JP5980725B2 - Network device, relay management method, relay management program, and communication system - Google Patents

Description

  The present invention relates to a network device, a relay management method, a relay management program, and a communication system.

  In recent years, cloud computing has become widespread, and a virtual environment is constructed using resources of a physical server installed in a data center to provide various services to users. In addition, an L2 network is built across different data centers using virtual switches.

  For example, a company (Z) that implements a department server, an accounting server, an attendance management server, a file server, etc. with a virtual machine will be described as an example. In the company (Z), the virtual machine (A) and the virtual machine (B) are operated at the data center (X) of the base (Sapporo), and the virtual machine (C) is operated at the data center (Y) of the base (Fukuoka). The virtual machine (D) is operated. Then, the data center (X) and the data center (Y) are connected by a virtual L2 network using a virtual switch such as Open vSwitch.

  In this way, in the company (Z), by realizing communication between virtual machines that operate in different data centers and provide each service, employees at each base can be made independent of the base, Provide various services.

Hisashi Ishii, Kazue Ueno, Keisuke Tagami, Koji Iida, Tomonari Fujita, Kazutaka Morita, “Open Source laaS Cloud Platform OpenStack”, NTT Technology Journal Vol.23, No.8, 2011. Hideo Kitazume, Takaaki Koyama, Yoshitake Tajima, Toshiharu Kishi, Atsuko Inoue, "Network Virtualization Technology that Supports Cloud Services", NTT Technology Journal Vol.23, No.10, 2011.

  However, the above technique has a problem that when a virtual machine migration or the like occurs, the communication path becomes redundant and a communication delay occurs.

  As an example, the company (Z) will be described as an example. In a situation where an employee's personal computer (hereinafter sometimes referred to as a PC) uses a virtual machine connected to each site using the Internet or the like. Suppose that a virtual machine (B) is migrated to the data center (Y) of the base (Fukuoka) in order to improve convenience, etc., as an employee of the base (Sapporo) travels to the base (Fukuoka). . In this case, the default gateway of the PC of the employee who uses the Internet is the IP address of the router designated by ISP (Internet Service Provider). The default gateway of the migrated virtual machine (B) is set to the router of the migration source data center (X).

  For this reason, when the employee accesses the virtual machine (B) from Fukuoka on a business trip, the employee's PC sends a response from the VM (B) to the data center (Y) and data of the base (Fukuoka) on the business trip. The data is received via the virtual L2 network between the centers and the data center (X) of the base (Sapporo) that is the business trip source. In other words, the employee's PC receives a response from the virtual machine (B) via the business trip source even though the virtual machine (B) is migrated to the business trip destination in accordance with the business trip. As described above, the communication distance from the virtual machine (B) to the user terminal is increased, and the delay is increased unnecessarily.

  Although it is conceivable to change the default gateway of the virtual machine (B), it is not realistic from the viewpoint of security to allow an employee who is not an administrator to change the network settings.

  The disclosed technology has been made in view of the above, and an object thereof is to provide a network device, a relay management method, a relay management program, and a communication system that can reduce communication delay.

  One embodiment of the present application is a network device that relays data communication between information processing devices, the first communication quality between the information processing device operating in the same network segment as the network device and the network device. Between a measurement unit that measures the communication quality of the network, another network device in which the same IP address as the network device is set in the same network segment, and an information processing device that operates in the same network segment Whether the information processing device operating in the same network segment is a relay target based on the acquisition unit that acquires the second communication quality, which is the quality, and the first communication quality and the second communication quality And a determination unit for determining whether or not.

  According to an embodiment of the present application, communication delay can be reduced.

FIG. 1 is a diagram illustrating an example of the overall configuration of a system according to the first embodiment. FIG. 2 is a diagram illustrating a hierarchical structure of physical servers that operate VMs. FIG. 3 is a functional block diagram showing the functional configuration of the router. FIG. 4 is a diagram illustrating an example of information stored in the VM information table. FIG. 5 is a diagram illustrating an example of information stored in the measurement result table. FIG. 6 is a diagram illustrating an example of information stored in the management target table. FIG. 7 is a diagram illustrating an example of information stored in the synchronization information table. FIG. 8 is a flowchart showing a flow of processing for specifying a management target VM executed by the router according to the first embodiment. FIG. 9 is a flowchart showing a flow of ARP response processing executed by the router according to the first embodiment. FIG. 10 is a diagram illustrating a specific example in which the relay target is changed after VM migration. FIG. 11 shows an example of a screen for registering business trip information. FIG. 12 is a diagram illustrating information measured by the router. FIG. 13 is a diagram illustrating a measurement result received by the router as synchronization information. FIG. 14 is a diagram illustrating an update example of the management target table. FIG. 15 is a diagram illustrating an example of the ARP request. FIG. 16 is a diagram illustrating an example of the ARP response. FIG. 17 is a diagram illustrating an example of updating the ARP table. FIG. 18 is a diagram illustrating an example in which the route after migration is changed. FIG. 19 is a flowchart showing the flow of the alive monitoring process of the router. FIG. 20 is a diagram illustrating a computer that executes a relay management program.

  Hereinafter, embodiments of a network device, a relay management method, a relay management program, and a communication system disclosed in the present application will be described in detail with reference to the drawings. In addition, this invention is not limited by this embodiment. In addition, this invention is not limited by this embodiment. Embodiments described below can be appropriately combined within a consistent range.

[First Embodiment]
(overall structure)
FIG. 1 is a diagram illustrating an example of the overall configuration of a system according to the first embodiment. As shown in FIG. 1, this system is a system for connecting, for example, corporate bases via a network, and a base (Sapporo) 1 and a base (Fukuoka) 11 each having a data center are connected via a network 20 such as the Internet. Is done.

