JP2006222821A - Packet transfer device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To solve a problem unsolved by a conventional polishing method, in which a contract bandwidth for every application is guaranteed and simultaneously a band-limiting is performed to an excessive bandwidth so that the excessive bandwidth can not be used in an operating bandwidth for every user. <P>SOLUTION: A packet which does not violate the contract bandwidth for every application is constantly determined that the packet does not violate the contract bandwidth for every user, either. At such time, if there is an excess for the contract bandwidth for every user, the excessive bandwidth is managed. When packets other than packets following the contract bandwidth are input for every application in user packets, the contract bandwidth for every user is constantly prevented from exceeding by performing the band-limiting for every user with a bandwidth value obtained by subtracting the excessive bandwidth from the contract bandwidth for every user. Regarding packets violating the contract bandwidth for every application, the band-limiting is performed in the contract bandwidth for every application by abandoning the packets. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a policing method for monitoring a flow rate of a packet flowing into a network and discarding a packet that does not conform to a contract, and a network monitoring method and a packet transfer apparatus based on the policing method.

Along with the spread of the Internet, in addition to the data of normal web browsing that has been common in the past, real-time application data such as VoIP (Voice over IP) and stream transfer, mission critical data for business use, etc. Application data that requires high communication quality is also being communicated over IP networks. For this reason, Diffserv (Differentiated Services) is standardized by the Internet Engineering Standards Organization IETF (Internet Engineering Task Fore) as one of the technologies for controlling communication quality on IP networks (see Non-Patent Documents 1 and 2). Widely implemented in network nodes such as routers and switches constituting the network.
In a network node (DS-compliant node) that implements Diffserv, various kinds of transfer processes called PHB (Per-Hop-Behavior) can be executed in order to satisfy the communication quality requirement for each application. The type of PHB includes EF (Expedited Forwarding) that guarantees minimum bandwidth and provides low-latency full priority forwarding, AF (Assured Forwarding) that has multiple classes and provides relative priority forwarding for each class, And there is BE (Best Effort) which provides the best effort transfer. For example, PHB to be applied for each application is EF for VoIP that requires strict low delay, and for applications that require communication quality other than VoIP, AF of a class corresponding to the delay and discard rate characteristics required for each application. By applying BE to applications that do not require high communication quality, such as Web browsing, quality requirements for each application can be met.
In order to realize the various PHBs described above, the DS-compliant node possesses Classifier, Meter, Marker, Dropper, and Shaper defined as Diffserv components (see Non-Patent Document 2). FIG. 1 shows the structure of a Diffserv functional block composed of the above components.
The flow of packet processing in the Diffserv functional block will be described along the flow of processing shown in FIG. For an input packet input to the Diffserv function block 107 of the DS-compliant node 108, it is necessary to first determine which of the various PHBs should be applied. The classification of which PHB should be applied for each input packet must be defined in advance by the administrator of the network (DS domain) operated with a common policy based on Diffserv according to the header content of the packet. Yes, this classification definition is registered in Classifier. According to this classification definition, the classifier 101 identifies which PHB classification definition the header content of the input packet matches, and classifies the packet. Hereinafter, a definition for classifying each set of packets classified by the Classifier based on the header content of the input packet into flows and flows is referred to as a flow definition.

  Next, in Marker 102, a DSCP (Differentiated Services Code Point) corresponding to the PHB applied to each flow classified by Classifier 101 is given. This process is called Marking. DSCP is the upper 6 bits of Type of Service (Traffic Class in IPv6) in the IP header, and is used to identify PHB in the DS domain. The recommended DSCP values for various PHBs are defined in Non-Patent Document 3, EF is Non-Patent Document 4, and BE is Non-Patent Document 1, respectively.

  When a traffic profile is contracted between a DS domain administrator and a user who communicates using the DS domain, the meter 103 measures the flow rate of traffic, burst amount, etc. for each user. Determine whether the contract with each user is (in-profile) or not (out-of-profile). When a packet to which EF is applied is out-of-profile, the packet is discarded by Dropper 104. When a packet to which AF is applied is out-of-profile, at Marker 102 Re-marked to a higher discard class. The above-described Meter 103, Marker 102, and Dropper 104 are combined to form a flow rate monitoring mechanism called a Policer 106. The flow rate measured by Policer106, the setting of whether or not to drop in Dropper104 when it becomes out-of-profile, and the DSCP that is remarked when it is not discarded even if it becomes out-of-profile The definition related to the value is called the Policer definition.

