被转发一一意思是说它们不符合阻塞条件,则交换设备相应地处理这些PDU或数据单元,并且由此如果适合,则从那个设备对它们进行转发(步骤454)。 If the PDU to be received into the switching device or forwarded from eleven switching device is meant that they do not meet the stall condition, the switching device processes the PDU or a data unit accordingly, and thus, if appropriate, from the device they are forwarded (step 454).

如果传入PDU要被阻塞,则通过使用一个布尔值标志、 一个寄存器或者任何类似的数值指示符禁用入口端口部件(步骤456)。 If the incoming PDU is to be blocked, by using a Boolean flag, a register, or any similar value indicator member inlet port is disabled (step 456). 入口阻塞标志被设置为一个指示该端口应该被阻塞的数值,例如值"真"或"1"。 Inlet blocking flag is set to indicate that a port should be blocked values, such as the value "true" or "1." 一旦设置了入口阻塞标志(步骤456),则阻塞传入PDU,意思是说经由被禁用入口端口部件被交换设备接收到的PDU不从该交换设备中进行转发一一将它们丢弃(步骤458)。 Once the inlet blocking flag (step 456) is provided, the block incoming PDU, means that the PDU is disabled via the inlet port member is received by the switching device is not forwarded from the switching device eleven discard them (step 458) . 在优选实施例中,出口端口部件不被禁用并且因此可以将其用于传出PDU,并且因此,对于出口端口部件的标志是不需要的。 In a preferred embodiment, the outlet port member and thus can not be disabled for outgoing PDU, and thus, the outlet port for the marker member is not required. 标志、标志组、或者其它数值指示符也可以用于单工(非双工)端口。 Flag, flag group, or other values ​​may also be used indicators simplex (non-duplex) port.

图5说明了一个高级流程图,示出了一个链路状态或链路状态改变如何被用来自动地启用一个被禁用/被阻塞端口。 5 illustrates a high level flow chart illustrating a link status or a link status change is how to automatically enable a disabled / blocked port. 使用根据OSI模型的层l(PHY)的一个端口接口以及通过中断,可以获得每个端口的链路状态信息。 The use of the information layer l OSI model (PHY) through a port interface, and an interrupt can be obtained link status of each port. 优选地,还对链路状态信息进行连续地监控。 Preferably, the link state information is also continuously monitored. 图5利用一个优选的被阻塞端口来说明,即入口端口部件被阻塞而出口端口部件被解除阻塞。 FIG 5 is preferred using a blocked port will be described, i.e. the inlet port member is blocked from the outlet port member is unblocked.

在第一操作(步骤530)中,检测端口的链路状态/状况。 In a first operation (step 530), detecting the link state / status port. 如果链路状态中没有发生改变(检验532),那么再次监控链路状态(步骤530)。 If you do not change the link state (test 532), then monitor the link state again (step 530). 但是如果那个端口的链路状态(从链路运行到链路关闭或者从链路关闭到链 However, if the link state of the port (run off from the link or from link to link down to link

路运行)发生改变,那么确定入口端口部件是否被禁用(检验534)。 Running road) is changed, it is determined whether the inlet port member is disabled (test 534). 这个可以通过查看入口阻塞标志或者任何类似的指示符的数值来确定。 This value can be determined by looking at the inlet or any similar blocking flag indicator. 优选地,连续地监控每个端口的链路状态。 Preferably, continuously monitor the link status of each port. 如果入口端口部件通过在入口阻塞标志中得到例如一个"真"值已 If the inlet port member obtained by blocking the inlet example, a flag "true" value is

被禁用(检-验534),则通过将入口阻塞标志重新设置为,例如,"假"来自动地重新启用那个入口端口部件(步骤536)。 It is disabled (the subject - test 534), then by blocking the entry flag is reset, e.g., "false" to automatically re-enable the inlet port member (step 536). 这个操作意味着,经由那个入口端口部件,现在不再阻塞传入PDU,并且因此交换设备应该将其接纳并处理以用于进一步转发。 This operation means that, via the inlet port member, no longer blocking the incoming PDU, and thus the switching device should be accepted and forwarded for further processing.

根据现有技术的转发设备,链路状态的变化也发起涉及一个或多个功能和职责的状况变化过程(步骤538),其功能和职责例如包括:发送一则消息给IP地址,声明那个特定端口的链路被关闭并且发送一个陷阱(trap)给一个简单网络协议管理器。 Forwarding apparatus according to the prior art, also change the link state relates to initiate one or more functions and responsibilities of the status change process (step 538), which functions and responsibilities include, for example: sending a message to the IP address, that particular statement link port is closed and send a trap (trap) for a simple network protocol manager.

图6是示出在本发明的转发设备600中如何处理各种PDU的框图。 FIG 6 is a block diagram of how to deal with in the PDU forwarding device 600 of the present invention is shown. 在第一示例中,第一入站PDU 602通过一个双工端口经由PHY被接收, 双工端口具有入口620B和出口620A端口部件。 In a first example, the first inbound PDU 602 is received via the PHY through a duplex port, the duplexer having an inlet port 620A and outlet port 620B member. 入口端口部件620B和出口端口部件620A被解除阻塞/被启用。 An inlet port and an outlet port member 620B member 620A is unblocked / are enabled. 因为入口端口部件620B被解除阻塞,所以传入的第一入口PDU602由设备600进行处理然后通过同一端口或其它端口的出口端口部件620A转发出PDU 604。 Because the inlet port member 620B is unblocked, the incoming PDU602 first inlet device 600 is then processed by a PDU 604 sent by the transfer member 620A outlet port or other ports of the same port.

在另一示例中, 一个双工端口具有一个净皮禁用/净皮阻塞入口端口部件624B和一个启用/解除阻塞出口端口部件624A。 In another example, a duplex port is disabled sheath having a net / net Paper blocking member 624B and an inlet port enabled / unblocked egress port component 624A. 使用被阻塞入口端口部件624B的第二入站PDU606通过这个端口的物理层被接收。 A second inbound inlet port is blocked PDU606 member 624B is received by the physical layer port. 但是,交换机600丢弃该第二入站PDU 608,意思是说PDU 608不再被接纳进入交换机并且不/人交换机600中进行转发。 However, switch 600 discards the second inbound PDU 608, meaning that no PDU 608 is not admitted into the switch and / person switches 600 forward.

