JP2017229027A - Switch apparatus and relay system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a switch apparatus and relay system, capable of implementing acceleration of communication in a VXLAN.SOLUTION: A relay processing unit, when receiving an encapsulated frame, performs learning of correspondence between a reception port ID and a transmission source's external MAC address, external IP address, and internal MAC address, in a FDB. Meanwhile, the relay processing unit, when receiving a non-encapsulated frame FR13, searches the FDB using an internal MAC address "MA31" of a destination as a search key; and when acquiring a port identifier {Pu[1]} of a high-order port, transmits the frame toward the high-order port via an encapsulation execution unit 18. The encapsulation execution unit 18 generates an encapsulated frame FRC13a including the destination's external MAC address "MAa" and external IP address "IPA2" based on a FDB search result.SELECTED DRAWING: Figure 4B

Description

  The present invention relates to a switch device and a relay system, for example, a switch device and a relay system to which a VXLAN (Virtual eXtensible Local Area Network) is applied.

  For example, Patent Document 1 discloses a method of acquiring a destination MAC address, a destination IP address, and the like necessary for encapsulation by causing a CPU to refer to a software table when performing encapsulation with VXLAN. The destination MAC address and the destination IP address are set in advance from an external device via the management port.

JP-A-2006-19052

  In recent years, application of virtual environments using virtual machines and virtual networks has been advanced in data centers and the like. In such a virtual environment, for example, layer 2 (L2) is virtually used between virtual machines that are arranged at remote locations and connected via a layer 3 (L3) network of the OSI reference model. It is required to construct a virtual network for realizing the existing communication. VXLAN is known as one technique for constructing such an overlay virtual network.

  VXLAN is a tunneling protocol that constructs a logical L2 network on an L3 network by encapsulating L2 frames. Specifically, each virtual machine is configured so as to appropriately belong to a device called VTEP (VXLAN Tunnel End Point). Communication between virtual machines belonging to different VTEPs is performed via communication between corresponding VTEPs. At this time, the VTEP encapsulates the L2 frame from the virtual machine belonging to itself with an external header including a UDP (User Datagram Protocol) header and the like, and the encapsulated frame is a predetermined VTEP to which the destination virtual machine belongs. Send to address.

  Here, since the VTEP encapsulates the received L2 frame and performs L3 relay when transmitting to a predetermined VTEP, normally, various tables such as a routing table and an ARP (Address Resolution Protocol) table are sequentially referred to. There is a need. For this reason, VTEP often executes such processing by software processing. As a result, communication speed may not be increased.

  The present invention has been made in view of such circumstances, and one of its purposes is to provide a switch device and a relay system capable of realizing high-speed communication.

  The above and other objects and novel features of the present invention will be apparent from the description of this specification and the accompanying drawings.

  Of the inventions disclosed in the present application, the outline of a typical embodiment will be briefly described as follows.

  The switch device according to the present embodiment relays a frame based on VXLAN, and includes a lower port, an encapsulation execution unit, an upper port, an FDB (Forwarding DataBase), and a relay processing unit. The lower port communicates an unencapsulated frame. The encapsulation execution unit generates an encapsulated frame by encapsulating the non-encapsulated frame with an external header. The upper port communicates encapsulated frames. The FDB holds a correspondence relationship between an external MAC address, an external IP address, an internal MAC address, and a port identifier. When the encapsulated frame is received by the upper port, the relay processing unit receives the port identifier, the source external MAC address and the source external IP address included in the external header, and the non-encapsulated frame in the frame. The FDB learns the correspondence with the internal MAC address of the transmission source included in the area. When the relay processing unit receives an unencapsulated frame at a lower port, the relay processing unit searches the FDB using the internal MAC address of the destination included in the frame as a search key. When the relay processing unit acquires the port identifier, external MAC address, and external IP address of the upper port as the search result, the relay processing unit transmits the unencapsulated frame to the upper port via the encapsulation execution unit. To do. The encapsulation execution unit generates an encapsulated frame including the destination external MAC address and the destination external IP address based on the FDB search result.

  The effects obtained by the representative embodiments of the invention disclosed in the present application will be briefly described. In the switch device and the relay system, the communication speed can be increased.

It is the schematic which shows the structural example and operation example of a relay system by one embodiment of this invention. FIG. 2 is a schematic diagram illustrating a structure example of each frame in the relay system of FIG. 1. In the relay system of FIG. 1, it is the schematic which shows the example of a structure of the principal part of a switch apparatus, and an example of the FDB learning operation | movement at the time of encapsulated frame reception. In the relay system of FIG. 1, it is the schematic which shows the example of a structure of the principal part of a switch apparatus, and an example of the FDB search operation at the time of encapsulated frame reception. In the relay system of FIG. 1, it is the schematic which shows the example of a structure of the principal part of a switch apparatus, and an example of the FDB learning operation | movement at the time of receiving an unencapsulated frame. In the relay system of FIG. 1, it is the schematic which shows the example of a structure of the principal part of a switch apparatus, and an example of the FDB search operation | movement at the time of receiving an unencapsulated frame. FIG. 2 is a schematic diagram illustrating a configuration example of a switch device in the relay system of FIG. 1. (A) is the schematic which shows the structural example of VPN table [1] in FIG. 5, (b) is the schematic which shows the structural example of VPN table [2] in FIG. It is a flowchart which shows the operation example of the termination | terminus determination part in FIG. It is explanatory drawing which shows the typical operation example in the switch apparatus of FIG. It is explanatory drawing which shows the typical operation example in the switch apparatus of FIG. It is explanatory drawing which shows the typical operation example in the switch apparatus of FIG.

  In the following embodiment, when it is necessary for the sake of convenience, the description will be divided into a plurality of sections or embodiments. However, unless otherwise specified, they are not irrelevant, and one is the other. Some or all of the modifications, details, supplementary explanations, and the like are related. Further, in the following embodiments, when referring to the number of elements (including the number, numerical value, quantity, range, etc.), especially when clearly indicated and when clearly limited to a specific number in principle, etc. Except, it is not limited to the specific number, and may be more or less than the specific number.

