WO2012077308A1 - Communication path verification system, path verification device, communication path verification method, and path verification program - Google Patents

Communication path verification system, path verification device, communication path verification method, and path verification program Download PDF

Info

Publication number
WO2012077308A1
WO2012077308A1 PCT/JP2011/006737 JP2011006737W WO2012077308A1 WO 2012077308 A1 WO2012077308 A1 WO 2012077308A1 JP 2011006737 W JP2011006737 W JP 2011006737W WO 2012077308 A1 WO2012077308 A1 WO 2012077308A1
Authority
WO
WIPO (PCT)
Prior art keywords
path
information
flow
node
packet
Prior art date
Application number
PCT/JP2011/006737
Other languages
French (fr)
Inventor
Yoichi Hatano
Original Assignee
Nec Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nec Corporation filed Critical Nec Corporation
Priority to JP2013516895A priority Critical patent/JP2014502063A/en
Publication of WO2012077308A1 publication Critical patent/WO2012077308A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/26Route discovery packet

Definitions

  • the present invention relates to a communication path verification system, a path verification device, a communication path verification method, and a path verification program, each for verifying a communication path of a network where a communication path is controlled per flow.
  • Patent Literature (PTL) 1 describes a path verification technique which uses a path search packet.
  • identification information for identifying a path search packet is stored in a header portion corresponding to a data link layer of an OSI (Open Systems Interconnection) reference model.
  • a relay node detects passing of the path search packet and transmits a result of the detection to a network monitoring device, so that the network monitoring device can verify a path of a flow based on a notification packet.
  • Non Patent Literature (NPL) 1 describes a communication path verification technique by a traceroute command.
  • a source node initially transmits an IP packet with TTL (Time To Live) of 1, and receives a response from a node at a first hop. Then, the source node increments the TTL, and sequentially receives responses from nodes on the path at a second hop, a third hop and the like. Thus, the source node transmits an IP packet while incrementing the TTL until the packet reaches a target host, thereby allowing for checking a communication path.
  • TTL Time To Live
  • NPL 2 describes Ether OAM (Ethernet (registered trademark) operations, administration, maintenance) Link-Trace (LT).
  • Ether OAM Ethernet (registered trademark) operations, administration, maintenance) Link-Trace (LT).
  • LT Link-Trace
  • PTL 2 describes a monitoring method of a multicast tree in an IP network.
  • the router when a router receives test packets from a transmission terminal, the router generates passing state information in which the number of packets thus received is accumulated, and transmits the passing state information to a network monitoring device.
  • a communication path is controlled per communication flow (hereinafter, just referred to as a flow in some cases).
  • the flow indicates a communication prescribed by use of information indicative of a source and information indicative of a destination.
  • the flow is prescribed by use of IP addresses of a source and a destination, Ports of the source and the destination, MAC addresses of the source and the destination, EtherType, and an IP protocol number.
  • the aforementioned general path verification techniques do not assume a network in which a path is controlled per communication flow. That is, in such a network, a routing will be performed by referring to a pair of MAC addresses and a pair of IP addresses. Therefore, a path is determined uniquely if the pairs of addresses are determined, so that the path can be verified based on the information.
  • Fig. 11 is an explanatory view showing a general network system.
  • Fig. 11 shows an example of communication flows in a network in which a path is controllable per communication flow.
  • the network system exemplified in Fig. 11 includes terminals T1 and T2, and routers R1 to R3. These devices are mutually connected with each other via a communication network. Note that, in the following description, a path which goes through each device may be represented as a reference sign of a corresponding device through which the path goes. Further, a plurality of flows exist on the network, but in Fig. 11, two flows F1 and F2 are shown.
  • the flow F1 is a communication from the source terminal T1 to the destination terminal T2, and its path is assumed "T1 -> R1 -> R2 -> R3 -> T2.” Further, the flow F2 is also a communication from the source terminal T1 to the destination terminal T2, but its path is assumed "T1 -> R1 -> R3 -> T2.”
  • Fig. 12 is an explanatory view showing an example of header information of the flows.
  • the following description deals with a case where the flow F1 exemplified in Fig. 12 is assumed as a flow that flows on the network system exemplified in Fig. 11, and a path of the flow F1 is verified by use of the path verification technique described in PTL 1.
  • a test flow TF1 in which MAC addresses of a source and a destination are set to the same address and a unique type is defined as EtherType is formed.
  • Fig. 13 is an explanatory view showing an example of the test flow TF1 formed by use of the path verification method described in PTL 1. For a network in which a path is not controlled per flow, path verification can be performed by causing this test flow TF1 to flow on the network.
  • the path verification method described in PTL 1 has such a problem that the path verification cannot be performed in a network in which a path is controlled per flow.
  • EtherType defined uniquely is set for the test flow TF1. Therefore, in the network in which a path is controlled per flow, the EtherType of the test flow TF1 is different from the EtherType of the flow F1, so that they are recognized as different flows. Thus, there is no guarantee that the test flow TF1 and the flow F1 go through the same path.
  • Fig. 14 is an explanatory view showing an example of a transfer policy determined per flow.
  • two types of transfer policies can be defined as shown in Fig. 14.
  • Each of the policies exemplified in Fig. 14 is a rule that defines to perform a control of causing a flow which is identical with the policy in terms of the items of "source MAC, destination MAC, EtherType, source IP, destination IP, Protocol_ID, source Port, and destination Port" to be transmitted to a path that is defined in the item of "path".
  • a flow that is matched with a policy 1 is transmitted through a path "R1 -> R3”
  • a flow that is matched with a policy 2 is transmitted through a path "R1 -> R2 -> R3.”
  • test flow TF1 is transferred through the path "R1 -> R2 -> R3," which is defined by the transfer policy 2, so that a test result of a path "T1 -> R1 -> R2 -> R3 -> T2" is returned.
  • the flow T1 still have a possibility that it is transferred through the path "T1 -> R1 -> R3 -> T2.”
  • the network which can separately define policies for a target flow to be tested and for a test flow as transfer policies on the networks has such a problem that path verification is not performed properly by the technique such as the path verification method described in PTL 1.
  • the number of test packets which pass a router is measured and an inflow to the router is measured. In view of this, it is possible to grasp an overall flow of a communication.
  • a counter value measured as the number of test packets is common regardless of types of test packets.
  • the monitoring method described in PTL 2 is effective for path verification in a case where the number of types of test packets flowing on a network is only one, but has a problem that the path verification is difficult in a case where there are a plurality of types of test packets.
  • an exemplary object of the present invention is to provide a communication path verification system, a path verification device, a communication path verification method, and a path verification program, each of which can verify a communication path per type of flow even in a case where there are a plurality of types of target flows to be tested in a network in which a communication path is controlled per flow.
  • a communication path verification system includes: a plurality of nodes for transferring received packets to another device; and a path verification device for verifying a path per flow, which is a communication of which a path is prescribed by use of information indicative of a source and information indicative of a destination, wherein: the node includes special-packet detecting means for detecting, from among the received packets, a special packet which includes a path verification flag indicative of whether the packet is a packet for path verification or not and of which a header configuration is the same as that of a target flow to be verified, and detection-information notifying means for generating, based on the special packet thus detected, detection information, which is information including a flow identifier, which is information for identifying the flow, and a node identifier, which is information for identifying the node itself, and for notifying the path verification device of the detection information; and the path verification device includes path verification means for verifying a path of the flow based on the node identifier included in the detection information received from
  • Another communication path verification system includes a plurality of nodes for transferring received packets to another device; and a path verification device for verifying a path per flow, which is a communication of which a path is prescribed by use of information indicative of a source and information indicative of a destination, wherein: the path verification device includes verification-target transmitting means for transmitting, to the node, a flow identifier, which is information for identifying a target flow to be verified, and path verification means for verifying a path of the flow; the node includes a packet detecting means for detecting, from among the received packets, a packet of which a header configuration is identical with the flow identifier indicative of the target flow to be verified, and detection-information notifying means for generating, based on the packet thus detected, detection information, which is information including the flow identifier and a node identifier, which is information for identifying the node itself, and for notifying the path verification device of the detection information; and the path verification means of the path verification device verifies a
  • a path verification device is a path verification device for verifying a path per flow, which is a communication of which a path is prescribed by use of information indicative of a source and information indicative of a destination, and includes path verification means for receiving, from a node which is a device for transferring received packets to another device, detection information, which is information including a flow identifier, which is information for identifying a target flow of which a path is verified, and a node identifier, which is information for identifying the node, and for verifying a path of the flow based on the node identifier included in the detection information thus received.
  • a communication path verification method is a path verification method for verifying a path per flow, which is a communication of which a path is prescribed by use of information indicative of a source and information indicative of a destination, and includes the steps of: by a node for transferring received packets to another device, detecting, from among the received packets, a special packet which includes a path verification flag indicative of whether the packet is a packet for path verification or not and of which a header configuration is the same as that of a target flow to be verified; by the node, generating, based on the special packet thus detected, detection information, which is information including a flow identifier, which is information for identifying the flow, and a node identifier, which is information for identifying the node itself; by the node, notifying of the detection information a path verification device for verifying a path per flow; and by the path verification device, verifying a path of the flow based on the node identifier included in the detection information received from the node.
  • Another communication path verification method is a path verification method for verifying a path per flow, which is a communication of which a path is prescribed by use of information indicative of a source and information indicative of a destination, and includes the steps of: by a path verification device for verifying a path per flow, transmitting, to a node for transferring received packets to another device, information including a flow identifier, which is information for identifying a target flow to be verified; by the node, detecting, from among the received packets, a packet of which a header configuration is identical with the flow identifier; by the node, generating, based on the packet thus detected, detection information, which is information including the flow identifier and a node identifier, which is information for identifying the node itself; by the node, notifying the path verification device of the detection information; and by the path verification device, verifying a path of the flow based on the node identifier included in the detection information received from the node.
  • a path verification program is a path verification program employed in a computer for verifying a path per flow, which is a communication of which a path is prescribed by use of information indicative of a source and information indicative of a destination, and the path verification program causes the computer to execute: a path verification process of receiving, from a node which is a device for transferring received packets to another device, detection information, which is information including a flow identifier, which is information for identifying a target flow of which a path is verified, and a node identifier, which is information for identifying the node, and then verifying a path of the flow based on the node identifier included in the detection information thus received.
  • Fig. 1 is an explanatory view showing an example of a communication path verification system in the first exemplary embodiment of the present invention.
  • Fig. 2 is a block diagram showing an example of a router and a path verification device as used in the present invention.
  • Fig. 3 is an explanatory view of an example of a special-packet notification process that a router performs.
  • Fig. 4 is an explanatory view showing an example of a flow path verification process that a path verification device performs.
  • Fig. 5 is an explanatory view showing an example of a path verification method of a flow.
  • Fig. 6 is an explanatory view showing an example of detection information.
  • Fig. 7 is an explanatory view showing an example of a communication path verification system in the second exemplary embodiment of the present invention.
  • Fig. 8 is a block diagram showing an example of a minimum configuration of the communication path verification system according to the present invention.
  • Fig. 9 is a block diagram showing an example of another minimum configuration of the communication path verification system according to the present invention.
  • Fig. 10 is a block diagram showing an example of a minimum configuration of the path verification device according to the present invention.
  • Fig. 11 is an explanatory view showing a general network system.
  • Fig. 12 is an explanatory view showing an example of header information of flows.
  • Fig. 13 is an explanatory view showing an example of a test flow.
  • Fig. 14 is an explanatory view showing an example of a transfer policy defined per flow.
  • FIG. 1 is an explanatory view showing an example of a communication path verification system in the first exemplary embodiment of the present invention.
  • the communication path verification system in the present exemplary embodiment includes terminals T1 and T2, routers R1 to R3, and a path verification device 100.
  • the routers R1 to R3 and the path verification device 100 are mutually connected to each other via a communication network NET.
  • a reference sign indicating the router may be omitted.
  • the communication path verification system shown in the example of Fig. 1 includes two terminals and three routers.
  • the number of terminals and the number of routers are not limited to the above numbers.
  • the number of routers may be one or two, or four or more routers may be provided. Further, the number of terminals may be three or more.
  • the device such as the router or the switch, for transferring received packets to another device may be just referred to as a "node.”
  • the path verification device 100 may be provided as one function of the terminals T1 and T2.
  • a flow is a communication of which a path is prescribed by use of information indicative of a source and information indicative of a destination.
  • a plurality of flows exist on the network NET, but in Fig. 1, two flows F1 and F2 are shown.
  • the flow F1 is a communication from the source terminal T1 to the destination terminal T2, and its path is assumed "T1 -> R1 -> R2 -> R3 -> T2.” Further, the flow F2 is also a communication from the source terminal T1 to the destination terminal T2, but its path is assumed "T1 -> R1 -> R3 -> T2.”
  • the terminals T1 and T2 have a communication function using a special packet for path verification.
  • the special packet is a packet of which a header configuration is the same as that of a target flow to be verified and which has a path verification flag.
