Network connector operable in bridge mode and bypass mode

Description Submit all comments and votes

BACKGROUND OF THE INVENTION

This is a continuation-in-part of a U.S. patent application entitled, NETWORK HUB WITH INTEGRATED BRIDGE, Ser. No. 07/881,931, filed May 12, 1992 (now allowed). The invention pertains to the field of networks for communications between computers, and, more specifically, to improvements in hubs for such networks.

Networks serve the purpose of connecting many different computers or terminals to each other, host computers, printers, file servers etc. so that expensive computing assets, programs, files and other data may be shared among many users. Communication protocols and standards for networks developed quickly to standardize the way in which data packets were sent across the data exchange media of the network. Several protocols have developed for networks including Ethernet.TM., Token Ring.TM., FOIRL and FDDI, the latter two being adapted for fiber optic physical media carrying the signals.

The physical media first used on Ethernet were thick coaxial cables, and a standard called 10Base5 was developed for assuring multi-vendor compatibility between components in thick coax, mix and match networks where network components from different vendors were used. These thick coax lines were bulky, expensive and hard to work with. Later, thinner coax Ethernet was developed, and, as an alternative to coax, unshielded twisted pair wires were used for the physical media. A vendor compatibility standard called 10BaseT developed for twisted pair media.

Networks have their own hardware and software to interface with the physical media that carry the signals, and the network software must interface with the operating system software. Computers communicate with each other using a set of rules called a protocol. A group of protocols, all related to the same model are called a protocol suite. To encourage open systems, a common model called OSI was developed by the International Standards Organization. OSI engendered a protocol suite which allows computers of all sizes and capabilities the world over to communicate using a common set of rules.

The OSI model has seven layers of software, each of which makes different functionality available to computers communicating using this model. Each layer in the model deals with specific computer-communication functions.

The Physical Layer is the lowest layer and specifies the rules for transmission of signals across the physical media. Hubs, also known as repeaters, have multiple connections to this physical media called ports. The purpose of a hub is to receive data packets from one port and repeat these packets, i.e., retransmit them on every other port connected to the hub according to whatever protocol, e.g., Ethernet, etc., which is in use.

The Data Link layer deals with transmission of data between devices on the same network. In addition to describing how a device accesses the physical media, this layer also provides some measure of error detection and control. Local Area Network (LAN) technologies such as Ethernet, Token Ring and FDDI operate at this layer. Data link addresses are implemented at this layer, and provide each device connected to the network a unique identifier by which packets may be sent to it. Bridges, which are devices which aid in forwarding data packets from one network segment or one network to another, operate at the Data Link layer.

The Network Layer deals with transfer of data between devices on different networks. The Network Layer adds the notion of network addresses which are specific identifiers for each intermediate network between a data source and a destination. Routers, which are devices which assist in transferring data packets from one network to another, operate at the Network Layer.

The remaining layers, called the higher layers, are the Transport Layer, Session Layer, Presentation Layer and Application Layer. These layers deal with communication between message source and message destination. The transport layer manages the transfer of data from a source program to a destination program. Process addresses, which identify specific "processes", i.e., computer programs, are implemented at this layer. Gateways operate at these higher OSI layers.

Within the OSI model, the user presents data through application programs to the highest layer. This data is then passed downward through the hierarchy of layers with each layer adding addressing and/or control information. When the data reaches the physical layer, it is sent to a device.

Conversely, received data is passed up through the layers with.-each layer stripping address or control information.

One way to think of a protocol is a common language by which computers may communicate, but a more accurate way is as a set of rules by which data is communicated between identical OSI layers.

There are other communication protocols beside the OSI Model. These include TCP/IP, XNS, IPX, AppleTalk, DECnet and SNA. Each of these protocols has its own layer model. For example, TCP/IP collapses network functionality into only 4 layers, while AppleTalk has 6 layers.

All network media have a limitation on the maximum volume of traffic that may be carried based upon the bandwidth imposed by the physical characteristics of the media. Ethernet bandwidth is 10 Megabits/second. This acts a limit on the traffic volume and can limit the number of computers, which may be connected to a single "segment" of a network. A segment is section of a network connected to a group of machines which may communicate with each other via repeater operations without having to traverse a bridge or router. Bridges and routers are useful in that they allow connections of multiple segments such that more computers may communicate with each other than would otherwise be possible given the limited bandwidth of the media.

