O
`
`United States Patent (19)
`Picazo, Jr. et al.
`
`US005720032A
`Patent Number:
`11
`45 Date of Patent:
`
`5,720,032
`*Feb. 17, 1998
`
`54 NETWORK PACKETSWITCH USING
`SHARED MEMORY FOR REPEATING AND
`BRDGING PACKETSAT MEDIA RATE
`75 Inventors: Jose J. Picazo, Jr., San Jose; Paul
`Kakul Lee, Union City; Robert P.
`e,
`ty; R.
`Zager, San Jose, all of Calif.
`73) Assignee: Compaq Computer Corporation
`*
`Notice:
`The term of this patent shall not extend
`d
`iration date of Pat. No.
`by
`the expiration date or Pat. No
`
`I62
`
`
`
`5,299,195 3/1994 Shah ........................................ 370/462
`5,301,303 4/1994 Abraham et al. ...
`... 395/500
`5,321,695 6/1994 Faulk, Jr. ........
`... 370/401
`5,329,618 7/1994 Moati et al. .....
`395/200.02
`5396.495 3/1995 Moorwood et al.......... 370,408
`5,440,546 8/1995 Bianchini, Jr. et al. .................. 370/60
`5,457,681 10/1995 Gaddis et al. .......
`... 370/56
`5,477,547 12/1995 Sugiyama et al. ........................ 370/85
`5,521,913 5/1996 Gridley .................................. 370,58.2
`Primary Examiner Christopher B. Shin
`Attorney, Agent, or Firm-Jenkens & Gilchrist
`57
`ABSTRACT
`A hub circuit with an integrated bridge circuit carried out in
`software including a switch for bypassing the bridge process
`21 Appl. No.: 790,163
`such that the two bridged networks effectively become one
`1a.
`network. An in-band management process in software is
`22 Filed:
`Jan. 28, 1997
`disclosed which receives and executes networkmanagement
`0
`OAV
`lication D
`R
`commands received as data packets from the LANs coupled
`elated U.S. Application Data
`to the integrated hub?bridge. Also, hardware and software to
`Division of ser, No. 694.491, Aug. 7, 1996, which is a
`implement an isolate mode where data packets which would
`continuation of Ser. No. 498,116, Jul. 5, 1995, which is a
`ordinarily be transferred by the bridge process are not
`continuation-in-part of Ser. No. 881,931, May 12, 1992, Pat.
`transferred except in-band management packets are trans
`No. 5,432,907.
`ferred to the in-band management process regardless of
`... H04J 3/02
`51) Int. Cl...
`which network from which they arrived. Also disclosed, a
`52 U.S. Cl. .................................. 395/2002: 395/20002,
`packet switching machine having shared high-speed
`370/401; 370/351; 370/404
`memory with multiple ports, one port coupled to a plurality
`ield of Search ...........................
`5/200.02, 2002,
`of LAN controller chips coupled to individual LAN seg
`395/200 i.S.", 351
`58 Field of Search
`ments and an Ethernet microprocessor that sets up and
`8-a-w
`s
`manages a receive buffer for storing received packets and
`56)
`References Cited
`transferring pointers thereto to a main processor. The main
`processor is coupled to another port of the memory and
`U.S. PATENT DOCUMENTS
`... 370/
`analyzes received packets for bridging to other LAN seg
`Re. 33.426 11/
`Sugi
`al.
`: ments or forwarding to an SNMP agent. The main micro
`s 3. y: Sgt.
`4715.030 2/1987 Kochet al... 37085
`processor and the Ethernet processor coordinate to manage
`4,825,435 4/1989 Amundsen et al.
`... 370/50
`the utilization of storage locations in the shared memory.
`4901,312 2/1990 Hui et al. .........
`... 370/403
`Another port is coupled to an uplink interface to higher
`4,922,503 5/1990 Leone .......
`... 370/402
`speed backbone media such as FDDI, ATM etc. Speeds up
`4,982400 1/1991 Ebersole ...
`... 3700T
`to media rate are achieved by only moving pointers to
`5,060,228 10/1991 Tsutsui et al.
`32 packets around in memory as opposed to the data of the
`:: A: Erikara".
`39(38.
`packets itself. A double password security feature is also
`5214,646 5/1993 Yac
`... 370402
`implemented in some embodiments to prevent accidental or
`5 251.213 10/1993 Videocket al.
`... 370/403
`intentional tampering with system configuration settings.
`5,264,742 11/1993 Sourgen ...........
`... 307/.465
`5,276,681
`1/1994 Tobagi et al. .......................... 370/229
`
`10 Claims, 13 Drawing Sheets
`
`16
`20-
`22
`
`38
`
`36
`
`g;...E.S.E.Y.,
`
`H-14
`
`is
`
`32
`
`O
`
`12
`
`18
`-24
`-26
`28
`
`30
`
`D D
`
`481,
`
`D, DD D
`S2
`Sist
`O. D. D. D.
`
`70
`
`72
`
`i
`D. D. D. D.
`s
`SS3 N66
`D. D. D.
`
`267
`
`80 52 54
`\D82
`25
`10BASE THUB/BRIDGE
`St:56Nso
`- D, D D
`
`Ex.1020
`CISCO SYSTEMS, INC. / Page 1 of 42
`
`

