rfc2643.txt

著名的RFC文档,其中有一些文档是已经翻译成中文的的.

   basis as the call progresses through the fabric toward its
   destination.  No synchronization is needed between switches to
   establish an end-to-end connection.

   The Connect Service Center maintains a Connection Table containing
   information for all connections currently active on the switch's
   local ports.

   Connections are removed from the Connection Table when one of the
   endstations is moved to a new switch (Section 4.1.2) or when the
   Topology Link State server (Section 4.2.3) notifies the Connect
   Service Center that a network link has failed.  Otherwise,
   connections are not automatically aged out or removed from the
   Connection Table until a certain percentage threshold (HiMark) of
   table capacity is reached and resources are needed.  At that point,
   some number of connections (typically 100) are aged out and removed
   at one time.

4.5.1 Local Server

   If the destination endstation resides on the local switch, the
   Connect Local server establishes a connection between the source and
   destination ports.  Note that if the source and destination both
   reside on the same physical port, a filter connection is established
   by calling the Filter Service Center (Section 4.6).

4.5.2 Link State Server

   The Connect Link State server is called if the destination endstation
   of the proposed connection does not reside on the local switch.

   The server executes a call to the Path Link State server (Section
   4.7.1) which returns up to three "best" paths of equal cost from the
   local switch to the destination switch.  If more than one path is
   returned, the server chooses a path that provides the best load
   balancing of user traffic across the fabric.









Ruffen, et al.               Informational                     [Page 25]

RFC 2643     Cabletron's SecureFast VLAN Operational Model   August 1999


4.5.3 Directory Server

   The Connect Directory server is called if the Connect Link State
   server is unable to provide a path for some reason.

   The server examines the local directory to determine on which switch
   the destination endstation resides.  If the port of access to the
   destination switch is known, then a connection is established using
   that port as the outport of the connection.

4.6 Filter Service Center

   The Filter Service Center is responsible for establishing filtered
   connections.  This service center is called by the Connect Local
   server (Section 4.5.1) if the source and destination endstations
   reside on the same physical port, and by the Policy Service Center
   (Section 4.4) if the VLAN of either the source or destination is
   indeterminate.

   A filter connection is programmed in the switch hardware with no
   specified outport.  That is, the connection is programmed to discard
   any traffic for that SA/DA pair.

4.7 Path Service Center

   The Path Service Center is responsible for determining the path from
   a source to a destination.

4.7.1 Link State Server

   The Path Link State server is called by the Connect Link State server
   (Section 4.5.2) to return up to three best paths of equal cost
   between a source and destination pair of endstations.  These best
   paths are calculated by the Topology Link State server (Section
   4.2.3).

   The Path Link State server is also called by the Connect Service
   Center to return a complete source-to-destination path consisting of
   a list of individual switch port names.  A switch port name consists
   of the switch base MAC address and a port instance relative to the
   switch.










Ruffen, et al.               Informational                     [Page 26]

RFC 2643     Cabletron's SecureFast VLAN Operational Model   August 1999


4.7.2 Spanning Tree Server

   The Path Spanning Tree server is called by any server needing to
   forward an undirected message out over the switch flood path.  The
   server returns a port mask indicating which local ports are currently
   enabled as outports of the switch flood path.  The switch flood path
   is calculated by the Topology Spanning Tree server (Section 4.2.2).

4.8 Flood Service Center

   If the Resolve Service Center (Section 4.3) is unable to resolve the
   destination address of a packet, it invokes the Flood Service Center
   to broadcast the unresolved packet.

4.8.1 Tag-Based Flood Server

   The Tag-Based Flood server encapsulates the unresolved packet into an
   Interswitch Tag-Based Flood message (Section 6.6), along with a list
   of Virtual LAN identifiers specifying those VLANs to which the source
   endstation belongs.  The message is then sent out over the switch
   flood path to all other switches in the fabric.

   When a switch receives an Interswitch Tag-Based Flood message, it
   examines the encapsulated header to determine the VLAN(s) to which
   the packet should be sent.  If any of the switch's local access ports
   belong to one or more of the specified VLANs, the switch strips off
   the tag-based header and forwards the original packet out the
   appropriate access port(s).

   The switch also forwards the entire encapsulated packet along the
   switch flood path to its downstream neighboring switches, if any.

5. Monitoring Call Connections

   The SecureFast VLAN product permits monitoring of user traffic moving
   between two endstations by establishing a call tap on the connection
   between the two stations.  Traffic can be monitored in one or both
   directions along the connection path.

5.1 Definitions

   In addition to the terms defined in Section 1.2, the following terms
   are used in this description of the call tap process.








Ruffen, et al.               Informational                     [Page 27]

RFC 2643     Cabletron's SecureFast VLAN Operational Model   August 1999


   Originating Switch

      The originating switch is the switch that requests the call tap.
      Any switch along a call connection path may request a tap on that
      call connection.

   Probe

      The tap probe is the device to receive a copy of the call
      connection data.  The probe is attached to a port on the probe
      switch.

