JP2013105308A - Load distribution system, load distribution device, load distribution method and load distribution program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To achieve load distribution which is nicely interlocked with a virtual network while suppressing a cost burden.SOLUTION: A server 0 functioning as a load distribution device among a plurality of servers 0-4 in a data center performs the steps of: acquiring all pairs of private addresses which have a same VLANID associated with global addresses which match transfer destination IP addresses of request packets, and MAC addresses which are assigned to communication apparatuses of other servers; determining a distribution destination of the request packets from among the acquired pairs of private addresses and MAC addresses on the basis of distribution algorithm; and setting a pair of a private address and a MAC address determined as the distribution destination and the VLANID as flow information for performing transfer control of the request packets, to a flow table of an open flow switch 110.

Description

  The present invention relates to a load distribution system, a load distribution apparatus, a load distribution method, and a load distribution program.

  2. Description of the Related Art Conventionally, in a cloud system, a data center, or the like, there is a technique for distributing loads by avoiding that accesses from clients are concentrated on a specific server. For example, in Non-Patent Document 1, a load balancer is incorporated on a network provided between a server and a client arranged in a cloud system or a data center, and the load balancer depends on the state of the server or network. There is disclosure about what controls traffic. This Non-Patent Document 1 supports a VLAN (Virtual Local Area Network), thereby allowing a plurality of networks to be accommodated under a load distribution device and performing load distribution in VLAN units.

  In addition, as a technique related to load distribution in a cloud system or a data center, there is a technique that uses software for realizing load distribution. For example, Non-Patent Document 2 discloses software that supports layer 4 and layer 7 and causes a relatively inexpensive server to perform load distribution processing.

“BIG-IP”, [Online], [November 2, 2011 search], Internet (URL: http://www.f5networks.co.jp/product/bigip/index.html) "UltraMonkey-L7", [Online], [November 2, 2011 search], Internet (URL: http://www.oss.ecl.ntt.co.jp/ossc/download/UltraMonkey.pdf)

  However, in Non-Patent Document 1 described above, in order to cope with an increase in the number of tenants, it is necessary to prepare in advance a number of devices corresponding to the expected increase in the number of tenants. In general, since a load distribution device as disclosed in Non-Patent Document 1 is expensive, it is expensive to prepare in advance the number of devices corresponding to the expected increase in the number of tenants. There is a problem in that it is difficult to plan equipment such as preparing in advance a number of devices corresponding to the expected increase in the number of devices.

  On the other hand, if the software disclosed in Non-Patent Document 2 described above is used, an increase in the number of tenants can be handled relatively flexibly. However, since the software disclosed in Non-Patent Document 2 does not support VLAN layers (Layer 2 and Layer 3), there is a problem that load distribution cannot be realized in units of VLANs.

  That is, Non-Patent Document 1 described above is that, in a cloud system, a data center, or the like, when load distribution corresponding to a virtual network such as a VLAN is performed, the cost burden is large and hardware facility planning is difficult. There is a problem, and the above-mentioned Non-Patent Document 2 has a problem in that the hardware cannot be diverted in a state of being well linked to the virtual network.

  The present invention has been made in view of the above, and is capable of realizing load balancing that is well linked to a virtual network while suppressing cost burden, a load balancing device, a load balancing method, and a load. The purpose is to provide a distributed program.

  In order to solve the above-described problems and achieve the object, the present invention includes a plurality of information processing apparatuses accommodated in the same local network and lent out to a plurality of tenants, from a client via an external network. A load distribution system having a load distribution device for controlling access to the information processing apparatus, wherein the load distribution device is address information inserted in a packet exchanged between the local network and the external network. In accordance with a flow table for converting, a transfer unit that transfers packets exchanged between the local network and the external network, a global address used in the external network by the information processing device, The local network is processed by the information processing apparatus. Virtual network identifier for identifying the virtual network to which the information processing apparatus belongs among the virtual network constructed in units of tenants in the local network and the pair of the private address used in the network and the MAC address of the information processing apparatus And the tenant information storage unit for storing the request packet and the virtual packet associated with the same global address as the destination IP address of the request packet when an inquiry about the transfer procedure of the request packet is received from the transfer unit All of the private address and MAC address pairs having the same network identifier are acquired from the tenant information storage unit, and the request packet is selected from all of the acquired private address and MAC address pairs. And the virtual network identifier associated with the same global address as the destination IP address, and a pair of the private address and the MAC address determined as the distribution destination, A request transfer setting unit configured to set in the flow table as flow information for controlling transfer of the request packet.

  In addition, the present invention is a load balancer that controls access to an information processing apparatus from a client that is accommodated in the same local network as a plurality of information processing apparatuses lent to a plurality of tenants and that passes through an external network. A packet exchanged between the local network and the external network according to a flow table for converting address information inserted in the packet exchanged between the local network and the external network. A transfer unit that transfers, a global address used in the external network by the information processing apparatus, and a pair of a private address and a MAC address of the information processing apparatus used in the local network by the information processing apparatus A tenant information storage unit that stores a virtual network identifier that identifies a virtual network to which the information processing apparatus belongs among virtual networks constructed in units of tenants in the local network, and an inquiry about a request packet transfer procedure Is received from the transfer unit, the tenant information is a pair of the private address and the MAC address, wherein the virtual network identifier associated with the same global address as the destination IP address of the request packet is the same. Obtain all from the storage unit, determine a distribution destination of the request packet from among all the pairs of the acquired private address and the MAC address by a distributed algorithm, and determine the private address determined as the distribution destination A request for setting, in the flow table, a pair of an address and the MAC address and the virtual network identifier associated with the same global address as the destination IP address as flow information for controlling transfer of the request packet And a transfer setting unit.

  The present invention also provides a plurality of information processing apparatuses accommodated in the same local network and lent to a plurality of tenants, and a load distribution apparatus that controls access to the information processing apparatus from a client via an external network, A load distribution method executed by a load distribution system including: a flow for the load distribution apparatus to convert address information inserted in a packet exchanged between the local network and the external network When an inquiry about a request packet transfer procedure is received from a transfer unit that transfers a packet exchanged between the local network and the external network according to the table, the information processing device uses the external packet in the external network. Global address A virtual network to which the information processing device belongs among a pair of a private address used in the local network by the information processing device and a MAC address of the information processing device, and a virtual network constructed in the tenant unit in the local network A tenant information storage unit that associates and stores a virtual network identifier that identifies the private address and the virtual network identifier associated with the same global address as the destination IP address of the request packet are the same, and A decision process for obtaining all the MAC address pairs and determining a distribution destination of the request packet by a distributed algorithm from all the obtained private address and MAC address pairs. And the load balancer, the pair of the private address and the MAC address determined as the distribution destination, and the virtual network identifier associated with the same global address as the destination IP address, A request transfer setting step of setting the flow table as flow information for controlling transfer of the request packet.

