JP2003264593A - Service quality measuring system and service quality measuring method to be used for the same - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a service quality measuring system capable of ensuring the security of data to be transmitted by a user, and reducing the capacity (band width) of a transmission line, and surely and uniquely identifying packets at the time of detecting a pair of coincidences. <P>SOLUTION: Packet capturing parts 31 and 41 capture packets at the entrance and exit of a network, and time stamp applying parts 32 and 42 apply the time stamps of the capturing time to those packets. Hash value calculating parts 33 and 43 calculate the hash values of the data parts of the captured packets by using hash functions. Phenomenon report generating parts 34 and 44 generate event reports from the hash values, the information of the header parts of the packets, the time stamps, and the addresses of monitoring probes 3 and 4 capturing the packets. A coincidence pair retrieving part 54 compares the event reports of buffers 52 and 53 to retrieve the pair of coincidence, and a QoS information calculating part 55 calculates QoS information according to the result. <P>COPYRIGHT: (C)2003,JPO

Description

Detailed Description of the Invention

[0001]

TECHNICAL FIELD The present invention relates to a service quality measuring system and a service quality measuring method used therefor,
In particular, for a data unit transmitted and received via a network such as IP (Internet Protocol), the quality of service (Qo
The present invention relates to a service quality measuring method for measuring S: Quality of Service.

[0002]

2. Description of the Related Art Conventionally, in the measurement of service quality provided by this type of network, a method is generally known in which special measurement data for measuring service quality is actively transmitted to the network. There is. This is to measure service quality by transmitting special measurement data from a first point for transmitting measurement data to a second point for receiving measurement data.

On the other hand, by capturing the data transmitted and received by a user who is actually using the network at the entrance and the exit of the network, End to End
Has been devised to measure the quality of service (transmission delay, packet loss).

In this method, data transmitted and received by a user who is actually using the network is captured at a first point, which is the entrance of the network, and a time stamp is added thereto. The second point is also captured and time stamped. The above method compares the information captured at the ingress and egress to detect a matched pair, detects the transmission delay by comparing its time stamps, and also eliminates the loss from packets that cannot form a matched pair. It is something to detect.

Japanese Unexamined Patent Publication No. 9-261254 discloses End.
An example of a measurement system for measuring the service quality of to End is described. In the service quality measuring system described in this publication, the service quality provided by the network is measured by measuring cell delay and loss.

That is, the above service quality measuring system comprises a passive monitoring probe for measuring the service quality provided from the network, an event capturing device, and a measuring station. The cells captured by the passive monitoring probe installed at the first point, which is the entrance to the network, are sent to the event capturing device, time stamped by the event capturing device, and what is detected as an event is "event report". Detected as. At the second point, which is the exit point of the network, as in the case of the first point described above, the cell is captured and the “event report” is detected.

As described above, the "event report" detected at the entrance and the exit of the network is sent to the measurement station. The “event report” sent to the measurement station is made to wait in the entrance queue and the exit queue, respectively. The measurement station determines the coincident event report by comparing the head event report of each queue with the first N event reports of the other queue, and measures the cell delay and loss.

[0008]

In the above-mentioned conventional quality of service measuring method, since it is necessary to notify the measuring station of information sufficient to uniquely identify a packet, the event report captured by the probe is transmitted. There is a problem that the capacity (bandwidth) of the transmission line required to notify the measuring station becomes large.

Since the measuring station compares the information (event report) of the packets captured at the entrance and the exit of the network and detects a matching pair, the information that can uniquely identify the packet is reported as the event report. It is necessary to notify the measurement station as. In this case, since it is difficult to uniquely identify the packet only by the information of the header part of the packet, it is necessary to notify the information of the data part. However, since the matching pair is detected by directly copying the information transmitted by the user and comparing it, since the copied transmission data of the user flows through the service quality measuring system,
There is a data security problem with wiretapping of data.

However, when all the information of the data part is notified, the information added by the probe such as the time stamp is added to the data part, and thus the line capacity larger than the capacity of the transmission line to be measured is required. Will end up. In particular, on the measurement station side, since information is notified from a plurality of probes, it is necessary to secure transmission capacity for the number of probes, and it is necessary to secure a larger capacity line.

