WO2018105197A1

WO2018105197A1 - Ethernet switch

Info

Publication number: WO2018105197A1
Application number: PCT/JP2017/033519
Authority: WO
Inventors: 昭光井上
Original assignee: 株式会社デンソー
Priority date: 2016-12-08
Filing date: 2017-09-15
Publication date: 2018-06-14

Abstract

In the present invention a header information analysis unit (18) analyzes information up to at least layer 3 for the headers of communication frames transmitted from a plurality of terminal devices, and an analysis result transmission unit (4 (5), 7(5), 36) transmits the analysis result to a microcomputer (2, 52, 62, 72). A reception unit (37) then receives control information generated by the microcomputer on the basis of the analysis result. A transmission control unit (28, 76) determines whether to transmit the communication frames to a destination terminal device or discard the communication frames, or suspends transmission of the communication frames, on the basis of the control information set in the reception unit.

Description

Ethernet switch

Cross-reference of related applications

This application is based on Japanese Application No. 2016-238436 filed on Dec. 8, 2016 and Japanese Application No. 2017-168747 filed on Sep. 1, 2017. Incorporate.

The present disclosure relates to an Ethernet switch that controls communication frames transmitted from a plurality of terminal devices to be transmitted to respective destinations.

Some Ethernet switch devices, also called so-called hubs, have a security function. For example, in Patent Document 1, a microcomputer constituting an Ethernet switch device authenticates a communication frame body at the first communication, learns and registers a MAC (Media Access Control) address, and thereafter passes through a microcomputer. A technique for transferring a communication frame on the IC side which is an Ethernet switch is disclosed.

JP 2016-163245 A

Patent Document 1 has a so-called layer 2 level security function. However, assuming that a security check is performed on a communication frame transmitted via the Internet by radio from outside the vehicle, OTA (OverＴＡThe Air), etc., it is not possible to check only by the MAC address. Therefore, in this case, it is necessary to transmit the communication frame body to the microcomputer side and check on the microcomputer side. Then, if the data included in the communication frame is large in size, for example, image data, the bandwidth of communication with the microcomputer is compressed, and the processing load on the microcomputer may increase. It becomes a problem.

This disclosure is intended to provide an Ethernet switch capable of performing a security check of a communication frame transmitted via the Internet without increasing the processing load on the microcomputer side.

According to one aspect of the present disclosure, the header information analysis unit analyzes information up to at least layer 3 with respect to the headers of communication frames transmitted from a plurality of terminal devices, and the analysis result transmission unit transmits the analysis results to the microcomputer. Send to. The receiving unit receives control information generated by the microcomputer based on the analysis result. The transmission control unit determines whether to transmit or discard the communication frame to a destination terminal device or to suspend transmission of the communication frame based on control information set in the reception unit.

With this configuration, the microcomputer can receive the analysis result including at least layer 3 information transmitted from the Ethernet switch, and can determine the handling of the communication frame based on the analysis result. Therefore, it is not necessary to transfer the main body of the communication frame to the microcomputer in order to perform a security check on the communication frame that has passed through the Internet, so that the processing load on the microcomputer can be reduced and the time required for transmission control can be reduced. it can.

The above and other objects, features and advantages of the present disclosure will become more apparent from the following detailed description with reference to the accompanying drawings. The drawing
In the first embodiment, it is a functional block diagram showing the configuration of the Ethernet switch device, It is a diagram conceptually explaining the function of the frame type analysis unit, It is a figure which shows the definition of FC code, It is a diagram showing a detailed configuration of the frame management register and its surroundings, It is a figure which shows a definition about the upper 2 bits of the 4-bit code which the microcomputer writes in the frame instruction register It is a figure which shows the definition about the lower 2 bits, Flow chart showing processing contents of ASIC and microcomputer Timing chart showing an example of communication contents between ASIC and microcomputer In 2nd Embodiment, it is a functional block diagram which shows the structure of an Ethernet switch apparatus, Flow chart showing processing contents of ASIC and microcomputer In 3rd Embodiment, it is a functional block diagram which shows the structure of an Ethernet switch apparatus, Flow chart showing processing contents of ASIC and microcomputer In 4th Embodiment, it is a functional block diagram which shows the structure of an Ethernet switch apparatus, Flow chart showing processing contents of ASIC and microcomputer In 5th Embodiment, it is a functional block diagram which shows the structure of an Ethernet switch apparatus, It is a figure which shows a definition about the low-order 2 bits (11) of 4-bit code which a microcomputer writes in a flame | frame instruction | indication register, Flow chart showing processing contents of ASIC and microcomputer It is a figure which shows an example of routing, In 6th Embodiment, it is a functional block diagram which shows the structure of an Ethernet switch apparatus.

