JP2016046736A - Service chaining system, service chaining forwarder device, and service chaining method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To improve availability of a virtualized network service function.SOLUTION: A service chaining system 1 includes devices, each of which performs, autonomously and in a distributed manner, life-and-death monitoring among the devices and link failure detection and failure recovery and link failure detection and failure recovery among the devices. The service chaining system 1 includes SCF devices 10 between which mutual exchange of service function state advertisement information for enabling service chaining between the devices is performed autonomously and in a distributed manner. Each SCF device 10, on the basis of a topology information table managed by the SCF device, appropriately selects a SF of a transfer source on the basis of "resource information" and a "cost total value."SELECTED DRAWING: Figure 1

Description

  The present invention relates to a service chaining system, a service chaining forwarder device, and a service chaining method.

  In recent years, the progress of virtualization technology and the performance improvement of processing devices such as CPU (Central Processing Unit) of general-purpose server devices have been remarkable. A technique called NFV (Network Functions Virtualization) in which a network service function that has been conventionally implemented in dedicated hardware is virtually implemented on a general-purpose server device has been studied.

  In NFV, service chaining is performed in a carrier network of a telecommunications carrier. Service chaining means that a user's flow is sent to the corresponding virtualized network service function and processed based on the user's contract status for each flow, and then the destination or other virtualized network service function To be transferred to.

  For example, as one method of service chaining, the user's packet is given an identifier and appropriately virtualized based on the identifier so that the user can selectively use virtualized network service functions. There is a method to be transferred to the network service function. In this method, CL (CLassifier) determines for each packet and assigns an appropriate identifier to the packet.

“Network Functions Virtualization”, [online], ETSI-European Telecommunications Standards Institute, [searched August 6, 2014], Internet <URL: http://www.etsi.org/technologies-clusters/technologies/nfv> Network Working Group (P. Quinn, Ed., Etc.), “Service Function Chaining (SFC) Architecture draft-quinn-sfc-arch-05.txt”, [online], May 5, 2014, The Internet Engineering Task Force (IETF) (Registered trademark)), [searched on August 6, 2014], Internet <URL: http://tools.ietf.org/pdf/draft-quinn-sfc-arch-05.pdf>

  However, in the above-described conventional technology, the virtualized network service function is centrally controlled by the control device. For this reason, the prior art has a large effect when a control device fails, and there is a problem of availability of a virtualized network service function.

  An example of an embodiment disclosed in the present application has been made in view of the above, and aims to increase the availability of a virtualized network service function.

  An example of an embodiment disclosed in the present application is that a service chaining system performs network processing on data connected to a plurality of service chaining forwarder devices communicably connected to each other and each service chaining forwarder device. Identify the network processing device having the network processing function to be executed and the network processing function to process the data received from the outside, transfer the data to the service chaining forwarder device, and send the data received from the service chaining forwarder device to the outside A classifier device for transmission. Each service chaining forwarder device manages transfer information in which each network processing function type is associated with device identification information of a service chaining forwarder device to which a network processing device having a network processing function is connected. When each of the service chaining forwarder devices receives data from the classifier device or another service chaining forwarder device, the device identification information corresponding to the network service function in which the data is processed is included in the transfer information. If this is true, the data is transferred to a network processing device having the network service function connected to the device itself, and if the device is not applicable, the data is transferred to another service chaining forwarder device or classifier device. .

  According to an exemplary embodiment disclosed in the present application, for example, the availability of a virtualized network service function can be increased.

FIG. 1 is a diagram illustrating an example of a configuration of a service chaining system. FIG. 2 is a diagram illustrating an example of a configuration of the service chaining forwarder apparatus. FIG. 3 is a diagram illustrating an example of a service function state advertisement table. FIG. 4 is a diagram illustrating an example of a neighbor table. FIG. 5 is a diagram illustrating an example of the service function state data table. FIG. 6 is a diagram illustrating an example of the topology information table. FIG. 7 is a diagram illustrating an example of the session information table. FIG. 8 is a diagram showing a list of information that the service chaining forwarder apparatus has. FIG. 9 is a diagram illustrating an example of the configuration of the service function device. FIG. 10 is a diagram illustrating an example of the configuration of the classifier device. FIG. 11 is a flowchart illustrating an example of transfer processing executed by the service chaining forwarder device. FIG. 12 is a diagram illustrating an example of a topology information generation process. FIG. 13 is a diagram illustrating an example of life and death monitoring, failure detection, and failure recovery between devices. FIG. 14 is a diagram illustrating an example of a flow of a packet flow in which a packet is transferred to a service function when the packet is transmitted from the user network / terminal to the external network. FIG. 15 is a diagram illustrating an example of a flow of a packet flow in which a packet is transferred to a service function when the packet is transmitted from an external network to a user network / terminal. FIG. 16 is a diagram illustrating an example of a computer that realizes a service chaining forwarder device, a service function device, and a classifier device by executing each program.

[Embodiment]
Hereinafter, embodiments of a service chaining system and the like disclosed in the present application will be described. The following embodiments are merely examples, and do not limit the technology disclosed by the present application. Moreover, you may combine suitably embodiment shown below and its modification in the range which does not contradict.

(Service chaining system configuration)
FIG. 1 is a diagram illustrating an example of a configuration of a service chaining system. A service chaining system 1 shown in FIG. 1 is applied to a virtualized network that provides a virtualized network service function. The service chaining system 1 includes an SCF (Service Chaining Forwarder) device 10, an SF (Service Function) device 20, a CL (CLassifier) device 30, a user network / terminal 40, a GWR ( GateWay Router) device 50. The service chaining system 1 is connected to the external network 60 via the GWR 50.

  The SCF_A 10a, SCF_B 10b, SCF_C 10c, and SCF_D 10d shown in FIG. In addition, SF (SBC: Session Border Controller) 20a, SF (NAT: Network Address Translation) 20b-1, SF (DPI: Deep Packet Inspection) 20b-2, SF (BAS: Broadband Access Server) 20c, shown in FIG. The SF (DPI) 20d is collectively referred to as the SF device 20. Further, CL 30a and CL 30b shown in FIG.