(Base (Sapporo))
The base (Sapporo) 1 has a user terminal 10 and a data center 2. The user terminal 10 is a terminal device that accesses a virtual machine operating in the data center 2 or the data center 12 of the base (Fukuoka) 11 and uses various services, such as a laptop computer or a smartphone.

  The data center 2 is a data center in which one or more physical servers are installed and a virtual machine (hereinafter sometimes referred to as a VM (Virtual Machine)) is operated using physical resources of the physical server. The physical resources include a communication interface, a processor, a memory, and a hard disk.

  Specifically, the data center 2 includes a CE (Customer Edge) router 3, a router 4, an OVS 5, a VM (A), and a VM (B). The CE router 3 is an edge router installed at the boundary between a telecommunications carrier network 1a such as the Internet and a corporate network such as a corporate LAN (Local Area Network). The CE router 3 is realized by a physical device. .

  The router 4 is a router that divides the data center 2 of the base (Sapporo) 1 and the data center 12 of the base (Fukuoka) 11 by the same network segment 22 in the corporate network. That is, the router 4 relays communication between the user terminal 10 and each VM in each data center. The interface 4a of the router 4 is an interface connected to the CE router 3, and “IP (4a)” is set as an IP (Internet Protocol) address. The interface 4b of the router 4 is an interface connected to each VM, and “IP (10)” is set as the IP address.

  Accordingly, “IP (4a)” is connected as a default gateway to the user terminal 10 used in the base (Sapporo) 1. For this reason, the user terminal 10 accesses via the router 4 when accessing each VM. The router 4 may be realized with a virtual machine or a physical device.

  The OVS 5 is a switch that relays each router and each VM of each data center, and is a virtual switch that connects the data centers with the virtual L2 network 21 in cooperation with the OVS 15 of the data center 12. For example, the OVS 5 is connected to the interface 4 b of the router 4, VM (A), VM (B), and the OVS 15 of the data center 12.

  The VM (A) is a virtual machine that executes, for example, a Web server or a DB server, and “IP (A)” is set as the IP address. The VM (B) is a virtual machine that executes, for example, a Web server or a DB server, and “IP (B)” is set as the IP address. These VMs communicate with the user terminal 10 via the OVS 5.

(Base (Fukuoka))
The base (Fukuoka) 11 has a data center 12. The data center 12 is a data center in which one or more physical servers are installed and a virtual machine is operated using physical resources of the physical server.

  Specifically, the data center 12 includes a CE router 13, a router 14, an OVS 15, a VM (C), and a VM (D). The CE router 13 is an edge router installed at the boundary between a telecommunications carrier network 11a such as the Internet and a corporate network such as a corporate LAN. The CE router 13 is realized by a physical device.

  The router 14 is a router that divides the data center 2 of the base (Sapporo) 1 and the data center 12 of the base (Fukuoka) 11 by the same network segment 22 in the corporate network. That is, the router 14 relays communication between the external device and each VM in each data center. The interface 14a of the router 14 is an interface connected to the CE router 13, and “IP (14a)” is set as the IP address. The interface 14b of the router 4 is an interface connected to each VM, and “IP (10)” is set as the IP address. The router 14 may be realized by a virtual machine or a physical device.

  The OVS 15 is a switch that relays each router and each VM of each data center, and is a virtual switch that connects the data centers with the virtual L2 network 21 in cooperation with the OVS 5 of the data center 2. For example, the OVS 15 is connected to the interface 14 b of the router 14, VM (C), VM (D), and the OVS 5 of the data center 1.

  The VM (C) is a virtual machine that executes, for example, a Web server or a DB server, and “IP (C)” is set as the IP address. The VM (D) is a virtual machine that executes, for example, a Web server or a DB server, and “IP (D)” is set as the IP address. These VMs communicate with external devices outside the data center via the OVS 15.

(Network configuration)
As described above, the same IP address “IP (10)” is set in the interface 4 b of the router 4 and the interface 14 b of the router 14. Also, each VM operates in the same network segment, although the operating base is different. That is, the router 4, the router 14, the OVS 5, the OVS 15, the VM (A), the VM (B), the VM (C), and the VM (D) are connected by the virtual L2 network 21 and operate on the same network segment 22. Therefore, the router 14 of the base (Fukuoka) 11 and the VM (A) or VM (B) are communicably connected, and the router 4 of the base (Sapporo) 1 can communicate with the VM (C) or VM (D). It is connected to the. Here, the virtual L2 network 21 is a best effort section, and the service quality is not guaranteed as usual.

(Hierarchical structure)
FIG. 2 is a diagram illustrating a hierarchical structure of physical servers that operate VMs. Here, an example in which the VM is operated by one physical server will be described as an example, but the present invention is not limited to this, and the operation can be performed by using a plurality of physical servers.

  In the data center 2, the physical server 6 operates, and in the data center 12, the physical server 16 operates. Each physical server is a general server device, and includes hardware, a processor, a memory, and the like.

  The physical server 6 of the data center 2 operates virtual software 6b such as a hypervisor on the hardware 6a to provide a virtual environment. The virtualization software 6b operates the virtual switch 6c.

  Similarly, the physical server 16 in the data center 12 operates virtualization software 16b such as a hypervisor on the hardware 16a to provide a virtual environment. The virtualization software 16b operates the virtual switch 16c.

  Here, the virtual switch 6c and the virtual switch 16c are realized by using, for example, Open vSwitch, Open Flow (registered trademark), KVM (registered trademark), and the like, and construct the virtual L2 network 21 that is the best effort section. That is, different data centers are connected to each other via a virtual L2 network.

  Each virtualization software of each physical server operates a virtual machine in a state where the virtual L2 network 21 can be used. Specifically, the virtualization software 6b operates VM (A) and VM (B) using the physical resources of the physical server 6, and each VM is transferred to the virtual L2 network 21 via the virtual switch 6c. Connecting. Similarly, the virtualization software 16b operates VM (C) and VM (D) using the physical resources of the physical server 16, and connects each VM to the virtual L2 network 21 via the virtual switch 16c. .

