JP4951604B2 - Network connection device and management method - Google Patents

Description

  The present invention relates to an inter-network connection apparatus in a communication network, and more particularly, to an inter-network connection apparatus that manages a correspondence database of communication protocol addresses and physical device addresses in packet relay, and a management method thereof.

  In the communication network, each device is connected by a physical device such as Ethernet (registered trademark), and a packet of each protocol is encapsulated in a frame of the physical device and transmitted to an adjacent device. Therefore, even if the relay is based on the protocol address, a database that converts the protocol address to the address of the physical device is required when passing a packet to an adjacent device, and ARP (Address Resolution) is a typical example that realizes this. Protocol) and the like.

  FIG. 3 is a block diagram showing a configuration of a conventional inter-network connection device 300. The inter-network connection device 300 is based on a plurality of line accommodating units 303 accommodating lines such as Ethernet (registered trademark) for connecting to other devices, and packets received via the line accommodating unit 303 based on the destination address. It includes a transfer engine 302 for transferring to another device, and a management module 301 for setting the device and performing complicated protocol processing. The transfer engine 302 is configured by hardware such as ASIC in order to realize high-speed packet transfer processing. The management module 301 includes a CPU, a memory, and the like, and performs complicated protocol processing and the like with software.

  The management module 301 holds a database 311 such as ARP, for example, and manages entries (creation, deletion, timer monitoring, etc.) by software based on protocol processing. The transfer engine 302 that actually performs packet transfer processing also holds the contents of a database such as ARP, and the transfer engine 302 performs hardware transfer of packets by referring to the contents of the database held by itself. By the software processing of the management module 301, the contents of the databases held by the management module 301 and the transfer engine 302 are synchronized.

  The transfer engine 302 uses an associative memory (CAM: Content Addressable Memory) 322 for the ARP database in order to speed up the table search performed during the packet transfer process. The associative memory 322 does not search whether the entry matches the key one by one, but since the search is executed in parallel, the search can be performed very fast, but the array address 323 is returned as a search result. In addition to storing the protocol address to be the search key 324 in the associative memory 322, in order to record the attribute information such as the physical device address, a separate table memory 325 is necessary, and these addresses are in the order of the address 323 of the key 324. By storing the attribute information in the table memory 325, it functions as a database. The table memory 325 is generally composed of a RAM or the like. However, since the access speed is slower than that of the CAM, a system load is applied when reading / writing attribute information.

  Some protocols, such as ARP, require an aging process in which an expiration time is set for a database entry and the entry is deleted when the set time has elapsed since the last reference. In the aging process, it is necessary to reset the expiration time when an entry is referred to, and it is necessary to incorporate logic for monitoring whether the entry is referred to in the database of the transfer engine 302.

  In general, as the logic for monitoring, an area called hit bit 327 is provided in one of the attribute information of each entry on the table memory 325 of the transfer engine 302, and this is set when a new entry is created or immediately after being reset. Set to “0”. Then, when the transfer engine 302 refers to the entry at the time of packet transfer, if the hit bit 327 is “0”, a logic of changing to “1” is incorporated. Thereby, the transfer engine 302 can manage which entry in the database is referred to.

  In a protocol requiring aging processing, in order to monitor which entry is referred to, timer processing is started by the software of the management module 301, and all entries of the database in the hardware transfer engine 302 are periodically checked. There is a need.

  FIG. 4 is a flowchart showing the aging process performed by the management module 301. The management module 301 executes the process shown in FIG. 4 by a periodic process using a timer.

  The management module 301 retrieves the protocol address that is the key 324 from the associative memory 322 of the transfer engine 302 (step 401). Since the address 323 of the associative memory 322 is returned as a search result, the position of the table memory 325 is calculated from the address (step 402), and the hit bit 327 of the table memory 325 at the calculated position is referenced (step 403).

  If the hit bit 327 is “1”, an entry that matches the protocol address of the key 324 used in step 401 is searched from the database 311 of the management module 301, and the entry expiration time 314 is reset to the current time + system expiration time. Further, the hit bit 327 of the transfer engine 302 is cleared to “0” (step 404). Then, it progresses to step 407.

  On the other hand, if the hit bit 327 is “0” in step 403, an entry that matches the protocol address of the key 324 used in step 401 is searched from the database 311 of the management module 301, and the entry expiration time 314 and the current time are searched. Are compared (step 405). If the expiration time 314 has passed, the information stored in the entry corresponding to the entry is deleted from the database 311 of the management module 301, the associative memory 322 of the transfer engine 302, and the table memory 325 (step 406). ), Go to Step 407. In step 405, if the current time has not passed the expiration time 314, the process proceeds to step 407 as it is.

