JP3721880B2 - Packet relay device - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention relates to a relay device that interconnects a plurality of networks and relays packets.
[0002]
[Prior art]
With the increase in Internet users, traffic (packets) flowing through the Internet has increased rapidly. In the packet-type communication method used on the Internet, packets from a large number of users can share the same line, so the cost per band can be kept low. Moreover, the fact that strict management such as quality control for each user was not performed is also a factor for realizing low cost.
[0003]
Due to the low cost of this packet-type communication method, there has been a movement to reduce the communication cost by integrating the telephone network and the corporate network that have been realized in the conventional network with the Internet. In order to integrate them, it is necessary to realize QoS (Quality of Service) and security such as low delay time and low discard rate, which have been realized by conventional telephone networks and corporate networks.
[0004]
QoS control that realizes QoS must identify specific applications (telephone traffic, etc.) to be controlled and individual users (enterprises, etc.) while preferentially forwarding them with priority according to the contract. . QoS control is common in ATM (Asynchronous Transfer Mode) exchanges. The QoS control of the ATM switch comprises a bandwidth monitoring means for performing bandwidth monitoring in a bandwidth contracted at the entrance of the network and a priority transfer means for preferentially transferring the packets complying with the bandwidth with a contracted priority.
[0005]
The priority transfer means in this ATM exchange is described in, for example, Japanese Patent Laid-Open No. 6-197128 (hereinafter referred to as “Prior Art 1”). Here, two output buffers for CBR and VBR are provided for each output line. By making the output priority of the cells stored in the CBR buffer higher than that of the cells stored in the VBR buffer, the communication delay time in the ATM switch can be reduced for CBR traffic cell groups with severe restrictions on communication delay. It can be suppressed within a certain value.
[0006]
The bandwidth monitoring function in the ATM switch is described in Chapter 4 (hereinafter referred to as “Prior Art 2”) of The ATM Forum Traffic Management Specification Version 4.0. Prior Art 2 describes GCRA (Generic Cell Rate Algorithm), which is an algorithm for bandwidth monitoring. By performing bandwidth monitoring based on the GCRA at the entrance of the network, it is possible to prevent a specific user from occupying network resources.
[0007]
The ATM switch sets the connection in advance, and the bandwidth monitoring information and priority information (cell transfer priority) in the connection information table set in the ATM switch based on the connection information of the input cell (including user and usage information) ) And the like, the bandwidth monitoring is performed using the bandwidth monitoring information, and the priority transfer is performed on the priority information (connection type communication). On the other hand, since the router device does not set a connection in advance, it does not have QoS control information such as bandwidth monitoring information and priority information in the connection information table and connection information table in the case of an ATM switch (packet type communication). For this reason, in order to perform priority transfer and bandwidth monitoring in the router device, the router device newly needs flow detection means for detecting bandwidth monitoring information and priority information based on information in the header for each input packet. The bandwidth detection means and the priority transfer means are applied to the detected bandwidth monitoring information and priority information by the flow detection means. In this specification, a packet identification condition created by combining information such as information in the header is a flow condition, a series of traffic that matches the flow condition, and whether the input packet matches the flow condition. This determination is called flow detection.
[0008]
The QoS control in the router device is mentioned in, for example, Japanese Patent Laid-Open No. 6-232904 (hereinafter referred to as “Prior Art 3”). In the prior art 3, in order to execute QoS control in the router, the packet priority is set based on the mapping table that holds the priority of all combinations of the information for identifying the priority in the packet and the protocol (= higher application) information. Disclose the decision. Based on the determined priority, priority transfer can be executed to ensure QoS.
[0009]
Another conventional technique related to QoS control in a router device is Diffserv (Differentiated Service) (hereinafter referred to as “Prior Art 4”) described in RFC2475 of IETF (Internet Engineering Task Force).
[0010]
Prior art 4 will be described with reference to FIG. The Internet 325 realizes QoS contracted between the corporate networks A to D and the Internet 325. Prior art 4 uses the flow detection means (classification in the prior art 4 in the conventional art 4) when the edge router A326 or edge router B327 (called a boundary node in the prior art 4) at the entrance of the Internet 325 receives a packet from the enterprise network A321 or the enterprise network B324. (Referred to as “fire”) discloses that flow detection is performed using a source / destination IP address, a source / destination port number, a protocol, etc. in a TCP / IP header as a flow condition. Further, it is disclosed that the bandwidth monitoring of the flow extracted by the classifier is executed to determine the DS which is the priority in the Internet 325 and write it in the DS field (= TOS). Further, it discloses that the backbone router 328 (referred to as an interior node in the prior art 4) that is a core node of the Internet 325 implements QoS in the backbone router 328 by performing QoS control based on the value of the DS field.
[0011]
It is also necessary to perform flow detection in order to execute filtering for realizing security. In the case of connection-type communication, if a connection is set only with a partner who is permitted in advance and connection setting with a partner who is not permitted is prohibited, it is easy to protect security because a cell from an unexpected partner will not be received. However, in the case of packet-type communication, there is a possibility of receiving a packet from all terminals connected to the network, and it is necessary to execute filtering that completely discards a packet from an unexpected partner. Similarly to QoS control in filtering, first, flow detection that identifies the filtering target (for example, a packet from another office in the company or a packet from other sites) is performed for each input packet to indicate whether or not packet transfer is possible. It is necessary to determine transferability information. The router executes the transfer and discard of the packet based on the transfer enable / disable information, thereby realizing the security of the corporate network.
[0012]
The filtering in the router device is described in, for example, Japanese Patent Laid-Open No. 6-104900 (hereinafter referred to as “Prior Art 5”). In the prior art 5, a filtering table for registering information on a source address and a destination address is provided, and only packets from the source address registered in the filtering table to the destination address are transferred to realize filtering.
[0013]
[Problem to be Solved by the Invention]
As the number of flows that must be detected by the router increases with the increase in Internet users, the flow detection means of the router must be able to set a large number of flow conditions. In addition, due to a rapid increase in traffic flowing through the Internet and an increase in line speed, it is necessary to shorten the processing time per packet in the router. Therefore, the router must be able to perform QoS control (priority transfer, bandwidth monitoring, etc.) and filtering at high speed even when the number of flow conditions to be set increases. Furthermore, regarding the setting of flow conditions, it is desirable to be able to flexibly cope with a wide variety of flow conditions desired by a router administrator.
[0014]
However, such viewpoints are not examined in the conventional techniques 3 to 5. Accordingly, the first object of the present invention is to set a large amount of flow conditions such as information for identifying a user, protocol information and information for identifying a priority, etc., corresponding to an increase in line speed and an increase in flow conditions, The object is to provide a packet relay device capable of detecting a flow at high speed and realizing QoS control and filtering at high speed.
[0015]
Another object of the present invention is to provide a packet relay apparatus that can improve the descriptiveness of flow conditions and can flexibly cope with various flow conditions desired by a router administrator.
[0016]
Furthermore, in a network as shown in FIG. 46 in which routers are connected by an ATM network or a frame relay network, congestion due to excessive traffic occurs in the public ATM network 4301, and QoS may not be maintained. Therefore, QoS control must be performed in ATM networks and frame relay networks that connect routers. However, in the prior art 3 to the prior art 5, there is a description of a method for determining a connection (VC (Virtual Channel) / VP (Virtual Path) or DLCI) using high-speed flow detection and QoS control of ATM or frame relay. Not.
[0017]
Another object of the present invention is to provide a router device capable of performing flow detection at high speed to determine VC / VP or DLCI and utilizing QoS control of an ATM or a frame relay network.
[0018]
[Means for Solving the Problems]
In order to achieve the above object, in the packet relay device of the present invention, at least one of address information of an input packet, information for identifying use or information for identifying priority, and communication quality control corresponding to the information Information or filtering control information is used as an entry, and an entry table having a plurality of entries is divided and set for each address information.
[0019]
In another packet relay apparatus, at least one of address information of an input packet, information for identifying use, or information for identifying priority, and communication quality control information or filtering control information corresponding to the information, And an entry table having a plurality of entries, and an entry pointer table in which an entry pointer for designating an entry in the entry table is divided and set for each address information.
[0020]
In another packet relay apparatus, at least one of address information of an input packet, information for identifying use, or information for identifying priority, and communication quality control information or filtering control information corresponding to the information, The entry table having a plurality of entries is set for each address information, and only the entry table corresponding to the address information in the input packet to which the internal header information is added is searched. Entry reading means for reading out the entry; match determination means for determining a match between the address information of the input packet, information for identifying use or information for identifying priority, and information in the entry read by the entry reading means; , When it is determined as a match by the match determination means, the entry in the entry The signal quality control information or the filtering control information, the priority of the transfer of the input packet or, characterized in that the pipeline control means for determining whether to transfer.
[0021]
In another packet relay apparatus, at least one of address information of an input packet, information for identifying use, or information for identifying priority, and communication quality control information or filtering control information corresponding to the information, And an entry pointer table in which an entry pointer for designating an entry in the entry table is divided and set for each address information, and the address information in the input packet Identifies entry pointer reading means for reading only the corresponding entry pointer, entry reading means for reading the entry specified by the entry pointer read by the entry pointer reading means from the entry table, address information in the input packet, and usage Information that identifies information or priority, and a match determination unit that determines a match between the information in the entry read by the entry read processing unit, and when the match determination unit determines a match, Pipeline control is performed on the communication quality control information or the filtering control information to determine the priority of transfer of the input packet or the means for determining whether or not transfer is possible.
[0022]
In another packet relay apparatus, at least one of address information of an input packet, information for identifying use, or information for identifying priority, and communication quality control information or filtering control information corresponding to the information, Entry, and an entry table having a plurality of the entries is divided and set for each address information, and only the entry table corresponding to the address information of the input packet is searched, and the entry reading means for reading out the entry; Address information in the input packet, information for identifying use or information for identifying priority, and match determination means for determining a match between the information in the entry read by the entry reading means, the entry table and the The coincidence determination means is mounted on the same semiconductor chip.