  Further, in the following embodiments, the constituent elements (including element steps and the like) are not necessarily indispensable unless otherwise specified and apparently essential in principle. Needless to say. Similarly, in the following embodiments, when referring to the shapes, positional relationships, etc. of the components, etc., the shapes are substantially the same unless otherwise specified, or otherwise apparent in principle. And the like are included. The same applies to the above numerical values and ranges.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. Note that components having the same function are denoted by the same reference symbols throughout the drawings for describing the embodiment, and the repetitive description thereof will be omitted.

<< Relay system configuration >>
FIG. 1 is a schematic diagram illustrating a configuration example and an operation example of a relay system according to an embodiment of the present invention. The relay system shown in FIG. 1 includes an L3 network NW1, L2 networks NW2a and NW2b, and switch devices VTEP [1] and VTEP [2] arranged at the boundary between the L3 network NW1 and the L2 networks NW2a and NW2b, respectively. Prepare. The L3 network NW1 relays frames based on IP (Internet Protocol) addresses, and the L2 networks NW2a and NW2b relay frames based on MAC (Media Access Control) addresses.

  The L3 network NW1 includes router devices (or L3 switches) RTa and RTb. The L2 network NW2a includes information processing apparatuses 10a and 10b, and the L2 network NW2b includes an information processing apparatus 10c. The information processing apparatuses 10a, 10b, and 10c are configured to be able to construct a virtual machine. In this example, the information processing apparatus 10a includes virtual machines VM11, VM12,..., The information processing apparatus 10b includes virtual machines VM21, VM22,..., And the information processing apparatus 10c includes virtual machines VM31, VM32,. Has ...

  The switch devices VTEP [1] and VTEP [2] function as VTEP based on VXLAN and relay frames based on VXLAN. Each of the switch devices VTEP [1] and VTEP [2] includes upper ports Pu [1] and Pu [2] and lower ports Pd [1] to Pd [n]. The lower ports Pd [1] to Pd [n] are connected to the L2 network and perform communication of an unencapsulated frame serving as an Ethernet frame (Ethernet is a registered trademark). The upper ports Pu [1] and Pu [2] are connected to the L3 network and perform communication of an encapsulated frame serving as a VXLAN frame.

  In this example, the lower ports Pd [1] and Pd [n] of the switch device VTEP [1] are connected to the information processing devices 10a and 10b in the L2 network NW2a, respectively, and the upper port Pu [1] is L3 It is connected to the router device RTa in the network NW1. Further, the lower port Pd [1] of the switch device VTEP [2] is connected to the information processing device 10c in the L2 network NW2b, and the upper port Pu [1] is connected to the router device RTb in the L3 network NW1. . In this specification, each of the lower ports Pd [1] to Pd [n] is referred to as a lower port Pd, and each of the upper ports Pu [1] and Pu [2] is referred to as an upper port Pu. .

<< General operation of relay system (premise) >>
Next, a prerequisite frame relay operation in the relay system of FIG. 1 will be described. In this example, the MAC addresses of the switch devices VTEP [1] and VTEP [2] are “MA1” and “MA2”, respectively, and the IP addresses are “IPA1” and “IPA2”, respectively. The MAC addresses of the router devices RTa and RTb are “MAa” and “MAb”, respectively, and the IP addresses are “IPAa” and “IPAb”, respectively. The MAC addresses of the virtual machines VM11, VM21, and VM31 are “MA11”, “MA21”, and “MA31”, respectively.

  In this state, first, the virtual machine VM31 transmits the unencapsulated frame FR31 with the virtual machine VM11 as the destination, and then the virtual machine VM11 transmits the unencapsulated frame FR13 with the virtual machine VM31 as the destination. Suppose. FIG. 2 is a schematic diagram showing an example of the structure of each frame in the relay system of FIG. As shown in FIG. 2, the encapsulated frame (VXLAN frame) FRC has a structure in which an unencapsulated frame (Ethernet frame) FR is encapsulated with an external header 12.

  The unencapsulated frame FR includes a destination internal MAC address I_DMAC, a source internal MAC address I_SMAC, an internal VLAN tag I_VLAN, and a payload. The internal VLAN tag I_VLAN includes, for example, a 12-bit VLAN identifier VID. The external header 12 includes a destination external MAC address O_DMAC, a source external MAC address O_SMAC, an external VLAN tag O_VLAN, a destination external IP address O_DIP, a source external IP address O_SIP, a UDP header, and a VXLAN header. The external VLAN tag O_VLAN includes, for example, a 12-bit VLAN identifier VID. The UDP header includes a source port number SPN and a destination port number DPN. The VXLAN header includes a 24-bit VXLAN network identifier VNI.

  In the unencapsulated frame FR31 transmitted from the virtual machine VM31 to the virtual machine VM11, the destination internal MAC address I_DMAC is “MA11”, the source internal MAC address I_SMAC is “MA31”, and the internal VLAN tag The VLAN identifier VID of I_VLAN is “V1”. The switching device VTEP [2] receives the unencapsulated frame FR31 at the lower port Pd [1]. Here, it is assumed that the switch device VTEP [2] does not know which switch device (VTEP) the destination “MA11” belongs to.

  In this case, the switch device VTEP [2] transmits the unencapsulated frame FR31 by multicast to a network segment that is constructed in advance for each VXLAN network identifier VNI. Specifically, the switch device VTEP [2] constructs a network segment for each VXLAN network identifier VNI in the L3 network NW1 in advance using an IP multicast protocol, and sets a multicast IP address and a destination for each network segment. Define the port.

  The switching device VTEP [2] generates an encapsulated frame FRC31a by encapsulating the received unencapsulated frame FR31, and the encapsulated frame FRC31a is used as a multicast destination port (here, upper port Pu [1]). Relay to. In the encapsulated frame FRC31a, the destination external MAC address O_DMAC is the multicast MAC address MCMA, the source external MAC address O_SMAC is its own MAC address “MA2”, and the VLAN identifier VID of the external VLAN tag O_VLAN is It is “V10” determined in advance.

  The destination external IP address O_DIP is the multicast IP address MCIP, and the source external IP address O_SIP is its own IP address “IPA2”. In the case of IPv4, the multicast IP address MCIP is, for example, “224.x.y.z” (where each of x, y, and z is one of 0 to 255), and the multicast MAC address MCMA. Is a value obtained by combining the multicast IP address MCIP with a specified value.

  The source port number SPN in the UDP header is determined by, for example, performing a hash operation on various information in the frame, and the destination port number DPN is set to a value determined by, for example, the VXLAN standard. The VXLAN network identifier VNI in the VXLAN header is “VN10” that is a value assigned in advance to the virtual machine VM31 of the transmission source.