  The Shaper 105 located at the last stage of the Diffserv function block executes a transfer process corresponding to the PHB indicated by the DSCP given by the Marker 102. In general, the shaper 105 determines whether to transmit a packet from a plurality of queues 201-i (i = 1 to 6) that accumulate packets as shown in FIG. 2 or a plurality of queues 201-i. The EF queue 201-1, AF queues 201-2, 201-3, 201-4, 201-5, and BE queue 201-6 are owned independently. Yes. There is a priority relationship regarding transmission control among the plurality of queues. By assigning the highest priority queue as the queue 201-1 for EF, it is possible to realize complete priority transfer with low delay. The lowest priority queue is assigned to the BE queue 201-6, and the queues 201-2, 201-3, 201-4, and 201-5 for each AF class are in the order that matches the priority relationship between the classes. By assigning priority queues in, transfer processing corresponding to various PHBs can be realized.

K. Nichols, et al. "Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers", IETF, RFC2474, December 1998.

S. Blake, et al. “An Architecture for Differentiated Services”, IETF, RFC2475, December 1998. B. Davie, et al. “An Expedited Forwarding PHB (Per-Hop Behavior)”, IETF, RFC3246, March 2002. J.Heinanen, et al. “Assured Forwarding PHB Group”, IETF, RFC2597, June 1999.

  Since the scheduler 202 determines that the packets stored in the highest priority queue are transmitted with the highest priority as long as the packets are stored in the highest priority queue, the packets are not transmitted from other queues during that period. As a result, the packets accumulated in other queues suffer an unlimited adverse effect such as an increase in delay or a discard due to an increase in queue length and overflow of packets from the queue. In order to prevent this unrestricted adverse effect on other PHBs due to EF traffic, it is necessary to limit the bandwidth of EF traffic to an appropriate value or less. It is stipulated that the value of the quantity must be configurable by the DS domain administrator. Further, since Non-Patent Document 3 also stipulates that the minimum bandwidth is guaranteed for EF traffic, the limited bandwidth needs to be a value equal to or greater than the minimum bandwidth.

  In the following, a case will be considered where control is performed for a flow to which EF and BE to which the highest priority queue is assigned is applied in a DS domain in which a traffic profile is contracted for each user. Even when flows to which AF is applied are mixed, the following problems similarly occur.

Consider communication in the DS domain 301 connected to n user networks 302-1 to 302-n as shown in FIG. The DS domain 301 contracts with the n user networks 302-1 to 302-n for traffic profiles related to bandwidth and burst amount. Furthermore, for traffic transmitted from each user network 302-1 to 302-n, a PHB to be applied for each application is predefined, and both a packet to which EF is applied and a packet to which BE is applied Can be sent.
All input traffic from each of the user networks 302-1 to 302-n is transmitted to the DS node 108-1, which is a DS-compliant node, and bandwidth control and PHB are performed by the Diffserv function block 107 in the DS node 108-1. The transfer process corresponding to is executed. Hereinafter, an outline of the flow of processing in the Diffserv function block 107 will be described.
For all input traffic to the DS node 108-1, the classifier 101 in the Diffserv function block 107 first classifies the packet. For example, the user who sent the packet can be identified by checking the IP address of the sender in the IP header, and the application can be identified by checking the source port number in the transport layer TCP header or UDP header. can do.