[0023]
In another packet relay apparatus, at least one of address information of an input packet, information for identifying use, or information for identifying priority, and communication quality control information or filtering control information corresponding to the information, And an entry pointer table in which an entry pointer for designating an entry in the entry table is divided and set for each address information, and the address information in the input packet Identifies entry pointer reading means for reading out only the corresponding entry pointer, entry reading means for reading out the entry specified by the entry pointer read by the entry pointer reading means from the entry table, address information and use of the input packet Information or a priority identifying information and a matching determining means for determining matching between the information in the entry read by the entry reading means, and the entry table and the matching determining means are on the same semiconductor chip. It is implemented. Preferably, the entry pointer table is composed of a semiconductor chip different from the semiconductor chip.
[0024]
In another packet relay apparatus, switch means for outputting an input packet input from one input line of a plurality of input lines to any output line of the plurality of output lines, and a sender of the input packet Communication quality control information or filtering control information for the input packet is determined according to at least one of information for identifying, information for identifying a receiver, information for identifying a use, or information for identifying a priority. The switch means and the flow detection means are mounted on different semiconductor chips, respectively.
[0025]
In another packet relay apparatus, the address information of the input packet, flag information indicating validity / invalidity of the address information, and communication quality control information or filtering control information corresponding to the information are used as entries. A packet relay apparatus having an entry table having a plurality of entries. Preferably, the address information is Internet protocol (IP) address information and input line information, and flag information indicating validity / invalidity of the address information is flag information indicating validity / invalidity of the IP address information. The flag information indicating validity / invalidity of the input line information. The entry reading means for reading the entry in the entry table, the address information of the input packet, the information for identifying the use or the information for identifying the priority, and the information in the entry read by the entry reading processing unit are determined to match. Match determination means, the match determination means has a plurality of comparison means provided for each IP address information and input line information, the comparison means provided corresponding to the IP address information, The comparison means provided corresponding to the input line information operates according to the flag information indicating validity / invalidity of the input line information, and operates according to flag information indicating validity / invalidity of the IP address information. . More specifically, the comparison means provided corresponding to the IP address information performs a match determination only when flag information indicating validity / invalidity of the IP address information indicates validity, and corresponds to the input line information. The comparison means provided in this way performs a match determination only when flag information indicating validity / invalidity of the input line information indicates validity.
[0026]
Further, it is desirable that the entry further includes information for identifying a use of the input packet and flag information indicating validity / invalidity of the information for identifying the use.
[0027]
The entry reading means for reading the entry in the entry table, the address information of the input packet, the information for identifying the use or the information for identifying the priority, and the information in the entry read by the entry reading processing unit are determined to match. The match determination means has a plurality of comparison means provided for each piece of information identifying the address information and the usage of the input packet, and the comparison means provided corresponding to the address information. Operates according to flag information indicating validity / invalidity of the address information, and the comparing means provided corresponding to the information for identifying the application uses flag information indicating validity / invalidity of the information for identifying the application. Works according to. More specifically, the comparison means provided corresponding to the address information performs a match determination only when flag information indicating validity / invalidity of the address information indicates validity, and corresponds to information for identifying a use. The comparison means provided in this way performs a match determination only when flag information indicating validity / invalidity of information identifying the application indicates validity.
[0028]
In another packet relay apparatus, at least one of address information of an input packet, information for identifying use, or information for identifying priority, and communication quality control information or filtering control information corresponding to the information, Entry, and an entry table having a plurality of the entries is divided and set for each address information, and only the entry table corresponding to the address information of the input packet is searched, and the entry reading means for reading out the entry; Address matching information, input identifying information or priority identifying information, and matching determining means for determining matching between information in the entry read by the entry reading processing unit, the matching determining means Is the address information of the input packet, information identifying the use, or information identifying the priority. Characterized in that it comprises a comparing means for each.
[0029]
In another packet relay apparatus, at least one of address information of an input packet, information for identifying use, or information for identifying priority, and communication quality control information or filtering control information corresponding to the information, And an entry table having a plurality of such entries,
An entry pointer reading unit for reading out only an entry pointer corresponding to address information of an input packet, and an entry pointer table in which an entry pointer for designating an entry in the entry table is divided and set for each address information; An entry reading means for reading an entry designated by the entry pointer read by the entry pointer reading means from the entry table, address information of the input packet, information for identifying use or information for identifying priority, and the entry reading processing section A match determination processing means for determining a match with the information in the read entry, wherein the match determination means compares the address information in the input packet, the information for identifying the use, or the information for identifying the priority. Characterized by having That.
[0030]
Other problems to be solved by the present application and the means for solving the problems will be clarified in the section of the “DETAILED DESCRIPTION OF THE INVENTION” and the drawings.
[0031]
DETAILED DESCRIPTION OF THE INVENTION
Examples of the present invention will be described below.
[0032]
First, problems of the linear search method that is a flow detection method will be described with reference to FIGS.
[0033]
FIG. 3 shows an example of a packet format in the network. The packet format in the network is composed of a header part 410 and a data part 420. The header section 410 includes a source MAC address (Source Address Media Access Control: hereinafter referred to as “SAMAC”) 400 that is a physical address (hardware address) of a router that has transmitted the packet immediately before, and a router that receives the packet next. A destination MAC address (Destination Address Media Access Control: hereinafter referred to as “DAMAC”) 401 which is a physical address and a source IP address (Source IP Address: hereinafter referred to as “SIP”) which is a source address (address of a transmission terminal). ) 402, a destination IP address (Destination IP Address: hereinafter referred to as “DIP”) 403 which is a destination address (address of the receiving terminal), and a source port (Source Port: hereinafter referred to as “SPORT”) indicating a protocol (= higher application) ) 404 and destination port (hereinafter referred to as “DPORT”) 405 and TOS (Type of Service) 411 (= DS field) indicating the priority in the network. Consisting of field). Further, the data unit 420 includes user data 406 that is user data. In addition to the above information, information such as an upper protocol of the IP protocol is stored in the header section 410, but it can be processed in the same manner as the above information. The format of FIG. 3 shows a packet whose transport layer protocol is TCP (Transmission Control Protocol) or UDP (User Datagram Protocol) and whose network layer protocol is IP (Internet Protocol). The network layer protocol may be IPX).
[0034]
FIG. 4 shows an example of a packet format inside the router. The packet format inside the router is the addition of an internal header 430 to the network packet format. This internal header section 430 is composed of an input line number 407 that is an input line number, an output line number 408 that is an output line number, and priority information 409 that is used in priority transfer of QoS control.
[0035]
The entry table 550 shown in FIG. 6 includes one or a plurality of entries 510-i (= 1 to H). The entry 510-i includes a flow condition part 520-i and a QoS control information part 530-i. The QoS control information unit 530-i includes priority information 507 that is QoS control information used for priority transfer. The flow condition unit 520-i includes a flow condition for identifying a transmission source or a destination user, a flow condition for identifying a use (application), and a flow condition for identifying a priority. The conditions for identifying the source or destination user are the SIP upper limit value and lower limit value SIP upper limit value 501, SIP lower limit value 502, DIP upper limit value 503, DIP lower limit value 504, and SIP and DIP upper limit value and lower limit An IP valid bit 562 indicating that the value is valid, an input line number 508 which is an input line number, and an input line number valid bit 561 indicating that the input line number 508 is valid. For example, the edge router B327 in the network in FIG. 2 can identify the corporate network (enterprise network C323 or corporate network D324) that has transmitted the packet through the line through which the packet is input. The reason why the upper limit value and the lower limit value are set in SIP and DIP is to allow a network (= subnet) to be designated by one entry 510-i. FIG. 5 shows the format of the IP address 440. The IP address 440 includes a network address 441 and a host address 442. A network (= subnet) is identified by the network address 441, and a terminal in the network is identified by the host address 442. Since the upper bits of the IP address 440 are network addresses, terminals in the same network have continuous IP addresses. Therefore, all terminals in the network can be designated by the IP address range (upper limit value and lower limit value).
[0036]
The flow conditions for identifying the usage are a SPORT 505 that is a transmission source port, a DPORT 506 that is a destination port, and a port validity bit 563 that indicates that the SPORT 505 and the DPORT 506 are valid. FIG. 45 shows an example of a correspondence between an application to which a port number is currently assigned and a port number. The flow conditions for identifying the priority are the TOS 515 and the TOS valid bit 564. The interior node in Diffserv of the prior art 4 performs flow detection by the TOS 515 and performs priority transfer.
[0037]
Input line number valid bit 561, IP valid bit 562, port valid bit 563, and TOS valid bit 564 are “valid” when packets are identified by the input line number, IP address, port number, and TOS, respectively. Is set to “invalid”.
[0038]
When the QoS control information is determined, preset entries 510-i are read sequentially from the entry table 550. Then, it is determined whether or not the values of the internal header portion 430 and header portion 410 of the packet all match the valid flow conditions in the flow condition portion 520-i. If they match, the priority information 507 in the entry 510-i is determined as the packet priority information, and the flow detection ends. When the flow condition of the third entry 510-3 is met, the priority information 507-3 is determined as the priority information, the search for the fourth entry 510-4 is not executed, and the flow detection ends.
[0039]
In the present specification, the above-described flow detection method is referred to as a linear search method.
[0040]
Consider a case where QoS control and filtering are executed on the Internet 325 shown in FIG. The network in FIG. 2 is a network in which a company network A 321, a company network B 322, a company network C 323 of the same company, and a company network D 324 of a company different from the company are connected by the Internet 325 which is a public IP network. is there. The Internet 325 connects the edge router A 326 connecting the corporate network A 321 and the corporate network B 322, the edge router B 327 connecting the corporate network C 323 and the corporate network D 324, and the edge router A 326 and the edge router B 327. The backbone router 328 is configured. Further, a gateway router 329 is arranged at the entrance to the Internet 325 of the corporate network B 322.