  In addition, the present invention is executed by a load balancer that controls access to an information processing apparatus from a client that is housed in the same local network as a plurality of information processing apparatuses lent to a plurality of tenants and that passes through an external network. A load distribution method, wherein the load balancer and the local network and the external network according to a flow table for converting address information inserted in a packet exchanged between the local network and the external network A global address used in the external network by the information processing apparatus when receiving an inquiry about a transfer procedure of a request packet from a transfer unit that transfers a packet exchanged with an external network, and the information The low A virtual network identifier that identifies a pair of a private address and a MAC address of the information processing apparatus used in a local network, and a virtual network to which the information processing apparatus belongs among virtual networks constructed in units of tenants in the local network A pair of the private address and the MAC address having the same virtual network identifier associated with the same global address as the destination IP address of the request packet. A determination step of determining all of the acquired private addresses and the MAC address pairs from all acquired pairs by a distribution algorithm, and the load distribution apparatus, Flow for controlling transfer of the request packet with the pair of the private address and the MAC address determined as a distribution destination and the virtual network identifier associated with the same global address as the destination IP address A request transfer setting step for setting the information in the flow table as information.

  The present invention is also implemented in a load balancer that is accommodated in the same local network as a plurality of information processing devices lent to a plurality of tenants and controls access to the information processing devices from clients via an external network. A load distribution program for causing the local network and the external network to follow a flow table for converting address information inserted in a packet exchanged between the local network and the external network. When an inquiry about the transfer procedure of a request packet is received from a transfer unit that transfers packets exchanged between them, the global address used in the external network by the information processing device, and the information processing device by the information processing device Local A pair of a private address used in a network and a MAC address of the information processing apparatus, and a virtual network identifier for identifying a virtual network to which the information processing apparatus belongs among virtual networks constructed in units of tenants in the local network From the tenant information storage unit that associates and stores all the pairs of the private address and the MAC address that have the same virtual network identifier associated with the same global address as the destination IP address of the request packet. A determination procedure for determining a distribution destination of the request packet from among all the pairs of the acquired private address and the MAC address by a distributed algorithm, and the determination of the distribution destination A private address / MAC address pair and the virtual network identifier associated with the same global address as the destination IP address are set in the flow table as flow information for controlling transfer of the request packet. A request transfer setting procedure is executed.

  According to the present invention, it is possible to realize load distribution that is well linked to a virtual network while suppressing cost burden.

FIG. 1 is a diagram illustrating a configuration example of a data center according to the first embodiment. FIG. 2 is a functional block diagram illustrating a configuration of the load distribution processing unit. FIG. 3 is a diagram illustrating an example of a record stored in the MAC address storage unit. FIG. 4 is a diagram illustrating an example of records stored in the tenant server information storage unit according to the first embodiment. FIG. 5 is a diagram illustrating an example of records stored in the reply information storage unit according to the first embodiment. FIG. 6 is a diagram illustrating a flow of processing according to the first embodiment. FIG. 7 is a diagram illustrating a configuration example of a data center according to the second embodiment. FIG. 8 is a diagram illustrating an example of records stored in the tenant server information storage unit according to the second embodiment. FIG. 9 is a diagram illustrating an example of records stored in the reply information storage unit according to the second embodiment. FIG. 10 is a diagram illustrating an example of a computer that executes a program for realizing the same function as the processing described in the embodiment.

  Embodiments of a load distribution system, a load distribution apparatus, a load distribution method, and a load distribution program according to the present application will be described below with reference to the drawings. Each example described below is merely an embodiment, and does not limit the embodiments of the load distribution system, the load distribution device, the load distribution method, and the load distribution program according to the present application. In addition, the embodiments described later can be appropriately combined within a range that does not cause a contradiction in the processing contents.

[Outline and Features of Load Balancing System (Example 1)]
An overview and features of the load distribution system according to the first embodiment will be described. The load distribution system according to the first embodiment includes a plurality of information processing apparatuses accommodated in the same local network and lent to a plurality of tenants, and accesses the information processing apparatus from clients via an external network. The outline is to control. The load distribution system according to the first embodiment is mainly characterized in that it is possible to realize load distribution that is well linked with the virtual network while suppressing the cost burden.

  First, one information processing device of a plurality of information processing devices is caused to function as a load distribution device that controls access to the information processing device from a client via an external network. As a result, there is no cost burden for preparing an expensive load distribution device in advance according to the expected increase in the number of tenants, and the difficulty in facility planning such as preparing in advance the number of devices according to the expected increase in the number of tenants. Is also released.

  The load distribution apparatus includes a transfer unit that transfers information exchanged between the local network and the external network according to a flow table. In addition, when receiving an inquiry about a transfer procedure of a request packet from the transfer unit, the load balancer uses a global address used in the external network by the information processing device and a local address by the information processing device in the local network. Corresponding a pair of a private address to be used and a MAC address of the information processing device, and a virtual network identifier for identifying a virtual network to which the information processing device belongs among virtual networks constructed in the tenant unit in the local network The private address and the MAC address having the same virtual network identifier associated with the same global address as the destination IP address of the request packet are stored in the tenant information storage unit attached and stored. Obtain all the pairs of addresses, determine a distribution destination of the request packet from among all the pairs of the acquired private address and the MAC address by a distributed algorithm, and determine the private address determined as the distribution destination and the A request transfer setting unit that sets a pair of MAC addresses and the virtual network identifier associated with the same global address as the destination IP address in the flow table as flow information for controlling transfer of the request packet Have Thereby, the load distribution apparatus can control access to the information processing apparatus in units of virtual networks.

  For this reason, the load distribution system according to the first embodiment can realize load distribution well linked with the virtual network while suppressing the cost burden.

[Configuration of Load Balancing System (Example 1)]
In the following first embodiment, a data center having a plurality of servers provided to tenants will be described as an example of a load distribution system according to the first embodiment.

  FIG. 1 is a diagram illustrating a configuration example of a data center according to the first embodiment. As illustrated in FIG. 1, the data center according to the first embodiment includes five physical servers, server 0 to server 4, and provides a service that lends these physical servers to a company that is a tenant. For example, the server 1 and the server 2 illustrated in FIG. 1 are lent to the tenant A, and the server 3 and the server 4 are lent to the tenant B. Then, two virtual networks are constructed in the local network that accommodates the switch 200 and the servers 0 to 4.