  • the path verification flag means information used for determination of whether a packet is a special packet or not, and this flag is realized by various techniques. Examples of the techniques are as follows: a method in which a field for path verification is prepared in a payload portion of a packet, and a predetermined bit in the field is assumed as a path verification flag; and a method in which whether there is a message embedded in the field or not is assumed as a path verification flag.
  • a path verification flag may be a size itself of a special packet.
  • the routers R1 to R3 transfer a packet received from a terminal or another router to another router or terminal. More specifically, the routers R1 to R3 have a function to detect a special packet for path verification, a function to notify the path verification device 100 of detection of the special packet, and a packet transmission function to another device. When detecting a special packet by the special-packet detection function, the routers R1 to R3 notify the path verification device 100 of detection information, and transfer the special packet to another device.
  • the detection information is information including information (hereinafter referred to as a flow identifier) for identifying a flow, and information (hereinafter referred to as a node identifier) for identifying a router itself which detects the special packet.
  • the detection information may further include a path entry of a path table corresponding to a received packet, a time when the packet has passed, a list of IDs of routers which the packet has passed, a counter indicative of the number of routers which the packet has passed, and the like.
  • the flow identifier in the detection information may be, for example, information about a source and a destination, such as IP addresses and MAC addresses, and header information such as a port number and a sequence number.
  • an identifier (that is, the node identifier) of a router may encompass, for example, an IP address and an MAC address of the router, an ID of the router given by a network administrator, and the like.
  • the path verification device 100 receives detection information from each router. The following describes more details of each router and the path verification device 100.
  • Fig. 2 is a block diagram showing an example of the router and the path verification device 100 as used in the present invention.
  • the router exemplified in Fig. 2 includes a packet receiving section 10, a special-packet detecting section 20, a detection-information notifying section 30, a path-table storing section 40, and a packet transfer section 50.
  • the path-table storing section 40 stores therein a path table including a path entry.
  • the path table has the same configuration as a routing table.
  • the path entry is path information which is necessary when a received packet is transferred to another device, and includes, for example, an interface which outputs a packet, a gateway which transfers the packet, and a metric to a device to which the packet is transferred, and the like.
  • the path-table storing section 40 is realized by a magnetic disk or the like.
  • the packet receiving section 10 receives a packet destined for the device, and inputs the packet thus received into the special-packet detecting section 20.
  • the special-packet detecting section 20 sequentially receives packets from the packet receiving section 10. Then, the special-packet detecting section 20 detects a special packet from among the packets thus received. More specifically, the special-packet detecting section 20 detects a special packet from among the packets thus received by checking a path verification flag set by a terminal. The special-packet detecting section 20 may determine whether or not a received packet has a path verification flag, for example, so that the special-packet detecting section 20 may determine that the packet is a special packet when it determines that the packet has a path verification flag. When a special packet is detected, the special-packet detecting section 20 supplies the packet for the detection-information notifying section 30. On the other hand, when a special packet is not detected, the special-packet detecting section 20 supplies the received packet for the packet transfer section 50.
  • the detection-information notifying section 30 forms detection information based on the special packet received from the special-packet detecting section 20, and notifies the path verification device 100 of the detection information thus formed.
  • the detection-information notifying section 30, for example, extracts a flow identifier from the packet received and adds an identifier of the router itself thereto, so as to form detection information.
  • the detection-information notifying section 30 may refer to a path table stored in the path-table storing section 40 so as to add to the detection information a path entry in the path table corresponding to the packet. The addition of the path entry enables examination of a routing policy of the detected packet, normality of the path entry, and the like.
  • the packet transfer section 50 transfers received packets to a subsequent router by referring to the path table stored in the path-table storing section 40. Note that the packets to be transferred include both normal packets and special packets.
  • the special-packet detecting section 20, the detection-information notifying section 30, and the packet transfer section 50 are realized by a CPU of a computer working according to a program (a path extraction program).
  • the program may be stored in a storage section (not shown) of each router, so that the CPU may read the program to realizes the special-packet detecting section 20, the detection-information notifying section 30 and the packet transfer section 50 according to the program.
  • the special-packet detecting section 20, the detection-information notifying section 30, and the packet transfer section 50 each may be realized by corresponding exclusive hardware.
  • the path verification device 100 exemplified in Fig. 2 includes a detection-information receiving section 110, a path verification section 120, a detection-information storing section 130, and a path-verification-information storing section 140.
  • the detection-information storing section 130 stores therein detection information. Further, the path-verification-information storing section 140 stores therein a result of path verification by the path verification section 120.
  • the detection-information storing section 130 and the path-verification-information storing section 140 are each realized by a magnetic disk.
  • the detection-information receiving section 110 causes the detection-information storing section 130 to store therein detection information received from each of the routers R1 to R3.
  • the path verification section 120 reads the detection information stored in the detection-information storing section 130, and performs path verification of a flow. More specifically, the path verification section 120 checks flow identifiers included in pieces of detection information, and extracts only pieces of detection information indicative of a flow which is the same as a target flow identifier to be verified.
  • the path verification section 120 extracts all identifiers of routers which the target flow to be verified has passed, from the pieces of detection information thus extracted. More specifically, the path verification section 120 extracts node identifiers from the pieces of detection information thus extracted. Then, the path verification section 120 determines the identifiers (that is, node identifiers) of the routers thus extracted, as a path of the target flow to be verified, and causes the path-verification-information storing section 140 to store the path of the flow as a result of the path verification. The path verification section 120 performs the path verification for all pieces of path information stored in the path-verification-information storing section 140, so that the path-verification-information storing section 140 can store therein paths of all target flows to be verified as results of the path verification.
  • a network operator can check a path of a flow, for example, by referring to the path-verification-information storing section 140 in which the results of the path verification are stored, directly or by using a program.
  • the detection-information receiving section 110 and the path verification section 120 are realized by a CPU of a computer working according to a program (a path verification program). Further, the detection-information receiving section 110 and the path verification section 120 each may be realized by corresponding exclusive hardware.
  • Fig. 3 is an explanatory view showing an example of a flow path verification process that the routers R1 to R3 perform
  • Fig. 4 is an explanatory view showing an example of a flow path verification process that the path verification device 100 performs.
  • Fig. 5 is an explanatory view showing an example of a path verification method of a flow. The following description deals with a method for verifying the flows F1 and F2.
  • test flows TF1 and TF2 for verifying paths of the flows F1 and F2 are shown.
  • a flow is shown in a full line, and a test flow is shown in a dashed line.
  • a special packet having the same header as that of the flow F1 is used as the test flow TF1, and a special packet having the same header as that of the flow F2 is used as the test flow TF2. That is, a path of the flow F1 is verified by using the test flow TF1, and a path of the flow F2 is verified by using the test flow TF2.
  • the packet receiving section 10 of the router R1 receives a packet from the terminal T1, and supplies the received packet for the special-packet detecting section 20 (Step S10 in Fig. 3).
  • the special-packet detecting section 20 sequentially receives packets from the packet receiving section 10. Then, the special-packet detecting section 20 detects a special packet from among the packets thus received (Step S20).
  • the special-packet detecting section 20 employs a method for detecting a special packet by checking a path verification flag set by the terminal T1.
  • the special-packet detecting section 20 inputs the special packet into the detection-information notifying section 30.
  • the special-packet detecting section 20 inputs the received packets into the packet transfer section 50.
  • the detection-information notifying section 30 forms detection information and notifies the path verification device 100 of the detection information thus formed (Step S30). The following describes the process of Step S30 in detail.
  • the detection-information notifying section 30 forms detection information based on the special packet received from the special-packet detecting section 20, and causes a detection-information storing section (not shown in Fig. 2) to store it therein (Step S31).
  • this detection information includes a flow identifier indicative of a flow of the packet detected and an identifier of a router which detects the packet.
  • the detection-information notifying section 30 informs the path verification device 100 of the detection information thus form (Step S32). Then, the detection-information notifying section 30 inputs the special packet into the packet transfer section 50.
  • the detection-information notifying section 30 may refer to a path table stored in the path-table storing section 40 so as to add to the detection information a path entry in the path table corresponding to the packet. Then, the packet transfer section 50 transfers received packets to a subsequent router R2 by referring to the path table stored in the path-table storing section 40 (Step S40). Subsequent operations of the router R2 and R3 are the same as above.
  • the detection-information receiving section 110 receives detection information which is transmitted from each of the routers R1 to R3, and causes the detection-information storing section 130 to store the detection information thus received (Step S110 in Fig. 4).
  • the path verification section 120 reads the detection information stored in the detection-information storing section 130, and performs path verification of a flow. More specifically, the path verification section 120 checks flow identifiers of pieces of detection information, and extracts only pieces of detection information of the same flow. Then, the path verification section 120 extracts all identifiers of routers which the flow has passed, and causes the path-verification-information storing section 140 to store therein a path verification result which assumes the identifiers as a path of the flow (Step S120). The path verification section 120 performs the same process as in Step S120 for all pieces of detection information stored in the detection-information storing section 130.
  • Fig. 6 is an explanatory view showing an example of pieces of detection information received from the routers R1 to R3.
  • the detection information exemplified in Fig. 6 includes a detection information item for identifying each detection information, a flow identifier item, a router identifier item, and a routing table item indicative of a path entry of a path table.
  • the routing table item exemplified in Fig. 6 includes a "Dst" portion indicative of a destination, a "NextHOP" portion indicative of a transfer destination, and an "Interface" portion indicative of an interface which outputs a packet.
  • the path verification section 120 extracts pieces of detection information D1 to D3 having an flow identifier of "TF1" from among pieces of detection information exemplified in Fig. 6. Then, the path verification section 120 checks router identifiers included in the pieces of detection information D1 to D3, and causes the path-verification-information storing section 140 to store therein router identifiers "R1, R2, R3" as a path of the flow TF1. By referring to this path verification result thus stored, it is possible to verify that the flow TF1 has passed the routers R1, R2, and R3.
  • the path verification section 120 may check routing table items as well as the router identifiers included in the pieces of detection information D1 to D3. More specifically, the path verification section 120 can verify the path "R1 -> R2 -> R3" of the flow TF1 which includes a passing order, by referring to NextHOP in the routing table items.
  • the path verification section 120 extracts pieces of detection information D4 and D5 having an identifier of "TF2" from the pieces of detection information exemplified in Fig. 6. Then, the path verification section 120 checks router identifier included in the pieces of detection information D4 and D5, and causes the path-verification-information storing section 140 to store therein route identifiers "R1, R3" as a path of the flow TF2. By referring to this path verification result thus stored, it is possible to verify that the flow TF2 has passed the routers R1 to R3 (in other words, the flow TF2 does not pass the router R2).
  • path verification is performed per flow identifier, so that even if there are a plurality of types of target flows to be tested, it is possible to verify a communication path of each flow per type.
  • the special-packet detecting section 20 of a router detects a special packet from among received packets. Then, the detection-information notifying section 30 of the router generates detection information including a flow identifier and a node identifier based on the special packet thus detected, and notifies the path verification device 100 of the detection information. Subsequently, the path verification section 120 of the path verification device 100 verifies a path of a flow based on the node identifier included in the detection information received from the router. More specifically, the path verification section 120 of the path verification device 100 verifies a path per flow by use of the flow identifier included in the detection information thus received. Thus, even if there are a plurality of types of target flows to be tested in a network in which a communication path is controlled per flow, it is possible to verify a communication path per type of flow.
  • the present exemplary embodiment it is possible to verify a path of a flow in a communication network. This is because a router which receives a special packet which is routed in the same manner as a normal flow returns a response, and verification of its path is performed based on the response.
  • FIG. 7 is an explanatory view showing an example of a communication path verification system in the second exemplary embodiment of the present invention. Note that, constituents which are the same as those in the first exemplary embodiment have the same reference signs as in Fig. 1, and are not explained here.
  • the communication path verification system in the second exemplary embodiment includes terminals T1 and T2, routers R1 to R3, converters P1 and P2, and a path verification device 100.
  • the converter is connected between a terminal and a router. More specifically, the converter P1 is connected between the terminal T1 and the router R1, and the converter P2 is connected between the terminal T2 and the router R3. Further, the routers R1 to R3 and the path verification device 100 are mutually connected to each other via a communication network NET.
  • a communication is performed by normal packets in a portion shown in a full line, and a communication is performed by a special packet in a portion shown in a dashed line.
  • the communication path verification system in the second exemplary embodiment is different from the communication path verification system in the first exemplary embodiment in that a device for sending out a special packet is the converters P1 and P2. Except for this point, the second exemplary embodiment is the same as the first exemplary embodiment.
  • the packet passes the converter P1 placed on its path.
  • a controller (not shown) of the converter P1 converts the normal packet thus received into a special packet.
  • the controller (not shown) of the converter P1 may set, as a path verification flag, a predetermined bit in a field for path verification prepared beforehand in a payload portion of the normal packet. Further, the controller (not shown) of the converter P1 may embed a message in the field as a path verification flag.
