JP7294728B1 - NETWORK DEVICE, PROCESSING METHOD, PROGRAM - Google Patents

Abstract

A network device, a processing method, and a program for improving security in transmission or reception of a configuration file of a network device are provided.
The method obtains encrypted certificate information obtained by encrypting the certificate information of the manufacturer who manufactured the network device from an adjacent network device, and certifies the manufacturer obtained by decrypting the encrypted certificate information. compares the certificate information with the certificate information of its own device and determines that the adjacent network device is a reliable neighboring network device if they match, and acquires the configuration file of the network device from the reliable neighboring network device. stored in the storage unit. The method further transmits the configuration file that needs to be transmitted to the trusted neighboring network device that requires transmission if the configuration file for the trusted neighboring network device needs to be transmitted.
[Selection drawing] Fig. 20

Description

The present invention relates to network devices, processing methods, and programs.

When a failure occurs in a device that constitutes the network system (hereafter referred to as "network device"), the failed network device will be replaced with a normal network device for maintenance, and the network environment will be restored to the same as before the maintenance and replacement as quickly as possible. It is necessary to restore to A network device consists of a router, a switch, etc., for example. In particular, rapid and accurate replacement work is required for maintenance replacement in large-scale network systems such as communication carriers and banks. In other words, it is necessary to reduce the man-hours of workers and avoid the risk of erroneous configuration settings during maintenance and replacement of network devices.

Note that "config" means device settings. Also, "configuration information" means information on device settings, and includes "configuration files". "Config file" means the configuration file of the device. And "config name" means the name of the config file. In other words, "config name" means the name of the configuration file of the device.

In recent years, a method is known in which SDN (Software-Defined networking) is introduced and the configuration of network devices can be centrally managed. Here, "SDN" refers to configuration management, setting, and control of a network system by software without changing existing network equipment.

However, this method requires installation of controller servers and client equipment necessary for SDN, which not only increases the cost but also requires a huge amount of man-hours to reconstruct the network. A related technique is disclosed in Patent Document 1.

JP 2017-183969 A

Japanese Unexamined Patent Application Publication No. 2004-100001 discloses a technique for exchanging and storing configuration files containing information used for setting network devices when reconfiguring a network between adjacent network devices. Further, Japanese Patent Laid-Open No. 2002-200002 discloses a technique of using a configuration file stored in one of the network devices when the other network device is replaced.

There is a demand for a technique that can apply the config file to the network device with increased security in setting the config file to the network device as described above.

SUMMARY OF THE INVENTION Accordingly, it is an object of the present invention to provide a network device, a processing method, and a program that solve the above problems.

According to a first aspect of the present invention, a network device includes: obtaining means for obtaining encrypted certificate information obtained by encrypting certificate information of a manufacturer that manufactured the network device from an adjacent network device; determining means for determining that the adjacent network device is a reliable adjacent network device when the manufacturer's certificate information obtained by decrypting the certificate information is compared with the certificate information of the own device, and if they match; a recording means for recording a configuration file of the network device obtained from the reliable neighboring network device in a storage means; and transmission means for transmitting a file to said trusted neighboring network device as required by said transmission.

According to a second aspect of the present invention, a processing method obtains encrypted certificate information obtained by encrypting certificate information of a manufacturer that manufactured the network device from an adjacent network device, is compared with the certificate information of the device itself, and if they match, the adjacent network device is determined to be a reliable adjacent network device; A configuration file of the network device is acquired from the network device and stored in a storage means, and when transmission of the configuration file related to the reliable adjacent network device is required, the configuration file required to be transmitted is stored as the transmission required. Send to the requesting trusted neighbor network device.

According to a third aspect of the present invention, a program causes a computer of a network device to acquire encrypted certificate information obtained by encrypting certificate information of a manufacturer that manufactured the network device from an adjacent network device. and determining that the adjacent network device is a reliable adjacent network device when the manufacturer's certificate information obtained by decrypting the encrypted certificate information is compared with the certificate information of the own device, and if they match. a process of obtaining a configuration file of the network device from the reliable neighboring network device and storing it in a storage means; and sending required configuration files to said trusted neighboring network devices that said sending requires.

According to the present invention, it is possible to improve security in transmission or reception of configuration files of network devices.

1 is a diagram showing the configuration of a network system according to an embodiment of the present disclosure; FIG. FIG. 2 is a first diagram showing a processing overview of a network system according to an embodiment of the present disclosure; FIG. FIG. 4 is a second diagram showing an outline of processing of the network system according to an embodiment of the present disclosure; FIG. 1 illustrates a configuration of a network system according to Example 1; FIG. 4 is a diagram illustrating an example of creating a config name for a network device according to the first embodiment; FIG. FIG. 4 is a diagram showing a certificate hash information frame according to the first embodiment; FIG. FIG. 4 is a first diagram showing an LLDP frame according to Example 1; FIG. 4 is a second diagram showing an LLDP frame according to the first embodiment; FIG. 4 is a diagram showing a configuration request frame according to the first embodiment; FIG. FIG. 10 is a diagram showing a self-device configuration information frame according to the first embodiment; FIG. 10 is a diagram showing a neighboring device configuration information frame according to the first embodiment; FIG. 4 is a diagram showing an LLDP MIB table according to the first embodiment; FIG. FIG. 10 is a first diagram showing a processing flow of the network system according to the first embodiment; FIG. 7 is a second diagram showing the processing flow of the network system according to the first embodiment; FIG. 9 is a third diagram showing the processing flow of the network system according to the first embodiment; FIG. 10 is a diagram illustrating a processing flow of a network system according to the second embodiment; FIG. FIG. 11 is a diagram illustrating the configuration of a network system according to Example 3; FIG. 11 is a diagram illustrating a processing flow of a network system according to Example 3; 1 is a diagram showing the minimum configuration of a network device according to this embodiment; FIG. FIG. 4 is a diagram showing a processing flow by a network device with a minimum configuration according to the present embodiment; It is a figure which shows the hardware constitutions of the network apparatus which concerns on this embodiment.

[Features of the present disclosure]
The network system according to the present disclosure utilizes a protocol that extends the functions of the Link Layer Discovery Protocol (LLDP) specified in the standard IEEE (The Institute of Electrical and Electronics Engineers) 802.1AB. A network system according to the present disclosure exchanges mutual configuration files between neighboring network devices by using extended LLDP for exchanging information of neighboring network devices. In addition, in the network system according to the present disclosure, configuration files of adjacent network devices acquired through exchange are stored in memory. In the network system according to the present disclosure, when a network device is replaced with a new network device for maintenance in the event of a failure or inspection, by using the configuration file held by the adjacent network device, the network device that has been maintenance-replaced is appropriately configured. config file can be applied.

Therefore, in the present disclosure, the maintenance worker does not need man-hours to prepare configuration information before maintenance replacement and to input configuration information during maintenance replacement, and the risk of erroneous configuration file setting can be avoided. Also, in the present disclosure, unlike the SDN environment, there is no need to construct a new controller server, so construction costs can be reduced.

Hereinafter, embodiments of the present disclosure will be described in detail with reference to the drawings.

[Overview of Embodiments of the Invention]
An outline of an embodiment of the present disclosure will be described with reference to FIG.

FIG. 1 is a diagram showing the configuration of a network system according to one embodiment of the present disclosure.
The illustrated network system has a device A100 as a first network device, a device B200 as a second network device, and a device C300 as a third network device.

The network system shown in FIG. 1 shows an example of maintenance replacement of the device C300, which is the third network device, to the device D400, which is the fourth network device.

Each of device A100, device B200, device C300, and device D400 is a network device such as a router or a switch. In the network system shown in FIG. 1, a device A100 as a first network device is connected to a device B200 as a second network device and a device C300 as a third network device via an Ethernet (registered trademark) cable. are configuring.

