JP2008211597A - Traffic measurement method and system having automatic selection function of flow measurement item, traffic information receiving apparatus, traffic information transmitting apparatus and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a traffic measurement system which does not transfer useless flow measurement information and which does not consequently unnecessarily increase a traffic volume of a network for measurement. <P>SOLUTION: Traffic information transmitting apparatus 1 transmits information on measurable and processable items of the self-transmitting apparatus and corresponding specifications to traffic information receiving apparatus 2. The traffic information receiving apparatus 2 collates a flow processing function of the self-receiving equipment with a packet processing function of the traffic information transmitting apparatus 1, and extracts functions which can be utilized for both apparatus to transmit them to the traffic information transmitting apparatus. The traffic information transmitting apparatus 1 transmits the received traffic information which has utilized only items based on function information which can be utilized for both apparatus to the traffic information receiving apparatus 2. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a method for measuring a plurality of communication services between a plurality of points on a network connecting a plurality of terminals such as the Internet and an IP network.

  The IP used on the Internet includes information on a protocol, a source IP address, and a destination IP address, and some transport protocols include information on a source port and a destination port. Flow measurement is a method of classifying communication types based on information held in these packets in the traffic measurement technology. In flow measurement, packets having information such as the same protocol, source IP address, destination IP address, source port, and destination port are regarded as packets belonging to the same communication. A set of packets belonging to the same communication is called a flow. By measuring the flow data amount and packet amount, a plurality of communication services can be monitored between a plurality of points.

  In the Internet, route control is performed by a router, and a packet transmitted from a transmission source reaches a transmission destination via a plurality of routers. Since the router refers to the IP header of the packet and, in some cases, the header of the transport layer, it is suitable as a device for classifying the flow described above. Examples of a method for notifying other devices of flow information of a packet that has passed through a router are NetFlow (see Non-Patent Document 1) and IPFIX (IP Flow Information Export).

  In these methods, a flow information transmitting device such as a router makes a packet that has passed through, and then arbitrarily selects element information to be transmitted to the receiving device from the information of the flow, and sets a set of the element information. Send in packets. An example of the element information is a part of information necessary for configuring flow information, such as a source IP address and a destination port. In the above-described protocol and the like, a unique number for identification is given to these pieces of information. In the present invention, this number is hereinafter referred to as an element information number.

  There are two element information selection methods used by the flow information transmitting device, which can be changed depending on the transmission information fixing method in which the selection items and arrangement of element information are always constant, and the settings input by the user of the transmitting device. There is a transmission information free selection method. It is IPFIX after Version 9 of NetFlow that adopts the transmission information free selection method in the existing protocol.

  In the case of the transmission information free selection method, the transmitting device transmits the measured flow information and data structure definition information that defines the data structure of the flow information (referred to as a template in the IPFIX protocol terminology). Data structure definition information is a collection of element information (called element information in IPFIX protocol terms).

  Even if the same set of element information is used, the data structure definition information is different if the order is different. Also, even when the same flow information is transmitted, different data structure definition information is used when different data structure definition information is used.

  Receiving devices are required to perform different decoding processes for different data strings generated from the same flow information using different data structure definition information. Also, since different data structure definition information must be held individually, there are cases where the processing efficiency and the computer resource amount utilization efficiency are inferior compared to the transmission information fixing method.

  Further, according to Non-Patent Document 2, as an example, there are 167 types of element information in IPFIX, in which the meaning of the information to be expressed is the same, but there is information that is different in units and way of expression. For example, information indicating time includes element information of seconds, milliseconds, microseconds, and nanoseconds.

  Therefore, the data structure definition information generated for the transmission of a single flow information includes many combinations, including unit selection. In some element information, the size can be changed according to the situation. Therefore, depending on the data structure definition information, the same element information may have different sizes.

