WO2011067407A1 - Distributed processing of data frames by multiple adapters - Google Patents

Distributed processing of data frames by multiple adapters Download PDF

Info

Publication number
WO2011067407A1
WO2011067407A1 PCT/EP2010/068963 EP2010068963W WO2011067407A1 WO 2011067407 A1 WO2011067407 A1 WO 2011067407A1 EP 2010068963 W EP2010068963 W EP 2010068963W WO 2011067407 A1 WO2011067407 A1 WO 2011067407A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
analyzing
data packet
packet
predetermined
Prior art date
Application number
PCT/EP2010/068963
Other languages
French (fr)
Inventor
Alex Omø AGERHOLM
Jens Christophersen
Original Assignee
Napatech A/S
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Napatech A/S filed Critical Napatech A/S
Publication of WO2011067407A1 publication Critical patent/WO2011067407A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/18Protocol analysers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/026Capturing of monitoring data using flow identification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2441Traffic characterised by specific attributes, e.g. priority or QoS relying on flow classification, e.g. using integrated services [IntServ]

Definitions

  • the present invention relates to a manner of dividing the analysis of data packets between analyzing elements.
  • the invention relates to an apparatus for analyzing a plurality of data packets each being transmitted from one computer and addressed to one or more other computers, the apparatus comprising an output data bus and a plurality of analyzing elements and means for providing each data packet to each of the analyzing elements, wherein each analyzing element comprises: first means for receiving and analyzing a data packet and for deriving data from the data packet,
  • the determining means of one of the analyzing elements is adapted to instruct the pertaining processing element to process the received data packet and the determining means of all other analyzing elements are adapted to discard the data packet.
  • the apparatus may be a single assembly of the individual elements or may have such elements distributed in space or separated and interconnected using any type of data transfer, wired or wireless.
  • the data packets are each being transmitted from one computer and addressed to one or more other computers.
  • the present apparatus does not form part of any of the computers and simply derives or accesses the data packets from one or more data connections transporting the data packets from the transmitter(s) to the receiver(s).
  • a data packet may be any type of a data unit to be transmitted on or transported by a network, data cable, data bus, trunk, or the like.
  • a data unit conforms to one or more data standards, such as the Ethernet standard being an umbrella under which a number of different standards or data packet types exist, such as UDP and TCP data packets.
  • a data packet usually has a number of different information items or types, such as address data, payload or the like, which are each positioned at well defined or known positions within the data packet. Such positions and types will typically differ from data packet type to data packet type, but usually, the data packet type, and thus the positions of individual contents thereof, may be determined from the actual data packet, where after the individual data items, such as address data and/or payload, may be derived, altered, and/or used in the analysis/processing.
  • Analyzing a data packet may take place to e.g. derive any type of data from and/or relating to the data packet. This may be data/information directly copied or read from the data packet or may be data relating to e.g. a type of data packet or a standard to which the data packet conforms.
  • the type or standard may be derived directly from the data packet, such as when a particular data item of the packet identifies the type/standard, or may be derived from data derived from the data packet, such as on the basis of recognition of types and positions of data items of the data packet and subsequently determination of type(s) or standard(s) of data packet in which such data may be found at such position(s) .
  • the analysis may aim to determine whether the data packet relates to a stream of data packets.
  • Data may be derived so that data packets of a single stream have the same data derived, whereas data packets of other streams have other data derived.
  • a stream of data packets normally is a sequence of data packets transmitted from a single transmitter to one or more receivers. These data packets relate to e.g. a single file or the like transmitted in smaller portions, being the payload of the packets. The transmitter and receiver, or any intermediate network elements, will usually then have addresses also represented in the packet. In addition, other stream identifying information may be present in the data packet, depending on the individual data packet standard.
  • a stream may be identified on the basis of e.g. the addresses and/or the stream identifying information, whereby, if used consistently, the same information may be derived, and any subsequent process may identify the stream merely from the derived information.
  • the present apparatus comprises a plurality of analyzing elements. Any number of analyzing elements, such as 2, 3, 4, 5, 6, 7, 8, 10, 15, 20 or more analyzing elements may be provided.
  • the analyzing elements may all be identical or similar, such as adapted to process a data packet in the same manner, or different analyzing elements or groups thereof may have different capabilities and thus process data packets differently or be adapted to only process certain types of data packets and not others.
  • any number of analyzing elements may be provided or realized as a single electronic circuit or in a single piece of hardware, such as a single PCB, a single FPGA, processor or the like.
  • the analyzing elements may be physically separate elements interconnected, so as to communicate via wires or wirelessly, during operation but where one or more analyzing elements may be replaced, added or removed to alter the operation or capabilities of the apparatus.
  • the individual means of the analyzing may be obtained or shaped as individual elements, such as processors, software controlled or hardwired, FPGAs, special purpose circuits, ASICS or the like. Alternatively, multiple such means may be combined into a single such processor or the like.
  • the means for providing each data packet to each of the analyzing elements may be any type of element, such as a data splitter, hub, switch, optical splitter, or the like.
  • a number of data packets are sequentially provided to each analyzing element so that each packet is at least substantially simultaneously provided to each analyzing element.
  • the first means may thus derive any type of data, such as data particular to a stream of data packets.
  • the first means may actually receive and/or store the data or data packet.
  • the data packet may be received or stored at another position or in an apparatus with which the present apparatus communicates, whereby the data of the data packet is accessed remotely by reading the data while stored in the other apparatus.
  • the latter will usually provide a slower processing, as the data packet is accessed remotely.
  • the processing of the data packet may be as the above analysis thereof. Usually, the processing is a more complex analysis and may be performed on more parts of the data packet, but usually, the processing is performed on parts of the data packet.
  • the determining means determine, on the basis of the derived data, whether to have the processing means to process the received data packet or not. Not processing the data packet may be to discard the data packet or simply not forward this.
  • a type of data packet may be a protocol or standard to which the data packet conforms. This is determinable from contents of the data packet.
  • this may be the situation for all types of data packets or some types of data packets. It may be desired, for certain types of data packets, that more than a single processing element processes the data packet. This may be the situation where the processing elements have different capabilities and perform different analysis, or where a "second opinion" is desired. For certain types of data packets, it may also be desired that no processing elements analyze the data packet.
  • the analyzing element analyzing a data packet outputs data relating to the data packet on the output bus.
  • the data output may be the data packet or part thereof.
  • other data may be output which may be derived during the analysis thereof, such as data relating to a sender/receiver of the data packet, a stream to which the data packet belongs or the like.
