WO2017159508A1 - Setting device, communication system, method for updating setting of communication device and program - Google Patents

Setting device, communication system, method for updating setting of communication device and program Download PDF

Info

Publication number
WO2017159508A1
WO2017159508A1 PCT/JP2017/009319 JP2017009319W WO2017159508A1 WO 2017159508 A1 WO2017159508 A1 WO 2017159508A1 JP 2017009319 W JP2017009319 W JP 2017009319W WO 2017159508 A1 WO2017159508 A1 WO 2017159508A1
Authority
WO
WIPO (PCT)
Prior art keywords
setting
communication device
network
communication
update
Prior art date
Application number
PCT/JP2017/009319
Other languages
French (fr)
Japanese (ja)
Inventor
啓輔 鳥越
鈴木 洋司
辰也 矢部
Original Assignee
日本電気株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電気株式会社 filed Critical 日本電気株式会社
Publication of WO2017159508A1 publication Critical patent/WO2017159508A1/en

Links

Images

Definitions

  • the present invention is based on the priority claim of Japanese Patent Application No. 2016-052564 (filed on Mar. 16, 2016), the entire contents of which are incorporated herein by reference. Shall.
  • the present invention relates to a setting device, a communication system, a setting update method for a communication device, and a program.
  • Non-Patent Documents 1 and 2 a technique called OpenFlow is proposed, and a control device (Controller) and a transfer device (Switch) corresponding to the OpenFlow are used.
  • OpenFlow is a communication that considers communication as an end-to-end flow, and performs path control, failure recovery, load balancing, optimization, bandwidth control, and the like on a per-flow basis.
  • network systems incorporating the above SDN concept have begun to be used in large-scale data centers and the like.
  • Non-Patent Document 2 includes a secure channel for communication with the OpenFlow controller, and operates according to a flow table that is appropriately added or rewritten from the OpenFlow controller.
  • a flow table that is appropriately added or rewritten from the OpenFlow controller.
  • a set of match conditions (Match Fields) to be matched with the packet header, flow statistical information (Counters), and instructions (Instructions) that define processing contents is defined (non-patented) (Refer to “4.1 Flow Table” in Document 2).
  • the network operator directly operates the controller (manual operation).
  • the network topology By changing the network topology. Specifically, the network does not pass through a route including a communication device (a device that is stopped or restarted) in which software or the like is updated (for example, one redundant route is excluded). The topology is changed. Then, the network operator instructs the setting device (configuration device) that manages the settings of the communication device to update the software of the communication device or update the configuration.
  • the network is not in operation, such as when equipment is installed, there is no need to consider the route including the communication device that is the target of software update. In that case, setting update (software and configuration update) Can be automated. However, when the network is operating, a network failure may occur unless the network operator manually operates the controller. Further, in manual operation by a network operator, a human error such as removing an incorrect route may occur, and a network failure may occur due to the human error.
  • the update of the device environment using the setting device is normally performed, but the circumstances at that time are different between the device such as the server device and the device such as the router. That is, when using a configuration device to update (update) a server device, only the influence caused by disconnecting the server device needs to be considered.
  • the communication devices (switches) constituting the network it is necessary to consider the entire route (the entire network) passing through the device.
  • a network includes a large number of communication devices, it is difficult to change the network topology at a time so that data does not pass through all the devices that perform setting update depending on the network. Therefore, in such a case, every time one or a limited number of communication devices are updated, it is necessary to manually change the network topology.
  • human errors are likely to be induced when such operations are executed manually.
  • An object of the present invention is to provide a setting device, a communication system, a communication device setting update method, and a program that contribute to updating the settings of a communication device constituting the network while operating the network.
  • a device for transferring a packet and performing a setting update on a plurality of communication devices controlled by a control device wherein the plurality of communication devices are communicated to the control device.
  • a topology change instruction unit that instructs to exclude the designated communication device from the network composed of the plurality of communication devices while designating a communication device that is a setting update target among the devices, and the setting update target
  • An update execution unit that updates the setting of the communication device that is the target of the setting update after the communication device is excluded from the network, and the topology change instruction unit is a communication that is the target of the setting update
  • a setting device is provided that instructs the control device to return the excluded communication device to the network after the setting of the device is updated.
  • the communication device includes a plurality of communication devices that transfer packets, a control device that controls the plurality of communication devices, and a setting device that performs setting update related to the plurality of communication devices.
  • the setting device specifies the communication device that is the target of setting update among the plurality of communication devices to the control device, and excludes the specified communication device from the network including the plurality of communication devices. After the communication device that is the setting update target is excluded from the network, the setting of the communication device that is the setting update target is updated, and the setting of the communication device that is the setting update target is updated.
  • a communication system is provided that instructs the control device to return the excluded communication device to the network after the update.
  • a third aspect of the present invention in a system including a plurality of communication devices that transfer packets and a control device that controls the plurality of communication devices, the plurality of communication devices with respect to the control device. And instructing to exclude the designated communication device from the network composed of the plurality of communication devices while designating the communication device that is the setting update target, and the communication device that is the setting update target Is updated from the network, the step of updating the setting of the communication device that is the target of the setting update, and after the setting of the communication device that is the target of the setting update is updated, An instruction to return the excluded communication device to the network is provided.
  • a program that is executed by a computer that controls an apparatus that transfers a packet and that is controlled by a control apparatus and that performs setting update related to a plurality of communication apparatuses. Instructing a device to exclude a specified communication device from a network composed of the plurality of communication devices while designating a communication device that is a target of setting update among the plurality of communication devices; After the communication device that is the target of the setting update is excluded from the network, the processing for updating the setting of the communication device that is the target of the setting update and the setting of the communication device that is the target of the setting update are updated. And a program for instructing the control device to return the excluded communication device to the network. That.
  • This program can be recorded on a computer-readable storage medium.
  • the storage medium may be non-transient such as a semiconductor memory, a hard disk, a magnetic recording medium, an optical recording medium, or the like.
  • the present invention can also be embodied as a computer program product.
  • a setting device a communication system, a communication device setting update method, and a program that contribute to updating a setting of a communication device configuring the network while operating the network.
  • a setting device (configuration device) 100 is a device that transfers a packet and updates settings related to a plurality of communication devices controlled by a control device (see FIG. 1).
  • the setting device 100 instructs the control device to exclude the specified communication device from the network including the plurality of communication devices while designating the communication device that is the target of setting update among the plurality of communication devices.
  • a topology change instruction unit 101 is provided.
  • the setting device 100 includes an update execution unit 102 that updates settings of a communication device that is a setting update target after the communication device that is a setting update target is excluded from the network.
  • the topology change instruction unit 101 instructs the control device to return the excluded communication device to the network after the setting of the communication device that is the target of the setting update is updated.
  • the setting update includes at least updating software and configuration of the communication device.
  • the setting device 100 provides a mechanism for automatically performing software update and configuration update of a communication device when a network operator instructs the setting device 100. Specifically, the setting device 100 changes the network topology by instructing the control device that controls the network before performing the processing related to the setting update so that the designated communication device is not used. Performs processing to bypass the route. Thereafter, the setting device 100 executes the setting update of the designated communication device, and then instructs the control device to restore the original network topology. This makes it possible to update the setting of the communication device without stopping the communication flowing in the original network (that is, operating the network). As a result, the induction of a network failure is suppressed and no operation by the network operator is required, so that it is possible to eliminate human errors related to the communication device setting update and to improve the efficiency of the communication device setting update.
  • FIG. 2 is a diagram illustrating an example of a configuration of the communication system according to the first embodiment.
  • the communication system includes a setting device 10, a control device 20, communication devices 30-1 to 30-6, and terminals 40-1 to 40-4.
  • the configuration of FIG. 2 is an example, and is not intended to limit the number of communication devices and terminals.
  • communication device 30 or “terminal 40”. Indicate.
  • the communication system shown in FIG. 2 configures a network to which the SDN technology is applied, in which the control device 20 (controller) centrally controls the communication device 30 (packet transfer devices such as routers and switches).
  • the control device 20 controller
  • the communication device 30 packet transfer devices such as routers and switches.
  • a network in a data center is assumed, and a setting device 10 (configuration device) is introduced to the network.
  • the setting device 10 is connected to the communication devices 30-1 to 30-6 and the control device 20.
  • the control device 20 is connected to the communication devices 30-1 to 30-6.
  • the setting device and other devices, the control device 20 and the communication device 30 are connected via a secure channel.
  • the setting device 10 is a device that performs processing such as setting update related to each of the plurality of communication devices 30. More specifically, the setting device 10 includes an interface with the control device 20 and gives various instructions to the control device 20. The setting device 10 is also a device that includes an interface with the communication device 30 and updates (updates) the software and configuration of the communication device 30.
  • the control device 20 is a device that controls a plurality of communication devices 30. Specifically, the control device 20 controls the flow of packets by setting a processing rule for the communication device 30 (designates a data flow path).
  • the communication device 30 is a device that transfers packets.
  • the communication device 30 processes the received packet (transfers the packet) according to the processing rule set by the control device 20.
  • the communication device 30 transmits the received packet to the control device 20 and requests setting of the processing rule.
  • the control device 20 Upon receiving the request, the control device 20 generates a processing rule for processing the received packet, and sets the processing rule in the communication device 30.
  • the terminal 40 is a device serving as an end point of communication.
  • the terminal 40 corresponds to, for example, a computer server device in a data center.
  • FIG. 3 is a diagram illustrating an example of a hardware configuration of the setting apparatus 10 according to the first embodiment.
  • the setting device 10 can be configured by an information processing device (computer) and has a configuration illustrated in FIG.
  • the setting device 10 includes a CPU (Central Processing Unit) 11, a memory 12, an input / output interface 13, and a NIC (Network Interface Card) 14 that are communication means, which are connected to each other via an internal bus.
  • a CPU Central Processing Unit
  • memory 12 volatile and non-volatile memory
  • NIC Network Interface Card
  • the setting device 10 may include hardware (not shown). Further, the number of CPUs and the like included in the setting device 10 is not limited to the example illustrated in FIG. 3. For example, a plurality of CPUs may be included in the setting device 10.
  • the memory 12 is a RAM (Random Access Memory), a ROM (Read Only Memory), or an auxiliary storage device (hard disk or the like).
  • the input / output interface 13 is a means to be an interface of a display device and an input device (not shown).
  • the display device is, for example, a liquid crystal display.
  • the input device is a device that accepts user operations such as a keyboard and a mouse, for example. Further, an interface in which a display device and an input device are integrated, such as a touch panel, may be used.
  • control device 20 the communication device 30, and the terminal 40
  • the control device 20 is basically the same as the configuration of the setting device 10 and is apparent to those skilled in the art, and thus the description thereof is omitted. To do.
  • FIG. 4 is a block diagram illustrating an example of a processing configuration of the setting device 10 according to the first embodiment.
  • the setting device 10 includes a communication control unit 201, a storage unit 202, an information acquisition unit 203, an address distribution unit 204, a database construction unit 205, and a setting update processing unit 206. Composed.
  • Each processing module described above is realized by the CPU 11 executing a program stored in the memory 12, for example.
  • the program can be downloaded through a network or updated using a storage medium storing the program.
  • the processing module may be realized by a semiconductor chip. That is, it is sufficient if there is a means for executing the function performed by the processing module with some hardware and / or software.
  • the communication control unit 201 is means for controlling communication between the setting device 10 and other devices (the control device 20 and the communication device 30). When the communication control unit 201 receives a packet, the communication control unit 201 distributes the packet to various processing modules. When the communication control unit 201 acquires a packet from the processing module, the communication control unit 201 transmits the packet to another device.
  • the storage unit 202 is a means for storing various information. Specifically, the storage unit 202 includes an area in which file data (initial data) input in advance to the setting device 10 by the network operator is arranged. In the storage unit 202, a database (a communication device database described later) is constructed by the database construction unit 205.
  • the information acquisition unit 203 is a means for providing an information input interface to the network operator. Specifically, the information acquisition unit 203 inputs in advance information necessary for network operation from a network operator.
  • the network operator inputs necessary information to the setting device 10 using a device (display device, operation device) connected to the setting device 10 or a terminal (not shown). For example, the network operator inputs initial data related to a management ledger file, a configuration template file, a software file group to be installed in the communication device 30 and the like to the setting device 10 in advance.
  • the management ledger file is a file in which parameters different for each communication device 30 are described, for example, a file having a spreadsheet format.
  • the parameters of each communication device 30 include at least a management number for specifying the communication device 30, a MAC (Media Access Control) address obtained from the interface of the communication device 30, a software version, and a configuration (contents of environment setting). Included (see FIG. 5).
  • the software version and configuration described in the management ledger file are information that defines the software version and configuration that are desired to be applied to the communication device 30 operating on the network.
  • the first line in FIG. 5 indicates that the communication device 30 identified by the management number “1” is managed with the software version “V — 01” and the configuration content “Conf — 01”.
  • the information acquisition unit 203 stores the initial data input by the network operator in the storage unit 202.
  • the information acquisition unit 203 is also a means for receiving a command from the network operator and responding to the processing result of the command. Specifically, the network operator inputs a command related to construction of a communication device database, which will be described later, and a command related to setting update of the communication device 30 to the setting device 10. The information acquisition unit 203 allocates the input command to various processing modules of the setting device 10, requests processing of the command, and returns the processing result to the network operator.
  • the address distribution unit 204 manages an individual address (for example, a MAC address) of the communication device 30 in association with an address (for example, an IP (Internet Protocol) address) that can be assigned to each communication device 30, and acquires the individual address. In response to this, it is means for distributing an assignable address to the communication device 30. That is, the address distribution unit 204 is a means for providing a function as a so-called DHCP (Dynamic Host Configuration Protocol) server. That is, the setting device 10 uses the individual address of the communication device 30 as information unique to each of the plurality of communication devices 30 and manages the individual address and the address that can be assigned to each of the plurality of communication devices in association with each other. A means for distributing the received address to the communication device 30.
  • DHCP Dynamic Host Configuration Protocol
  • the address distribution unit 204 provides the control device 20 with information related to the correspondence between the management number written in the management ledger file and the IP address assigned to the communication device 30.
  • the control device 20 that has acquired the information (correspondence between the management number and the IP address) can uniquely identify each communication device 30 by acquiring the management number from the setting device 10.
  • the control device 20 associates, from the setting device 10, a management number that allows the network operator (user) to designate the communication device 30 and information (MAC address) unique to each of the plurality of communication devices 30. This is for acquiring information.
  • the database construction unit 205 is a means for constructing a communication device database for managing the communication device 30 in the storage unit 202 when the information acquisition unit 203 obtains a management ledger file or the like from the network operator.
  • the database construction unit 205 is activated when a command related to construction of the communication device database is received via the information acquisition unit 203.
  • the database construction unit 205 When constructing the communication device database, the database construction unit 205 identifies a software file (substance file of the program) corresponding to the “software version” described in the management ledger file from the software file group in the storage unit 202. Furthermore, the database construction unit 205 replaces the numerical value (parameter) described in the configuration template file of the storage unit 202 with the numerical value described in “Configuration” described in the management ledger file, and the corresponding configuration. Generate a file. Thereafter, the database construction unit 205 associates the management number, the identified software file, and the generated configuration file with each other, and registers them as one entry in the communication device database (see FIG. 6). The database construction unit 205 performs the above-described work on the communication devices 30-1 to 30-6 and constructs the communication device database.
  • the network administrator inputs a command related to the setting update of the communication device 30 to the setting device 10.
  • the information acquisition unit 203 provides a network administrator with an interface for designating a communication device that is a setting update target and inputting a command for instructing the setting update of the designated communication device.
  • the setting update processing unit 206 is a means for processing a command related to setting update of the communication device acquired via the information acquisition unit 203.
  • the setting update processing unit 206 includes submodules including an update target inspection unit 211, a network state inspection unit 212, a topology change instruction unit 213, and an update execution unit 214.
  • the command related to the setting update of the communication device includes information indicating that the setting of the communication device is updated (software and configuration are updated) and information specifying the communication device for which the setting is updated (management ledger file management). Number). Alternatively, it may be possible to specify which software (which version of software) each communication device 30 uses.
  • the update target inspection unit 211 is a means for inspecting the setting of the communication device 30 specified by the command. More specifically, the update target inspection unit 211 investigates the software version and configuration of the designated communication device 30 (one of the communication devices 30 when a plurality of communication devices 30 is designated).
  • the update target inspection unit 211 instructs the designated communication device 30 to report the software version and configuration of the own device.
  • the update target inspection unit 211 obtains a response from the communication device 30, the communication specified by the command based on the management ledger file (see FIG. 5) stored in the storage unit 202 and the response from the communication device 30. It is determined whether software update or configuration update of the device 30 is necessary.
  • the update target inspection unit 211 refers to the management ledger file and acquires the “software version” and “configuration” of the designated communication device 30. Thereafter, the update target inspection unit 211 compares the acquired information with the information acquired from the communication device 30, and determines that a software update or a configuration update is necessary if they are different.
  • the update target inspection unit 211 determines whether or not setting update (software and / or configuration update) of the communication device 30 is necessary and whether or not the communication device 30 needs to be restarted.
  • the update target inspection unit 211 determines that the setting update of the communication device 30 is at least necessary, the update target inspection unit 211 notifies the network state inspection unit 212 of the determination result (details of setting update, necessity of restart).
  • the network state inspection unit 212 is a means for inspecting whether or not the network composed of the communication devices 30 controlled by the control device 20 is normal. Specifically, the network state inspection unit 212 inquires of the control device 20 whether or not the network is normal.
  • the network state inspection unit 212 notifies the topology change instruction unit 213 to that effect (network is normal). To do.
  • the network state inspection unit 212 acquires information indicating that (the network is abnormal). Notification to the unit 203.
  • the information acquisition unit 203 responds that the command input related to the setting update of the communication device 30 by the network operator has not been processed normally.
  • the topology change instruction unit 213 is a means for instructing the control device 20 to change the topology of the network composed of the communication devices 30. Specifically, when the topology change instruction unit 213 receives a notification that the network is normal from the network state inspection unit 212, the topology change instruction unit 213 updates the setting among the plurality of communication devices 30 to the control device 20. The designated communication device 30 is instructed to be excluded from the network composed of the plurality of communication devices 30. Note that the topology change instruction unit 213 uses the management number described in the management ledger file to specify the communication device 30 to be excluded from the network.
  • the topology change instruction unit 213 stores the communication device 30 that has been instructed to be excluded from the network (stores the management number of the device).
  • control device 20 When the control device 20 receives the instruction from the setting device 10 (topology change instruction unit 213), the control device 20 changes the topology of the network so as to exclude the designated communication device 30. As a result, in the communication system, the packet is not transferred to the communication device 30 designated to be excluded from the network.
  • the topology change instructing unit 213 When the topology change instructing unit 213 receives a response from the control device 20 indicating that the exclusion process of the communication device 30 has been normally completed, the topology change instructing unit 213 notifies the update execution unit 214 of the response. On the other hand, when the topology change instructing unit 213 receives a response from the control device 20 indicating that the exclusion process of the communication device 30 has not ended normally, the topology change instructing unit 213 notifies the information acquiring unit 203 accordingly. In this case, the information acquisition unit 203 responds to the network operator that the acquired command has not been processed normally.
  • the update execution unit 214 is a means for executing setting update (software update, configuration update) of the communication device 30. More specifically, when the update execution unit 214 receives the above notification from the topology change instruction unit 213 (exclusion processing of the communication device 30 is normally completed), the communication device database built in the storage unit 202 (see FIG. 6). The communication device 30 to be updated is searched using the management number as a key.
  • the update execution unit 214 transmits the software file and configuration file of the searched entry to the communication device 30 to be updated, and instructs an update using the file.
  • the communication device 30 updates the software and configuration using the acquired software file and configuration file.
  • the update execution unit 214 updates the setting of the communication device 30 after the communication device 30 that is the target of the setting update is excluded from the network.
  • the update execution unit 214 instructs the communication device 30 to restart.
  • the communication device 30 may spontaneously restart.
  • the update execution unit 214 determines that the setting update of the communication device 30 has been normally completed, the update execution unit 214 notifies the update target inspection unit 211 of the fact. Upon receiving the notification, the update target inspection unit 211 executes the above-described dry run, and confirms that the update execution unit 214 has successfully updated the software and configuration. If the update of the software or the like is successful, the update target inspection unit 211 notifies the topology change instruction unit 213 to that effect.
  • the topology change instruction unit 213 designates the previously stored communication device 30 to be excluded from the network, and instructs the control device 20 to return the communication device 30 to the network. That is, the topology change instruction unit 213 instructs the control device 20 to return the excluded communication device 30 to the network after the setting of the communication device 30 that is the target of the setting update is updated.
  • the instruction is processed normally, the packet is transferred to the communication device 30 excluded from the network.
  • the topology change instruction unit 213 When the control device 20 receives a response indicating that the network topology change has been completed normally, the topology change instruction unit 213 notifies the network state inspection unit 212 to that effect.
  • the network state inspection unit 212 inquires of the control device 20 whether or not the network is normal. When the response indicating that the network is normal is obtained from the control device 20, the network state inspection unit 212 notifies the information acquisition unit 203 to that effect. Receiving the notification, the information acquisition unit 203 sends a response (acknowledgement) to the command related to the setting update of the communication device 30 to the network operator. That is, after the excluded communication device 30 returns to the network, the network state inspection unit 212 inquires of the control device 20 whether or not the network is normal. When the setting device 10 receives a response indicating that the network is normal from the control device 20, the setting device 10 determines that the setting update of the communication device 30 that is the target of the setting update has been completed normally.
  • FIG. 7 is a block diagram illustrating an example of a processing configuration of the control device 20 according to the first embodiment.
  • the control device 20 includes a communication control unit 301, a storage unit 302, and a network control unit 303.
  • the communication control unit 301 is a means for controlling communication between the control device 20 and other devices (setting device 10, communication device 30).
  • the communication control unit 301 distributes the packet to various processing modules.
  • the communication control unit 301 acquires a packet from the processing module, the communication control unit 301 transmits the packet to another device.
  • the communication control unit 301 acquires information related to the correspondence between the management number of the communication device 30 and the IP address from the setting device 10
  • the communication control unit 301 stores the information in the storage unit 302 and can be referred to by other processing modules. State.
  • the storage unit 302 is a means for storing various information.
  • Information related to the topology of the network including the communication devices 30 (for example, link information between the communication devices 30) is registered in advance in the storage unit 302 from a network operator or the like.
  • the control device 20 may acquire information from the communication device 30 and automatically generate a network topology.
  • the network control unit 303 is means for controlling and managing a network including the communication devices 30 included in the communication system.
  • the network control unit 303 includes submodules including a transfer path calculation unit 311, a processing rule setting unit 312, a network state confirmation unit 313, and a topology change unit 314.
  • the transfer route calculation unit 311 is a means for calculating the transfer route of the network packet formed by the communication device 30. Specifically, when receiving a processing rule setting request from the communication device 30, the transfer path calculation unit 311 calculates the packet transfer path of the received packet based on the network topology stored in the storage unit 302. The transfer path calculation unit 311 registers the calculated packet transfer path in the storage unit 302.
  • the processing rule setting unit 312 is a means for setting a processing rule in the communication device 30. More specifically, the processing rule setting unit 312 generates a processing rule to be set in each of the communication devices 30 based on the packet transfer path calculated by the transfer path calculation unit 311 and communicates the generated processing rule. Set for each device 30.
  • the network status confirmation unit 313 is a means for processing an inquiry (inquiry about whether the network is normal) from the setting device 10 described above.
  • the network status confirmation unit 313 that has received the inquiry transmits a signal for inquiring whether all the communication devices 30 or the main communication device 30 under the inquiry about the life and death of each communication device 30. Check (Disabled). After confirming the life and death of the individual communication device 30, the network state confirmation unit 313 receives the response indicating that the operation state is normal from all the communication devices 30 or the main communication device 30. A response indicating that “the network is normal” is made. On the other hand, when the communication device 30 is not operating or when the main communication device 30 is not operating, the network status confirmation unit 313 sends a response to the setting device 10 that “the network is abnormal”. Do.
  • the topology change unit 314 is a means for processing an instruction from the setting device 10 (an instruction to remove or restore the designated communication device 30 from the network).
  • the topology change unit 314 changes the information on the network topology stored in the storage unit 302. Specifically, the topology changing unit 314 disconnects a link that the designated communication device 30 has with another communication device 30 to update the network topology. Thereafter, the topology changing unit 314 instructs the transfer route calculating unit 311 to recalculate the packet transfer route stored in the storage unit 302 and affected by the excluded communication device 30.
  • the processing rule setting unit 312 sets a processing rule corresponding to the recalculated packet transfer path in the communication device 30.
  • the topology changing unit 314 indicates that the instruction from the setting device 10 has been processed normally when the recalculation of the packet transfer path and the setting of the processing rule are completed normally. Response (acknowledgment). On the other hand, when the recalculation of the packet transfer path or the like does not end normally, the topology change unit 314 makes a response (negative response) indicating that the instruction from the setting device 10 has not been processed normally.
  • the topology changing unit 314 constructs the network topology that has returned the communication device 30 and sets processing rules corresponding to the network topology. To the transfer route calculation unit 311 and the processing rule setting unit 312.
  • the topology changing unit 314 recalculates the packet transfer paths that are affected by the excluded communication device 30 among the previously calculated packet transfer routes, and sets the corresponding processing rule in the communication device 30.
  • the exclusion of the communication device 30 and the maintenance of the network by the topology changing unit 314 are not limited to the method, and various methods can be employed.
  • the topology changing unit 314 uses a different communication device by using the detour processing disclosed in International Publication No. 2014/057977, or uses a redundant side if the configuration is redundant. May be. That is, any method may be used as long as the network topology is changed so that data is not input to the communication device 30 to be excluded.
  • FIG. 8 is a block diagram illustrating an example of a processing configuration of the communication device 30 according to the first embodiment.
  • the communication device 30 includes a communication control unit 401, a table management unit 402, a storage unit 403, a transfer processing unit 404, a setting confirmation unit 405, and a setting update unit 406. Has been.
  • the communication control unit 401 is means for controlling communication between the communication device 30 and other devices (setting device 10 and control device 20). When the communication control unit 401 receives a packet, the communication control unit 401 distributes the packet to various processing modules. When the communication control unit 401 acquires a packet from the processing module, the communication control unit 401 transmits the packet to another device.
  • the table management unit 402 is a means for managing the table stored in the storage unit 403. More specifically, when the table management unit 402 registers the processing rule (control information) instructed by the control device 20 in the table database and is notified that a new packet has been received from the transfer processing unit 404, the control is performed. The apparatus 20 is requested to set a processing rule.
  • the table database is configured by a database that can store one or more tables to be referred to when the transfer processing unit 404 processes received packets.
  • the transfer processing unit 404 includes a sub module including a table search unit 411 and an action execution unit 412.
  • the table search unit 411 is means for searching a processing rule having a match field that matches a received packet from a table stored in a table database.
  • the action execution unit 412 is a unit that performs packet processing according to the processing content indicated in the instruction field of the processing rule searched by the table search unit 411. In addition, when a processing rule having a match field that matches the received packet is not found, the transfer processing unit 404 notifies the table management unit 402 to that effect.
  • the table management unit 402 requests the control device 20 to set a processing rule via the communication control unit 401 when there is no processing rule corresponding to the received packet.
  • the setting confirmation unit 405 is a means for processing an instruction (instruction for reporting the software version or configuration of the own apparatus) from the setting apparatus.
  • the setting confirmation unit 405 identifies its own software version and configuration by comparing the software version numbers and comparing the files themselves, and responds to the setting device 10.
  • the setting update unit 406 is means for updating (updating) the software and configuration of the own device using the software file and the configuration file provided from the setting device 10. Specifically, the setting update unit 406 rewrites the software file and the configuration file stored in a storage medium such as an HDD with the provided file, and updates the setting of the own device.
  • the communication device 30 shown in FIG. 8 can be realized by adding the above-described setting confirmation function and setting update function to the OpenFlow switch described in Non-Patent Documents 1 and 2.
  • FIG. 9 is a sequence diagram showing an example of the operation of the communication system according to the first embodiment.
  • the setting device 10 inputs initial data from the network operator (step S101). Specifically, the network operator places a management ledger file, a configuration template file, and a software file group to be installed in the communication device 30 in the setting device 10.
  • the setting device 10 constructs a communication device database in response to a command input from the network operator (step S102). Specifically, the setting device 10 prepares a software file and a configuration file to be set in each communication device 30 from the information input in step S101, and constructs a communication device database.
  • the setting device 10 activates the address distribution unit 204 and registers the correspondence between the address (for example, IP address) assigned to each communication device 30 and the address (for example, MAC address) unique to each communication device 30 (step). S103).
  • the address for example, IP address
  • the address for example, MAC address
  • the initial setting of the setting device 10 is completed by the procedure of steps S101 to S103.
  • the setting device 10 inputs a command from the network operator (command related to setting update of the communication device 30) (step S104).
  • the contents instructed by the command are an instruction to update the setting of the communication device 30 and a number for specifying one or more communication devices 30.
  • the management number uniquely specified by the management ledger file and registered in the communication device database is used.
  • the setting update of the communication device 30 (update of the communication device 30) means a setting update in which the communication device 30 changes to a state organized by the communication device database generated by the setting device 10 in step S102. .
  • the setting device 10 executes the above-described dry run for the designated communication device 30 (step S105). Specifically, the setting device 10 selects one communication device 30 from the designated communication device 30 (group), and gives an instruction to investigate the current software and configuration of the communication device 30. Note that the execution of the dry run reveals the necessity of updating the software of the designated communication device 30 and the necessity of updating the configuration. In addition, when the software update is necessary, the network device needs to be restarted. When the configuration change is necessary, it is also determined whether the communication device 30 needs to be restarted.
  • the setting device 10 updates the setting of the communication device 30 according to the result of step S105.
  • the setting device 10 recognizes all the communication devices 30 existing in the network based on the communication device database generated in step S102. Therefore, the setting device 10 confirms the operating state regarding each of these communication devices 30.
  • the setting device 10 inquires of the control device 20 whether or not the network is normal (step S106). By executing this step, the setting device 10 can confirm that there is no invalid (abnormal) communication device 30 and the network is normal.
  • the setting device 10 instructs the control device 20 to exclude the communication device 30 from the network using the management number of the communication device 30 as a parameter (step S107).
  • the control device 20 corrects the network topology. As a result, data communication does not pass through the designated communication device 30.
  • the setting device 10 instructs the designated communication device 30 to update the setting (step S108).
  • the setting device 10 restarts the communication device 30 or the communication device 30 restarts spontaneously (automatically).
  • step S109 the setting device 10 performs dry run again (step S109), thereby confirming that the setting update of the communication device 30 in step S108 has been successful.
  • step S109 after the setting device 10 confirms the normality of the communication device 30, the setting device 10 causes the control device 20 to return the communication device 30 to the network using the management number of the communication device 30 as a parameter.
  • An instruction to this effect is given (step S110). That is, the setting device 10 designates the previously excluded communication device 30 and instructs the control device 20 to return the communication device 30 to the network. By this processing, the network topology is restored, and data communication passes through the communication device before switching the route.
  • the setting device 10 inquires of the control device 20 whether or not the network is normal, similarly to step S106 (step S111). That is, the setting device 10 confirms “whether the device is valid or invalid” for each of the communication devices 30. With this processing, the setting device 10 confirms that the invalid communication device 30 does not exist and the network is normal, and completes the command processing related to the setting update of the communication device 30.
  • Step S104 processing related to setting update relating to one communication device 30, and therefore when a plurality of communication devices 30 are designated in Step S104, the corresponding number The process is repeated.
  • the setting device 10 when setting update of the three communication devices 30 including the communication devices 30-1, 30-2, and 30-3 is instructed by command input, the setting device 10 After the setting update of 30-1 is completed, the settings of the communication devices 30-2 and 30-3 are updated sequentially.
  • FIG. 10 shows a packet transfer path before a command related to setting update of the communication device 30 is input from the network operator. For example, a packet transmitted from the terminal 40-1 reaches the terminal 40-4 via packet transfer paths of the communication devices 30-1, 30-2, and 30-6.
  • FIG. 11 and FIG. 12 are diagrams illustrating packet transfer when the network operator designates the communication device 30-2 and inputs a command related to setting update of the communication device from the state shown in FIG. is there.
  • the setting device 10 designates the communication device 30-2 and instructs the control device 20 to exclude the device from the network.
  • the control device 20 newly constructs a network topology excluding the communication device 30-2.
  • the packet transmitted from the terminal 40-1 reaches the terminal 40-4 via the packet transfer paths of the communication devices 30-1, 30-5, and 30-6 (see FIG. 11). That is, according to the above instruction from the setting device 10, the communication device 30-2 is temporarily disconnected from the operating network and excluded (see FIG. 12).
  • the network operation can be continued even if the communication device 30-2 is not operating normally. Therefore, a network failure does not occur even if a restart or the like accompanying a setting update of the communication device 30-2 occurs.
  • the communication device 30-2 becomes ready to return to the network.
  • the setting device 10 instructs the control device 20 to return the communication device 30-2 to the network.
  • the packet transfer path returns to the state shown in FIG.
  • the setting device 10 in the configuration in which the control device 20 (controller) and the communication device 30 (switch) are separated, the setting device 10 with respect to the interface provided in the control device 20. , The topology change is performed so that the route is excluded so that the data communication (flow that accommodates the packet) does not pass through the communication device to be updated. At that time, the setting device 10 completes the update of the communication device 30 as a necessary process, confirms its normality, and then the setting device 10 instructs the interface provided in the control device 20 to change the network topology. The route through the communication device is restored.
  • the setting device 10 executes a series of update sequences in consideration of not only the communication device 30 that is the target of setting update, but also the entire network.
  • the update sequence is automatically performed without human intervention, and a management number and a communication device that uniquely indicate the communication device 30 necessary when the setting device 10 operates an interface with the control device 20.
  • 30 addresses are linked and matched, and the intended communication device 30 can be excluded.
  • the setting device 10 performs one or more controls.
  • a network system capable of switching the network topology by instructing the device 20 (including an orchestrator when the network is virtualized) is provided. Note that the above redundancy includes duplication of communication devices and link aggregation using a plurality of communication devices.
  • the network operator can automatically update the software and configuration of the specific communication device 30. At that time, since the target communication device 30 is excluded from the network, the update processing of the communication device 30 can be normally executed without causing a network failure (without stopping communication flowing in the network). Can do.
  • the network operator can collectively issue an update instruction to the setting device 10. Can be done. This is because the setting device 10 changes the topology and restores each time, so that there is no need for manual intervention during the processing. As a result, it is possible to reduce resources required for setting update of the communication device 30 and reduce human errors.
  • the communication system described in the first embodiment is an example, and is not intended to limit the configuration of the system.
  • the configuration based on the idea of SDN in which a controller and a switch (packet transfer device) are separated has been mainly described.
  • it may be an existing network, for example, an IP network on which a routing protocol such as OSPF (Open Shortest Path First) operates.
  • OSPF Open Shortest Path First
  • the configuration device interfaces with the network device (router), and changes the setting of the routing protocol while operating the network, thereby preventing data communication through the network device.
  • the route can be excluded so that the network device is not used.
  • the setting is restored to the original state.
  • the MAC address is used as the information for uniquely associating the communication device with the management number, but other information (name and number unique to the communication device) may be used.
  • DHCP is used as the address distribution method to the communication device group, but any other method such as BOOTP (Bootstrap Protocol) can be used.
  • the setting device 10 may be physically or functionally bundled with the control device 20 in the SDN environment.
  • the setting device 10 and the control device 20 can construct the function virtually on a general-purpose server using, for example, NFV (Network Function Virtual).
  • NFV Network Function Virtual
  • control device 20 In the first embodiment, the case where there is one control device 20 has been described. However, when there are a plurality of control devices 20 for configuring a network, an instruction is given to the plurality of control devices 20. It may be done.
  • an instruction is given to the control device 20, but when there is an orchestrator that manages a plurality of control devices or a network system on the network, Instructions may be given.
  • the present invention can be suitably applied in an environment where a large number of network devices (switches) are deployed, such as a data center and a corporate / campus network. is there.
  • a network configured using the idea of SDN.
  • a communication system that satisfies the desire to update the settings of many communication devices in a large-scale data center without human intervention, and has high added value for customers who operate large-scale data centers. Can provide.
  • the network state inspection unit After the excluded communication device returns to the network, the control device is inquired whether the network is normal,
  • the topology change instruction unit includes: The setting device according to mode 2, wherein when the network to which the excluded communication device is restored is normal, it is determined that the setting update of the communication device that is the target of the setting update has been completed normally.
  • the setting device according to one.
  • the topology change instruction unit includes: Instructing the control device to exclude the communication device from the network when the confirmed setting is different from the setting registered in advance for the communication device to be updated.
  • the setting device according to any one of Forms 1 to 6.
  • [Form 9] It is as the setting update method of the communication apparatus which concerns on the above-mentioned 3rd viewpoint.
  • [Mode 10] It is as the program which concerns on the above-mentioned 4th viewpoint.
  • Forms 8 to 10 can be developed into forms 2 to 7, as in form 1.