Port 1 of device A100 is connected to port 1 of device B200 via an Ethernet cable. Port 2 of device A100 is connected to device C300 via an Ethernet cable.

Each of device A100, device B200, device C300, and device D400 has substantially the same configuration. That is, the apparatus A 100 processes a first table 130 for storing adjacent config names of adjacent config files as described below, a first memory 140 for storing config files as described below, and data. and a first processing unit 150 for processing.

Similarly, device B 200 comprises a second table 230 , a second memory 240 and a second processing section 250 . Device C300 comprises a third table 330 , a third memory 340 and a third processing section 350 . Device D 400 comprises a fourth table 430 , a fourth memory 440 and a fourth processing section 450 . Each of device A100, device B200, device C300, and device D400 actually performs substantially similar operations.

Here, each network device of this embodiment confirms the safety of the network device (neighboring device) to be exchanged as a premise of exchanging the configuration files described above. The processing for confirming safety will be described below. In this embodiment, adjacency is defined as, for example, the relationship between network devices that are directly connected by a communication cable, or the relationship between network devices that are assigned the same subnet mask and can communicate with each other. good. Alternatively, the relationship between a device stored as network devices capable of communicating with each other and other network devices may be defined as adjacency.

FIG. 2 is a first diagram showing an outline of processing in the network system.
Device A100, device B200, and device C300 that configure FIG. 2 are network devices such as routers and switches. FIG. 2 is a configuration diagram in which the device A100 is connected to the devices B200 and C300 by Ethernet cables. Device A100, device B200, and device C300 each have a unique chassis ID. Chassis ID is an identifier of the chassis of each network device. Chassis ID can be changed in config. Assume that the chassis ID of the device A100 is "Site-A", the chassis ID of the device B200 is "Site-B", and the chassis ID of the device C300 is "Site-C".

The device A100, device B200, and device C300 are equipped with a security chip TPM (Trusted Platform Module). The security chip TPM is designed to be tamper-resistant, and is designed to physically break if an attempt is made to access it from the outside.

Device A100, device B200, and device C300 perform secure boot to check whether the device has been illegally tampered with at the time of activation, thereby ensuring the safety of the device itself. Each security chip TPM of device A100, device B200, and device C300 holds a vendor certificate and an encryption key. Vendor certificates and encryption keys are generated by the vendor that ships each device. The vendor certificate and encryption key may be certificate and encryption key information uniquely associated with the manufacturer that manufactured each network device. A vendor may be a manufacturer that manufactures device A100, device B200, device C300, and the like. The vendor certificate and encryption key stored in the TPM by the devices A100 and B200 are stored in the first security information (α) corresponding to the first manufacturer, and the vendor certificate and encryption key stored in the TPM by the device C300 are stored in the second security information (α). The second security information (β) corresponds to the manufacturer.

The configuration files of the device A100, device B200, and device C300 are stored in the self-device configuration area in the memory of each device. Each device's configuration file includes a setting to enable LLDP (Link Layer Discovery Protocol). In addition, in the configuration file of each device, the setting for encrypting or decrypting frames used by each device in this embodiment with the encryption key of the security chip TPM and the vendor certificate/configuration of the security chip TPM to ensure security. Contains settings for hashing files with a hashing algorithm.

A configuration file name is generated from the chassis ID and the save date and time. The configuration name “Site-A-20211201151729” of the device A100 is determined by a combination of the chassis ID “Site-A” of the device A100 and the save date and time of the configuration file “December 01, 2021 15:17:29”. The configuration file of the device A 100 is stored in the self-device configuration area of the memory 140 .

Each device transmits a certificate hash information frame to neighboring devices. The certificate hash information frame contains information obtained by hashing the vendor certificate contained in the security chip TPM of each device using a hash algorithm and encrypting it with an encryption key. Device A100 transmits a certificate hash information frame f10 to device B200 and a certificate hash information frame f18 to device C300. The device B200 transmits the certificate hash information frame f11 to the device A100. Device C300 transmits certificate hash information frame f19 to device A100.

A network device that receives a certificate hash information frame decrypts the frame using the encryption key in the security chip TPM mounted on the device itself, and obtains the certificate hash information of the source device. Also, the network device that receives the certificate hash information frame creates certificate hash information by hashing its own vendor certificate with a hash algorithm, and compares it with the received certificate hash information. If the certificate hash information matches, it is determined that the source network device has the same vendor certificate and is a trusted device. Both the device A100 and the device B200 are trusted devices having the same vendor certificate because the vendor certificate and encryption key stored in the TPM are the first security information (α) corresponding to the first manufacturer. judge there is.

When a network device that receives a certificate hash information frame cannot decrypt the certificate hash information included in the received certificate hash information frame, or when the certificate hash information does not match the certificate hash information stored in its own device determines that the source network device is unreliable or unknown and discards the frame. In the device A100, the vendor certificate and encryption key stored in the TPM are the first security information (α) corresponding to the first manufacturer, and in the device C300, the vendor certificate and encryption key stored in the TPM are the second security information (α). is the second security information (β) corresponding to the manufacturer of the Therefore, since each of them holds different security information, it is determined that the source network device is an unreliable or unknown device.

Each network device periodically sends a certificate hash information frame to neighboring network devices to verify the authenticity of the neighboring devices.

Each device supports LLDP and exchanges LLDP information between neighboring devices. Devices whose certificate hash information matches each other transmit an LLDP frame containing information on the chassis ID of the transmission source and the config name stored in the config area for its own device in the memory to the neighboring device. The LLDP frame f14 transmitted by the device A100 includes information of the chassis ID of the device A100 and the config name “Site-A-20151201151729”. The LLDP frame f15 transmitted by the device B200 includes information of the chassis ID of the device B200 and the config name “Site-B-20211105165011”.

A device that receives these LLDP frames acquires information on the chassis ID and configuration name of the neighboring device from the LLDP frame of the neighboring device, and stores it in the LLDP MIB table. The LLDP MIB table 130 of the device A100 stores the chassis ID and configuration name obtained from the LLDP frame f15 of the device B200. In addition, the LLDP MIB table records the port number connected to each device and the validity period of the LLDP information. The validity period of LLDP information is reset each time an LLDP frame is received. When the LLDP information expires, the LLDP information is deleted from the LLDP MIB table. The validity period of LLDP information should be longer than the transmission interval of LLDP frames. In this embodiment, the validity period of LLDP information is set to 10 hours.

Each device compares the configuration name obtained from the LLDP frame of the neighboring device and the configuration name stored in the LLDP MIB table, and if there is a difference, it sends a configuration request frame to the neighboring device that sent the LLDP frame. . A device that receives a configuration request frame transmits a configuration information frame that stores a configuration file stored in its own device configuration area in its memory.

After receiving the LLDP frame f15 of the device B200, the device A100 compares the configuration name of the device B200 stored in the LLDP frame f15 with the configuration name of the device B200 stored in the LLDP MIB table 130 of the device A100. If there is a difference in the comparison result, the device A100 transmits a configuration request frame f12 to the device B200. The device B200, which has received the configuration request frame f12, encrypts the configuration file stored in its own device configuration area of the memory 240 of the device B200 using the encryption key of the security chip TPM, and stores it in the configuration information frame f17. Device B also stores configuration hash information obtained by hashing the data obtained by combining the TPM vendor certificate and the configuration file encrypted using the TPM encryption key using a hash algorithm in the configuration information frame f17 and transmits the configuration hash information to the device A100. do.