Based on the user information identified by the Classifier 101, the flow rate monitoring for each user is executed by the Policer 106, and when it becomes out-of-profile, the Dropper 104 discards the packet. For a packet not discarded, the DSCP corresponding to the PHB to be applied to the packet is given by the Marker 102 based on the application information identified by the Classifier 101. Based on the DSCP, the packet is accumulated in the queue 210-i assigned to the PHB to be applied by the shaper 105, and as a result of transmission determination by the scheduler 202, an appropriate transfer process corresponding to the PHB is executed.
Here, the bandwidth control required for the DS node 108-1 will be described. The Policer 106 in the DS node 108-1 monitors the traffic flow for each user in order to prevent the band interference between users and provide the contracted band for each user as described above. This is the contracted band for each user. If the packet exceeds the limit, it is necessary to limit the bandwidth by discarding the packet by the Dropper 104. As described at the beginning, in order to prevent an unlimited adverse effect on PHB other than EF, it is necessary to limit the bandwidth of EF traffic with an appropriate limited bandwidth. In order to prevent a specific user from occupying the highest priority queue for EF, it is desirable to limit the bandwidth for EF traffic for each user. In other words, it is also necessary to monitor the flow rate of EF traffic for each user, that is, the flow rate for each user and each application, and to limit the bandwidth thereof. The problems in realizing the above-described bandwidth limitation for each user and bandwidth limitation for each user and each application will be described below.
The limited bandwidth of user i's traffic is M _i , and the limited bandwidth of user i's EF traffic configured as a packet of user i and application j is m _i (M _i ≧ m _i ). As shown in FIG. 4, to register the flow definition 401-1 "user i and Application j" in Classifier101, the Policer definition 402-1 to this is defined as "band-limited by band limit m _i". Further, defined as register the flow definition 401-2 "user i", "band-limited by band limit M _i" the Policer definition 402-2 to this. Note that the flow definition registered in the Classifier usually takes the form of a list as shown in Fig. 5, and it is identified whether it matches the packet header contents in order from the upper flow definition 1501-1 according to the registered order. The match comparison process is terminated at the time of matching. Therefore, even when there are a plurality of flow definitions that match the packet header content in the list, only the flow definition registered at the top is identified as matching. Therefore, in the example of FIG. 4, only the flow of “user i and application j” matches the flow definition 401-2 “user i”, and the flow of “user i and application j” is the flow definition 401-2 “user i”. i ”is identified as not matching. Therefore, what is band-limited to M _i by Policer definition 402-2 is only flow of the "user i and non-application j". Flow of the "user i and Application j" is not subject to band limitation M _i by Policer definition 402-2 receives only band limitation m _i by Policer definition 402-1. "User i and non-application j" flow is band-limited to M _i, the flow of "Since user i and Application j" flow is band-limited to m _i, the sum of these flows "user i" The limited bandwidth becomes M _i + m _i , which exceeds the original limited bandwidth M _i .

For the next to avoid the above problem, "the user i and non-application j" as shown in FIG. 6 by subtracting the previously excess of m _i from restrictions apply band to flow, Policer definition 402-3 Consider a method of setting “bandwidth limit with limited band M _i −m _i ”. In this case, it is possible to "user i" limited band M _i as a flow, a restricted band of the flow of the "user i and Application j" m _i. However, in this case, the limited bandwidth of the flow of “user i and other than application j” is limited to M _i −m _i , so that the flow of “user i and application j” is not communicated. The flow of the user “i” also becomes the limited bandwidth M _i −m _i . Therefore, there is a problem that the unused bandwidth of “user i and application j” cannot be used effectively, and the contract bandwidth contracted by user i as DS domain 301 cannot be sufficiently provided.

In order to solve the above-described problem, the policing method of the present invention is characterized in that when the flow rate of a packet of a certain flow is limited, the flow rate of only a part of the flow is further limited. Further, when the entire bandwidth that is the flow rate of a packet of a certain flow and the partial bandwidth that is the flow rate of only some of the specific types of packets are contracted with the user who is the source of the packet, respectively. ,
Even if the entire bandwidth when a part of the packets of a certain flow flows does not conform to the contract, the packet is not discarded if the partial bandwidth conforms to the contract. And

The following explains how the present invention solves the problem of bandwidth control in the DS node 108-1 in the DS domain 301 described in the section “Problems to be Solved by the Invention”. First, the relationship between Classifier and Policy shown in FIG. 4 is changed as shown in FIG. 7, in addition to the control of FIG. 4, the policy definition 402-2 “band limitation with limited band M _i ” is changed to a flow definition 401-1 “user i and application j” and a flow definition 401- “user i”. 2, an arrow 701 indicating that the Policy definition 402-2 is applied to the flow definition 401-1 is added. In the control of FIG. 4, since the flow of the "user i and Application j" does not coincide with the flow definition 401-2 "user i", being band-limited to M _i by Policer definition 402-2 is "user i And it was only a flow other than “application j”. However, the control of FIG. 7, the Policer definition 402-2 is also applied to the flow of "user i and Application j", all flow of the "User i" is band-limited to M _i. Thus, when the flow rate of a packet of a certain flow is limited, it is possible to further limit the flow rate of only a part of the flow.
However, it will be described next that there is a problem that the bandwidth of “user i and application j” is excessively limited by this control alone.

