JP6307906B2 - Packet transfer apparatus, packet transfer system, and packet transfer method - Google Patents

Description

  The present invention relates to a packet transfer device, a packet transfer system, and a packet transfer method.

  Live migration (LM: live migration) is known in which a running virtual machine (VM: virtual machine) mounted on a physical machine (for example, a physical server) is moved to another physical machine. By live migration, a terminal device (for example, a client terminal such as a personal computer (PC)) that accesses the virtual machine can use a communication service provided from the virtual machine before and after the movement. Various techniques have been proposed for such live migration.

  For example, when a virtual machine is moved between two different physical servers installed at a single site, packet loss may occur when switching the access destination from the migration source virtual machine to the migrated virtual machine. is there. In such a case, the Open Flow Controller (OFC: OpenFlow Controller) sets both the communication flow for the source virtual machine and the communication flow for the destination virtual machine at the Open Flow Switch at the preparation stage for moving the virtual machine. A technique for preventing packet loss by setting to (OFS: open flow switch) has been proposed (see, for example, Patent Document 1).

  The technology described above is used for moving a virtual machine between physical servers installed at a single site. However, the technology described above is used for moving a virtual machine between physical servers installed at different physical sites. When this technology is used, there are the following problems.

  For example, when a virtual machine is moved between different bases, a tunnel connecting the bases is constructed, and a packet is input to the destination virtual machine through the tunnel. That is, since a packet is input to the virtual machine via the base of the movement source of the virtual machine, there is a problem that a communication delay occurs or a communication band is wasted. Therefore, it is desired that the packet is input to the destination virtual machine without going through the source base.

  Here, in live migration, the IP address set in the virtual machine is the same before and after the movement. However, the above-described problem is that, for example, if an IP address corresponding to the base after the movement is newly set in the virtual machine. It will be resolved. However, when the IP address corresponding to the base after the movement is reset in the virtual machine, it is necessary to restart application software and network settings that operate on the virtual machine. When restarted, the service provided from the virtual machine is temporarily interrupted, which causes another problem that packets flowing through the network are lost.

  For example, there is a technique for solving the above-described problems without newly setting an IP address set for a virtual machine. For example, first change from the network setting where packets are sent to the destination site via the source site to another network setting where packets are sent to the destination site without going through the source site. . Next, the IP address stored in the header of the packet transmitted to the destination virtual machine is converted so as to be input to the virtual machine before being input to the virtual machine. By using such a technique, a packet is input to the destination virtual machine without going through the source base.

JP 2011-70549 A

  By the way, when a packet (hereinafter referred to as a first packet) is input to the virtual machine, the virtual machine sends back a second packet in response to the first packet to the terminal device that is the transmission source of the first packet. Here, if you try to solve the problem at the beginning using the technology described above, before the network setting of the virtual machine moved from the source base to the destination base is changed to another network setting, The first packet that has passed through the source base is input to the destination virtual machine. On the other hand, after the network setting is changed to another network setting, the first packet that has not passed through the source base is input to the destination virtual machine.

  When the virtual machine tries to send back the second packet that responds to the first packet input from the different communication path in this way, it cannot distinguish which communication path is the first packet input from. . Therefore, the virtual machine cannot normally send back the second packet to the transmission source of the input first packet, and there is a problem that the terminal device cannot receive the second packet.

  Therefore, in one aspect, the present object is to provide a packet transfer apparatus, a packet transfer system, and a packet transfer method that can normally receive a second packet that responds to an input first packet. To do.

When the first packet is input , the packet transfer device disclosed in the present specification can receive the first packet from the first physical machine connected to the first LAN at the destination address of the first packet. the difference from the first address corresponding to the first LAN is the same before and after move that is set to the virtual machine LAN and locations is moved to the second physical machine connected to a different second LAN first When the second address corresponding to the second LAN are store, a different from the first identifier stored in the transmission source identifier of the said first address and said second address first packet The second address stored in the destination address of the first packet is converted into the first address based on the management information for managing the relationship with the identifier of the second identifier, and the transmission of the first packet is performed. To the original identifier The received first identifier is converted into the second identifier, and when a second packet responding to the first packet is input, the header information of the first packet and the second packet Based on the conversion information including the identifier and the first address and the management information, the first address stored in the transmission source address of the second packet is converted to the second address, and It is a packet transfer apparatus having conversion means for converting the second identifier stored in the destination identifier of the second packet into the first identifier.
Further, the packet transfer device disclosed in the present specification has a second address different from the first address that is the same before and after moving between the bases set in the virtual machine that moves between the bases in the operating state as the destination address. When a stored first packet is input, a second identifier different from the first identifier stored in the first identifier, the second address, and the source identifier of the first packet; The second address stored in the destination address of the first packet is converted into the first address and stored in the source identifier of the first packet based on the management information for managing the relationship The received first identifier is converted into the second identifier, and when a second packet responding to the first packet is input, the header information and the second identifier of the first packet are input. Based on the conversion information including the child and the first address and the management information, the first address stored in the source address of the second packet is converted to the second address, and A conversion unit that converts the second identifier stored in the destination identifier of the second packet into the first identifier; and a first packet that is transmitted by the conversion unit to the virtual machine side. 1 transmission means, and second transmission means for transmitting the second packet converted by the conversion means to the virtual machine side and the opposite side, the conversion means having the first address When the third packet stored in the destination address is input, the third packet is sent to the first transmission unit without converting the destination address and the transmission source identifier of the third packet. The first transmission means transmits the third packet output from the conversion means to the virtual machine side, and the conversion means receives a fourth packet in response to the third packet. The fourth packet is output to the second transmission means without converting the source address and destination identifier of the fourth packet, and the second transmission means The packet transfer apparatus is characterized in that the fourth packet output from the means is transmitted to the opposite side to the virtual machine side.