  As shown in FIG. 1, SCF_A 10a and SCF_B 10b, SCF_B 10b and SCF_C 10c, SCF_C 10c and SCF_D 10d, SCF_B 10b and SCF_D 10d are connected to each other. As shown in FIG. 1, two adjacent SCF devices 10 connected, for example, SCF_B 10b for SCF_A 10a and SCF_A 10a for SCF_B 10b are referred to as adjacent SCF devices 10. Moreover, as shown in FIG. 1, CL30a and SCF_D20d and CL30b and SCF_C20c are connected, respectively. That is, SCF_D 20d is the SCF device 20 adjacent to the CL 30a, and SCF_C 20c is the SCF device 20 adjacent to the CL 30b.

  The SCF_A 10a is assigned an IP (Internet Protocol) address “192.168.1.2”. The SCF_B 10b is assigned the IP address “162.168.1.3”. The SCF_C 10c is assigned the IP address “162.168.1.4”. The SCF_D 10d is assigned the IP address “162.168.1.5”. Each SF device 20 and each CL device 30 are also assigned different IP addresses.

  The SF device 20 is connected to the SCF device 10 and provides a network service function. In the example of FIG. 1, an SF (SBC: Session Border Controller) device 20a is connected to the SCF_A 10a. The SF (SBC) device 20a provides a function of a session border controller. Also, a network address translation (SF) device 20b-1 and a deep packet inspection (SF) device 20b-2 are connected to the SCF_B 10b. The SF (NAT) device 20b-1 provides a network address translation function. The SF (DPI) device 20b-2 provides a deep packet inspection function.

  Also, an SF (BAS: Broadband Access Server) device 20c is connected to the SCF_C 10c. The SF (BAS) device 20c provides a session border controller function. An SF (DPI) device 20d is connected to the SCF_D 10d. The SF (DPI) device 20d provides a deep packet inspection function.

  The CL device 30 is connected to the SCF device 10 located on the connection side of the service chaining layer with respect to the user network / terminal 40 and the external network 60. In the example of FIG. 1, CL30a is connected to SFC_D10d, and CL30b is connected to SFC_C10c.

  A network constructed by the SCF device 10, the SF device 20, and the CL device 30 is a service chaining layer in which service chaining is executed. The CL device 30 serves as a service chaining layer gateway for the user network / terminal 40 and the external network 60.

(Configuration of service chaining forwarder device)
FIG. 2 is a diagram illustrating an example of a configuration of the service chaining forwarder apparatus. The SCF device 10 is a network device having an NP (Network Processor) and / or a CPU (Central Processing Unit). The SFC device 10 includes a control plane unit 11 that executes packet path control and the like in the service chaining layer, and a data plane unit 12 that executes data transfer processing and the like.

  The SCF device 10 transmits the received packet to another SCF device 10 to which the SF device 20 on which the SF that processes the received packet operates is connected. When the data plane unit 12 manages session information corresponding to the received packet metadata including the 5 tuple information of the received packet and the SF identifier, the SCF device 10 transfers the received packet to the data plane unit 12. Let On the other hand, when the data plane unit 12 does not manage session information corresponding to the received packet metadata including the 5 tuple information and the SF identifier, the SCF device 10 performs control based on the topology information managed by the control plane unit 11. Under the control of the plane unit 11, the data plane unit 12 is caused to execute transfer of the received packet. The 5-tuple information is an attribute of a packet flow, and is a set of a source and destination IP address, a source and destination port number, and a protocol number.

  Note that the packet metadata includes the identifier of the SF that the packet needs to be processed, the identifier of the SF that the packet needs to be processed according to the processing result in each SF, and the processed information for each SF identifier. The processed information for each SF identifier is information indicating whether or not the packet has been processed in the corresponding SF. Note that the metadata may include a result of classification. In other words, the CL device 30 analyzes packets up to a higher layer (for example, 7 layers), but even in the case of a service that requires further analysis, the result of the classifier by the CL device 30 is included in the metadata. This eliminates the need to analyze up to a higher layer again.

  The control plane unit 11 manages various types of information used by the data plane unit 12 to perform data transfer processing between the SCF devices 10. The control plane unit 11 includes a processing unit 11a, a service function state advertisement management unit 11b, a neighbor table management unit 11c, a service function state database 11d, and a topology information management unit 11e. The processing unit 11a is a processing device such as an NP or a CPU.

  The service function state advertisement management unit 11b stores a service function state advertisement table 11b-1 (see FIG. 3). FIG. 3 is a diagram illustrating an example of a service function state advertisement table. FIG. 3 is an example of the service function state advertisement table 11b-1 included in the SCF_A 10a.

  As illustrated in FIG. 3, the service function state advertisement table 11b-1 includes columns of “SCF device”, “IP address”, “SF”, and “resource information”. “SCF device” is the name of the SCF device 10 to which the corresponding SF device 20 is connected. The “IP address” is an IP address assigned to the SCF device 10 to which the corresponding SF device 20 is connected. “SF” is the name of the service function (SF) of the corresponding SF device 20. “Resource information” is, for example, a remaining CPU usage rate or the like indicating the resource status of the SF device 20 in which the SF is operating.

  In the example of FIG. 3, the SF device 20 connected under the SCF_A 10a indicates that the SF of “SBC” is operating. Then, the remaining CPU usage rate of the SF device 20 in which the SF of “SBC” is operating is 60%.

  The neighbor table management unit 11c stores a neighbor table 11c-1 (see FIG. 4). FIG. 4 is a diagram illustrating an example of a neighbor table. FIG. 4 is an example of the neighbor table 11c-1 included in the SCF_A 10a. The table configuration of the neighbor table 11c-1 is the same as that of the service function state advertisement table 11b-1.