  Server 1 and server 2 lent to tenant A belong to one of the virtual networks constructed in the local network. As shown in FIG. 1, the virtual network to which the server 1 and the server 2 belong is managed by “VLAN (Virtual Local Area Network) = 20” given as an identifier. Further, the server 3 and the server 4 lent to the tenant B belong to a virtual network different from the virtual network to which the server 1 and the server 2 belong. The virtual network to which the server 3 and the server 4 belong is managed by “VLAN (Virtual Local Area Network) = 40” given as an identifier. In this way, the data center takes the form of a multi-tenant on a VLAN basis. Multi-tenant is a method of sharing resources such as hardware and software among multiple customer companies, sharing only hardware and preparing different software for each customer on a virtual machine, application software, etc. There are methods such as sharing the schema (setting) of the database and changing only the setting information and database contents for each customer.

  The servers 1 to 4 are equipped with one network interface card and are connected to a local network in the data center. In addition, virtual machines for use by the tenant are running on the servers 1 to 4, and virtual machines “A.1” and “A.2” for use by the tenant A are running on the server 1. In the server 2, virtual machines “A.3” and “A.4” to be used by the tenant A are operating. In the server 3, virtual machines “B.1” and “B.2” to be used by the tenant B are operating, and in the server 4, the virtual machine “B.3” to be used by the tenant B is operated. And “B.4” are operating. Each of the servers 1 to 4 has a bridge, and is connected to a virtual machine operating in the server via the bridge.

  The server 0 functions as a load distribution device that controls access from the client to the servers 1 to 4. The client can access the servers 1 to 4 (virtual machines running on the servers 1 to 4) in the data center via the server 0.

  As shown in FIG. 1, the server 0 is equipped with two network interface cards (NIC: Network Interface Card), one network interface card (NIC1) is connected to the Internet, and the other network interface card (NIC2). Are connected to a local network in the data center.

  As shown in FIG. 1, the server 0 includes an open flow switch 110, a controller 120, and a load distribution processing unit 130.

  The OpenFlow switch 110 is a virtual switch executed by software that performs packet communication control processing by OpenFlow according to the flow information (OpenFlow) set in the flow table. Open flow is a system that defines a series of communications determined by a combination of MAC (Media Access Control) address, IP (Internet Protocol) address, port number, etc. as a flow, and controls the communication path in units of flows. is there. The flow table is a table that stores flow information for converting (rewriting) address information inserted in the packet so that the OpenFlow switch 110 transfers the packet to the destination. Flow information is set in the flow table by a load distribution processing unit 130 described later.

  More specifically, when receiving the arp (address resolution protocol) packet from the gateway, the OpenFlow switch 110 transfers the packet to the controller 120. Further, when receiving the arp packet response command from the controller 120, the OpenFlow switch 110 transfers the arp packet response to the gateway.

  When the OpenFlow switch 110 receives an HTTP (Hypertext Transfer Protocol) packet that is a request packet to the tenant server from the gateway, the OpenFlow switch 110 checks whether there is flow information corresponding to the flow table. If there is no corresponding flow information in the flow table, the OpenFlow switch 110 transmits an inquiry for flow information for request packet transfer to the controller 120. Also, the OpenFlow switch 110 rewrites the address information of the request packet received from the gateway based on the flow information set in the flow table by the controller 120 and transfers it to the tenant server. For example, the OpenFlow switch 110 rewrites the transfer destination IP address written as the destination of the request packet with the private address assigned to the corresponding tenant server in the data center according to the flow information, and the correspondence in the data center. The MAC address of the tenant server is entered in the request packet, and the VLAN ID of the virtual network to which the corresponding tenant server in the data center belongs is assigned to the request packet. In the first embodiment, the tenant server is a physical server in the data center that is the destination of the request packet (or a virtual machine operating in the physical server (for example, A.1 to A.4, B.1 to B.B). 4))).

  When the OpenFlow switch 110 receives a reply packet for the request packet from the tenant server, the OpenFlow switch 110 checks whether there is corresponding flow information. If there is no corresponding flow information in the flow table, the OpenFlow switch 110 transmits an inquiry about flow information for reply packet transfer to the controller 120. Further, the OpenFlow switch 110 rewrites the address information of the reply packet received from the tenant server according to the flow information set in the flow table by the controller 120 and transfers it to the gateway. For example, the OpenFlow switch 110 rewrites the transmission source IP address written as the transmission source in the reply packet with the global address assigned to the corresponding tenant server in the data center according to the flow information, and fills in the reply packet. The MAC address of the tenant server (virtual machine) is rewritten to the MAC address of the server 0, and the VLAN ID assigned to the reply packet is deleted.

  The controller 120 relays various information exchanged between the OpenFlow switch 110 and the load distribution processing unit 130, and controls processing in the server 0.

  More specifically, when receiving the arp packet from the OpenFlow switch 110, the controller 120 transfers the arp packet to the load distribution processing unit 130. Further, when the controller 120 receives the MAC address from the load distribution processing unit 130, the controller 120 transmits an arp packet response command to which the MAC address is assigned to the OpenFlow switch 110.

  When the controller 120 receives an inquiry about flow information for transferring a request packet from the OpenFlow switch 110, the controller 120 transfers the inquiry to the load distribution processing unit 130. Further, when the controller 120 receives the corresponding flow information for request packet transfer from the load distribution processing unit 130, the controller 120 compares the private address and request packet included in the corresponding flow information with respect to the flow table of the OpenFlow switch 110. The MAC address of the tenant server (virtual machine) that is the destination and the VLAN ID of the virtual network to which the tenant server that is the destination of the request packet belongs are set as flow information for transfer of the request packet.

  When the controller 120 receives an inquiry about flow information for transferring a reply packet from the OpenFlow switch 110, the controller 120 transfers the inquiry to the load distribution processing unit 130. When the controller 120 receives the corresponding flow information for forwarding the reply packet from the load distribution processing unit 130, the controller 120 sends the reply packet included in the corresponding flow information to the flow table of the OpenFlow switch 110. The global address of the tenant server and the MAC address of the server 0 are set as flow information for reply packet transfer.

  The load distribution processing unit 130 controls access from clients so that access is not concentrated on a specific tenant server. FIG. 2 shows a configuration example of the load distribution processing unit 130. FIG. 2 is a functional block diagram illustrating a configuration of the load distribution processing unit. As shown in FIG. 2, the load distribution processing unit 130 includes a packet processing unit 131, an arp processing unit 132, a MAC address storage unit 133, a response transmission unit 134, a request packet processing unit 135, and tenant server information storage. A unit 136, a request packet distribution unit 137, a reply packet processing unit 138, and a reply information storage unit 139.

  More specifically, when receiving the arp packet from the controller 120, the packet processing unit 131 instructs the arp processing unit 132 to process the arp packet. When the packet processing unit 131 receives a flow information inquiry about the request packet from the controller 120, the packet processing unit 131 instructs the request packet processing unit 135 to perform the inquiry process. When the packet processing unit 131 receives a flow information inquiry regarding a reply packet from the controller 120, the packet processing unit 131 instructs the reply packet processing unit 138 to perform the inquiry process.

