WO2020166314A1 - Communication control method - Google Patents

Communication control method Download PDF

Info

Publication number
WO2020166314A1
WO2020166314A1 PCT/JP2020/002837 JP2020002837W WO2020166314A1 WO 2020166314 A1 WO2020166314 A1 WO 2020166314A1 JP 2020002837 W JP2020002837 W JP 2020002837W WO 2020166314 A1 WO2020166314 A1 WO 2020166314A1
Authority
WO
WIPO (PCT)
Prior art keywords
configuration
routing
functional group
switch
packet
Prior art date
Application number
PCT/JP2020/002837
Other languages
French (fr)
Japanese (ja)
Inventor
宗之 川谷
Original Assignee
日本電信電話株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電信電話株式会社 filed Critical 日本電信電話株式会社
Publication of WO2020166314A1 publication Critical patent/WO2020166314A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4604LAN interconnection over a backbone network, e.g. Internet, Frame Relay
    • H04L12/462LAN interconnection over a bridge based backbone
    • H04L12/4625Single bridge functionality, e.g. connection of two networks over a single bridge
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/302Route determination based on requested QoS
    • H04L45/306Route determination based on the nature of the carried application
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/38Flow based routing

Definitions

  • the present invention relates to a communication control method.
  • NF Network Function
  • LB Network Function
  • FW Firewall
  • LB Load Balancer: Load Balancer
  • IPS Intrusion Prevention System
  • the conventional technology has a problem that many steps may be required to change the configuration of the network system including a plurality of NFs.
  • the device that functions as an NF has different performance and availability depending on the type and model, and it is necessary to design in consideration of performance and availability when introducing it.
  • the complexity of the design and the cost of changing the configuration due to the complexity, the increase in the period, and the promotion of work mistakes occur.
  • a communication control method of the present invention is a communication control method for controlling communication in a network system in which a functional group including a switch and a network device connected to the switch is connected to each other.
  • the routing of the packet in the first direction is performed according to the setting performed when the configuration is changed, and the header information of the packet in the first direction is stored, It is characterized in that the packet in the second direction is routed by an automatic routing function for routing the packet in the second direction different from the first direction based on the stored header information.
  • FIG. 1 is a diagram showing a configuration example of a network system according to the first embodiment.
  • FIG. 2 is a diagram illustrating a configuration example of the configuration changing device according to the first embodiment.
  • FIG. 3 is a diagram illustrating a configuration example of the communication control device according to the first embodiment.
  • FIG. 4 is a flowchart showing a flow of processing for upstream communication of the communication control device according to the first embodiment.
  • FIG. 5 is a flowchart showing a flow of processing for downlink communication of the communication control device according to the first embodiment.
  • FIG. 6 is a flowchart showing a flow of a process of inserting a functional group by the configuration changing device according to the first embodiment.
  • FIG. 7 is a diagram illustrating addition of a connection.
  • FIG. 1 is a diagram showing a configuration example of a network system according to the first embodiment.
  • FIG. 2 is a diagram illustrating a configuration example of the configuration changing device according to the first embodiment.
  • FIG. 3 is a diagram
  • FIG. 8 is a diagram for explaining the routing setting from the uplink side.
  • FIG. 9 is a diagram for explaining the routing setting from the downlink side.
  • FIG. 10 is a diagram for explaining the setting of the return routing from the uplink side.
  • FIG. 11 is a diagram illustrating the deletion of a connection.
  • FIG. 12 is a flowchart showing a flow of a process of deleting a functional group by the configuration changing device according to the first embodiment.
  • FIG. 13 is a diagram illustrating addition of a connection.
  • FIG. 14 is a diagram for explaining the routing setting from the downlink side.
  • FIG. 15 is a diagram for explaining the routing setting from the uplink side.
  • FIG. 16 is a diagram illustrating deletion of a connection.
  • FIG. 17 is a flowchart showing the flow of scale-out processing by the configuration changing device according to the first embodiment.
  • FIG. 18 is a diagram illustrating the activation of the NF.
  • FIG. 19 is a diagram illustrating addition of a connection.
  • FIG. 20 is a diagram for explaining the setting of routing from the added NF to the downlink side.
  • FIG. 21 is a diagram for explaining the setting of routing from the downlink side to the added NF.
  • FIG. 22 is a flowchart showing the flow of scale-in processing by the configuration changing device according to the first embodiment.
  • FIG. 23 is a diagram for explaining the routing setting from the downlink side.
  • FIG. 24 is a diagram illustrating deletion of a connection.
  • FIG. 25 is a diagram for explaining the stop of the NF.
  • FIG. 26 is a diagram illustrating an example of a computer that executes a communication control program.
  • FIG. 1 is a diagram showing a configuration example of a network system according to the first embodiment.
  • the logical configuration of the network system is such that functional groups having switches and network devices connected to the switches are connected to each other.
  • a client group exists at one end of the network system
  • a server group exists at the other end.
  • the direction from the client group to the server group is called the uplink side.
  • the direction from the server group to the client group is called the downlink side.
  • the uplink side may be referred to as uplink and the downlink side may be referred to as downlink.
  • the uplink side is an example of the first direction.
  • the downlink side is an example of the second direction.
  • Each functional group has a predetermined function related to the network.
  • NF-Group1 functions as FW.
  • NF-Group2 functions as LB.
  • NF-Group3 functions as IPS.
  • the routing on the uplink side is performed by, for example, ECMP (Equal Cost Multi Path). Further, the routing on the downlink side is performed by an automatic routing function described later.
  • the physical configuration overlaid by the logical configuration of the network system may be the Spine-Leaf fabric.
  • the network system is a logical NW (Network) constructed within the fabric of Spine-Leaf by SDN (Software Defined Network).
  • NW Network
  • SDN Software Defined Network
  • the NF is deployed on the physical appliance or IA server.
  • the network system of the embodiment may be a virtual network logically configured as shown in FIG. 1 or a physical network.
  • Changes in the configuration of the network system include insertion of a functional group, deletion of a functional group, scale-out (addition) of NF, scale-in (deletion) of NF, and the like.
  • a predetermined procedure is executed so that packets can be normally transmitted and received between the client group and the server group even after the change.
  • Each procedure may be performed by manually executing a predetermined command on each functional group, a switch of each functional group, and a physical or virtual device on which the NF operates, or automatically as a batch process. It may be performed in a regular manner.
  • a computer functioning as a switch and an NF receives an input of a command corresponding to each procedure, and executes each procedure by utilizing a function of an OS (Operating System) provided in the computer.
  • OS Operating System
  • FIG. 2 is a diagram illustrating a configuration example of the configuration changing device according to the first embodiment.
  • the configuration changing device 10 includes a communication unit 11, an input/output unit 12, a storage unit 13, and a control unit 14.
  • the communication unit 11 controls a communication interface with an external device.
  • the communication unit 11 can send a control signal to each functional group.
  • the input/output unit 12 controls input/output of various information to/from the configuration change device 10.
  • the input/output unit 12 may be, for example, an input device such as a mouse or a keyboard that receives a manual input to the configuration changing device 10.
  • the storage unit 13 stores various information referred to when the control unit 14 operates.
  • the control unit 14 controls the entire configuration changing device 10.
  • the control unit 14 includes a connection control unit 141, a setting unit 142, a starting unit 143, and a stopping unit 144.
  • connection control unit 141 adds and deletes connections between functional groups. For example, when the switch is a Linux (registered trademark) virtual bridge, the connection control unit 141 adds the L1/L2 connection with the command "brctl addif" and deletes the L1/L2 connection with the command "brctl delif". You can
  • the setting unit 142 sets NF routing. For example, when the functional group is routed by "ip route2" of Linux, the setting unit 142 can set the NF and weight of the packet transfer destination by the command "ip route append".
  • the activation unit 143 activates the designated NF. Further, the stopping unit 144 stops the designated NF.
  • the functional group has a function of automatically routing a downlink packet. For this reason, the functional group can perform routing of packets in the upstream direction according to the setting made at the time of changing the configuration, whereas the automatic routing function can perform routing of packets in the second direction.
  • the automatic routing function is a function of storing header information of upstream packets and performing routing of downstream packets based on the stored header information.
  • FIG. 3 is a diagram illustrating a configuration example of the communication control device according to the first embodiment.
  • the function of the communication control device 20 of FIG. 3 may be implemented in the switch, the NF, or another device connected to the switch.
  • the communication control device 20 includes a communication unit 21, an input/output unit 22, a storage unit 23, and a control unit 24.
  • the communication unit 21 controls a communication interface with an external device.
  • the communication unit 21 receives, for example, an upstream packet transmitted from the client group and transmits a downstream packet output from the control unit 24 to the server group.
  • the input/output unit 22 controls input/output of various information to/from the communication control device 20.
  • the input/output unit 22 receives, for example, input of setting information and the like to the communication control device 20.
  • the storage unit 23 stores various information referred to when the control unit 24 operates.
  • the storage unit 23 includes an area for storing, for example, the session table 231.
  • the session table 231 stores session information.
  • the session information is information that identifies the source MAC address of the upstream packet and the session of the upstream packet.
  • the items of the session table 231 include session identification information #, source port number, protocol number, and return MAC address.
  • the session table 231 stores “1” as the session identification information #, “IP-C-1” as the source port number, and “xxxx” as the protocol number.
  • “6” indicating the tcp protocol is stored as the return MAC address
  • “MC-LB-1” is stored as the return MAC address.
  • “xxxx” is assumed to be a predetermined numerical value.
  • the control unit 24 controls the communication control device 20 as a whole.
  • the control unit 24 has a storage unit 241 and an updating unit 242.
  • the storage unit 241 stores, in the storage unit 23, the transmission source MAC address of the uplink packet and information identifying the session of the uplink packet.
  • the updating unit 242 determines the destination MAC address of the downlink packet as the transmission source of the uplink packet. Update to MAC address. Further, for example, the updating unit 242 can update the MAC address using an API of Linux Kernel called netfilter or a similar library called libnetfilter_queue.
  • the storage unit 241 stores the transmission source IP address, the transmission source port number, and the protocol number of the upstream packet in the storage unit 23 as information for identifying the session of the upstream packet.
  • the updating unit 242 determines that the destination IP address, the destination port number, and the protocol number of the downlink packet match the source IP address, the source port number, and the protocol number of the uplink packet stored in the storage unit 23, respectively.
  • the destination MAC address of the downlink packet is updated to the source MAC address of the uplink packet.
  • FIG. 4 is a flowchart showing the flow of processing for upstream communication of the L2 switch according to the first embodiment.
  • the communication control device 20 receives an upstream packet (step S111).
  • the communication control device 20 acquires the source IP address, source port number, protocol number, and return MAC address of the packet (step S112).
  • the transmission source IP address, the transmission source port number, and the protocol number are examples of information that identifies a session.
  • the return MAC address is the source MAC address.
  • the communication control device 20 stores the acquired information in the session table 231 (step S113). Then, the communication control device 20 transmits the packet according to the preset routing information (step S114).
  • FIG. 5 is a flowchart showing a processing flow for downlink communication of the L2 switch according to the first embodiment.
  • the communication control device 20 receives a downlink packet (step S121).
  • the L2 switch searches the session table 231 with the destination IP address, destination port number, and protocol number of the packet, and acquires the return MAC address of the matching record (step S122).
  • the communication control device 20 updates the destination MAC address of the packet to the acquired return MAC address (step S123). Then, the communication control device 20 transmits the packet according to the preset routing information (step S124).
  • the switch After completion of the configuration change procedure, the switch routes upstream packets according to the settings made when the configuration was changed. At this time, the switch stores the header information of the packet in the upstream direction and performs the routing of the packet in the downstream direction by the automatic routing function that routes the packet in the downstream direction different from the upstream direction based on the stored header information.
  • FIG. 6 is a flowchart showing a flow of a process of inserting a functional group by the configuration changing device according to the first embodiment.
  • FIG. 7 is a diagram illustrating addition of a connection.
  • FIG. 8 is a diagram for explaining the routing setting from the uplink side.
  • FIG. 9 is a diagram for explaining the routing setting from the downlink side.
  • FIG. 10 is a diagram for explaining the setting of the return routing from the uplink side.
  • FIG. 11 is a diagram illustrating the deletion of a connection.
  • the configuration changing device 10 connects to the switch into which the NF on the uplink side is inserted (step S11, FIG. 7).
  • the NF to be inserted is connected to the switch on the downlink side (step S12, FIG. 8).
  • the configuration modification device 10 adds the connection between the NF of NF-Group1 and the switch of NF-Group' to be inserted and the connection of the NF of NF-Group' and the switch of NF-Group2 by the command "brctl addif" ..
