JP2013192128A - Relay device and relay method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To monitor network traffic from a remote environment on a real-time basis.SOLUTION: An MPLS-enabled layer 2 switch 18a has a function to store output port information, mirrors frames that pass through a prescribed port 31 and sends the mirrored frames that are mirrored to an encapsulating part 34. The encapsulating part 34 encapsulates the flames adding a label corresponding to information including a predetermined transfer destination address and sends the encapsulated frames to a switching part 27. The switching part 27 outputs the encapsulated frames to an output port 29 corresponding to the output port information. The encapsulated frames output from the output port 29 are transferred to a measuring device in an operation center via a tunnel provided in advance in a network which includes a plurality of layer 2 switches.

Description

  The present invention relates to a relay apparatus and a relay method such as a router and a switch that relay PDU (Protocol Data Unit) information such as frames and packets in a network.

  2. Description of the Related Art Conventionally, a layer 2 switch (L2SW) that performs forwarding by determining the destination of a frame based on data in the data link layer (second layer) of the OSI reference model is known as a network relay device. By using L2SW, one-to-one data transfer is possible between a plurality of relay apparatuses.

  FIG. 18 shows a configuration example of an optical communication system. The optical communication system 1 includes an L2SW 3 provided in a station 2 of a plurality of communication companies, an L2SW 5 provided in an OPS 4 at a remote location, and a network 6 connecting them. Each station 2 constructs a PON (Passive Optical Network) to a plurality of user houses. In the PON, one OSU (Optical Subscriber Unit) 7 is point-to-multipoint via a plurality of ONUs (optical network units) 8, an optical fiber 9, and a 1 to N (N is a natural number) optical splitter 10. It is a network that performs communication. An OLT (Optical Line Terminal) 11 includes a plurality of OSUs 7 and one control unit 12. The control unit 12 is used when an administrator sets each OSU or an ONU connected to each OSU. The L2SW 3 is connected to each OSU 7 and is a large-scale demultiplexing device that multiplexes frames sent from a plurality of OSUs 7.

  By the way, in the optical communication system 1 described above, when a network is constructed or when a failure occurs, a frame flowing to a specific port of the L2SW is captured, and a traffic analysis, a cause of the failure, etc. are investigated. There is a need. In this case, the L2SW port mirroring function is used. For example, for the L2SW 3a, the monitor target port is set as the monitor port and the transmission destination port of the mirrored frame is set as the mirror port, and the measuring device 13 such as an analyzer device is connected to the mirror port. From this, by acquiring the frame mirrored by the measuring instrument 13, it is possible to analyze the traffic of the monitored port. However, in this case, it is necessary to take the measuring instrument 13 to a place where the L2SW 3a is installed. When the L2SW 3a is a remote place, it takes time to collect frames, and thus it may take time to restore communication.

  Thus, there is known an Ethernet (registered trademark) switch capable of analyzing traffic of a specific port from a remote environment (Patent Document 1). This switch includes a plurality of ports, a switching controller, control means, and storage means.

  The switching controller transfers a frame received from a predetermined port among the plurality of ports to another designated port. The control means sets a frame condition to be captured to the switching controller in accordance with the capture start request received via the network. The switching controller copies a frame that matches the set condition to the storage means as capture data. Then, in accordance with the capture acquisition request received via the network, the control means reads the capture data stored in the storage means and transfers it to the other party that issued the capture acquisition request via the network.

JP 2008-258846 A

  However, the switch described in Patent Document 1 temporarily stores a frame that matches the condition in the storage unit, and reads the frame that matches the condition from the storage unit in response to receiving the capture acquisition request. Forward to the other party that issued the capture acquisition request. For this reason, the switch described in Patent Document 1 has a drawback that it cannot monitor traffic in real time.

  In order to solve the above-described problems, an object of the present invention is to provide a relay apparatus and a relay method that can monitor network traffic and the like from a remote environment in real time.