(First embodiment)
As shown in FIG. 1, for example, an Ethernet switch device 1 for in-vehicle communication includes a microcomputer 2 and a dedicated ASIC (Application Specific IC) 3 that performs frame transfer processing at high speed by hardware processing. The ASIC 3 includes, for example, five frame input / output ports 4 (1) to 4 (5), the ports 4 (1) to 4 (4) are for communication with the outside, and the port 4 (5) is a so-called MII. (Medeia Independent Interface) is used for communication between the ASIC 3 and the microcomputer 2. The ports 4 (1) to 4 (4) are connected to an ECU (Electronic Control Unit) (not shown) as a communication terminal device, for example.

Communication cables 5 (1) to 5 (4) are connected to ports 4 (1) to 4 (4), respectively, and PHY chips 6 (1) to 6 (4) and MACs 7 (1) to 7 (4) are transceivers. Connected through. The port 4 (5) is connected to the MAC 9 built in the microcomputer 2 via the MAC 7 (5) and the communication line 8. Port 4 (5) and MAC7 (5) correspond to a header transmission unit. Port 4 is connected to terminal rx of MAC7.

The communication port 4 includes a frame forming unit 11, an L2 analyzing unit 12 and a FIFO (First In First Out) 13. The communication frame received by the ASIC 3 at the ports 4 (1) to 4 (4) is packed by the frame forming unit 11 in units of 64 bits and written into the FIFO 13. The header information of the frame is input to the L2 analysis unit 12, and the L2 analysis unit 12 performs analysis of layer 2 (the analysis result is indicated by L2ID). This code L2ID is also added to the header of the communication frame, and the communication frame is also written into the FIFO 13.

Here, the frame analysis performed by the frame type analysis unit 18 will be described. As shown in FIG. 2, four decoders 14 (3) to 14 (0) corresponding to the respective bits FC (3: 0) of the frame category FC are provided. There are three layers in the header of the frame: Layer 2; Ethernet, Layer 3; IP (Internet Protocol), Layer 4; TCP (Transmission Control Protocol). These are compared with the values of the comparison table 15 in which the comparison values are written in the initial setting by the decoders 14 (3) to 14 (0) and decoded.

The comparison table 15 has a comparison register corresponding to each bit selected as a hit condition from the header. Each comparison register is provided with a bit DC for designating whether or not the comparison data D2 is to be compared, and has a 2-bit configuration. As shown in the decoding table of FIG. 2, when DC = 0, the corresponding comparison data D2 is validated, and when DC = 1, the corresponding comparison data D2 is invalidated. Hereinafter, the decoders 14 (3) to 14 (0 ) Is not subject to comparison. In this example, four conditions are set as hit conditions, and the outputs of the decoders 14 (3) to 14 (0) correspond to the respective bits of FC (3: 0).

<Decoder 14 (3)>
Here, for example, in order to extract intrusion detection candidate 1, the 48-bit source MAC address in layer 2 is compared with comparison data D2.

<Decoder 14 (2)>
Here, for example, in order to extract DoS (Denial of Service) attack candidate 3, the 48-bit destination MAC address in layer 2 is compared with comparison data D2.

<Decoder 14 (1)>
Here, for example, DoS attack candidate 2 is extracted, and the 8-bit protocol type in layer 2 and the 6-bit flag in layer 3 are compared with comparison data D2.