  The neighbor table 11 c-1 lists “SCF device”, “IP address”, “SF”, and “resource information” of another SCF device 10 adjacent to the SCF device 10. In the example of FIG. 4, it is indicated that the SCF device 10 adjacent to the SCF_A 10a is the SCF_B 10b. The SF device 20 connected under the control of the SCF_B 10b indicates that the SFs with identifiers “NAT” and “DPI” are operating. The remaining CPU usage rate of the SF device 20 in which the SF with the identifier “NAT” is operating is 100%, and the remaining CPU usage rate of the SF device 20 in which the SF with the identifier “DPI” is operating is 50%. %.

  The service function state database 11d stores a service function state data table 11d-1 (see FIG. 5). FIG. 5 is a diagram illustrating an example of a service function state database table. FIG. 5 is an example of the service faction state data table 11d-1 that all the SC devices 10 have in common. The table structure of the service function state data table 11d-1 is the same as that of the service function state advertisement table 11b-1. That is, the service function state data table 11d-1 is a collection of service function state advertisement information from all the SF devices 20 included in the SCF device 10. The service faction state data table 11d-1 is the same in all SCF devices 10.

  The topology information management unit 11e stores a topology information table 11e-1 (see FIG. 6). FIG. 6 is a diagram illustrating an example of the topology information table. FIG. 6 is an example of the topology information table 11e-1 included in the SCF_A 10a. The topology information table 11e-1 extracts records other than the record whose “SF” is “CL” from the records included in the service faction state data table 11d-1, and the corresponding SF from the SCF device 10 which is the own device. Is calculated as the “cost total value” and the columns are rearranged in the order of “SF”, “SCF”, “IP address”, “resource information”, and “cost total value”. is there.

  In the example of FIG. 6, “SF” having an identifier “SBC” operates in the SF device 20 subordinate to the SCF_A 10 a that is the own device, and indicates that “resource information” is “60”. In the example of FIG. 6, “SF” having the identifier “NAT” operates in the SF device 20 under the control of SCF_B 10 b, “resource information” is “100”, and “cost total value” is “1”. Indicates that

  The processing unit 11a stores the service function state advertisement information periodically received from the subordinate SF device 20 connected to the SFC device 10 in the service function state advertisement management unit 11b. The service function state advertisement information includes the type of service function (SF) of the SF device 20 and resource information (for example, remaining CPU usage rate) of the SF device 20. Note that the processing unit 11a handles the CL device 30 connected to the SCF device 10 as one function in the same manner as the SF device 20 regarding the service function state advertisement information.

  When the processing unit 11a receives the service function state advertisement information from the subordinate SF device 20, the processing unit 11a corresponds the received service function state advertisement information to the device identification information of the SCF device 10 and the IP address assigned to the SCF device 10. In addition, it is registered in the service function state advertisement table 11b-1. Then, the processing unit 11a registers the information registered in the service function state advertisement table 11b-1 in the service function state database 11d.

  Also, the processing unit 11a registers the information of the service function state advertisement table 11b-1 stored in the service function state advertisement management unit 11b in the neighbor table 11c-1 managed by the neighbor table management unit 11c. To the SCF device 10 to be transmitted. Further, the processing unit 11a registers the information of the service function state advertisement table 11b-1 received from the adjacent SCF device 10 in the service function state database 11d. The processing unit 11a receives the information of the service function state advertisement table 11b-1 received from the adjacent SCF device 10 and stored in the neighbor table management unit 11c. Register to 1. In other words, the neighbor table 11c-1 is updated with the information of the service function state advertisement table 11b-1 received from the adjacent SCF device 10 and included in the adjacent SCF device 10, whereby the service function state advertisement is updated. In the process of exchanging information, the neighbor table 11c-1 is also always kept in the latest information state. The neighbor table 11c-1 may have only the columns of “SCF device” and “IP address”.

  Then, the processing unit 11a transfers the information of the service function state advertisement table 11b-1 received from the adjacent SCF device 10 to another adjacent SCF device 10 registered in the neighbor table 11c-1. The processing unit 11a repeats the transfer of the received information of the service function state advertisement table 11b-1 to the other adjacent SCF devices 10 between the SCF devices 10, whereby the service transmitted from each SF device 20 is transmitted. The function state advertisement information is notified to all the SCF devices 10.

  Further, the processing unit 11a registers the information of the service function state advertisement table 11b-1 received from the adjacent SCF device 10 in the service function state database 11d. In the service function state database 11d, information of the service function state advertisement table 11b-1 of all the SF devices 20 based on the service function state advertisement information transmitted from each SF device 20 is registered.

  Further, the processing unit 11a generates a topology information table 11e-1 based on the service function state data table 11d-1 stored in the service function state database 11d. That is, the processing unit 11a generates a topology information table 11e-1 including “cost total value” that is a result of calculating the shortest path based on an algorithm such as Dijkstra based on information in the service faction state data table 11d-1. To do.

  The data plane unit 12 performs data transfer processing between the SCF devices 10. The data plane unit 12 includes a processing unit 12a and a session information management unit 12b. The processing unit 12a is a processing device such as an NP or a CPU.

  The session information management unit 12b stores a session information table 12b-1 (see FIG. 7). FIG. 7 is a diagram illustrating an example of the session information table. The session information table 12b-1 includes 5 tuple information of “source IP address”, “destination IP address”, “source port number”, “destination port number”, “protocol number”, and “SF1”, “SF2”. Has a column. The “SF1”, “SF2”, “SF3”... Columns store the identifiers of the SFs through which the flow specified by the corresponding 5 tuple information has passed. In other words, the session information table 12b-1 manages the 5 tuple information and the identifier of the SF through which the flow specified by the relevant 5 tuple information has passed in association with each other.

  Based on the topology information managed by the control plane unit 11, the processing unit 12 a transfers the received packet under the control of the control plane unit 11.

  FIG. 8 is a diagram showing a list of information that the service chaining forwarder apparatus has. By the operation of the SCF device 10 described above, each SCF device 10 has information as shown in FIG. That is, each SCF device 10 stores the service function state advertisement information of the SF devices 20 under its control in the service function state advertisement management unit 11b. Then, each SCF device 10 transfers service function state advertisement information managed by itself, and notifies all the SCF devices 10.