  • the output data bus is common to all analyzers and may be used for transporting the data to a storage (monolithic or divided on different storing media) and/or one or more processors performing further analysis or the like of the data.
  • the common output data bus may also be used for outputting the data packets again if desired.
  • the output data bus may have any structure, such as a ring or star configuration or using wireless
  • the first means of all analyzing elements are adapted to derive identical data from any data packet, or at least the one type of data packet, and the determining means are each adapted to compare the derived data, or data relating thereto, to predetermined data and instruct the processing means to process the received data packet, if a correspondence is determined between the predetermined data and the derived data, where the predetermined data of each analyzing means are different.
  • all analyzing elements will, for each data packet, derive the same information and compare this to the predetermined data which then is different for different analyzing elements.
  • the data derived from different data packets will be different, at least for data packets of different types or different flows.
  • This data is used for determining which analyzing element or processing means processes the data packet. It may be desired that all data packets of a flow or stream are handled by the same processing means in order to maintain an ordering or sequence thereof.
  • different processing means may have different capabilities, and the data may then be used for identifying different types of data packets and ensure that the correct processing means processes the correct data packets.
  • the determining means may operate on the actual derived data or data relating thereto. This relating data may be calculated on the basis of the derived data or may be derived from a storage or table, such as a Look-Up Table, using the derived data as a look-up address.
  • the predetermined data of the analyzing means is one of a plurality of predetermined information items, such as numbers, the predetermined data of each analyzing means being one of the plurality of information items, and the information items of each analysis means being different.
  • the information items of the analysis means are used for programming each analysis means to perform analysis of certain data packets, types of data packets, streams of data packets or the like, depending on the type of data derived from the data packets.
  • the processing results in the deriving or selection of one of the information items, depending on the outcome of the processing, such as a determined type, stream, or the like of the data packet.
  • the apparatus further comprises a data storing means and data transfer elements adapted to transfer data from the data storing means to the determining means of each of the analyzing elements, wherein the predetermined data is stored in the storing means.
  • the apparatus may be quite simply managed by managing the contents of the storing means.
  • the operation, i.e. which analyzing means process which data packets, may be controlled from this storing means.
  • This embodiment may be expanded in that the analyzing elements may be able to, under all circumstances, derive predetermined information from the data storing means and use this predetermined information even in the situation where the first means are not adapted to derive identical data from the same data packet. However, this latter situation makes controlling the process more complex in that the predetermined information now has to take the analysis of the individual first means into account.
  • Another aspect of the invention relates to an analyzing element for use in the apparatus according to the first aspect of the invention, the analyzing element comprising means for accessing predetermined data, wherein the determining means are adapted to compare the derived data, or data relating thereto, to the predetermined data and discard or forward the data to an output data bus depending on a result of the comparison.
  • the predetermined data of this analyzing element need not be provided on or at the analyzing element but may be provided in a storing means available to multiple analyzing elements.
  • This data transfer may be handled using any type of data transfer, wired or wireless.
  • Another aspect of the invention relates to a plurality of analyzing elements according to the second aspect of the invention, wherein : the first means of all analyzing elements are adapted to derive identical data from identical data packets, and the determining means are each adapted to compare the derived data, or data relating thereto, to predetermined data and instruct the processing means to process the received data packet, if a correspondence is determined between the predetermined data and the derived data, where the predetermined data of each analyzing means are different.
  • This correspondence may be any type of correspondence, such as identity between the data, or any mathematical relation, usually predetermined.
  • a fourth aspect of the invention relates to a method of operating the apparatus according to the first aspect of the invention, the method comprising the steps of: receiving a data packet in each of the first means, deriving, in each of the first means, data from the data packet, on the basis of the derived data, instructing, in one of the determining means, the processing means to process the received data packet, on the basis of the derived data, discarding, in all other determining means, the data packet, and processing the received data packet in the instructed processing means and subsequently outputting data relating to the processed data packet on the output data bus.
  • the receiving of a data packet preferably means that this data packet is received at least substantially simultaneously in each of the first means.
  • the instructing step may be a forwarding of the data packet, or parts thereof, to the processing means or may be the forwarding of an instruction, typically in a situation where the processing means is able to address the data packet or part thereof from another source or position.
  • the discarding may simply be not forwarding the data packet.
  • packets are provided in a storage and then subsequently overwritten.
  • the deriving step comprises deriving in all first means, identical data relating to the data packet,
  • the instructing step comprising comparing the derived data, or data relating thereto, to predetermined data and determining a correspondence between the predetermined data and the derived data or the data relating thereto, and
  • the discarding step comprises comparing the derived data, or data relating thereto, to predetermined data and determining no correspondence between the predetermined data and the derived data or the data relating thereto,
  • the predetermined data of the analyzing means is a plurality of information items, such as numbers, the predetermined data of each analyzing means being one of the plurality of information items, and the information items of each analysis means being different.
  • the discarding and instructing steps comprise accessing the predetermined data in a common data storage.
  • figure 1 illustrates a first embodiment according to the invention
  • figure 2 illustrates a frame analysis portion of the embodiment of figure 1
  • figure 3 illustrates a hash type selection portion of the embodiment of figure 1
  • figure 4 illustrates a hash key generation portion of the embodiment of figure 1
  • figure 5 illustrates a first manner of selecting a part of a hash key
  • figure 6 illustrates a second manner of selecting a part of a hash key.
  • Figure 1 illustrates an embodiment 10 comprising a number of adapters or individual analyzers 12 each adapted to receive data frames or packages, analyze these and forward at least part thereof, preferably accompanied with data derived from the analysis.
  • a system of this type may be a data storage or data traffic surveillance system receiving a large amount of data, in the form of data packets, on a link or from a network 14, which data is to be processed by one or more subsequent processes or processors (not illustrated).
  • processors not illustrated
  • a plurality of processors is provided when a single processor does not suffice.
  • a further processing of the data packets is usually performed in order to determine the further analysis, transmission, storage, altering of the data packet, or whatever the result of the final processing may be.
  • the processors may be used for analyzing the data traffic, for storing the data and/or for transmitting the data to other network elements, computers or the like, depending on the result of the processing in the processors.
  • the overall function of the system is to process data packets and in particular streams of data packets.
  • a stream of data packets is interchanged.
