JP2015002438A - Communication system, management device, management method, and management program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To shorten communication delay.SOLUTION: When a cloud controller 30 accepts a migration execution request from a user terminal 10, the cloud controller 30 has a VM operating in a base (Sapporo) 1 migrate to a base (Fukuoka) 11. After executing migration of the VM, the cloud controller 30 sets the virtual machine having migrated as a relay object virtual machine for a router to which the same address is set within the same network segment and which is a migration destination.

Description

  The present invention relates to a communication system, a management apparatus, a management method, and a management program.

  In recent years, cloud computing has become widespread, and a virtual environment is constructed using resources of a physical server installed in a data center to provide various services to users. In addition, an L2 network is built across different data centers using virtual switches.

  For example, a description will be given by taking as an example a company (Z) that implements a department server, an accounting server, an attendance / leaving management server, a file server, and the like by a virtual machine (hereinafter sometimes referred to as a VM (Virtual Machine)). In the company (Z), the virtual machine (A) and the virtual machine (B) are operated at the data center (X) of the base (Sapporo), and the virtual machine (C) is operated at the data center (Y) of the base (Fukuoka). The virtual machine (D) is operated. Then, the data center (X) and the data center (Y) are connected by a virtual L2 network using a virtual switch such as Open vSwitch.

  In this way, in the company (Z), by realizing communication between virtual machines that operate in different data centers and provide each service, employees at each base can be made independent of the base, Provide various services.

Hisashi Ishii, Kazue Ueno, Keisuke Tagami, Koji Iida, Tomonari Fujita, Kazutaka Morita, "Open Source laaS Cloud Platform OpenStack", NTT Technology Journal Vol.23, No.8, 2011. Hideo Kitazume, Takaaki Koyama, Yoshitake Tajima, Toshiharu Kishi, Atsuko Inoue, "Network Virtualization Technology that Supports Cloud Services", NTT Technology Journal Vol.23, No.10, 2011.

  However, the above technique has a problem that when a virtual machine migration or the like occurs, the communication path becomes redundant and a communication delay occurs.

  As an example, the company (Z) will be described as an example. In a situation where an employee's personal computer (hereinafter sometimes referred to as a PC) uses a virtual machine connected to each site using the Internet or the like. Suppose that a virtual machine (B) is migrated to the data center (Y) of the base (Fukuoka) in order to improve convenience, etc., as an employee of the base (Sapporo) travels to the base (Fukuoka). . In this case, the default gateway (hereinafter sometimes abbreviated as “default GW”) of the PC of the employee who uses the Internet is the IP address of the router designated by ISP (Internet Service Provider). The default gateway of the migrated virtual machine (B) is set to the router of the migration source data center (X).

  For this reason, when an employee accesses the virtual machine (B) from a business trip destination in Fukuoka, the employee's PC sends a response from the virtual machine (B) to the data center (Y) at the business trip destination (Fukuoka), The data is received via the virtual L2 network between the data centers and the data center (X) of the base (Sapporo) that is the business trip source. In other words, the employee's PC receives a response from the virtual machine (B) via the business trip source even though the virtual machine (B) is migrated to the business trip destination in accordance with the business trip. As described above, the communication distance from the virtual machine (B) to the user terminal is increased, and the delay is increased unnecessarily.

  Although it is conceivable to change the default gateway of the virtual machine (B), it is not realistic from the viewpoint of security to allow an employee who is not an administrator to change the network settings.

  The disclosed technique has been made in view of the above, and an object thereof is to provide a communication system, a management apparatus, a management method, and a management program capable of reducing communication delay.

  An embodiment of the present application includes: a first network device installed at a first base; a second network device installed at a second base; and the first network device or the second network device And a management device that manages a virtual machine that relays communication, and each network device is a communication system in which the same IP (Internet Protocol) address is set in the same network segment, and the management device includes the management device A migration execution unit that migrates a virtual machine that operates at the first base to the second base, and after the migration is executed by the migration execution unit, the same IP address is set in the same network segment. Among network devices, for the network device at the second base, A setting unit configured to set the migrated virtual machine as a relay target virtual machine, and the network device stores the address information of the virtual machine to be relayed, and the network device from the virtual machine A receiving unit that receives an address request for inquiring about a MAC (Media Access Control) address, and address information of a transmission source included in the address request received by the receiving unit is stored in the storage unit, And a response unit that responds to the MAC address of the network device with respect to the transmission source virtual machine.

  According to an embodiment of the present application, communication delay can be reduced.

FIG. 1 is a diagram illustrating an example of the overall configuration of a system according to the first embodiment. FIG. 2 is a diagram illustrating a hierarchical structure of physical servers that operate VMs. FIG. 3 is a functional block diagram illustrating a functional configuration of the cloud controller. FIG. 4 is a diagram illustrating an example of information stored in the router management table. FIG. 5 is a diagram illustrating an example of information stored in the VM management table. FIG. 6 is a functional block diagram showing the functional configuration of the router. FIG. 7 is a diagram illustrating an example of information stored in the management target table. FIG. 8 is a diagram illustrating an example of information stored in the synchronization information table. FIG. 9 is a diagram illustrating a specific example in which the relay target is changed after VM migration. FIG. 10 shows an example of a screen for registering business trip information. FIG. 11 is a diagram illustrating an example of updating the management target table. FIG. 12 is a diagram illustrating an example of the ARP request. FIG. 13 is a diagram illustrating an example of the ARP response. FIG. 14 is a diagram illustrating an example of updating the ARP table. FIG. 15 is a diagram illustrating an example in which the route after migration is changed. FIG. 16 is a flowchart showing a flow of IP address setting processing in the cloud controller according to the first embodiment. FIG. 17 is a flowchart showing a flow of ARP response processing executed by the router according to the first embodiment. FIG. 18 is a flowchart illustrating a flow of synchronization processing between routers according to the second embodiment. FIG. 19 is a flowchart showing a flow of ARP response processing executed by the router according to the second embodiment. FIG. 20 is a diagram illustrating a computer that executes a management program.