On the other hand, according to Non-Patent Document 3, in the transmission information free selection method, when the order of element information is fixed by some method, the number of templates that can be generated is suppressed, and the number of element information to be processed It is stated that can be reduced. Non-Patent Document 4 shows an example of the order in which the fixed data alignment is conscious. In this example, it is classified into fixed-length element information, resizable element information, and variable-length element information. When the same set of element information is used, a set of fixed-length element information in any template Are uniquely determined and are identical.
[Internet read on December 26, 2006] http://www.ietf.org/rfc/rfc3954.txt [Internet: December 26, 2006] Quittek, J., Bryant, S., Claise, B., and J. Meyer, "Information Model for IP Flow Information Export" (especially Chapters 5 and 9) http: / /www.ietf.org/internet-drafts/draft-ietf-ipfix-info-14.txt Hitoshi Irino, Masaru Katayama, “Proposal of flow information transmission method for resource saving of flow information collector”, IEICE Society Conference (2006) BS-4-3 [Accessed December 26, 2006 Internet] H. Irino, "Order of Information Elements" http://tools.ietf.org/wg/ipfix/draft-irino-ipfix-ie-order-00.txt

  In a protocol that employs a transmission information free selection method, selection of which element information is used depends on the transmission device. However, the receiving device may not be able to interpret all the element information. Therefore, there is a case where it cannot be interpreted even if the transmission device transmits. In this case, useless flow measurement information is generated and transferred, which unnecessarily increases the amount of traffic in the measurement network and causes unnecessary processing of the transmitting device and the receiving device.

  On the other hand, in determining the order of the element information, the number of data structure definition information that can be generated is suppressed by making the order of the prior art constant. However, this is not limited to the case where the same set of element information is not used, and whether the same element information is used depends only on the transmitting device.

  An object of the present invention is to provide a traffic measurement method that does not transfer useless flow measurement information, and thus unnecessarily increases the amount of traffic in a measurement network and does not cause unnecessary processing of a transmission device and a reception device, It is to provide a system, a traffic information receiving device, a traffic information transmitting device, and a program.

  In the traffic measurement system of the present invention, the traffic information transmitting device has means for transmitting information related to the measurement and processing items of the own device to the traffic information receiving device, and the traffic information receiving device has a flow processing function of the own device. In relation to the information transmitted from the traffic information transmitting device, the function that can be used by both devices is extracted and transmitted to the transmitting device, and the traffic information transmitting device receives the received information from both devices. Means for transmitting traffic information using only items based on available functions to a traffic information receiving device.

  In the flow measurement information transmission, the element information can be broadly classified into element information that can be acquired from the packet that has passed through the flow measurement information transmission device (the minimum value of the information element that corresponds to the flow key in IPFIX protocol terms and the maximum value acquired from the packet). Information element representing statistical information such as values), counter-type element information such as packet quantity and byte quantity, element information representing the measured flow start time and end time, and other miscellaneous element information.

  Of these classifications, element information that can be acquired from a packet cannot be used unless the transmitting device conforms to the corresponding specification. For example, a flow information transmitting device that does not comply with RFC 2460 “Internet Protocol, Version 6 (IPv6) Specification” cannot handle IPv6 packets and cannot transmit element information related to IPv6. Also, for example, in a flow information transmitting apparatus that conforms to and corresponds to RFC 791 “INTERNET PROTOCOL” and RFC 2460, but does not conform to and supports RFC 2675 “IPv6 Jumborams”, the size of the IP payload is always 16 bits. The flow measurement information transmitting device needs to handle a packet, and at that time, the element information that can be handled according to the standard and specification that conforms to the packet and the size thereof are determined depending on the case.

  From the above features, the flow information transmitting device notifies the receiving device of the compliant specifications (RFC, standards such as IEEE) and information related to the mounting of the transmitting device. Thereby, the element information that can be transmitted by the transmitting device can be determined by the receiving device. The receiving device that has received the information collates the notification with the element information that can be analyzed, and determines the element information that can be analyzed among the element information that can be notified by the transmitting device. The determined element information number is transmitted again to the transmitting device. The transmitting device that has received the notification selects element information to be used for transmission information from the received element information, generates and transmits data structure definition information based on a certain order, and then in a corresponding format. Transmits observed flow measurement information.