在另一示例中,第三PDU 628由设备使用其被启用端口部件之一接收。 In another example, the third PDU 628 received using one of the port member which is enabled by the device. 它能够经由解除阻塞入口端口部件620B或者任何其它解除阻塞端口部件(未示出)而被接收。 It can be received via the inlet port unblocked or any other member 620B unblock port member (not shown). 可以经由解除阻塞出口端口部件620A、 624A 或者通过任何被启用/解除阻塞出口端口部件将该第三PDU 628转发634出交换机600外。 Via the outlet port unblock member 620A, 624A, or by any enabled / unblocked outlet port member forwarding the third PDU 628 634 600 external switch. 但是,如果一个出口端口部件被阻塞或被禁用—— 图中未示出,则可以不使用这个被阻塞出口端口部件来转发传出PDU。 However, if one outlet port is blocked or disabled member - not shown in the figures, it may not use the blocked outlet port means to forward outgoing PDU.

图7说明了本发明实施例中的两个示例性端口阻塞状态表702、 708 和标志704、 710的示例性数值。 Figure 7 illustrates the present invention, two exemplary embodiments blocked port table 702 in the embodiment, flags 708 and exemplary values ​​704, 710. 在这个示例中,只有双工端口#999的入口端口部件被禁用——出口端口部件被启用。 In this example, only the duplex port 999 of the inlet port member # disabled - outlet port means is enabled. 包括策略(包括安全策略)、控制网络在内的若干应用可以在转发 Including policies (including security policy), several applications can control network, including forwarding

设备600、 300内实现。 Device 600, 300 to achieve. 一个网络门限值准则例如可以被识别为应用或策略ID(标识)"0001"。 Threshold criteria, for example, a network may be identified as an application or policy ID (identification), "0001." 在本发明的一个实施例中,使用一个策略或应用ID在交换机600内识别每个应用或策略,每个策略/应用具有其自己的标志,指示包括其入口、出口或两个端口部件在内的一个特定端口是否应该被禁用。 In one embodiment of the present invention, using a policy or application ID in the switch 600 identifies each application or policies, each policy / application has its own flag indicating which comprises an inlet, an outlet port member including two or whether a particular port should be disabled. 虽然图中未示出,但是也存在指示阻塞标记涉及或表示哪一端口的方式。 Although not shown, but indicated the presence of obstructive or represent numerals which relate to the port.

根据本发明的实施例,交换机600中的每个端口可以具有其自己的标记,指示那个特定端口是应该被启用还是被禁用,并且如果适合,是否刚好入口、出口或两个端口部件都^皮阻塞或解除阻塞——例如,端口#999:入口被禁用/被阻塞,出口被启用/解除阻塞;以及端口#888:入口被禁用/阻塞,被禁用/阻塞。 According to an embodiment of the present invention, each port of the switch 600 may have its own flag, indicating that a particular port should be enabled or disabled, and if appropriate, whether just the inlet or outlet ports two components are transdermal ^ block or unblock - for example, port # 999: entrance disabled / blocked, export is enabled / unblocked; and port # 888: entrance disabled / blocked, disabled / blocked. 在优选实施例中,这个端口阻塞标志是层2中的一个或多个寄存器。 In a preferred embodiment, this port is blocked flag in a layer two or more registers. 本领域普通技术人员应该了解:有许多方式指示这样的数值,例如通过位操作、通过"真"和"假,,值、以及通过"0"或"1"值。例如经由不同的数据或目标结构与寄存器阵列,可以应用实现这个特性的其它方式。 Those of ordinary skill in the art will be appreciated: There are many ways such values ​​indicate, for example, by a bit operation, the "true" and "false ,, value and by" 0 "or" 1 "value, for example, via a different data or target. register array structure and may be applied in other ways this feature.

的。 of. 根据某些条件以及在不同的时间,每个策略或应用可以把它的请求从端口被阻塞改变为解除阻塞,反之亦然。 According to certain conditions and at different times, each policy or application can change its request from the port is blocked to unblocked or vice versa. 第一个表格702指示策略"001"请求端口#999被阻塞— 一通过"真"来指示。 The first table 702 indicates that the policy "001" request port # 999 is blocked - a "true" is indicated by. 另一方面,策略"0002"和"0003"请求端口弁999解除阻塞一—通过"假"来指示。 On the other hand, the policy "0002" and "0003" request unblocking a port Benten 999 - indicated by "false." 只要存在一个请求端口被阻塞/被禁用的策略,则本发明实施例优选地为所有的应用和策略阻塞或禁用那个端口的入口端口部件。 Preferred embodiment of the present embodiment as long as a policy request port is blocked / disabled, the present invention is for all applications and policies blocking or disabling the inlet port of the port member. 这是通过把端口阻塞标志(在这种情况下端口是#999)设置为"真,,来完成的704。这也意味着,通过这个入口端口部件进来的PDU应该被丢弃并且不从交换设备中进行转发。 This port is blocked by the flag (in this case port # 999) is set to "true ,, to complete 704. This also means that the inlet port member by the incoming PDU should be discarded and not from the switching device carried forward.

通常连续地监控每个端口的链路状态,从而链路状态的变化,特别是从链路运行到关闭的变化,触发标志值的改变,即标志;故重新设置710 以使先前被禁用的端口现在被启用。 Typically continuously monitors the link status of each port, so that the link state changes, in particular to the closing operation from the link change trigger value change flag, i.e. flag; 710 so that it is reset previously disabled port now it is enabled. 持有对于那个特定端口的标记的所有应用或策略也如示例性表708中所示被重新设置。 All application or policy holder for that particular port numerals also as shown in the exemplary table 708 is reset. 本发明的一个实施例使用链路状态中的这个变化来自动地重新启用一个先前被禁用/被阻塞的端口,并且因此,现在会处理接收到的呼入PDU以使它可以由转发设备进行转发。 An embodiment of the present invention uses the change in the link status automatically re-enable a previously disabled / blocked port, and thus, will now process the received incoming PDU so that it may be forwarded by a forwarding device .