  • the configuration changing device 10 sets the routing setting of the NF to be inserted in the NF on the uplink side (step S13). For example, the configuration change device 10 ip route append seg-s nexthop via NF1(NF-Group2) weight 10 nexthop via NF2(NF-Group2) weight 10 And set multiple nexthops with the same weight.
  • the configuration changing device 10 sets the routing setting of the NF on the downlink side for the NF to be inserted (step S14). For example, the configuration change device 10 ip route append seg-s nexthop via NF1(NF-Group') weight 10 nexthop via NF2(NF-Group') weight 10 And set multiple nexthops with the same weight.
  • upstream packets will be sent via the route of NF-Group1 ⁇ NF-Group' ⁇ NF-Group2 ⁇ NF-Group3. Further, the automatic routing function allows the downlink packets to be returned to the client in the reverse order of the uplink packets.
  • the configuration changing device 10 sets the return routing setting of the uplink NF to one of the NFs to be inserted (step S15, FIG. 10). For example, the configuration change device 10 ip route append seg-c via NF1(NF-Group') ip route del seg-c via NF1(NF-Group1) And then remove the original routing configuration.
  • the procedure of step 15 is performed in order to prevent the downlink packet from being discarded without automatic routing. Therefore, the procedure of step 15 can be omitted. For example, when the switch of NF-Group2 has an IP address and the downlink packet is routed to the switch, the procedure of step 15 can be omitted.
  • the configuration modification device 10 deletes the connections before and after the functional group to be inserted (step S16, FIG. 11).
  • the configuration modification device 10 deletes the connection between the NF-Group 1 NF and the NF-Group 2 switch by the command "brctl delif".
  • the switch routes the packet transmitted in the upstream direction from the first function group and the function groups in the downstream direction of the first function group when the configuration change is performed to add the first function group to the network system. According to the settings made when the configuration was changed. At this time, the switch can perform routing of packets transmitted in the downlink direction from the first functional group and the functional groups in the upstream direction of the first functional group by the automatic routing function. For example, after step S16, the switch performs routing of uplink packets transmitted from NF-Group1 and NF-Group' according to the setting made when the configuration is changed. On the other hand, the switch performs routing of downlink packets transmitted from NF-Group' and NF-Group2 by the automatic routing function.
  • FIG. 12 is a flowchart showing a flow of a process of deleting a functional group by the configuration changing device according to the first embodiment.
  • FIG. 13 is a diagram illustrating addition of a connection.
  • FIG. 14 is a diagram for explaining the routing setting from the downlink side.
  • FIG. 15 is a diagram for explaining the routing setting from the uplink side.
  • FIG. 16 is a diagram illustrating deletion of a connection.
  • the configuration modification device 10 draws a bypass line from the NF on the downlink side to the switch on the uplink side (step S21, FIG. 13).
  • the configuration changing device 10 adds the connection between the NF-Group 1 NF and the NF-Group 3 switch by the command "brctl addif".
  • the configuration changing device 10 sets the routing setting of the NF on the downlink side to the NF on the uplink side (step S22, FIG. 14). For example, the configuration change device 10 ip route append seg-s nexthop via NF1(NF-Group3) weight 10 nexthop via NF2(NF-Group3) weight 10 And set multiple nexthops with the same weight.
  • the configuration changing device 10 sets the return routing setting of the uplink NF to any one of the NFs to be inserted (step S23, FIG. 15). For example, the configuration change device 10 ip route append seg-c via NF1(NF-Group') ip route del seg-c via NF1(NF-Group1) And then remove the original routing configuration. Note that, like step S16, step S23 can be omitted.
  • upstream packets will be sent via the route of NF-Group1 ⁇ NF-Group3. Further, the automatic routing function allows the downlink packets to be returned to the client in the reverse order of the uplink packets.
  • the configuration modification device 10 deletes the connections before and after the functional group to be inserted (step S24, FIG. 16).
  • the configuration change device 10 deletes the connection between the NF-Group1 NF and the NF-Group2 switch and the connection between the NF-Group2 NF and the NF-Group3 switch by the command "brctl delif".
  • the switch When a configuration change is made to delete the first functional group from the network system, the switch reconfigures the routing of packets transmitted in the upstream direction from the functional group in the downstream direction of the first functional group.
  • the switch can perform routing of the packet transmitted in the downlink direction from the functional group in the upstream direction of the first functional group by the automatic routing function.
  • the switch performs routing of the upstream packet transmitted from NF-Group1 according to the setting made when changing the configuration.
  • the switch performs the routing of the downlink packet transmitted from NF-Group3 by the automatic routing function.
  • FIG. 17 is a flowchart showing the flow of scale-out processing by the configuration changing device according to the first embodiment.
  • FIG. 18 is a diagram illustrating the activation of the NF.
  • FIG. 19 is a diagram illustrating addition of a connection.
  • FIG. 20 is a diagram for explaining the setting of routing from the added NF to the downlink side.
  • FIG. 21 is a diagram for explaining the setting of routing from the downlink side to the added NF.
  • the configuration modification device 10 activates the added NF by scale-out (step S31, FIG. 18), and then the configuration modification device 10 switches from the added NF to the switch of the same functional group and up. Connect to the switch on the link side (step S32, FIG. 19).
  • the configuration changing device 10 adds a connection between the NF-Group2 NF3 and the NF-Group2 switch and a connection between the NF-Group2 switch and the NF-Group3 NF by the command "brctl addif".
  • the configuration changing device 10 sets the return routing setting of the added NF to any one of the NFs on the downlink side (step S33, FIG. 20). For example, the configuration change device 10 ip route append seg-c via NF1(NF-Group1) To execute. Similar to step S16, step S33 can be omitted.
  • the configuration modification device 10 adds the NF added to the nexthop from the NF on the downlink side (step S34, FIG. 21). For example, the configuration change device 10 ip route append seg-s nexthop via NF1(NF-Group2) weight 10 nexthop via NF2(NF-Group2) weight 10 nexthop via NF3(NF-Group2) weight 10 And set multiple nexthops with the same weight.
  • the switch moves upward from the downstream functional group of the first network device and the first functional group. Routing of transmitted packets is performed according to the settings made when the configuration was changed. At this time, the switch can perform routing of a packet transmitted in the downlink direction from the uplink network of the first network device and the first functional group by the automatic routing function. For example, after step S34, the switch performs routing of upstream packets transmitted from NF3 of NF-Group2 and NF-Group1 according to the setting made when the configuration is changed. On the other hand, the switch performs routing of downlink packets transmitted from NF3 and NF-Group2 of NF-Group1 by an automatic routing function.
  • FIG. 22 is a flowchart showing the flow of scale-in processing by the configuration changing device according to the first embodiment.
  • FIG. 23 is a diagram for explaining the routing setting from the downlink side.
  • FIG. 24 is a diagram illustrating deletion of a connection.
  • FIG. 25 is a diagram for explaining the stop of the NF.
  • the configuration modification device 10 deletes the NF that scales in from the nexthop from the NF on the downlink side (step S41, FIG. 23). For example, the configuration change device 10 ip route del seg-s nexthop via NF3(NF-Group2) weight 10 And delete nexthop with the same weight.
  • the configuration modification device 10 deletes the connections before and after the NF to be scaled in (step S42, FIG. 24).
  • the configuration modification device 10 deletes the connection between the NF-Group2 switch and the NF-Group2 NF2 and the connection between the NF-Group2 NF2 and the NF-Group3 switch by the command "brctl delif".
  • the configuration modification device 10 stops the scale-in NF (step S43, FIG. 25).
  • the switch of the network system when the configuration of the network system is changed, routes the packet in the first direction according to the setting made when the configuration is changed. I do.
  • the switch stores the header information of the packet in the first direction, and uses the automatic routing function to perform routing of the packet in the second direction different from the first direction based on the stored header information. Route packets in any direction.
  • the network system can perform automatic routing of downlink packets, for example. Therefore, according to the embodiment, when changing the configuration of the network system, it is possible to omit the routing setting in the direction in which automatic routing is possible, and it is possible to reduce the procedure required for changing the configuration.
  • the switch changes from the function group in the first direction to the first direction in the second direction of the first function group when the configuration is changed to add the first function group to the network system. Routing of transmitted packets is performed according to the settings made when the configuration was changed. At this time, the switch performs routing of the packet transmitted in the second direction from the first functional group and the functional groups in the first direction of the first functional group by the automatic routing function.
  • the routing setting of the first functional group in the first direction can be omitted.
  • the routing setting from NF-Group' to NF-Group1 in FIG. 11 can be omitted.
  • the routing setting from NF-Group3 to NF-Group1' in FIG. 11 can be omitted.
  • the switch detects packets transmitted from the functional group in the second direction of the first functional group in the first direction. Perform routing according to the settings made when the configuration was changed. At this time, the switch performs the routing of the packet transmitted in the second direction from the function group in the first direction of the first function group by the automatic routing function. In this case, it may be possible to omit the routing setting in the first direction of the first functional group. For example, it may be possible to omit the routing setting from NF-Group3 to NF-Group1 in FIG.
  • the switch has a function group in the second direction of the first network device and the first function group when a configuration change is made to add the first network device to the first function group of the network system.
  • the packets transmitted in the first direction from are routed according to the settings made when the configuration is changed.
  • the switch performs the routing of the packet transmitted from the function group in the first direction of the first network device and the first function group in the second direction by the automatic routing function.
  • the routing setting from the first network device added to the first functional group can be omitted.
  • the routing setting from NF3 of NF-Group2 to NF-Group1 of FIG. 21 can be omitted.
  • step 15 when the switch of NF-Group2 has the IP address and the downlink packet is routed to the switch, the procedure of step 15 can be omitted.
  • cases in which these steps can be omitted are not limited to the above.
  • step 15 can be omitted if discarding of packets can be ignored or if transmission of upstream packets is restricted in advance.
  • a dummy port may be provided in the switch, and session information including the port and the return MAC address may be generated in a pseudo manner to prevent the downlink packet from being discarded.
  • each constituent element of each device shown in the drawings is functionally conceptual, and does not necessarily have to be physically configured as illustrated. That is, the specific form of distribution and integration of each device is not limited to that shown in the figure, and all or a part of them may be functionally or physically distributed in arbitrary units according to various loads or usage conditions, or It can be integrated and configured.
  • each processing function performed by each device is realized in whole or in part by a CPU (Central Processing Unit) and a program that is analyzed and executed by the CPU, or a hardware by a wired logic. Can be realized as.
  • a CPU Central Processing Unit
  • the configuration changing device 10 can be implemented by installing a configuration changing program for executing the above-described configuration change as package software or online software in a desired computer.
  • the information processing apparatus can function as the configuration changing apparatus.
  • the information processing device includes a desktop or notebook personal computer.
  • the information processing apparatus includes a mobile communication terminal such as a smartphone, a mobile phone or a PHS (Personal Handyphone System), and a slate terminal such as a PDA (Personal Digital Assistant) in its category.
  • FIG. 26 is a diagram illustrating an example of a computer that executes a configuration change program.
  • the computer 1000 has, for example, a memory 1010 and a CPU 1020.
  • the computer 1000 also has a hard disk drive interface 1030, a disk drive interface 1040, a serial port interface 1050, a video adapter 1060, and a network interface 1070. These units are connected by a bus 1080.
  • the memory 1010 includes a ROM (Read Only Memory) 1011 and a RAM 1012.
  • the ROM 1011 stores, for example, a boot program such as BIOS (Basic Input Output System).
  • BIOS Basic Input Output System
  • the hard disk drive interface 1030 is connected to the hard disk drive 1090.
  • the disk drive interface 1040 is connected to the disk drive 1100.
  • a removable storage medium such as a magnetic disk or an optical disk is inserted into the disk drive 1100.
  • the serial port interface 1050 is connected to, for example, a mouse 1110 and a keyboard 1120.
  • the video adapter 1060 is connected to the display 1130, for example.
  • the hard disk drive 1090 stores, for example, an OS 1091, an application program 1092, a program module 1093, and program data 1094. That is, the program defining each process of the configuration change is implemented as the program module 1093 in which the code executable by the computer is described.
  • the program module 1093 is stored in the hard disk drive 1090, for example.
  • the hard disk drive 1090 stores the program module 1093 for executing the same processing as the functional configuration in the configuration change.
  • the hard disk drive 1090 may be replaced by SSD.
  • the setting data used in the processing of the above-described embodiment is stored as the program data 1094 in, for example, the memory 1010 or the hard disk drive 1090. Then, the CPU 1020 reads the program module 1093 and the program data 1094 stored in the memory 1010 or the hard disk drive 1090 into the RAM 1012 as necessary, and executes the processing of the above-described embodiment.
  • the program module 1093 and the program data 1094 are not limited to being stored in the hard disk drive 1090, but may be stored in, for example, a removable storage medium and read by the CPU 1020 via the disk drive 1100 or the like. Alternatively, the program module 1093 and the program data 1094 may be stored in another computer connected via a network (LAN (Local Area Network), WAN (Wide Area Network), etc.). Then, the program module 1093 and the program data 1094 may be read by the CPU 1020 from another computer via the network interface 1070.
  • LAN Local Area Network
  • WAN Wide Area Network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