  Furthermore, because there is size-changeable element information that can uniquely determine the size by notifying the conforming specification, by using those element information as fixed-length element information, The number of resizable element information is reduced. As a result, the common part in a plurality of data structure definition information increases. By arranging the common part in the common storage area and processing in the common processing process, the storage area can be saved and the speed can be increased. In particular, if the common portion is arranged in a high-speed memory space such as a CPU cache, the speed can be further increased.

  Exchange of available element information is performed autonomously between the transmitting and receiving devices.

  Only flow information composed of element information that can be transmitted by a transmitting device of flow information and can be interpreted by a receiving device is generated, so that there is no waste in data to be transferred. In addition, there is no waste in processing of the transmitting device and the receiving device. Therefore, more flow information can be transferred and processed in the measurement network. Alternatively, when the amount of flow information output by each transmitting device is constant, more transmitting devices can be monitored with a single receiving device than before.

  Further, by combining with a certain order, a part of the flow information is not required to be copied on the memory for adjusting the data position when recording or retrieving the received packet in the receiving device.

  The number of element information that can be resized by this method is reduced. As a result, the common part in a plurality of data structure definition information increases. By arranging the common part in the common storage area in the receiving device and processing in the common processing process, the storage area can be saved and the speed can be increased. In particular, if the common part is arranged in a high-speed memory space such as a CPU cache, the speed can be further increased.

  Next, embodiments of the present invention will be described with reference to the drawings.

  FIG. 1 is a configuration diagram of a traffic measurement system according to an embodiment of the present invention.

  The traffic measurement system according to this embodiment includes a traffic information transmitting device (hereinafter simply referred to as a transmitting device) 1 arranged on a network 1 and a traffic information receiving device connected to the transmitter device 1 via the management network 4. And a device (hereinafter simply referred to as a receiving device) 2.

  In this embodiment, flow information is transmitted from a transmission device 1 that is a packet transfer device such as a router on the network 1 to a management reception device 2 using a transmission information free selection protocol such as IPFIX. The

  FIG. 2 is a block diagram of the transmitter 1 and the receiving device 2.

  The transmitting device 1 includes a setting information receiving unit 11 that accepts a setting information request represented by an SNMP SET request and the like, and information that can be processed by the receiving device 2 described later among the information received by the setting information receiving unit 11. A receiving device processable information storage unit 12 to store, a transmitting device processable information storage unit 13 to store in advance information of information elements that can be aggregated as a flow among the packets collected by the packet collection unit 16; When the traffic information is transmitted by comparing the information stored in the receiving device processable information storage unit 12 with the information stored in the transmitting device processable information storage unit 13, the usage calculated by the calculation method described later is used. A comparison / information update unit 14 for updating information in the available information storage unit 15 for storing information for referring to possible information elements, and a net to be measured A packet collection unit 16 that collects packets from the traffic, an option information accumulation unit 17 that accumulates option information that is additional information other than the traffic information itself, and a traffic information creation / transmission unit 18. The transmission unit 18 includes a traffic information creation unit 18A that creates traffic information, an option information creation unit 18B that creates option information, and a transmission unit 18C that sends traffic information and option information.

  The receiving device 2 receives the traffic information and option information transmitted from the transmitting device 1 and accumulates information that can be measured by the transmitting device 1 and the traffic information receiving / processing unit 21 for processing. Transmitting device measurable information storage unit 22, receiving device measurable information storage unit 23 that stores in advance information of information elements that can be processed by the receiving device 2, transmitting device measurable information storage unit 22, and receiving device measurable information storage unit 23, the comparison unit 24 that calculates information elements that can be used between the transmission device 1 and the reception device 2, and the information calculated by the comparison unit 24 is represented by an SNMP SET request or the like. The traffic information reception / processing unit 21 includes a reception unit 21A for receiving information and information received by the reception unit 21A. An option information processing unit 21B for processing option information which is additional information, an option information storage unit 21C for storing option information which is additional information other than transmission device measurable information that can be measured by the transmission device 1, The information processing unit 21D includes a traffic information processing unit 21D that processes traffic information in the information received by the receiving unit 21A, and a traffic information storage unit 21E that stores processed traffic information.