(Router configuration)
Next, the configuration of the router 4 and the router 14 shown in FIG. 1 will be described. Since the router 4 and the router 14 have the same configuration, the router 14 will be described as an example here. Here, an example in which the router 14 is a physical device will be described. However, even when the router 14 is realized by a VM, a similar function is executed using physical resources.

  FIG. 3 is a functional block diagram showing the functional configuration of the router. As illustrated in FIG. 3, the router 14 includes a communication control unit 141, a storage unit 142, and a control unit 143.

  The communication control unit 141 includes interfaces 14a and 14b, and is a processing unit that controls communication of other devices. For example, the communication control unit 141 relays communication from the external device to the VM (C), communication from the VM (C) to the external device, and the like. Note that an IP address “IP (14a)” is set in the interface 14a, and an IP address “IP (10)” is set in the interface 14b.

  The storage unit 142 is a storage device such as a memory or a hard disk, and holds a VM information table 142a, a measurement result table 142b, a management target table 142c, a synchronization information table 142d, and a routing table 142e. When the router 14 is a virtual machine, the storage unit 142 corresponds to a memory of a physical server, a predetermined area of a hard disk, or the like assigned to the router 14.

  The VM information table 142a is a table that stores information on VMs operating in the same network segment. FIG. 4 is a diagram illustrating an example of information stored in the VM information table. As shown in FIG. 4, the VM information table 142a stores “VM name, MAC (Media Access Control) address, IP (Internet Protocol) address” in association with each other. The information stored here is set by an administrator or the like.

  The “VM name” stored here is information for specifying a VM operating in the same network segment, and is, for example, a host name or an identifier. “MAC address” is the MAC address set in the VM. “IP address” is an IP address set in the VM.

  In the case of FIG. 4, VM (A) in which “MAC (A)” is set as the MAC address and “IP (A)” is set as the IP address operates in the same network segment as the data center 2 and the data center 12. Indicates that Similarly, a VM (B) in which “MAC (B)” is set as the MAC address and “IP (B)” is set as the IP address is operating. Further, it indicates that the VM (C) in which “MAC (C)” is set as the MAC address and “IP (C)” is set as the IP address is operating. Further, it indicates that the VM (D) in which “MAC (D)” is set as the MAC address and “IP (D)” is set as the IP address is operating.

  The measurement result table 142b is a table for storing measurement results of communication quality between each VM and the router 14. FIG. 5 is a diagram illustrating an example of information stored in the measurement result table. As illustrated in FIG. 5, the measurement result table 142b stores “VM name, MAC address, communication quality” in association with each other.

  The “VM name” stored here is information for identifying the VM to be measured, and the “MAC address” is the MAC address of the VM to be measured. “Communication quality” is a result measured by a communication quality measuring unit 146 described later. An IP address may be used instead of the MAC address.

  In the case of FIG. 5, the communication quality between the router 14 and the VM (A) is “60 ms”, the communication quality between the router 14 and the VM (B) is “23 ms”, and the communication quality between the router 14 and the VM (C) is “ 5 ms ”, indicating that the communication quality between the router 14 and the VM (D) is“ 7 ms ”. The information stored here is updated as needed by a communication quality measuring unit 146 and the like which will be described later.

  The communication quality stored here is the time from when the router sends a message to the VM until it receives a response from the VM. Further, the time from when the router transmits a message to the VM a plurality of times and when a response is received from the VM may be measured, and an average value of the measured time may be used.

  The management target table 142c is a table that stores information on VMs to which the router 14 relays communication. FIG. 6 is a diagram illustrating an example of information stored in the management target table. As illustrated in FIG. 6, the management target table 142 c stores “item number, VM name, MAC (Media Access Control) address” in association with each other. The “item number” stored here is an identifier for identifying a record, “VM name” is information for identifying a VM to be relayed, and “MAC address” is the MAC address of the VM to be relayed. is there. An IP address may be used instead of the MAC address.

  In the case of FIG. 6, it is indicated that the router 14 relays a VM (C) having “MAC (C)” as a MAC address and a VM (D) having “MAC (D)” as a MAC address. Yes. The information stored here is updated as needed by a communication quality measuring unit 146 and the like which will be described later.

  The synchronization information table 142d is a table that stores information acquired from routers that operate in the same network segment and have the same IP address. FIG. 7 is a diagram illustrating an example of information stored in the synchronization information table. As illustrated in FIG. 7, the synchronization information table 142 d stores “acquisition destination router, priority, measurement result” in association with each other.

  The “acquisition destination router” stored here is information for identifying the synchronization target router, and the “priority” is the priority set for the synchronization target router acquired from the synchronization target router. The “measurement result” is information indicating the router, each VM, and the communication quality measured by the synchronization target router.

  The example of FIG. 7 is information acquired from the router 4, the priority “10” is set in the router 4, the communication quality between the router 4 and the VM (A) is “3 ms”, and the router 4 4 and the communication quality between the VM (B) is “2 ms”, the communication quality between the router 4 and the VM (C) is “70 ms”, and the communication quality between the router 4 and the VM (D) is “111 ms”. It is shown that.

  The routing table 142e is a table for storing a relay route for relaying data, that is, routing information. Specifically, the routing table 142e stores a route between VMs, a route to each VM and an external network, and the like.

  The control unit 143 is an electronic circuit such as a processor, and includes a management information reception unit 144, a conflict detection suppression unit 145, a communication quality measurement unit 146, an ARP response unit 147, a synchronization execution unit 148, and a relay processing unit 149. That is, each processing unit is a process executed by a processor or the like, an electronic circuit included in the processor, or the like. When the router 14 is a virtual machine, the control unit 143 is a processing unit that is assigned to the router 14 and executed by the processor of the physical server.