  The arp processing unit 132 executes arp packet processing in response to an instruction from the packet processing unit 131. For example, the arp processing unit 132 searches whether there is a MAC address corresponding to the inquiry IP address included in the arp packet in the record stored in the MAC address storage unit 133. When the arp processing unit 132 has acquired the MAC address from the MAC address storage unit 133, the arp processing unit 132 transmits the acquired MAC address to the controller 120 via the answer transmission unit 134.

  FIG. 3 shows an example of a record stored in the MAC address storage unit 133. FIG. 3 is a diagram illustrating an example of a record stored in the MAC address storage unit. As shown in FIG. 3, the MAC address storage unit 133 stores the inquiry IP address and the MAC address in association with each other. The inquiry IP address is a global address that the tenant server discloses to the outside (client, etc.), and is an address that is inserted into the destination of a request packet transmitted from the client. The MAC address is a MAC address that responds to the gateway to accept access from the client to the tenant server in the data center, and is assigned to the network interface card (NIC1, see FIG. 1) of the server 0 that functions as a load balancer. MAC address. In the first embodiment, for example, as illustrated in FIG. 3, the MAC address storage unit 133 associates the inquiry IP address of the tenant server A with “120.18.20.105” and assigns the MAC assigned to the NIC 1. The address “AA: B2: 10: AA: FF: A4” is stored. Similarly, the MAC address storage unit 133 uses the MAC address assigned to the NIC 1 in association with the inquiry IP address “23.100.51.12” of the tenant server A, for example, as shown in FIG. A certain “AA: B2: 10: AA: FF: A4” is stored.

  The answer transmission unit 134 transmits various information to the controller 120. For example, the answer transmission unit 134 transmits the MAC address transmitted from the above-described arp processing unit 132 to the controller 120. Further, the reply transmission unit 134 transmits flow information for request packet transfer sent from the request packet distribution unit 137 described later to the controller 120. Note that the flow information for request packet transfer includes the private address assigned to the tenant server that is the destination of the request packet, the MAC address of the tenant server, and the VLAN ID of the virtual network to which the tenant server belongs. The reply transmission unit 134 transmits flow information for reply packet transfer sent from the reply packet processing unit 138 described later to the controller 120. Note that the flow information for reply packet transfer includes the global address assigned to the tenant server that is the transmission source of the reply packet and the MAC address of the server 0.

  The request packet processing unit 135 executes request packet processing in response to an instruction from the packet processing unit 131. For example, when there is an instruction to process the flow information related to the request packet, the request packet processing unit 135 displays the tenant server list and VLAN ID associated with the same address as the transfer destination IP address of the request packet as the tenant server information storage unit. Obtained from 136. Then, the request packet processing unit 135 sends the acquired tenant server list and VLANID to the request packet distribution unit 137.

  FIG. 4 illustrates an example of records stored in the tenant server information storage unit 136 according to the first embodiment. FIG. 4 is a diagram illustrating an example of records stored in the tenant server information storage unit according to the first embodiment. As shown in FIG. 4, the tenant server information storage unit 136 is associated with a tenant server address that is a global address that the tenant server exposes to the outside (client, etc.) to a virtual machine that operates in the physical server as a tenant server. A list of combinations of assigned virtual private addresses and virtual MAC addresses assigned to virtual machines is stored as a tenant server list, and a tenant server in a virtual network constructed in the data center. In order to identify a virtual network to which a virtual machine that operates as a virtual machine belongs, a VLAN ID uniquely assigned to each virtual network is stored. For example, the tenant server information storage unit 136 associates with the global address “120.18.20.105” disclosed by the tenant A, the virtual machine A. A virtual machine A.1 that operates in the server 1 as the tenant server A is a pair of the private address “192.168.100.20” and the MAC address “52: 20: 00: AA: FF: A4” assigned to A virtual machine A.2 running in the server 2 as a tenant server A is a pair of the private address “192.168.100.21” and the MAC address “52: 20: 00: AA: FF: A5” assigned to the server 2. A virtual machine A.3 that operates in the server 2 as the tenant server A is a pair of the private address “192.168.100.22” and the MAC address “52: 20: 00: AA: FF: A6” assigned to 4 stores the pair of private address “192.168.100.23” and MAC address “52: 20: 00: AA: FF: A7” assigned to 4 as a tenant server list, Four virtual machines running in the server 2 1-A. 4 stores the identifier “VLANID = 20” of the virtual network to which 4 belongs. Similarly, the tenant server information storage unit 136 is associated with the global address “23.100.51.12” disclosed by the tenant B, and the virtual machine B. Virtual machine B. which operates in the server 3 as the tenant server B, with the private address “192.168.100.24” assigned to 1 and the MAC address “52: 20: 00: AA: FF: B4”. Virtual machine B. which operates in the server 4 as the tenant server B, with the private address “192.168.100.25” and the MAC address “52: 20: 00: AA: FF: B5” assigned to A virtual machine B. which operates in the server 4 as the tenant server B is a pair of the private address “192.168.100.26” and the MAC address “52: 20: 00: AA: FF: B6” assigned to the server 3. 4 stores a pair of private address “192.168.100.27” and MAC address “52: 20: 00: AA: FF: B7” assigned to 4 as a tenant server list, Four virtual machines running in the server 4 1-B. The identifier “VLANID = 40” of the virtual network to which 4 belongs is stored.

  The request packet distribution unit 137 performs processing for determining a request packet distribution destination. For example, when the request packet distribution unit 137 receives the tenant server list and the VLAN ID from the request packet processing unit 135, the request packet distribution unit 137 includes a tenant server list (a private address and a MAC address corresponding to each of a plurality of virtual machines operating as tenant servers). From the list of combinations), a distribution destination of the request packet is determined using a known distribution algorithm. As the distribution algorithm, either static load distribution or dynamic load distribution may be used. For example, round load is used for static load distribution, and the fastest response time, minimum load, and minimum connection are used for dynamic load distribution. can do. Note that load distribution technology using a distribution algorithm includes, for example, “Implementation of Wide Area Load Distribution Using DNS (Information Processing Society of Japan Research Report, May 15, 1998)”. Then, when the request packet distribution unit 137 determines the distribution destination of the request packet, the private address and MAC address assigned to the virtual machine determined as the distribution destination, and the VLAN ID for identifying the virtual network to which the virtual machine of the distribution destination belongs. As flow information, it is sent to the answer transmitter 134.

  The reply packet processing unit 138 executes reply packet processing in response to an instruction from the packet processing unit 131. For example, when there is a flow information inquiry processing instruction regarding a reply packet, the reply packet processing unit 138 indicates a global address and a MAC address associated with the same address as the transmission source IP address of the reply packet. Get from. Then, the reply packet processing unit 138 sends the acquired global address and MAC address to the reply transmission unit 134.