Each bridge and router requires certain other peripheral circuitry to support it such as LAN controllers, a CPU, a power supply, a network management process, memory to store bridge source and destination address tables and various other things like status registers etc. Likewise, repeaters require many support circuits many of which are the same support circuits needed by bridges and routers. Further, bridges, routers and repeaters or hubs require initialization to set them up for operations, and they require initial installation labor to set them up properly to operate in a particular network configuration. In addition, each type machine is subject to network management considerations, assuming an intelligent hub. An intelligent hub is one which collects statistics about traffic flow through its ports, can electronically turn ports on and off and which provides error correction and detection services. Intelligent bridges, routers and hubs supply status information upon request from network management processes and can respond to network management commands, such as shut off a particular port.

In the prior art, bridges and routers were separate circuits from hubs and this created needless duplication of many peripheral circuits which were common between hubs and bridges and which could be shared. This needless duplication cost more and provided more points of failure. For example, if the bridge power supply failed or the CPU crashed, all machines on the two network segments on either side of the bridge would be cut off from each other.

Typically, a bridge is connected to a hub by a separate local area network segment which itself requires two port interface circuits such as LAN controllers and AUI's (generic network interfaces) with appropriate port drivers adapted for the specific media used for the bridge-hub LAN segment. This bridge-hub LAN segment represents an additional expense, requires management and provides additional points of failure which could disable the network. An intelligent hub coupled to a bridge or router by a separate LAN segment then requires three different device addresses for management message traffic, and creates more possibility for a network failure in multiplying the number of points of possible failure.

Another drawback of separate bridge/router and hub circuits is that bridge/routers do not usually include a mode where the bridge/routing function can be bypassed. The ability to bypass the bridge/routing function provides flexibility in network growth as small networks do not need bridging functions until the maximum network traffic volume starts to exceed the available network bandwidth. The ability to selectively bypass the bridge/routing function gives a network designer the ability to design a small network which has a built in capacity to grow larger without adding new components and improves the ability to troubleshoot the network.

Integrated hubs and bridges existed as option cards for concentrator chassis at the time this patent application was filed. One example of such a device is the Penril 2530 concentrator card with full performance bridging although it is not currently known whether this device qualifies as prior art because the copyright date of the literature on this device is dated the same month as the filing date of the parent of this patent application. The Penril Module 2530 10baseT concentration and bridging card for the Penril 2500 series concentrator combines a hub and bridge which operates at all times on the same printed circuit board. The design of the Penril 2500 concentrators were for large networks. The 2530 card slides into a card slot on the 2500 series concentrator which can also service a plurality of such cards. The concentrator frame is believed to contain certain shared features such as power supply etc. and has a local, internal LAN segment that couples all the repeater/bridge cards together so that they can send data back and forth between them. The repeater on each card can be coupled to up to 25 machines on the network segment connected to that card and the integrated bridge continuously bridges the network segment coupled to a particular card to the internal LAN segment such that a machine coupled to a LAN segment coupled to card 1 can send a packet to a machine coupled to a LAN segment coupled to card 2 via the bridge on card 1, the internal LAN segment of the concentrator, the bridge on card 2 and the repeater on card 2. No distributed management functionality is integrated on either card 1 or 2. That management functionality is placed on a third card which resides on a different card slot. If the management card broke, the repeaters and bridges in cards 1 and 2 could not be controlled. Likewise, if the internal LAN broke, user 1 could not send data to user 2 or vice versa.

A concentrator structures like the Penril 2500 series is designed for large networks since to connect two external network segments, two cards are needed each of which can service up to 25 user machines. If the network has only 27 users, such a concentrator represents too big and complex of a structure to be affordable and justifiable for such an application.

Another problem with concentrators such as the Penril 2500 series is their lack of "stackability". The problem is this. Suppose a particular building had 3 users on the ground floor and a group of 20 heavy users on the 4th floor or otherwise spaced away from the 3 users on the ground floor by a distance which is just under the maximum 10BaseT cable run permitted by the applicable Ethernet specification. The use of a concentrator requires that every one of the group of 20 users has his own twisted pair running from his machine back to the concentrator. The same is true for thick and thin coaxial cable installations. Such a configuration can be prohibitively expensive because a great deal of wire or coax must be used and the expense of installing all that wiring through the walls and ceilings can be large. Now suppose that the distance to the group of 20 from the concentrator is larger than the maximum allowable cable run. In such a case, the complex wiring cannot be used, and if those users must be able to share resources with the 3 users on the first floor, another concentrator must be purchased. Concentrators like the Penril are not inexpensive. Typical costs today are in the neighborhood of $30,000 for the concentrator frame and about $6000 for each card.