  • This stream may be a file transfer or an interchange of audio/video, such as Voice over IP.
  • a stream is a sequence of data packets which are similar, and the belonging of a data packet to a stream is determinable, and it is desired that all data packets of a stream are handled by the same subsequent process or processor.
  • the present embodiment aims at providing a set-up in which multiple adapters 12 divide the task of analyzing the frames/packages.
  • an advantage is obtained by forwarding all data packets of the same stream to the same processor/process, and/or handling all packets of the same stream in the same adapter 12, whereby it is avoided that individual data packets of a stream overtake others, so that e.g. a VoIP stream is interrupted or corrupted due to e.g. a delay in one
  • processor/adapter 12 In another situation, an advantage is seen when the processors or adapters 12 have different properties or capabilities, and then are adapted to process different types of data packets. Different processors or adapters 12 may have different capabilities or programming if desired, so that data packets of different types should be forwarded to different processors or handled by different adapters 12.
  • the loading of the processors or of the processing of the adapters 12 may be balanced by allocating streams to processors/adapters 12 depending on the loading of the
  • the adapters 12 preferably are adapted to perform the same processing.
  • the adapters 12 receive data frames from the network 14, such as the WWW, a trunk or network of any suitable type.
  • Each adapter 12 receives all frames, as these are received from the network 14 by a splitter 16 adapted to forward all data frames received from the network 14 to all adapters 12.
  • all adapters are identical and each comprises a so-called PHY 22, which is an element adapted to receive data frames from a network or data cable and convert these to a standard usually used on data busses on e.g. computers.
  • the data frames output by the PHY 22 are firstly received by a frame analysis circuit 24 which is described in detail in relation to figure 2.
  • This analysis circuit 24 outputs information specific for each data frame to a hash key generation circuit 26 described in detail in relation to figures 3 and 4.
  • Data relating to the generated hash key is forwarded to a frame selection circuit 28 which determines whether the frame is to be analyzed further in this particular adapter 12.
  • the frame is analyzed in a frame processing pipeline or processor 30 and is further forwarded to a transfer unit 32 which forwards at least part of the analyzed frame and potentially data derived during the hash key generation, frame selection and/or the frame processing/analysis to e.g. a subsequent device/processor. If the frame selection circuit 28 determines that the frame is not to be analyzed, the frame may be dropped or discarded.
  • the output of the individual adapter 12 are output on a common data bus 32 to e.g. a subsequent store, processor(s) or the like.
  • all adapters 12 may have the same functionality, whereas advantages may alternatively be seen in the other situation in that adapters 12 may have different functionalities each adapted to the receiver of the individual adapter 12.
  • the processing in the adapters may be a pre-processing, in order to avoid having to perform the full data packet processing of the data packets in the subsequent processor. Then, the result of the pre-processing performed in the analyzers or adapters 12 is preferably forwarded, over the output data bus 34 to such processors together with the data packet or relevant parts thereof.
  • the adapters 12 are not identical but are each adapted to analyze and output (at least part of) data frames of a particular type.
  • the processor 30 of the adapters 12 may not be identical and may have different capabilities (software controlled or coded in hardware).
  • each adapter 12 may forward the data output, via the bus 34, to a specific processor or process, such that different adapters 12 output data to different processors/processes, as is explained above.
  • the adapters 12 may have identical operation and simply share a workload and output the data to the common data bus 34 from which the subsequent
  • processor(s)/process(es) derive(s) the data.
  • the determination made in the frame selection circuit 28 of whether to analyze the frame further in the pertaining adapter 12 or not is made on the basis of information derived from the actual frame.
  • an incoming data frame is analyzed in all adapters 12 in order to determine its type. This type is determined on the basis of the standard to which the pertaining frame conforms. Such standards define types of information to be provided in the frames as well as positions therein of such information. This information is derived by the frame analysis circuit.
  • This determination may be made in a number of manners. A particularly interesting manner is described below. This manner has the advantage that it is ensured that all data frames of a stream are provided the same identifier and thus processed by the same processor 30.
  • a hash type is selected.
  • a hash function merely is one
  • This hash type is determined by a hash type selector 26', of the circuit 26, on the basis of data derived from the frame analysis circuit 24. From figure 2, it is seen that data is derived as to whether the frame is VLAN tagged and/or MPLS tagged as well as of which type the frame is (L2, L3, etc), and this data is output to the hash type selector 26' which, on the basis thereof determines a hash type.
  • the hash type is determined based on a look-up table (not illustrated) provided therein. A selection of hash key depending on the frame type may be seen in Applicants co-pending application with application No. US61/242,567.
  • a Dynamic Field Extractor 26" of the circuit 26 extracts relevant data from the particular data frame.
  • This data is address data, for example, which may be identified from knowledge of which standard the individual data frame conforms to.
  • a hash key generator 26"' From this data and the determined hash type from the selector 26', a hash key generator 26"' generates a hash key by performing the hash function on the data derived.
  • the resulting value hereafter called a hash key, is particular to the frame or at least a type thereof. As described in Applicants co-pending application with application No. US61/242,567, this hash key preferably is the same for all frames of a stream, and different streams preferably have different hash keys.
  • the generated hash key is used by the frame selection circuit 28 for determining whether this particular frame is to be processed by this particular adapter 12.
  • different adapters 12 preferably have differently set-up frame selection circuits 28, so that each frame is only analyzed/selected in one adapter 12 and thus discarded in the other adapter(s) 12.
  • this may be the situation only for a single type of data packet, for multiple types thereof or all data packets. In some situations, it may be desired that a type of data packet is analyzed or processed by more than one processing means, and for other types of data packets, it is desired not to process these at all.
  • the frame analyzer 30 which may be of any type of processor or pipeline, where the frame is analyzed in any suitable manner.
  • the frame, part thereof, and/or data relating to the analysis, hash key or the like is output by the transfer unit 32 to the data bus 34 for further analysis, storage, processing, forwarding or the like.
  • This selection performed in the selection circuit 28 may be performed in any desired manner.
  • Each selection circuit 28 then is programmed with a different one of the M values, such that only one of the adapters 12 analyzes a frame, and so that each of the M values is handled by only one adapter 12.
  • an adapter 12 may be set up to analyze more than a single of the M values if desired.
  • FIG. 6 Another manner is illustrated in figure 6, wherein P bits of the hash key are used for generating a number which is used as an entry into a lookup table (LUT), and the adapter number is then derived at the position in the LUT defined by the entry.
  • LUT lookup table
  • the actual selection of which frames to process may be performed on the basis of data provided in a data store, such as a RAM/PROM/EPROM/EEPROM/Flash, such as to be controllable by an operator, provided in the embodiment or in pertaining adapter 12.
  • a data store such as a RAM/PROM/EPROM/EEPROM/Flash, such as to be controllable by an operator, provided in the embodiment or in pertaining adapter 12.
  • This data store may be common to all adapters 12, such as a data store addressable via the PHYs 22, the outputs 32 or separate (not illustrated) data connections.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