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention provides a setting device which updates the setting of communication devices constituting a network while the network is being operated. The setting device is a device for updating the setting of a plurality of communication devices each of which transfers a packet and is controlled by a control device. The setting device is provided with a topology change instruction unit which designates a communication device the setting of which is to be updated among the plurality of communication devices, and instructs the control device to exclude the designated communication device from a network comprising the plurality of communication devices. The setting device is provided with an update execution unit which, after the communication device the setting of which is to be updated is excluded from the network, updates the setting of the communication device the setting of which is to be updated. The topology change instruction unit instructs the control device to return the excluded communication device to the network after the setting of the communication device the setting of which is to be updated is updated.

Description

設定装置、通信システム、通信装置の設定更新方法及びプログラムSETTING DEVICE, COMMUNICATION SYSTEM, COMMUNICATION DEVICE SETTING UPDATING METHOD, AND PROGRAM
 (関連出願についての記載)
 本発明は、日本国特許出願:特願2016-052564号(2016年3月16日出願)の優先権主張に基づくものであり、同出願の全記載内容は引用をもって本書に組み込み記載されているものとする。
 本発明は、設定装置、通信システム、通信装置の設定更新方法及びプログラムに関する。 (Description of related applications)
The present invention is based on the priority claim of Japanese Patent Application No. 2016-052564 (filed on Mar. 16, 2016), the entire contents of which are incorporated herein by reference. Shall.
The present invention relates to a setting device, a communication system, a setting update method for a communication device, and a program.
 データセンタや企業等において運用されるキャンパスネットワーク(構内ネットワーク)では、多くのサーバやネットワーク装置(パケット転送装置;例えば、スイッチやルータ等の通信装置)が用いられている。また、近年、ハードウェアの構成を変更せず、ソフトウェアによる設定によりネットワークの構成を変更するSDN(Software Defined Networking)の利用が進んでいる。 In a campus network (private network) operated in a data center or a company, many servers and network devices (packet transfer devices; for example, communication devices such as switches and routers) are used. In recent years, the use of SDN (Software Defined Networking) that changes the network configuration by setting by software without changing the hardware configuration has been advanced.
 非特許文献1、2にて、オープンフロー(Open Flow)という技術が提案され、このオープンフローに対応した制御装置(Controller)や転送装置(Switch)が利用されている。オープンフローは、通信をエンドツーエンドのフローとして捉え、フロー単位で経路制御、障害回復、負荷分散、最適化、帯域制御などを行うものである。現在、上記SDNの考えを取り入れたネットワークシステムが、大規模なデータセンタ等にて運用され始めている。 In Non-Patent Documents 1 and 2, a technique called OpenFlow is proposed, and a control device (Controller) and a transfer device (Switch) corresponding to the OpenFlow are used. OpenFlow is a communication that considers communication as an end-to-end flow, and performs path control, failure recovery, load balancing, optimization, bandwidth control, and the like on a per-flow basis. Currently, network systems incorporating the above SDN concept have begun to be used in large-scale data centers and the like.
 なお、非特許文献2に仕様化されているオープンフロースイッチは、オープンフローコントローラとの通信用のセキュアチャネルを備え、オープンフローコントローラから適宜追加または書き換え指示されるフローテーブルに従って動作する。フローテーブルには、フロー毎に、パケットヘッダと照合するマッチ条件(Match Fields)と、フロー統計情報(Counters)と、処理内容を定義したインストラクション(Instructions)と、の組が定義される(非特許文献2の「4.1 Flow Table」の項参照)。 Note that the OpenFlow switch specified in Non-Patent Document 2 includes a secure channel for communication with the OpenFlow controller, and operates according to a flow table that is appropriately added or rewritten from the OpenFlow controller. In the flow table, for each flow, a set of match conditions (Match Fields) to be matched with the packet header, flow statistical information (Counters), and instructions (Instructions) that define processing contents is defined (non-patented) (Refer to “4.1 Flow Table” in Document 2).
 なお、上記先行技術文献の各開示を、本書に引用をもって繰り込むものとする。以下の分析は、本発明者らによってなされたものである。 It should be noted that the disclosures of the above prior art documents are incorporated herein by reference. The following analysis was made by the present inventors.
 サーバ、スイッチ等の通信装置をネットワークに導入する際、当該装置にソフトウェアのインストールやコンフィグレーションの設定(環境設定)を行う必要がある。さらに、当該装置がネットワークに導入された後においても、機能の追加や不具合の修正のために、ソフトウェアやコンフィグレーションの更新が行われることがある。 When a communication device such as a server or switch is introduced into a network, it is necessary to install software or set a configuration (environment setting) in the device. Further, even after the device is introduced into the network, software and configuration may be updated to add functions and correct defects.
 ここで、ネットワークを構成する装置のうち、サーバに関しては、動作中にコンフィグレーションを更新するような種々のソフトウェアが存在する。しかし、通信装置(ネットワーク装置)に関しては、このようなソフトウェアは存在しない。そのため、通信装置のソフトウェアやコンフィグレーションを更新する場合には、ネットワークに組み込まれた通信装置を停止し、ソフトウェア等の更新を行った後に当該装置の再起動を行う必要がある。しかし、ネットワークを構成する装置である通信装置(例えば、スイッチ、ルータ等)を無考慮に停止し、再起動すると、当該装置を経由する通信が遮断され、ネットワーク障害の要因となり得る。 Here, among the devices constituting the network, there are various types of software that update the configuration during operation for the server. However, there is no such software for communication devices (network devices). Therefore, when updating the software or configuration of a communication device, it is necessary to stop the communication device incorporated in the network and restart the device after updating the software or the like. However, if a communication device (for example, a switch, a router, etc.) that is a device constituting a network is stopped without consideration and restarted, communication via the device is interrupted, which may cause a network failure.
 このようなネットワーク障害を回避するため、通信装置を制御するためのコントローラと通信装置が分離されたネットワーク(例えば、オープンフロー技術によるネットワーク)においては、ネットワーク運用者がコントローラを直接操作(マニュアル操作)することにより、ネットワークトポロジを変更している。具体的には、ソフトウェア等の更新が行われる通信装置(停止、再起動がなされる装置)を含む経路を通らないように(例えば、冗長化された一方の経路が除外されるように)ネットワークトポロジが変更される。その上で、ネットワークの運用者が、通信装置の設定を管理する設定装置(コンフィグレーション装置)に対して、上記通信装置のソフトウェア更新やコンフィグレーションの更新を指示している。 In order to avoid such a network failure, in a network where the controller for controlling the communication device and the communication device are separated (for example, a network based on the open flow technology), the network operator directly operates the controller (manual operation). By changing the network topology. Specifically, the network does not pass through a route including a communication device (a device that is stopped or restarted) in which software or the like is updated (for example, one redundant route is excluded). The topology is changed. Then, the network operator instructs the setting device (configuration device) that manages the settings of the communication device to update the software of the communication device or update the configuration.
 設備導入時等のネットワークが稼働していない場合には、ソフトウェア更新等の対象となっている通信装置を含む経路を考慮する必要はなく、その場合には設定更新(ソフトウェア、コンフィグレーションの更新)の自動化は可能である。しかし、ネットワークが稼働している場合には、上記ネットワーク運用者によるコントローラのマニュアル操作がなければ、ネットワーク障害を引き起こしかねない。さらに、ネットワーク運用者によるマニュアル操作では、誤った経路を除外してしまう等のヒューマンエラーが生じる可能性があり、当該ヒューマンエラーによりネットワーク障害が発生する可能性もある。 If the network is not in operation, such as when equipment is installed, there is no need to consider the route including the communication device that is the target of software update. In that case, setting update (software and configuration update) Can be automated. However, when the network is operating, a network failure may occur unless the network operator manually operates the controller. Further, in manual operation by a network operator, a human error such as removing an incorrect route may occur, and a network failure may occur due to the human error.
 このように、設定装置(コンフィグレーション装置)を用いた装置環境の更新は通常行われるものであるが、その際の事情がサーバ装置等の装置とルータ等の装置では異なっている。つまり、サーバ装置を設定更新(アップデート)するためにコンフィグレーション装置を用いる際には、当該サーバ装置を切断することで生じる影響だけを考慮すればよい。しかし、ネットワークを構成する通信装置(スイッチ)に関しては、当該装置を経由する経路の全体(ネットワークの全体)を考慮する必要がある。また、ネットワークに多数の通信装置が含まれる場合、ネットワークによっては、設定更新を行う全ての装置をデータが経由しないよう、一度にネットワークトポロジを変更することは困難である。従って、このような場合、1台又は限られた台数の通信装置のアップデートのたびに、人手によるネットワークトポロジの変更が必要となる。しかし、このような作業をマニュアルで実行すると、ヒューマンエラーを誘発し易いという問題がある。 As described above, the update of the device environment using the setting device (configuration device) is normally performed, but the circumstances at that time are different between the device such as the server device and the device such as the router. That is, when using a configuration device to update (update) a server device, only the influence caused by disconnecting the server device needs to be considered. However, regarding the communication devices (switches) constituting the network, it is necessary to consider the entire route (the entire network) passing through the device. In addition, when a network includes a large number of communication devices, it is difficult to change the network topology at a time so that data does not pass through all the devices that perform setting update depending on the network. Therefore, in such a case, every time one or a limited number of communication devices are updated, it is necessary to manually change the network topology. However, there is a problem that human errors are likely to be induced when such operations are executed manually.
 本発明は、ネットワークを稼働させつつ、当該ネットワークを構成する通信装置の設定更新を行うことに寄与する、設定装置、通信システム、通信装置の設定更新方法及びプログラムを提供することを目的とする。 An object of the present invention is to provide a setting device, a communication system, a communication device setting update method, and a program that contribute to updating the settings of a communication device constituting the network while operating the network.
 本発明の第1の視点によれば、パケットを転送する装置であって制御装置により制御される、複数の通信装置に関する設定更新を行う装置であって、前記制御装置に対し、前記複数の通信装置のうち、設定更新の対象である通信装置を指定しつつ、前記指定された通信装置を前記複数の通信装置からなるネットワークから除外することを指示するトポロジ変更指示部と、前記設定更新の対象である通信装置が前記ネットワークから除外された後に、前記設定更新の対象である通信装置の設定を更新する更新実行部と、を備え、前記トポロジ変更指示部は、前記設定更新の対象である通信装置の設定が更新された後に、前記制御装置に対して、前記除外された通信装置を前記ネットワークに復帰させる指示を行う、設定装置が提供される。 According to a first aspect of the present invention, there is provided a device for transferring a packet and performing a setting update on a plurality of communication devices controlled by a control device, wherein the plurality of communication devices are communicated to the control device. A topology change instruction unit that instructs to exclude the designated communication device from the network composed of the plurality of communication devices while designating a communication device that is a setting update target among the devices, and the setting update target An update execution unit that updates the setting of the communication device that is the target of the setting update after the communication device is excluded from the network, and the topology change instruction unit is a communication that is the target of the setting update A setting device is provided that instructs the control device to return the excluded communication device to the network after the setting of the device is updated.
 本発明の第2の視点によれば、パケットを転送する、複数の通信装置と、前記複数の通信装置を制御する制御装置と、前記複数の通信装置に関する設定更新を行う設定装置と、を含み、前記設定装置は、前記制御装置に対し、前記複数の通信装置のうち、設定更新の対象である通信装置を指定しつつ、前記指定された通信装置を前記複数の通信装置からなるネットワークから除外することを指示し、前記設定更新の対象である通信装置が前記ネットワークから除外された後に、前記設定更新の対象である通信装置の設定を更新し、前記設定更新の対象である通信装置の設定が更新された後に、前記制御装置に対して、前記除外された通信装置を前記ネットワークに復帰させる指示を行う、通信システムが提供される。 According to a second aspect of the present invention, the communication device includes a plurality of communication devices that transfer packets, a control device that controls the plurality of communication devices, and a setting device that performs setting update related to the plurality of communication devices. The setting device specifies the communication device that is the target of setting update among the plurality of communication devices to the control device, and excludes the specified communication device from the network including the plurality of communication devices. After the communication device that is the setting update target is excluded from the network, the setting of the communication device that is the setting update target is updated, and the setting of the communication device that is the setting update target is updated. A communication system is provided that instructs the control device to return the excluded communication device to the network after the update.
 本発明の第3の視点によれば、パケットを転送する、複数の通信装置と、前記複数の通信装置を制御する制御装置と、を含むシステムにおいて、前記制御装置に対し、前記複数の通信装置のうち、設定更新の対象である通信装置を指定しつつ、前記指定された通信装置を前記複数の通信装置からなるネットワークから除外することを指示するステップと、前記設定更新の対象である通信装置が前記ネットワークから除外された後に、前記設定更新の対象である通信装置の設定を更新するステップと、前記設定更新の対象である通信装置の設定が更新された後に、前記制御装置に対して、前記除外された通信装置を前記ネットワークに復帰させる指示を行うステップと、を含む、通信装置の設定更新方法が提供される。 According to a third aspect of the present invention, in a system including a plurality of communication devices that transfer packets and a control device that controls the plurality of communication devices, the plurality of communication devices with respect to the control device. And instructing to exclude the designated communication device from the network composed of the plurality of communication devices while designating the communication device that is the setting update target, and the communication device that is the setting update target Is updated from the network, the step of updating the setting of the communication device that is the target of the setting update, and after the setting of the communication device that is the target of the setting update is updated, An instruction to return the excluded communication device to the network is provided.
 本発明の第4の視点によれば、パケットを転送する装置であって制御装置により制御される、複数の通信装置に関する設定更新を行う装置を制御するコンピュータに実行させるプログラムであって、前記制御装置に対し、前記複数の通信装置のうち、設定更新の対象である通信装置を指定しつつ、前記指定された通信装置を前記複数の通信装置からなるネットワークから除外することを指示する処理と、前記設定更新の対象である通信装置が前記ネットワークから除外された後に、前記設定更新の対象である通信装置の設定を更新する処理と、前記設定更新の対象である通信装置の設定が更新された後に、前記制御装置に対して、前記除外された通信装置を前記ネットワークに復帰させる指示を行う処理と、を実行させるプログラムが提供される。
 なお、このプログラムは、コンピュータが読み取り可能な記憶媒体に記録することができる。記憶媒体は、半導体メモリ、ハードディスク、磁気記録媒体、光記録媒体等の非トランジェント(non-transient)なものとすることができる。本発明は、コンピュータプログラム製品として具現することも可能である。 According to a fourth aspect of the present invention, there is provided a program that is executed by a computer that controls an apparatus that transfers a packet and that is controlled by a control apparatus and that performs setting update related to a plurality of communication apparatuses. Instructing a device to exclude a specified communication device from a network composed of the plurality of communication devices while designating a communication device that is a target of setting update among the plurality of communication devices; After the communication device that is the target of the setting update is excluded from the network, the processing for updating the setting of the communication device that is the target of the setting update and the setting of the communication device that is the target of the setting update are updated. And a program for instructing the control device to return the excluded communication device to the network. That.
This program can be recorded on a computer-readable storage medium. The storage medium may be non-transient such as a semiconductor memory, a hard disk, a magnetic recording medium, an optical recording medium, or the like. The present invention can also be embodied as a computer program product.
 本発明の各視点によれば、ネットワークを稼働させつつ、当該ネットワークを構成する通信装置の設定更新を行うことに寄与する、設定装置、通信システム、通信装置の設定更新方法及びプログラムが、提供される。 According to each aspect of the present invention, there are provided a setting device, a communication system, a communication device setting update method, and a program that contribute to updating a setting of a communication device configuring the network while operating the network. The
一実施形態の概要を説明するための図である。It is a figure for demonstrating the outline | summary of one Embodiment. 第1の実施形態に係る通信システムの構成の一例を示す図である。It is a figure which shows an example of a structure of the communication system which concerns on 1st Embodiment. 第1の実施形態に係る設定装置のハードウェア構成の一例を示す図である。It is a figure which shows an example of the hardware constitutions of the setting apparatus which concerns on 1st Embodiment. 第1の実施形態に設定装置の処理構成の一例を示すブロック図である。It is a block diagram which shows an example of the process structure of a setting apparatus in 1st Embodiment. 管理台帳ファイルの一例を示す図である。It is a figure which shows an example of a management ledger file. データベース構築部が生成する通信装置データベースの一例を示す図である。It is a figure which shows an example of the communication apparatus database which a database construction part produces | generates. 第1の実施形態に係る制御装置の処理構成の一例を示すブロックである。It is a block which shows an example of a process structure of the control apparatus which concerns on 1st Embodiment. 第1の実施形態に係る通信装置の処理構成の一例を示すブロック図である。It is a block diagram which shows an example of a process structure of the communication apparatus which concerns on 1st Embodiment. 第1の実施形態に係る通信システムの動作の一例を示すシーケンス図である。It is a sequence diagram which shows an example of operation | movement of the communication system which concerns on 1st Embodiment. 第1の実施形態に係る通信システムの動作を説明するための図である。It is a figure for demonstrating operation | movement of the communication system which concerns on 1st Embodiment. 第1の実施形態に係る通信システムの動作を説明するための図である。It is a figure for demonstrating operation | movement of the communication system which concerns on 1st Embodiment. 第1の実施形態に係る通信システムの動作を説明するための図である。It is a figure for demonstrating operation | movement of the communication system which concerns on 1st Embodiment.
 初めに、一実施形態の概要について説明する。なお、この概要に付記した図面参照符号は、理解を助けるための一例として各要素に便宜上付記したものであり、この概要の記載はなんらの限定を意図するものではない。 First, an outline of one embodiment will be described. Note that the reference numerals of the drawings attached to the outline are attached to the respective elements for convenience as an example for facilitating understanding, and the description of the outline is not intended to be any limitation.
 一実施形態に係る設定装置(コンフィグレーション装置)100は、パケットを転送する装置であって制御装置により制御される、複数の通信装置に関する設定更新を行う装置である(図1参照)。設定装置100は、制御装置に対し、複数の通信装置のうち、設定更新の対象である通信装置を指定しつつ、指定された通信装置を複数の通信装置からなるネットワークから除外することを指示するトポロジ変更指示部101を備える。設定装置100は、設定更新の対象である通信装置がネットワークから除外された後に、設定更新の対象である通信装置の設定を更新する更新実行部102を備える。上記トポロジ変更指示部101は、設定更新の対象である通信装置の設定が更新された後に、制御装置に対して、除外された通信装置を前記ネットワークに復帰させる指示を行う。なお、本願開示において、設定更新には、少なくとも通信装置のソフトウェア及びコンフィグレーションを更新することが含まれる。 A setting device (configuration device) 100 according to an embodiment is a device that transfers a packet and updates settings related to a plurality of communication devices controlled by a control device (see FIG. 1). The setting device 100 instructs the control device to exclude the specified communication device from the network including the plurality of communication devices while designating the communication device that is the target of setting update among the plurality of communication devices. A topology change instruction unit 101 is provided. The setting device 100 includes an update execution unit 102 that updates settings of a communication device that is a setting update target after the communication device that is a setting update target is excluded from the network. The topology change instruction unit 101 instructs the control device to return the excluded communication device to the network after the setting of the communication device that is the target of the setting update is updated. In the present disclosure, the setting update includes at least updating software and configuration of the communication device.