  Hereinafter, the operation of the present embodiment will be described by taking as an example the case of using IPFIX as the flow measurement information notification protocol.

  In the present embodiment, the standard / specification that is supported by the option template from the transmission device 1 (called an exporter in the IPFIX protocol) is indicated, and the SNMP of the transmission device 1 from the reception device 2 (called a collector in the IPFIX protocol) is indicated. Receivable element information is notified using a SET request.

  In IPFIX, data structure definition information for transferring additional information called option templates and option data records and data transmission based on the structure information can be transmitted.

  Using the option template and option data record mechanism, the flow information transmitting device 1 first sends the information stored in the measurement packet processing function information storage unit 13 to the option information generating unit 18B. The packet is then packetized, and the specification conforming to the transmission device 1 is notified via the transmission unit 18C.

  FIG. 3 shows an example of an IPFIX option plate packet for notifying the receiving device 2 of the specifications that the transmitting device 1 complies with. Here, a uniquely defined information element called capabilityNotification is used. FIG. 4 shows an example of option information for notifying the receiving device 2 of the specifications that the transmitting device 1 complies with. The option information shown in FIG. 4 has a data structure of capabilityNotification in FIG.

  In the example of FIG. 4, this element information is configured as a bit string, has a different meaning for each bit, and indicates that the value conforms to the specification when the value is 1. This example is 32-bit information. The numbers in the figure are the numbers indicating the specifications (not showing the values. The values are 0 or 1). In this example, 24-bit information from the beginning is interpreted on the receiving device 2 side as invalid when the value is 0 and valid when the value is 1. The 25-bit ORD indicates an order policy indicating whether or not a specific order is used, and the IMPs of the 26th and 27th bits indicate an implementation policy related to sizing of element information. For example, the element information number 31 of flowLabelIPv6 is information that can be expressed by 20 bits, but is defined by 4 bytes in the definition of IPFIX, and can be changed to 3 bytes based on the definition of the protocol. When the IMP is 1, the minimum value is always taken. For example, the size of the flowLabelIPv6 is always 3 bytes and always takes the maximum value. For example, when the IMP is 2, the size of the flowLabelIPv6 is always 4 bytes and 0. In this case, the data structure definition information is individually set (normal IPFIX processing). When the IMP is 1, the effective range is applied only to element information that can be acquired from the packet, and is not applied to other element information (counter type, time type).

  The transmitting device 1 may send an available element information bit string to the receiving device 2 as shown in FIG. 5 instead of FIG. However, in order to transmit information of the same purpose, 256 bits are required in FIG. 5, but only 32 bits are required in FIG. 4. Therefore, the method of FIG. 4 can transmit equivalent information with a smaller amount of data.

  The receiving device 2 is processed by the option information processing unit 21 </ b> B and is stored in the transmitting device measurable information storage unit 22, and the information stored in the receiving device processable information storage unit 23 is stored in advance. The information of possible information elements is compared with the comparison unit 24 by a comparison method described later, and the finally generated usable element information bit string is transmitted via the setting information transmission unit 25 using an SNMP SET request or the like. Set. In general, the router serving as the transmission device 1 often uses SNMP to acquire and set device information, and has an SNMP function. In this example, information is set using SNMP. I do. However, if there is another setting method, that method may be used.

  FIG. 5 shows an example of a bit string of a setting information request transmitted from the setting information transmitting unit 25 and received by the setting information receiving unit 11. When the setting information request bit string shown in FIG. 5 is transmitted as an SNMP SET request, 32-byte SMIv2 OCTE STRING is used. The element information from 1 to 254 is embedded in 256 bits. When this value is 1, it indicates that the element information can be used. The last 2 bits indicate (RFC) 2675 and (ID) 4B-AS information as specifications related to the size. When this value is 1, the related element information indicates that the size according to the specification can be used. In addition, it may be transmitted in the format shown in FIG. 4 instead of FIG. However, in the case of transmission with the data structure shown in FIG. 4, data conversion to the data structure shown in FIG. 4 occurs in the receiving device 2, and the transmitting device 1 recalculates usable element information. Calculation is required.