An apparatus with a number of analyzers each adapted to receive a data packet and analyze it. The analyzers are adapted to derive data from the packet and determine whether to analyze the packet, so that only one analyzer analyses the packet and the others discards it. When having analyzed the data packet, data relating thereto is output to a common data bus. Information describing to the analyzers which analyzer is to analyze a packet and which are not may be added to a common data storage in order to facilitate maintenance and control of the apparatus via this common data storage.

Description

DISTRIBUTED PROCESSING OF DATA FRAMES BY MULTIPLE ADAPTERS
The present invention relates to a manner of dividing the analysis of data packets between analyzing elements.
In a first aspect, the invention relates to an apparatus for analyzing a plurality of data packets each being transmitted from one computer and addressed to one or more other computers, the apparatus comprising an output data bus and a plurality of analyzing elements and means for providing each data packet to each of the analyzing elements, wherein each analyzing element comprises: first means for receiving and analyzing a data packet and for deriving data from the data packet,
means for processing the received data packet,
means for outputting data relating to the processed data packet on the output data bus,
determining means for, on the basis of the derived data, instructing the processing means to process the received data packet or discarding the data packet,
wherein, for each data packet of at least one type of data packet, the determining means of one of the analyzing elements is adapted to instruct the pertaining processing element to process the received data packet and the determining means of all other analyzing elements are adapted to discard the data packet.
In the present context, the apparatus may be a single assembly of the individual elements or may have such elements distributed in space or separated and interconnected using any type of data transfer, wired or wireless. In the present context, the data packets are each being transmitted from one computer and addressed to one or more other computers. In a preferred embodiment, the present apparatus does not form part of any of the computers and simply derives or accesses the data packets from one or more data connections transporting the data packets from the transmitter(s) to the receiver(s). A data packet may be any type of a data unit to be transmitted on or transported by a network, data cable, data bus, trunk, or the like. Normally, a data unit conforms to one or more data standards, such as the Ethernet standard being an umbrella under which a number of different standards or data packet types exist, such as UDP and TCP data packets. A data packet usually has a number of different information items or types, such as address data, payload or the like, which are each positioned at well defined or known positions within the data packet. Such positions and types will typically differ from data packet type to data packet type, but usually, the data packet type, and thus the positions of individual contents thereof, may be determined from the actual data packet, where after the individual data items, such as address data and/or payload, may be derived, altered, and/or used in the analysis/processing.
Analyzing a data packet may take place to e.g. derive any type of data from and/or relating to the data packet. This may be data/information directly copied or read from the data packet or may be data relating to e.g. a type of data packet or a standard to which the data packet conforms. The type or standard may be derived directly from the data packet, such as when a particular data item of the packet identifies the type/standard, or may be derived from data derived from the data packet, such as on the basis of recognition of types and positions of data items of the data packet and subsequently determination of type(s) or standard(s) of data packet in which such data may be found at such position(s) .
In a particularly interesting embodiment, the analysis may aim to determine whether the data packet relates to a stream of data packets. Data may be derived so that data packets of a single stream have the same data derived, whereas data packets of other streams have other data derived.
A stream of data packets normally is a sequence of data packets transmitted from a single transmitter to one or more receivers. These data packets relate to e.g. a single file or the like transmitted in smaller portions, being the payload of the packets. The transmitter and receiver, or any intermediate network elements, will usually then have addresses also represented in the packet. In addition, other stream identifying information may be present in the data packet, depending on the individual data packet standard.
Thus, a stream may be identified on the basis of e.g. the addresses and/or the stream identifying information, whereby, if used consistently, the same information may be derived, and any subsequent process may identify the stream merely from the derived information. The present apparatus comprises a plurality of analyzing elements. Any number of analyzing elements, such as 2, 3, 4, 5, 6, 7, 8, 10, 15, 20 or more analyzing elements may be provided. The analyzing elements may all be identical or similar, such as adapted to process a data packet in the same manner, or different analyzing elements or groups thereof may have different capabilities and thus process data packets differently or be adapted to only process certain types of data packets and not others.
Naturally, any number of analyzing elements may be provided or realized as a single electronic circuit or in a single piece of hardware, such as a single PCB, a single FPGA, processor or the like. Alternatively, the analyzing elements may be physically separate elements interconnected, so as to communicate via wires or wirelessly, during operation but where one or more analyzing elements may be replaced, added or removed to alter the operation or capabilities of the apparatus. Naturally, the individual means of the analyzing may be obtained or shaped as individual elements, such as processors, software controlled or hardwired, FPGAs, special purpose circuits, ASICS or the like. Alternatively, multiple such means may be combined into a single such processor or the like.
The means for providing each data packet to each of the analyzing elements may be any type of element, such as a data splitter, hub, switch, optical splitter, or the like. Preferably, a number of data packets are sequentially provided to each analyzing element so that each packet is at least substantially simultaneously provided to each analyzing element.
The first means may thus derive any type of data, such as data particular to a stream of data packets. The first means may actually receive and/or store the data or data packet.
Alternatively, the data packet may be received or stored at another position or in an apparatus with which the present apparatus communicates, whereby the data of the data packet is accessed remotely by reading the data while stored in the other apparatus. The latter will usually provide a slower processing, as the data packet is accessed remotely.