 設定装置100は、ネットワーク運用者が設定装置100に指示を行うことにより通信装置のソフトウェア更新やコンフィグレーション更新を自動的に行う仕組みを提供する。具体的には、設定装置100は、当該設定更新に係る処理を行う前に、ネットワークを制御する制御装置に指示を行うことによって、ネットワークトポロジを変更し、指定された通信装置を使用しないように経路を迂回させる処理を行う。その後、設定装置100は、指定された通信装置の設定更新を実行した後、制御装置に指示を行うことによって、元のネットワークトポロジに復旧させる。これにより、当初のネットワークで流れている通信を止めることなく(即ち、ネットワークを運用しながら)、通信装置の設定更新が行える。その結果、ネットワーク障害の誘発が抑制され、且つ、ネットワーク運用者による操作が不要となるので、通信装置の設定更新に関するヒューマンエラーの撲滅や通信装置の設定更新の効率化が図れる。 The setting device 100 provides a mechanism for automatically performing software update and configuration update of a communication device when a network operator instructs the setting device 100. Specifically, the setting device 100 changes the network topology by instructing the control device that controls the network before performing the processing related to the setting update so that the designated communication device is not used. Performs processing to bypass the route. Thereafter, the setting device 100 executes the setting update of the designated communication device, and then instructs the control device to restore the original network topology. This makes it possible to update the setting of the communication device without stopping the communication flowing in the original network (that is, operating the network). As a result, the induction of a network failure is suppressed and no operation by the network operator is required, so that it is possible to eliminate human errors related to the communication device setting update and to improve the efficiency of the communication device setting update.
 以下に具体的な実施の形態について、図面を参照してさらに詳しく説明する。なお、各実施形態において同一構成要素には同一の符号を付し、その説明を省略する。 Hereinafter, specific embodiments will be described in more detail with reference to the drawings. In addition, in each embodiment, the same code | symbol is attached | subjected to the same component and the description is abbreviate | omitted.
[第1の実施形態]
 第1の実施形態について、図面を用いてより詳細に説明する。 [First Embodiment]
The first embodiment will be described in more detail with reference to the drawings.
 図2は、第1の実施形態に係る通信システムの構成の一例を示す図である。図2を参照すると、通信システムは、設定装置10と、制御装置20と、通信装置30-1~30-6と、端末40-1~40-4と、を含んで構成される。なお、図2の構成は例示であって、通信装置や端末の数を限定する趣旨ではない。また、以降の説明において、通信装置30-1~30-6や端末40-1~40-4を区別する特段の理由がない場合には、単に「通信装置30」や「端末40」のように表記する。 FIG. 2 is a diagram illustrating an example of a configuration of the communication system according to the first embodiment. Referring to FIG. 2, the communication system includes a setting device 10, a control device 20, communication devices 30-1 to 30-6, and terminals 40-1 to 40-4. Note that the configuration of FIG. 2 is an example, and is not intended to limit the number of communication devices and terminals. Further, in the following description, when there is no particular reason for distinguishing between the communication devices 30-1 to 30-6 and the terminals 40-1 to 40-4, it is simply referred to as “communication device 30” or “terminal 40”. Indicate.
 図2に示す通信システムは、制御装置20(コントローラ)が、通信装置30(ルータ、スイッチ等のパケット転送装置)を集中的に制御する、SDN技術が適用されたネットワークを構成する。図2に示す通信システムには、例えば、データセンタ内のネットワークが想定され、当該ネットワークに対して設定装置10(コンフィグレーション装置)が導入されている。 The communication system shown in FIG. 2 configures a network to which the SDN technology is applied, in which the control device 20 (controller) centrally controls the communication device 30 (packet transfer devices such as routers and switches). In the communication system shown in FIG. 2, for example, a network in a data center is assumed, and a setting device 10 (configuration device) is introduced to the network.
 設定装置10は、通信装置30-1~30-6と制御装置20と接続されている。制御装置20は、通信装置30-1~30-6と接続されている。設定装置と他の装置や制御装置20と通信装置30は、セキュアチャンネルを介して接続される。 The setting device 10 is connected to the communication devices 30-1 to 30-6 and the control device 20. The control device 20 is connected to the communication devices 30-1 to 30-6. The setting device and other devices, the control device 20 and the communication device 30 are connected via a secure channel.
 設定装置10は、複数の通信装置30それぞれの装置に関する設定更新等の処理を行う装置である。より具体的には、設定装置10は、制御装置20とのインターフェースを備え、当該制御装置20に対して種々の指示を行う。また、設定装置10は、通信装置30とのインターフェースを備え、当該通信装置30のソフトウェアやコンフィグレーションの更新(アップデート)を行う装置でもある。 The setting device 10 is a device that performs processing such as setting update related to each of the plurality of communication devices 30. More specifically, the setting device 10 includes an interface with the control device 20 and gives various instructions to the control device 20. The setting device 10 is also a device that includes an interface with the communication device 30 and updates (updates) the software and configuration of the communication device 30.
 制御装置20は、複数の通信装置30を制御する装置である。具体的には、制御装置20は、通信装置30に対して処理規則を設定することで、パケットのフローを制御する(データの流れる経路を指定する)。 The control device 20 is a device that controls a plurality of communication devices 30. Specifically, the control device 20 controls the flow of packets by setting a processing rule for the communication device 30 (designates a data flow path).
 通信装置30は、パケットを転送する装置である。通信装置30は、制御装置20から設定される処理規則に従って、受信パケットを処理する(パケットを転送する)。通信装置30は、制御装置20から設定された処理規則に合致しないパケットを受信すると、当該受信パケットを制御装置20に送信し、処理規則の設定を依頼する。当該依頼を受けた制御装置20は、上記受信パケットを処理するための処理規則を生成し、当該処理規則を通信装置30に設定する。 The communication device 30 is a device that transfers packets. The communication device 30 processes the received packet (transfers the packet) according to the processing rule set by the control device 20. When receiving a packet that does not match the processing rule set from the control device 20, the communication device 30 transmits the received packet to the control device 20 and requests setting of the processing rule. Upon receiving the request, the control device 20 generates a processing rule for processing the received packet, and sets the processing rule in the communication device 30.
 端末40は、通信の端点となる装置である。端末40には、例えば、データセンタにおけるコンピュータサーバ装置が該当する。 The terminal 40 is a device serving as an end point of communication. The terminal 40 corresponds to, for example, a computer server device in a data center.
[ハードウェアの構成]
 次に、設定装置10のハードウェア構成について説明する。 [Hardware configuration]
Next, the hardware configuration of the setting device 10 will be described.
 図3は、第1の実施形態に係る設定装置10のハードウェア構成の一例を示す図である。設定装置10は、情報処理装置(コンピュータ)により構成可能であり、図3に例示する構成を備える。例えば、設定装置10は、内部バスにより相互に接続される、CPU(Central Processing Unit)11、メモリ12、入出力インターフェース13及び通信手段であるNIC(Network Interface Card)14等を備える。 FIG. 3 is a diagram illustrating an example of a hardware configuration of the setting apparatus 10 according to the first embodiment. The setting device 10 can be configured by an information processing device (computer) and has a configuration illustrated in FIG. For example, the setting device 10 includes a CPU (Central Processing Unit) 11, a memory 12, an input / output interface 13, and a NIC (Network Interface Card) 14 that are communication means, which are connected to each other via an internal bus.
 なお、図3に示す構成は、設定装置10のハードウェア構成を限定する趣旨ではない。設定装置10は、図示しないハードウェアを含んでもよい。さらに、設定装置10に含まれるCPU等の数も図3の例示限定する趣旨ではなく、例えば、複数のCPUが設定装置10に含まれていてもよい。 Note that the configuration shown in FIG. 3 is not intended to limit the hardware configuration of the setting device 10. The setting device 10 may include hardware (not shown). Further, the number of CPUs and the like included in the setting device 10 is not limited to the example illustrated in FIG. 3. For example, a plurality of CPUs may be included in the setting device 10.
 メモリ12は、RAM(Random Access Memory)、ROM(Read Only Memory)、補助記憶装置(ハードディスク等)である。 The memory 12 is a RAM (Random Access Memory), a ROM (Read Only Memory), or an auxiliary storage device (hard disk or the like).
 入出力インターフェース13は、図示しない表示装置や入力装置のインターフェースとなる手段である。表示装置は、例えば、液晶ディスプレイ等である。入力装置は、例えば、キーボードやマウス等のユーザ操作を受け付ける装置である。また、タッチパネル等のように表示装置と入力装置が一体となったインターフェースでもよい。 The input / output interface 13 is a means to be an interface of a display device and an input device (not shown). The display device is, for example, a liquid crystal display. The input device is a device that accepts user operations such as a keyboard and a mouse, for example. Further, an interface in which a display device and an input device are integrated, such as a touch panel, may be used.
 なお、他の装置(制御装置20、通信装置30、端末40)のハードウェア構成も上記設定装置10の構成と基本的に同じであり、当業者にとって明らかなものであるため、その説明を省略する。 The hardware configuration of other devices (the control device 20, the communication device 30, and the terminal 40) is basically the same as the configuration of the setting device 10 and is apparent to those skilled in the art, and thus the description thereof is omitted. To do.
[設定装置10の構成]
 図4は、第1の実施形態に設定装置10の処理構成の一例を示すブロック図である。図4を参照すると、設定装置10は、通信制御部201と、記憶部202と、情報取得部203と、アドレス配布部204と、データベース構築部205と、設定更新処理部206と、を含んで構成される。 [Configuration of Setting Device 10]
FIG. 4 is a block diagram illustrating an example of a processing configuration of the setting device 10 according to the first embodiment. Referring to FIG. 4, the setting device 10 includes a communication control unit 201, a storage unit 202, an information acquisition unit 203, an address distribution unit 204, a database construction unit 205, and a setting update processing unit 206. Composed.
 上記の各処理モジュールは、例えば、メモリ12に格納されたプログラムをCPU11が実行することで実現される。また、そのプログラムは、ネットワークを介してダウンロードするか、あるいは、プログラムを記憶した記憶媒体を用いて、更新することができる。さらに、上記処理モジュールは、半導体チップにより実現されてもよい。即ち、上記処理モジュールが行う機能を何らかのハードウェア、及び/又は、ソフトウェアで実行する手段があればよい。 Each processing module described above is realized by the CPU 11 executing a program stored in the memory 12, for example. The program can be downloaded through a network or updated using a storage medium storing the program. Furthermore, the processing module may be realized by a semiconductor chip. That is, it is sufficient if there is a means for executing the function performed by the processing module with some hardware and / or software.
 通信制御部201は、設定装置10と他の装置(制御装置20、通信装置30)間の通信を制御する手段である。通信制御部201は、パケットを受信すると各種処理モジュールに振り分ける、又は、処理モジュールからパケットを取得すると他の装置に向けてパケットを送信する。 The communication control unit 201 is means for controlling communication between the setting device 10 and other devices (the control device 20 and the communication device 30). When the communication control unit 201 receives a packet, the communication control unit 201 distributes the packet to various processing modules. When the communication control unit 201 acquires a packet from the processing module, the communication control unit 201 transmits the packet to another device.
 記憶部202は、各種情報を記憶する手段である。具体的には、記憶部202は、ネットワーク運用者が設定装置10に予め入力するファイルデータ(初期データ)を配置する領域を備える。また、記憶部202には、データベース構築部205によりデータベース(後述する通信装置データベース)が構築される。 The storage unit 202 is a means for storing various information. Specifically, the storage unit 202 includes an area in which file data (initial data) input in advance to the setting device 10 by the network operator is arranged. In the storage unit 202, a database (a communication device database described later) is constructed by the database construction unit 205.
 情報取得部203は、ネットワーク運用者に対して情報入力のインターフェースを提供する手段である。具体的には、情報取得部203は、ネットワーク運用者からネットワークの運用に必要な情報を予め入力する。 The information acquisition unit 203 is a means for providing an information input interface to the network operator. Specifically, the information acquisition unit 203 inputs in advance information necessary for network operation from a network operator.
 ネットワーク運用者は、設定装置10に接続されたデバイス(表示デバイス、操作デバイス)や図示しない端末を用いて、設定装置10に必要な情報を入力する。例えば、ネットワーク運用者は、管理台帳ファイル、コンフィグレーションテンプレートファイル、通信装置30にインストールするソフトウェアファイル群等に係る初期データを予め設定装置10に入力する。 The network operator inputs necessary information to the setting device 10 using a device (display device, operation device) connected to the setting device 10 or a terminal (not shown). For example, the network operator inputs initial data related to a management ledger file, a configuration template file, a software file group to be installed in the communication device 30 and the like to the setting device 10 in advance.
 管理台帳ファイルとは、通信装置30ごとに異なるパラメータが記載されたものであり、例えば、スプレッドシートの形式を有するファイルである。各通信装置30のパラメータには、通信装置30を特定するための管理番号、通信装置30のインターフェースから得られるMAC(Media Access Control)アドレス、ソフトウェアバージョン及びコンフィグレーション(環境設定の内容)が、少なくとも含まれる(図5参照)。 The management ledger file is a file in which parameters different for each communication device 30 are described, for example, a file having a spreadsheet format. The parameters of each communication device 30 include at least a management number for specifying the communication device 30, a MAC (Media Access Control) address obtained from the interface of the communication device 30, a software version, and a configuration (contents of environment setting). Included (see FIG. 5).
 なお、管理台帳ファイルに記載されるソフトウェアバージョンやコンフィグレーションは、ネットワークで稼働中の通信装置30に適用したいソフトウェアバージョンやコンフィグレーションを規定する情報である。例えば、図5の1行目は、管理番号が「1」により特定される通信装置30は、そのソフトウェアバージョンが「V_01」、コンフィグレーションの内容が「Conf_01」と管理されることを示す。 Note that the software version and configuration described in the management ledger file are information that defines the software version and configuration that are desired to be applied to the communication device 30 operating on the network. For example, the first line in FIG. 5 indicates that the communication device 30 identified by the management number “1” is managed with the software version “V — 01” and the configuration content “Conf — 01”.
 情報取得部203は、ネットワーク運用者が入力する上記初期データを、記憶部202に格納する。 The information acquisition unit 203 stores the initial data input by the network operator in the storage unit 202.
 情報取得部203は、ネットワーク運用者からのコマンドを受け付け、当該コマンドの処理結果を応答する手段でもある。具体的には、ネットワーク運用者は、後述する通信装置データベースの構築に係るコマンドや、通信装置30の設定更新に係るコマンドを設定装置10に入力する。情報取得部203は、入力されたコマンドを設定装置10の各種処理モジュールに割り振り、当該コマンドの処理を依頼し、その処理結果をネットワーク運用者に応答する。 The information acquisition unit 203 is also a means for receiving a command from the network operator and responding to the processing result of the command. Specifically, the network operator inputs a command related to construction of a communication device database, which will be described later, and a command related to setting update of the communication device 30 to the setting device 10. The information acquisition unit 203 allocates the input command to various processing modules of the setting device 10, requests processing of the command, and returns the processing result to the network operator.
 アドレス配布部204は、通信装置30の個別アドレス(例えば、MACアドレス)と各通信装置30に割り当て可能なアドレス(例えば、IP(Internet Protocol)アドレス)を対応付けて管理し、個別アドレスの取得に応じてアサイン可能なアドレスを通信装置30に配布する手段である。即ち、アドレス配布部204は、所謂、DHCP(Dynamic Host Configuration Protocol)サーバとしての機能を提供する手段である。つまり、設定装置10は、複数の通信装置30それぞれに固有の情報として通信装置30の個別アドレスを使用し、個別アドレスと複数の通信装置それぞれに割り当て可能なアドレスを対応付けて管理すると共に、割り当てたアドレスを通信装置30に配布する手段を有する。 The address distribution unit 204 manages an individual address (for example, a MAC address) of the communication device 30 in association with an address (for example, an IP (Internet Protocol) address) that can be assigned to each communication device 30, and acquires the individual address. In response to this, it is means for distributing an assignable address to the communication device 30. That is, the address distribution unit 204 is a means for providing a function as a so-called DHCP (Dynamic Host Configuration Protocol) server. That is, the setting device 10 uses the individual address of the communication device 30 as information unique to each of the plurality of communication devices 30 and manages the individual address and the address that can be assigned to each of the plurality of communication devices in association with each other. A means for distributing the received address to the communication device 30.
 また、アドレス配布部204は、管理台帳ファイルに記載された管理番号と通信装置30に割り振られたIPアドレスの対応に係る情報を、制御装置20に提供する。上記情報(管理番号とIPアドレスの対応関係)を取得した制御装置20は、設定装置10から管理番号を取得することで、各通信装置30を一意に特定できるようになる。制御装置20は、設定装置10から、ネットワーク運用者(ユーザ)による通信装置30の指定を可能とする管理番号と、複数の通信装置30それぞれに固有の情報(MACアドレス)と、が関連付けられた情報を取得するためである。 Also, the address distribution unit 204 provides the control device 20 with information related to the correspondence between the management number written in the management ledger file and the IP address assigned to the communication device 30. The control device 20 that has acquired the information (correspondence between the management number and the IP address) can uniquely identify each communication device 30 by acquiring the management number from the setting device 10. The control device 20 associates, from the setting device 10, a management number that allows the network operator (user) to designate the communication device 30 and information (MAC address) unique to each of the plurality of communication devices 30. This is for acquiring information.
 データベース構築部205は、情報取得部203がネットワーク運用者から管理台帳ファイル等を取得すると、通信装置30を管理するための通信装置データベースを記憶部202に構築する手段である。データベース構築部205は、情報取得部203を介して通信装置データベース構築に係るコマンドを受信した際に起動する。 The database construction unit 205 is a means for constructing a communication device database for managing the communication device 30 in the storage unit 202 when the information acquisition unit 203 obtains a management ledger file or the like from the network operator. The database construction unit 205 is activated when a command related to construction of the communication device database is received via the information acquisition unit 203.
 通信装置データベースの構築の際、データベース構築部205は、管理台帳ファイルに記載された「ソフトウェアバージョン」に対応するソフトウェアファイル(プログラムの実体ファイル)を記憶部202のソフトウェアファイル群から特定する。さらに、データベース構築部205は、記憶部202のコンフィグレーションテンプレートファイルに記載された数値(パラメータ)を、管理台帳ファイルに記載された「コンフィグレーション」に記載された数値に置き替え、対応するコンフィグレーションファイルを生成する。その後、データベース構築部205は、管理番号と、上記特定されたソフトウェアファイルと、上記生成されたコンフィグレーションファイルと、をそれぞれ対応付け、1つのエントリとして通信装置データベースに登録する(図6参照)。データベース構築部205は、通信装置30-1~30-6に関して上記作業を行い、通信装置データベースの構築を行う。 When constructing the communication device database, the database construction unit 205 identifies a software file (substance file of the program) corresponding to the “software version” described in the management ledger file from the software file group in the storage unit 202. Furthermore, the database construction unit 205 replaces the numerical value (parameter) described in the configuration template file of the storage unit 202 with the numerical value described in “Configuration” described in the management ledger file, and the corresponding configuration. Generate a file. Thereafter, the database construction unit 205 associates the management number, the identified software file, and the generated configuration file with each other, and registers them as one entry in the communication device database (see FIG. 6). The database construction unit 205 performs the above-described work on the communication devices 30-1 to 30-6 and constructs the communication device database.
