WO2021240586A1 - Connection number measurement device, connection state detection device, connection state detection method, and connection number measurement program - Google Patents

Connection number measurement device, connection state detection device, connection state detection method, and connection number measurement program Download PDF

Info

Publication number
WO2021240586A1
WO2021240586A1 PCT/JP2020/020499 JP2020020499W WO2021240586A1 WO 2021240586 A1 WO2021240586 A1 WO 2021240586A1 JP 2020020499 W JP2020020499 W JP 2020020499W WO 2021240586 A1 WO2021240586 A1 WO 2021240586A1
Authority
WO
WIPO (PCT)
Prior art keywords
state
connection
value
state storage
storage circuit
Prior art date
Application number
PCT/JP2020/020499
Other languages
French (fr)
Japanese (ja)
Inventor
祐太 右近
悠介 関原
奈美子 池田
晶子 大輝
周平 吉田
寛之 鵜澤
高庸 新田
Original Assignee
日本電信電話株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電信電話株式会社 filed Critical 日本電信電話株式会社
Priority to PCT/JP2020/020499 priority Critical patent/WO2021240586A1/en
Priority to JP2022527268A priority patent/JP7315099B2/en
Publication of WO2021240586A1 publication Critical patent/WO2021240586A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks

Definitions

  • the present invention relates to a connection detection technique for detecting the state of a connection based on a received packet.
  • the number of connections can be measured in the server by using, for example, the technique described in Non-Patent Document 1, and an accurate number can be obtained.
  • the processing performance of the server may be deteriorated.
  • Non-Patent Document 2 if the connection on the communication network is monitored by using the technique described in Non-Patent Document 2 by a network device such as a network switch, a router, and a network monitoring device, which is separate from the server, the server is not overloaded. You can count the number of connections.
  • connection table for holding the state of the connection by hash search has been proposed, and by using the hash value corresponding to the field information included in the header of the input packet as the search key of the connection table. It enables high-speed search.
  • a long hash value is used as a search key in order to avoid a search failure due to a hash collision. Therefore, the connection table for hash search requires a large memory larger than the number of connections that hold the state, and there is a problem that the memory utilization efficiency is low.
  • the present invention is for solving such a problem, and an object of the present invention is to provide a connection state detection technique capable of detecting a connection state with a small amount of memory resources.
  • the connection number measuring device has a network I / F that performs data communication using packets with a communication network, and the communication via the network I / F.
  • the preset field value and the state control information for controlling the state of the connection are acquired from the header of the received packet received from the network, and the connection of the received packet is based on the field value and the state control information.
  • a control device that detects the state related to the target connection indicating the above and measures the number of connections related to each connection based on the obtained detection result, and a state value indicating the state of the connection and a reference value for identifying the connection.
  • the control device includes a plurality of state storage circuits configured to hold, and the control device relates to the target connection based on the reference value held by each state storage circuit from the plurality of state storage circuits. Based on a selection unit configured to select a state storage circuit that holds a state value, state control information acquired from the received packet, and a state value held by the state storage circuit selected by the selection unit.
  • the plurality of states are determined based on the state determination unit configured to determine the next state regarding the state of the target connection and output as the detection result, and the next state regarding the target connection obtained by the state determination unit. It is provided with a state update unit configured to update the contents held in the state storage circuit of.
  • connection state detection device has a plurality of state storage circuits configured to hold a state value indicating the state of the connection of the received packet and a reference value for identifying the connection, and reception.
  • the target connection which is the connection of the received packet can be used.
  • a control device configured to detect a state is provided, and the control device includes a state related to the target connection based on the reference value held in each state storage circuit from the plurality of state storage circuits.
  • the state determination unit configured to detect the state of the target connection by determining the next state of the target connection, and the state determination unit obtained by the state determination unit based on the next state of the target connection. It is provided with a state update unit configured to update the contents held in a plurality of state storage circuits.
  • connection state detection method includes a plurality of state storage circuits configured to hold a state value indicating the state of the connection of the received packet and a reference value for identifying the connection, and reception.
  • the target connection which is the connection of the received packet can be used.
  • a state detection method used in a connection state detection device including a control device configured to detect a state and output the obtained detection result, wherein the control device is among the plurality of state storage circuits.
  • the selection step configured to select the state storage circuit that holds the state value for the target connection based on the reference value held by each state storage circuit, and the control device.
  • the state of the target connection is detected by determining the next state of the target connection based on the acquired state control information and the state value held by the state storage circuit selected in the selection step.
  • connection number measuring program is a program for making a computer function as each part constituting the above-mentioned connection number measuring device.
  • the present invention it is possible to detect the connection status with a smaller amount of memory resources as compared with the prior art.
  • FIG. 1 is a block diagram showing a configuration of a connection number measuring device.
  • FIG. 2 is a block diagram showing details of the state detection unit.
  • FIG. 3 is a state transition diagram of the TCP connection.
  • FIG. 4 is an explanatory diagram showing a state update operation.
  • FIG. 5 is an explanatory diagram showing an operation at the time of a collision at the storage destination.
  • FIG. 6 is a flowchart of a method for measuring the number of connections.
  • FIG. 7 is a flowchart of the connection state detection method.
  • FIG. 8 is an explanatory diagram showing a configuration example of the connection number measurement result.
  • FIG. 1 is a block diagram showing a configuration of a connection number measuring device.
  • the connection number measuring device 10 is a device that receives a packet to be monitored from a communication network NW such as the Internet or LAN, and measures a detected connection based on the obtained received packet.
  • NW such as the Internet or LAN
  • the measured number of connections is used, for example, to grasp the load status of a server used in a network service such as a carrier network or a data center.
  • connection number measuring device 10 may be configured as a single unit, and may be mounted on a network monitoring device or a network monitoring system that monitors the communication status of the network by measuring the number of flows and the number of connections based on packets. You may.
  • the apparatus of the present invention can also be realized by a computer and a program, and the program can be recorded on a recording medium or provided through a network.
  • connection number measuring device 10 includes a network I / F 11, an operation input device 12, a screen display device 13, a storage device 14, a control device 15, and a state storage circuit 16 as main configurations. There is.
  • the network I / F11 is configured to perform data communication using packets with the communication network NW.
  • the operation input device 12 includes an operation input device such as a keyboard, a mouse, and a touch panel, and is configured to detect an operator's operation and output it to the control device 15.
  • the screen display device 13 is composed of a screen display device such as an LCD, and is configured to display various screens such as a menu screen, a setting screen, and a monitoring result screen output from the control device 15.
  • the storage device 14 is composed of a storage device such as a hard disk or a semiconductor memory, and is configured to store processing data and a program 14P used for the connection number measurement process executed by the control device 15.
  • the program 14P is a program for realizing various processing units that execute connection number measurement processing by cooperating with the CPU of the control device 15.
  • the program 14P is read in advance from a connected external device or recording medium and stored in the storage device 14.
  • the control device 15 is composed of a combination of a general server device and an FPGA (Field-Programable Gate Array) accelerator. Since high-speed packet processing can be performed by using the FPGA accelerator, it can also be applied to traffic monitoring in high-speed networks such as 40 Gbps (Gigabits per second) and 100 Gbps. On the other hand, since high-speed packet processing is not required in a low-speed network, it is possible to configure all processing with a single server equipped with software.
  • FPGA Field-Programable Gate Array
  • control device 15 has a CPU and its peripheral circuits (including an FPGA accelerator), and various processing units that execute the connection number measurement process by reading the program 14P of the storage device 14 and cooperating with the CPU. Will be described as an example when it is configured to realize.
  • the main processing units realized by the control device 15 include a packet reception unit 15A, a header analysis unit 15B, a state detection unit 15C, and a connection number counting unit 15D.
  • the packet receiving unit 15A is configured to receive a packet to be monitored from the communication network NW via the network I / F11.
  • the packet received by the packet receiving unit 15A may be a packet transmitted to the connection number measuring device 10, or may be a packet copied (captured) by a network device such as a switch, a router, or a network tap.
  • the header analysis unit 15B is configured to extract one or a plurality of predetermined field values from the header of the received packet received by the packet reception unit 15A.
  • a connection is a virtual communication path set between processes in order to accurately transfer packets used for data transfer.
  • field values such as MAC address, protocol, IP address, and port number are used.
  • MAC address MAC address
  • IP address IP address
  • port number a combination of source IP address, destination IP address, source port number, destination port number, and protocol (5-tuple) is often used for connection identification.
  • field values such as VLAN ID and VXLAN ID may be used.
  • the header analysis unit 15B acquires the state control information used for controlling the connection from the header or payload of the packet.
  • the control flag which is the state control information used in TCP (Transmission Control Protocol) communication, includes a URG (Urgent) flag, an ACK (Acknowledgement) flag, and a PSH (Push) flag, each of which consists of 1-bit width information.
  • URG User Agent
  • ACK Acknowledgement
  • PSH Push flag
  • the state detection unit 15C is configured to identify the connection based on the field value obtained by the header analysis unit 15B and to detect the next state of the connection from the change in the state control information. Details of the state detection unit 15C will be described later.
  • connection number counting unit 15D increases / decreases the counting number of the corresponding connections based on the detection result obtained by the state detection unit 15C, and displays the obtained counting result as the number of connections of the network to be monitored on the screen. It is configured to output to a higher-level device (not shown) connected via the device 13 or the network I / F 11. Further, the obtained counting result may be used for monitoring or traffic control processing separately executed by the control device 15.
  • the state storage circuit 16 is composed of a semiconductor memory as a whole, has a plurality of storage areas allocated to arbitrary connections, and identifies the connection from a state value State indicating the state of the corresponding connection in any one storage area. It is configured to hold (manage) the reference value Ref for the purpose.
  • a case where two state memory circuits 16A and 16B (first and second state memory circuits) are used as the state memory circuits 16 will be described as an example, but the present invention is not limited to this, and 3 One or more state storage circuits 16 may be used.
  • connection state detection device 10A can be configured from the state detection unit 15C and the state storage circuit 16.
  • the connection state detection device 10A inputs the field value and the state control information acquired from the header of the received packet, and based on these field values and the state control information, the state value State and the reference value held in the state storage circuit 16 It is a device that detects the state of the target connection, which is the connection of the received packet, by referring to Ref.
  • the connection state detection device 10A may be mounted on a network monitoring device or a network monitoring system that monitors the flow of packets and the state of connections, in addition to the connection number measuring device 10.
  • FIG. 2 is a block diagram showing details of the state detection unit.
  • the state detection unit 15C includes a hash value calculation unit 21, a search key generation unit 22, a selection unit 24, a state determination unit 25, and a state update unit 23 as processing units for executing the state detection process.
  • FIG. 2 shows a case where two state storage circuits 16A and 16B are used as the state storage circuit 16, but the present invention is not limited to this, and three or more state storage circuits may be used. ..
  • the hash value calculation unit 21 is configured to calculate the hash value Hash from the field value Field acquired by the header analysis unit 15B based on a preset hash function.
  • the hash value needs to have a length that can uniquely identify the connection to be measured, and for example, 32 bits to 64 bits is a realistic length.
  • a known algorithm such as MurmurHash3 may be used as the hash function used for calculating the hash value.
  • the search key generation unit 22 is configured to cut out a part of the hash value Hash obtained by the hash value calculation unit 21 and generate a search key Key for each state storage circuit 16. For example, as shown in FIG. 2, when two state storage circuits 16A and 16B are used, two Key # 0 and # 1 are generated.
  • As a method of cutting out the hash value Hash for example, there is a method of dividing into high-order bits and low-order bits. This division method is suitable for hardware and can be realized with an extremely simple circuit configuration.
  • an erroneous connection state may be output from the state storage circuits 16A and 16B due to a hash collision, but an appropriate output can be selected by the method described later.
  • the search key generation unit 22 generates a comparison value Comp. To generate the comparison value Comp, it is only necessary to cut out a part of the hash value Hash. At this time, the comparison value Comp needs to be cut out from a portion different from the search key Key # 0, but may be cut out from a portion partially or entirely overlapping with the search key Key # 1.
  • the state storage circuits 16A and 16B are small-scale connection tables that allow hash collisions, and are configured to hold (manage) a state value State indicating the next state of the connection determined by the state determination unit 25. For example, in the case of a TCP connection, the SYN state 30, the ACK state 31, and the FIN / RST state 32 in FIG. 3, which will be described later, may be held as the state value State. Further, when the two state storage circuits 16A and 16B are used, the state storage circuit 16A is configured to hold the reference value Ref # 0 together with the state value State # 0, but the state storage circuit 16B is configured to hold the state value State # 0. The reference value Ref # 1 may or may not be retained in addition to 1.