以下,在表I中示出了表示图7的高级逻辑的示例性伪代码。 Hereinafter, in Table I shows exemplary pseudo-code representation of high-level logic 7 of FIG.

表I Table I

〃通过一个链路监控模块或功能,可以设置一个标志〃设置aPort->blockFlag= TRUE; 〃 through a module or link monitoring functions, you may be provided a flag set 〃 aPort-> blockFlag = TRUE;

〃这个模块监控链路状态,它既可以经由无限循环也可以是中断驱动的 〃 This module monitors the link status, It can also be infinite loop via interrupt-driven

void aPortLinkStateMonitor(void) void aPortLinkStateMonitor (void)

〃初始化 〃initialization

aPort-〉blockFlag = FALSE; aPort-> blockFlag = FALSE;

aPoi't-〉aPhyLinkStatus~"= UNK一DOWN; aPort->aLocalLinkStatus = LINK—DOWN; aPoi't-> aPhyLinkStatus ~ "= UNK a DOWN; aPort-> aLocalLinkStatus = LINK-DOWN;

〃其它适当的特性或操作<table>table see original document page 15</column></row> <table><table>table see original document page 16</column></row> <table><table>table see original document page 17</column></row> <table><table>table see original document page 18</column></row> <table>return OK; 〃 other suitable features or operations <table> table see original document page 15 </ column> </ row> <table> <table> table see original document page 16 </ column> </ row> <table> <table> table see original document page 17 </ column> </ row> <table> <table> table see original document page 18 </ column> </ row> <table> return OK;

图8是一个适于执行本发明的链路状态监控和端口管理的多层交换机800的功能框图。 FIG 8 is a functional block diagram illustrating a port link status monitoring and management of the present invention is a multi-layer switch 800 is adapted to perform. 一个实施例的交换机800包括一个或多个OSI层1 和层2处理机(L1&2处理机)804、 一个或多个交换模块806和一个管理模块820,其中所有的模块合作以便经由每一个物理端口802接收入口数据业务以及发送出口数据业务。 A switch of an embodiment 800 comprises one or more OSI layer 1 and layer 2 handler (L1 & 2 processor) 804, one or more switching module 806 and a management module 820, wherein all the modules cooperate to each physical port via 802 receives ingress data traffic and transmitting data service outlet. 为了此实施例的目的,从另一网络节点流入交换机800的数据在此被称为入口数据单元或协议数据单元(PDU)。 For purposes of this embodiment, data flows into the switch 800 from another network node is referred to herein as ingress data units or protocol data unit (PDU). 相反,在内部传播到一个物理端口802用于发送到另一网络节点的解除阻塞数据被称为出口数据或者传出PDU或数据单元。 In contrast, the spread data within a physical unblock port 802 for transmission to another network node is referred to as outgoing or outlet data PDU or a data unit.

在一个实施例中,入口或传入PDU借助于一个或多个入口数据总线805A从Ll&2处理机804中被传送到交换模块806。 In one embodiment, the incoming PDU inlet or inlets by means of one or more data buses 805A Ll & 2 from processor 804 is transmitted to the switching module 806. 类似地,如果需要进一步将入口PDU从交换机800中发送出去,则对它们进行处理以使它们已准备好经由一个或多个出口数据总线805B从交换模块506 发送到多个Ll&2处理机504。 Similarly, if desired further inlet PDU sent from the switch 800, if they are treated so that they are ready for transmission from the plurality of the switching module 506 to processor 504 Ll & 2 via one or more data buses outlet 805B.

管理模块820通常包括一个用于保持并实现网络业务策略的策略管理器824、 一个配置管理器822、 一个链路监控器862和一个端口管理器828。 Management module 820 generally comprises a network traffic for holding policies and implement policy manager 824, a configuration manager 822, a monitor 862 and a link port manager 828. 优选地,策略管理器824实现的策略或应用部分地基于从源学习操作中导出的层2和/或层3寻址信息、从其它路由设备中接收的路由信息、以及从使用例如简单网管协议(SNMP)消息826经由配置管理器822被网络管理员上载的过滤规则。 Preferably, the policy implemented policy manager 824 based in part on the application or derived from the source learning operation and / or Layer 3 addressing information layer 2, the routing information received from other routing devices, and from the use of Simple Network Management Protocol e.g. (SNMP) message 826 via the configuration manager 822 is uploaded on the network administrator filtering rules. 使从源学习、其它网络节点以及管理员中获得的业务/网络策略对路由引擎830可用并且由转发表854 共同表示。 Learning from the source, as well as other network nodes obtained business administrator / network policy routing engine 830 is available and co-published 854-by-turn representation.

优选地,链路监控器862连续地监控每一Ll&2处理机804的链路状态,并且优选地是管理模块820的一部分。 Preferably, the link monitor 862 continuously monitors the state of each Ll & 2 link handler 804, and preferably is part of the management module 820. 在本发明的一个实施例中, 链路监控器562被合并到端口管理器528中。 In one embodiment of the present invention, the link 562 is incorporated into the monitor port manager 528.

有许多方法改变一个端口的链路状态。 There are many ways to change the link state of a port. 举例来说,微软(TM)基于窗口的个人计算机(PC)连接到一个端口,例如端口#999。 For example, Microsoft (TM) based personal computer (PC) is connected to a port window, such as port # 999. 通过只是从网络墙壁插座或者从PC机的网络接口卡上的连接器上拔开网络电缆就能够改变链路状况。 By simply disconnect the socket from the wall or the network cable from the network connector on the PC, a network interface card can be changed link condition. 只是重新启动PC机或者再一次断电或开启就把链路状态从链路运行切换到链路关闭,或者从链路关闭切换到链路运行。 Or simply to restart the PC again put off or open state is switched from link to link down link operation, or to switch off the link from the link operation. 如果链路状况被改变/切换——链路运行状态到链路关闭状态或者链路关闭状态到链路运行状态,则链路监控器862检测这样的改变,并且相应地通知端口管理器828启用与那个链路关联的那个特定端口。 If the link status is changed / switching - link down state to the link operating state or a state of the Link Shutdown change the link operating state, the link monitor 862 detects, and informs the port manager 828 is enabled that link to that particular port association. 通过利用链路状态的变化,能够很容易重新启用一个端口。 By using the link status changes can be easily re-enable a port. 例如,用户只须重新启动他们的系统或者只须拔开他们的网络电缆并将其重新插回到它们的网络连4妄中就可以重新启用他们的端口。 For example, users only need to restart their system or they simply disconnect the network cable and plug it back into their network connection to jump in 4 can re-enable their ports. 从而减轻了网络管理干预。 Thereby reducing network management intervention.