  FIG. 6 shows a determination process for calculating an available element information number from data using the data structure shown in FIG. 4 received from the receiving unit 21A, which is performed by the option information processing unit 21B. A double line indicates that it is valid. “L3” is the third layer, ie, the network layer, “L4” is the fourth layer, ie, the transport layer, “TOS” is an abbreviation of Type of Service, and “BGP” is BGP (Border Gateway Protocol) of the routing protocol. is there. “Size” indicates that IPFIX may be related to or affected by the data size of element information. The receiving device 2 internally classifies the specifications and holds the information in the option information processing unit 21B (upper part of FIG. 6). Further, it has a numerical array of element information numbers related to each specification, and similarly holds the information in the option information processing unit 21B (middle of FIG. 6). When multiple element arrays have the same element information number, if they belong to the same category in the upper class of FIG. 6, they are calculated by logical sum (OR), and if they belong to different categories, they are calculated by logical product (AND). Is done.

  The receiving device 2 receives the specification number information (RFC, etc.) in the format shown in FIG. 4 from the transmission device 1 and then the IPFIX element information number corresponding to the specification number shown in the middle of FIG. Refers to an array. In FIG. 6, element information numbers related to RFC 791 (IPv4) are 4, 5, 8, 9, 12, 13, 18, 47, (omitted on the way), 224. On the other hand, the element information numbers related to RFC2460 (IPv6) are 4, 5, 27, 28, 29, 30, 31, 54, 55, 63 (substantially omitted) and 224. Internally, these are finally mapped into a bitmap as shown in FIG. When RFC791 (IPv4) is valid, the fourth, fifth, eighth, ninth, twelfth, thirteenth, eighteenth, forty-seventh, and twenty-fourth bits are 1 (valid), and the other bits are 0 ( Disabled). The final result bit map is logically ORed one bit at a time at bit positions that coincide with the numbers in the numeric array of each specification. Basically, logical sum is performed and logical product is targeted when the same element spans different classifications.

  When 791 of the 0th bit is 1 and 2460 of the 1st bit is 0, all element information related to IPv4 can be used, but it is interpreted that all element information related to IPv6 cannot be used. In this case, the element information numbers related to RFC791 (IPv4) 4, 5, 8, 9, 12, 13, 18, 47, (omitted on the way) and 224 are valid (however, they belong to other classifications) (When 3rd to 24th bits in FIG. 4) are all 1 (valid)). Element information related to IPv4 and IPv6 in common, for example, IPFIX element information No. 4: protocolidentifier, No. 5: ipTTL, is 1 in a logical sum in this case, and is interpreted as valid (lower part of FIG. 6). The logical product is applied only to the element information number when the same element information number exists in different classifications. For example, when (RFC) 791 in the 0th bit in FIG. 4 is 1, 1 (RFC) 2460 in the 1st bit is 0, and (RFC) 1771 in the 18th bit is 1, (RFC) 791 and (RFC) ) IPIFIX element information No. 18 belonging to both 1771: bgpNextHopIPv4Address is 1 in logical product and is interpreted as valid, but 63: bgpNextHopIPv6Address belonging to both (RFC) 2460 and (RFC) 1771 is 0 in logical product. Are interpreted as invalid (lower left in FIG. 6).

  However, SIZE in the upper part of FIG. 6 is an exception. Change the size of the corresponding element information. As an example, 4B-AS indicates whether a 4-byte AS number can be used. There is a concern that the number that can be expressed in 2 bytes is exhausted, and a proposal to extend to 4 bytes (BGP Support for Four-octet AS Number Space) has been made. The IPFIX element information is also defined as 4 bytes. However, if the transmitting device 1 does not support the 4-byte AS number, the expression of the AS number may be considered as 2 bytes. Therefore, when 4B-AS indicating whether or not it corresponds to the 4-byte AS number in FIG. 6 is 1 (valid), the element information of Nos. 16, 17, 128, and 129 related to the AS number is 4 When the 4B-AS is 0 (invalid), the element information of Nos. 16, 17, 128, and 129 related to the AS number is interpreted as 2 bytes.