  Hereinafter, embodiments of a communication system, a management device, a management method, and a management program disclosed in the present application will be described in detail based on the drawings. In addition, this invention is not limited by this embodiment. Embodiments described below can be appropriately combined within a consistent range.

[First Embodiment]
(overall structure)
FIG. 1 is a diagram illustrating an example of the overall configuration of a system according to the first embodiment. As shown in FIG. 1, this system is a system that connects, for example, corporate bases via a network. Each of the base (Sapporo) 1 and base (Fukuoka) 11 having a data center and a Web server 50 are connected to the Internet. Network 20.

  The Web server 50 is a server device that receives information about a virtual machine to be migrated from the user terminal 10, and is realized by a physical device. For example, the Web server 50 receives an instruction to migrate the VM (B) operating at the base (Sapporo) 1 to the base (Fukuoka) 11 and transmits the received instruction content to the cloud controller 30 described later.

  For example, when receiving a migration request from the user terminal 10, the Web server 50 displays a Web screen or the like on the user terminal 10. Then, the Web server 50 receives input of the migration target and the migration destination on the Web screen, and transmits the received information to the cloud controller 30.

(Base (Sapporo))
The base (Sapporo) 1 has a user terminal 10 and a data center 2. The user terminal 10 is a terminal device that accesses a virtual machine operating in the data center 2 or the data center 12 of the base (Fukuoka) 11 and uses various services, such as a laptop computer or a smartphone.

  The data center 2 is a data center in which one or more physical servers are installed, and may be described as a virtual machine using the cloud controller 30 or physical resources of the physical server. The physical resources include a communication interface, a processor, a memory, and a hard disk.

  Specifically, the data center 2 includes a CE (Customer Edge) router 3, a router 4, an OVS (Open vSwitch) 5, a VM (A), a VM (B), and a cloud controller 30. The CE router 3 is an edge router installed at the boundary between a telecommunications carrier network 1a such as the Internet and a corporate network such as a corporate LAN (Local Area Network). The CE router 3 is realized by a physical device. The

  The router 4 is a router that divides the data center 2 of the base (Sapporo) 1 and the data center 12 of the base (Fukuoka) 11 by the same network segment 22 in the corporate network. That is, the router 4 relays communication between the user terminal 10 and each VM in each data center. The interface 4a of the router 4 is an interface connected to the CE router 3, and “IP (4a)” is set as an IP (Internet Protocol) address. The interface 4b of the router 4 is an interface connected to each VM, and “IP (10)” is set as the IP address.

  Accordingly, “IP (4a)” is connected as a default gateway to the user terminal 10 used in the base (Sapporo) 1. For this reason, the user terminal 10 accesses via the router 4 when accessing each VM. The router 4 may be realized with a virtual machine or a physical device.

  The OVS 5 is a switch that relays each router and each VM of each data center, and is a virtual switch that connects the data centers with the virtual L2 network 21 in cooperation with the OVS 15 of the data center 12. For example, the OVS 5 is connected to the interface 4 b of the router 4, VM (A), VM (B), the OVS 15 of the data center 12, and the cloud controller 30.

  The VM (A) is a virtual machine that executes, for example, a Web server or a DB server, and is set with “IP (A)” as an IP address and “MAC (A)” as a MAC (Media Access Control) address. The VM (B) is a virtual machine that executes, for example, a Web server or a DB server, and is set with “IP (B)” as the IP address and “MAC (B)” as the MAC address. These VMs communicate with the user terminal 10 via the OVS 5.

  The cloud controller 30 is a server device that manages VMs. The cloud controller 30 may be realized by a physical device or a virtual machine. For example, the cloud controller 30 stores the IP address and MAC address of a VM that operates at each site.

  In addition, the cloud controller 30 migrates a desired VM to another base by a user operation, an administrator operation, a predetermined predetermined opportunity, or the like. For example, the cloud controller 30 receives from the Web server 50 an instruction to migrate the VM (B) operating in the data center 2 to the data center 12. Then, the cloud controller 30 migrates the VM (B) to the data center 12 according to the received instruction. In addition, the cloud controller 30 may start the migration by directly accepting an operation from a network administrator or a maintenance person without using a Web server.

  In the present embodiment, an example in which the cloud controller 30 is installed in the data center 2 of the base (Sapporo) 1 has been described. However, the present invention is not limited to this. For example, it may be installed in the data center 12 of the base (Fukuoka) 11. A server in which the cloud controller 30 and the Web server 50 are integrated may be connected to the Internet 20.

  When the cloud controller 30 is connected to the Internet 20, communication from the cloud controller 30 to each VM undergoes address conversion and port conversion by the router 4 or the like. Further, the cloud controller 30 and each VM or the like may be connected by encrypted tunneling communication or the like.

(Base (Fukuoka))
The base (Fukuoka) 11 has a data center 12. The data center 12 is a data center in which one or more physical servers are installed and a virtual machine is operated using physical resources of the physical server.

  Specifically, the data center 12 includes a CE router 13, a router 14, an OVS 15, a VM (C), and a VM (D). The CE router 13 is an edge router installed at the boundary between a telecommunications carrier network 11a such as the Internet and a corporate network such as a corporate LAN. The CE router 13 is realized by a physical device.

  The router 14 is a router that divides the data center 2 of the base (Sapporo) 1 and the data center 12 of the base (Fukuoka) 11 by the same network segment 22 in the corporate network. That is, the router 14 relays communication between the external device and each VM in each data center. The interface 14a of the router 14 is an interface connected to the CE router 13, and “IP (14a)” is set as the IP address. The interface 14b of the router 14 is an interface connected to each VM, and “IP (10)” is set as the IP address. The router 14 may be realized by a virtual machine or a physical device.

  The OVS 15 is a switch that relays each router and each VM of each data center, and is a virtual switch that connects the data centers with the virtual L2 network 21 in cooperation with the OVS 5 of the data center 2. For example, the OVS 15 is connected to the interface 14 b of the router 14, VM (C), VM (D), and the OVS 5 of the data center 2.