这个链路监控器862与端口管理器828通信,端口管理器828相应地识别并把适当的端口,优选地双工端口(入口、出口或者两个端口部件)设置为被启用的/解除阻塞的或者被禁用的/被阻塞的。 The link monitoring 862 and 828 respectively identify the communication port manager 828, and port manager to the appropriate port, preferably duplex port (inlet, outlet ports or two members) arranged to be enabled / unblocked or disabled / blocked. 端口管理器828还重新设置应用或策略阻塞标志,或者把这个信息传送给策略管理器824,策略管理器824继而又重新设置适当的应用或策略。 Port manager 828 also re-set the application or policy prevents signs, or to pass this information to the policy manager 824, policy manager 824 and then again to set appropriate application or policy. 在优选实施例中,端口管理器828与Ll&2处理机进行通信并且设置/重新设置适当的控制寄存器(Rx和Tx ),其指示包括相应的入口和出口端口部件在内的一个端口是否应该被阻塞。 In a preferred embodiment, the port manager 828 performs Ll & 2 processor communication and sets / resets the appropriate control register (Rx and the Tx), which indicates whether a port comprises respective inlet and outlet ports member including should be blocked . 因此,在L1&2处理机中处理所选的传入数据单元的丟弃。 Thus, L1 & 2 handler discarding the selected incoming data unit.

优选地,交换机800包括能够但是不限制为进行层2(数据链路)和层3(网络)交换操作的至少一个交换模块806。 Preferably, the switch 800 can be, but is not limited to comprising at least one switching module 806 layer 2 (Data Link) and Layer 3 (Network) switching operations. 用于把端口802可操作地耦合到有线和/或无线通信链路的可能的层2协议组包括:电气和电子工程师学会(IEEE) 802.3和IEEE 802.11标准,而可能的层3协议组包括: 互联网工程任务组(IETF)征求意见资料(RFC) 791中定义的互联网协议(IP)版本4和IETF RFC 1883中定义的IP版本6。 For the port 802 may be operably coupled to a Layer 2 protocol suite include wired and / or wireless communications link: Electrical and Electronics Engineers (IEEE) 802.3 and IEEE 802.11 standards, while the set of possible Layer 3 protocols includes: Internet Engineering task Force (IETF) to seek the views of data (RFC) 791 defined in the Internet protocol (IP) version 4 IP version and as defined in IETF RFC 1883 6.

优选地,交换模块806包括一个路由引擎830、 一个转发表854和一个队列管理器840。 Preferably, the switching module 806 comprises a routing engine 830, a forwarding table 854 and a queue manager 840. 路由引擎830依次包括一个分类器832,它接收来自数据总线805A的入口PDU,检查PDU的一个或多个字段,并且使用按内容寻址的存储器833把PDU分类成为多个流中的一个流。 The routing engine 830 comprises a classifier 832 sequentially, which receives an inlet PDU from the data bus 805A, checking one or more fields of the PDU, and to use content-addressable memory 833 Classification PDU into a plurality of flow streams. 在一个实施例中,管理模块820,尤其是对于端口管理器828,命令交换模块806或者与交换模块806配合来实现本发明的阻塞和丢弃特性。 In one embodiment, the management module 820, especially for the port manager 828, switching command module 806 and switching module 806 or with blocked and dropped to implement features of the present invention. 在本实施例中,路由引擎830丢弃来自一个被阻塞端口的传入数据单元。 In the present embodiment, the routing engine 830 drops incoming data unit from a blocked port. 但是,如果PDU不是要被丟弃—一被接纳,则路由引擎830还从保持在高速存储器中的转发表854中获取转发信息。 However, if the PDU is not to be discarded - a is received, the routing engine 830 forwards the information 854 acquired from the post held in a high-speed transfer memory. 从转发表854中获取的转发信息优选地包括,但是不限制于,例如一个流标识符,用于指定准备出口的特定适当的PDU所需要的那些转发才喿作。 From the forwarding table 854 acquired in the forwarding information preferably includes, but not limited to, for example, a flow identifier used to specify a suitable PDU for export of specific forwarding only those required for Qiao.

转发处理器834接收被解除阻塞入口PDU与关联的转发信息并且在发送到适当的出口端口部件之前执行一个或多个转发操作。 The processor 834 forwards the received PDU is associated with the inlet released blocking forwarding information and executes one or more forwarding operations prior to transmission to the appropriate outlet port member. 在另一个实施例中,在这个处理器834中处理通过一个^皮禁用端口而来的被阻塞入口数据单元的丢弃。 In another embodiment, the blocking process is discarded from the inlet port of the data unit through a transdermal ^ in the processor 834 is disabled.