A device that receives a configuration information frame from an adjacent device creates information by hashing the encrypted configuration file stored in the configuration information frame with the vendor certificate of the TPM using a hash algorithm. A device that receives a configuration information frame from a neighboring device compares the created hash information with the configuration hash information in the configuration information frame. Get the configuration file of the device. A device that receives a configuration information frame from a neighboring device stores the acquired configuration file in the neighboring device configuration area of the memory. The device A100 receives the configuration information frame f17 from the device B200, and saves the configuration file of the device B200 decrypted using the encryption key in the adjacent device configuration area of the memory.

FIG. 3 is a second diagram showing an outline of processing in the network system.
FIG. 3 shows the operation when the configuration is changed and when the device is replaced for maintenance. The device A100, the device B200, and the device D400 in FIG. 3 are equipped with a security chip TPM, and the same vendor certificate and encryption key are stored in the secure chip TPM. can be maintained.

First, the operation at the time of configuration change will be described using the connection between the device A100 and the device B200. It is assumed that the device A100 and the device B200 hold each other's config files in adjacent device config areas of the memory.

When the config file is changed, the device B 200 changes the config name set in the config file and updates the config file stored in the own device config area of the memory 240 . After updating the config file in its own device config area, the device B200 transmits a certificate hash information frame f39 to the device A100. Device A100 transmits certificate hash information frame f38 to device B200. When the certificate hash information is compared between the devices and the certificate hash information matches, each device determines that the source device has the same vendor certificate and is a trusted device.

The device B200 transmits an LLDP frame f31 containing the changed config name to the adjacent device A100. The device A 100 compares the config name of the device B 200 obtained from the LLDP frame f 31 with the config name of the device B 200 stored in the LLDP MIB table 130 . If there is a difference in the comparison result, the device A100 updates the config name of the device B200 in the LLDP MIB table 130 and resets the validity period. In this embodiment, the validity period is set to 10 hours.

The device A100 deletes the configuration file of the device B200 stored in the adjacent device configuration area of the memory 140, and transmits to the device B200 a configuration request frame f32 storing the changed configuration name of the device B200.

The device B200 receives the configuration request frame f32 and acquires the configuration name stored in the configuration request frame f32. The device B200 acquires the configuration file with the acquired configuration name from the self-device configuration area of the memory 240, encrypts the configuration file using the encryption key of the security chip TPM, and stores the encrypted configuration file in the configuration information frame f33. The device B200 also stores configuration hash information obtained by hashing the data obtained by combining the TPM vendor certificate and the configuration file encrypted using the TPM encryption key using a hash algorithm in the configuration information frame f33, and sends the configuration hash information to the device A100. Send.

The device A100 creates information by hashing the encrypted configuration file stored in the received configuration information frame f33 with the vendor certificate of the TPM using a hash algorithm. The device A100 compares the created hash information with the configuration hash information of the configuration information frame f33, and if they match, decrypts the encrypted configuration file using the TPM encryption key and acquires the configuration file. The device A100 saves the obtained configuration file in the adjacent device configuration area of the memory 140 of the device A100.

Next, the operation during maintenance and replacement of the device will be described using the connection between the device A100 and the device D400.
The device C300 connected to the port 2 of the device A100 is removed from the network system configuration for maintenance replacement. The device A 100 determines that the connection of the port 2 has been disconnected, and sets the validity period of the connection port 2 in the LLDP MIB table 130 to Null.

In the maintenance replacement, the device D400 in the state of shipment from the factory is newly connected to the port 2 of the device A100. The device D 400 in the factory shipment state stores a default configuration file in its own device configuration area of the memory 440 . The default configuration is a setting to enable LLDP, a setting to hash the vendor certificate in the security chip TPM with a hash algorithm, and a setting to encrypt the certificate hash information with the encryption key in the security chip TPM and send it to the neighboring device. , stores the setting to detect falsification of the encrypted frame information received from the adjacent device and decrypt it with the encryption key in the security chip TPM, and the default configuration subtype that shows that the default configuration name is stored in the LLDP frame f34. It contains settings to

The factory-shipped device D400 starts up with a default configuration. Device D 400 that has not exchanged LLDP frames with neighboring devices does not have a configuration file stored in the neighboring device configuration area of memory 440 and does not store LLDP information in LLDP MIB table 430 either.

Device D400 transmits a certificate hash information frame f24 to device A100. The device A100 transmits the certificate hash information frame f23 to the device D400 as the port 2 is linked up. The device A100 and the device D400 compare the certificate hash information on each device, and since the certificate hash information matches, they determine that the source device has the same vendor certificate and is a trusted device. .

Device D400 transmits to adjacent device A100 an LLDP frame f34 containing a default config name and a default config subtype found to contain the default config name.

When the device A 100 receives an LLDP frame that does not store a chassis ID that is not assigned to a connection port in the LLDP MIB table 130 or a default config subtype, it discards the LLDP frame. Device A100 receives LLDP frame f34 from port 2 . Also, the effective period of connection port 2 in the LLDP MIB table 130 is reset. In this embodiment, the validity period is set to 10 hours.

The device A100 determines that the config name obtained from the LLDP frame f34 is the default config from the default config subtype stored in the LLDP frame f34. The device A 100 refers to the config name of the connection port 2 in the LLDP MIB table 130, and converts the config file of the config name referenced from the adjacent device config area of the memory 140 into the config information frame f35 using the encryption key of the secure chip TPM. , and transmitted to the device D400. The configuration information frame f35 stores the Ethertype for the configuration for the adjacent device so that it can be determined as the configuration file for the adjacent device.

The device D400 refers to the Ethertype of the received config information frame f35, and determines that the config file stored in the config information frame f35 is the configuration for the neighboring device. Further, the device D400 saves the configuration file obtained by encoding with the encryption key from the configuration information frame f35 in the own device configuration area of the memory 440. FIG. The device D400 applies the self-device config file to the device D400 by automatically restarting after saving the config file in the self-device config area. The chassis ID of device D400 is updated by applying the configuration file.

Device A100 transmits LLDP frame f36 containing the chassis ID and configuration name of device A100 to device D400. Device D400 receives LLDP frame f36 and acquires the chassis ID and configuration name of device A100 from LLDP frame f36. Device D 400 saves the acquired information of device A 100 and the connection port number in LLDP MIB table 430 .

The device D400 transmits to the device A100 a configuration request frame f37 containing the configuration name of the device A100 obtained from the LLDP frame f36. The device A100 receives the configuration request frame f37, encrypts the configuration file of the device A100 stored in the self-device configuration area of the memory 140 using the encryption key of the secure chip TPM, and stores it in the configuration information frame f40. . The device A100 also stores configuration hash information obtained by hashing data obtained by combining the TPM vendor certificate and the configuration file encrypted using the TPM encryption key using a hash algorithm in the configuration information frame f40, and sends the configuration hash information to the device D400. Send.

The device D400 creates information by hashing the encrypted configuration file stored in the configuration information frame f40 with the vendor certificate of the TPM using a hash algorithm. The device D400 compares the generated hash information with the configuration hash information of the configuration information frame, and if they match, decrypts the encrypted configuration file using the TPM encryption key and acquires the configuration file of the device A100. The acquired config file of device A100 is stored in the adjacent device config area of memory 440 of device D400.

<Example 1>
FIG. 4 is a diagram illustrating the configuration of a network system according to the first embodiment;
Next, Example 1 will be described with reference to the drawings. In the first embodiment, the device B200, which is the second network device, is connected to the port 1 of the device A100, which is the first network device, with an Ethernet cable, and the port 2 of the device A100 is maintained and replaced in the state of shipment from the factory. This is an embodiment in which the device C300, which is the third network device, is connected with an Ethernet cable.