For this reason, the transmission capacity required by the service quality monitoring system (the management network required for exchanging information between the service quality measuring systems, rather than the transmission line capacity of the monitored network which is the QoS measurement object). Even the reversal phenomenon that the transmission capacity) becomes larger may occur.

In the conventional service quality measuring method,
There is a problem that a large-capacity storage device is required because all the notified event reports must be stored for a certain period of time until a matching pair is detected by the matching process.

Since information is notified from a plurality of probes on the measuring station side, it is necessary to secure a storage capacity for the number of probes, and a larger capacity storage device is required.

Further, in the conventional service quality measuring method, if the size of the event report is large, it takes a long time to match the event reports in order to search the matching pair, so that it takes time to search the matching pair. There is a problem.

The measuring station compares the information (event report) of the packets captured at the entrance and the exit of the network and detects a matching pair. Here, if the information (size of the event report) to be compared in order to detect the matching pair is large, the time required for the comparison also becomes large. In order to detect a matched pair at high speed, it is necessary to reduce the size of event reports to be compared.

Furthermore, according to the conventional service quality measuring method, it is difficult to effectively reduce the size of the event report while leaving meaningful information that can uniquely identify the packet. The problem is that it is difficult to reduce the size of the report.

As a method for reducing the size of the event report, it is conceivable to reduce the size of the data part by using a compression algorithm. However, since it is not known what kind of information is contained in the data part, even if it is simply compressed, the size of the data part does not always decrease as expected. This is because many pieces of information such as image data cannot be compressed as expected by the compression algorithm due to the fact that pre-compressed information enters the data part and the characteristics of the data itself (the structure of the data).

Therefore, it is conceivable to reduce the size of the event report by analyzing the contents of the data part and extracting meaningful information that can uniquely identify the packet. This is to reduce the size of the event report by sampling a part of the data part (head, center, end, etc.) to extract meaningful information that can uniquely identify the packet. It is possible.

However, since the size (header part, data part) of the IP packet is variable, it cannot be acquired fixedly (fixing the acquisition position and size). On the other hand, it is conceivable to change the “acquisition position” or the “acquisition size” as the feature amount according to the size of the data part.

When the size of the event report is reduced by sampling a part of such data (a part of the head, the center, the end, etc.), only a part of the data (for example, one character) is changed. If the changed data parts are not sampled properly when the changed data parts are transmitted continuously, in fact, different data parts will be erroneously detected as the same.

In order to solve this, it is conceivable to analyze the content (meaning) of the data part to extract information that can uniquely identify the packet and reduce the size of the event report. .

In recent years, in order to ensure the security of data, it is generally performed to encrypt and transmit the data. Since the meaningful information cannot be extracted from this encrypted data, the size of the event report cannot be reduced even by the above method. That is, it is not possible to deal with the encrypted packet.
in this case,

Therefore, an object of the present invention is to solve the above problems, ensure the security of the data transmitted by the user, and notify the measurement station of the information captured by the probe. To provide a service quality measuring system capable of reducing the capacity (bandwidth) of a transmission line and capable of reliably uniquely identifying a packet when detecting a matching pair, and a service quality measuring method used therefor. is there.

Another object of the present invention is to ensure the security of the data transmitted by the user, reduce the storage capacity (buffer capacity) of the measuring station, and achieve high-speed matching pair detection processing. It is to provide a service quality measuring system capable of performing the above and a service quality measuring method used for the same.

[0025]

A service quality measuring system according to the present invention is a service quality measuring system for measuring the service quality of a network for transmitting a data unit having characteristic information including at least a source and a destination. Calculating characteristic information of the data unit obtained by calculating a hash value using a hash function for the data unit at least at the entrance and the exit of the network determined from the source and the destination of the data unit Means, a match detecting means for detecting a match between the characteristic information calculated at the entrance and the exit, and a quality measuring means for measuring the service quality of the network based on a pair of data units for which a match is detected. ing.

A service quality measuring method according to the present invention is a service quality measuring method for measuring a service quality of a network which transmits a data unit having characteristic information including at least a source and a destination, and wherein the transmission of the data unit is performed. A characteristic information extraction step of obtaining a characteristic value of the data unit by calculating a hash value using a hash function for the data unit at least at the entrance and the exit of the network determined from the source and the destination; And a coincidence detecting step of detecting a coincidence of the characteristic information extracted at the exit, and a quality measuring step of measuring the service quality of the network based on the pair of data units in which the coincidence is detected.