[0041]
The priority transfer of QoS control is mainly edge router A 326, edge router B 327 and backbone router 328 in the Internet 325. Bandwidth monitoring and TOS rewrite of QoS control are mainly edge router A 326 in the Internet 325 and edge router Performed at B 327. Since a large amount of packets between companies pass through the Internet 325, the processing time per packet is short, and the edge router A 326, the edge router B 327, and the backbone router 328 need to perform QoS control at high speed. However, when the number of corporate networks connected to the Internet 325 increases, a large number of corporate networks must be identified, so a large number of entries 510-i are set in the entry table 550. In the linear search method, since all entries 510-i set in the entry table 550 are searched, it may be difficult for the edge router A 326, the edge router B 327, and the backbone router 328 to execute QoS control at high speed. There is.
[0042]
Consider the case of filtering in the network of FIG. In the flow detection in filtering, the priority information 507 in the entry may be transfer enable / disable information indicating transfer enable / disable. Filtering is performed by the gateway router 329 in the corporate network B322. Since all packets input to the corporate network B322 are processed, the processing time per packet is short, and the gateway router 329 needs to perform filtering at high speed. In filtering, an entry 510-i is set so as to transfer a packet between the corporate network A 321, the corporate network B 322, and the corporate network C 323 that are the same company. If the number of corporate networks of the same company is not three but increases, the number of entries 510-i to be set also increases. In the linear search method, since all entries 510-i set in the entry table 550 are searched, the gateway router 329 may be difficult to perform high-speed filtering when a large number of entries 510-i are set. is there.
[0043]
As described above, in a network in which a large number of entries 510-i are set in the linear search method, it may be difficult for the router to execute QoS control and filtering at high speed. Therefore, the flow detection method of the present embodiment employs an input line limiting method that can perform flow detection at a higher speed than the linear search method even when a large number of entries 510-i are set. The outline of the input line limiting method will be described below.
[0044]
In the input line limiting method, only the entry 510-i that matches the input line number 508 constituting the flow condition part 520-i of the linear search method is searched. FIG. 7 shows an embodiment of the input line limiting method.
[0045]
In the input line limiting method according to FIG. 7, an entry 511-i in which the input line number 508 and the input line number valid bit 561 are deleted from the flow condition part 520-i of the linear search method is set for each input line. Since only the entry 511-i that matches the input line number that is the flow condition is searched, the input line number 508 is not necessary in the entry 511-i.
[0046]
FIG. 8 shows another embodiment of the input line limiting method. In the input line limiting method described with reference to FIG. 7, when the entry 511-i that is not related to the input line number is set (for example, “telnet traffic input from all input lines is set to high priority”), the entry 511-i is set. It is necessary to set -i for the number of input lines (= N), and the efficiency of the memory for realizing the entry table 551 may deteriorate. Therefore, in the input line limiting method shown in FIG. 8, a list 540 that is an address of the entry table 750 is set in the list table 760 for each input line. The list 540-11 with the list table address 1 is the address of the entry 511-1 and the list 540-12 with the list table address 2 is the address of the entry 511-H. When the flow is detected, only the list 540 assigned to the input line to which the packet is input is read, and the entry 511-i pointed to by the list 540 is read. If you have a list 540 with a small bit width (10 bits even if you have 1024 entries) for each input line and share the entry 511-i with a large bit width with each input line, you can effectively use the memory that realizes the entry table 750 can do. Therefore, it is possible to set a large number of entries 511-i while realizing high speed.
[0047]
FIG. 1 shows a configuration example of a router. The router 100 includes a header processing unit 110 that performs routing processing, flow detection, and ARP (Address Resolution Protocol) processing, a packet input / output unit 120 that inputs and outputs packets, and a processor 130. The header processing unit 110 includes a routing processing unit 111, a flow detection unit 112, and an ARP processing unit 113. The packet input / output unit 120 includes an output FIFO (First In First Out) buffer distribution circuit 121, a line corresponding unit 122-i (i = 1 to N) and line i 123-i. In addition, a management terminal 140 outside the router 100 is connected to the processor 130.
[0048]
When a packet is input from the line i 123-i, the receiving circuit 124-i adds the line number i to which the packet is input as an input line number 407. Then, after converting into the packet format inside the router, it is transmitted to the input FIFO buffer 126-i. The output line number 408 and the QoS control information 409 at this time are meaningless information. The input FIFO buffer 126-i accumulates packets and transmits the packets to the output FIFO buffer distribution circuit 121 in the order in which the packets are accumulated. The output FIFO buffer distribution circuit 121 stores the packet in the temporary storage buffer 128 and outputs the header information 11 to the header processing unit 110. The header information 11 includes information in the internal header part 430 and the header part 410.
[0049]
The routing processing unit 111 searches the routing table from the DIP in the header information 11, and outputs the line number for transfer to the subnet to which the DIP belongs, and the IP address (NIP) of the router that next receives the packet sent by the router 100 : Next Hop IP Address). The processor 130 of the router 100 creates and manages this routing table. This routing table search is described, for example, in JP-A-10-222535. Further, the routing processing unit 111 performs ARP processing on the output line information 12 composed of the output line number to the output FIFO buffer distribution circuit 121 and the flow detection unit 112 of the packet input / output unit 120, and the NIP information 14 composed of NIP. To the unit 113. When receiving the output line information 12, the output FIFO buffer distribution circuit 121 writes the output line information 12 into the output line number 408 of the packet stored in the temporary storage buffer 128.
[0050]
When receiving the NIP information 14, the ARP processing unit 113 determines a MAC address corresponding to the NIP. Further, DAMAC information 15 composed of the MAC address is output to the output FIFO buffer distribution circuit 121 and the flow detection unit 112 of the packet input / output unit 120. When receiving the DAMAC information 15, the output FIFO buffer distribution circuit 121 writes the DAMAC information 15 into the DAMAC 401 of the packet stored in the temporary storage buffer 128.
[0051]
On the other hand, the flow detection unit 112 searches the entry table 750 based on the header information 11 to determine priority information. Further, the packet priority information 13 including priority information is output to the output FIFO buffer distribution circuit 121 of the packet input / output unit 120. When receiving the packet priority information 13, the output FIFO buffer distribution circuit 121 writes the packet priority information 13 into the QoS control information 409 of the packet stored in the temporary storage buffer 128.
[0052]
When the output line number 408, DAMAC 401, and QoS control information 409 are all written, the output FIFO buffer distribution circuit 121 outputs the output FIFO buffer indicated by the QoS control information 409 of the line corresponding unit 122-i indicated by the output line number 408. Send the packet to 127-ij (j = 1 or 2). The line corresponding unit 122-i stores the packet in the output FIFO buffer 127-ij. The transmission circuit 125-i in the line corresponding unit 122-i controls reading of the output FIFO buffer 127-ij. As read-out control, “complete priority control”, “weighted cyclic control”, and the like are known. In “full priority control”, when packets are accumulated in the output FIFO buffer 127-i1 having a high priority, the packets are read from the output FIFO buffer 127-i1 in the order in which the packets are accumulated. Only when no packet is stored in the output FIFO buffer 127-i1, the packets are read in the order in which the packets are stored from the output FIFO buffer 127-i2 having a low priority. On the other hand, in “weighted cyclic control”, packets are read from the output FIFO buffer 127-i1 and the output FIFO buffer 127-i2 based on a preset ratio. Note that the read control in the transmission circuit 125-i is set by the administrator of the router 100 using the management terminal 140. Further, the transmission circuit 125-i deletes the internal header part 430 of the read packet. Then, the MAC address of the line i 123-i is written in the SAMAC 401, and the packet is transmitted to the line i 123-i.
[0053]
A block diagram of the flow detection unit 112 is shown in FIG. The flow detection unit 112 includes a result determination unit 710, a condition match determination unit 720, a list reading unit 730, an entry reading unit 740, an entry table 750, and a list table 760. A flowchart of the flow detection unit 112 is shown in FIG. The process of the flow detection unit 112 is roughly divided into five processes: a detection start process 600, a list read process 630, an entry read process 640, a condition match determination process 620, and a result determination process 610. The following four processes are executed by the list reading unit 730, the entry reading unit 740, the condition match determination unit 720, and the result determination unit 710, respectively.
[0054]
The format of the entry table 750 is shown in FIG. In order to perform the entry reading process 640 in a short time, the entry table 750 is realized by a memory inside the semiconductor chip 1200 as shown in FIG. When the memory inside the semiconductor chip is used, a large amount of data can be read at a time without using the data input / output pins of the semiconductor chip 1200. Therefore, the memory inside the semiconductor chip is suitable for realizing the entry table 750. When the entry table 750 is realized by a memory outside the semiconductor chip 1200, the number of pins of the semiconductor chip 1200 is limited, so that a large number of pins cannot be used to connect the entry table 750. Therefore, the bit width that can be read at a time is small, and the processing time of the entry read processing 640 is long. From the viewpoint of speeding up the flow detection, the memory outside the semiconductor chip 1200 is not suitable for realizing the entry table 750.
[0055]
The list table 760 includes G lists 540 for each input line. The number G in the list 540 has a relationship of G ≦ H with the number H of entries 511 in the entry table 750. When the flow is detected, the list 540 of the input line to which the packet is input is sequentially read from the list 540 having the smallest memory address to the list 540 having the largest memory address.