对于要被发送的那些出口数据单元,转发操作优选地包括,但是不限制于:用于重新封装数据的报头转换,用于把一个或多个VLAN标记附加到PDU上的VLAN标记推入,用于从PDU中删除一个或多个VLAN标记的VLAN标记弹出,用于预留网络资源的服务质量(QoS), 用于监控客户业务的计费和记帐,用于选择性过滤PDU的验证,接入控制,包括地址解析协议(ARP)控制的较高层学习,源学习,以及用于 An outlet for those data units to be transmitted, forwarding operations preferably include but are not limited to: means for repackaging the data header conversion for the one or more VLAN tags are attached to the VLAN tag pushing on PDUs, with to delete one or more VLAN tags from a PDU, VLAN tag pop, the quality of service for reserving network resources (the QoS), accounting for monitoring customer traffic and billing, authentication for selectively filtering the PDU, access control, including address Resolution protocol (ARP) control higher-layer learning, source learning, and for

在转发处理器834之后,PDU被传到并存储在队列管理器840中直到带宽为可用以把PDU发送到适当的出口端口部件为止。 After the forwarding processor 834, PDU is passed and until bandwidth is available to transmit the PDU to the appropriate outlet port until the member is stored in the queue manager 840. 特别地,出口PDU被緩存在緩存器842中的一个或多个优先级队列中直到它们被调度器844经由输出数据总线805B发送到适当的出口端口部件802为止。 In particular, the outlet PDU is cached in the buffer with one or more priority queues 842 until they are sent to the scheduler 844 via the output data bus 805B member up to the appropriate outlet port 802.

图9是本发明的一个优选的L1&2处理机804的功能框图。 FIG 9 is a preferred embodiment of the invention is a functional block diagram 804 of processor L1 & 2. 在这个优选实施例中, 一个U&2处理机804通常包括适于经由网络通信链路交换PDU (例如以太网帧)的多个物理层接口(PHY) 940和媒体接入控制(MAC)接口。 In this preferred embodiment, a U & 2 handler 804 generally includes a plurality of physical layer interfaces (PHY) 940 and a media access control (MAC) interfaces adapted to exchange PDU (e.g. Ethernet frame) via a network communication link. 优选地,Ll&2处理机还包括至少一个数据链路层控制 Preferably, Ll & 2 handler further comprises at least one data link layer control

器900。 900. 在物理层运行的每一个PHY940执行包括PDU(比如以太网符号流)的接收和发送在内的传统网络接口功能。 Conventional network interface functions at each of the physical layer operation comprises performing PHY940 PDU (such as an Ethernet symbol stream) including reception and transmission. 当接收到来自关联的通信链路中的一个入口PDU 902时,来自通信链路中的电或光信号被PHY 940转换成为一个字节流,其然后被发送到一个关联的MAC媒体接口/端口910。 When an entry is received from the communication link associated with the PDU 902, the electrical or optical signal from a communication link PHY 940 is converted into a byte stream, the MAC media interface which is then sent to an associated / port 910. 在发送模式中,PHY940把来自一个关联的MAC端口910的一个字节流转换成为适于该介质的电或光信号。 In the transmission mode, PHY940 the associated MAC port from a byte stream 910 is converted into an electrical or optical signal appropriate for the medium. PHY940对于它所连接的介质类型是特定的。 PHY940 it is connected to the medium type is specified.

优选实施例中的数据链路层控制器900包括一个或多个MAC端口/ 接口910。 The data link layer controller 900 of this embodiment includes one or more MAC ports / interface 910 preferred embodiment. 优选地,多个端口910的每一个是适于接收入口数据和发送出口数据的双工端口。 Preferably, each of the plurality of ports 910 are adapted to receive ingress data and transmit data duplex outlet port. 在层二处运行的MAC端口910执行包括以太帧 Running in the MAC layer of two-port Ethernet frame 910 includes performing

的接收和发送在内的传统网络接口功能。 Conventional network interface functions including the reception and transmission. 在接收模式中,优选地,MAC 端口910执行各种功能,这些功能包括,但是不限制于:(a)MAC帧解析,用于例如从以太网类型/长度字段中提取被封装的协议类型、帧优先级、VLAN被标记帧的用户优先级和具有优先或DiffServ映射的IP帧的TOS字节;(b)使用接收数据以及分组解封装的帧校验序列(FCS)值的差错检查;和(c)非对称的和对称的流控制,包括:例如接受流控制帧以由网络邻居停止帧传输或中止帧传输。 In the receive mode, preferably, the MAC ports 910 to perform various functions, these functions include, but are not limited to: (a) MAC frame parsing, for example, extracting the encapsulated protocol type from Ethernet type / length field, frame priority, user priority and precedence or DiffServ mapping the TOS byte of IP frames are VLAN tagged frames; error checking (b) using the received data packets and decapsulating the frame check sequence (FCS) value; and (c) asymmetric and symmetric flow control, comprising: receiving flow control frame, for example, a transmission frame transmitted by a stop frame or abort the network neighborhood. 来自MAC端口910的帧然后在MAC处理器920处进行本地处理。 MAC frames from port 910 and then be processed locally at the MAC processor 920. 才艮据本发明的特征,优选地,通过一个被阻塞端口952接收到的入口PDU的丢弃由MAC处理器920完成。 Gen inlet PDU discarding data only feature of the present invention, preferably, the port 952 is blocked by the one received by the MAC processor 920 is completed.

与传统媒体接入控制器一致,MAC端口910执行各种功能,例如包括:(a)冲突处理,(b)根据CSMA/CD传输协议对通信介质进行的接入控制,(c)帧检验序列(FCS)值的生成,(d)封装,和(e)发送迟延。 Consistent with the traditional media access controller, the MAC ports 910 to perform various functions, including, for example: (a) collision handling, (b) access control according to CSMA / CD transmission protocol of the communication medium, (c) a frame check sequence generating a value (FCS), (d) encapsulation, and (e) transmission delay. 在优选实施例中,MAC端口910适于使用接口中简化的十比特接口(RTBI)或者简化的千兆比特媒体独立接口(RGMII)类型独立地支持10、 100或者1000兆比特/秒的吞吐量。 Embodiment, the MAC interface port 910 is adapted to use a simplified ten-bit interface (RTBI) or in a preferred embodiment of a simplified Gigabit Media Independent Interface (RGMII) types of support 10 are independently 100 or 1000 megabits / sec throughput .