A configuration of the network system according to the first embodiment will be described with reference to FIG.
The device A100, device B200, and device C300 have a data processing unit 42 that processes frames transmitted and received from ports, an LLDP frame processing unit 43 that generates and expands LLDP frames, and an LLDP MIB table 44 that stores LLDP information obtained from LLDP frames. , a config storage unit 45 of the memory 140 for storing the config file for the own device and the config file for the adjacent device, and a security chip TPM 86 for storing the vendor certificate and the encryption key.

In the first embodiment, the security information consisting of the vendor certificate and the encryption key stored in the TPM 86 of the device C and the security information consisting of the vendor certificate and the encryption key stored in the TPM 86 of the device A are the same. The description will proceed assuming that the security information is the same issued to the manufacturer and that the security information is different issued to different manufacturers.

The LLDP frame processing unit 43 of the device A100 and the LLDP frame processing unit 43 of the device B200 generate the LLDP frame f54 and periodically transmit it to adjacent devices. When each network device changes its own configuration file, it notifies the adjacent device of the new configuration name by LLDP frame f54. The network device that received the LLDP frame f54 containing the new configuration name transmits a configuration request frame f55 to the network device that sent the LLDP frame f54, requesting the network device that changed the configuration file to send the configuration file. .

The network device that receives the configuration request frame f55 encrypts the self-device config file saved in the self-device config area of the memory using the encryption key of the TPM 86 and stores it in the configuration information frame f56. The network device that received the configuration request frame f55 also generates configuration hash information obtained by hashing the data obtained by combining the vendor certificate of the TPM 86 and the configuration file encrypted using the encryption key of the TPM 86 using a hash algorithm. , and transmits it to the device that transmitted the configuration request frame f55.

The device C300 in the factory shipment state in which no specific configuration is set stores a default configuration file in its own device configuration area of the configuration storage unit 45 . The default configuration is a setting to enable LLDP, a setting to hash the vendor certificate in the security chip TPM86 with a hash algorithm, and a setting to encrypt the certificate hash information with the encryption key in the security chip TPM86 and send it to the neighboring device. , a setting to detect falsification of encrypted frame information received from a neighboring device and decrypt it with the encryption key in the security chip TPM86, and a setting to add a default config subtype to the LLDP frame f57. Device C300 transmits a default configuration name storage LLDP frame f57 to device A100.

The device A100 that has received the default config name storing LLDP frame f57 refers to the config name assigned to the port that received the LLDP frame f57 in the LLDP MIB table 44 . Also, the device A 100 extracts the config file with the config name obtained by reference from the adjacent device config area of the config storage unit 45, encrypts the config file using the encryption key of the TPM 86, and converts the config file to the adjacent device config information. Store in frame 58 . The device A 100 also stores first configuration hash information obtained by hashing data obtained by combining the vendor certificate of the TPM 86 and the configuration file encrypted using the encryption key of the TPM 86 using a hash algorithm, in the adjacent device configuration information frame 58 . and transmit it to the device C300.

The device C300 creates second configuration hash information by hashing the encrypted configuration file stored in the received adjacent device configuration information frame f58 with the vendor certificate of the TPM 86 of its own device using a hash algorithm. . The device C300 compares the created second configuration hash information with the first configuration hash information included in the configuration information frame, and if they match, uses the encryption key of the TPM 86 to transmit the adjacent device configuration information frame 58. Decrypt the included encrypted config file to obtain the config file for device C300. The device C300 saves the acquired configuration file in the self-device configuration area of the configuration storage unit 45 of the device C300. After saving the config file in its own device config area, the device C300 automatically restarts and applies the own device config file to the device C300. The device C300 compares the created second configuration hash information with the first configuration hash information included in the configuration information frame, and if they do not match, acquires the configuration file included in the adjacent device configuration information frame 58 or , stop the process of saving to the self-device config area of the self-device.

The certificate hash information frame f85 contains the certificate hash information encrypted using the encryption key stored in the TPM86. The certificate hash information is information obtained by hashing the vendor certificate stored in the TPM 86 using a hash algorithm. Each network device periodically transmits a certificate hash information frame f85 to neighboring devices.

FIG. 5 is a diagram showing an example of creating a config name for a network device.
The configuration name to be saved in the self-device configuration area of the memory is generated from the chassis ID 59 and the configuration file creation date and time 60 . For example, if the chassis ID 59 is "Site-A" and the configuration file creation date and time 60 is "December 01, 2015, 15:17:29", the configuration name is "Site-A-20151201151729".

FIG. 6 shows a certificate hash information frame.
The certificate hash information frame is used when securing the safety of neighboring devices. Destination MAC address 88 specifies the MAC address of the interface of the neighboring device. The source MAC address 89 designates the MAC address of the interface of the device itself. Ethertype 90 specifies the Ethertype for the certificate hash information frame. The certificate hash information 911 stores hash information of the vendor certificate encrypted using the encryption key of the security chip TPM.

FIG. 7 is a first diagram showing an LLDP frame.
FIG. 8 is a second diagram showing an LLDP frame.
There are two types of LLDP frames used in this embodiment: a self-device configuration name storage LLDP frame (FIG. 7) and a default configuration name storage LLDP frame (FIG. 8). The destination MAC address 61 designates the multicast MAC address [01-80-C2-00-00-0E] of the LLDP frame defined by IEEE802.1AB. Source MAC address 62 specifies the MAC address of the interface that sends the LLDP frame. Ethertype 63 specifies LLDP Ethertype [88-CC].

Each network device uses the self-device config name storage LLDP frame when the config file is already stored in the self-device config area of the memory. The self-device configuration name storage LLDP frame stores the chassis ID 65 and the configuration name 66 of the self-device configuration file in the LLDP PDU 64 . Each network device uses the default config name storage LLDP frame when it stores the default config in its own device config area in its memory. The default config name storage frame stores a default config subtype 67 and a default config name 68 that certify that the LLDP PDU 64 is the default config.

FIG. 9 is a diagram showing a configuration request frame.
A configuration request frame is used when requesting a configuration from a neighboring device. In the configuration request frame, the destination MAC address 69 designates the MAC address of the interface of the neighboring device. The source MAC address 70 designates the MAC address of the interface of its own device. Ethertype 71 specifies the Ethertype for the configuration request frame. The config name 72 designates the config name of the neighboring device obtained from the LLDP frame.

FIG. 10 is a diagram showing a self-device configuration information frame.
FIG. 11 is a diagram showing a neighboring device configuration information frame.
There are two configuration information frames: a self-device configuration information frame (FIG. 10) for transmitting a self-device configuration file to a neighboring device and a neighboring device configuration information frame (FIG. 11) for sending a neighboring device configuration file to a neighboring device. There are types.

In each configuration information frame, the destination MAC address 73 designates the MAC address of the interface of the neighboring device. The source MAC address 74 designates the MAC address of the interface of the own device.

In the self-device configuration information frame, Ethertype 75 designates the Ethertype for the self-device configuration information frame. The self-device config file 76 stores information obtained by encrypting the config file recorded in the self-device config area of the memory with the encryption key of the TPM. The configuration hash information 103 stores information obtained by hashing data obtained by combining a TPM vendor certificate and a configuration file encrypted using a TPM encryption key using a hash algorithm.

In the neighboring-device configuration information frame, the neighboring-device configuration information frame Ethertype 77 designates the Ethertype for the neighboring-device configuration information frame. The adjacent device configuration information 78 stores information obtained by encrypting the configuration file recorded in the adjacent device configuration area of the memory with the encryption key of the TPM.

FIG. 12 shows the LLDP MIB table.
In the LLDP MIB table, chassis ID 79 is the chassis ID of the neighboring device obtained from the LLDP frame. The connection port 80 is the port number of the own device to which the neighboring device connects. The config name 81 is the config name of the neighboring device obtained from the LLDP frame. Validity period 82 is the period during which LLDP information is held in the LLDP MIB table.