The packet transfer system disclosed in the present specification is connected to a first LAN, a first physical machine on which a virtual machine is mounted, and a second LAN connected to a second LAN whose base is different from the first LAN . comprising a second physical machine, and a system management device to be output to the first physical machine instructions for moving the second physical machine from the virtual machine the first physical machine, the second physical When the first packet is input, the machine has a first address corresponding to the first LAN that is the same as the destination address of the first packet before and after the movement set in the virtual machine. When the second address corresponding to the different second LAN is stored, the first address, the second address, and the first identifier stored in the transmission source identifier of the first packet; Different second The second address stored in the destination address of the first packet is converted into the first address based on management information for managing the relationship with the identifier of the first packet, and the transmission source of the first packet When the first identifier stored in the identifier is converted into the second identifier and a second packet responding to the first packet is input, the header information of the first packet and the first packet The first address stored in the transmission source address of the second packet is converted into the second address based on the conversion information including the identifier of 2 and the first address, and the management information. together, the packet forwarding system der, characterized in that it comprises a packet transfer device for converting said second identifier stored in the destination identifier of said second packet to said first identifier .

When the first packet is input , the packet transfer method disclosed in the present specification has the first packet from the first physical machine connected to the first LAN to the destination address of the first packet. the difference from the first address corresponding to the first LAN is the same before and after move that is set to the virtual machine LAN and locations is moved to the second physical machine connected to a different second LAN first When the second address corresponding to the second LAN are store, a different from the first identifier stored in the transmission source identifier of the said first address and said second address first packet The second address stored in the destination address of the first packet is converted into the first address based on the management information for managing the relationship with the identifier of the second identifier, and the transmission of the first packet is performed. To the original identifier When a first conversion step for converting the stored first identifier into the second identifier and a second packet responding to the first packet are input, a header of the first packet Based on the conversion information including the information, the second identifier, and the first address, and the management information, the first address stored in the transmission source address of the second packet is changed to the second address. And a second conversion step of converting the second identifier stored in the destination identifier of the second packet into the first identifier, as well as converting to an address.

  According to the packet transfer apparatus, the packet transfer system, and the packet transfer method disclosed in the present specification, it is possible to normally receive the second packet that responds to the input first packet.

FIG. 1 is a diagram for explaining an example of a packet transfer system. FIG. 2 is an example of a block diagram of a physical device. FIG. 3 is an example of a block diagram of the packet transfer apparatus. FIG. 4A is an example of a management table. FIG. 4B is an example of the conversion table. FIG. 5 is a block diagram illustrating an example of a hardware configuration of the packet transfer apparatus. FIG. 6 is a flowchart illustrating an example of the operation of the packet transfer apparatus. FIG. 7 is a diagram for explaining an example of the operation of the packet transfer apparatus. FIG. 8 is a flowchart illustrating an example of another operation of the packet transfer apparatus. FIG. 9 is a diagram for explaining an example of another operation of the packet transfer apparatus. FIG. 10 is an example of a processing sequence of the packet transfer system. FIG. 11 is a diagram for explaining an example of processing by the packet transfer system. FIG. 12 is a diagram for explaining an example of processing by the packet transfer system. FIG. 13 is a diagram for explaining an example of processing by the packet transfer system. FIG. 14 is a diagram for explaining an example of processing by the packet transfer system. FIG. 15 is a diagram for explaining an example of processing by the packet transfer system. FIG. 16 is a diagram for explaining an example of processing by the packet transfer system. FIG. 17 is a diagram for explaining an example of the flow of the first packet and the second packet before the DNS reflection and after the reflection.

  Hereinafter, an embodiment for carrying out this case will be described with reference to the drawings.

FIG. 1 is a diagram for explaining an example of the packet transfer system S.
As shown in FIG. 1, the packet transfer system S includes at least a first base 100, a second base 200, and a system management device 400. A plurality of third bases 300 may be included in the packet transfer system S. Each of the first base 100 and the second base 200 is, for example, a data center. The first base 100 and the second base 200 are physically separated from each other. For example, the first base 100 and the second base 200 are separated in units of prefectures or municipalities. Further, the first base 100 and the second base 200 are connected via a wide area network (WAN) 10.

  Hereinafter, as shown in FIG. 1, the configuration of the first base 100 and the second base 200 is that a virtual machine 152 is mounted on the physical machine 150 and a packet transfer apparatus (not shown) described later on the physical machine 250. ) Is basically the same except that it is included. For this reason, the component corresponding to the component of the 1st base is attached | subjected to the component of the 2nd base 200, and detailed description of the 2nd base 200 is abbreviate | omitted.

  The first base 100 includes an OFC 110, an OFS 120, a Domain Name System (DNS) server 130, a Gateway (GW) 140, and a physical machine 150. The OFC 110, OFS 120, DNS server 130, and GW 140 are connected to each other by a base network 160 such as a local area network (LAN). The physical machine 150 is connected to the base network 160 via the OFS 120.

  The OFC 110 controls the operation of the OFS 120 by receiving various instructions from the system management apparatus 400. For example, the OFC 110 sets path information in the OFS 120 or sets a tunnel connected to the OFS 220. Thereby, the packet input to the OFS 120 is transferred to the physical machine 150 or transferred to the OFS 220 based on the path information and the tunnel.