  FIG. 5 illustrates an example of records stored in the reply information storage unit 139 according to the first embodiment. FIG. 5 is a diagram illustrating an example of records stored in the reply information storage unit according to the first embodiment. As illustrated in FIG. 5, the reply information storage unit 139 associates with the transmission source IP address (private address) that can be the transmission source address of the reply packet, and the MAC address of the network interface card (NIC1) mounted on the server 0. And the global IP address of the tenant server. Note that the IP address (global) shown in FIG. 5 is an IP address (the same address as the global IP address in FIG. 4) disclosed to the outside (client or the like) by the tenant server that is the transmission source of the reply packet. Further, as described above, the MAC address is the MAC address (for example, “AA: B2: 10: AA: FF” assigned to the NIC1 (see FIG. 1) which is the network interface card of the server 0 functioning as the load balancer. : A4 "), and the MAC address that responds to the gateway to accept access from the client to the tenant server in the data center.

  The server 0 is, for example, an information processing apparatus that operates a predetermined OS (Operating System) that realizes functions such as monitoring of application software and peripheral devices, management of resources such as disks and memories, interrupt processing, and interprocess communication. If it is.

[Processing in Example 1]
The process flow in the data center according to the first embodiment will be described with reference to FIG. FIG. 6 is a diagram illustrating a flow of processing according to the first embodiment. In the following, the flow of processing in a state where flow information for packet transfer is not set in the flow table of the OpenFlow switch 110 will be described.

  As shown in FIG. 6, the client transmits an HTTP packet to the tenant server (S101). When the gateway receives an HTTP packet to the tenant server from the client, the gateway transmits an arp packet to the tenant server (S102).

  When receiving the arp packet from the gateway, the OpenFlow switch 110 transfers the arp packet to the controller 120 (S103). When receiving the arp packet from the open flow switch 110, the controller 120 transfers the arp packet to the load distribution processing unit 130 (S104).

  When receiving the arp packet from the controller 120, the load distribution processing unit 130 resolves the MAC address (G) and transmits it to the controller 120 (S105). For example, the load distribution processing unit 130 searches for a MAC address corresponding to the inquiry IP address included in the arp packet, and transmits the acquired MAC address to the controller 120. The MAC address (G) means a global MAC address that is disclosed to the outside in order to access a tenant server in the data center. In the first embodiment, a server that serves as a relay point for communication between the outside and the data center. This is the MAC address assigned to the network interface card 0 (NIC1, see FIG. 1).

  When the controller 120 receives the MAC address from the load distribution processing unit 130, the controller 120 transmits an arp packet response command to which the MAC address is assigned to the OpenFlow switch 110 (S106). When receiving the arp packet response command from the controller 120, the OpenFlow switch 110 transfers the arp packet response to the gateway (S107).

  When the gateway receives the arp packet response from the OpenFlow switch 110, the gateway transmits an HTTP (Hypertext Transfer Protocol) packet, which is a request packet to the tenant server, received from the client (S108).

  When the OpenFlow switch 110 receives an HTTP packet, which is a request packet to the tenant server, from the gateway, the controller sends an inquiry about the flow information (flow information corresponding to the transfer procedure of the request packet) corresponding to the transfer destination IP address of the request packet. It transmits to 120 (S109).

  When receiving an inquiry about flow information (flow information corresponding to the transfer procedure of the request packet) from the OpenFlow switch 110, the controller 120 transfers the inquiry to the load distribution processing unit 130 (S110).

  When the load distribution processing unit 130 receives an inquiry about the flow information regarding the request packet from the controller 120, the load distribution processing unit 130 performs the following process. That is, the request packet processing unit 135 acquires the tenant server list and VLAN ID associated with the transfer destination IP address of the request packet from the tenant server information storage unit 136 (S111). Subsequently, when the request packet distribution unit 137 receives the tenant server list and the VLAN ID from the request packet processing unit 135, the request packet distribution unit 137 uses a known distribution algorithm from the tenant server list to distribute the request packet (transfer destination). IP address (P)) is determined (S112). The transfer destination IP address (P) means a private address assigned to a virtual machine determined as a distribution destination among private addresses assigned to each virtual machine operating in a physical server as a tenant server. To do. Subsequently, the response transmission unit 134 responds and transmits the transfer destination IP address (P), the MAC address (P), and the VLANID to the controller 120 as corresponding flow information (S113). The MAC address (P) means a virtual MAC address assigned to the virtual machine determined as the distribution destination.

  When the controller 120 receives the flow information for request packet transfer from the load distribution processing unit 130, the flow information (transfer destination IP address (P), MAC address (P), VLANID) is added to the flow table of the OpenFlow switch 110. Is set (S114).

  The OpenFlow switch 110 rewrites the address information of the request packet received from the gateway based on the flow information set in the flow table by the controller 120, assigns the VLAN ID (S115), and transfers it to the tenant server. (S116). That is, in the processing of steps S115 and S116, the OpenFlow switch 110 changes the transfer destination IP address written as the destination of the request packet to the private address assigned to the corresponding tenant server in the data center according to the flow information. Rewrite, enter the MAC address of the corresponding tenant server in the data center in the request packet, add the VLAN ID of the virtual network to which the corresponding tenant server in the data center belongs to the request packet, and send the request packet to the destination tenant server It is a process to transfer.

  The tenant server returns a reply packet for the request packet to the server 0 (OpenFlow switch 110) (S117). When the OpenFlow switch 110 receives a reply packet for the request packet from the tenant server, the OpenFlow switch 110 transmits an inquiry about flow information for reply packet transfer to the controller 120 (S118).

  When receiving an inquiry about flow information for reply packet transfer from the OpenFlow switch 110, the controller 120 transfers it to the load distribution processing unit 130 (S119).

  When the load distribution processing unit 130 receives an inquiry about the flow information regarding the reply packet from the controller 120, the load distribution processing unit 130 performs the following process. That is, the reply packet processing unit 138 acquires the IP address (G) and the MAC address (G) associated with the same address as the transmission source IP address of the reply packet from the reply information storage unit 139 (S120). Subsequently, the reply transmission unit 134 transmits the IP address (G) and the MAC address (G) in response to the controller 120 (S121). The IP address (G) is an IP address disclosed to the outside (client, etc.) by the tenant server that is the transmission source of the reply packet, and the MAC address (G) is a network interface of the server 0 that functions as a load balancer. This is the MAC address assigned to the card (NIC1, see FIG. 1).

  When the controller 120 receives the flow information for the reply packet transfer from the load distribution processing unit 130, the controller 120 sets the flow information (IP address (G), MAC address (G)) in the flow table of the OpenFlow switch 110 ( S122).