[0056]
The list table 760 is realized by a memory outside the semiconductor chip 1200 as shown in FIG. Since the list 540 has a small bit width, it can be read at high speed without consuming the number of pins of the semiconductor chip 1200. Further, when all entries 511-i can be set for all input lines (ie, when G = H), “capacity of list table 760 = bit width of list 540 × number of input lines × number of entries (= H Therefore, as the number of input lines increases, the capacity of the list table 760 increases. Therefore, a memory outside the semiconductor chip 1200 having a large capacity is optimal for the list table 760. In addition, each input line has a list 540 having a small bit width that specifies entry 511-i, and by sharing entry 511-i with the input line, the memory in semiconductor chip 1200 having a small memory capacity can be used efficiently. be able to.
[0057]
Hereinafter, processing at the time of flow detection will be described in order with reference to FIG. In the detection start processing 600, when the packet header information 11 is transmitted to the header processing unit 110, the flow detection unit 112 detects the input line number 407, SIP 402, DIP 403, SPORT 404, DPORT 405, and TOS 411 in the header information 11. Each information is input / output line number storage means 732 in the list reading unit 730, intra-packet SIP storage means 722-2, in-packet DIP storage means 722-2, in-packet SPORT storage means 724- 2. Accumulate in the intra-packet DPORT accumulation means 725-2 and the intra-packet TOS accumulation means 728-2 (step 601).
[0058]
The list reading process 630 is a process in which the list reading unit 730 reads only the list 540 assigned to the input line number in the header information 11 of the list table 760 and stores it in the list storage means 741. First, the list reading unit 730 resets the value M of the list number counter 733 to 1 so as to read the head list 540-i1 for the line i (step 631). Next, the list table address generation circuit 731 generates an address of the list table 760 from the input line number stored in the input / output line number storage means 732 and the value M (1 in this case) of the list number counter 733 to generate a list 540. -i1 is read and stored in the list storage means 741 (step 632). The address of the list table 760 is “(input line number−1) × number of lists for each input line G + M”. Finally, the list table address generation circuit 731 notifies the list number counter 733 that the list 540 has been read, and the list number counter 733 reads the list 540-i2 when executing the next list read processing 630. The value M of the number counter 733 is incremented by 1 (step 633). By repeating the above list reading processing 630, the list reading unit 730 reads the list 540 in order from the smallest list table address to the largest list table address.
[0059]
In the entry reading process 640, the entry reading unit 740 reads the entry 511-i from the entry table 750. The entry table address generation circuit 742 in the entry reading unit 740 reads the entry 511-i from the entry table 750 using the value stored in the list storage unit 741 as it is as the entry table address, and the SIP upper limit value 501 and SIP lower limit value 502. The information on the DIP upper limit value 503 and the DIP lower limit value 504 is stored in the entry DIP storage unit 723-3, and the information on the SPORT 505 and DPORT 506 is stored in the entry SIP storage unit 722-3 in the condition match determination unit 720. The information of TOS515 is stored in the in-entry SPORT storage means 724-3 and the in-entry DPORT storage means 725-3, and the IP valid bit 562, the port valid bit 563 and the TOS valid bit 564 are valid in the in-entry TOS storage means 728-3. The priority information 507 is stored in the QoS control information storage unit 713 of the result determination unit 710 in the bit storage unit 726 (step 641).
[0060]
In the condition match determination process 620, the condition match determination unit 720 includes an intra-entry SIP storage unit 722-3, an intra-entry DIP storage unit 723-3, an intra-entry SPORT storage unit 724-3, an intra-entry DPORT storage unit 725-3, an entry It is determined whether or not the packet for determining the priority information matches the flow condition stored in the internal TOS storage unit 728-3. In the flowchart of FIG. 11, the processing for determining whether or not the packet matches the flow conditions of SIP, DIP, SPORT, DPORT, and TOS is written to be performed in series, but the condition match determination unit 720 performs the condition match determination. In order to execute the processing 620 in a short time, a comparison circuit is provided exclusively for the SIP, DIP, SPORT, DPORT, and TOS flow conditions, and the determination is executed in parallel.
[0061]
The SIP comparison circuit 722-1 determines that the SIP upper limit value and lower limit value stored in the intra-packet SIP storage means 722-2 and the SIP stored in the intra-entry SIP storage means 722-3 are “SIP lower limit value ≦ SIP ≦ SIP When the condition “upper limit value” is satisfied or the IP valid bit in the valid bit storage means 726 is “invalid”, it is determined as “match” (step 621-1). The DIP comparison circuit 723-1 performs the same processing as that for SIP on DIP (step 621-2). The SPORT comparison circuit 724-1 is configured such that the SPORT stored in the intra-packet SPORT storage means 724-2 is equal to the SPORT stored in the intra-entry SPORT storage means 724-3, or the port effective bit in the effective bit storage means 726. Is judged to be “match” (step 621-3). The DPORT comparison circuit 725-1 executes the same processing as SPORT for DPORT (step 621-4). The TOS comparison circuit 728-1 is configured such that the TOS stored in the in-packet TOS storage unit 728-2 is equal to the TOS stored in the in-entry TOS storage unit 728-3 or the TOS effective bit in the effective bit storage unit 726. Is judged to be “match” (step 621-6). If the condition match determination circuit 721 determines “match” in step 621-1, step 621-2, step 621-3, step 621-4, and step 621-6, the condition match result in the result determination unit 710 is obtained. Information indicating “match” is stored in the storage unit 712 (step 622-1). In other cases, information indicating “mismatch” is stored (step 622-2). In the above embodiment, when each comparison circuit always determines that the IP valid bit 562, the port valid bit 563 and the TOS valid bit 564 are “invalid” for the flow condition “invalid”, the valid bit is “invalid”. Behave in the same way as when SIP / DIP, SPORT / DPORT, and TOS are not compared in the packet. By providing these valid bits, flow conditions unrelated to the IP address, port number, or TOS can be described, and the description of the flow conditions is greatly improved. Thereby, it is possible to flexibly cope with various flow conditions desired by the administrator of the router 100.
[0062]
In the result determination process 610, when the information indicating “match” is stored in the condition match result accumulation unit 712, the result determination circuit 711 determines the value of the QoS control information accumulation unit 713 as the priority information, and the priority The packet priority information 13 composed of the information is output to the output FIFO buffer distribution circuit 121 of the packet input / output unit 120, and the flow detection is terminated (step 611). When the information indicating “mismatch” is stored in the condition match result accumulation unit 712, the flow detection unit 112 returns to step 632 and continues the flow detection process, and finally determines priority information.
[0063]
In the input line limiting method, the speed is increased by limiting the entry 511-i to be searched to the entry 511-i that matches the input line number. Consider a case in which the edge router B 327 of the network in FIG. 2 performs QoS control of packets transmitted by the enterprise network C 323 and the enterprise network D 324. Since the enterprise network C 323 and the enterprise network D 324 are different companies, generally the flow detection is different. Therefore, the edge router B 327 must have an entry 511-i for the corporate network C323 and an entry 511-i for the corporate network D324. In the linear search method, all these entries 511-i are searched. In the input line limitation method, only the entry 511-i having the same input line (enterprise network) is searched among the entries 511-i. Therefore, the input line limiting method realizes twice the performance as compared with the linear search method. When the corporate network of K company is connected to the edge router B 327, the performance is approximately K times. Further, by introducing the list 540, a large number of flow conditions can be set.
[0064]
An output line limiting method will be described as another example of the flow detection method. In the output line limiting method, only the entry 511-i having the same output line number as the flow condition is processed, and the flow detection is speeded up. Hereinafter, the output line limiting method will be described focusing on differences from the input line limiting method.
[0065]
The output line limited list table 760 has a list 540 for each output line, not for each input line. Accordingly, in step 601, the flow detection unit 112 does not store the input line number in the input / output line storage unit 732, but stores the output line number in the output line information 12 sent by the routing processing unit 111. Further, in step 632, the list table address generation circuit 731 generates a list table address from the output line number in the input / output line number storage means 732 and the value M of the list number counter 733. The rest is the same as the input line limiting method.
[0066]
Consider the case where the edge router B 327 of the network in FIG. 2 performs QoS control of packets sent to the enterprise network C 323 and the enterprise network D 324. When the flow detection of the packet sent to the corporate network C 323 and the packet sent to the corporate network D 324 are different, the output line limiting method realizes twice the performance of the linear search method as the input line limiting method.
[0067]
A SAMAC limiting method when SAMAC is used instead of the input line number in the header information 11 as a flow condition will be described. In the SAMAC limited method, a SAMAC group, which is a SAMAC group, is defined, and only the entries that match the SAMAC identifier that is the SAMAC group identifier are searched. Hereinafter, the SAMAC limiting method will be described focusing on differences from the input line limiting method.
[0068]
FIG. 9 shows the format of the entry table 750 and the list table 860 in the SAMAC limited method. The entry table 750 is the same as the input line limiting method, but the list table 860 is divided into L areas by SAMAC identifiers. A block diagram of the flow detection unit 812 is shown in FIG. The list reading unit 830 includes a MAC identifier storage unit 832 and a MAC identifier generation circuit 834 instead of the input / output line number storage unit 732.
[0069]
In step 601, the MAC identifier generation circuit 834 hashes the SAMAC (6 bytes) with a hash function, and generates a SAMAC identifier having a bit width smaller than that of SAMAC. Further, the list table 860 stores the SAMAC identifier in the MAC identifier storage means 832 instead of the input line number. Note that SAMACs having the same hash value of the hash function constitute one SAMAC group. In step 632, the list table address generation circuit 831 generates a list table address from the SAMAC identifier in the MAC identifier storage means 832 and the value M of the list number counter 733. The rest is the same as the input line limiting method.