<Decoder 14 (0)>
Here, for example, in order to extract DoS attack candidate 1, 16-bit Type / Length in layer 2 and 16-bit “full length” in layer 3 are compared with each comparison data D2 under hit condition 0. FIG. 3 is an FC (3: 0) list showing these together. Further, as shown in this list, the DoS attack candidate 4 or the like may be extracted by a combination of 2 bits or more.

In addition, in the configuration shown in FIG. 2, if the number of logic gates is to be reduced, for example, the comparison data D2 and the designated bit DC in the comparison table 15 are fixed and the writable register is abolished, or in the decoder 14 What is necessary is just to delete the part which compares DC value.

Refer to FIG. 1 again. The frame stored in the FIFO 13 is arbitrated between the ports 4 (1) to 4 (5) in the arbiter 16, and then stored in the FIFO 17 in the next stage. Further, the arbiter 16 generates a total of 11 bits of tag (10: 0) indicating the number of the port 4 to which each frame is input by the upper 3 bits and indicating the frame arrival order for each port 4 by 8 bits. . Then, the concatenation of tag (10: 0) and FC (3: 0) is a 15-bit frame ID; FID (14: 0).

The frame output from the arbiter 16 is sorted by the frame type analysis unit 18, and the frame ID is input to the transfer control unit 19, the header transmission frame generation unit 20, and the frame management register 21. In addition, information of

layers

3 and 4 in the header is input to the L3 and 4 control unit 22. A header and data excluding the frame ID are input to the transfer control unit 19 from the FIFO 17. A communication frame is input from the transfer control unit 19 to the update control unit 23 and the routing table 24.

The L3 and 4 control unit 22 analyzes the information of

layers

3 and 4, or refers to the routing table 24 based on the information, replaces the MAC address, and performs the L3 routing process or the like. Information for processing the frame to control the update is input to the update control unit 23. The update control unit 23 attaches the analysis information (L3, 4ID) to the FIFO 25 in the next stage and writes and updates the communication frame. The communication frame stored in the FIFO 25 is written into the frame buffer 27 via the write control unit 26. The frame buffer 27 is individually provided with buffers corresponding to the five ports 4 (1) to (5).

The communication frame stored in the frame buffer 27 is written to the FIFOs 29 (1) to 29 (5) via the read control unit 28. The read controller 28 controls the reading of the communication frame stored in the frame buffer 27 according to the register value of the frame instruction register 30 to be written by the microcomputer 2 as will be described later. Note that a multiplexer 31 is disposed in the preceding stage of the FIFO 29 (5), and an Ethernet frame having only the communication frame from the read control unit 28 and the L2 to L4 header portions generated by the header transmission frame generation unit 20 as data. Are selectively input and selected by a select signal based on the setting of the frame instruction register 30. The 8-bit output terminals of the FIFOs 29 (1) to 29 (5) are connected to the terminals tx of the MACs 7 (1) to 7 (5), respectively.

Communicating between the ASIC 3 and the microcomputer 2 is also performed separately by SPI (Serial Protocol Interface). The microcomputer 2 includes a CPU 32, a MAC controller 33 built in the microcomputer, and an SPI control unit 34. The controller 33 is connected to the MAC 9 and controls data transfer performed by the CPU 32 through MII communication. When the controller 33 receives data via the MAC 9, the controller 33 can also generate an interrupt to the INT control unit 32 </ b> I of the CPU 32.

The ASIC 3 generates an interrupt to the INT control unit 32I by writing to the write flag storage unit 35 attached to the frame management register 21. The ASIC 3 includes a Tx control unit 36, an Rx control unit 37, and a clock control unit 38 corresponding to the SPI control unit 34. For example, a clock signal having a frequency of 10 MHz is input to the clock control unit 38 from the SPI control unit 34. In synchronization with the clock signal, the Tx unit 36 serially transmits the data written in the frame management register 21 to the SPI control unit 34. The communication data size is generally 16 bits or 32 bits.