`

`U.S. Patent
`
`Feb. 17, 1998
`
`Sheet 1 of 13
`
`5,720,032
`
`REDUNDANT P S.
`10
`FORL FIBER OPTIC HUB-12
`CH-14
`
`||
`
`86
`
`1
`-24
`-26
`28
`
`16
`20-
`22-
`
`36
`
`38
`10 BASE THUB/
`SES HEA, BSRUF/34
`WAN INTFC
`BRIDGE/WAN INTFC
`
`32
`
`-
`
`l
`
`l
`
`70
`
`D. D. D. D.
`1.
`
`10 BASE THUB/BRIDGE
`74
`
`72
`
`
`
`-
`
`-62
`D
`6i-
`D. D. D. D.
`E-68
`
`10 BASE THUB/BRIDGE
`6E
`
`30
`10 BASE 2 HUB/BRIDGE
`'O, O, O.3%
`44
`O
`48 4
`6
`80 52 54
`D, DVD 82
`ed1)
`
`10 BASE THUB/BRIDGE
`56N50
`
`66
`
`Ex.1020
`CISCO SYSTEMS, INC. / Page 2 of 42
`
`

`

`U.S. Patent
`
`Feb. 17, 1998
`
`Sheet 2 of 13
`
`5,720,032
`
`90
`
`
`
`106
`AU
`
`LAN
`
`LAN 2
`
`is --
`
`DECODE
`ADR
`114
`GAL
`132 N. 112
`MICROPROCESSORE== - - -116
`l-- 122
`118
`120
`LAN 2
`LAN 2
`INTERFACE | | INTERFACE |
`A
`-
`
`BACKBONE
`PORT
`(LAN2)
`-
`
`sua
`
`-
`
`up to P
`
`-
`
`a
`
`P
`
`DATA
`
`----------------------- -
`
`Ex.1020
`CISCO SYSTEMS, INC. / Page 3 of 42
`
`

`

`U.S. Patent
`
`Feb. 17, 1998
`
`Sheet 3 of 13
`
`5,720,032
`
`264
`
`LAN 2
`CONTROLLER
`(BACKBONE)
`
`BRIDGE
`DATA
`BASE
`
`262
`LAN 1
`CONTROLLER
`(REPEATER)
`
`
`
`
`
`
`
`
`
`
`
`284
`MANAGEMENT
`INPUT OUEUE
`
`280
`REPEATER/
`HUB/BRIDGE IN-BAND
`MANGENEN PROCESS, doNiko ER
`
`
`
`
`
`
`
`CONSOLE
`COMMAND
`PROCESS
`
`282
`
`298
`
`FIG. 4
`
`Ex.1020
`CISCO SYSTEMS, INC. / Page 4 of 42
`
`

`

`U.S. Patent
`
`Feb. 17, 1998
`
`Sheet 4 of 13
`
`5,720,032
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`DISCARD
`PACKET
`
`
`
`562
`
`BRIDGE
`START
`
`GET NEXT
`RECEIVED
`PACKET
`
`ERROR IN
`PACKET
`
`DISCARD
`PACKET
`
`UPDATE BRIDGE
`DATABASE WITH
`SOURCE ADDRESS
`AND NETWORK D
`FROM WHICH
`PACKET CAME
`
`READ DESTINATION
`ADDRESS OF
`PACKET AND LOOK
`FOR THIS ADDRESS
`N BRIDGE DATABASE
`
`IS DESTINATION
`ADDRESS ON SAME
`SIDE OF BRIDGE
`AS SOURCE ADDRESS
`ROM WHICH PACKET
`ORIGINATED?
`
`IS PACKET AN
`INTERNAL HUB
`MANAGEMENT
`PACKET
`
`IS PACKET PROTOCOL
`TYPE A TYPE WHICH
`SHOULD BE FORWARDED
`
`
`
`TO FIG. 5B
`
`PUT PACKET
`HUB MANAGEMENT
`INPUT QUEUE
`
`S PACKET
`GROUP
`ADDRESSED?
`YES
`COPY THE
`PACKET
`
`356
`
`J60
`
`PUT A COPY OF THE
`PACKE IN THE
`MANAGEMENT INPUT
`QUEUE 284
`
`
`
`
`
`
`
`
`
`361
`
`FIG. 5A
`
`Ex.1020
`CISCO SYSTEMS, INC. / Page 5 of 42
`
`