  One aspect of the relay device illustrating the present invention includes a plurality of ports, a port mirroring processing unit that mirrors information passing through a predetermined port among the plurality of ports, and a transfer destination for mirroring information obtained by mirroring information. An encapsulating unit that adds a label for identifying a preset tunnel between nodes and encapsulates the node, and a transfer unit that transfers information encapsulated by referring to the label using the tunnel, It is equipped with. As the network, a network constructed using the MPLS protocol is desirable.

  A priority processing unit that lowers the priority of the encapsulated information and sends it to the transfer unit may be provided. In this case, a plurality of buffers provided for each predetermined priority, priority setting means for setting priority information with low priority in the encapsulated information, and priority information set in the information It is preferable to include determination control means for allocating and storing in a corresponding buffer among a plurality of buffers based on the detected priority and a reading means for reading out information in order of priority.

  As the encapsulating means, when encapsulating, a data part constituting information may be deleted or compressed. Further, when encapsulating, a sequence number may be given to the information. Further, the encapsulating unit may include a filtering unit that filters the mirroring information based on a predetermined specific condition before encapsulating.

  In the relay method of the present invention, a step of mirroring information passing through a predetermined port among a plurality of ports, and a predetermined one of a plurality of nodes connected to the network with respect to the mirroring information obtained by mirroring the information. An encapsulation step for performing encapsulation by adding a label for identifying a tunnel set with the forwarding destination node, and forwarding the encapsulated information with reference to the label using the tunnel A transfer step.

  According to the present invention, network traffic from a remote environment can be analyzed in real time.

It is explanatory drawing which shows the outline of the optical communication system using this invention. It is a block diagram which shows the layer 2 switch which constructs | assembles an optical communication system. It is explanatory drawing which shows the outline of the communication path which connects each part which comprises the layer 2 switch demonstrated in FIG. It is a block diagram which shows the flame | frame transferred to the network which comprises an optical communication system, (A) has shown the frame before encapsulation, (B) has each shown the frame after encapsulation. It is explanatory drawing explaining operation | movement of a layer 2 switch. It is a block diagram which shows other embodiment of the layer 2 switch which provided the encapsulation part in each port. It is a block diagram which shows the layer 2 switch which multiplexed the encapsulated frame with the upstream frame and transferred to the switching part. It is a block diagram which shows the layer 2 switch which encapsulated the mirroring frame transferred from the monitoring object port and mirrored by the mirror port, and transferred the encapsulated frame to the switching unit. It is a block diagram which shows embodiment which deletes a data part when performing encapsulation. It is a block diagram which shows embodiment which adds a sequence number when performing encapsulation. FIG. 6 is a frame configuration diagram showing an embodiment in which a frame to be monitored is selected by performing filtering according to a predetermined condition before performing encapsulation. FIG. 5 is a frame configuration diagram showing an embodiment in which WP is added and multiplexed and transferred to an MPLS network when performing encapsulation. It is a block diagram which shows the monitor process part of embodiment which set the priority to the encapsulated frame and the original frame, multiplexed and transferred from the frame with a high priority. It is a block diagram which shows the layer 2 switch which provided the monitor process part demonstrated in FIG. 13 between the input part of the monitoring object port, and the switching part. It is a block diagram which shows the layer 2 switch of embodiment which made the encapsulated frame output to an output transmission path without letting a switching part pass. It is a block diagram which shows the flame | frame of embodiment which provides a time stamp when mirroring. It is a block diagram which shows the layer 2 switch of embodiment which provided the decapsulation part in the mirror port so that monitoring could also be carried out by the own apparatus. It is explanatory drawing which shows the outline of the optical communication system demonstrated by the prior art.

  As shown in FIG. 1, an aspect of the optical communication system 15 using the present invention includes an L2SW 18 provided in each station 16 and an L2SW 18b provided in an operation center (OPS) 17 with Ethernet and MPLS (Multi-Protocol Label). Switching) network 19 is constructed. In the MPLS network 19, each L2SW 18 holds output port information indicating to which L2SW 18 a frame (information) is transferred, and a tunnel LSP (Label Switched Path) is determined by the output port information held in each L2SW. (Hereinafter referred to as “tunnel”).