This network system connects, to one another, functional groups having switches and network devices connected to the switches. If a modification is made to the configuration, the functional groups can perform routing of packets in one direction in accordance with settings performed when modifying the configuration. In addition, if a modification is made to the configuration, the functional groups store header information for a packet in one direction, and perform routing of the packets in the second direction by means of an automatic routing function which performs routing of packets in a second direction which is different to the first direction, based on the stored header information.

Description

通信制御方法Communication control method
 本発明は、通信制御方法に関する。 The present invention relates to a communication control method.
 近年、LB、FW、WAF、IPS等のネットワーク機器による機能(NF:Network Function)を複数用いたシステムが一般化してきている。例えば、NAT、FW(Firewall)、LB(Load Balancer:ロードバランサ)IPS(Intrusion Prevention System)等を接続するサービスチェイニングが知られている(例えば、非特許文献1を参照)。 In recent years, systems using multiple functions (NF: Network Function) of network devices such as LB, FW, WAF, and IPS have become popular. For example, service chaining that connects NAT, FW (Firewall), LB (Load Balancer: Load Balancer) IPS (Intrusion Prevention System), etc. is known (for example, see Non-Patent Document 1).
 しかしながら、従来の技術には、複数のNFを含むネットワークシステムの構成変更に多くの手順が必要になる場合があるという問題がある。 However, the conventional technology has a problem that many steps may be required to change the configuration of the network system including a plurality of NFs.
 例えば、NFとして機能する機器は、種類や機種等により性能や可用性が異なり、導入する際に性能や可用性を鑑みた設計を行わなくてはならない。これにより、設計の複雑化及びそれによる構成変更のコスト増、期間増及び作業ミスの助長等が起こっている。 For example, the device that functions as an NF has different performance and availability depending on the type and model, and it is necessary to design in consideration of performance and availability when introducing it. As a result, the complexity of the design and the cost of changing the configuration due to the complexity, the increase in the period, and the promotion of work mistakes occur.
 特に、NFを複数台スケールアウト構成で利用している場合において、ネットワークトポロジーの変更は大量のPBR(Policy Based Routing)を使わなくてはならない。このため、NFを複数台スケールアウト構成で利用している場合の構成変更は、複雑な設計になり、手順が増大する。 In particular, when using multiple NFs in a scale-out configuration, a large amount of PBR (Policy Based Routing) must be used to change the network topology. Therefore, the configuration change in the case where a plurality of NFs are used in a scale-out configuration requires a complicated design, and the procedure is increased.
 前記した課題を解決するため、本発明の通信制御方法は、スイッチ及び前記スイッチに接続されたネットワーク機器を有する機能グループを互いに接続したネットワークシステムにおける通信を制御する通信制御方法であって、前記スイッチは、前記ネットワークシステムの構成変更が行われた場合、構成変更の際に行われた設定にしたがって第1の方向のパケットのルーティングを行い、前記第1の方向のパケットのヘッダ情報を記憶し、当該記憶したヘッダ情報を基に前記第1の方向と異なる第2の方向のパケットのルーティングを行う自動ルーティング機能により前記第2の方向のパケットのルーティングを行うことを特徴とする。 In order to solve the above-mentioned problems, a communication control method of the present invention is a communication control method for controlling communication in a network system in which a functional group including a switch and a network device connected to the switch is connected to each other. When the configuration of the network system is changed, the routing of the packet in the first direction is performed according to the setting performed when the configuration is changed, and the header information of the packet in the first direction is stored, It is characterized in that the packet in the second direction is routed by an automatic routing function for routing the packet in the second direction different from the first direction based on the stored header information.
 本発明によれば、NFを互いに接続したネットワークシステムの構成変更に要する手順を削減することができる。 According to the present invention, it is possible to reduce the procedure required for changing the configuration of the network system in which the NFs are connected to each other.
図1は、第1の実施形態に係るネットワークシステムの構成例を示す図である。FIG. 1 is a diagram showing a configuration example of a network system according to the first embodiment. 図2は、第1の実施形態に係る構成変更装置の構成例を示す図である。FIG. 2 is a diagram illustrating a configuration example of the configuration changing device according to the first embodiment. 図3は、第1の実施形態に係る通信制御装置の構成例を示す図である。FIG. 3 is a diagram illustrating a configuration example of the communication control device according to the first embodiment. 図4は、第1の実施形態に係る通信制御装置の上り方向の通信に対する処理の流れを示すフローチャートである。FIG. 4 is a flowchart showing a flow of processing for upstream communication of the communication control device according to the first embodiment. 図5は、第1の実施形態に係る通信制御装置の下り方向の通信に対する処理の流れを示すフローチャートである。FIG. 5 is a flowchart showing a flow of processing for downlink communication of the communication control device according to the first embodiment. 図6は、第1の実施形態に係る構成変更装置による機能グループの挿入処理の流れを示すフローチャートである。FIG. 6 is a flowchart showing a flow of a process of inserting a functional group by the configuration changing device according to the first embodiment. 図7は、接続の追加を説明する図である。FIG. 7 is a diagram illustrating addition of a connection. 図8は、アップリンク側からのルーティングの設定を説明する図である。FIG. 8 is a diagram for explaining the routing setting from the uplink side. 図9は、ダウンリンク側からのルーティングの設定を説明する図である。FIG. 9 is a diagram for explaining the routing setting from the downlink side. 図10は、アップリンク側からの戻しルーティングの設定を説明する図である。FIG. 10 is a diagram for explaining the setting of the return routing from the uplink side. 図11は、接続の削除を説明する図である。FIG. 11 is a diagram illustrating the deletion of a connection. 図12は、第1の実施形態に係る構成変更装置による機能グループの削除処理の流れを示すフローチャートである。FIG. 12 is a flowchart showing a flow of a process of deleting a functional group by the configuration changing device according to the first embodiment. 図13は、接続の追加を説明する図である。FIG. 13 is a diagram illustrating addition of a connection. 図14は、ダウンリンク側からのルーティングの設定を説明する図である。FIG. 14 is a diagram for explaining the routing setting from the downlink side. 図15は、アップリンク側からのルーティングの設定を説明する図である。FIG. 15 is a diagram for explaining the routing setting from the uplink side. 図16は、接続の削除を説明する図である。FIG. 16 is a diagram illustrating deletion of a connection. 図17は、第1の実施形態に係る構成変更装置によるスケールアウト処理の流れを示すフローチャートである。FIG. 17 is a flowchart showing the flow of scale-out processing by the configuration changing device according to the first embodiment. 図18は、NFの起動を説明する図である。FIG. 18 is a diagram illustrating the activation of the NF. 図19は、接続の追加を説明する図である。FIG. 19 is a diagram illustrating addition of a connection. 図20は、追加したNFからのダウンリンク側へのルーティングの設定を説明する図である。FIG. 20 is a diagram for explaining the setting of routing from the added NF to the downlink side. 図21は、追加したNFへのダウンリンク側からのルーティングの設定を説明する図である。FIG. 21 is a diagram for explaining the setting of routing from the downlink side to the added NF. 図22は、第1の実施形態に係る構成変更装置によるスケールイン処理の流れを示すフローチャートである。FIG. 22 is a flowchart showing the flow of scale-in processing by the configuration changing device according to the first embodiment. 図23は、ダウンリンク側からのルーティングの設定を説明する図である。FIG. 23 is a diagram for explaining the routing setting from the downlink side. 図24は、接続の削除を説明する図である。FIG. 24 is a diagram illustrating deletion of a connection. 図25は、NFの停止を説明する図である。FIG. 25 is a diagram for explaining the stop of the NF. 図26は、通信制御プログラムを実行するコンピュータの一例を示す図である。FIG. 26 is a diagram illustrating an example of a computer that executes a communication control program.
 以下に、本願に係る通信制御方法の実施形態を図面に基づいて詳細に説明する。なお、本発明は、以下に説明する実施形態により限定されるものではない。 An embodiment of the communication control method according to the present application will be described in detail below with reference to the drawings. The present invention is not limited to the embodiments described below.
[第1の実施形態の構成]
 まず、図1を用いて、第1の実施形態に係るネットワークシステムの構成について説明する。図1は、第1の実施形態に係るネットワークシステムの構成例を示す図である。図1に示すように、ネットワークシステムの論理構成は、スイッチ及びスイッチに接続されたネットワーク機器を有する機能グループが、互いに接続されたものである。 [Configuration of First Embodiment]
First, the configuration of the network system according to the first embodiment will be described with reference to FIG. FIG. 1 is a diagram showing a configuration example of a network system according to the first embodiment. As shown in FIG. 1, the logical configuration of the network system is such that functional groups having switches and network devices connected to the switches are connected to each other.
 また、ネットワークシステムの一方の端にはクライアント群(seg-c)が存在し、他方の端にはサーバ群(seg-s)が存在する。ここで、クライアント群からサーバ群へ向かう方向をアップリンク側と呼ぶ。また、サーバ群からクライアント群へ向かう方向をダウンリンク側と呼ぶ。また、アップリンク側を上りと呼び、ダウンリンク側を下りと呼ぶ場合がある。なお、アップリンク側は第1の方向の一例である。また、ダウンリンク側は第2の方向の一例である。 Also, a client group (seg-c) exists at one end of the network system, and a server group (seg-s) exists at the other end. Here, the direction from the client group to the server group is called the uplink side. The direction from the server group to the client group is called the downlink side. In addition, the uplink side may be referred to as uplink and the downlink side may be referred to as downlink. The uplink side is an example of the first direction. The downlink side is an example of the second direction.
 各機能グループは、ネットワークに関する所定の機能を有する。図1の例では、NF-Group1は、FWとして機能する。また、図1の例では、NF-Group2は、LBとして機能する。また、図1の例では、NF-Group3は、IPSとして機能する。また、アップリンク側のルーティングは、例えばECMP(Equal Cost Multi Path)により行われる。また、ダウンリンク側のルーティングは、後に説明する自動ルーティング機能により行われる。 Each functional group has a predetermined function related to the network. In the example of FIG. 1, NF-Group1 functions as FW. Moreover, in the example of FIG. 1, NF-Group2 functions as LB. Moreover, in the example of FIG. 1, NF-Group3 functions as IPS. The routing on the uplink side is performed by, for example, ECMP (Equal Cost Multi Path). Further, the routing on the downlink side is performed by an automatic routing function described later.
 また、ネットワークシステムの論理構成によってオーバーレイされる物理構成は、Spine-Leafのファブリックであってよい。この場合、ネットワークシステムは、SDN(Software Defined Network)により、Spine-Leafのファブリック内に構築された論理的なNW(Network)である。また、NFは物理アプライアンスやIAサーバにデプロイされる。なお、実施形態のネットワークシステムは、図1のように論理的に構成された仮想ネットワークであってもよいし、物理ネットワークであってもよい。 Also, the physical configuration overlaid by the logical configuration of the network system may be the Spine-Leaf fabric. In this case, the network system is a logical NW (Network) constructed within the fabric of Spine-Leaf by SDN (Software Defined Network). The NF is deployed on the physical appliance or IA server. The network system of the embodiment may be a virtual network logically configured as shown in FIG. 1 or a physical network.
 ネットワークシステムの構成の変更方法について説明する。ネットワークシステムの構成の変更には、機能グループの挿入、機能グループの削除、NFのスケールアウト(追加)、NFのスケールイン(削除)等がある。ネットワークシステムの構成変更の際には、変更後もクライアント群とサーバ群との間でパケットが正常に送受信されるように、所定の手順が実行される。 Explain how to change the configuration of the network system. Changes in the configuration of the network system include insertion of a functional group, deletion of a functional group, scale-out (addition) of NF, scale-in (deletion) of NF, and the like. When changing the configuration of the network system, a predetermined procedure is executed so that packets can be normally transmitted and received between the client group and the server group even after the change.
 各手順は、各機能グループ、各機能グループのスイッチ及びNFが稼働する物理的又は仮想的な装置に対して、所定のコマンドを手動で実行することにより行われてもよいし、バッチ処理として自動的に行われてもよい。例えば、スイッチ及びNFとして機能するコンピュータが各手順に対応するコマンドの入力を受け付け、コンピュータに備えられたOS(Operating System)の機能等を利用して各手順を実行する。 Each procedure may be performed by manually executing a predetermined command on each functional group, a switch of each functional group, and a physical or virtual device on which the NF operates, or automatically as a batch process. It may be performed in a regular manner. For example, a computer functioning as a switch and an NF receives an input of a command corresponding to each procedure, and executes each procedure by utilizing a function of an OS (Operating System) provided in the computer.
[構成変更装置の構成]
 また、ネットワークシステムの構成変更のための手順は、各機能グループを制御可能な構成変更装置によって行われてもよい。ここでは、図2を用いて、構成変更のための手順を実行する構成変更装置の構成について説明する。図2は、第1の実施形態に係る構成変更装置の構成例を示す図である。図2に示すように、構成変更装置10は、通信部11、入出力部12、記憶部13及び制御部14を有する。 [Configuration of configuration change device]
Further, the procedure for changing the configuration of the network system may be performed by a configuration changing device capable of controlling each functional group. Here, the configuration of the configuration changing device that executes the procedure for changing the configuration will be described with reference to FIG. FIG. 2 is a diagram illustrating a configuration example of the configuration changing device according to the first embodiment. As illustrated in FIG. 2, the configuration changing device 10 includes a communication unit 11, an input/output unit 12, a storage unit 13, and a control unit 14.
 通信部11は、外部装置との通信インタフェースを司る。通信部11は、各機能グループに対し制御信号を送信することができる。入出力部12は、当該構成変更装置10への各種情報の入出力を司る。入出力部12は、例えば、当該構成変更装置10への手動の入力を受け付けるマウスやキーボード等の入力装置であってもよい。 The communication unit 11 controls a communication interface with an external device. The communication unit 11 can send a control signal to each functional group. The input/output unit 12 controls input/output of various information to/from the configuration change device 10. The input/output unit 12 may be, for example, an input device such as a mouse or a keyboard that receives a manual input to the configuration changing device 10.