  The management information receiving unit 144 is a processing unit that receives setting information from the administrator. For example, the management information receiving unit 144 receives information on the operating VM from the administrator and stores it in the VM information table 142a.

  The conflict detection suppression unit 145 is a processing unit that suppresses error notification and allows setting of the same address when the same IP address as the IP address set in the own router is detected in the same network segment. .

  For example, it is assumed that the IP address “IP (10)” is set to the interface 14 b of the own router 14 in a state where the IP address “IP (10)” is set to the interface 4 b of the router 4. In this case, when both the router 4 and the router 14 are activated, the conflict detection inhibiting unit 145 detects an IP address conflict. However, the conflict detection suppression unit 145 suppresses error notification even when IP conflict is detected. As a result, IP address duplication is allowed in the router 4 and the own router 14, that is, in the same network segment. Therefore, a state where the same IP address “IP (10)” is set to the interface 4b of the router 4 and the interface 14b of the router 14 is allowed.

  The communication quality measuring unit 146 is a processing unit that measures the communication quality between the data center 2 and the data center 12 and each VM operating in the same network segment. The communication quality measuring unit 146 is a processing unit for registering a VM having a good communication quality of the own router 14 as a management target between routers having the same IP address set in the same network segment.

  Specifically, the communication quality measurement unit 146 transmits a message to each VM stored in the VM information table 142a, measures the time until a response is received, and stores the result in the measurement result table 142b. Store. Then, the communication quality measurement unit 146 refers to the synchronization information table 142d and identifies the VM with the earliest communication time with the own router 14. Thereafter, the communication quality measurement unit 146 extracts information on the specified VM from the VM information table 142a and stores it in the management target table 142c.

  For example, the communication quality measurement unit 146 transmits an ARP (Address Resolution Protocol) request to each of the VM (A), VM (B), VM (C), and VM (D) multiple times, and sends an ARP response from each VM. The time until reception is measured, and the average value of the time is calculated. Then, the communication quality measuring unit 146 refers to the synchronization information table 142d and reads the average value of the measurement times measured by the router 4 for each VM using the same method.

  Thereafter, the communication quality measurement unit 146 compares the measurement result of the own router 14 with the measurement result of the router 4 and determines that the measurement time of the own router 14 is short for VM (C) and VM (D). To do. As a result, the communication quality measurement unit 146 stores the MAC address and IP address of the VM (C) and VM (D) in the management target table 142c.

  Note that the communication quality measurement unit 146 measures the communication quality with the VM and updates the VM to be managed, for example, when the router 14 is activated, when the VM information table 142a is updated, or when VM migration occurs. and so on.

  The ARP response unit 147 is a processing unit that responds to the management target VM with an ARP response when an ARP request is received from the VM. Specifically, the ARP response unit 147 responds the MAC address of the router 14 to the ARP request including the MAC address stored in the management target table 142c as the source MAC address in the received ARP request. To do.

  For example, it is assumed that the ARP response unit 147 makes an ARP request from the VM (C). In this case, the ARP response unit 147 extracts the VM (C) MAC address “MAC (C)” from the ARP request. Then, the ARP response unit 147 refers to the management target table 142c, and since the extracted MAC address “MAC (C)” is registered in the table, the ARP response unit 147 determines that the transmission source is the relay target VM. As a result, the ARP response unit 147 returns the MAC address “MAC (14)” of the own router to the VM (C) that is the transmission source of the received ARP request.

  On the other hand, it is assumed that the ARP response unit 147 makes an ARP request from the VM (B). In this case, the ARP response unit 147 extracts the MAC address “MAC (B)” of the VM (B) from the ARP request. Then, the ARP response unit 147 refers to the management target table 142c, and determines that the transmission source is a VM that is not a relay target because the extracted MAC address “MAC (B)” is not registered in the table. As a result, the ARP response unit 147 suppresses a response to the received ARP request.

  The synchronization execution unit 148 is a processing unit that synchronizes the communication quality with the VM with a router existing in the same network segment at a predetermined interval. Specifically, the synchronization execution unit 148 executes synchronization processing with routers that have the same IP address set in the same network segment. Note that the synchronization destination router may be set in advance by an administrator or the like, and the router detected by the conflict detection suppression unit 145 may be set as a synchronization target.

  For example, when the synchronization timing is reached, the synchronization execution unit 148 reads out the measurement result stored in the measurement result table 142b and transmits it to the router 4. In addition, when the synchronization execution unit 148 receives the measurement result of the router 4, it stores it in the synchronization information table 142d. The synchronization timing can be arbitrarily set such as every hour or when the setting is changed. Moreover, as information to synchronize, not only a measurement result but the priority set to a router and the management object memorize | stored in the management object table 142c may be synchronized, for example.

  The relay processing unit 149 is a processing unit that relays received data to a destination. Specifically, the relay processing unit 149 receives, based on information stored in the routing table 142e, when receiving a packet destined for the relay target VM or a packet destined for the relay target VM. , NAT (Network Address Translation) conversion or the like is performed, and the packet is transmitted to the destination.

(Management target VM identification process)
FIG. 8 is a flowchart showing a flow of processing for specifying a management target VM executed by the router according to the first embodiment. Here, the router 14 will be described as an example. In addition, as a pre-stage of this processing, it is assumed that information setting in the VM information table 142a is completed for the router 14 and the router 4. That is, it is assumed that the same IP address is set in the same network segment.

  As shown in FIG. 8, when the router 14 for which various settings have been completed is activated (S101: Yes), the conflict detection suppression unit 145 of the router 14 detects conflicting IP address settings (S102). Subsequently, the conflict detection suppression unit 145 detects conflicting IP addresses, but suppresses error notification (S103).

  Thereafter, the communication quality measurement unit 146 of the router 14 refers to the VM information table 142a and identifies a VM operating in the same network segment (S104). Subsequently, the communication quality measurement unit 146 transmits an ARP request to the specified VMs a plurality of times (S105). Thereafter, the communication quality measurement unit 146 receives an ARP response from each VM (S106).