FIG. 8 shows an input band 801 of a flow of “user i and application other than j” and an input band 802 of a flow of “user i and application j” as examples of the input band to the DS node 108-1. First, the flow of the flow of the "other than the user i and Application j" is entered in the input band 801 that exceed the limit band M _i by Policer definition 402-2, user i and Application j "from subsequent time t Policer definition 402- It is entered in the input band 802 to meet the restricted band m _i by 1. Input bandwidth of flow of the "other than the user i and Application j" Since exceed the limit band M _i is determined irrelevant to the Policer definition 402-2, "user i and after the band limitation by Policer106 9 band 901 of the flow of non-application j "is suppressed to limit the bandwidth M _i, are used up to enable restricted band M _i. At this time, if a packet of “user i and application j” is input, even though it conforms to the Policy definition 402-1 for the packet of “user i and application j”, the limited bandwidth M _i as the packet of “user i” Is already used up, it will be determined as non-conforming to the Poller definition 402-2. As shown in FIG. 10, a packet that is determined to be incompatible with either the entire bandwidth that is the flow rate of a packet of a certain flow or the partial bandwidth that is the flow rate of only some of the packets of a certain flow is discarded. When the control is performed, the packet of “user i and application j” is discarded although it conforms to the policy definition 402-1. As a result, the packet of “user i and application j” is not necessarily provided with a bandwidth corresponding to the limited bandwidth even if the packet is input within a bandwidth within the limited bandwidth for the flow. In other words, even when EF traffic is input within the limited bandwidth, it is not necessarily transferred with complete priority and is discarded, so the minimum bandwidth as EF traffic cannot always be guaranteed.

  Non-Patent Document 3 stipulates that the minimum bandwidth as EF traffic is guaranteed. If EF traffic is entered within the restricted bandwidth, it is guaranteed that the EF traffic restricted bandwidth can be allocated as a fixed bandwidth if it is transferred without strict discarding. It is also possible. For this purpose, as shown in FIG. 11, for a packet determined to be compatible with a partial band that is a flow rate of only some of the packets of a certain flow, the entire band that is a flow rate of the packet of a certain flow is used. Even if it is determined that the packet does not conform to the above, it is necessary to control such that the packet is not discarded. By this control, the packet of the above-mentioned “user i and application j” is always provided with a bandwidth corresponding to the limited bandwidth if it is input within a bandwidth within the limited bandwidth for the flow. That is, when EF traffic is input within the limited bandwidth, it is always discarded with complete priority without being discarded, so that the minimum bandwidth as EF traffic can be guaranteed.

  In the above-described control, even if it is determined that the packet does not conform to the entire bandwidth of a certain flow, the packet may not be discarded. End up. In order to avoid this problem, the excess bandwidth for the entire bandwidth is managed by the amount of use of a packet that was determined to be incompatible with the entire bandwidth but was determined to be incompatible with some bandwidth and was not discarded. Then, it is necessary to control the bandwidth limiting process so as to eliminate the excess bandwidth for subsequent arrival packets. Each time a packet arrives, this excess bandwidth is recalculated taking into account the time elapsed since the previous packet arrived. If the recalculated excess bandwidth is a positive value, the excess bandwidth for the entire bandwidth has not yet been resolved. Therefore, the received packet is discarded unless a part of the bandwidth is contracted and conforms to the packet that arrives when the excess bandwidth is a positive value. As a result, the bandwidth is limited by the bandwidth value obtained by subtracting the excess bandwidth from the entire bandwidth. As a result, it is possible to guarantee that a part of the band is guaranteed and the excess band is eliminated, so that the limit band for the entire band is not constantly exceeded. A detailed example of this control in the Meter 103 in the Policer 106 will be described in the section “Best Mode for Carrying Out the Invention”.

When this control is performed on the input band to the DS node 108-1 shown in FIG. 8, the bandwidth 1201 of the flow of “other than user i and application j” after bandwidth limitation by the Poller 106 and “user i” FIG. 12 shows a time change of the bandwidth 1202 of the flow of the application “j”. When the time t the flow of "user i and Application j" starts inputted through the input band 802 to meet the restricted band m _i, Policer106 to implement the present control is determined to fit all the packets of "user i and Application j" Forward. As a result, the bandwidth used by the flow of “user i and application j” is the bandwidth 1202. On the other hand, the flow of “other than user i and application j” is limited to the band 1201 of the M _i −band 1202 during this period. Finally, when the band 1202 is to be band-limited by m _i, next band 1201 Mi-mi is used by the flow of "other than the user i and Application j" band and band 1201 as a flow of the "User i" 1202 is band-limited to M _i together.