   Probe Switch

      The probe switch (also known as the terminating switch) is the
      switch to which the probe is attached.  The probe switch can be
      anywhere in the topology.

5.2 Tapping a Connection

   A request to tap a call connection between two endstations can
   originate on any switch along the call connection path -- the ingress
   switch, the egress switch, or any of the intermediate switches.  The
   call connection must have already been established before a call tap
   request can be issued.  The probe device can be attached to any
   switch in the topology.

5.2.1 Types of Tap Connections

   A call tap is enabled by setting up an auxiliary tap connection
   associated with the call being monitored.  Since the tap must
   originate on a switch somewhere along the call connection path, the
   tap connection path will pass through one or more of the switches
   along the call path.  However, since the probe switch can be anywhere
   in the switch fabric, the tap path and the call path may diverge at
   some point.

   Therefore, on each switch along the tap path, the tap connection is
   established in one of three ways:

   -  The existing call connection is used with no modification.

         When both the call path and tap path pass through the switch,
         and the inport and outports of both connections are identical,
         the switch uses the existing call connection to route the tap.

   -  The existing call connection is modified.




Ruffen, et al.               Informational                     [Page 28]

RFC 2643     Cabletron's SecureFast VLAN Operational Model   August 1999


         When both the call path and tap path pass through the switch,
         but the call path outport is different from the tap path
         outport, the switch enables an extra outport in either one or
         both directions of the call connection, depending on the
         direction of the tap.  This happens under two conditions.

   -  If the switch is also the probe switch, an extra outport is
         enabled to the probe.

   -  If the switch is the point at which the call path and the tap path
         diverge, an extra outport is enabled to the downstream neighbor
         on that leg of the switch flood path on which the probe switch
         is located.

   -  A new connection is established.

         If the call path does not pass through the switch (because the
         tap path has diverged from the call path), a completely new
         connection is established for the tap.

5.2.2 Locating the Probe and Establishing the Tap Connection

   To establish a call tap, the originating switch formats an
   Interswitch Tap request message (Section 6.7) and sends it out over
   the switch flood path to all other switches in the topology.

      Note:

         If the originating switch is also the probe switch, no
         Interswitch Tap request message is necessary.

   As the Interswitch Tap request message travels out along the switch
   flood path, each switch receiving the message checks to see if it is
   the probe switch and does the following:

   -  If the switch is the probe switch, it establishes the tap
      connection by either setting up a new connection or modifying the
      call connection, as appropriate (see Section 5.2.1).  It then
      reformats the Tap request message to be a Tap response message
      with a status indicating that the probe has been found, and sends
      the message back to its upstream neighbor.

   -  If the switch is not the probe switch, it forwards the Tap request
      message to all its downstream neighbors (if any).

   -  If the switch is not the probe switch and has no downstream
      neighbors, it reformats the Tap request message to be a Tap
      response message with a status indicating that the probe is not



Ruffen, et al.               Informational                     [Page 29]

RFC 2643     Cabletron's SecureFast VLAN Operational Model   August 1999


      located on that leg of the switch flood path.   It then sends the
      response message back to its upstream neighbor.

      When a switch forwards an Interswitch Tap request message to its
      downstream neighbors, it keeps track of the number of requests it
      has sent out.

   -  If a response is received with a status indicating that the probe
      switch is located somewhere downstream, the switch establishes the
      appropriate type of tap connection (see Section 5.2.1).  It then
      formats a Tap response message with a status indicating that the
      probe has been found and passes the message to its upstream
      neighbor.

   -  If no responses are received with a status indicating that the
      probe switch is located downstream, the switch formats a Tap
      response message with a status indicating that the probe has not
      been found and passes the message to its upstream neighbor.

5.2.3 Status Field

   The status field of the Interswitch Tap request/response message
   contains information about the state of the tap.  Some of these
   status values are transient and are merely used to track the progress
   of the tap request.  Other status values are stored in the tap table
   of each switch along the tap path for use when the tap is torn down.
   The possible status values are as follows:

   -  StatusUnassigned.  This is the initial status of the Interswitch
      Tap request message.

   -  OutportDecisionUnknown.  The tap request is still moving
      downstream along the switch flood path.  The probe switch had not
      yet been found.

   -  ProbeNotFound.  The probe switch is not located on this leg of the
      switch flood path.

   -  DisableOutport.  The probe switch is located on this leg of the
      switch flood path, and the switch has had to either modify the
      call connection or establish a new connection to implement the tap
      (see Section 5.2.1).  When the tap is torn down, the switch will
      have to disable any additional outports that have been enabled for
      the tap.

   -  KeepOutport.  The probe switch is located on this leg of the
      switch flood path, and the switch was able to route the tap over
      the existing call path (see Section 5.2.1).  Any ports used for



Ruffen, et al.               Informational                     [Page 30]

RFC 2643     Cabletron's SecureFast VLAN Operational Model   August 1999


      the tap will remain enabled when the tap is torn down.

5.3 Untapping a Connection

   A request to untap a call connection must be issued on the tap
   originating switch -- that is, the