  Then, the communication quality measurement unit 146 measures the time from the transmission of the ARP request to the reception of the ARP response for each VM, calculates the average value of the measured times, and stores it in the measurement result table 142b. (S107).

  Subsequently, the synchronization execution unit 148 sets the communication quality (average value) of each VM stored in the measurement result table 142b as synchronization information, and the router in which the same IP address as that of the own router 14 is set in the same network segment. 4 (S108).

  Also, the synchronization execution unit 148 receives the communication quality (average value) of each VM measured by the other router as synchronization information, and stores it in the synchronization information table 142d (S109).

  Thereafter, the communication quality measuring unit 146 identifies the VM having the shortest communication time with the own router 14 from the measurement result of the own router 14 and the measurement result of the other router received by the synchronization information ( S110).

  Then, the communication quality measurement unit 146 registers the VM having the shortest communication time with the own router 14 in the management target table 142c as a management target, that is, a relay target (S111). Thereafter, the communication quality measuring unit 146 repeats the processing from S104 onward every time the measurement timing is reached (S112: Yes).

(ARP response processing)
FIG. 9 is a flowchart showing a flow of ARP response processing executed by the router according to the first embodiment. Here, the router 14 will be described as an example. Further, as a pre-stage of this processing, it is assumed that information setting in the management target table 142c and the same IP address are set in the same network segment for the router 14 and the router 4.

  As illustrated in FIG. 9, when receiving the ARP request from the VM (S201: Yes), the ARP response unit 147 of the router 14 extracts the source MAC address from the ARP request (S202). Subsequently, the ARP response unit 147 determines whether or not the extracted transmission source MAC address is registered in the management target table 142c (S203).

  Then, when the extracted MAC address of the transmission source is registered in the management target table 142c, that is, when the VM of the transmission source of the ARP request is a management target (S203: Yes), the ARP response unit 147 An ARP response is transmitted to the VM of (S204).

  On the other hand, when the extracted source MAC address is not registered in the management target table 142c, that is, when the VM of the transmission source of the ARP request is not a management target (S203: No), the ARP response unit 147 transmits The ARP response to the original VM is suppressed (S205).

(Concrete example)
Next, as the user of the user terminal 10 travels from the base (Sapporo) 1 to the base (Fukuoka) 11, the VM (B) used by the user is migrated to the data center 12 for the sake of convenience. In this case, an example in which the router changes the relay target will be described.

  FIG. 10 is a diagram illustrating a specific example in which the relay target is changed after VM migration. FIG. 10 has the same configuration as FIG. 1 except that a management server 30 that manages VM migration and the like is connected to the network 20.

  It is assumed that the communication quality between each VM and each router before migration is in the state shown in FIGS. That is, it is assumed that the communication quality between the router 4 and the VM (A), the router 4 and the VM (B) is good, and the communication quality between the router 14 and the VM (C) and the router 14 and the VM (D) is good. For this reason, the router 4 has VM (A) and VM (B) as management targets, and the router 14 has VM (C) and VM (D) as management targets.

  In such a state, the user terminal 10 accesses the management server 30, registers information on a business trip destination using a Web screen or the like, and requests movement of a service or the like (S301). FIG. 11 shows an example of a screen for registering business trip information. When receiving the access from the user terminal 10, the management server 30 responds to the user terminal 10 with the screen shown in FIG.

  The screen shown in FIG. 11 is a screen for inputting “user ID, movement source, movement destination, movement target”. “User ID” is an identifier of a user who makes a business trip. “Movement source” is information indicating a business trip source, “Movement destination” is information indicating a business trip destination, and “Movement target” is information specifying a service or server used in the business trip destination. The “movement source”, “movement destination”, and “movement object” can be easily selected from a pull-down menu, for example.

  Here, as shown in FIG. 11, the management server 30 receives input of the user ID “U001”, the movement source “Sapporo”, the movement destination “Fukuoka”, and the movement target “Web server (VM (B))”. To do.

  Subsequently, the management server 30 migrates the VM (B) operating in the data center 2 of the base (Sapporo) 1 to the data center 12 of the base (Fukuoka) 11 of the business trip based on the input information. (S302).

  When the migration is completed, each router measures the communication quality with each VM (S303). Specifically, the router 4 transmits the ARP request to the VM (A), VM (B), VM (C), and VM (D) multiple times and receives the response time. After the measurement, the average value of the time required for response for each VM is calculated. Similarly, the router 14 transmits an ARP request multiple times to each of VM (A), VM (B), VM (C), and VM (D), and measures the time until receiving the response. After that, the average value of the time required for response for each VM is calculated.

  FIG. 12 is a diagram illustrating information measured by the router 14. As shown in FIG. 12, the router 14 communicates with the VM (A) with a communication quality “40 ms”, communicates with the VM (B), communication quality “3 ms”, and communicates with the VM (C). Communication quality “7 ms” is measured between “5 ms” and VM (D).

  Thereafter, as shown in FIG. 10, the router 14 synchronizes the measurement result with the router 4 and updates the management target (S304). FIG. 13 is a diagram illustrating a measurement result received by the router 14 as synchronization information. That is, FIG. 13 shows the measurement result of the router 4. As shown in FIG. 13, the router 4 communicates with the VM (A) with the communication quality “3 ms”, with the VM (B), with the communication quality “20 ms”, and with the VM (C), with the communication quality “ Communication quality “19 ms” is measured between “32 ms” and VM (D).

  Subsequently, the router 14 compares the measurement result measured by its own router illustrated in FIG. 12 with the measurement result of the router 4 illustrated in FIG. 13, and compares VM (B), VM (C), and VM (D). Specify that the local router has better communication quality. As a result, the router 14 identifies VM (B), VM (C), and VM (D) as management targets.

