JPH1032597A - Inter-lan connection device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To group terminal equipments connecting to the inter-LAN connection device for each media access control(MAC) address of a data link layer. SOLUTION: A bridge module 12 learns a sender MAC address, a sub net address of a sender source network layer, and a reception port and registers them to a bridge table 12b. Furthermore, the bridge module 12 references the bridge table 12b to conduct bridge to a destination MAC address and a destination network layer address. An address resolution protocol(APR) module 13 sends an ARP request before each entry to an ARP table 11a and the bridge table 12b is deleted when the service life comes, the ARP table 11a and the bridge table 12b are updated from an ARP reply packet of the reply.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

The present invention relates to a LAN (Local Area).
More particularly, the present invention relates to a method for registering address information of terminals and routers directly connected to a LAN-to-LAN connecting device.

[0002]

2. Description of the Related Art This type of conventional LAN-to-LAN connecting apparatus is used for realizing a logical network configuration which is not restricted by physical connection, and has an effective transmission capacity by preventing unnecessary traffic from flowing through Ethernet. Is used to raise

FIG. 9 is a network configuration diagram showing an example of a conventional inter-KAN connecting apparatus of this type. The LAN connection device 1 is a device having both a bridge function and a router function, and has a function of grouping a plurality of transmission / reception ports. The groups 21, 22, and 23 shown in the figure are groups grouped by the inter-LAN connecting device 1. The inter-LAN connecting device 1 has a subnet address of a network layer for each group, and bridges communication within the group and performs inter-group communication. Routing communication.

[0004] The routers A and B and the terminals C, D and E are directly connected to the LAN connection device 1, and the addresses of the network layers in the groups to which the ports of the connected LAN connection devices 1 belong. Are all set the same.

Next, the operation will be described. The LAN-to-LAN connecting device 1 can freely group its own ports, and can form a logical network by grouping. Since communication within a group, such as communication between routers A and C connected to ports belonging to the same group, is communication between devices having the same subnet address, bridge and connect to ports belonging to different groups. The communication between the terminals C and D is routed because the subnet addresses are different.

[0006]

A first problem is that all terminals (including routers) connected to the same port must have the same subnet address, and the terminal address may be changed. If this is done, or if one attempts to move, the settings of the LAN-to-LAN connection device or terminal must be changed.

[0007] The reason is that, since the ports are grouped for each port, the terminals connected to the same port always belong to the same group.

An object of the present invention is to enable terminals and routers having different subnet addresses to be connected to the same port,
MAC (Media Access Control)
An object of the present invention is to provide an inter-LAN connecting device that enables grouping for each address.

[0009]

According to the present invention, there is provided a LAN-to-LAN connection having a plurality of transmission / reception ports and configured to perform a bridging process or a routing process according to address information of a packet received from these ports. A registration unit for registering, in response to the reception of the packet, a unique address of a source of the received packet, a subnet address of a source network layer and a receiving port number, and a unique address of a destination of the received packet. Referring to the registered contents of the registration means, if the subnet address is the same as the unique address of the transmission source, the reception packet is transmitted to a corresponding port to perform the bridge processing. And a control unit for performing a routing process.

[0010] The control means is characterized by further comprising means for transmitting the received packet to all ports when the address unique to the transmission destination is not registered in the registration means.

[0011] The registration means may include means for transmitting a packet for address acquisition to an address of a subnet connected to all of the ports, and receiving a reply packet to the packet and connecting to the port. Means for registering in a table the unique addresses, subnet addresses, and port numbers of all the terminals.

[0012] Further, the registration means, when the registration time of each registration entry of the table reaches a certain time,
It is characterized by comprising means for transmitting the packet and means for controlling the update of the corresponding registration entry in accordance with the contents of the reply packet to the packet.

Further, the unique address is a data link layer MAC (MEdia Access Control) address, and the subnet address is a network layer IP address.
(Internet Protocol) address.