  The router device RTb receives the encapsulated frame FRC31a, and based on the multicast table (for example, the correspondence relationship between the multicast IP address and the destination port) generated in advance using the IP multicast protocol, the router device RTb Relay towards In the relay process, the external MAC address O_SMAC of the source of the encapsulated frame is rewritten every time it passes through the router device.

  The router device RTa receives the encapsulated frame from the router device RTb and relays based on the multicast table in the same manner as the router device RTb. As a result, the router device RTa transmits the encapsulated frame FRC31b to the switch device VTEP [1]. The encapsulated frame FRC31b is different from the encapsulated frame FRC31a in that the source external MAC address O_SMAC is the MAC address “MAa” of the router device RTa.

  The switching device VTEP [1] receives the encapsulated frame FRC31b at the upper port Pu [1]. Here, it is assumed that the switching device VTEP [1] knows in advance that “MA11”, which is the internal MAC address I_DMAC of the destination, exists ahead of its own lower port Pd [1]. In this case, the switching device VTEP [1] generates the original unencapsulated frame FR31 by removing the external header 12 from the encapsulated frame FRC31b and relays it to the lower port Pd [1]. In addition, the switch device VTEP [1] receives the encapsulated frame FRC31b, and thereby corresponds to “MA31” that is the source internal MAC address I_SMAC and “IPA2” that is the source external IP address O_SIP. The relationship is learned in the VXLAN table.

  Thereafter, the virtual machine VM11 transmits an unencapsulated frame FR13 with the virtual machine VM31 as a destination. In the unencapsulated frame FR13, the destination internal MAC address I_DMAC is “MA31”, the source internal MAC address I_SMAC is “MA11”, and the VLAN identifier VID of the internal VLAN tag I_VLAN is “V1”. The switching device VTEP [1] receives the unencapsulated frame FR13 at the lower port Pd [1]. Here, the switch device VTEP [1] knows that the destination “MA31” belongs to the switch device VTEP [2] having the IP address “IPA2” based on the VXLAN table described above.

  In this case, the switching device VTEP [1] generates the encapsulated frame FRC13a by encapsulating the received non-encapsulated frame FR13, and the encapsulated frame FRC13a is transmitted from the upper port Pu [1] to the switching device VTEP [1]. It relays by unicast toward 2]. In the encapsulated frame FRC13a, the destination external MAC address O_DMAC is the MAC address “MAa” of the router device RTa, the source external MAC address O_SMAC is its own MAC address “MA1”, and the external VLAN tag O_VLAN The VLAN identifier VID is “V10” determined in advance.

  The destination external IP address O_DIP is the IP address “IPA2” of the switch device VTEP [2], and the source external IP address O_SIP is its own IP address “IPA1”. The source port number SPN and destination port number DPN in the UDP header and the VXLAN network identifier VNI (here, “VN10”) in the VXLAN header are determined in the same manner as in the case of the switch device VTEP [2] described above.

  Here, when the switch device VTEP [1] generates the encapsulated frame FRC 13a, specifically, for example, the following processing is performed. First, the switch device VTEP [1] determines a destination external IP address O_DIP “IPA2” based on the VXLAN table. Next, the switch device VTEP [1] acquires the IP address “IPAa” of the router device (RTa in this case) serving as the next hop for routing to the “IPA2” based on the routing table. Subsequently, the switching device VTEP [1] acquires the MAC address “MAa” and the destination port (here, the upper port Pu [1]) corresponding to the IP address “IPAa” based on the ARP table, and the acquired MAC The address “MAa” is determined as the destination external MAC address O_DMAC.

  The encapsulated frame FRC 13a transmitted from the switch device VTEP [1] is relayed to the switch device VTEP [2] via the router device RTa and the router device RTb in this order. At this time, the router devices RTa and RTb execute normal routing processing using the destination external IP address O_DIP “IPA2” as a search key. The switch device VTEP [2] receives the encapsulated frame from the router device RTb at the higher port Pu [1] as in the case of the switch device VTEP [1] described above, and generates the original unencapsulated frame FR13. And relays it to the lower port Pd [1]. Further, the switch device VTEP [2] also learns a table for VXLAN.

  As described above, in VXLAN, a switch device (VTEP [1] in this example) that is normally a VTEP generates various tables (VXLAN table, routing table, ARP) when generating an encapsulated frame (FRC13a). Table) must be referenced sequentially. For this reason, the switch device serving as the VTEP often executes such processing by software processing. As a result, it takes time to generate the encapsulated frame, and there is a possibility that communication speed cannot be increased.

<< Outline of main parts of switch device (this embodiment) >>
FIG. 3A is a schematic diagram illustrating a configuration example of a main part of the switch device and an example of an FDB learning operation when receiving an encapsulated frame in the relay system of FIG. FIG. 3B is a schematic diagram illustrating a configuration example of a main part of the switch device and an example of an FDB search operation when an encapsulated frame is received in the relay system of FIG. FIG. 4A is a schematic diagram illustrating a configuration example of a main part of the switch device and an example of an FDB learning operation when a non-encapsulated frame is received in the relay system of FIG. FIG. 4B is a schematic diagram illustrating a configuration example of a main part of the switch device and an example of an FDB search operation when an unencapsulated frame is received in the relay system of FIG. 3A, FIG. 3B, FIG. 4A, and FIG. 4B show configuration examples of main parts, taking the switch device VTEP [1] of FIG. 1 as an example.

  The switch apparatus VTEP [1] shown in FIGS. 3A, 3B, 4A, and 4B includes an FDB (Forwarding DataBase), a VPN table 21, an encapsulation execution unit 18, and a decapsulation execution unit 19. The VPN table 21 is generally a table that associates the VLAN identifier VID included in the unencapsulated frame FR with the VXLAN network identifier VNI included in the external header 12 of the encapsulated frame FRC via the internal VLAN identifier IVID. is there. The internal VLAN identifier IVID has a larger number of bits (for example, 15 bits) than the 12-bit VLAN identifier VID.

  The encapsulation execution unit 18 generates an encapsulated frame FRC by encapsulating the unencapsulated frame FR with the external header 12 when the destination port of the received unencapsulated frame FR is the upper port Pu. When the destination port of the received encapsulated frame FRC is the lower port Pd, the decapsulation executing unit 19 generates an unencapsulated frame FR by removing the external header 12 from the received encapsulated frame FRC.