  Element information can be classified into two types: information that can be derived from packet header information, and other information such as data amount and time. The element information bit string that can be measured by the transmitting device 1 is information derived from the header information of the former packet.

  Regarding the element information that can be processed by the receiver device 2, the receiver device processable information storage unit 23 holds two types of data, that is, information derived from header information in the data structure of FIG. 5 in advance and other information. The element information that can be processed by the receiving device 2 may be explicitly limited within the limits of the receiving device 2 by the user.

  On the other hand, the element information bit string stored in the transmission device measurable information processing unit 22 calculated by the option information processing unit 21B is only information derived from the header information of the packet. Therefore, the comparison unit 24 performs a logical product on the element information bit string in the transmission device measurable information processing unit 22 and the element information bit string of information derived from the header information in the reception device processable information storage unit 23, and then The result is ORed with the element information bit string of the other information in the receiving device processable information storage unit 23. Then, the final result is transmitted via the setting information transmission unit 25. This information is received by the setting information receiving unit 11 of the transmitting device 1 and held in the receiving device processable information storage unit 12.

  The transmitting device processable information storage unit 13 separately holds in advance an element information bit string of other information that is not derived from the header information in the data structure of FIG. 5 in addition to the information related to the specification having the data structure of FIG. Compare the logical product of the element information bit string held in the receiving device processable information storage unit 12 and the element information bit string held in advance in the transmission device processable information storage unit 13 via the setting information receiving unit 11. Calculation is performed by the information updating unit 14. The result is held in the available information storage unit 15, and the subsequent traffic information creation unit 18 </ b> A creates flow information with reference to the information held in the available information storage unit 15.

  When the comparison unit 24 in the receiving device 2 obtains the logical product by this method and there is no corresponding element information and measurement becomes impossible, the communication for the flow information notification is performed by the receiving unit 21A in the receiving device 2. You can disconnect and output an error message or other fault. The same applies to the transmission device 1, and when the comparison / information update unit 14 obtains the logical product and there is no corresponding element information and measurement becomes impossible, the transmission unit 18C may perform the same processing.

  By this method, element information used by the transmitting device 1 and the receiving device 2 is automatically selected. Since only the element information that can be used by the receiving device 1 is used, no unnecessary information transfer occurs.

  Furthermore, processing can be simplified by creating a data structure based on a certain order in advance for element information to be measured in the receiving device 2. An example is shown in FIG. FIG. 7 shows a process of accumulating information from the traffic information processing unit 21E to the traffic information accumulating unit 21D in the receiving device 2. In the conventional method without the element information selection method, element information that cannot be processed by the receiving device 2 may be included. Therefore, as shown on the left side of FIG. Need to write. While the number of divided parts is copied in the memory, only the element information that can be processed by the receiving device 2 is transmitted in the present invention, so that the necessary parts are divided as shown in the right of FIG. Absent.

  Information that can be acquired from the packet can also be used as a search condition. For example, when a flow is measured under the conditions of a source address, a destination address, a source port, a destination port, and a protocol, and only a specific source address and destination address of information transmitted from a transmitting device are to be processed (white list, Blacklist format), the conventional method on the left of FIG. 7 always requires a temporary buffer, but the present invention on the right of FIG. 7 eliminates the need for a temporary buffer, which reduces memory usage and speeds up processing steps. I can plan.

  As shown in FIG. 1, flow information is generally transmitted from two or more packet transfer apparatuses to one management receiving device. In this case, the method of the present invention and the order are fixed. Even if the common data structure definition information is generated in a plurality of units, or the completely common data structure definition information is not generated, the part of the element information that can be acquired from the packet is completely the same.