  In step 407, the presence / absence of the next entry is confirmed. If there is a next entry, the process returns to step 401 to continue the aging process.

  In addition, although there exists what was described in patent document 1 about the aging process acceleration using an associative memory, this is what performs an aging process in a single associative memory, and when a fixed period passes, it is automatic. Since it is deleted from the hardware, it cannot be applied to the aging process of a database such as ARP managed by the software of the management module.

JP 2003-91454 A

  The aging process must be performed for all entries in the database 311. However, in the conventional aging process described with reference to FIG. 4, in addition to accessing the associative memory 322, the position of the table memory 325 is calculated (step 402 in FIG. 4) and the table memory 325 (RAM) having a low access speed is referenced. (Step 403 in FIG. 4) must be performed, and the load on the system is large. For this reason, when the number of entries to be subjected to the aging process is very large, the timer process takes time, and the process of the management module 301 may be delayed.

  In order to avoid this, it is necessary to set a limit on the number of entries that can be processed simultaneously to the extent that there is no delay in the periodic timer process. There is a problem that a delay on the protocol occurs as many times as the number of times the timer is executed.

Further, in the technique described in Patent Document 1, aging can be realized only by hardware entries by using a part of the associative memory word for aging processing. Cannot be applied because of the following problems.
(1) Since the hardware entry is automatically deleted, there is a possibility that consistency with the software database cannot be obtained.
(2) Some protocols, such as IPv6 NUD (Neighbor Unreachability Detection), do not simply delete after a certain period of time, but require some processing.
(3) A special associative memory is required instead of a general-purpose associative memory.

  Therefore, an object of the present invention is to speed up the software database aging process as compared with the conventional technique and suppress the processing delay and the protocol delay in the management module.

  In order to achieve the above object, according to the present invention, there is provided an inter-network connection device that maintains a correspondence relationship between a protocol address and a physical device address, and refers to the correspondence relationship based on a protocol address of a received packet. A packet transfer unit that performs the transfer process of the packet, and a management unit that manages the correspondence, wherein the packet transfer unit holds a first associative memory that holds a protocol address that is not referred to in the transfer process; And a second associative memory that holds the protocol address referred to in the transfer process, thereby providing an inter-network connection device that can manage whether or not the protocol address is referenced using the associative memory. .

  It is possible to increase the speed of the aging process and suppress the occurrence of processing delays and protocol delays in the management module.

  FIG. 1 is a block diagram illustrating a configuration of an inter-network connection device 100 according to the present embodiment. 3 is different from the configuration of the conventional inter-network connection device 300 in FIG. 3 in that the transfer engine 102 includes two sets of associative memory A 122 and associative memory B 125. The table memory 128 is one set as before, but is accessed and shared by both the associative memory A 122 and the associative memory B 125.

  The inter-network connection apparatus 100 is based on a plurality of line accommodating units 103 that accommodate lines such as Ethernet (registered trademark) for connecting to other apparatuses, and packets received via the line accommodating unit 103 based on the destination address. It includes a transfer engine 102 for transferring to another device, and a management module 101 for setting the device and performing complicated protocol processing. The transfer engine 102 is configured by hardware such as an ASIC in order to realize high-speed packet transfer processing. The management module 101 includes a CPU, a memory, and the like, and performs complicated protocol processing and the like by software processing.

  The management module 101 holds a database 111 such as ARP, and manages entries (creation, deletion, timer monitoring, etc.) by software based on protocol processing. The database 111 includes a protocol address 112 and a physical device address 113, which are used to acquire a physical device address corresponding to a protocol address when transferring a packet to an adjacent device in packet relay based on the protocol address. Necessary information. Each entry includes an expiration time 114, and each entry needs to be deleted when the expiration time 114 elapses.

  The transfer engine 102 that actually performs packet transfer processing also holds the contents of a database such as ARP, and the transfer engine 102 performs hardware transfer of packets by referring to the contents of the database held by itself. For example, when packet transfer is performed based on the destination protocol address of the received packet, the packet is encapsulated with a header including a physical device address corresponding to the destination protocol address, and then transferred to an adjacent apparatus. Note that the contents of the databases held by the management module 101 and the transfer engine 102 are synchronized by software processing of the management module 101.

