DE20023622U1 - Switch for multiservice network, has system control module having memory to store routing table with list of destination addresses reachable by interface modules and its all known routes - Google Patents

Abstract

Interface modules (10) have processor and memory to store a forwarding table with a list of destination addresses and associated known best route. System control module (14) has a memory to store routing table with a list of destination addresses reachable by interface modules and its all known routes. Routing table is referenced if the particular destination address is not found in the forwarding table. Buses (16,18,20) interconnect the interface modules and the system control module for transferring blocks of data to the particular destination address. An independent claim is also included for method of forwarding data blocks to destination address.

Description

FIELD THE INVENTION

The The present invention relates generally to network switches and more particularly to a multi-service network switch for deployment multiple network services from a single platform.

BACKGROUND THE INVENTION

The Today's providers of network services are facing extraordinary challenges faced. The volume of traffic is increasing rapidly. Both consumers as well as companies demand higher access rates and stay longer on the internet, and they are also looking for guarantees for calculable Performance levels and stricter service levels. This forces Internet service providers (ISPs) immediately, at the sites of their POPs (Points of Presence) greater capacity and higher transmission speeds vorzuhalten, and preferably without limitations on performance.

Around even to maintain an acceptable performance, the offer Service provider additional support for more Users, more traffic and more transactions, preferably without the creation of bottlenecks or impairment the network availability. Many network-based business transactions are time-critical and Typically, there are no intolerable delays or crashes.

In the effort To meet some of the challenges, some ISPs are transitioning to the large volume of traffic through access concentrators and high-end routers. The problem with conventional Access concentrators and high-end routers, however, is that these Components from their concept with a central central processing unit (Central Processing Unit, CPU) for the centralized processing are equipped. All Data is being transmitted directed a centralized route router / processor, the increases the processing overhead, bottlenecks causing scalability and a single point of failure (Point of Failure) creates. Indeed the central processor can do the higher Do not process data volumes effectively when new modules are added. If added more modules will hit the system performance to their limits.

to The challenge comes with the challenge of growing data volumes an increasing diversity the applied network technologies. For example, users can use dial-up connections, ISDN connections, leased lines, frame relays or virtual ATM lines on the public infrastructure access. You can for voice-band modems, Cable modems, various xDSL modems or other modems use. Within the infrastructure can be a POP of a service provider for example about ATM, Frame Relay or Ethernet connect to the core network and to other devices in the POP.

All Network technologies in conventional Way to support means for the ISPs that they typically add separate access servers, access routers, and / or stand-alone LAN switches, which is for the ISP generally leads to an increase in costs and management complexities.

Accordingly There is a need for a network switch that provides fault-tolerant and efficient services can provide that of increasing number and diversity data traffic in the network. Such a switch should preferably allow the ISPs to provide value-added services, that allow them to stand out from their competitors, new markets to open up and increase sales with their existing customers.

SUMMARY THE INVENTION

The present invention relates to a multi-service network switch capable of supporting multiple network services, including modem and ISDN services, Frame Relay support, LAN interfaces, Layer 2 and Layer 3, from a single platform. To provide switching. According to one embodiment of the invention, the switch includes a distributed packet routing architecture in which the various system interface modules (cards) have module-internal intelligence, route forwarding, and route processing information. Each module can thus autonomously make forwarding decisions, so that the data packets can be forwarded in parallel. In accordance with one aspect of the invention, decentralized packet forwarding is accomplished by a hierarchical routing scheme that includes a routing table, a routing table, and an IP cache. Each interface module preferably includes the IP cache and routing table of known destination addresses. If a destination address is found neither in the IP cache nor in the routing table, a look-up is made to the routing table, which retrieves the routing information for forwarding a packet.

In alternative embodiments The switch includes one or more of the following features:

Of the Switch allows dynamic resource management for the dynamic Assign resources to an incoming call. Thereby are Resources are not tied to specific ports, but can be from different interface modules are shared. If a resource is available anywhere in the system, it can preferably be used by every card. If one of the resources continues fails, she will not be available and calls preferably become others automatically Resources redirected. In a completely decentralized organized Architecture reduces this dependence on a single one Processing unit for sending or answering a resource request.

Of the Switch can also Error management functions to protect against individual points of failure within the switch. A fault-tolerant application manager Monitored (FTAM) System modules, and if a module fails, the FTAM software arises in the rest Preferably restores modules and reestablishes connections different resources or output ports. The FTAM is activated preferably hardware and software for automatic protection switching (Automatic Protection Switching, APS) for automatic recovery after device failures and Failures external Links.

Of the Switch can also facilitate the dial-up networking wholesaling, at the dial-up port to be resold to other ISPs by having the switch in several virtual router is partitioned. Every virtual router should preferably over its own set of resources (e.g., ISDN or modem resources) and have a routing table associated with the virtual router. Everyone virtual router therefore works as a separate, independent and independent Router. According to one In particular aspect of the invention, each virtual router is further to further control access to the network in virtual private networks partitioned. A virtual private network is formed by filters, each of which is associated with a filter criterion and an action is to execute that is when a data block directed to the virtual router is the Filter criteria met.

The Wählverbindungsnetzwerk-Wholesaling is also supported by the policy-based routing of the switch. Of the Switch allows you to choose a routing path for a particular one Connection based on call policies assigned to the call. Thus, by factors such as e.g. the inlink type of connection, a domain name, phone number or similar information to the router of a particular ISP.

Of the Switch also offers by setting quality of access levels (QoA levels) for each incoming connection request has a tiered access to the internet. about The QoA stages allow the switch to meet the incoming connection requirements priorities assign when there is competition for resources. Preferably assigned a higher priority to a connection request with a higher QoA level as a connection request with a lower QoA level.

The switch can also support an IP routing protocol and an architecture where the Layer 2 protocols are independent of the physical interface on which they operate. A port interface (PIF) module allows dynamic linking of Layer 2 protocols to physical interfaces. When a connection is made through the physical port, the switch generates a PIF object for that port. The PIF object preferably determines the layer 2 protocol to be used for the session based on the connection type and dynamically links a layer 2 interface to the media port layer 1 interface. In this way, Layer 2 protocols do not need to be made dependent on the physical media ports on which they operate, but can be set dynamically in runtime mode. For example, if a packet is to be forwarded to a physical port, the PIF receives the packet, adds the required Layer 2 encapsulation headers, and directs that Package to the respective physical interface on.

Of the Switch can also provide generic software for application transparency Forwarding Interface (GFI) include. The GFI software preferably makes the forwarding functions uniform Interface available, around the details for sending and receiving packets via different interface types to mask. It also defines preferably an interface over which the driver received Deliver packages and send packages from the system.

SUMMARY THE DRAWINGS

These and other features, aspects and advantages of the present invention will become more understandable when related to the following detailed description, the attached claims and its associated Drawings are considered in which

1 shows a block diagram of a multi-service network switch according to an embodiment of the invention;

2 a more detailed block diagram of a forwarding module 1 shows;

3 an exemplary flowchart for processing one at the switch 1 incoming call shows;

4 a more detailed functional block diagram of an IP forwarding module 2 shows;

5 shows a layout of a routing table;

6 shows a layout scheme of a routing table;

7 shows a design scheme of an IP cache;

8th a schematic of an ARP table is shown;

9 a flowchart of one from the IP forwarding module 4 triggered packet forwarding process shows;

10 shows a design schema of a domain database;

11 shows a scheme of a call policy entry;

12 shows a process flow diagram for policy-based routing;

13 shows a design scheme of an access quality table;

14 shows a representation of a path over which a connection could be made if switch resources are shared;

15 shows a schematic of a modem resource table;

16 shows a flowchart of a resource allocation process;

17 a schematic block diagram of the switch 1 shows on which a routing table is maintained for each virtual router;

18 shows a schematic of a session table with multiple virtual private network sessions;

19 shows a design scheme of a rule table with multiple virtual private network rules;

20 shows a schematic of a filter table with multiple virtual private network filters;

21 shows a flowchart of a filtering module initiated by a filtering module;

22 shows a block diagram of a switch with an APS mechanism for the failure of external connections;

23 shows a schematic block diagram of a switch with a backup port that is physically connected to another port on a separate card;

24 shows a schematic block diagram of a switch with 1: 2 protection switching;

25 shows a schematic block diagram of a switch with 1: 2 protection switching according to an alternative embodiment of the invention;

26 shows a schematic block diagram of a switch with 1: 1 protection switching;

27 Figure 12 shows a schematic block diagram of an IP forwarding layer as well as Layer 2 protocols and Layer 1 physical interfaces;

28 shows a schematic block diagram of Layer 1, Layer 2 and Layer 3 interfaces with multiple port interfaces;

29 a schematic block diagram of a generic forwarding interface showing the switch off 1 divided into drivers and applications;

30 shows a schematic block diagram of a generic packet format;

31 shows a layout scheme of a forwarding port address;

32 shows a schematic scheme of a physical port address;

33 Fig. 16 shows a layout scheme of input port information;

34 Fig. 16 shows a layout diagram of output port information;

35 a design schema shows assignments of virtual address ports and

36 shows a schematic schema of a generic forwarding interface that supports receiving queues and forwarding queues.

DETAILED DESCRIPTION OF THE INVENTION

I. ARCHITECTURE OF THE MULTI-NETWORK NETWORK SWITCH

1 Figure 12 shows a schematic block diagram of a multi-service network switch (also referred to as the "chassis" or "system") according to an embodiment of the invention. Each slot of the switch preferably operates a single interface module (a card) that serves as a forwarding module (FM). 10 referred to as. Every FM 10 preferably includes the module-internal intelligence, route forwarding functions and route processing information for the decentralized forwarding of packets, which will be described in more detail below.

An FM type, referred to as a System Control Module (SCM), hosts a route server and acts as a control point for network management. The SCM 14 also performs all the typical functions of an FM 10 out.

The switch includes at least two fault tolerance SCMs, a primary SCM and a secondary SCM. The primary SCM is selected when the system starts and all other FMs 10 announced. The primary SCM preferably selects the secondary SCM as a backup module. Should the primary SCM fail, the secondary SCM assumes its function as the primary SCM, preferably without loss of information and without service interruption.

Every FM 10 You can assign application-specific daughter cards that are called Personality Modules (PMs). 12 and serve as additional line interfaces or support hardware. In the preferred embodiment, each FM is assigned one or two PMs. The PMs given as an example 12 include Ethernet switch PMs 12a , Primary multiplex interface PMs 12b , Digital Modem Server PMs 12c and serial data interface PMs 12d , Together, the FMs 10 and the PMs 12 providing an ISP with a variety of services and supporting a variety of applications within one and the same platform.

The Ethernet Swicth PM 12a allows you to establish a LAN connection to a public network, such as the Internet. This module is typically used to connect server farms, intranets, and web servers to the Internet. According to one embodiment of the invention, the Ethernet switch PM 12a Twelve 10Mbps Ethernet ports and two 10 / 100Mbps Autosensing Ethernet ports / Fast Ethernet ports ready.

The Primary Rate Interface (PRI) PM 12b Provides dialup connections to the Internet. This module can be implemented as software for T1 / E1 or PRI ISDN connections. The PRI-PM 12b Provides redundant connections for automatic protection switching on each port. Port "A" 13 is assigned the role of the active primary port while port "B" 15 works as an active backup port.