 記憶部13は、制御部14が動作する際に参照する各種情報を記憶する。制御部14は、構成変更装置10全体の制御を司る。制御部14は、接続制御部141、設定部142、起動部143及び停止部144を有する。 The storage unit 13 stores various information referred to when the control unit 14 operates. The control unit 14 controls the entire configuration changing device 10. The control unit 14 includes a connection control unit 141, a setting unit 142, a starting unit 143, and a stopping unit 144.
 接続制御部141、機能グループ間の接続の追加及び削除を行う。例えば、スイッチがLinux(登録商標)の仮想ブリッジである場合、接続制御部141は、コマンド「brctl addif」によりL1/L2接続を追加し、コマンド「brctl delif」によりL1/L2接続を削除することができる。 -The connection control unit 141 adds and deletes connections between functional groups. For example, when the switch is a Linux (registered trademark) virtual bridge, the connection control unit 141 adds the L1/L2 connection with the command "brctl addif" and deletes the L1/L2 connection with the command "brctl delif". You can
 設定部142は、NFのルーティングを設定する。例えば、機能グループのルーティングがLinuxの「ip route2」により行われている場合、設定部142は、コマンド「ip route append」によりパケットの転送先のNF及び重みを設定することができる。 The setting unit 142 sets NF routing. For example, when the functional group is routed by "ip route2" of Linux, the setting unit 142 can set the NF and weight of the packet transfer destination by the command "ip route append".
 起動部143は、指定したNFを起動させる。また、停止部144は、指定したNFを停止させる。 The activation unit 143 activates the designated NF. Further, the stopping unit 144 stops the designated NF.
[通信制御装置の構成]
 ここで、機能グループは、下りパケットを自動的にルーティングする機能を有する。このため、機能グループは、構成変更の際に行われた設定にしたがって上り方向のパケットのルーティングを行うのに対し、自動ルーティング機能により第2の方向のパケットのルーティングを行うことができる。自動ルーティング機能は、上り方向のパケットのヘッダ情報を記憶し、当該記憶したヘッダ情報を基に下り方向のパケットのルーティングを行う機能である。 [Composition of communication control device]
Here, the functional group has a function of automatically routing a downlink packet. For this reason, the functional group can perform routing of packets in the upstream direction according to the setting made at the time of changing the configuration, whereas the automatic routing function can perform routing of packets in the second direction. The automatic routing function is a function of storing header information of upstream packets and performing routing of downstream packets based on the stored header information.
 ここで、図3を用いて、自動ルーティング機能を実現するための通信制御装置について説明する。図3は、第1の実施形態に係る通信制御装置の構成例を示す図である。図3の通信制御装置20の機能は、スイッチに実装されてもよいし、NFに実装されてもよいし、スイッチに接続された他の装置に実装されてもよい。図3に示すように、通信制御装置20は、通信部21、入出力部22、記憶部23及び制御部24を有する。 Here, the communication control device for realizing the automatic routing function will be described with reference to FIG. FIG. 3 is a diagram illustrating a configuration example of the communication control device according to the first embodiment. The function of the communication control device 20 of FIG. 3 may be implemented in the switch, the NF, or another device connected to the switch. As shown in FIG. 3, the communication control device 20 includes a communication unit 21, an input/output unit 22, a storage unit 23, and a control unit 24.
 通信部21は、外部装置との通信インタフェースを司る。通信部21は、例えば、クライアント群から送信されてきた上りパケットを受信したり、制御部24から出力された下りパケットをサーバ群に送信したりする。入出力部22は、当該通信制御装置20への各種情報の入出力を司る。入出力部22は、例えば、当該通信制御装置20への設定情報等の入力を受け付ける。 The communication unit 21 controls a communication interface with an external device. The communication unit 21 receives, for example, an upstream packet transmitted from the client group and transmits a downstream packet output from the control unit 24 to the server group. The input/output unit 22 controls input/output of various information to/from the communication control device 20. The input/output unit 22 receives, for example, input of setting information and the like to the communication control device 20.
 記憶部23は、制御部24が動作する際に参照する各種情報を記憶する。記憶部23は、例えばセッションテーブル231を記憶する領域を備える。セッションテーブル231はセッション情報を記憶する。セッション情報は、上りパケットの送信元MACアドレス及び当該上りパケットのセッションを特定する情報である。 The storage unit 23 stores various information referred to when the control unit 24 operates. The storage unit 23 includes an area for storing, for example, the session table 231. The session table 231 stores session information. The session information is information that identifies the source MAC address of the upstream packet and the session of the upstream packet.
 図3に示すように、セッションテーブル231の項目には、セッション識別情報#、送信元ポート番号、プロトコル番号及び返却用MACアドレスが含まれる。図5の例では、セッションテーブル231には、セッション識別情報#として「1」が格納され、送信元ポート番号として「IP-C-1」が格納され、プロトコル番号として「xxxx」が格納され、返却用MACアドレスとしてtcpプロトコルを示す「6」が格納され、返却用MACアドレスとして「MC-LB-1」が格納される。ただし、「xxxx」は所定の数値であるものとする。 As shown in FIG. 3, the items of the session table 231 include session identification information #, source port number, protocol number, and return MAC address. In the example of FIG. 5, the session table 231 stores “1” as the session identification information #, “IP-C-1” as the source port number, and “xxxx” as the protocol number. “6” indicating the tcp protocol is stored as the return MAC address, and “MC-LB-1” is stored as the return MAC address. However, “xxxx” is assumed to be a predetermined numerical value.
 制御部24は、通信制御装置20全体の制御を司る。制御部24は、格納部241及び更新部242を有する。 The control unit 24 controls the communication control device 20 as a whole. The control unit 24 has a storage unit 241 and an updating unit 242.
 格納部241は、上りパケットの送信元MACアドレス及び当該上りパケットのセッションを特定する情報を記憶部23に格納する。更新部242は、下りパケットのセッションを特定する情報が、記憶部23に格納された上りパケットのセッションを特定する情報と一致する場合、当該下りパケットの宛先MACアドレスを、当該上りパケットの送信元MACアドレスに更新する。また、例えば、更新部242は、netfilterと呼ばれるLinux Kernelが持つAPIや、libnetfilter_queueと呼ばれる類似のライブラリ等を用いてMACアドレスの更新を行うことができる。 The storage unit 241 stores, in the storage unit 23, the transmission source MAC address of the uplink packet and information identifying the session of the uplink packet. When the information identifying the session of the downlink packet matches the information identifying the session of the uplink packet stored in the storage unit 23, the updating unit 242 determines the destination MAC address of the downlink packet as the transmission source of the uplink packet. Update to MAC address. Further, for example, the updating unit 242 can update the MAC address using an API of Linux Kernel called netfilter or a similar library called libnetfilter_queue.
 例えば、格納部241は、上りパケットのセッションを特定する情報として、上りパケットの送信元IPアドレス、送信元ポート番号及びプロトコル番号を記憶部23に格納する。このとき、更新部242は、下りパケットの宛先IPアドレス、宛先ポート番号及びプロトコル番号が、それぞれ記憶部23に格納された上りパケットの送信元IPアドレス、送信元ポート番号及びプロトコル番号と一致する場合、下りパケットの宛先MACアドレスを、上りパケットの送信元MACアドレスに更新する。 For example, the storage unit 241 stores the transmission source IP address, the transmission source port number, and the protocol number of the upstream packet in the storage unit 23 as information for identifying the session of the upstream packet. At this time, the updating unit 242 determines that the destination IP address, the destination port number, and the protocol number of the downlink packet match the source IP address, the source port number, and the protocol number of the uplink packet stored in the storage unit 23, respectively. , The destination MAC address of the downlink packet is updated to the source MAC address of the uplink packet.
[通信制御装置の実施形態の処理手順]
 図4を用いて、通信制御装置20の上り方向の通信に対する処理の流れを説明する。図4は、第1の実施形態に係るL2スイッチの上り方向の通信に対する処理の流れを示すフローチャートである。 [Processing Procedure of Embodiment of Communication Control Device]
The flow of processing of the communication control device 20 for upstream communication will be described with reference to FIG. FIG. 4 is a flowchart showing the flow of processing for upstream communication of the L2 switch according to the first embodiment.
 図4に示すように、まず、通信制御装置20は、上りパケットを受信する(ステップS111)。次に、通信制御装置20は、パケットの送信元IPアドレス、送信元ポート番号、プロトコル番号及び返却用MACアドレスを取得する(ステップS112)。ここで、送信元IPアドレス、送信元ポート番号及びプロトコル番号は、セッションを特定する情報の一例である。また、返却用MACアドレスは、送信元MACアドレスである。 As shown in FIG. 4, first, the communication control device 20 receives an upstream packet (step S111). Next, the communication control device 20 acquires the source IP address, source port number, protocol number, and return MAC address of the packet (step S112). Here, the transmission source IP address, the transmission source port number, and the protocol number are examples of information that identifies a session. The return MAC address is the source MAC address.
 ここで、通信制御装置20は、取得した情報をセッションテーブル231に格納する(ステップS113)。そして、通信制御装置20は、あらかじめ設定されたルーティング情報にしたがいパケットを送信する(ステップS114)。 Here, the communication control device 20 stores the acquired information in the session table 231 (step S113). Then, the communication control device 20 transmits the packet according to the preset routing information (step S114).
 図5を用いて、通信制御装置20の下り方向の通信に対する処理の流れを説明する。図5は、第1の実施形態に係るL2スイッチの下り方向の通信に対する処理の流れを示すフローチャートである。 The flow of processing for communication in the downward direction of the communication control device 20 will be described with reference to FIG. FIG. 5 is a flowchart showing a processing flow for downlink communication of the L2 switch according to the first embodiment.
 図5に示すように、まず、通信制御装置20は、下りパケットを受信する(ステップS121)。次に、L2スイッチは、パケットの宛先IPアドレス、宛先ポート番号、プロトコル番号でセッションテーブル231を検索し、一致するレコードの返却用MACアドレスを取得する(ステップS122)。 As shown in FIG. 5, first, the communication control device 20 receives a downlink packet (step S121). Next, the L2 switch searches the session table 231 with the destination IP address, destination port number, and protocol number of the packet, and acquires the return MAC address of the matching record (step S122).
 ここで、通信制御装置20は、パケットの宛先MACアドレスを、取得した返却用MACアドレスに更新する(ステップS123)。そして、通信制御装置20は、あらかじめ設定されたルーティング情報にしたがいパケットを送信する(ステップS124)。 Here, the communication control device 20 updates the destination MAC address of the packet to the acquired return MAC address (step S123). Then, the communication control device 20 transmits the packet according to the preset routing information (step S124).
[構成変更手順]
 以降、ネットワークシステムの機能グループの挿入、機能グループの削除、NFのスケールアウト及びNFのスケールインについて、具体的な手順を説明する。また、ここでは各手順の主体が構成変更装置10であるものとして説明するが、各手順の主体は構成変更装置10に限られず、例えば、スイッチやNFとして機能する各装置であってもよい。また、接続の追加、削除、及びルーティングの設定は、Linuxのコマンドによって実行されるものとする。 [Configuration change procedure]
Hereinafter, specific procedures for inserting a functional group of a network system, deleting a functional group, scale-out of NF, and scale-in of NF will be described. In addition, although the main body of each procedure is described here as being the configuration changing apparatus 10, the main body of each procedure is not limited to the configuration changing apparatus 10 and may be, for example, each apparatus that functions as a switch or NF. Also, the addition, deletion, and routing settings of connections shall be executed by Linux commands.
 構成変更手順の完了後、スイッチは、構成変更の際に行われた設定にしたがって上り方向のパケットのルーティングを行う。このとき、スイッチは、上り方向のパケットのヘッダ情報を記憶し、当該記憶したヘッダ情報を基に上り方向と異なる下り方向のパケットのルーティングを行う自動ルーティング機能により下り方向のパケットのルーティングを行うことができる。 After completion of the configuration change procedure, the switch routes upstream packets according to the settings made when the configuration was changed. At this time, the switch stores the header information of the packet in the upstream direction and performs the routing of the packet in the downstream direction by the automatic routing function that routes the packet in the downstream direction different from the upstream direction based on the stored header information. You can
[機能グループの挿入]
 図6は、第1の実施形態に係る構成変更装置による機能グループの挿入処理の流れを示すフローチャートである。図7は、接続の追加を説明する図である。図8は、アップリンク側からのルーティングの設定を説明する図である。図9は、ダウンリンク側からのルーティングの設定を説明する図である。図10は、アップリンク側からの戻しルーティングの設定を説明する図である。図11は、接続の削除を説明する図である。 [Insert functional group]
FIG. 6 is a flowchart showing a flow of a process of inserting a functional group by the configuration changing device according to the first embodiment. FIG. 7 is a diagram illustrating addition of a connection. FIG. 8 is a diagram for explaining the routing setting from the uplink side. FIG. 9 is a diagram for explaining the routing setting from the downlink side. FIG. 10 is a diagram for explaining the setting of the return routing from the uplink side. FIG. 11 is a diagram illustrating the deletion of a connection.
 図6に示すように、まず、構成変更装置10は、アップリンク側のNFを挿入するスイッチに接続する(ステップS11、図7)。次に、挿入するNFをダウンリンク側のスイッチに接続する(ステップS12、図8)。構成変更装置10は、コマンド「brctl addif」によりNF-Group1のNFと挿入するNF-Group’のスイッチとの接続、及び、NF-Group’のNFとNF-Group2のスイッチとの接続を追加する。 As shown in FIG. 6, first, the configuration changing device 10 connects to the switch into which the NF on the uplink side is inserted (step S11, FIG. 7). Next, the NF to be inserted is connected to the switch on the downlink side (step S12, FIG. 8). The configuration modification device 10 adds the connection between the NF of NF-Group1 and the switch of NF-Group' to be inserted and the connection of the NF of NF-Group' and the switch of NF-Group2 by the command "brctl addif" ..
 そして、構成変更装置10は、挿入するNFのルーティング設定をアップリンク側のNFに対し設定する(ステップS13)。例えば、構成変更装置10は、
 ip route append seg-s
   nexthop via NF1(NF-Group2) weight 10
   nexthop via NF2(NF-Group2) weight 10
を実行し、複数のnexthopを同一の重さで設定する。 Then, the configuration changing device 10 sets the routing setting of the NF to be inserted in the NF on the uplink side (step S13). For example, the configuration change device 10
ip route append seg-s
nexthop via NF1(NF-Group2) weight 10
nexthop via NF2(NF-Group2) weight 10
And set multiple nexthops with the same weight.
 また、構成変更装置10は、ダウンリンク側のNFのルーティング設定を挿入するNFに対し設定する(ステップS14)。例えば、構成変更装置10は、
 ip route append seg-s