  The management server 20 is connected to a specific port, and the measuring device 21 is connected to another port of the L2SW 18b of the OPS 17. An operation system (OpS) for controlling the network 19 is installed in the management server 20. The measuring device 21 monitors traffic of a frame passing through a specific port of the L2SW 18a installed in the remote station 16a.

  Each L2SW 18 has a port mirroring function. Each L2SW 18 is determined for each label under the control of the management server 20 in order to create a tunnel 22 for transferring a frame from the L2SW 18a that designates a monitored port to the measuring device 21 of the OPS 17. A label table describing output port information is distributed. The MPLS-compatible L2SW 18a attaches a label for tunnel identification to the frame, executes encapsulation, and transfers the encapsulated frame to the output port corresponding to the label, thereby transferring it to the measuring device 21 through the tunnel 22.

  The L2SW 18b of the OPS 17 refers to the label table, determines an output port based on the label, and transfers the encapsulated frame to the measuring device 21. The measuring device 21 includes a decapsulation unit (not shown) that decapsulates the encapsulated frame.

  As shown in FIG. 2, the L2SW 18a includes a plurality of physical ports 25, a monitor processing unit 26, a switching unit 27, and a control unit 28 that comprehensively controls them. The physical port 25 is composed of 1 to N (N is a natural number) ports, for example, first to fourth ports 29 to 32. As is well known, each of the ports 29 to 32 has an input section (receiving LAN interface) (not shown) to which an input transmission path (not shown) is connected, and an output section (not shown) to which an output transmission path (not shown) is connected. A transmission LAN interface (not shown), a mirroring unit (not shown), and an interface control unit (not shown) for controlling them.

  The input unit terminates the frame input from the input transmission path and outputs it to the switching unit 27. The switching unit 27 performs frame transfer between the ports 29 to 32. The output unit outputs the frame transferred from the switching unit 27 to the output transmission path. The mirroring unit mirrors a specific frame under the control of the control unit, and transfers the mirrored frame to the monitor processing unit 26.

  The monitor processing unit 26 is connected between the ports 29 to 32 and the switching unit 27 by using a dedicated communication path 33 such as a serial bus, for example, and labels the frame to be mirrored (mirroring frame). An encapsulating unit 34 for providing and encapsulating is provided. Further, when encapsulating, the encapsulating unit 34 puts a bit indicating that it is an MPLS frame in the ether type constituting the mirroring frame. Note that the frame is transferred between the physical port 25 and the switching unit 27 through the communication path 35 provided individually. The switching unit 27 includes a frame buffer (not shown).

  As shown in FIG. 3, the control unit 28 includes a transfer table unit 44, a port mirroring processing unit 36, a label table unit 37, and a label storage unit 38, which are connected to the units 25, 26, 27, and 40. The control signals are communicated using the control communication paths 45 that are individually connected to each other, thereby controlling the units 25, 26, 27, and 40 in an integrated manner. In the transfer table unit 44, a table in which each port 29 to 32 and a node connected to the destination of the port 29 to 32, here, a destination address of the adjacent L2SW 18 is associated is registered.

  The port mirroring processing unit 36 controls a mirroring unit of one or a plurality of monitored ports selected from the plurality of ports 29 to 32, that is, the third port 32 in the example shown in FIG. Is sent to the switching unit 27. The monitoring target port is specified by control from the management server 20 that is remotely connected from a remote location. In addition, a memory 40 is connected to the control unit 28, and the identification address (MAC address) of the own station is stored in the memory 40.

  A label table determined for each network is registered in the label table unit 37. This table is a table in which information on a frame to which a label is attached (frame to be monitored in this example) and output port information on which port the frame is output for each label are described. The label table is transferred from the management server 20 that is remotely connected from a remote location.