That is, the service quality measuring system of the present invention obtains the hash value of the data part by the hash function, and sends this hash value to the measurement station in the event report. By sending the contents of the data part as a hash value, the security of the data sent by the user can be ensured, and the capacity of the transmission line required to send the event report is compressed ( It is possible to reduce the bandwidth).

Further, in the service quality measuring system of the present invention, since the matching pair is searched by using the header information and the hash value, the security of the data transmitted by the user can be ensured and the packet can be secured. Can be uniquely identified, and a matching pair of packets can be reliably searched.

Further, in the service quality measuring system of the present invention, the amount of information to be compared at the time of searching the matching pair is reduced by searching the matching pair using the header information and the hash value, so that the storage of the measuring station is reduced. Capacity (buffer capacity)
It is possible to perform the matching pair detection processing at high speed as well as to reduce

That is, in the service quality measuring system of the present invention, the output value (hash value) of the hash function of the hash function "regardless of the length of the original data is used.
Will always have a predetermined length. "" If the original data differs even by one character, the output value will be significantly different, so it is impossible to infer (restore) the original data from the hash value. "
The feature is used. Specifically, the monitoring probe has a hash value calculation unit.

[0031]

DESCRIPTION OF THE PREFERRED EMBODIMENTS Next, embodiments of the present invention will be described with reference to the drawings. FIG. 1 is a block diagram showing the configuration of a service quality measuring system according to an embodiment of the present invention. In FIG. 1, a service quality measuring system according to an exemplary embodiment of the present invention uses a host (#) which transmits and receives packets via a monitored network 100 which is a measuring object.
1) 1 and (# 2) 2, monitoring probes 3 and 4 for measuring the service quality of the monitored network 100, and a measurement station 5. The measurement station 5 is a management network 200.
It is connected to the monitoring probes 3 and 4 via.

The monitoring probes 3 and 4 are packet capture units 3
1, 41, time stamp assigning units 32 and 42, hash value calculating units 33 and 43, and event report generating units 34 and 44.
And the event report sending units 35 and 45 and the recording media 36 and 46
And captures packets transmitted and received via the monitored network 100. The monitoring probes 3 and 4 are information processing devices such as computers and servers.

The measurement station 5 includes an event report receiving section 51 and buffers (# 1) 52, (# for accumulating the reported event reports.
2) 53, a matching pair search unit 54 that detects a matching pair by matching the notified event report, and a QoS (Quality of Serv) from the detected matching pair.
ice) is composed of a QoS information calculation unit 55 and a recording medium 56 for recording a program for realizing each of the above units. The measurement station 5 is an information processing device such as a computer or a server.

FIG. 2 is a diagram showing an example of an event report generated by the event report generation units 34 and 44 of FIG. In FIG. 2, the event report is composed of a time stamp, the information of the captured packet including the header part information and the hash value (data part information), and the address of the probe that captured the packet.

FIG. 3 is a flowchart showing the monitoring processing by the monitoring probes 3 and 4 of FIG. 1, and FIG. 4 is a flowchart showing the matching pair detection processing by the measuring station 5 of FIG. The operation of the service quality measuring system according to the embodiment of the present invention will be described with reference to FIGS.
In addition, in the processing shown in FIG.
It is realized by executing the programs of 6,46 and
The process shown in is realized by the measurement station 5 executing the program of the recording medium 56.

The host (# 1) 1 is transmitting a packet to the host (# 2) 2. The packet reaches the host (# 2) 2 via the monitored network 100. The host (# 2) 2 receives the packet and processes it.

Here, monitoring probes 3 and 4 are installed to measure the quality of service (transmission delay time, packet loss) provided by the monitored network 100 for the packet. The monitoring probe 3 uses the packet capturing unit 31 to capture a packet at the entrance of the monitored network 100 (corresponding to the entrance of the network).
The monitoring probe 4 uses the packet capturing unit 41 to capture a packet at the exit of the monitored network 100 (corresponding to the exit of the network).