  Each SCF device 10 aggregates the service function state advertisement information received from other SCF devices 10 into the service function state database 11d. Then, each SCF device 10 calculates the total cost value from the own device to each service function from the registration information of each service function state database 11d, and includes the calculated total cost value from the own device to each service function. The topology information is managed by the topology information management unit 11e.

(Service function device configuration)
FIG. 9 is a diagram illustrating an example of the configuration of the service function device. The SF device 20 is a virtualized network service function that is implemented by a program that provides a predetermined network service function being executed by a server device having a processing device such as a CPU. The SF device 20 performs various network service processing on the received packet or controls the received packet.

  The SF device 20 includes a control unit 21, a service function information transmission unit 22, a service function management unit 23, and a service function processing unit 24. The control unit 21 is a processing device such as a CPU, and controls the entire SF device 20.

  The service function information transmission unit 22 periodically transmits information on the SF operating in the SF device 20 managed by the service function management unit 23 to the SCF device 10 to which the SF device 20 is connected. For example, when the SF device 20 is the SF (SBC) 20a shown in FIG. 1, the SF (SBC) 20a has the same service as the service function state advertisement table 11b-1 shown in FIG. Manage function state advertisement information. Then, the service function information transmission unit 22 periodically transmits the service function state advertisement information managed by the service function management unit 23 to the SCF_A 10a illustrated in FIG.

  The service function processing unit 24 is a processing device such as a CPU. The service function processing unit 24 is a function of a predetermined SF that is implemented when the control unit 21 executes a predetermined program. The service function processing unit 24 performs predetermined SF processing on the packet received by the SF device 20 from the SCF device 10. Then, the service function processing unit 24 transmits a packet that has been subjected to processing of a predetermined SF to the SCF device 10 to which the SF device 20 is connected. For example, when the SF device 20 is the SF (SBC) 20a shown in FIG. 1, the service function processing unit 24 executes the process of the session border controller on the packet received from the SCF_A 10a shown in FIG. And the control part 21 transmits the packet which the service function process part 24 performed the process of the session border controller to SCF_A10a.

(Classifier configuration)
FIG. 10 is a diagram illustrating an example of the configuration of the classifier device. The CL device 30 is a network device having an NP and / or a CPU. The CL device 30 is mounted by executing a program that provides a CL function on a server device having a processing device such as an NP or a CPU. The CL device 30 includes a control unit 31, a service function state database 32, a metadata removal unit 33, a session information management unit 34, a packet analysis unit 35 (5 tuple), and a packet analysis unit (high layer) 36.

  The control unit 31 is a processing device such as an NP or a CPU, and controls the CL device 30 as a whole. The control unit 31 periodically sends advertisement information including the name of the adjacent SCF device 10, the IP address assigned to the corresponding SCF device 10, and information indicating that the own device is the CL device 30 to the adjacent SCF device 10. To send. Then, the control unit 31 registers the advertisement information transmitted to the adjacent SCF device 10 in the service function state database 32. The service function state data table stored in the service function state database 32 is the same as the service function state data table 11d-1 shown in FIG.

  In addition, the control unit 31 registers the service function state advertisement information received from the adjacent SCF device 10 in the service function state database 32.

  The metadata removal unit 33 refers to the metadata of the received packet received from the adjacent SCF device 20, and confirms that the processing has been performed in each network service function. Then, the metadata removal unit 33 removes metadata added to the packet that passes through the CL device 30. The session information management unit 34 stores a session information table similar to the session information table 12b-1 shown in FIG.

  The packet analysis unit 35 (5tuple) analyzes 5tuple information corresponding to a received packet from the user network / terminal 40 or the external network 60. Then, the control unit 31 determines whether or not 5 tuple information corresponding to the received packet exists in the session information table stored in the session information management unit 34. Then, when the 5 tuple information corresponding to the received packet exists in the session information table stored in the session information management unit 34, the control unit 31 performs the following operation.

  That is, the control unit 31 refers to the session information table stored in the session information management unit 34, stores the identifier of the network service function corresponding to the corresponding 5 tuple information in the metadata of the received packet, and sets the adjacent SCF device. The received packet is transferred to 20. Since the corresponding 5 tuple information here is downstream with respect to the upstream, in the session information table, the transmission source IP address is the transmission destination IP address, the transmission destination IP address is the transmission source IP address, and the transmission source protocol. This corresponds to 5 tuple information in which transmission source information and transmission destination information are interchanged with the transmission destination protocol as the transmission destination protocol and the transmission destination protocol as the transmission source protocol.

  On the other hand, when the 5 tuple information corresponding to the received packet does not exist in the session information table, the control unit 31 displays the 5 tuple information of the received packet and / or the received packet from the packet analysis unit (high layer) 36 as L7 (layer 7). Based on the analyzed L7 information, a network service function to be executed for the received packet is determined. The CL device 30 associates the network service function with the 5tuple information and / or L7 information of every pattern and stores it as a policy in a storage unit (not shown). Then, the control unit 31 stores the determined identifier of the network service function in the metadata of the received packet, and transfers the received packet to the adjacent SCF device 20.

  Further, the control unit 31 transmits a reception packet from the adjacent SCF device 20 to the user network / terminal 40 or the external network 60. At this time, when the information corresponding to the received packet does not exist in the session information table, the control unit 31 associates the identifier of each processed network service function with the 5 tuple information of the received packet and stores it in the session information table.

(Service extraction process)
FIG. 11 is a flowchart illustrating an example of transfer processing executed by the service chaining forwarder device. The transfer process shown in FIG. 11 is executed in each SCF device 10 every time each SCF device 10 receives a packet from the adjacent SCF device 10 or CL device 30.

  The processing unit 12a of the data plane unit 12 of the SCF device 10 analyzes the metadata of the received packet, and extracts, from the metadata, the identifier of the unprocessed SF among the SFs that the received packet requires processing (step S11). ). Next, the processing unit 11a of the control plane unit 11 of the SCF device 10 refers to the topology information table 11e-1 managed by the topology information management unit 11e, and the SF identifier corresponding to the SF identifier extracted in step S11 is determined. It is determined whether or not there are a plurality of pieces in the topology information table 11e-1 (step S12).

