[go: up one dir, main page]

WO2016075913A1 - Dispositif de gestion de communication, système de transfert de communication, procédé de gestion de communication, et support d'informations sur lequel un programme de gestion de communication a été stocké - Google Patents

Dispositif de gestion de communication, système de transfert de communication, procédé de gestion de communication, et support d'informations sur lequel un programme de gestion de communication a été stocké Download PDF

Info

Publication number
WO2016075913A1
WO2016075913A1 PCT/JP2015/005568 JP2015005568W WO2016075913A1 WO 2016075913 A1 WO2016075913 A1 WO 2016075913A1 JP 2015005568 W JP2015005568 W JP 2015005568W WO 2016075913 A1 WO2016075913 A1 WO 2016075913A1
Authority
WO
WIPO (PCT)
Prior art keywords
communication
transfer
switch
vpn
transfer device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2015/005568
Other languages
English (en)
Japanese (ja)
Inventor
紘也 金子
鈴木 一哉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NEC Corp
Original Assignee
NEC Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NEC Corp filed Critical NEC Corp
Priority to JP2016558876A priority Critical patent/JP6575527B2/ja
Publication of WO2016075913A1 publication Critical patent/WO2016075913A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Definitions

  • the present invention relates to a communication management device that controls the operation of a communication transfer device that transfers packets, a communication transfer system, a communication management method, and a storage medium in which a communication management program is stored.
  • IP-VPN Internet Protocol-Virtual Private Network
  • a communication carrier establishes a virtual private network (VPN) within its own closed network (also referred to as a carrier network) for each customer (hereinafter referred to as a VPN user). Then, the communication carrier provides the VPN user with a wide area base connection service in Layer 3 of the OSI (Open Systems Interconnection) reference model using the constructed VPN.
  • OSI Open Systems Interconnection
  • a CE (Customer Edge) router is installed at each site where a VPN user wishes to connect to an IP-VPN (hereinafter also simply referred to as VPN). Then, the CE router at each site advertises route information including the IP address to a PE (Provider Edge) router arranged at the edge of the VPN using a BGP (Border Gateway Protocol) advertisement message or the like. Then, the VPN user can use a communication network that can be interconnected between the bases via the CE router of each base.
  • PE Provide Edge
  • BGP Band Gateway Protocol
  • VPN virtual private network
  • the communication carrier needs to take measures to prevent the IP addresses from overlapping and to separate the traffic.
  • Non-Patent Document 1 describes a method using MPLS-VPN using MPLS (Multi Protocol Label Switching) which is a label switching network.
  • Non-Patent Document 2 shows a method using OpenFlow (registered trademark) which is a C / U (Control Plane / User Plane) separation network.
  • the data transfer path is formed in a hub-and-spoke type, the communication path to the transfer apparatus serving as the hub is set in the edge device, and the communication path is cut through according to the amount of communication. A method is described.
  • Patent Document 2 describes a method of determining a hub and a route to the hub based on a network topology, network resources, and the like, and forming a data transfer route in a hub-and-spoke type.
  • Patent Document 2 describes a method in which the data transfer path is a hub-and-spoke type, and the path to the hub and the hub is determined based on the network topology, network resources, and the like.
  • the routing information and the data transfer route are associated with each other at all PE routers arranged at the edge of the carrier network. . Therefore, when a VPN user advertises new route information, it is necessary to add a route entry that is information for associating route information and data transfer routes to all PE routers corresponding to the user.
  • the edge device that constitutes the VPN when there is one edge device that has reached the upper limit of the number of path entries that can be accepted, even if there is room in other edge devices, a new base is added. There is a problem that the VPN cannot be configured.
  • devices that can be determined as hubs are limited to network edge devices, and the number of VPNs that can be configured is restricted according to the total performance of each edge device. . Therefore, even when there is a surplus in the performance of the core device of the network, there may be a case where it is not possible to configure by newly adding a VPN due to the total performance of the edge device.
  • the edge device is determined as the hub and the VPN is configured in a hub-and-spoke type
  • the path length from each PE router to the core device corresponds to the spoke. Then, compared with the case where the core device is determined as the hub, the total path length corresponding to the spokes becomes longer. In addition, a large deviation occurs in the length of each spoke. If it does so, there exists a problem that the data communication performance of VPN will become low.
  • an object of the present invention is to provide a communication management device, a communication transfer system, a communication management method, and a communication management program that can effectively use network resources.
  • the communication management device forms a communication network in which a plurality of communication devices are connected, and forwards and relays packets that are directly or indirectly connected to each other and transmitted / received between the plurality of communication devices.
  • operation status information acquisition means for acquiring operation status information indicating the operation status of each communication transfer device from a plurality of communication transfer devices
  • operation status information acquisition means for acquiring operation status information indicating the operation status of each communication transfer device from a plurality of communication transfer devices, and operation status information acquisition means according to a combination of a plurality of communication devices that transmit and receive packets.
  • a hub selection means for selecting a communication transfer device as a hub from a plurality of communication transfer devices, and a packet transmitted by one communication device in the combination is transferred to another communication device in the combination Transfer that determines the transfer rule to be set for each communication transfer device so that it is transmitted via the communication transfer device selected as A law determining means, characterized in that the transfer rule determination unit and a transfer rule transmitting means for transmitting a transfer scheme determined to each communication transfer apparatus.
  • the communication transfer system includes any one of the communication management devices and the communication transfer device.
  • the communication management method forms a communication network in which a plurality of communication devices are connected, and forwards and relays packets that are directly or indirectly connected to each other and transmitted / received between the plurality of communication devices.
  • the operation status information acquisition step for acquiring the operation status information indicating the operation status of each communication transfer device from the plurality of communication transfer devices
  • the operation status information acquisition step according to the combination of the plurality of communication devices transmitting and receiving packets.
  • a hub selection step for selecting a communication transfer device as a hub from a plurality of communication transfer devices based on the acquired operation status information, and a packet transmitted from one communication device in the combination is transferred to another communication device in the combination.
  • the transfer rule set for each communication transfer device is set so that it is transmitted via the communication transfer device selected as A transfer rule determining step constant to, characterized in that a transfer scheme determined respectively in the transfer rule determining step and a transfer rule transmitting step of transmitting to each communication transfer apparatus.
  • a storage medium storing a communication management program according to the present invention constitutes a communication network in which a plurality of communication devices are connected to a computer, and is directly or indirectly connected to each other and transmitted / received between the plurality of communication devices.
  • a combination of operation status information acquisition processing for acquiring operation status information indicating the operation status of each communication transfer device from a plurality of communication transfer devices that transfer and relay packets to be transmitted, and a plurality of communication devices that transmit and receive packets
  • a hub selection process for selecting a communication transfer device as a hub from a plurality of communication transfer devices, and a packet transmitted by one communication device in a combination
  • Each communication transfer device is transmitted to other communication devices in the combination via the communication transfer device selected as the hub.
  • a communication management program for executing a transfer rule determination process for determining a transfer rule to be set in each of the transfer rules, and a transfer rule transmission process for transmitting the transfer rule determined in the transfer rule determination process to each communication transfer device. It
  • network resources can be used effectively.
  • FIG. 1 is a block diagram illustrating a connection example of the VPN controller 100 according to the first embodiment of this invention. As shown in FIG. 1, the VPN controller 100 according to the first embodiment of the present invention is connected to switches 201 to 206 constituting a communication network 400, respectively.
  • the switches 201 to 206 are, for example, OpenFlow switches.
  • the switches 201 to 206 and the VPN controller 100 are connected to each other by, for example, an OpenFlow secure channel.
  • the switches 201 to 206 are connected to each other directly or indirectly. Specifically, in the example illustrated in FIG. 1, the switch 201 is connected to the switches 202 and 204. In the example shown in FIG. 1, the switch 203 is connected to the switches 202 and 206. In the example illustrated in FIG. 1, the switch 205 is connected to the switches 202, 204, and 206.
  • the third port 201-3 of the switch 201 and the first port 202-1 of the switch 202 are connected to each other.
  • the fourth port 201-4 of the switch 201 and the fourth port 204-4 of the switch 204 are connected to each other.
  • the third port 203-3 of the switch 203 and the second port 202-2 of the switch 202 are connected to each other.
  • the fourth port 203-4 of the switch 203 and the fourth port 206-4 of the switch 206 are connected to each other.
  • the first port 205-1 of the switch 205 and the third port 204-3 of the switch 204 are connected to each other.
  • the second port 205-2 of the switch 205 and the third port 206-3 of the switch 206 are connected to each other.
  • the third port 205-3 of the switch 205 and the third port 202-3 of the switch 202 are connected to each other.
  • the CE router 301 is connected to the first port 201-1 and the CE router 302 is connected to the second port 201-2.
  • the CE router 305 is connected to the first port 203-1
  • the CE router 306 is connected to the second port 203-2.
  • the CE router 303 is connected to the first port 204-1 and the CE router 304 is connected to the second port 204-2.
  • a CE router 307 is connected to the first port 206-1
  • a CE router 308 is connected to the second port 206-2.
  • the switch 201, 203, 204, 206 is an edge device of the communication network 400 in which the switches 201, 203, 204, and 206 are arranged at the edge of the communication network 400.