The processing of the data packet may be as the above analysis thereof. Usually, the processing is a more complex analysis and may be performed on more parts of the data packet, but usually, the processing is performed on parts of the data packet.
The determining means determine, on the basis of the derived data, whether to have the processing means to process the received data packet or not. Not processing the data packet may be to discard the data packet or simply not forward this.
According to the invention, for at least one type of data packet, it is ensured for each data packet that this data packet is processed by one processing element only. Thus, in spite of the fact that a plurality of analyzing elements exist, only a single one processes the data packet. In this respect, a type of data packet may be a protocol or standard to which the data packet conforms. This is determinable from contents of the data packet.
Naturally, this may be the situation for all types of data packets or some types of data packets. It may be desired, for certain types of data packets, that more than a single processing element processes the data packet. This may be the situation where the processing elements have different capabilities and perform different analysis, or where a "second opinion" is desired. For certain types of data packets, it may also be desired that no processing elements analyze the data packet.
In the present invention, the analyzing element analyzing a data packet outputs data relating to the data packet on the output bus. In this respect, the data output may be the data packet or part thereof. Alternatively or in addition, other data may be output which may be derived during the analysis thereof, such as data relating to a sender/receiver of the data packet, a stream to which the data packet belongs or the like.
The output data bus is common to all analyzers and may be used for transporting the data to a storage (monolithic or divided on different storing media) and/or one or more processors performing further analysis or the like of the data. Naturally, the common output data bus may also be used for outputting the data packets again if desired. Naturally, the output data bus may have any structure, such as a ring or star configuration or using wireless
communication, and be operated using any desired protocol.
In a preferred embodiment: - the first means of all analyzing elements are adapted to derive identical data from any data packet, or at least the one type of data packet, and the determining means are each adapted to compare the derived data, or data relating thereto, to predetermined data and instruct the processing means to process the received data packet, if a correspondence is determined between the predetermined data and the derived data, where the predetermined data of each analyzing means are different.
Thus, all analyzing elements will, for each data packet, derive the same information and compare this to the predetermined data which then is different for different analyzing elements.
Normally, the data derived from different data packets will be different, at least for data packets of different types or different flows. This data is used for determining which analyzing element or processing means processes the data packet. It may be desired that all data packets of a flow or stream are handled by the same processing means in order to maintain an ordering or sequence thereof. As mentioned above, different processing means may have different capabilities, and the data may then be used for identifying different types of data packets and ensure that the correct processing means processes the correct data packets. The determining means may operate on the actual derived data or data relating thereto. This relating data may be calculated on the basis of the derived data or may be derived from a storage or table, such as a Look-Up Table, using the derived data as a look-up address.
In a particularly interesting situation, the predetermined data of the analyzing means is one of a plurality of predetermined information items, such as numbers, the predetermined data of each analyzing means being one of the plurality of information items, and the information items of each analysis means being different.
Then, the information items of the analysis means are used for programming each analysis means to perform analysis of certain data packets, types of data packets, streams of data packets or the like, depending on the type of data derived from the data packets. Thus, the processing results in the deriving or selection of one of the information items, depending on the outcome of the processing, such as a determined type, stream, or the like of the data packet.
In one embodiment, the apparatus further comprises a data storing means and data transfer elements adapted to transfer data from the data storing means to the determining means of each of the analyzing elements, wherein the predetermined data is stored in the storing means. In this manner, the apparatus may be quite simply managed by managing the contents of the storing means. The operation, i.e. which analyzing means process which data packets, may be controlled from this storing means. This embodiment may be expanded in that the analyzing elements may be able to, under all circumstances, derive predetermined information from the data storing means and use this predetermined information even in the situation where the first means are not adapted to derive identical data from the same data packet. However, this latter situation makes controlling the process more complex in that the predetermined information now has to take the analysis of the individual first means into account.
Another aspect of the invention relates to an analyzing element for use in the apparatus according to the first aspect of the invention, the analyzing element comprising means for accessing predetermined data, wherein the determining means are adapted to compare the derived data, or data relating thereto, to the predetermined data and discard or forward the data to an output data bus depending on a result of the comparison.
Again, the predetermined data of this analyzing element need not be provided on or at the analyzing element but may be provided in a storing means available to multiple analyzing elements. This data transfer may be handled using any type of data transfer, wired or wireless.
Another aspect of the invention relates to a plurality of analyzing elements according to the second aspect of the invention, wherein : the first means of all analyzing elements are adapted to derive identical data from identical data packets, and the determining means are each adapted to compare the derived data, or data relating thereto, to predetermined data and instruct the processing means to process the received data packet, if a correspondence is determined between the predetermined data and the derived data, where the predetermined data of each analyzing means are different.