The operation of the present invention will be described. A table for registering a set of a MAC address, an air subnet address, and a port number is provided. In a bridge function portion, a subnet address of a network layer, which is a layer higher than the data link layer, can be identified with reference to the table, and The grouping of the upper layer at the level becomes possible, and even if terminals and routers having different subnet addresses are connected to the same port, grouping for each MAC address of the data link layer is enabled.

Further, for each registered entry in the table,
When the aging time is reached, a packet for address acquisition (ARP packet; Address Resolution Protocol) is not sent to the terminal without simply deleting this registration entry.
l) is transmitted as an ARP request, and information of ARP reply as a response is obtained, so that all MAC addresses, ports, and upper layer subnet addresses of terminals communicating under the LAN-to-LAN connecting device are obtained. , At the bridge level.

[0016]

Embodiments of the present invention will be described below with reference to the drawings.

FIG. 1 is a system diagram to which the embodiment of the present invention is applied, and the same parts as those in FIG. 9 are denoted by the same reference numerals. In FIG. 1, the LAN connection apparatus 1 has a plurality of ports 141 to 146 (in the figure, six ports are shown, but in general, n ports 141 to 14n (n is an integer of 2 or more)). Routers A and B, terminal C in equal ports
To F are connected respectively.

In the present invention, the network layer is not limited to a specific protocol, but the case of IP which is the most standard protocol will be described.

Referring to FIG. 2, the LAN connection device 1 includes a route module 11, a bridge module 12, an AR
Owns the P module 13, the ARP table 11a is referred to by the root module 11, and the bridge table 12
b is written / referenced to the bridge module 12.

The bridge module 12 has ports 141 to
14n is received by the bridge table 12
b, the bridge processing is performed, and the LAN connection device 1
If the received packet is an ARP reply (reply) packet, the packet is transmitted to the ARP module 13. The bridge module 12 performs a bridge process on the packets received from the route module 11 and the ARP module according to the bridge table 12b, and performs a transmission process to the ports 141 to 14n owned by the LAN connection device 1.

The route module 11 performs a routing process on the packet received from the bridge module 12 and transmits the packet to the bridge module 12. At this time, if there is no MAC address corresponding to the IP address of the next hop (determining the address of the relaying router to deliver the packet to the final destination), the ARP request
Send out st packet, receive ARP reply, MA
After the C address is resolved, the packet is transmitted to the bridge module 12.

Next, the functions of the bridge module 12 and the bridge table 12b will be described.

FIG. 3A shows the contents of the bridge table 12b. Bridge module 12 is port 1
It transmits / receives packet data to / from the router module 41 to 14n, the route module 11, and the ARP module 13, and references / writes the bridge table 12b. Bridge table 12
b is a reference / write from the bridge module, and A
Writing from the RP module 13 is possible.

In the learning bridge processing in a normal bridge, a combination of a transmission source MAC address of a reception packet and a reception port is learned, and a table of the combination is created.
b is a table of a set of a MAC address, which is a unique address of a transmission source, a reception port, and a subnet address or a group number as shown in FIG. This table is written / referenced by the bridge module 12 and also written by the ARP module 13.

First, when writing to the bridge table 12b of the bridge module 12, the bridge module 12 learns the combination of the received packet and the received port, as in the ordinary learning bridge process. We learn from. If the source address is the same subnet address as the inter-LAN connecting device 1, it indicates the address of the same interface as the source MAC address, so the combination of this IP address, MAC address, and subnet address is registered.

If the source address of the IP is not the subnet address of the LAN-to-LAN connecting device 1, the source IP address of the packet is a destination that the LAN-to-LAN connecting device 1 does not directly transmit. And only the IP subnet address.

Next, referring to the bridge table 12b of the bridge module 12 may be performed using the destination MAC address of the received packet as a key, or may be performed using the source IP address of the received packet as a key.

The bridge module 12 sets the destination MAC address to a unicast address and a L
If it is addressed to the inter-AN connecting device 1, it is transmitted to the route module 11. If the destination MAC address is a unicast address and the same subnet address as the source MAC address, bridging is performed. If there is no entry that matches the destination MAC address, send to all ports.