A similar problem arises in large networks in big companies who may, for example, have a branch office in another state with only 6 users. If those users must share data or resources connected to the network at the parent company, they must be on the same network as the users at the parent company. With concentrator technology, the 6 users in the branch office must be connected to the concentrator at the parent company by a wide area network (WAN) connection. The Penril concentrator 2500 series has a card module (the 2540) which implements a WAN interface, but the 6 users in the branch office must also have a concentrator to plug their WAN interface card into. Therefore, the expense of having the tiny 6 user network segment remotely located is greater than it needs to be.

Thus, a need has arisen for an apparatus which can perform the functionality of bridges or routers and hubs without the aforementioned deficiencies, and which can overcome the aforementioned difficulties with concentrator technology in smaller networks or large network will small satellite networks.

SUMMARY OF THE INVENTION

According to a broad teaching of the invention, there is disclosed herein, inter alia, a packet switching machine having shared high-speed memory with multiple ports. One port is coupled to a plurality of LAN controller chips each of which is coupled to its own media access unit and an individual LAN segment. The port coupled to the LAN controllers is also coupled to an Ethernet processor that serves to set up, manage and monitor a receive buffer having enough space to store packets received by all the LAN controller chips. The Ethernet process also sets up and manages a transmit buffer for each LAN controller chip and sets up and monitors a descriptor ring which stores status data maintained by the LAN controller chips and pointers to the transmit and receive buffer portions of the shared memory.

When a LAN controller receives a packet, the packet is stored in the receive buffer in shared memory, and a pointer to that packet is written into the receive portion of the portion of the descriptor ring devoted to that LAN controller. The LAN controller sets a status bit in the receive portion of the portion of the descriptor ring that is devoted to that LAN controller when packet reception starts indicating that a packet is being received. After packet reception is complete and error detection has been done and the packet is deemed to be correct, the LAN controller sets another bit in the receive portion of the portion of the descriptor ring that is devoted to that LAN controller indicating that the packet has been correctly received.

The Ethernet process monitors status bits set in the descriptor ring by the LAN controller chips that indicate when a packet has been successfully received, and, when this event occurs, reads the pointer to the packet from the descriptor ring and transfers the pointer to a queue which is monitored by a main processor coupled to another port of the shared memory. The main processor is coupled to another port of the memory and monitors its queue for the presence of pointers. When a pointer to a received packet is found, the main processor accesses the packet and determines from the packet's address data what to do with the packet. If the packet is addressed to a machine coupled to the media segment of a different LAN controller than the LAN controller that received the packet, the main processor writes a pointer to the packet into the transmit buffer of the LAN controller coupled to the media segment on which the packet is to be transmitted. If the packet is a management packet, a pointer to the packet is written into a management queue which is monitored by an SNMP agent so as to forward the packet to the SNMP agent for processing. The SNMP agent and the packet switching tasks are time division multiplexed with a console process by an operating system kernel.

The main microprocessor and the Ethernet processor coordinate to manage the utilization of storage locations in the shared memory. When the main microprocessor writes a pointer to a packet into one or more transmit buffers, it also accesses a reference count in a predetermined field in the packet stored in the receive buffer and writes a number therein indicating the number of LAN controllers that are scheduled to transmit the packet. The LAN controllers also write status bits into transmit portions of the descriptor record in the portion of the descriptor ring devoted to that LAN controller. The Ethernet processor monitors the transmit portions of the descriptor ring. When the Ethernet processor determines that a status bit for a particular LAN controller indicates that the LAN controller has successfully transmitted a packet, the Ethernet processor accesses the reference count field in the packet and decrements the reference count. When the reference count reaches zero, the Ethernet processor writes a pointer to the storage location in which that packet is stored in the receive buffer into a Free Queue indicating that the storage locations currently occupied by the packet are free to be used to store other incoming packets.

Another port of the shared memory is coupled to an uplink interface to higher speed backbone media such as FDDI, ATM etc. The main microprocessor can forward packets to these interfaces by writing pointers into transmit buffers dedicated to these interfaces in the shared memory, and received packets are written into the receive buffer as if they were received by a LAN controller.

In some embodiments, another port of the shared memory is coupled to an expansion interface having another microprocessor which serves to load share with the Ethernet processor and the main processor to achiever higher speed operation.