FIG. 13 is a first diagram illustrating the processing flow of the network system according to the first embodiment;
FIG. 14 is a second diagram illustrating the processing flow of the network system according to the first embodiment;
FIG. 15 is a third diagram illustrating the processing flow of the network system according to the first embodiment;
Next, the operation of the first embodiment will be described with reference to the flow charts of FIGS. 13, 14 and 15. FIG. First, referring to FIG. 13, the operation of inter-device authentication will be described. In FIG. 13, the right side shows the operation of the device B200, and the left side shows the operation of the device A100.

When the device A100 performs inter-device authentication with an adjacent device, the data processing unit 42 of the device A100 hashes the vendor certificate stored in the TPM 86 of the device A100 using a hash algorithm, and obtains a first certificate hash. Information is created (step S501).

The data processing unit 42 of the device A100 uses the encryption key stored in the TPM 86 of the device A100 to encrypt the first certificate hash information and generate a certificate hash information frame f85 (step S502). The data processing unit 42 transmits the certificate hash information frame f85 to the device B200, which is an adjacent device (step S503). The device B200 receives the certificate hash information frame f85 from the device A100 (step S504).

The data processing unit 42 of the device B200 uses the encryption key stored in the TPM 86 of the device B200 to decrypt the received certificate hash information frame f85 and acquires the first certificate hash information of the device A100 ( step S505). The data processing unit 42 of the device B200 hashes the vendor certificate stored in the TPM 86 of the device B200 using a hash algorithm to create second certificate hash information of the device B200 (step S506). The data processing unit 42 of the device B200 compares the first certificate hash information of the device A100 and the second certificate hash information of the device B200 (step S507). The data processing unit 42 of the device B200 determines whether the first certificate hash information and the second certificate hash information match (step S508).

If the first certificate hash information and the second certificate hash information match, the data processing unit 42 of the device B200 determines that the device A100 possesses the same vendor certificate and encryption key as the device B200, and is trusted. It is determined that the device is capable of processing (step S509). The data processing unit 42 of the device B200 starts the configuration exchange process using the LLDP frame (step S510).

If the certificate hash information does not match, the data processing unit 42 of the device B200 determines that the device A100 possesses a different vendor certificate and encryption key from those of the device B200 and is an unreliable device (step S511). In this case, the data processing unit 42 of the device B200 does not start the config exchange process using the LLDP frame (step S512).

In the inter-device authentication process described above, a network device acquires encrypted certificate information obtained by encrypting the certificate information (information related to a vendor certificate) of the manufacturer that manufactured the network device from an adjacent network device. A processing mode for comparing the manufacturer's certificate information obtained by decrypting the encrypted certificate information with the certificate information of the own device and judging that the adjacent network device is a reliable neighboring network device when they match. It is a mode.
Further, in the inter-device authentication process described above, the configuration file of the network device is acquired from the reliable adjacent network device and stored in the storage unit. This is one aspect of the process of transmitting a configuration file that needs to be transmitted to a trusted neighboring network device that requires transmission.

The operation at the time of configuration change will be described with reference to FIG. In FIG. 14, the right side shows the operation of the device B200, and the left side shows the operation of the device A100.

In addition, in the operation at the time of configuration change, each network device must have already confirmed that the certificate hash information of its own device matches the certificate hash information of the adjacent device. Assume that the data processing unit 42 of the device B200 changes the configuration file (step S601). In this case, the data processing unit 42 of the device B 200 saves the config file after changing the config name consisting of the chassis ID and the config save date and time in the own device config area of the memory 49 (step S602). The data processing unit 42 of the device B200 creates an LLDP frame in which the configuration name changed by the LLDP frame processing unit 43 is stored in the LLDP PDU (Protocol Data Unit) 64 (step S603). Device B200 transmits the LLDP frame to device A100, which is a neighboring device (step S604).

The device A100 receives the LLDP frame (step S605). The LLDP frame processing unit 43 of the device A100 expands the received LLDP frame and acquires the configuration name (step S606). The data processing unit 42 of the device A100 confirms the acquired config name and the config name stored in the LLDP MIB table 44 (step S607). The data processing unit 42 of the device A100 determines whether the config names are different (step S608). If the configuration names match, the data processing unit 42 of the device A100 completes the configuration change processing.

If the config name is different, the data processing unit 42 of the device A100 can determine that the config file has been changed, so it updates the config name stored in the LLDP MIB table 44 to the acquired config name (step S609). The data processing unit 42 of the device A100 creates a configuration request frame storing the acquired configuration name (step S610). The data processing unit 42 of the device A100 transmits the configuration request frame to the device B200, which is the transmission source of the LLDP frame (step S611).

When the data processing unit 42 of the device B 200 receives the config request frame, it uses the config name included in the config request frame to acquire the config file stored in the self-device config area of the memory 49, and retrieves the config file. is encrypted using the TPM encryption key and stored in the self-device configuration information frame (step S612). The data processing unit 42 of the device B 200 uses a hash algorithm to hash the data obtained by combining the vendor certificate of the TPM 86 and the configuration file encrypted using the encryption key of the TPM 86, and converts the first configuration hash information into the configuration information for its own device. Store in the frame (step S613). The data processing unit 42 of the device B200 transmits the self-device configuration information frame to the device A100 that transmitted the configuration request frame (step S614).

When the device A100 receives the configuration information frame for its own device, the data processing unit 42 of the device A100 hashes the encrypted configuration file stored in the configuration information frame using the vendor certificate of the TPM 86 and the hash algorithm. A second configuration hash information is created (step S615). The data processing unit 42 of the device A100 compares the created second configuration hash information with the first configuration hash information included in the configuration information frame (step S616).

The data processing unit 42 of the device A100 determines whether the first configuration hash information and the second configuration hash information match (step S617). If the first configuration hash information and the second configuration hash information match, the data processing unit 42 of the device A100 decrypts the encrypted configuration file using the encryption key of the TPM 86, and converts the configuration file of the device B200. A file is acquired (step S618). The data processing unit 42 of the device A100 waits when the first configuration hash information and the second configuration hash information do not match, and performs the processing from step S610 when the processing of step S609 is performed. .

The data processing unit 42 of the device A100 stores the obtained configuration file of the device B200 in the adjacent device configuration area of the configuration storage unit 45 (step S619). The data processing unit 42 of the device A100 saves the obtained configuration file of the device B200 in the adjacent device configuration area of the configuration storage unit 45, and then completes configuration change processing.

In the processing described with reference to FIG. 14, when the configuration file of a reliable adjacent network device is changed, the network device determines that transmission of the configuration file related to the reliable adjacent network device is necessary, and Sending a transmission request (configuration request frame) for the configuration file of the network device to the adjacent network device, and storing the configuration file received from the adjacent network device in response to transmission of the transmission request as a new configuration file in the storage unit. This is one aspect of the processing to be performed.

Next, the effects of the first embodiment will be described. The first embodiment has the effect of reducing man-hours associated with preparation of configuration information before maintenance replacement by maintenance workers and input of configuration information during maintenance replacement. The reason for this is that, in the network system according to the first embodiment, the process of automatically acquiring the configuration file from the adjacent network device during maintenance replacement works, which reduces the number of man-hours involved in preparing and inputting configuration information for maintenance workers. Because you can.

The first embodiment also has the effect of avoiding the risk of a worker entering an incorrect configuration file into a network device during maintenance and replacement. The reason for this is that the memory of the network device according to the first embodiment stores the adjacent configuration file of the adjacent network device before maintenance replacement. This is because the file can be acquired.