This correspondence may be any type of correspondence, such as identity between the data, or any mathematical relation, usually predetermined.
A fourth aspect of the invention relates to a method of operating the apparatus according to the first aspect of the invention, the method comprising the steps of: receiving a data packet in each of the first means, deriving, in each of the first means, data from the data packet, on the basis of the derived data, instructing, in one of the determining means, the processing means to process the received data packet, on the basis of the derived data, discarding, in all other determining means, the data packet, and processing the received data packet in the instructed processing means and subsequently outputting data relating to the processed data packet on the output data bus.
In the present context, as is also indicated further above, the receiving of a data packet preferably means that this data packet is received at least substantially simultaneously in each of the first means. The instructing step may be a forwarding of the data packet, or parts thereof, to the processing means or may be the forwarding of an instruction, typically in a situation where the processing means is able to address the data packet or part thereof from another source or position. The discarding may simply be not forwarding the data packet. Usually, such packets are provided in a storage and then subsequently overwritten.
In one embodiment: the deriving step comprises deriving in all first means, identical data relating to the data packet,
- the instructing step comprising comparing the derived data, or data relating thereto, to predetermined data and determining a correspondence between the predetermined data and the derived data or the data relating thereto, and
the discarding step comprises comparing the derived data, or data relating thereto, to predetermined data and determining no correspondence between the predetermined data and the derived data or the data relating thereto,
wherein the predetermined data for the individual analyzing elements are different.
In one situation, the predetermined data of the analyzing means is a plurality of information items, such as numbers, the predetermined data of each analyzing means being one of the plurality of information items, and the information items of each analysis means being different. In that or another situation, the discarding and instructing steps comprise accessing the predetermined data in a common data storage. This has the advantage that it may be centrally controlled which analysis means perform which processing. As mentioned above, this advantage is obtained whether the first means derive identical data or not from a data packet. In the following, preferred embodiments of the invention will be described with reference to the drawing, wherein : figure 1 illustrates a first embodiment according to the invention, figure 2 illustrates a frame analysis portion of the embodiment of figure 1, figure 3 illustrates a hash type selection portion of the embodiment of figure 1,
figure 4 illustrates a hash key generation portion of the embodiment of figure 1,
- figure 5 illustrates a first manner of selecting a part of a hash key, and figure 6 illustrates a second manner of selecting a part of a hash key.
Figure 1 illustrates an embodiment 10 comprising a number of adapters or individual analyzers 12 each adapted to receive data frames or packages, analyze these and forward at least part thereof, preferably accompanied with data derived from the analysis.
In general, a system of this type may be a data storage or data traffic surveillance system receiving a large amount of data, in the form of data packets, on a link or from a network 14, which data is to be processed by one or more subsequent processes or processors (not illustrated). Usually, a plurality of processors is provided when a single processor does not suffice.
In the processors, a further processing of the data packets is usually performed in order to determine the further analysis, transmission, storage, altering of the data packet, or whatever the result of the final processing may be. The processors may be used for analyzing the data traffic, for storing the data and/or for transmitting the data to other network elements, computers or the like, depending on the result of the processing in the processors.
The overall function of the system is to process data packets and in particular streams of data packets. When two processors or computers interact, a stream of data packets is interchanged. This stream may be a file transfer or an interchange of audio/video, such as Voice over IP. A stream is a sequence of data packets which are similar, and the belonging of a data packet to a stream is determinable, and it is desired that all data packets of a stream are handled by the same subsequent process or processor.
The present embodiment aims at providing a set-up in which multiple adapters 12 divide the task of analyzing the frames/packages.
In one situation, an advantage is obtained by forwarding all data packets of the same stream to the same processor/process, and/or handling all packets of the same stream in the same adapter 12, whereby it is avoided that individual data packets of a stream overtake others, so that e.g. a VoIP stream is interrupted or corrupted due to e.g. a delay in one
processor/adapter 12. In another situation, an advantage is seen when the processors or adapters 12 have different properties or capabilities, and then are adapted to process different types of data packets. Different processors or adapters 12 may have different capabilities or programming if desired, so that data packets of different types should be forwarded to different processors or handled by different adapters 12.
Also, the loading of the processors or of the processing of the adapters 12 may be balanced by allocating streams to processors/adapters 12 depending on the loading of the
processors/adapters 12. In this situation, the adapters 12 preferably are adapted to perform the same processing. The adapters 12 receive data frames from the network 14, such as the WWW, a trunk or network of any suitable type. Each adapter 12 receives all frames, as these are received from the network 14 by a splitter 16 adapted to forward all data frames received from the network 14 to all adapters 12.
Preferably, all adapters are identical and each comprises a so-called PHY 22, which is an element adapted to receive data frames from a network or data cable and convert these to a standard usually used on data busses on e.g. computers. The data frames output by the PHY 22 are firstly received by a frame analysis circuit 24 which is described in detail in relation to figure 2. This analysis circuit 24 outputs information specific for each data frame to a hash key generation circuit 26 described in detail in relation to figures 3 and 4. Data relating to the generated hash key is forwarded to a frame selection circuit 28 which determines whether the frame is to be analyzed further in this particular adapter 12. If so, the frame is analyzed in a frame processing pipeline or processor 30 and is further forwarded to a transfer unit 32 which forwards at least part of the analyzed frame and potentially data derived during the hash key generation, frame selection and/or the frame processing/analysis to e.g. a subsequent device/processor. If the frame selection circuit 28 determines that the frame is not to be analyzed, the frame may be dropped or discarded.