  • the reference value Ref is information for identifying the connection held in the state storage circuit 16, and is obtained from the comparison value Comp calculated when the state storage circuit 16 newly starts holding the state of the connection. Become. As a result, it becomes possible to determine which of the state value States output from each state storage circuit 16 indicates the state value State related to the connection of the received packet. In this case, the memory resource required to hold the reference value Ref increases. Therefore, for example, when it is expected that hash collision hardly occurs in the state storage circuit 16B, the state value State of a different connection is output from the state storage circuit 16A without holding the reference value Ref # 1. If it is determined, the output of the state storage circuit 16B may be selected.
  • the selection unit 24 compares the reference value Ref output from the state storage circuit 16 with the comparison value Comp related to the received packet, and selects and selects the state storage circuit 16 corresponding to the reference value Ref that matches the comparison value Comp. If the state value State held in the state storage circuit 16 is output to the state determination unit 25 and none of the reference values Ref matches the comparison value Comp, the connection of the received packet is new and each of them.
  • the state value State held in the state storage circuit 16 is configured to be output to the state update unit 23.
  • the state determination unit 25 determines the next state of the connection from the preset state transition diagram based on the state value State output from the selection unit 24 and the state control information Flag included in the received packet. It is configured.
  • FIG. 3 is a state transition diagram of the TCP connection, and by using this state transition diagram, the next state of the TCP connection is determined based on the current state value State and the newly notified state control information Flag. can do.
  • the main states of the TCP connection are the SYN state 30, the ACK state 31, and the FIN / RST state 32.
  • the SYN state 30 indicates a state in which one process notifies the other of a connection establishment request (SYN flag).
  • the ACK state 31 indicates a state in which an establishment response (ACK flag) is notified from the other to one when the establishment request is permitted.
  • the FIN / RST state 32 indicates a state in which one or the other notifies the other party of a connection disconnection request (FIN flag) or interruption (RST flag).
  • connection number measuring device 10 Next, the operation of the connection number measuring device 10 according to the present embodiment will be described.
  • state update operation and the storage destination collision operation in the state storage circuits 16A and 16B, the connection number measurement operation in the control device 15, and the state detection operation in the state detection unit 15C will be described individually.
  • FIG. 4 is an explanatory diagram showing a state update operation, and shows a process in which the state value State held by the state storage circuit 16 is updated along the time on the horizontal axis.
  • a case where the connection state is updated by using the state storage circuits 16A and 16B provided one by one as the storage area for storing the connection state value State and the reference value Ref will be described as an example.
  • the state storage circuit 16A holds the state value State # 0 and the reference value Ref # 0
  • the state storage circuit 16B holds only the state value State # 1.
  • the state update unit 23 transfers the state value State # 1 of the connection 2 held by the state storage circuit 16B to the state storage circuit 16A. ..
  • the reference value Ref # 0 held up to that point in the state storage circuit 16A is updated to a value indicating the connection 2.
  • the state value and the reference value of the connection 2 are held as the state value State # 0 and the reference value Ref # 0 in the state storage circuit 16A.
  • the state value State # 0 of the state storage circuit 16A and the state value State # 1 of the state storage circuit 16B may be exchanged.
  • the connection is disconnected in the state storage circuit 16A and the state holding is completed. Therefore, in the packet related to the connection 2 received thereafter, the connection is made for some reason (for example, retransmission of the SYN flag). If it is determined to start, the state is held in the state storage circuit 16A. When the connection 2 is subsequently disconnected, the reference value Ref # 0 and the comparison value Comp match, so that the state holding of the state storage unit 16A ends. On the other hand, the state storage unit 16B continues to hold the state of the connection 2 until the state is overwritten by the third connection. In order to avoid such improper connection management, it is necessary to transfer the state value and the reference value of the connection held by the state storage circuit 16B to the state storage circuit 16A. The update process of these state storage circuits 16A and 16B is controlled by the state update unit 23.
  • FIG. 5 is an explanatory diagram showing an operation at the time of a collision at the storage destination.
  • the state value (Con1 State) of the connection 1 is held in the storage area of the address "0" of the state storage circuit 16A.
  • search keys Key # 0 and # 1 are generated by dividing the hash value Hash into the lower 1 bit and the upper 1 bit, and the comparison value Comp is , The upper 1 bit of the hash value Hash different from the search key Key # 0 will be used.
  • the search key generation unit 22 based on this hash value Hash, the search key generation unit 22 generates "0" and “1” as the search keys Key # 0 and # 1, respectively, and generates "1" as the comparison value Comp. ..
  • the selection unit 24 determines that the connection held in the state storage circuit 16A is another connection for the received packet.
  • the selection unit 24 simply compares Ref # 0 and Comp of the state storage circuit 16A, and determines whether the connection matches or does not match based on the obtained comparison result. Therefore, when it is determined that there is a mismatch, it is not possible to specify which connection the connection of the received packet is. Therefore, when it is determined that there is a mismatch, the connection 2 is in the storage area corresponding to the value "1" (address value) of the key # 1 that can identify the connection of the received packet in the state storage circuit 16B corresponding to the key # 1. Holds the state value (Con2 State) of.
  • connection of the new received packet is different from the connection held by the arbitrary state storage circuit 16, that is, when the storage destination of the state value collides between different connections due to the above operation at the time of collision of the storage destination. Can hold the state value related to the connection of the received packet by using another state storage circuit 16B. As a result, the number of unused storage areas can be reduced, and the state detection unit 15C can be configured by using a small-scale state storage circuit 16.
  • FIG. 6 is a flowchart of a method for measuring the number of connections.
  • the control device 15 confirms whether a packet has been received from the communication network NW via the network I / F11 by the packet receiving unit 15A (step S100), and waits until a new packet is received (step S100: NO).
  • step S100 When a new packet is received (step S100: YES), the control device 15 extracts a preset field value from the header of the received received packet by the header analysis unit 15B (step S101). Extract state control information for controlling the state of the connection (step S102). Next, the control device 15 confirms the next state regarding the connection of the received packet by the state detection unit 15C based on the state value of the holding connection and the extracted state control information (step S103).
  • step S103 when the next state indicates the start of the connection (step S103: start), the count value indicating the number of connections is incremented (+1) by the connection number counting unit 15D (step S104), and held by the state detecting unit 15C. The state of the existing connection is updated (step S106), and the process proceeds to step S107 described later.
  • step S103: end When the next state indicates the end (disconnection) of the connection (step S103: end), the connection number counting unit 15D decrements (-1) the count value indicating the number of connections (step S105), and the process proceeds to step S106. do.
  • step S107 the control device 15 confirms whether or not it is the counting operation end timing based on the operator operation detected by the operation input device 12, the preset counting operation end time, and the like (step S107), and the counting operation. (Step S107: NO), the process returns to step S100 described above. Further, when the counting operation end timing is reached (step S107: YES), a series of connection number measurement processing is terminated.
  • FIG. 7 is a flowchart of the connection state detection method.
  • the state storage circuit 16A holds the state value State # 0 and the reference value Ref # 0, and the state storage circuit 16B holds only the state value State # 1 as described above.
  • the state detection unit 15C calculates the hash value Hash from the field value obtained by the header analysis unit 15B (step S110), and divides the obtained hash value Hash to search key Key # 0 regarding the connection of the received packet. , # 1 is generated (step S111), and the comparison value Comp is generated (step S112). Next, the state detection unit 15C receives the connection state value State # held in the storage area corresponding to the value (address value) of Key # 0 from the state storage circuit 16A associated with Key # 0. Acquire 0 and the reference value Ref # 0 (step S113).
  • the state detection unit 15C compares the acquired reference value Ref # 0 with the comparison value Comp by the selection unit 24 (step S114), and if both values match (step S114: YES), the state detection unit 15C receives.
  • the state storage circuit 16A is selected as the state storage circuit 16 for holding the packet connection.
  • the state detection unit 15C is concerned with the state value State # 0 (current state) acquired from the state storage circuit 16A by the state determination unit 25 and the state control information Flag extracted by the header analysis unit 15B.
  • the next state of the connection is determined (step S115), and the process proceeds to step S118 described later.
  • step S114 when the two values do not match (step S114: NO), the selection unit 24 selects the state storage circuit 16B as the state storage circuit 16 for holding the connection of the received packet.
  • the state detection unit 15C is held by the state determination unit 25 in the storage area corresponding to the value (address value) of the key # 1 from the state storage circuit 16B associated with the key # 1. Acquire the connection status value State # 1 (step S116).
  • the state detection unit 15C determines the next state of the connection based on the state value State # 1 (current state) acquired from the state storage circuit 16B and the state control information Flag extracted by the header analysis unit 15B. (Step S117), and the process proceeds to step S118, which will be described later.
  • the state detection unit 15C corresponds to the case where the state update unit 23 detects a change in the connection state being held by any of the state storage circuits 16, or a case where the establishment of a new connection is detected.
  • the holding contents of the state storage circuits 16A and 16B are updated (step S118), and a series of state detection processes are terminated.
  • the state value State # 0 of the connection held by the state storage circuit 16A transitions from establishment to termination (disconnection), and the state value State of the connection held by the state storage circuit 16B is set.
  • # 1 indicates establishment, the state value State # 1 held by the state storage circuit 16B is transferred as the state value State # 0 of the state storage circuit 16A.
  • FIG. 8 is an explanatory diagram showing a configuration example of the connection number measurement result.
  • the number of connections obtained by measurement is output in association with a rule for identifying the connection.
  • Each rule is information for identifying a connection to be monitored, and is preset by an operator using, for example, an operation input device 12 and a screen display device 13.
  • a rule specific setting values regarding a field value consisting of a source IP address, a destination IP address, and a protocol type are set.
  • the number of connections associated with that rule is incremented (+1) or decremented (-1).
  • the operator can monitor the number of the connections only by setting the field value related to the connection to be monitored as the setting value of the rule.
  • connection number measuring device 10 and the connection state detecting device 10A include a plurality of state storage circuits 16 that hold the state value state and the reference value Ref, and are selected by the control device 15. Based on the reference value Ref held by each state storage circuit 16, the unit 24 selects the state storage circuit 16 that holds the state value State related to the target connection from the state storage circuits 16, and the state determination unit 25 selects the state storage circuit 16 that holds the state value State related to the target connection.
  • the next state regarding the state of the target connection is determined based on the state control information of the received packet and the state value State held by the state storage circuit 16, and the state update unit 23 determines the next state regarding the target connection, based on the next state regarding the target connection.
  • the contents held in the state storage circuit 16 are updated.
  • each of the state storage circuits 16 includes a plurality of storage areas allocated to arbitrary connections as storage areas for holding the state value state and the reference value Ref, and the search key in the control device 15
  • the generation unit 22 uses the hash value Hash calculated based on the field value of the received packet as a search key for searching the storage area corresponding to the target connection from the state storage circuits 16 for each of the state storage circuits 16.
  • a plurality of different search key keys are generated, and a comparison value Comp for identifying the target connection is generated, and the selection unit 24 determines the reference value Ref output from the state storage circuit 16 based on these search key keys.
  • the state storage circuit 16 is selected by comparing with the comparison value Comp output from the search key generation unit 22.
  • the storage destination of the state value state collides with the state storage circuit 16 that holds the state value state of the connection different from the target connection. ..
  • the selection unit 24 should hold the state value State related to the target connection from the state storage circuits 16 based on the reference value Ref held by each state storage circuit 16. 16 is selected.
  • the search key Key having a relatively small number of bits can be used, and the address space, that is, the storage area of the state storage circuit 16 is reduced. It becomes possible to do.
  • a long hash value is used as a search key in order to avoid a search failure due to a hash collision. Therefore, a memory larger than the number of connections is required as a memory for holding a state, and the memory utilization efficiency.
  • the search key generation unit 22 generates a plurality of search key Keys by dividing the bit strings constituting the hash value Hash into a plurality of pieces, cuts out a part of the bit strings, and obtains a comparison value Comp. It may be generated. This makes it possible to generate a search key Key and a comparison value Comp with few hash collisions with extremely simple processing.
  • 10 Connection number measuring device, 10A ... Connection status detection device, 11 ... Network I / F, 12 ... Operation input device, 13 ... Screen display device, 14 ... Storage device, 14P ... Program, 15 ... Control device, 15A ... Packet Receiving unit, 15B ... Header analysis unit, 15C ... State detection unit, 15D ... Connection number counting unit, 16, 16A, 16B ... State storage circuit, 21 ... Hash value calculation unit, 22 ... Search key generation unit, 23 ... State update Unit, 24 ... Selection unit, 25 ... Status determination unit, NW ... Communication network, Hash ... Hash value, Key, Key # 0, Key # 1 ... Search key, State, State # 0, State # 1 ... Status value, Ref , Ref # 0, Ref # 1 ... Reference value, Comp ... Comparison value.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

In a control device 15 comprising a plurality of state storage circuits (16) which hold state values (state) and reference values (Ref), a selection unit (24) selects, from among the state storage circuits (16), a target state storage circuit which holds a state value (State) pertaining to a target connection, on the basis of the reference value (Ref) held in each of the state storage circuits (16), a state determination unit (25) determines a next state pertaining to the state of the target connection on the basis of state control information about a received packet and the state value (State) held in the target state storage circuit. A state update unit (23) updates held content in the state storage circuit (16) on the basis of the next state pertaining to the target connection. Thereby, the state of the connection can be detected by means of a smaller memory resource.