  The label storage unit 38 stores a tunnel identification label for transfer to the destination address of the measuring device 21 that is a transfer destination under the control of the management server 20. In the network 19, a tunnel for transferring from the address of the L2SW 18 a to the destination address of the measuring instrument 21 is created based on the output port information described in the label table distributed from the management server 20 to each L2SW 18.

  The monitor processing unit 26 has an encapsulation unit 34. The encapsulation unit 34 acquires the mirroring frame from the third port 31, adds a tunnel identification label read from the label storage unit 38 to the address of the measuring instrument 21 to the mirroring frame, and adds the frame to the mirroring frame. Encapsulation is executed by inserting a bit indicating MPLS into the configured Ether type, and the encapsulated frame is transmitted to the switching unit 27. The switching unit 27 selects an encapsulated frame with reference to the ether type, refers to a label of the selected encapsulated frame, refers to output port information, and selects an output port corresponding to the label. The frame encapsulated in the determined output port, in this example, the first port 29 is output.

  As shown in FIG. 4, the encapsulated frame 41 has an MPLS label (short fixed-length identification mark) [LB] 43 added to [data] with respect to the mirroring frame 42 before encapsulation. It is in the form. That is, the label [LB] 43 is given in the frame. In the figure, “DA” is a destination address (Destination Address), “SA” is a source address (Source Address), and [ET] 39 is an Ether frame type, that is, MPLS at the time of encapsulation. “FCS” is a frame check sequence (Frame Check Sequence) for error checking.

  The operation of the above configuration will be described. The measuring instrument 21 is connected to the L2SW 18b of the OPS 17. In the network 19, output port information and the like are distributed to the label table unit 37 of each L2SW 18 under the control of the management server 20, and the output port information stored in each L2SW 18 starts from the output port of the L2SW 18a and the L2SW 18b. A label tunnel corresponding to a route between the output port to which the measuring device 21 is connected as an end point is created.

  In the L2SW 18a, the monitoring port to be monitored is set as the third port 31 and the first port 29 different from the third port 31 is set as the MPLS frame output port under the control of the management server 20. Further, a tunnel identification label for transfer to the destination address of the measuring instrument 21 is delivered to the label storage unit 38 to the L2SW 18a.

  The port mirroring processing unit 36 controls the monitoring unit provided in the third port 31 and, as shown in FIG. 5, the original frame input to the third port 31 designated as the monitoring target is directly used as the switching unit 27. , The original frame is mirrored, and the mirrored mirroring frame is sent to the encapsulation unit 34. Note that general frames input from the input units 29a, 30a, and 32a of the other ports 29, 30, and 32 are sent to the switching unit 27 as they are.

  In addition, the port mirroring processing unit 36 performs mirroring control of the frame output from the switching unit 27 to the output unit 31 b of the third port 31. That is, the original frame output to the third port 31 designated as the monitoring target is sent to the output unit 31b of the third port 31 as it is, and the original frame is mirrored, and the mirrored mirrored frame is encapsulated unit 34. Send to. As a result, the input frame or output frame passing through the third port 31 is mirrored and transferred to the encapsulation unit 34.

  The encapsulation unit 34 reads the label stored in the label storage unit 38, adds the label [LB] 43 to the mirroring frame based on the read label, and performs the encapsulation. At the time of the encapsulation, information indicating that MPLS is set in the ether type [ET] 39 is set and the encapsulation is executed. The encapsulating unit 34 sends the encapsulated frame to the switching unit 27.

  If the frame is an MPLS frame with reference to the ether type [ET] 39 of the encapsulated frame, the switching unit 27 refers to the label table to determine an output port corresponding to the label, and is encapsulated in that port. Output the frame.

  The encapsulated frame is transferred from the output unit 29 b of the first port 29. In the intermediate section of the MPLS network, when it is determined that the frame is an MPLS frame based on the ether type [ET] 39, the transfer path of the encapsulated frame is determined based on the label [LB] 43. In this way, the encapsulated frame is transferred using the tunnel 22 to the port to which the measuring device 21 of the 2SW 18b is connected.