  FIG. 14 is a diagram illustrating an update example of the management target table. As illustrated in FIG. 14, the router 14 adds “item number (3), VM name (VM (B)), MAC address (MAC (B))” to the management target table 142 c.

  On the other hand, the router 4 compares the measurement result measured by the router 14 shown in FIG. 12 with the measurement result of the own router 4 shown in FIG. 13, and the communication quality of the VM (A) is better for the own router. Identify that. As a result, the router 4 identifies the VM (A) as a management target. Therefore, the router 4 updates the management target from VM (A) and VM (B) to only VM (B).

  Thereafter, when the migration and the update of the management target table 142c are completed, the migrated VM (B) transmits an ARP request to the IP address “IP (10)” of the default gateway, and updates the ARP table. (S305).

  Specifically, the VM (B) transmits an ARP request to the IP address “IP (10)” of the default gateway. FIG. 15 is a diagram illustrating an example of the ARP request. As illustrated in FIG. 15, the VM (B) transmits an ARP request including “destination IP address (IP (10))” indicating the destination and “own MAC address (MAC (B))” indicating the source. To do.

  Subsequently, the router 4 and the router 14 receive the ARP request from the VM (B). Here, the router 4 suppresses the ARP response since the MAC address “MAC (B)” of the VM (B) is deleted from the management target table 142c.

  On the other hand, since the MAC address “MAC (B)” of the VM (B) is added to the management target table 142c, the router 14 executes an ARP response. FIG. 16 is a diagram illustrating an example of the ARP response. As illustrated in FIG. 16, the router 14 sends a “source IP address (IP (10))” indicating the source and a “destination MAC address” indicating the destination to the VM (B) that is the source of the ARP request. (MAC (B)) ”and an“ ARP response including “own MAC address (MAC (14))” indicating the transmission source.

  The VM (B) that has received this ARP response updates the ARP table. FIG. 17 is a diagram illustrating an example of updating the ARP table. Specifically, the VM (B) specifies that the MAC address of the device having the IP address “IP (10)” is “MAC (14)” by the ARP response. As a result, as shown in FIG. 17, the VM (B) updates the MAC address “MAC (4)” stored in association with the IP address “IP (10)” to “MAC (14)”. . Note that “Type” illustrated in FIG. 17 is information indicating the types of entries that can be stored.

  Thereafter, the user terminal 10 moves to the base (Fukuoka) 11 (S306), and accesses the VM (B) from the base (Fukuoka) 11. At this time, since the default gateway of the VM (B) is updated from the router 4 to the router 14, it is possible to access via a route with less communication delay.

  FIG. 18 is a diagram illustrating an example in which the route after migration is changed. FIG. 18 illustrates an example in which the user terminal 10 accesses the VM (B) from the business trip destination base (Fukuoka) 11 after the migration of the VM (B) and the update of the ARP table are completed.

  As shown in FIG. 18, when the default gateway of VM (B) is not changed to the router 14 and remains as the router 4 as in the prior art, the user terminal 10 sends a response from the VM (B) to the OVS 15 , Received via the route 51 via the virtual L2 network 21, the OVS 5, the router 4, and the CE router 3.

  On the other hand, when the default gateway of the VM (B) is changed to the router 14 by the method described above, the user terminal 10 routes the route from the VM (B) via the OVS 15, the router 14, and the CE router 13. Received at 52.

(effect)
In the above-described embodiment, the section including the best effort of the virtual L2 network 21 can select a path with a shorter communication time between the router and the VM and transmit data from the optimum router. Thus, data can be transmitted to the external network which is a high quality network, and communication delay between the VM and the user terminal 10 on the high quality network can be reduced.

  In addition, it can operate independently of the cloud system, and multiple routers operate in cooperation with each other, so it is possible to determine which router is to be transferred for each VM, so the optimum route suitable for VM placement is automatically set. It can also be discovered.

  Further, since the user can perform communication from the VM to the user terminal 10 through the shortest path without performing specialized work such as setting change, the communication delay is reduced while reducing the increase in the load on the user. can do.

  In addition, since communication quality can be improved after VM migration, communication delays can be suppressed even if VM migration is performed frequently, and maintenance of virtual environments and physical servers can be easily performed. Reliability is improved. Furthermore, the versatility of system construction using a virtual machine is improved.

[Second Embodiment]
Next, processing when another router stops due to a failure or the like will be described. Note that the second embodiment will be described using the router 14 as an example. In addition, before this process is executed, it is assumed that transmission / reception is performed between each router regarding the priority set in the own router and the management target of the own router as synchronization information.

  FIG. 19 is a flowchart showing the flow of the alive monitoring process of the router. As shown in FIG. 19, the control unit 143 of the router 14 performs alive monitoring of other routers (S401). For example, the router 14 performs communication confirmation such as Ping to each router registered in the synchronization information table 142d.

  Then, when the control unit 143 of the router 14 detects a router without a response (S402: Yes), it determines whether or not the priority of the own router is the highest (S403). For example, when a router whose activation cannot be confirmed is detected, the router 14 prioritizes its own router according to the priority of the other router registered in the synchronization information table 142d and the priority of its own router stored in the storage unit 142. Determine whether the degree is the highest.

  When the control unit 143 of the router 14 determines that the priority of the own router is the highest (S403: Yes), the management target of the router detected as having no response is specified from the synchronization information table 142d (S404). For example, the router 14 specifies the information on the VM to be relayed by the router detected as having no response from the synchronization information table 142d.

  Thereafter, the control unit 143 of the router 14 transmits a GARP (Gratuitous Address Resolution Protocol) message to the management target of the router detected as having no response (S405). Then, the control unit 143 of the router 14 registers the management target of the router detected as having no response in the management target table 142c of the own router 14 (S406). Note that the routing information may be received as synchronization information.