  The FDBs of FIGS. 3A, 3B, 4A, and 4B show the correspondence between the external MAC address O_MAC, the external IP address O_IP, the internal MAC address I_MAC, the internal VLAN identifier IVID, and the port identifier (port ID). Hold. First, an FDB learning operation will be described.

  In the FDB of FIG. 3A and FIG. 4A, the switching device VTEP [1] receives the unencapsulated frame from the virtual machines VM11 and VM21, for example. 1 and no. 2 entries are learned. No. 1 holds the correspondence relationship between the internal MAC address I_MAC “MA21”, the internal VLAN identifier IVID “IV1”, and the port identifier {Pd [n]}. The entry of 2 holds the correspondence relationship between the internal MAC address I_MAC “MA11”, the internal VLAN identifier IVID “IV1”, and the port identifier {Pd [1]}. In this specification, {Pd [n]} represents an identifier (ID) of the lower port Pd [n], and similarly, for example, {AA} represents an identifier of “AA”.

  As a specific example, as illustrated in FIG. 4A, it is assumed that the switching device VTEP [1] receives the unencapsulated frame FR13 from the virtual machine VM11 at the lower port Pd [1]. In this case, the switching device VTEP [1] first converts the VLAN identifier “V1” of the unencapsulated frame FR13 into the internal VLAN identifier “IV1” based on the VPN table 21. Then, the switching device VTEP [1] associates the internal MAC address “MA11” and the internal VLAN identifier “IV1” of the transmission source of the unencapsulated frame FR13 with the port identifier {Pd [1]} to create the FDB (No in this case). .2 entry).

  In the same manner, the switching device VTEP [1] has the FDB No. 1 entry is also learned. When the switching device VTEP [1] performs FDB learning, it uses the internal MAC address I_MAC and the internal VLAN identifier IVID as a learning key to overwrite a hit entry, update an aging timer (not shown), or the like. I do.

  Further, as shown in FIG. 1, when the encapsulated frame FRC31b is received by the upper port Pu [1], the switching device VTEP [1] receives the No. in the FDB of FIGS. 3A and 4A. 3 entries are learned. Specifically, as shown in FIG. 3A, the switching device VTEP [1], the port identifier {Pu [1]} of the higher-order port that received the frame, the source external MAC address “MAa”, and the transmission The FDB learns the correspondence between the original external IP address “IPA2” and the internal MAC address “MA31” of the transmission source included in the area of the unencapsulated frame in the frame. In addition, the switching device VTEP [1] converts the VXLAN network identifier “VN10” of the encapsulated frame FRC31b into the internal VLAN identifier “IV1” based on the VPN table 21, and the FDB No. In the third entry, the “IV1” is learned.

  Next, the FDB search operation will be described. When the switching device VTEP [1] receives the encapsulated frame FRC31b at the upper port Pu [1] as shown in FIG. 1, the internal MAC of the destination included in the frame is received as shown in FIG. 3B. The FDB is searched using the address MA11 as a search key. When the switching device VTEP [1] obtains the port identifier {Pd [1]} of the lower port as the search result of the FDB, the lower port Pd [1] is sent to the lower frame Pd [1] via the decapsulation execution unit 19. Send to. At this time, the decapsulation executing unit 19 generates the unencapsulated frame FR31 by deleting the outer header 12 from the encapsulated frame FRC31b.

  More specifically, when the switch device VTEP [1] receives the encapsulated frame FRC31b as shown in FIG. 3B, the VXLAN network identifier “VN10” of the frame is based on the internal VLAN identifier based on the VPN table 21. Convert to “IV1”. Then, the switching device VTEP [1] searches the FDB using the internal VLAN identifier “IV1” as a search key in addition to the internal MAC address MA11 of the destination.

  Further, when the switching device VTEP [1] receives the unencapsulated frame FR13 at the lower port Pd [1] as shown in FIG. 1, the destination included in the frame is shown in FIG. 4B. The FDB is searched by using the internal MAC address MA31 of as a search key. When the switch device VTEP [1] obtains the port identifier {Pu [1]} of the upper port, the external MAC address “MAa”, and the external IP address “IPA2” as the FDB search result, the switch device VTEP [1] encapsulates the frame. Then, the data is transmitted to the upper port Pu [1] via the conversion execution unit 18. At this time, the encapsulation execution unit 18 generates an encapsulated frame FRC 13a including the destination external MAC address “MAa” and the destination external IP address “IPA2” based on the FDB search result.

  More specifically, when the switch device VTEP [1] receives the non-encapsulated frame FR13 as shown in FIG. 4B, the VLAN identifier “V1” of the frame is determined based on the VPN table 21 based on the internal VLAN identifier. Convert to “IV1”. Then, the switching device VTEP [1] searches the FDB using the internal VLAN identifier “IV1” as a search key in addition to the internal MAC address MA31 of the destination. Further, the encapsulation execution unit 18 converts the internal VLAN identifier “IV1” into the VXLAN network identifier “VN10” based on the VPN table 21, thereby determining the VXLAN network identifier VNI of the external header 12.

  Here, the internal VLAN identifier IVID is used as the information held in the FDB. However, in some cases, the VXLAN network identifier VNI or the like can be used instead of the internal VLAN identifier IVID. In this case, the VPN table may hold the correspondence between the VLAN identifier VID included in the unencapsulated frame FR and the VXLAN network identifier VNI included in the external header 12 of the encapsulated frame FRC. However, when the VXLAN network identifier VNI is used, since 24 bits are required, there is a possibility that a large FDB storage area composed of hardware such as CAM (Content Addressable Memory) is consumed. In practice, an identification space of about 24 bits may not be required. From this point of view, it is beneficial to use an internal VLAN identifier IVID that is greater than 12 bits and less than 24 bits.

<Main effects of the present embodiment>
As described above, the switching devices of FIGS. 3A, 3B, 4A, and 4B use the external MAC address O_MAC and the external information as the FDB holding information in addition to the holding information normally used for relaying in the L2 network. IP address O_IP is included. By such an extension of the FDB, it is possible to acquire various pieces of information necessary for generating an encapsulated frame using hardware processing by the FDB, instead of software processing that sequentially refers to various tables as described above. As a result, the time required to generate the encapsulated frame can be shortened, and communication speed can be increased.