  The decapsulation unit of the measuring device 21 sorts the MPLS frame by referring to the ether type [ET] 39 and performs decapsulation on the encapsulated frame. In the decapsulation, the label [LB] 43 is removed from the encapsulated frame, and the frame before being encapsulated is restored. Thereby, the measuring instrument 21 can monitor the original frame transmitted / received by the 3rd port 31 of L2SW18a installed in the remote station building 16a in real time.

[Second Embodiment]
As shown in FIG. 6, the L2SW 45 according to the second embodiment has a configuration in which the encapsulation unit 50 is provided in each of the ports 46 to 49. Each port 46 to 49 is controlled by the control unit 28. The port mirroring processing unit 36 mirrors the original frame passing through the port designated as the monitoring target, which is the third port 48 in the figure. The encapsulation unit 50 of the port 48 performs encapsulation on the mirroring frame. The encapsulated mirroring frame is sent to the switching unit 27. The switching unit 27 sends the encapsulated frame to the L2SW 18b provided in the OPS 17 via the first port 46. In this embodiment, the encapsulated frame is transmitted using the communication path 51 provided between each port 46 to 49 and the switching unit 27. The communication path 51 is a communication path for sending the original frame to the switching unit 27.

[Third Embodiment]
As shown in FIG. 7, the L2SW 53 according to the third embodiment includes an encapsulation unit 58 and a multiplexing transfer unit 59 in each of the ports 54 to 57. Each of the ports 54 to 57 and the switching unit 27 are connected by an individual communication path 60 for transmitting an upstream / downstream frame. Here, in the figure, the third port 56 is designated as the monitoring target port. The encapsulation unit 58 of the third port 56 mirrors the original frame and performs encapsulation on the mirrored frame. The multiplex transfer unit 59 multiplexes the encapsulated frame with the upstream original frame using each communication path 60 and transfers the multiplexed frame to the switching unit 27. Here, each communication path 60 is set to have a faster transfer rate than the ports 54 to 57. Thereby, even if the upstream original frame is multiplexed, the delay frame is not discarded, and therefore, the encapsulated frame can be multiplexed and transferred to the upstream original frame. The arrow with the sign indicates the direction in which the encapsulated frame flows.

[Fourth Embodiment]
As shown in FIG. 8, the L2SW 62 of the fourth embodiment has a port monitoring mechanism, and a frame that passes through a preselected monitoring target port among the plurality of ports 65 to 69, in the figure, the third port 67. Mirroring is performed, and the mirroring frame is output from the other specific port, which is the fifth port (mirror port) 69 in the figure, to the output transmission path. Each of the ports 65 to 69 includes an encapsulation unit 63 and a transfer unit 64 in each of the ports 65 to 69, and other ports 65 to 68 other than the mirror port 69 are connected to the mirror port 69. Each is connected by a dedicated communication path 70. The port mirroring processing unit 36 mirrors the original frame passing through the port to be monitored designated in advance, which is the third port 67 in the figure, and sends the mirrored mirrored frame to the mirror port 69 using the dedicated communication path 70. .

  The mirror port 69 is connected to the switching unit 27 by an individual communication path 71 different from the dedicated communication path 70, and the frame encapsulated using the communication path 71 is used for switching the frame to the switching unit 27. And output to the output transmission path. The switching unit 27 transfers the encapsulated frame toward the L2SW 18b via the first port 65. Since the mirror port does not transfer the upstream frame toward the switching unit 27, there is no possibility that the upstream data is obstructed compared to the embodiment described with reference to FIG. According to the configuration described with reference to FIG. 8, it is possible to simultaneously perform monitoring using the physical port at the site (own station) and monitoring at the OPS 17 by connecting a measuring instrument to the mirror port 69.