  The VM (C) is a virtual machine that executes, for example, a Web server or a DB server, and “IP (C)” is set as the IP address. The VM (D) is a virtual machine that executes, for example, a Web server or a DB server, and “IP (D)” is set as the IP address. These VMs communicate with external devices outside the data center via the OVS 15.

(Network configuration)
As described above, the same IP address “IP (10)” is set in the interface 4 b of the router 4 and the interface 14 b of the router 14. Also, each VM operates in the same network segment, although the operating base is different. That is, the router 4, the router 14, the OVS 5, the OVS 15, the VM (A), the VM (B), the VM (C), and the VM (D) are connected by the virtual L2 network 21 and operate on the same network segment 22. Therefore, the router 14 of the base (Fukuoka) 11 and the VM (A) or VM (B) are communicably connected, and the router 4 of the base (Sapporo) 1 can communicate with the VM (C) or VM (D). It is connected to the.

(Hierarchical structure)
FIG. 2 is a diagram illustrating a hierarchical structure of physical servers that operate VMs. Here, an example in which the VM is operated by one physical server will be described as an example, but the present invention is not limited to this, and the operation can be performed by using a plurality of physical servers.

  In the data center 2, the physical server 6 operates, and in the data center 12, the physical server 16 operates. Each physical server is a general server device, and includes hardware, a processor, a memory, and the like.

  The physical server 6 of the data center 2 operates virtual software 6b such as a hypervisor on the hardware 6a to provide a virtual environment. The virtualization software 6b operates the virtual switch 6c.

  Similarly, the physical server 16 in the data center 12 operates virtualization software 16b such as a hypervisor on the hardware 16a to provide a virtual environment. The virtualization software 16b operates the virtual switch 16c.

  Here, the virtual switch 6 c and the virtual switch 16 c are realized using, for example, Open vSwitch, Open Flow, KVM, and the like, and construct the virtual L2 network 21. That is, different data centers are connected to each other via a virtual network.

  Each virtualization software of each physical server operates a virtual machine in a state where the virtual L2 network 21 can be used. Specifically, the virtualization software 6b operates VM (A) and VM (B) using the physical resources of the physical server 6, and each VM is transferred to the virtual L2 network 21 via the virtual switch 6c. Connecting. Similarly, the virtualization software 16b operates VM (C) and VM (D) using the physical resources of the physical server 16, and connects each VM to the virtual L2 network 21 via the virtual switch 16c. .

(Cloud controller configuration)
Next, the configuration of the cloud controller 30 shown in FIG. 1 will be described. FIG. 3 is a functional block diagram illustrating a functional configuration of the cloud controller. As illustrated in FIG. 3, the cloud controller 30 includes a communication control unit 31, a storage unit 32, and a control unit 33. Here, an example in which the cloud controller 30 is a physical device will be described. However, even when the cloud controller 30 is realized by a VM, a similar function is executed using physical resources.

  The communication control unit 31 is a processing unit that controls communication of other devices. For example, the communication control unit 31 receives a migration instruction and information related to migration from the Web server 50 and transmits various information to the routers 4 and 14.

  The storage unit 32 is a storage device such as a memory or a hard disk, and holds a router management table 32a and a VM management table 32b. When the cloud controller 30 is a virtual machine, the storage unit 32 corresponds to a memory of a physical server, a predetermined area of a hard disk, or the like assigned to the cloud controller 30.

  The router management table 32a is a table that stores information regarding VMs under the control of the router. FIG. 4 is a diagram illustrating an example of information stored in the router management table. As illustrated in FIG. 4, the router management table 32a stores “router name” and “subordinate VM” in association with each other. The “router name” stored here is information for identifying a router, and the “subordinate VM” is information for identifying a VM under the control of each router.

  For example, referring to an example of FIG. 4, in the router management table 32a, the VMs subordinate to “Router 4” are “VM (A)” and “VM (B)”, and “Router 14” It is remembered that the subordinate VMs are “VM (C)” and “VM (D)”. Here, it is assumed that the router 4 and the router 14 are in the same group, and the management information and the like are synchronized between the router 4 and the router 14 as will be described in detail later. Further, it is assumed that the router 4 and the router 14 are set in the same group in advance by an address setting unit 33c described later.

  The VM management table 32b is a table that stores the IP address of the VM and the IP address of the default GW of the VM. FIG. 5 is a diagram illustrating an example of information stored in the VM management table. As illustrated in FIG. 5, the VM management table 32 b stores “VM name”, “VM IP address”, and “default GW IP address” in association with each other. The “VM name” stored here is information for identifying each VM, the “VM IP address” is an IP address set for each VM, and the “default GW IP address” is each VM. Is the IP address of the default GW set to

  For example, referring to an example of FIG. 5, in the VM management table 32b, the IP address of the default GW of “VM (A)” having “IP (A)” as the IP address is “IP (10)”. I remember that.

  The control unit 33 is an electronic circuit such as a processor, and includes a request reception unit 33a, a migration execution unit 33b, and an address setting unit 33c. That is, each processing unit is a process executed by a processor or the like, an electronic circuit included in the processor, or the like. When the cloud controller 30 is a virtual machine, the control unit 33 is a processing unit that is assigned to the cloud controller 30 and executed by the processor of the physical server.

  The request reception unit 33 a is a processing unit that receives a VM migration instruction received from the user terminal 10 by the Web server 50. For example, the request reception unit 34 receives an instruction to migrate the VM (B) at the site 1 to the site 11 and outputs the received information to the migration execution unit 33b. The request accepting unit 33a, as a migration instruction from the Web server 50, for example, “movement source” (for example, “Sapporo”) which is information indicating the movement source, and “movement destination” (for example, information indicating the movement destination). “Fukuoka”), “service to be moved” indicating the service or VM to be moved is received.

  The migration execution unit 33b executes VM migration in response to the migration execution request received from the Web server 50. Specifically, the migration execution unit 33b migrates the migration target VM from the data center of the migration source site to the data center of the migration destination site.

