JP2017069657A - Communication system or communication apparatus - Google Patents

Abstract

PROBLEM TO BE SOLVED: To solve the following problem: When L3 repeating is executed between virtual L2 networks under an environment where a plurality of virtual L2 networks such as VXLAN exist, communication delay time increases or the number of entries stored in an edge device increases.SOLUTION: An edge device executes address resolution through ARP or NDP for a virtual L2 network not belonging to an own network and receives its response, thereby learning a MAC address of the virtual L2 network not belonging to the own network.SELECTED DRAWING: Figure 1

Description

  The present invention relates to a communication system or a communication apparatus. In particular, the present invention relates to a communication system or a communication apparatus that relays a packet in accordance with a VXLAN (Virtual Extensible Local Area Network) protocol.

  Patent Document 1 discloses a first NW 101 that performs packet transfer of VPN in order to enable communication between a base network connected to a core network by Layer 3 VPN and a base network connected by Layer 2 VPN, The second NW 102 connected to the NW 101 at layer 3 and the third NW 103 connected to the first NW 101 at layer 2 constitute a VPN, and packets are sent from the second NW 102 to the destination of the third NW 103 Are sent using layer 3 packet transfer processing, using the destination information and the information of the network device PE1 111 belonging to the first NW 101 that connects the third NW 103 serving as a relay point to the destination. Is stored in the destination information of the packet and transferred.

  In VXLAN shown in Non-Patent Document 1, a virtual Layer-2 (L2) network that is not tied to a physical location is constructed by constructing an overlay network on a Layer-3 (L3) network (first) Chapters 3-5, Chapter 4, 1st paragraph).

  Non-Patent Document 2 discloses that a VXLAN header is added before a frame according to an arbitrary protocol to be transmitted / received so that other protocols and VXLAN are compatible and expandable (Chapter 1). First paragraph).

  When one user or one group uses a plurality of virtual L2 networks, it is necessary to connect the virtual L2 networks by L3 (Layer-3) relay in order to communicate between devices belonging to each virtual L2 network. There is. Non-Patent Document 3 discloses that a transfer destination is specified by exchanging information indicating correspondence between an IP address of a destination node and a VXLAN edge device to which the node is connected using BGP (5). Section 4).

JP2013-9049A

RFC 8348 Virtual extensible Local Area Network (VXLAN): A Framework for Overlaying Virtualized Layer 2 Networks over Layer 3 Network Generic Protocol Extension for VXLAN draft-quinn-vxlan-gpe-04 Integrated Routing and Bridging in EVP draft-ietf-bess-evpn-inter-subnet-forwarding-00

  When a large number of nodes participate in a virtual L2 network based on VXLAN, the number of nodes that need to be learned by each edge device that performs VXLAN encapsulation increases, and an expensive device that can learn a large number of entries becomes necessary. In addition, when a broadcast packet flows in the virtual L2 network, there is an increase in the number of nodes and edge devices that need to be relayed, increasing the amount of traffic flowing in the network and increasing the load on the device. Therefore, it is assumed that a user (tenant) who uses a large number of nodes uses a plurality of virtual L2 networks and reduces the number of nodes learned by each edge device. However, when performing the operation as described above, when trying to connect nodes belonging to different virtual L2 networks by L3 relay, the edge device of VXLAN knows the edge device connected to the destination node. Can not. On the other hand, the technology disclosed in Non-Patent Document 3 cannot reduce the information learned by each edge device.

  The above problem is that each edge device belongs to all the virtual L2 networks that mutually perform L3 relay (relay processing according to the layer 3 protocol (IP) defined by OSI), and in the virtual L2 network of the relay destination When the node information is learned, the number of nodes learned by each edge device increases. Also, the amount of traffic due to broadcasting does not decrease.

  In addition, when a router belonging to a virtual L2 network that performs L3 relay with each other is installed, the router always passes through the router regardless of the position of the node that performs communication by L3 relay, and the transfer delay increases.

The present invention solves at least one of the above problems by the following modes.
For example, in one aspect of the present invention, a first relay device belonging to a first virtual network and a second relay device belonging to a second virtual network are provided, the first virtual network and the second virtual network. Are connected via a third virtual network, and the first relay device associates the IP address (destination IP address) of the communication device that is the destination of the packet with the network identifier (destination VNI) that identifies the destination network. In addition, when a packet addressed to the second communication device belonging to the second virtual network is received from the first communication device belonging to the first virtual network, the transfer information is referred to and stored in advance in the transfer information (forwarding table). The destination VNI corresponding to the destination IP address of the received packet is identified, and the identified destination VNI and the first communication device of the transmission source The received packet is encapsulated using the MAC address, the encapsulated packet is transmitted to the third virtual network, and the second relay device receives the packet addressed to the second communication device from the third virtual network. Then, the MAC address of the first communication device included in the received packet is held, the received packet is decapsulated, and the MAC address of the first communication device included in the decapsulated packet is set to the MAC of the second relay device. A communication system that updates an address and transmits the updated packet to the second communication device.