 上述のように、ネットワーク管理者は、通信装置30の設定更新に係るコマンドを設定装置10に入力する。その際、情報取得部203は、設定更新の対象である通信装置を指定し、当該指定された通信装置の設定更新を指示するコマンドを入力するためのインターフェースをネットワーク管理者に提供する。 As described above, the network administrator inputs a command related to the setting update of the communication device 30 to the setting device 10. At this time, the information acquisition unit 203 provides a network administrator with an interface for designating a communication device that is a setting update target and inputting a command for instructing the setting update of the designated communication device.
 設定更新処理部206は、情報取得部203を介して取得した通信装置の設定更新に係るコマンドを処理する手段である。設定更新処理部206は、更新対象検査部211と、ネットワーク状態検査部212と、トポロジ変更指示部213と、更新実行部214と、からなるサブモジュールを備える。なお、通信装置の設定更新に係るコマンドには、通信装置の設定を更新する(ソフトウェア、コンフィグレーションを更新する)旨の情報と、設定更新を行う通信装置を指定する情報(管理台帳ファイルの管理番号)と、が含まれる。あるいは、各通信装置30がどのソフトウェア(どのバージョンのソフトウェア)を使用するかを指定できてもよい。 The setting update processing unit 206 is a means for processing a command related to setting update of the communication device acquired via the information acquisition unit 203. The setting update processing unit 206 includes submodules including an update target inspection unit 211, a network state inspection unit 212, a topology change instruction unit 213, and an update execution unit 214. The command related to the setting update of the communication device includes information indicating that the setting of the communication device is updated (software and configuration are updated) and information specifying the communication device for which the setting is updated (management ledger file management). Number). Alternatively, it may be possible to specify which software (which version of software) each communication device 30 uses.
 更新対象検査部211は、上記コマンドにより指定される通信装置30の設定を検査する手段である。より詳細には、更新対象検査部211は、指定された通信装置30(複数の通信装置30が指定された場合には、そのうちの1台)のソフトウェアバージョン、コンフィグレーションを調査する。 The update target inspection unit 211 is a means for inspecting the setting of the communication device 30 specified by the command. More specifically, the update target inspection unit 211 investigates the software version and configuration of the designated communication device 30 (one of the communication devices 30 when a plurality of communication devices 30 is designated).
 更新対象検査部211は、指定された通信装置30に対して、自装置のソフトウェアバージョンやコンフィグレーションを報告するように指示する。更新対象検査部211は、通信装置30から応答を取得すると、記憶部202に格納された管理台帳ファイル(図5参照)と、通信装置30からの応答と、に基づき、コマンドにより指定された通信装置30のソフトウェア更新やコンフィグレーション更新が必要か否かを判定する。 The update target inspection unit 211 instructs the designated communication device 30 to report the software version and configuration of the own device. When the update target inspection unit 211 obtains a response from the communication device 30, the communication specified by the command based on the management ledger file (see FIG. 5) stored in the storage unit 202 and the response from the communication device 30. It is determined whether software update or configuration update of the device 30 is necessary.
 具体的には、更新対象検査部211は、管理台帳ファイルを参照し、指定された通信装置30の「ソフトウェアバージョン」と「コンフィグレーション」を取得する。その後、更新対象検査部211は、当該取得した情報と、通信装置30から取得した情報と、を比較し、両者が異なれば、ソフトウェア更新やコンフィグレーション更新が必要であると判定する。 Specifically, the update target inspection unit 211 refers to the management ledger file and acquires the “software version” and “configuration” of the designated communication device 30. Thereafter, the update target inspection unit 211 compares the acquired information with the information acquired from the communication device 30, and determines that a software update or a configuration update is necessary if they are different.
 なお、通信装置30のソフトウェアを更新する際には、当該通信装置30の再起動が必要であり、コンフィグレーションを更新する場合にも、その内容によっては通信装置30の再起動が必要となる。そこで、更新対象検査部211は、通信装置30の設定更新(ソフトウェア及び又はコンフィグレーションの更新)が必要か否かと、当該通信装置30を再起動する必要があるか否かと、に関する判定を行う。 In addition, when updating the software of the communication device 30, it is necessary to restart the communication device 30. Even when the configuration is updated, the communication device 30 may be restarted depending on the contents. Therefore, the update target inspection unit 211 determines whether or not setting update (software and / or configuration update) of the communication device 30 is necessary and whether or not the communication device 30 needs to be restarted.
 なお、更新対象検査部211による通信装置30のソフトウェアバージョン、コンフィグレーションを確認する動作を、「ドライラン」と表記し以降の説明を行う。 The operation of checking the software version and configuration of the communication device 30 by the update target inspection unit 211 is described as “dry run” and will be described below.
 更新対象検査部211は、通信装置30の設定更新が少なくとも必要であると判定した場合には、上記判定結果(設定更新の詳細、再起動の必要性)をネットワーク状態検査部212に通知する。 When the update target inspection unit 211 determines that the setting update of the communication device 30 is at least necessary, the update target inspection unit 211 notifies the network state inspection unit 212 of the determination result (details of setting update, necessity of restart).
 ネットワーク状態検査部212は、制御装置20により制御されている通信装置30からなるネットワークが正常か否かを検査する手段である。具体的には、ネットワーク状態検査部212は、制御装置20に対し、ネットワークは正常であるか否かを問い合わせる。 The network state inspection unit 212 is a means for inspecting whether or not the network composed of the communication devices 30 controlled by the control device 20 is normal. Specifically, the network state inspection unit 212 inquires of the control device 20 whether or not the network is normal.
 問い合わせの結果、ネットワークが正常(各通信装置30が正常に稼働)である旨の応答を取得した場合に、ネットワーク状態検査部212は、その旨(ネットワークは正常)をトポロジ変更指示部213に通知する。一方、ネットワークが異常(少なくとも1台の通信装置30が正常に稼働していない)である旨の応答を取得した場合には、ネットワーク状態検査部212は、その旨(ネットワークは異常)を情報取得部203に通知する。通知を受けた情報取得部203は、ネットワーク運用者による通信装置30の設定更新に係るコマンド入力は正常に処理されなかった旨の応答を行う。 As a result of the inquiry, when a response indicating that the network is normal (each communication device 30 is operating normally) is acquired, the network state inspection unit 212 notifies the topology change instruction unit 213 to that effect (network is normal). To do. On the other hand, when a response indicating that the network is abnormal (at least one communication device 30 is not operating normally) is acquired, the network state inspection unit 212 acquires information indicating that (the network is abnormal). Notification to the unit 203. Upon receiving the notification, the information acquisition unit 203 responds that the command input related to the setting update of the communication device 30 by the network operator has not been processed normally.
 トポロジ変更指示部213は、通信装置30からなるネットワークのトポロジを変更するように制御装置20に対して指示する手段である。具体的には、トポロジ変更指示部213は、ネットワーク状態検査部212から「ネットワークは正常」である旨の通知を受けた場合に、制御装置20に対し、複数の通信装置30のうち、設定更新の対象である通信装置30を指定しつつ、指定された通信装置30を複数の通信装置30からなるネットワークから除外することを指示する。なお、トポロジ変更指示部213は、ネットワークから除外する通信装置30の指定に、管理台帳ファイルに記載された管理番号を用いる。 The topology change instruction unit 213 is a means for instructing the control device 20 to change the topology of the network composed of the communication devices 30. Specifically, when the topology change instruction unit 213 receives a notification that the network is normal from the network state inspection unit 212, the topology change instruction unit 213 updates the setting among the plurality of communication devices 30 to the control device 20. The designated communication device 30 is instructed to be excluded from the network composed of the plurality of communication devices 30. Note that the topology change instruction unit 213 uses the management number described in the management ledger file to specify the communication device 30 to be excluded from the network.
 また、トポロジ変更指示部213は、ネットワークから除外することを指示した通信装置30を記憶しておく(当該装置の管理番号を記憶する)。 Also, the topology change instruction unit 213 stores the communication device 30 that has been instructed to be excluded from the network (stores the management number of the device).
 制御装置20は、上記指示を設定装置10(トポロジ変更指示部213)から受信すると、指定された通信装置30を除外するようにネットワークのトポロジを変更する。その結果、通信システムでは、ネットワークからの除外が指定された通信装置30にパケットが転送されないようになる。 When the control device 20 receives the instruction from the setting device 10 (topology change instruction unit 213), the control device 20 changes the topology of the network so as to exclude the designated communication device 30. As a result, in the communication system, the packet is not transferred to the communication device 30 designated to be excluded from the network.
 トポロジ変更指示部213は、制御装置20から通信装置30の除外処理が正常に終了した旨の応答を得た場合には、その旨を更新実行部214に通知する。一方、トポロジ変更指示部213は、制御装置20から通信装置30の除外処理が正常に終了しなかった旨の応答を得た場合には、その旨を情報取得部203に通知する。その場合、情報取得部203は、ネットワーク運用者に対して、取得したコマンドは正常に処理されなかった旨の応答を行う。 When the topology change instructing unit 213 receives a response from the control device 20 indicating that the exclusion process of the communication device 30 has been normally completed, the topology change instructing unit 213 notifies the update execution unit 214 of the response. On the other hand, when the topology change instructing unit 213 receives a response from the control device 20 indicating that the exclusion process of the communication device 30 has not ended normally, the topology change instructing unit 213 notifies the information acquiring unit 203 accordingly. In this case, the information acquisition unit 203 responds to the network operator that the acquired command has not been processed normally.
 更新実行部214は、通信装置30の設定更新(ソフトウェア更新、コンフィグレーション更新)を実行する手段である。より具体的には、更新実行部214は、トポロジ変更指示部213から上記通知(通信装置30の除外処理が正常終了)を受信すると、記憶部202に構築された通信装置データベース(図6参照)において、管理番号をキーとして更新対象となる通信装置30を検索する。 The update execution unit 214 is a means for executing setting update (software update, configuration update) of the communication device 30. More specifically, when the update execution unit 214 receives the above notification from the topology change instruction unit 213 (exclusion processing of the communication device 30 is normally completed), the communication device database built in the storage unit 202 (see FIG. 6). The communication device 30 to be updated is searched using the management number as a key.
 更新実行部214は、検索されたエントリのソフトウェアファイル、コンフィグレーションファイルを更新対象の通信装置30に送信し、当該ファイルを用いた更新を指示する。通信装置30は、取得したソフトウェアファイル、コンフィグレーションファイルを用いてソフトウェア、コンフィグレーションの更新を行う。このように、更新実行部214は、設定更新の対象である通信装置30がネットワークから除外された後に、当該通信装置30の設定を更新する。 The update execution unit 214 transmits the software file and configuration file of the searched entry to the communication device 30 to be updated, and instructs an update using the file. The communication device 30 updates the software and configuration using the acquired software file and configuration file. As described above, the update execution unit 214 updates the setting of the communication device 30 after the communication device 30 that is the target of the setting update is excluded from the network.
 その後、更新実行部214は、通信装置30に対して再起動を指示する。あるいは、通信装置30が自発的に再起動を行ってもよい。 Thereafter, the update execution unit 214 instructs the communication device 30 to restart. Alternatively, the communication device 30 may spontaneously restart.
 更新実行部214は、通信装置30の設定更新が正常に終了したと判断した場合には、その旨を更新対象検査部211に通知する。当該通知を受けた更新対象検査部211は、上述のドライランを実行し、更新実行部214によるソフトウェア、コンフィグレーションの更新が成功したことを確認する。ソフトウェア等の更新が成功すると、更新対象検査部211は、その旨をトポロジ変更指示部213に通知する。 When the update execution unit 214 determines that the setting update of the communication device 30 has been normally completed, the update execution unit 214 notifies the update target inspection unit 211 of the fact. Upon receiving the notification, the update target inspection unit 211 executes the above-described dry run, and confirms that the update execution unit 214 has successfully updated the software and configuration. If the update of the software or the like is successful, the update target inspection unit 211 notifies the topology change instruction unit 213 to that effect.
 当該通知を受けたトポロジ変更指示部213は、先に記憶した、ネットワークから除外する通信装置30を指定して、当該通信装置30をネットワークに復帰させる旨の指示を制御装置20に対して行う。つまり、トポロジ変更指示部213は、設定更新の対象である通信装置30の設定が更新された後に、制御装置20に対して、除外された通信装置30をネットワークに復帰させる指示を行う。当該指示が正常に処理されることにより、ネットワークから除外された通信装置30にパケットが転送されるようになる。 Upon receiving the notification, the topology change instruction unit 213 designates the previously stored communication device 30 to be excluded from the network, and instructs the control device 20 to return the communication device 30 to the network. That is, the topology change instruction unit 213 instructs the control device 20 to return the excluded communication device 30 to the network after the setting of the communication device 30 that is the target of the setting update is updated. When the instruction is processed normally, the packet is transferred to the communication device 30 excluded from the network.
 制御装置20からネットワークトポロジの変更が正常に終了した旨の応答を得た場合に、トポロジ変更指示部213は、その旨をネットワーク状態検査部212に通知する。 When the control device 20 receives a response indicating that the network topology change has been completed normally, the topology change instruction unit 213 notifies the network state inspection unit 212 to that effect.
 ネットワーク状態検査部212は、ネットワークが正常であるか否かを制御装置20に問い合わせる。制御装置20から、ネットワークは正常である旨の応答を得た場合には、ネットワーク状態検査部212は、その旨を情報取得部203に通知する。当該通知を受けた情報取得部203は、通信装置30の設定更新に係るコマンドに対する応答(肯定応答)を、ネットワーク運用者に行う。つまり、ネットワーク状態検査部212は、除外された通信装置30がネットワークに復帰した後に、制御装置20に対して、ネットワークが正常であるか否かを問い合わせる。そして、設定装置10は、ネットワークが正常である旨の応答を制御装置20から得た場合に、設定更新の対象である通信装置30の設定更新が正常に終了したと判断する。 The network state inspection unit 212 inquires of the control device 20 whether or not the network is normal. When the response indicating that the network is normal is obtained from the control device 20, the network state inspection unit 212 notifies the information acquisition unit 203 to that effect. Receiving the notification, the information acquisition unit 203 sends a response (acknowledgement) to the command related to the setting update of the communication device 30 to the network operator. That is, after the excluded communication device 30 returns to the network, the network state inspection unit 212 inquires of the control device 20 whether or not the network is normal. When the setting device 10 receives a response indicating that the network is normal from the control device 20, the setting device 10 determines that the setting update of the communication device 30 that is the target of the setting update has been completed normally.
[制御装置20の構成]
 図7は、第1の実施形態に係る制御装置20の処理構成の一例を示すブロックである。図7を参照すると、制御装置20は、通信制御部301と、記憶部302と、ネットワーク制御部303と、を含んで構成される。 [Configuration of Control Device 20]
FIG. 7 is a block diagram illustrating an example of a processing configuration of the control device 20 according to the first embodiment. Referring to FIG. 7, the control device 20 includes a communication control unit 301, a storage unit 302, and a network control unit 303.
 通信制御部301は、制御装置20と他の装置(設定装置10、通信装置30)間の通信を制御する手段である。通信制御部301は、パケットを受信すると各種処理モジュールに振り分ける、又は、処理モジュールからパケットを取得すると他の装置に向けてパケットを送信する。また、通信制御部301は、通信装置30の管理番号とIPアドレスの対応に係る情報を設定装置10から取得した場合には、当該情報を記憶部302に格納し、他の処理モジュールが参照可能な状態とする。 The communication control unit 301 is a means for controlling communication between the control device 20 and other devices (setting device 10, communication device 30). When the communication control unit 301 receives a packet, the communication control unit 301 distributes the packet to various processing modules. When the communication control unit 301 acquires a packet from the processing module, the communication control unit 301 transmits the packet to another device. In addition, when the communication control unit 301 acquires information related to the correspondence between the management number of the communication device 30 and the IP address from the setting device 10, the communication control unit 301 stores the information in the storage unit 302 and can be referred to by other processing modules. State.
 記憶部302は、各種情報を記憶する手段である。記憶部302には、ネットワーク運用者等から通信装置30からなるネットワークのトポロジに関する情報(例えば、通信装置30間のリンク情報)が予め登録されている。あるいは、制御装置20が、通信装置30から情報を取得し、ネットワークトポロジを自動生成してもよい。 The storage unit 302 is a means for storing various information. Information related to the topology of the network including the communication devices 30 (for example, link information between the communication devices 30) is registered in advance in the storage unit 302 from a network operator or the like. Alternatively, the control device 20 may acquire information from the communication device 30 and automatically generate a network topology.
 ネットワーク制御部303は、通信システムに含まれる通信装置30からなるネットワークを制御し、管理する手段である。ネットワーク制御部303は、転送経路計算部311と、処理規則設定部312と、ネットワーク状態確認部313と、トポロジ変更部314と、からなるサブモジュールを備える。 The network control unit 303 is means for controlling and managing a network including the communication devices 30 included in the communication system. The network control unit 303 includes submodules including a transfer path calculation unit 311, a processing rule setting unit 312, a network state confirmation unit 313, and a topology change unit 314.
 転送経路計算部311は、通信装置30からなるネットワークのパケットの転送経路を計算する手段である。具体的には、転送経路計算部311は、通信装置30から処理規則の設定依頼を受信すると、記憶部302に格納されたネットワークトポロジに基づいて、受信パケットのパケット転送経路を計算する。転送経路計算部311は、計算したパケット転送経路を記憶部302に登録する。 The transfer route calculation unit 311 is a means for calculating the transfer route of the network packet formed by the communication device 30. Specifically, when receiving a processing rule setting request from the communication device 30, the transfer path calculation unit 311 calculates the packet transfer path of the received packet based on the network topology stored in the storage unit 302. The transfer path calculation unit 311 registers the calculated packet transfer path in the storage unit 302.
 処理規則設定部312は、通信装置30に処理規則を設定する手段である。より具体的には、処理規則設定部312は、転送経路計算部311にて計算されたパケット転送経路に基づき、通信装置30の各々に設定する処理規則を生成すると共に、生成した処理規則を通信装置30にそれぞれ設定する。 The processing rule setting unit 312 is a means for setting a processing rule in the communication device 30. More specifically, the processing rule setting unit 312 generates a processing rule to be set in each of the communication devices 30 based on the packet transfer path calculated by the transfer path calculation unit 311 and communicates the generated processing rule. Set for each device 30.