The Rx control unit 37 serially receives the data transmitted from the SPI control unit 34 in synchronization with the clock signal. If the received data is an address specification value, it becomes an enable signal re indicating which register value of the frame management register 21 is read out, that is, what register value the microcomputer 2 receives. Alternatively, the address designation value is an enable signal we indicating which frame instruction register 30 is to be written to, that is, whether the microcomputer 2 side performs transmission. If the received data is write data to the frame instruction register 30, the received data is written to the frame instruction register 30 in which the enable signal we is active.

When receiving the data transmitted from the ASIC 3, the SPI control unit 34 causes the CPU 32 to generate an interrupt. When receiving the interrupt, the CPU 32 reads data written in a reception buffer (not shown) inside the SPI control unit 34. Further, the CPU 32 causes the ASIC 3 to transmit the data by writing the transmission data in a transmission buffer (not shown) inside the SPI control unit 34.

As shown in FIG. 4, the frame management register 21 includes a plurality of registers in which a 15-bit frame ID is written, and a W flag storage unit 35 that is a write flag is provided for each register. These constitute a FIFO. The W flag is set by hardware when the frame ID is written in the frame management register 21, and when the reading of the frame management register 21 by the microcomputer 2 is completed or when the transmission of the header to the microcomputer 2 by the MII is completed, by the hardware Cleared. Also, when the W flag after the FIFO has already been set when the W flag is cleared, that is, when the next FID is written in the frame management register 21, the interrupt output to the microcomputer 2 is once cleared, but is constant. It is set again after the passage of time.

Note that, for example, the following configuration can be considered as a response when data is written to all of the frame management registers 21 as the FIFO.
1) The writing of the frame ID is prohibited, and an abnormal value such as $ AAA is inserted before the oldest frame ID.
2) Prohibit writing of frame ID and rewrite newest frame ID to abnormal value.
3) The frame ID to be written is inserted after the newest frame ID, and the oldest frame ID is discarded.

In addition, the reading of the frame ID by the microcomputer 2 may be performed continuously for all the frame management registers 21. Further, when writing to and reading from the frame management register 21 occur simultaneously, arbitration is performed.

The microcomputer 2 reads the register value of the frame management register 21, that is, the FID (14: 0), and as a result of the determination, writes the 4-bit set value shown in FIGS. The set value corresponds to control information. As shown in FIG. 5, the upper 2 bits of the 4 bits are a header transmission instruction code Tmii (1: 0), and are defined as follows.
Tmi (1: 0) Definition 00 Send entire frame to microcomputer 2 via MII 01 Send TCP header + L2, 3ID + FID to microcomputer 2 via MII 10 Send IP header + L2, 3ID + FID to microcomputer 2 via MII 11 To microcomputer 2 Do not send

Further, as shown in FIG. 6, the lower 2 bits are a frame transfer instruction code COD (1: 0), which is defined as follows.
COD (1: 0) Definition 00 Transfer from frame buffer prohibited (pending)
01 Discard frame 10 Permit transfer from frame buffer 11 ――――――――――

Next, the operation of this embodiment will be described. As shown in FIG. 7, when the ASIC 3 receives a communication frame at the input / output port 4 (S1), the L2 analysis unit 12 analyzes the layer 2 and performs transfer destination search and abnormality detection (S2). The communication frame with the L2ID as an analysis result is stored in the FIFO 13 (S3). As a result of the arbitration in the arbiter 14 (S4), the communication frame of the port 4 that has won is stored in the FIFO 16 in the next stage (S5).

Subsequently, when the category classification and the generation of the frame ID are performed in the frame type analysis unit 18 (S6), it is determined whether or not the frame is a write frame to the frame instruction register 30 (S7). If it is the writing frame (YES), writing is performed to the frame instruction register 30 (S26).

On the other hand, if it is not the writing frame in step S7 (NO), the processes in steps S8 to S10 are performed in parallel as follows. The code Tmii (1: 0); COD (1: 0) is confirmed in accordance with the setting for the FID generated in step S6 of the current frame instruction register 30, and the transfer control unit 19 determines in accordance with the setting of COD (1: 0). Frame processing is performed (S8). If Tmi ≠ (1, 1), the header is transmitted to the microcomputer 2 via the MII according to the setting of Tmi (S9), and the frame ID is written in the frame management register 21 (S10). However, if Tmii = (1, 1), the header transmission wave via MII is not performed.