图IO是一个高级功能框图,说明一般可以如何处理本发明的特性。 FIG IO is a high-level functional block diagram showing how the general nature of the invention may be processed. 这个图还更详细地示出了数据链路层控制器900,虽然只是它的某些部分。 This figure also shows in more detail the data link layer controller 900, although only some parts of it. 优选实施例的一个MAC端口910包含两个控制寄存器或者与两个控制寄存器关联:接收(Rx)控制寄存器1010和发送(Tx)控制寄存器1020。 A MAC port 910 of the preferred embodiment comprises two control registers or control registers associated with two: reception (Rx) control register 1010 and transmit (Tx) control register 1020. Rx控制寄存器1010和Tx控制寄存器1020是指示入口和出口端口部件分别是否应该被阻塞的标志。 Tx Rx control register 1010 and control registers 1020 is a flag indicating member inlet and outlet ports, respectively, of whether they should be blocked. 这些寄存器优选地由端口管理器828设置和重新设置。 The registers 828 are preferably disposed and reset by the port manager.

策略管理器824与端口管理器828进行通信,从而向端口管理器828 提供在本发明的转发设备中实现的各种应用或策略1040 。 Policy manager 824 and port manager 828 communicates to provide various applications or policies implemented in the forwarding apparatus 1040 according to the present invention, the port manager 828. 上述应用或策略标志可以被存储在策略管理器中,但是优选地被端口管理器828存储 Said application or policy flag may be stored in the Policy Manager, but preferably by the port manager 828 stores

并保持。 And kept.

链路管理器862与端口管理器828进行通信,向端口管理器828提供每一个PHY 940的链路信息1030。 The link manager 862 and the communication port manager 828 provides a link information 1030 PHY 940 to each of the port manager 828. 在一个示例中,PHY是一个千兆比特接口转换器(GBIC)。 In one example, PHY is a gigabit interface converter (GBIC). 链路管理器862还向端口管理器提供它的信息以便判断是设置还是重新设置层2/Mac端口910中的控制寄存器1010、 1020。 The link manager 862 also provides information to its determination to the port manager is to set or reset the layer 2 / Mac port 910 of the control register 1010, 1020.

在优选实施例中,MAC处理器920读取包含在控制寄存器一—Rx 控制寄存器1010和Tx控制寄存器1020中的一个或多个值952。 In a preferred embodiment, MAC processor 920 reads the control registers contained in the control register 1010 and a -Rx controls one or more Tx register values ​​952 1020. 如果该一个或多个值指示端口的入口端口部件应该被阻塞,则MAC处理器920丢弃或者不^"纳出自那个端口910的传入/入口数据单元,即不处理传入数据单元,以进一步从转发设备进行发送。另一方面,如果该数值指示通过那个端口910进来的传入数据单元应该被处理,则MAC处理器920处理数据单元以便进一步进行发送。如上所述,根据本发明,如果出口端口部件未被阻塞,则其入口端口部件被禁用了,的MAC端口910 If one or more values ​​indicative of the inlet port member ports should be blocked, the MAC processor 920 discards or not ^ "satisfied by the incoming port 910 / data entry unit, i.e., does not process the incoming data units further transmitted from the repeater apparatus. On the other hand, if the value indicates that the incoming data units coming in through the port 910 should be processed, the data processing unit MAC processor 920 for further transmission. As described above, according to the present invention, if the outlet port means is not blocked, it means inlet port is disabled, the MAC ports 910

仍然可以从它的出口端口部件进行发送。 It can still be sent from its parts outlet port.

MAC层或层2因此与PHY或层1进行通信。 Layer 2 or MAC layer or the PHY layer thus communicate 1. MAC层/层2继而又与层3或网络层进行通信。 The MAC layer / layer 2 in turn communicates with the layer 3 or network layer. 包括策略管理器、端口管理器和链路管理器在内的管理模块可以是层3的一部分或者是OSI模型的较高层之一的一部分。 Including Policy Manager, Port Manager and link manager, including the management module can be or be part of one of the higher layers of the OSI model layer part 3.

本发明已经在上面依据一个目前优选实施例进行了描述,以便可以传达对本发明的一个理解。 The present invention has been implemented in accordance with one presently preferred embodiment above has been described to be a convey an understanding of the present invention. 但是,本发明的交换机、转发设备、链路监控器模块、端口管理器模块、端口阻塞标志和策略标记的许多配置在此未特别描述,但是本发明利用这些配置是可应用的。 However, the switch of the present invention, the transponder device, many configurations link monitoring modules, port manager module, and port blocking flag policy tags not specifically described herein, the present invention utilizes these configurations are applicable. 不应该将本发明因此视为限制于在此所述的特定实施例,而是应该理解本发明相对于,例如,交换机、链路监控模块、端口管理器和标志通常具有广泛的适用性。 Thus the present invention should not be considered limited to the particular embodiments described herein, but should be understood that the present invention with respect to, for example, switches, link monitoring module, and a port manager signs generally have broad applicability. 例如,可以以在此未明确讨论的其它方式实现端口部件、入口和出口、 在交换机内如何被识别为被禁用或是被启用。 For example, a port member can be achieved, the inlet and the outlet other ways not explicitly discussed, how is identified as being enabled or disabled in the switch. 例如,它们的数值可以不在管理才莫块本身中被存储或者处理,而是在交换机模块本身内被存储或 For example, they can not manage the value blocks are stored only Mo or the process itself, but in itself is stored or the switch module

者处理。 By treatment. 另一变形是:链路管理器的功能以一个软件程序的形式被合并为端口管理器的一部分,优选地,被存储在计算机可读介质中并且可由计算机执行来执行本发明的发明步骤。 Another modification is: link manager functions are combined in the form of a software program is part of a port manager, preferably, stored in a computer-readable medium and executed to perform the inventive steps of the present invention, the computer may be. 本发明的这些特征也可以以硬件、软件或二者结合(固件)的形式实现。 These features of the invention may be implemented in hardware, software, or a combination of both (firmware) forms. 如所示的对于在哪里丟弃入口数据的变形可以在另一层,例如层3中完成。 Where as described for discarding data entry may be shown in another modification, for example, layer 3 is completed. 还可以使用无线端口。 You can also use a wireless port.

因此,在所附权利要求范围内的所有修改、变形或等同设置和实施应该认为是在本发明的范围之内。 Accordingly, all modifications, variations or equivalent arrangements and embodiments within the scope of the appended claims should be considered to be within the scope of the present invention.