In policing for limiting the flow rate of packets flowing into the network, when limiting the flow rate of a specific type of packet, it is possible to further limit the flow rate of only a part of the specific type of packet.
Furthermore, when the user who is the transmission source of each packet contracts the entire bandwidth that is the flow rate of the specific type packet and the partial bandwidth that is the flow rate of only some of the specific type packets, Even if the entire bandwidth when some of the specific types of packets flow in does not conform to the contract, if the partial bandwidth conforms to the contract, by not discarding the packet, A partial band can be guaranteed as the minimum band.
In the network monitoring method based on policing, the bandwidth used by the packet is controlled so as to conform to the contract by discarding rather than delaying the packet as in shaping. Therefore, since the memory resource that constitutes the queue for delaying the packet is not required, the policing method of the present invention can be realized at a lower cost than the case where the above-described bandwidth control is realized by shaping. be able to.
In addition, in shaping, scheduling for calculating a delay time in a queue and selecting a queue for transmitting a packet becomes a bottleneck in speeding up the processing. Therefore, the policing method according to the present invention can speed up the processing compared with the case where the above-described bandwidth control is realized by shaping, and is advantageous in applying to a high-speed line.

  In the policing method of the present invention, this is a packet for each user as an example of the specific type of packet, and this is used as a top priority queue in a packet relay apparatus in the network as an example of a part of the specific type of packet. When limiting the flow rate of packets for each user by setting the packets to be accumulated or transferred with the highest priority in the network, the flow rate of packets processed with the highest priority among the packets for each user is further limited. can do. In addition, it is possible to guarantee a partial bandwidth contracted with a packet to be processed with the highest priority among the packets for each user as the lowest bandwidth. In addition, in the case where a packet that is processed with the highest priority among the packets for each user does not flow, the entire bandwidth in which packets other than the packet that is processed with the highest priority among the packets for each user are contracted with the packets for each user. Can be used up effectively.

  Further, as another example of the specific type of packet, this is a packet for each user, and as an example of a part of the specific type of packet, this is a packet to which EF-PHB in Diffserv is applied. In this case, when the flow rate of packets for each user is limited, the flow rate of packets to which EF is applied among the packets for each user can be further limited. In addition, it is possible to guarantee a partial bandwidth contracted to a packet to which EF is applied among packets for each user as a minimum bandwidth. In addition, if packets that apply EF out of packets for each user do not flow, packets that do not apply for EF among packets for each user can effectively use the entire bandwidth contracted for packets for each user. it can.

  As another example of the specific type packet, some of the specific type packets are transmitted without congestion control for controlling the flow rate of packets to be transmitted according to the congestion state in the network. And when the other specific type packet is a packet transmitted with congestion control, the flow rate of the packet without congestion control is further increased when the flow rate of the packet for each user is limited. By limiting, it is possible to prevent the flow rate of packets transmitted with congestion control from being unlimitedly limited by the flow rate of packets not involving congestion control.

  Further, as another example of the specific type packet, a packet for each user communicating using UDP or TCP as a transport layer protocol is considered, and as an example of a part of the specific type packet, This is a UDP packet whose transport layer protocol is UDP. In this case, when the flow rate of packets for each user is restricted, the flow rate of UDP packets among the packets for each user can be further restricted. Further, it is possible to guarantee a partial bandwidth contracted with the UDP packet among the packets for each user as the minimum bandwidth. In addition, when no UDP packet flows among the packets for each user, the TCP packet whose transport layer protocol is TCP among the packets for each user effectively uses the entire bandwidth contracted for the packet for each user. be able to.

  First, a configuration outline of a packet transfer apparatus to which the present invention is applied will be described with reference to FIG. The packet transfer apparatus 600 switches N packets, N input lines 610-i (i = 1 to N) to which packets are input, a packet reception circuit 620-i that performs packet reception processing, and a routing processing unit 630. Packet relay processing means 640, a bandwidth monitoring unit 650-j (j = 1 to M) for each output line, a discard control unit 660-j, a packet transmission circuit 670-j for performing transmission processing, and a packet output N output lines 680-j.