  The transfer engine 102 uses associative memories (CAM: Content Addressable Memory) 122 and 125 for the ARP database in order to speed up the table search performed during the packet transfer process. The associative memories 122 and 125 do not search whether the entry matches the key one by one, but search of all the entries is executed in parallel, so that the search can be performed at a very high speed. Since the addresses 123 and 126 are returned, a separate table memory 128 is required to record the attribute information such as the physical device address in addition to storing the protocol addresses serving as the search keys 124 and 127 in the associative memories 122 and 125. The attribute information is stored in the table memory 128 in the order of the addresses 123 and 126 of the keys 124 and 127, thereby functioning as a database.

  In the present embodiment, since the associative memory A 122 and the associative memory B 125 are provided, the table memory 128 is accessed and shared by both the associative memory A 122 and the associative memory B 125. The contents of the database held by each of the management module 101 and the transfer engine 102 are synchronized, and the information of the protocol address 112 held by the management module 101 is the key 124 of the associative memory A 122 or the associative memory B 125 of the transfer engine 102. Alternatively, the information of the physical device address 113 held in the key 127 and held in the management module 101 is held in the table memory 128 of the transfer engine 102.

  Further, in order to perform the aging process, a logic for monitoring whether or not the entry of the database of the transfer engine 102 is referred to is required. As the logic, when the entry is newly created, the entry is stored in the associative memory A122. When the transfer engine 102 refers to the entry during packet transfer, the entry is written in the same column of the associative memory B and deleted from the associative memory A.

  For example, the entry of protocol address “192.168.0.1”, which is the key 124 written in the entry of “1” in the address 123 of the associative memory A 122, is an entry that is not referenced after being written at the time of new creation. It is. Further, the entry whose address 123 of the associative memory A122 is “2” is written in the associative memory A122 at the time of new creation and then referred to at the time of packet transfer. Therefore, the entry is deleted from the associative memory A122 and the same column of the associative memory B125 (that is, This is an entry (protocol address “192.168.0.2”) written in the address 126 of the associative memory B125.

  Since the protocol address is written in either the associative memory A122 or the associative memory B125, the transfer engine 102 searches both the associative memory A122 and the associative memory B125 at the time of packet transfer.

  With this logic, the entry referenced at the time of packet transfer is written to the associative memory B125, and the entry not referred to remains in the associative memory A122. Therefore, the transfer engine 102 can manage which entry in the database is referred to. it can. In this method, unlike the prior art, it is not necessary to provide the hit bit 327 in the table memory 128.

  In this logic, a database entry must exist in either the associative memory A if it is not referenced by the transfer engine after it is newly created or after the expiration time is reset, and in the associative memory B if it is referenced. A state that exists or does not exist does not occur. In addition, after the first creation in the associative memory A for the first time, the same entry exists in the same column in both the associative memory A and the associative memory B until it is deleted. As a result, consistency with the additional information (physical device address) on the table memory 128 is maintained.

  FIG. 2 is a flowchart showing the aging process performed by the management module 101 in this embodiment. The management module 101 executes the process shown in FIG.

  The management module 101 retrieves the protocol address that is the key 124 from the associative memory A 122 of the transfer engine 102 (step 201).

  When the entry does not exist (when the entry is referred to by packet transfer and is written in the associative memory B125), the expiration time 114 for the entry is reset to the current time + system expiration time (expiration time reset), Thereafter, the associative memory B125 is searched for the protocol address searched in the associative memory A122, the entry is written in the associative memory A122 in the same row as the search result of the associative memory B125, and the entry is deleted from the associative memory B125 (step 202). . Then, it progresses to step 205.

  On the other hand, if an entry exists in step 201 (if the entry is not yet referenced and remains in the associative memory A 122), an entry that matches the protocol address of the key 124 used in step 201 is stored in the database 111 of the management module 101. And the expiration time 114 of the entry is compared with the current time (step 203). If the expiration time 114 has passed, the information stored in the entry corresponding to the entry is deleted from the database 111 of the management module 101, the associative memory A 122 of the transfer engine 102, and the table memory 128 (step 204). ), Go to Step 205. In step 203, if the current time has not passed the expiration time 114, the process proceeds to step 205 as it is.

  In step 205, it is confirmed whether or not there is a next entry. If there is a next entry, the process returns to step 201 to continue the aging process. The aging process is executed for all entries in the database 111 of the management module 101.