When the packet capturing unit 31 of the monitoring probe 3 captures the packet at the entrance of the network (step S1 in FIG. 3), the time stamp assigning unit 32 assigns the time stamp of the captured time to the packet (FIG. 3). Step S2).

The hash value calculation unit 33 calculates the hash value of the data part of the captured packet using the hash function (step S3 in FIG. 3). The event report generation unit 34 generates an event report from the hash value obtained by the hash value calculation unit 33, the header information of the packet, the time stamp, and the address of the monitoring probe 3 that captured the packet (FIG. 3). Step S4). An example of this event report is shown in FIG.

The event report transmission unit 35 is an event report generation unit 34.
The event report generated in step 3 is transmitted to the measurement station 5 (step S5 in FIG. 3). The event report transmitted from the monitoring probe 3 reaches the measurement station 5 via the management network 200. The measurement station 5 uses the event report receiving unit 51 to receive the event report on the network entrance side.

Here, the packet captured by the monitoring probe 3 is not lost, for example, by being lost inside the monitoring target network 100, the monitoring target network 10
The host (# 2) 2 is reached via 0. host(#
2) The packet that reached 2 is captured by the monitoring probe 4 at the exit of the network.

When the packet capturing unit 41 of the monitoring probe 4 captures the packet at the exit of the network (step S1 in FIG. 3), the time stamp assigning unit 42 assigns the time stamp of the captured time to the packet (FIG. 3). Step S2).

The hash value calculation unit 43 calculates the hash value of the data part of the captured packet using the hash function (step S3 in FIG. 3). The event report generation unit 44 generates an event report from the hash value obtained by the hash value calculation unit 43, the header information of the packet, the time stamp, and the address of the monitoring probe 4 that captured the packet (FIG. 3). Step S4).

The event report sending unit 45 is the event report generating unit 44.
The event report generated in step 3 is transmitted to the measurement station 5 (step S5 in FIG. 3). The event report transmitted from the monitoring probe 4 reaches the measurement station 5 via the management network 200. The measurement station 5 uses the event report receiving unit 51 to receive the event report on the network exit side.

The event report on the network entrance side received by the event report receiver 51 of the measurement station 5 is stored in the buffer (#
1) stored in 52 (steps S11 to S1 in FIG. 4)
3). Similarly, the event report on the network exit side received by the event report receiver 51 of the measurement station 5 is accumulated in the buffer (# 2) 53 (steps S11 and S1 in FIG. 4).
2, S14).

The match pair search unit 54 uses the buffer (# 1) 52.
The event report on the network ingress side accumulated in the above is compared with the event report on the network egress side accumulated in the buffer (# 2) 53 to search for a matching pair (step S1 in FIG. 4).
5). The matching pair search unit 54 reliably detects the matching pair in a short time by using the header information and the hash value included in the event report.

The QoS information calculation unit 55 is the matching pair search unit 54.
The QoS information (transmission delay time) is calculated from the matched pair detected by (steps S16 and S17 in FIG. 4). Further, the QoS information calculation unit 55 calculates the QoS information (packet loss) from the event report that cannot form a matching pair (steps S16 and S18 in FIG. 4). It is obvious that the target for calculating the hash value can be extended to include not only the data part but also the header part and the like, and the present invention is not limited to this.

As described above, in this embodiment, by transmitting the contents of the data portion as the hash value, the security of the data transmitted by the user can be ensured, the information is compressed, and the event report is transmitted. Therefore, it is possible to reduce the capacity (bandwidth) of the transmission line required for that.

By utilizing the characteristic of the hash function that the output value (hash value) of the hash algorithm always has a predetermined length regardless of the length of the original data, data of an arbitrary length can be obtained. IP (Internet
[Protocol) packet size is variable]] can be compressed into data (hash value) having a predetermined length.

Secondly, in the present embodiment, by searching the matching pair using the header information and the hash value, the packet can be uniquely identified, and the matching pair of the packet can be surely searched. Is possible.

Thirdly, in the present embodiment, it is possible to realize reliable detection of a matched pair by utilizing the characteristic of the hash function that if the original data is different even one character, the output values are greatly different. Become.

Fourthly, in the present embodiment, even encrypted data or data such as image data already compressed by another compression algorithm can be reliably compressed.

Fifth, in the present embodiment, the information is compressed by sending the contents of the data part as a hash value, so that the storage capacity (buffer capacity) of the measuring station can be reduced.