  The OpenFlow switch 110 rewrites the address information of the reply packet received from the tenant server in accordance with the flow information set in the flow table by the controller 120, deletes the VLANID (S123), and transfers it to the gateway (S124). ). That is, in the processing of steps S123 and S124, the OpenFlow switch 110 uses the global IP address assigned to the corresponding tenant server in the data center by using the source IP address written as the source in the reply packet according to the flow information. The MAC address of the tenant server (virtual machine) written in the reply packet is rewritten to the MAC address of the server 0, and the VLAN ID assigned to the reply packet is deleted and transferred.

  Then, the reply packet transmitted from the data center (server 0) is delivered to the client that is the transmission source of the request packet via the gateway.

[Effects of Example 1]
As described above, in the load distribution system according to the first embodiment, one server (server 0) among the plurality of servers arranged in the data center is caused to function as a load distribution apparatus. As a result, there is no cost burden for preparing an expensive load distribution device in advance according to the expected increase in the number of tenants, and the difficulty in facility planning such as preparing in advance the number of devices according to the expected increase in the number of tenants. Is also released.

  Further, in the load distribution system according to the first embodiment, the tenant server and the VLAN ID that are the destination of the request packet are identified based on the transfer destination IP address of the request packet, and the virtual machine that operates as the tenant server is selected from among a plurality of virtual machines. The distribution destination of the request packet is determined based on a known distribution algorithm, and flow information for transferring the request packet is set in the flow table of the OpenFlow switch 110. Thereby, it is possible to control access to the tenant server in units of virtual networks.

  For this reason, according to the first embodiment, it is possible to realize load distribution that is well linked with the virtual network while suppressing the cost burden.

  In the load distribution system according to the first embodiment, the flow information for converting the address information of the reply packet from the tenant server for the request packet into the global address information is set again in the flow table of the OpenFlow switch 110. . As a result, when controlling access to the tenant server in units of virtual networks, the reply address information for the request can be transferred to the client that is the request transmission source in a state in which the address information is converted into global address information.

  In the first embodiment described above, a process for controlling access to a tenant server in units of virtual networks when a plurality of virtual machines operating in a physical server arranged in a data center is provided to a tenant is described. However, the present invention can be similarly applied to the case where the physical server itself is provided to the tenant instead of the virtual machine. For example, when a request packet distribution destination is determined from a plurality of physical servers provided as a tenant server based on a well-known distribution algorithm, first, it corresponds to the same address as the transfer destination IP address of the request packet The request packet processing unit 135 and the tenant server information storage unit 136 are configured so that a private address (or a pair of a private address and a MAC address) with the same VLAN ID can be acquired. As a result, even when the physical server itself is provided to the tenant, it is possible to realize load distribution that is well linked with the virtual network while suppressing the cost burden.

  FIG. 7 illustrates a configuration example of a data center according to the second embodiment. FIG. 7 is a diagram illustrating a configuration example of a data center according to the second embodiment. As shown in FIG. 7, the boundaries of a plurality of virtual networks (VLAN = 20, VLAN = 40) constructed in the data center are within one server 2 among the plurality of servers arranged in the data center. Also in the case of the above, it is possible to control access to the tenant server in units of virtual networks by applying the above-described processing of the first embodiment (FIG. 6).

  For example, an open flow switch is installed in the servers 1 to 4 shown in FIG. 7 instead of the bridge. Thereby, for example, the number of servers can be flexibly changed according to the load on the data center.

  As shown in FIG. 7, in the server 2, the virtual machines A.A and B belonging to the virtual network of VLAN = 20. 3 and virtual machine B.1 belonging to the virtual network of VLAN = 40. 0 is in operation. Accordingly, by rewriting the records of the tenant server information storage unit 136 and the reply information storage unit 139 of the load distribution processing unit 130 of the server 0, the above-described processing of the first embodiment (FIG. 6) can be applied. Hereinafter, a configuration example of a record of the tenant server information storage unit 136 according to the second embodiment and a configuration example of a record of the reply information storage unit 139 according to the second embodiment will be described.

  FIG. 8 illustrates an example of records stored in the tenant server information storage unit 136 according to the second embodiment. FIG. 8 is a diagram illustrating an example of records stored in the tenant server information storage unit according to the second embodiment. As illustrated in FIG. 8, the tenant server information storage unit 136 stores information according to the configuration of the data center according to the second embodiment. For example, the global address “120.18 that tenant A discloses to clients and the like is stored. .. 20.105 ”, a virtual machine that operates as a tenant server in the data center. 1 is a pair of the private address “192.168.100.20” and the MAC address “52: 20: 00: AA: FF: A4” assigned to the virtual machine A.1. 2 is a pair of the private address “192.168.100.21” and the MAC address “52: 20: 00: AA: FF: A5” assigned to the virtual machine A.2. 3 virtual machines A that store the pair of private address “192.168.100.22” and MAC address “52: 20: 00: AA: FF: A6” assigned to 3 and operate as tenant server A . 1-A. The VLAN ID “20” of the virtual network to which 3 belongs is stored. In addition, as illustrated in FIG. 8, the tenant server information storage unit 136 associates with the global address “23.100.51.12” publicly disclosed by the tenant B and operates as a virtual server that operates as a tenant server in the data center. Machine B. Virtual machine B. which operates as a tenant server in the data center, with a private address “192.168.100.23” assigned to 0 and a MAC address “52: 20: 00: AA: FF: B4”. 1 is a pair of the private address “192.168.100.24” and the MAC address “52: 20: 00: AA: FF: B5” assigned to the virtual machine B.1. 2 is a pair of the private address “192.168.100.25” and the MAC address “52: 20: 00: AA: FF: B6” assigned to the virtual machine B.2. 3 is a pair of the private address “192.168.100.26” and the MAC address “52: 20: 00: AA: FF: B7” assigned to the virtual machine B.3. The private address “192.168.100.27” assigned to 4 and the MAC address “52: 20: 00: AA: FF: B8” are stored as a tenant server list and operated as a tenant server B 5 One virtual machine B. 0-B. VLAN ID “40” of the virtual network to which 4 belongs is stored.

  FIG. 9 illustrates an example of records stored in the reply information storage unit 139 according to the second embodiment. FIG. 9 is a diagram illustrating an example of records stored in the reply information storage unit according to the second embodiment. As illustrated in FIG. 9, the reply information storage unit 139 stores information according to the configuration of the data center according to the second embodiment. For example, the reply information storage unit 139 stores a source IP address (“192 .168.100.20 ”to“ 192.168.100.27 ”), the MAC address of the network interface card (NIC1) mounted on the server 0 (for example,“ AA: B2: 10: AA: FF: A4 ") and the global IP address of the tenant server (for example," 120.18.20.105 "or" 23.100.51.12 ").