Description

コネクション数計測装置、コネクション状態検出装置、コネクション状態検出方法、およびコネクション数計測プログラムConnection number measurement device, connection status detection device, connection status detection method, and connection count measurement program
 本発明は、受信したパケットに基づいてコネクションの状態を検出するコネクション検出技術に関する。 The present invention relates to a connection detection technique for detecting the state of a connection based on a received packet.
 一般に、キャリアネットワークやデータセンタ等のネットワークサービスにおけるサービス運用管理では、サーバの負荷状況を把握するため、サーバのコネクション数をリアルタイムに監視する必要がある。コネクション数は、例えば、非特許文献1に記載の技術を用いることにより、サーバ内で計測することができ、正確な数を得ることができる。しかし、コネクションの監視を行うためにサーバの計算リソースの一部を占有するため、サーバの処理性能を低下させる可能性がある。 Generally, in service operation management in network services such as carrier networks and data centers, it is necessary to monitor the number of server connections in real time in order to grasp the load status of the server. The number of connections can be measured in the server by using, for example, the technique described in Non-Patent Document 1, and an accurate number can be obtained. However, since it occupies a part of the computing resources of the server for monitoring the connection, the processing performance of the server may be deteriorated.
 一方、サーバとは別個の、ネットワークスイッチ、ルータ、ネットワーク監視装置などのネットワーク機器により、非特許文献2に記載の技術を用いて通信ネットワーク上のコネクションを監視すれば、サーバに負荷を与えることなくコネクションの数を計測することができる。 On the other hand, if the connection on the communication network is monitored by using the technique described in Non-Patent Document 2 by a network device such as a network switch, a router, and a network monitoring device, which is separate from the server, the server is not overloaded. You can count the number of connections.
 ネットワーク上でコネクション数を計測する場合、多数のコネクションの状態を検出して保持(管理)する必要がある。従来から、ハッシュ探索によってコネクションの状態を保持するためのコネクションテーブルを探索する方法が提案されており、コネクションテーブルの検索キーに入力パケットのヘッダに含まれるフィールド情報に対応したハッシュ値を用いることで高速な検索を可能にしている。ここで、一般的なハッシュ探索ではハッシュ衝突による探索の失敗を避けるため、長いハッシュ値を検索キーとする。そのため、ハッシュ探索を行うコネクションテーブルは状態を保持するコネクションの数以上の大きなメモリを必要とし、メモリの利用効率が低い問題がある。 When measuring the number of connections on the network, it is necessary to detect and maintain (manage) the status of many connections. Conventionally, a method of searching the connection table for holding the state of the connection by hash search has been proposed, and by using the hash value corresponding to the field information included in the header of the input packet as the search key of the connection table. It enables high-speed search. Here, in a general hash search, a long hash value is used as a search key in order to avoid a search failure due to a hash collision. Therefore, the connection table for hash search requires a large memory larger than the number of connections that hold the state, and there is a problem that the memory utilization efficiency is low.
 本発明はこのような課題を解決するためのものであり、少ないメモリリソースでコネクションの状態を検出できるコネクション状態検出技術を提供することを目的としている。 The present invention is for solving such a problem, and an object of the present invention is to provide a connection state detection technique capable of detecting a connection state with a small amount of memory resources.
 このような目的を達成するために、本発明にかかるコネクション数計測装置は、通信網との間でパケットを用いたデータ通信を行う網I/Fと、前記網I/Fを介して前記通信網から受信した受信パケットのヘッダから予め設定されたフィールド値とコネクションの状態を制御するための状態制御情報とを取得し、前記フィールド値と前記状態制御情報とに基づいて、前記受信パケットのコネクションを示す対象コネクションに関する状態を検出し、得られた検出結果に基づいて各コネクションに関するコネクション数を計測する制御装置と、コネクションの状態を示す状態値と当該コネクションを識別するための参照値とを、保持するように構成された複数の状態記憶回路とを備え、前記制御装置は、前記複数の状態記憶回路のうちから、それぞれの状態記憶回路で保持する前記参照値に基づいて、前記対象コネクションに関する状態値を保持する状態記憶回路を選択するように構成された選択部と、前記受信パケットから取得した状態制御情報と、前記選択部で選択された前記状態記憶回路で保持する状態値とに基づいて、前記対象コネクションの状態に関する次状態を判別し、前記検出結果として出力するように構成された状態判別部と、前記状態判別部で得られた前記対象コネクションに関する次状態に基づいて、前記複数の状態記憶回路での保持内容を更新するように構成された状態更新部とを備えている。 In order to achieve such an object, the connection number measuring device according to the present invention has a network I / F that performs data communication using packets with a communication network, and the communication via the network I / F. The preset field value and the state control information for controlling the state of the connection are acquired from the header of the received packet received from the network, and the connection of the received packet is based on the field value and the state control information. A control device that detects the state related to the target connection indicating the above and measures the number of connections related to each connection based on the obtained detection result, and a state value indicating the state of the connection and a reference value for identifying the connection. The control device includes a plurality of state storage circuits configured to hold, and the control device relates to the target connection based on the reference value held by each state storage circuit from the plurality of state storage circuits. Based on a selection unit configured to select a state storage circuit that holds a state value, state control information acquired from the received packet, and a state value held by the state storage circuit selected by the selection unit. The plurality of states are determined based on the state determination unit configured to determine the next state regarding the state of the target connection and output as the detection result, and the next state regarding the target connection obtained by the state determination unit. It is provided with a state update unit configured to update the contents held in the state storage circuit of.
 また、本発明にかかるコネクション状態検出装置は、受信パケットのコネクションの状態を示す状態値と当該コネクションを識別するための参照値とを、保持するように構成された複数の状態記憶回路と、受信パケットのヘッダから取得したフィールド値および状態制御情報に基づいて、前記複数の状態記憶回路で保持されている前記状態値および前記参照値を参照することにより、前記受信パケットのコネクションである対象コネクションの状態を検出するように構成された制御装置とを備え、前記制御装置は、前記複数の状態記憶回路のうちから、それぞれの状態記憶回路で保持する前記参照値に基づいて、前記対象コネクションに関する状態値を保持する状態記憶回路を選択するように構成された選択部と、前記受信パケットから取得した状態制御情報と、前記選択部で選択された前記状態記憶回路で保持する状態値とに基づいて、前記対象コネクションの次状態を判別することにより、前記対象コネクションの状態を検出するように構成された状態判別部と、前記状態判別部で得られた前記対象コネクションに関する次状態に基づいて、前記複数の状態記憶回路での保持内容を更新するように構成された状態更新部とを備えている。 Further, the connection state detection device according to the present invention has a plurality of state storage circuits configured to hold a state value indicating the state of the connection of the received packet and a reference value for identifying the connection, and reception. By referring to the state value and the reference value held in the plurality of state storage circuits based on the field value and the state control information acquired from the header of the packet, the target connection which is the connection of the received packet can be used. A control device configured to detect a state is provided, and the control device includes a state related to the target connection based on the reference value held in each state storage circuit from the plurality of state storage circuits. Based on a selection unit configured to select a state storage circuit that holds a value, state control information acquired from the received packet, and a state value held by the state storage circuit selected by the selection unit. , The state determination unit configured to detect the state of the target connection by determining the next state of the target connection, and the state determination unit obtained by the state determination unit based on the next state of the target connection. It is provided with a state update unit configured to update the contents held in a plurality of state storage circuits.
 また、本発明にかかるコネクション状態検出方法は、受信パケットのコネクションの状態を示す状態値と当該コネクションを識別するための参照値とを、保持するように構成された複数の状態記憶回路と、受信パケットのヘッダから取得したフィールド値および状態制御情報に基づいて、前記複数の状態記憶回路で保持されている前記状態値および前記参照値を参照することにより、前記受信パケットのコネクションである対象コネクションの状態を検出し、得られた検出結果を出力するように構成された制御装置とを備えるコネクション状態検出装置で用いられる状態検出方法であって、前記制御装置が、前記複数の状態記憶回路のうちから、それぞれの状態記憶回路で保持する前記参照値に基づいて、前記対象コネクションに関する状態値を保持する状態記憶回路を選択するように構成された選択ステップと、前記制御装置が、前記受信パケットから取得した状態制御情報と、前記選択ステップで選択された前記状態記憶回路で保持する状態値とに基づいて、前記対象コネクションの次状態を判別することにより、前記対象コネクションの状態を検出するように構成された状態判別ステップと、前記制御装置が、前記状態判別ステップで得られた前記対象コネクションに関する次状態に基づいて、前記複数の状態記憶回路での保持内容を更新するように構成された状態更新ステップとを備えている。 Further, the connection state detection method according to the present invention includes a plurality of state storage circuits configured to hold a state value indicating the state of the connection of the received packet and a reference value for identifying the connection, and reception. By referring to the state value and the reference value held in the plurality of state storage circuits based on the field value and the state control information acquired from the header of the packet, the target connection which is the connection of the received packet can be used. A state detection method used in a connection state detection device including a control device configured to detect a state and output the obtained detection result, wherein the control device is among the plurality of state storage circuits. From the received packet, the selection step configured to select the state storage circuit that holds the state value for the target connection based on the reference value held by each state storage circuit, and the control device. The state of the target connection is detected by determining the next state of the target connection based on the acquired state control information and the state value held by the state storage circuit selected in the selection step. A state in which the configured state determination step and the control device are configured to update the contents held in the plurality of state storage circuits based on the next state regarding the target connection obtained in the state determination step. It has an update step.
 また、本発明にかかるコネクション数計測プログラムは、コンピュータを、上記のコネクション数計測装置を構成する各部として機能させるためのプログラムである。 Further, the connection number measuring program according to the present invention is a program for making a computer function as each part constituting the above-mentioned connection number measuring device.
 本発明によれば、従来技術と比較して、少ないメモリリソースでコネクションの状態を検出することが可能となる。 According to the present invention, it is possible to detect the connection status with a smaller amount of memory resources as compared with the prior art.
図1は、コネクション数計測装置の構成を示すブロック図である。FIG. 1 is a block diagram showing a configuration of a connection number measuring device. 図2は、状態検出部の詳細を示すブロック図である。FIG. 2 is a block diagram showing details of the state detection unit. 図3は、TCPコネクションの状態遷移図である。FIG. 3 is a state transition diagram of the TCP connection. 図4は、状態更新動作を示す説明図である。FIG. 4 is an explanatory diagram showing a state update operation. 図5は、保存先衝突時動作を示す説明図である。FIG. 5 is an explanatory diagram showing an operation at the time of a collision at the storage destination. 図6は、コネクション数計測方法のフローチャートである。FIG. 6 is a flowchart of a method for measuring the number of connections. 図7は、コネクション状態検出方法のフローチャートである。FIG. 7 is a flowchart of the connection state detection method. 図8は、コネクション数計測結果の構成例を示す説明図である。FIG. 8 is an explanatory diagram showing a configuration example of the connection number measurement result.
 次に、本発明の一実施の形態について図面を参照して説明する。
[コネクション数計測装置]
 まず、図1を参照して、本実施の形態にかかるコネクション数計測装置10およびコネクション状態検出装置10Aについて説明する。図1は、コネクション数計測装置の構成を示すブロック図である。 Next, an embodiment of the present invention will be described with reference to the drawings.
[Connection number measuring device]
First, with reference to FIG. 1, the connection number measuring device 10 and the connection state detecting device 10A according to the present embodiment will be described. FIG. 1 is a block diagram showing a configuration of a connection number measuring device.
 このコネクション数計測装置10は、監視対象となるパケットを、インターネットやLANなどの通信網NWから受信し、得られた受信パケットに基づき検出したコネクションを計測する装置である。計測されたコネクション数は、例えばキャリアネットワークやデータセンタ等のネットワークサービスで用いられているサーバの負荷状況を把握するために用いられる。 The connection number measuring device 10 is a device that receives a packet to be monitored from a communication network NW such as the Internet or LAN, and measures a detected connection based on the obtained received packet. The measured number of connections is used, for example, to grasp the load status of a server used in a network service such as a carrier network or a data center.
 なお、コネクション数計測装置10については、単体で構成してもよく、パケットに基づいてフロー数やコネクション数を計測することにより、ネットワークの通信状況を監視するネットワーク監視装置やネットワーク監視システムに実装してもよい。また、本発明の装置はコンピュータとプログラムによっても実現でき、プログラムを記録媒体に記録することも、ネットワークを通して提供することも可能である。 The connection number measuring device 10 may be configured as a single unit, and may be mounted on a network monitoring device or a network monitoring system that monitors the communication status of the network by measuring the number of flows and the number of connections based on packets. You may. The apparatus of the present invention can also be realized by a computer and a program, and the program can be recorded on a recording medium or provided through a network.
 図1に示すように、コネクション数計測装置10は、主な構成として、網I/F11、操作入力装置12、画面表示装置13、記憶装置14、制御装置15、および状態記憶回路16を備えている。 As shown in FIG. 1, the connection number measuring device 10 includes a network I / F 11, an operation input device 12, a screen display device 13, a storage device 14, a control device 15, and a state storage circuit 16 as main configurations. There is.
[網I/F11]
 網I/F11は、通信網NWとの間でパケットを用いたデータ通信を行うように構成されている。
[操作入力装置]
 操作入力装置12は、キーボード、マウス、タッチパネルなどの操作入力装置からなり、オペレータの操作を検出して制御装置15へ出力するように構成されている。
[画面表示装置]
 画面表示装置13は、LCDなどの画面表示装置からなり、制御装置15から出力されたメニュー画面、設定画面、監視結果画面などの各種画面を表示するように構成されている。 [Net I / F11]
The network I / F11 is configured to perform data communication using packets with the communication network NW.
[Operation input device]
The operation input device 12 includes an operation input device such as a keyboard, a mouse, and a touch panel, and is configured to detect an operator's operation and output it to the control device 15.
[Screen display device]
The screen display device 13 is composed of a screen display device such as an LCD, and is configured to display various screens such as a menu screen, a setting screen, and a monitoring result screen output from the control device 15.
[記憶装置]
 記憶装置14は、ハードディスクや半導体メモリなどの記憶装置からなり、制御装置15で実行する、コネクション数計測処理に用いる処理データやプログラム14Pを記憶するように構成されている。
 プログラム14Pは、制御装置15のCPUと協働することにより、コネクション数計測処理を実行する各種処理部を実現するためのプログラムである。プログラム14Pは、接続された外部装置や記録媒体から、予め読み出されて記憶装置14に格納される。 [Storage device]
The storage device 14 is composed of a storage device such as a hard disk or a semiconductor memory, and is configured to store processing data and a program 14P used for the connection number measurement process executed by the control device 15.