`

`U.S. Patent
`
`Feb. 17, 1998
`
`Sheet 5 of 13
`
`5,720,032
`
`
`
`
`
`
`
`
`
`
`
`
`
`366
`NO/DID PACKET COME
`FROM LAN 1
`YES
`READ POINTER
`ADDRESS FROM LAN 2
`FORWARDING VECTOR
`AND VECTOR PROCESSING
`TO ROUTINE POINTED TO
`
`
`
`BESR
`N 370
`- Mope
`
`
`
`BRIDGE
`
`DISCARD
`PACKET
`
`368
`
`
`
`TO
`BRIDGE
`START
`
`TRANSMIT PACKET
`O LAN 2
`USING LAN 2
`CONTROLER
`
`382
`
`374
`
`
`
`SOLATE
`MODE
`
`92
`
`
`
`
`
`READ POINTER
`ADDRESS FROM LAN 1
`FORWARDNG VECTOR
`AND VECTOR PROCEEDING
`TO ROUTINE POINTED TO
`
`
`
`
`
`BRIDGE OR
`BYPASS
`MODE
`
`398
`
`
`
`DISCARD
`PACKET
`
`390
`
`
`
`TO
`BRIDGE
`START
`
`TRANSMIT PACKET
`TO LAN 1
`USING LAN 1
`CONTROLLER
`
`396
`FIG. 5B
`
`402
`
`Ex.1020
`CISCO SYSTEMS, INC. / Page 6 of 42
`
`

`

`U.S. Patent
`
`Feb. 17, 1998
`
`Sheet 6 of 13
`
`5,720,032
`
`FIG. 6A
`
`8
`
`51 O
`
`
`
`504 DATA 500
`506
`DR RIC 2
`508 NE BUFFER
`
`
`
`5441 LOGIC
`
`45
`
`O B LAN446
`
`I
`
`542
`
`460
`
`490
`
`540
`
`546
`
`580
`
`582
`
`584
`
`586
`
`DECODE
`GATE H
`566 ARRAY
`
`CHIP
`SELECTS
`
`Ex.1020
`CISCO SYSTEMS, INC. / Page 7 of 42
`
`

`

`U.S. Patent
`
`Feb. 17, 1998
`
`Sheet 7 of 13
`
`5,720,032
`
`----826
`---
`--
`uP
`DRAM
`828-E8
`2
`ATM/DD/FAST ETHER
`-IT
`T---
`
`---
`life
`836
`N
`EXPANSION PORT'
`
`822
`
`
`
`DRAM
`TABL
`
`BUS ARBTRATION
`FPGA
`N838
`
`824
`
`806
`
`PROCESSOR
`
`SUPPORT
`PERIPHERALS
`
`. . .
`E BUS
`
`799-1
`
`800
`
`809
`
`807
`
`1
`LCC
`
`|| 1 N805
`# 1
`MAU MEDIA
`
`802
`
`N 820
`
`804
`
`ETHERNET
`PROCESSOR
`
`FIC. 7
`
`Ex.1020
`CISCO SYSTEMS, INC. / Page 8 of 42
`
`

`

`U.S. Patent
`
`Feb. 17, 1998
`
`Sheet 8 of 13
`
`5,720,032
`
`
`
`
`
`
`
`M-F Buffers
`
`
`
`O
`
`Triple Ported
`Stotic Rom 1-8M
`Bandwidth 1 Gbs
`III Naoo
`E bus
`-
`
`Bog
`
`809
`
`807
`
`front
`
`bisplay
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Uplink Module
`FDDI, ATM,
`Fast Ethernet,
`WAN
`
`828
`
`PORT 1
`PORT 2
`PORT 3
`
`SONIC 4- MAU 4-PORT 4
`
`MC68EC040
`Main Processor l 806
`
`PORT 5
`
`PORT 6
`
`PORT 7
`
`PORT 8
`
`SONIC 9
`
`MAU 9
`
`PORT 9
`
`PORT 10
`PORT 11
`
`PORT 12
`
`SONIC 10. MAU o
`MAU 10
`SONIC 11 MAU 11
`
`SONIC 12. MAU 12
`804
`
`MC68EC040
`Ethernet Processor
`
`SCC
`
`CONSOLE
`
`FIG. 8
`
`Ex.1020
`CISCO SYSTEMS, INC. / Page 9 of 42
`
`

`

`U.S. Patent
`
`Feb. 17, 1998
`
`Sheet 9 of 13
`
`5,720,032
`
`- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
`OPERATING SYSTEM
`KERNEL
`
`841
`
`843
`PACKET
`SWITCHING
`
`MANAGEMENT
`QUEUE
`POINTER
`
`ACKET BYTE 1
`PACKE EYE 2
`
`
`
`865
`OUGONG
`MANAGEMENT
`PACKES
`BUFFER
`
`POINTER
`
`DESCRIPTOR
`RINGS
`
`-
`
`Ex.1020
`CISCO SYSTEMS, INC. / Page 10 of 42
`
`