[0070]
Consider a case where QoS control is executed in the network shown in FIG. This network is a network in which line A1311 (having MAC address A) of router A1301, line B1312 (having MAC address B) of router B1302, and line C1313 (having MAC address C) of router C1303 are bus-connected. is there. The router A1301 executes QoS control of packets transmitted from the network B1322 and the network C1323. In this case, the router A 1301 cannot identify the transmission network of the received packet by the input line number. Therefore, the router A 1301 identifies the network from the MAC address (MAC address B or C). If the flow detection is different between the network B1322 and the network C1323, the router A1301 must have an entry 511-i for the network B1322 and an entry 511-i for the network C1323. At this time, if the SAMAC identifiers of the MAC addresses B and C are different, only the entry 511-i of one network is searched at the time of packet input, and the SAMAC limited method can realize twice the performance as compared with the linear search method.
[0071]
A DAMAC limiting method when using DAMAC determined by the ARP processing unit 113 instead of SAMAC in the header information 11 as a flow condition will be described. In the DAMAC limited method, a DAMAC group that is a DAMAC group is defined, and only entries that match the DAMAC identifier that is the DAMAC group identifier are searched. Hereinafter, the DAMAC limited method will be described focusing on the differences from the SAMAC limited method.
[0072]
The list table 860 in the DAMAC limited method is divided not by SAMAC identifiers but by DAMAC identifiers. In the SAMAC limited method, the MAC identifier generation circuit 834 generates a SAMAC identifier from SAMAC in the header information 11. However, in step 601 of the DAMAC limiting method, the MAC identifier generation circuit 834 generates a DAMAC identifier from the DAMAC in the DAMAC information 15, and stores the DAMAC identifier in the MAC identifier storage unit 832. In Step 632, the list table address generation circuit 831 generates a list table address from the DAMAC identifier in the MAC identifier storage unit 832 and the value M of the list number counter 733. Other than these, it is the same as the SAMAC limited method.
[0073]
Consider a case where the router A 1301 of the network in FIG. 18 performs QoS control of packets transmitted to the network B 1322 and the network C 1323. When the flow detection of packets sent to network B1322 and network C1323 is different, if the DAMAC identifiers of MAC addresses B and C are different, only the entry 511-i of one network is searched at the time of packet input, and the DAMAC limited method is linear Double the performance compared to the search method.
[0074]
Next, a transmission source subnet limitation method for limiting entries by a transmission source subnet will be described. Hereinafter, the transmission source subnet limitation method will be described focusing on differences from the input line limitation method.
[0075]
The format of entry table 1050 and list table 1060 in the transmission source subnet limitation method is shown in FIG. The entry 510-i in the entry table 1050 has an input line number 508 and an input line number valid bit 561 that increase compared to the entry 511-i in the input line limiting method, and is the same as the entry in the linear search method. On the other hand, the list table 1060 is divided into R areas by the transmission source subnet identifier.
[0076]
FIG. 15 shows a block diagram of the flow detection unit 1012 in the transmission source subnet limitation method. In the flow detection unit 1012 of the transmission source subnet limitation method, the input / output line number accumulation unit 732 becomes the subnet identifier accumulation unit 1032, the line number comparison circuit 1027-1, the intra-packet line number accumulation unit 1027-2, and the intra-entry line number The storage means 1027-3 increases. Further, the routing processing unit 111 is also changed. The routing processing unit 111 of the input line limiting method determines the output line number for transfer to the subnet to which the DIP belongs. However, in the transmission source subnet limitation method, not only the output line number but also the destination subnet identifier that is the identifier of the subnet to which the DIP belongs is determined. If the search method described in Japanese Patent Laid-Open No. 10-222535 is used, the routing processing unit 111 can also determine the destination subnet identifier. Further, the routing processing unit 111 also determines a source subnet identifier that is an identifier of a subnet to which the SIP belongs, using a method similar to DIP. Subnet identifier information 16 composed of the source and destination subnet identifiers is transmitted to the flow detection unit 1012.
[0077]
FIG. 14 shows a flowchart in the transmission source subnet limitation method. Hereinafter, processing of the transmission source subnet limitation method will be described with a focus on differences from the processing of the input line limitation method using the flowchart of FIG. First, description will be given of the changed part accompanying the format change of the list table 1060. In step 901 of the detection start processing 900, the flow detection unit 1012 uses the input line number 408 in the header information 11 as the intra-packet line number storage unit 1027-2 in the condition match determination unit 1020 instead of the input / output line number storage unit 732. To accumulate. When receiving the subnet identifier information 16, the flow detection unit 1012 accumulates the transmission source subnet identifier in the subnet identifier accumulation unit 1032 (step 902). In the list read processing 930, the list table address generation circuit 1031 generates a list table address from the transmission source subnet identifier stored in the subnet identifier storage means 1032 and the value M of the list number counter 733, and the list 540 in the list table 1060. Is read (step 932). Next, a description will be given of a change place for the condition match determination unit 1020 to execute comparison of input line numbers. In step 941 of the entry reading processing 940, processing for storing the input line number 508 in the in-entry line number storage means 1027-3 and processing for storing the input line number valid bit 561 in the effective bit storage means 1026 are added. Further, in the condition match determination process 920, the line number comparison circuit 1027-1 is configured to receive the information in the intra-packet line number storage means 1027-2, the information in the in-entry line number storage means 1027-3, and the valid bit storage means 1026. A process (step 921-5) for determining a match from the input line number valid bit 561 is added. Operations other than the above are the same as in the input line limiting method.
[0078]
Consider a case where the backbone router 328 of the network in FIG. 2 performs QoS control of packets transmitted by the enterprise network C 323 and the enterprise network D 324. Unlike the edge router B327, since the enterprise network cannot be identified by the input line number, the transmission source subnet is used to identify the enterprise network. When the flow detection of the enterprise network C and the enterprise network D 324 is different, the backbone router 328 must have an entry 510-i for the enterprise network C323 and an entry 510-i for the enterprise network D324. In the linear search method, all these entries 510-i are searched, but in the transmission source subnet limitation method, only the entry having the same transmission source subnet is searched among the entries. Therefore, the transmission source subnet limitation method achieves twice the performance of the linear search method.
[0079]
Next, a destination subnet restriction method for restricting entries by destination subnet will be described. Hereinafter, the destination subnet restriction method will be described focusing on differences from the transmission source subnet restriction method.
[0080]
In the destination subnet limitation method, the list table 1060 has a list 540 for each destination subnet identifier, not the source subnet identifier. Accordingly, in step 902, the subnet identifier storage means 1032 stores the destination subnet identifier in the subnet identifier information 16. In step 932, the list table address generation circuit 1031 generates a list table address from the destination subnet identifier in the subnet identifier storage means 1032 and the value M of the list number counter 733. Other than these, it is the same as the transmission source subnet limitation method.
[0081]
Consider a case where the backbone router 328 of the network in FIG. 2 performs QoS control of packets transferred to the corporate network C 323 and the corporate network D 324. When the flow detection is different between the corporate network C 323 and the corporate network D 324, the entry 510-i is limited by the destination subnet, so that the destination subnet limitation method can realize twice the performance as compared to the linear search method.
[0082]
The case where the QoS control information is priority information has been described so far. Described below is determination of bandwidth monitoring information necessary for executing bandwidth monitoring and rewriting TOS information necessary for executing TOS rewriting. The table format when flow detection is performed by the input line limiting method to determine the bandwidth monitoring information and the rewrite TOS information is shown in FIG. 22, the block diagram of the result judging unit 2310 is shown in FIG. 23, and the block diagram of the header processing unit 2410 is shown. FIG. 24 shows a flowchart in FIG. Hereinafter, the difference from the case where the flow detection (input line limiting method) for determining only the priority information of QoS control is performed will be described. Bandwidth monitoring information 2213 and rewrite TOS information 2214 are newly added to the QoS control information part 2230 in the entry. Accordingly, processing for accumulating the bandwidth monitoring information 2213 and the rewrite TOS information 2214 in the QoS control information accumulating means 2316 is added to step 2541 of the entry reading processing 2540 when the flow is detected. In the result determination process 2510, the result determination circuit 2311 determines the value of the QoS control information storage unit 2316 as priority information, bandwidth monitoring information, and rewrite TOS information, and outputs packet priority information 13 composed of the priority information. In addition to the processing to transmit to the FIFO buffer distribution circuit 121, the packet bandwidth monitoring information 17 composed of the bandwidth monitoring information is output to the bandwidth monitoring unit 2414, and the packet rewrite TOS information 19 composed of the rewrite TOS information is output to the FIFO buffer distribution The data is transmitted to the circuit 121 (step 2511).
[0083]
The bandwidth monitoring unit 2414 determines “compliance” or “violation” of the input packet from the packet bandwidth monitoring information 17 and outputs the determination result to the output FIFO buffer distribution circuit 121 as bandwidth monitoring result information 18. When the output FIFO buffer distribution circuit 121 receives the packet priority information 13 and the packet rewrite TOS information 19, processing to write the QoS control information 409 and TOS 411 of the packets stored in the temporary storage buffer 128 is added. When the output line number 408, DAMAC401, QoS control information 409 and TOS411 are all written, the output FIFO buffer distribution circuit 121 outputs the packet of the temporary storage buffer 128 when the bandwidth monitoring result information 18 is “Compliant”. The packet is transmitted to the output FIFO buffer 127-ij (j = 1 or 2) indicated by the priority information in the QoS control information 409 of the line corresponding unit 122-i indicated by 408. If the bandwidth monitoring result information 18 is “violation”, the packet in the temporary storage buffer 128 is discarded, or the priority information in the TOS 411 or QoS control information 409 is rewritten with low priority information, and the priority after rewriting The packet is transmitted to the output FIFO buffer 127-ij (j = 1 or 2) indicated by the information.