 ネットワーク状態確認部313は、上述の設定装置10からの問い合わせ(ネットワークが正常か否かに関する問い合わせ)を処理する手段である。上記問い合わせを受信したネットワーク状態確認部313は、配下の全ての通信装置30又は主要な通信装置30に対して死活を問い合わせる信号を送信し、各通信装置30の稼働状態(各通信装置は有効・無効)を確認する。個別の通信装置30に関する死活を確認した後、ネットワーク状態確認部313は、全ての通信装置30又は主要な通信装置30から稼働状態は正常である旨の応答を受信した場合に、設定装置10に対して「ネットワークは正常」である旨の応答を行う。一方、通信装置30が稼働していない場合や主要な通信装置30が稼働していない場合には、ネットワーク状態確認部313は、設定装置10に対して「ネットワークは異常」である旨の応答を行う。 The network status confirmation unit 313 is a means for processing an inquiry (inquiry about whether the network is normal) from the setting device 10 described above. The network status confirmation unit 313 that has received the inquiry transmits a signal for inquiring whether all the communication devices 30 or the main communication device 30 under the inquiry about the life and death of each communication device 30. Check (Disabled). After confirming the life and death of the individual communication device 30, the network state confirmation unit 313 receives the response indicating that the operation state is normal from all the communication devices 30 or the main communication device 30. A response indicating that “the network is normal” is made. On the other hand, when the communication device 30 is not operating or when the main communication device 30 is not operating, the network status confirmation unit 313 sends a response to the setting device 10 that “the network is abnormal”. Do.
 トポロジ変更部314は、上述の設定装置10からの指示(指定された通信装置30をネットワークから除外する又は復帰させる指示)を処理する手段である。 The topology change unit 314 is a means for processing an instruction from the setting device 10 (an instruction to remove or restore the designated communication device 30 from the network).
 設定装置10から通信装置30を除外する旨の指示を受信すると、トポロジ変更部314は、記憶部302に格納されているネットワークトポロジに関する情報を変更する。具体的には、トポロジ変更部314は、指定された通信装置30が他の通信装置30との間に有するリンクを切断し、ネットワークトポロジを更新する。その後、トポロジ変更部314は、記憶部302に格納されているパケット転送経路であって、除外された通信装置30の影響を受けるパケット転送経路の再計算を転送経路計算部311に指示する。処理規則設定部312は、再計算されたパケット転送経路に応じた処理規則を通信装置30に設定する。 When receiving an instruction to exclude the communication device 30 from the setting device 10, the topology change unit 314 changes the information on the network topology stored in the storage unit 302. Specifically, the topology changing unit 314 disconnects a link that the designated communication device 30 has with another communication device 30 to update the network topology. Thereafter, the topology changing unit 314 instructs the transfer route calculating unit 311 to recalculate the packet transfer route stored in the storage unit 302 and affected by the excluded communication device 30. The processing rule setting unit 312 sets a processing rule corresponding to the recalculated packet transfer path in the communication device 30.
 トポロジ変更部314は、指定された通信装置30を除外したネットワークにおいて、パケット転送経路の再計算と処理規則の設定が正常に終了した場合に、設定装置10からの指示は正常に処理された旨の応答(肯定応答)を行う。一方、トポロジ変更部314は、上記パケット転送経路の再計算等が正常に終了しなかった場合には、設定装置10からの指示は正常に処理できなかった旨の応答(否定応答)を行う。 In the network excluding the designated communication device 30, the topology changing unit 314 indicates that the instruction from the setting device 10 has been processed normally when the recalculation of the packet transfer path and the setting of the processing rule are completed normally. Response (acknowledgment). On the other hand, when the recalculation of the packet transfer path or the like does not end normally, the topology change unit 314 makes a response (negative response) indicating that the instruction from the setting device 10 has not been processed normally.
 また、設定装置10から通信装置30をネットワークに復帰させる旨の指示を受信すると、トポロジ変更部314は、通信装置30を復帰させたネットワークトポロジの構築と、当該ネットワークトポロジに対応した処理規則の設定を転送経路計算部311、処理規則設定部312に指示する。 When receiving an instruction from the setting device 10 to return the communication device 30 to the network, the topology changing unit 314 constructs the network topology that has returned the communication device 30 and sets processing rules corresponding to the network topology. To the transfer route calculation unit 311 and the processing rule setting unit 312.
 なお、トポロジ変更部314は、予め計算されたパケット転送経路のうち、除外される通信装置30の影響を受けるパケット転送経路を再計算し、対応する処理規則を通信装置30に設定することで、ネットワークを維持することを説明した。しかし、トポロジ変更部314による通信装置30の除外とネットワークの維持は、当該方法に限定されず、種々の方法を採用することができる。例えば、トポロジ変更部314は、国際公開第2014/057977号に開示された迂回処理を使うなどして異なる通信装置を経由したり、冗長化された構成であれば冗長化された片側を使ったりしてもよい。即ち、除外する通信装置30にデータが入力されないようにネットワークトポロジが変更されれば、どのような手法を使用してもよい。 The topology changing unit 314 recalculates the packet transfer paths that are affected by the excluded communication device 30 among the previously calculated packet transfer routes, and sets the corresponding processing rule in the communication device 30. Explained maintaining the network. However, the exclusion of the communication device 30 and the maintenance of the network by the topology changing unit 314 are not limited to the method, and various methods can be employed. For example, the topology changing unit 314 uses a different communication device by using the detour processing disclosed in International Publication No. 2014/057977, or uses a redundant side if the configuration is redundant. May be. That is, any method may be used as long as the network topology is changed so that data is not input to the communication device 30 to be excluded.
 図7に示した制御装置20は、非特許文献1、2に記載されたオープンフローコントローラに、上記したネットワーク状態確認機能、トポロジ変更機能を追加することで実現できる。 7 can be realized by adding the above-described network state confirmation function and topology change function to the OpenFlow controller described in Non-Patent Documents 1 and 2.
[通信装置30の構成]
 図8は、第1の実施形態に係る通信装置30の処理構成の一例を示すブロック図である。図8を参照すると、通信装置30は、通信制御部401と、テーブル管理部402と、記憶部403と、転送処理部404と、設定確認部405と、設定更新部406と、を含んで構成されている。 [Configuration of Communication Device 30]
FIG. 8 is a block diagram illustrating an example of a processing configuration of the communication device 30 according to the first embodiment. Referring to FIG. 8, the communication device 30 includes a communication control unit 401, a table management unit 402, a storage unit 403, a transfer processing unit 404, a setting confirmation unit 405, and a setting update unit 406. Has been.
 通信制御部401は、通信装置30と他の装置(設定装置10、制御装置20)間の通信を制御する手段である。通信制御部401は、パケットを受信すると各種処理モジュールに振り分ける、又は、処理モジュールからパケットを取得すると他の装置に向けてパケットを送信する。 The communication control unit 401 is means for controlling communication between the communication device 30 and other devices (setting device 10 and control device 20). When the communication control unit 401 receives a packet, the communication control unit 401 distributes the packet to various processing modules. When the communication control unit 401 acquires a packet from the processing module, the communication control unit 401 transmits the packet to another device.
 テーブル管理部402は、記憶部403に記憶されているテーブルを管理する手段である。より具体的には、テーブル管理部402は、制御装置20から指示された処理規則(制御情報)をテーブルデータベースに登録し、転送処理部404から新規パケットを受信したことを通知されると、制御装置20に対し、処理規則の設定を要求する。なお、上記テーブルデータベースは、転送処理部404が受信パケットの処理を行う際に参照するテーブルを1つ以上格納可能なデータベースによって構成される。 The table management unit 402 is a means for managing the table stored in the storage unit 403. More specifically, when the table management unit 402 registers the processing rule (control information) instructed by the control device 20 in the table database and is notified that a new packet has been received from the transfer processing unit 404, the control is performed. The apparatus 20 is requested to set a processing rule. The table database is configured by a database that can store one or more tables to be referred to when the transfer processing unit 404 processes received packets.
 転送処理部404は、テーブル検索部411と、アクション実行部412と、からなるサブモジュールを備える。テーブル検索部411は、テーブルデータベースに格納されたテーブルから、受信パケットに適合するマッチフィールドを持つ処理規則を検索する手段である。アクション実行部412は、テーブル検索部411にて検索された処理規則のインストラクションフィールドに示す処理内容に従ってパケット処理を行う手段である。また、転送処理部404は、受信パケットに適合するマッチフィールドを持つ処理規則が見つからなかった場合は、その旨をテーブル管理部402に通知する。 The transfer processing unit 404 includes a sub module including a table search unit 411 and an action execution unit 412. The table search unit 411 is means for searching a processing rule having a match field that matches a received packet from a table stored in a table database. The action execution unit 412 is a unit that performs packet processing according to the processing content indicated in the instruction field of the processing rule searched by the table search unit 411. In addition, when a processing rule having a match field that matches the received packet is not found, the transfer processing unit 404 notifies the table management unit 402 to that effect.
 テーブル管理部402は、受信パケットに対応する処理規則が存在しない場合、通信制御部401を介して制御装置20に対し、処理規則の設定を要求する。 The table management unit 402 requests the control device 20 to set a processing rule via the communication control unit 401 when there is no processing rule corresponding to the received packet.
 設定確認部405は、上述の設定装置からの指示(自装置のソフトウェアバージョンやコンフィグレーションを報告する指示)を処理する手段である。設定確認部405は、ソフトウェア版数の比較や、ファイル自体の照合により、自身のソフトウェアバージョンやコンフィグレーションを特定し、設定装置10に応答する。 The setting confirmation unit 405 is a means for processing an instruction (instruction for reporting the software version or configuration of the own apparatus) from the setting apparatus. The setting confirmation unit 405 identifies its own software version and configuration by comparing the software version numbers and comparing the files themselves, and responds to the setting device 10.
 設定更新部406は、設定装置10から提供されるソフトウェアファイル、コンフィグレーションファイルを用いて、自装置のソフトウェアやコンフィグレーションを更新(アップデート)する手段である。具体的には、設定更新部406は、HDD等の記憶媒体に記憶されたソフトウェアファイル、コンフィグレーションファイルを提供されたファイルにより書き換え、自装置の設定更新を行う。 The setting update unit 406 is means for updating (updating) the software and configuration of the own device using the software file and the configuration file provided from the setting device 10. Specifically, the setting update unit 406 rewrites the software file and the configuration file stored in a storage medium such as an HDD with the provided file, and updates the setting of the own device.
 図8に示した通信装置30は、非特許文献1、2に記載されたオープンフロースイッチに、上記した設定確認機能、設定更新機能を追加することで実現できる。 The communication device 30 shown in FIG. 8 can be realized by adding the above-described setting confirmation function and setting update function to the OpenFlow switch described in Non-Patent Documents 1 and 2.
[通信システムの動作]
 次に、第1の実施形態に係る通信システムの動作について説明する。 [Operation of communication system]
Next, the operation of the communication system according to the first embodiment will be described.
 図9は、第1の実施形態に係る通信システムの動作の一例を示すシーケンス図である。 FIG. 9 is a sequence diagram showing an example of the operation of the communication system according to the first embodiment.
 設定装置10は、ネットワーク運用者からの初期データを入力する(ステップS101)。具体的には、ネットワーク運用者は、管理台帳ファイル、コンフィグレーションテンプレートファイル、通信装置30にインストールするソフトウェアファイル群を設定装置10に配置する。 The setting device 10 inputs initial data from the network operator (step S101). Specifically, the network operator places a management ledger file, a configuration template file, and a software file group to be installed in the communication device 30 in the setting device 10.
 設定装置10は、ネットワーク運用者からのコマンド投入に応じて、通信装置データベースを構築する(ステップS102)。具体的には、設定装置10は、ステップS101にて入力された情報から、各通信装置30に設定するソフトウェアファイル、コンフィグレーションファイルを準備し、通信装置データベースを構築する。 The setting device 10 constructs a communication device database in response to a command input from the network operator (step S102). Specifically, the setting device 10 prepares a software file and a configuration file to be set in each communication device 30 from the information input in step S101, and constructs a communication device database.
 その後、設定装置10は、アドレス配布部204を起動し、各通信装置30に割り当てるアドレス(例えば、IPアドレス)と各通信装置30固有のアドレス(例えば、MACアドレス)との対応を登録する(ステップS103)。 Thereafter, the setting device 10 activates the address distribution unit 204 and registers the correspondence between the address (for example, IP address) assigned to each communication device 30 and the address (for example, MAC address) unique to each communication device 30 (step). S103).
 上記ステップS101~S103の手順により、設定装置10の初期設定が完了する。 The initial setting of the setting device 10 is completed by the procedure of steps S101 to S103.
 次に、通信装置30の設定更新に関する手順を説明するが、通信装置30の設定更新(通信装置30のアップデート)に関する契機としては、通信装置30から起動する場合と、ネットワーク運用者が設定装置10にコマンドにて指示する方法が考えられる。第1の実施形態では、ネットワーク運用者が、設定装置10にコマンドを用いて通信装置30の設定更新を指示する方法を説明する。しかし、通信装置30から起動する場合であっても、以下に説明する方法が適用可能なことは勿論である。 Next, the procedure related to the setting update of the communication device 30 will be described. As an opportunity related to the setting update of the communication device 30 (update of the communication device 30), when the network device is started from the communication device 30 and the network operator sets the setting device 10 A method of instructing with a command can be considered. In the first embodiment, a method will be described in which the network operator instructs the setting device 10 to update the setting of the communication device 30 using a command. However, it goes without saying that the method described below is applicable even when the communication apparatus 30 is activated.
 設定装置10は、ネットワーク運用者からのコマンド(通信装置30の設定更新に係るコマンド)を入力する(ステップS104)。上記コマンドにより指示される内容は、通信装置30の設定を更新する旨の指示、及び、1つ又は複数の通信装置30を指定する番号である。通信装置30を指定する番号には、管理台帳ファイルにより一意に指定され、通信装置データベースに登録されている管理番号が用いられる。なお、通信装置30の設定更新(通信装置30のアップデート)とは、ステップS102にて設定装置10が生成した通信装置データベースにより整理された状態に通信装置30が変化するような設定更新を意味する。 The setting device 10 inputs a command from the network operator (command related to setting update of the communication device 30) (step S104). The contents instructed by the command are an instruction to update the setting of the communication device 30 and a number for specifying one or more communication devices 30. As the number for specifying the communication device 30, the management number uniquely specified by the management ledger file and registered in the communication device database is used. The setting update of the communication device 30 (update of the communication device 30) means a setting update in which the communication device 30 changes to a state organized by the communication device database generated by the setting device 10 in step S102. .
 設定更新に係るコマンドを受信すると、設定装置10は、指定された通信装置30に対して上述のドライランを実行する(ステップS105)。具体的には、設定装置10は、指定された通信装置30(群)から1つの通信装置30を選択し、当該通信装置30の現在のソフトウェア、コンフィグレーションを調査する指示を行う。なお、ドライランの実行により、指定された通信装置30のソフトウェアのアップデートの要否と、コンフィグレーション更新の要否が判明する。また、ソフトウェアのアップデートが必要な場合はネットワーク装置の再起動が必要であり、コンフィグレーションの変更が必要な場合に、通信装置30の再起動が必要か否かも判明する。 When receiving the command related to the setting update, the setting device 10 executes the above-described dry run for the designated communication device 30 (step S105). Specifically, the setting device 10 selects one communication device 30 from the designated communication device 30 (group), and gives an instruction to investigate the current software and configuration of the communication device 30. Note that the execution of the dry run reveals the necessity of updating the software of the designated communication device 30 and the necessity of updating the configuration. In addition, when the software update is necessary, the network device needs to be restarted. When the configuration change is necessary, it is also determined whether the communication device 30 needs to be restarted.
 ここでは、図9を参照し、通信装置30のソフトウェア及びコンフィグレーションの更新が必要な場合について説明する。つまり、「自動的なネットワークトポロジ変更」と通信装置30の再起動を伴う場合の動作を説明する。 Here, the case where the software and configuration of the communication device 30 need to be updated will be described with reference to FIG. That is, an operation in the case of “automatic network topology change” and restart of the communication device 30 will be described.
 設定装置10は、ステップS105による結果に応じて、通信装置30の設定更新を実行する。設定装置10はステップS102において生成した通信装置データベースによって、ネットワーク内に存在する全ての通信装置30を認識している。そこで、設定装置10は、これらの通信装置30それぞれに関する稼働状態を確認する。具体的には、設定装置10は、制御装置20に対して、ネットワークが正常か否かを問い合わせる(ステップS106)。本ステップを実行することにより、設定装置10は、無効(異常)な通信装置30が存在せず、ネットワークが正常であることを確認できる。 The setting device 10 updates the setting of the communication device 30 according to the result of step S105. The setting device 10 recognizes all the communication devices 30 existing in the network based on the communication device database generated in step S102. Therefore, the setting device 10 confirms the operating state regarding each of these communication devices 30. Specifically, the setting device 10 inquires of the control device 20 whether or not the network is normal (step S106). By executing this step, the setting device 10 can confirm that there is no invalid (abnormal) communication device 30 and the network is normal.
 その後、設定装置10は、制御装置20に対して、通信装置30の管理番号をパラメータとし、当該通信装置30をネットワークから除外する旨の指示を行う(ステップS107)。設定装置10から制御装置20に対して上記指示が行われることにより、制御装置20によりネットワークトポロジが修正される。その結果、データ通信は指定された通信装置30を通らないようになる。 Thereafter, the setting device 10 instructs the control device 20 to exclude the communication device 30 from the network using the management number of the communication device 30 as a parameter (step S107). When the setting device 10 instructs the control device 20 to perform the above instruction, the control device 20 corrects the network topology. As a result, data communication does not pass through the designated communication device 30.
 設定装置10は、指定された通信装置30に対し、設定更新を指示する(ステップS108)。設定装置10が通信装置30の再起動を行うか、又は、通信装置30が自発的(自動的)に再起動する。 The setting device 10 instructs the designated communication device 30 to update the setting (step S108). The setting device 10 restarts the communication device 30 or the communication device 30 restarts spontaneously (automatically).
 その後、設定装置10は、再びドライランを実行(ステップS109)することにより、ステップS108による通信装置30の設定更新が成功したことを確認する。 Thereafter, the setting device 10 performs dry run again (step S109), thereby confirming that the setting update of the communication device 30 in step S108 has been successful.
 ステップS109にて、設定装置10が通信装置30の正常性を確認した後、設定装置10は、制御装置20に対し、通信装置30の管理番号をパラメータとして、当該通信装置30をネットワークに復帰させる旨の指示を行う(ステップS110)。即ち、設定装置10は、先に除外された通信装置30を指定し、当該通信装置30をネットワークに復帰させる指示を、制御装置20に行う。当該処理により、ネットワークトポロジが修復され、データ通信は経路を切り替える前の通信装置を通るようになる。 In step S109, after the setting device 10 confirms the normality of the communication device 30, the setting device 10 causes the control device 20 to return the communication device 30 to the network using the management number of the communication device 30 as a parameter. An instruction to this effect is given (step S110). That is, the setting device 10 designates the previously excluded communication device 30 and instructs the control device 20 to return the communication device 30 to the network. By this processing, the network topology is restored, and data communication passes through the communication device before switching the route.
 その後、設定装置10は、ステップS106と同様に、ネットワークが正常か否かを制御装置20に問い合わせる(ステップS111)。つまり、設定装置10は、通信装置30それぞれに関する「装置が有効か、無効か」を確認する。当該処理により、設定装置10は、無効な通信装置30が存在せず、ネットワークが正常であることを確認し、通信装置30の設定更新に係るコマンドの処理を完了する。 Thereafter, the setting device 10 inquires of the control device 20 whether or not the network is normal, similarly to step S106 (step S111). That is, the setting device 10 confirms “whether the device is valid or invalid” for each of the communication devices 30. With this processing, the setting device 10 confirms that the invalid communication device 30 does not exist and the network is normal, and completes the command processing related to the setting update of the communication device 30.