  If the processing unit 11a determines in step S12 that there are a plurality of identifiers of the corresponding SF in the topology information table 11e-1, the processing unit 11a moves the process to step S13. On the other hand, when the processing unit 11a determines that one identifier of the corresponding SF exists in the topology information table 11e-1 (step S12: when one exists), the processing unit 11a moves the process to step S16.

  In step S13, the processing unit 11a refers to each “resource information” corresponding to a plurality of corresponding SFs in the topology information table 11e-1, and determines whether each “resource information” has the same value. . When it is determined in step S13 that each “resource information” has the same value (step S13: the same value), the processing unit 11a moves the process to step S14. On the other hand, when it determines with each "resource information" not being the same value (step S14: Not the same value), the process part 11a moves a process to step S15.

  In step S14, the processing unit 11a selects the SF corresponding to the minimum value among the “cost total values” corresponding to the corresponding SFs in the topology information table 11e-1. When step S14 ends, the processing unit 11a moves the process to step S16. On the other hand, in step S15, the processing unit 11a selects the SF corresponding to the best value among the “resource information” corresponding to the corresponding SFs in the topology information table 11e-1. When step S15 ends, the processing unit 11a moves the process to step S16.

  In step S16, the processing unit 11a transfers the packet to the corresponding SCF device 20 to which the uniquely determined SF is connected under the control, or to the adjacent SCF device that is the shortest path to the corresponding SCF device 20. When step S16 ends, the processing unit 11a ends the transfer process.

(Topology information generation process)
FIG. 12 is a diagram illustrating an example of a topology information generation process. FIG. 12 shows a process in which service function state advertisement information from the SF (SBC) 20a is finally notified to each SCF device 10 and topology information is generated. The same applies to the process in which the service function state advertisement information from each SF device 20 is notified to each SCF device 10 and the topology information is generated.

  (1-1) The SF (SBC) 20a periodically transmits to the SCF_A 10a one or more SFs and resource information that operate on the device itself. (1-2) Next, the SCF_A 10a generates the service function state advertisement table 11b-1 using information from the subordinate SF (SBC) 20a. (1-3) In addition, the SCF_A 10a periodically transmits the service function state advertisement table 11b-1 to the adjacent SCF_B 10b.

  (1-4) Next, the SCF_B 10b stores the information of the service function state advertisement table 11b-1 received from the SCF_A 10a in the service function state database 11d. Then, the SCF_B 10b transfers the information of the service function state advertisement table 11b-1 received from the SCF_A 10a to the SCF_D 10d.

  (1-5) Finally, each SCF device 10 of the service chaining system 1 has the same service function state database 11b-1. Then, each SCF device 10 obtains the “cost total value” regarding the route from the other SCF device 10 based on the information in the service function state database 11b-1, and the “resource information” of the resource on which each SF operates. A topology information table 11e-1 is generated.

(Alive monitoring between devices, failure detection and failure recovery)
FIG. 13 is a diagram illustrating an example of alive monitoring between devices. (2-1) The SCF device 10 and the SF device 20 confirm the normality of the communication link and the opposite device through periodic table transmission / reception. (2-2) The normality of the communication link and the opposite device is confirmed between the SFC devices 10 by periodic table transmission / reception.

  In addition, the detection of the communication link breakage and the device failure and the coping operation are as follows. That is, when there is no received packet from the opposing SF device 20 for a certain period, the SCF device 10 stores the service function state advertisement table 11b-1 in which the record of the corresponding SF device 20 is deleted in the other SCF device 10 Transmit to the SCF device 10. When the service function state advertisement table 11b-1 is not received from the adjacent SCF device 10 for a certain period, the service function state advertisement table 11b-1 is transmitted to other SCF devices 10 other than the corresponding SCF device 10.

  Further, the SCF device 10 detects the restoration of the corresponding SF device 20 by receiving the service function state advertisement information from the opposite SF device 20, and sends the service function state advertisement table 11b-1 to the other SCF devices 10. Send. In addition, the SCF device 10 detects reception of the service function state advertisement table 11b-1 from the adjacent SCF device 10, and transmits the service function state advertisement table 11b to other SCF devices 10 including the corresponding SCF device 10. -1 is transmitted.

(Flow of packet flow from user network / terminal to external network)
FIG. 14 is a diagram illustrating an example of a flow of a packet flow in which a packet is transferred to a service function when the packet is transmitted from the user network / terminal to the external network.

  (3-1) First, the CL 30a receives a packet from the user network / terminal 40, performs packet analysis on a 5 tuple basis or a 7L (layer 7) basis, and determines an SF in which the received packet is to be processed. Then, the CL 30a stores the determined SF identifier in the metadata of the received packet. When the record corresponding to the 5 tuple information included in the metadata of the received packet from the user network / terminal 40 exists in the session information table managed by the own device, the CL 30a is associated with the corresponding 5 tuple information in the corresponding record. The SF identifier is stored in the metadata of the received packet. Then, the CL 30a transfers the received packet to the adjacent SCF_D 10d. The seventh layer is the seventh application layer of the OSI (Open Systems Interconnection) reference model.

  (3-2) When receiving the packet from the CL 30a, the SCF_D 10d extracts the SF identifier from the metadata of the received packet, refers to the topology information table 11e-1 managed by the topology information management unit 11e of the own device, The SF to be transferred to is determined as the SF under the control of SCF_A 10a.

  (3-3) When the SCF_A 10a receives the packet from the SCF_D 10d, the SCF_A 10a refers to the service function state advertisement table 11b-1 managed by the own device, and the transfer destination SF is the SF (SBC) 20a under the SCF_A 10a. And the received packet is transferred to the SF (SBC) 20a. (3-4) The SF (SBC) 20a processes the packet received from the SCF_A 10a. Then, the SF (SBC) 20a transfers the processed packet to the SCF_A 10a.