[0084]
In order to achieve QoS even in ATM or frame relay networks connecting routers, routers need to distribute connections (VC / VP and DLCI) according to users and applications and use data link layer QoS control. It is. Therefore, the router also needs to execute flow detection and determine connection information. An example where connection distribution is required will be described with reference to FIG. FIG. 46 shows a network in which a corporate network A 4302 and a corporate network B 4303 are connected by a public ATM network 4301. The public ATM network 4301 includes an ATM switch A 4310 and an ATM switch B4311. Further, a CBR (Constant Bit Rate) connection VC1 and a UBR (Unspecified Bit Rate) connection VC2 are set between the router A 4312 of the corporate network A 4302 and the router B 4313 of the corporate network B 4303. Packets on VC1 are transferred with higher priority than packets on VC2 at ATM switch A4310 and ATM switch B 4311, and QoS is guaranteed, but QoS of packets on VC2 is not guaranteed. When a packet is transmitted from the enterprise network A4302 to the enterprise network B4303, the router A4312 performs flow detection and assigns VC1 to a packet that requires QoS, and assigns VC2 to other packets.
[0085]
FIG. 26 shows a table format of the entry table 2650 when flow detection is executed by the input line limiting method to determine connection information, FIG. 27 is a block diagram of the result determination unit 2710, and FIG. The difference from the case where the flow detection (input line only method) for determining only the priority information of QoS control is performed will be described. Connection information 2615 is newly added to the QoS control information 2630 in the entry. Accordingly, in the entry reading process 2840, a process for accumulating the connection information 2615 in the QoS control information accumulating unit 2716 is added. In the result determination process 2810, the result determination circuit 2711 determines priority information and also determines the value of connection information in the QoS control information accumulating means 2716 as connection information, which is composed of the connection information in addition to the packet priority information 13. The packet connection information 20 is output to the output FIFO buffer distribution circuit 121 (step 2811). The output FIFO buffer distribution circuit 121 writes the packet connection information 20 to the QoS control information 409 of the packet stored in the temporary storage buffer 128 in addition to the packet priority information 13. The transmission circuit 125 transmits a packet to the line 123-i as a connection packet indicated by the connection information in the QoS control information 409.
[0086]
So far, flow detection in QoS control has been described. Hereinafter, flow detection in filtering will be described. FIG. 29 shows a table format when the input line limiting method is applied to filtering flow detection, FIG. 30 shows a block diagram of the result judging unit 3010, and FIG. 31 shows a flowchart. In the following, the difference from the case where flow detection (input line limiting method) for determining priority information of QoS control is performed will be described. In filtering, since transfer permission / inhibition information is determined, the QoS control information section 530 in the entry becomes the filtering control information section 2931 and the priority information 507 becomes the transfer permission / inhibition information 2916. Further, instead of the QoS control information storage unit 713, a filtering control information storage unit 3016 is provided. At the time of flow detection, in the entry reading process 3140, instead of storing the priority information 507, transfer permission / inhibition information 2916 is stored in the filtering control information storage means 3016. In the result determination process 3110, instead of determining the priority information, the result determination circuit 3011 determines the value of the filtering control information storage unit 3016 as the transfer enable / disable information, and outputs the packet transfer enable / disable information 21 composed of the transfer enable / disable information. The data is output to the FIFO buffer distribution circuit 121 (step 3111).
[0087]
The case where either flow control of QoS control or filtering is executed has been described. The router in the Internet 325 in FIG. 2 often performs only QoS control, but the gateway router 329 needs to detect both flows. In this case, the simultaneous flow detection method or the two-stage flow detection method described below is used.
[0088]
First, the simultaneous flow detection method will be described. The simultaneous flow detection method is a method for simultaneously determining QoS control information used for QoS control and transfer availability information used for filtering. A table format when the simultaneous flow detection method is applied to the input line limiting method is shown in FIG. 32, a block diagram of the result determination unit 3310 is shown in FIG. 33, and a flowchart is shown in FIG.
[0089]
The difference from the case where the flow detection (input line only method) for determining only the priority information of QoS control is performed will be described. The entry 3211 includes a QoS control information unit 530 and a filtering control information unit 2931 including transfer enable / disable information 2916. Accordingly, filtering control information accumulating means 3016 is added to the result judging unit 3310. When the flow is detected, in step 3441 of the entry reading process 3440, a process for accumulating the transfer enable / disable information 2916 in the filtering control information accumulating unit 3016 is added. In the result determination process 3410, the result determination circuit 3311 determines the priority information, sends the packet priority information 13, and determines the value of the filtering control information storage means 3016 as the transfer enable / disable information, and is configured from the transfer enable / disable information. The packet transfer enable / disable information 21 is output to the output FIFO buffer distribution circuit 121.
[0090]
Next, the two-stage flow detection method will be described. In the two-stage flow detection method, QoS control and flow detection of filtering are executed in series. FIG. 35 shows a list table 3560 and an entry table 3550 when the two-stage flow detection method is applied to the input line limiting method, FIG. 36 shows a block diagram, and FIG. 37 shows a flowchart. Hereinafter, a case where priority information and transfer permission / inhibition information are determined using the two-stage flow detection method will be described. In FIG. 37, steps 621-1 to 4 and 621-6 are collectively referred to as step 621. In the entry table 3550, an entry 2911 for filtering and an entry 511 for QoS control are mixed. The list table 3560 is divided into areas of a filtering list 3540 that points to the filtering entry 2911 and a QoS control list 3541 that points to the QoS control entry 511. When the filtering flow is detected, the list for filtering is divided. When the QoS control flow is detected in 3540, the QoS control list 3541 is read. The flow detection unit 3612 is newly provided with a flow detection state accumulation unit 3670 that indicates whether filtering or QoS control flow detection is being performed.
[0091]
When the header information 11 is input, after step 601 of the detection start process 600, the flow detection unit 3612 changes the value of the flow detection state storage means 3670 to “a value indicating the detection of the flow of filtering” in order to perform the flow detection of filtering. Set (step 3750). First, filtering flow detection is performed. In the list reading process 3730, the list reading unit 3630 refers to the value of the flow detection state storage unit 3670 (in this case, represents filtering), and sequentially reads a list 3540 that points to the entry 2911 for filtering ( Step 3732). Further, in the entry read processing 3740, when the value of the flow detection state storage unit 3670 is “value indicating the flow detection of filtering”, the transfer control information in the filtering control information unit 3531 is stored in the filtering control information storage unit 3016. (Step 3741). After the condition match determination process 620, in the result determination process 3710, the result determination unit 3610 determines whether the value of the flow detection state accumulation unit 3670 is filtering or QoS control flow detection (step 3713), and at the time of filtering flow detection, The result judging circuit 3611 sends the value of the filtering control information accumulating means 3016 as the packet transfer availability information 21 (step 3712). Further, the result determination unit 3610 refers to whether the transfer permission / inhibition information is “discard” or “pass” (step 3714). When the transfer permission / inhibition information is “discard”, the flow detection unit 3612 ends the flow detection without executing the flow detection for QoS control (step 3715). In order to perform flow detection, the value of the flow detection state storage means 3670 is set to “value indicating flow detection of QoS control” (step 3760), and flow detection of QoS control is started. In the two-stage flow detection method, the flow detection unit 3612 performs flow detection for filtering first, and does not perform flow detection for QoS control on packets discarded by filtering, thereby speeding up flow detection. .
[0092]
In the QoS control list reading process 3730, the list reading unit 3630 refers to the value of the flow detection state storage means 3670 (in this case, represents QoS control), and sequentially reads the list 3541 that points to the QoS control entry 511. (Step 3732). Also in the entry read processing 3740, the result determination unit 3610 uses the priority information in the QoS control information unit 3532 as the QoS control information storage unit when the value of the flow detection state storage unit 3670 is “value indicating flow detection of QoS control”. It is stored in 713 (step 3741). After the condition match determination process 620, in the result determination process 3710, the result determination unit 3610 determines whether the value of the flow detection state storage unit 3670 is filtering or QoS control flow detection (step 3713). Sometimes, the result judging circuit 3611 sends the value of the QoS control information accumulating means 713 as the packet priority information 13 (step 3711), and ends the flow detection (step 3715).
[0093]
By executing the processing described above, both QoS control and filtering flow detection can be performed.
[0094]
Depending on the flow conditions, there are a case where the two-stage flow detection method is suitable for speeding up with few setting entries, and a case where the simultaneous flow detection method is suitable for speeding up with few setting entries. First, the case where the flow detection with the same QoS control and filtering flow conditions is executed by the gateway router 329 in FIG. 2 will be described. FIG. 38 shows the setting of the entry table 3250 in the simultaneous flow detection method, and FIG. 39 shows the setting of the entry table 3550 in the two-stage flow detection method. The top three entries for entry table 3550 in FIG. 39 are for filtering, and the bottom two entries are for QoS control. For both filtering and QoS control, the flow conditions are SIP = enterprise network A321, enterprise network C323, enterprise network D324, and DIP = enterprise network B322. In filtering, the gateway router 329 forwards packets from the corporate network A 321 and the corporate network C 323, and discards packets from the corporate network D324, which is another company. On the other hand, in QoS control, packets from the enterprise network A 321 are preferentially transferred, and packets from the enterprise network C 323 are non-prioritized. In the case of the two-stage flow detection method, five entries are set, but in the case of the simultaneous flow detection method, only three entries need be set. Note that there is no QoS control entry for the corporate network D324 in the two-stage flow detection method. In the case of discarding in step 3714, the flow detection unit 3612 does not detect the flow for QoS control and ends the flow detection. This is because the flow detection is speeded up.
[0095]
Next, a case will be described in which the flow detection with different QoS control and filtering flow conditions is executed by the gateway router 329 in FIG. FIG. 40 shows the setting of the entry table 3250 in the simultaneous flow detection method, and FIG. 41 shows the setting of the entry table 3550 in the two-stage flow detection method. The filtering flow conditions are SIP = corporate network A321, corporate network C323, corporate network D324, DIP = corporate network B322, but the QoS control flow conditions are usage (FTP, TELNET, HTTP) and FTP / HTTP packets Is not preferred, TELNET packets are preferred. In the case of the simultaneous flow detection method, seven entries are set, but in the case of the two-stage flow detection method, only six entries need be set. In this example, there are three combinations of filtering and QoS control flow conditions, but as the number of combinations increases, the difference in the number of entries to be set increases.