  Further, the FDB can of course be used when relaying an Ethernet frame in the L2 network. For example, when the switch device VTEP [1] receives an Ethernet frame destined for the virtual machine VM21 from the virtual machine VM11 in FIG. The frame may be relayed to the lower port Pd [n] based on the entry of 1.

<Configuration of switch device>
FIG. 5 is a schematic diagram illustrating a configuration example of the switch device in the relay system of FIG. 6A is a schematic diagram illustrating a structural example of the VPN table [1] in FIG. 5, and FIG. 6B is a schematic diagram illustrating a structural example of the VPN table [2] in FIG. FIG. 7 is a flowchart showing an operation example of the termination determination unit in FIG.

  The switching device VTEP shown in FIG. 5 has lower ports Pd [1] to Pd [n] that communicate (transmit or receive) an unencapsulated frame FR and an upper port Pu [1] that communicates an encapsulated frame FRC. , Pu [2],..., Various processing units, and various tables. Hereinafter, various processing units and various tables will be described.

  The interface unit 15 includes a reception buffer and a transmission buffer, and a reception port identifier adding unit 25. The interface unit 15 transmits or receives an unencapsulated frame to and from the lower port Pd, and encapsulates the frame to the upper port Pu. Send or receive. When the reception port identifier adding unit 25 receives a frame at any of a plurality of ports (Pd [1] to Pd [n], Pu [1], Pu [2],...), The reception port identifier adding unit 25 receives the frame. A port identifier (referred to as a receiving port identifier RPID) is added.

  The table processing unit 16 assigns the internal VLAN identifier IVID to the received frame (unencapsulated frame or encapsulated frame) based on the VPN table [1] 21a. The contents of the VPN table [1] 21a are determined in advance by a network administrator or the like. As shown in FIG. 6A, the VPN table [1] 21a uses a combination of the reception port identifier (reception port ID) RPID of the lower port Pd and the VLAN identifier VID in the internal VLAN tag I_VLAN as the internal VLAN identifier IVID. Is stored in association with. The VPN table [1] 21a holds a combination of the reception port identifier RPID of the upper port Pu and the VXLAN network identifier VNI in the external header 12 in association with the internal VLAN identifier IVID. Accordingly, the VPN table [1] 21a associates the VLAN identifier VID in the internal VLAN tag I_VLAN with the VXLAN network identifier VNI via the internal VLAN identifier IVID.

  The relay processing unit 17 includes an FDB processing unit 26 and a termination determination unit 27. The FDB processing unit 26 learns and searches the FDB as described in FIGS. 3A, 3B, 4A, and 4B. Specifically, when learning the FDB, when the FDB processing unit 26 receives the encapsulated frame FRC at the upper port Pu, the source internal MAC address I_SMAC and the internal VLAN identifier IVID, the reception port identifier RPID, and the transmission source The FDB learns in association with the external MAC address O_SMAC and the external IP address O_SIP of the transmission source. In addition, when the FDB processing unit 26 receives the unencapsulated frame FR at the lower port Pd, the FDB processing unit 26 learns the transmission source internal MAC address I_SMAC and the internal VLAN identifier IVID in association with the reception port identifier RPID in the FDB.

  On the other hand, when searching for the FDB, the FDB processing unit 26 searches the FDB using the internal MAC address I_DMAC of the destination of the received frame and the internal VLAN identifier IVID as search keys. When acquiring the port identifier of the upper port Pu, the external MAC address O_MAC, and the external IP address O_IP as the FDB search result, the FDB processing unit 26 adds the acquired various information to the received frame, The data is transmitted to the encapsulation execution unit 18.

  The case where the port identifier of the upper port Pu is obtained as the FDB search result means that the destination of the non-encapsulated frame FR received by the lower port Pd is the upper port Pu. That is, the frame unicast relay between the upper ports Pu is not executed by the processing of the termination determination unit 27 described later. The port identifier acquired from the FDB search result is the destination port identifier DPID.

  On the other hand, when the FDB processing unit 26 acquires the port identifier of the lower port Pd as the FDB search result, the FDB processing unit 26 adds the acquired information (that is, the destination port identifier DPID) to the received frame and executes decapsulation. To the unit 19 or the relay execution unit 20. At this time, when the received frame is an unencapsulated frame FR (for example, when the reception port identifier RPID is a lower port Pd), the FDB processing unit 26 transmits the frame to the relay execution unit 20 and transmits the encapsulated frame FRC. In the case (for example, when the reception port identifier RPID is the upper port Pu), the packet is transmitted to the decapsulation execution unit 19.

  The encapsulation executing unit 18 generates an encapsulated frame FRC by encapsulating the non-encapsulated frame FR with the outer header 12. At this time, the encapsulation execution unit 18 sets the external MAC address O_DMAC of the destination of the external header 12 and the external IP address O_DIP of the destination to the external MAC address O_MAC and the external IP address O_IP added by the FDB processing unit 26, respectively. Determine. In addition, the encapsulation execution unit 18 determines the source external MAC address O_SMAC and the source external IP address O_SIP of the external header 12 as its own MAC address and IP address, respectively.

  Further, the encapsulation execution unit 18 sets the transmission source port number SPN and the destination port number DPN in the UDP header of the external header 12 to predetermined specified values. Then, the encapsulation execution unit 18 determines the VXLAN network identifier VNI in the VXLAN header of the external header 12 and the VLAN identifier VID in the external VLAN tag O_VLAN based on the VPN table [2] 21b. The contents of the VPN table [2] 21b are determined in advance by a network administrator or the like, for example.

  As shown in FIG. 6 (b), the VPN table [2] 21b includes an internal VLAN identifier IVID, a VXLAN network identifier VNI, a VLAN identifier VID in the external VLAN tag O_VLAN, a multicast IP address MCIP, and a multicast time. The correspondence relationship with the port identifier of the destination is held. The encapsulation execution unit 18 refers to the VPN table [2] 21b with the internal VLAN identifier IVID added to the frame from the relay processing unit 17 as a key, and the VLAN in the corresponding VXLAN network identifier VNI and the external VLAN tag O_VLAN. Get the identifier VID.