The program 14P is a program for realizing various processing units that execute connection number measurement processing by cooperating with the CPU of the control device 15. The program 14P is read in advance from a connected external device or recording medium and stored in the storage device 14.
[制御装置]
 制御装置15は、一般的なサーバ装置とFPGA(Field-Programable Gate Array)アクセラレータとの組み合わせから構成されている。FPGAアクセラレータを用いることで高速パケット処理を行えるため、40Gbps(Gigabits per second)や100Gbpsといった高速ネットワークにおけるトラフィック監視にも適用できる。一方、低速ネットワークにおいては高速パケット処理を必要としないため、すべての処理をソフトウェア実装したサーバ単体で構成することもできる。 [Control device]
The control device 15 is composed of a combination of a general server device and an FPGA (Field-Programable Gate Array) accelerator. Since high-speed packet processing can be performed by using the FPGA accelerator, it can also be applied to traffic monitoring in high-speed networks such as 40 Gbps (Gigabits per second) and 100 Gbps. On the other hand, since high-speed packet processing is not required in a low-speed network, it is possible to configure all processing with a single server equipped with software.
 以下では、制御装置15が、CPUとその周辺回路(FPGAアクセラレータを含む)を有し、記憶装置14のプログラム14Pを読み込んでCPUと協働させることにより、コネクション数計測処理を実行する各種処理部を実現するように構成されている場合を例として説明する。
 制御装置15で実現される主な処理部として、パケット受信部15A、ヘッダ解析部15B、状態検出部15C、およびコネクション数計数部15Dがある。 In the following, the control device 15 has a CPU and its peripheral circuits (including an FPGA accelerator), and various processing units that execute the connection number measurement process by reading the program 14P of the storage device 14 and cooperating with the CPU. Will be described as an example when it is configured to realize.
The main processing units realized by the control device 15 include a packet reception unit 15A, a header analysis unit 15B, a state detection unit 15C, and a connection number counting unit 15D.
[パケット受信部]
 パケット受信部15Aは、網I/F11を介して通信網NWから、監視対象となるパケットを受信するように構成されている。パケット受信部15Aで受信するパケットは、コネクション数計測装置10に向けて送信されたパケットでもよいが、スイッチ、ルータ、ネットワークタップなどのネットワーク機器でコピー(キャプチャ)されたパケットであってもよい。 [Packet receiver]
The packet receiving unit 15A is configured to receive a packet to be monitored from the communication network NW via the network I / F11. The packet received by the packet receiving unit 15A may be a packet transmitted to the connection number measuring device 10, or may be a packet copied (captured) by a network device such as a switch, a router, or a network tap.
[ヘッダ解析部]
 ヘッダ解析部15Bは、パケット受信部15Aで受信した受信パケットのヘッダから、予め指定されている1つまたは複数のフィールド値を抽出するように構成されている。
 コネクションとは、データ転送に用いるパケットを正確に受け渡しするため、プロセス間で設定する仮想的な通信路である。一般的には、コネクションを識別する際、MACアドレス、プロトコル、IPアドレス、ポート番号などのフィールド値(識別子)が用いられる。特に、送信元IPアドレス、宛先IPアドレス、送信元ポート番号、宛先ポート番号、プロトコルの組み合わせ(5-tuple)が、コネクション識別によく利用される。また、仮想化ネットワークではVLAN IDやVXLAN IDなどのフィールド値を用いることもある。 [Header analysis unit]
The header analysis unit 15B is configured to extract one or a plurality of predetermined field values from the header of the received packet received by the packet reception unit 15A.
A connection is a virtual communication path set between processes in order to accurately transfer packets used for data transfer. Generally, when identifying a connection, field values (identifiers) such as MAC address, protocol, IP address, and port number are used. In particular, a combination of source IP address, destination IP address, source port number, destination port number, and protocol (5-tuple) is often used for connection identification. Further, in a virtualized network, field values such as VLAN ID and VXLAN ID may be used.
 また、ヘッダ解析部15Bは、パケットのヘッダもしくはペイロードから、コネクションの制御に用いる状態制御情報を取得する。例えば、TCP(Transmission Control Protocol)通信で利用される状態制御情報であるコントロールフラグには、それぞれ1ビット幅の情報からなる、URG(Urgent)フラグ、ACK(Acknowledgement)フラグ、PSH(Push)フラグ、RST(Reset)フラグ、SYN(Synchronize)フラグ、およびFIN(Finish)フラグの6種類がある。 Further, the header analysis unit 15B acquires the state control information used for controlling the connection from the header or payload of the packet. For example, the control flag, which is the state control information used in TCP (Transmission Control Protocol) communication, includes a URG (Urgent) flag, an ACK (Acknowledgement) flag, and a PSH (Push) flag, each of which consists of 1-bit width information. There are six types: RST (Reset) flag, SYN (Synchronize) flag, and FIN (Finish) flag.
[状態検出部]
 状態検出部15Cは、ヘッダ解析部15Bで得られたフィールド値に基づいて、コネクションを識別するとともに、状態制御情報の変化からコネクションの次状態を検出するように構成されている。状態検出部15Cの詳細については後述する。 [Status detector]
The state detection unit 15C is configured to identify the connection based on the field value obtained by the header analysis unit 15B and to detect the next state of the connection from the change in the state control information. Details of the state detection unit 15C will be described later.
[コネクション数計数部]
 コネクション数計数部15Dは、状態検出部15Cで得られた検出結果に基づいて、対応するコネクションのカウント数を増減し、得られた計数結果を、監視対象となるネットワークのコネクション数として、画面表示装置13あるいは網I/F11を介して接続された上位装置(図示せず)へ出力するように構成されている。また、得られた計数結果については、制御装置15で別途実行するモニタリングやトラフィック制御の処理に用いてもよい。 [Connection number counting unit]
The connection number counting unit 15D increases / decreases the counting number of the corresponding connections based on the detection result obtained by the state detection unit 15C, and displays the obtained counting result as the number of connections of the network to be monitored on the screen. It is configured to output to a higher-level device (not shown) connected via the device 13 or the network I / F 11. Further, the obtained counting result may be used for monitoring or traffic control processing separately executed by the control device 15.
[状態記憶回路]
 状態記憶回路16は、全体として半導体メモリからなり、任意のコネクションにそれぞれ割り当てられる複数の格納領域を有し、いずれか1つの格納領域で対応するコネクションの状態を示す状態値Stateと当該コネクションを識別するための参照値Refとを保持(管理)するように構成されている。本実施の形態では、状態記憶回路16として2つの状態記憶回路16A,16B(第1および第2の状態記憶回路)を用いる場合を例として説明するが、これに限定されるものではなく、3つ以上の状態記憶回路16を用いてもよい。 [State memory circuit]
The state storage circuit 16 is composed of a semiconductor memory as a whole, has a plurality of storage areas allocated to arbitrary connections, and identifies the connection from a state value State indicating the state of the corresponding connection in any one storage area. It is configured to hold (manage) the reference value Ref for the purpose. In the present embodiment, a case where two state memory circuits 16A and 16B (first and second state memory circuits) are used as the state memory circuits 16 will be described as an example, but the present invention is not limited to this, and 3 One or more state storage circuits 16 may be used.
[コネクション状態検出装置]
 上記構成のうち、状態検出部15Cと状態記憶回路16とから、コネクション状態検出装置10Aを構成することができる。コネクション状態検出装置10Aは、受信パケットのヘッダから取得したフィールド値および状態制御情報を入力とし、これらフィールド値および状態制御情報に基づいて、状態記憶回路16で保持されている状態値Stateおよび参照値Refを参照することにより、受信パケットのコネクションである対象コネクションの状態を検出する装置である。このコネクション状態検出装置10Aは、コネクション数計測装置10のほか、パケットに関するフローやコネクションの状態を監視するネットワーク監視装置やネットワーク監視システムに実装してもよい。 [Connection status detector]
Of the above configurations, the connection state detection device 10A can be configured from the state detection unit 15C and the state storage circuit 16. The connection state detection device 10A inputs the field value and the state control information acquired from the header of the received packet, and based on these field values and the state control information, the state value State and the reference value held in the state storage circuit 16 It is a device that detects the state of the target connection, which is the connection of the received packet, by referring to Ref. The connection state detection device 10A may be mounted on a network monitoring device or a network monitoring system that monitors the flow of packets and the state of connections, in addition to the connection number measuring device 10.
[状態検出部の詳細]
 次に、図2を参照して、状態検出部15Cの詳細について説明する。図2は、状態検出部の詳細を示すブロック図である。
 状態検出部15Cは、状態検出処理を実行する処理部として、ハッシュ値計算部21、検索キー生成部22、選択部24、状態判別部25、および状態更新部23を備えている。図2には、状態記憶回路16として2つの状態記憶回路16A,16Bを用いた場合が示されているが、これに限定されるものではなく、3つ以上の状態記憶回路を用いてもよい。 [Details of status detector]
Next, the details of the state detection unit 15C will be described with reference to FIG. FIG. 2 is a block diagram showing details of the state detection unit.
The state detection unit 15C includes a hash value calculation unit 21, a search key generation unit 22, a selection unit 24, a state determination unit 25, and a state update unit 23 as processing units for executing the state detection process. FIG. 2 shows a case where two state storage circuits 16A and 16B are used as the state storage circuit 16, but the present invention is not limited to this, and three or more state storage circuits may be used. ..
[ハッシュ値計算部]
 ハッシュ値計算部21は、予め設定されているハッシュ関数に基づいて、ヘッダ解析部15Bで取得したフィールド値Fieldからハッシュ値Hashを計算するように構成されている。ハッシュ値は、計測対象となるコネクションを一意に識別できる長さが必要であり、例えば、32ビットから64ビットが現実的な長さである。また、ハッシュ値の計算に用いるハッシュ関数には、例えば、MurmurHash3など、公知のアルゴリズムを用いればよい。 [Hash value calculation unit]
The hash value calculation unit 21 is configured to calculate the hash value Hash from the field value Field acquired by the header analysis unit 15B based on a preset hash function. The hash value needs to have a length that can uniquely identify the connection to be measured, and for example, 32 bits to 64 bits is a realistic length. Further, as the hash function used for calculating the hash value, a known algorithm such as MurmurHash3 may be used.
[検索キー生成部]
 検索キー生成部22は、ハッシュ値計算部21で得られたハッシュ値Hashの一部を切り出して、状態記憶回路16ごとに検索キーKeyを生成するように構成されている。例えば、図2に示すように、2つの状態記憶回路16A,16Bを用いる場合、2つのKey#0,#1が生成される。ハッシュ値Hashの切り出し方法としては、例えば、上位ビットと下位ビットに分割する方法がある。この分割方法は、ハードウェアに適した方法であり、極めて簡素な回路構成で実現できる。ハッシュ値Hashの一部を検索キーに用いる場合、状態記憶回路16A,16Bからハッシュ衝突により誤ったコネクションの状態が出力されることがあるが、後述の方法により適切な出力を選ぶことができる。 [Search key generator]
The search key generation unit 22 is configured to cut out a part of the hash value Hash obtained by the hash value calculation unit 21 and generate a search key Key for each state storage circuit 16. For example, as shown in FIG. 2, when two state storage circuits 16A and 16B are used, two Key # 0 and # 1 are generated. As a method of cutting out the hash value Hash, for example, there is a method of dividing into high-order bits and low-order bits. This division method is suitable for hardware and can be realized with an extremely simple circuit configuration. When a part of the hash value Hash is used as a search key, an erroneous connection state may be output from the state storage circuits 16A and 16B due to a hash collision, but an appropriate output can be selected by the method described later.
 また、検索キー生成部22は、比較値Compを生成する。比較値Compの生成もハッシュ値Hashの一部を切り出すだけでよい。このとき、比較値Compは、検索キーKey#0と異なる部分から切り出す必要があるが、検索キーKey#1と一部もしくは全部が重なる部分から切り出してもよい。 Further, the search key generation unit 22 generates a comparison value Comp. To generate the comparison value Comp, it is only necessary to cut out a part of the hash value Hash. At this time, the comparison value Comp needs to be cut out from a portion different from the search key Key # 0, but may be cut out from a portion partially or entirely overlapping with the search key Key # 1.
[状態記憶回路]
 状態記憶回路16A,16Bは、ハッシュ衝突を許容する小規模なコネクションテーブルであり、状態判別部25で判別したコネクションの次状態を示す状態値Stateを保持(管理)するように構成されている。例えば、TCPコネクションの場合、後述する図3のSYN状態30、ACK状態31、FIN/RST状態32を状態値Stateとして保持してもよい。
 また、2つの状態記憶回路16A,16Bを用いる場合、状態記憶回路16Aは、状態値State#0とともに参照値Ref#0を保持するように構成するが、状態記憶回路16Bは、状態値State#1に加えて参照値Ref#1を保持してもよいし、保持しなくてもよい。 [State memory circuit]
The state storage circuits 16A and 16B are small-scale connection tables that allow hash collisions, and are configured to hold (manage) a state value State indicating the next state of the connection determined by the state determination unit 25. For example, in the case of a TCP connection, the SYN state 30, the ACK state 31, and the FIN / RST state 32 in FIG. 3, which will be described later, may be held as the state value State.
Further, when the two state storage circuits 16A and 16B are used, the state storage circuit 16A is configured to hold the reference value Ref # 0 together with the state value State # 0, but the state storage circuit 16B is configured to hold the state value State # 0. The reference value Ref # 1 may or may not be retained in addition to 1.
 本発明にかかる参照値Refとは、状態記憶回路16に保持されたコネクションを識別するための情報であり、その状態記憶回路16でコネクションの状態保持を新規に始める際に計算した比較値Compからなる。これにより、各状態記憶回路16から出力された状態値Stateのいずれが、受信パケットのコネクションに関する状態値Stateを示すかを、判別できるようになる。
 この場合、参照値Refを保持するために必要なメモリリソースが増加する。したがって、例えば、状態記憶回路16Bにおいて、ハッシュ衝突がほとんど起こらないことが予想される場合には、参照値Ref#1を保持せず、状態記憶回路16Aから異なるコネクションの状態値Stateが出力されたと判定された場合に、状態記憶回路16Bの出力を選択するようにしてもよい。 The reference value Ref according to the present invention is information for identifying the connection held in the state storage circuit 16, and is obtained from the comparison value Comp calculated when the state storage circuit 16 newly starts holding the state of the connection. Become. As a result, it becomes possible to determine which of the state value States output from each state storage circuit 16 indicates the state value State related to the connection of the received packet.
In this case, the memory resource required to hold the reference value Ref increases. Therefore, for example, when it is expected that hash collision hardly occurs in the state storage circuit 16B, the state value State of a different connection is output from the state storage circuit 16A without holding the reference value Ref # 1. If it is determined, the output of the state storage circuit 16B may be selected.
[選択部]
 選択部24は、状態記憶回路16から出力された参照値Refを、受信パケットに関する比較値Compと比較し、比較値Compと一致する参照値Refと対応する状態記憶回路16を選択し、選択した当該状態記憶回路16に保持されている状態値Stateを状態判別部25へ出力し、いずれの参照値Refも比較値Compと一致しなければ、受信パケットのコネクションが新規であること、および、各状態記憶回路16に保持されている状態値Stateを、状態更新部23に出力するように構成されている。 [Selection]
The selection unit 24 compares the reference value Ref output from the state storage circuit 16 with the comparison value Comp related to the received packet, and selects and selects the state storage circuit 16 corresponding to the reference value Ref that matches the comparison value Comp. If the state value State held in the state storage circuit 16 is output to the state determination unit 25 and none of the reference values Ref matches the comparison value Comp, the connection of the received packet is new and each of them. The state value State held in the state storage circuit 16 is configured to be output to the state update unit 23.
[状態判別部]