  • the edge device is also referred to as a user connection switch.
  • CE routers 301 to 308 are respectively arranged at the respective bases of VPN users who receive the provision of the VPN service (bases where base IDs described later are set to 1 to 8).
  • FIG. 2 is a block diagram illustrating a configuration example of the VPN controller 100 according to the first embodiment of this invention.
  • the VPN controller 100 according to the first embodiment of the present invention includes a transfer device interface unit 102, a transfer device performance information acquisition unit 103, an NW (network) topology identification unit 104, and an exchange transfer device position calculation unit. 105, a transfer route calculation unit 106, an uplink transfer rule setting unit 107, a downlink transfer rule setting unit 108, a transfer device resource usage DB (database) 109, a topology DB 110, a VPN information DB 111, and a route information DB 112.
  • the transfer device interface unit 102 communicates with each of the switches 201 to 206 in the communication network 400 based on the OpenFlow protocol, and sets, deletes, and updates packet transfer rules, and acquires information from the switches 201 to 206. To do.
  • the transfer device performance information acquisition unit 103 collects usage status information indicating the performance of the switches 201 to 206 from the switches 201 to 206 in the communication network 400 via the transfer device interface unit 102. Then, the transfer device performance information acquisition unit 103 registers the collected usage status information in the transfer device resource usage status DB 109.
  • the NW topology identification unit 104 detects the network topology of the communication network 400 via the transfer device interface unit 102. Then, the NW topology identification unit 104 registers network topology information indicating the detected network topology in the topology DB 110.
  • the NW topology identification unit 104 for example, receives network topology information from packets transmitted and received between adjacent transfer devices based on LLDP (Link Layer Discovery Protocol), NMS (Network Management System) that manages each device in the communication network 400, and the like. To get.
  • LLDP Link Layer Discovery Protocol
  • NMS Network Management System
  • the NW topology identification unit 104 may acquire network topology information statically described in advance, or may acquire network topology information by another method.
  • the exchange transfer device location calculation unit 105 selects an exchange transfer device based on information registered in the transfer device resource usage DB 109.
  • the exchange transfer device is a switch arranged at a position corresponding to a hub in a data transfer path formed in a hub-and-spoke type.
  • the exchange transfer device position calculation unit 105 sends an identifier for uniquely identifying the selected exchange transfer device to the transfer route calculation unit 106.
  • the transfer path calculation unit 106 performs the following processing based on the network topology information registered in the topology DB 110 and the VPN information registered in the VPN information DB 111. That is, the transfer route calculation unit 106 performs a calculation for determining a path connecting between the exchange transfer device and each of the CE routers 301 to 308 arranged at the base of the VPN user. Then, the transfer route calculation unit 106 transmits path information indicating the switches 201 to 206 on the path of the path determined based on the calculation result and the port numbers of the switches 201 to 206 to the uplink transfer rule setting unit 107 and the downlink Each is input to the transfer rule setting unit 108.
  • the uplink transfer rule setting unit 107 Based on the path information input by the transfer route calculation unit 106, the uplink transfer rule setting unit 107 generates a transfer rule related to the upstream traffic from the switches 201, 203, 204, 206 arranged at the edge toward the exchange transfer device. . Then, the uplink transfer rule setting unit 107 inputs information indicating the generated transfer rule to the transfer device interface unit 102.
  • the downlink transfer rule setting unit 108 Based on the path information input by the transfer route calculation unit 106, the downlink transfer rule setting unit 108 generates a transfer rule related to downlink traffic from the exchange transfer device to the switches 201, 203, 204, and 206 arranged at the edge. . Then, the downlink transfer rule setting unit 108 inputs information indicating the generated transfer rule to the transfer device interface unit 102.
  • the transfer device resource usage DB 109 the following information is registered based on a management communication protocol such as a secure channel. That is, in the transfer device resource usage DB 109, usage status information indicating the usage status of communication resources in the switches 201 to 206 connected to the controller 100 in the communication network 400 is registered.
  • the usage status information is registered in the transfer device resource usage status DB 109 by, for example, the transfer device performance information acquisition unit 103 and the downlink transfer rule setting unit 108, or registered by other methods.
  • FIG. 3 is an explanatory diagram showing a configuration example of the transfer device resource usage DB 109.
  • the usage status information is registered in the transfer device resource usage status DB 109 in a table format including a switch ID item, a flow entry registration upper limit number item, and a flow entry current usage item. ing.
  • the flow entry is predetermined information based on the OpenFlow standard, for example, information indicating the processing content for a packet that matches a condition such as a destination.
  • the first entry in the transfer device resource usage DB 109 includes the flow entry registration upper limit number 100 for the switch with the switch ID 0x01 (switch 201 in this example), and the flow entry It is registered that the current usage (number of registrations) is zero.
  • the second entry of the transfer device resource usage DB 109 has a flow entry registration upper limit number of 200 for the switch whose switch ID is 0x02 (switch 202 in this example). It is registered that the current usage amount of the entry is zero.
  • FIG. 3 the flow entry registration upper limit number 100 for the switch with the switch ID 0x01 (switch 201 in this example), and the flow entry It is registered that the current usage (number of registrations) is zero.
  • the second entry of the transfer device resource usage DB 109 has a flow entry registration upper limit number of 200 for the switch whose switch ID is 0x02 (switch 202 in this example). It is registered that the current usage amount of the entry is zero.
  • the third entry in the transfer device resource usage DB 109 includes the flow entry registration upper limit number 100 for the switch with the switch ID 0x03 (switch 203 in this example), and the flow entry It is registered that the current usage amount is zero.
  • the registration entry upper limit number of the flow entry of the switch (switch 204 in this example) whose switch ID is 0x04 is 100 in the fourth entry of the transfer device resource usage DB 109, and the flow It is registered that the current usage amount of the entry is zero.
  • the fifth entry in the transfer device resource usage DB 109 includes a flow entry registration upper limit number 200 of the switch with the switch ID 0x05 (switch 205 in this example), and the flow entry It is registered that the current usage amount is zero.
  • the registration entry upper limit number of the flow entry of the switch whose switch ID is 0x06 is 100 in the sixth entry of the transfer device resource usage DB 109. It is registered that the current usage amount of the entry is zero.
  • topology DB 110 network topology information indicating the connection relationship of the switches 201 to 206 in the communication network 400 managed by the controller 100 is registered.
  • the network topology information is registered in the topology DB 110 by, for example, the NW topology identification unit 104 or registered by other methods.
  • FIG. 4 is an explanatory diagram showing a configuration example of the topology DB 110.
  • the network topology information is registered in the topology DB 110 in a table format including an upstream switch ID item, an upstream switch side port item, a downstream switch ID item, and a downstream switch side port item. .
  • the first entry in the topology DB 110 includes the third port 201-3 of the switch with the switch ID 0x01 (switch 201 in this example) and the switch with the switch ID 0x02 (in this example) It is registered that the first port 202-1 of the switch 202) is linked.
  • the second entry in the topology DB 110 includes the fourth port 201-4 of the switch (switch 201 in this example) with the switch ID 0x01 and the switch (main book) with the switch ID 0x04. In the example, it is registered that the fourth port 204-4 of the switch 204) is linked.
  • the second port 202-2 of the switch with the switch ID 0x02 (switch 202 in this example) and the third port of the switch with the switch ID 0x03 (switch 203 in this example) It is registered that 203-3 is linked.
  • FIG. 5 is an explanatory diagram showing a configuration example of the VPN information DB 111.
  • the configuration information is registered in the VPN information DB 111 in a table format including a VPN-ID item, a site ID item, a user connection switch item, a user connection port item, and a processed flag item. Has been.
  • the CE router in the VPN with VPN-ID 1, the CE router (CE router 301 in this example) arranged at the base with base ID 1 and the switch with this switch ID 0x01 (this example) Then, it is registered that the first port 201-1 of the switch 201) is connected.
  • the CE router in the VPN with VPN-ID 1, the CE router (CE router 305 in this example) arranged at the base with base ID 5 and the switch with switch ID 0x03 ( In this example, it is registered that the first port 203-1 of the switch 203) is connected.
  • the CE router (CE router 304 in this example) arranged at the base with base ID 4 and the switch with this switch ID 0x04 (this example) Then, it is registered that the second port 204-2 of the switch 204) is connected.
  • the CE router (CE router 308 in this example) arranged at the base with the base ID 8 and the switch with the switch ID 0x06 ( In this example, it is registered that the second port 206-2 of the switch 206) is connected.
  • the CE routers 301, 305, 303, and 307 having the base IDs 1, 5, 3, and 7 having the same VPN-ID item “1” can communicate with each other when the VPN service is provided. Is possible. Further, the CE routers 302, 306, 304, and 308 of the base IDs 2, 6, 4, and 8 having the same VPN-ID item “2” and the same each other can communicate with each other when the VPN service is provided. Is possible.
  • FIG. 6 is an explanatory diagram showing a configuration example of the route information DB 112.
  • the route information is registered in the route information DB 112 in a table format including a base ID item, a base address item, and a processed flag item.
  • the IP address of the communication device arranged at each base is set in the base address item.
  • the communication device of each site address communicates with the communication device of another site via the CE router of each site, the communication network 400, and the CE router of another site of the same VPN-ID.
  • the base address of the communication device connected to the CE router (the CE router 301 in this example) arranged at the base with the base ID 1 is 192.168.1.0/24. It is registered.
  • the base address of the communication device connected to the CE router (the CE router 302 in this example) arranged at the base having the base ID 2 is 192.168.2.0/24. Is registered.
  • the base address of the communication device connected to the CE router (the CE router 303 in this example) arranged at the base with the base ID 3 is 192.168.3.0/24. It is registered.