  For example, when the migration execution unit 33b receives a migration execution request from the Web server 50, the migration source is “Sapporo”, the movement destination is “Fukuoka”, and the movement target is “VM (B)”, the cloud controller 30 executes a process of migrating the VM (B) operating in the data center 2 of the base (Sapporo) 1 into the data center 12 of the base (Fukuoka) 11 of the business trip destination.

  After the migration is executed by the migration executing unit 33b, the address setting unit 33c relays the migrated VM to the network device at the destination base among the routers in which the same address is set in the same network segment. Set as the target VM.

  Specifically, after the migration executed by the migration execution unit 33b is completed, the address setting unit 33c sends an instruction to change the registered router of the MAC address of the moved VM to the router installed at the source base. Notify the router installed at the destination site.

  For example, the address setting unit 33c migrates the VM (B) whose IP address of the default GW is “IP (10)” from the data center 2 to the data center 12 by specifically explaining using the example of FIG. In this case, the registered router for the MAC address of the moved VM is changed from the router 4 in the data center 2 to the router 14 in the data center 12. In this case, the address setting unit 33c notifies the router 14 of an instruction to add VM (B) as a relay target, and instructs the router 4 to delete VM (B) as a relay target. Notice.

(Router configuration)
Next, the configuration of the router 4 and the router 14 shown in FIG. 1 will be described. Since the router 4 and the router 14 have the same configuration, the router 14 will be described as an example here. Here, an example in which the router 14 is a physical device will be described. However, even when the router 14 is realized by a VM, a similar function is executed using physical resources.

  FIG. 6 is a functional block diagram showing the functional configuration of the router. As illustrated in FIG. 6, the router 14 includes a communication control unit 141, a storage unit 142, and a control unit 143.

  The communication control unit 141 includes interfaces 14a and 14b, and is a processing unit that controls communication of other devices. For example, the communication control unit 141 relays communication from the external device to the VM (C), communication from the VM (C) to the external device, and the like. Note that an IP address “IP (14a)” is set in the interface 14a, and an IP address “IP (10)” is set in the interface 14b.

  The storage unit 142 is a storage device such as a memory or a hard disk, and holds a priority table 142a, a management target table 142b, a synchronization information table 142c, and a routing table 142d. When the router 14 is a virtual machine, the storage unit 142 corresponds to a memory of a physical server, a predetermined area of a hard disk, or the like assigned to the router 14.

  The priority table 142a is a table that stores the priorities set in the own router in routers operating in the same network segment and set with the same IP address. For example, the priority table 142a stores priority “5” or the like. The priority stored here is set by an administrator or the like.

  The management target table 142b is a table that stores information on VMs to which the router 14 relays communication. FIG. 7 is a diagram illustrating an example of information stored in the management target table. As illustrated in FIG. 7, the management target table 142b stores “item number”, “VM name”, and “MAC (Media Access Control) address” in association with each other. The “item number” stored here is an identifier for identifying a record, “VM name” is information for identifying a VM to be relayed, and “MAC address” is the MAC address of the VM to be relayed. is there. An IP address may be used instead of the MAC address.

  In the case of FIG. 7, it is indicated that the router 14 has a VM (C) having “MAC (C)” as a MAC address and a VM (D) having “MAC (D)” as a MAC address as relay targets. Yes. The information stored here is set by the administrator.

  The synchronization information table 142c is a table that stores information acquired from routers that operate in the same network segment and have the same IP address. FIG. 8 is a diagram illustrating an example of information stored in the synchronization information table. As illustrated in FIG. 8, the synchronization information table 142c stores “acquisition destination router, priority, management target” in association with each other.

  The “acquisition destination router” stored here is information for identifying the synchronization target router, and the “priority” is the priority set for the synchronization target router acquired from the synchronization target router. “Managed object” is information on VMs to be relayed by the synchronization target router acquired from the synchronization target router.

  The example of FIG. 8 is information acquired from the router 4, the priority “10” is set in the router 4, and the relay target of the router 4 is the VM (A) with the MAC address “MAC (A)”. And the VM (B) of the MAC address “MAC (B)”.

  The routing table 142d is a table that stores a relay route for relaying data, that is, routing information. Specifically, the routing table 142d stores a path between VMs, a path to each VM and an external network, and the like.

  The control unit 143 is an electronic circuit such as a processor, and includes a management information reception unit 144, a conflict detection suppression unit 145, an ARP response unit 146, a synchronization execution unit 147, and a relay processing unit 148. That is, each processing unit is a process executed by a processor or the like, an electronic circuit included in the processor, or the like. When the router 14 is a virtual machine, the control unit 143 is a processing unit that is assigned to the router 14 and executed by the processor of the physical server.

  The management information receiving unit 144 is a processing unit that receives setting information from the cloud controller 30. For example, the management information receiving unit 144 receives priority settings from the cloud controller 30 and stores them in the priority table 142a. In addition, the management information receiving unit 144 receives information on the VM to be relayed from the cloud controller 30 and stores it in the management target table 142b.

  In addition, when the VM migration is performed, the management information reception unit 144 receives an instruction to add a relay target VM or an instruction to delete a relay target VM from the cloud controller 30. When this instruction is received, the management information receiving unit 144 adds or deletes the information of the relay target VM to the information stored in the management target table 142b.

  The conflict detection suppression unit 145 is a processing unit that suppresses error notification and allows setting of the same address when the same IP address as the IP address set in the own router is detected in the same network segment. .

  For example, it is assumed that the IP address “IP (10)” is set to the interface 14 b of the own router 14 in a state where the IP address “IP (10)” is set to the interface 4 b of the router 4. In this case, when both the router 4 and the router 14 are activated, the conflict detection inhibiting unit 145 detects an IP address conflict. However, the conflict detection suppression unit 145 suppresses error notification even when IP conflict is detected. As a result, IP address duplication is allowed in the router 4 and the own router 14, that is, in the same network segment. Therefore, a state where the same IP address “IP (10)” is set to the interface 4b of the router 4 and the interface 14b of the router 14 is allowed.