The digital modem server PM 12c Provides dial access for modem calls. According to one embodiment of the invention, each digital modem server PM 12c a pool of 32 modems available. The digital modem server PM 12c preferably has no physical connections. Thus, incoming calls over the backplane become FM 10 to which the digital modem server PM 12c connected. The available modems are distributed to the incoming calls based on resource availability criteria such as the access quality and the ID of the virtual router. If a call can be handled, it will be independent of the FM 10 in which the call came in, randomly assigned to one of the available modems in modem pool.

The serial data interface PM 12d enables serial synchronous communication. The serial data interface PM 12d supports a total of four connections, for example three frame relay connections and one Ethernet connection or four frame relay connections and no Ethernet connection. The connection layer of the serial data interface PMs 12d is preferably frame relay type and typically connects to local routers or external devices that connect to ISPs or service providers.

In addition to the application specific PMs 12d can also use dedicated FMs 10 give the ISPs the opportunity to provide a variety of services. Fixed FMs 10 are preferably fixed configuration modules that have processing power and functions hard-wired to the module. Examples of dedicated FMs are digital modem server PMs and WAN trunk interface FMs. A WAN trunk interface FM provides the switch with channel-based T1 or ISDN primary rate access. A digital modem server PM provides dial-up access for modem calls. A digital modem server PM typically provides 32 modems, but can also do so by adding a digital modem server PM 12c provide up to 64 modems.

The switch preferably includes a redundant bus architecture for linking the FMs 10 and the SCMs 14 , This bus architecture preferably provides two management buses via the backplane of the switch 16 (right and left), two time-division multiplex (TDM) buses 18 (right and left) and two Cell / ATM buses 20 (right and left) available. In one embodiment of the invention, all cards use the right management and TDM buses by default. All cards in even slots use the left cell bus by default, while all cards in odd slots use the right cell bus by default. Due to the redundant bus architecture, the traffic can be automatically switched to the remaining bus, so that uninterrupted operation is ensured. After the failed bus has been put back into operation, the traffic is preferably automatically switched back to the now re-functioning bus.

The management buses 16 manage the system-internal communication for the monitoring of various system components. For example, the management buses carry messages for power-on operations, module status, and other hardware management functions.

The TDM buses 18 do the communication for the digital modem server PMs 12c , According to one embodiment of the invention, the TDM buses support 16c Over 2000 DS0 connections and manage the traffic load on them together.

The cell buses 20 transport in addition to the user traffic between the FMs 10 with the help of multicast circuits also internal protocol and control messages.

In addition to the assemblies described above, the switch also includes two clock cards, a right or first clock card 18a and a left or second clock card 18b each of which may be assigned the function of an active primary clock card or a redundant backup clock card. The right clock card 18a monitors the right TDM and Cell buses while the left clock card 18b monitors the left TDM and Cell buses.

Both clocks periodically check their respective TDM and Cell buses, as well as the status of system fan trays and system fans, and the presence and type of power supplies. The clock cards then transmit a chassis status message via their management bus 16 Broadcasting to all FMs 10 ,

The Timing cards are preferably with at least one clock signal source equipped to allow the switch dialing calls can receive. The clock signal preferably enforces receipt the synchronization between the sent and the received Bits. According to one embodiment the invention supports the switch up to five Reference clock signals, a primary Operating clock signal, a secondary one Clock signal for warranty the redundancy and up to three signals as alternative signals. Of the Switch can receive the reference clock signal either from an external source or derived from an internal system clock. When the input signal If a source becomes unacceptable, the clock card automatically switches to a backup clock source. In a similar way takes over the other card or the other bus operation, if a clock card or a TDM bus fails.

2 shows a more detailed block diagram of a forwarding module FM 10 out 1 , Even though 2 with reference to the FM 10 The same block diagram can also be used for the SCM 14 apply since the SCM 14 a special form of the FM 10 is. However, the SCM 14 additional memory as well as additional Flash PROMs and boot PROMs. According to one embodiment of the invention, the FM includes 10 at least one, but generally two RISC processors, namely a right or first (and also referred to as application CPU) processor (RCPU) 22a and a left or second (and also referred to as a driver CPU) processor (LCPU) 22b , In a preferred embodiment with two CPUs, the LCPU 22b mainly responsible for receiving and sending packets while the RCPU 22a mainly responsible for error management, protocol encapsulation and de-encapsulation and similar tasks. Both the RCPU 22a as well as the LCPU 22b have Peripheral Component Interconnect Buses (PCI buses) 28a and 28b Access to a shared memory 24 ,

A PCI bridge 30 connects the right PCI (RPCI) bus 28a with the left PCI (LPCI) bus 28b , Opposite the bridge 30 is preferably the RPCI bus 28a the primary PCI bus and the LPCI bus 28b the secondary PCI bus.

Every FM 10 also preferably includes a Generic Module Management Block (GMM Block) 26 to exchange messages with the RCPU 22a via the management bus 16 , According to one embodiment of the invention, the GMM 26 implemented as an intelligent microprocessor. The communication between the GMM 26 and the RCPU 22a is accomplished through a series of registers. The RCPU accesses the registers implemented in a programmable logic device 22a via an input-output PCI block 40 to. According to one embodiment of the invention, the GMM 26 two status registers (GST0 and GST1) are available, via which the RCPU 22a Queries and retrieves chassis status information, the status of the last issued command, the status of the previous and next messages in the message queues, and similar information.

The GMM 26 receives broadcast messages from other GMMs as well as messages via the management bus 16 to his FM 10 are addressed. According to one embodiment of the invention, only the GMM receives 26 on a map assigned the function of a chassis manager, broadcast messages. All other GMMs preferably ignore the broadcasted messages and only receive those the card addressed messages. Special processing is provided by the GMM resident on the chassis manager 26 applied to chassis status messages at regular intervals from the clock cards 18a and 18b be broadcast, as described in more detail below.

Every card, be it an FM 10 or an SCM 14 , the function of the chassis manager can be assigned. However, there is only one chassis manager - a primary chassis manager - for the entire system. If the primary chassis manager fails, a secondary backup chassis manager takes over the role of the active chassis manager.

The Selection of the primary Chassis Managers and Secondary Chassis managers preferably occur during system startup after turning on. Each card includes a chassis management switch, and all cards with chassis management switches turned on are chassis manager candidates. These candidates will turn on without any need started up to send activation requests. According to one embodiment The invention is the card in the lowest chassis slot with switched chassis management switch selected as the primary chassis manager, while the Card in the second lowest chassis slot with power on Chassis Management Switch is selected as the secondary chassis manager. If only one card exists in the system, it becomes both the primary chassis manager as well as to the secondary Chassis Manager. Once the primary and the secondary Chassis Manager selected are, these cards begin to respond to activation requests, those of the rest Cards are received.

The primary and secondary chassis managers communicate with hello messages over the cell bus 20 , The primary chassis manager controls the right active management and cell busses 16a and 20a , The secondary chassis manager controls the left standby management and cell busses 16b and 20b , If the secondary chassis manager detects a malfunction of the primary chassis manager (due to a timeout of the hello messages), the secondary chassis manager preferably switches to the right hand bus bus 16a , resets the primary chassis manager and becomes the new primary chassis manager itself. The new primary chassis manager selects a new secondary chassis manager based on the slot location in the chassis. If the primary chassis manager detects a malfunction of the secondary chassis manager, the primary chassis manager resets the secondary chassis manager and selects a new FM 10 which assumes the function of the secondary chassis manager.

The chassis manager includes a chassis management module (CMM) 34 , The CMM 34 Receives and sends chassis status messages via the GMM 26 and is responsible for monitoring and managing the system. Among other things, the CMM 34 responsible for the chassis energy management. So will a new FM 10 built into the system, so reads the GMM 26 the newly inserted card a serial EEPROM in the FM 10 and the PMs 12 and thus determines the energy requirements of the card. The EEPROM stores information about the model, revision, serial number, and power requirements of the card. The GMM 26 The new card then transmits the energy requirement in an activation message via broadcast via the management bus 16 to the chassis manager. The GMM 26 in Chassis Manager receives the request and forwards it to the CMM 34 to determine if the system can provide enough power to power up the card. If so, the GMM answers 26 in the chassis manager with a module activation message.

The CMM 34 in the chassis manager is preferably responsible for the clock card monitoring. The CMM 34 In the primary Chassis Manager, the Chassis Status messages stop listening at regular intervals from the right clock card to the right management bus 16a be sent while the CMM 34 In the secondary chassis manager, the chassis status messages are listening in at regular intervals from the left clock card over the left management bus 16a be sent. The chassis status messages include the status of the chassis power supplies, fans, and temperature. The GMM 26 in each chassis manager monitors its respective management bus for the chassis status messages. Subsequently, the GMM informs 26 the CMM 34 about every change in the chassis status message. If performance is a limiting resource, the CMM takes 34 Cards out of service, starting with the highest numbered slots, until the required power consumption can be met by the power supplies still in the system.

If the GMM 26 GMM will inform its CMM on a particular management bus not receiving two consecutive chassis status messages 34 , The CMM 34 then call the FTAM 36 who broadcasts a test message on his management bus. If the shipment is successful or fails because of unavailability of the target, it is assumed that in his clock card (eg the right clock card 18a ) an error has occurred, and the FTAM 36 generates an error notification. In this case, all cards are put back on the standby management bus (eg the left management bus 16b ) relocated. When the faulty card is in operation again, all cards are preferably returned to the original management bus (eg the right management bus 16a ).

If the transmission fails due to unavailability of the bus, it is assumed that the monitored management bus (eg the right management bus 16a ) an error has occurred, and the FTAM 36 generates an error notification. The associated chassis manager moves all cards to the standby management bus (eg the left management bus 16b ). The faulty management bus is monitored, and after re-commissioning all cards are preferably relocated to this bus.

Management and monitoring of the chassis by the CMM 34 done in combination with the FTAM 36 running on the chassis manager. An instance of the FTAM 36 also runs in each of the remaining cards in the chassis. While the CMM 34 responsible for the entire chassis is the FTAM 3b preferably responsible for detecting malfunctions and resolving some of the malfunctions that occur locally on the card. The FTAM 36 These include local monitoring, malfunction detection, malfunction notification, error detection, and (wherever possible) recovery from malfunctioning of cards and connections or ports.

Application software components are in the FTAM 36 registered, which identifies events to be monitored. If a malfunction is detected, the FTAM will notify 36 all applications registered for this event type. The FTAM 36 and the applications then take remedial action. For example, a clock manager application can be used in FTAM 36 for selecting external clock sources on active connections. An application for a list of redundant ports may be in FTAM 36 register for detecting bad connections and switching to active backup ports. IP applications can join the FTAM 36 to register forwarding tables with entries of failed connections or ports.

Every FTAM 36 detects a card malfunction via hello messages. Every FM 20 sends a hello message over the cell bus at fixed time intervals 20 out. If a card does not send hello messages, the remaining cards in the system mark that card as failed. The FTAM 36 In each card, all tables affected by the error event then update. The primary SCM 14 After detecting the card malfunction via the management bus to the primary chassis, it issues a reset request to restart the failed card.