In general, the output of the individual adapter 12 are output on a common data bus 32 to e.g. a subsequent store, processor(s) or the like. In one situation, all adapters 12 may have the same functionality, whereas advantages may alternatively be seen in the other situation in that adapters 12 may have different functionalities each adapted to the receiver of the individual adapter 12.
If the subsequent store/process is to process the data frames, the processing in the adapters may be a pre-processing, in order to avoid having to perform the full data packet processing of the data packets in the subsequent processor. Then, the result of the pre-processing performed in the analyzers or adapters 12 is preferably forwarded, over the output data bus 34 to such processors together with the data packet or relevant parts thereof.
In one situation, the adapters 12 are not identical but are each adapted to analyze and output (at least part of) data frames of a particular type. Thus, the processor 30 of the adapters 12 may not be identical and may have different capabilities (software controlled or coded in hardware). In this situation, each adapter 12 may forward the data output, via the bus 34, to a specific processor or process, such that different adapters 12 output data to different processors/processes, as is explained above.
Alternatively, the adapters 12 may have identical operation and simply share a workload and output the data to the common data bus 34 from which the subsequent
processor(s)/process(es) derive(s) the data.
The determination made in the frame selection circuit 28 of whether to analyze the frame further in the pertaining adapter 12 or not is made on the basis of information derived from the actual frame. In the present embodiment, an incoming data frame is analyzed in all adapters 12 in order to determine its type. This type is determined on the basis of the standard to which the pertaining frame conforms. Such standards define types of information to be provided in the frames as well as positions therein of such information. This information is derived by the frame analysis circuit.
This determination may be made in a number of manners. A particularly interesting manner is described below. This manner has the advantage that it is ensured that all data frames of a stream are provided the same identifier and thus processed by the same processor 30.
From the determined type, a hash type is selected. A hash function merely is one
mathematical manner of converting or encoding complex data to a simple number. This hash type is determined by a hash type selector 26', of the circuit 26, on the basis of data derived from the frame analysis circuit 24. From figure 2, it is seen that data is derived as to whether the frame is VLAN tagged and/or MPLS tagged as well as of which type the frame is (L2, L3, etc), and this data is output to the hash type selector 26' which, on the basis thereof determines a hash type. Presently, the hash type is determined based on a look-up table (not illustrated) provided therein. A selection of hash key depending on the frame type may be seen in Applicants co-pending application with application No. US61/242,567.
Having determined the hash type (see figure 4), a Dynamic Field Extractor 26" of the circuit 26 extracts relevant data from the particular data frame. This data is address data, for example, which may be identified from knowledge of which standard the individual data frame conforms to. From this data and the determined hash type from the selector 26', a hash key generator 26"' generates a hash key by performing the hash function on the data derived. The resulting value, hereafter called a hash key, is particular to the frame or at least a type thereof. As described in Applicants co-pending application with application No. US61/242,567, this hash key preferably is the same for all frames of a stream, and different streams preferably have different hash keys.
In the present embodiment, the generated hash key is used by the frame selection circuit 28 for determining whether this particular frame is to be processed by this particular adapter 12. Thus, different adapters 12 preferably have differently set-up frame selection circuits 28, so that each frame is only analyzed/selected in one adapter 12 and thus discarded in the other adapter(s) 12.
It is noted that this may be the situation only for a single type of data packet, for multiple types thereof or all data packets. In some situations, it may be desired that a type of data packet is analyzed or processed by more than one processing means, and for other types of data packets, it is desired not to process these at all.
If the frame is to be analyzed, it is forwarded to the frame analyzer 30 which may be of any type of processor or pipeline, where the frame is analyzed in any suitable manner.
Subsequently, the frame, part thereof, and/or data relating to the analysis, hash key or the like is output by the transfer unit 32 to the data bus 34 for further analysis, storage, processing, forwarding or the like.
This selection performed in the selection circuit 28 may be performed in any desired manner. One manner is illustrated in figure 5, wherein N bits, such as the N least or most significant bits, of the hash key are used for generating a number between 0 and 2N = M, where M then is a power of 2 and may be the number of adapters 12 and may also be a number of subsequent processes/processors to which data is forwarded.
Each selection circuit 28 then is programmed with a different one of the M values, such that only one of the adapters 12 analyzes a frame, and so that each of the M values is handled by only one adapter 12. Naturally, an adapter 12 may be set up to analyze more than a single of the M values if desired.
Another manner is illustrated in figure 6, wherein P bits of the hash key are used for generating a number which is used as an entry into a lookup table (LUT), and the adapter number is then derived at the position in the LUT defined by the entry. The advantage of this manner is that the LUT may be set up based on the type and number of frames received, so that individual adapters 12 have their loads more balanced, compared to the manner of figure 5, which may only be controlled by altering the hash type and/or data derived from the packet.
In general, the actual selection of which frames to process may be performed on the basis of data provided in a data store, such as a RAM/PROM/EPROM/EEPROM/Flash, such as to be controllable by an operator, provided in the embodiment or in pertaining adapter 12. This data store may be common to all adapters 12, such as a data store addressable via the PHYs 22, the outputs 32 or separate (not illustrated) data connections.