  • the base address of the communication device connected to the CE router (the CE router 304 in this example) arranged at the base having the base ID 4 is 192.168.4.0/24. Is registered.
  • the base address of the communication device connected to the CE router (in this example, the CE router 305) arranged at the base having the base ID 5 is 192.168.5.0/24. It is registered.
  • the base address of the communication device connected to the CE router (the CE router 306 in this example) arranged at the base having the base ID 6 is 192.168.6.0/24. Is registered.
  • the base address of the communication device connected to the CE router (in this example, the CE router 307) arranged at the base having the base ID 7 is 192.168.7.0/24. It is registered.
  • the base address of the communication device connected to the CE router (the CE router 308 in this example) arranged at the base with the base ID 8 is 192.168.8.0/24. Is registered.
  • FIG. 7 is a flowchart showing a process in which the VPN controller 100 constructs a VPN in the communication network 400.
  • the transfer device performance information acquisition unit 103 of the VPN controller 100 requests the transfer device interface unit 102 to transmit a Feature Request based on the OpenFlow standard.
  • the transfer device interface unit 102 transmits a Feature Request to each of the switches 201 to 208.
  • the transfer device interface unit 102 receives the usage status information returned from each of the switches 201 to 208 according to the transmitted Feature Request, and inputs it to the transfer device performance information acquisition unit 103.
  • the transfer device performance information acquisition unit 103 sets the value of Flowable included in the input usage status information according to each switch 201 to 208 in the item of the registration upper limit number of flow entries in the transfer device resource usage status DB 109 shown in FIG.
  • the transfer device performance information acquisition unit 103 registers 0 in the current usage amount field of the flow entry when registering a value in the registration upper limit number field of the flow entry. Then, as shown in FIG. 3, usage status information is registered in the transfer device resource usage status DB 109 (step S101).
  • the NW topology identification unit 104 requests the transfer device interface unit 102 to transmit a message based on, for example, LLDP.
  • the transfer device interface unit 102 transmits a message based on LLDP, for example, by multicast.
  • the transfer device interface unit 102 receives information returned from the switches 201 to 208 in response to the transmitted message based on the LLDP and inputs the information to the NW topology identification unit 104.
  • the NW topology identification unit 104 identifies the topology of the communication network 400 based on the input information, and generates network topology information indicating the topology of the identification result. Therefore, the connection relationship between the switches 201 to 206 is indicated by the network topology information.
  • a known method is used as a method for generating network topology information based on information returned in response to a message based on LLDP. Then, the network topology information is registered in the NW topology identification unit 104 as shown in FIG. 4 (step S102).
  • the VPN controller 100 determines whether or not there is an entry set to N in the processed flag item of the VPN information DB 111 (step S103). When there is no entry set to N (N in step S103), it is indicated that processing for providing the VPN service has already been performed in the CE routers 301 to 308 arranged at all the bases. Therefore, the VPN controller 100 ends the process. If there is an entry set to N (Y in step S103), the VPN controller 100 sets the VPN set in the VPN-ID item in the entry in which the processed flag item is set to N. -Select one ID (step S104). Then, the VPN controller 100 performs processing for constructing a VPN with the selected VPN-ID (step S105).
  • FIG. 8 is a flowchart showing a process in which the VPN controller 100 constructs a VPN with the selected VPN-ID.
  • the exchange transfer apparatus location calculation unit 105 of the VPN controller 100 performs the following process with reference to the transfer apparatus resource usage DB 109. That is, the exchange transfer device location calculation unit 105 extracts one entry having the largest number of remaining registrable flow entries, and selects the switch indicated by the switch ID item of the extracted entry as the exchange transfer device (step S201). ).
  • the exchange transfer device location calculation unit 105 can register the flow entry by subtracting the value of the current usage amount item of the flow entry from the value of the registration upper limit number of the flow entry in the transfer device resource usage DB 109. The remaining number can be calculated. In the example illustrated in FIG. 3, the maximum remaining value of the registerable flow entry of the switch 202 whose switch ID item is 0x02 and the switch 205 whose switch ID item is 0x05 is 200, which is the maximum value. Therefore, the exchange transfer device position calculation unit 105 selects one of the switch 202 and the switch 205 as the exchange transfer device based on, for example, a priority set in advance according to the performance of each switch. Note that the exchange transfer device position calculation unit 105 may select the exchange transfer device by another method. In this example, it is assumed that the switch 202 is selected as the exchange transfer device.
  • the exchange transfer device position calculation unit 105 inputs, to the transfer path calculation unit 106, an identifier for identifying the switch selected in the process of step S201 from other switches (step S202).
  • the identifier that identifies the switch selected in the process of step S201 from other switches is, for example, the switch ID registered in the item of switch ID.
  • the transfer path calculation unit 106 refers to the VPN information DB 111 illustrated in FIG. 5 and sets the VPN-ID selected in the process of step S104 illustrated in FIG. One entry is extracted (Y in step S203, S204). Note that the transfer path calculation unit 106 refers to the VPN information DB 111 illustrated in FIG. 5 and sets the VPN-ID selected in the process of step S104 shown in FIG. If there is no entry (N in step S203), the process is terminated.
  • the transfer path calculation unit 106 performs calculation for determining a path starting from the user connection switch included in the entry extracted in the process of step S204 and ending with the exchange transfer apparatus that is the switch selected in the process of step S201. This is performed (step S205). Note that the transfer path calculation unit 106 performs the calculation in the process of step S205 based on, for example, network topology information registered in the topology DB 110.
  • the transfer path calculation unit 106 determines the path based on the calculation result in the process of step S205. Further, the transfer route calculation unit 106 inputs the path information indicating the list of the switches and the port numbers on the determined route of the path and the entry extracted in the process of Step S204 to the uplink transfer rule setting unit 107 (Step S204). S206).
  • the transfer route calculation unit 106 determines the path based on, for example, the Dijkstra method.
  • the Dijkstra method is an algorithm for calculating the shortest path based on the topology. For example, when the third line of the entry shown in FIG. 5 is extracted from the VPN information DB 111 in the process of step S204, the switch ID of the user connection switch is 0x04 and the user connection port is 1.
  • the switch ID of the switch that is the exchange transfer device selected in the process of step S201 is 0x02
  • the path obtained by the Dijkstra method is 0x04 (3rd port 204-3) ⁇ 0x05 (3rd port 205- 3) ⁇ 0x02 That is, the path is indicated by the path information input to the uplink transfer rule setting unit 107 in the process of step S206.
  • the bandwidth of the link may be used for the cost, the usage rate of the link may be used, or the number of transfer rules set in the table may be used. May be.
  • the path determination method using the Dijkstra method has been described, the use of the Dijkstra method is an example, and a path calculation algorithm other than the Dijkstra method may be used.
  • the uplink transfer rule setting unit 107 generates a transfer rule to be set for each switch based on the path information input in the process of step S206. Then, the uplink transfer rule setting unit 107 causes the transfer device interface unit 102 to perform setting processing for setting the generated transfer rule in each of the switches 201 to 206 (step S207).
  • FIG. 9 is a flowchart showing a setting process (the process of step S207) in which the VPN controller 100 sets a transfer rule for transferring a packet to the exchange transfer apparatus in each of the switches 201 to 206.
  • the uplink transfer rule setting unit 107 first extracts the start point of the path indicated by the path information input in the process of step S206 (step S301). If the path indicated by the path information input in step S206 is 0x04 (No. 3 port 204-3) ⁇ 0x05 (No. 3 port 205-3) ⁇ 0x02, then 0x04 (switch 204) as the starting point Is extracted.
  • the uplink transfer rule setting unit 107 generates a rule (transfer rule) relating to packet matching and transfer applied to the start point extracted in the process of step S301 (in this example, the switch 204 whose switch ID is 0x04) ( Step S302). Specifically, the uplink transfer rule setting unit 107 generates a transfer rule based on the path information input in step S206 shown in FIG. 8 and the entry extracted in step S204. The uplink transfer rule setting unit 107 sets the switches 201 to 206 so that packets are transmitted from the switches 201 to 206 connected to the CE routers 301 to 308 disposed at the respective bases to the exchange transfer device. Each transfer rule to be generated is generated.
  • the transfer rule is a rule for separating packets transmitted from the CE routers 301 to 308 arranged at the base of the VPN service user from other traffic and transferring the packets to the exchange transfer device.
  • the transfer rule includes a matching rule in which the port set in the item of the user connection port in the entry extracted in step S204 is designated as the input port.
  • the transfer rule is a transfer rule in which the base ID in the entry extracted in the process of step S204 is attached to the label that matches the setting content of the collation rule, and transmitted from the port to which the next-hop switch is connected. including.
  • the uplink transfer rule setting unit 107 performs the following processing in step S301. That is, based on the user connection port item (“1”) in the extracted entry, the uplink transfer rule setting unit 107 sets port 1 in the input port item of the entry whose switch ID is 0x04 in the matching rule. To do.
  • the uplink transfer rule setting unit 107 sets the third port connected to the 0x05 switch 205 that is the next hop of the 0x04 switch 204 as an output port based on the path information. Further, the uplink transfer rule setting unit 107 sets the label of the packet to 3 based on the base ID of the extracted entry. The uplink transfer rule setting unit 107 generates a transfer rule with setting contents according to the above processing.
  • FIG. 10 is an explanatory diagram illustrating an example of a transfer rule generated by the uplink transfer rule setting unit 107.
  • the transfer rule generated by the process of step S302 in this example is shown in the third line of the entry in FIG.
  • the uplink transfer rule setting unit 107 transmits the transfer rule generated in step S302 to the start point switch (switch 204 in this example) extracted in step S301 via the transfer device interface unit 102 (step S303). ).