 状態判別部25は、選択部24から出力された状態値Stateと、受信パケットに含まれる状態制御情報Flagとに基づいて、予め設定されている状態遷移図により、コネクションの次状態を判別するよう構成されている。図3は、TCPコネクションの状態遷移図であり、この状態遷移図を用いることで、現在の状態値Stateと、新たに通知された状態制御情報Flagとに基づいて、TCPコネクションの次状態を判定することができる。 [Status determination unit]
The state determination unit 25 determines the next state of the connection from the preset state transition diagram based on the state value State output from the selection unit 24 and the state control information Flag included in the received packet. It is configured. FIG. 3 is a state transition diagram of the TCP connection, and by using this state transition diagram, the next state of the TCP connection is determined based on the current state value State and the newly notified state control information Flag. can do.
 図3に示すように、TCPコネクションの主な状態として、SYN状態30、ACK状態31、およびFIN/RST状態32がある。SYN状態30は、一方のプロセスから他方に対してコネクションの確立要求(SYNフラグ)を通知した状態を示している。ACK状態31は、確立要求を許可する際、他方から一方に対して確立応答(ACKフラグ)を通知した状態を示している。FIN/RST状態32は、一方または他方から相手に対して、コネクションの切断要求(FINフラグ)または中断(RSTフラグ)を通知した状態を示している。 As shown in FIG. 3, the main states of the TCP connection are the SYN state 30, the ACK state 31, and the FIN / RST state 32. The SYN state 30 indicates a state in which one process notifies the other of a connection establishment request (SYN flag). The ACK state 31 indicates a state in which an establishment response (ACK flag) is notified from the other to one when the establishment request is permitted. The FIN / RST state 32 indicates a state in which one or the other notifies the other party of a connection disconnection request (FIN flag) or interruption (RST flag).
[状態更新部]
 状態更新部23は、状態判別部25において保持中のコネクションの状態が変化した場合、もしくは、新規のコネクションの確立が検出された場合、選択部24から出力された状態記憶回路16の保持内容に基づいて、状態記憶回路16で保持している状態値Stateおよび参照値Refを更新し、新規のコネクションについては、状態値Stateを保持していない空きの状態記憶回路16が存在する場合のみ、新規に格納(更新)するように構成されている。 [Status update section]
When the state of the connection being held by the state determination unit 25 changes, or when the establishment of a new connection is detected, the state update unit 23 changes the holding content of the state storage circuit 16 output from the selection unit 24. Based on this, the state value State and the reference value Ref held in the state storage circuit 16 are updated, and for a new connection, only when there is an empty state storage circuit 16 that does not hold the state value State is new. It is configured to be stored (updated) in.
 以上の構成を用いて、状態記憶回路16で保持する参照値Refに基づいて、適切なものを選ぶようにすることで、各状態記憶回路16でハッシュ衝突が起こることが許容できる。よって、この構成ではメモリ利用効率の高い小規模な状態記憶回路16を採用することができ、従来と比べてメモリリソースを削減できる。 By using the above configuration and selecting an appropriate one based on the reference value Ref held by the state storage circuit 16, it is possible that a hash collision occurs in each state storage circuit 16. Therefore, in this configuration, a small-scale state storage circuit 16 having high memory utilization efficiency can be adopted, and memory resources can be reduced as compared with the conventional case.
[本実施の形態の動作]
 次に、本実施の形態にかかるコネクション数計測装置10の動作について説明する。ここでは、状態記憶回路16A,16Bにおける状態更新動作および保存先衝突時動作、制御装置15におけるコネクション数計測動作、および、状態検出部15Cにおける状態検出動作について、それぞれ個別に説明する。 [Operation of this embodiment]
Next, the operation of the connection number measuring device 10 according to the present embodiment will be described. Here, the state update operation and the storage destination collision operation in the state storage circuits 16A and 16B, the connection number measurement operation in the control device 15, and the state detection operation in the state detection unit 15C will be described individually.
[状態更新動作]
 まず、図4を参照して、状態記憶回路16A,16Bにおける状態更新動作について説明する。図4は、状態更新動作を示す説明図であり、横軸である時間に沿って、状態記憶回路16で保持している状態値Stateが更新されていく過程が示されている。ここでは、コネクションの状態値Stateさらには参照値Refを格納する格納領域として1つずつ設けられた状態記憶回路16A、16Bを用いて、コネクション状態を更新する場合を例として説明する。なお、この例では、状態記憶回路16Aが状態値State#0と参照値Ref#0を保持しており、状態記憶回路16Bが状態値State#1のみ保持しているものとする。 [Status update operation]
First, the state update operation in the state storage circuits 16A and 16B will be described with reference to FIG. FIG. 4 is an explanatory diagram showing a state update operation, and shows a process in which the state value State held by the state storage circuit 16 is updated along the time on the horizontal axis. Here, a case where the connection state is updated by using the state storage circuits 16A and 16B provided one by one as the storage area for storing the connection state value State and the reference value Ref will be described as an example. In this example, it is assumed that the state storage circuit 16A holds the state value State # 0 and the reference value Ref # 0, and the state storage circuit 16B holds only the state value State # 1.
 時刻T1において、状態記憶回路16A,16Bの両方とも、状態値Stateを保持していない。次の時刻T2に、新たなコネクション1(Con1)が検出された場合、状態記憶回路16Aにおいて、コネクション1の状態「Con1 State」が状態値State#0として保持され、そのコネクションの比較値Compが参照値Ref#0として保持される。
 続く時刻T3において、別の新たなコネクション2(Con2)が検出された場合、状態記憶回路16Aですでにコネクション1(Con1)を保持されているため、状態記憶回路16Bにおいて、コネクション2の状態「Con2 State」が、状態値State#1として保持されることになる。この際、コネクションの比較値Compは参照値Ref#1として保持されない。 At time T1, neither of the state storage circuits 16A and 16B holds the state value State. When a new connection 1 (Con1) is detected at the next time T2, the state "Con1 State" of the connection 1 is held as the state value State # 0 in the state storage circuit 16A, and the comparison value Comp of the connection is held. It is held as the reference value Ref # 0.
When another new connection 2 (Con2) is detected at the following time T3, since the connection 1 (Con1) is already held by the state storage circuit 16A, the state of the connection 2 is changed in the state storage circuit 16B. "Con2 State" will be held as the state value State # 1. At this time, the connection comparison value Comp is not held as the reference value Ref # 1.
 その後、時刻T4においてコネクション1の終了(切断)が検出された場合、状態更新部23は、状態記憶回路16Bで保持していたコネクション2の状態値State#1を、状態記憶回路16Aに移転する。このとき、状態記憶回路16Aでそれまで保持していた参照値Ref#0を、コネクション2を示す値に更新する。これにより、続く時刻T5において、コネクション2の状態値および参照値が状態記憶回路16Aで状態値State#0および参照値Ref#0として保持されることになる。移転の際、状態記憶回路16Aの状態値State#0と状態記憶回路16Bの状態値State#1とを入れ替えてもよい。 After that, when the end (disconnection) of the connection 1 is detected at the time T4, the state update unit 23 transfers the state value State # 1 of the connection 2 held by the state storage circuit 16B to the state storage circuit 16A. .. At this time, the reference value Ref # 0 held up to that point in the state storage circuit 16A is updated to a value indicating the connection 2. As a result, at the subsequent time T5, the state value and the reference value of the connection 2 are held as the state value State # 0 and the reference value Ref # 0 in the state storage circuit 16A. At the time of transfer, the state value State # 0 of the state storage circuit 16A and the state value State # 1 of the state storage circuit 16B may be exchanged.
 一方、時刻T4において、移転処理をしない場合、状態記憶回路16Aではコネクションが切断されて状態保持が終わっているため、その後受信したコネクション2に関するパケットにおいて何らかの事情(例えば、SYNフラグの再送)でコネクション開始と判定された場合、その状態は状態記憶回路16Aに保持される。続いてコネクション2が切断された場合、参照値Ref#0と比較値Compが一致するため、状態記憶部16Aの状態保持が終了する。一方、状態記憶部16Bではコネクション2の状態保持が続いてしまい、第三のコネクションによって状態が上書きされるまで継続する。このような不適切なコネクション管理を避けるため、状態記憶回路16Bで保持していたコネクションの状態値および参照値を状態記憶回路16Aに移転する必要がある。これら状態記憶回路16A、16Bの更新処理は状態更新部23により制御される。 On the other hand, when the transfer process is not performed at the time T4, the connection is disconnected in the state storage circuit 16A and the state holding is completed. Therefore, in the packet related to the connection 2 received thereafter, the connection is made for some reason (for example, retransmission of the SYN flag). If it is determined to start, the state is held in the state storage circuit 16A. When the connection 2 is subsequently disconnected, the reference value Ref # 0 and the comparison value Comp match, so that the state holding of the state storage unit 16A ends. On the other hand, the state storage unit 16B continues to hold the state of the connection 2 until the state is overwritten by the third connection. In order to avoid such improper connection management, it is necessary to transfer the state value and the reference value of the connection held by the state storage circuit 16B to the state storage circuit 16A. The update process of these state storage circuits 16A and 16B is controlled by the state update unit 23.
[保存先衝突時動作]
 次に、図5を参照して、状態記憶回路16A,16Bにおける保存先衝突時動作について説明する。図5は、保存先衝突時動作を示す説明図である。ここでは、状態記憶回路16A,16Bのそれぞれに格納領域が2つずつ設けられているものとし、コネクション1の状態値(Con1 State)が状態記憶回路16Aのアドレス「0」の格納領域で保持されている状況で、コネクション2のパケットを受信した場合を考える。また、検索キーKey#0,#1(第1の検索キー、第2の検索キー)は、ハッシュ値Hashを下位1ビットと上位1ビットで分割して生成されるものとし、比較値Compは、検索キーKey#0とは異なるハッシュ値Hashの上位1ビットを用いることにする。 [Operation at save destination collision]
Next, with reference to FIG. 5, the operation at the time of the storage destination collision in the state storage circuits 16A and 16B will be described. FIG. 5 is an explanatory diagram showing an operation at the time of a collision at the storage destination. Here, it is assumed that two storage areas are provided for each of the state storage circuits 16A and 16B, and the state value (Con1 State) of the connection 1 is held in the storage area of the address "0" of the state storage circuit 16A. Consider the case where the packet of connection 2 is received in this situation. Further, the search keys Key # 0 and # 1 (first search key, second search key) are generated by dividing the hash value Hash into the lower 1 bit and the upper 1 bit, and the comparison value Comp is , The upper 1 bit of the hash value Hash different from the search key Key # 0 will be used.
 新たに受信パケットが受信された場合、ハッシュ値計算部21は、受信パケットのヘッダから取得したフィールド値に基づいてハッシュ値Hash「2」(=「10」:二進数)を計算したものとする。これにより、このハッシュ値Hashに基づいて、検索キー生成部22で、検索キーKey#0,#1としてそれぞれ「0」,「1」が生成され、比較値Compとして「1」が生成される。この場合、Key#0に対応する状態記憶回路16Aのうち、Key#0の値「0」に相当するアドレスAddrの格納領域に保持されている参照値Ref#0は「0」であり、比較値Compの値「1」とは一致しない。これにより、選択部24は、状態記憶回路16Aに保持されているコネクションが、受信パケットは別のコネクションであると判断する。 When a newly received packet is received, the hash value calculation unit 21 shall calculate the hash value Hash "2" (= "10": binary number) based on the field value acquired from the header of the received packet. .. As a result, based on this hash value Hash, the search key generation unit 22 generates "0" and "1" as the search keys Key # 0 and # 1, respectively, and generates "1" as the comparison value Comp. .. In this case, among the state storage circuits 16A corresponding to Key # 0, the reference value Ref # 0 held in the storage area of the address Addr corresponding to the value “0” of Key # 0 is “0”, and the comparison is made. It does not match the value "1" of the value Comp. As a result, the selection unit 24 determines that the connection held in the state storage circuit 16A is another connection for the received packet.
 この際、選択部24は、状態記憶回路16AのRef#0とCompとを単純に比較し、得られた比較結果に基づいてコネクションの一致、不一致を判定している。このため、不一致と判定された場合、受信パケットのコネクションが、どのコネクションであるかについては特定できない。したがって、不一致と判定された場合、Key#1に対応する状態記憶回路16Bのうち、受信パケットのコネクションを識別できるKey#1の値「1」(アドレス値)と対応する格納領域で、コネクション2の状態値(Con2 State)を保持する。 At this time, the selection unit 24 simply compares Ref # 0 and Comp of the state storage circuit 16A, and determines whether the connection matches or does not match based on the obtained comparison result. Therefore, when it is determined that there is a mismatch, it is not possible to specify which connection the connection of the received packet is. Therefore, when it is determined that there is a mismatch, the connection 2 is in the storage area corresponding to the value "1" (address value) of the key # 1 that can identify the connection of the received packet in the state storage circuit 16B corresponding to the key # 1. Holds the state value (Con2 State) of.
 以上の保存先衝突時動作により、新たな受信パケットのコネクションが、任意の状態記憶回路16で保持しているコネクションとは異なっている場合、すなわち異なるコネクション間で状態値の格納先が衝突した場合には、別の状態記憶回路16Bを用いて受信パケットのコネクションに関する状態値を保持できる。これにより、未使用の格納領域数を減らすことができ、小規模な状態記憶回路16を用いて状態検出部15Cを構成することができる。 When the connection of the new received packet is different from the connection held by the arbitrary state storage circuit 16, that is, when the storage destination of the state value collides between different connections due to the above operation at the time of collision of the storage destination. Can hold the state value related to the connection of the received packet by using another state storage circuit 16B. As a result, the number of unused storage areas can be reduced, and the state detection unit 15C can be configured by using a small-scale state storage circuit 16.
[コネクション数計測動作]
 次に、図6を参照して、制御装置15におけるコネクション数計測動作について説明する。図6は、コネクション数計測方法のフローチャートである。
 制御装置15は、まず、パケット受信部15Aにより、網I/F11を介して通信網NWからパケットが受信されたか確認し(ステップS100)、新たなパケットが受信されるまで待機する(ステップS100:NO)。 [Connection count measurement operation]
Next, the operation of measuring the number of connections in the control device 15 will be described with reference to FIG. FIG. 6 is a flowchart of a method for measuring the number of connections.
First, the control device 15 confirms whether a packet has been received from the communication network NW via the network I / F11 by the packet receiving unit 15A (step S100), and waits until a new packet is received (step S100: NO).
 新たなパケットが受信された場合(ステップS100:YES)、制御装置15は、ヘッダ解析部15Bにより、受信した受信パケットのヘッダから、予め設定されているフィールド値を抽出するとともに(ステップS101)、コネクションの状態を制御するための状態制御情報を抽出する(ステップS102)。
 次に、制御装置15は、状態検出部15Cにより、保持中のコネクションの状態値と抽出した状態制御情報とに基づいて、受信パケットのコネクションに関する次状態を確認する(ステップS103)。 When a new packet is received (step S100: YES), the control device 15 extracts a preset field value from the header of the received received packet by the header analysis unit 15B (step S101). Extract state control information for controlling the state of the connection (step S102).
Next, the control device 15 confirms the next state regarding the connection of the received packet by the state detection unit 15C based on the state value of the holding connection and the extracted state control information (step S103).
 ここで、次状態がコネクションの開始を示す場合(ステップS103:開始)、コネクション数計数部15Dにより、コネクション数を示すカウント値をインクリメント(+1)し(ステップS104)、状態検出部15Cで保持しているコネクションの状態を更新し(ステップS106)、後述するステップS107へ移行する。
 また、次状態がコネクションの終了(切断)を示す場合(ステップS103:終了)、コネクション数計数部15Dにより、コネクション数を示すカウント値をデクリメント(-1)し(ステップS105)、ステップS106へ移行する。 Here, when the next state indicates the start of the connection (step S103: start), the count value indicating the number of connections is incremented (+1) by the connection number counting unit 15D (step S104), and held by the state detecting unit 15C. The state of the existing connection is updated (step S106), and the process proceeds to step S107 described later.