  The ARP response unit 146 is a processing unit that responds an ARP response to a VM to be managed when an ARP (Address Resolution Protocol) request is received from the VM. Specifically, the ARP response unit 146 responds with the MAC address of the router 14 to the ARP request including the MAC address stored in the management target table 142b as the source MAC address in the received ARP request. To do.

  For example, it is assumed that the ARP response unit 146 makes an ARP request from the VM (C). In this case, the ARP response unit 146 extracts the VM (C) MAC address “MAC (C)” from the ARP request. Then, the ARP response unit 146 refers to the management target table 142b, and the extracted MAC address “MAC (C)” is registered in the table, so that the transmission source is determined to be a relay target VM. As a result, the ARP response unit 146 returns the MAC address “MAC (14)” of the own router to the VM (C) that is the transmission source of the received ARP request.

  On the other hand, it is assumed that the ARP response unit 146 makes an ARP request from the VM (B). In this case, the ARP response unit 146 extracts the VM (B) MAC address “MAC (B)” from the ARP request. Then, the ARP response unit 146 refers to the management target table 142b and determines that the transmission source is a VM that is not a relay target because the extracted MAC address “MAC (B)” is not registered in the table. As a result, the ARP response unit 146 suppresses a response to the received ARP request.

  The synchronization execution unit 147 is a processing unit that synchronizes priority and management information with routers existing in the same network segment at predetermined intervals. Specifically, the synchronization execution unit 147 executes synchronization processing with routers belonging to the same group in the same network segment.

  For example, when the synchronization execution timing is reached, the synchronization execution unit 147 extracts the priority stored in the priority table 142a and the relay target router information stored in the management target table 142b, and transmits them to the router 4. . In addition, when the synchronization execution unit 147 receives the priority and relay target router information from the router 4, the synchronization execution unit 147 stores the priority in the synchronization information table 142c. The synchronization timing can be arbitrarily set such as every hour or when the setting is changed.

  The relay processing unit 148 is a processing unit that relays received data to a destination. Specifically, the relay processing unit 148, based on the information stored in the routing table 142d, receives a packet destined for the relay target VM or a packet whose source is the relay target VM. , NAT (Network Address Translation) conversion or the like is performed, and the packet is transmitted to the destination.

(Concrete example)
Next, as the user of the user terminal 10 travels from the base (Sapporo) 1 to the base (Fukuoka) 11, the VM (B) used by the user is migrated to the data center 12 for the sake of convenience. In this case, an example in which the router changes the relay target will be described.

  FIG. 9 is a diagram illustrating a specific example in which the relay target is changed after VM migration. As shown in FIG. 9, the user terminal 10 accesses the Web server 50, registers information on a business trip destination using a Web screen or the like, and requests a movement of a service or the like (S101). FIG. 10 shows an example of a screen for registering business trip information. When the Web server 50 receives an access from the user terminal 10, the Web server 50 responds to the user terminal 10 with a screen illustrated in FIG.

  The screen shown in FIG. 10 is a screen for inputting “user ID, movement source, movement destination, movement target”. “User ID” is an identifier of a user who makes a business trip. “Movement source” is information indicating a business trip source, “Movement destination” is information indicating a business trip destination, and “Movement target” is information specifying a service or server used in the business trip destination. The “movement source”, “movement destination”, and “movement object” can be easily selected from a pull-down menu, for example.

  Here, as shown in FIG. 10, the Web server 50 has received input of the user ID “U001”, the movement source “Sapporo”, the movement destination “Fukuoka”, and the movement target “Web server (VM (B))”. Shall.

  Subsequently, the cloud controller 30 acquires the migration content from the Web server 50, and converts the VM (B) operating in the data center 2 of the base (Sapporo) 1 based on the acquired migration content to the base of the business trip destination (Fukuoka). ) 11 is migrated into the data center 12 (S102). Further, the user terminal 10 moves from the base (Sapporo) 1 to the base (Fukuoka) 11 (S103).

  When the migration of the VM (B) is completed, the cloud controller 30 sends an instruction to change the registered router of the MAC address of the moved VM to the router 4 installed at the source site 1 and the destination site 11. (S104). Specifically, the cloud controller 30 notifies the router 4 installed at the movement source base 1 of an instruction to delete the VM (B) as a relay target, and is installed at the movement destination base 11. The router 14 is notified of an instruction to add VM (B) as a relay target.

  The routers 4 and 14 that have received the instruction from the cloud controller 30 update the management target table 142b according to the instruction. FIG. 11 is a diagram illustrating an example of updating the management target table. As illustrated in FIG. 11, the cloud controller 30 adds “item number (3), VM name (VM (B)), MAC address (MAC (B))” to the management target table 142 b of the router 14. At this time, the cloud controller 30 deletes the information regarding the migration candidate VM (B) from the management target table of the router 4 installed in the data center 2 of the migration source.

  When the migration is completed, the migrated VM (B) transmits an ARP request to the IP address “IP (10)” of the default gateway, and updates the ARP table (S105).

  Specifically, the VM (B) transmits an ARP request to the IP address “IP (10)” of the default gateway. FIG. 12 is a diagram illustrating an example of the ARP request. As illustrated in FIG. 12, the VM (B) transmits an ARP request including a “destination IP address (IP (10))” indicating a destination and a “own MAC address (MAC (B))” indicating a transmission source. To do.

  Subsequently, the router 4 and the router 14 receive the ARP request from the VM (B). Here, the router 4 suppresses the ARP response since the MAC address “MAC (B)” of the VM (B) is deleted from the management target table.

  On the other hand, the router 14 executes the ARP response because the VM (B) MAC address “MAC (B)” is added to the management target table 142 b. FIG. 13 is a diagram illustrating an example of the ARP response. As illustrated in FIG. 13, the router 14 sends a “source IP address (IP (10))” indicating the source and a “destination MAC address” indicating the destination to the VM (B) that is the source of the ARP request. (MAC (B)) ”and an“ ARP response including “own MAC address (MAC (14))” indicating the transmission source.