  • the conversion method to a special packet is not limited to these methods. Other conversion methods may be also used provided that the special packet is of a form that allows the routers R1 to R3 to detect a path verification flag.
  • a controller (not shown) of the converter P2 converts the special packet thus received into a normal packet.
  • a method in which the controller (not shown) of the converter P2 converts a special packet into a normal packet for example, a method in which a bit set as a path verification flag is released may be used, or a method in which a message embedded with a path verification flag is deleted may be used. That is, other methods may be also used provided that they are methods of reverting a special packet back to a normal packet, which is a packet before conversion to the special packet by the controller (not shown) of the converter P1.
  • each of the routers R1 to R3 and the path verification device 100 are the same as the operations in the first exemplary embodiment, and therefore not explained here.
  • the communication path verification system of the present exemplary embodiment includes a converter for converting a normal packet into a special packet.
  • a converter for converting a normal packet into a special packet in addition to the effect in the first exemplary embodiment, it is possible to verify a path of a flow even if the terminal T1 does not have a function to transmit a special packet.
  • Exemplary Embodiment 3 Next will be explained a communication path verification system in the third exemplary embodiment of the present invention.
  • the configuration of the communication path verification system in the present exemplary embodiment may be a configuration similar to the configuration of the communication path verification system in the first exemplary embodiment, or may be a configuration similar to the configuration of the communication path verification system in the second exemplary embodiment.
  • the communication path verification system in the third exemplary embodiment is different from the communication path verification systems in the first exemplary embodiment and the second exemplary embodiment in that the routers R1 to R3 perform a counter operation of a packet, add a counting result by the counter operation to detection information, and transmit it to the path verification device 100, and that the path verification section 120 of the path verification device 100 verifies a path by referring to the counting result. Except for these points, the third exemplary embodiment is the same as the first exemplary embodiment and the second exemplary embodiment.
  • the detection-information notifying section 30 of the router When a router receives a special packet, the detection-information notifying section 30 of the router operates a counter included in the special packet. More specifically, the detection-information notifying section 30 counts the number of times that the special packet has passed routers, and stores the counted number of times in the packet.
  • the counter which the detection-information notifying section 30 operates is information included in a predetermined field of the special packet. This field may be a field such as TTL or may be one prepared as a unique field. Further, the detection-information notifying section 30 performs addition or subtraction to the counter. Note that the operation performed to the counter may be either of addition and subtraction if the same operation is performed in all routers in the communication path verification system.
  • the detection-information notifying section 30 also notifies the path verification device 100 of a counter value of the field in which the counter operation is performed.
  • the path verification section 120 of the path verification device 100 sorts pieces of verification information based on information of the counter value. For example, in a case where a counter is added in each router, pieces of verification information are sorted in the order from one having a small counter value (that is, pieces of verification information are sorted in the ascending order of the counter value), so that a path of routers can be verified in the order that the packet has passed.
  • the detection-information notifying section 30 of the router when a router receives a special packet, the detection-information notifying section 30 of the router counts the number of times that the special packet has passed routers, and stores the counted number of times in the special packet. Then, the detection-information notifying section 30 notifies the path verification device 100 of the counted number of times together with detection information.
  • the path verification section 120 of the path verification device 100 verifies a path of a flow indicative of the order of routers that the packet has passed, based on the number of times thus received.
  • the order of routes that a packet has passed is guaranteed when path verification is performed, so that it is possible to surely verify a path that the flow has passed, without referring to a path table.
  • Exemplary Embodiment 4 Next will be explained a communication path verification system in the fourth exemplary embodiment of the present invention.
  • the configuration of the communication path verification system in the present exemplary embodiment may be a configuration similar to the configuration of the communication path verification system in the first exemplary embodiment, or may be a configuration similar to the configuration of the communication path verification system in the second exemplary embodiment.
  • the communication path verification system in the fourth exemplary embodiment is different from the communication path verification systems in the first to third exemplary embodiments in that the path verification device 100 performs a notification instruction of detection information, and a terminal or a converter does not transmits a special packet. Except for this point, the fourth exemplary embodiment is the same as the first to third exemplary embodiments.
  • the path verification section 120 of the path verification device 100 notifies a router of one or more path entries as detection target entry information.
  • the path entry includes a flow identifier indicative of a target flow to be verified.
  • the packet receiving section 10 When the router receives detection target entry information, the packet receiving section 10 causes the path-table storing section 40 to store therein a path entry indicated by the detection target entry information.
  • a detection entry information storage section (not shown) for storing detection target entry information may be provided separately, so that the packet receiving section 10 may cause the detection entry information storage section (not shown) to store received detection target entry information.
  • the special-packet detecting section 20 detects a packet corresponding to the detection target entry information. More specifically, the special-packet detecting section 20 detects a packet of which a header configuration is identical with a flow identifier indicative of a target flow to be verified, from among the packets thus received.
  • the special-packet detecting section 20 When detecting a packet including a flow identifier identical with the flow identifier included in the detection target entry information, the special-packet detecting section 20 inputs the packet into the detection-information notifying section 30. On the other hand, when the flow identifier is not identical, the special-packet detecting section 20 inputs the packet into the packet transfer section 50.
  • the other operations are the same as the operations in the first to third exemplary embodiments. That is, the detection-information notifying section 30 forms detection information, and notifies the path verification device 100 of the detection information thus formed. Subsequently, the path verification section 120 of the path verification device 100 verifies a path of a flow in the same manner as in the first to third exemplary embodiments.
  • the special-packet detecting section 20 may perform the process not on all packets but on a packet extracted by a sampling.
  • the path verification section 120 of the path verification device 100 initially transmits a flow identifier for identifying a target flow to be verified to a router.
  • the special-packet detecting section 20 of the router detects a packet of which a header configuration is identical with the flow identifier from among received packets.
  • the detection-information notifying section 30 generates detection information including the flow identifier and a node identifier based on the packet thus detected, and notifies the path verification device 100 of the detection information.
  • the path verification section 120 of the path verification device 100 verifies a path of the flow based on the node identifier included in the detection information received from the router.
  • a device e.g., a converter
  • FIG. 8 is a block diagram showing an example of a minimum configuration of the communication path verification system according to the present invention.
  • the communication path verification system according to the present invention includes a plurality of nodes 80 (e.g., the routers R1 to R3, a switch) for transferring received packets to another device, and a path verification device 90 (e.g., the path verification device 100) for verifying a path per flow, which is a communication of which a path is prescribed by use of information indicative of a source and information indicative of a destination.
  • nodes 80 e.g., the routers R1 to R3, a switch
  • a path verification device 90 e.g., the path verification device 100
  • the node 80 includes: special-packet detecting means 81 (e.g., the special-packet detecting section 20) for detecting, from received packets, a special packet which includes a path verification flag indicative of whether the packet is a packet for path verification or not and of which a header configuration is the same as that of a target flow to be verified; and detection-information notifying means 82 (e.g., the detection-information notifying section 30) for generating, based on the special packet thus detected, detection information, which is information including a flow identifier, which is information for identifying a flow, and a node identifier, which is information for identifying the node itself, and for notifying the path verification device 90 of the detection information.
  • detection information which is information including a flow identifier, which is information for identifying a flow, and a node identifier, which is information for identifying the node itself, and for notifying the path verification device 90 of the detection information.
  • the path verification device 90 includes path verification means 91 (e.g., the path verification section 120) for verifying a path of the flow based on the node identifier included in the detection information received from the node 80.
  • path verification means 91 e.g., the path verification section 120
  • the node 80 may also include path-table storing means (e.g., the path-table storing section 40) for storing therein a path table including a path entry, which is information indicative of a transfer destination of a packet. Accordingly, the detection-information notifying means 82 of the node 80 may notify the path verification device 90 of detection information to which a path entry corresponding to the detected special packet is added.
  • path-table storing means e.g., the path-table storing section 40 for storing therein a path table including a path entry, which is information indicative of a transfer destination of a packet. Accordingly, the detection-information notifying means 82 of the node 80 may notify the path verification device 90 of detection information to which a path entry corresponding to the detected special packet is added.
  • a converter for converting a packet into a special packet may be provided between a terminal (e.g., the terminal T1) for transmitting a packet used for a communication and a node 80 (e.g., the router R1) to which the terminal transmits the packet.
  • a terminal e.g., the terminal T1
  • a node 80 e.g., the router R1
  • the node 80 may also include counting means (e.g., the detection-information notifying section 30) for, when the node 80 receives a special packet, counting (e.g., adding or subtracting) the number of times that the special packet has passed nodes, and for storing the number of times into the special packet. Then, the detection-information notifying means 82 of the node 80 may notify the path verification device 90 of the number of times together with the detection information, so that the path verification means 91 of the path verification device 90 may verify a path of the flow indicative of the order of nodes that the flow has passed, based on the number of times thus received. With such a configuration, it is possible to check the order of routers that a packet has passed, when path verification is performed. This makes it possible to surely verify a path that the flow has passed, without referring to a path table.
  • counting means e.g., the detection-information notifying section 30
  • FIG. 9 is a block diagram showing an example of another minimum configuration of the communication path verification system according to the present invention.
  • Another communication path verification system according to the present invention includes a plurality of nodes 60 (e.g., the routers R1 to R3, a switch) for transferring received packets to another device, and a path verification device 70 (e.g., the path verification device 100) for verifying a path per flow, which is a communication of which a path is prescribed by use of information indicative of a source and information indicative of a destination.
  • nodes 60 e.g., the routers R1 to R3, a switch
  • a path verification device 70 e.g., the path verification device 100
  • the path verification device 70 includes: verification-target transmitting means 71 (e.g., the path verification section 120) for transmitting to the node 60 information including a flow identifier, which is information for identifying a target flow to be verified; and path verification means 72 (e.g., the path verification section 120) for verifying a path of the flow.
  • verification-target transmitting means 71 e.g., the path verification section 120
  • path verification means 72 e.g., the path verification section 120
  • the node 60 includes: a packet detecting means 61 (e.g., the special-packet detecting section 20) for detecting, from among received packets, a packet of which a header configuration is identical with the flow identifier indicative of the target flow to be verified; and detection-information notifying means 62 for generating detection information, which is information including the flow identifier and a node identifier, which is information for identifying the node itself, based on the packet thus detected, and for notifying the path verification device 70 of the detection information.
  • a packet detecting means 61 e.g., the special-packet detecting section 20
  • detection-information notifying means 62 for generating detection information, which is information including the flow identifier and a node identifier, which is information for identifying the node itself, based on the packet thus detected, and for notifying the path verification device 70 of the detection information.
  • the path verification means 72 of the path verification device 70 verifies a path of the flow based on the node identifier included in the detection information thus received from the node.
  • Fig. 10 is a block diagram showing an example of a minimum configuration of the path verification device according to the present invention.
  • the path verification device according to the present invention is a path verification device for verifying a path per flow, which is a communication of which a path is prescribed by use of information indicative of a source and information indicative of a destination, and includes path verification means 51 (e.g., the path verification section 120) for receiving from a node which is a device for transferring received packets to another device, detection information, which is information including an flow identifier, which is information for identifying a target flow of which a path is verified, and a node identifier, which is information for identifying the node, and for verifying a path of the flow based on the node identifier included in the detection information thus received.
  • path verification means 51 e.g., the path verification section 120
  • detection information which is information including an flow identifier, which is information for identifying a target flow of which a path is verified
  • the present invention is preferably applied to a communication path verification system for verifying a communication path of a network in which a communication path is controlled per flow.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Special-packet detecting section in a node detects, from among received packets, a special packet which includes a path verification flag indicative of whether the packet is a packet for path verification or not and of which a header configuration is the same as that of a target flow to be verified. Detection-information notifying section in the node generates, based on the special packet thus detected, detection information, which is information including a flow identifier, which is information for identifying the flow, and a node identifier, which is information for identifying the node itself, and then notifies a path verification device of the detection information. Path verification section in the path verification device verifies a path of the flow based on the node identifier included in the detection information received from the node.