  • the uplink transfer rule setting unit 107 performs an erasure process for erasing the start point switch from the path information, and determines whether or not the path information after the erasure process includes a switch other than the end point switch (step). S304).
  • the uplink transfer rule setting unit 107 determines that the path information after the erasure process does not include any switch other than the end switch (N in step S304)
  • the uplink transfer rule setting unit 107 ends the process and performs the steps illustrated in FIG. The process proceeds to S208.
  • the uplink transfer rule setting unit 107 determines that the path information after the erasure process includes a switch other than the end switch (Y in step S304)
  • the uplink transfer rule setting unit 107 performs the following process. That is, the uplink transfer rule setting unit 107 extracts one switch other than the end point switch based on the path information after the erasure process (step S305).
  • the uplink transfer rule setting unit 107 applies a rule (transfer rule) regarding packet matching and transfer applied to the switch extracted in the process of step S305 (in this example, the switch 205 having a switch ID of 0x05 is extracted). ) Is generated (step S306).
  • the uplink transfer rule setting unit 107 is connected to the 0x02 switch 202 that is the next hop of the 0x05 switch 205 extracted in the process of step S306 based on the path information after the erasure process. Set port 3 as the output port. Further, the uplink transfer rule setting unit 107 sets, in the matching rule, that the label of the packet is 3 based on the base ID of the entry extracted in step S204. The uplink transfer rule setting unit 107 generates a transfer rule for setting contents in the above processing. The transfer rule generated by the processing of this example is shown in the fourth line of the entry in FIG.
  • the uplink transfer rule setting unit 107 transmits the transfer rule generated in step S306 to the switch (switch 205 in this example) extracted in step S305 via the transfer device interface unit 102 (step S307). ).
  • the uplink transfer rule setting unit 107 performs an erasing process for erasing the switch extracted in the process of step S305 from the path information, and proceeds to the process of step S304.
  • step S304 Until the switch indicated by the path information is the only terminal switch, that is, until it is determined as N in the process of step S304, the processes of steps S305 to S307 are repeated and transferred to each switch indicated by the original path information. Rules are sent and set. Then, a transfer path is set for separating packets transmitted from the CE routers 301 to 308 arranged at the base of the user of the VPN service from other traffic and transferring the packets to the exchange transfer device.
  • step S208 the transfer path calculation unit 106 determines a path starting from the switch selected as the exchange transfer device in step S201 and ending with the user connection switch included in the entry extracted in step S204.
  • the calculation for performing is performed (step S208). Note that the transfer path calculation unit 106 performs the calculation in the process of step S208 based on, for example, network topology information registered in the topology DB 110.
  • the transfer path calculation unit 106 determines the path based on the calculation result in the process of step S208. Further, the transfer route calculation unit 106 inputs the path information indicating the list of switches and the port numbers on the determined route of the path and the entry extracted in the process of Step S204 to the downlink transfer rule setting unit 108 (Step S204). S209).
  • the transfer route calculation unit 106 may determine the path based on the Dijkstra method, for example, similarly to the processing in step S205, or may determine it based on another method.
  • the switch ID of the user connection switch is 0x04 and the user connection port is 1. If the switch ID of the switch that is the exchange transfer device selected in the process of step S201 is 0x02, the path obtained by the Dijkstra method is 0x02 (3rd port 202-3) ⁇ 0x05 (1st port 205) -3) ⁇ 0x04. That is, the path is indicated by the path information input to the downlink transfer rule setting unit 108 in the process of step S209.
  • the downlink transfer rule setting unit 108 generates a transfer rule to be set for each switch based on the path information input in the process of step S209. Then, the downlink transfer rule setting unit 108 causes the transfer device interface unit 102 to perform setting processing for setting the generated transfer rule in each of the switches 201 to 206 (step S210).
  • FIG. 11 is a flowchart showing a setting process in which the VPN controller 100 sets transfer rules for transferring packets to users of the VPN service in the switches 201 to 206.
  • the downlink transfer rule setting unit 108 performs the following process. That is, the downlink transfer rule setting unit 108 sets the route information shown in FIG. 6 among the bases set with the same base ID as the base ID included in the entry extracted in the process of step S204 shown in FIG. 8 in the VPN information DB 111. A base ID for which the processed flag item is set to N in the DB 112 is extracted (Y in step S401, S402).
  • the downlink transfer rule setting unit 108 has processed in the route information DB 112 shown in FIG. 6 among the bases set with the same base ID as the base ID selected in step S204 shown in FIG. 8 in the VPN information DB 111. If there is no site ID for which the flag item is set to N, the process proceeds to step S407.
  • the downlink transfer rule setting unit 108 sets the processed flag item of the base ID in the route information DB 112 to Y when the base ID is extracted in the process of step S402 (step S403). Further, the downlink transfer rule setting unit 108 increments the current usage of the flow entry of the switch selected as the exchange transfer device by the process of step S201 in the transfer device resource usage DB 109 shown in FIG. 3 (step S404). .
  • the downlink transfer rule setting unit 108 changes the label attached to the packet based on the base ID extracted in the process of step S402 and the path information input in the process of step S209 shown in FIG.
  • a transfer rule including the rule is generated (step S405).
  • the entry extracted in the process of step S204 is the third row of the entry in the VPN information DB 111 shown in FIG. 5, and the path information input in the process of step S209 is used.
  • the downlink transfer rule setting unit 108 performs the following processing.
  • the downlink transfer rule setting unit 108 shows the base ID (3 in this example) set in the third line of the entry of the VPN information DB 111 shown in FIG. 5 extracted in the process of step S204 as shown in FIG.
  • the base address 192.168.3.0/24 set in the route information DB 112 is set in the collation rule.
  • the downlink transfer rule setting unit 108 the matching rule, a reassignment rule for changing the label of a packet whose destination IP address is an address that matches the matching rule, a transfer rule for forwarding the packet to the next hop, Generate a transfer rule containing.
  • the replacement rule of this example for example, the label already attached to the packet is removed, and 100 is added to 3 which is the base ID of the address 192.168.3.0/24 set in the route information DB 112 103 Is newly set to the label of the packet. Further, according to the transfer rule of this example, it is defined that the output is made to the third port which is the port to which the 0x05 switch which is the next hop switch is connected.
  • FIG. 12 is an explanatory diagram showing an example of a transfer rule generated by the downlink transfer rule setting unit 108.
  • the transfer rule generated by the process of step S405 in this example is shown in the third line of the entry in FIG.
  • the downlink transfer rule setting unit 108 selects the switch (in this example, the switch 202 in this example) that has selected the transfer rule generated in the process of step S405 through the transfer apparatus interface unit 102 in the process of step S201 shown in FIG. ) (Step S406), and the process proceeds to step S401.
  • the downlink transfer rule setting unit 108 selects the switch 202 selected as the exchange transfer device in the process of step S201 shown in FIG. 8 from the path information input in the process of step S209 in the process of step S407 (N in step S401). An erasing process for erasing is performed (step S407). If the downlink transfer rule setting unit 108 determines that the path information after the erasure process does not include any switch other than the end switch (N in step S408), the downlink transfer rule setting unit 108 proceeds to the process in step S412.
  • the downlink transfer rule setting unit 108 performs the following process when it is determined that the path information after the erasure process includes a switch other than the end switch (Y in step S408). That is, the downlink transfer rule setting unit 108 extracts one switch other than the end point switch based on the path information after the erasure process (step S409).
  • the downlink transfer rule setting unit 108 then applies a rule (transfer rule) relating to packet matching and transfer applied to the switch extracted in the process of step S409 (in this example, the switch 205 having a switch ID of 0x05 is extracted). ) Is generated (step S410).
  • the downlink transfer rule setting unit 108 is connected to the 0x04 switch 204 that is the next hop of the 0x05 switch 205 extracted in the process of step S409 based on the path information after the erasure process.
  • Set port 1 as the output port.
  • the downlink transfer rule setting unit 108 sets the collation rule that the label of the packet is 103 based on the transfer rule generated in the process of step S405.
  • the downlink transfer rule setting unit 108 generates a transfer rule for setting contents in the above processing.
  • the transfer rule generated by the processing of this example is shown in the fourth line of the entry in FIG.
  • the downlink transfer rule setting unit 108 transmits the transfer rule generated in step S410 to the switch (switch 205 in this example) extracted in step S409 via the transfer device interface unit 102 (step S411). ).
  • the downlink transfer rule setting unit 108 performs an erasure process for erasing the switch extracted in the process of step S409 from the path information, and proceeds to the process of step S408.
  • step S408 Until the switch indicated by the path information is the only end switch, that is, until it is determined as N in the process of step S408, the processes of steps S409 to S411 are repeated and transferred to each switch indicated by the original path information. Rules are sent and set. Then, a transfer route is set for separating the packet transmitted from the exchange transfer device from other traffic and transferring the packet to the CE routers 301 to 308 arranged at the base of the user of the VPN service.
  • the downlink transfer rule setting unit 108 generates a transfer rule to be transmitted to the terminal switch (switch 204 in this example) in the path indicated by the path information input in the process of step S209 shown in FIG. (Step S412), the process proceeds to Step S211.
  • the label set in the packet is deleted based on the transfer rule generated in step S405, and the entry of the VPN information DB 111 shown in FIG. 5 extracted in step S204 is extracted.
  • a transfer rule that specifies that a packet is output from the first port is generated.
  • the downlink transfer rule setting unit 108 switches the end point in the path indicated by the path information input in the process of step S209 shown in FIG. 8 through the transfer apparatus interface unit 102, using the transfer rule generated in the process of step S412.
  • the process proceeds to the process of step S211 shown in FIG.
  • step S211 the VPN controller 100 sets the processed flag of the entry extracted in step S204 in the VPN information DB 111 to Y (step S211). That is, the entry extracted in the process of step S204 is set as processed. Then, the process proceeds to step S203.
  • the VPN service can be started.