`

`U.S. Patent
`
`Feb. 17, 1998
`
`Sheet 10 of 13
`
`5,720,032
`
`MAN PROCESSOR
`ALOCATES TIME
`SLICE TO PACKET
`SWITCHING TASK
`
`PACKET SWITCHING
`TASK POLS QUEUE
`TO DETERMINE IF ANY
`POINTERS AR STORED
`THERE
`
`IF A POINTER IS
`PRESENT, PACKET
`SWITCHING TASK
`ACCESSES PACKET
`N SHARED MEMORY
`RECEIVE BUFFER
`POINTED TO BY
`POINTER AND
`DETERMINES WHAT TO
`DO WITH PACKET
`
`849
`
`859
`
`LCC COUPLED TO MEDIA
`TO WHICH MACHINE HAVING
`DESTINATION ADDRESS OF
`PACKET IS COUPLED POLLS
`ITS TRANSMIT BUFFER AND
`FINDS POINTER TO
`PACKET THEREIN
`
`851
`
`861
`
`LCC TRANSMITS PACKET
`USING POINTER TO
`RETRIEVE IT
`
`853
`
`863
`
`
`
`IF PACKET SWITCHING TASK
`ACCESSES PACKET POINTED
`TO BY POINTER N QUEUE 810
`AND FINDS MAC LAYER ADDRESS
`LISTING SNMP AGENT AS
`DESTINATION, MOVES POINTER
`TO PACKET MANAGEMENT OUEUE
`
`MAN MICROPROCESSOR
`AWARDS TIMESLCE
`865 TO SNMP AGENT
`
`
`
`SNMP AGENT RUNS AND
`867 STRIPS OFF IP PORTION OF
`PACKET AND EXECUTES
`MANAGEMENT REQUEST
`
`TO
`FIG. 10B
`
`FIG. f OA
`
`855
`
`857
`
`PACKET SWITCHING TASK
`THEN REMOVES POINTER
`FROM QUEUE FOR
`PACKET THAT WAS
`PROCESSED, RETRIEVES
`PACKET AND PROCESSES
`
`IF PACKET NEEDS TO
`BE TRANSMITTED OUT
`ON A DIFFERENT MEDIA
`THAN THE MEDIA UPON
`WHICH THE PACKET
`ARRIVED, THE PACKET
`SWITCHING PROCESS
`PLACES A POINTER
`TO THAT PACKET IN
`APPROPRIATE TRANSMIT
`BUFFER AND UPDATES
`THE PACKET'S REFERENCE
`COUNT
`
`Ex.1020
`CISCO SYSTEMS, INC. / Page 11 of 42
`
`

`

`U.S. Patent
`
`Feb. 17, 1998
`
`Sheet 11 of 13
`
`5,720,032
`
`FROM
`FIG. 10A
`
`
`
`IF NECESSARY, SNMP
`AGENT ASSEMBLES
`REPLY PACKET IN
`BUFFER 866 AND
`PLACES POINTER TO
`PACKET IN APPROPRIATE
`TRANSMIT BUFFER
`
`869
`
`MAN PROCESSOR
`ALOCATES TIME SLOT
`TO CONSOLE PROCESS
`
`883
`
`CONSOLE PROCESS CARRIES
`OUT ANY NECESSARY
`COMMAND AND CONTROL
`PROCESSING
`
`885
`
`FIG. 1 OB
`
`Ex.1020
`CISCO SYSTEMS, INC. / Page 12 of 42
`
`

`

`U.S. Patent
`
`Feb. 17, 1998
`
`Sheet 12 of 13
`
`5,720,032
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`ETHERNET PROCESSOR
`ALLOCATES ADEQUATE
`BLOCK OF MEMORY FOR
`RCW & XMT BUFFERS FORY887
`NUMBER OF LCC'S
`PRESENT
`
`
`
`
`
`
`
`
`
`
`
`
`
`ETHERNET PROCESSOR
`INFORMS LCC'S WHERE
`THEIR RECEIVE AND
`TRANSMIT BUFFERS ARE Nag
`
`
`
`
`
`ETHERNET PROCESSOR
`DETERMINES IF REFERENCE
`COUNT HAS REACHED ZERO
`YES
`ETHERNET PROCESSOR
`WRITES POINTER TO PACKET
`INTO FREE QUEUE
`
`LCC'S BEGIN TO XMIT/RCW
`PACKETS, STORING RCW'D
`PACKETS IN RECEIVE
`BUFFERS AND UPDATING
`STATUS BITS IN
`DESCRIPTOR RINGS
`
`891
`
`
`
`
`
`
`
`ETHERNET PROCESSOR
`MONITORS DESCRIPTOR
`RINGS FOR COMPLETION
`OF SUCCESSFUL PACKET
`RECEPTION AND
`COMPLETION OF PACKET
`TRANSMISSION
`
`WHEN ETHERNET PROCESSOR
`DETERMINES THAT PACKET
`RECEPTION IS COMPLETE,
`WRITES POINTER TO PACKET
`INTO QUEUE OF MAN
`MICROPROCESSOR AND
`CHECKS THE REFERENCE
`COUNT OF ANY
`PACKET WHERE XMIT
`DESCRIPTOR INDICATES
`IT HAS BEEN TRANSMITTED
`
`
`
`895
`
`FIG. 11
`
`Ex.1020
`CISCO SYSTEMS, INC. / Page 13 of 42
`
`