Description

COMMUNICATION PATH VERIFICATION SYSTEM, PATH VERIFICATION DEVICE, COMMUNICATION PATH VERIFICATION METHOD, AND PATH VERIFICATION PROGRAM
The present invention relates to a communication path verification system, a path verification device, a communication path verification method, and a path verification program, each for verifying a communication path of a network where a communication path is controlled per flow.
In an operation management of a communication network, it is necessary to grasp a status of a whole network system, and to check whether or not a service can be provided properly. Particularly, a setting error of a communication path causes a large area to be affected by failures, which is a problem that should be restored immediately. In view of this, it is important to properly grasp a path of a communication that flows on the network.
Patent Literature (PTL) 1 describes a path verification technique which uses a path search packet. In the technique described in PTL 1, identification information for identifying a path search packet is stored in a header portion corresponding to a data link layer of an OSI (Open Systems Interconnection) reference model. A relay node detects passing of the path search packet and transmits a result of the detection to a network monitoring device, so that the network monitoring device can verify a path of a flow based on a notification packet.
Non Patent Literature (NPL) 1 describes a communication path verification technique by a traceroute command. In the method described in NPL 1, a source node initially transmits an IP packet with TTL (Time To Live) of 1, and receives a response from a node at a first hop. Then, the source node increments the TTL, and sequentially receives responses from nodes on the path at a second hop, a third hop and the like. Thus, the source node transmits an IP packet while incrementing the TTL until the packet reaches a target host, thereby allowing for checking a communication path.
NPL 2 describes Ether OAM (Ethernet (registered trademark) operations, administration, maintenance) Link-Trace (LT). In the method described in NPL 2, when an OAM frame is transmitted from a source node, a node which receives the frame decrements TTL and transmits the frame to a next node. Further, the node which receives the frame transmits a response LT OAM to the source. Thus, the source node can check a path by receiving the response LT OAM.
Further, PTL 2 describes a monitoring method of a multicast tree in an IP network. In the monitoring method described in PTL 2, when a router receives test packets from a transmission terminal, the router generates passing state information in which the number of packets thus received is accumulated, and transmits the passing state information to a network monitoring device.
Japanese Patent Application Laid-Open No. 2004-208068 Domestic Re-publication of PCT International Application WO2006/098024
G. Kessler etc., "A Primer On Internet and TCP/IP Tools and Utilities," June 1997, RFC2151 (http://www.ietf.org/rfc/rfc2151.txt) ITU-T, "SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS," Y.1731, February, 2008
On the other hand, such a method is known that a communication path is controlled per communication flow (hereinafter, just referred to as a flow in some cases). Here, the flow indicates a communication prescribed by use of information indicative of a source and information indicative of a destination. For example, the flow is prescribed by use of IP addresses of a source and a destination, Ports of the source and the destination, MAC addresses of the source and the destination, EtherType, and an IP protocol number.
The aforementioned general path verification techniques do not assume a network in which a path is controlled per communication flow. That is, in such a network, a routing will be performed by referring to a pair of MAC addresses and a pair of IP addresses. Therefore, a path is determined uniquely if the pairs of addresses are determined, so that the path can be verified based on the information.
However, in a network in which a path can be controlled per communication flow, a path is controlled by identifying not only MAC addresses and IP addresses but also a flow. Therefore, in the general path verification techniques, even in a case where it is determined that "paths are matched because pairs of addresses are matched," there is no guarantee that a target flow to be tested is identical with a path of a flow for test. This will be described below with reference to drawings.
Fig. 11 is an explanatory view showing a general network system. Fig. 11 shows an example of communication flows in a network in which a path is controllable per communication flow. The network system exemplified in Fig. 11 includes terminals T1 and T2, and routers R1 to R3. These devices are mutually connected with each other via a communication network. Note that, in the following description, a path which goes through each device may be represented as a reference sign of a corresponding device through which the path goes. Further, a plurality of flows exist on the network, but in Fig. 11, two flows F1 and F2 are shown.
The flow F1 is a communication from the source terminal T1 to the destination terminal T2, and its path is assumed "T1 -> R1 -> R2 -> R3 -> T2." Further, the flow F2 is also a communication from the source terminal T1 to the destination terminal T2, but its path is assumed "T1 -> R1 -> R3 -> T2."
Fig. 12 is an explanatory view showing an example of header information of the flows. In the header information exemplified in Fig. 12, a flow of Flow_ID = F1 indicates the flow F1, and a flow of Flow_ID = F2 indicates the flow F2. Here, the following description deals with a case where the flow F1 exemplified in Fig. 12 is assumed as a flow that flows on the network system exemplified in Fig. 11, and a path of the flow F1 is verified by use of the path verification technique described in PTL 1.
In the path verification method described in PTL 1, a test flow TF1 in which MAC addresses of a source and a destination are set to the same address and a unique type is defined as EtherType is formed. Fig. 13 is an explanatory view showing an example of the test flow TF1 formed by use of the path verification method described in PTL 1. For a network in which a path is not controlled per flow, path verification can be performed by causing this test flow TF1 to flow on the network.
However, the path verification method described in PTL 1 has such a problem that the path verification cannot be performed in a network in which a path is controlled per flow. In the path verification method described in PTL 1, EtherType defined uniquely is set for the test flow TF1. Therefore, in the network in which a path is controlled per flow, the EtherType of the test flow TF1 is different from the EtherType of the flow F1, so that they are recognized as different flows. Thus, there is no guarantee that the test flow TF1 and the flow F1 go through the same path.
Fig. 14 is an explanatory view showing an example of a transfer policy determined per flow. In the network in which a path is controlled per flow, two types of transfer policies can be defined as shown in Fig. 14. Each of the policies exemplified in Fig. 14 is a rule that defines to perform a control of causing a flow which is identical with the policy in terms of the items of "source MAC, destination MAC, EtherType, source IP, destination IP, Protocol_ID, source Port, and destination Port" to be transmitted to a path that is defined in the item of "path". For example, a flow that is matched with a policy 1 is transmitted through a path "R1 -> R3," and a flow that is matched with a policy 2 is transmitted through a path "R1 -> R2 -> R3."
In a case where the aforementioned test flow TF1 is transmitted according to the transfer policies exemplified in Fig. 14, the test flow TF1 is transferred through the path "R1 -> R2 -> R3," which is defined by the transfer policy 2, so that a test result of a path "T1 -> R1 -> R2 -> R3 -> T2" is returned. However, based on the transfer policy defined as the policy 1, the flow T1 still have a possibility that it is transferred through the path "T1 -> R1 -> R3 -> T2."
Thus, the network which can separately define policies for a target flow to be tested and for a test flow as transfer policies on the networks has such a problem that path verification is not performed properly by the technique such as the path verification method described in PTL 1.
Further, in the monitoring method described in PTL 2, the number of test packets which pass a router is measured and an inflow to the router is measured. In view of this, it is possible to grasp an overall flow of a communication. However, in the monitoring method described in PTL 2, a counter value measured as the number of test packets is common regardless of types of test packets. Thus, the monitoring method described in PTL 2 is effective for path verification in a case where the number of types of test packets flowing on a network is only one, but has a problem that the path verification is difficult in a case where there are a plurality of types of test packets.
In view of this, an exemplary object of the present invention is to provide a communication path verification system, a path verification device, a communication path verification method, and a path verification program, each of which can verify a communication path per type of flow even in a case where there are a plurality of types of target flows to be tested in a network in which a communication path is controlled per flow.
A communication path verification system according to the present invention includes: a plurality of nodes for transferring received packets to another device; and a path verification device for verifying a path per flow, which is a communication of which a path is prescribed by use of information indicative of a source and information indicative of a destination, wherein: the node includes special-packet detecting means for detecting, from among the received packets, a special packet which includes a path verification flag indicative of whether the packet is a packet for path verification or not and of which a header configuration is the same as that of a target flow to be verified, and detection-information notifying means for generating, based on the special packet thus detected, detection information, which is information including a flow identifier, which is information for identifying the flow, and a node identifier, which is information for identifying the node itself, and for notifying the path verification device of the detection information; and the path verification device includes path verification means for verifying a path of the flow based on the node identifier included in the detection information received from the node.
Another communication path verification system according to the present invention includes a plurality of nodes for transferring received packets to another device; and a path verification device for verifying a path per flow, which is a communication of which a path is prescribed by use of information indicative of a source and information indicative of a destination, wherein: the path verification device includes verification-target transmitting means for transmitting, to the node, a flow identifier, which is information for identifying a target flow to be verified, and path verification means for verifying a path of the flow; the node includes a packet detecting means for detecting, from among the received packets, a packet of which a header configuration is identical with the flow identifier indicative of the target flow to be verified, and detection-information notifying means for generating, based on the packet thus detected, detection information, which is information including the flow identifier and a node identifier, which is information for identifying the node itself, and for notifying the path verification device of the detection information; and the path verification means of the path verification device verifies a path of the flow based on the node identifier included in the detection information received from the node.
A path verification device according to the present invention is a path verification device for verifying a path per flow, which is a communication of which a path is prescribed by use of information indicative of a source and information indicative of a destination, and includes path verification means for receiving, from a node which is a device for transferring received packets to another device, detection information, which is information including a flow identifier, which is information for identifying a target flow of which a path is verified, and a node identifier, which is information for identifying the node, and for verifying a path of the flow based on the node identifier included in the detection information thus received.
A communication path verification method according to the present invention is a path verification method for verifying a path per flow, which is a communication of which a path is prescribed by use of information indicative of a source and information indicative of a destination, and includes the steps of: by a node for transferring received packets to another device, detecting, from among the received packets, a special packet which includes a path verification flag indicative of whether the packet is a packet for path verification or not and of which a header configuration is the same as that of a target flow to be verified; by the node, generating, based on the special packet thus detected, detection information, which is information including a flow identifier, which is information for identifying the flow, and a node identifier, which is information for identifying the node itself; by the node, notifying of the detection information a path verification device for verifying a path per flow; and by the path verification device, verifying a path of the flow based on the node identifier included in the detection information received from the node.