  By using the tenant server information storage unit 136 and the reply information storage unit 139 described above, the load distribution processing unit 130 of the server 0 according to the second embodiment performs the same procedure as in the first embodiment (see FIG. 6). Thus, access to the tenant server can be controlled in units of virtual networks.

  Hereinafter, Example 3 will be described as another embodiment of the load distribution system, the load distribution device, the load distribution method, and the load distribution program according to the present invention.

(1) Device Configuration, etc. The configuration of the load distribution system according to the first embodiment, for example, each component of the server 0 shown in FIG. 1 is functionally conceptual and is not necessarily physically configured as illustrated. Is not required.

  For example, the load distribution processing unit 130 and the controller 120 of the server 0 shown in FIG. 1 are configured to be functionally or physically integrated, and a program that realizes the same processing procedure as the load distribution processing unit 130 is executed on the controller 120. You may make it make it. In addition, the MAC address storage unit 133, the tenant server information storage unit 136, and the reply information storage unit 139 included in the load distribution processing unit 130 illustrated in FIG. 2 are functionally or physically distributed with the load distribution processing unit 130. Also good. As described above, the specific form of distribution or integration of the components of the load distribution system shown in FIG. 1 is not limited to that shown in FIG. Depending on the above, it can be configured to be functionally or physically distributed and integrated in arbitrary units.

(2) Load distribution method The following load distribution method is realized by the load distribution system according to the first embodiment. For example, a load having a plurality of information processing devices housed in the same local network and lent to a plurality of tenants, and having a load distribution device that controls access to the information processing devices from clients via an external network A load distribution method executed in a distributed system, wherein the load distribution device transfers a request packet from a transfer unit that transfers information exchanged between the local network and the external network according to a flow table. A global address used in the external network by the information processing device, and a pair of a private address and a MAC address of the information processing device used in the local network by the information processing device. , A destination IP address of the request packet from a tenant information storage unit that stores a virtual network identifier that identifies a virtual network to which the information processing apparatus belongs among virtual networks constructed in units of tenants in the local network. All the private address and MAC address pairs having the same virtual network identifier associated with the same global address are obtained, and from among the obtained private address and MAC address pairs. A determination step of determining a distribution destination of the request packet by a distribution algorithm (see, for example, steps S109 to S112 in FIG. 6), and the load distribution apparatus determines that the private address determined as the distribution destination is And a request transfer that sets the MAC address pair and the virtual network identifier associated with the same global address as the destination IP address in the flow table as flow information for controlling transfer of the request packet. A load distribution method including a setting step (see, for example, steps S113 to S114 in FIG. 6) is realized.

(3) Program for causing log analysis apparatus to execute a predetermined procedure The various processes described in the above-described embodiment (for example, FIG. 6 and the like) are implemented as a load distribution apparatus in the data center according to the first embodiment. A program for causing a server 0, which is a computer such as a personal computer or workstation, to execute procedures for realizing the same processing functions as the various types of processing described in the above-described embodiments. Can also be realized.

  Therefore, in the following, an example of a computer that realizes the same functions as the various processes (for example, FIG. 6 and the like) described in the above-described embodiment will be described with reference to FIG. FIG. 10 is a diagram illustrating an example of a computer that executes a program for realizing the same function as the processing described in the above-described embodiment.

  As illustrated in FIG. 10, the computer 300 implemented as the server 0 includes, for example, a memory 301 and a CPU (Central Processing Unit) 302. Further, the computer 300 includes a hard disk drive interface 303 and an optical disk drive interface 304, as shown in FIG. Further, as shown in FIG. 10, the computer 300 includes a serial port interface 305, a video adapter 306, and a network interface 307. The computer 300 connects these units 301 to 307 via a bus 308.

  As shown in FIG. 10, the memory 301 includes a ROM (Read Only Memory) and a RAM (Random Access Memory). The ROM stores a boot program such as BIOS (Basic Input Output System). The hard disk drive interface 303 is connected to the hard disk drive 309 as shown in FIG. The optical disc drive interface 304 is connected to the optical disc drive 310 as shown in FIG. For example, a removable storage medium such as an optical disk is inserted into the optical disk drive 310. As shown in FIG. 10, the serial port interface 305 is connected to, for example, a mouse 400 and a keyboard 500. As shown in FIG. 10, the video adapter 306 is connected to a display 600, for example.

  Here, as shown in FIG. 10, the hard disk drive 309 stores, for example, an OS (Operating System), application programs, program modules, and program data.

  That is, a program for causing a computer to execute a predetermined procedure for realizing the same function as the processing executed by the server 0 described above is a program module in which a command executed by the computer 300 is described, for example, a hard disk drive 309. Is remembered. That is, a program module in which a procedure for causing the computer 300 as the server 0 to realize the same processing functions as the various processes (for example, FIG. 6) described in the above-described embodiment is stored in the hard disk drive 309. Is done. This program module corresponds to, for example, a procedure (process) executed by the load distribution processing unit 130 of the server 0 shown in FIG.

  The data used by the program module in which the procedure for causing the computer 300 as the server 0 to implement the same processing functions as the various processes (for example, FIG. 6 etc.) described in the above-described embodiment is a program. For example, it is stored in the hard disk drive 309 as data. For example, the program data includes, for example, data stored in the tenant server information storage unit 136 included in the load distribution processing unit 130 (see FIG. 4) and data stored in the reply information storage unit 139 (see FIG. 5). It corresponds to various data such as.

  Then, the CPU 302 reads out program modules and program data stored in the hard disk drive 309 to the RAM as necessary, and performs a procedure for realizing various processes (for example, FIG. 6 and the like) described in the above embodiment. Run.

  It should be noted that a program module or a program in which a procedure to be executed by the computer 300 is described in order to cause the computer 300 as the server 0 to realize the same processing as the various processing described in the above-described embodiment (for example, FIG. 6 and the like). The data is not limited to being stored in the hard disk drive 309, and may be stored in, for example, the optical disk drive 310 that is a removable storage medium. In this case, the CPU 302 reads out program modules and program data having the same functions as the server 0 via the optical disk drive 310.

  Alternatively, a program module or program data describing a procedure for causing the computer 300 as the server 0 to implement the same processing functions as the various types of processing described in the above-described embodiment (for example, FIG. 6 and the like) is a network ( It may be stored in another computer connected via a LAN (Local Area Network), a WAN (Wide Area Network), or the like. In this case, the CPU 302 reads program modules and program data having the same functions as those of the server 0 from another computer via the network interface 307.

  Instead of the CPU 302 operating by a program to perform various processes, for example, the process can be performed using an electronic circuit such as an application specific integrated circuit (ASIC) or a field programmable gate array (FPGA). Further, a flash memory or the like can be used as the memory 301.