`

`SECRET
`PASSWORD 2
`GATEWAY
`
`954
`
`940
`
`CORRECT
`
`
`
`
`
`SUPERVISOR
`
`
`
`
`
`
`
`SECRET
`pSSWORD CHANGEMEPW
`2
`FUNCTION
`926
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`922
`SECRET
`PASSWORD
`|
`1
`INPUT
`
`
`
`
`
`
`
`U.S. Patent
`
`Feb. 17, 1998
`
`Sheet 13 of 13
`
`5,720,032
`
`
`
`
`
`
`
`
`
`SECRET
`PASSWORD 1
`GATEWAY
`
`CORRECT
`
`924
`NCORRECT
`
`
`
`SYSTEM
`ADMINISTRATOR
`
`MPPW/MASTER PRMLEGE (MPPW)
`INPUT V ALTERATION PASSWORD
`GATEWAY
`
`916
`
`
`
`
`
`INCORRECT
`
`CORRECT
`918
`
`
`
`BLOCK
`ACCESS
`
`920
`
`SET CONFIGURATION
`& PRMLEGES
`ROUTINE OR
`ENTER OPERATIONAL
`ARENA OF SYSTEM
`
`
`
`912
`
`FIG. 12
`
`Ex.1020
`CISCO SYSTEMS, INC. / Page 14 of 42
`
`