  In addition, when the router without a response is not detected in S402 (S402: No) or when there is a router having a higher priority than the own router 14 in S403 (S403: No), the control unit 143 of the router 14 End the process.

  In the present embodiment, an example using GARP has been described, but the present invention is not limited to this. For example, an ICMPv6 (Internet Control Message Protocol for IPv6) “Neighbor Solicitation” message defined by RFC4861 may be used. In this case, in S405, the control unit 143 of the router 14 transmits an ICMPv6 “Neighbor Solicitation” message to the managed VM of the router detected as having no response, and causes the corresponding VM to update the ARP table. . As described above, the above-described processing can be executed not only for IPv4 but also for a VM using IPv6.

  As described above, even if a router with the same IP address in the same network segment fails and is disconnected, other routers manage the management target of the router in which the failure has occurred. Can be registered to the subject. Therefore, it is possible to quickly restore communication with the VM connected to the router in which the failure has occurred.

[Third Embodiment]
Although the embodiments of the present invention have been described so far, the present invention may be implemented in various different forms other than the above-described embodiments. Therefore, different embodiments will be described below.

(Number of routers)
For example, in the above embodiment, the case where there are two routers in which the same IP address is set in the same network segment has been described. However, the present invention is not limited to this, and there are three or more routers. Also good.

  In addition, routers can be grouped to limit synchronization targets. When grouping is performed, the second embodiment and the third embodiment may be executed between the grouped routers. By doing so, it also leads to traffic suppression. The number of bases and the number of data centers are not limited to those shown in the figure.

(VM)
In the above embodiment, the example in which the management target of each router is a VM has been described. However, the present invention is not limited to this. For example, even a physical server can perform the same processing. When the VM IP address is registered in the management target table 142c, in the above-described process, the source IP address is extracted from the ARP request transmitted by the VM, and the same process is executed.

  In the first embodiment, the example of executing when the VM is migrated has been described. However, the present invention is not limited to this. For example, even when an unconfirmed VM that is not registered as a management target in any router newly starts operating in the same network segment, the same processing can be performed.

(Measurement of communication quality)
In the above embodiment, an example in which the communication quality with the VM is measured using the ARP is described, but the present invention is not limited to this. For example, a message using another protocol can be used. In this case, a message in which a response is transmitted to the request is preferable.

(Life and death monitoring)
In the above embodiment, when the activation of the router cannot be confirmed as a result of the alive monitoring, the example in which the router with the highest priority among the active routers inherits the management target has been described. Is not to be done. For example, when the number of management targets of the router with the highest priority exceeds the upper limit value, the router with the next highest priority may inherit the management target. Further, it may be distributed to a plurality of routers with high priority.

(Network configuration)
In the above embodiment, the example in which the user terminal 10 and each CE router are connected via the Internet has been described. However, the present invention is not limited to this. For example, in addition to the Internet, a VPN (Virtual Private Network), a wide area Ethernet, a modem, or a dedicated line can be used for connection between the user terminal 10 and each CE router.

  For example, when the Internet is used, the default gateway of the user terminal 10 is the IP address of the router designated by ISP (Internet Service Provider). At this time, when the user terminal 10 accesses the VM (B) on a business trip, whether to access via the Sapporo router 4 or the Fukuoka router 14 is determined by the routing protocol between the ISP and the data center. The An example of the routing protocol used here is BGP (Border Gateway Protocol).

  When VPN is used, the default gateway of the user terminal 10 is generally set with the IP address of the CE router at the corporate base instead of the data center. At this time, when the user terminal 10 accesses the VM (B) on a business trip destination, whether the user terminal 10 accesses via the router 4 in Sapporo or the router 14 in Fukuoka depends on the setting of the CE router at the corporate base.

  When wide area Ethernet is used, a device for terminating wide area Ethernet is also provided on the user terminal side. It is not always necessary to have a CE router. For example, the user terminal and the router 4 or the router 14 may be directly connected.

(System configuration etc.)
Each component of each illustrated device is functionally conceptual, and does not necessarily need to be the same as the physically illustrated component. In other words, the specific form of distribution / integration of each device is not limited to that shown in the figure, and all or a part thereof may be functionally or physically distributed or arbitrarily distributed in arbitrary units according to various loads or usage conditions. Can be integrated and configured.

  In addition, among the processes described in the present embodiment, all or a part of the processes described as being automatically performed can be manually performed. Further, all or any part of each processing function performed in each device may be realized by a CPU and a program analyzed and executed by the CPU, or may be realized as hardware by wired logic.

(program)
It is also possible to create a relay management program in which the processing executed by the router according to the above embodiment is described in a language that can be executed by a computer. In this case, when the computer executes the relay management program, the same effect as in the above embodiment can be obtained. Further, the same processing as in the above embodiment may be realized by recording such a relay management program on a computer-readable recording medium, and reading and executing the relay management program recorded on the recording medium. Good. Hereinafter, an example of a computer that executes a relay management program that realizes the same function as the router illustrated in FIG. 3 will be described.

  FIG. 20 is a diagram illustrating a computer that executes a relay management program. As illustrated in FIG. 20, the computer 1000 includes, for example, a memory 1010, a CPU 1020, a hard disk drive interface 1030, a disk drive interface 1040, a serial port interface 1050, a video adapter 1060, and a network interface 1070. These units are connected by a bus 1080.

  The memory 1010 includes a ROM (Read Only Memory) 1011 and a RAM 1012. The ROM 1011 stores a boot program such as BIOS (Basic Input Output System). The hard disk drive interface 1030 is connected to the hard disk drive 1090. The disk drive interface 1040 is connected to the disk drive 1100. A removable storage medium such as a magnetic disk or an optical disk is inserted into the disk drive 1100, for example. For example, a mouse 1110 and a keyboard 1120 are connected to the serial port interface 1050. For example, a display 1130 is connected to the video adapter 1060.