  The encapsulation execution unit 18 transmits the encapsulated frame FRC generated in this way to the relay execution unit 20. The decapsulation execution unit 19 generates an unencapsulated frame FR by removing the outer header 12 from the received encapsulated frame FRC, and transmits the unencapsulated frame FR to the relay execution unit 20.

  The relay execution unit 20 transmits the frame (unencapsulated frame or encapsulated frame) from each processing unit described above to a predetermined transmission buffer in the interface unit 15. This predetermined transmission buffer is a buffer corresponding to the destination port identifier DPID added to the frame by the FDB processing unit 26. In addition, the relay execution unit 20 deletes unnecessary information (for example, the reception port identifier RPID and the destination port identifier DPID) added to the frame. The transmission buffer in the interface unit 15 receives the frame from the relay execution unit 20 and transmits the frame to the corresponding port (that is, the lower port Pd or the upper port Pu represented by the destination port identifier DPID).

  Here, it is assumed that the search result of the FDB hits. On the other hand, when the FDB search result is a miss hit, or when the internal MAC address I_DMAC of the destination of the unencapsulated frame FR received by the lower port Pd is a broadcast address, the relay processing unit 17 stores the VPN table [2] 21b. Based on this, multicast processing is performed. Specifically, the relay processing unit 17 refers to the VPN table [2] 21b using the internal VLAN identifier IVID of the received frame as a key, and acquires the multicast IP address MCIP and the destination port identifier at the time of multicast.

  For example, taking FIG. 6B as an example, the acquired destination port identifiers are {Pu [1]}, {Pd [1]}, {Pd [n]}, and the received port identifier RPID is {Pd [1]. ]} Is assumed. In this case, the relay processing unit 17 generates two frames by copying the received frame, adds one of the destination port identifier {Pu [1]} and the multicast IP address MCIP, and then performs the encapsulation execution unit. 18, and the other is added to the destination port identifier {Pd [n]} and then transmitted to the relay execution unit 20. The encapsulation execution unit 18 uses the multicast IP address MCIP to generate an encapsulated frame FRC similar to the encapsulated frame FRC 31a in FIG.

  Further, as shown in step S101 of FIG. 7, the termination determination unit 27 of the relay processing unit 17 receives a frame at the upper port Pu (for example, when the reception port identifier RPID is the upper port Pu). Perform various processes. In this case, the termination determination unit 27 first determines whether the ether type included in the received frame is IPv4 or IPv6 (step S102). If it is not IPv4 or IPv6, the termination determination unit 27 discards the received frame (step S108). When the frame is discarded in step S108, subsequent processing (for example, processing of the FDB processing unit 26) is not performed.

  On the other hand, in the case of IPv4 or IPv6, the termination determination unit 27 determines whether or not the port number (specifically, the destination port number DPN) of the UDP header is a specified value for VXLAN (step S103). If it is not the specified value for VXLAN, the termination determination unit 27 discards the frame (step S108). On the other hand, when the specified value is for VXLAN, the termination determination unit 27 determines that the destination external IP address O_DIP is the multicast IP address MCIP (step S104), and the multicast IP address MCIP is stored in the VPN table [2] 21b. It is determined whether it is registered (step S105).

  If it is registered in the VPN table [2] 21b in step S105, the termination determination unit 27 terminates the received frame (step S107). When the frame is terminated in step S107, subsequent processing (for example, processing of the FDB processing unit 26) is performed. On the other hand, if it is not registered in the VPN table [2] 21b in step S105, the termination determination unit 27 discards the received frame (step S108).

  If the destination external IP address O_DIP is not the multicast IP address MCIP in step S104, the termination determination unit 27 determines that the destination external IP address O_DIP and the destination external MAC address O_DMAC of the received frame are its own IP address and MAC address. It is determined whether or not (step S106). The termination determination unit 27 terminates the received frame if it is its own IP address and MAC address (step S107), and discards the received frame if it is not its own IP address and MAC address (step S108).

  In this way, the termination determination unit 27 mainly determines whether or not [Condition 1] to [Condition 3] are satisfied when a frame is received by the upper port Pu.

[Condition 1] The port number of the UDP header is a specified value for VXLAN (step S103).
[Condition 2] The destination external IP address O_DIP is the multicast IP address of the multicast group in which it participates (steps S104 and S105).
[Condition 3] Both the destination external IP address O_DIP and the destination external MAC address O_DMAC are their own IP address and MAC address (step S106).

  Then, the termination determination unit 27 performs processing such as FDB learning / search for the received frame when [Condition 1] and [Condition 2] are satisfied, or when [Condition 1] and [Condition 3] are satisfied. (Step S107). Otherwise, the received frame is discarded (step S108). As a result, the switching device VTEP can perform the relay process only on the VXLAN frame addressed to itself, and relays irregular frames (for example, between upper ports Pu by receiving frames not addressed to itself). It is possible to suppress the occurrence of unnecessary processing due to frame relay and the like, the increase of unnecessary frames in the network, and the like.

  As a typical implementation form of FIG. 5, the interface unit 15 and the relay execution unit 20 are mounted on an ASIC (Application Specific Integrated Circuit) or the like. The table processing unit 16, the relay processing unit 17, the encapsulation execution unit 18, and the decapsulation execution unit 19 are mounted on an FPGA (Field Programmable Gate Array) or the like. The FDB is mounted on a CAM (Content Addressable Memory) or the like, and the VPN tables [1] 21a and [2] 21b are mounted on a rewritable memory such as an EEPROM (Electrically Erasable Programmable Read Only Memory) or a flash memory.

  However, the specific mounting form of each part is not necessarily limited to this, and may be appropriately mounted using hardware, software, or a combination thereof. For example, the multicast processing and the like in the relay processing unit 17 described above can also be performed by software processing by a CPU (Central Processing Unit).

<Operation of switch device>
8, FIG. 9 and FIG. 10 are explanatory diagrams showing typical operation examples in the switch device of FIG. In FIG. 8, as shown in FIG. 1, the switching device VTEP [1] receives the encapsulated frame FRC31b at the upper port Pu [1], converts it into the unencapsulated frame FR31, and converts it to the lower port Pd [ An example of operation when relaying to 1] is shown. First, the reception port identifier adding unit 25 adds the reception port identifier RPID {Pu [1]} to the received encapsulated frame FRC31b and transmits it to the table processing unit 16.