  Each of the third bases 300 is connected to the first base 100 and the second base 200 via the WAN 10. The third base 300 is physically separated from the first base 100 and the second base 200. Each of the third bases 300 includes a DNS server 330, a GW 340, and a terminal device 350. The DNS server 330, the GW 340, and the terminal device 350 are connected to each other by a base network 360 such as a LAN. The third base 300 includes a client network, for example.

  The terminal device 350 accesses the virtual machine 152 and uses communication services and various functions provided from the virtual machine 152. Examples of communication services include voice communication including telephone calls and information communication including electronic mail. The various functions include functions based on various application software executed by the virtual machine 152. For example, when the user of the terminal device 350 specifies Uniform Resource Locator (URL) and requests the use of the communication service provided by the virtual machine 152, the first packet that the terminal device 350 requests to provide the communication service. Send. The first packet includes a URL. The first packet is received by the DNS server 330.

  When the DNS server 330 receives the first packet, the DNS server 330 requests the IP address of the virtual machine 152 from the DNS server 130 that manages the IP address of the virtual machine 152 based on the URL. The DNS server 330 transmits the IP address of the virtual machine 152 transmitted from the DNS server 130 to the terminal device 350. The terminal device 350 stores the received IP address in the destination address and transmits it to the virtual machine 152. The first packet reaches the virtual machine 152 via the GW 340, the WAN 10, the GW 140, and the OFS 120. When the virtual machine 152 receives the first packet, the virtual machine 152 transmits a second packet responding to the first packet to the terminal device 350.

  The system management apparatus 400 controls the operation of the packet transfer system S according to an instruction from an administrator who manages the packet transfer system S. The system management device 400 is connected to the base networks 160 and 260 via the communication line 410. For this reason, the system management apparatus 400 can manage each component included in the first base 100 and the second base 200. For example, the system management apparatus 400 transmits an LM instruction for executing live migration to the physical machine 150, a tunnel instruction for setting a tunnel in the OFS 120 to the OFC 110, or a deletion instruction for deleting a set domain name. Is transmitted to the DNS server 130.

  Next, details of the physical machines 150 and 250 described above will be described with reference to FIG.

  FIG. 2 is an example of a block diagram of the physical machines 150 and 250. As illustrated in FIG. 2, the physical machine 150 includes a virtualization device 151 and a virtual machine 152. The physical machine 250 includes a virtualization device 251. Further, the virtualization apparatus 251 includes a packet transfer apparatus 270.

  The virtualization apparatuses 151 and 251 are connected to the OFS 120 and 220, respectively. More specifically, the packet transfer device 270 is connected to the OFS 220. The virtualization apparatuses 151 and 251 are apparatuses that implement the virtual machine 152 in each of the physical machines 150 and 250. The virtualization devices 151 and 251 are realized by, for example, a central processing unit (CPU) of the physical machines 150 and 250 executing virtualization software programs including HyperVisor.

  The packet transfer device 270 converts a packet input from the OFS 220 side when a predetermined condition described later is met, and transfers the packet to the opposite side of the OFS 220 side. Further, the packet transfer apparatus 270 converts a packet input from the opposite side of the OFS 220 when it matches a predetermined condition described later, and transmits the packet to the OFS 220 side. Details of the packet transfer device 270 will be described later.

  The virtual machine 152 includes, for example, a Guest Operating System (guest OS) and at least one application software executed on the guest OS. The virtual machine 152 is also called a virtual server, for example. As described above, at least one guest OS is realized in each of the physical machines 150 and 250 by the virtualization devices 151 and 251, and at least one application software is realized on the guest OS. Therefore, a plurality of virtual computers can be realized by using computer resources included in each of the physical machines 150 and 250.

  Here, when the physical machine 150 receives an LM instruction for executing live migration from the system management apparatus 400, the virtual machine 152 designated by the LM instruction moves to the physical machine 250 in an operating state. The virtual machine 152 moved to the physical machine 250 continuously operates on the physical machine 250. For example, when the load on the physical machine 150 is higher than the load on the physical machine 250, the virtual machine 152 is moved from the physical machine 150 to the physical machine 250 by live migration, so the load on the physical machine 150 is lower than before the movement. If all the virtual machines 152 move to the physical machine 250, the physical machine 150 can be maintained.

  Next, details of the packet transfer apparatus 270 described above will be described with reference to FIGS. 3 and 4.

FIG. 3 is an example of a block diagram of the packet transfer device 270. FIG. 4A is an example of a management table. FIG. 4B is an example of the conversion table.
As shown in FIG. 3, the packet transfer device 270 includes an information storage unit 271, a packet header conversion unit 272, a first transmission / reception unit 273, and a second transmission / reception unit 274.

  The information storage unit 271 stores a management table as management information. As shown in FIG. 4A, the management table includes a new IP address, an identification port, and an old IP address as components. The management table manages the relationship between the new IP address, the identification port, and the old IP address. The IP address “192.168.0.2” set in the virtual machine 152 is registered in the old IP address. In the new IP address, an IP address “192.168.1.2” scheduled to be set for the virtual machine 152 according to the second base 200 is registered. That is, since the IP address set for the virtual machine 152 is the same before and after the migration by live migration, the virtual machine 152 moved to the second base 200 has the IP address scheduled to be set as the new IP address. be registered. An identification number (for example, a port number) “1024” is registered in the identification port. The identification number may be any of well-known ports (1024 to 49151). Each IP address and identification number registered in the management table is transmitted from the system management apparatus 400. Although details will be described later, the packet header conversion unit 272 determines whether or not to convert the header information of the second packet depending on whether or not the identification number is stored in the header information of the second packet.