Claims

1. An apparatus for analyzing a plurality of data packets each being transmitted from one computer and addressed to one or more other computers, the apparatus comprising an output data bus and a plurality of analyzing elements and means for providing each data packet to each of the analyzing elements, wherein each analyzing element comprises: first means for receiving and analyzing a data packet and for deriving data from the data packet,
means for processing the received data packet,
means for outputting data relating to the processed data packet on the output data bus,
determining means for, on the basis of the derived data, instructing the processing means to process the received data packet or discarding the data packet,
wherein, for each data packet of at least one type of data packet, the determining means of one of the analyzing elements is adapted to instruct the pertaining processing element to process the received data packet and the determining means of all other analyzing elements are adapted to discard the data packet.
2. An apparatus according to claim 1, wherein : - the first means of all analyzing elements are adapted to derive identical data from any data packet, and the determining means are each adapted to compare the derived data, or data relating thereto, to predetermined data and instruct the processing means to process the received data packet, if a correspondence is determined between the predetermined data and the derived data, where the predetermined data of each analyzing means are different.
3. An apparatus according to claim 2, wherein the predetermined data of the analyzing means is one of a plurality of predetermined information items, the predetermined data of each analyzing means being one of the plurality of information items, and the information items of each analysis means being different.
4. An apparatus according to claim 2 or 3, further comprising a data storing means and data transfer elements adapted to transfer data from the data storing means to the determining means of each of the analyzing elements, wherein the predetermined data is stored in the storing means.
5. An analyzing element for use in the apparatus according to any of the preceding claims, the element comprising means for accessing predetermined data, wherein the determining means are adapted to compare the derived data, or data relating thereto, to the
predetermined data and discard or forward the data to an output data bus depending on a result of the comparison.
6. A plurality of analyzing elements according to claim 5, wherein : the first means of all analyzing elements are adapted to derive identical data from identical data packets, and the determining means are each adapted to compare the derived data, or data relating thereto, to predetermined data and instruct the processing means to process the received data packet, if a correspondence is determined between the predetermined data and the derived data, where the predetermined data of each analyzing means are different.
7. A method of operating the apparatus according to claim 1, the method comprising the steps of: - receiving a data packet in each of the first means, deriving, in each of the first means, data from the data packet, on the basis of the derived data, instructing, in one of the determining means, the processing means to process the received data packet, on the basis of the derived data, discarding, in all other determining means, the data packet, and processing the received data packet in the instructed processing means and subsequently outputting data relating to the processed data packet on the output data bus.
8. A method according to claim 7, wherein : the deriving step comprises deriving in all first means, identical data relating to the data packet,
the instructing step comprising comparing the derived data, or data relating thereto, to predetermined data and determining a correspondence between the predetermined data and the derived data or the data relating thereto, and the discarding step comprises comparing the derived data, or data relating thereto, to predetermined data and determining no correspondence between the predetermined data and the derived data or the data relating thereto,
- wherein the predetermined data for the individual analyzing elements are different.
9. A method according to claim 8, wherein the predetermined data of the analyzing means is a plurality of information items, the predetermined data of each analyzing means being one of the plurality of information items, and the information items of each analysis means being different.
10. A method according to any of claims 8 or 9, wherein the discarding and instructing steps comprise accessing the predetermined data in a common data storage.
PCT/EP2010/068963 2009-12-04 2010-12-06 Distributed processing of data frames by multiple adapters WO2011067407A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US26676609P 2009-12-04 2009-12-04
US61/266,766 2009-12-04

Publications (1)

Publication Number Publication Date
WO2011067407A1 true WO2011067407A1 (en) 2011-06-09

Family

ID=43919781

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2010/068963 WO2011067407A1 (en) 2009-12-04 2010-12-06 Distributed processing of data frames by multiple adapters

Country Status (1)

Country Link
WO (1) WO2011067407A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040003022A1 (en) * 2002-06-27 2004-01-01 International Business Machines Corporation Method and system for using modulo arithmetic to distribute processing over multiple processors
US6831893B1 (en) * 2000-04-03 2004-12-14 P-Cube, Ltd. Apparatus and method for wire-speed classification and pre-processing of data packets in a full duplex network
EP1720287A1 (en) * 2005-05-04 2006-11-08 Psytechnics Ltd Packet filtering
US20060271823A1 (en) * 2005-05-26 2006-11-30 Finisar Corporation Distributed stream analysis using general purpose processors
US20090217369A1 (en) * 2005-05-04 2009-08-27 Telecom Italia S.P.A. Method and system for processing packet flows, and computer program product therefor

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6831893B1 (en) * 2000-04-03 2004-12-14 P-Cube, Ltd. Apparatus and method for wire-speed classification and pre-processing of data packets in a full duplex network
US20040003022A1 (en) * 2002-06-27 2004-01-01 International Business Machines Corporation Method and system for using modulo arithmetic to distribute processing over multiple processors
EP1720287A1 (en) * 2005-05-04 2006-11-08 Psytechnics Ltd Packet filtering
US20090217369A1 (en) * 2005-05-04 2009-08-27 Telecom Italia S.P.A. Method and system for processing packet flows, and computer program product therefor
US20060271823A1 (en) * 2005-05-26 2006-11-30 Finisar Corporation Distributed stream analysis using general purpose processors

Similar Documents

Publication Publication Date Title
US11425058B2 (en) Generation of descriptive data for packet fields
US20220279055A1 (en) Configuring a switch for extracting packet header fields
US10044596B2 (en) Devices, methods, and systems for packet reroute permission based on content parameters embedded in packet header or payload
US20200076737A1 (en) Packet header field extraction
US7095742B2 (en) Packet processing unit
US8908693B2 (en) Flow key lookup involving multiple simultaneous cam operations to identify hash values in a hash bucket
US10701190B2 (en) Efficient parsing of optional header fields
US8638793B1 (en) Enhanced parsing and classification in a packet processor
US20030007489A1 (en) Data extraction system for packet analysis
US9590910B1 (en) Methods and apparatus for handling multicast packets in an audio video bridging (AVB) network
US8929378B2 (en) Apparatus for analyzing a data packet, a data packet processing system and a method
US20180343198A1 (en) Executing A Selected Sequence Of Instructions Depending On Packet Type In An Exact-Match Flow Switch
US8902888B2 (en) Two-stage port-channel resolution in a multistage fabric switch
GB2422507A (en) An intrusion detection system using a plurality of finite state machines
US9807006B1 (en) Crossbar and an egress packet modifier in an exact-match flow switch
US20210185153A1 (en) Hybrid Fixed/Programmable Header Parser for Network Devices
CN113489652A (en) Data stream amplification method and device, convergence splitter and storage medium
CN101803303A (en) Method and system for managing transmission of fragmented data packets
US10015291B2 (en) Host network controller
CN115190056B (en) Method, device and equipment for identifying and analyzing programmable flow protocol
US9998374B1 (en) Method of handling SDN protocol messages in a modular and partitioned SDN switch
WO2011067407A1 (en) Distributed processing of data frames by multiple adapters
US11799780B2 (en) Systems and methods for implementing multi-table OpenFlow flows that have combinations of packet edits
US20090141712A1 (en) Router device
US20180063296A1 (en) Data-division control method, communication system, and communication apparatus

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10795263

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10795263

Country of ref document: EP

Kind code of ref document: A1