  • a VPN with one VPN-ID set can be constructed by repeatedly executing the processing of steps S203 to S211 shown in FIG. Further, by repeatedly executing the processing of steps S103 to S105 shown in FIG. 7, the VPN of each VPN-ID for which the processed flag is set to N in the VPN information DB 111 can be constructed.
  • each VPN is configured in a hub-and-spoke type.
  • the exchange transfer device which is a switch corresponding to the hub, can be set to the registration upper limit number of flow entries and the usage amount at that time. Depending on the situation, it can be distributed and selected. Therefore, the communication resources of the communication network 400 configured by the switches 201 to 206 can be effectively utilized. And more VPNs can be constructed in the communication network 400.
  • FIG. 13 is a block diagram illustrating a configuration example of the VPN controller 500 according to the second embodiment of this invention.
  • the VPN controller 500 according to the second embodiment of the present invention shown in FIG. 13 includes a transfer device performance information acquisition unit 503, an NW topology identification unit 504, an exchange transfer device location calculation unit 505, a transfer device resource usage DB 509, and a topology DB 510.
  • a transfer device performance information acquisition unit 503 an NW topology identification unit 504
  • an exchange transfer device location calculation unit 505 a transfer device resource usage DB 509
  • a topology DB 510 Is different from the configuration and operation of the VPN controller 100 according to the first embodiment of the present invention shown in FIG. Since the configuration and operation of other components are the same as the configuration and operation of the VPN controller 100 according to the first embodiment of the present invention shown in FIG. 2, the same reference numerals as those in FIG.
  • the transfer device performance information acquisition unit 503 in the present embodiment collects usage status information including information indicating the packet transfer capability from each of the switches 201 to 206. Then, the transfer device usage status information acquisition unit 503 registers the collected usage status information in the transfer device resource usage status DB 509.
  • FIG. 14 is an explanatory diagram showing a configuration example of the transfer device resource usage DB 509 in the present embodiment.
  • the usage status information in the present embodiment includes a table format including a switch ID item, a flow entry registration upper limit number item, a flow entry current usage item, and a packet transfer capability item. Is registered in the transfer device resource usage DB 509.
  • the NW topology identification unit 504 detects the network topology of the communication network 400 via the transfer device interface unit 102. Then, the NW topology identification unit 504 registers the network topology information indicating the detected network topology and including information indicating the link bandwidth and the link usage rate between the switches 201 to 206 in the topology DB 510.
  • FIG. 15 is an explanatory diagram showing a configuration example of the topology DB 510 in the present embodiment.
  • the network topology information in this embodiment includes an upstream switch ID item, an upstream switch side port item, a downstream switch ID item, a downstream switch side port item, and a link bandwidth item between the switches.
  • the link usage rate are registered in the topology DB 510 in a table format.
  • the exchange transfer device location calculation unit 505 selects an exchange transfer device based on the use status information registered in the transfer device resource use status DB 509 and the network topology information registered in the topology DB 510. Then, the exchange transfer device position calculation unit 505 outputs an identifier for uniquely identifying the selected exchange transfer device to the transfer route calculation unit 106.
  • FIG. 16 is a flowchart illustrating a process in which the VPN controller 500 according to the second embodiment constructs a VPN with the selected VPN-ID.
  • the process of step S221 is performed instead of the process of step S201 in the operation example shown in FIG. That is, in the process of step S221, the exchange transfer device location calculation unit 505 of the VPN controller 500 refers to the transfer device resource usage DB 509 and the topology DB 510 to replace the switch with the largest remaining packet transfer capability. Elected to.
  • the exchange transfer device position calculation unit 505 can obtain the remaining amount of the packet transfer capability by subtracting the current bandwidth used for each link from the packet transfer capability of each switch. Therefore, the exchange transfer device position calculation unit 505 acquires information indicating the packet transfer capability of each switch from the packet transfer capability item in the transfer device resource usage DB 509 illustrated in FIG. Further, the exchange transfer device position calculation unit 505 obtains information indicating the used bandwidth of each link by multiplying the value of the link bandwidth item in the topology DB 510 illustrated in FIG. 15 and the value of the link usage rate.
  • the exchange transfer device location calculation unit 505 subtracts, for each switch, the value indicated by the information indicating the used bandwidth of each link connected to the switch from the value indicated by the information indicating the acquired packet transfer capability. Then, the exchange transfer device position calculation unit 505 can obtain the remaining packet transfer capability of each switch.
  • the exchange transfer device position calculation unit 505 selects the switch 202 whose switch ID is 0x02 as the exchange transfer device.
  • the exchange transfer device position calculation unit 505 calculates the remaining amount of packet transfer capability of each switch. Then, the exchange transfer device position calculation unit 505 selects a switch having a sufficient packet transfer capability as the exchange transfer device. Therefore, an exchange transfer device is selected according to the operating status of each switch. Therefore, the exchange transfer device can be selected flexibly according to the change in the operating status.
  • FIG. 17 is a block diagram illustrating a configuration example of the VPN controller 600 according to the third embodiment of this invention.
  • the VPN controller 600 of the third embodiment of the present invention shown in FIG. 17 is different from the operation of the VPN controller 500 of the second embodiment of the present invention shown in FIG.
  • the configuration and operation of the other components are the same as the configuration and operation of the VPN controller 500 according to the second embodiment of the present invention shown in FIG. 13, and therefore the same reference numerals as those in FIG.
  • FIG. 18 is a flowchart illustrating a process in which the VPN controller 600 according to the third embodiment constructs a VPN with the selected VPN-ID.
  • the process of step S231 is performed instead of the process of step S221 in the operation example shown in FIG. That is, in the process of step S231, the exchange transfer device location calculation unit 605 of the VPN controller 600 refers to the transfer device resource usage DB 509 and the topology DB 510 as a switch that can transfer a packet with high efficiency. elect.
  • FIG. 19 is a flowchart showing the process of step S231 shown in FIG. As illustrated in FIG. 19, the exchange transfer device location calculation unit 605 refers to the topology DB 510 and extracts all combinations configured by two switches among the switches 201 to 206 configuring the communication network 400 (step S601). ).
  • the exchange transfer device position calculation unit 605 determines the shortest path between the switches, for example, by the Dijkstra method for all the combinations of the switches 201 to 206 extracted in the process of step S601 (step S602).
  • the cost of the link and node required when calculating the shortest path includes the link bandwidth obtained from the topology DB 510, the link usage rate, the registration upper limit number of flow entries obtained from the transfer device resource usage DB 509, Costs such as the current usage amount of the flow entry can be set as appropriate.
  • the exchange transfer device position calculation unit 605 counts the number of switches 201 to 206 included in each shortest path determined in the process of step S602 (step S603).
  • the exchange transfer device position calculation unit 605 selects a switch having the largest count result value in the process of step S603 as the exchange transfer device (step S604).
  • the exchange transfer device position calculation unit 605 of this example selects the switch having the largest count result value in the process of step S603 as the exchange transfer device, but the switch selected as the exchange transfer device is based on other criteria. You may decide.
  • the exchange transfer device position calculation unit 605 selects the switch to which the largest number of packets are transferred as the exchange transfer device when packets are transmitted and received between the switches on the shortest path. Therefore, a path can be configured to transfer more packets on the shortest path. Therefore, the path can be configured to transfer the packet with higher efficiency.
  • FIG. 20 is a block diagram illustrating a configuration example of the VPN controller 700 according to the fourth embodiment of this invention.
  • the VPN controller 700 according to the fourth embodiment of the present invention shown in FIG. 20 is different from the VPN controller 700 according to the third embodiment of the present invention shown in FIG. Different from the operation at 600.
  • the configuration and operation of the other components are the same as the configuration and operation of the VPN controller 600 according to the third embodiment of the present invention shown in FIG. 17, and thus the same reference numerals as those in FIG.
  • FIG. 21 is a flowchart illustrating a process in which the VPN controller 700 according to the fourth embodiment constructs a VPN with the selected VPN-ID.
  • the processes of steps S241, S242, S245, S246, S248, and S249 are performed in place of the processes of steps S231, S202, S205, S206, S208, and S209 in the operation example shown in FIG. Is called.
  • the exchange transfer device location calculation unit 705 of the VPN controller 700 refers to the VPN information DB 111, the transfer device resource usage DB 509, and the topology DB 510, and switches the switch to the exchange transfer device according to each VPN. elect.
  • FIG. 22 is a flowchart showing the process of step S241 shown in FIG. As illustrated in FIG. 22, the exchange transfer device position calculation unit 705 refers to the VPN information DB 111 and the topology DB 510 to calculate the shortest path between each of the switches 201 to 206 and each user connection switch (step S701). .
  • the exchange transfer device position calculation unit 705 calculates, for each switch, the total cost of the shortest path to each user connection switch in which the same VPN-ID is set (step S702).
  • the exchange transfer device location calculation unit 705 selects, for each VPN for which the same VPN-ID is set, the switch having the smallest total value calculated in the process of step S702 as the exchange transfer device for each VPN (step S703). .
  • the exchange transfer device position calculation unit 705 in this example selects the switch having the smallest total value in the process of step S702 as the exchange transfer device, but determines the switch to be selected as the exchange transfer device based on other criteria. May be.
  • step S242 the exchange transfer device position calculation unit 705 inputs path information indicating the path between the exchange transfer device selected in step S703 and each user connection switch to the transfer route calculation unit 706 (step S242).