  The information storage unit 271 stores a conversion table as conversion information. As shown in FIG. 4B, the conversion table includes a source address, a destination address, a source port, a destination port, an identification port, and an old IP address as components. In each component of the conversion table, various pieces of information are registered when the header information of the input first packet matches a predetermined condition described later. Specifically, the header information of the first packet is registered in the source address, destination address, source port, and destination port. A corresponding identification port and old IP address in the management table are registered in the identification port and old IP address.

  The packet header conversion unit 272 receives the first packet in which the IP address “192.168.1.2” different from the IP address “192.168.0.2” set in the virtual machine 152 is stored in the destination address. When input, the IP address “192.168.1.2” stored in the destination address of the first packet is converted to the IP address “192.168.0.2” based on the management table. Further, the packet header conversion unit 272 converts the identification number of the terminal device 350 stored in the transmission source port of the first packet into the identification number “1024” based on the management table. On the other hand, when a second packet responding to the first packet is input, the packet header conversion unit 272 receives the IP address stored in the transmission source address of the second packet based on the conversion table and the management table. “192.168.0.2” is converted to an IP address “192.168.1.2”. Further, the packet header conversion unit 272 converts the identification number “1024” stored in the destination identifier of the second packet into the identification number of the terminal device 350 based on the conversion table and the management table.

  The first transmission / reception unit 273 receives the second packet sent back from the moved virtual machine 152 and outputs it to the packet header conversion unit 272. The first transmission / reception unit 273 transmits the first packet converted by the packet header conversion unit 272 to the virtual machine 152 side that has moved.

  The second transmission / reception unit 274 receives the first packet output from the OFS 220 and outputs it to the packet header conversion unit 272. In addition, the second transmission / reception unit 274 transmits the second packet converted by the packet header conversion unit 272 to the side opposite to the side of the virtual machine 152 that has moved. That is, the second transmission / reception unit 274 transmits to the OFS 220 side.

  Next, the hardware configuration of the packet transfer apparatus 270 will be described with reference to FIG.

FIG. 5 is a block diagram illustrating an example of a hardware configuration of the packet transfer device 270.
The packet transfer device 270 includes at least a CPU 270A, a random access memory (RAM) 270B, a read only memory (ROM) 270C, and a communication I / F (interface) 270D. These devices 270A to 270D are connected to each other by an internal bus 270E. If necessary, the packet transfer device 270 may include a Hard Disc Drive (HDD) 270F, and an HDD I / F 270G that connects the HDD 270F and the internal bus 270E. At least the CPU 270A and the RAM 270B cooperate to implement a computer.

  The communication I / F 270D includes, for example, a port and a physical layer chip (PHY chip). The packet transfer device 270 is connected to the OFS 220 and the virtual machine 152 via the communication I / F 270D.

  The RAM 270B described above reads a program stored in the ROM 270C or the HDD 270F. When the CPU 270A executes the read program, various operations described later are executed. In addition, what is necessary is just to make a program according to the flowchart mentioned later. Further, the hardware configuration described above may use hardware mounted on the physical machine 250, or may use hardware prepared separately from the hardware mounted on the physical machine 250. Good. Furthermore, the OFCs 110 and 220, the DNS servers 130, 230, and 330, and the system management apparatus 400 also basically have the same hardware configuration as that described above.

  Next, the operation of the packet transfer apparatus 270 will be described with reference to FIG. 6 and FIG. More specifically, the conversion of the first packet will be described.

FIG. 6 is a flowchart showing an example of the operation of the packet transfer apparatus 270. FIG. 7 is a diagram for explaining an example of the operation of the packet transfer apparatus 270.
First, as shown in FIG. 6, the second transmitting / receiving unit 274 receives the first packet output from the OFS 220 (step S101). The second transmission / reception unit 274 outputs the received first packet to the packet header conversion unit 272. As a result, the first packet is input to the packet header converter 272 as shown in FIG. In FIG. 7, the header information of the first packet is shown, and the data portion is omitted.

  Next, the packet header conversion unit 272 searches for a new IP address in the management table based on the input destination address of the first packet (step S102). More specifically, as shown in FIG. 7, based on the IP address “192.168.1.2” stored in the destination address of the first packet, the IP address registered in the new IP address of the management table is changed. Search for.

  Next, the packet header conversion unit 272 determines whether there is a new IP address that matches the destination address (step S103). As shown in FIG. 7, the IP address “192.168.1.2” stored in the destination address of the first packet and the IP address “192.168.1.2” registered in the new IP address of the management table. The packet header conversion unit 272 determines that there is a new IP address that matches the destination address (step S103: YES).

  If the packet header conversion unit 272 determines that there is a new IP address that matches the destination address, then the header information of the first packet, the identification port of the management table, and the old IP address are registered in the conversion table (step S104). ). As a result, as shown in FIG. 7, the IP address “192.168.2.2” stored in the source address of the first packet is stored in the destination port from the source address of the conversion table to the destination port. Up to the identification number “8080” is registered. Further, the identification number “1024” registered in the identification port of the management table and the IP address “192.168.0.2” registered in the old IP address are registered in the identification port and old IP address of the conversion table. The

  Next, the packet header conversion unit 272 converts the destination address of the first packet into the old IP address, and converts the transmission source port of the first packet into the identification port. (Step S105). As a result, as shown in FIG. 7, the IP address “192.168.1.2” stored in the destination address of the first packet is converted into the IP address “192.168.0.2”. Further, the identification number “49152” stored in the transmission source port of the first packet is converted into the identification number “1024”. The packet header conversion unit 272 outputs the converted first packet to the first transmission / reception unit 273.