  The VM (B) that has received this ARP response updates the ARP table. FIG. 14 is a diagram illustrating an example of updating the ARP table. Specifically, the VM (B) specifies that the MAC address of the device having the IP address “IP (10)” is “MAC (14)” by the ARP response. As a result, as shown in FIG. 14, the VM (B) updates the MAC address “MAC (4)” stored in association with the IP address “IP (10)” to “MAC (14)”. . Note that “Type” illustrated in FIG. 14 is information indicating the types of entries that can be stored.

  As described above, the VM (B) updates the ARP table, whereby the default gateway of the VM (B) is changed from the router 4 of the data center 2 to the router 14 of the data center 12. Therefore, communication from the VM (B) to the user terminal 10 is executed via the router 14.

  FIG. 15 is a diagram illustrating an example in which the route after migration is changed. FIG. 15 illustrates an example in which the user terminal 10 accesses the VM (B) from the business trip destination base (Fukuoka) 11 after the migration of the VM (B) and the update of the ARP table are completed.

  As shown in FIG. 15, when the default gateway of VM (B) is not changed to the router 14 and remains as the router 4 as in the prior art, the user terminal 10 sends a response from the VM (B) to the OVS 15 , Received via the route 51 via the virtual L2 network 21, the OVS 5, the router 4, and the CE router 3.

  On the other hand, when the default gateway of the VM (B) is changed to the migration destination router 14 according to the above embodiment, the user terminal 10 sends the OVS 15, the router 14, and the CE router 13 for the response from the VM (B). Is received by the route 52 via.

(Process flow by cloud controller)
FIG. 16 is a flowchart showing a flow of IP address setting processing in the cloud controller according to the first embodiment. As illustrated in FIG. 16, when the request reception unit 33a of the cloud controller 30 receives a migration execution request from the Web server 50 (step S201: Yes), the migration execution unit 33b responds to the migration execution request received from the Web server 50. Then, VM migration is executed (step S202). Specifically, the migration execution unit 33b migrates the migration target VM from the data center of the migration source site to the data center of the migration destination site.

  Then, the address setting unit 33c determines whether or not the migration executed by the migration execution unit 33b has been completed (step S203). As a result, when it is determined that the migration has not been completed (step S203: No), the address setting unit 33c repeats the process of step S203.

  On the other hand, if the address setting unit 33c determines that the migration is complete (step S203: Yes), after the migration executed by the migration execution unit 33b is completed, the registered router for the MAC address of the migrated VM is displayed. Change (step S204).

  For example, the address setting unit 33c migrates the VM (B) whose IP address of the default GW is “IP (10)” from the data center 2 to the data center 12 by specifically explaining using the example of FIG. In this case, the registered router for the MAC address of the moved VM is changed from the router 4 in the data center 2 to the router 14 in the data center 12. In this case, the address setting unit 33c notifies the router 14 of an instruction to add VM (B) as a relay target, and instructs the router 4 to delete VM (B) as a relay target. Notice.

(Processing flow by the router)
FIG. 17 is a flowchart showing a flow of ARP response processing executed by the router according to the first embodiment. Here, the router 14 will be described as an example. Further, as a pre-stage of this process, it is assumed that information setting in the priority table 142a and information setting in the management target table 142b are completed for the router 14 and the router 4. That is, it is assumed that the same IP address is set in the same network segment.

  As shown in FIG. 17, the conflict detection suppression unit 145 of the router 14 detects the setting of the conflicting IP address when the router 14 for which various settings are completed is activated (step S301: Yes) (step S302). Subsequently, the conflict detection suppression unit 145 detects a conflicting IP address, but suppresses error notification (step S303).

  Thereafter, when receiving the ARP request from the VM (step S304: Yes), the ARP response unit 146 extracts the MAC address of the transmission source from the ARP request (step S305). Subsequently, the ARP response unit 146 determines whether or not the extracted MAC address of the transmission source is registered in the management target table 142b (step S306).

  Then, when the extracted MAC address of the transmission source is registered in the management target table 142b, that is, when the VM of the transmission source of the ARP request is a management target (step S306: Yes), the ARP response unit 146 transmits An ARP response is transmitted to the original VM (step S307).

  On the other hand, when the extracted MAC address of the transmission source is not registered in the management target table 142b, that is, when the VM of the transmission source of the ARP request is not a management target (step S306: No), the ARP response unit 146 The ARP response to the transmission source VM is suppressed (step S308).

(effect)
As described above, when the cloud controller 30 changes the setting of the default GW when performing migration, the access destination router can be switched while the VM retains the same IP address and the same default GW.

  In addition, IP addresses can be set redundantly in the same network segment, and a router near the VM can be set as a default gateway. For this reason, as shown in FIG. 15, communication from the VM to the user terminal can be executed by the shortest path, so that the communication delay can be reduced.

  In addition, since the user can perform communication from the VM to the user terminal through the shortest path without performing specialized work such as setting change, the communication delay is reduced while reducing the increase in the load on the user. be able to.

  In addition, since the communication delay can be reduced after the VM migration, the communication delay can be suppressed even if the VM migration is frequently performed, and the maintenance of the virtual environment and the physical server can be easily performed. Reliability is improved. Furthermore, the versatility of system construction using a virtual machine is improved.

[Second Embodiment]
Next, processing when a VM that is not registered in any router is detected, such as when a new VM starts operating in any data center, will be described. In the second embodiment, in order to recognize that a newly detected VM is an unconfirmed VM in any router, a synchronization process between routers and an ARP process when an unconfirmed VM is detected will be described. . Note that the second embodiment will be described using the router 14 as an example.

(Synchronous processing)
FIG. 18 is a flowchart illustrating a flow of synchronization processing between routers according to the second embodiment. As shown in FIG. 18, when the synchronization execution unit 147 of the router 14 reaches the synchronization timing (step S401: Yes), the priority set in the router and the management target are transmitted to another router (step S402). .

  For example, the synchronization execution unit 147 transmits the priority read from the priority table 142a and the router information read from the management target table 142b to the router 4 in which the same IP address as that of the own router 14 is set in the same network segment. To do.

  Thereafter, when the synchronization execution unit 147 receives synchronization information from another router (step S403: Yes), the synchronization execution unit 147 stores the synchronization information in the synchronization information table 142c (step S404).