  Here, as shown in FIG. 20, the hard disk drive 1090 stores, for example, an OS 1091, an application program 1092, a program module 1093, and program data 1094. Each table described in the above embodiment is stored in the hard disk drive 1090 or the memory 1010, for example.

  Further, the relay management program is stored in, for example, the hard disk drive 1090 as a program module in which a command executed by the computer 1000 is described. Specifically, a management information reception procedure for executing information processing similar to that of the management information reception unit 144 described in the above embodiment, a conflict detection suppression procedure for executing information processing similar to that of the conflict detection suppression unit 145, and communication Communication quality measurement procedure for executing the same information processing as the quality measurement unit 146, ARP response procedure for executing the same information processing as the ARP response unit 147, and synchronization execution procedure for executing the same information processing as the synchronization execution unit 148 And a program module describing a relay processing procedure for executing information processing similar to that of the relay processing unit 149 is stored in the hard disk drive 1090.

  Data used for information processing by the relay management program is stored as program data, for example, in the hard disk drive 1090. Then, the CPU 1020 reads out the program module 1093 and the program data 1094 stored in the hard disk drive 1090 to the RAM 1012 as necessary, and executes the above-described procedures.

  The program module 1093 and the program data 1094 related to the relay management program are not limited to being stored in the hard disk drive 1090. For example, the program module 1093 and the program data 1094 are stored in a removable storage medium and read by the CPU 1020 via the disk drive 1100 or the like. May be issued. Alternatively, the program module 1093 and the program data 1094 related to the relay management program are stored in another computer connected via a network such as a LAN (Local Area Network) or a WAN (Wide Area Network), and are transmitted via the network interface 1070. May be read by the CPU 1020.

  Also, for example, when a general router executes the same function as in the above embodiment, the same procedure as in the above embodiment is described by describing the above procedure in a program executable by the router and causing the router to execute it. Can also be executed. That is, the processor of the router can execute the same processing by developing the program in which the above procedure is described in the memory and executing it. In addition, when the L3 switch or the like is executed, the same processing can be executed by mounting an LSI having a circuit that performs the same function as that of the above embodiment on the L3 switch.

1 base (Sapporo)
2, 12 Data center 3, 13 CE router 4, 14 Router 5, 15 OVS
11 bases (Fukuoka)
20 network 21 virtual L2 network 22 network segment 14a, 14b interface 141 communication control unit 142 storage unit 142a VM information table 142b measurement result table 142c management target table 142d synchronization information table 142e routing table 143 control unit 144 management information reception unit 145 conflict detection Suppression unit 146 Communication quality measurement unit 147 ARP response unit 148 Synchronization execution unit 149 Relay processing unit

Claims (8)

In a network device that relays data communication between information processing devices,
An information processing device that operates in the same network segment as the network device, and a measurement unit that measures a first communication quality that is a communication quality between the network device;
The second communication quality is communication quality between another network device in which the same IP (Internet Protocol) address as that of the network device is set in the same network segment and an information processing device operating in the same network segment. An acquisition unit for acquiring communication quality;
A determination unit that determines whether or not an information processing device operating in the same network segment is a relay target based on the first communication quality and the second communication quality. Network device.   The apparatus further includes a suppression execution unit that suppresses abnormal processing due to contention of the IP address when another network device in which the same IP address as the network device is set in the same network segment is detected. The network device according to claim 1. A storage unit for storing address information of the information processing apparatus determined as the relay target by the determination unit;
A receiving unit for receiving an address request for inquiring a MAC (Media Access Control) address of the network device from an information processing device operating in the same network segment;
When the address information of the transmission source included in the address request received by the reception unit is stored in the storage unit, the MAC address of the network device is returned to the information processing device of the transmission source The network device according to claim 1, further comprising a response unit. The measurement unit measures an average time from when a message is transmitted a plurality of times to a virtual machine operating within the same network segment until a response is received as the first communication quality,
The acquisition unit acquires, as the second communication quality, an average time from when the other network device transmits a message a plurality of times to a virtual machine operating in the same network segment until a response is received. The network device according to any one of claims 1 to 3, wherein: The measuring unit measures the first communication quality for a virtual machine migrated in the same network segment as the network device;
The acquisition unit acquires the second communication quality measured for the migrated virtual machine;
The network according to claim 4, wherein the determination unit determines whether or not the migrated virtual machine is a relay target based on the first communication quality and the second communication quality. apparatus. An information processing device that operates in the same network segment as a network device that relays data communication between the information processing devices, and a measurement step that measures a first communication quality that is a communication quality between the network devices;
The second communication quality is communication quality between another network device in which the same IP (Internet Protocol) address as that of the network device is set in the same network segment and an information processing device operating in the same network segment. An acquisition process for acquiring communication quality;
A determination step of determining whether or not an information processing apparatus operating in the same network segment is a relay target based on the first communication quality and the second communication quality. Relay management method. An information processing device that operates in the same network segment as a network device that relays data communication between the information processing devices, and a measurement step that measures a first communication quality that is a communication quality between the network devices;
The second communication quality is communication quality between another network device in which the same IP (Internet Protocol) address as that of the network device is set in the same network segment and an information processing device operating in the same network segment. An acquisition step for acquiring communication quality;
Causing the network device to execute a determination step of determining whether or not an information processing device operating in the same network segment is a relay target based on the first communication quality and the second communication quality A relay management program characterized by that. In a communication system having a first network device installed at a first base and a second network device installed at a second base,
Each network device
An information processing device that operates within the same network segment as the own network device, and a measurement unit that measures a first communication quality that is a communication quality between the own network device;
The second communication quality is the communication quality between another network device in which the same IP (Internet Protocol) address as that of the own network device is set in the same network segment and an information processing device operating in the same network segment. An acquisition unit for acquiring the communication quality of
A determination unit that determines whether or not an information processing device operating in the same network segment is a relay target based on the first communication quality and the second communication quality. Communications system.

Images