  Next, the first transmission / reception unit 273 receives the first packet output from the packet header conversion unit 272 and transmits the first packet to the moved virtual machine 152 (step S106). Since the IP address “192.168.0.2” is set in the moved virtual machine 152, the first packet can reach the moved virtual machine 152 by converting the destination address.

  For example, when the IP address “192.168.0.2” is stored in the destination address of the first packet, the IP address “192.168.1.2” registered in the new IP address of the management table is stored. Does not match. For this reason, the packet header conversion unit 272 determines that there is no new IP address that matches the destination address (step S103: NO). In this case, various information is not registered in the conversion table, and the header information of the first packet is not converted. However, since the IP address “192.168.0.2” is stored in the destination address of the first packet, the first packet reaches the virtual machine 152 moved through the first transmission / reception unit 273. it can.

  As described above, the first packet in which the IP address “192.168.0.2” is stored as the destination address is moved through the first base 100 without being converted by the packet header conversion unit 272. 152 is reached. The identification number “49152” of the terminal device 350 is stored in the transmission source port of the first packet. On the other hand, the first packet in which the IP address “192.168.1.2” is stored as the destination address is converted by the packet header conversion unit 272 and moved without passing through the first base 100. 152 is reached. The identification number “1024” of the management table is stored in the transmission source port of the first packet. Therefore, the moved virtual machine 152 confirms the source port even if two first packets whose destination addresses are both IP addresses “192.168.0.2” are input, It can be determined that one packet passes through the first base 100 and the other first packet does not pass through the first base 100.

  Next, another operation of the packet transfer apparatus 270 will be described with reference to FIGS. 8 and 9. More specifically, the conversion of the second packet will be described.

FIG. 8 is a flowchart showing an example of another operation of the packet transfer apparatus 270. FIG. 9 is a diagram for explaining an example of another operation of the packet transfer apparatus 270.
First, as shown in FIG. 8, the first transmission / reception unit 273 receives the second packet output from the moved virtual machine 152 (step S201). The first transmission / reception unit 273 outputs the received second packet to the packet header conversion unit 272. As a result, the second packet is input to the packet header converter 272 as shown in FIG. In FIG. 9, the header information of the second packet is shown, and the data portion is omitted.

  Next, the packet header conversion unit 272 searches for an identification port in the management table based on the input destination port of the second packet (step S202). More specifically, as shown in FIG. 9, the identification number registered in the identification port of the management table is searched based on the identification number “1024” stored in the destination port of the second packet.

  Next, the packet header conversion unit 272 determines whether there is an identification port that matches the destination port (step S203). As shown in FIG. 9, since the identification number “1024” stored in the destination port of the second packet matches the identification number “1024” registered in the identification port of the management table, the packet header conversion unit 272 Then, it is determined that there is an identification port that matches the destination port (step S203: YES).

  Next, the packet header conversion unit 272 searches the old IP address and destination port of the conversion table based on the source address and source port of the second packet (step S204). More specifically, as shown in FIG. 9, based on the IP address “192.168.0.2” stored in the source address of the second packet, the old IP address “192.168.8.0” of the conversion table is used. .2 ". Further, based on the identification number “8080” stored in the transmission source port of the second packet, the identification number “8080” registered in the destination port of the conversion table is searched.

  Next, the packet header conversion unit 272 converts the source address of the second packet into a corresponding destination address, and converts the destination port of the second packet into a corresponding source port. (Step S205). As a result, as shown in FIG. 9, the IP address “192.168.0.2” stored in the transmission source address of the second packet is converted into the IP address “192.168.1.2”. Further, the identification number “1024” stored in the destination port of the second packet is converted into the identification number “49152”. The packet header conversion unit 272 outputs the converted second packet to the second transmission / reception unit 274.

  Next, the second transmission / reception unit 274 receives the second packet output from the packet header conversion unit 272 and transmits it to the OFS 220 (step S206). As shown in FIG. 9, the IP address “192.168.1.2” is stored in the source address of the second packet, and the identification number “49152” is stored in the destination port. Therefore, the terminal device 350 can normally receive the second packet responding to the first packet that has not passed through the first base 100.

  For example, when the identification number “49152” is stored in the destination port of the second packet, it does not match the identification number “1024” registered in the identification port of the management table. For this reason, the packet header conversion unit 272 determines that there is no identification port that matches the destination port (step S203: NO). In this case, the header information of the second packet is not converted. However, the IP address “192.168.0.2” is stored in the source address of the second packet, and the identification number “49152” is stored in the destination port. Therefore, the terminal device 350 can normally receive the second packet that responds to the first packet input to the virtual machine 152 via the first base 100.

  As described above, the moved virtual machine 152 can send back the second packet in response to the first packet with respect to the first packet that has passed through the first base 100. On the other hand, for the first packet converted without going through the first base 100, the second packet responding to the first packet is sent back, and the packet header conversion unit 272 sends the second packet. Convert the header information of and output. Therefore, even if the first packet is input to the virtual machine 152 via a different communication path, the second packet corresponding to any communication path is transferred from the packet transfer apparatus 270. The terminal device 350 can normally receive each second packet.