  FIG. 14 shows an example of a packet format in the network assumed by the present invention. The packet includes a header part 710 and a data part 720. The header portion 710 includes a source IP address (Source IP address: hereinafter referred to as “SIP”) 711, a destination IP address (Destination IP address: hereinafter referred to as “DIP”) 712, and a source port (Source PORT: Hereinafter, it is comprised of a destination port (Destination Port: hereinafter referred to as “DPORT”) 714. The data portion 720 includes user data 721. In addition to the above information, information such as time to live (TTL) is also stored in the header section 710, but the processing described below can be executed in the same manner as the above information.

  FIG. 15 shows an example of a packet format inside the packet transfer apparatus 600 to which the present invention is applied. The internal header 810 is added to the format of the packet in the packet transfer apparatus 600 in addition to the packet format of the IP network. The internal header 810 includes an input line number 811 that is an identifier of a line to which a packet is input, an output line number 812 that is an identifier of a line to which the packet is output, a packet length 813 that indicates the byte length of the packet, and a result of bandwidth monitoring The instructed discard control unit 660-j includes an accumulation / discard instruction 814 for instructing accumulation / discard for the packet accumulation FIFO 665-j, and a queuing priority 815 for the packet accumulation FIFO 665-j.

Next, an outline of the operation of the packet transfer apparatus to which the present invention is applied will be described with reference to FIG. When a packet is input from the input line 610-i of the packet transfer apparatus 600, the packet receiving circuit 620-i adds an internal header 810, calculates the byte length of the packet, and writes the packet length 813 (unit is Byte). Further, the input line 610-i to which the packet is input is written in the input line number 811 and the packet is transmitted to the routing processing unit 630. At this point, the output line number 812 is a meaningless value. When the routing processing unit 630 receives the packet, the DIP712
The line 680-j that outputs the packet is determined based on the above, and the line number j of the output line 680-j is written to the output line number 812 and transmitted to the packet relay processing means 640. The packet relay processing unit 640 switches the packet according to the output line number 812 and transmits it to the bandwidth monitoring unit 650-j for each output line.
Bandwidth monitoring unit 650-j detects the user to which the packet belongs based on SIP 711, further detects the application type based on SPORT713 or DPORT714, performs bandwidth monitoring for each application and bandwidth monitoring for each user, In addition to guaranteeing the minimum bandwidth contracted to, the bandwidth limitation for each application and the bandwidth limitation for each user are further performed. Detailed operation of the bandwidth monitoring unit 650-j will be described later. For the packet whose bandwidth has been monitored, the storage / discard instruction 814 for the packet storage FIFO 665-j in the discard control unit 660-j in FIG. The queuing priority is written into the queuing priority 815 and transmitted to the discard control unit 660-j.
The packet transmitted to the discard control unit 660-j is temporarily stored in the temporary storage buffer 662-j. When “discard” is instructed based on the packet storage / discard instruction 814 transmitted from the bandwidth monitoring unit 650-j, the packet is not transmitted from the temporary storage buffer 662-j to the packet storage FIFO 665-j. Then, the information of the packet that has arrived at the discard control unit 660-j after the packet determined to be “discard” is overwritten. When “accumulation” is instructed, the threshold accumulation unit 661-j for each queuing priority refers to the threshold of the packet accumulation FIFO 665-j for the queuing priority 815, and this threshold and the FIFO counter 664-j Compare values. When this threshold value is larger than the FIFO counter 664-j, it is determined as “accumulation” and the packet is transmitted to the packet accumulation FIFO 665-j, and 1 is added to the value of the FIFO counter 664-j. When the threshold value is equal to or smaller than the FIFO counter 664-j, it is determined as “discard” and the packet is not transmitted to the packet accumulation FIFO 665-j and is not added to the value of the FIFO counter 664-j. Then, the information of the packet that has arrived at the discard control unit 660-j after the packet determined to be “discard” is overwritten.
The packet output control unit 666-j transmits a packet transmission start signal 667-j so that the packets are transmitted in the line bandwidth in the order stored in the packet storage FIFO 665-j. The packet is transmitted to the transmission circuit 670-j. When receiving the packet transmission activation signal 667-j, the FIFO counter 665-j subtracts 1 from the FIFO counter 665-j. In the present invention, the packet output control unit 666-j transmits the packet transmission activation signal 667-j so as to transmit the packet in the line bandwidth. However, the packet output control unit 666-j transmits a packet below the line bandwidth set by the network operator (for example, the line bandwidth Half of the above). The packet transmitted to the packet transmission circuit 670-j is removed from the internal header 810 and transmitted to the output line 680-j.