The destination is broadcast (broadca).
st) In the case of an address, transmission is performed only to a port having an entry in the same subnet as the transmission source subnet address. If the received packet is an ARP reply packet, the packet is transmitted to the ARP module 13.

Next, the functions of the route module 11 and the ARP table 11a will be described. The route module 11 performs transmission and reception with the bridge module 12, and performs ARP
Reference is made to the data in the table 11a. ARP table 1
1a is an IP address and a MAC as shown in FIG.
A pair with an address is registered.
a is referred from the route module 11 and ARP
Reference / writing from the module 13 is performed.

The route module 11 routes the packet received from the bridge module 12 in the same manner as a normal router, and transmits the next hop of the destination IP address.
The P address is resolved, the MAC address corresponding to the IP address is searched from the ARP table 11a, and transmitted.
If the corresponding MAC address does not exist, A
After transmitting the RP request packet and resolving the MAC address of the IP address, the packet can be transmitted.

Next, the function of the ARP module 13 will be described. The ARP module 13 performs transmission and reception with the bridge module, performs reference / write to the ARP table, and also writes to the bridge table. The received ARP reply packet which is not its own device is transmitted by the bridge module 12 to the ARP module 13, and from this information, the ARP module 13
The combination of the IP addresses is added to the bridge table 12b.

In general, the ARP table 11a and the bridge table 12b each have a lifetime. However, the ARP module according to the present invention does not simply delete entries whose lifetime has expired, but rather deletes entries whose lifetime has expired. ARPrequest is sent to the IP address.

Next, the operation of the LAN connection device 1 of FIG. 1 will be described. Packets transmitted and received by the LAN-to-LAN connecting apparatus 1 include two types of packets, a packet to be bridged and a packet to be routed, a packet of routing information, and an SNMP (Simple Network) for network management.
There is a packet such as an rk Management Protocol (RK) packet that the LAN-to-LAN connection device 1 itself needs to transmit and receive.

In the LAN connection apparatus 1, ports 141 to 141
The packet received at 14n is first evaluated by the bridge module 12, and if the packet is addressed to the own device, it is passed to the root module 11, otherwise, the packet is bridged by the bridge module 12 and output to an appropriate port. ARP reply packet is ARP module 1
3 is also transmitted.

The route module 11 receives a packet from the bridge module 12 at any time of reception, performs a routing process to an appropriate destination IP address, and transmits the packet to the bridge module 12. The ARP module 13 includes the ARP table 11a and the bridge table 1
2b is updated.

The operation of the inter-LAN connecting apparatus 1 is determined according to the state of the bridge table 12b and the state of the ARP table 11a, and FIG. 4A shows a table showing the combination. FIG. 4B is a table describing the operation of the corresponding bridge module 12, and FIG. 4C is a table describing the operation of the root module 11.

Referring to FIG. 4A, first, the state of the bridge table 12b is indicated by ○ when there is a combination of a MAC address and a port, and is indicated by X when there is no combination (the writing of an IP subnet is not concerned). Absent). The state of the ARP table 11a is IP address, M
○: A state where there is a pair of AC addresses
The state during RP is indicated by △. FIG. 4A shows a possible combination of the states of the bridge table 12b and the ARP table 11a.

FIG. 4B shows the operation of the bridge module 12 in each state of the LAN connection apparatus 1 shown in FIG. 4A. Since the bridge module 12 refers only to the bridge table 12b, the bridge module 12 The operation is determined by the state of the table 12b. Bridge table 12
In the case of the states 2, 5, and 6 where b exists, the transmission is performed to the corresponding port. In the case of the states 1, 3, and 4 where b does not exist, the transmission is performed to all ports.

FIG. 4C shows the operation of the route module 11 in each state of the LAN connection apparatus 1 shown in FIG. 4A. Since the route module 11 performs transmission processing by looking only at the ARP table 11a, its operation is determined by the state of the ARP table 11a. ARP table 1
1a does not exist, ARP request transmission is performed. If ARP is being performed, transmission is waited.
When 1a exists, it is transmitted to the corresponding MAC address.