Every FTAM 36 also preferably detects connection or port malfunctions. Connection and port drivers continuously monitor the health of all connections and ports. If a change of state is detected, a connection error message is broadcast to the FTAM 36 transmitted. The system's Automatic Protection Switching (APS) hardware and software mechanisms allow for automatic recovery of normal operation, both after device failure and when an external connection fails. For example, each port in the Primary Multiplex Interface (PRI) PM has 12b ( 1 ) via two connectors, namely a connector of port "A" 13 and connectors of port "B" 15 , Is on port "A" 13 detected an internal malfunction, the APS mechanism of the system automatically routes WAN traffic through the connector of port "B" 15 around.

Again referring to 1 includes every FM 10 continue a connection manager 46 and a resource manager 38 , The connection manager 46 detected at the FM 10 incoming calls, and the resource manager 38 manages and distributes local resources, including digital modem and ISDN intermediating resources. Each connection to the switch requires a specific set of hardware and software resources. For example, a frame relay call requires a line interface, an HDLC controller, a frame relay protocol stack, and frame forwarding software. Generally, all resources needed for a connection are at the input FM 10 and its associated PMs 12 to find.

Sometimes, however, traffic that enters the system through one card may require resources from another card. If the connection manager 46 therefore detects an incoming call is via the cell bus 20 Broadcast sent a resource request. The resource manager 38 in the one individual cards receives the request and determines what resources are needed. If the card has the requested resource, it will be assigned to the incoming call.

Every FM 10 also includes an IP redirector 44 for forwarding packets based on Layer 3 addresses. The IP router module preferably includes local routing information for forwarding a packet via a right or first IP forwarding engine 42a and a left or second IP forwarding engine 42b , If the FM 10 When it receives a packet, it forwards the IP forwarder 44 continue if he already knows the destination address. Otherwise, the IP forwarder performs 44 a comparison with a central routing table and retrieves from there the necessary routing information.

3 Figure 14 shows an example of a flowchart for handling a connection request made at the switch 1 arrives. The program starts, and in step 50 the connection manager detects 46 an incoming call to one of the physical ports of the FM 10 (ie the receiving FM). In step 52 informs the connection manager 46 the resource manager 38 in the receiving FM over the incoming call. The resource manager 38 look in step 54 a call policy table for a call policy entry corresponding to the incoming call. The call policy entry includes various parameters that dictate how the routing of the call should be made. Different policies can be used, depending on the inlink type of call, phone number, domain name, source address, destination address, or other conditions.

In the call policy parameters include an access quality class (QoA), a class for the quality of service (QoS), the ID of a virtual router and the ID of a virtual router Private network associated with the call. QoA is a procedure for the classification of users and the granting of access to the switch based on a comparison between its QoA class and the current resource usage. This procedure allows a graduated access to the Internet when competing for resources becomes. Each QoA class is preferably a percentage of a threshold assigned to resource usage. When the resource usage is under is the percentage of the resource usage threshold that that of the QoA class the incoming call is assigned, the call is accepted. Otherwise the call will be rejected.

QoS is a method of classifying users that determines the priority be forwarded with the packages after accepting a call. QoS provides preferential treatment by handling connection based on their QoS classes. The higher the higher the QoS class that is assigned to a call also the priority with the ones belonging to the call Packages are processed.

Based the ID of the virtual router and the ID of a virtual private network, which are assigned to an incoming call, the switch can Provide access to resources for the use of which the user is entitled. According to one embodiment According to the invention, the switch can be partitioned into multiple virtual routers be, each virtual router has its own set of Resources (e.g., IDSN or modem resources) and routing tables features. Thus, each virtual router preferably works independently and self-sufficient as a separate router. Each virtual router can also to further control access to the switch in multiple virtual Private networks (VPNs) to be partitioned. VPNs are set up with filtering software, the traffic that is directed to the virtual router, after certain criteria such as the source address and / or the destination address filters out.

After the QoA class, QoS class, virtual router ID, and VPN ID of a call are identified by the call policy record, the resource manager submits 38 in step 58 Broadcast a resource request to the remaining FMs 10 , If one of the FMs 10 has a resource that matches the QoA class and the ID of the virtual router sends the FM 10 with the available resource a response to the receiving FM 10 which causes the call to connect to the available resource.

When the incoming call is accepted, the program generates in step 59 a Port Interface (PIF) object that sets the Layer 2 protocol to use for the session. A generic forwarding interface provided by the switch then dynamically links the Layer 2 interface to the Layer 1 interface of the physical port. In this way, Layer 2 protocols do not need to be made dependent on the physical media ports they work on, but can be set dynamically at runtime.

In step 60 The program calls the authentication server of the ISP to call the user thentifizieren. A typical authentication server is a RADIUS server. The authentication server preferably includes a database of users and user-specific configuration information, which clearly indicates what type of service is to be made available to each individual user. The service configuration information may include the compression type, the QoA class, the QoS class, and / or a VPN ID associated with the user, and described in more detail below. According to an embodiment of the invention, the configuration information in the authentication server may replace the default configuration information output from the call policy database.

After authenticating the user, data packets can be forwarded to their destination addresses as in step 62 shown. In this regard, the switch provides a unified interface called the Generic Forwarding Interface (GFI) and for all internal packet forwarding either between ports on the same FM 10 or over the bus to another FM 10 is responsible in the switch. In particular, the GFI software provides transparency between applications and the connection protocol as well as the physical connection driver so that any physical interface can be associated with any protocol or application. Thus, all GFI forwarding functions are preferably protocol transparent.

If When a package arrives at the system, the GFI software translates the package using GFI utilities in a generic format. If a packet is to be transmitted to a physical port, it will call the GFI software is the forwarding feature of the driver in question which then transmits the packet. The forwarding function of the driver is then for identifying of the physical port and passing the packet to the PIF module responsible, from which the generic package in the driver-specific Format translated and sent to the requested port.

In front however, the forwarding of the data packet is preferably a Control performed, to determine if there are any filters that apply to the data packet are. The filters determine if the packet is forwarded or dropped shall be. The filters to be applied to the data packet become Identified by the VPN ID of the data packet.

II. DECENTRALIZED PROCESSING AND PACKET TRANSMISSION

One of the features of the multi-service network switch 1 is IP routing (Layer 3 Routing) using a decentralized processing and packet forwarding architecture. The IP forwarder 44 in every FM 10 Provides the intelligence required for packet forwarding and route processing. In contrast to a traditional access server, where a centralized processor bottoms out, a decentralized routing architecture helps to reduce or eliminate the single blocking point and allows products to be linked both to the number of interfaces connected and to the performance of the To scale packet forwarding.

4 shows a more detailed functional block diagram of the IP router 44 out 2 , An IP data packet arrives at a media port of a PM 12 and is powered by its media port driver 118 verarbeited. The IP data packet may also be from a backplane driver 120 be received, for example, if the packet from another FM 10 over the cell bus 20 was forwarded.

When a connection is made through the media port, the switch creates a port interface object (Port InterFace Object, PIF object) 122 for the port. The PIF object 122 sets the Layer 2 protocol to use for the current session based on the connection type, and the GFI software 124 dynamically links the Layer 2 interface to the Layer 1 interface of the media port. In this way, Layer 2 protocols do not need to be made dependent on the physical media ports they work on, but can be set dynamically at runtime.

The PIF 122 Also includes PIF structures for storing specific media and packet information for each port. PIF structures are kept as two-dimensional arrays, using a controller number and a port number as an index.

A logical port identifier (LPI) 128 communicates with the PIF 122 and includes the IP parameters associated with each physical port. The IP layer invokes an LPI send function whenever it wants to send a packet. The LPI send function identifies the physical port concerned and passes the packet to the PIF 122 where the media-specific Layer 2 encapsulation headers are added and the package is sent out via the relevant port.

If a package from the media port driver 120 The packet is preferably translated by the driver into a generic format and sent to the GFI software 124 Posted. GFI 124 preferably, handles all packet forwarding in a protocol-transparent layer, hiding the details for sending and receiving packets over different types of interfaces. GFI 124 Further, the packet is queued in one of four GFI buffers, based on the QoS of the packet, in the shared memory 24 of the system ( 2 ) resident are present.

A packet processing module 126 queries the GFI buffers for the packet and analyzes the parsing packet to determine the PIF structure of the packet. Once found, the packet processing module checks 126 preferably, whether the packet is a data packet and whether a session is established, and passes the packet to the IP redirector 44 , If the packet needs to be routed, the IP forwarder attempts to retrieve the destination information from its IP cache 102 or his routing table 90 retrieve. If this is unsuccessful, then the IP forwarder tries 44 , the information from a routing table 70 retrieve that in the SCM 14 is stored. In addition, the IP redirector could 44 from an address resolution log table 112 (Address Resolution Protocol table, ARP table) via an ARP function block 114 or by means of a management ARP request (MARP request) via a MARP function block 116 call up further parameters for the destination address.

5 shows a design scheme of a routing table 70 according to an embodiment of the invention. The routing table 70 contains a list of all IP destination addresses used by the FMs 10 are reachable, as well as all known routes to each of these destinations. The routing table may be generated based on standard routing protocols such as RIP, OSPF, GBP4, or the like.

According to one embodiment of the invention, the routing table includes 70 a field 72 for the destination, which identifies a configured IP destination address to which a packet could be forwarded. In addition, the routing table includes a subnet field 74 that points to the significant bits of the destination IP address by either hiding or displaying part of the address. The number "0" allows the corresponding bits of the destination IP address to be displayed if the number "255" hides the associated bits of the destination IP address. In this way, a range of addresses in the subnet can be specified.

The routing table 70 also includes a next-hop router field 76 that specifies an IP address to a next-hop router. An owner field 78 indicates how the route was learned. In particular, "OSPFE" indicates that the route is an external route learned from another routing domain (eg RIP). "OSPF1" indicates that the route is an in-area route. "OSPF2" indicates that the route is a cross-section route. "LOCAL" indicates that the route is directly connected. "STATIC" indicates that the route is a manually configured route. "DIALING POOL" indicates that the route has been assigned from a dial-up connection pool.

A cost field 80 indicates the costs associated with each route. The cost is based on a distance that is a measure of the IP destination address using the specified route. In general, the cost is calculated from any suitable or conventional range vector algorithm.

6 shows a scheme of a routing table 90 according to an embodiment of the invention. The routing table 90 is a subset of the routing table 70 , Unlike the routing table 70 includes the routing table 90 however, preferably a list of IP destination addresses and the best known route to each of these destination addresses.

Like the routing table 70 so also includes the routing table 90 a field 92 for the target and a subnet field 94 , which respectively specify the IP destination addresses and subnet masks. A next-hop router field 96 Specifies an IP address to the next-hop router if the route is a remote route.

A type field 98 specifies a port connection type. For example, if the port connection type is "SPORT", the destination IP address is a single port. If the port connection type is VLAN, the destination belongs to a virtual LAN. If the type is "DIAL", the destination port exists in the IP dial address pool.

The routing table also includes a flag field 100 that describes the route types. Valid values for this field are "S", which indicates a system interface in which the Destination on the far side of a switch interface exists, further "D", indicating a direct interface in which the destination (either on the same card or on another card) is connected to the switch, further "R" indicating that the target is remotely located on another device of the network, also "P", indicating that the target is a supernet, further "F", indicating that the target is a Default route, and finally "M", indicating that the destination is a management interface.