[Fifth Embodiment]
In the above embodiment, a label is added to the mirroring frame when the encapsulation is performed by the encapsulating unit. However, in the embodiment shown in FIG. ) 73 may be deleted, and only header information composed of [DA] [SA] [ET] and [LB] may be encapsulated. According to this, it becomes possible to greatly reduce the traffic of the MPLS network. The OPS 17 cannot monitor the contents of the decapsulated data, but can monitor information such as a frame transmission source, a transmission destination, and a frame type. Basically, the minimum frame length in Ethernet is “512” bits = 64 bytes, and when the data to be transmitted is small and the frame length is less than 64 bytes, the shortage is filled with “0” and 64 bytes. For this reason, the data area to be deleted is described as [padding] 74 in FIG. Further, instead of deleting the data part, the [data] part may be compressed. In the above embodiment, the data portion 74 is deleted and only the ether frame head information is transferred. However, the present invention is not limited to this, and the upper layer TCP header of the ether header, IP The header and the like may be transferred. In this case, of course, it is only necessary to delete only the data portion 74 therein.

[Sixth Embodiment]
In the embodiment shown in FIG. 10, a sequence number [SN] (Sequence Number) 76 may be given in the mirroring frame 75 when the encapsulation unit performs the encapsulation. In this case, the OPS 17 can detect the frame loss at the time of transfer by the mirroring frame 72 by checking the sequence number, and it can be discarded by the L2SW having the monitored port and the tunnel by the LSP of the MPLS network. This makes it possible to distinguish between disposal and disposal.

[Seventh Embodiment]
The L2SW 77 according to the seventh embodiment is provided with a filtering unit 79 in the monitor processing unit 80 as shown in FIG. 11 in order to reduce traffic in the MPLS network. The encapsulation unit 78 has the same configuration as described in FIG. The filtering unit 79 is connected before the encapsulating unit 78 and refers to the header information of the mirroring frame and sends a mirroring frame having specific conditions such as a specific destination, a source address, and a frame type to the encapsulating unit 78. Block other mirroring frames. As a result, traffic on the MPLS network can be significantly reduced. For example, by performing filtering with the destination address of the mirroring frame, only the mirroring frame destined for a specific destination is encapsulated. In the OPS 17, it is possible to monitor only frames destined for a specific destination. Note that the filtering unit 79 may perform filtering using the VLAN information of the mirroring frame. In this case, only a specific VLAN can be monitored.

[Eighth Embodiment]
The eighth embodiment is an example in which the frames passing through the output unit and the input unit of the mirroring port are not encapsulated and transferred separately, but are multiplexed and transferred. When encapsulating the mirroring frame, the encapsulating unit adds [PW] (Pseudo Wire Label) 82 to the frame so that the input unit can be distinguished from the output unit. Forwarding that determines an output destination with reference to [LB] and multiplexing based on a combination of [LB] and [PW] of the frame. The multiplexed frame is transferred to the MPLS network and sent to the OPS 17.

  In the MPLS network, a tunnel generated by the label [LB] and a plurality of tunnels generated by the pseudo wire label [PW] are set. In the OPS 17, it is possible to monitor separately by measuring devices respectively connected to two ports by referring to the [PW] of the frame. In addition, even if a plurality of tunnels based on labels are set in the network instead of pseudo wires, it is possible to multiplex and send at the MPLS layer. As a result, the frames passing through the output unit and the input unit can be separately monitored by the OPS 17.

[Ninth Embodiment]
Further, as L2SW in the ninth embodiment, when LAG (Link Aggregation) is configured for a plurality of ports in the output unit, the same label is assigned to the mirroring frame mirrored at each port and multiplexed. May be sent to the switching unit 27.

  In this case, a link aggregation group configured by logically bundling two or more of the plurality of physical lines between the plurality of ports and the transfer destination relay device (L2SW 18b) connected through the physical lines. LAG group defining means for prescribing, an encapsulating means for mirroring a frame passing through a plurality of ports collected by the LAG group defining means, and applying the same label to the mirrored mirroring frame for encapsulation, and a plurality of capsules Multiplexing transfer means for multiplexing the converted frames and transferring them using a tunnel may be provided. This makes it possible to monitor the original frame as one port at a remote location.