  Next, a detailed operation of the bandwidth monitoring unit 650-j will be described. As a bandwidth monitoring algorithm, a bandwidth monitoring algorithm that extends the leaky bucket algorithm to IP variable-length packets is used. The leaky bucket algorithm is a model of a leaky bucket with a hole with a certain depth, and water continues to leak in the monitoring band while water is in the bucket, and when the packet is input, water for the byte length of this packet is poured It is. The bucket has a depth to allow the arrival fluctuation of the packet, and it is determined that the input packet is compliant and the packet is violated as long as the bucket does not overflow.

  FIG. 17 shows a block diagram of the bandwidth monitoring unit 650-j. The bandwidth monitoring unit 650-j includes a flow detection unit, a per-flow bandwidth monitoring table control unit, a per-bucket accumulation amount determination unit, a per-flow bandwidth monitoring result determination unit, a flow group detection unit, and a flow group bandwidth monitoring. A table control unit, a flow group bucket accumulation amount determination unit, a flow group bandwidth monitoring result determination unit, and a monitoring result comprehensive determination unit are configured. The format of the bandwidth monitoring table for each flow is shown in FIG. 18, and the format of the flow group bandwidth monitoring table is shown in FIG. Reference numerals 11-1 to 11-6 are bandwidth monitoring entries for each service corresponding to the service A1 to the service B3 of the user A, 12-1 is a user, and 12-2 is a user bandwidth monitoring entry of the user B. THR is the bucket depth, POLR is the monitoring bandwidth, TS is the previous packet arrival time, CNT is the amount of water stored in the bucket, TOSC is the service identifier for compliance, QC is the queuing priority for compliance DROP indicates “discard” or “accumulate” instructions at the time of violation. The flow detection unit determines a flow identifier based on SIP 711 in the information in the packet header in order to monitor the bandwidth for each flow. The per-flow bandwidth monitoring table control unit reads the THR, POLR, TS, CNT, TOSC, QC, and DROP parameters necessary for bandwidth monitoring by referring to the per-flow bandwidth monitoring entry corresponding to the flow identifier, and each THR Accumulation means, POLR accumulation means, TS accumulation means, CNT accumulation means, TOSC accumulation means, QC accumulation means, DROP accumulation means. Hereinafter, a case where the flow is a packet of service A1 and the flow group is a packet of user A will be described.

The per-flow bucket accumulation amount determination unit determines the amount of water in the bucket immediately before packet input. First, the bucket accumulation amount determination circuit calculates the difference between the value of the timer that counts the current time and TS-A1 of the TS accumulation means, and calculates the elapsed time that has elapsed since the previous accumulation of water in the bucket. Next, multiply the elapsed time by POLR-A1 in the POLR accumulator to calculate the amount of water that has leaked since the previous accumulation of water in the bucket. Further, the bucket water amount decrease amount is subtracted from the CNT-A1 in the CNT accumulation means to determine the bucket accumulation amount which is the amount of water just before the packet is input. Whether the bucket accumulation amount is positive or negative is determined. If the determination result is negative, the bucket accumulation amount is corrected to zero.
The monitoring result determination circuit of the monitoring result determination unit for each flow determines whether or not water corresponding to the packet length of the input packet enters the bucket. First, the packet length is added to the bucket accumulation amount, and this is compared with the THR-A1 in the THR accumulation means. When the amount of accumulated bucket + packet length is longer than THR-A1, the bucket overflows when water equivalent to the packet length is input, so the input packet is judged as a violation packet and the result of this judgment is monitored. It transmits to a result comprehensive determination part. When the bucket accumulation amount + packet length is equal to or less than THR-A1, the input packet is determined as a compliant packet, and the determination result is transmitted to the monitoring result comprehensive determination unit.
The flow group bucket accumulation amount determination unit also repeats the same processing for parameters read in the same manner from the flow group bandwidth monitoring table, and transmits the determination result to the monitoring result comprehensive determination unit.
Based on the determination result for each flow and the determination result for each flow group, the monitoring result comprehensive determination unit determines an accumulation discard instruction 814, a queuing priority 815, and a service identifier 713 for this packet, and these are discarded. Send to 660-j. For packets whose determination result for each service is “Compliance”, an accumulation instruction is issued and TOSC-A1 and QC-A1 are transmitted to the discard control unit 660-j. If it is a “violation”, it is discarded.
Furthermore, if the judgment result of bandwidth monitoring for each flow is “Compliance”, the bucket accumulation amount + packet length is set as the new bucket accumulation amount CNT-A1, and the current timer value is set as the new TS-A1 for each flow. The data is transmitted to the bandwidth monitoring table control unit and written in the bandwidth monitoring entry for each user A1 before reading the bandwidth monitoring table for each next input packet. Similarly, when the determination result of the flow group bandwidth monitoring is “Compliance”, new CNT-A and TS-A are written in the flow group bandwidth monitoring table. Furthermore, even if the judgment result of the flow group bandwidth monitoring is “Violation”, if the bandwidth monitoring result for each flow is “Compliance”, the new CNT-A and TS-A indicate the excess bandwidth indicating the excess bandwidth. Information is written in the flow group bandwidth monitoring table.