 なお、図9におけるステップS105~S111までの処理は、1台の通信装置30に関する設定更新に係る処理であるので、ステップS104において複数の通信装置30が指定された場合には、対応する台数分の処理が繰り返される。例えば、図2を参照すると、通信装置30-1、30-2、30-3からなる3台の通信装置30の設定更新がコマンド入力により指示された場合には、設定装置10は、通信装置30-1の設定更新が終了した後に、順次、通信装置30-2、30-3の設定更新を行う。 Note that the processing from Steps S105 to S111 in FIG. 9 is processing related to setting update relating to one communication device 30, and therefore when a plurality of communication devices 30 are designated in Step S104, the corresponding number The process is repeated. For example, referring to FIG. 2, when setting update of the three communication devices 30 including the communication devices 30-1, 30-2, and 30-3 is instructed by command input, the setting device 10 After the setting update of 30-1 is completed, the settings of the communication devices 30-2 and 30-3 are updated sequentially.
 次に、図10~図12を参照しつつ、第1の実施形態に係る通信システムの動作を具体的に説明する。 Next, the operation of the communication system according to the first embodiment will be specifically described with reference to FIGS.
 図10には、ネットワーク運用者から、通信装置30の設定更新に係るコマンドが入力される前のパケット転送経路が示される。例えば、端末40-1から送信されたパケットは、通信装置30-1、30-2、30-6というパケット転送経路を経て端末40-4に到達する。 FIG. 10 shows a packet transfer path before a command related to setting update of the communication device 30 is input from the network operator. For example, a packet transmitted from the terminal 40-1 reaches the terminal 40-4 via packet transfer paths of the communication devices 30-1, 30-2, and 30-6.
 図10に示す状態から、ネットワーク運用者が、通信装置30-2を指定して、当該通信装置の設定更新に係るコマンドを入力した際のパケット転送を例示する図が、図11と図12である。 FIG. 11 and FIG. 12 are diagrams illustrating packet transfer when the network operator designates the communication device 30-2 and inputs a command related to setting update of the communication device from the state shown in FIG. is there.
 上記コマンドを受け付けると、設定装置10は、通信装置30-2を指定して、当該装置をネットワークから除外するように、制御装置20に指示する。当該指示により、制御装置20は、通信装置30-2を除外したネットワークトポロジを新たに構築する。その結果、端末40-1から送信されたパケットは、通信装置30-1、30-5、30-6というパケット転送経路により、端末40-4に到達する(図11参照)。つまり、設定装置10からの上記指示により、通信装置30-2は、稼働中のネットワークから一時的に切り離され、除外された状態となる(図12参照)。 When the above command is received, the setting device 10 designates the communication device 30-2 and instructs the control device 20 to exclude the device from the network. In response to the instruction, the control device 20 newly constructs a network topology excluding the communication device 30-2. As a result, the packet transmitted from the terminal 40-1 reaches the terminal 40-4 via the packet transfer paths of the communication devices 30-1, 30-5, and 30-6 (see FIG. 11). That is, according to the above instruction from the setting device 10, the communication device 30-2 is temporarily disconnected from the operating network and excluded (see FIG. 12).
 当該状態においては、通信装置30-2が正常に稼働していなくとも、ネットワークの運用は継続可能である。従って、通信装置30-2の設定更新に伴う再起動等が発生しても、ネットワーク障害が発生することはない。 In this state, the network operation can be continued even if the communication device 30-2 is not operating normally. Therefore, a network failure does not occur even if a restart or the like accompanying a setting update of the communication device 30-2 occurs.
 ネットワークから除外された通信装置30-2の設定更新が実行され、当該装置の再起動が行われると、通信装置30-2はネットワークに復帰可能な状態となる。通信装置30-2がネットワークに復帰可能な状態となると、設定装置10は、制御装置20に対して、通信装置30-2をネットワークに復帰させる指示を行う。ネットワークトポロジの再変更が制御装置20により実行されると、パケット転送経路は、図10に示す状態に復帰する。 When the setting update of the communication device 30-2 excluded from the network is executed and the device is restarted, the communication device 30-2 becomes ready to return to the network. When the communication device 30-2 is ready to return to the network, the setting device 10 instructs the control device 20 to return the communication device 30-2 to the network. When the re-change of the network topology is executed by the control device 20, the packet transfer path returns to the state shown in FIG.
 以上のように、第1の実施形態に係る、通信システムでは、制御装置20(コントローラ)と通信装置30(スイッチ)が分離された構成において、制御装置20に設けたインターフェースに対して設定装置10が指示をすることで、データ通信(パケットを収容するフロー)が設定更新の対象となる通信装置を経由しないように経路除外するようなトポロジ変更を行う。その際、設定装置10は、必要な処理である通信装置30のアップデートを完了し、その正常性を確認した後、制御装置20に設けたインターフェースに設定装置10が指示することにより、ネットワークトポロジを復旧させ、上記通信装置を通る経路を復旧する。即ち、第1の実施形態に係る設定装置10は、設定更新の対象となっている通信装置30だけでなく、ネットワーク全体を考慮しつつ、一連の更新シーケンスを実行している。その際、当該更新シーケンスは人手を介すことなく自動的に行われ、設定装置10が、制御装置20とのインターフェースを操作する際に必要な、通信装置30を一意に示す管理番号と通信装置30のアドレスを紐づけして一致させ、意図した通信装置30の除外を可能としている。換言するならば、第1の実施形態により、通信装置30とそれを制御する制御装置20からなる冗長化された、又は、冗長化されていないネットワークにおいて、設定装置10が1つ又は複数の制御装置20(ネットワークが仮想化されている場合のオーケストレータを含む)に指示することでネットワークトポロジを切り替えることができるネットワークシステムが提供される。なお、上記の冗長化には、通信装置の二重化や、通信装置を複数台用いたリンクアグリゲーションなどが含まれる。 As described above, in the communication system according to the first embodiment, in the configuration in which the control device 20 (controller) and the communication device 30 (switch) are separated, the setting device 10 with respect to the interface provided in the control device 20. , The topology change is performed so that the route is excluded so that the data communication (flow that accommodates the packet) does not pass through the communication device to be updated. At that time, the setting device 10 completes the update of the communication device 30 as a necessary process, confirms its normality, and then the setting device 10 instructs the interface provided in the control device 20 to change the network topology. The route through the communication device is restored. That is, the setting device 10 according to the first embodiment executes a series of update sequences in consideration of not only the communication device 30 that is the target of setting update, but also the entire network. At this time, the update sequence is automatically performed without human intervention, and a management number and a communication device that uniquely indicate the communication device 30 necessary when the setting device 10 operates an interface with the control device 20. 30 addresses are linked and matched, and the intended communication device 30 can be excluded. In other words, according to the first embodiment, in the redundant or non-redundant network including the communication device 30 and the control device 20 that controls the communication device 30, the setting device 10 performs one or more controls. A network system capable of switching the network topology by instructing the device 20 (including an orchestrator when the network is virtualized) is provided. Note that the above redundancy includes duplication of communication devices and link aggregation using a plurality of communication devices.
 上記説明したように、ネットワークの運用中に、当該ネットワークの運用者が、特定の通信装置30のソフトウェア、コンフィグレーションの更新が自動的に実行可能となる。その際、対象となる通信装置30はネットワークから除外されているので、ネットワーク障害が発生することもなく(ネットワーク内に流れる通信を止めることなく)、通信装置30のアップデート処理を正常に実行することができる。また、第1の実施形態に係る通信装置の設定更新方法を使用することで、多数の通信装置が存在する場合であっても、ネットワーク運用者は、一度にまとめてアップデートの指示を設定装置10に行うことができる。設定装置10が都度、トポロジの変更と復旧を行うため、処理の最中に人手を介する必要がないためである。その結果、通信装置30の設定更新に要するリソースが削減できると共に、ヒューマンエラーを削減することができる。 As described above, during the operation of the network, the network operator can automatically update the software and configuration of the specific communication device 30. At that time, since the target communication device 30 is excluded from the network, the update processing of the communication device 30 can be normally executed without causing a network failure (without stopping communication flowing in the network). Can do. In addition, by using the communication device setting update method according to the first embodiment, even when there are a large number of communication devices, the network operator can collectively issue an update instruction to the setting device 10. Can be done. This is because the setting device 10 changes the topology and restores each time, so that there is no need for manual intervention during the processing. As a result, it is possible to reduce resources required for setting update of the communication device 30 and reduce human errors.
[変形例]
 第1の実施形態にて説明した通信システムは例示であって、システムの構成を限定する趣旨ではない。例えば、第1の実施形態では、コントローラとスイッチ(パケット転送装置)が分離されたSDNの考えによる構成を主に説明した。しかし、既存のネットワーク、例えば、OSPF(Open Shortest Path First)などのルーティングプロトコルが動作するIPネットワークであってもよい。その際、コンフィグレーション装置は当該ネットワーク装置(ルータ)とインターフェースし、ネットワークを運用しながらルーティングプロトコルの設定を変更することによって、当該ネットワーク装置をデータ通信が経由しないようにする。その結果、当該ネットワーク装置が使われないように経路除外できる。コンフィグレーション装置による処理が終了した後は当該設定を元通りに回復させる。 [Modification]
The communication system described in the first embodiment is an example, and is not intended to limit the configuration of the system. For example, in the first embodiment, the configuration based on the idea of SDN in which a controller and a switch (packet transfer device) are separated has been mainly described. However, it may be an existing network, for example, an IP network on which a routing protocol such as OSPF (Open Shortest Path First) operates. At this time, the configuration device interfaces with the network device (router), and changes the setting of the routing protocol while operating the network, thereby preventing data communication through the network device. As a result, the route can be excluded so that the network device is not used. After the processing by the configuration device is completed, the setting is restored to the original state.
 第1の実施形態では、通信装置と管理番号を一意に紐づけるための情報としてMACアドレスを用いて説明したが、他の情報(通信装置に固有な名前、番号)であってもよい。 In the first embodiment, the MAC address is used as the information for uniquely associating the communication device with the management number, but other information (name and number unique to the communication device) may be used.
 第1の実施形態では、通信装置群へのアドレス配布方式としてDHCPを想定して説明したが、他の方式、例えば、BOOTP(Bootstrap Protocol)など任意のアドレス配布方式を用いることができる。 In the first embodiment, the description has been made assuming that DHCP is used as the address distribution method to the communication device group, but any other method such as BOOTP (Bootstrap Protocol) can be used.
 設定装置10は、SDNの環境においては、物理的又は機能的に制御装置20に同梱されていてもよい。 The setting device 10 may be physically or functionally bundled with the control device 20 in the SDN environment.
 また、設定装置10および制御装置20は、例えば、NFV(Network Functions Virtualization)を用いて、汎用サーバ上に仮想的にその機能を構築することもできる。 Also, the setting device 10 and the control device 20 can construct the function virtually on a general-purpose server using, for example, NFV (Network Function Virtual).
 第1の実施形態では、制御装置20は1台である場合を説明したが、ネットワークを構成するために複数台の制御装置20がある場合は、当該複数台の制御装置20に対して指示が行われてもよい。 In the first embodiment, the case where there is one control device 20 has been described. However, when there are a plurality of control devices 20 for configuring a network, an instruction is given to the plurality of control devices 20. It may be done.
 第1の実施形態では、制御装置20に対して指示を行ったが、ネットワーク上に複数台の制御装置を管理する、又は、ネットワークシステムを管理するオーケストレータがある場合は、当該オーケストレータに対して指示が行われてもよい。 In the first embodiment, an instruction is given to the control device 20, but when there is an orchestrator that manages a plurality of control devices or a network system on the network, Instructions may be given.
 上記の説明により、本発明の産業上の利用可能性は明らかであるが、本発明は、データセンタ、企業・キャンパスネットワークなど、ネットワーク装置(スイッチ)が多数配備される環境において好適に適用可能である。とりわけ、SDNの考えを用いて構成されるネットワークに好適である。つまり、大規模なデータセンタなどが有する、多くの通信装置の設定更新を、人手を介さずに更新したいという要望を満たし、大規模なデータセンタを運営する顧客などにとって高い付加価値を備える通信システムを提供できる。 Although the industrial applicability of the present invention is apparent from the above description, the present invention can be suitably applied in an environment where a large number of network devices (switches) are deployed, such as a data center and a corporate / campus network. is there. In particular, it is suitable for a network configured using the idea of SDN. In other words, a communication system that satisfies the desire to update the settings of many communication devices in a large-scale data center without human intervention, and has high added value for customers who operate large-scale data centers. Can provide.
 上記の実施形態の一部又は全部は、以下のようにも記載され得るが、以下には限られない。
[形態1]
 上述の第1の視点に係る設定装置のとおりである。
[形態2]
 前記制御装置に対して、前記ネットワークが正常であるか否かを問い合わせるネットワーク状態検査部を更に備え、
 前記トポロジ変更指示部は、前記ネットワークが正常である場合に、前記設定更新の対象である通信装置を前記ネットワークから除外することを前記制御装置に対して指示する、形態1の設定装置。
[形態3]
 前記ネットワーク状態検査部は、
 前記除外された通信装置が前記ネットワークに復帰した後に、前記制御装置に対して、前記ネットワークが正常であるか否かを問い合わせ、
 前記トポロジ変更指示部は、
 前記除外された通信装置が復帰したネットワークが正常である場合に、前記設定更新の対象である通信装置の設定更新が正常に終了したと判断する、形態2の設定装置。
[形態4]
 設定更新の対象である通信装置を指定し、前記指定された通信装置の設定更新を指示するコマンドを入力するためのインターフェースをユーザに提供する情報取得部を更に備える、形態1乃至3のいずれか一に記載の設定装置。
[形態5]
 前記ユーザによる前記通信装置の指定を可能とする管理番号と、前記複数の通信装置それぞれに固有の情報と、が関連付けて登録される、形態4の設定装置。
[形態6]
 前記複数の通信装置それぞれに固有の情報として前記通信装置の個別アドレスを使用し、前記個別アドレスと前記複数の通信装置それぞれに割り当て可能なアドレスを対応付けて管理すると共に、前記割り当てたアドレスを前記通信装置に配布するアドレス配布部を更に備える、形態5の設定装置。
[形態7]
 前記設定更新の対象である通信装置の設定を確認する更新対象検査部を更に備え、
 前記トポロジ変更指示部は、
 前記確認された設定と、前記設定更新の対象である通信装置に対して予め登録された設定と、が異なる場合に、前記制御装置に対して、通信装置を前記ネットワークから除外する指示を行う、形態1乃至6のいずれか一に記載の設定装置。
[形態8]
 上述の第2の視点に係る通信システムのとおりである。
[形態9]
 上述の第3の視点に係る通信装置の設定更新方法のとおりである。
[形態10]
 上述の第4の視点に係るプログラムのとおりである。
 なお、形態8~10は、形態1と同様に、形態2~形態7の形態に展開することが可能である。 A part or all of the above embodiments can be described as follows, but is not limited to the following.
[Form 1]
This is the same as the setting device according to the first aspect described above.
[Form 2]
A network state inspection unit that inquires to the control device whether or not the network is normal;
The setting device according to mode 1, wherein the topology change instructing unit instructs the control device to exclude a communication device to be updated from the network when the network is normal.
[Form 3]
The network state inspection unit
After the excluded communication device returns to the network, the control device is inquired whether the network is normal,
The topology change instruction unit includes:
The setting device according to mode 2, wherein when the network to which the excluded communication device is restored is normal, it is determined that the setting update of the communication device that is the target of the setting update has been completed normally.
[Form 4]
One of aspects 1 to 3, further comprising: an information acquisition unit that designates a communication device that is a target of setting update, and provides a user with an interface for inputting a command for instructing setting update of the designated communication device. The setting device according to one.
[Form 5]
The setting device according to mode 4, wherein a management number that enables the user to designate the communication device and information unique to each of the plurality of communication devices are registered in association with each other.
[Form 6]
The individual address of the communication device is used as information unique to each of the plurality of communication devices, and the individual address and an address that can be assigned to each of the plurality of communication devices are associated and managed, and the assigned address is The setting device according to mode 5, further comprising an address distribution unit that distributes the communication device.
[Form 7]
An update target inspection unit for confirming the setting of the communication device that is the target of the setting update;
The topology change instruction unit includes:
Instructing the control device to exclude the communication device from the network when the confirmed setting is different from the setting registered in advance for the communication device to be updated. The setting device according to any one of Forms 1 to 6.
[Form 8]
The communication system according to the second aspect described above.
[Form 9]
It is as the setting update method of the communication apparatus which concerns on the above-mentioned 3rd viewpoint.
[Mode 10]
It is as the program which concerns on the above-mentioned 4th viewpoint.
Forms 8 to 10 can be developed into forms 2 to 7, as in form 1.
 なお、引用した上記の特許文献等の各開示は、本書に引用をもって繰り込むものとする。本発明の全開示(請求の範囲を含む)の枠内において、さらにその基本的技術思想に基づいて、実施形態ないし実施例の変更・調整が可能である。また、本発明の全開示の枠内において種々の開示要素(各請求項の各要素、各実施形態ないし実施例の各要素、各図面の各要素等を含む)の多様な組み合わせ、ないし、選択が可能である。すなわち、本発明は、請求の範囲を含む全開示、技術的思想にしたがって当業者であればなし得るであろう各種変形、修正を含むことは勿論である。特に、本書に記載した数値範囲については、当該範囲内に含まれる任意の数値ないし小範囲が、別段の記載のない場合でも具体的に記載されているものと解釈されるべきである。 In addition, each disclosure of the above cited patent documents, etc. shall be incorporated by reference into this document. Within the scope of the entire disclosure (including claims) of the present invention, the embodiments and examples can be changed and adjusted based on the basic technical concept. In addition, various combinations or selections of various disclosed elements (including each element in each claim, each element in each embodiment or example, each element in each drawing, etc.) within the scope of the entire disclosure of the present invention. Is possible. That is, the present invention of course includes various variations and modifications that could be made by those skilled in the art according to the entire disclosure including the claims and the technical idea. In particular, with respect to the numerical ranges described in this document, any numerical value or small range included in the range should be construed as being specifically described even if there is no specific description.
10、100 設定装置
11 CPU(Central Processing Unit)
12 メモリ
13 入出力インターフェース
14 NIC(Network Interface Card)
20 制御装置
30、30-1~30-6 通信装置
40、40-1~40-4 端末
101、213 トポロジ変更指示部
102、214 更新実行部
201、301、401 通信制御部
202、302、403 記憶部
203 情報取得部
204 アドレス配布部
205 データベース構築部
206 設定更新処理部
211 更新対象検査部
212 ネットワーク状態検査部
303 ネットワーク制御部
311 転送経路計算部
312 処理規則設定部
313 ネットワーク状態確認部
314 トポロジ変更部
402 テーブル管理部
404 転送処理部
405 設定確認部
406 設定更新部
411 テーブル検索部
412 アクション実行部 10, 100 Setting device 11 CPU (Central Processing Unit)
12 Memory 13 Input / output interface 14 NIC (Network Interface Card)
20 Control device 30, 30-1 to 30-6 Communication device 40, 40-1 to 40-4 Terminal 101, 213 Topology change instruction unit 102, 214 Update execution unit 201, 301, 401 Communication control unit 202, 302, 403 Storage unit 203 Information acquisition unit 204 Address distribution unit 205 Database construction unit 206 Setting update processing unit 211 Update target inspection unit 212 Network state inspection unit 303 Network control unit 311 Transfer route calculation unit 312 Processing rule setting unit 313 Network state confirmation unit 314 Topology Change unit 402 Table management unit 404 Transfer processing unit 405 Setting confirmation unit 406 Setting update unit 411 Table search unit 412 Action execution unit