[Tenth embodiment]
Further, the L2SW monitor processing unit may include a priority processing unit that sets the priority of the encapsulated frame. For example, if the encapsulated frame is transmitted with the highest priority, the measuring device 21 of the OPS 17 can perform more real-time monitoring. Further, if the priority of the encapsulated frame is transferred with a low priority, the MPLS network LSP between the L2SW 18a of the monitored port and the OPS 17 can transfer with a lower influence on other traffic. It becomes possible.

  For example, as illustrated in FIG. 13, the monitor processing unit 83 includes a distribution unit 84, an encapsulation unit 85, a buffer unit 86, a MUX 89, and a determination control unit (reading control unit) 90. The distribution unit 84 selects a mirrored mirroring frame from the upstream and downstream frames and distributes the selected mirroring frame to the encapsulation unit 85. The encapsulating unit 85 encapsulates the mirroring frame. The encapsulated frame is sent to the buffer unit 86.

  The buffer unit 86 is composed of a plurality of buffers provided for each predetermined priority. In this example, the general output unit 87 for storing the original frame with high priority, and the encapsulated frame with low priority. And an MPLS output unit 88 for storing. The determination control unit 90 writes the original frame read from the general output unit 87 to the MUX 89 with high priority, and writes the encapsulated frame read from the MPLS output unit 88 to the MUX 89 with low priority. Read in order, multiplex and send.

  For example, as shown in FIG. 14, the monitor processing unit 83 described in FIG. 13 is preferably provided in each individual communication path 92 provided between each port 29 to 32 of the L2SW 91 and the switching unit 27. . In the L2SW 91, the monitoring target port is set to the port 32, and the mirror port is set to the port 29. The original frame that passes through the port 32 is mirrored, and the mirrored mirrored frame is sent to the monitor processing unit 83. The monitor processing unit 83 transfers the encapsulated frame, the upstream original frame, and the switching unit 27. At this time, as described above, the monitor processing unit 83 reads a frame with high priority from the MUX 89, multiplexes and transfers the frame.

[Eleventh embodiment]
In each of the above embodiments, the uplink or downlink frame is encapsulated and then transferred to the switching unit 27 and output to the output transmission path via a mirror port different from the monitor port. However, the present invention is not limited to this. Instead, the encapsulated frame may be output to the output transmission path without passing through the switching unit 27.

  For example, as shown in FIG. 15, the L2SW 93 includes a mirroring unit 94, an encapsulation unit 95, and a transfer unit (not shown) in each of the ports 29 to 32, or an upstream through a designated port, for example, the port 32, or The downstream frame is copied by the mirroring unit 94, the copied frame is encapsulated by the encapsulation unit 95, and the transfer unit outputs the encapsulated frame to the output transmission path. In this case, the monitor port and the MPLS frame output port are the same port.

[Twelfth embodiment]
In each of the above embodiments, the label 43 is given in the frame by the encapsulating unit, but in addition to this, a time stamp may be given when the upstream or downstream frame is mirrored by the mirroring unit. In this case, for example, a time stamp [TS] 96 is given before the data portion 101. The time stamp is composed of output time when mirroring or time certification information of input time. As a result, as shown in FIG. 16, the encapsulated frame 102 is given a time stamp 96 between the label 43 and the data portion 101. Note that the time stamp [TS] 96 may be added after the data portion 101. According to this, the frame interval at the monitored port can be grasped by the measuring device 21 arranged in the OPS 17 without being affected by the fluctuation of the frame interval generated in the MPLS network.

[Thirteenth embodiment]
In each of the above embodiments, the description is given for the purpose of performing remote monitoring with a measuring instrument provided in the OPS 17, but the present invention is not limited to this, and a configuration in which monitoring is performed by connecting a measuring instrument in a station building. It is good. In this case, for example, as shown in FIG. 17, the L2SW 97 includes a monitor processing unit 80 and a decapsulation unit 99. The monitor processing unit 80 has the same configuration as described in FIG. Here, in the figure, the third port 31 is designated as the monitoring target port, and the first port 98 is the mirror port. The switching unit 27 sorts and transfers the encapsulated frame to the first port 98 with reference to the label. The first port 98 is provided with a decapsulation unit 99. The decapsulation unit 99 decapsulates the encapsulated frame. A measuring device 100 is connected to the mirror port, and the measuring device 100 monitors the decapsulated frame. Thus, by passing the encapsulated frame through the L2SW 97, it is possible to monitor and output the encapsulated frame to an arbitrary port while suppressing the influence on other frames.