   nexthop via NF1(NF-Group’) weight 10
   nexthop via NF2(NF-Group’) weight 10
を実行し、複数のnexthopを同一の重さで設定する。 Further, the configuration changing device 10 sets the routing setting of the NF on the downlink side for the NF to be inserted (step S14). For example, the configuration change device 10
ip route append seg-s
nexthop via NF1(NF-Group') weight 10
nexthop via NF2(NF-Group') weight 10
And set multiple nexthops with the same weight.
 この時点で、上りパケットはNF-Group1→NF-Group’→NF-Group2→NF-Group3という経路で送信されるようになる。また、自動ルーティング機能により、下りパケットは上りパケットの逆順でクライアントに返却されるようになる。 At this point, upstream packets will be sent via the route of NF-Group1→NF-Group'→NF-Group2→NF-Group3. Further, the automatic routing function allows the downlink packets to be returned to the client in the reverse order of the uplink packets.
 また、構成変更装置10は、アップリンク側のNFの戻しルーティング設定を挿入するNFのいずれかに設定する(ステップS15、図10)。例えば、構成変更装置10は、
 ip route append seg-c via NF1(NF-Group’)
 ip route del seg-c via NF1(NF-Group1)
を実行し、その後元のルーティング設定を削除する。 Further, the configuration changing device 10 sets the return routing setting of the uplink NF to one of the NFs to be inserted (step S15, FIG. 10). For example, the configuration change device 10
ip route append seg-c via NF1(NF-Group')
ip route del seg-c via NF1(NF-Group1)
And then remove the original routing configuration.
 この後の手順でNF-Group1とNF-Group2の間のL1/L2接続が削除された際に、NF-Group2のNF1及びNF2のnexthopのIPアドレス(NF-Group1のNF1及びNF2)への到達性がなくなる。そこで、自動ルーティングが行われることなく下りパケットが破棄されることを防止するためにステップ15の手順が行われる。このため、ステップ15の手順は省略可能である。例えば、NF-Group2のスイッチがIPアドレスを持ち、下りパケットが当該スイッチにルーティングされている場合、ステップ15の手順を省略することができる。 When the L1/L2 connection between NF-Group1 and NF-Group2 is deleted in the procedure after this, the IP address of NF1 and NF2 nexthop of NF-Group2 (NF1 and NF2 of NF-Group1) is reached. There is no sex. Therefore, the procedure of step 15 is performed in order to prevent the downlink packet from being discarded without automatic routing. Therefore, the procedure of step 15 can be omitted. For example, when the switch of NF-Group2 has an IP address and the downlink packet is routed to the switch, the procedure of step 15 can be omitted.
 そして、構成変更装置10は、挿入する機能グループの前後の接続を削除する(ステップS16、図11)。構成変更装置10は、コマンド「brctl delif」によりNF-Group1のNFとNF-Group2のスイッチとの接続を削除する。 Then, the configuration modification device 10 deletes the connections before and after the functional group to be inserted (step S16, FIG. 11). The configuration modification device 10 deletes the connection between the NF-Group 1 NF and the NF-Group 2 switch by the command "brctl delif".
 スイッチは、ネットワークシステムに第1の機能グループを追加する構成変更が行われた場合、第1の機能グループ及び第1の機能グループの下り方向にある機能グループから上り方向に送信されるパケットのルーティングを構成変更の際に行われた設定にしたがって行う。このとき、スイッチは、第1の機能グループ及び第1の機能グループの上り方向にある機能グループから下り方向に送信されるパケットのルーティングを自動ルーティング機能により行うことができる。例えば、ステップS16の後、スイッチは、NF-Group1及びNF-Group'から送信される上りパケットのルーティングを、構成変更の際に行われた設定にしたがって行う。一方、スイッチは、NF-Group'及びNF-Group2から送信される下りパケットのルーティングを、自動ルーティング機能により行う。 The switch routes the packet transmitted in the upstream direction from the first function group and the function groups in the downstream direction of the first function group when the configuration change is performed to add the first function group to the network system. According to the settings made when the configuration was changed. At this time, the switch can perform routing of packets transmitted in the downlink direction from the first functional group and the functional groups in the upstream direction of the first functional group by the automatic routing function. For example, after step S16, the switch performs routing of uplink packets transmitted from NF-Group1 and NF-Group' according to the setting made when the configuration is changed. On the other hand, the switch performs routing of downlink packets transmitted from NF-Group' and NF-Group2 by the automatic routing function.
[機能グループの削除]
 図12は、第1の実施形態に係る構成変更装置による機能グループの削除処理の流れを示すフローチャートである。図13は、接続の追加を説明する図である。図14は、ダウンリンク側からのルーティングの設定を説明する図である。図15は、アップリンク側からのルーティングの設定を説明する図である。図16は、接続の削除を説明する図である。 [Delete functional group]
FIG. 12 is a flowchart showing a flow of a process of deleting a functional group by the configuration changing device according to the first embodiment. FIG. 13 is a diagram illustrating addition of a connection. FIG. 14 is a diagram for explaining the routing setting from the downlink side. FIG. 15 is a diagram for explaining the routing setting from the uplink side. FIG. 16 is a diagram illustrating deletion of a connection.
 図12に示すように、まず、構成変更装置10は、ダウンリンク側のNFからアップリンク側のスイッチにバイパスラインを引く(ステップS21、図13)。構成変更装置10は、コマンド「brctl addif」によりNF-Group1のNFとNF-Group3のスイッチとの接続を追加する。 As shown in FIG. 12, first, the configuration modification device 10 draws a bypass line from the NF on the downlink side to the switch on the uplink side (step S21, FIG. 13). The configuration changing device 10 adds the connection between the NF-Group 1 NF and the NF-Group 3 switch by the command "brctl addif".
 次に、構成変更装置10は、ダウンリンク側のNFのルーティング設定をアップリンク側のNFに対し設定する(ステップS22、図14)。例えば、構成変更装置10は、
 ip route append seg-s
   nexthop via NF1(NF-Group3) weight 10
   nexthop via NF2(NF-Group3) weight 10
を実行し、複数のnexthopを同一の重さで設定する。 Next, the configuration changing device 10 sets the routing setting of the NF on the downlink side to the NF on the uplink side (step S22, FIG. 14). For example, the configuration change device 10
ip route append seg-s
nexthop via NF1(NF-Group3) weight 10
nexthop via NF2(NF-Group3) weight 10
And set multiple nexthops with the same weight.
 また、構成変更装置10は、アップリンク側のNFの戻しルーティング設定を挿入するNFのいずれかに設定する(ステップS23、図15)。例えば、構成変更装置10は、
 ip route append seg-c via NF1(NF-Group’)
 ip route del seg-c via NF1(NF-Group1)
を実行し、その後元のルーティング設定を削除する。なお、ステップS16と同様に、ステップS23は省略可能である。 Further, the configuration changing device 10 sets the return routing setting of the uplink NF to any one of the NFs to be inserted (step S23, FIG. 15). For example, the configuration change device 10
ip route append seg-c via NF1(NF-Group')
ip route del seg-c via NF1(NF-Group1)
And then remove the original routing configuration. Note that, like step S16, step S23 can be omitted.
 この時点で、上りパケットはNF-Group1→NF-Group3という経路で送信されるようになる。また、自動ルーティング機能により、下りパケットは上りパケットの逆順でクライアントに返却されるようになる。 At this point, upstream packets will be sent via the route of NF-Group1 → NF-Group3. Further, the automatic routing function allows the downlink packets to be returned to the client in the reverse order of the uplink packets.
 そして、構成変更装置10は、挿入する機能グループの前後の接続を削除する(ステップS24、図16)。構成変更装置10は、コマンド「brctl delif」によりNF-Group1のNFとNF-Group2のスイッチとの接続、及び、NF-Group2のNFとNF-Group3のスイッチとの接続を削除する。 Then, the configuration modification device 10 deletes the connections before and after the functional group to be inserted (step S24, FIG. 16). The configuration change device 10 deletes the connection between the NF-Group1 NF and the NF-Group2 switch and the connection between the NF-Group2 NF and the NF-Group3 switch by the command "brctl delif".
 スイッチは、ネットワークシステムから第1の機能グループを削除する構成変更が行われた場合、第1の機能グループの下り方向にあった機能グループから上り方向に送信されるパケットのルーティングを構成変更の際に行われた設定にしたがって行う。このとき、スイッチは、第1の機能グループの上り方向にあった機能グループから下り方向に送信されるパケットのルーティングを自動ルーティング機能により行うことができる。例えば、ステップS24の後、スイッチは、NF-Group1から送信される上りパケットのルーティングを、構成変更の際に行われた設定にしたがって行う。一方、スイッチは、NF-Group3から送信される下りパケットのルーティングを、自動ルーティング機能により行う。 When a configuration change is made to delete the first functional group from the network system, the switch reconfigures the routing of packets transmitted in the upstream direction from the functional group in the downstream direction of the first functional group. Follow the settings made in. At this time, the switch can perform routing of the packet transmitted in the downlink direction from the functional group in the upstream direction of the first functional group by the automatic routing function. For example, after step S24, the switch performs routing of the upstream packet transmitted from NF-Group1 according to the setting made when changing the configuration. On the other hand, the switch performs the routing of the downlink packet transmitted from NF-Group3 by the automatic routing function.
[NFのスケールアウト]
 図17は、第1の実施形態に係る構成変更装置によるスケールアウト処理の流れを示すフローチャートである。図18は、NFの起動を説明する図である。図19は、接続の追加を説明する図である。図20は、追加したNFからのダウンリンク側へのルーティングの設定を説明する図である。図21は、追加したNFへのダウンリンク側からのルーティングの設定を説明する図である。 [NF scale out]
FIG. 17 is a flowchart showing the flow of scale-out processing by the configuration changing device according to the first embodiment. FIG. 18 is a diagram illustrating the activation of the NF. FIG. 19 is a diagram illustrating addition of a connection. FIG. 20 is a diagram for explaining the setting of routing from the added NF to the downlink side. FIG. 21 is a diagram for explaining the setting of routing from the downlink side to the added NF.
 図17に示すように、まず、構成変更装置10は、スケールアウトで追加したNFを起動する(ステップS31、図18)そして、構成変更装置10は、追加したNFから同じ機能グループのスイッチとアップリンク側のスイッチに接続する(ステップS32、図19)。構成変更装置10は、コマンド「brctl addif」によりNF-Group2のNF3とNF-Group2のスイッチとの接続、及び、NF-Group2のスイッチとNF-Group3のNFとの接続を追加する。 As shown in FIG. 17, first, the configuration modification device 10 activates the added NF by scale-out (step S31, FIG. 18), and then the configuration modification device 10 switches from the added NF to the switch of the same functional group and up. Connect to the switch on the link side (step S32, FIG. 19). The configuration changing device 10 adds a connection between the NF-Group2 NF3 and the NF-Group2 switch and a connection between the NF-Group2 switch and the NF-Group3 NF by the command "brctl addif".
 また、構成変更装置10は、追加したNFの戻しルーティング設定をダウンリンク側のNFのいずれかに設定する(ステップS33、図20)。例えば、構成変更装置10は、
 ip route append seg-c via NF1(NF-Group1)
を実行する。ステップS16と同様に、ステップS33は省略可能である。 Further, the configuration changing device 10 sets the return routing setting of the added NF to any one of the NFs on the downlink side (step S33, FIG. 20). For example, the configuration change device 10
ip route append seg-c via NF1(NF-Group1)
To execute. Similar to step S16, step S33 can be omitted.
 ここで、構成変更装置10は、ダウンリンク側のNFからのnexthopに追加したNFを追加する(ステップS34、図21)。例えば、構成変更装置10は、
 ip route append seg-s
   nexthop via NF1(NF-Group2) weight 10
   nexthop via NF2(NF-Group2) weight 10
   nexthop via NF3(NF-Group2) weight 10
を実行し、複数のnexthopを同一の重さで設定する。 Here, the configuration modification device 10 adds the NF added to the nexthop from the NF on the downlink side (step S34, FIG. 21). For example, the configuration change device 10
ip route append seg-s
nexthop via NF1(NF-Group2) weight 10
nexthop via NF2(NF-Group2) weight 10
nexthop via NF3(NF-Group2) weight 10
And set multiple nexthops with the same weight.
 スイッチは、ネットワークシステムの第1の機能グループに第1のネットワーク機器を追加する構成変更が行われた場合、第1のネットワーク機器及び第1の機能グループの下り方向にある機能グループから上り方向に送信されるパケットのルーティングを構成変更の際に行われた設定にしたがって行う。このとき、スイッチは、第1のネットワーク機器及び第1の機能グループの上り方向にある機能グループから下り方向に送信されるパケットのルーティングを自動ルーティング機能により行うことができる。例えば、ステップS34の後、スイッチは、NF-Group2のNF3及びNF-Group1から送信される上りパケットのルーティングを、構成変更の際に行われた設定にしたがって行う。一方、スイッチは、NF-Group1のNF3及びNF-Group2から送信される下りパケットのルーティングを、自動ルーティング機能により行う。 When a configuration change is made to add the first network device to the first functional group of the network system, the switch moves upward from the downstream functional group of the first network device and the first functional group. Routing of transmitted packets is performed according to the settings made when the configuration was changed. At this time, the switch can perform routing of a packet transmitted in the downlink direction from the uplink network of the first network device and the first functional group by the automatic routing function. For example, after step S34, the switch performs routing of upstream packets transmitted from NF3 of NF-Group2 and NF-Group1 according to the setting made when the configuration is changed. On the other hand, the switch performs routing of downlink packets transmitted from NF3 and NF-Group2 of NF-Group1 by an automatic routing function.
[NFのスケールイン]
 図22は、第1の実施形態に係る構成変更装置によるスケールイン処理の流れを示すフローチャートである。図23は、ダウンリンク側からのルーティングの設定を説明する図である。図24は、接続の削除を説明する図である。図25は、NFの停止を説明する図である。 [NF scale-in]
FIG. 22 is a flowchart showing the flow of scale-in processing by the configuration changing device according to the first embodiment. FIG. 23 is a diagram for explaining the routing setting from the downlink side. FIG. 24 is a diagram illustrating deletion of a connection. FIG. 25 is a diagram for explaining the stop of the NF.
 図22に示すように、まず、構成変更装置10は、ダウンリンク側のNFからのnexthopからスケールインするNFを削除する(ステップS41、図23)。例えば、構成変更装置10は、
 ip route del seg-s
   nexthop via NF3(NF-Group2) weight 10
を実行し、nexthopを同一の重さで削除する。 As shown in FIG. 22, first, the configuration modification device 10 deletes the NF that scales in from the nexthop from the NF on the downlink side (step S41, FIG. 23). For example, the configuration change device 10
ip route del seg-s
nexthop via NF3(NF-Group2) weight 10
And delete nexthop with the same weight.
 次に、構成変更装置10は、スケールインするNFの前後の接続を削除する(ステップS42、図24)。構成変更装置10は、コマンド「brctl delif」によりNF-Group2のスイッチとNF-Group2のNF2との接続、及び、NF-Group2のNF2とNF-Group3のスイッチとの接続を削除する。そして、構成変更装置10は、スケールインするNFを停止する(ステップS43、図25)。 Next, the configuration modification device 10 deletes the connections before and after the NF to be scaled in (step S42, FIG. 24). The configuration modification device 10 deletes the connection between the NF-Group2 switch and the NF-Group2 NF2 and the connection between the NF-Group2 NF2 and the NF-Group3 switch by the command "brctl delif". Then, the configuration modification device 10 stops the scale-in NF (step S43, FIG. 25).