Claims (10)

  1.  パケットを転送する装置であって制御装置により制御される、複数の通信装置に関する設定更新を行う装置であって、
     前記制御装置に対し、前記複数の通信装置のうち、設定更新の対象である通信装置を指定しつつ、前記指定された通信装置を前記複数の通信装置からなるネットワークから除外することを指示するトポロジ変更指示部と、
     前記設定更新の対象である通信装置が前記ネットワークから除外された後に、前記設定更新の対象である通信装置の設定を更新する更新実行部と、
     を備え、
     前記トポロジ変更指示部は、前記設定更新の対象である通信装置の設定が更新された後に、前記制御装置に対して、前記除外された通信装置を前記ネットワークに復帰させる指示を行う、
     設定装置。     A device that forwards packets and is a device that updates settings related to a plurality of communication devices controlled by a control device,
    A topology instructing the control device to exclude a specified communication device from a network composed of the plurality of communication devices while designating a communication device to be updated among the plurality of communication devices. A change instruction section;
    An update execution unit that updates the setting of the communication device that is the target of the setting update after the communication device that is the target of the setting update is excluded from the network;
    With
    The topology change instructing unit instructs the control device to return the excluded communication device to the network after the setting of the communication device to be updated is updated.
    Setting device.
  2.  前記制御装置に対して、前記ネットワークが正常であるか否かを問い合わせるネットワーク状態検査部を更に備え、
     前記トポロジ変更指示部は、前記ネットワークが正常である場合に、前記設定更新の対象である通信装置を前記ネットワークから除外することを前記制御装置に対して指示する、請求項1の設定装置。     A network state inspection unit that inquires to the control device whether or not the network is normal;
    The setting device according to claim 1, wherein the topology change instructing unit instructs the control device to exclude the communication device that is the target of the setting update from the network when the network is normal.
  3.  前記ネットワーク状態検査部は、
     前記除外された通信装置が前記ネットワークに復帰した後に、前記制御装置に対して、前記ネットワークが正常であるか否かを問い合わせ、
     前記トポロジ変更指示部は、
     前記除外された通信装置が復帰したネットワークが正常である場合に、前記設定更新の対象である通信装置の設定更新が正常に終了したと判断する、請求項2の設定装置。     The network state inspection unit
    After the excluded communication device returns to the network, the control device is inquired whether the network is normal,
    The topology change instruction unit includes:
    3. The setting device according to claim 2, wherein when the network to which the excluded communication device has returned is normal, it is determined that the setting update of the communication device that is the target of the setting update has been completed normally.
  4.  設定更新の対象である通信装置を指定し、前記指定された通信装置の設定更新を指示するコマンドを入力するためのインターフェースをユーザに提供する情報取得部を更に備える、請求項1乃至3のいずれか一項に記載の設定装置。 The information acquisition part which provides the interface for designating the communication apparatus which is the object of setting update, and inputting the command which instruct | indicates the setting update of the said specified communication apparatus is provided further. A setting device according to claim 1.
  5.  前記ユーザによる前記通信装置の指定を可能とする管理番号と、前記複数の通信装置それぞれに固有の情報と、が関連付けて登録される、請求項4の設定装置。 5. The setting device according to claim 4, wherein a management number that enables the user to designate the communication device and information unique to each of the plurality of communication devices are registered in association with each other.
  6.  前記複数の通信装置それぞれに固有の情報として前記通信装置の個別アドレスを使用し、前記個別アドレスと前記複数の通信装置それぞれに割り当て可能なアドレスを対応付けて管理すると共に、前記割り当てたアドレスを前記通信装置に配布するアドレス配布部を更に備える、請求項5の設定装置。 The individual address of the communication device is used as information unique to each of the plurality of communication devices, and the individual address and an address that can be assigned to each of the plurality of communication devices are associated and managed, and the assigned address is The setting device according to claim 5, further comprising an address distribution unit that distributes the communication device.
  7.  前記設定更新の対象である通信装置の設定を確認する更新対象検査部を更に備え、
     前記トポロジ変更指示部は、
     前記確認された設定と、前記設定更新の対象である通信装置に対して予め登録された設定と、が異なる場合に、前記制御装置に対して、通信装置を前記ネットワークから除外する指示を行う、請求項1乃至6のいずれか一項に記載の設定装置。     An update target inspection unit for confirming the setting of the communication device that is the target of the setting update;
    The topology change instruction unit includes:
    Instructing the control device to exclude the communication device from the network when the confirmed setting is different from the setting registered in advance for the communication device to be updated. The setting device according to any one of claims 1 to 6.
  8.  パケットを転送する、複数の通信装置と、
     前記複数の通信装置を制御する制御装置と、
     前記複数の通信装置に関する設定更新を行う設定装置と、
     を含み、
     前記設定装置は、前記制御装置に対し、前記複数の通信装置のうち、設定更新の対象である通信装置を指定しつつ、前記指定された通信装置を前記複数の通信装置からなるネットワークから除外することを指示し、
     前記設定更新の対象である通信装置が前記ネットワークから除外された後に、前記設定更新の対象である通信装置の設定を更新し、
     前記設定更新の対象である通信装置の設定が更新された後に、前記制御装置に対して、前記除外された通信装置を前記ネットワークに復帰させる指示を行う、
     通信システム。     A plurality of communication devices for transferring packets;
    A control device for controlling the plurality of communication devices;
    A setting device for performing a setting update on the plurality of communication devices;
    Including
    The setting device excludes the designated communication device from the network including the plurality of communication devices while designating a communication device that is a target of setting update among the plurality of communication devices to the control device. Instruct
    After the communication device that is the target of the setting update is excluded from the network, the setting of the communication device that is the target of the setting update is updated,
    After the setting of the communication device to be updated is updated, the control device is instructed to return the excluded communication device to the network.
    Communications system.
  9.  パケットを転送する、複数の通信装置と、
     前記複数の通信装置を制御する制御装置と、
     を含むシステムにおいて、
     前記制御装置に対し、前記複数の通信装置のうち、設定更新の対象である通信装置を指定しつつ、前記指定された通信装置を前記複数の通信装置からなるネットワークから除外することを指示するステップと、
     前記設定更新の対象である通信装置が前記ネットワークから除外された後に、前記設定更新の対象である通信装置の設定を更新するステップと、
     前記設定更新の対象である通信装置の設定が更新された後に、前記制御装置に対して、前記除外された通信装置を前記ネットワークに復帰させる指示を行うステップと、
     を含む、通信装置の設定更新方法。     A plurality of communication devices for transferring packets;
    A control device for controlling the plurality of communication devices;
    In a system that includes
    Instructing the control device to exclude the designated communication device from the network composed of the plurality of communication devices while designating a communication device that is a target of setting update among the plurality of communication devices. When,
    Updating the setting of the communication device that is the target of the setting update after the communication device that is the target of the setting update is excluded from the network;
    A step of instructing the control device to return the excluded communication device to the network after the setting of the communication device to be updated is updated;
    Including a communication device setting update method.
  10.  パケットを転送する装置であって制御装置により制御される、複数の通信装置に関する設定更新を行う装置を制御するコンピュータに実行させるプログラムであって、
     前記制御装置に対し、前記複数の通信装置のうち、設定更新の対象である通信装置を指定しつつ、前記指定された通信装置を前記複数の通信装置からなるネットワークから除外することを指示する処理と、
     前記設定更新の対象である通信装置が前記ネットワークから除外された後に、前記設定更新の対象である通信装置の設定を更新する処理と、
     前記設定更新の対象である通信装置の設定が更新された後に、前記制御装置に対して、前記除外された通信装置を前記ネットワークに復帰させる指示を行う処理と、
     を実行させるプログラム。     A program that is executed by a computer that controls a device that transfers settings and controls settings related to a plurality of communication devices, which is a device that transfers packets and is controlled by a control device.
    A process of instructing the control device to exclude the designated communication device from the network composed of the plurality of communication devices while designating a communication device that is a target of setting update among the plurality of communication devices. When,
    Processing for updating the setting of the communication device that is the target of the setting update after the communication device that is the target of the setting update is excluded from the network;
    Processing for instructing the control device to return the excluded communication device to the network after the setting of the communication device to be updated is updated;
    A program that executes
PCT/JP2017/009319 2016-03-16 2017-03-08 Setting device, communication system, method for updating setting of communication device and program WO2017159508A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2016-052564 2016-03-16
JP2016052564A JP2017169044A (en) 2016-03-16 2016-03-16 Setting device, communication system, method for setting update of communication device, and program