  When the data structure definition information is partly or completely the same, memory can be saved by managing the definition information in a manner that recognizes the identity. Conventionally (FIG. 8 left) managed the definition information individually. In the definition information of the data structure, a data string of single definition information (element information number and size array) is held for a pair of identifier of the transmitting device and identifier of the definition information. On the other hand, the present invention (right of FIG. 8) assigns an internal definition information identifier to a pair of a transmission device identifier and a definition information identifier given from the transmission device, and Hold the data string of definition information. In this example, two types of definition information A and B can be managed as a single item. In the definition information management, the data amount of the definition information data string is larger than that of the identifier information. Therefore, the total amount of data to be managed can be reduced. When only a part is the same, the common part may be separated and managed in association with the internal definition information, and the individual part may be managed in association with the transmitting device identifier. Separation of the common part can be easily performed by determining that information that can be acquired from the packet is arranged at a specific position (for example, arranged from the head of the packet) in a certain order of use.

    The functions of the transmitting device 1 and the receiving device 2 are executed by recording a program for realizing the functions on a computer-readable recording medium, causing the computer to read the program recorded on the recording medium. It may be a thing. The computer-readable recording medium refers to a recording medium such as a flexible disk, a magneto-optical disk, and a CD-ROM, and a storage device such as a hard disk device built in a computer system. Further, the computer-readable recording medium is a medium that dynamically holds the program for a short time (transmission medium or transmission wave) as in the case of transmitting the program via the Internet, and in the computer serving as a server in that case Such as a volatile memory that holds a program for a certain period of time.

It is a block diagram of the traffic measurement system by one Embodiment of this invention. FIG. 2 is a block diagram of a transmitter 1 and a receiving device 2 in FIG. It is a figure which shows an example of the packet for notifying the receiving apparatus 2 of the specification which the transmission apparatus 1 is based on. It is a figure which shows an example of the option information for notifying the receiving apparatus 2 of the specification which the transmission apparatus 1 is based on. It is a figure which shows the element information bit sequence which can be utilized using SNMP. It is a figure which shows an example of the judgment process of an available element information number. It is a figure which shows the effect of this invention compared with the effect of a prior art. It is a figure which shows the effect of this invention compared with the effect of a prior art.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Transmitting device 2 Receiving device 3 Network 4 Management network 11 Setting information receiving part 12 Receiving device processable information storage part 13 Transmitting device processable information storage part 14 Comparison information update part 15 Usable information storage part 16 Packet collection part 17 Option information Storage unit 18 Traffic information creation / transmission unit 18A Traffic information creation unit 18B Option information creation unit 18C Transmission unit 21 Traffic information reception / processing unit 21A Reception unit 21B Option information processing unit 21C Option information storage unit 21D Traffic information processing unit 21E Traffic information Storage unit 22 Transmitting device measurable information storage unit 23 Receiving device measurable information storage unit 24 Comparison unit 25 Setting information transmission unit

Claims (13)