  Next, the operation of the packet transfer system S will be described with reference to FIGS.

  FIG. 10 is an example of a processing sequence of the packet transfer system S. FIG. 11 to FIG. 16 are diagrams for explaining an example of processing by the packet transfer system S.

  As shown in FIG. 10, before the system management apparatus 400 transmits an LM instruction for executing live migration to the physical machine 150, as shown in FIG. 11, the terminal device 350 is a virtual machine mounted on the physical machine 150. 152 is accessed. Specifically, the terminal device 350 transmits the first packet to the virtual machine 152. The virtual machine 152 that has received the first packet sends back a second packet in response to the first packet to the terminal device 350.

  Here, as shown in FIGS. 10 and 12, when the system management apparatus 400 transmits an LM instruction to the physical machine 150, as shown in FIGS. 10 and 13, the virtual machine 152 is physically transferred from the physical machine 150 by live migration. Move to machine 250. When the live migration is completed, the physical machine 250 transmits a live migration completion notification to the system management apparatus 400 as illustrated in FIGS. 10 and 13.

  Upon receiving the live migration completion notification, the system management apparatus 400 then registers the IP address registered in the new IP address, the identification number registered in the identification port, and the old IP address as shown in FIG. Send IP address. As the identification number, an arbitrary number that is not used in the well-known port is used.

  When the system management apparatus 400 transmits each IP address and identification number registered in the management table, the system management apparatus 400 then transmits to the OFCs 110 and 210 a tunnel instruction for causing the OFS 120 and 220 to set the tunnel 20 as shown in FIGS. To do. As a result, as shown in FIG. 10, the OFCs 110 and 210 cause the OFS 120 and 220 to set the tunnel 20, respectively. Then, as shown in FIG. 15, the tunnel 20 is set between the OFS 120 and the OFS 220.

  Here, as illustrated in FIG. 15, when the first packet is transmitted from the terminal device 350 to the moved virtual machine 152, the domain name of the virtual machine 152 is deleted before being deleted from the DNS server 130. Since the domain name remains in the DNS server 130, the first packet reaches the OFS 120 via the GW 340 and the GW 140. Here, since a tunnel connected to the OFS 220 is set in the OFS 120, the first packet reaches the OFS 220 via the tunnel 20 from the OFS 120. The first packet that has reached the OFS 220 reaches the virtual machine 152 that has moved to the physical machine 250. The virtual machine 152 sends back a second packet in response to the received first packet. The second packet follows the same communication path through which the first packet has passed in reverse order. As a result, the terminal device 350 receives the second packet that has passed through the first base 100.

  On the other hand, when an instruction to delete the domain name of the virtual machine 152 is transmitted from the system management apparatus 400 to the DNS server 130 after the tunnel 20 is set, as shown in FIGS. The domain name of the virtual machine 152 is deleted. When an instruction to register the domain name of the virtual machine 152 with the new IP address corresponding to the second base 200 is transmitted from the system management apparatus 400 to the DNS server 230, the domain name of the virtual machine 152 is sent to the DNS server 230. Is registered with the new IP address. The DNS server 330 reflects the contents of the DNS servers 130 and 230.

  As a result, as shown in FIG. 16, when the first packet is transmitted to the virtual machine 152 moved from the terminal device 350, the domain name of the virtual machine 152 is registered in the DNS server 230. Reaches OFS 220 via GW 340 and GW 240. The first packet that has reached the OFS 220 reaches the virtual machine 152 that has undergone the above-described conversion processing and has moved to the physical machine 250. The virtual machine 152 sends back a second packet in response to the received first packet. The second packet is subjected to the above-described conversion process and traces the same communication path as the communication path through which the first packet passes in reverse order. As a result, the terminal device 350 receives the second packet that does not pass through the first base 100.

  Next, referring to FIG. 17, after the domain name is deleted from the DNS server 130, the domain name is registered in the DNS server 230, and the contents of the DNS servers 130 and 230 are reflected in the DNS server 330 (hereinafter, A description will be given in comparison with the flow before the first packet and the second packet after being reflected (hereinafter referred to as before DNS reflection).

FIG. 17 is a diagram for explaining an example of the flow of the first packet and the second packet before and after the DNS reflection.
First, since the IP address “192.168.0.2” is stored in the destination address of the first packet before the DNS reflection, the first packet transmitted from the terminal device 350 reaches the OFS 120. The first packet that reaches the OFS 120 is transmitted to the OFS 220 via the tunnel 20. The first packet that reaches the OFS 220 is transmitted to the moved virtual machine 152. Here, the first packet passes through the packet transfer device 270 before reaching the virtual machine 152, but the IP address stored in the destination address of the first packet does not exist in the management table, so the header information Is not converted. Therefore, the virtual machine 152 receives the first packet whose header information has not been converted.

  The virtual machine 152 transmits a second packet responding to the first packet to the terminal device 350. Here, the second packet passes through the packet transfer device 270 before reaching the terminal device 350, but the identification number (“49152”) stored in the destination port of the second packet exists in the management table. Therefore, the header information is not converted. Therefore, the OFS 220 receives the second packet whose header information has not been converted. The second packet that reaches the OFS 220 is transmitted to the OFS 120 via the tunnel 20. The second packet that has reached the OFS 120 is transmitted to the terminal device 350. The terminal device 350 receives the second packet.