  According to one aspect of the present invention, L3 relay is performed between edge devices without passing through another router device, so that a transfer delay can be reduced.

Network system configuration diagram Network system sequence diagram Packet structure diagram of extended VXLAN packet and user packet Functional configuration diagram of edge device Illustration of interface information table Illustration of VNI group table Explanation of the forwarding table Illustration of terminal information table Illustration of MAC learning table Flow chart showing operation of edge device when receiving packet Flowchart of processing for decapsulating VXLAN Flowchart of processing for relaying received packets Flowchart of processing for relaying received packet to L3 Continuation of the flowchart of FIG. Explanatory diagram of packet flow when a node moves FIG. 15 is a sequence diagram for explaining the operation of each device in FIG. Contents of user packet and extended VXLAN packet

  Embodiments of a network system and an edge device will be described below with reference to the drawings.

FIG. 1 is an explanatory diagram illustrating a configuration of a network system as an example of an embodiment. This network system includes a WAN (Wide Area Network) 500 connecting the edge devices and virtual L2 networks 101A and 101B. The virtual L2 networks 101A and 101B belong to the VNI group 1, and each is a virtual network for each base, for example, a separate VLAN (Virtual Local Area Network). Between virtual L2 networks that are different in the same VNI group, L3 connection (communication according to the layer 3 protocol) in VXLAN is performed. The edge device is a gateway in each virtual L2 network, and L3 connection in VXLAN is established between the edge devices that are gateways.
The network address and prefix length of the virtual L2 network 101A are IP address / prefix length 101A, and the network address and prefix length of the virtual L2 network 101B are IP address / prefix length 101B.

  To the virtual L2 network 101A, an edge device 300A that is a relay device, and a communication device that is a node 102A connected to the edge device 300A via the physical network 100A belong. The virtual L2 network 101B belongs to edge devices 300B and 200C, which are relay devices, and a communication device, which is a node 102B connected to the edge device 300B via the physical network 100B. The node 102B is also connected to a node 102C belonging to an L2 network different from the virtual L2 network 101B.

  MAC addresses and IP addresses are assigned in advance to edge devices and nodes. The interface through which the edge device 300A is connected to the WAN 500 has MAC 300A as a MAC address and IP 300A as an IP address. Similarly, MAC 300B is assigned as the MAC address and IP 300B is assigned as the IP address to the interface where the edge device 300B is connected to the WAN 500, and MAC 300C is assigned as the MAC address and IP 300C is assigned as the IP address to the interface where the edge device 300C is connected to the WAN 500. The node 102A is assigned MAC 102A as the MAC address and IP 102A as the IP address, and the node 102B is assigned MAC 102B as the MAC address and IP 102B as the IP address. Node 102C is assigned MAC 102C as the MAC address and IP 102C as the IP address. MAC1 and IP1 are assigned to the interface of the edge device 300A connected to the virtual L2 network 101A, and MAC2 and IP2 are assigned to the interface of the edge device 300B and the edge device 300C connected to the virtual L2 network 101B.

  Next, the process flow will be described. A user packet (P1601) transmitted from the node 102A to the edge device 300A, an extended VXLAN packet (P1606) transmitted from the edge device 300A to the edge device 300B, and a user packet (P1607) transmitted from the edge device 300B to the node 102B. is there.

  In the following example, the flow of packets during L3 relay will be described when the node 102A transmits a packet addressed to the node 102C. The packet (P1601) transmitted from the node 102A reaches the edge device 300A. The edge device 300A checks whether a MAC address corresponding to the IP address of the next hop is registered. Since the corresponding entry is not registered, the edge device 300A floods the ARP request packet to the VNI2 virtual L2 network (P1602) and waits for a response. The ARP request reaches the node 102B via the edge device 300B (P1603), and the node 102B returns an ARP reply packet (P1604) to the edge device 300A via the edge device 300B (P1605).

The edge device 300A receives the ARP reply packet, and learns the MAC 102B that is the MAC address of the transmission destination node and the MAC address of the edge device 300B. Using the learning result, the edge device 300A encapsulates the user packet and transmits it as an extended VXLAN packet to the edge device 300B (P1606). The edge device 300B decapsulates the extended VXLAN packet, relays the decapsulated user packet to the node 102B (P1607), and the node 102B performs the L3 relay to reach the node 102C (P1608). After that, when the node 102A again transmits a packet addressed to the node 102C (P1609), the edge device 300A has learned the relay destination device, and therefore does not perform address resolution and relays the extended VXLAN packet to the edge device 300B. (P1610). After that, as before, the edge device 300B performs decapsulation and relays to the node 102B (P1611), and the node 102B relays to the node 102C by L3 relay. (P1612)
FIG. 3 shows an example of a packet format of the extended VXLAN packet 200 that flows through the WAN 500 during L3 relay and a user packet 218. The extended VXLAN packet includes an Outer packet header 201 and an Inner packet 202. The Outer packet header 201 is a header used when the edge device 300 and devices in the WAN 500 relay extended VXLAN packets. The Inner packet stores information related to the virtual L2 network 101 in the edge device 300, and is used for restoration to a user packet flowing in the virtual L2 network 101 in the edge device 300 and learning of a table in the edge device 300 described later. .