[第1の実施形態の効果]
 これまで説明してきたように、第1の実施形態のネットワークシステムのスイッチは、ネットワークシステムの構成変更が行われた場合、構成変更の際に行われた設定にしたがって第1の方向のパケットのルーティングを行う。このとき、スイッチは、第1の方向のパケットのヘッダ情報を記憶し、当該記憶したヘッダ情報を基に第1の方向と異なる第2の方向のパケットのルーティングを行う自動ルーティング機能により第2の方向のパケットのルーティングを行う。このように、ネットワークシステムは、例えば下り方向のパケットの自動ルーティングを行うことができる。このため、実施形態によれば、ネットワークシステムの構成変更において、自動ルーティングが可能な方向のルーティング設定を省略でき、構成変更に必要な手順を削減することが可能になる。 [Effects of First Embodiment]
As described above, the switch of the network system according to the first embodiment, when the configuration of the network system is changed, routes the packet in the first direction according to the setting made when the configuration is changed. I do. At this time, the switch stores the header information of the packet in the first direction, and uses the automatic routing function to perform routing of the packet in the second direction different from the first direction based on the stored header information. Route packets in any direction. In this way, the network system can perform automatic routing of downlink packets, for example. Therefore, according to the embodiment, when changing the configuration of the network system, it is possible to omit the routing setting in the direction in which automatic routing is possible, and it is possible to reduce the procedure required for changing the configuration.
 また、スイッチは、ネットワークシステムに第1の機能グループを追加する構成変更が行われた場合、第1の機能グループ及び第1の機能グループの第2の方向にある機能グループから第1の方向に送信されるパケットのルーティングを構成変更の際に行われた設定にしたがって行う。このとき、スイッチは、第1の機能グループ及び第1の機能グループの第1の方向にある機能グループから第2の方向に送信されるパケットのルーティングを自動ルーティング機能により行う。この場合、第1の機能グループの第1の方向へのルーティング設定を省略することができる。例えば、図11のNF-Group’からNF-Group1へのルーティング設定を省略できる。また、図11のNF-Group3からNF-Group1’へのルーティング設定を省略できる場合がある。 Also, the switch changes from the function group in the first direction to the first direction in the second direction of the first function group when the configuration is changed to add the first function group to the network system. Routing of transmitted packets is performed according to the settings made when the configuration was changed. At this time, the switch performs routing of the packet transmitted in the second direction from the first functional group and the functional groups in the first direction of the first functional group by the automatic routing function. In this case, the routing setting of the first functional group in the first direction can be omitted. For example, the routing setting from NF-Group' to NF-Group1 in FIG. 11 can be omitted. In some cases, the routing setting from NF-Group3 to NF-Group1' in FIG. 11 can be omitted.
 また、スイッチは、ネットワークシステムから第1の機能グループを削除する構成変更が行われた場合、第1の機能グループの第2の方向にあった機能グループから第1の方向に送信されるパケットのルーティングを構成変更の際に行われた設定にしたがって行う。このとき、スイッチは、第1の機能グループの第1の方向にあった機能グループから第2の方向に送信されるパケットのルーティングを自動ルーティング機能により行う。この場合、第1の機能グループの第1の方向へのルーティング設定を省略することができる場合がある。例えば、図16のNF-Group3からNF-Group1へのルーティング設定を省略できる場合がある。 In addition, when a configuration change that deletes the first functional group from the network system is performed, the switch detects packets transmitted from the functional group in the second direction of the first functional group in the first direction. Perform routing according to the settings made when the configuration was changed. At this time, the switch performs the routing of the packet transmitted in the second direction from the function group in the first direction of the first function group by the automatic routing function. In this case, it may be possible to omit the routing setting in the first direction of the first functional group. For example, it may be possible to omit the routing setting from NF-Group3 to NF-Group1 in FIG.
 また、スイッチは、ネットワークシステムの第1の機能グループに第1のネットワーク機器を追加する構成変更が行われた場合、第1のネットワーク機器及び第1の機能グループの第2の方向にある機能グループから第1の方向に送信されるパケットのルーティングを構成変更の際に行われた設定にしたがって行う。このとき、スイッチは、第1のネットワーク機器及び第1の機能グループの第1の方向にある機能グループから第2の方向に送信されるパケットのルーティングを自動ルーティング機能により行う。この場合、第1の機能グループに追加された第1のネットワーク機器からのルーティング設定を省略することができる。例えば、図21のNF-Group2のNF3からNF-Group1へのルーティング設定を省略できる。 In addition, the switch has a function group in the second direction of the first network device and the first function group when a configuration change is made to add the first network device to the first function group of the network system. The packets transmitted in the first direction from are routed according to the settings made when the configuration is changed. At this time, the switch performs the routing of the packet transmitted from the function group in the first direction of the first network device and the first function group in the second direction by the automatic routing function. In this case, the routing setting from the first network device added to the first functional group can be omitted. For example, the routing setting from NF3 of NF-Group2 to NF-Group1 of FIG. 21 can be omitted.
[その他の実施形態]
 上記の説明では、例として、NF-Group2のスイッチがIPアドレスを持ち、下りパケットが当該スイッチにルーティングされている場合にステップ15の手順を省略することができるものとして説明した。一方で、これらのステップを省略可能なケースは上記のものに限られない。まず、パケットの破棄を無視できる場合や上りパケットの送信をあらかじめ制限している場合、ステップ15は省略可能である。また、スイッチにダミーのポートを設け、当該ポートを含むセッション情報及び返却用MACアドレスを疑似的に生成しておくことで下りパケットが破棄されることを防止してもよい。 [Other Embodiments]
In the above description, as an example, when the switch of NF-Group2 has the IP address and the downlink packet is routed to the switch, the procedure of step 15 can be omitted. On the other hand, cases in which these steps can be omitted are not limited to the above. First, step 15 can be omitted if discarding of packets can be ignored or if transmission of upstream packets is restricted in advance. Further, a dummy port may be provided in the switch, and session information including the port and the return MAC address may be generated in a pseudo manner to prevent the downlink packet from being discarded.
[システム構成等]
 また、図示した各装置の各構成要素は機能概念的なものであり、必ずしも物理的に図示のように構成されていることを要しない。すなわち、各装置の分散及び統合の具体的形態は図示のものに限られず、その全部又は一部を、各種の負荷や使用状況等に応じて、任意の単位で機能的又は物理的に分散又は統合して構成することができる。さらに、各装置にて行われる各処理機能は、その全部又は任意の一部が、CPU(Central Processing Unit)及び当該CPUにて解析実行されるプログラムにて実現され、あるいは、ワイヤードロジックによるハードウェアとして実現され得る。 [System configuration, etc.]
Further, each constituent element of each device shown in the drawings is functionally conceptual, and does not necessarily have to be physically configured as illustrated. That is, the specific form of distribution and integration of each device is not limited to that shown in the figure, and all or a part of them may be functionally or physically distributed in arbitrary units according to various loads or usage conditions, or It can be integrated and configured. Furthermore, each processing function performed by each device is realized in whole or in part by a CPU (Central Processing Unit) and a program that is analyzed and executed by the CPU, or a hardware by a wired logic. Can be realized as.
 また、本実施形態において説明した各処理のうち、自動的に行われるものとして説明した処理の全部又は一部を手動的に行うこともでき、あるいは、手動的に行われるものとして説明した処理の全部又は一部を公知の方法で自動的に行うこともできる。この他、上記文書中や図面中で示した処理手順、制御手順、具体的名称、各種のデータやパラメータを含む情報については、特記する場合を除いて任意に変更することができる。 Further, among the respective processes described in the present embodiment, all or part of the processes described as being automatically performed may be manually performed, or the processes described as being manually performed may be performed. All or part of the process can be automatically performed by a known method. In addition, the processing procedures, control procedures, specific names, and information including various data and parameters shown in the above-mentioned documents and drawings can be arbitrarily changed unless otherwise specified.
[プログラム]
 一実施形態として、構成変更装置10は、パッケージソフトウェアやオンラインソフトウェアとして上記の構成変更を実行する構成変更プログラムを所望のコンピュータにインストールさせることによって実装できる。例えば、上記の構成変更プログラムを情報処理装置に実行させることにより、情報処理装置を構成変更装置として機能させることができる。ここで言う情報処理装置には、デスクトップ型又はノート型のパーソナルコンピュータが含まれる。また、その他にも、情報処理装置にはスマートフォン、携帯電話機やPHS(Personal Handyphone System)等の移動体通信端末、さらには、PDA(Personal Digital Assistant)等のスレート端末等がその範疇に含まれる。 [program]
As one embodiment, the configuration changing device 10 can be implemented by installing a configuration changing program for executing the above-described configuration change as package software or online software in a desired computer. For example, by causing the information processing apparatus to execute the above configuration changing program, the information processing apparatus can function as the configuration changing apparatus. The information processing device includes a desktop or notebook personal computer. Further, in addition to the above, the information processing apparatus includes a mobile communication terminal such as a smartphone, a mobile phone or a PHS (Personal Handyphone System), and a slate terminal such as a PDA (Personal Digital Assistant) in its category.
 図26は、構成変更プログラムを実行するコンピュータの一例を示す図である。コンピュータ1000は、例えば、メモリ1010、CPU1020を有する。また、コンピュータ1000は、ハードディスクドライブインタフェース1030、ディスクドライブインタフェース1040、シリアルポートインタフェース1050、ビデオアダプタ1060、ネットワークインタフェース1070を有する。これらの各部は、バス1080によって接続される。 FIG. 26 is a diagram illustrating an example of a computer that executes a configuration change program. The computer 1000 has, for example, a memory 1010 and a CPU 1020. The computer 1000 also has a hard disk drive interface 1030, a disk drive interface 1040, a serial port interface 1050, a video adapter 1060, and a network interface 1070. These units are connected by a bus 1080.
 メモリ1010は、ROM(Read Only Memory)1011及びRAM1012を含む。ROM1011は、例えば、BIOS(Basic Input Output System)等のブートプログラムを記憶する。ハードディスクドライブインタフェース1030は、ハードディスクドライブ1090に接続される。ディスクドライブインタフェース1040は、ディスクドライブ1100に接続される。例えば磁気ディスクや光ディスク等の着脱可能な記憶媒体が、ディスクドライブ1100に挿入される。シリアルポートインタフェース1050は、例えばマウス1110、キーボード1120に接続される。ビデオアダプタ1060は、例えばディスプレイ1130に接続される。 The memory 1010 includes a ROM (Read Only Memory) 1011 and a RAM 1012. The ROM 1011 stores, for example, a boot program such as BIOS (Basic Input Output System). The hard disk drive interface 1030 is connected to the hard disk drive 1090. The disk drive interface 1040 is connected to the disk drive 1100. For example, a removable storage medium such as a magnetic disk or an optical disk is inserted into the disk drive 1100. The serial port interface 1050 is connected to, for example, a mouse 1110 and a keyboard 1120. The video adapter 1060 is connected to the display 1130, for example.
 ハードディスクドライブ1090は、例えば、OS1091、アプリケーションプログラム1092、プログラムモジュール1093、プログラムデータ1094を記憶する。すなわち、構成変更の各処理を規定するプログラムは、コンピュータにより実行可能なコードが記述されたプログラムモジュール1093として実装される。プログラムモジュール1093は、例えばハードディスクドライブ1090に記憶される。例えば、構成変更における機能構成と同様の処理を実行するためのプログラムモジュール1093が、ハードディスクドライブ1090に記憶される。なお、ハードディスクドライブ1090は、SSDにより代替されてもよい。 The hard disk drive 1090 stores, for example, an OS 1091, an application program 1092, a program module 1093, and program data 1094. That is, the program defining each process of the configuration change is implemented as the program module 1093 in which the code executable by the computer is described. The program module 1093 is stored in the hard disk drive 1090, for example. For example, the hard disk drive 1090 stores the program module 1093 for executing the same processing as the functional configuration in the configuration change. The hard disk drive 1090 may be replaced by SSD.
 また、上述した実施形態の処理で用いられる設定データは、プログラムデータ1094として、例えばメモリ1010やハードディスクドライブ1090に記憶される。そして、CPU1020は、メモリ1010やハードディスクドライブ1090に記憶されたプログラムモジュール1093やプログラムデータ1094を必要に応じてRAM1012に読み出して、上述した実施形態の処理を実行する。 Further, the setting data used in the processing of the above-described embodiment is stored as the program data 1094 in, for example, the memory 1010 or the hard disk drive 1090. Then, the CPU 1020 reads the program module 1093 and the program data 1094 stored in the memory 1010 or the hard disk drive 1090 into the RAM 1012 as necessary, and executes the processing of the above-described embodiment.
 なお、プログラムモジュール1093やプログラムデータ1094は、ハードディスクドライブ1090に記憶される場合に限らず、例えば着脱可能な記憶媒体に記憶され、ディスクドライブ1100等を介してCPU1020によって読み出されてもよい。あるいは、プログラムモジュール1093及びプログラムデータ1094は、ネットワーク(LAN(Local Area Network)、WAN(Wide Area Network)等)を介して接続された他のコンピュータに記憶されてもよい。そして、プログラムモジュール1093及びプログラムデータ1094は、他のコンピュータから、ネットワークインタフェース1070を介してCPU1020によって読み出されてもよい。 The program module 1093 and the program data 1094 are not limited to being stored in the hard disk drive 1090, but may be stored in, for example, a removable storage medium and read by the CPU 1020 via the disk drive 1100 or the like. Alternatively, the program module 1093 and the program data 1094 may be stored in another computer connected via a network (LAN (Local Area Network), WAN (Wide Area Network), etc.). Then, the program module 1093 and the program data 1094 may be read by the CPU 1020 from another computer via the network interface 1070.
 10 構成変更装置
 11、21 通信部
 12、22 入出力部
 13、23 記憶部
 14、24 制御部
 20 通信制御装置
 141 接続制御部
 142 設定部
 143 起動部
 144 停止部
 231 セッションテーブル
 241 格納部
 242 更新部 10 configuration changing device 11, 21 communication unit 12, 22 input/ output unit 13, 23 storage unit 14, 24 control unit 20 communication control device 141 connection control unit 142 setting unit 143 startup unit 144 stop unit 231 session table 241 storage unit 242 update Department