Speeds up to media rate are achieved by only moving pointers to packets around in memory as opposed to the data of the packets itself.

A double password security feature is also implemented in some embodiments to prevent accidental or intentional tampering with system configuration settings.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of a typical network environment in which the teachings of the invention find utility.

FIG. 2 is a block diagram of one embodiment of the invention employing the broad concept of integration of a bridge with a hub in the same package to share circuitry and eliminate points of failure which would exist if the bridge and hub were separate circuits.

FIG. 3 is a block diagram of another embodiment of the invention with dual network two transceivers for fault tolerance.

FIG. 4 is a data flow diagram illustrating the three software processes that are executed in the preferred embodiment, to perform bridging, in-band management and out-of-band management functions.

FIGS. 5A and 5B are a flow diagram of the processing of the bridge process illustrating operation of the forwarding vectors.

FIGS. 6A and 6B are a block diagram of the circuitry of the preferred embodiment.

FIG. 7 is a block diagram illustrating an embodiment of a packet switching network hub.

FIG. 8 is a block diagram illustrating a species of machines built in accordance with and operating in accordance with the present invention.

FIG. 9 is a block diagram illustrating the process carried out according to the present invention.

FIG. 10a is a more detailed block diagram illustrating the operation of FIG. 9.

FIG. 10b is a block diagram illustrating the process carried out by the main microprocessor of FIG. 9.

FIG. 11 is a block diagram illustrating a flow chart of the process carried out by the Ethernet processor of FIG. 9.

FIG. 12 is a block diagram illustrating an embodiment of the present invention utilizing a dual password security arrangement.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

Referring to FIG. 1 there is shown a typical network installation in which the teachings of the invention find use. A redundant power supply 10 supplies a fiber optic hub 12 which has a plurality of fiber optic ports indicated generally at 14. Each of these ports is connected to a fiber optic physical data transmission media via a port driver circuit not shown. Each of the fiber optic media is indicated by a line with three slash marks through it. These media are coupled to mainframe computers 16 and 18, laser printer 20 and three personal computers 22, 24 and 26. Data transmitted to the fiber optic hub 12 by any of the computers is automatically repeated by repeater circuitry in the hub on all the other ports using the FOIRL Ethernet standard.

The fiber optic hub 12 is connected via a backbone port connection 28 to a 10Base2 hub with integrated bridge 30. The fiber optic hub also has another port serving as a backbone connection 32 to a 10BaseT hub 34 with integrated high performance bridge/router and wide area network (WAN) interface 36. The wide area network interface can span great distances. In the example shown, the wide area network interface 36 couples the 10BaseT hub 34 to another 10BaseT hub 38 with an integrated high performance bridge and wide area network interface. The hub with integrated bridge represents a significant advantage in that the presence of bridges and routers in complex, high volume networks provides segmentation of the network so as to maximize use of the media by allowing maximum traffic volume, i.e., volume at media rate, e.g., 10 megabits/second for Ethernet, on more segments of the network without violating the maximum Ethernet specification limit of 4 repeaters between devices. Since bridges and repeaters require many of the same support circuits, it is advantageous to combine a bridge and a hub into the same circuit so as to share these support circuits. Such a combined hub/bridge reduces the cost, complexity and points of failure. Such a combined circuit also eliminates the bridge to hub LAN segment where the bridge and hub are separate. This also eliminates the IP address of this segment and all management burden thereof.

Coupling of portions of a LAN by a bridge also allows the segments on opposite sides of the bridge to use different communication protocols.

Also, in some embodiments, the bridge can be a router, and any known routing or bridging process is within the teachings of the invention.

Another advantage of a combined hub and bridge is the stackability of the architecture as compared to concentrators like those manufactured by Penril. When a user is out of card slots in a concentrator, that user will have to buy an entirely new concentrator (concentrators are very expensive) even if there is only one small group of users who cannot fit into the the repeater cards on the first concentrator. Another disadvantage of concentrators with bridge cards, repeater cards and management cards, is that the management is not integrated. If the management card fails, the bridge and repeater cards are not manageable.

The 10Base2 hub 30 is connected to a number of computers of which computers 40 and 42 are typical. These connections are via coaxial line segments 44 and 46. Coaxial connections are shown in FIG. 1 by lines with two slash marks through them. The 10Base2 hub 30 is also connected via a coaxial backbone connection 48 to a 10BaseT hub with integrated bridge 50.