  • step S242 the transfer route calculation unit 706 rearranges the paths indicated by the path information input in step S242 so that the start point is a user connection switch and the end point is an exchange transfer device (step S245).
  • step S245 the transfer path calculation unit 706 inputs the path information indicating the rearranged path and the entry extracted in the process of step S204 to the uplink transfer rule setting unit 107 (step S246). Therefore, path information based on the path with the lowest cost is input to the uplink transfer rule setting unit 107, and a transfer rule is generated.
  • step S248 the transfer path calculation unit 706 rearranges the paths indicated by the path information input in step S242 so that the start point becomes the exchange transfer device and the end point becomes the user connection switch (step S248). S248). Then, the transfer path calculation unit 706 inputs the path information indicating the rearranged path and the entry extracted in the process of step S204 to the downlink transfer rule setting unit 108 (step S249). Therefore, path information based on the path with the lowest cost is input to the downlink transfer rule setting unit 108, and a transfer rule is generated.
  • the exchange transfer device position calculation unit 705 selects an exchange transfer device for each VPN so that the total cost of the shortest path is minimized. Therefore, the exchange transfer device can be selected so as to transfer the packet with higher efficiency. Further, the uplink transfer rule setting unit 107 and the downlink transfer rule setting unit 108 generate a transfer rule corresponding to the shortest path based on the path information used for selecting the exchange transfer device. Therefore, the packet transfer efficiency can be further improved.
  • FIG. 23 is a block diagram illustrating a configuration example of the VPN controller 800 according to the fifth embodiment of this invention.
  • the VPN controller 800 of the fifth embodiment of the present invention shown in FIG. 23 includes an exchange transfer device correspondence DB 813 and a path information update unit 814, and the operation of the exchange transfer device location calculation unit 805 is the same as that of the present invention shown in FIG. This is different from the operation in the VPN controller 100 of the first embodiment. Since the configuration and operation of other components are the same as the configuration and operation of the VPN controller 100 according to the first embodiment of the present invention shown in FIG. 2, the same reference numerals as those in FIG.
  • the exchange transfer device correspondence DB 813 stores correspondence information for associating the VPN with the switch ID indicating the exchange transfer device selected by the exchange transfer device position calculation unit 805.
  • the route information update unit 814 generates a transfer rule according to a new packet transmission / reception route, which is newly applied to a switch that realizes a VPN that has already been set, based on the added route information.
  • FIG. 24 is a flowchart illustrating processing in which the VPN controller 800 according to the fifth embodiment updates the VPN of the selected VPN-ID.
  • the process of step S284 is performed instead of the process of step S204 in the operation example shown in FIG. That is, in the process of step S284, the exchange transfer device location calculation unit 805 extracts from the VPN information DB 111 an entry that includes one VPN-ID and for which no processed flag is set.
  • the exchange transfer device location calculation unit 805 associates the one VPN-ID with the exchange transfer device ID that is an identifier for identifying the exchange transfer device used for the VPN of the one VPN-ID.
  • the exchange transfer device correspondence DB 813 is stored (step S284).
  • FIG. 25 is an explanatory diagram showing an example of entries stored in the exchange transfer apparatus corresponding DB 813 in the process of step S284.
  • the exchange transfer device ID “0x02” is associated with the VPN-ID “1” and stored in the exchange transfer device correspondence DB 813.
  • FIG. 25 shows that the exchange transfer device correspondence DB 813 stores the VPN-ID “2” in association with the exchange transfer device ID “0x04”.
  • the exchange transfer device ID is, for example, a switch ID indicating a switch selected as the exchange transfer device.
  • FIG. 26 is a flowchart showing the operation of the route information update unit 814.
  • the route information update unit 814 first extracts a newly registered entry, that is, an entry for which Y is not set in the processed flag from the route information DB 112, and sets the processed flag. (Step S801).
  • FIG. 27 is an explanatory diagram showing an example of the registered contents of the route information DB 112.
  • Y is not set in the processed flag. Therefore, in this example, the route information update unit 814 extracts the entry shown at the bottom in FIG. 27 in the process of step S801.
  • the base ID of the entry is “1”, and the base address is 192.168.10.0/24.
  • the route information update unit 814 generates a new transfer rule based on the base ID and base address included in the entry extracted in step S801 (step S802). Specifically, for example, the route information update unit 814 generates a transfer rule similar to the entry of the same base ID as the base ID included in the entry extracted in the process of step S801 in the route information DB 112. That is, in this example, the route information update unit 814 labels “101” obtained by adding 100 to “1” which is the base ID of the lowest entry in the route information DB 112 shown in FIG. 27 extracted in the process of step S801. And a transfer rule for outputting the packet from the first port is generated.
  • FIG. 28 is an explanatory diagram illustrating an example of a transfer rule generated by the route information update unit 814. In FIG. 28, the transfer rule generated by the route information update unit 814 is shown at the bottom.
  • the route information update unit 814 extracts an entry with the same base ID as the base ID included in the entry extracted in the process of step S801 from the VPN information DB 111. Then, the path information update unit 814 extracts an entry with the same VPN-ID as the VPN-ID included in the entry extracted from the VPN information DB 111 from the exchange transfer apparatus correspondence DB 813 (step S803).
  • the route information update unit 814 is shown at the top from the VPN information DB 111 shown in FIG. Extract entries. In FIG. 5, the VPN-ID of the entry shown at the top is “1”.
  • the route information update unit 814 extracts the entry whose VPN-ID is “1” from the exchange transfer device correspondence DB 813.
  • the entry whose VPN-ID is “1” is shown at the top, and the exchange transfer device ID of the entry is 0x02.
  • the path information update unit 814 transmits the transfer rule generated in the process of step S802 to the switch that is the exchange transfer apparatus indicated by the exchange transfer apparatus ID included in the entry extracted in the process of step S803 (step S804). ).
  • the exchange transfer device ID “0x02” is included in the top entry whose VPN-ID is “1” in the exchange transfer device correspondence DB 813. Therefore, the path information update unit 814 transmits the transfer rule generated in the process of step S802 to the switch 202 whose switch ID is 0x02.
  • the terminal device or the like It is possible to perform communication through the network.
  • the contents of the new route information can be reflected more quickly than the method of transferring by hop-by-hop to all the transfer devices on the packet transfer route in the VPN corresponding to the new route information.
  • Embodiment 6 FIG. Next, a sixth embodiment of the present invention will be described.
  • the communication network 400 to be controlled by the VPN controller of each embodiment described above is configured by switches 201 to 206 corresponding to OpenFlow.
  • each switch of the communication network to be controlled by the VPN controller of the present embodiment corresponds to MPLS-TP (Multi Protocol Label Switching-Transport Profile).
  • FIG. 29 is a flowchart illustrating a process in which the VPN controller according to the fifth embodiment constructs a VPN with the selected VPN-ID.
  • the processes of steps S257 and S260 are performed instead of the processes of steps S207 and S210 in the operation example shown in FIG.
  • the upstream transfer rule setting unit of the VPN controller requests the transfer device interface unit to open an LSP (Label Switched Path) in the process of step S257.
  • the transfer device interface unit performs processing for opening the LSP via a CLI (Command Line Interface) of the MPLS-TP router included in the communication network (step S257).
  • CLI Common Line Interface
  • the downlink transfer rule setting unit of the VPN controller requests the transfer device interface unit to open the LSP in the process of step S260.
  • the transfer device interface unit performs processing for opening the LSP via the CLI of the MPLS-TP router included in the communication network (step S260).
  • the uplink transfer rule setting unit, the downlink transfer rule setting unit, and the transfer device interface unit open the LSP based on MPLS-TP. Therefore, even if each switch of the communication network to be controlled is compatible with MPLS-TP, the present invention can be applied to achieve the same effects as those of the above-described embodiments.
  • FIG. 30 is a block diagram illustrating a configuration example of the communication management apparatus 10 according to the seventh embodiment of this invention.
  • the communication management device 10 includes an operation status information acquisition unit 13, a hub selection unit 15, a transfer rule determination unit 17, and a transfer rule transmission unit 12.
  • the operation status information acquisition unit 13 corresponds to the transfer device performance information acquisition unit 103 according to the first embodiment of this invention shown in FIG.
  • the hub selection unit 15 corresponds to the exchange transfer device position calculation unit 105 of the first embodiment of the present invention shown in FIG.
  • the transfer rule determining unit 17 corresponds to the uplink transfer rule setting unit 107 and the downlink transfer rule setting unit 108 of the first embodiment of the present invention shown in FIG.
  • the transfer rule transmitting unit 12 corresponds to the transfer device interface unit 102 according to the first embodiment of the present invention shown in FIG.
  • the operation status information acquisition unit 13 configures a communication network to which a plurality of communication devices are connected, and forwards and relays packets that are directly or indirectly connected to each other and transmitted and received between the plurality of communication devices. Operation status information indicating the operation status of each communication transfer device is acquired from a plurality of communication transfer devices.
  • the communication apparatus corresponds to the CE routers 301 to 308 shown in FIG.
  • the communication transfer device corresponds to the switches 201 to 206 shown in FIG.
  • the hub selection unit 15 selects a communication transfer device serving as a hub from a plurality of communication transfer devices based on the operation status information acquired by the operation status information acquisition unit according to a combination of a plurality of communication devices that transmit and receive packets. .
  • the transfer rule determining unit 17 transmits the packet transmitted by one communication device in the combination to each communication transfer device so that the packet is transmitted to the other communication device in the combination via the communication transfer device selected as the hub. Decide each transfer rule to be set.
  • the transfer rule transmitting unit 12 transmits the transfer rules determined by the transfer rule determining unit 17 to each communication transfer device.
  • network resources can be used effectively.