Publications (1)

Publication Number Publication Date
WO2017159508A1 true WO2017159508A1 (en) 2017-09-21

Family

ID=59850412

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2017/009319 WO2017159508A1 (en) 2016-03-16 2017-03-08 Setting device, communication system, method for updating setting of communication device and program

Country Status (3)

Country Link
JP (1) JP2017169044A (en)
TW (1) TW201735579A (en)
WO (1) WO2017159508A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022254482A1 (en) * 2021-05-31 2022-12-08 日本電気株式会社 Information processing device, information processing method, computer readable medium, and information processing system

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP7135790B2 (en) * 2018-11-29 2022-09-13 日本電気株式会社 Link aggregation management device, relay device, link aggregation management method and program
WO2022172331A1 (en) * 2021-02-09 2022-08-18 日本電信電話株式会社 Setting change device, setting change method, and program
JP2024066187A (en) 2022-11-01 2024-05-15 トヨタ自動車株式会社 SDN network system and SDN subcontroller

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2011081588A (en) * 2009-10-07 2011-04-21 Nec Corp Computer system and maintenance method for the same
JP2015097336A (en) * 2013-11-15 2015-05-21 日本電信電話株式会社 Network management system and network management method
WO2015128914A1 (en) * 2014-02-27 2015-09-03 三菱電機株式会社 Software-installed apparatus, and software updating method
WO2016021014A1 (en) * 2014-08-07 2016-02-11 株式会社日立製作所 Computer system, communication control method, and priority control server

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2011081588A (en) * 2009-10-07 2011-04-21 Nec Corp Computer system and maintenance method for the same
JP2015097336A (en) * 2013-11-15 2015-05-21 日本電信電話株式会社 Network management system and network management method
WO2015128914A1 (en) * 2014-02-27 2015-09-03 三菱電機株式会社 Software-installed apparatus, and software updating method
WO2016021014A1 (en) * 2014-08-07 2016-02-11 株式会社日立製作所 Computer system, communication control method, and priority control server

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022254482A1 (en) * 2021-05-31 2022-12-08 日本電気株式会社 Information processing device, information processing method, computer readable medium, and information processing system

Also Published As

Publication number Publication date
JP2017169044A (en) 2017-09-21
TW201735579A (en) 2017-10-01

Similar Documents

Publication Publication Date Title
US11223512B2 (en) Configuring a network
JP6053003B2 (en) Transmission system, transmission apparatus, and transmission method
US10938660B1 (en) Automation of maintenance mode operations for network devices
WO2017159508A1 (en) Setting device, communication system, method for updating setting of communication device and program
US10305749B2 (en) Low latency flow cleanup of openflow configuration changes
WO2011155510A1 (en) Communication system, control apparatus, packet capture method and program
US20120185856A1 (en) Computer system and migration method of virtual machine
JP5488979B2 (en) Computer system, controller, switch, and communication method
JP5534036B2 (en) Information system, control device, communication method and program
WO2013118873A1 (en) Control device, communication system, communication method and program
JPWO2012050071A1 (en) Communication system, control device, processing rule setting method and program
US9984036B2 (en) Communication system, control apparatus, communication method, and program
WO2014175423A1 (en) Communication node, communication system, packet processing method and program
JP6440191B2 (en) Switch device, VLAN setting management method, and program
JP5747997B2 (en) Control device, communication system, virtual network management method and program
US20150381775A1 (en) Communication system, communication method, control apparatus, control apparatus control method, and program
WO2016117302A1 (en) Information processing device, information processing method, and recording medium
WO2016068238A1 (en) Network control system, control device, network information management method, and program
CN108390780B (en) Method and apparatus for processing information
WO2016143339A1 (en) Network system, control device, control method and program recording medium
WO2023026497A1 (en) Management device, management method and management program
WO2016143338A1 (en) Network system, control device, control method and program-recording medium
WO2014142081A1 (en) Transfer node, control device, communication system, packet processing method and program

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17766509

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 17766509

Country of ref document: EP

Kind code of ref document: A1