That is, the LAN connection apparatus 1 is in the state 1 or 2
In the case of, the ARP request is transmitted, in the case of the states 3 and 6, transmission is waited, and in the case of the states 4 and 5, the transmission is performed for the corresponding MAC address.
At the time of, it sends to the corresponding port.

FIG. 5 is a state transition diagram showing the relationship between the operations of the bridge module 12 and the root module 11 and the states of the LAN-to-LAN connecting device 1. States 1 to 6 in the figure are states defined in FIG.

Next, the flow of processing until the bridge module 12 and the root module 11 determine the operations as shown in FIGS. 4B and 4C will be described.

The bridge module 12 receives a packet from the port or the root module 11, and the operation after receiving the packet is as shown in FIG.
First, the source MAC address is evaluated (step S
1) A MAC address whose MAC address is not registered in the bridge table 12b (hereinafter, unknown MAC address)
Address), check the source IP subnet by looking at the header of the IP layer. If the IP address is the same as the IP address of the own device 1, that is, if the IP subnet is in contact with the own device (step S2) The combination of the source MAC address, the receiving port, and the IP subnet is registered in the table 12b (step S3).

If it is not an IP subnet in contact with its own device (step S2), a set of only the source MAC address and the receiving port is registered (step S4). The source MAC address of the received packet is already in bridge table 1
If it is an address registered in 2b (hereinafter, known MAC address) (step S1), check the IP subnet. If it is an already registered subnet (step S5), aging tim of the registration entry
e is updated (step S6). If not registered, it is added (step S7).

Next, if the received packet is an ARP reply
It is evaluated whether the packet is a packet (step S8). This evaluation can be performed by the type field in the header part of the packet. ARP if ARP reply
The data is also transmitted to the module 13 (step S9).

Next, the destination MAC address is evaluated (step S10), and if it is a unicast address addressed to the own device, it is transmitted to the route module 11 (step S1).
1) If it is a broadcast address, the source IP
An entry of the MAC address of the same subnet as the address is searched for in the bridge table 12b, the transmission processing is performed to the port to which the entry belongs (step S12), and the transmission is also performed to the route module 11. However, transmission is not performed overlapping the already transmitted port.

If the destination is an unknown unicast address, transmission is performed to all ports (step S13). If the address is a known unicast address, it is transmitted to the corresponding port (step S14).

The route module 11 performs exactly the same processing as a general router. FIG. 7 shows the operation flow. Route to the next hop IP address of the destination IP address of the received packet (step S1).
5) The destination MAC address corresponding to this is resolved with reference to the ARP table 11a (step S16) and transmitted. If there is no corresponding IP address entry in the ARP table 11a, the ARP request
Send st.

As shown in FIG. 8, the ARP module 13 interprets the received ARP reply packet, obtains information on the combination of the IP address and the MAC address, updates the ARP table 11a, and updates the ARP table 11a (step S18). The bridge table 12b is updated (step S19). The ARP module 13 interprets the ARP reply sent from the bridge module 12 and, in addition to interpreting the ARP reply transmitted from the bridge module 12,
a, ARP request is transmitted to the IP address of each entry of the bridge table 12b (step S20).

With the above configuration, the LAN connection device 1
Can have terminals of a plurality of types of subnet addresses under its control, and it is possible to make flexible settings such that it is not necessary to change the physical configuration together with the logical configuration of the subordinate terminals. Further, since it is possible to have the MAC address and the subnet address of the terminal currently communicating under the subordinate as a set, it is also possible to perform grouping for each MAC address.

Next, the operation of one specific example of the embodiment of the present invention will be described. Referring to FIG. 3A, for example, a combination of a MAC address a, a port number 1, and an IP subnet 122.100.0.0, a MAC address d, a port number 4, and an IP subnet 122. 100.0.0 is registered, and the LAN connection apparatus 1 has an address of 122.100.1.254. The LAN connection device 1 has a destination M
AC address a, destination IP address 122.100.
It is assumed that a packet with 1.1, source MAC address d, and source IP address 122.100.2.1 is received from port 4.