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Le problème décrit par l'invention consiste à fournir un dispositif de gestion de communication pour utiliser efficacement des ressources réseau. Selon la solution proposée par l'invention, une unité d'acquisition d'informations d'état de fonctionnement (13) acquiert, à partir de multiples dispositifs de transfert de communication, des informations d'état de fonctionnement indiquant les états de fonctionnement des dispositifs de transfert de communication respectifs. Une unité de sélection de concentrateur (15) sélectionne, en fonction d'une combinaison de multiples dispositifs de communication transmettant/recevant un paquet, sur la base des informations d'état de fonctionnement acquises par le moyen d'acquisition d'informations d'état de fonctionnement, l'un des multiples dispositifs de transfert de communication qui doit servir de concentrateur. Une unité de détermination de règle de transfert (17) détermine des règles de transfert qui doivent être définies dans les dispositifs de transfert de communication respectifs, de telle sorte que le paquet transmis par l'un des dispositifs de communication dans la combinaison est transféré à un autre dispositif parmi les dispositifs de communication dans la combinaison par l'intermédiaire du dispositif de transfert de communication choisi comme concentrateur. Une unité de transmission de règle de transfert (12) transmet ensuite les règles de transfert déterminées par l'unité de détermination de règle de transfert (17) aux dispositifs de transfert de communication respectifs.
PCT/JP2015/005568 2014-11-11 2015-11-06 Dispositif de gestion de communication, système de transfert de communication, procédé de gestion de communication, et support d'informations sur lequel un programme de gestion de communication a été stocké Ceased WO2016075913A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2016558876A JP6575527B2 (ja) 2014-11-11 2015-11-06 通信管理装置、通信転送システム、通信管理方法、および通信管理プログラム