After execution of step S8, the L3 and 4 control unit 22 performs analysis routing processing based on the information of layers 3 and 4 (S11), and stores the communication frame in the frame buffer 27 (S12). Then, when a shaping process for assigning priorities to the stored communication frames is performed (S13; YES), processes such as transfer suspension and permission, and frame discarding are performed according to the contents of the frame instruction register 30 (S14).

After execution of step S10, an interrupt is generated for the microcomputer 2 (S21). Then, the microcomputer 2 reads the frame ID from the ASIC 3 via the SPI (S22), and determines whether or not to update the frame instruction register 30 (S23). Then, the 4-bit code as the determination result is transmitted to the ASIC 3 via the SPI and MII (S24, S25). After executing steps S24 and S25, the process proceeds to steps S26 and S1, respectively. The process corresponding to step S25 → S1 is a route via MII indicated by a broken line in FIG. If “NO” in the step S9, the process shifts to a step S23.

In the example shown in FIG. 8, the initial value of the frame instruction register 30 corresponding to the port 4 (1) is “1100”, the transfer by MII is not performed, and the transfer of the communication frame is in the “pending” state. As a result of analysis by the frame type analysis unit 18 in the communication frame 1 received at the port 4 (1), “1” is set in bit 0 of the FID (FC), and the communication frame 1 is the DoS attack candidate 1. . Then, data “$ 1011” is written in the frame management register 21 corresponding to the port 4 (1). The upper 11 bits of tag: “$ 101” indicates the first communication frame of port 4 (1), and the lower 4 bits are FC “$ 1”.

Then, when the ASIC 3 causes the microcomputer 2 to generate an interrupt, the microcomputer 2 reads the register value “$ 1011” of the frame management register 21. As a result of the determination in step S23, the communication frame 1 is determined to be “discarded”, and data “$ 000D” is written into the frame instruction register 30 corresponding to the port 4 (1). Then, the read control unit 28 does not perform transfer by MII according to the code “1101”, and the communication frame 1 is discarded.

As described above, according to the present embodiment, the frame type analysis unit 18 of the ASIC 3 analyzes at least the information of the layer 3 or more about the header of the communication frame transmitted from the terminal device, and the Tx control unit 36 analyzes The result FID is transmitted to the microcomputer 2. The Rx control unit 37 receives the header transmission instruction code Tmii and the frame transfer instruction code COD generated by the microcomputer 2 based on the analysis result, and sets the frame instruction register 30. Based on the code set at that time, the read control unit 28 and the transfer control unit 19 determine whether to transmit a communication frame to the destination terminal device or whether to defer transmission of the communication frame. .

That is, when the Ethernet switch device 1 is composed of the microcomputer 2 and the ASIC 3, the microcomputer 2 receives an analysis result including information of layer 3 or higher transmitted from the ASIC 3, and handles a communication frame based on the analysis result. Can be determined. Accordingly, since a security check is performed on a communication frame that has passed through the Internet, there is no need to transfer the main body of the communication frame to the microcomputer 2, so that the processing load on the microcomputer 2 can be reduced and the time required for transmission control can be reduced. .
Further, since the frame type analysis unit 18 analyzes up to the layer 4 information for the header, it can also detect an abnormality in the TCP layer.

(Second Embodiment)
Hereinafter, the same parts as those in the first embodiment are denoted by the same reference numerals, description thereof will be omitted, and different parts will be described. As shown in FIG. 9, the Ethernet switch device 41 of the second embodiment is different in the configuration of the ASIC 42, and the frame type analysis unit 18, the transfer control unit 19, and the header transmission frame unit 20 are arranged on the upstream side of the arbiter 16. is doing.

In the case of such a configuration, as shown in FIG. 10, the processing on the ASIC 42 side proceeds to step S7 after step S1 and step S6 are executed in parallel with step S2. Steps S3 to S5 are executed between steps S8 and S11. In the case of the second embodiment configured as described above, the same effect as that of the first embodiment can be obtained.