`

`20
`
`1.
`NETWORK PACKET SWITCHUSING
`SHARED MEMORY FOR REPEATING AND
`BRIDGING PACKETSAT MEDIARATE
`BACKGROUND OF THE INVENTION
`This application is a division of application Ser. No.
`08/694.491 filed Aug. 7, 1996; which is a continuation of
`application Ser. No. 08/498,116, filed Jul. 5, 1995; which is
`a CIP of application Ser. No. 07/881,931, filed May 12,
`10
`1992, now U.S. Pat. No. 5,432,907. This is a continuation
`in-part of a U.S. patent application entitled, NETWORK
`HUB WITHINTEGRATEDBRIDGE, Ser, No. 07/881,931,
`Filed May 12, 1992 (now allowed). The invention pertains
`to the field of networks for communications between
`computers, and, more specifically, to improvements in hubs
`for such networks.
`Networks serve the purpose of connecting many different
`computers or terminals to each other, host computers,
`printers, file servers etc. so that expensive computing assets,
`programs, files and other data may be shared among many
`users. Communication protocols and standards for networks
`developed quickly to standardize the way in which data
`packets were sent across the data exchange media of the
`network. Several protocols have developed for networks
`including EthernetTM, TokenRingTM, FOIRL and FDDI, the
`latter two being adapted for fiber optic physical media
`carrying the signals.
`The physical media first used on Ethernet were thick
`coaxial cables, and a standard called 10Base5 was developed
`30
`for assuring multi-vendor compatibility between compo
`nents in thick coax, mix and match networks where network
`components from different vendors were used. These thick
`coax lines were bulky, expensive and hard to work with.
`Later, thinner coax Ethernet was developed, and, as an
`alternative to coax, unshielded twisted pair wires were used
`for the physical media. A vendor compatibility standard
`called 10BaseT developed for twisted pair media.
`Networks have their own hardware and software to inter
`face with the physical media that carry the signals, and the
`network software must interface with the operating system
`software. Computers communicate with each other using a
`set of rules called a protocol. A group of protocols, all related
`to the same model are called a protocol suite. To encourage
`open systems, a common model called OSI was developed
`45
`by the International Standards Organization. OSI engen
`dered a protocol suite which allows computers of all sizes
`and capabilities the world over to communicate using a
`common set of rules.
`The OSI model has seven layers of software, each of
`which makes different functionality available to computers
`communicating using this model. Each layer in the model
`deals with specific computer-communication functions.
`The Physical Layer is the lowest layer and specifies the
`rules for transmission of signals across the physical media.
`Hubs, also known as repeaters, have multiple connections to
`this physical media called ports. The purpose of a hub is to
`receive data packets from one port and repeat these packets,
`i.e., retransmit them on every other port connected to the hub
`according to whatever protocol, e.g., Ethernet, etc., which is
`in use.
`The Data Link layer deals with transmission of data
`between devices on the same network. In addition to
`describing how a device accesses the physical media, this
`layer also provides some measure of error detection and
`control. Local Area Network (LAN) technologies such as
`Ethernet, Token Ring and FDDI operate at this layer. Data
`
`50
`
`55
`
`65
`
`5,720,032
`
`15
`
`25
`
`35
`
`2
`link addresses are implemented at this layer, and provide
`each device connected to the network a unique identifier by
`which packets may be sent to it. Bridges, which are devices
`which aid in forwarding data packets from one network
`segment or one network to another, operate at the Data Link
`layer.
`The Network Layer deals with transfer of data between
`devices on different networks. The Network Layer adds the
`notion of network addresses which are specific identifiers for
`each intermediate network between a data source and a
`destination. Routers, which are devices which assist in
`transferring data packets from one network to another,
`operate at the Network Layer.
`The remaining layers, called the higher layers, are the
`Transport Layer, Session Layer, Presentation Layer and
`Application Layer. These layers deal with communication
`between message source and message destination. The
`transport layer manages the transfer of data from a source
`program to a destination program. Process addresses, which
`identify specific "processes”, i.e., computer programs, are
`implemented at this layer. Gateways operate at these higher
`OSI layers.
`Within the OSI model, the user presents data through
`application programs to the highest layer. This data is then
`passed downward through the hierarchy of layers with each
`layer adding addressing and/or control information. When
`the data reaches the physical layer, it is sent to a device.
`Conversely, received data is passed up through the layers
`with each layer stripping address or control information.
`One way to think of a protocol is a common language by
`which computers may communicate, but a more accurate
`way is as a set of rules by which data is communicated
`between identical OSI layers.
`There are other communication protocols beside the OSI
`Model. These include TCP/IP, XNS, IPX, AppleTalk, DEC
`net and SNA. Each of these protocols has its own layer
`model. For example, TCP/IP collapses networkfunctionality
`into only 4 layers, while AppleTalk has 6 layers.
`All network media have a limitation on the maximum
`volume of traffic that may be carried based upon the band
`width imposed by the physical characteristics of the media.
`Ethernet bandwidthis 10 Megabits/second. This acts a limit
`on the traffic volume and can limit the number of computers,
`which may be connected to a single "segment" of a network.
`A segment is section of a network connected to a group of
`machines which may communicate with each other via
`repeater operations without having to traverse a bridge or
`router. Bridges and routers are useful in that they allow
`connections of multiple segments such that more computers
`may communicate with each other than would otherwise be
`possible given the limited bandwidth of the media.
`Each bridge and router requires certain other peripheral
`circuitry to support it such as LAN controllers, a CPU, a
`power supply, a network management process, memory to
`store bridge source and destination address tables and vari
`ous other things like status registers etc. Likewise, repeaters
`require many support circuits many of which are the same
`support circuits needed by bridges and routers. Further,
`bridges, routers and repeaters or hubs require initialization to
`set them up for operations, and they require initial installa
`tion labor to set them up properly to operate in a particular
`network configuration. In addition, each type machine is
`subject to networkmanagement considerations, assuming an
`intelligent hub. An intelligent hub is one which collects
`statistics about traffic flow through its ports, can electroni
`cally turn ports on and off and which provides error correc
`
`Ex.1020
`CISCO SYSTEMS, INC. / Page 15 of 42
`
`