Claims (4)

  1.  スイッチ及び前記スイッチに接続されたネットワーク機器を有する機能グループを互いに接続したネットワークシステムにおける通信を制御する通信制御方法であって、
     前記スイッチは、
     前記ネットワークシステムの構成変更が行われた場合、
     構成変更の際に行われた設定にしたがって第1の方向のパケットのルーティングを行い、
     前記第1の方向のパケットのヘッダ情報を記憶し、当該記憶したヘッダ情報を基に前記第1の方向と異なる第2の方向のパケットのルーティングを行う自動ルーティング機能により前記第2の方向のパケットのルーティングを行うことを特徴とする通信制御方法。     A communication control method for controlling communication in a network system in which a functional group including a switch and a network device connected to the switch is connected to each other,
    The switch is
    When the configuration of the network system is changed,
    Routes packets in the first direction according to the settings made when changing the configuration,
    The header information of the packet in the first direction is stored, and the packet of the second direction is processed by an automatic routing function that routes the packet in the second direction different from the first direction based on the stored header information. A communication control method, characterized in that the routing is performed.
  2.  前記スイッチは、
     前記ネットワークシステムに第1の機能グループを追加する構成変更が行われた場合、
     前記第1の機能グループ及び前記第1の機能グループの前記第2の方向にある機能グループから前記第1の方向に送信されるパケットのルーティングを構成変更の際に行われた設定にしたがって行い、
     前記第1の機能グループ及び前記第1の機能グループの前記第1の方向にある機能グループから前記第2の方向に送信されるパケットのルーティングを前記自動ルーティング機能により行うことを特徴とする請求項1に記載の通信制御方法。     The switch is
    When a configuration change for adding the first functional group to the network system is made,
    The routing of the packet transmitted from the first functional group and the functional groups in the second direction of the first functional group in the first direction is performed according to the settings made when the configuration is changed,
    The automatic routing function performs routing of packets transmitted from the first functional group and the functional groups in the first direction of the first functional group to the second direction. 1. The communication control method according to 1.
  3.  前記スイッチは、
     前記ネットワークシステムから第1の機能グループを削除する構成変更が行われた場合、
     前記第1の機能グループの前記第2の方向にあった機能グループから前記第1の方向に送信されるパケットのルーティングを構成変更の際に行われた設定にしたがって行い、
     前記第1の機能グループの前記第1の方向にあった機能グループから前記第2の方向に送信されるパケットのルーティングを前記自動ルーティング機能により行うことを特徴とする請求項1に記載の通信制御方法。     The switch is
    When a configuration change is made to delete the first functional group from the network system,
    The routing of the packet transmitted in the first direction from the functional group in the second direction of the first functional group is performed according to the setting performed when the configuration is changed,
    The communication control according to claim 1, wherein the automatic routing function performs routing of a packet transmitted in the second direction from the function group in the first direction of the first functional group. Method.
  4.  前記スイッチは、前記ネットワークシステムの第1の機能グループに第1のネットワーク機器を追加する構成変更が行われた場合、
     前記第1のネットワーク機器及び前記第1の機能グループの前記第2の方向にある機能グループから前記第1の方向に送信されるパケットのルーティングを構成変更の際に行われた設定にしたがって行い、
     前記第1のネットワーク機器及び前記第1の機能グループの前記第1の方向にある機能グループから前記第2の方向に送信されるパケットのルーティングを前記自動ルーティング機能により行うことを特徴とする請求項1に記載の通信制御方法。     The switch is configured to add a first network device to a first functional group of the network system,
    Routing of packets transmitted from the first network device and the function group in the second direction of the first function group in the first direction is performed according to the setting performed when the configuration is changed,
    7. The automatic routing function performs routing of a packet transmitted from the first network device and a function group in the first direction of the first function group in the second direction by the automatic routing function. 1. The communication control method according to 1.
PCT/JP2020/002837 2019-02-13 2020-01-27 Communication control method WO2020166314A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2019023993A JP2020136742A (en) 2019-02-13 2019-02-13 Communication control method
JP2019-023993 2019-02-13