7 shows a design scheme of an IP cache 102 according to an embodiment of the invention. The IP cache 102 is also in each of the FMs 10 resident and contains a list of the last used IP source and destination address pairs as well as the address of the physical port and the header information. Thus, if a destination address exists in the IP cache, then packets can be forwarded without comparison with any routing or forwarding table, allowing for an increase in the forwarding performance.

According to one embodiment of the invention, the IP cache includes 102 a field 104 for the goal and a field 106 for the source specifying the last IP source and destination addresses. An output port field 108 Specifies a physical port over which data is sent to the destination address. A header field 100 indicates a 16-bit MAC header information for forwarding the packet to the destination address.

8th shows a schematic of an ARP table 112 according to an embodiment of the invention. The ARP table allows resolving IP addresses to MAC addresses and physical port addresses for local destinations. When a device to the FM 10 is connected, the IP software dynamically resolves the MAC-to-IP address translation and stores this information in the ARP table 112 of the FM 10 ,

The ARP table 112 includes an IP address field 200 which specifies an IP address to be translated into a MAC address and a physical port address. A MAC address field 202 Specifies the MAC address that corresponds to the IP address. A field 204 for a physical port specifies the physical port address corresponding to the IP and MAC addresses. According to one embodiment of the invention, the port address convention is as follows:
device type.chassis.slot.PeronalityModuleLoacation.link.port

The device type is a two-character description of the type of PM 12 that provides the connection. The switch preferably supports at least the following PMs: Primary Multiplex Interface PMs 12b for ISDN (is), Primary Multiplex Interface PMs 12b for T1 (t1), Digital Modem Server PMs 12c (mo), Ethernet switch PMs 12a (s) and serial data interface PMs 12d for Frame Relay (fr).

The Chassis number (chassis) is a number assigned to the switch is. The slot number indicates the slot in which the FM is plugged in. The slots are in turn from Numbered top to bottom, starting at slot number one. The Personal Module Location (PersonalityModuleLocation) is either a right PM (number 1) or a left PM (number 2). The Connection (link) indicates the number of logical connections that are configured in the module. The port number (port) gives a port in the PM. According to this Connection refers to a physical port address En.1.3.1.1.1 a Connection to an Ethernet module in chassis 1, slot 3, right PM, connection 1, physical port 1.

The ARP table 112 also includes a type field 206 indicating that the address is static ("S"), if the address in a network has been statistically configured, locally ("L"), if the address is on a directly connected network, dynamically ("D"), if the address has been learned, ("R") removes, if the address was on a remote network, point-to-point type ("P") if the address is on a point-to-point link a router ("T"), if the address belongs to a router, or broadcast type ("B"), if the address was learned via a broadcast packet.

9 shows a flowchart of one of the IP forwarder 44 triggered packet forwarding process. When an IP packet to be routed to the IP forwarder 44 is passed, the program puts in step 210 determines if the IP cache 102 includes the destination address. If the IP cache 102 contains an entry for the destination address, the MAC header is taken from the header field 110 copied into the package, and the package gets in step 212 forwarded to the physical port, that of the output port field 108 is specified. The backplane driver 120 is used to forward the packet if the physical port is on another Map is resident.

If the IP cache 102 does not contain an entry for the destination address, the program puts in step 214 Determines if the destination address is in the IP forwarding table 90 is included. If the answer is yes, the program retrieves the route to the destination and determines whether the route is being routed through one of the ports on the same card or via another card. If the route is routed via one of the ports on the same card, it can be processed locally. Accordingly, the program looks in step 216 in the ARP table 112 after the destination address, if it is attached directly, or after the next hop router, which is the next hop router field 96 the routing table 90 if it is a distant route. If either the destination address or the next-hop router in the ARP table 112 is found, as in step 218 is queried, the packet is sent to the specified physical port address and the entry is sent to the IP cache 102 added.

If there is no entry in the ARP table for the destination address or the next-hop router, the path to the destination does not pass through one of the ports on the same card. Therefore, the program calls in step 220 a management ARP (MARP) protocol to determine if the path to the destination passes through a port on another card. For this purpose, the program prefaces the IP packet with a MARP request packet and broadcasts it via the management bus 16 to determine if another FM 10 has the path to the destination. The FM 10 with the destination IP route takes the MARP packet and forwards the IP packet via the appropriate interface. Then a MARP response packet is sent back to the FM 10 from which the MARP package came from, leaving its ARP table 112 according to step 222 can be updated with the port information. All the following packages can now be forwarded directly to the port and do not need to be broadcast over the bus.

Is at the step 214 the destination address is not in the routing table 90 included is a request for the route to the SCM 14 Posted. In step 224 the program asks if the destination address is in the routing table 70 is included. If the answer is yes, the route to the destination address is retrieved and in step 226 stored in the forwarding table. If several routes to the same destination exist, the SCM delivers 14 preferably the route with the least cost. If there are multiple routes to the same destination and both routes cost the same, the SCM will deliver 14 the route that is in the routing table 70 appears first. The program then compares to the ARP table or calls the MARP request to forward the packet to the destination address.

If the destination address is not in the routing table 70 is included, delivers the SCM 14 in step 228 a message stating that the destination was unreachable, and the package will be in step 230 dropped.

III. POLICY-BASED ROUTING

Another feature of the multi-service network switch off 1 is the ability to select a router based on specific properties of a connection request. Such features include an incoming access channel or inbound access connection, a calling or called telephone number, a domain name, a source address, a destination address, and the like. Among other things, this feature facilitates wholesaling dial-up connections to other ISPs. For example, all user traffic received by a particular type of connection (eg, an ISDN line) may be routed to the router operated by a wholesaling ISP assigned to the inlink. Policy-based routing thus allows selection of a routing path within the switch without having to refer to a separate routing table.

For the domain-based Routing can use the login information of a user (e.g., "user@isp1.com") to select an ISP and authenticate the user with the authentication server of the ISP. After authentication, all packets coming from the user are taken forwarded to the router responsible for the domain operated by the ISP was assigned.

According to one embodiment of the invention, the switch maintains a domain database with parameters defining the domain with which the user is to be connected. 10 shows a design schema of a domain database 380 according to an embodiment of the invention. Every domain database 380 is a domain name 382 preceded by identifying it, and a user can specify to be connected to it. The domain database 380 also includes the address 384 a next-hop router that identifies a router assigned to that domain. Packages from that with the Domain connected users come, are then forwarded to the respective router.

For the source-based Routing packets to a specific router based on the source address of the router Forwarded packet. Thus, the user accesses a particular one Source address only to the domain that is behind the assigned one Router stands. According to one embodiment The invention is router information for source-based routing for each User set up in the ISP's authentication server.

For call-policy-based Routing packets are based on a phone number, a connection or a dial-up channel forwarded to a specific router. According to one embodiment the invention maintains the switch has a call policy database with call profile information, which are referred to as call policy parameters and determine how a dial-up connection to treat. In particular, the call policy parameters allow the selection of specific routers to which all user traffic to be addressed. The call policy database can be done in several ways be configured, but preferably in the form of multiple call policy entries, from each one a unique profile for a series of users defined that require access to the system.

11 shows a scheme of a call policy entry 290 according to an embodiment of the present invention. The call policy entry 290 includes a search key 291 for entering the entry. The search key 291 may be arranged to be one of several different features or one of several different combinations of features associated with an incoming call. Preferably, the search key 291 a telephone number, an inlink, or a channel within an in-line (eg, DS0) on which the call is transferred, or a combination of both. For example, if the search key indicates "Called," the call policy is applied to the called telephone number. If the search key indicates "calling", the calling policy is applied to the calling telephone number. If the search key is "inlink", the call policy is applied to all calls received over a given inlink. The special inlink and / or the special channel are in a source connection field 292 and / or a source channel field 293 specified. The calling or called numbers are in a telephone number field 316 specified.

Each call policy entry 290 includes a call type 294 indicating a type of received call and a service type 296 indicating a type of service requested by the call. According to one embodiment of the invention, the call type includes 294 ISDN and modem calls and the service type 296 Point-to-Point Protocol (PPP) or Terminal Services.

Each call policy entry 290 also includes a QoA class 298 indicating the priority type to be given to the call and a QoS class 300 indicating the priority type to be given to the packets to be transported when the call is accepted.

The call policy entry 290 also includes an ID 302 a virtual router and an ID 304 a virtual private network. The ID 302 The virtual router specifies a virtual router to which the call is to be delivered. As will be explained in more detail below, each virtual router is assigned a set of resources and routing protocols that allow the virtual router to act as an independent router within the switch. The ID 304 virtual private network specifies a virtual private network that controls access to the virtual router.

In addition to the above features, the call policy entry specifies 290 an authentication source 306 either as the ISP's authentication server or as a local database provided by the switch. If the authentication source is the ISP's authentication server, the call policy entry specifies a primary authentication server 312 and a secondary authentication server 314 which is activated if the primary fails.

The call policy entry 290 also includes an IP address of a domain name server (DNS) to handle the call. The switch preferably supports a primary DNS address 308 and a secondary DNS address 310 which is activated if the primary fails.

To select the correct dial-up router, the call policy entry is included 290 a domain ID 311 with an index on a domain database entry. The domain database entry contains the address of the router that is to handle the traffic coming from the user.

12 FIG. 12 shows a policy-based routing process flowchart according to an embodiment of the invention Invention. The program starts, and in step 318 the connection manager detects 46 an incoming call and informs the resource manager 38 about queuing a call. In step 320 the resource manager asks 38 from the call policy database using one or more of the search keys 291 the correct call policy entry 290 from. In step 322 are the in the call policy entry 290 listed call parameters and identified in step 324 applied. Other policies, such as domain-based routing, may also be used if appropriate. In step 326 The program routes the call to the correct router based on the policy parameters.

IV. ACCESS QUALITY IN ACCESS SERVER

Another feature of the multi-service network switch off 1 is the ability to allow tiered access to system resources including dial-up modem and ISDN resources by assigning QoA classes to incoming connection requests. In this way, an ISP using the switch can offer different access classes whose rates are different. The higher the QoA class, the higher the access priority, and therefore the likelihood of connecting if the availability of resources in the switch is low.

According to one embodiment of the invention, the QoA class is for an incoming call in the call policy entry 290 Are defined. The call policy entry indicates QoA access classes based on a particular feature of the incoming call, such as the inlink type, the telephone number, or similar information. When a connection is requested, the call policy entry of the call is retrieved and the call's QoA class is identified. The call is then assigned a requested resource based on the identified QoA class and current resource usage.

If the authentication server of the ISP to authenticate the user is used, becomes a QoA class the user also as part of the user configuration information Are defined. The QoA class in the authentication server can be configured this way they will the QoA class in the call policy record.