  The table processing unit 16 refers to the VPN table [1] 21a with the combination of the reception port identifier RPID {Pu [1]} and the VXLAN network identifier VNI “VN10” included in the encapsulated frame FRC31b as a key, Based on this, the internal VLAN identifier IVID “IV1” is added to the frame. Then, the table processing unit 16 transmits the frame to the relay processing unit 17. The termination determination unit 27 of the relay processing unit 17 executes the process of FIG. 7 because the frame reception port is the upper port Pu. Here, the termination determination unit 27 terminates the frame as the processing result of FIG. 7, and shifts the processing to the FDB processing unit 26.

  The FDB processing unit 26 sets the source internal MAC address I_SMAC “MA31” and the internal VLAN identifier IVID “IV1” of the received frame, the source external MAC address O_SMAC “MAa”, and the source external IP address O_SIP “IPA2”. "And the receiving port identifier RPID {Pu [1]} are learned in the FDB. Further, the FDB processing unit 26 searches the FDB using the internal MAC address I_DMAC “MA11” of the destination of the received frame and the internal VLAN identifier IVID “IV1” as search keys, and acquires the destination port identifier DPID {Pd [1]}. To do. In response to this, the FDB processing unit 26 adds the destination port identifier DPID {Pd [1]} to the frame and transmits it to the decapsulation executing unit 19.

  The decapsulation executing unit 19 generates the non-encapsulated frame FR13 by removing the outer header 12 from the encapsulated frame FRC31b, and transmits it to the relay executing unit 20. The relay execution unit 20 and the interface unit 15 delete unnecessary information based on the destination port identifier DPID {Pd [1]} added to the frame, and then transfer the unencapsulated frame FR13 to the lower port Pd [1]. Send.

  In FIG. 9, as shown in FIG. 1, the switching device VTEP [1] receives the unencapsulated frame FR13 at the lower port Pd [1], converts it into the encapsulated frame FRC13a, and converts it to the upper port Pu [ An example of operation when relaying to 1] is shown. First, the reception port identifier adding unit 25 adds the reception port identifier RPID {Pd [1]} to the received unencapsulated frame FR13 and transmits it to the table processing unit 16.

  The table processing unit 16 uses the combination of the reception port identifier RPID {Pd [1]} and the VLAN identifier VID “V1” in the internal VLAN tag I_VLAN included in the non-encapsulated frame FR13 as a key for the VPN table [1] 21a. Based on the result, the internal VLAN identifier IVID “IV1” is added to the frame. Then, the table processing unit 16 transmits the frame to the relay processing unit 17.

  The FDB processing unit 26 of the relay processing unit 17 associates the internal MAC address I_SMAC “MA11” and the internal VLAN identifier IVID “IV1” of the transmission source of the received frame with the reception port identifier RPID {Pd [1]}. To learn. Further, the FDB processing unit 26 searches the FDB using the internal MAC address I_DMAC “MA31” of the destination of the received frame and the internal VLAN identifier IVID “IV1” as search keys, the external MAC address of the destination O_DMAC, and the external IP address of the destination Obtain O_DIP and destination port identifier DPID {Pu [1]}. In response to this, the FDB processing unit 26 adds the acquired information to the frame and transmits it to the encapsulation execution unit 18.

  The encapsulation execution unit 18 generates the external header 12 using the acquisition information added to the frame and the information based on the VPN table [2] 21b, and encapsulates the non-encapsulated frame FR13 with the external header 12 As a result, an encapsulated frame FRC 13a is generated. At this time, the encapsulation execution unit 18 refers to the VPN table [2] 21b using the internal VLAN identifier IVID “IV1” of the frame as a key, and the VLAN identifier VID “V10” and the VXLAN network identifier VNI in the external VLAN tag O_VLAN. “VN10” is acquired.

  The encapsulation executing unit 18 transmits the encapsulated frame FRC 13 a to the relay executing unit 20. The relay execution unit 20 and the interface unit 15 transmit the encapsulated frame FRC13a to the upper port Pu [1] after deleting unnecessary information based on the destination port identifier DPID {Pu [1]} added to the frame. To do.

  In FIG. 10, in FIG. 1, the switch device VTEP [1] receives the unencapsulated frame FR12 addressed to the virtual machine VM21 from the virtual machine VM11 at the lower port Pd [1] and receives it at the lower port Pd [n]. ] Shows an example of operation when relaying to. First, the reception port identifier adding unit 25 adds the reception port identifier RPID {Pd [1]} to the received unencapsulated frame FR12 and transmits it to the table processing unit 16.

  The table processing unit 16 uses the combination of the reception port identifier RPID {Pd [1]} and the VLAN identifier VID “V1” in the internal VLAN tag I_VLAN included in the non-encapsulated frame FR12 as a key for the VPN table [1] 21a. Based on the result, the internal VLAN identifier IVID “IV1” is added to the frame. Then, the table processing unit 16 transmits the frame to the relay processing unit 17.

  The FDB processing unit 26 of the relay processing unit 17 associates the internal MAC address I_SMAC “MA11” and the internal VLAN identifier IVID “IV1” of the transmission source of the received frame with the reception port identifier RPID {Pd [1]}. To learn. Further, the FDB processing unit 26 searches the FDB using the internal MAC address I_DMAC “MA21” of the destination of the received frame and the internal VLAN identifier IVID “IV1” as search keys, and acquires the destination port identifier DPID {Pd [n]}. To do. In response to this, the FDB processing unit 26 adds the destination port identifier DPID {Pd [n]} to the frame and transmits it to the relay execution unit 20. The relay execution unit 20 and the interface unit 15 delete unnecessary information based on the destination port identifier DPID {Pd [n]} added to the frame, and then transfer the unencapsulated frame FR12 to the lower port Pd [n]. Send.

  As described above, by using the switch device and the relay system according to the present embodiment, it is possible to typically achieve high-speed communication in VXLAN.

  As mentioned above, the invention made by the present inventor has been specifically described based on the embodiments. However, the present invention is not limited to the above-described embodiments, and various modifications can be made without departing from the scope of the invention. For example, the above-described embodiment has been described in detail for easy understanding of the present invention, and is not necessarily limited to one having all the configurations described. Further, a part of the configuration of one embodiment can be replaced with the configuration of another embodiment, and the configuration of another embodiment can be added to the configuration of one embodiment. . Further, it is possible to add, delete, and replace other configurations for a part of the configuration of each embodiment.