When the next state indicates the end (disconnection) of the connection (step S103: end), the connection number counting unit 15D decrements (-1) the count value indicating the number of connections (step S105), and the process proceeds to step S106. do.
 また、次の状態が開始または終了以外である場合(ステップS103:ELSE)、後述するステップS107へ移行する。
 この後、制御装置15は、操作入力装置12で検出されたオペレータ操作や、予め設定されている計数動作終了時刻などに基づいて、計数動作終了タイミングか否か確認し(ステップS107)、計数動作を継続する場合(ステップS107:NO)、前述したステップS100に戻る。また、計数動作終了タイミングである場合(ステップS107:YES)、一連のコネクション数計測処理を終了する。 If the next state is other than the start or end (step S103: ELSE), the process proceeds to step S107, which will be described later.
After that, the control device 15 confirms whether or not it is the counting operation end timing based on the operator operation detected by the operation input device 12, the preset counting operation end time, and the like (step S107), and the counting operation. (Step S107: NO), the process returns to step S100 described above. Further, when the counting operation end timing is reached (step S107: YES), a series of connection number measurement processing is terminated.
[状態検出動作]
 次に、図7を参照して、状態検出部15Cにおける状態検出動作について説明する。図7は、コネクション状態検出方法のフローチャートである。
 ここでは、前述と同様に、状態記憶回路16Aが状態値State#0と参照値Ref#0を保持しており、状態記憶回路16Bが状態値State#1のみ保持しているものとする。 [Status detection operation]
Next, the state detection operation in the state detection unit 15C will be described with reference to FIG. 7. FIG. 7 is a flowchart of the connection state detection method.
Here, it is assumed that the state storage circuit 16A holds the state value State # 0 and the reference value Ref # 0, and the state storage circuit 16B holds only the state value State # 1 as described above.
 状態検出部15Cは、ヘッダ解析部15Bで得られたフィールド値からハッシュ値Hashを計算し(ステップS110)、得られたハッシュ値Hashを分割することにより、受信パケットのコネクションに関する検索キーKey#0、#1を生成するとともに(ステップS111)、比較値Compを生成する(ステップS112)。
 次に、状態検出部15Cは、Key#0と対応付けられている状態記憶回路16Aから、Key#0の値(アドレス値)と対応する格納領域に保持されている、コネクションの状態値State#0と参照値Ref#0を取得する(ステップS113)。 The state detection unit 15C calculates the hash value Hash from the field value obtained by the header analysis unit 15B (step S110), and divides the obtained hash value Hash to search key Key # 0 regarding the connection of the received packet. , # 1 is generated (step S111), and the comparison value Comp is generated (step S112).
Next, the state detection unit 15C receives the connection state value State # held in the storage area corresponding to the value (address value) of Key # 0 from the state storage circuit 16A associated with Key # 0. Acquire 0 and the reference value Ref # 0 (step S113).
 続いて、状態検出部15Cは、選択部24により、取得した参照値Ref#0を比較値Compと比較し(ステップS114)、両者の値が一致している場合(ステップS114:YES)、受信パケットのコネクションを保持すべき状態記憶回路16として、状態記憶回路16Aを選択する。
 これにより、状態検出部15Cは、状態判別部25により、状態記憶回路16Aから取得した状態値State#0(現状態)と、ヘッダ解析部15Bにおいて抽出した状態制御情報Flagとに基づいて、当該コネクションの次状態を判別し(ステップS115)、後述するステップS118へ移行する。 Subsequently, the state detection unit 15C compares the acquired reference value Ref # 0 with the comparison value Comp by the selection unit 24 (step S114), and if both values match (step S114: YES), the state detection unit 15C receives. The state storage circuit 16A is selected as the state storage circuit 16 for holding the packet connection.
As a result, the state detection unit 15C is concerned with the state value State # 0 (current state) acquired from the state storage circuit 16A by the state determination unit 25 and the state control information Flag extracted by the header analysis unit 15B. The next state of the connection is determined (step S115), and the process proceeds to step S118 described later.
 一方、ステップS114において、両者の値が不一致である場合(ステップS114:NO)、選択部24により、受信パケットのコネクションを保持すべき状態記憶回路16として、状態記憶回路16Bを選択する。
 これにより、状態検出部15Cは、状態判別部25により、Key#1と対応付けられている状態記憶回路16Bから、Key#1の値(アドレス値)と対応する格納領域に保持されている、コネクションの状態値State#1を取得する(ステップS116)。 On the other hand, in step S114, when the two values do not match (step S114: NO), the selection unit 24 selects the state storage circuit 16B as the state storage circuit 16 for holding the connection of the received packet.
As a result, the state detection unit 15C is held by the state determination unit 25 in the storage area corresponding to the value (address value) of the key # 1 from the state storage circuit 16B associated with the key # 1. Acquire the connection status value State # 1 (step S116).
 続いて、状態検出部15Cは、状態記憶回路16Bから取得した状態値State#1(現状態)と、ヘッダ解析部15Bにおいて抽出した状態制御情報Flagとに基づいて、当該コネクションの次状態を判別し(ステップS117)、後述するステップS118へ移行する。 Subsequently, the state detection unit 15C determines the next state of the connection based on the state value State # 1 (current state) acquired from the state storage circuit 16B and the state control information Flag extracted by the header analysis unit 15B. (Step S117), and the process proceeds to step S118, which will be described later.
 この後、状態検出部15Cは、状態更新部23により、状態記憶回路16のいずれかで保持中のコネクション状態の変化が検出された場合、もしくは新規コネクションの確立が検出された場合、それぞれ対応する状態記憶回路16A,16Bの保持内容を更新し(ステップS118)、一連の状態検出処理を終了する。この際、状態更新部23は、状態記憶回路16Aで保持しているコネクションの状態値State#0が確立から終了(切断)に遷移し、状態記憶回路16Bで保持しているコネクションの状態値State#1が確立を示す場合、状態記憶回路16Bで保持している状態値State#1を、状態記憶回路16Aの状態値State#0として移転する。 After that, the state detection unit 15C corresponds to the case where the state update unit 23 detects a change in the connection state being held by any of the state storage circuits 16, or a case where the establishment of a new connection is detected. The holding contents of the state storage circuits 16A and 16B are updated (step S118), and a series of state detection processes are terminated. At this time, in the state update unit 23, the state value State # 0 of the connection held by the state storage circuit 16A transitions from establishment to termination (disconnection), and the state value State of the connection held by the state storage circuit 16B is set. When # 1 indicates establishment, the state value State # 1 held by the state storage circuit 16B is transferred as the state value State # 0 of the state storage circuit 16A.
 図8は、コネクション数計測結果の構成例を示す説明図である。図8には、計測して得られたコネクション数が、当該コネクションを識別するためのルールと関連付けられて、出力されている。
 各ルールは、監視対象となるコネクションを識別するための情報であり、例えば操作入力装置12および画面表示装置13を用いて、オペレータにより予め設定される。ここでは、ルールとして、送信元IPアドレス、宛先IPアドレス、およびプロトコル種別からなるフィールド値に関する具体的な設定値が設定されている。 FIG. 8 is an explanatory diagram showing a configuration example of the connection number measurement result. In FIG. 8, the number of connections obtained by measurement is output in association with a rule for identifying the connection.
Each rule is information for identifying a connection to be monitored, and is preset by an operator using, for example, an operation input device 12 and a screen display device 13. Here, as a rule, specific setting values regarding a field value consisting of a source IP address, a destination IP address, and a protocol type are set.
 例えば、受信パケットのヘッダから抽出したフィールド値が、いずれかのルールの設定値と一致した場合、そのルールに関連付けられているコネクション数が、インクリメント(+1)あるいはデクリメント(-1)される。
 これにより、オペレータが、監視対象としたいコネクションに関するフィールド値を、ルールの設定値として設定するだけで、当該コネクションの数を監視することができる。 For example, if the field value extracted from the header of the received packet matches the set value of any rule, the number of connections associated with that rule is incremented (+1) or decremented (-1).
As a result, the operator can monitor the number of the connections only by setting the field value related to the connection to be monitored as the setting value of the rule.
[本実施の形態の効果]
 このように、本実施の形態にかかるコネクション数計測装置10およびコネクション状態検出装置10Aは、状態値stateと参照値Refとを、保持する複数の状態記憶回路16を備え、制御装置15において、選択部24が、それぞれの状態記憶回路16で保持する参照値Refに基づいて、状態記憶回路16のうちから、対象コネクションに関する状態値Stateを保持する状態記憶回路16を選択し、状態判別部25が、受信パケットの状態制御情報と、状態記憶回路16で保持する状態値Stateとに基づいて、対象コネクションの状態に関する次状態を判別し、状態更新部23が、対象コネクションに関する次状態に基づいて、状態記憶回路16での保持内容を更新するようにしたものである。 [Effect of this embodiment]
As described above, the connection number measuring device 10 and the connection state detecting device 10A according to the present embodiment include a plurality of state storage circuits 16 that hold the state value state and the reference value Ref, and are selected by the control device 15. Based on the reference value Ref held by each state storage circuit 16, the unit 24 selects the state storage circuit 16 that holds the state value State related to the target connection from the state storage circuits 16, and the state determination unit 25 selects the state storage circuit 16 that holds the state value State related to the target connection. , The next state regarding the state of the target connection is determined based on the state control information of the received packet and the state value State held by the state storage circuit 16, and the state update unit 23 determines the next state regarding the target connection, based on the next state regarding the target connection. The contents held in the state storage circuit 16 are updated.
 より具体的には、状態記憶回路16のそれぞれは、状態値stateと参照値Refとを保持する格納領域として、任意のコネクションにそれぞれ割り当てられる複数の格納領域を備え、制御装置15において、検索キー生成部22が、状態記憶回路16のそれぞれについて、当該状態記憶回路16のうちから対象コネクションと対応する格納領域を検索する検索キーとして、受信パケットのフィールド値に基づき計算したハッシュ値Hashから、互いに異なる複数の検索キーKeyを生成するとともに、対象コネクションを識別するための比較値Compを生成し、選択部24が、これら検索キーKeyに基づいて状態記憶回路16から出力された参照値Refと、検索キー生成部22から出力された比較値Compとを比較することにより、状態記憶回路16を選択するようにしたものである。 More specifically, each of the state storage circuits 16 includes a plurality of storage areas allocated to arbitrary connections as storage areas for holding the state value state and the reference value Ref, and the search key in the control device 15 The generation unit 22 uses the hash value Hash calculated based on the field value of the received packet as a search key for searching the storage area corresponding to the target connection from the state storage circuits 16 for each of the state storage circuits 16. A plurality of different search key keys are generated, and a comparison value Comp for identifying the target connection is generated, and the selection unit 24 determines the reference value Ref output from the state storage circuit 16 based on these search key keys. The state storage circuit 16 is selected by comparing with the comparison value Comp output from the search key generation unit 22.
 受信パケットの対象コネクションに関する状態値stateを状態記憶回路16に格納する際、対象コネクションとは異なるコネクションの状態値stateを保持する状態記憶回路16では、状態値stateの格納先が衝突することになる。本実施の形態によれば、選択部24により、それぞれの状態記憶回路16で保持する参照値Refに基づいて、状態記憶回路16のうちから、対象コネクションに関する状態値Stateを保持すべき状態記憶回路16が選択される。 When the state value state related to the target connection of the received packet is stored in the state storage circuit 16, the storage destination of the state value state collides with the state storage circuit 16 that holds the state value state of the connection different from the target connection. .. According to the present embodiment, the selection unit 24 should hold the state value State related to the target connection from the state storage circuits 16 based on the reference value Ref held by each state storage circuit 16. 16 is selected.
 これにより、状態記憶回路16において、検索キーKeyのハッシュ衝突が起こることを許容できるため、比較的ビット数の少ない検索キーKeyを用いることができ、状態記憶回路16のアドレス空間すなわち格納領域を削減することが可能となる。
 従来技術によれば、ハッシュ衝突による探索の失敗を避けるため、長いハッシュ値を検索キーとして用いているため、状態を保持するメモリとして、コネクションの数以上の大きなメモリを必要とし、メモリの利用効率が低い問題という問題があったが、本実施の形態によれば、従来技術と比較して、少ないメモリリソースでコネクションの状態を検出することが可能となるとともに、コネクション数を計測することか可能となる。 As a result, since it is possible to allow the hash collision of the search key Key to occur in the state storage circuit 16, the search key Key having a relatively small number of bits can be used, and the address space, that is, the storage area of the state storage circuit 16 is reduced. It becomes possible to do.
According to the prior art, a long hash value is used as a search key in order to avoid a search failure due to a hash collision. Therefore, a memory larger than the number of connections is required as a memory for holding a state, and the memory utilization efficiency. However, according to the present embodiment, it is possible to detect the state of the connection with a smaller amount of memory resources and to measure the number of connections as compared with the conventional technique. Will be.
 また、本実施の形態において、検索キー生成部22が、ハッシュ値Hashを構成するビット列を複数に分割することにより複数の検索キーKeyをそれぞれ生成し、ビット列の一部を切り出して比較値Compを生成するようにしてもよい。これにより、極めて簡素な処理で、ハッシュ衝突の少ない検索キーKeyおよび比較値Compを生成できる。 Further, in the present embodiment, the search key generation unit 22 generates a plurality of search key Keys by dividing the bit strings constituting the hash value Hash into a plurality of pieces, cuts out a part of the bit strings, and obtains a comparison value Comp. It may be generated. This makes it possible to generate a search key Key and a comparison value Comp with few hash collisions with extremely simple processing.
[実施の形態の拡張]
 以上、実施形態を参照して本発明を説明したが、本発明は上記実施形態に限定されるものではない。本発明の構成や詳細には、本発明のスコープ内で当業者が理解しうる様々な変更をすることができる。 [Extension of embodiment]
Although the present invention has been described above with reference to the embodiments, the present invention is not limited to the above embodiments. Various changes that can be understood by those skilled in the art can be made to the structure and details of the present invention within the scope of the present invention.
 10…コネクション数計測装置、10A…コネクション状態検出装置、11…網I/F、12…操作入力装置、13…画面表示装置、14…記憶装置、14P…プログラム、15…制御装置、15A…パケット受信部、15B…ヘッダ解析部、15C…状態検出部、15D…コネクション数計数部、16,16A,16B…状態記憶回路、21…ハッシュ値計算部、22…検索キー生成部、23…状態更新部、24…選択部、25…状態判別部、NW…通信網、Hash…ハッシュ値、Key,Key#0,Key#1…検索キー、State,State#0,State#1…状態値、Ref,Ref#0,Ref#1…参照値、Comp…比較値。 10 ... Connection number measuring device, 10A ... Connection status detection device, 11 ... Network I / F, 12 ... Operation input device, 13 ... Screen display device, 14 ... Storage device, 14P ... Program, 15 ... Control device, 15A ... Packet Receiving unit, 15B ... Header analysis unit, 15C ... State detection unit, 15D ... Connection number counting unit, 16, 16A, 16B ... State storage circuit, 21 ... Hash value calculation unit, 22 ... Search key generation unit, 23 ... State update Unit, 24 ... Selection unit, 25 ... Status determination unit, NW ... Communication network, Hash ... Hash value, Key, Key # 0, Key # 1 ... Search key, State, State # 0, State # 1 ... Status value, Ref , Ref # 0, Ref # 1 ... Reference value, Comp ... Comparison value.