  In each of the above embodiments, a layer 2 switch has been described. However, the present invention is not limited to this, and can be applied to a relay device such as a higher layer switch or a router. In the case of a layer 3 switch, that is, a router, instead of output port information, it is only necessary to hold path information starting from the address of the switch to be monitored and ending at the transfer destination address. In addition, the encapsulation unit of the present invention may have a configuration in which a VLAN identifier is assigned to a mirroring frame, multiplexed with the original frame, and transferred.

  Further, in each of the above embodiments, the network is described as constructed by the MPLS protocol. However, the present invention is not limited to this, and an IP tunnel is set using IP (Internet Protocol) -VPN (Virtual Private Network). May be.

  As mentioned above, although this invention is demonstrated based on each embodiment, each embodiment is an illustration, Various modifications are possible for the combination of each of those component and each processing process, and such a modification. Are within the scope of the present invention.

1,15 Optical communication system 2,16 Office 3,18,45,53,62,77,91,93,97 L2SW (Layer 2 switch)
4,17 OPS (Operation Center)
20 Management Server 22 Tunnel 25 Physical Port 26 Monitor Processing Unit 34, 50, 58, 63, 78, 85, 95 Encapsulation Unit

Claims (11)

In a relay device that relays information in a network,
Multiple ports,
A port mirroring processing unit that mirrors information passing through a predetermined port among the plurality of ports;
An encapsulating unit that performs encapsulation by adding a label for identifying a tunnel that is set in advance with a transfer destination node to mirroring information obtained by mirroring the information;
A transfer unit that transfers the encapsulated information using the tunnel by referring to the label;
A relay device comprising:   The relay apparatus according to claim 1, wherein the network is a network constructed using an MPLS protocol.   The relay apparatus according to claim 1, further comprising a priority processing unit that lowers the priority of the encapsulated information and sends the information to the transfer unit. The priority processing unit includes:
A plurality of buffers provided for each predetermined priority;
Priority setting means for setting priority information having a low priority in the encapsulated information;
Allocating means for detecting priority information set in the information, allocating to and storing the corresponding buffer among the plurality of buffers based on the detected priority;
Read control means for reading in order from high priority information,
The relay apparatus according to claim 3, further comprising:   5. The relay device according to claim 1, wherein the encapsulating unit deletes or compresses a data part constituting the information when encapsulating. 6.   6. The relay apparatus according to claim 1, wherein the encapsulating unit assigns a sequence number to the information when encapsulating.   7. The filtering unit according to claim 1, further comprising a filtering unit that filters the mirroring information based on a predetermined condition before the encapsulation unit performs encapsulation. Relay device.   The relay apparatus according to claim 1, wherein the port mirroring processing unit adds a time stamp to the information when mirroring. In a relay method for relaying information in a network,
Mirroring information passing through a predetermined port of the plurality of ports;
To the mirroring information obtained by mirroring the information, a label for identifying a tunnel set between a plurality of nodes connected to the network and a predetermined transfer destination node is added. An encapsulation step for performing the encapsulation;
A forwarding step of forwarding the encapsulated information with reference to the label using the tunnel;
The relay method characterized by including.   The relay method according to claim 9, further comprising a priority setting step for lowering a priority of the information encapsulated in the encapsulation step. The priority setting step includes:
Setting priority information with low priority to the encapsulated information;
Detecting priority information set in the information, allocating and storing it in a corresponding buffer among a plurality of buffers provided for each priority determined in advance based on the detected priority;
Reading and sending information in order from the highest priority information;
The relay method according to claim 10, comprising:

Images