13 shows a design schema of a QoA table 332 according to an embodiment of the invention. The QoA table 332 includes a standard number of QoA classes 328 and access thresholds 330 that are associated with each of the QoA classes. According to one embodiment of the invention, the standard number of QoA classes is 328 four. The each of the QoA classes 328 assigned access threshold 330 Preferably, specifies a maximum number of resources that may be in use before a resource is assigned to the connection request. If the resource usage is the access threshold 330 according to the QoA class 328 exceeds the user's request will be rejected. In the example in 13 a user with the lowest QoA class (class 1) always has access to available system resources. A user with a QoA class of 2 has access to available system resources until 75 percent of those resources are in use. At this point, new users no longer have permission to access system resources until more resources become available. For a user with a QoA class of 4, system resources become the limiting factor once the access threshold reaches 25 percent.

According to one embodiment of the invention, the system reserves the system resources for other connections by disconnecting users with low QoA classes. In this regard, the resource manager controls 38 at regular intervals the degree of utilization of the system resources (eg every 60 seconds). The resource manager 38 compares the system resources in use with the access threshold 330 that is associated with the QoA class of each logged-in user. If the system resources in use are the access threshold 330 of a user, the user is disconnected. If several users with different QoA classes are connected to the Internet, the resource manager disconnects 38 the users preferably in descending order. For example, users with a QoA class of 4 will be disconnected first, then users with a QoA class of 3 and so on, until enough resources are available again to serve future connection requests.

For example, assume that three users are connected to the Internet. User 1 has a QoA class of 1, User 2 has a QoA class of 2, and User 3 has a QoA class of 3. As long as the system resource usage is 50 percent or less, all three users remain connected to the switch. Once the utilization reaches 70 percent, only users 1 and 2 remain connected. User 3 is disconnected, and the resources used by User 3 until then were again from the resource manager 38 claimed. If system resource utilization increases to 80 percent or more, only user 1 remains connected to the Internet.

If multiple users with the same QoA class are connected to the Internet, the Resource Manager disconnects 38 Preferably, the users with the same class on the first-in-first-out principle from. Thus, the user who was logged in the longest is first disconnected.

V. MODEMPOOL MANAGEMENT FOR MONITORING

Another feature of the multi-service network switch off 1 is the ability to dynamically allocate system resources to incoming connection requests. The resources are not set to specific ports, but can be shared by the various cards as needed.

14 Figure 10 shows an illustration of a path through which a connection could be established when resources are shared. In the example in 14 If the connection is a modem call that is DS0 to a port of a T1 WAN trunk interface FM 380 arrives. The FM does not have its own modems, so the resource manager 38 an available modem is looking for and DS0 over the TDM bus 18 to the digital modem server FM 382 routes. After demodulation, the resulting packets are prepared as needed and over the cell bus 20 to an output FM 384 forwarded.

According to one embodiment of the invention, that is in each FM 10 resident existing resource manager 38 responsible for allocating and managing system resources. The resource manager preferably maintains a table of local resources and broadcasts this information to all other FMs 10 in the system. After that, each FM owns 10 a complete overview of all the resources available or in use on the switch. The resource manager 38 In addition, it is preferably responsible for monitoring the error-free operation of local resources. For example, suspected defective modems may be marked unavailable and taken out of service.

15 shows a design scheme of a modem resource table 334 by the resource manager 38 is guided in accordance with an embodiment of the invention. Similar tables are also preferably maintained for ISDN and other system resources.

The resource manager 38 tracks available modem resources in the modem resource table 334 both for QoA classes and for the virtual router (VR). Therefore, the table includes 334 a VR-ID field 336 indicating the virtual router for which modem resources are being tracked. A field 338 for the maximum local resources specifies a maximum number of modems that the VR on the FM 10 are assigned. A value of zero in this field may indicate that the FM 10 is not a modem module. A field 340 Maximum Global Resources indicates a maximum number of modems in the entire switch that have been assigned to the VR.

A field 342 for the current local resources specifies an actual number of modems that the Vr on the FM 10 be available. The difference between this number and the number from the field 338 for the maximum local resources specifies the number of modems that the VR on the FM 10 are in use. A field 344 the current global resources are the number of modems in use by the VR throughout the switch. The difference between this number and the number from the field 340 Maximum Global Resources specifies the number of modems in use by the VR in the entire switch.

A QoA field 346 Specifies the switch-supported Qoa classes. According to one embodiment of the invention, the switch supports four QoA classes, with class 1 corresponding to the highest priority.

A field 348 for the local QoA, the number of modems that are in the FM 10 available for the listed QoA class for the specified VR. In the example in 15 For example, a QoA of 1 accesses the switch when zero or more modems are available (100% of the time), while a QoA of 2 accesses the switch when 8 or more modems are available (75% of the time), a QoA 3 accesses the switch when 16 or more modems are available (50% of the time) and a QoA of 4 accesses the switch when 24 or more modems are available (25% of the time).

A field 350 for the global QoA provides similar information as the field 348 for the local QoA, but for the entire switch. Thus, the field gives 350 For global QoA, the number of modems available throughout the switch for the QoA class listed for the specified VR.

A field 352 for the local acceptance given by the number of available local resources as indicated in the box 342 For the current local resources, check whether each of the listed QoA classes is on the FM 10 can access. The valid values are preferably yes and no. The values Yes and No are calculated dynamically, so that as resources increase, the Yes values can change to No values, with the exception of QoA class 1, which is always allowed access.

A field 354 for global acceptance provides similar information as the field 352 for local acceptance, but for the entire switch. Thus, the field gives 354 for global acceptance based on the number of available global resources as indicated in the field 344 for the current global resources, whether each of the listed QoA levels can access the switch.

16 FIG. 12 shows a flowchart of a resource allocation process according to an embodiment of the invention. FIG. When a user in step 356 triggers a connection request, the connection manager detects 46 the incoming connection request in step 358 over one of the interface lines and notified in step 360 the resource manager 38 who in FM 10 receiving the request (the receiving FM) is resident. In step 362 calls the resource manager 38 the associated call policy entry 290 based on the connection request properties from the call policy database. The retrieved call policy entry includes, among other things, the call type, the QoA class, and the VR ID associated with the call.

Depending on the call type, the resource manager determines 38 the type of resource to assign to the call. For example, if it is an ISDN call, it will be assigned ISDN resources. If, on the other hand, the call is a modem call, modem resources are assigned to it.

In step 364 The program asks if the specified resource is local to the receiving FM 10 resident is present. If the answer is yes, the resource manager instructs 38 in step 366 assign the specified resource to the call based on the specified VR ID and QoA class. In step 368 updates the resource manager 38 his local resource table 334 indicating the assignment of the specified resource. In addition, the resource manager submits 38 in the receiving FM 10 a broadcast that indicates that the specified resource has been assigned so that all other resource managers can also update their respective resource tables. In step 370 the user is authenticated, preferably via the authentication server of the ISP, and can now begin to send and receive data packets.

If - again with reference to step 364 - The specified resource does not exist locally, the resource manager submits 38 in step 372 Broadcast a resource request that includes the QoA class and the VR-ID associated with the incoming call. The resource manager 38 in the remaining FMs 10 receive the request and check their local resource tables 334 whether a resource is available for the specified QoA class and VR-ID. If so, the receiving FM receives 10 in step 374 a message from each individual FM 10 showing the availability of the requested resource. According to one embodiment of the invention, the first FM 10 that answers the connection request, the call is assigned while the remaining responses are ignored.

When assigning the resource to the call, the connection manager submits 46 the receiving FM 10 like step 366 shows, by broadcast, a connection request to the resource with the first answering FM 10 connect to. The connection manager 46 in the receiving FM 10 will answer with a message that the call has been connected. According to one embodiment of the invention, the answering FM 10 a modem from its local pool, starting with the modem on port 1. The next call, from the receiving FM 10 takes over, goes to port 2, then to port 3 and so on. If a call to port 1 or port 2 terminates before port 3 takes a call, ports 1 and 2 remain unused, with the third call still serviced by port 3. If a modem port is in use and this port is the next port that would normally answer the call, the port will now be randomized so that each subsequent port can answer the call.

If no resources are available, those of the specified QoA class and the specified ones VR ID, causes the connection manager 46 in the receiving FM 10 that the call is terminated.

When a call is connected and assigned a resource and the call is to be terminated, the interface line transmitting the call receives a request to disconnect the call and informs the connection manager 46 , If the call is a local resource from the receiving FM 10 is assigned, it is terminated locally, and the resource assigned to the call is returned to the pool. All resource managers 38 then update their resource tables, which now indicate that the resource has become available.

If the call has a resource assigned from another card, the connection manager submits 46 in the receiving FM 10 Broadcast a request to disconnect the call. The connection manager 46 in the FM 10 that assigned the resource will then disconnect the call. The connection manager 46 in the FM 10 who has assigned the resource will then broadcast a message that the call has been disconnected. The resource is then returned to the free pool and the resource managers in each of the FMs 10 update their resource tables, which now indicate that the resource has become available.

VI. MULTIPLE VIRTUAL ROUTER

Another feature of the multi-service network switch off 1 is the ability to partition the switch into multiple virtual routers (VRs) with each VR assigned a set of resources (eg, ISDN or modem resources) and routing tables. Thus, each VR works independently and self-sufficient as a separate router.

The System concept for resource management enables efficient deployment from VRs. As described above, system resources are not at one bound to a specific slot or interface and can Therefore be distributed flexibly to the different VRs.

According to one embodiment The invention becomes a standard system router when booting the system generated. This router is preferably constantly present in the system, and all resources belong to the system router until they are reassigned to the VRs.

One System Administrator can create new VRs and these resources to assign. The system administrator can also configure routing configurations for the Make VRs.

One new VR is preferably generated by giving it a unique name and a unique VR ID. Subsequently, will the new VR by setting up its physical interfaces and IP interfaces and by enabling its routing protocols configured. After configuration, the VR is activated and can henceforth as an independent Router work.

In particular, a portion of the resources available to the system are allocated to the newly created VR. Such resources may be dial-up modem, ISDN, T1, PRI, Ethernet, and / or Frame Relay resources. Ethernet resources are partitioned by PM. Thus, each VR has either the entire Ethernet Switch PM 12a or no PM at all. PRI and T1 resources are partitioned at DS0 level. Frame relay resources are partitioned at the level of the permanent virtual circuit (PVCs).

Each VR is also assigned a number of modem and ISDN resources in the dial-up pool. According to one embodiment of the invention, each VR is assigned a fixed percentage or a fixed number of the pool. The resource manager 38 monitors the usage of resources for each VR for each QoA class. When a call comes in, the resource manager identifies 38 the VR ID of the incoming call and dynamically allocate the modem or ISDN resources if it is within the limits set for the user's VR and QoA.

In addition, each VR has an instance of an IP protocol stack and its own routing table 70 for routing protocols such as RIP, OSPF, GBP4 and the like. The SCM 14 Therefore, as in 17 illustrates a routing table for each VR 70 based on the VR ID. Moreover, each VR has its own routing table 90 and an IP cache 102 for forwarding IP packets, which are also routed using the VR-ID.

Everyone VR can also be used in several virtual private networks (VPNs) to control be partitioned to access certain parts of the VR. The Access control is accomplished with a filtering software that traffic directed to the VR based on criteria such as e.g. of the Source or destination addresses filter.

According to one embodiment In the invention, VPNs consist of VPN sessions, VPN rules, and VPN filters. VPN sessions are a set of criteria that the switch uses Traffic in the network compares. VPN rules determine how the packets that match the VPN session, to be processed. VPN filter link VPN sessions with VPN rules.