  (3-5) The SCF_A 10a stores information indicating that the processing in the SF (SBC) 20a has been completed in the metadata of the packet processed in the SF (SBC) 20a. Then, the SCF_A 10a refers to the topology information table 11e-1 managed by the own device, determines that the next transfer destination SF is SF (NAT) 20b-1, and transfers the packet to the SCF_B 10b.

  (3-6) When the SCF_B 10b receives the packet from the SCF_A 10a, the SCF_B 10b recognizes that the next transfer destination SF is the SF (NAT) 20b-1 under the control of the SCF_B 10b, and receives it to the SF (NAT) 20b-1. Forward the packet. (3-7) The SF (NAT) 20b-1 processes the packet received from the SCF_B 10b. Then, the SF (NAT) 20b-1 transfers the processed packet to the SCF_B 10b.

  (3-8) The SCF_B 10b stores information indicating that the processing in the SF (NAT) 20b-1 has been completed in the metadata of the packet processed in the SF (NAT) 20b-1. Then, when the received packet has been processed in all the SFs to be processed, the SCF_B 10b refers to the service function state data table 11d-1 managed by the own device, and the next transfer destination CL 30b is connected. The packet is transferred to the SCF_C 10c.

  (3-9) Next, the CL 30b removes the metadata from the packet received via the SCF_C 10c. Then, the CL 30b registers the 5-tuple information included in the metadata removed from the received packet and the identifier of the passing SF in the session information table managed by the own device. Then, the CL 30b sends the packet from which the metadata is removed to the external network 60 via the GWR 50.

(Flow of packet flow from external network to user network / terminal)
FIG. 15 is a diagram illustrating an example of a flow of a packet flow in which a packet is transferred to a service function when the packet is transmitted from an external network to a user network / terminal.

  (4-1) First, the CL 30b receives a packet from the external network 60 via the GWR 50. The CL 30b recognizes the received packet on a 5 tuple basis, and determines whether or not the corresponding record exists in the session information table managed by the own device. When the corresponding record exists in the session information table managed by the own device, the CL 30b stores the SF identifier associated with the corresponding 5-tuple information in the corresponding record in the metadata of the received packet. On the other hand, when there is no corresponding record in the session information table managed by the own device, the CL 30b analyzes the received packet on a 5 tuple basis or a 7L (layer 7) basis, and determines an SF on which the received packet is to be processed. Then, the CL 30b transfers the received packet to the adjacent SCF_C 10c.

  (4-2) Next, the SCF_C 10c extracts the SF identifier from the metadata of the received packet received from the CL 30b. Then, the SCF_C 10c refers to the topology information table 11e-1 managed by the own device, and transfers the received packet to the SCF_B 10b to which the SF (NAT) 20b-1 that is the SF to be transferred first is connected.

  (4-3) Next, in the SCF_B 10b, the SF in which the received packet received from the SCF_C 10c is to be processed refers to the service function state advertisement table 11b-1 managed by the own device, and is an SF under the SCF_B 10b. Recognizing that it is SF (NAT) 20b-1, the received packet is transferred to SF (NAT) 20b-1.

  (4-4) Next, the SF (NAT) 20b-1 processes the received packet from the SCF_B 10b. Then, the SF (NAT) 20b-1 transfers the processed packet to the SCF_B 10b. Then, the SCF_B 10b stores information indicating that the processing in the SF (NAT) 20b-1 has been completed in the metadata of the packet processed in the SF (NAT) 20b-1. The SCF_B 10b recognizes that the SF to be processed next in the packet received from the SF (NAT) 20b-1 is the SF (SBC) 20a under the SCF_A 10a, and transfers the packet to the SCF_A 10a.

  (4-5) Next, the SCF_A 10a refers to the service function state advertisement table 11b-1 managed by the own device, and the SF to be processed next for the received packet from the SCF_B 10b is the SF under the control of the SCF_A 10a ( (SBC) 20a, and the received packet is transferred to SF (SBC) 20a.

  (4-6) Next, the SF (SBC) 20a processes the received packet from the SCF_A 10a. Then, the SF (SBC) 20a transfers the processed packet to the SCF_A 10a. (4-7) Next, the SCF_A 10a stores information indicating that the SF (SCB) 20a has been processed in the metadata of the packet processed by the SF (SCB) 20a. Then, when the received packet has been processed in all the SFs to be processed, the SCF_A 10a refers to the service function state data table 11d-1 managed by the own device and connects the CL 30a of the next transfer destination. The packet is transferred to the SCF_D 10d. The SCF_D 10d transfers the received packet from the SCF_A 10a to the CL 30b.

  (4-8) Next, the CL 30a removes the metadata from the packet received via the SCF_D 10d. Then, the CL 30a registers the 5-tuple information included in the metadata removed from the received packet and the identifier of the passing SF in the session information table managed by the own device. Then, the CL 30a sends the packet from which the metadata is removed to the user network / terminal 40.

(Effect by embodiment)
The conventional service chaining method is a centralized control type and has the following problems. In other words, since transfer information is set every time equipment is expanded or equipment is reduced, the number of man-hours required when equipment is expanded or equipment is reduced. Further, the conventional service chaining method requires facility design in consideration of redundancy, and the design man-hour and facility scale increase. Further, since the conventional service chaining method is a centralized control type of the SFC controller, when the SFC controller fails, the influence is large and the availability of the virtual network is low. Further, the conventional service chaining method requires control of a physical link and a logical link for control by the centralized SFC controller. Also, the conventional service chaining method cannot select an optimum SF in consideration of route information and route state.

  On the other hand, in the service chaining system 1, each device autonomously performs life and death monitoring between each device, link failure detection and failure recovery, and link failure detection and failure recovery of each device, And distributed. In the service chaining system 1, the SCF devices 10 autonomously exchange and distribute service function state advertisement information for enabling service chaining between devices in the service chaining system 1. Do it. In the embodiment, each SCF device 10 appropriately selects the transfer destination SF based on the “resource information” and the “cost total value” based on the topology information table managed by the own device. Therefore, in the embodiment, all the SCF devices 10 autonomously select the SF and transfer the packet. That is, the embodiment can realize autonomous service function chaining.