Claims (8)

  1.  通信網との間でパケットを用いたデータ通信を行う網I/Fと、
     前記網I/Fを介して前記通信網から受信した受信パケットのヘッダから予め設定されたフィールド値とコネクションの状態を制御するための状態制御情報とを取得し、前記フィールド値と前記状態制御情報とに基づいて、前記受信パケットのコネクションを示す対象コネクションに関する状態を検出し、得られた検出結果に基づいて各コネクションに関するコネクション数を計測する制御装置と、
     コネクションの状態を示す状態値と当該コネクションを識別するための参照値とを、保持するように構成された複数の状態記憶回路とを備え、
     前記制御装置は、
     前記複数の状態記憶回路のうちから、それぞれの状態記憶回路で保持する前記参照値に基づいて、前記対象コネクションに関する状態値を保持する状態記憶回路を選択するように構成された選択部と、
     前記受信パケットから取得した状態制御情報と、前記選択部で選択された前記状態記憶回路で保持する状態値とに基づいて、前記対象コネクションの状態に関する次状態を判別し、前記検出結果として出力するように構成された状態判別部と、
     前記状態判別部で得られた前記対象コネクションに関する次状態に基づいて、前記複数の状態記憶回路での保持内容を更新するように構成された状態更新部とを備える
     ことを特徴とするコネクション数計測装置。     A network I / F that performs data communication using packets with a communication network,
    A preset field value and state control information for controlling the state of the connection are acquired from the header of the received packet received from the communication network via the network I / F, and the field value and the state control information are obtained. Based on the above, a control device that detects the state related to the target connection indicating the connection of the received packet and measures the number of connections related to each connection based on the obtained detection result.
    It includes a plurality of state storage circuits configured to hold a state value indicating the state of a connection and a reference value for identifying the connection.
    The control device is
    A selection unit configured to select a state storage circuit that holds a state value related to the target connection based on the reference value held by each state storage circuit from the plurality of state storage circuits.
    Based on the state control information acquired from the received packet and the state value held by the state storage circuit selected by the selection unit, the next state regarding the state of the target connection is determined and output as the detection result. With the state determination unit configured as
    The number of connections is measured by comprising a state update unit configured to update the contents held in the plurality of state storage circuits based on the next state of the target connection obtained by the state determination unit. Device.
  2.  請求項1に記載のコネクション数計測装置において、
     前記複数の状態記憶回路のそれぞれは、前記状態値と前記参照値とを保持する格納領域として、任意のコネクションにそれぞれ割り当てられる複数の格納領域を備え、
     前記制御装置は、前記複数の状態記憶回路のそれぞれについて、当該状態記憶回路のうちから前記対象コネクションと対応する格納領域を検索する検索キーとして、前記受信パケットのフィールド値に基づき計算したハッシュ値から、互いに異なる複数の検索キーを生成するとともに、前記対象コネクションを識別するための比較値を生成するように構成された検索キー生成部をさらに備え、
     前記選択部は、前記複数の検索キーに基づいて前記複数の状態記憶回路から出力された前記参照値と、前記検索キー生成部から出力された前記比較値とを比較することにより、前記状態記憶回路を選択する
     ことを特徴とするコネクション数計測装置。     In the connection number measuring device according to claim 1,
    Each of the plurality of state storage circuits includes a plurality of storage areas allocated to arbitrary connections as storage areas for holding the state value and the reference value.
    The control device uses a hash value calculated based on a field value of the received packet as a search key for searching a storage area corresponding to the target connection from the state storage circuits for each of the plurality of state storage circuits. Further, a search key generator configured to generate a plurality of search keys different from each other and to generate a comparison value for identifying the target connection is provided.
    The selection unit stores the state by comparing the reference value output from the plurality of state storage circuits based on the plurality of search keys with the comparison value output from the search key generation unit. A connection count measuring device characterized by selecting a circuit.
  3.  請求項2に記載のコネクション数計測装置において、
     前記検索キー生成部は、前記ハッシュ値を構成するビット列を複数に分割することにより前記複数の検索キーをそれぞれ生成し、前記ビット列の一部を切り出して前記比較値を生成することを特徴とするコネクション数計測装置。     In the connection number measuring device according to claim 2,
    The search key generation unit is characterized in that each of the plurality of search keys is generated by dividing the bit string constituting the hash value into a plurality of pieces, and a part of the bit string is cut out to generate the comparison value. Connection number measuring device.
  4.  請求項2に記載のコネクション数計測装置において、
     前記状態記憶回路として第1および第2の状態記憶回路を備え、
     前記第1の状態記憶回路は、前記状態値と前記参照値を保持し、
     前記第2の状態記憶回路は、前記状態値のみを保持し、
     前記選択部は、前記第1の状態記憶回路で保持されている前記参照値と前記比較値とを比較し、両者が一致した場合、前記第1の状態記憶回路を前記状態記憶回路として選択し、両者が不一致の場合、前記第2の状態記憶回路を前記状態記憶回路として選択する
     ことを特徴とするコネクション数計測装置。     In the connection number measuring device according to claim 2,
    The state storage circuit includes first and second state storage circuits.
    The first state storage circuit holds the state value and the reference value.
    The second state storage circuit holds only the state value and
    The selection unit compares the reference value held in the first state storage circuit with the comparison value, and if both match, the first state storage circuit is selected as the state storage circuit. , A connection number measuring device, characterized in that the second state storage circuit is selected as the state storage circuit when the two do not match.
  5.  請求項4に記載のコネクション数計測装置において、
     前記検索キー生成部は、前記ハッシュ値を構成するビット列を2つ以上に分割することにより前記第1および第2の状態記憶回路に対応する第1および第2の検索キーをそれぞれ生成し、前記ビット列のうち前記第1の検索キー以外の部分から前記比較値を生成することを特徴とするコネクション数計測装置。     In the connection number measuring device according to claim 4,
    The search key generation unit generates first and second search keys corresponding to the first and second state storage circuits by dividing the bit string constituting the hash value into two or more, respectively. A connection number measuring device, characterized in that the comparison value is generated from a portion of a bit string other than the first search key.
  6.  受信パケットのコネクションの状態を示す状態値と当該コネクションを識別するための参照値とを、保持するように構成された複数の状態記憶回路と、受信パケットのヘッダから取得したフィールド値および状態制御情報に基づいて、前記複数の状態記憶回路で保持されている前記状態値および前記参照値を参照することにより、前記受信パケットのコネクションである対象コネクションの状態を検出するように構成された制御装置とを備え、
     前記制御装置は、
     前記複数の状態記憶回路のうちから、それぞれの状態記憶回路で保持する前記参照値に基づいて、前記対象コネクションに関する状態値を保持する状態記憶回路を選択するように構成された選択部と、
     前記受信パケットから取得した状態制御情報と、前記選択部で選択された前記状態記憶回路で保持する状態値とに基づいて、前記対象コネクションの次状態を判別することにより、前記対象コネクションの状態を検出するように構成された状態判別部と、
     前記状態判別部で得られた前記対象コネクションに関する次状態に基づいて、前記複数の状態記憶回路での保持内容を更新するように構成された状態更新部とを備える
     ことを特徴とするコネクション状態検出装置。     A plurality of state storage circuits configured to hold a state value indicating the state of the connection of the received packet and a reference value for identifying the connection, and field values and state control information acquired from the header of the received packet. Based on the above, the control device configured to detect the state of the target connection, which is the connection of the received packet, by referring to the state value and the reference value held by the plurality of state storage circuits. Equipped with
    The control device is
    A selection unit configured to select a state storage circuit that holds a state value related to the target connection based on the reference value held by each state storage circuit from the plurality of state storage circuits.
    The state of the target connection is determined by determining the next state of the target connection based on the state control information acquired from the received packet and the state value held by the state storage circuit selected by the selection unit. A state determination unit configured to detect, and
    A connection state detection unit comprising a state update unit configured to update the contents held in the plurality of state storage circuits based on the next state of the target connection obtained by the state determination unit. Device.
  7.  受信パケットのコネクションの状態を示す状態値と当該コネクションを識別するための参照値とを、保持するように構成された複数の状態記憶回路と、受信パケットのヘッダから取得したフィールド値および状態制御情報に基づいて、前記複数の状態記憶回路で保持されている前記状態値および前記参照値を参照することにより、前記受信パケットのコネクションである対象コネクションの状態を検出し、得られた検出結果を出力するように構成された制御装置とを備えるコネクション状態検出装置で用いられるコネクション状態検出方法であって、
     前記制御装置が、前記複数の状態記憶回路のうちから、それぞれの状態記憶回路で保持する前記参照値に基づいて、前記対象コネクションに関する状態値を保持する状態記憶回路を選択するように構成された選択ステップと、
     前記制御装置が、前記受信パケットから取得した状態制御情報と、前記選択ステップで選択された前記状態記憶回路で保持する状態値とに基づいて、前記対象コネクションの次状態を判別することにより、前記対象コネクションの状態を検出するように構成された状態判別ステップと、
     前記制御装置が、前記状態判別ステップで得られた前記対象コネクションに関する次状態に基づいて、前記複数の状態記憶回路での保持内容を更新するように構成された状態更新ステップと
     を備えることを特徴とするコネクション状態検出方法。     A plurality of state storage circuits configured to hold a state value indicating the state of the connection of the received packet and a reference value for identifying the connection, and field values and state control information acquired from the header of the received packet. By referring to the state value and the reference value held in the plurality of state storage circuits based on the above, the state of the target connection which is the connection of the received packet is detected, and the obtained detection result is output. It is a connection state detection method used in a connection state detection device including a control device configured to perform the above.
    The control device is configured to select a state storage circuit that holds a state value related to the target connection from the plurality of state storage circuits based on the reference value held by each state storage circuit. Selection steps and
    The control device determines the next state of the target connection based on the state control information acquired from the received packet and the state value held by the state storage circuit selected in the selection step. A state determination step configured to detect the state of the target connection,
    The control device is characterized by comprising a state update step configured to update the holding contents in the plurality of state storage circuits based on the next state regarding the target connection obtained in the state determination step. Connection status detection method.
  8.  コンピュータを、請求項1~請求項5のいずれかに記載のコネクション数計測装置を構成する各部として機能させるためのコネクション数計測プログラム。 A connection number measurement program for causing the computer to function as each part constituting the connection number measuring device according to any one of claims 1 to 5.
PCT/JP2020/020499 2020-05-25 2020-05-25 Connection number measurement device, connection state detection device, connection state detection method, and connection number measurement program WO2021240586A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/JP2020/020499 WO2021240586A1 (en) 2020-05-25 2020-05-25 Connection number measurement device, connection state detection device, connection state detection method, and connection number measurement program
JP2022527268A JP7315099B2 (en) 2020-05-25 2020-05-25 Connection count measurement device, connection state detection device, connection state detection method, and connection count measurement program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2020/020499 WO2021240586A1 (en) 2020-05-25 2020-05-25 Connection number measurement device, connection state detection device, connection state detection method, and connection number measurement program