Claims (9)

  1. 1.一个用于经由一个或多个链路可操作地耦合到通信网的转发设备,该转发设备包括: 至少一个具有关联端口状态的接口,其中该至少一个接口适于: 可操作地耦合到该一个或多个链路中的一个关联链路; 如果该端口状态为解除阻塞,则经由该关联的链路接收入站数据单元,以及如果该端口状态为阻塞,则丢弃来自该关联链路的入站数据单元;以及链路监控器,适于检测该一个或多个链路中的每一个链路的链路状态的变化;以及端口管理器,适于响应于检测到的该关联链路的链路状态中的变化,把至少一个端口的端口状态从阻塞自动地更改为解除阻塞。 1. A for operatively coupled via one or more links to a communication network forwarding devices, the repeater apparatus comprising: an interface port associated with at least one state, wherein the at least one interface adapted to: operatively coupled to the one or more links associated with a link; receiving inbound data unit if the port state is unblocked, the association is via a link, and if the port status is blocked, is discarded from the associated link inbound data units; and a link monitor, a change in link status for each link in the one or more links adapted to detect; and a port manager, which is adapted in response to the detected associated chain link state changes in the road, the state of at least one port of the port is automatically changed from blocking to unblocking.
  2. 2. 如权利要求1的转发设备,其中该关联的端口状态还包括入口端口状态和出口端口状态。 Forwarding device as claimed in claim 1, wherein the port status of the associated status further includes an inlet port and an outlet port status.
  3. 3. 如权利要求1的转发设备,还包括:策略管理器,适于实现该通信网的一个或多个策略并且可操作地耦合到该端口管理器;其中该端口管理器还适于响应于该通信网的一个或多个策略,^巴至少一个端口的端口状态从解除阻塞更改为阻塞。 3. The repeater apparatus as claimed in claim 1, further comprising: a policy manager, adapted to implement one or more policies of the communication network and operably coupled to the port manager; wherein the port manager is further adapted to respond to one or more policies with the communications network, ^ Pakistani port status of at least one port to block the change from unblocked.
  4. 4. 如权利要求2的转发设备,其中该至少一个接口还适于: 如果该出口端口状态为解除阻塞,则经由该关联的链路转发数据单元。 4. The repeater apparatus as claimed in claim 2, wherein the at least one interface is further adapted to: if the outlet port state is unblocked, the forwarding data units via the associated link.
  5. 5. —种对转发设备中的被阻塞端口自动解除阻塞的方法,该转发设备用于可^f喿作地耦合到通信网,该被阻塞端口与一个阻塞端口指示符关联,该阻塞端口指示符适于指示该被阻塞端口是被阻塞还是被解除阻塞,该方法包括如下步骤:从与被阻塞端口关联的一个接口中接收一个或多个数据单元;监控该接口的链路状态;当在该被监控的链路状态中发生变化时,重新设置阻塞端口指示符以指示解除阻塞;以及当该关联的阻塞端口指示符指示解除阻塞时,接纳从该接口中接收到的一个或多个数据单元。 5. - Method kinds of forwarding devices is automatically unblocking a blocked port, the repeater apparatus may be used as a ^ f Qiao coupled to the communication network, the port is blocked and a blocked port associated indicator indicating the blocked port indicating that the symbol is adapted to be blocked or a blocked port is unblocked, the method comprising the steps of: from an interface associated with the blocked port receives one or more data units; monitor the link status of the interface; if the the monitored link status change, a re-set indicator to indicate a blocked port is unblocked; and when the indicator indicates that the associated unblocks the blocked port, receiving one or more data received from the interface to unit.
  6. 6. 如权利要求5的方法,还包括如下步骤: 接收该通信网的一个或多个策略;基于该接收到的一个或多个策略设置阻塞端口指示符以指示被阻塞端口;以及当该阻塞端口指示符指示一个被阻塞端口时,丟弃从该接口中接收到的一个或多个数据单元。 6. A method as claimed in claim 5, further comprising the steps of: receiving one or more policies of the communication network; to indicate that, based on the received one or more policy setting indicator blocked port is blocked port; and when the blocking a port indicator indicates when the port is blocked, discarding one or more data units received from the interface to.
  7. 7. —种用于可操作地耦合到通信网的转发设备,该设备包括: 一个或多个物理层接口,适于接收来自该通信网的一个或多个数据单元;一个或多个数据链路层控制器,其中每个数据链路层控制器包括: 一个或多个媒体接入控制器MAC端口,每个MAC端口适于可4喿作i也耦合到该一个或多个物理层4姿口中的一个;一个或多个端口指示符,其中每个端口指示符与MAC端口之一相关联,并且每个端口指示符适于指示该关联的MAC端口是阻塞的还是解除阻塞的;以及至少一个MAC处理器,可^t作地耦合到该一个或多个MAC端口,适于读取该一个或多个端口指示符,并且适于基于该一个或多个端口指示符指示阻塞来选择丟弃由该一个或多个物理层接口中接收到的一个或多个数据单元,并且基于该一个或多个端口指示符指示解除阻塞来选择接纳由该一个或多个物理层接口中 7. - species for forwarding apparatus operably coupled to a communication network, the apparatus comprising: one or more physical layer interfaces adapted to receive one or more data units from the communication network; one or more data link path layer controller, wherein each data link layer controller comprising: a media access controller MAC or more ports, each MAC port adapted to be i 4 Qiao also coupled to the one or more physical layer 4 a posture mouth; one or more port indicators, wherein each port indicator is associated with one of the MAC ports and each port indicator adapted to indicate that the associated MAC port is blocked or unblocked; and at least one MAC processor, ^ t may be coupled to the one or more MAC ports, adapted to read the one or more port indicators and adapted to indicate congestion based on the one or more selected ports indicator discarding one or more data units received by the one or more physical layer interfaces, and one or more ports based on the indicator indicating unblocking received by the selected one or more physical layer interfaces 接收到的一个或多个数据单元;转发模块,可操作地耦合到该一个或多个数据链路层控制器,适于接收被该一个或多个数据链路层控制器接纳的该一个或多个数据单元, 以及适于转发从该数据链路层控制器中接收到的该一个或多个数据单元;链路监控器,可操作地耦合到多个物理层接口,适于监控多个物理层4妻口的i连路状态;以及端口管理器,可操作地耦合到链路监控器,适于基于该监控的链路状态把该一个或多个端口指示符交替地设置以及重新设置为阻塞指示和解除阻塞的指示。 One or more data units received; forwarding module, operatively coupled to the one or more data link layer controller is adapted to receive the one receiving the one or more data link layer controllers or a plurality of data units, and adapted to forward the one or more data units received from the data link layer to the controller; link monitor, operably coupled to the plurality of physical layer interface adapted to monitor a plurality of i even 4-way wife port status of the physical layer; and a port manager, operatively coupled to the link monitoring unit adapted to monitor the link status based on the indicators of the one or more ports are alternately arranged and re-arranged instructions and directives to block unblocking.
  8. 8. 如权利要求7的设备,其中该一个或多个MAC端口的每一个还包括:入口端口部件以及出口端口部件。 8. The apparatus as claimed in claim 7, wherein the one or more MAC ports each further comprises: inlet port means and outlet port means.
  9. 9. 权利要求8的设备,其中该一个或多个端口指示符的每一个还包括:与该入口端口部件关联的入口端口部件指示符,该入口端口部件指示符适于指示该入口端口部件是阻塞的还是被解除阻塞的;以及与该出口端口部件关耳关的出口端口部件指示符,该出口端口部件指示符适于指示该出口端口部件是阻塞的还是被解除阻塞的。 9. The apparatus as claimed in claim 8, wherein the one or more indicators of each port further comprises: an inlet port member and an indicator member associated with the inlet port, the inlet port member is adapted to indicate that the indicator member is an inlet port It is blocked or unblocked; and the outlet port member ears close off indicator member outlet port, the outlet port means is adapted to indicate that the indicator member outlet port is blocked or being unblocked.
CN 200510117131 2004-11-01 2005-11-01 Port re-enabling by monitoring link status CN100550829C (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
US62441604 true 2004-11-01 2004-11-01
US60/624,416 2004-11-01
US11/028,351 2004-12-30