The 10BaseT hub 50 is connected via a plurality of repeater ports 56 to a plurality of computers of which computers 52 and 54 are typical. Any data packet entering the hub 50 from any one of the ports is automatically repeated on all the other repeater ports 56. The same type of repeating operation is carried out automatically by all of hubs 12, 30, 34, 38, 66 and 72.

A 10BaseT hub uses a physical layer communication protocol which is appropriate for a twisted pair of physical media. Twisted pair connections are shown in FIG. 1 by lines with single slashes through them. A 10Base2 hub repeats data packets on its ports using a physical layer protocol appropriate to coaxial cable.

The 10BaseT hub 34 has a plurality of repeater ports connected to a plurality of computers of which device 62 is typical. Hub 34 also has a twisted pair port connection 64 to another 10BaseT hub 66 which has an integrated bridge. Connection 64 is a backbone connection for hub 66. Hub 66 is connected to a plurality of computers of which computer 67 is typical via repeater ports 68.

Likewise, hub 34 is connected via a twisted pair port connection 70 to the backbone port of another 10BaseT hub with integrated bridge 72. The hub/bridge 72 is connected to a plurality of computers via repeater ports 74.

As an example of how the integrated hub bridge circuits in FIG. 1 work, consider the following hypothetical data exchange transactions. Suppose that computer 52 wishes to send a data packet to computer 54. In this example, the data packet would enter the 10BaseT hub/bridge 50 via twisted pair line 80 and would be automatically repeated on all the repeater ports 56 including twisted pair line 82. Computer 54 would receive the packet as would all the other computers connected to hub/bridge 50. However, the packet would have a destination address indicating device 54 was the intended recipient such that other computers connected to the hub/bridge 50 would discard the packet.

In the preceding example, the bridge function in hub/bridge 50 would examine the destination address of the packet arriving via twisted pair 80 and check a forwarding table of network addresses which contains entries for various network addresses indicating whether those addresses are on network 1 or network 2. In the bridge mode of operation for hub/bridge 50, all of the repeater ports 56 are considered to be network 1 and the backbone connection 48 is considered to be network 2. The bridging function, in the preferred embodiment, is a learning bridge which builds the forwarding table as data packets arrive at the bridge from each source address. The bridging function knows which network a packet came from, and will make an entry in its table associating each source address with the network from which it came. Assuming that computer 54 had already sent a packet somewhere else, the bridging function would know that computer 54 was connected to network 1 and therefore would not forward the packet received from computer 52 to the network 2 via backbone connection 48. However, in the situation where computer 54 had not previously sent a packet, the bridging function in hub/bridge 50 would assume that computer 54 was connected to network 2, and would forward the packet to network 2 via backbone connection 48. However, since the packet would be automatically repeated on all repeater ports 56 anyway, computer 54 would still receive the packet via its repeater port even though the packet was also forwarded to network 2. Since computer 54 would send an acknowledgment message acknowledging receipt of the packet, the bridge function in hub/bridge 50 would then make an entry in its table indicating that computer 54 was coupled to network 1. Thereafter, further packets destined for computer 54 would not be forwarded by the bridge in hub/bridge 50 on the backbone 48.

Now suppose computer 52 wishes to send a packet to computer 42. In this case, the bridge function in hub/bridge 50 would not find an entry for computer 42 and would forward the packet received from network I via twisted pair 80 out on the coaxial backbone connection 48.

The backbone connection 48 for hub/bridge 50 is connected to a repeater port of 10Base2 hub/bridge 30. Therefore the packet arriving on coaxial line 48 is automatically repeated on coaxial lines 44 and 46, and would therefore arrive at computer 42.

To change the hypothetical slightly, suppose computer 52 wanted to send a packet to computer 26 connected to fiber optic hub 12. In this case, the bridging functions in hub/bridge 30 would read the destination address and may or may not find an entry for computer 26. In either eventuality, the bridge 30 would forward the packet received on coaxial line 48 out on fiber optic backbone connection 28. This backbone connection 28 is connected to one of the repeater ports of the fiber optic hub 12 and therefore would be repeated on all other repeater ports 14 thereof. In this manner the packet would be transmitted out on the repeater port connected to fiber optic media 86 and would arrive computer 26.

One of the advantages of integration of the hubs and bridges in the sample network of FIG. 1 is that it substantially reduces the cost of the network. This is, in par