Publications (1)

Publication Number Publication Date
WO2021240586A1 true WO2021240586A1 (en) 2021-12-02

Family

ID=78723161

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2020/020499 WO2021240586A1 (en) 2020-05-25 2020-05-25 Connection number measurement device, connection state detection device, connection state detection method, and connection number measurement program

Country Status (2)

Country Link
JP (1) JP7315099B2 (en)
WO (1) WO2021240586A1 (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016175131A1 (en) * 2015-04-28 2016-11-03 日本電信電話株式会社 Connection control device, connection control method and connection control program

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3846963B2 (en) * 1997-03-17 2006-11-15 富士通株式会社 Communication connection identification method in computer communication
JP2001333093A (en) 2000-05-22 2001-11-30 Fujitsu Ltd Network connection filter system
US6928054B1 (en) 2000-09-20 2005-08-09 Nortel Networks Limited Apparatus, method, media and signals for connection-class parameter control of packet flow
JP2011229093A (en) 2010-04-23 2011-11-10 Hitachi Ltd Network apparatus

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016175131A1 (en) * 2015-04-28 2016-11-03 日本電信電話株式会社 Connection control device, connection control method and connection control program

Also Published As

Publication number Publication date
JP7315099B2 (en) 2023-07-26
JPWO2021240586A1 (en) 2021-12-02

Similar Documents

Publication Publication Date Title
US11876883B2 (en) Packet processing method, network node, and system
US10917322B2 (en) Network traffic tracking using encapsulation protocol
US10505804B2 (en) System and method of discovering paths in a network
Fernandez Comparing openflow controller paradigms scalability: Reactive and proactive
US8879397B2 (en) Balancing load in a network, such as a data center network, using flow based routing
US8270309B1 (en) Systems for monitoring delivery performance of a packet flow between reference nodes
US8601126B2 (en) Method and apparatus for providing flow based load balancing
EP2984798B1 (en) Identification of paths taken through a network of interconnected devices
US20130304915A1 (en) Network system, controller, switch and traffic monitoring method
US10033602B1 (en) Network health management using metrics from encapsulation protocol endpoints
WO2014141006A1 (en) Scalable flow and congestion control in a network
KR20040107424A (en) Method and apparatus for determination of network topology
CN110557342B (en) Apparatus for analyzing and mitigating dropped packets
JP7313480B2 (en) Congestion Avoidance in Slice-Based Networks
EP3474493A1 (en) Network performance measurement method and detection device
US20180324066A1 (en) Network Traffic Analysis
WO2016048389A1 (en) Maximum transmission unit installation for network traffic along a datapath in a software defined network
Zinner et al. Using concurrent multipath transmission for transport virtualization: analyzing path selection
WO2021240586A1 (en) Connection number measurement device, connection state detection device, connection state detection method, and connection number measurement program
CN113132179A (en) Measuring packet residence and propagation times
WO2022049751A1 (en) Number-of-connections measuring device, method, and program
WO2022119749A1 (en) Telemetry data optimization for path tracing and delay measurement
KR101395009B1 (en) Method and apparatus for selecting route
JP2012169756A (en) Encrypted communication inspection system
Wette et al. HybridTE: traffic engineering for very low-cost software-defined data-center networks

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20937866

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2022527268

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20937866

Country of ref document: EP

Kind code of ref document: A1