Sixthly, in the present embodiment, the amount of information to be compared at the time of searching for a matching pair is reduced by searching the matching pair using the header information and the hash value. It can be performed.

In this embodiment, the problems of data security and eavesdropping that the system has can be solved. The use of hash functions makes it impossible to recover the original data from the compressed data.
This makes it possible to improve security and avoid the possibility of wiretapping.

According to the principle of the present system, the information transmitted by the user is directly copied and the matched pair is detected by comparing the information with each other. Here, the copy of the information transmitted and received by the user is handled. There is a risk that wiretapping and data security problems may occur. Therefore, the information acquired by the probe that acquires the information is converted into an unrecoverable hash value by the Hach function, and the hash value is distributed as information in the system to restore the original information. It is possible to eliminate the possibility of being able to do so, and to avoid eavesdropping and data security problems.

[0057]

As described above, the service quality measuring system of the present invention is determined from a source and a destination of a data unit in a network that transmits a data unit having characteristic information including at least a source and a destination. At least at the entrance and exit of the network, the hash value is calculated for the data unit at least at the entrance and the exit to obtain the feature information of the data unit, and the match of the feature information extracted at the entrance and exit is detected, and the match is detected By measuring the quality of service of the network based on the pairs of data units that are acquired, it is possible to ensure the security of the data transmitted by the user, and it is necessary to notify the measurement station of the information captured by the probe. It is possible to reduce the capacity (bandwidth) of the transmission line to be used, and to reliably detect the matching pair when detecting a matched pair. Effect that the Tsu bets can be uniquely identified.

Further, the service quality measuring system of the present invention is a network for transmitting a data unit having characteristic information including at least a source and a destination, and at least an entrance of the network determined from the source and the destination of the data unit. And at the exit, the hash value is calculated for the data unit to obtain the characteristic information of the data unit, and the matching of the characteristic information extracted at the entrance and the exit is detected. By measuring the quality of service of the network based on the pair, it is possible to ensure the security of the data transmitted by the user, reduce the storage capacity (buffer capacity) of the measurement station, and detect the matched pair at high speed. The effect that processing can be performed is acquired.

[Brief description of drawings]

FIG. 1 is a block diagram showing a configuration of a service quality measuring system according to an embodiment of the present invention.

FIG. 2 is a diagram showing an example of an event report generated by an event report generation unit in FIG.

FIG. 3 is a flowchart showing a monitoring process by the monitoring probe of FIG.

FIG. 4 is a flowchart showing a matching pair detection process by the measuring station of FIG.

[Explanation of symbols]

1 host (# 1) 2 hosts (# 2) 3,4 Monitoring probe 5 measuring stations 31, 41 Packet capture unit 32,42 Time stamp adding section 33,43 Hash value calculator 34,44 Event report generator 35, 45 Event report sending unit 36,46,56 recording medium 51 Event Report Receiver 52 buffer (# 1) 53 buffer (# 2) 54 Matching Pair Search Section 55 QoS information calculator 100 monitored networks 200 management network

Claims (3)

[Claims] 1. A service quality measuring system for measuring a service quality of a network for transmitting a data unit having characteristic information including at least a source and a destination, the determination being made from the source and the destination of the data unit. Means for calculating a hash value using a hash function for the data unit at least at the entrance and the exit of the network to obtain the characteristic information of the data unit, and the matching of the characteristic information calculated at the entrance and the exit And a quality measuring means for measuring the quality of service of the network based on a pair of data units for which a match is detected. 2. A service quality measuring method for measuring a service quality of a network which transmits a data unit having characteristic information including at least a source and a destination, the method being determined from the source and the destination of the data unit. A characteristic information extracting step of calculating a hash value using a hash function for the data unit at least at the entrance and the exit of the network to obtain the characteristic information of the data unit; and the characteristics extracted at the entrance and the exit. A service quality measuring method comprising: a match detecting step of detecting a match of information; and a quality measuring step of measuring a service quality of the network based on a pair of data units in which a match is detected. 3. A step of providing a time stamp to the data unit that has passed through the entrance and the exit, wherein the quality measuring step measures a communication delay by a time stamp of the pair of coincident data units. The service quality measuring method according to claim 2.