Another communication path verification method according to the present invention is a path verification method for verifying a path per flow, which is a communication of which a path is prescribed by use of information indicative of a source and information indicative of a destination, and includes the steps of: by a path verification device for verifying a path per flow, transmitting, to a node for transferring received packets to another device, information including a flow identifier, which is information for identifying a target flow to be verified; by the node, detecting, from among the received packets, a packet of which a header configuration is identical with the flow identifier; by the node, generating, based on the packet thus detected, detection information, which is information including the flow identifier and a node identifier, which is information for identifying the node itself; by the node, notifying the path verification device of the detection information; and by the path verification device, verifying a path of the flow based on the node identifier included in the detection information received from the node.
A path verification program according to the present invention is a path verification program employed in a computer for verifying a path per flow, which is a communication of which a path is prescribed by use of information indicative of a source and information indicative of a destination, and the path verification program causes the computer to execute: a path verification process of receiving, from a node which is a device for transferring received packets to another device, detection information, which is information including a flow identifier, which is information for identifying a target flow of which a path is verified, and a node identifier, which is information for identifying the node, and then verifying a path of the flow based on the node identifier included in the detection information thus received.
According to the present invention, even if there are a plurality of types of target flows to be tested in a network in which a communication path is controlled per flow, it is possible to verify a communication path per type of flow.
Fig. 1 is an explanatory view showing an example of a communication path verification system in the first exemplary embodiment of the present invention. Fig. 2 is a block diagram showing an example of a router and a path verification device as used in the present invention. Fig. 3 is an explanatory view of an example of a special-packet notification process that a router performs. Fig. 4 is an explanatory view showing an example of a flow path verification process that a path verification device performs. Fig. 5 is an explanatory view showing an example of a path verification method of a flow. Fig. 6 is an explanatory view showing an example of detection information. Fig. 7 is an explanatory view showing an example of a communication path verification system in the second exemplary embodiment of the present invention. Fig. 8 is a block diagram showing an example of a minimum configuration of the communication path verification system according to the present invention. Fig. 9 is a block diagram showing an example of another minimum configuration of the communication path verification system according to the present invention. Fig. 10 is a block diagram showing an example of a minimum configuration of the path verification device according to the present invention. Fig. 11 is an explanatory view showing a general network system. Fig. 12 is an explanatory view showing an example of header information of flows. Fig. 13 is an explanatory view showing an example of a test flow. Fig. 14 is an explanatory view showing an example of a transfer policy defined per flow.
The following describes exemplary embodiments of the present invention with reference to drawings
Exemplary Embodiment 1.
Fig. 1 is an explanatory view showing an example of a communication path verification system in the first exemplary embodiment of the present invention. The communication path verification system in the present exemplary embodiment includes terminals T1 and T2, routers R1 to R3, and a path verification device 100. The routers R1 to R3 and the path verification device 100 are mutually connected to each other via a communication network NET. In the following description, when one of the routers R1 to R3 is described, a reference sign indicating the router may be omitted.
The communication path verification system shown in the example of Fig. 1 includes two terminals and three routers. However, the number of terminals and the number of routers are not limited to the above numbers. The number of routers may be one or two, or four or more routers may be provided. Further, the number of terminals may be three or more.
In the communication path verification system in the present exemplary embodiment, instead of the router, other devices for transferring packets, such as a switch, may be used. Hereinafter, the device, such as the router or the switch, for transferring received packets to another device may be just referred to as a "node." Further, the path verification device 100 may be provided as one function of the terminals T1 and T2.
On the communication network NET, there are a plurality of flows. As described above, a flow is a communication of which a path is prescribed by use of information indicative of a source and information indicative of a destination. Thus, a plurality of flows exist on the network NET, but in Fig. 1, two flows F1 and F2 are shown.
The flow F1 is a communication from the source terminal T1 to the destination terminal T2, and its path is assumed "T1 -> R1 -> R2 -> R3 -> T2." Further, the flow F2 is also a communication from the source terminal T1 to the destination terminal T2, but its path is assumed "T1 -> R1 -> R3 -> T2."
The terminals T1 and T2 have a communication function using a special packet for path verification. The special packet is a packet of which a header configuration is the same as that of a target flow to be verified and which has a path verification flag. The path verification flag means information used for determination of whether a packet is a special packet or not, and this flag is realized by various techniques. Examples of the techniques are as follows: a method in which a field for path verification is prepared in a payload portion of a packet, and a predetermined bit in the field is assumed as a path verification flag; and a method in which whether there is a message embedded in the field or not is assumed as a path verification flag. Alternatively, a path verification flag may be a size itself of a special packet.
The routers R1 to R3 transfer a packet received from a terminal or another router to another router or terminal. More specifically, the routers R1 to R3 have a function to detect a special packet for path verification, a function to notify the path verification device 100 of detection of the special packet, and a packet transmission function to another device. When detecting a special packet by the special-packet detection function, the routers R1 to R3 notify the path verification device 100 of detection information, and transfer the special packet to another device. The detection information is information including information (hereinafter referred to as a flow identifier) for identifying a flow, and information (hereinafter referred to as a node identifier) for identifying a router itself which detects the special packet.
Note that the detection information may further include a path entry of a path table corresponding to a received packet, a time when the packet has passed, a list of IDs of routers which the packet has passed, a counter indicative of the number of routers which the packet has passed, and the like.
The flow identifier in the detection information may be, for example, information about a source and a destination, such as IP addresses and MAC addresses, and header information such as a port number and a sequence number. Further, an identifier (that is, the node identifier) of a router may encompass, for example, an IP address and an MAC address of the router, an ID of the router given by a network administrator, and the like.
Then, the path verification device 100 receives detection information from each router. The following describes more details of each router and the path verification device 100.
Fig. 2 is a block diagram showing an example of the router and the path verification device 100 as used in the present invention. The router exemplified in Fig. 2 includes a packet receiving section 10, a special-packet detecting section 20, a detection-information notifying section 30, a path-table storing section 40, and a packet transfer section 50.
The path-table storing section 40 stores therein a path table including a path entry. For example, the path table has the same configuration as a routing table. The path entry is path information which is necessary when a received packet is transferred to another device, and includes, for example, an interface which outputs a packet, a gateway which transfers the packet, and a metric to a device to which the packet is transferred, and the like. The path-table storing section 40 is realized by a magnetic disk or the like.
The packet receiving section 10 receives a packet destined for the device, and inputs the packet thus received into the special-packet detecting section 20.
The special-packet detecting section 20 sequentially receives packets from the packet receiving section 10. Then, the special-packet detecting section 20 detects a special packet from among the packets thus received. More specifically, the special-packet detecting section 20 detects a special packet from among the packets thus received by checking a path verification flag set by a terminal. The special-packet detecting section 20 may determine whether or not a received packet has a path verification flag, for example, so that the special-packet detecting section 20 may determine that the packet is a special packet when it determines that the packet has a path verification flag. When a special packet is detected, the special-packet detecting section 20 supplies the packet for the detection-information notifying section 30. On the other hand, when a special packet is not detected, the special-packet detecting section 20 supplies the received packet for the packet transfer section 50.
The detection-information notifying section 30 forms detection information based on the special packet received from the special-packet detecting section 20, and notifies the path verification device 100 of the detection information thus formed. The detection-information notifying section 30, for example, extracts a flow identifier from the packet received and adds an identifier of the router itself thereto, so as to form detection information. Further, in addition to the flow identifier indicative of a flow of the packet detected and the identifier of the router which detects the packet, the detection-information notifying section 30 may refer to a path table stored in the path-table storing section 40 so as to add to the detection information a path entry in the path table corresponding to the packet. The addition of the path entry enables examination of a routing policy of the detected packet, normality of the path entry, and the like.
The packet transfer section 50 transfers received packets to a subsequent router by referring to the path table stored in the path-table storing section 40. Note that the packets to be transferred include both normal packets and special packets.
The special-packet detecting section 20, the detection-information notifying section 30, and the packet transfer section 50 are realized by a CPU of a computer working according to a program (a path extraction program). For example, the program may be stored in a storage section (not shown) of each router, so that the CPU may read the program to realizes the special-packet detecting section 20, the detection-information notifying section 30 and the packet transfer section 50 according to the program. Further, the special-packet detecting section 20, the detection-information notifying section 30, and the packet transfer section 50 each may be realized by corresponding exclusive hardware.
Further, the path verification device 100 exemplified in Fig. 2 includes a detection-information receiving section 110, a path verification section 120, a detection-information storing section 130, and a path-verification-information storing section 140.
The detection-information storing section 130 stores therein detection information. Further, the path-verification-information storing section 140 stores therein a result of path verification by the path verification section 120. For example, the detection-information storing section 130 and the path-verification-information storing section 140 are each realized by a magnetic disk.
The detection-information receiving section 110 causes the detection-information storing section 130 to store therein detection information received from each of the routers R1 to R3.
The path verification section 120 reads the detection information stored in the detection-information storing section 130, and performs path verification of a flow. More specifically, the path verification section 120 checks flow identifiers included in pieces of detection information, and extracts only pieces of detection information indicative of a flow which is the same as a target flow identifier to be verified.
Then, the path verification section 120 extracts all identifiers of routers which the target flow to be verified has passed, from the pieces of detection information thus extracted. More specifically, the path verification section 120 extracts node identifiers from the pieces of detection information thus extracted. Then, the path verification section 120 determines the identifiers (that is, node identifiers) of the routers thus extracted, as a path of the target flow to be verified, and causes the path-verification-information storing section 140 to store the path of the flow as a result of the path verification. The path verification section 120 performs the path verification for all pieces of path information stored in the path-verification-information storing section 140, so that the path-verification-information storing section 140 can store therein paths of all target flows to be verified as results of the path verification.
A network operator can check a path of a flow, for example, by referring to the path-verification-information storing section 140 in which the results of the path verification are stored, directly or by using a program.
The detection-information receiving section 110 and the path verification section 120 are realized by a CPU of a computer working according to a program (a path verification program). Further, the detection-information receiving section 110 and the path verification section 120 each may be realized by corresponding exclusive hardware.