  As described above, according to the present embodiment, the expiration time 114 can be checked only by searching the associative memory having a high access speed without referring to the table memory 128 having a low access speed. The processing speed can be increased, and processing delays and protocol delays in the management module can be suppressed.

Furthermore, according to this embodiment, the following effects can also be obtained.
(1) Since a general-purpose associative memory is used, the processing in a database managed by software can be speeded up without using the technique of Patent Document 1.
(2) For example, it is possible to use not only an aging process that simply deletes a database entry, such as IPv6 NUD (Neighbor Unreachability Detection), but also a protocol that performs some process after expiration.
(3) Since it is linked not only to the logic of hardware but also to a protocol database managed by software, it can be applied only by software without changing hardware even when a new protocol is supported.

  In this embodiment, all entries in the database 111 held by the management module 101 are subject to periodic timer processing. However, a limit may be placed on the number of entries processed in one periodic timer processing.

  The database 111 is not limited to the ARP database, and can be applied to other databases that require aging processing. In the present embodiment, the configuration in which the transfer engine 102 is one has been described. However, the present invention can also be applied to a configuration in which a plurality of transfer engines 102 are provided.

It is a block diagram which shows the structure of the network connection apparatus 100 in this embodiment. It is a flowchart which shows the aging process which the management module 101 in this embodiment performs. It is a block diagram which shows the structure of the conventional network connection apparatus 300. FIG. It is a flowchart which shows the aging process which the management module 301 performs.

Explanation of symbols

DESCRIPTION OF SYMBOLS 100: Network connection apparatus 101: Management module 102: Transfer engine 103: Line accommodation part 111: Database 122: Associative memory A 125: Associative memory B 123, 126: Address 124, 127: Key 128: Table memory

Claims (10)

An inter-network connection device that transmits and receives packets,
A packet transfer unit that holds a correspondence between a protocol address and a physical device address, and refers to the correspondence based on a protocol address of a received packet, and performs a transfer process of the packet;
A management unit for managing the correspondence relationship;
The packet transfer unit includes: a first associative memory that holds a protocol address that is not referenced in the transfer process; and a second associative memory that holds a protocol address that is referenced in the transfer process. A network connection device. The inter-network connection device according to claim 1,
The management unit
Further managing the expiration time of the correspondence between the protocol address and the physical device address;
Monitoring whether or not the expiration time of the first protocol address held in the first associative memory has passed; and if the expiration time has passed, the first protocol address and the physical device An inter-network connection device, wherein the correspondence relationship with an address is deleted. The inter-network connection device according to claim 2,
The management unit
It is further monitored whether or not the second protocol address is held in the second associative memory, and when the second protocol address is held, the second protocol address and the physical device address are An inter-network connection device characterized by resetting an expiration time for a correspondence relationship, deleting the second protocol address from the second associative memory, and holding the second associative memory in the first associative memory. The inter-network connection device according to claim 3,
The inter-network connection device, wherein the reset is performed by resetting a time obtained by adding a predetermined time to a current time as the expiration time. An inter-network connection device according to any one of claims 2 to 4,
The inter-network connection device, wherein the management unit periodically performs the monitoring. A packet transfer unit that holds a correspondence relationship between the first type address and the second type address and refers to the correspondence relationship based on the first type address of the received packet, and performs a transfer process of the packet; A management method of the correspondence in an inter-network connection device comprising a management unit for managing the correspondence,
The step of holding the first type address in the first associative memory by the packet transfer unit, and referring to the first type address held in the first associative memory in the transfer process And deleting the address from the first associative memory and holding it in the second associative memory. The management method according to claim 6, comprising:
The management unit of the inter-network connection device further manages an expiration time of a correspondence relationship between the first type address and the second type address,
The manager monitoring whether the expiration time for the first type of address held in the first associative memory has passed, and if the expiration time has passed, the first And a step of deleting the correspondence relationship between one type of address and the second type address. The management method according to claim 7,
The management unit monitoring whether the first type address is held in the second associative memory; and when the first type address is held in the second associative memory. Resetting the expiration time for the first type of address held in the second associative memory and deleting the first type of address from the second associative memory to the first associative memory. And a holding step. The management method according to claim 8, comprising:
The said reset is performed by resetting the time which added predetermined time to the present time as said expiration time. A management method according to any one of claims 7 to 9,
The monitoring method is characterized in that the step of monitoring is performed periodically.

Images