In addition, in the first embodiment, each network device performs authentication between neighboring devices in advance, and furthermore, only when the authentication between neighboring devices is successful when changing the configuration file, the changed neighboring device config file is accepted and recorded in its own device. As a result, it is possible to safely accept the configuration file of the adjacent device and record it in its own device.

Next, with reference to FIG. 15, the operation of automatically applying the configuration file at the time of maintenance replacement will be described. In FIG. 15, the right side shows the operation of the device D400, and the left side shows the operation of the device A100.

In addition, in the operation of automatically applying the configuration file during maintenance replacement, each network device must have already confirmed that the certificate hash information of its own device matches the certificate hash information of the neighboring device. is. Then, when the device D400 is newly connected to the device A100 due to maintenance replacement, the data processing unit 42 of the device D400 starts processing in maintenance replacement (step S701).

The device D400, which has been newly connected to the device A100 for maintenance replacement, retains the default configuration file in its own device configuration area of the configuration storage unit 45 of its own device (step S702). The LLDP frame processing unit 43 of the device D400 creates an LLDP frame f57 in which the default config subtype and default config name are stored in the LLDP PDU64 (step S703). The data processing unit 42 of the device D400 transmits the LLDP frame f57 to the device A100, which is an adjacent device (step S704).

The device A100 receives the LLDP frame f57 (step S705). The LLDP frame processing unit 43 of the device A100 expands the received LLDP frame f57 (step S706). The data processing unit 42 of the device A100 determines whether the default configuration subtype exists in the LLDP frame f57 (step S707). The data processing unit 42 of the device A100 discards the LLDP frame f57 when the default configuration subtype information does not exist in the LLDP frame f57 (step S708).

If the LLDP frame f57 contains default configuration subtype information, the data processing unit 42 of the device A100 determines that the neighboring device D400 is a device that holds the default configuration based on the default configuration subtype. (step S709). The data processing unit 42 of the device A100 refers to the configuration name assigned to the port that received the LLDP frame f57 from the LLDP MIB table 44 (step S710).

The data processing unit 42 of the device A100 acquires the configuration file with the referenced configuration name from the adjacent device configuration area of the configuration storage unit 45 (step S711). The data processing unit 42 of the device A100 encrypts the obtained configuration file using the encryption key of the TPM 86 and stores it in the adjacent device configuration information frame f58 (step S712). The data processing unit 42 of the device A 100 combines the vendor certificate of the TPM 86 with the configuration file encrypted using the encryption key of the TPM 86, and converts the first configuration hash information hashed by a hash algorithm into configuration information for adjacent devices. Store in frame f58 (step S713). The data processing unit 42 of the device A100 transmits the adjacent device configuration information frame f58 to the device D400 that is the transmission source of the LLDP frame f57 (step S714).

When the device D400 receives the neighboring device configuration information frame f58, the data processing unit 42 of the device D400 treats the encrypted configuration file stored in the neighboring device configuration information frame f58 as the vendor certificate of the TPM 86 of its own device. The second configuration hash information hashed by the hash algorithm is created by crossing them (step S715). The data processing unit 42 of the device D400 compares the created second configuration hash information with the first configuration hash information included in the neighboring device configuration information frame f58 (step S716).

The data processing unit 42 of the device D400 determines whether the first configuration hash information and the second configuration hash information match (step S717). If the first configuration hash information and the second configuration hash information do not match, the data processing unit 42 of the device D400 waits, and if the processing of step S702 is performed next, the processing from step S703 is performed. to start.

If the first configuration hash information and the second configuration hash information match, the data processing unit 42 of the device D400 decrypts the encrypted configuration file using the encryption key of the TPM 86 to acquire the configuration file ( step S718). The data processing unit 42 of the device D400 saves the acquired configuration file in the self-device configuration area of the configuration storage unit 45 (step S719). The data processing unit 42 of the device D400 automatically restarts, applies the configuration saved in the self-device configuration area of the configuration storage unit 45, and updates the chassis ID (step S720). As a result, the data processing unit 42 of the device D400 completes the automatic configuration application at the time of maintenance replacement (step S721).

In the processing described above with reference to FIG. 15, the network device determines that it is necessary to transmit the configuration file related to the reliable adjacent network device when the reliable adjacent network device is replaced for maintenance. This is one mode of processing for transmitting to the network device the configuration file of a reliable neighboring network device that requires transmission of the configuration file out of the stored configuration files.

<Example 2>
FIG. 16 is a diagram illustrating a processing flow of the network system according to the second embodiment;
Next, Example 2 will be described with reference to the drawings. The second embodiment is another example of the inter-device authentication operation described with reference to FIG. In the second embodiment, the processing from step S501 to step S511 is the same as the processing from step S501 to step S511 in the first embodiment. Then, in step S511 of the second embodiment, if the certificate hash information does not match, the data processing unit 42 of the device B200 determines that the device A100 possesses a different vendor certificate and encryption key from the device B200, If the device A100 is determined to be an unreliable device, it shuts down the port that communicates with the device A100, which is an adjacent device (step S801). Then, the data processing unit 42 of the device B200 does not start the config exchange process using the LLDP frame (step S802).

In the processing of the second embodiment, the network device hashes the data generated by the network device using the certificate information of the manufacturer of the adjacent network device and the encrypted configuration file, using a hash algorithm. , second hash information obtained by hashing data generated using the encrypted configuration file of another adjacent network device, the certificate information of the manufacturer that manufactured the own device, and the encrypted configuration file using a hash algorithm; This is one aspect of processing for stopping communication using a communication port connected to an adjacent network device that has transmitted a configuration information frame when the values do not match.

<Example 3>
FIG. 17 is a diagram illustrating the configuration of a network system according to the third embodiment;
FIG. 18 is a diagram illustrating a processing flow of the network system according to the third embodiment;
Next, a third embodiment will be described with reference to the drawings. In the third embodiment, the device A100 backs up and saves the past configuration file of the device B200, which is a neighboring device, in the neighboring device configuration area of the configuration storage unit 93, and when the device B200 requests the past configuration file, In this embodiment, a past configuration file is selected from the adjacent device configuration area and transmitted to the device B200. Embodiment 3 illustrated in FIG. 17 will be described using the operations of the device A100 and the device B200.

The data processing unit 92 of the device A100 saves a plurality of past configuration files for the device B200 in the adjacent device configuration area of the configuration storage unit 93 without deleting them. When the device B200 restores the current configuration file to the past configuration file, the device B200 creates a specified configuration request frame f101 storing the configuration file name of the configuration file to be restored to the device A100, which is a neighboring device ( step S901). The data processing unit 97 of the device B200 transmits the created specified configuration request frame f101 to the device A100 (step S902). Note that the creation of the configuration request frame f101 specified by the device B200 in this embodiment may be created when the worker requests the device B200 to transmit the configuration request frame f101 using a command or the like.

In this embodiment, for example, the device A100 stores, in the adjacent device configuration area 93, a first configuration file indicating the configuration file of the device B200 currently in operation, a second configuration file indicating the configuration file used by the device B200 in the past, Assume that you have a third config file.

The data processing unit 92 of the device A100 receives the specified configuration request frame f101 and acquires the configuration file name requested by the device B200 (step S903). The data processing unit 92 of the device A100 refers to the config file name requested by the device B200, saves it in the config area for adjacent devices of the config storage unit 93, and acquires the config file specified by the config file name. The data processing unit 92 of the device A100 encrypts the configuration file using the encryption key of the security chip TPM94 and stores it in the configuration information frame f102 (step S904).

Also, the data processing unit 92 of the device A100 stores configuration hash information obtained by hashing data obtained by combining the vendor certificate of the TPM 94 and the configuration file encrypted using the encryption key of the TPM 94 using a hash algorithm, in the configuration information frame f102. (Step S905). The data processing unit 92 of the device A100 transmits the configuration information frame f102 to the device B200 (step S906).