An operation of the communication path verification system of the present exemplary embodiment is described below. Fig. 3 is an explanatory view showing an example of a flow path verification process that the routers R1 to R3 perform, and Fig. 4 is an explanatory view showing an example of a flow path verification process that the path verification device 100 performs.
Further, Fig. 5 is an explanatory view showing an example of a path verification method of a flow. The following description deals with a method for verifying the flows F1 and F2. In the example shown in Fig. 5, test flows TF1 and TF2 for verifying paths of the flows F1 and F2 are shown. A flow is shown in a full line, and a test flow is shown in a dashed line.
A special packet having the same header as that of the flow F1 is used as the test flow TF1, and a special packet having the same header as that of the flow F2 is used as the test flow TF2. That is, a path of the flow F1 is verified by using the test flow TF1, and a path of the flow F2 is verified by using the test flow TF2.
First of all, an operation of a side of the router R1 is described. Initially, the packet receiving section 10 of the router R1 receives a packet from the terminal T1, and supplies the received packet for the special-packet detecting section 20 (Step S10 in Fig. 3). The special-packet detecting section 20 sequentially receives packets from the packet receiving section 10. Then, the special-packet detecting section 20 detects a special packet from among the packets thus received (Step S20).
Herein, it is assumed that the special-packet detecting section 20 employs a method for detecting a special packet by checking a path verification flag set by the terminal T1. When detecting a special packet (Yes in Step S20), the special-packet detecting section 20 inputs the special packet into the detection-information notifying section 30. On the other hand, when detecting no special packet (No in Step S20), the special-packet detecting section 20 inputs the received packets into the packet transfer section 50.
When receiving the special packet, the detection-information notifying section 30 forms detection information and notifies the path verification device 100 of the detection information thus formed (Step S30). The following describes the process of Step S30 in detail.
The detection-information notifying section 30 forms detection information based on the special packet received from the special-packet detecting section 20, and causes a detection-information storing section (not shown in Fig. 2) to store it therein (Step S31). Note that this detection information includes a flow identifier indicative of a flow of the packet detected and an identifier of a router which detects the packet. Further, the detection-information notifying section 30 informs the path verification device 100 of the detection information thus form (Step S32). Then, the detection-information notifying section 30 inputs the special packet into the packet transfer section 50.
Note that when forming detection information, the detection-information notifying section 30 may refer to a path table stored in the path-table storing section 40 so as to add to the detection information a path entry in the path table corresponding to the packet. Then, the packet transfer section 50 transfers received packets to a subsequent router R2 by referring to the path table stored in the path-table storing section 40 (Step S40). Subsequent operations of the router R2 and R3 are the same as above.
An operation of a side of the path verification device 100 is described below. The detection-information receiving section 110 receives detection information which is transmitted from each of the routers R1 to R3, and causes the detection-information storing section 130 to store the detection information thus received (Step S110 in Fig. 4).
The path verification section 120 reads the detection information stored in the detection-information storing section 130, and performs path verification of a flow. More specifically, the path verification section 120 checks flow identifiers of pieces of detection information, and extracts only pieces of detection information of the same flow. Then, the path verification section 120 extracts all identifiers of routers which the flow has passed, and causes the path-verification-information storing section 140 to store therein a path verification result which assumes the identifiers as a path of the flow (Step S120). The path verification section 120 performs the same process as in Step S120 for all pieces of detection information stored in the detection-information storing section 130.
Fig. 6 is an explanatory view showing an example of pieces of detection information received from the routers R1 to R3. The detection information exemplified in Fig. 6 includes a detection information item for identifying each detection information, a flow identifier item, a router identifier item, and a routing table item indicative of a path entry of a path table. Further, the routing table item exemplified in Fig. 6 includes a "Dst" portion indicative of a destination, a "NextHOP" portion indicative of a transfer destination, and an "Interface" portion indicative of an interface which outputs a packet.
First explained is a method for verifying a path of the flow TF1 based on detection information of the test flow TF1 exemplified in Fig. 6. Initially, the path verification section 120 extracts pieces of detection information D1 to D3 having an flow identifier of "TF1" from among pieces of detection information exemplified in Fig. 6. Then, the path verification section 120 checks router identifiers included in the pieces of detection information D1 to D3, and causes the path-verification-information storing section 140 to store therein router identifiers "R1, R2, R3" as a path of the flow TF1. By referring to this path verification result thus stored, it is possible to verify that the flow TF1 has passed the routers R1, R2, and R3.
Further, the path verification section 120 may check routing table items as well as the router identifiers included in the pieces of detection information D1 to D3. More specifically, the path verification section 120 can verify the path "R1 -> R2 -> R3" of the flow TF1 which includes a passing order, by referring to NextHOP in the routing table items.
Next will be described a method for verifying a path of the flow TF2 based on pieces of detection information of the test flow TF2 exemplified in Fig. 6. Initially, the path verification section 120 extracts pieces of detection information D4 and D5 having an identifier of "TF2" from the pieces of detection information exemplified in Fig. 6. Then, the path verification section 120 checks router identifier included in the pieces of detection information D4 and D5, and causes the path-verification-information storing section 140 to store therein route identifiers "R1, R3" as a path of the flow TF2. By referring to this path verification result thus stored, it is possible to verify that the flow TF2 has passed the routers R1 to R3 (in other words, the flow TF2 does not pass the router R2).
As shown in the example of Fig. 6, in a case of a network in which a communication path is controlled per flow, even if flows have the same source (the terminal T1) and the same destination (the terminal T2), the paths of the flows may be different. According to the present exemplary embodiment, path verification is performed per flow identifier, so that even if there are a plurality of types of target flows to be tested, it is possible to verify a communication path of each flow per type.
As such, according to the present exemplary embodiment, the special-packet detecting section 20 of a router detects a special packet from among received packets. Then, the detection-information notifying section 30 of the router generates detection information including a flow identifier and a node identifier based on the special packet thus detected, and notifies the path verification device 100 of the detection information. Subsequently, the path verification section 120 of the path verification device 100 verifies a path of a flow based on the node identifier included in the detection information received from the router. More specifically, the path verification section 120 of the path verification device 100 verifies a path per flow by use of the flow identifier included in the detection information thus received. Thus, even if there are a plurality of types of target flows to be tested in a network in which a communication path is controlled per flow, it is possible to verify a communication path per type of flow.
That is, according to the present exemplary embodiment, it is possible to verify a path of a flow in a communication network. This is because a router which receives a special packet which is routed in the same manner as a normal flow returns a response, and verification of its path is performed based on the response.
Exemplary Embodiment 2.
Fig. 7 is an explanatory view showing an example of a communication path verification system in the second exemplary embodiment of the present invention. Note that, constituents which are the same as those in the first exemplary embodiment have the same reference signs as in Fig. 1, and are not explained here. The communication path verification system in the second exemplary embodiment includes terminals T1 and T2, routers R1 to R3, converters P1 and P2, and a path verification device 100. The converter is connected between a terminal and a router. More specifically, the converter P1 is connected between the terminal T1 and the router R1, and the converter P2 is connected between the terminal T2 and the router R3. Further, the routers R1 to R3 and the path verification device 100 are mutually connected to each other via a communication network NET.
A plurality of flows exist on the network NET, but in Fig. 7, two flows F1 and F2 are shown. In the flows F1 and F2 exemplified in Fig. 7, a communication is performed by normal packets in a portion shown in a full line, and a communication is performed by a special packet in a portion shown in a dashed line. Thus, the communication path verification system in the second exemplary embodiment is different from the communication path verification system in the first exemplary embodiment in that a device for sending out a special packet is the converters P1 and P2. Except for this point, the second exemplary embodiment is the same as the first exemplary embodiment.
In the present exemplary embodiment, when a packet transmitted from the terminal T1 is transmitted to the router R1, the packet passes the converter P1 placed on its path. At this point, a controller (not shown) of the converter P1 converts the normal packet thus received into a special packet. The controller (not shown) of the converter P1, for example, may set, as a path verification flag, a predetermined bit in a field for path verification prepared beforehand in a payload portion of the normal packet. Further, the controller (not shown) of the converter P1 may embed a message in the field as a path verification flag. Note that the conversion method to a special packet is not limited to these methods. Other conversion methods may be also used provided that the special packet is of a form that allows the routers R1 to R3 to detect a path verification flag.
On the other hand, when a special packet transmitted from the router R3 is transmitted to the terminal T2, the special packet passes the converter P2 on its path. At this point, a controller (not shown) of the converter P2 converts the special packet thus received into a normal packet. As a method in which the controller (not shown) of the converter P2 converts a special packet into a normal packet, for example, a method in which a bit set as a path verification flag is released may be used, or a method in which a message embedded with a path verification flag is deleted may be used. That is, other methods may be also used provided that they are methods of reverting a special packet back to a normal packet, which is a packet before conversion to the special packet by the controller (not shown) of the converter P1.
The operations of each of the routers R1 to R3 and the path verification device 100 are the same as the operations in the first exemplary embodiment, and therefore not explained here.
As such, the communication path verification system of the present exemplary embodiment includes a converter for converting a normal packet into a special packet. In view of this, in addition to the effect in the first exemplary embodiment, it is possible to verify a path of a flow even if the terminal T1 does not have a function to transmit a special packet.
Exemplary Embodiment 3.
Next will be explained a communication path verification system in the third exemplary embodiment of the present invention. Note that the configuration of the communication path verification system in the present exemplary embodiment may be a configuration similar to the configuration of the communication path verification system in the first exemplary embodiment, or may be a configuration similar to the configuration of the communication path verification system in the second exemplary embodiment.
The communication path verification system in the third exemplary embodiment is different from the communication path verification systems in the first exemplary embodiment and the second exemplary embodiment in that the routers R1 to R3 perform a counter operation of a packet, add a counting result by the counter operation to detection information, and transmit it to the path verification device 100, and that the path verification section 120 of the path verification device 100 verifies a path by referring to the counting result. Except for these points, the third exemplary embodiment is the same as the first exemplary embodiment and the second exemplary embodiment.
When a router receives a special packet, the detection-information notifying section 30 of the router operates a counter included in the special packet. More specifically, the detection-information notifying section 30 counts the number of times that the special packet has passed routers, and stores the counted number of times in the packet. Here, the counter which the detection-information notifying section 30 operates is information included in a predetermined field of the special packet. This field may be a field such as TTL or may be one prepared as a unique field. Further, the detection-information notifying section 30 performs addition or subtraction to the counter. Note that the operation performed to the counter may be either of addition and subtraction if the same operation is performed in all routers in the communication path verification system.