  For example, when receiving the priority and the management target from the router 4 in which the same IP address as that of the own router 14 is set in the same network segment, the synchronization execution unit 147 associates the received information with the synchronization information table 142c. Store.

(ARP processing)
FIG. 19 is a flowchart showing the flow of the ARP processing according to the second embodiment. As shown in FIG. 19, when receiving the ARP request (step S501: Yes), the ARP response unit 146 of the router 14 extracts the source MAC address from the received ARP request (step S502).

  Subsequently, when the extracted MAC address is a management target, that is, when the extracted MAC address is registered in the management target table 142b (step S503: Yes), the ARP response unit 146 determines the MAC address of the router 14 itself. An ARP response including the address is transmitted to the ARP request source (step S504).

  On the other hand, when it is determined that the extracted MAC address is not registered in the management target table 142b (step S503: No), the ARP response unit 146 determines whether or not the extracted MAC address is registered in the synchronization information table 142c. Is determined (step S505).

  Then, when the extracted MAC address is registered in the synchronization information table 142c (step S505: Yes), the ARP response unit 146 suppresses the ARP response to the ARP request source (step S506). That is, the ARP response unit 146 suppresses the ARP response when the MAC address included in the ARP request is a management target of another router.

  In addition, when the extracted MAC address is not registered in the synchronization information table 142c (step S505: No), the ARP response unit 146 determines whether the priority of the own router 14 is the highest (S507).

  That is, when the extracted MAC address is an unconfirmed VM that is not registered in the own router or another router, the ARP response unit 146 reads the priority set from the priority table 142a, and the synchronization information table 142c. To read the priority set in each other router. Then, the ARP response unit 146 determines whether or not the priority set in the own router 14 is the highest. For example, the ARP response unit 146 determines whether or not the priority set in the own router 14 is the highest value.

  If the ARP response unit 146 determines that the priority set in the own router 14 is the highest (step S507: Yes), the ARP response unit 146 transmits an ARP response including the MAC address of the own router 14 to the ARP request source ( Step S508).

  On the other hand, when the ARP response unit 146 determines that there is a router with a priority higher than the priority set in the own router 14 (step S507: No), the ARP response unit 146 suppresses the ARP response to the ARP request source. (Step S506).

(effect)
In this way, when an ARP request is received from a VM that has not been registered to any router, the router with the highest priority sends an ARP response, so even if a new VM operates, the default gateway is automatically set. This VM can be set. As a result, even when a new VM operates, communication delay related to the VM can be suppressed.

[Third Embodiment]
Although the embodiments of the present invention have been described so far, the present invention may be implemented in various different forms other than the above-described embodiments. Therefore, different embodiments will be described below.

(Number of routers)
For example, in the above embodiment, the case where there are two routers in which the same IP address is set in the same network segment has been described. However, the present invention is not limited to this, and there are three or more routers. Also good.

  In addition, routers can be grouped to limit synchronization targets. When grouping is performed, the second embodiment and the third embodiment may be executed between the grouped routers. By doing so, it also leads to traffic suppression. The number of bases and the number of data centers are not limited to those shown in the figure.

(VM)
In the above embodiment, the example in which the management target of each router is a VM has been described. However, the present invention is not limited to this. For example, even a physical server can perform the same processing. When the VM IP address is registered in the management target table 142b, in the above-described process, the source IP address is extracted from the ARP request transmitted by the VM, and the same process is executed.

(Life and death monitoring)
In addition, when other routers are monitored for life and death and other routers are stopped due to a failure, etc., the highest priority router among the remaining routers is connected to the relay target registered by the stopped router. You may make it respond.

(Router)
The router 4 and the router 14 in the above embodiment perform NAT conversion, routing, and the like to relay communication. For example, when a global IP address is set for the interface 4a and a private IP address is set for the interface 4b, the router 4 uses a general NAT translation to convert the global IP address to a private IP address or The conversion from the IP address to the global IP address is executed to relay the communication. Each router holds a routing table, sets route information statically or dynamically in the routing table, and relays communication based on the route information stored in the routing table.

(Network configuration)
In the above embodiment, the example in which the user terminal 10 and each CE router are connected via the Internet has been described. However, the present invention is not limited to this. For example, in addition to the Internet, a VPN (Virtual Private Network), a wide area Ethernet, a modem, or a dedicated line can be used for connection between the user terminal 10 and each CE router.

  For example, in a network in which the user cannot control the route advertised from the base in real time, when the user terminal 10 accesses the VM (B) on a business trip, whether to access via Sapporo or Fukuoka, It is necessary to allocate a global IP address for accessing the VM (B) to the base in Fukuoka, and the user terminal 10 switches the global IP address to access. As an example of such a network, for example, there is the Internet or an IP-VPN that has to apply for an address of a route to be advertised to a network operator.

  In a network in which the user can control the route advertised from the base in real time, when the user terminal 10 accesses the VM (B) on a business trip, the user terminal 10 accesses via the Sapporo router 4 or the Fukuoka router 14. It can be changed depending on the route advertised by the user. As an example of such a network, there are, for example, an IP-VPN service in which address information of a route to be advertised is not limited, an Ethernet-VPN in which a user constructs an IP layer, an Internet VPN, and the like.

(System configuration etc.)
Each component of each illustrated device is functionally conceptual, and does not necessarily need to be the same as the physically illustrated component. In other words, the specific form of distribution / integration of each device is not limited to that shown in the figure, and all or a part thereof may be functionally or physically distributed or arbitrarily distributed in arbitrary units according to various loads or usage conditions. Can be integrated and configured.

  In addition, among the processes described in the present embodiment, all or a part of the processes described as being automatically performed can be manually performed. Further, all or any part of each processing function performed in each device may be realized by a CPU and a program analyzed and executed by the CPU, or may be realized as hardware by wired logic.