Publications (1)

Publication Number Publication Date
WO2020166314A1 true WO2020166314A1 (en) 2020-08-20

Family

ID=72044844

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2020/002837 WO2020166314A1 (en) 2019-02-13 2020-01-27 Communication control method

Country Status (2)

Country Link
JP (1) JP2020136742A (en)
WO (1) WO2020166314A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2013132021A (en) * 2011-12-22 2013-07-04 Fujitsu Ltd Load distribution device, load distribution method, program, and system
JP2016134700A (en) * 2015-01-16 2016-07-25 富士通株式会社 Management server, communication system, and path management method
JP2017135449A (en) * 2016-01-25 2017-08-03 富士通株式会社 Packet relay method and packet relay program
JP2017533641A (en) * 2014-09-30 2017-11-09 華為技術有限公司Huawei Technologies Co.,Ltd. Service route generation method and apparatus
JP2018180773A (en) * 2017-04-07 2018-11-15 富士通株式会社 Management apparatus and management method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2013132021A (en) * 2011-12-22 2013-07-04 Fujitsu Ltd Load distribution device, load distribution method, program, and system
JP2017533641A (en) * 2014-09-30 2017-11-09 華為技術有限公司Huawei Technologies Co.,Ltd. Service route generation method and apparatus
JP2016134700A (en) * 2015-01-16 2016-07-25 富士通株式会社 Management server, communication system, and path management method
JP2017135449A (en) * 2016-01-25 2017-08-03 富士通株式会社 Packet relay method and packet relay program
JP2018180773A (en) * 2017-04-07 2018-11-15 富士通株式会社 Management apparatus and management method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
MOCHIZUKI, KONOMI ET AL.: "Service Chaining Method to Satisfy the Carrier Requirements for Network Functions Virtualization", IEICE TECHNICAL REPORT, vol. 114, no. 206, 4 September 2014 (2014-09-04), pages 113 - 118 *

Also Published As

Publication number Publication date
JP2020136742A (en) 2020-08-31

Similar Documents

Publication Publication Date Title
JP6958440B2 (en) Information processing equipment, information processing systems and programs
US20170111259A1 (en) Flow entry configuration method, apparatus, and system
US8873563B2 (en) Techniques for next-hop optimization
US9602428B2 (en) Method and apparatus for locality sensitive hash-based load balancing
US9954766B2 (en) Centralized network control system
US10498643B2 (en) Method for constructing multipath forwarding rule, apparatus, and system
US20160285734A1 (en) Cloud-environment provision system, route control method, and medium
JP2017098935A (en) Virtual router cluster, data transfer method and device
US20180309635A1 (en) Communications network node
JP6571591B2 (en) Terminal isolation notification system
US10581738B2 (en) Efficient inter-VLAN routing in openflow networks
US20200028779A1 (en) Packet processing method and apparatus
WO2014157512A1 (en) System for providing virtual machines, device for determining paths, method for controlling paths, and program
WO2018188570A1 (en) Data transmission method and apparatus
WO2020166314A1 (en) Communication control method
JP2017046113A (en) Flow switch, controller, and, repeater device
US20150263990A1 (en) Network device, control method, and program
WO2023246161A1 (en) Policy routing implementation method and device, and storage medium
US9497285B1 (en) Connection bucketing in mirroring asymmetric clustered multiprocessor systems
WO2020031946A1 (en) Notification device and notification method
JP2016225729A (en) Network system, data transfer control method and control device
US20230254248A1 (en) L2 switch, communication control method, and communication control program
WO2020166362A1 (en) Communication control device, communication control program, communication control system, and communication control method
US9191319B2 (en) Packet transmission system, method and non-transitory computer readable storage medium of the same
US20160094442A1 (en) Protocol independent multicast (pim) register message transmission

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20755091

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20755091

Country of ref document: EP

Kind code of ref document: A1