Subsequently, when notifying the path verification device 100 of detection information of the special packet, the detection-information notifying section 30 also notifies the path verification device 100 of a counter value of the field in which the counter operation is performed.
When performing path verification, the path verification section 120 of the path verification device 100 sorts pieces of verification information based on information of the counter value. For example, in a case where a counter is added in each router, pieces of verification information are sorted in the order from one having a small counter value (that is, pieces of verification information are sorted in the ascending order of the counter value), so that a path of routers can be verified in the order that the packet has passed.
As described above, according to the present exemplary embodiment, when a router receives a special packet, the detection-information notifying section 30 of the router counts the number of times that the special packet has passed routers, and stores the counted number of times in the special packet. Then, the detection-information notifying section 30 notifies the path verification device 100 of the counted number of times together with detection information. The path verification section 120 of the path verification device 100 verifies a path of a flow indicative of the order of routers that the packet has passed, based on the number of times thus received.
Thus, according to the present exemplary embodiment, in addition to the effect in the exemplary embodiment first, the order of routes that a packet has passed is guaranteed when path verification is performed, so that it is possible to surely verify a path that the flow has passed, without referring to a path table.
Exemplary Embodiment 4.
Next will be explained a communication path verification system in the fourth exemplary embodiment of the present invention. Note that the configuration of the communication path verification system in the present exemplary embodiment may be a configuration similar to the configuration of the communication path verification system in the first exemplary embodiment, or may be a configuration similar to the configuration of the communication path verification system in the second exemplary embodiment.
The communication path verification system in the fourth exemplary embodiment is different from the communication path verification systems in the first to third exemplary embodiments in that the path verification device 100 performs a notification instruction of detection information, and a terminal or a converter does not transmits a special packet. Except for this point, the fourth exemplary embodiment is the same as the first to third exemplary embodiments.
The path verification section 120 of the path verification device 100 notifies a router of one or more path entries as detection target entry information. The path entry includes a flow identifier indicative of a target flow to be verified.
When the router receives detection target entry information, the packet receiving section 10 causes the path-table storing section 40 to store therein a path entry indicated by the detection target entry information. The following describes a case where the packet receiving section 10 causes the path-table storing section 40 to store a path entry. Note that a detection entry information storage section (not shown) for storing detection target entry information may be provided separately, so that the packet receiving section 10 may cause the detection entry information storage section (not shown) to store received detection target entry information.
When each router receives packets, the special-packet detecting section 20 detects a packet corresponding to the detection target entry information. More specifically, the special-packet detecting section 20 detects a packet of which a header configuration is identical with a flow identifier indicative of a target flow to be verified, from among the packets thus received.
When detecting a packet including a flow identifier identical with the flow identifier included in the detection target entry information, the special-packet detecting section 20 inputs the packet into the detection-information notifying section 30. On the other hand, when the flow identifier is not identical, the special-packet detecting section 20 inputs the packet into the packet transfer section 50. The other operations are the same as the operations in the first to third exemplary embodiments. That is, the detection-information notifying section 30 forms detection information, and notifies the path verification device 100 of the detection information thus formed. Subsequently, the path verification section 120 of the path verification device 100 verifies a path of a flow in the same manner as in the first to third exemplary embodiments.
Note that in order to reduce the load of the router for a process of detecting a target packet, the special-packet detecting section 20 may perform the process not on all packets but on a packet extracted by a sampling.
As such, according to the present exemplary embodiment, the path verification section 120 of the path verification device 100 initially transmits a flow identifier for identifying a target flow to be verified to a router. The special-packet detecting section 20 of the router detects a packet of which a header configuration is identical with the flow identifier from among received packets. The detection-information notifying section 30 generates detection information including the flow identifier and a node identifier based on the packet thus detected, and notifies the path verification device 100 of the detection information. Then, the path verification section 120 of the path verification device 100 verifies a path of the flow based on the node identifier included in the detection information received from the router. In view of this, without implementing a function to form a special packet in the terminals T1 and T2 or a device (e.g., a converter) on a network, it is possible to verify a path that a flow has passed.
A minimum configuration of the present invention is described below. Fig. 8 is a block diagram showing an example of a minimum configuration of the communication path verification system according to the present invention. The communication path verification system according to the present invention includes a plurality of nodes 80 (e.g., the routers R1 to R3, a switch) for transferring received packets to another device, and a path verification device 90 (e.g., the path verification device 100) for verifying a path per flow, which is a communication of which a path is prescribed by use of information indicative of a source and information indicative of a destination.
The node 80 includes: special-packet detecting means 81 (e.g., the special-packet detecting section 20) for detecting, from received packets, a special packet which includes a path verification flag indicative of whether the packet is a packet for path verification or not and of which a header configuration is the same as that of a target flow to be verified; and detection-information notifying means 82 (e.g., the detection-information notifying section 30) for generating, based on the special packet thus detected, detection information, which is information including a flow identifier, which is information for identifying a flow, and a node identifier, which is information for identifying the node itself, and for notifying the path verification device 90 of the detection information.
The path verification device 90 includes path verification means 91 (e.g., the path verification section 120) for verifying a path of the flow based on the node identifier included in the detection information received from the node 80.
With such a configuration, even if there are a plurality of types of target flows to be tested in a network in which a communication path is controlled per flow, it is possible to verify a communication path per type of flow.
Further, the node 80 may also include path-table storing means (e.g., the path-table storing section 40) for storing therein a path table including a path entry, which is information indicative of a transfer destination of a packet. Accordingly, the detection-information notifying means 82 of the node 80 may notify the path verification device 90 of detection information to which a path entry corresponding to the detected special packet is added.
Further, a converter (e.g., the converter P1) for converting a packet into a special packet may be provided between a terminal (e.g., the terminal T1) for transmitting a packet used for a communication and a node 80 (e.g., the router R1) to which the terminal transmits the packet. With such a configuration, even if the terminal does not have a function to transmit a special packet, it is possible to verify a path of the flow.
Further, the node 80 may also include counting means (e.g., the detection-information notifying section 30) for, when the node 80 receives a special packet, counting (e.g., adding or subtracting) the number of times that the special packet has passed nodes, and for storing the number of times into the special packet. Then, the detection-information notifying means 82 of the node 80 may notify the path verification device 90 of the number of times together with the detection information, so that the path verification means 91 of the path verification device 90 may verify a path of the flow indicative of the order of nodes that the flow has passed, based on the number of times thus received. With such a configuration, it is possible to check the order of routers that a packet has passed, when path verification is performed. This makes it possible to surely verify a path that the flow has passed, without referring to a path table.
Further, Fig. 9 is a block diagram showing an example of another minimum configuration of the communication path verification system according to the present invention. Another communication path verification system according to the present invention includes a plurality of nodes 60 (e.g., the routers R1 to R3, a switch) for transferring received packets to another device, and a path verification device 70 (e.g., the path verification device 100) for verifying a path per flow, which is a communication of which a path is prescribed by use of information indicative of a source and information indicative of a destination.
The path verification device 70 includes: verification-target transmitting means 71 (e.g., the path verification section 120) for transmitting to the node 60 information including a flow identifier, which is information for identifying a target flow to be verified; and path verification means 72 (e.g., the path verification section 120) for verifying a path of the flow.
The node 60 includes: a packet detecting means 61 (e.g., the special-packet detecting section 20) for detecting, from among received packets, a packet of which a header configuration is identical with the flow identifier indicative of the target flow to be verified; and detection-information notifying means 62 for generating detection information, which is information including the flow identifier and a node identifier, which is information for identifying the node itself, based on the packet thus detected, and for notifying the path verification device 70 of the detection information.
Then, the path verification means 72 of the path verification device 70 verifies a path of the flow based on the node identifier included in the detection information thus received from the node.
With such a configuration described above, even if there are a plurality of types of target flows to be tested in a network in which a communication path is controlled per flow, it is possible to verify a communication path per type of flow. Thus, it is possible to verify a path that the flow has passed, without implementing a function to form a special packet in a device (e.g., the terminal and the converter) on the network.
Further, Fig. 10 is a block diagram showing an example of a minimum configuration of the path verification device according to the present invention. The path verification device according to the present invention is a path verification device for verifying a path per flow, which is a communication of which a path is prescribed by use of information indicative of a source and information indicative of a destination, and includes path verification means 51 (e.g., the path verification section 120) for receiving from a node which is a device for transferring received packets to another device, detection information, which is information including an flow identifier, which is information for identifying a target flow of which a path is verified, and a node identifier, which is information for identifying the node, and for verifying a path of the flow based on the node identifier included in the detection information thus received. In view of this, even if there are a plurality of types of target flows to be tested in a network in which a communication path is controlled per flow, it is possible to verify a communication path per type of flow.
The present invention has been described with reference to the exemplary embodiments and examples as described above, but the present invention is not limited to the exemplary embodiments and the examples. Various changes that a person skilled in the art can understand can be made for the configuration and details of the present invention within a scope of the present invention.
This application claims priority based on Japanese Patent Application No. 2010-271561 filed on December 6, 2010, the entire contents of which are hereby incorporated by reference.
The present invention is preferably applied to a communication path verification system for verifying a communication path of a network in which a communication path is controlled per flow.
T1, T2 Terminal
R1 to R3 Router
F1, F2 Flow
TF1, TF2 Test flow
10 Packet receiving section
20 Special-packet detecting section
30 Detection-information notifying section
40 Path-table storing section
50 Packet transfer section
100 Path verification device
110 Detection-information receiving section
120 Path verification section
130 Detection-information storing section
140 Path-verification-information storing section