  In the embodiment, since transfer information need not be set when facilities are expanded or removed, the number of man-hours when facilities are expanded or removed can be reduced. Further, the embodiment does not require facility design considering redundancy, and can suppress an increase in design man-hours and facility scale. In the embodiment, since the SFC controller is a distributed control type, even when the SCF controller fails, the influence is limited, and the availability of the virtual network is increased. In the embodiment, each device performs autonomous control of the physical link and the logical link with the opposite device, so that the control load can be distributed and the maintenance man-hours can be reduced. In the embodiment, the optimum SF can be selected in consideration of the route information and the route state.

(Modification)
The configuration of the service chaining system 1 and the arrangement of each element shown in the embodiment are not limited to those shown in FIG. 1, and can be changed as appropriate according to the network design.

  In the embodiment, the SF device 20 is realized by a physical server device that is different for each SF. However, SFs connected to the same SCF device 10 may be realized by a plurality of programs executed by one physical server device. When SFs connected to the same SCF device 10 are realized by a plurality of programs executed by one physical server device, the SF device 20 is compared with the functional block diagram of the SF device 20 shown in FIG. Thus, the service function processing units 24 are provided by the number of SFs.

  In addition, SFs connected to the same SCF device 10 may be realized by each program executed in each of a plurality of virtual machines executed on one physical server device.

  In other words, the integration and distribution of physical server devices or virtual machines that implement SF can be changed as appropriate. In this case, the “resource information” illustrated in FIG. 3 and the like is the remaining CPU usage rate for the CPU allocated to the physical server device or the virtual machine that implements the SF.

  In the embodiment, the “resource information” illustrated in FIG. 3 and the like is the remaining CPU usage rate. However, the present invention is not limited to this, and the physical calculation resource, virtual resource allocated to the physical server device or virtual machine that implements SF is not limited thereto. It may be various types of information indicating the usage rate or remaining usage rate of a physical calculation resource, physical network resource, virtual network resource, etc., and the number of sessions that can be processed.

  In the embodiment, the SCF device 10 and the CL device 30 are network devices, but are not limited thereto, and may be realized by a predetermined program executed on the physical server device.

  In the embodiment, SBC, NAT, DPI, and BAS are given as examples of SF. However, the present invention is not limited to these, and other network functions may be used. In the embodiment, the data distributed in the service chaining system 1 is a packet. However, the data is not limited to this, and may be a frame, a cell, a segment, a datagram, a message, or the like.

(System and apparatus configuration of the embodiment)
Each component of the service chaining system 1 shown in FIG. 1, the SCF device 10 shown in FIG. 2, the SF device 20 shown in FIG. 9, and the CL device 30 shown in FIG. It does not need to be configured as shown. That is, the specific forms of the distribution and integration of the functions of the service chaining system 1, the SCF device 10, the SF device 20, and the CL device 30 are not limited to those shown in the figure, and all or a part of them can be used for various loads, usage conditions, etc. Accordingly, it can be configured to be functionally or physically distributed or integrated in arbitrary units.

  In addition, each or all of the processes performed in the SCF device 10, the SF device 20, and the CL device 30 may be realized by an NP or CPU and a program that is analyzed and executed by the NP or CPU. . Each process performed in the SCF device 10, the SF device 20, and the CL device 30 may be realized as hardware by wired logic.

  In addition, among the processes described in the embodiment, all or a part of the processes described as being automatically performed can be manually performed. Alternatively, among the processes described in the embodiments, all or a part of the processes described as being performed manually can be automatically performed by a known method. In addition, the above-described and illustrated processing procedures, control procedures, specific names, and information including various data and parameters can be changed as appropriate unless otherwise specified.

(About the program)
FIG. 16 is a diagram showing that each process in the SCF device 10, the SF device 20, and the CL device 30 is specifically realized using a computer. As illustrated in FIG. 16, the computer 1000 includes, for example, a memory 1010, a CPU 1020, a hard disk drive interface 1030, a disk drive interface 1040, a serial port interface 1050, a video adapter 1060, and a network interface 1070. These units are connected by a bus 1080.

  The memory 1010 includes a ROM (Read Only Memory) 1011 and a RAM (Random Access Memory) 1012. The ROM 1011 stores a boot program such as BIOS (Basic Input Output System). The hard disk drive interface 1030 is connected to the hard disk drive 1031. The disk drive interface 1040 is connected to the disk drive 1041. For example, a removable storage medium such as a magnetic disk or an optical disk is inserted into the disk drive 1041. The serial port interface 1050 is connected to a mouse 1051 and a keyboard 1052, for example. The video adapter 1060 is connected to the display 1061, for example.

  The hard disk drive 1031 stores, for example, an OS 1091, an application program 1092, a program module 1093, and program data 1094. That is, a program defined by each process of the SCF device 10, the SF device 20, and the CL device 30 is stored in, for example, the hard disk drive 1031 as a program module 1093 in which a command executed by the computer 1000 is described. For example, a program module 1093 for executing information processing similar to the functional configuration in the SCF device 10, SF device 20, and CL device 30 is stored in the hard disk drive 1031.

  The setting data used in the processing of the above-described embodiment is stored as program data 1094 in, for example, the memory 1010 or the hard disk drive 1031. Then, the CPU 1020 reads the program module 1093 and the program data 1094 stored in the memory 1010 and the hard disk drive 1031 to the RAM 1012 as necessary, and executes them.

  Note that the program module 1093 and the program data 1094 are not limited to being stored in the hard disk drive 1031, but may be stored in, for example, a removable storage medium and read out by the CPU 1020 via the disk drive 1041 or the like. Alternatively, the program module 1093 and the program data 1094 are stored in another computer connected via a network (LAN (Local Area Network), WAN (Wide Area Network), etc.) and read by the CPU 1020 via the network interface 1070. May be issued.

  The above embodiments and modifications thereof are included in the invention disclosed in the claims and equivalents thereof as well as included in the technology disclosed in the present application.