0 to 4 server 110 open flow switch 120 controller 130 load distribution processing unit 131 packet processing unit 132 arp processing unit 133 MAC address storage unit 134 reply transmission unit 135 request packet processing unit 136 tenant server information storage unit 137 request packet distribution unit 138 reply Packet processing unit 139 Reply information storage unit 200 Switch 300 Computer 301 Memory 302 CPU
303 Hard Disk Drive Interface 304 Optical Disk Drive Interface 305 Serial Port Interface 306 Video Adapter 307 Network Interface 308 Bus 309 Hard Disk Drive 310 Optical Disk Drive 400 Mouse 500 Keyboard 600 Display

Claims (6)

A load distribution system having a plurality of information processing apparatuses accommodated in the same local network and lent to a plurality of tenants, and a load distribution apparatus for controlling access to the information processing apparatus from a client via an external network There,
The load balancer is:
Transfer packets exchanged between the local network and the external network according to a flow table for converting address information inserted in the packets exchanged between the local network and the external network. A transfer section;
A global address used in the external network by the information processing device, a pair of a private address and a MAC address of the information processing device used in the local network by the information processing device, and the tenant in the local network A tenant information storage unit that stores a virtual network identifier that identifies a virtual network to which the information processing apparatus belongs among virtual networks constructed in units;
The private address and the MAC having the same virtual network identifier associated with the same global address as the destination IP address of the request packet when an inquiry about the transfer procedure of the request packet is received from the transfer unit All the address pairs are acquired from the tenant information storage unit, and from among the acquired pairs of the private address and the MAC address, the distribution destination of the request packet is determined by a distributed algorithm, and is determined as the distribution destination The private address and MAC address pair and the virtual network identifier associated with the same global address as the destination IP address are used as flow information for controlling the transfer of the request packet. Load distribution system characterized by having a request transfer setting unit for setting the flow table. A reply information storage unit that stores the MAC address of the load balancer and the global address in association with the private address;
When an inquiry about the transfer procedure of the reply packet for the request packet is received from the transfer unit, the global address and the load balancer associated with the same private address as the source IP address of the reply packet A reply transfer setting unit that acquires a MAC address from the reply information storage unit, and sets the acquired global address and the MAC address of the load balancer in the flow table as flow information for controlling transfer of the reply packet; The load distribution system according to claim 1, further comprising: A load balancer that is accommodated in the same local network as a plurality of information processing devices lent to a plurality of tenants and controls access to the information processing device from a client via an external network,
Transfer packets exchanged between the local network and the external network according to a flow table for converting address information inserted in the packets exchanged between the local network and the external network. A transfer section;
A global address used in the external network by the information processing device, a pair of a private address and a MAC address of the information processing device used in the local network by the information processing device, and the tenant in the local network A tenant information storage unit that stores a virtual network identifier that identifies a virtual network to which the information processing apparatus belongs among virtual networks constructed in units;
The private address and the MAC having the same virtual network identifier associated with the same global address as the destination IP address of the request packet when an inquiry about the transfer procedure of the request packet is received from the transfer unit All the address pairs are acquired from the tenant information storage unit, and from among the acquired pairs of the private address and the MAC address, the distribution destination of the request packet is determined by a distributed algorithm, and is determined as the distribution destination The private address and MAC address pair and the virtual network identifier associated with the same global address as the destination IP address are used as flow information for controlling the transfer of the request packet. Load distribution apparatus characterized by having a request transfer setting unit for setting the flow table. A load distribution system having a plurality of information processing apparatuses accommodated in the same local network and lent to a plurality of tenants, and a load distribution apparatus for controlling access to the information processing apparatus from a client via an external network A load balancing method to be executed,
The load balancer exchanges between the local network and the external network according to a flow table for converting address information inserted in a packet exchanged between the local network and the external network. A global address used in the external network by the information processing apparatus and a local network used by the information processing apparatus when an inquiry about a request packet transfer procedure is received from a transfer unit that forwards the received packet A virtual network identifying the virtual network to which the information processing apparatus belongs among the virtual networks constructed in units of tenants in the local network and the pair of the private address and the MAC address of the information processing apparatus From the tenant information storage unit that associates and stores a work identifier, the virtual network identifier associated with the same global address as the destination IP address of the request packet is the same, and the private address and the MAC address A determination step of acquiring all pairs and determining a distribution destination of the request packet by a distributed algorithm from all the pairs of the acquired private address and the MAC address;
The load balancer sends the request packet to the pair of the private address and the MAC address determined as the distribution destination, and the virtual network identifier associated with the same global address as the destination IP address. A request transfer setting step for setting in the flow table as flow information for transfer control. A load balancing method executed by a load balancer that controls access to an information processing device from a client that is accommodated in the same local network as a plurality of information processing devices lent to a plurality of tenants and that passes through an external network. And
The load balancer exchanges between the local network and the external network according to a flow table for converting address information inserted in a packet exchanged between the local network and the external network. A global address used in the external network by the information processing apparatus and a local network used by the information processing apparatus when an inquiry about a request packet transfer procedure is received from a transfer unit that forwards the received packet A virtual network identifying the virtual network to which the information processing apparatus belongs among the virtual networks constructed in units of tenants in the local network and the pair of the private address and the MAC address of the information processing apparatus From the tenant information storage unit that associates and stores a work identifier, the virtual network identifier associated with the same global address as the destination IP address of the request packet is the same, and the private address and the MAC address A determination step of acquiring all pairs and determining a distribution destination of the request packet by a distributed algorithm from all the pairs of the acquired private address and the MAC address;
The load balancer sends the request packet to the pair of the private address and the MAC address determined as the distribution destination, and the virtual network identifier associated with the same global address as the destination IP address. A request transfer setting step for setting in the flow table as flow information for transfer control. A load distribution program that is executed in a load distribution device that controls access to the information processing device from a client that is accommodated in the same local network as the plurality of information processing devices lent to a plurality of tenants Because
Transfer packets exchanged between the local network and the external network according to a flow table for converting address information inserted in the packets exchanged between the local network and the external network. A global address used in the external network by the information processing apparatus, a private address used in the local network by the information processing apparatus, and the A pair of the MAC address of the information processing device is paired with a virtual network identifier that identifies a virtual network to which the information processing device belongs among virtual networks constructed in units of tenants in the local network. All the private address and MAC address pairs having the same virtual network identifier associated with the same global address as the destination IP address of the request packet are acquired from the tenant information storage unit attached and stored. A determination procedure for determining a distribution destination of the request packet by a distributed algorithm from all the pairs of the acquired private address and the MAC address;
Flow for controlling transfer of the request packet with the pair of the private address and the MAC address determined as the distribution destination and the virtual network identifier associated with the same global address as the destination IP address And a request transfer setting procedure set in the flow table as information.

Images