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2014229009 2014-11-11
JP2014-229009 2014-11-11

Publications (1)

Publication Number Publication Date
WO2016075913A1 true WO2016075913A1 (fr) 2016-05-19

Family

ID=55954016

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2015/005568 Ceased WO2016075913A1 (fr) 2014-11-11 2015-11-06 Dispositif de gestion de communication, système de transfert de communication, procédé de gestion de communication, et support d'informations sur lequel un programme de gestion de communication a été stocké

Country Status (2)

Country Link
JP (1) JP6575527B2 (fr)
WO (1) WO2016075913A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115516831A (zh) * 2020-05-26 2022-12-23 思科技术公司 Sd-wan集线器和辐条的自动配设
JP2024512108A (ja) * 2021-03-30 2024-03-18 アマゾン・テクノロジーズ・インコーポレーテッド プロバイダネットワークバックボーンネットワークを利用した広域ネットワーキングサービス
US12483499B2 (en) 2023-03-27 2025-11-25 Amazon Technologies, Inc. Custom configuration of cloud-based multi-network-segment gateways

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011037104A1 (fr) * 2009-09-24 2011-03-31 日本電気株式会社 Système et procédé d'identification pour communication entre serveurs virtuels
WO2011155484A1 (fr) * 2010-06-09 2011-12-15 日本電気株式会社 Système de communication, dispositif de contrôle de voie logique, dispositif de contrôle, procédé et programme de communication
WO2013168737A1 (fr) * 2012-05-09 2013-11-14 日本電気株式会社 Système de communication, dispositif de commande, procédé de communication, et programme

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011037104A1 (fr) * 2009-09-24 2011-03-31 日本電気株式会社 Système et procédé d'identification pour communication entre serveurs virtuels
WO2011155484A1 (fr) * 2010-06-09 2011-12-15 日本電気株式会社 Système de communication, dispositif de contrôle de voie logique, dispositif de contrôle, procédé et programme de communication
WO2013168737A1 (fr) * 2012-05-09 2013-11-14 日本電気株式会社 Système de communication, dispositif de commande, procédé de communication, et programme

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115516831A (zh) * 2020-05-26 2022-12-23 思科技术公司 Sd-wan集线器和辐条的自动配设
CN115516831B (zh) * 2020-05-26 2024-04-26 思科技术公司 Sd-wan集线器和辐条的自动配设
JP2024512108A (ja) * 2021-03-30 2024-03-18 アマゾン・テクノロジーズ・インコーポレーテッド プロバイダネットワークバックボーンネットワークを利用した広域ネットワーキングサービス
JP7656071B2 (ja) 2021-03-30 2025-04-02 アマゾン・テクノロジーズ・インコーポレーテッド プロバイダネットワークバックボーンネットワークを利用した広域ネットワーキングサービス
US12483499B2 (en) 2023-03-27 2025-11-25 Amazon Technologies, Inc. Custom configuration of cloud-based multi-network-segment gateways

Also Published As

Publication number Publication date
JP6575527B2 (ja) 2019-09-18
JPWO2016075913A1 (ja) 2017-08-17

Similar Documents

Publication Publication Date Title
EP3429141B1 (fr) Trajet à commutation d'étiquette de routage de segment pour les routeurs activés sans routage de segment
US11743166B2 (en) Provisioning non-colored segment routing label switched paths via segment routing policies in border gateway protocol
EP2813032B1 (fr) Equilibrage de transfert et de résolution d'adresse dans des réseaux superposés
US10454821B2 (en) Creating and maintaining segment routed traffic engineering policies via border gateway protocol
US10841172B2 (en) Network fabric visualization and management
CN105049350B (zh) 利用出口对等工程的分段路由的方法、装置及系统
EP2817926B1 (fr) Délégation de transfert de données et résolution d'adresse dans un réseau fragmenté
CN106165322B (zh) 向冗余控制器路由协议的代理
US11888733B2 (en) Label deduction with flexible-algorithm
CN110120916B (zh) Bgp会话的优先级形成
EP3754914A1 (fr) Ingénierie de trafic à base de classes dans un réseau ip
JP6954295B2 (ja) 通信システム、エッジノード、通信方法及びプログラム
JP6575527B2 (ja) 通信管理装置、通信転送システム、通信管理方法、および通信管理プログラム
CN102638413B (zh) 路由发布方法和运营商边缘设备
US10554543B1 (en) Migrating data traffic between label switched paths (LSPs) based on per-LSP protocol priority value
Kukreja et al. Demonstration of SDN-based orchestration for multi-domain Segment Routing networks
WO2014157609A1 (fr) Appareil de commande, système de communication, procédé de commande de nœud de communication et programme
WO2014133025A1 (fr) Système de communication, contrôleur hôte, procédé de gestion de réseau et programme
US11824763B2 (en) Filtering topologies for path computation in massively scaled networks
Filsfils et al. BGP-Prefix Segment in large-scale data centers
JP4553304B2 (ja) ネットワークトポロジ処理方法および異ネットワーク間接続処理方法
JP2008219530A (ja) 仮想閉域網にユーザ経路広告を転送するシステム及びプログラム
Previdi et al. RFC 8670: BGP Prefix Segment in Large-Scale Data Centers
JPWO2014123194A1 (ja) 通信システム、制御装置、通信制御方法およびプログラム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15859110

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2016558876

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15859110

Country of ref document: EP

Kind code of ref document: A1