DESCRIPTION OF SYMBOLS 1 ... Service chaining system 10 ... SCF apparatus 11 ... Control plane part 11a ... Processing part 11b ... Service function state advertisement management part 11c ... Neighbor table management part 11d ... Service function state database 11e ... Topology information management unit 12 ... Data plane unit 12a ... Processing unit 12b ... Session information management unit 20 ... SF device 21 ... Control unit 22 ... Service function information transmission unit 23 ... Service function management unit 24 ... Service function processing unit 30 ... CL device 31 ... Control unit 32 ... Service Function state database 33... Metadata removal unit 34. Session information management unit 35 ... packet analyzer (5tuple)
36 ··· Packet analysis unit (high layer)

Claims (8)

A plurality of service chaining forwarder devices communicably connected;
A network processing device connected under the service chaining forwarder device and having a network processing function for performing network processing on data;
Identifying a network processing function for processing data received from the outside, transferring the data to the service chaining forwarder device, and transferring the data received from the service chaining forwarder device to the outside,
Each of the service chaining forwarder devices
A management unit that manages transfer information in which each network processing function type is associated with device identification information of a service chaining forwarder device to which a network processing device having the network processing function is connected;
When data is received from the classifier device or another service chaining forwarder device, if the device corresponds to device identification information corresponding to a network service function in which the data is processed in the transfer information, A transfer unit that transfers the data to a network processing device having a network service function connected to the network, and transfers the data to another service chaining forwarder device or the classifier device when the device does not correspond to the network processing device. Service chaining system characterized by that. further,
In each of the service chaining forwarder devices,
The management unit manages the resource information of the computer resource allocated to the network service function in association with the type of each network processing function in the transfer information,
A determination unit that determines whether or not there is a network service function that has not yet processed the received data among the network service functions that process the received data for the received data received by the device;
A selection unit that selects a network service function with the best resource information corresponding to the unprocessed network service function in the transfer information when the determination unit determines that there is an unprocessed network service function; Prepared,
When the own device corresponds to the device identification information corresponding to the network service function selected by the selecting unit, the transfer unit sends the received data to the network processing device having the network service function connected under the own device. If the device is not applicable, the received data is transferred to another service chaining forwarder device, or if the determination unit determines that there is no unprocessed network service function, the classifier device The service chaining system according to claim 1, wherein the received data is transferred to the service chain. further,
Each of the service chaining forwarder devices
The management unit manages a route between the own device and another service chaining forwarder device having the network processing function in the transfer information in association with the type of the network processing function,
The selection unit, when there are a plurality of network service functions for which the resource information corresponding to the transfer information is the best among the network service functions for processing the received data, the transfer among the plurality of network service functions The service chaining system according to claim 2, wherein a network service function corresponding to the shortest route in information is selected. further,
Each of the service chaining forwarder devices
Other service connected to the own device, including the device identification information of the own device and the service function information received from the network processing device connected to the own device, including the type of the network service function of the network processing device. A transmitter for transmitting to the chaining forwarder device;
A receiving unit for receiving the service function information in the other service chaining forwarder device from another service chaining forwarder device connected to the own device;
A database for storing the service function information in its own device and the other service chaining forwarder device;
The service chaining system according to claim 1, further comprising: a generation unit that generates the transfer information from the service function information stored in the database. Other service connected to the own device, including the device identification information of the own device and the service function information received from the network processing device connected to the own device, including the type of the network service function of the network processing device. A transmitter for transmitting to the chaining forwarder device;
A receiving unit that receives the service function information in the other service chaining forwarder device from the other service chaining forwarder device;
A database for storing the service function information in its own device and the other service chaining forwarder device;
Transfer information in which device identification information of a service chaining forwarder device connected to a network processing device having the network processing function is associated with each network processing function type from the service function information stored in the database. A generating unit for generating
A network service function that processes data received from other service chaining forwarder devices or classifier devices is specified, and the corresponding network service function corresponding to the network service function that processes the specified data is selected. A selection section to
In the transfer information, when the service chaining forwarder device corresponding to the device identification information corresponding to the network service function selected by the selection unit is the own device, the network having the network service function connected to the own device When the service chaining forwarder device corresponding to the device identification information corresponding to the network service function selected by the selection unit is transferred to the processing device and is the other service chaining forwarder device, the other service chain A service chaining forwarder device comprising: a transfer unit configured to transfer the data to an inning forwarder device or a classifier device. further,
The service function information is associated with the resource information of the computer resource allocated to the network service function to the network service function of the network processing device,
The generation unit generates the transfer information by associating the resource information of the computer resource allocated to the network service function with the type of each network processing function from the resource function information,
The service chaining forwarder device according to claim 5, wherein the selection unit selects a network service function having the best resource information corresponding to the unprocessed network service function in the transfer information. further,
The generation unit calculates a route between the own device and another service chaining forwarder device having the network processing function, generates the transfer information by associating the route with a type of the network processing function,
When there are a plurality of network service functions for which the resource information corresponding to the transfer information is the best among the network service functions for processing the data, the selection unit includes the transfer information among the plurality of network service functions. The service chaining forwarder device according to claim 6, wherein a network service function corresponding to the shortest route is selected. A service chaining method executed in a service chaining system, comprising:
The service chaining system includes:
A plurality of service chaining forwarder devices communicably connected;
A network processing device connected under the service chaining forwarder device and having a network processing function for performing network processing on data;
Identifying a network processing function for processing data received from the outside, transferring the data to the service chaining forwarder device, and transferring the data received from the service chaining forwarder device to the outside,
Each of the service chaining forwarder devices
Managing transfer information in which each network processing function type is associated with device identification information of a service chaining forwarder device to which a network processing device having the network processing function is connected.
When data is received from the classifier device or another service chaining forwarder device, if the device corresponds to device identification information corresponding to a network service function in which the data is processed in the transfer information, Including the respective processes for transferring the data to a network processing apparatus having the network service function connected to the network, and transferring the data to another service chaining forwarder apparatus or the classifier apparatus when the apparatus does not correspond to the network processing apparatus. A service chaining method characterized by:

Images