(program)
In addition, it is possible to create a management program in which processing executed by the cloud controller according to the above-described embodiment is described in a language that can be executed by a computer. In this case, when the computer executes the management program, the same effect as in the above embodiment can be obtained. Further, the management program may be recorded on a computer-readable recording medium, and the management program recorded on the recording medium may be read into the computer and executed to execute the same processing as in the above embodiment. Each process executed by the management program may be executed by operating on a virtual machine.

  FIG. 20 is a diagram illustrating a computer that executes a management program. As illustrated in FIG. 20, the computer 1000 includes, for example, a memory 1010, a CPU 1020, a hard disk drive interface 1030, a disk drive interface 1040, a serial port interface 1050, a video adapter 1060, and a network interface 1070. These units are connected by a bus 1080.

  The memory 1010 includes a ROM (Read Only Memory) 1011 and a RAM 1012. The ROM 1011 stores a boot program such as BIOS (Basic Input Output System). The hard disk drive interface 1030 is connected to the hard disk drive 1090. The disk drive interface 1040 is connected to the disk drive 1100. A removable storage medium such as a magnetic disk or an optical disk is inserted into the disk drive 1100, for example. For example, a mouse 1110 and a keyboard 1120 are connected to the serial port interface 1050. For example, a display 1130 is connected to the video adapter 1060.

  Here, as shown in FIG. 20, the hard disk drive 1090 stores, for example, an OS 1091, an application program 1092, a program module 1093, and program data 1094. Each table described in the above embodiment is stored in the hard disk drive 1090 or the memory 1010, for example.

  Further, the management program is stored in, for example, the hard disk drive 1090 as a program module in which a command to be executed by the computer 1000 is described. Specifically, a request reception procedure for executing the same information processing as the request reception unit 33a described in the above embodiment, a migration execution procedure for executing the same information processing as the migration execution unit 33b, and an address setting unit 33c A program module describing an address setting procedure for executing similar information processing is stored in the hard disk drive 1090.

  Further, data used for information processing by the management program is stored in the hard disk drive 1090 as program data, for example. Then, the CPU 1020 reads out the program module 1093 and the program data 1094 stored in the hard disk drive 1090 to the RAM 1012 as necessary, and executes the above-described procedures.

  The program module 1093 and the program data 1094 related to the management program are not limited to being stored in the hard disk drive 1090. For example, the program module 1093 and the program data 1094 are stored in a removable storage medium and read by the CPU 1020 via the disk drive 1100 or the like. May be. Alternatively, the program module 1093 and the program data 1094 related to the management program are stored in another computer connected via a network such as a LAN (Local Area Network) or a WAN (Wide Area Network), and are transmitted via the network interface 1070. It may be read by the CPU 1020.

  In addition, for example, when causing a general cloud controller to execute the same function as in the above embodiment, the above procedure is described by describing the above procedure in a program executable by the cloud controller and causing the cloud controller to execute the procedure. A similar function can be executed. That is, the processor of the cloud controller can execute the same process by developing the program in which the above procedure is described in the memory and executing the program. In addition, when the L3 switch or the like is executed, the same processing can be executed by mounting an LSI having a circuit that performs the same function as that of the above embodiment on the L3 switch.

1 base (Sapporo)
2, 12 Data center 3, 13 CE router 4, 14 Router 5, 15 OVS
11 bases (Fukuoka)
20 network 21 virtual L2 network 22 network segment 30 cloud controller 31 communication control unit 32 storage unit 32a router management table 33 control unit 33a request reception unit 33b migration execution unit 33c address setting unit

Claims (7)

A first network device installed at a first base, a second network device installed at a second base, and a virtual machine that relays communication between the first network device or the second network device A communication system in which the same IP (Internet Protocol) address is set in the same network segment.
The management device is
A migration execution unit for migrating a virtual machine operating at the first base to the second base;
After migration is executed by the migration execution unit, the migrated virtual machine is relayed to the network device at the second base among the network devices in which the same IP address is set in the same network segment. A setting unit to set as a target virtual machine;
Have
The network device is
A storage unit for storing address information of the virtual machine to be relayed;
A receiving unit that receives an address request for inquiring a MAC (Media Access Control) address of the network device from the virtual machine;
A response that responds to the MAC address of the network device to the transmission source virtual machine when the address information of the transmission source included in the address request received by the reception unit is stored in the storage unit And
A communication system comprising:   The setting unit deletes the address information of the migrated virtual machine from the virtual machine address information stored in the storage unit of the network device in the first base, and stores it in the storage unit of the network device in the first base. The communication system according to claim 1, wherein address information of the migrated virtual machine is added.   A deterrence executing unit that suppresses abnormal processing due to contention of the IP address when the network device detects another network device in which the same IP address as the network device is set in the same network segment; The communication system according to claim 1, further comprising: The setting unit sets a group for each of a plurality of network devices,
The network device is
A synchronization execution unit that acquires synchronization information including address information and priority of a virtual machine to be relayed by the other network device from another network device belonging to the same group;
A network device having a high priority when an unconfirmed virtual machine having synchronization information acquired by the synchronization execution unit and address information not included in any of the storage units is connected in the same network segment And a specific part for specifying
The response unit responds with the MAC address of the network device to the address request transmitted from the unconfirmed virtual machine when the specifying unit specifies that the priority is high. The communication system according to any one of claims 1 to 3. A migration execution unit for migrating a virtual machine operating at the first site to the second site;
After migration is executed by the migration execution unit, the migrated virtual machine is relayed to the network device at the second base among the network devices in which the same IP address is set in the same network segment. A setting unit to be set as a target virtual machine;
A management apparatus comprising: A management method executed by the management device,
A migration execution step of migrating a virtual machine operating at the first site to the second site;
After migration is executed in the migration execution step, the migrated virtual machine is relayed to the network device at the second base among the network devices in which the same IP address is set in the same network segment. A setting process for setting as a target virtual machine;
A management method characterized by including A migration execution step of migrating a virtual machine operating at the first site to the second site;
After migration is executed in the migration execution step, the migrated virtual machine is relayed to the network device at the second base among the network devices in which the same IP address is set in the same network segment. A setting step for setting as a target virtual machine;
A management program for causing a computer to execute.

Images