  Next, after the DNS reflection, since the IP address “192.168.1.2” is stored in the destination address of the first packet, the first packet transmitted from the terminal device 350 does not pass through the OFS 120. The OFS 220 is reached. The first packet that reaches the OFS 220 is transmitted to the moved virtual machine 152. Here, the first packet passes through the packet transfer device 270 before reaching the virtual machine 152, but since the IP address stored in the destination address of the first packet exists in the management table, the header information Conversion is performed. Therefore, the virtual machine 152 receives the first packet in which the header information is converted.

  The virtual machine 152 transmits a second packet responding to the first packet to the terminal device 350. Here, the second packet passes through the packet transfer device 270 before reaching the terminal device 350, but the identification number (“1024”) stored in the destination port of the second packet exists in the management table. Therefore, the header information is converted. Accordingly, the OFS 220 receives the second packet in which the header information is converted. The second packet that has reached the OFS 220 is transmitted to the terminal device 350 without passing through the OFS 120. The terminal device 350 receives the second packet.

  As described above, according to the present embodiment, the moved virtual machine 152 can send back the second packet responding to the first packet with respect to the first packet that has passed through the first base 100. On the other hand, for the first packet converted without going through the first base 100, the second packet responding to the first packet is sent back, and the packet header conversion unit 272 sends the second packet. Convert the header information of and output. Therefore, even if the first packet is input to the virtual machine 152 via a different communication path, the second packet corresponding to any communication path is transferred from the packet transfer apparatus 270. The terminal device 350 can normally receive each second packet.

  For this reason, after DNS is reflected, packets are not input to the virtual machine 152 after the movement via the first base 100 that is the base before the movement of the virtual machine 152, resulting in a communication delay or waste of communication bandwidth. It will never be consumed. Therefore, it is extremely effective when maintaining the physical machine 150 for a long period of time. In addition, according to the present embodiment, not only is the continuity of the communication service used before moving after the virtual machine 152 moved, but also the virtual machine 152 after moving even before the DNS reflection. There is an advantage that the terminal device 350 can use the communication service or the like.

  The preferred embodiments of the present invention have been described in detail above, but the present invention is not limited to the specific embodiments according to the present invention, and various modifications are possible within the scope of the gist of the present invention described in the claims.・ Change is possible. For example, in the above-described embodiment, the OFCs 110 and 210 and the OFS 120 and 220 have been described. However, a Layer 2 (L2) switch may be used instead of the OFCs 110 and 210 and the OFS 120 and 220.

In addition, the following additional notes are disclosed regarding the above description.
(Supplementary Note 1) When a first packet in which a second address different from the first address that is the same before and after movement between bases set in the virtual machine is stored in the destination address is input, The destination of the first packet based on management information for managing the relationship between the address, the second address, and a second identifier different from the first identifier stored in the transmission source identifier of the first packet Converting the second address stored in the address into the first address, converting the first identifier stored in the transmission source identifier of the first packet into the second identifier, When a second packet responding to the first packet is input, based on the conversion information including the header information of the first packet, the second identifier, and the first address, and the management information. Z The first address stored in the source address of the second packet is converted into the second address, and the second identifier stored in the destination identifier of the second packet is converted to the second address. A packet transfer apparatus having conversion means for converting into a first identifier.
(Additional remark 2) The 1st transmission means which transmits the 1st packet converted by the said conversion means to the said virtual machine side, and the 2nd packet converted by the said conversion means on the opposite side to the said virtual machine side The packet transfer apparatus according to appendix 1, further comprising: a second transmission means for transmitting.
(Supplementary Note 3) The first transmission means transmits the first packet to the virtual machine side when the first address is stored in the destination address of the first packet. The packet transfer apparatus according to appendix 2.
(Supplementary Note 4) When the first identifier is stored in the destination identifier of the second packet, the second transmission unit transmits the second packet to the opposite side to the virtual machine side. 4. The packet transfer apparatus according to appendix 2 or 3, characterized by the above.
(Supplementary note 5) The packet transfer device according to any one of supplementary notes 1 to 4, wherein the virtual machine moves between the bases in an operating state.
(Supplementary note 6) The packet transfer according to any one of supplementary notes 1 to 5, which is installed in a first physical machine on which a virtual machine is mounted and a base different from the base on which the first physical machine is installed. Packet transfer comprising: a second physical machine including a device; and a system management device that outputs an instruction to move the virtual machine from the first physical machine to the second physical machine to the first physical machine. system.
(Supplementary note 7) When a first packet in which a second address different from the first address that is the same before and after movement between bases set in the virtual machine is stored in the destination address is input, The destination of the first packet based on management information for managing the relationship between the address, the second address, and a second identifier different from the first identifier stored in the transmission source identifier of the first packet A first address that converts the second address stored in the address into the first address, and converts the first identifier stored in the source identifier of the first packet into the second identifier. Conversion information including the header information of the first packet, the second identifier, and the first address when a second packet responding to the first packet is input. Based on the management information, the first address stored in the source address of the second packet is converted to the second address, and the destination address of the second packet is stored in the destination identifier And a second conversion step of converting a second identifier into the first identifier.
(Supplementary Note 8) A first transmission step of transmitting the first packet converted in the first conversion step to the virtual machine side, and a second packet converted in the second conversion step as the virtual packet The packet transfer method according to appendix 7, further comprising a second transmission step of transmitting to the machine side and the opposite side.
(Supplementary Note 9) In the first transmission step, when the first address is stored in the destination address of the first packet, the first packet is transmitted to the virtual machine side. The packet transfer method according to appendix 8.
(Supplementary Note 10) In the second transmission step, when the first identifier is stored in the destination identifier of the second packet, the second packet is transmitted to the side opposite to the virtual machine side. The packet transfer method according to appendix 8 or 9, characterized by the above.
(Supplementary note 11) The packet transfer method according to any one of supplementary notes 7 to 10, wherein the virtual machine moves between the bases in an operating state.