The device B200 receives the configuration information frame f102. The data processing unit 97 of the device B200 creates first configuration hash information by hashing the encrypted configuration file stored in the received configuration information frame f102 with the vendor certificate of the TPM 99 using a cross-hash algorithm ( step S907). The data processing unit 97 of the device B200 compares the created first configuration hash information with the second configuration hash information obtained from the configuration information frame (step S908).

The data processing unit 97 of the device B200 determines whether the first configuration hash information and the second configuration hash information match (step S909). When the first configuration hash information and the second configuration hash information match, the data processing unit 97 of the device B200 converts the encrypted configuration file stored in the configuration information frame f102 into the encryption key of the TPM99. Use to decrypt and acquire the configuration file (step S910). The data processing unit 97 of the device B 200 saves the acquired configuration file in the self-device configuration area of the configuration storage unit 98 (step S911). Note that the data processing unit 97 of the device B200 waits when the first configuration hash information and the second configuration hash information do not match, and the operator transmits a configuration request frame f101 to the device B200 using a command or the like. is requested, the processing from step S901 is performed again.

The data processing unit 97 of the device B200 applies the self-device config file to the device B200 by automatically restarting after saving the self-device config file in the self-device config area (step S912). As a result, the config file used by the device B200 returns to the requested past config file. Since the self-device config file is changed, the data processing unit 97 of the device B200 transmits the self-device config name storing LLDP frame to the device A100, which is an adjacent device. Also, device A 100 updates the information in LLDP MIB table 90 .

Through such processing, the network device can back up the configuration file of the neighboring device, and return the configuration file used by the neighboring device to the requested past configuration at the request of the neighboring device.

In the process of the third embodiment, when a network device receives a past configuration file transmission request from a reliable adjacent network device, it determines that transmission of the configuration file related to the reliable adjacent network device is necessary, and sends the transmission request. This is one aspect of processing for transmitting a configuration file stored in a storage unit related to a network device that has transmitted a .

The background of the present disclosure is to reduce the number of man-hours required by workers during maintenance and replacement, to avoid the risk of incorrect settings, and to avoid the risk of connecting an unauthorized device whose safety is not guaranteed to the network. In particular, rapid and accurate replacement work is required for maintenance replacement in large-scale networks such as communication carriers and banks. In recent years, there is a method of introducing SDN and centrally managing configuration files. In addition, there are security issues such as information leaks and cyberattacks caused by connecting unauthorized devices to the network. Cost and man-hours are required.

According to the processing of each of the above-described embodiments, the network device can reduce the number of man-hours required by the maintenance worker for configuration preparation before maintenance replacement and configuration input during maintenance replacement.
Further, according to the processing of each of the above-described embodiments, the process of automatically acquiring the configuration file from the adjacent device during maintenance replacement works for the network device, so the number of man-hours involved in configuration preparation and configuration input by the maintenance worker can be reduced. .
In addition, according to the processing of each of the above-described embodiments, the network device automatically acquires the configuration file only between devices with the same shipping vendor whose security is guaranteed. If connected, the process of automatically acquiring the configuration file will not work, eliminating the risk of connecting to the network and committing fraud.
Further, according to the processing of each of the above-described embodiments, the network device can avoid the risk of a worker inputting an incorrect configuration to the device during maintenance and replacement.
Further, according to the processing of each of the above-described embodiments, the network device saves the configuration file of the neighboring device before maintenance replacement in the memory. At the time of maintenance replacement, the network device can acquire an appropriate pre-maintenance-replacement configuration file from an adjacent device.

In the related technology, when a failure occurs in a device that constitutes a network, it is necessary to replace it with a normal device for maintenance and quickly restore the same network environment as before the maintenance replacement. Such techniques have the following problems.

Problem 1: Maintenance workers manage configurations for maintenance of all devices, and it takes time and effort to prepare configurations for maintenance and replacement.
Problem 2: The maintenance worker needs to manually input the prepared configuration to the maintenance-replaced device from the maintenance worker's console PC.
Problem 3: There is a risk that a maintenance worker will input an incorrect configuration and cause a network failure when inputting the configuration to the device. In addition, extra man-hours are required to recover from the network failure.
Problem 4: In order to use a Software Defined Network (SDN) that automatically changes the device configuration, a controller server that manages the SDN and a device that supports SDN are required, which incurs costs for network reconstruction.
Problem 5: At the time of maintenance or replacement of equipment other than maintenance, there is a risk that the equipment will be replaced with one whose safety is not guaranteed. Equipment not shipped by an authorized vendor to your network may expose you to significant risks, such as network outages and equipment failure.
Problem 6: There is a risk of interception during transmission of configuration information. A mechanism that prevents configuration from being intercepted is required.

According to each process of the network device described above, such a problem can be solved. In other words, according to the present disclosure, by extending LLDP of the standard IEEE802.1AB and using it, the configuration file of the network device is stored in the memory of the neighboring device, and when the configuration of the device becomes necessary due to maintenance replacement, In addition, it is possible to automatically acquire the pre-exchange configuration file from the adjacent device. Therefore, the maintenance worker does not need man-hours to prepare the config before maintenance/replacement of issue 1 and to input the config at the time of maintenance/replacement of issue 2, and the risk of erroneous setting of issue 3 can be avoided. In addition, since there is no need to construct a new controller server as in the SDN environment of issue 4, construction costs can be reduced.

Furthermore, according to the present disclosure, a secure chip TPM is installed in a network device, and a vendor who ships the network device writes a vendor certificate and an encryption key in the secure chip TPM, thereby ensuring the safety of the device itself, By transmitting a certificate hash information frame using a vendor certificate and an encryption key to a neighboring device and comparing the certificate hash information, it is possible to ensure the security of the neighboring device. Also, the config file can avoid the risk of being intercepted during transmission by using the encryption key of the secure chip TPM. Therefore, the maintenance worker can avoid the risk of rewriting the configuration file to a device that does not guarantee the safety of issue 5. Also, since the configuration file is encrypted using the encryption key of the security chip TPM, interception of the configuration file of problem 6 can be avoided.

FIG. 19 is a diagram showing the minimum configuration of a network device.
FIG. 20 is a diagram showing a processing flow by a network device with a minimum configuration.
The processing units 150, 250, 350, and 450 of the device A100, the device B200, the device C300, and the device D400, which are network devices, each include at least an acquisition unit 201 (acquisition means) and a determination unit 202 (determination unit). means), a recording unit 203 (recording means), and a transmitting unit 204 (transmitting means).
The acquiring unit 201 acquires encrypted certificate information obtained by encrypting the certificate information of the manufacturer of the network device from the adjacent network device (step S2001).
The determination unit 202 compares the manufacturer's certificate information obtained by decrypting the encrypted certificate information with the certificate information of the device itself, and determines the adjacent network device as a reliable adjacent network device when they match. It judges (step S2002).
The recording unit 203 acquires the configuration file of the network device from a reliable adjacent network device and records it in a storage unit such as a memory (step S2003).
When transmission of a configuration file related to a reliable adjacent network device is required, the transmitting unit 204 transmits the configuration file that needs to be transmitted to the reliable adjacent network device that requires transmission (step S2004).

FIG. 21 is a diagram showing the hardware configuration of a network device.
As shown in FIG. 21, the device A100, device B200, device C300, and device D400, which are network devices, have a CPU (Central Processing Unit) 191, ROM (Read Only Memory) 192, RAM (Random Access Memory) 193, HDD 194, It includes hardware such as a communication module 195 and a database 196 .