[0096]
As described above, the simultaneous flow detection method is smaller when the QoS control and filtering flow conditions are the same, and the two-stage flow detection method is smaller when the flow conditions are different. The switching flow detection method which is one method of the present invention switches the two-stage flow detection method and the simultaneous flow detection method to reduce setting entries. Hereinafter, the switching flow detection method will be described focusing on the difference from the two-stage flow detection method.
[0097]
The table format is shown in FIG. 42, the block diagram of the result determination unit 4010 is shown in FIG. 43, and the flowchart is shown in FIG. As shown in FIG. 42, the entry 3911 has a flow detection mode 3965 for switching between the two-stage flow detection method and the simultaneous flow detection method as compared with the entry 3211 of the simultaneous flow detection method. The flow detection mode 3965 is a value representing the simultaneous flow detection method or the two-stage flow detection method. In order to store the flow detection mode 3965, a flow detection mode storage means 4014 is added to the result determination unit 4010.
[0098]
In step 4141 of the switching flow detection method entry read processing 4140, the priority information 507 of the QoS control information unit 530 is sent to the QoS control information storage unit 713 regardless of the value of the flow detection state storage unit 3670, and the filtering control information unit 3531. Is stored in the filtering control information storage unit 3016, and the flow detection mode 3965 is stored in the flow detection mode storage unit 4014. In the result determination process 4110, the result determination circuit 4011 refers to the value of the flow detection mode storage means 4014 (step 4116), and when the value of the flow detection mode storage means 4014 is a “value representing the simultaneous flow detection method”, the QoS The value of the control information storage means 713 is determined as the priority information, the packet priority information 13 composed of the priority information is sent, and the value of the filtering control information storage means 3016 is determined as transferability information, The packet transfer enable / disable information 21 including the transfer enable / disable information is output to the output FIFO buffer distribution circuit 121 (step 4117). Thereafter, the flow detection ends (step 4115). When the value of the flow detection mode accumulation unit 4014 is “a value representing a two-stage flow detection method”, the result determination unit 4010 determines whether the value of the flow detection state accumulation unit 3670 is filtering or QoS control flow detection (step 4113). ). When the value of the flow detection state storage unit 3670 represents filtering, the result determination circuit 4011 determines the value of the filtering control information storage unit 3016 as transfer enable / disable information and outputs the packet transfer enable / disable information 21 composed of the transfer enable / disable information. The data is output to the FIFO buffer distribution circuit 121 (step 4112). Further, the result determination unit 4010 refers to whether the transfer permission / inhibition information is “discard” or “pass” (step 4114). In the case of “discard”, the flow detection unit ends the flow detection without executing the flow detection for QoS control (step 4115), and in the case of “pass”, the flow detection unit detects the flow for QoS control. The value of the flow detection state accumulation unit 3670 is set to “value indicating flow detection of QoS control” (step 3760), and flow detection of QoS control is started. When the value of the flow detection state storage unit 3670 represents QoS control, the result determination circuit 4011 determines the value of the QoS control information storage unit 713 as priority information, and sets the packet priority information 13 composed of the priority information. The data is output to the output FIFO buffer distribution circuit 121 (step 4111). Thereafter, the flow detection ends (step 4115).
[0099]
As described above, the two-stage flow detection method and the simultaneous flow detection method can be switched and executed for each entry. Therefore, the administrator of the router 100 can reduce the number of setting entries by switching between the two-stage flow detection method and the simultaneous flow detection method according to the flow conditions.
[0100]
Next, the pipeline processing of the input line limiting method will be described.
[0101]
FIG. 16 (a) shows a list reading unit 730, an entry reading unit 740, a condition match determination unit 720, and a result determination unit 710, which are four processing units, in the input line limiting method. It shows how the reading process 640, the condition match determination process 620, and the result determination process 610 are executed in series. 16 indicates that the flow detection unit 112 is executing the detection start processing 600 for packet 1, and entry N indicates the result determination unit 710, the condition match determination unit 720, and the list reading unit 730. This indicates that the entry reading unit 740 is executing an entry N result determination process 610, a condition match determination process 620, a list read process 630, and an entry read process 640, respectively. For simplicity, in FIG. 16, the processing time of each of the above processes is the same. When a certain process is executed in the serial process, a processing unit that executes another process is not operating. For example, when the condition matching determination process 620 is being executed, the entry reading unit 740 that performs the entry reading process 640 is not operating. In the case of serial processing, the time for processing entry N is the sum of the processing times of list reading processing 630, entry reading processing 640, condition match determination processing 620, and result determination processing 610.
[0102]
In order to speed up the flow detection, as shown in FIG. 16 (b), the list reading process 630, the entry reading process 640, the condition match determination process 620, and the result determination process 610 are pipelined, It is desirable that the four processing units always operate. In pipeline processing, when processing unit 1 of the four processing units finishes processing 1 of entry N, whether processing unit 2 that performs processing 2 after processing 1 finishes processing 2 of entry N or not Regardless, the processing unit 1 starts processing the entry N + 1. By performing such pipeline processing, the processing time of entry N is one processing time, and in the case of FIG. 16, the processing speed is quadrupled. In the above example, the flow detection is divided into four processes and pipelined, but if divided into P processes and pipelined, the performance becomes P times.
[0103]
The input line limited pipeline processing has been described. In other methods (output line limiting method, SAMAC limiting method, DAMAC limiting method, source subnet limiting method, destination subnet limiting method), the flow detection unit can perform high-speed processing by performing similar pipeline processing.
[0104]
Next, chip division of the router 100 will be described. The header processing unit 110 and the packet input / output unit 120 are mounted on different semiconductor chips. When determining priority information for QoS control, information between the semiconductor chip mounting the header processing unit 110 and the semiconductor chip mounting the packet input / output unit 120 includes header information 11, output line information 12, and packet Priority information 13 and DAMAC information 15. That is, since user data having a large amount of information is not transferred between the header processing unit 110 and the packet input / output unit 120, each semiconductor chip on which the header processing unit 110 and the packet input / output unit 120 are mounted must be connected between the semiconductor chips. There is no need to use many output pins. Further, since the semiconductor chip on which the header processing unit 110 is mounted is shared by a plurality of lines, it is not necessary to provide a semiconductor chip for mounting the header processing for each line, and the number of semiconductor chips can be reduced. Even if the routing processing unit 111, the flow detection unit 112, and the ARP processing unit 113 are all mounted on different semiconductor chips, the routing processing unit 111, the flow detection unit 112, and the ARP processing unit 113 can be shared. The effect can be expected.
[0105]
19 to 21 are graphs for explaining the effect of the present embodiment. The vertical axis in FIGS. 19 to 21 is the flow detection performance (pps: the number of packets that can be processed per second), and the horizontal axis is the number of entries to be set.
[0106]
FIG. 19 shows a graph comparing the linear search method, the input line limiting method, and the output line limiting method. If a router has N input lines and all the input lines have different flow detections (such as different companies connected to each line), the router must have an entry for each input line. In the linear search method, all these entries are searched, but in the input line limiting method, only the entries whose input lines match are searched. Therefore, the entry to be searched becomes 1 / N and the flow detection time becomes 1 / N. Therefore, the input line limited method realizes N times the performance as compared with the linear search method. Similarly, if the router has N output lines and the flow detection of all output lines is different, the output line limiting method achieves N times the performance.
[0107]
FIG. 20 shows a graph comparing the linear search method, the transmission source subnet limitation method, and the destination subnet limitation method. Consider a case where flow detection of packets transmitted from R source networks is performed. In this case, if the flow detections of R source networks are all different, the router must have an entry for each source subnet. In the linear search method, all these entries are searched, but in the transmission source subnet limitation method, only the entry with the same transmission source subnet is searched among the entries. Therefore, the transmission source subnet limitation method achieves R times the performance of the linear search method. Similarly, when the flow detection of packets to R destination networks is performed and the flow detection of all the destination networks is different, the destination subnet limited method realizes R times the performance as compared with the linear search method.
[0108]
FIG. 21 is a graph comparing the performance when the input line limited method flow detection is performed by serial processing and when pipeline processing is performed. In the embodiment of the input line limiting method, the pipeline processing realizes four times the performance compared to the serial processing. Further, if the flow detection is divided into P processes and pipelined, the performance becomes P times.
[0109]
【The invention's effect】
According to the present invention, when searching an entry table storing flow conditions, the search range can be limited to perform a search, and therefore flow conditions such as information for identifying a user, protocol information, and priority information Even when a large number of are set, it is possible to detect a flow at high speed and perform QoS control and filtering at high speed.
[0110]
In the present invention, the flow detection unit is implemented in hardware, so that QoS control and filtering can be performed at high speed.
[0111]
In the present invention, the descriptiveness of the flow condition can be greatly improved.
[Brief description of the drawings]
FIG. 1 is a block diagram showing a configuration of a router according to the present invention.
FIG. 2 is a configuration diagram of the Internet.
FIG. 3 is a view showing a format of a packet in the network.
FIG. 4 is a view showing a format of a packet in a router.
FIG. 5 is a diagram showing a format of an IP address.
FIG. 6 is a conceptual diagram of a linear search method.
FIG. 7 is a diagram for explaining a method for limiting an entry for each input line;
FIG. 8 is a format of a list table 860 and an entry table 750 in the input line limiting method of the present invention.
FIG. 9 is a format of a list table 860 and an entry table 750 in the SAMAC limited method of the present invention.
FIG. 10 shows a format of a list table 1060 and an entry table 1050 in the transmission source subnet limitation method of the present invention.
FIG. 11 is a flowchart of the flow detection unit 112 to which an input line limiting method, which is one method of the present invention, is applied.