The bridge module 12 sends this MA
The C address is evaluated, and since this packet is a known MAC address, it is next determined whether or not the source IP subnet of this packet is in contact with its own device. Since this source IP address is in the same subnet as the IP address of the LAN-to-LAN connecting device 1, it is determined that it is in contact with its own device, and since the IP subnet matches the one already registered, the aging time of this entry is set. To update.

Since this packet is not an ARP reply packet, the destination MAC address is checked next. Since this destination is a known unicast address, the bridge table 12b is referred to and the corresponding port, port 1
Send to

[0055]

The first effect is that the terminal connected to the LAN connection device may be connected to any port. For this reason, when changing the logical configuration such as changing the upper layer subnet, it is not necessary to change the setting of the terminal or router to be connected or the physical configuration. If only the network layer address of the inter-LAN connecting device allocated between the network layer subnets to be routed is written, the subsequent setting is unnecessary.

The reason is that an upper layer subnet can be allocated to a plurality of ports, and a plurality of upper layer subnets can coexist on the same port.

A second effect is that a group in an upper layer can be managed in MAC address units. The reason is that the bridge module has a function of recognizing and registering the group of the upper layer by looking at the header of the upper layer.

The third effect is that it is possible to avoid a phenomenon that the start of communication is delayed until an ARP table that can be generated normally is created. The reason is that the ARP module always updates the ARP table to the latest.

The fourth effect is that a phenomenon that a packet is sent to all ports until a bridge table which can occur normally is created is also minimized.
The reason is that ARP repl
This is because the bridge module can also update the bridge table from y.

[Brief description of the drawings]

FIG. 1 is a system diagram to which an embodiment of the present invention is applied.

FIG. 2 is a functional block diagram of an embodiment of the present invention.

FIG. 3A shows the contents of a bridge table.
(B) is a diagram showing the contents of the ARP table.

4A is a diagram showing each state of a bridge table and an ARP table, FIG. 4B is a table showing operation of a bridge module, and FIG. 4C is a table showing operation of a root module.

FIG. 5 is a state transition diagram of the embodiment of the present invention.

FIG. 6 is a flowchart showing the operation of the embodiment of the present invention.

FIG. 7 is a flowchart showing the operation of the route module.

FIG. 8 is a flowchart showing the operation of the ARP module.

FIG. 9 is a system diagram illustrating a conventional LAN connection device.

[Explanation of symbols]

 DESCRIPTION OF SYMBOLS 1 LAN connection apparatus 11 Root module 11a ARP table 12 Bridge module 12b Bridge table 13 ARP module 141-14n Transmission / reception port A, B Router CF terminal

Claims (5)

[Claims] 1. An inter-LAN connection device having a plurality of transmission / reception ports and configured to perform a bridging process or a routing process in accordance with address information of a packet received from these ports, and which responds to packet reception. Registering means for registering a unique address of a source of the received packet, a subnet address of a source network layer and a receiving port number, and referring to registered contents of the registering means according to a unique address of a destination of the received packet. Control means for transmitting the received packet to the corresponding port if the subnet address is the same as the unique address of the transmission source to perform the bridging process, and performing the routing process if the address is addressed to the own device. An inter-LAN connection device characterized by the above-mentioned. 2. The apparatus according to claim 1, wherein said control means further comprises means for transmitting said received packet to all ports when the address specific to said transmission destination is not registered in said registration means. The inter-LAN connection device as described in the above. 3. The registration unit transmits a packet for acquiring an address to an address of a subnet connected to all of the ports, and receives a reply packet to the packet to connect to the port. 3. The apparatus according to claim 1, further comprising means for registering, in a table, unique addresses, subnet addresses, and port numbers of all terminals. 4. The registration means further comprising: when a registration time of each registration entry of the table reaches a certain time.
4. The LAN connection apparatus according to claim 3, further comprising: means for transmitting the packet; and means for controlling update of the corresponding registration entry in accordance with the content of a reply packet to the packet. 5. The unique address is a data link layer MAC (MEdia Access Control) address, and the subnet address is a network layer IP (Internet).
2. Protocol) address.
5. The LAN connection device according to any one of items 1 to 4.