FIG. 20 shows a flowchart of the bandwidth monitoring algorithm. If the result of 13 processing, that is, the per-flow bandwidth monitoring determination result is “Compliance”, the new CNT-A and TS-A are written in the flow group bandwidth monitoring table as excess bandwidth information indicating the excess bandwidth.
According to the present invention described above, in policing for limiting the flow rate of packets flowing into the network, when limiting the flow rate of a specific type of packet, the flow rate of only a part of the specific type packet is further limited. be able to.
Furthermore, when the user who is the transmission source of each packet contracts the entire bandwidth that is the flow rate of the specific type packet and the partial bandwidth that is the flow rate of only some of the specific type packets, Even if the entire bandwidth when some of the specific types of packets flow in does not conform to the contract, if the partial bandwidth conforms to the contract, by not discarding the packet, A partial band can be guaranteed as the minimum band.

Configuration diagram of DS-compliant node. The figure which shows the structural example of a queue. The figure which shows DS domain. The figure which shows Classifier and Policer. Flow definition list The figure which shows Classifier and Policer. The figure which shows Classifier and Policer. Band change over time. Band change over time. flowchart. flowchart. Band change over time. 1 is a block diagram of a packet transfer apparatus to which the present invention is applied. The figure which shows the header and data structure of the packet on a network. The figure which shows the structure of the packet in the packet transfer apparatus of FIG. FIG. 14 is a block diagram of a discard control unit in the packet transfer apparatus of FIG. 13. The block diagram of a bandwidth monitoring part. Format of bandwidth monitoring table for each flow. Format of the flow group bandwidth monitoring table. 5 is a flowchart of a bandwidth monitoring method.

Claims (7)

A transmission / reception unit for receiving packets;
A determination as to whether or not the amount of the first type packet received within a predetermined time exceeds a predetermined first amount, and a part of the second type of the first type packet A control unit that determines whether or not the amount of packets exceeds a predetermined second amount and determines whether to discard the packets based on the results of the two determinations Packet transfer device. The packet transfer apparatus according to claim 1, wherein
If the received packet is of the first type and the second type and further exceeds the first amount, it does not exceed the second amount. A packet transfer apparatus characterized by not discarding a packet. The packet transfer apparatus according to claim 1, wherein
The control unit
Based on at least one of the input line number of the received packet, the output line number, the address information in the packet header, the information identifying the use of the packet, or the information identifying the priority of the packet, A packet transfer apparatus for identifying whether or not the received packet belongs to the first type and the second type. The packet transfer apparatus according to claim 1, wherein
The first type of packet is a packet of a specific user,
The second type of packet is a packet of the specific user, and is a packet that is preferentially transferred in the network. The packet transfer apparatus according to claim 1, wherein
The first type of packet is a packet of a specific user,
The second type packet is a packet of the specific user and is a packet forwarded based on EF-PHB (Expedited Forwarding-Per Hop Behavior) in Diffserv (Differentiated Services). Packet transfer device. The packet transfer apparatus according to claim 1, wherein
The first type of packet is a packet of a specific user,
Packets other than the second type of the first type packet are packets of the specific user and are transferred by controlling the flow rate of packets to be transmitted according to the congestion state in the network. And
The packet transfer apparatus, wherein the second type packet is a packet of the specific user and is transferred without being controlled by the flow rate of the packet. The packet transfer apparatus according to claim 1, wherein
The first type of packet is a packet of a specific user,
The packet transfer apparatus according to claim 2, wherein the second type packet is a packet of the specific user and a packet of a transport layer protocol is UDP (User Datagram Protocol).

Images