(Third embodiment)
The Ethernet switch device 51 of the third embodiment shown in FIG. 11 includes a microcomputer 52 and an ASIC 53, which are obtained by deleting the configuration for performing communication via SPI from the configuration of the first embodiment. Therefore, transmission of the frame ID to the microcomputer 52 and writing performed by the microcomputer 52 to the frame instruction register 30 are all performed via the MII. In the flowchart shown in FIG. 12, steps S22 and S24 are deleted.

(Fourth embodiment)
The Ethernet switch device 61 of the fourth embodiment shown in FIG. 13 includes a microcomputer 62 and an ASIC 63. The input / output port 4 (5) is connected to the microcomputer 2 via the communication line 8, but in the fourth embodiment, these are not used for the control as the Ethernet switch shown in each embodiment. Accordingly, transmission of the frame ID to the microcomputer 52 and writing performed by the microcomputer 52 to the frame instruction register 30 are all performed via the SPI. In the flowchart shown in FIG. 14, steps S7, S9 and S25 are deleted.

(Fifth embodiment)
The Ethernet switch device 71 of the fifth embodiment shown in FIG. 15 includes a microcomputer 72 and an ASIC 73. The Ethernet switch device 71 has a configuration based on the Ethernet switch device 51 of the third embodiment. The microcomputer 72 includes a routing table 74 for L3 routing that replaces the routing table 24 on the ASIC side. The ASIC 73 includes a frame buffer 75 and a read control unit 76 in place of the frame buffer 27 and the read control unit 28, and a frame instruction register & header register 77 instead of the frame instruction register 30.

For example, in the first embodiment, the ASIC 3 uses the routing table 24 to perform L3 routing by hard logic. On the other hand, in the fifth embodiment, the microcomputer 72 performs L3 routing by software using the routing table 74.

As shown in FIG. 16, the frame transfer instruction code COD (1: 0) = 11, which is undefined in the first embodiment and the like, is defined as follows.
COD (1: 0) Definition 11 Header replacement by header register,
Permit transfer from frame buffer after FCS playback

Next, the operation of the fifth embodiment will be described. As shown in FIG. 17, "transfer destination search" is not executed in step S2 'instead of step S2. When step S6 is executed, it is determined whether or not the frame is a frame for writing to the frame instruction register 30 or the header register (S31). If it is the writing frame (YES), writing is performed to the frame instruction register & header register 76 (S32), and the process proceeds to step S14 '. In step S <b> 14 ′, processing such as transfer suspension / permission and frame discarding is performed according to the contents of the frame instruction register & header register 77.

In step S11, the ASIC 73 does not perform L3 routing. When step S14 'is executed, "transfer destination search" is executed here, an output port is determined (S33), and the process proceeds to step S13.

If it is determined NO in step S9, the microcomputer 72 determines whether or not the destination MAC address of the header transmitted from the ASIC 73 is addressed to the switch device 71 (S34). If it is not addressed to the switch device 71 (NO), the process proceeds to step S23. If it is addressed to the switch device 71 (YES), the destination MAC address of the header is changed with reference to the routing table 74 (S35). Then, the header whose address has been changed is added to the value written in the frame instruction register 30, and the code is transmitted to the ASIC 73 by MII (S36). Note that the read control unit 75 re-calculates and generates FCS (Flame Check Sequence) because the destination MAC address is changed, and then transmits the communication frame.

As an example of L3 routing, FIG. 18 shows a case where Switch_ECU 1 corresponding to the Ethernet switch device 71 serves as a router, and ECU_c belonging to network 2 transmits to ECU_f belonging to network 3.
The ECU_c refers to its own routing table and transmits a communication frame (ECU_c → ECU1 frame) with the destination MAC corresponding to the IP address “192.168.3.2/24” of the ECU_f as MACx to the Switch_ECU1.
The ASIC 73 transmits an Ethernet frame using the header including the MAC address and IP address of the communication frame and the frame analysis result (FID) as a payload to the microcomputer 72 via the MII (FIG. 17, S9; NO).
The microcomputer 73 refers to the routing table 74 and recognizes that the destination MAC setting value: MACf corresponding to the destination IP address “192.168.3.2/24” is changed to the destination MAC: MACf and the source MAC: MACx. (S35) The frame instruction register write value is added to the header and returned to the ASIC 73 (S36).
The ASIC 73 replaces the header of the communication frame (ECU_c → ECU1 frame), regenerates the FCS, and transmits it to the ECU_f via the Switch_ECU2.