Claims (10)

  1. A communication path verification system comprising:
    a plurality of nodes for transferring received packets to another device; and
    a path verification device for verifying a path per flow, which is a communication of which a path is prescribed by use of information indicative of a source and information indicative of a destination, wherein:
    the node includes
    special-packet detecting means for detecting, from among the received packets, a special packet which includes a path verification flag indicative of whether the packet is a packet for path verification or not and of which a header configuration is the same as that of a target flow to be verified, and
    detection-information notifying means for generating, based on the special packet thus detected, detection information, which is information including a flow identifier, which is information for identifying the flow, and a node identifier, which is information for identifying the node itself, and for notifying the path verification device of the detection information; and
    the path verification device includes
    path verification means for verifying a path of the flow based on the node identifier included in the detection information received from the node.
  2. The communication path verification system according to claim 1, wherein:
    the node includes path-table storing means for storing therein a path table including a path entry, which is information indicative of a transfer destination of a packet; and
    the detection-information notifying means of the node notifies the path verification device of detection information to which a path entry corresponding to the special packet thus detected is added.
  3. The communication path verification system according to claim 1 or 2, further comprising:
    a converter for converting a packet used for a communication into a special packet, the converter being provided between a terminal for transmitting the packet and a node for transmitting the packet to the terminal.
  4. The communication path verification system according to any one of claims 1 to 3, wherein:
    the node includes counting means for counting, when a special packet is received, the number of times that the special packet has passed nodes and for storing the number of times into the special packet; and
    the detection-information notifying means of the node notifies the path verification device of the number of times together with the detection information; and
    the path verification means of the path verification device verifies a path of the flow indicative of the order of nodes that the flow has passed, based on the number of times received.
  5. A communication path verification system comprising:
    a plurality of nodes for transferring received packets to another device; and
    a path verification device for verifying a path per flow, which is a communication of which a path is prescribed by use of information indicative of a source and information indicative of a destination, wherein:
    the path verification device includes
    verification-target transmitting means for transmitting, to the node, a flow identifier, which is information for identifying a target flow to be verified, and
    path verification means for verifying a path of the flow; and
    the node includes
    a packet detecting means for detecting, from among the received packets, a packet of which a header configuration is identical with the flow identifier indicative of the target flow to be verified, and
    detection-information notifying means for generating, based on the packet thus detected, detection information, which is information including the flow identifier and a node identifier, which is information for identifying the node itself, and for notifying the path verification device of the detection information; and
    the path verification means of the path verification device verifies a path of the flow based on the node identifier included in the detection information received from the node.
  6. A path verification device for verifying a path per flow, which is a communication of which a path is prescribed by use of information indicative of a source and information indicative of a destination, the path verification device comprising:
    path verification means for receiving, from a node which is a device for transferring received packets to another device, detection information, which is information including a flow identifier, which is information for identifying a target flow of which a path is verified, and a node identifier, which is information for identifying the node, and for verifying a path of the flow based on the node identifier included in the detection information thus received.
  7. A path verification method for verifying a path per flow, which is a communication of which a path is prescribed by use of information indicative of a source and information indicative of a destination, the path verification method comprising the steps of:
    by a node for transferring received packets to another device, detecting, from among the received packets, a special packet which includes a path verification flag indicative of whether the packet is a packet for path verification or not and of which a header configuration is the same as that of a target flow to be verified;
    by the node, generating, based on the special packet thus detected, detection information, which is information including a flow identifier, which is information for identifying the flow, and a node identifier, which is information for identifying the node itself;
    by the node, notifying of the detection information a path verification device for verifying a path per flow; and
    by the path verification device, verifying a path of the flow based on the node identifier included in the detection information received from the node.
  8. The communication path verification method according to claim 7, wherein the node notifies the path verification device of detection information to which a path entry corresponding to the special packet thus detected is added.
  9. A path verification method for verifying a path per flow, which is a communication of which a path is prescribed by use of information indicative of a source and information indicative of a destination, the path verification method comprising the steps of:
    by a path verification device for verifying a path per flow, transmitting, to a node for transferring received packets to another device, information including a flow identifier, which is information for identifying a target flow to be verified;
    by the node, detecting, from among the received packets, a packet of which a header configuration is identical with the flow identifier;
    by the node, generating, based on the packet thus detected, detection information, which is information including the flow identifier and a node identifier, which is information for identifying the node itself;
    by the node, notifying the path verification device of the detection information; and
    by the path verification device, verifying a path of the flow based on the node identifier included in the detection information received from the node.
  10. A path verification program employed in a computer for verifying a path per flow, which is a communication of which a path is prescribed by use of information indicative of a source and information indicative of a destination, the path verification program causing the computer to execute:
    a path verification process of receiving, from a node which is a device for transferring received packets to another device, detection information, which is information including a flow identifier, which is information for identifying a target flow of which a path is verified, and a node identifier, which is information for identifying the node, and then verifying a path of the flow based on the node identifier included in the detection information thus received.
PCT/JP2011/006737 2010-12-06 2011-12-01 Communication path verification system, path verification device, communication path verification method, and path verification program WO2012077308A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2013516895A JP2014502063A (en) 2010-12-06 2011-12-01 Communication path verification system, path verification apparatus, communication path verification method, and path verification program

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2010271561 2010-12-06
JP2010-271561 2010-12-06

Publications (1)

Publication Number Publication Date
WO2012077308A1 true WO2012077308A1 (en) 2012-06-14

Family

ID=46206819

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2011/006737 WO2012077308A1 (en) 2010-12-06 2011-12-01 Communication path verification system, path verification device, communication path verification method, and path verification program

Country Status (2)

Country Link
JP (1) JP2014502063A (en)
WO (1) WO2012077308A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20140092686A (en) * 2013-01-16 2014-07-24 한국전자통신연구원 Apparatus and method for processing packet for routing and path verification in domains
EP3399700A4 (en) * 2016-03-08 2019-01-02 Huawei Technologies Co., Ltd. Method, apparatus and device for detecting forwarding table

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9736053B2 (en) * 2014-03-25 2017-08-15 Nec Corporation Layer 2 path tracing through context encoding in software defined networking
JP6402574B2 (en) * 2014-10-14 2018-10-10 富士通株式会社 Information processing system and information processing method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002089426A1 (en) * 2001-04-27 2002-11-07 Ntt Data Corporation Packet tracing system
JP2006243878A (en) * 2005-03-01 2006-09-14 Matsushita Electric Ind Co Ltd Unauthorized access detection system
JP2010245866A (en) * 2009-04-07 2010-10-28 Fujitsu Ltd Communication route presumption program, method and computer

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002089426A1 (en) * 2001-04-27 2002-11-07 Ntt Data Corporation Packet tracing system
JP2006243878A (en) * 2005-03-01 2006-09-14 Matsushita Electric Ind Co Ltd Unauthorized access detection system
JP2010245866A (en) * 2009-04-07 2010-10-28 Fujitsu Ltd Communication route presumption program, method and computer

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20140092686A (en) * 2013-01-16 2014-07-24 한국전자통신연구원 Apparatus and method for processing packet for routing and path verification in domains
KR101640210B1 (en) * 2013-01-16 2016-07-15 한국전자통신연구원 Apparatus and method for processing packet for routing and path verification in domains
EP3399700A4 (en) * 2016-03-08 2019-01-02 Huawei Technologies Co., Ltd. Method, apparatus and device for detecting forwarding table
US10659359B2 (en) 2016-03-08 2020-05-19 Huawei Technologies Co., Ltd. Method and device for checking forwarding tables of network routers
EP3800835A1 (en) * 2016-03-08 2021-04-07 Huawei Technologies Co., Ltd. Method and apparatus for checking forwarding table, and device
US11088950B2 (en) 2016-03-08 2021-08-10 Huawei Technologies Co., Ltd. Method and device for checking forwarding tables of network nodes by means of check packets

Also Published As

Publication number Publication date
JP2014502063A (en) 2014-01-23

Similar Documents

Publication Publication Date Title
JP6901524B2 (en) Bit forwarding ingress router, bit forwarding router and operation management maintenance test method
CN102546383B (en) The method and apparatus of the standard agreement authentication mechanism of switching fabric system deploy
US8811212B2 (en) Controller placement for fast failover in the split architecture
JP5846221B2 (en) Network system and topology management method
US7684382B2 (en) Provider network for providing L-2 VPN services and edge router
US8406143B2 (en) Method and system for transmitting connectivity fault management messages in ethernet, and a node device
JP2015533049A (en) Method and apparatus for topology and path verification in a network
JP2005328318A (en) Method and program for grasping network constitution of virtual lan in node network
EP2876844A1 (en) Self-debugging router platform
US10623278B2 (en) Reactive mechanism for in-situ operation, administration, and maintenance traffic
Liang et al. On diagnosis of forwarding plane via static forwarding rules in software defined networks
CN108234234B (en) Maintaining endpoint devices, methods for communication, and computer-readable media
WO2012077308A1 (en) Communication path verification system, path verification device, communication path verification method, and path verification program
WO2015184740A1 (en) Method and device for processing detection hierarchy information
JP5938995B2 (en) Communication device
JP2005184510A (en) Router
Park et al. A fast recovery scheme based on detour planning for in-band OpenFlow networks
JP6247239B2 (en) Network verification system, network verification method, flow inspection apparatus, and program
Kawai et al. Per-flow entry verification for legacy SDN
Yan et al. Fast Recovery from Link Failure in Software De ned Survivable Network
JP2015154433A (en) Communication monitoring device
JP2012191526A (en) Network failure detection system, network failure detection method, and network failure detection program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11846434

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2013516895

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11846434

Country of ref document: EP

Kind code of ref document: A1