Publications (2)

Publication Number Publication Date
CN1819548A true CN1819548A (en) 2006-08-16
CN100550829C true CN100550829C (en) 2009-10-14

Family

ID=36919245

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200510117131 CN100550829C (en) 2004-11-01 2005-11-01 Port re-enabling by monitoring link status

Country Status (1)

Country Link
CN (1) CN100550829C (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101364878B (en) 2007-08-10 2011-01-26 海华科技股份有限公司 Method and system for automatically network connection port monitoring
CN102347861B (en) * 2011-10-21 2014-11-05 华为技术有限公司 Double-layer network configuration method and double-layer network equipment
CN105610740A (en) * 2016-02-26 2016-05-25 华为技术有限公司 Method for controlling port state, routing equipment and network processor

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6330229B1 (en) 1998-11-09 2001-12-11 3Com Corporation Spanning tree with rapid forwarding database updates
US6535490B1 (en) 1999-03-04 2003-03-18 3Com Corporation High availability spanning tree with rapid reconfiguration with alternate port selection
CN1459160A (en) 2000-07-20 2003-11-26 北方电讯网络有限公司 Apparatus and method for optical communication protection
CN1501642A (en) 2002-11-14 2004-06-02 华为技术有限公司 A method for transferring connection state of Ethernet port

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6330229B1 (en) 1998-11-09 2001-12-11 3Com Corporation Spanning tree with rapid forwarding database updates
US6535490B1 (en) 1999-03-04 2003-03-18 3Com Corporation High availability spanning tree with rapid reconfiguration with alternate port selection
CN1459160A (en) 2000-07-20 2003-11-26 北方电讯网络有限公司 Apparatus and method for optical communication protection
CN1501642A (en) 2002-11-14 2004-06-02 华为技术有限公司 A method for transferring connection state of Ethernet port

Also Published As

Publication number Publication date Type
CN1819548A (en) 2006-08-16 application

Similar Documents

Publication Publication Date Title
US7013482B1 (en) Methods for packet filtering including packet invalidation if packet validity determination not timely made
US7573859B2 (en) System and method for remote monitoring in a wireless network
US6704280B1 (en) Switching device and method for traffic policing over a network
US5859837A (en) Flow control method and apparatus for ethernet packet switched hub
US7735114B2 (en) Multiple tiered network security system, method and apparatus using dynamic user policy assignment
US6167029A (en) System and method for integrated data flow control
US6724725B1 (en) Automatic LAN flow control mechanisms
US20040255154A1 (en) Multiple tiered network security system, method and apparatus
US6563790B1 (en) Apparatus and method for modifying a limit of a retry counter in a network switch port in response to exerting backpressure
US20030076832A1 (en) Data path optimization algorithm
US20060059163A1 (en) System, method and apparatus for traffic mirror setup, service and security in communication networks
US6185214B1 (en) Use of code vectors for frame forwarding in a bridge/router
US6041058A (en) Hardware filtering method and apparatus
US20120063316A1 (en) Congestion notification across multiple layer-2 domains
US20030174718A1 (en) Scalable packet filter for a network device
US20130311675A1 (en) Network feedback in software-defined networks
US20060209685A1 (en) BFD rate-limiting and automatic session activation
US20110273988A1 (en) Distributing decision making in a centralized flow routing system
US8792353B1 (en) Preserving sequencing during selective packet acceleration in a network environment
EP1170925A1 (en) Mac address-based communication restricting method
US20070192862A1 (en) Automated containment of network intruder
US6842423B1 (en) Systems and methods for priority-based flow control masking
US20060203730A1 (en) Method and system for reducing end station latency in response to network congestion
US6718379B1 (en) System and method for network management of local area networks having non-blocking network switches configured for switching data packets between subnetworks based on management policies
US20010048687A1 (en) Telecommunication network with variable address learning, switching and routing

Legal Events

Date Code Title Description
C06 Publication
C10 Request of examination as to substance
C14 Granted