`

`5,720,032
`
`35
`
`40
`
`50
`
`55
`
`25
`
`3
`tion and detection services. Intelligent bridges, routers and
`hubs supply status information upon request from network
`management processes and can respond to network man
`agement commands, such as shut off a particular port.
`In the prior art, bridges and routers were separate circuits
`from hubs and this created needless duplication of many
`peripheral circuits which were common between hubs and
`bridges and which could be shared. This needless duplica
`tion cost more and provided more points of failure. For
`example, if the bridge power supply failed or the CPU
`10
`crashed, all machines on the two network segments on either
`side of the bridge would be cut off from each other.
`Typically, a bridge is connected to a hub by a separate
`local area network segment which itself requires two port
`interface circuits such as LAN controllers and AUT's
`15
`(generic network interfaces) with appropriate port drivers
`adapted for the specific media used for the bridge-hub LAN
`segment. This bridge-hub LAN segment represents an addi
`tional expense, requires management and provides addi
`tional points of failure which could disable the network. An
`20
`intelligent hub coupled to a bridge or router by a separate
`LAN segment then requires three different device addresses
`for management message traffic, and creates more possibil
`ity for a networkfailure in multiplying the number of points
`of possible failure.
`Another drawback of separate bridge/router and hub
`circuits is that bridge/routers do not usually include a mode
`where the bridge/routing function can be bypassed. The
`ability to bypass the bridgefrouting function provides flex
`ibility in network growth as small networks do not need
`bridging functions until the maximum network traffic vol
`ume starts to exceed the available network bandwidth. The
`ability to selectively bypass the bridge/routing function
`gives a network designer the ability to design a small
`network which has a built in capacity to grow larger without
`adding new components and improves the ability to trouble
`shoot the network.
`Integrated hubs and bridges existed as option cards for
`concentrator chassis at the time this patent application was
`filed. One example of such a device is the Penril 2530
`concentrator card with full performance bridging although it
`is not currently known whether this device qualifies as prior
`art because the copyright date of the literature on this device
`is dated the same month as the filing date of the parent of this
`patent application. The Penril Module 2530 10baseT con
`45
`centration and bridging card for the Penril 2500 series
`concentrator combines a hub and bridge which operates at
`all times on the same printed circuitboard. The design of the
`Penril 2500 concentrators were for large networks. The 2530
`card slides into a card slot on the 2500 series concentrator
`which can also service a plurality of such cards. The
`concentrator frame is believed to contain certain shared
`features such as power supply etc. and has a local, internal
`LAN segment that couples all the repeater/bridge cards
`together so that they can send data back and forth between
`them. The repeater on each card can be coupled to up to 25
`machines on the network segment connected to that card and
`the integrated bridge continuously bridges the network seg
`ment coupled to a particular card to the internal LAN
`segment such that a machine coupled to a LAN segment
`coupled to card 1 can send a packet to a machine coupled to
`a LAN segment coupled to card 2 via the bridge on card 1,
`the internal LAN segment of the concentrator, the bridge on
`card 2 and the repeater on card 2. No distributed manage
`ment functionality is integrated on either card 1 or 2. That
`management functionality is placed on a third card which
`resides on a different card slot. If the management card
`
`4
`broke, the repeaters and bridges in cards 1 and 2 could not
`be controlled. Likewise, if the internal LAN broke, user 1
`could not send data to user 2 or vice versa.
`A concentrator structures like the Penril 2500 series is
`designed for large networks since to connect two external
`network segments, two cards are needed each of which can
`service up to 25 user machines. If the network has only 27
`users, such a concentrator represents too big and complex of
`a structure to be affordable and justifiable for such an
`application.
`Another problem with concentrators such as the Penril
`2500 series is their lack of "stackability". The problem is
`this. Suppose a particular building had 3 users on the ground
`floor and a group of 20 heavy users on the 4th floor or
`otherwise spaced away from the 3 users on the ground floor
`by a distance which is just under the maximum 10BaseT
`cable run permitted by the applicable Ethernet specification.
`The use of a concentrator requires that every one of the
`group of 20 users has his own twisted pair running from his
`machine back to the concentrator. The same is true for thick
`and thin coaxial cable installations. Such a configuration can
`be prohibitively expensive because a great deal of wire or
`coax must be used and the expense of installing all that
`wiring through the walls and ceilings can be large. Now
`suppose that the distance to the group of 20 from the
`concentrator is larger than the maximum allowable cable
`run. In such a case, the complex wiring cannot be used, and
`if those users must be able to share resources with the 3 users
`on the first floor, another concentrator must be purchased.
`Concentrators like the Penril are not inexpensive. Typical
`costs today are in the neighborhood of $30,000 for the
`concentrator frame and about $6000 for each card.
`A similar problem arises in large networks in big com
`panies who may, for example, have a branch office in
`another state with only 6 users. If those users must share data
`or resources connected to the network at the parent
`company, they must be on the same network as the users at
`the parent company. With concentrator technology, the 6
`users in the branch office must be connected to the concen
`trator at the parent company by a wide area network (WAN)
`connection. The Penril concentrator 2500 series has a card
`module (the 2540) which implements a WAN interface, but
`the 6 users in the branch office must also have a concentrator
`to plug their WAN interface card into. Therefore, the
`expense of having the tiny 6 user network segment remotely
`located is greater than it needs to be.
`Thus, a need has arisen for an apparatus which can
`perform the functionality of bridges or routers and hubs
`without the aforementioned deficiencies, and which can
`overcome the aforementioned difficulties with concentrator
`technology in smaller networks or large network will small
`satellite networks.
`
`SUMMARY OF THE INVENTION
`According to a broad teaching of the invention, there is
`disclosed herein, inter alia, a packet switching machine
`having shared high-speed memory with multiple ports. One
`port is coupled to a plurality of LAN controller chips each
`of which is coupled to its own media access unit and an
`individual LAN segment. The port coupled to the LAN
`controllers is also coupled to an Ethernet processor that
`serves to set up, manage and monitor a receive buffer having
`enough space to store packets received by all the LAN
`controller chips. The Ethernet process also sets up and
`manages a transmit buffer for each LAN controller chip and
`sets up and monitors a descriptor ring which stores status
`
`Ex.1020
`CISCO SYSTEMS, INC. / Page 16 of 42
`
`