Each process described above is stored in a computer-readable recording medium in the form of a program, and the above process is performed by reading and executing this program by a computer. Here, the computer-readable recording medium refers to magnetic disks, magneto-optical disks, CD-ROMs, DVD-ROMs, semiconductor memories, and the like. Alternatively, the computer program may be distributed to a computer via a communication line, and the computer receiving the distribution may execute the program.

Further, the program may be for realizing part of the functions described above. Further, it may be a so-called difference file (difference program) that can realize the above-described functions in combination with a program already recorded in the computer system.

The present disclosure is applicable to the infrastructure of communication networks.

Some or all of the above-described embodiments can also be described as the following additional remarks, but are not limited to the following.

(Appendix 1)
obtaining means for obtaining encrypted certificate information obtained by encrypting the certificate information of the manufacturer of the network device from an adjacent network device;
The manufacturer's certificate information obtained by decrypting the encrypted certificate information is compared with the certificate information of the own device, and if they match, the adjacent network device is determined to be a reliable adjacent network device. means of judgment;
a recording means for recording a configuration file of the network device obtained from the reliable adjacent network device in a storage means;
sending means for sending a configuration file that needs to be sent to the trusted neighboring network device that requires the sending, if the sending of the configuration file for the trusted neighboring network device is required;
network equipment.

(Appendix 2)
When the configuration file of the reliable adjacent network device is changed, the transmission means determines that it is necessary to transmit the configuration file related to the reliable adjacent network device, and requests transmission of the configuration file of the adjacent network device. to the neighboring network device, and
The network device according to appendix 1, wherein the recording means records the configuration file received from the adjacent network device in response to transmission of the transmission request as a new configuration file in the storage means.

(Appendix 3)
When the reliable adjacent network device is replaced for maintenance, the transmitting means determines that transmission of a configuration file related to the reliable adjacent network device is necessary, 3. The network device according to appendix 1 or appendix 2, wherein the configuration file of the trusted neighboring network device for which file transmission is required is transmitted to the network device.

(Appendix 4)
The transmitting means, when receiving a past configuration file transmission request from the reliable adjacent network device, determines that transmission of the configuration file related to the reliable adjacent network device is necessary, and transmits the transmission request. 3. The network device according to any one of appendices 1 to 3, wherein a configuration file to be recorded in the storage means relating to the network device is transmitted to the network device.

(Appendix 5)
When transmitting the configuration file to the reliable adjacent network device, the transmission means encrypts the configuration file and uses the certificate information of the manufacturer that manufactured the self-device and the encrypted configuration file. generating first hash information by hashing the generated data using a hash algorithm, and transmitting a configuration information frame including the encrypted configuration file and the first hash information;
When the configuration file is received from the reliable adjacent network device, the recording means stores the encrypted configuration file included in the configuration information frame, the certificate information of the manufacturer that manufactured the own device, and the encrypted configuration file. second hash information is generated by hashing data generated using a configuration file using a hash algorithm, and when the first hash information and the second hash information match, the encryption included in the configuration information frame The network device according to any one of appendices 1 to 4, wherein the decrypted configuration file is decrypted and recorded in the storage means of the own device.

(Appendix 6)
According to appendix 5, further comprising stopping means for stopping communication using a communication port connected to the adjacent network device that transmitted the configuration information frame when the first hash information and the second hash information do not match. network equipment.

(Appendix 7)
8. The network device according to any one of appendices 1 to 7, further comprising applying means for automatically applying information in the configuration file received from the reliable adjacent network device to the own device.

(Appendix 8)
Obtaining encrypted certificate information obtained by encrypting the certificate information of the manufacturer of the network device from the adjacent network device,
The manufacturer's certificate information obtained by decrypting the encrypted certificate information is compared with the certificate information of the own device, and if they match, the adjacent network device is determined to be a reliable adjacent network device. ,
recording the configuration file of the network device obtained from the reliable neighboring network device in a storage means;
If transmission of a configuration file for said trusted neighboring network device is required, transmitting the configuration file that needs to be transmitted to said trusted neighboring network device that requires said transmission.

(Appendix 9)
A program that causes a computer of a network device to execute the processing method according to appendix 8.

100 Apparatus A
200 Device B
300 Device C
400 Device D
130, 230, 330, 430 Tables 140, 240, 340, 440 Memory 150, 250, 350, 450 Processing unit (acquisition means, determination means, recording means, transmission means, stop means, means of application)
42, 92, 97 ... data processing units 44, 90, 95 ... LLDP MIB tables 43, 91, 96 ... LLDP frame processing units 45, 93, 98 ... configuration storage units 86, 94, 99・・・TPM

Claims (9)

obtaining means for obtaining encrypted certificate information obtained by encrypting the certificate information of the manufacturer of the network device from an adjacent network device;
The manufacturer's certificate information obtained by decrypting the encrypted certificate information is compared with the certificate information of the own device, and if they match, the adjacent network device is determined to be a reliable adjacent network device. means of judgment;
a recording means for recording a configuration file of the network device obtained from the reliable adjacent network device in a storage means;
sending means for sending a configuration file that needs to be sent to the trusted neighboring network device that requires the sending, if the sending of the configuration file for the trusted neighboring network device is required;
network equipment. When the configuration file of the reliable adjacent network device is changed, the transmission means determines that it is necessary to transmit the configuration file related to the reliable adjacent network device, and requests transmission of the configuration file of the adjacent network device. to the neighboring network device, and
2. The network device according to claim 1, wherein said recording means records the configuration file received from said adjacent network device in response to transmission of said transmission request as a new configuration file in said storage means. When the reliable adjacent network device is replaced for maintenance, the transmitting means determines that transmission of a configuration file related to the reliable adjacent network device is necessary, 2. The network device according to claim 1, wherein the configuration file of said trusted neighboring network device requiring file transmission is transmitted to said network device. The transmitting means, when receiving a past configuration file transmission request from the reliable adjacent network device, determines that transmission of the configuration file related to the reliable adjacent network device is necessary, and transmits the transmission request. 2. The network device according to claim 1, wherein a configuration file to be recorded in said storage means relating to the network device is transmitted to said network device. When transmitting the configuration file to the reliable adjacent network device, the transmission means encrypts the configuration file and uses the certificate information of the manufacturer that manufactured the self-device and the encrypted configuration file. generating first hash information by hashing the generated data using a hash algorithm, and transmitting a configuration information frame including the encrypted configuration file and the first hash information;
When the configuration file is received from the reliable adjacent network device, the recording means stores the encrypted configuration file included in the configuration information frame, the certificate information of the manufacturer that manufactured the own device, and the encrypted configuration file. second hash information is generated by hashing data generated using a configuration file using a hash algorithm, and when the first hash information and the second hash information match, the encryption included in the configuration information frame 5. The network device according to any one of claims 1 to 4, wherein the encrypted configuration file is decrypted and recorded in the storage means of the device itself. 6. The apparatus according to claim 5, further comprising stopping means for stopping communication using a communication port connected to said adjacent network device that transmitted said configuration information frame when said first hash information and said second hash information do not match. network equipment. 2. The network device according to claim 1, further comprising applying means for automatically applying information in a configuration file received from said reliable adjacent network device to said device. Obtaining encrypted certificate information obtained by encrypting the certificate information of the manufacturer of the network device from the adjacent network device,
The manufacturer's certificate information obtained by decrypting the encrypted certificate information is compared with the certificate information of the own device, and if they match, the adjacent network device is determined to be a reliable adjacent network device. ,
recording the configuration file of the network device obtained from the reliable neighboring network device in a storage means;
If transmission of a configuration file for said trusted neighboring network device is required, transmitting the configuration file that needs to be transmitted to said trusted neighboring network device that requires said transmission. A program that causes a computer of a network device to execute the processing method according to claim 8.

Images