18 shows a design scheme of a session table 240 with different VPN sessions according to an embodiment of the invention. Every VPN session in 18 includes a session ID 242 which is used to classify a particular session. Because sessions are queried in numeric order, the session ID returns 242 preferably also the order in which sessions in the session table 240 be compared with packages. For example, Session 1 is compared first, then Session 2 and so on. If a packet does not match any of the sessions, it cycles through the list until the next session.

Each session also preferably includes a VPN ID 244 which is used to classify and categorize dial-up connections. For example, a group of users from the employees of a company with a specific VPN ID 244 who are granted access to the corporate network as well as the Internet, while a second group of users are customers with a different VPN ID 244 which is granted access to the internet but not to the corporate network. In one embodiment of the invention, the VPN ID of each user is configured in the ISP's authentication server.

Each session also includes a pair from an IP source address 246 and a destination address 250 which must correspond to packets sent and received on the network. A source comparison mask 248 and a destination comparison mask 252 allow the specification of a subnet, a group of hosts or all addresses. In this way, the switch identifies those packets that are candidates for the filtering process.

For example, give a session ID 242 of "1", a VPN ID 244 from "111", a source address 246 from "any", a source comparison mask 248 from "any", a destination address of "10.1.0.0" and a destination comparison mask 252 from "255.255.0.0" a VPN session "1" for users with a VPN ID of "111" (eg the employees of a company) and allow them to come from any point or any source address and to any Subnet in the 10.1.0.0 network (eg the corporate LAN) can access. On the other hand give a session ID 242 of "2", a VPN ID 244 from "any", a source comparison mask 248 of "255.255.0.0", a destination address of "208.277.214.0" and a destination comparison mask 252 of "255.255.255.0" a VPN session "2" indicates that any user (VPN-ID of "any") in any subnet in the 10.1.0.0 network (eg the corporate LAN) on the network 207.221.211.0 access (eg the dial-up pool for access to the Internet). In these examples, packets are compared with each session in ascending numerical order by session ID. Therefore, if a package does not match the session ID 242 " 1 ", it is then compared to the session ID" 2 ".

After this a package is selected for filtering The VPN rules determine a series of conditions which the package is to be processed. The rule may specify that this Forward packet or skip it.

19 shows a design schema of a rules table 254 with different VPN rules according to an embodiment of the invention. Each VPN rule includes a rule ID 256 to identify the conditions of the rule. In addition, each VPN rule includes a rule priority 258 to specify the order in which the rules apply to a packet that matches a particular VPN session. An action field 260 specifies the action to be applied by the rule to the package. Valid actions preferably include forwarding or omitting the packets.

Each session also includes an IP protocol field 262 and an application layer protocol field 264 , The IP protocol field specifies the name of the IP protocol to be filtered. The application layer protocol field specifies the application layer protocol from which the packet was submitted to the VPN.

A session number field 266 Specifies the number of VPN sessions that use the rules. A pa ketzahlfeld 268 Specifies the number of packets forwarded or dropped by the switch.

The VPN filter is preferably the entity that associates a VPN session with a VPN rule. Thus, if a package based on the criteria in the session table 240 For filtering, the software asks the rule associated with the session from the rules table 254 and the rule determines whether the packet continues to move through the network.

20 shows a design scheme of a filter table 270 with various VPN filters according to an embodiment of the invention. Each filter includes a session 272 and one with the session 272 linked rule 274 , The session 272 corresponds to the session ID 242 in the session table 240 , and the rule 274 corresponds to the rule ID 256 in the rules table 254 ,

When a media port receives a packet, it determines if it is to be filtered. If so, it is passed to a filter module that performs the corresponding filtering operation. According to one embodiment of the invention, the filter module is in each of the FMs 10 resident present.

21 FIG. 12 shows a flowchart of a filtering module initiated packet filtering process according to one embodiment of the invention. FIG. Each packet to be filtered contains a VPN ID. Thus, the program starts and searches in step 280 after the VPN-ID in the package. The program also searches the session table 240 for the right VPN ID 244 , The program searches the session table 240 based on the session ID 242 in ascending numerical order. Once the program has found a session that matches the VPN ID, ask in step 282 Whether the source address of the packet matches the source address specified for the session 246 matches. If the answer is yes, the program asks in step 284 determines whether the destination address of the packet is the destination address specified for the session 250 matches. If the answer is YES again, then the program will search in step 286 the filter table 270 after the rule that belongs to the matching session. In step 288 the program searches the rule table 254 to determine the conditions specified for the rule, and process the packet according to these conditions (ie forward or omit the packet).

VII. AUTOMATIC PROTECTION

Another feature of the multi-service network switch off 1 is the ability to provide fault tolerance through hardware and automatic protection switching (APS) software. The APS makes it possible to cradle component malfunctions within the switch (eg malfunctions of terminals) as well as malfunctions on external connections and to restore operation via backup components. Thus, if a terminating unit or an external connection fails, each of these elements is automatically re-routed to a backup component without interrupting operations. There are two elements of a connection, namely an external connection and a termination unit connected to the external connection. Thus, the APS is preferably divided into two areas, one responsible for circling malfunctions and the automatic recovery from a failure of termination units and the other for circling malfunctions and automatically recovering from a failure of external connections.

Of the Switch supported preferably all combinations of primary components and backup components. For example, the backup component can have a port on it Module (card), another module within the same slot, another module in another slot, but in the same rack or another module in another slot and in one be different frame.

22 shows a schematic block diagram of a switch with an APS mechanism for the failure of external connections. The switch includes a primary module 506 and a backup module 508 , where the primary module is a primary WAN connection 502 and a backup WAN connection to the backup module 504 arrives. Both the primary and backup modules include an overvoltage protection device 510 . 514 and a line interface unit (LIU) / framer 512 . 518 , The same data over the primary WAN connection 502 are also preferably received over the secondary WAN link 504 receive. If the software fails on the primary WAN connection 502 For example, if there is a transmission error, the APS software switches reading from the primary WAN connection 502 on the backup WAN connection 504 around. Switching from the primary WAN link to the backup WAN link is preferably instantaneous and does not interrupt the system functionality.

According to one embodiment of the invention, the backup WAN connection 504 selected from a list of redundant ports (RPL). The list of redundant ports provides a user-defined list of backup connections for each connection in the system. The backup connection can be of the same type as the primary connection or of another type. For example, an ISDN connection could have a T1 sublink as a backup connection.

Of the Switch also provides an APS mechanism for the termination of terminators such as broken modems or broken ports. According to one embodiment There are two possibilities of the invention to secure financial statements. A possibility is to provide each card with two or more ports, each of which is primary Port is backed up by a backup port. So should a primary one Port fail, takes over a backup port whose function. Another possibility is the use of two or more cards, with each primary card through a backup card is secured. So should a card fail, take over one of the other cards whose function and processes the data.

23 Figure 12 shows a schematic block diagram of a switch with a backup port that is physically connected to another port on a separate card. A primary module 501 includes a primary port 503 and a backup port 505 , The backup port 505 is via a backup connection 511 physically with a different port 509 on a backup module 507 connected. Will be on the primary port 503 detected a malfunction, the relay forwards traffic to the backup port 505 which, in turn, is the traffic to the port 509 on the backup module 507 redirects.

According to one embodiment of the invention, a malfunction on the primary port 503 detected by hardware by monitoring the activity of the port. If there is no activity (eg no change in the operating state) of the port after a programmed period of time (eg 290 milliseconds), then the protective relay switches 520 automatically to the backup port 505 around. The APS software keeps the data in the backup port 505 up to date with the primary port. Thus, if a switch from the primary port to the backup port, so no data loss will occur. If the backup port is on the same card, the same memory will be used. If the backup port is on a different card, the APS software preferably writes the data to both cards at the same time.

The APS architecture is preferably a one-to-many architecture in which each backup component supports n primary components, where n is greater than or equal to one. For example, a 1: 2 protection switch indicates that there is a backup component for every two primary components. According to one embodiment of the invention, the switch offers a choice of a 1: 1, a 1: 2, a 1: 3 and a 1: 4 protection switching for T1 / E1 connections as well as a choice between a 1: 1 and a 1: 2 protection switch for CT3 connections (channeled E3, T3 and OC3). 24 shows a schematic block diagram of a switch with 1: 2 protection switching according to an embodiment of the invention. Port No. 1 522 is about the backup connection 528 to the backup port 526 connected, and port no. 2 524 is about the backup connection 530 connected to the backup port. With such a 1: 2 protection switching, each of the two operating connections can be switched to the protection circuit.

25 Figure 12 shows a schematic block diagram of a switch with 1: 2 protection switching according to an alternative embodiment of the present invention. port 1 has a first primary connection 540 , and port 2 has a second primary connection 542 , Instead of each port, as in the embodiment of 25 , has its own backup connection, ports 1 and 2 share a backup connection 544 ,

26 shows a block diagram of another embodiment with a 1: 1 protection switching. This is where the external connection B works 532 as a backup for the external connection A 534 , According to this embodiment, the LIU and other logic units become via a selection relay 536 either on port A 538 or Port B 540 switched. Therefore, should the external connection B 534 fail, the relay turns off 536 on Port B 540 to get data from the external connection B 532 to read.

VII. MODULAR, INDEPENDENT PROTOCOL STACK ARCHITECTURE

Another feature of the multi-service network switch off 1 is the ability to support an IP routing protocol and architecture in which the Layer 2 protocols are independent of the physical interfaces on which they operate. In contrast to the well-known switch technology, in which a protocol is assigned to a physical port during compilation, the switch is configured in advance Preferably, a port with the correct protocol when the port is activated, that is, dynamically after establishing a connection, which allows switch applications to be independent of the physical ports on which they operate.

Of the Switch supported preferably a plurality of interfaces of wide area networks (Wide Area Networks, WANs) and local area networks (Local Area Networks, LANs). These physical interfaces include, but are not limited to, those of Modem, ISDN, T1 and Fractional T1 (T1 / FT1), non-channelized T3 (UT3), ATM-OC3, ATM-DS3 and Ethernet type. Furthermore supports the Switch has a variety of Layer 2 protocols, such as Point-to-Point Protocol (PPP), PPP over Frame Relay (PPP / FR), PPP over Ethernet (PPOE), the Layer Two Tunneling Protocol (L2TP), Layer 2 Forwarding (Layer-Two Forwarding. L2F), RFC 1483 Bridged, RFC 1483 Routed, RFC 1490 Bridged and RFC 1490.

With the flexibility A single port can be used to dynamically configure a port an L2TP for a session and an L2F for support another session. About that In addition, the same protocol for each session can be operated on different ports. So will For example, PPP is typically used with modems. With the dynamic However, port configuration can also use PPP over Ethernet, T1 or ISDN lines be operated without you is limited to a single physical interface type. moreover Not only is the switch capable of delivering different packet types of different media types to process, but he is also able to forward the packets to any kind of medium. For example, you can Data via PPP into the switch and leave it again via ATM.

The dynamic configuration of ports can also be on a variety from media, such as to narrowband for voice transmission, Broadband or DSL, just to name a few. A port can also be one Medium, for example T1. The software architecture allows it, that modules for different Media in a switch can communicate with each other.