`

`S
`data maintained by the LAN controller chips and pointers to
`the transmit and receive buffer portions of the shared
`memory.
`When a LAN controller receives a packet, the packet is
`stored in the receive buffer in shared memory, and a pointer
`to that packet is written into the receive portion of the
`portion of the descriptor ring devoted to that LAN controller.
`The LAN controller sets a status bit in the receive portion of
`the portion of the descriptor ring that is devoted to that LAN
`controller when packet reception starts indicating that a
`10
`packet is being received. After packet reception is complete
`and error eletection has been done and the packet is deemed
`to be correct, the LAN controller sets another bit in the
`receive portion of the portion of the descriptor ring that is
`devoted to that LAN controller indicating that the packet has
`been correctly received.
`The Ethernet process monitors status bits set in the
`descriptor ring by the LAN controller chips that indicate
`when a packet has been successfully received, and, when
`this event occurs, reads the pointer to the packet from the
`20
`descriptor ring and transfers the pointer to a queue which is
`monitored by a main processor coupled to another port of the
`shared memory. The main processor is coupled to another
`port of the memory and monitors its queue for the presence
`of pointers. When a pointer to a received packet is found, the
`main processor accesses the packet and determines from the
`packet's address data what to do with the packet. If the
`packet is addressed to a machine coupled to the media
`segment of a different LAN controller than the LAN con
`troller that received the packet, the main processor writes a
`30
`pointer to the packet into the transmit buffer of the LAN
`controller coupled to the media segment on which the packet
`is to be transmitted. If the packet is a management packet,
`a pointer to the packet is written into a management queue
`which is monitored by an SNMP agent so as to forward the
`packet to the SNMP agent for processing. The SNMP agent
`and the packet switching tasks are time division multiplexed
`with a console process by an operating system kernel.
`The main microprocessor and the Ethernet processor
`coordinate to manage the utilization of storage locations in
`the shared memory. When the main microprocessor writes a
`pointer to a packet into one or more transmit buffers, it also
`accesses a reference count in a predetermined field in the
`packet stored in the receive buffer and writes a number
`therein indicating the number of LAN controllers that are
`45
`scheduled to transmit the packet. The LAN controllers also
`write status bits into transmit portions of the descriptor
`record in the portion of the descriptor ring devoted to that
`LAN controller. The Ethernet processor monitors the trans
`mit portions of the descriptor ring. When the Ethernet
`50
`processor determines that a status bit for a particular LAN
`controller indicates that the LAN controller has successfully
`transmitted a packet, the Ethernet processor accesses the
`reference count field in the packet and decrements the
`reference count. When the reference count reaches zero, the
`Ethernet processor writes a pointer to the storage location in
`which that packet is stored in the receive buffer into a Free
`Queue indicating that the storage locations currently occu
`pied by the packet are free to be used to store other incoming
`packets.
`Another port of the shared memory is coupled to an uplink
`interface to higher speed backbone media such as FDDI,
`ATM etc. The main microprocessor can forward packets to
`these interfaces by writing pointers into transmit buffers
`dedicated to these interfaces in the shared memory, and
`received packets are written into the receive buffer as if they
`were received by a LAN controller.
`
`35
`
`55
`
`65
`
`5,720,032
`
`15
`
`25
`
`6
`In some embodiments, another port of the shared memory
`is coupled to an expansion interface having another micro
`processor which serves to load share with the Ethernet
`processor and the main processor to achiever higher speed
`operation.
`Speeds up to media rate are achieved by only moving
`pointers to packets around in memory as opposed to the data
`of the packets itself.
`Adouble password security feature is also implemented in
`some embodiments to prevent accidental or intentional
`tampering with system configuration settings.
`BRIEF DESCRIPTION OF THE DRAWINGS
`FIG. 1 is a block diagram of a typical network environ
`ment in which the teaching of the invention find utility.
`FIG. 2 is a block diagram of one embodiment of the
`invention employing the broad concept of integration of a
`bridge with a hub in the same package to share circuitry and
`eliminate points of failure which would exist if the bridge
`and hub were separate circuits.
`FIG. 3 is a block diagram of another embodiment of the
`invention with dual network two transceivers for fault
`tolerance.
`FIG. 4 is a data flow diagram illustrating the three
`software processes that are executed in the preferred
`embodiment, to perform bridging, in-band management a