S packet transfer system 270 packet transfer device 271 information storage unit 272 packet header conversion unit (conversion means)
273 First transmission / reception unit (first transmission means)
274 Second transmitter / receiver (second transmitter)

Claims (7)

When the first packet is input, the destination address of the first packet is connected from the first physical machine connected to the first LAN to the second LAN having a different base from the first LAN. by a second address corresponding to the first address is different from the second LAN that corresponds to the first LAN is the same before and after move that is set to the virtual machine moves to a second physical machine has the When being store management information for managing the relationship between the first address and the first identifier is different from a second identifier stored in the transmission source identifier of the second address and the first packet And converting the second address stored in the destination address of the first packet into the first address and the first identifier stored in the source identifier of the first packet. The second Conversion information including header information of the first packet, the second identifier, and the first address when a second packet that is converted into an identifier and responds to the first packet is input; Based on the management information, the first address stored in the source address of the second packet is converted to the second address, and the destination address of the second packet is stored in the destination identifier A packet transfer apparatus comprising conversion means for converting a second identifier into the first identifier. First transmission means for transmitting the first packet converted by the conversion means to the virtual machine side;
Second transmission means for transmitting the second packet converted by the conversion means to the virtual machine side and the opposite side;
The packet transfer apparatus according to claim 1, comprising: The first transmission means transmits the first packet to the virtual machine when the first address is stored in the destination address of the first packet ;
The second transmission means transmits the second packet to the opposite side to the virtual machine side when the first identifier is stored in the destination identifier of the second packet. The packet transfer device according to claim 2. It said virtual machine, the packet forwarding apparatus according to any one of claims 1, wherein the moving from the first physical machine while operating in the second physical machine 3. When a first packet in which a second address different from the first address that is the same before and after the inter-base movement set in the virtual machine that moves between the bases in the operating state is stored in the destination address is input , Based on management information for managing a relationship between the first identifier, the second address, and a second identifier different from the first identifier stored in the transmission source identifier of the first packet. The second address stored in the destination address of one packet is converted into the first address, and the first identifier stored in the source identifier of the first packet is converted into the second identifier. Conversion information including the header information of the first packet, the second identifier, and the first address when a second packet that is converted to the first packet is input. The first address stored in the source address of the second packet is converted into the second address based on the management information, and the destination address of the second packet is stored in the destination identifier. Conversion means for converting a second identifier into the first identifier;
First transmission means for transmitting the first packet converted by the conversion means to the virtual machine side;
Second transmission means for transmitting the second packet converted by the conversion means to the opposite side to the virtual machine side,
When the third packet in which the first address is stored in the destination address is input, the conversion unit does not convert the destination address and the transmission source identifier of the third packet, and converts the third packet Outputting the packet to the first transmission means;
The first transmission unit transmits the third packet output from the conversion unit to the virtual machine side,
When the fourth packet responding to the third packet is input, the converting means converts the fourth packet into the fourth packet without converting the source address and destination identifier of the fourth packet. Output to the second transmission means,
The second transmission unit transmits the fourth packet output from the conversion unit to the virtual machine side and the opposite side;
A packet transfer apparatus. A first physical machine connected to the first LAN and mounted with a virtual machine;
A second physical machine connected to a second LAN having a different base from the first LAN ;
A system management device that outputs to the first physical machine an instruction to move the virtual machine from the first physical machine to the second physical machine ;
The second physical machine is
When the first packet is input, the destination address of the first packet is different from the first address corresponding to the first LAN that is the same before and after the movement set in the virtual machine. When the second address corresponding to the second LAN is stored, the second address is different from the first identifier stored in the first address, the second address, and the source identifier of the first packet. The second address stored in the destination address of the first packet is converted into the first address based on management information for managing the relationship with the identifier of the first packet, and the transmission source of the first packet When the first identifier stored in the identifier is converted into the second identifier and a second packet responding to the first packet is input, the header information of the first packet and the first packet 2 Based on the conversion information including the identifier and the first address and the management information, the first address stored in the transmission source address of the second packet is converted to the second address, and A packet transfer device that converts the second identifier stored in the destination identifier of the second packet into the first identifier;
A packet transfer system. When the first packet is input, the destination address of the first packet is connected from the first physical machine connected to the first LAN to the second LAN having a different base from the first LAN. by a second address corresponding to the first address is different from the second LAN that corresponds to the first LAN is the same before and after move that is set to the virtual machine moves to a second physical machine has the When being store management information for managing the relationship between the first address and the first identifier is different from a second identifier stored in the transmission source identifier of the second address and the first packet And converting the second address stored in the destination address of the first packet into the first address and the first identifier stored in the source identifier of the first packet. The second A first conversion step of converting the identifier,
When a second packet responding to the first packet is input, conversion information including the header information of the first packet, the second identifier, and the first address, and the management information Based on the second address, the first address stored in the source address of the second packet is converted into the second address, and the second identifier stored in the destination identifier of the second packet is converted to A second conversion step of converting to the first identifier;
A packet transfer method comprising:

Images