In a traffic measurement method in a communication system having a traffic information transmitting device and a traffic information receiving device, which are arranged on a network connecting a plurality of terminals to each other and connected via a management network to measure traffic in the corresponding network ,
The traffic information transmitting device transmits information related to the measurement and processing items of the own device or corresponding specifications to the traffic information receiving device;
A step in which the traffic information receiving device collates with the information transmitted from the traffic information transmitting device with respect to the flow processing function of its own device, extracts a function that can be used by both devices, and transmits the function to the traffic information transmitting device; When,
And a step of transmitting the traffic information using only the items based on the received function information available to both devices to the traffic information receiving device.   The step in which the traffic information receiving device extracts the functions that can be used by both devices refers to items corresponding to the pre-registered specification information from the corresponding specification information regarding the information transmitted from the traffic information transmitting device. When the same item is referred to multiple times from multiple specification information, in the classification of the specification information registered in advance for the corresponding item, if the same item is redundantly referenced from the specification information, logical OR is performed. Use the logical product when there are duplicate references from the specification information of different classifications, and for the items related to the packet attribute information that can be processed or processed for the list of output processing items Can be used for both the traffic information receiving device and the traffic information transmitting device using logical product and logical sum for other items. It comprises extracting ability, traffic measurement method according to claim 1. In a traffic measurement system having a traffic information transmitting device and a traffic information receiving device, which are arranged on a network connecting a plurality of terminals and connected via a management network to measure traffic in the network,
The traffic information transmitting device has means for transmitting information related to measurement and processing items of the own device to the traffic information receiving device,
The traffic information receiving device has means for collating with the information transmitted from the traffic information transmitting device with respect to the flow processing function of the own device, extracting a function that can be used by both devices, and transmitting to the transmitting device. ,
The traffic information transmitting device includes means for transmitting the received traffic information using only items based on functions available to both devices to the traffic information receiving device. Traffic information transmission in a traffic measurement system having a traffic information transmitting device and a traffic information receiving device that are arranged on a network connecting a plurality of terminals and connected via a management network to measure traffic in the network In the equipment,
Means for transmitting information relating to measurement and processing items of the own device to the traffic information receiving device;
Means for receiving only items based on functions available to both the own device and the traffic information receiving device from the traffic information receiving device, and transmitting traffic information using only the items to the traffic information receiving device; ,
A traffic information transmitting device comprising:   The means for transmitting the information related to the items that can be measured and processed by the own device to the traffic information receiving device is the information itself of the items that can be measured as a flow, or the packet collection process and the flow information processing in the traffic information transmitting device The traffic information transmitting apparatus according to claim 4, wherein the traffic information transmitting apparatus transmits the information as specifications / standards information related to.   Means for receiving from the traffic information receiving device only items based on functions available to both the own device and the traffic information receiving device, and transmitting traffic information using only the items to the traffic information receiving device; The logical measurement of the measurement item other than the packet attribute among the extracted measurement items received from the traffic information receiving device and the measurement item other than the packet attribute that can be processed by the own device is performed, and the corresponding measurement is performed. 6. The traffic information transmitting device according to claim 4 or 5, wherein when there is no item, the communication is disconnected and a message indicating that the corresponding measurement item does not exist is output to another terminal on the screen or the network. Traffic information reception in a traffic measurement system having a traffic information transmitting device and a traffic information receiving device arranged on a network connecting a plurality of terminals to each other and connected via a management network to measure traffic in the network In the equipment,
Received from the traffic information transmitting device, information related to the measurement and processing items of the traffic information transmitting device, and for the flow processing function of the own device, collates with the information from the traffic information transmitting device, A traffic information receiving device comprising means for extracting functions usable for both devices and transmitting the functions to the traffic information transmitting device.   8. The traffic according to claim 7, wherein the means calculates the logical product of the items that can be measured and used transmitted from the traffic information transmitting device and the items that can be processed by the own device, and extracts the functions that can be used by both devices. Information receiving device.   The means refers to the item corresponding to the pre-registered specification information from the corresponding specification information regarding the function of the transmission device that can process the packet, transmitted from the transmission device, and the same from a plurality of specification information When an item is referenced multiple times, in the classification of the specification information registered in advance for the corresponding item, if the item is referenced redundantly from the specification information of the same category, the logical sum is used and the specification information of the different category is used. When multiple references are made, logical product is used. For the list of output processing items, logical product is used for items related to the packet attribute information that can be processed or processed, and other items. 9. The traffic information receiving device according to claim 7 or 8, wherein a function that can be used by both devices is extracted using a logical sum for items. The apparatus according to any one of claims 7 to 9, further comprising means for disconnecting communication and outputting to the screen or another terminal on the network that the corresponding measurement item does not exist when there is no corresponding measurement item. The traffic information receiving device described.   11. The traffic information receiving device according to claim 7, further comprising means for separating a common part and an independent part of definition information indicating a data structure of a plurality of flow information, and individually managing them.   A program for causing a computer to function as each means of the traffic information transmitting device according to any one of claims 4 to 6.   The program for functioning a computer as each means of the traffic information receiving apparatus in any one of Claims 7-11.

Images