27 shows a schematic block diagram of an IP forwarding layer 600 as well as layer 2 protocols 602 and physical Layer 1 interfaces 604 , The dynamic configuration of ports makes it possible, for example, to link PPP with modem, ISDN, T1, UT3, ATM DS3 and ATM OC3. Moreover, Layer 2 protocols can 602 be dynamically coupled together so that a new Layer 2 protocol is created. The new Layer 2 protocol can then interface with a Layer 1 interface 604 be linked.

According to one embodiment of the invention, the port interface (Port InterFace, PIF) allows 122 ( 4 ) dynamically linking layer 2 protocols to layer 1 protocols. When a media port becomes active, the switch creates a PIF object for the port. Preferably, PIFs are from the GFI software 124 ( 4 ) generated by the media driver 118 is triggered. The PIF object sets the Layer 2 protocol to use for the current session by the connection type, and the GFI software dynamically links the Layer 2 protocol to the Media Port Layer 1 interface. Logging is maintained for the duration of the session.

28 shows a schematic block diagram of Layer 1, Layer 2 and Layer 3 interfaces with multiple PIFs 122 , one PIF per port. When a port is activated, the media driver generates 118 preferably a PIF structure / PIF module that stores specific media and packet format information for the port, including port type, encapsulation, status information (eg, active or inactive), and various port numbers (eg, physical port address, forwarding port address, and backplane port address). The PIF also tracks the status of the PIF, reports changes to the FTAM, maintains a statistics of the ports, and stores a pointer to the currently dialed in user for dial-up ports.

According to one embodiment The invention relates to PIF structures held as two-dimensional arrays in which the controller number and the port number can be used as an index. To find one particular PIF of a port will be both the controller number and also the port number used within this controller.

The PIFs for All physical ports are preferably at startup a card generated. The PIFs are initially in an inactive state. When the ports become active, changes the PIF status changes to an active state. For dial-in ports, the PIF put into an active state as soon as a user talks about it Port dials. When the call is disconnected, the PIF status becomes inactive State brought. The PIF is preferably not removed because in the PIF structure also the port statistics is kept and it is useful The port statistics are also available after disconnecting a user to have.

A Message "Port active" is always then from all LAN cards sent to the SCM when the state of a port of a inactive to an active status changes. The WAN cards send the Normally, the message "Port active" does not work to the SCM. The message "Port active "is preferred sent from a WAN port if this port is configured for that is the routing protocol update messages such as RIP and To transport OSPF packets.

A Message "Port inactive" is always then sent to all cards in the chassis when the condition of a Changes ports from an active to an inactive state. To Upon receipt of this message, the cards remove those entries in the card Forwarding table and the ARP table, which make the port inactive specify.

The PIF module in the SCM is also for the guide and Management of the List of Redundant Ports (Redundant Ports List, RPL). For Each of the physical ports allows the user a different physical Set up the port as a backup port. The backup port is preferred not part of any logical port identifier (LPI). The backup port is used if the primary port fails. All Packets are usually sent to the primary port. The backup port is kept in an inactive state. Packages are from the backup port neither sent nor received when the primary port is active. Should the primary Port fails, the PIF module releases the backup port in the SCM, and from now on, all packets will be sent to the backup port. According to one embodiment The invention will use the backup port whenever the primary port again available will be put back in the inactive state, and all packages will be back to the primary Port sent. Alternatively, the packages continue to use the backup port for the rest the session and do not switch to the primary port.

In an alternative embodiment According to the invention, the RPL is guided in a decentralized manner. The RPL is used by the SCM as part of its initialization on each card distributed when the card is put into operation. On each of the Cards, the backup port is kept inactive. Should the primary Port fails, an RPL message "Port out of service" is sent to all cards. If the Cards receive the RPL message "Port out of service" asks Each card will dedicate its RPL table to whether one of its ports is the backup port. If so, this card puts the port into an active state and start working on this port traffic. Also remove all cards all entries in the routing table and the ARP table pointing to the primary port refer. From this point on, all traffic flows to Backup port. If the primary Port available again will be an RPL message "Port in operation "to all Sent cards. The card on which the backup port is located, puts the port in an inactive state and sends a "port out of service" message to the backup port to all cards. The message "Port except Operation "causes all Cards, the entries in the forwarding table and the ARP table to remove the refer to the backup port. From this point on, the primary Port active again. The RPL table is synchronized on all maps. Whenever a change is made on the RPL table, it is scanned by the SCM on all cards distributed.

The IP forwarder 44 ( 4 ) is interfaced with the PIF and sends and receives packets to and from the PIF via the logical port identifier (LPI) 128 , A logical port identifier (LPI) 128 communicates with the PIF 122 and includes the IP parameters that pertain to each physical port. The IP layer invokes an LPI function whenever it wants to transmit a packet. The LPI send function identifies the correct physical port and passes the packet to the PIF 122 to add the media-specific Layer 2 encapsulation header and send it out via the correct port.

To processing the initial one Packets are preferably the identified Layer 2 encapsulation headers stored in an IP cache entry. In this way, the IP forwarder, the PIF and Layer 2 functions in the following Bypass packets, which minimizes overhead in packet processing. Thus, Layer 2 encapsulation headers for all subsequent packets to the IP cache entry taken.

IX. GENERIC FORWARDING INTERFACE

Another feature of the multi-service network switch off 1 is the ability to provide a unified interface to the forwarding functions to mask the details for sending and receiving packets over different interface types. This is preferably done via the Generic Forwarding Interface (GFI). 122 ( 4 ), which allows applications (eg, the IP forwarder, PPP, and other functions provided by the switch) to send and receive packets in a generic format.

According to one embodiment of the invention, the GFI handles all internal packet routing either between ports on the same FM 10 or over the bus to other FMs 10 in the switch. The GFI preferably makes forwarding functions transparent, regardless of whether a packet is forwarded to a remote or local card. In addition, forwarding functions are transparent regardless of the input and output ports used for the packet. For example, an input port may be of the "frame relay over ISDN" type, while the associated output port may be switched to a frame relay line without the IP relay module 44 ( 4 ) to go through.

The GFI 124 provides protocol transparency by allowing the switch, as in 29 Illustrates in drivers 620 and applications 610 is divided. The applications 610 are at runtime preferably with drivers 620 connected. In this way, applications and drivers can be dynamically coupled and decoupled, providing port flexibility. The dynamic link also frees up memory and processing resources that are not needed for unused logs.

Applications and drivers that want to receive and forward packets register various features of the GFI, including receive, forward, and / or poll. The drivers 620 preferably register their forwarding functions for forwarding packets to a physical port. When a packet is to be forwarded to a physical port, the GFI calls the forwarding function registered by the driver of the port.

applications 610 preferably register their receive functions with the GFI to receive and process incoming packets. Receiver functions are registered to service various types of packets, including, but not limited to, packets received via media ports, forwarded packets, and packets destined for known internal ports. A protocol processing or forwarding function such as PPP or IP forwarder typically registers with the GFI to receive and process packets received through the media ports. Forwarded packets are processed by applications that perform translation and encapsulation functions for a given output port. Receiver functions also register with the GFI for handling packets destined for known internal ports, such as a management channel used to exchange external management information.

Both applications 610 as well as drivers 620 can register with the GFI query functions for periodic call. Query functions are often used to verify the function of the switch. In a preferred embodiment of the invention, two interrogation frequency levels can be specified, namely high and low. Preferably, foreground functions such as packet processing use the high polling frequency while background functions such as timer processes use the low frequency polling. In alternative embodiments of the invention, multiple levels of polling frequencies may be used.

When a package arrives at the system through a media port, the package will become one or more buffers (GFI buffers) in shared memory 24 receive ( 2 ). The driver associated with the media port receives the package and translates it into a generic format using GFI utilities. The driver also creates a GFI descriptor that defines the packet and has pointers to buffers that belong to the packet. The package is then transferred to the system for processing by the applications.

If a packet is to be sent to a physical port calls the GFI has the forwarding function of the corresponding driver, to send the package. The forwarding function of the driver is preferably for the translation the generic package into the driver-specific format and the Sending the package over responsible for the requested port.

All packets entering the system are preferably converted to protocol transparency in a generic packet format (GPF). 30 shows a schematic block diagram of a GPF 700 according to an embodiment of the invention. The GPF 700 preferably includes a list of shared memory buffers and a descriptor pointing to the buffers. The descriptor is in a general packet descriptor (GPD) 702 and one or more buffer descriptors 704 divided. The GPD preferably contains four words. In one embodiment, the first word of the GPD includes a byte total 706 for the package as well as different routing flags 708 , The routing flags include flags for fragmentation, multicast, switched and monitored. In this embodiment, the total byte count is the length of a packet.

The second word defines a QoS value 710 and a VPN ID 712 , The VPN ID identifies a virtual private network associated with the packet. The QoS value identifies the priority class for handling the packet. In a preferred embodiment of the invention, the GFI provides eight QoS classes. After a packet has been assigned a QoS value, the GFI ensures that the packet is serviced throughout the system according to its QoS value. In addition, for the packets, the GFI provides resources such as the CPU, backplane, communication channel, and system buffers according to their QoS values.

The third word specifies output port information 714 , The output port information is preferably entered after the routing information of the packet by a comparison in the IP router module 44 was determined.

The fourth word identifies an input port 716 who receives the package. The fourth word also includes a reference number for multicasting. The reference number is used by drivers to keep track of a packet being transmitted to multiple ports.

The buffer descriptor preferably includes a buffer control word and a pointer to a system buffer 717 , The buffer control word includes control information 718 as well as the number of data bytes 720 in the buffer. The control information includes control flags that define the buffer type.

A port addressing scheme used for the input port information 716 and the output port information 714 allows forwarding packets to any location in the switch. The port addressing scheme is preferably hierarchical and based on chassis, cards, controllers, and ports. In addition, ports are divided into five categories: local ports, internal multicast ports, internal unicast ports, external multicast ports, and remote ports. According to one embodiment of the invention, the GFI provides two different types of port addressing schemes, namely a forwarding port address (FPA) and a physical port address (PPA). 31 shows a schematic diagram of an FPA according to an embodiment of the invention. FPA is preferred for routing packets in the switch. 32 shows a schematic diagram of a PPA according to an embodiment of the invention. The PPA is preferably used for external use, for administrative purposes, and for configuring ports within the switch.

The GFI preferably provides two FPA types, namely a local FPA and a Backplane FPA. The local FPA is used to send packets to local To manage media drivers. The backplane FPA is used to package to forward to remote ports.

Forwarding of packets is based on the controller number for both local FPAs and backplane FPAs. Each component on the card preferably has a controller number 601 , For example, there is an Ethernet controller for an Ethernet component and an ISDN controller for an ISDN component. The controller number is part of the FPA. The controller number allows the GFI to send the packet to its driver. According to one embodiment of the invention, the controller number has only local meaning. If there are four drivers on a card, four controller numbers are assigned to the four drivers so GFI can send packets to them.

It there as well a controller for the backplane driver. The backplane driver preferably uses the controller number zero. The backplane is another driver that comes under the GFI running. Backplane packets do not leave the switch. They go to one another card in the switch. All packages to other cards within the switch should be forwarded to the backplane driver Posted. If a package has to be sent to another card, it will changed the controller number, what makes it possible send the packet to a remote port. The scheme includes address areas which determine the port type.