FIG. 12 is a block diagram of a flow detection unit 112 to which the input line limiting method of the present invention is applied.
FIG. 13 is a block diagram of a flow detection unit 812 to which the SAMAC limiting method of the present invention is applied.
FIG. 14 is a flowchart of the flow detection unit 1012 to which the transmission source subnet limitation method, which is one method of the present invention, is applied.
FIG. 15 is a block diagram of a flow detection unit 1012 to which a transmission source subnet limitation method, which is one method of the present invention, is applied.
FIG. 16 is a time chart when the flow detection unit processes each process in series and a time chart when the flow detection unit performs pipeline processing on each process.
FIG. 17 is a diagram illustrating the arrangement of an entry table, a list table, and a condition match determination unit.
FIG. 18 is a diagram showing a network in which routers are connected in a bus shape.
FIG. 19 is a diagram showing the effects of the input line limiting method and the output line limiting method of the present invention.
FIG. 20 is a diagram showing the effect of the transmission source subnet limitation method and the destination subnet limitation method of the present invention.
FIG. 21 is a diagram illustrating the effect of pipeline processing.
FIG. 22 shows a format of an entry table 2250 when determining priority information, bandwidth monitoring information, and rewrite TOS information by the input line limiting method.
FIG. 23 is a block diagram of a result determination unit 2310 when determining priority information, bandwidth monitoring information, and rewrite TOS information by the input line limiting method.
FIG. 24 is a block diagram of a header processing unit 2410 when determining priority information, bandwidth monitoring information, and rewrite TOS information by the input line limiting method.
FIG. 25 is a flowchart of the flow detection unit 2412 when determining priority information, bandwidth monitoring information, and rewrite TOS information by the input line limiting method.
FIG. 26 shows a format of an entry table 2650 when determining priority information and connection information by the input line limiting method.
FIG. 27 is a block diagram of a result determination unit 2710 when determining priority information and connection information by the input line limiting method.
FIG. 28 is a flowchart of a flow detection unit when determining priority information and connection information by the input line limiting method.
FIG. 29 shows a format of an entry table 2950 when filtering is performed by the input line limiting method.
FIG. 30 is a block diagram of a result determination unit 3010 when filtering is performed by the input line limiting method.
FIG. 31 is a flowchart when filtering is executed by the input line limiting method.
FIG. 32 shows a format of an entry table 3250 to which a simultaneous flow detection method that is one method of the present invention is applied.
FIG. 33 is a block diagram of a result determination unit 3310 to which a simultaneous flow detection method that is one method of the present invention is applied.
FIG. 34 is a flowchart of a flow detection unit when a simultaneous flow detection method that is one method of the present invention is applied.
FIG. 35 shows a list table 3560 and an entry table 3550 to which a two-stage flow detection method that is one method of the present invention is applied.
FIG. 36 is a block diagram of a flow detection unit 3612 to which a two-stage flow detection method that is one method of the present invention is applied.
FIG. 37 is a flowchart of the flow detection unit 3612 when the two-stage flow detection method, which is one method of the present invention, is applied.
FIG. 38 shows a setting example of an entry table 3250 to which the simultaneous flow detection method is applied (when the filtering and QoS control flow conditions are the same).
FIG. 39 shows a setting example of an entry table 3550 to which the two-stage flow detection method is applied (when the filtering and QoS control flow conditions are the same).
FIG. 40 is a setting example of an entry table 3250 to which the simultaneous flow detection method is applied (when the filtering and QoS control flow conditions are different).
FIG. 41 shows a setting example of an entry table 2950 to which the two-stage flow detection method is applied (when the filtering and QoS control flow conditions are different).
FIG. 42 shows a format of an entry table 3950 to which a switching flow detection method that is one method of the present invention is applied.
FIG. 43 is a block diagram of a result determination unit 4010 to which a switching flow detection method that is one method of the present invention is applied.
FIG. 44 is a flowchart when a switching flow detection method that is one method of the present invention is applied;
FIG. 45 is a diagram showing the correspondence between uses (applications) and port numbers.
FIG. 46 is a network in which a corporate network is connected by a public ATM network.
[Explanation of symbols]
11 ... Header information, 12 ... Output line information, 13 ... Packet priority information, 14 ... NIP information, 15 ... DAMAC information, 16 ... Subnet identifier information, 17 ... Packet bandwidth monitoring information, 18 ... band monitoring result information, 19 ... packet rewriting TOS information, 20 ... packet connection information, 21 ... packet transfer availability information.

Claims (15)

A packet relay device that outputs a plurality of input lines, a plurality of output lines, and an input packet input from one of the plurality of input lines to any one of the plurality of output lines. And
An entry having at least one of the address information of the input packet, information for identifying the use or information for identifying the priority, and communication quality control information or filtering control information corresponding to the information, and having a plurality of such entries The table is divided and set for each address information ,
Entry reading means for searching only the entry table corresponding to the address information in the input packet and reading the entry;
Match determination means for determining a match between the address information of the input packet, information for identifying use or information for identifying priority, and information in the entry read by the entry reading means;
And a means for determining transfer priority of the input packet or whether transfer is possible based on the communication quality control information or the filtering control information in the entry when the match determination means determines a match. Packet relay device. A packet relay device that outputs a plurality of input lines, a plurality of output lines, and an input packet input from one of the plurality of input lines to any one of the plurality of output lines. And
The address information of the input packet, the information identifying the use or the information identifying the priority, and the communication quality control information or the filtering control information corresponding to the information are used as an entry, and there are a plurality of such entries. An entry table;
An entry pointer table in which an entry pointer for designating an entry in the entry table is divided and set for each address information ;
Entry pointer reading means for searching only the entry pointer table corresponding to the address information in the input packet and reading out the entry pointer;
Entry reading means for reading an entry designated by the entry pointer read by the entry pointer reading means from the entry table;
A match determination means for determining a match between address information in the input packet, information identifying the use or information identifying the priority, and information in the entry read by the entry read processing unit;
A means for determining a transfer priority of the input packet or whether transfer is possible or not according to the communication quality control information or the filtering control information in the entry when the match determination means determines that they match; Packet relay device. The packet relay apparatus according to claim 1, wherein said entry reading means, the match determining means, priority of the input packet transfer or, to the pipeline control means for determining whether to transfer Packet relay device. The packet relay apparatus according to claim 3, said entry pointer read unit, the entry reading means, the match determining means, priority of the input packet transfer or the means for determining whether to transfer A packet relay apparatus that performs pipeline control. A packet relay device that outputs a plurality of input lines, a plurality of output lines, and an input packet input from one of the plurality of input lines to any one of the plurality of output lines. And
Address information of the input packet, and the at least one information among the information for identifying the information or priority for identifying the application, an entry and a communication quality control information or filtering control information corresponding to the information, a plurality of the entries The entry table having is divided and set for each address information,
Only the entry table corresponding to the address information of the input packet is searched, the entry reading means for reading out the entry, the address information in the input packet, the information for identifying the use or the information for identifying the priority, and the entry reading means for reading. A match determination means for determining a match with the information in the entry,
The packet relay apparatus, wherein the entry table and the coincidence determination unit are mounted on the same semiconductor chip. A packet relay device that outputs a plurality of input lines, a plurality of output lines, and an input packet input from one of the plurality of input lines to any one of the plurality of output lines. And
Address information of the input packet, and the at least one information among the information for identifying the information or priority for identifying the application, an entry and a communication quality control information or filtering control information corresponding to the information, a plurality of the entries An entry table having
An entry pointer table in which an entry pointer for designating an entry in the entry table is divided and set for each address information;
Entry pointer reading means for searching only the entry pointer table corresponding to the address information in the input packet and reading out the entry pointer;
Entry reading means for reading an entry designated by the entry pointer read by the entry pointer reading means from the entry table;
Address information of the input packet, information for identifying use or information for identifying priority, and match determination means for determining a match with the information in the entry read by the entry reading means,
The packet relay apparatus, wherein the entry table and the coincidence determination unit are mounted on the same semiconductor chip. The packet relay device according to claim 6,
2. The packet relay device according to claim 1, wherein the entry pointer table is composed of a semiconductor chip different from the semiconductor chip. In the packet relay device according to any one of claims 1 to 7,
The packet relay apparatus, wherein the address information is an identification number of the input line or the output line. In the packet relay device according to any one of claims 1 to 7,
The packet relay apparatus, wherein the address information is a physical address of a transmission source or a transmission destination. In the packet relay device according to any one of claims 1 to 7,
The packet relay apparatus, wherein the address information is transmission source or transmission destination subnet identification information. In the packet relay device according to any one of claims 1 to 7,
The entry table is the address information of the input packet, a flag information indicating the validity / invalidity of the address information, wherein the entry and to Rukoto and a communication quality control information or filtering control information corresponding to the information Packet relay device. The packet relay device according to claim 11,
The address information is Internet Protocol (IP) address information and input line information. Flag information indicating validity / invalidity of the address information is flag information indicating validity / invalidity of the IP address information; A packet relay apparatus comprising flag information indicating validity / invalidity of input line information. The packet relay device according to claim 12 ,
Before SL match determining means has an IP address information, a plurality of comparing means provided for each input line information,
The comparison means provided corresponding to the IP address information operates according to flag information indicating validity / invalidity of the IP address information,
The packet relay apparatus characterized in that the comparing means provided corresponding to the input line information operates in accordance with flag information indicating validity / invalidity of the input line information. The packet relay device according to claim 13,
The comparison means provided corresponding to the IP address information performs a match determination only when flag information indicating validity / invalidity of the IP address information indicates validity, and the comparison provided corresponding to the input line information. The means performs a match determination only when flag information indicating validity / invalidity of the input line information indicates validity. The packet relay apparatus according to any one of claims 1 1 4,
The packet relay apparatus, wherein the communication quality control information is bandwidth monitoring information.

Images