As described above, according to the fifth embodiment, when the microcomputer 72 refers to the table 74 for layer 3 routing and receives the header and the header analysis result (FID) from the ASIC 73, the destination included in the analysis result. If the MAC address is addressed to itself, the destination MAC address and source MAC address included in the header are converted with reference to the table 74, and the header with the converted MAC address is transmitted to the ASIC 73. The ASIC 73 includes a register 77 for storing the header, and the read control unit 76 transmits a communication frame to the terminal device whose destination is the MAC address. Therefore, layer 3 routing can be performed by software processing of the microcomputer 72.

(Sixth embodiment)
The Ethernet switch device 81 of the sixth embodiment shown in FIG. 19 is configured by an ASIC in which a microcomputer 72 is also mounted on the ASIC 73 of the fifth embodiment.

(Other embodiments)
The header analysis may be performed up to level 3.
The configuration of the frame type analysis unit 18 illustrated in FIG. 2 is an example, and may be appropriately changed according to individual design.
Communication interfaces other than Ethernet need not be limited to SPI.
The fifth and sixth embodiments may be applied to the first, second, or fourth embodiment.
Depending on the number of gates constituting the ASIC, a specification without a tag indicating the frame arrival order may be used. Also, a specification without an FID or a specification without a “hold” setting for communication frame transfer may be used.

Although the present disclosure has been described with reference to the embodiments, it is understood that the present disclosure is not limited to the embodiments and structures. The present disclosure includes various modifications and modifications within the equivalent range. In addition, various combinations and forms, as well as other combinations and forms including only one element, more or less, are within the scope and spirit of the present disclosure.

Claims

A plurality of ports (4) to which a plurality of terminal devices communicating via Ethernet (registered trademark) are connected;
A header information analysis unit (18) for analyzing information up to at least layer 3 with respect to the header of the communication frame transmitted from the terminal device;
An analysis result transmitter (4 (5), 7 (5), 36) for transmitting the analysis result to the microcomputer (2, 52, 62, 72);
A receiving unit (37) for receiving control information generated by the microcomputer based on the result of the analysis;
A transmission control unit (28, 76) for determining whether to transmit the communication frame to a destination terminal device or whether to defer transmission of the communication frame based on control information set in the reception unit; Ethernet switch with.
The Ethernet switch according to claim 1, wherein the header information analysis unit analyzes information up to at least layer 4 with respect to the header.
The microcomputer (52), the transmission unit and the reception unit (4 (5), 7 (5)) both transmit the analysis result and receive the control information via Ethernet. 2. Ethernet switch according to 2.
A communication interface (35, 36) other than Ethernet for communicating with the microcomputer (2, 62),
The Ethernet switch according to claim 1, wherein the transmission unit and the reception unit transmit the analysis result and receive the control information via the communication interface.
Any one of Claim 1 to 4 provided with the header transmission part (4 (5), 7 (5)) which transmits the said header or the said header, and the said analysis result to the said microcomputer (2, 52) via the said Ethernet. The Ethernet switch according to item 1.
The microcomputer (72) includes a table for layer 3 routing. When the header and the header analysis result are received, the microcomputer (72) refers to the table if the destination MAC address included in the header is addressed to itself. The destination MAC address and the source MAC address included in the header are converted, and the header with the converted MAC address is transmitted,
A header register (77) for storing the header;
In the communication frame stored in the frame buffer, the transmission control unit (76) replaces the header with the header stored in the header register, regenerates the FCS (Flame Check Sequence), and generates the communication frame. The Ethernet switch according to claim 1, which transmits the Ethernet switch.