The Backplane also includes an address area. When sending a Package from one card to another card, as it happens, if a packet that gets into the switch from a modem and via Frame Relay is transferred to another card, the package becomes redirected to the backplane by changing the controller number to zero. Packets directed to remote ports become the backplane driver directed. If a package is received from the other card, will the controller address switched to frame relay.

When a driver receives a packet from a port, it generates a GPD 702 for the package. there the driver preferably generates the input port information 716 , as 33 illustrated. The input port information 716 includes eight flag bits and 24 address bits. The flag bits specify the source control information that allows the receiving application to apply the proper routing and encapsulation functions.

The output port information 714 is preferably established after the routing information of the packet from the IP router module 44 was received. 34 FIG. 12 is a schematic diagram of the output port information according to an embodiment of the invention. FIG. The output port information 714 includes eight flag bits and 24 address bits. The field consisting of the eight flag bits is used as control information which is passed by the application to the drivers responsible for transmitting the packet.

The Output port information is preferably constructed such that applications a packet to a local port address (LPA), a known internal Multicast Address (WKIM), a known internal unicast address (WKIU), a known external multicast address (WKEM), a dynamic external multicast address (DEM) and an address of a remote port (RPA).

When a packet is forwarded to a local port (that is, locally on the card), the output port specifies the physical port address, as in 32 illustrated. Local ports that are visible to the other cards are associated with backplane driver ports. The backplane driver ports are used to route packets to remote ports. The backplane driver accomplishes an assignment of port addresses in the incoming packets to local port addresses.

WKIM addresses provide internal communication paths between applications on different modules ready. For example, if an application running on the ISDN module running, wants to send a message to the management IP stack on the SCM is running, it uses the appropriate WKIM address that matches the IP stack of the SCMs is assigned. If there are several SCMs in the system, then the message to the management IP stack all SCMs sent. If the user has a known internal If you want to use port within a map, you have to use the WKIU.

A WKEM is used to group multiple external ports. For example becomes a WKEM for an application such as OSPF set up the broadcast to one List of ports required. about a DEM capability the user can set up multicast groups on the fly and dissolve again.

If an application on a card a package to an external port on a different card, she uses the RPA, assigned to this port. Before a remote port is addressed If an assignment of the RPA to a physical port address occurs. Every card in the system is for the assignment of their own ports to RPAs responsible. In the preferred embodiment lead the invention Helper programs in a header file the required mapping out.

With the exception of the local port address, all of the above categories of addresses are preferably virtual addresses. A virtual port address is assigned to one or more physical port addresses. The assignments of the virtual port addresses according to an embodiment of the invention are in 35 illustrated. Preferably, the controller number 0 is assigned to the virtual addresses. In a preferred embodiment of the invention, the backplane address ranges are as follows:

The Known internal multicast is used to send packets to the internal ones Run applications that run on multiple maps. Examples therefor are OSPF, RIP and call log. The well-known external Multicast is used to forward packets to a group of ports for a known one To direct application. Examples include ports that use routing protocols as OSPF, RIP and BGP4 are used. Dynamic multicast becomes used by application logs that generate dynamic and delete require multicast groups. For a dynamic multicast can Group members are dynamically added and deleted. IP multicast is an example for dynamic multicast.

A another function provided by the GFI is distributed multicasting. To send a packet to a multicast group will only be one packet generated. When the packet is sent to a multicast group, it will sent the package to the backplane. Then the package becomes the multicast group conveyed. If the recipients receive the package, this is in the receiver card to the right one Media ports forwarded, without it needs to be copied.

The GFI also takes care of Transparency in the hardware configuration. Such are, for example the number of CPUs and the DMA capability for the applications are transparent. The storage arrangement between platforms can vary from card to card Completely be different. The GFI makes them transparent for applications. Therefore, applications do not need to be drivers and memory too To take care of. The exact properties of a map are set at runtime. The GFI relocates all data structures based on the GFI configuration to the right positions. When the GFI is activated, it calls a generic platform feature to initialize the platform on. The generic platform function inherits the parameters for a platform. The platform feature determines what type of map it is and what kind of memory it represents and then sets up appropriate Data structures and memory. Parameters passed by the function be, set the shared memory configuration and the Buffer size fixed. For example, a parameter for a modem buffer size of 255 kB be returned to GFI. For every Card there is a platform function. Thus, the same code is on different cards executable.

The GFI software is designed to work on different Hardware platforms executable is. For example, the GFI is on all staff modules like also on all generic hardware modules (i.e., the high-speed Generic Module, the Low-Speed Generic Module, etc.). After this implemented a driver based on the GFI interface he can, without any modification from platform to platform be relocated. About that In addition, the GFI makes the system's CPU configuration (i.e. CPU or two CPUs) for the applications and drivers transparent. When transitioning from a single-CPU configuration to a configuration with multiple CPUs and vice versa are no changes required at the drivers and applications.

When processing packets on a single CPU platform, the GFI goes through a receive queue and controls the code specified in the packet descriptor. The GFI checks fer whether an application is registered to receive the package. The applications register when initializing at the GFI. When an application is registered to receive the package, the GFI calls the registered application and passes the package descriptor to the application.

On In a multi-CPU platform, there is a queue CPU and an application CPU. The queuing CPU accomplishes the Organization of queues while the application CPU the Processing takes over. A macro hands over the package based on the QoS class specified in the package descriptor is to a QoS queue, which is to be processed by the application CPU. The GFI code does the number of CPUs is configuration-transparent. Whether the GFI on one CPU or running on two CPUs, makes for the driver that has the GFI receive function calls, no difference. The GFI passes a packet to a queue, if it is running on a platform with two CPUs, or it calls the function a platform with a single CPU directly on.

If Passing a package to an application the application (1) can forward the packet, (2) the packet omit or (3) keep the package. If the application is called so she delivers one of these three codes to the GFI.

One application is the IP redirector module 44 who receives the IP packet and makes forwarding decisions regarding the packet. After the forwarding decision is made, the IP router module sets the GFI destination address in the packet descriptor and returns a forwarding code. If the IP router detects that the packet is out of order or can not be processed, it provides the GFI with an ellipse code that indicates that the packet should be skipped. If the IP forwarder module determines that the packet is to be held, the module later transfers the packet because the routing information has not yet been determined.

If the forwarding code returned and running the GFI in an operating environment with two CPUs passes the GFI sends the packet to the queuing CPU. In contrast, the GFI runs in one Operating environment with a CPU, the GFI calls the send function for the GFI directly on. The transmission function decides in dependence of which driver this package has to go to and directs the package to send to the right send function.

If The GFI running on a platform with two CPUs automatically becomes one set of queues, namely receive and forward queues. In one embodiment of the invention are four receive queues and four forward queues available. The single queue is used to switch between to differentiate between different QoS classes. The GFI takes off the packet from the queue, processes it by QoS, then call the send function on and finally puts the package for the right one Driver send function ready. Which driver send function is called will hang from the forwarding port address in the packet descriptor. The forwarding port address has one Controller number, which in turn sets the driver of the package should receive.

In an alternative embodiment of the invention, the GFI supports eight receiving queues (RQs) and eight forwarding queues (FQs). 36 FIG. 12 shows a layout scheme of the receive and forward queues according to one embodiment of the invention. FIG. When the driver receives a packet, it uses the QoS value assigned to the packet to place it in one of the eight RQs. Similarly, when an application forwards a packet, it uses the QoS value assigned to the packet to place it in one of the eight FQs.

The The queue scheme described above is preferably for configuration only used with two CPUs. If the GFI in a configuration with only one CPU is running, the forwarding and receiving queues are not generated or used. The GFI makes this transparent to its users.

The GFI also provides inter-processor communication (IPC). Using IPC capability, applications running on different processors on the same card can exchange messages with each other. To receive messages via IPC, an application registers with the IPC using the function calls contained in gfi-ipc.h. The IPC offers two modes of operation, namely synchronous and asynchronous operation. When using synchronous operation, an application can send a message to a client running on a different CPU and wait for the response. The IPC provides the mechanism by which the responding party sends a message to the requestor when the synchronous mode is used. If an application does not require an explicit acknowledgment of a message, it uses the asynchronous mode. In this Case, the IPC queues the message and returns immediately to the application.

Even though this invention based on certain specific embodiments has been described for the expert numerous additional Modifications and variants are obvious. It is therefore noted that the present invention in any other than the concrete manner described can be applied. Thus, the present embodiment should The invention is considered in all respects as illustrative and not restrictive and the scope of the invention will become apparent from the attached claims and their equivalents.

Claims (9)

Data Switch, including: Means for receiving a connection request, Means for identifying a Protocol associated with the connection request, medium for dynamic linking of the identified protocol with a port, where the dynamic Link allowed the port while a first communication session packets after a first protocol too send and while a second communication session packets according to a second protocol to send without reinitializing, and Means for formatting the package according to the identified protocol, the identified Protocol, both as a first protocol and as a second protocol, is a Layer 2 protocol. The data switch of claim 1, further including a cache for storing encapsulation information due to of the identified protocol. The data switch of claim 1, further including medium for establishing a communication session with a terminal, medium for identifying a first communication protocol of a plurality data packets associated with the communication session medium to dynamically configure a first port with the one identified first communication protocol for a duration of the communication session, with the first port in the Location is dynamic with a different communication protocol to be configured when the communication session is finished, medium for formatting a data packet based on the identified communication protocol, and a switching interface to the agent for Formatting is coupled and forwarding the formatted Data packets, and which has further Means for identifying a second communication protocol, wherein the identified second communication protocol from the identified first communication protocol deviates Means for dynamically configuring a second one Ports with the identified second communication protocol, without to reinitialize, Means of translating the formatted Data packets in the second communication protocol, and medium to send the translated Data packets via the second port. The data switch of claim 1, further including one first physical port adapted to a plurality of data packets receive, each data packet is characterized by a from a first variety of Layer 2 protocols, Means to Identifying the Layer 2 protocol of each received connection request, medium for dynamic linking of the identified Layer 2 protocol with the first physical one Port for every data packet, Means for translating the plurality of Data packets a second physical port adapted to the variety of translated Data packets, each translated data packet marked is by one of a second plurality of Layer 2 protocols, medium for dynamic linking of the translated Layer 2 protocol from the large number of translated data packets with the second physical port, and Means for sending the linked Variety of translated Data packets via the second physical port. Data switch according to claim 4, characterized in that that the first and the second plurality of Layer 2 protocols a point-to-point protocol (PPP) includes. Data switch according to claim 5, characterized in that that the first and second plurality of Layer 2 protocols use a point-to-point protocol via frame relay (PPP / FR). Data switch according to claim 5, characterized in that that the first and second plurality of Layer 2 protocols provide a point-to-point protocol over Ethernet (PPOE) includes. Data switch according to claim 4, characterized in that that the first and second plurality of Layer 2 protocols a Layer 2 tunnel protocol (L2TP). Data switch according to claim 4, characterized in that that the first and second plurality of Layer 2 protocols a Layer 2 forwarding protocol (L2 F) contains.