10a to 10c Information processing device 12 External header 15 Interface unit 16 Table processing unit 17 Relay processing unit 18 Encapsulation execution unit 19 Decapsulation execution unit 20 Relay execution unit 21, 21a, 21b VPN table 25 Reception port identifier addition unit 26 FDB processing Unit 27 termination determination unit FR unencapsulated frame FRC encapsulated frame I_DMAC destination internal MAC address I_MAC internal MAC address I_SMAC source internal MAC address I_VLAN internal VLAN tag IVID internal VLAN identifier NW1 L3 network NW2a, NW2b L2 network O_DIP destination External IP address O_DMAC Destination external MAC address O_IP External IP address O_MAC External MAC address O_SIP Transmission External IP address O_SMAC source external MAC address O_VLAN outer VLAN tag Pd downstream port Pu upper port RTa, RTb router device VID VLAN identifier VM11, VM12, VM21, VM22, VM31, VM32 VM VNI VXLAN network identifier VTEP switching device

Claims (8)

A switching device that relays frames based on VXLAN (Virtual eXtensible Local Area Network),
A lower port that communicates unencapsulated frames;
An encapsulation execution unit that generates an encapsulated frame by encapsulating the unencapsulated frame with an external header;
An upper port for communicating the encapsulated frame;
FDB (Forwarding DataBase) that holds the correspondence between external MAC address, external IP address, internal MAC address, and port identifier;
A relay processing unit for learning and searching the FDB;
Have
The relay processing unit
When the encapsulated frame is received by the upper port, the port identifier of the received upper port, the external MAC address of the transmission source included in the external header of the encapsulated frame, and the external IP of the transmission source The FDB learns the correspondence between the address and the internal MAC address of the transmission source included in the area of the unencapsulated frame in the encapsulated frame,
When receiving the unencapsulated frame at the lower port, the FDB is searched using the internal MAC address of the destination included in the unencapsulated frame as a search key, and the port identifier of the upper port is acquired as the search result When the external MAC address and the external IP address are acquired, the unencapsulated frame is transmitted to the upper port via the encapsulation execution unit,
The encapsulation execution unit generates the encapsulated frame including the external MAC address of the destination and the external IP address of the destination based on the search result of the FDB;
Switch device. The switch device according to claim 1,
When the relay processing unit obtains the port identifier of the lower port as a search result of the FDB when the unencapsulated frame is received by the lower port, the relay processing unit converts the unencapsulated frame to the lower port Send to
Switch device. The switch device according to claim 1,
A decapsulation execution unit that generates the unencapsulated frame by removing the outer header from the encapsulated frame;
When the relay processing unit receives the encapsulated frame at the upper port, the relay processing unit searches the FDB using the internal MAC address of the destination included in the area of the unencapsulated frame in the encapsulated frame as a search key. And when the port identifier of the lower port is acquired as the search result, the encapsulated frame is transmitted to the lower port via the decapsulation execution unit.
Switch device. The switch device according to claim 1,
A VPN table associating a VLAN identifier included in the unencapsulated frame with a VXLAN network identifier included in the outer header of the encapsulated frame via an internal VLAN identifier;
The correspondence relationship of the FDB further includes the internal VLAN identifier,
When the relay processing unit receives the unencapsulated frame at the lower port, the relay processing unit learns the internal VLAN identifier corresponding to the VLAN identifier of the unencapsulated frame from the FDB, and the capsule port at the upper port. When the FDB is received, the FDB learns the internal VLAN identifier corresponding to the VXLAN network identifier of the encapsulated frame;
Switch device. Relay having a plurality of switch devices that are arranged at the boundary between an L3 network that relays frames based on IP addresses and an L2 network that relays frames based on MAC addresses and relays frames based on VXLAN (Virtual eXtensible Local Area Network) A system,
Each of the plurality of switch devices includes:
A lower port connected to the L2 network for communicating unencapsulated frames;
An encapsulation execution unit that generates an encapsulated frame by encapsulating the unencapsulated frame with an external header;
An upper port connected to the L3 network and communicating the encapsulated frame;
FDB (Forwarding DataBase) that holds the correspondence between external MAC address, external IP address, internal MAC address, and port identifier;
A relay processing unit for learning and searching the FDB;
Have
The relay processing unit
When the encapsulated frame is received by the upper port, the port identifier of the received upper port, the external MAC address of the transmission source included in the external header of the encapsulated frame, and the external IP of the transmission source The FDB learns the correspondence between the address and the internal MAC address of the transmission source included in the area of the unencapsulated frame in the encapsulated frame,
When the unencapsulated frame is received at the lower port, the FDB is searched using the internal MAC address of the destination included in the unencapsulated frame as a search key, and the port identifier of the upper port is acquired as the search result When the external MAC address and the external IP address are acquired, the unencapsulated frame is transmitted to the upper port via the encapsulation execution unit,
The encapsulation execution unit generates the encapsulated frame including the external MAC address of the destination and the external IP address of the destination based on the search result of the FDB;
Relay system. The relay system according to claim 5, wherein
When the relay processing unit obtains the port identifier of the lower port as a search result of the FDB when the unencapsulated frame is received by the lower port, the relay processing unit converts the unencapsulated frame to the lower port Send to
Relay system. The relay system according to claim 5, wherein
A decapsulation execution unit that generates the unencapsulated frame by removing the outer header from the encapsulated frame;
When the relay processing unit receives the encapsulated frame at the upper port, the relay processing unit searches the FDB using the internal MAC address of the destination included in the area of the unencapsulated frame in the encapsulated frame as a search key. And when the port identifier of the lower port is acquired as the search result, the encapsulated frame is transmitted to the lower port via the decapsulation execution unit.
Relay system. The relay system according to claim 5, wherein
A VPN table associating a VLAN identifier included in the unencapsulated frame with a VXLAN network identifier included in the outer header of the encapsulated frame via an internal VLAN identifier;
The correspondence relationship of the FDB further includes the internal VLAN identifier,
When the relay processing unit receives the unencapsulated frame at the lower port, the relay processing unit learns the internal VLAN identifier corresponding to the VLAN identifier of the unencapsulated frame from the FDB, and the capsule port at the upper port. When the FDB is received, the FDB learns the internal VLAN identifier corresponding to the VXLAN network identifier of the encapsulated frame;
Relay system.

Images