  The Outer packet header 201 includes an Outer IP header 203 including a destination edge device IP address 208 and a source edge device IP address 209, an UDP header 204 including a destination UDP port number 210, an extended VXLAN header including a destination VNI 211 and a source VNI 212. 205. The extended VXLAN header 205 is an extension of the normal VXLAN header so as to have a transmission source VNI 212 using a reserved area. The destination UDP port number 210 can be used to identify the normal VXLAN header and the extended VXLAN header. As another packet format example, it is conceivable to use General Protocol Extension for VXLAN and provide an additional header after the VXLAN header.

  The Inner packet 202 includes an Inner MAC header 206 including a destination node MAC address 213 and a source node MAC address 214, an Inner IP header 207 including a destination node IP address 215 and a source node IP address 216, and an IP data portion 217. Is done. The transmission source node MAC address 214 of the Inner MAC header 206 has the same value as the transmission source MAC address of the user packet input to the edge device 300 that relays to the WAN 500. The destination node MAC address 213 takes the MAC address of the next hop node. In addition, the destination node IP address 215, the source node IP address 216, and the IP data portion 217 contain the same values as the user packet.

  As an example, the value of each item when a user packet addressed to the node 102C transmitted from the node 102A in FIG. 1 is relayed as an extended VXLAN packet between the edge devices 300A and 300B will be described. In this case, the destination edge device IP address 208 is the IP address 300B indicating the edge device 300B, and the source edge device IP address 209 is the IP address 300A indicating the edge device 300A. Next, the destination VNI 211 is VNI2 indicating the virtual L2 network 101B to which the node 102B belongs, and the transmission source VNI 212 is VNI1 indicating the virtual L2 network 101A to which the node 102A belongs. The destination node MAC address 213 is the MAC 102B indicating the node 102B, which is the next hop device, and the transmission source node MAC address is the MAC 102A indicating the node 102A. The destination node IP address 215 is IP 102B indicating the node 102B, and the source node IP address 216 is IP 102A indicating the node 102A.

  FIG. 4 is a functional configuration diagram of the edge device 300. The edge device 300 includes interfaces 303A and 303B, a control unit 301, and a table group 302. The control unit 301 includes a reception processing unit 304, a path control unit 305, and a transmission processing unit 306. The table group 302 includes an interface information table 400, a VNI group table 500, a forwarding table 600, a terminal information table 700, and a MAC learning table 800 that are set in advance before performing relay processing.

  The interface 303A is an interface connected to the node 102A. The interface 303B is connected to the WAN 500.

  The interface information table 400 includes an association between the interface of the edge device 300 and the type of access, the VNI group, and the VNI according to the attributes of the network to which the interface is connected. The VNI group table 500 includes information indicating virtual L2 networks belonging to the VNI group.

  The forwarding table 600 includes information that associates a VNI group with a transfer path of a packet that belongs to the group. In particular, the forwarding table 600 includes information indicating a correspondence between an IP address of a communication device and a VNI that is a network identifier for identifying a virtual network to which the communication device belongs. The terminal information table 700 stores information about terminals belonging to each VNI group. For example, the information regarding the terminal is the IP address or MAC address of the terminal.

  The MAC learning table 800 includes information for specifying an interface to be output by a combination of VNI and MAC address.

  The reception processing unit 304 processes a packet received by the interface. The route control unit 305 updates the table in the table group 302 with the packet received by the reception processing unit 304. The transmission control unit 301 transmits the received packet.

  The reception processing unit 304 determines the access type associated with the received interface for the packet received by the interface 303A or the interface 303B. The associated access type is, for example, VXLAN access or VXLAN trunk.

  The reception processing unit 304 may be a reception processing circuit. Alternatively, the reception processing unit 304 may include a processor, and the processing of the reception processing unit 304 may be realized by a program.

  The route control unit 305 determines the output destination and route of the received packet. Specifically, the path control unit 305 identifies the destination VNI corresponding to the destination IP address of the received packet, and encapsulates the received packet using the identified destination VNI and the MAC address of the transmission source of the packet. . Further, the path control unit 305 decapsulates the packet received from the opposite edge device 300, updates the MAC address of the transmission source communication device included in the decapsulated packet to the MAC address of the own device, and updates the updated packet. Transmit to the second communication device. Further, the path control unit 304 identifies the destination VNI corresponding to the destination IP address of the packet received from the node 102 belonging to the same virtual L2 network and the IP address of the opposite edge device 300 belonging to the destination VNI, and identifies the identified destination VNI. Including the IP address of the specified adjacent communication device is transmitted to the opposite edge device 300 via the WAN 500.

  In addition, when receiving a response packet for the address resolution packet, the path control unit 305 associates the MAC address of the adjacent communication device corresponding to the facing edge device 300 included in the response packet with the IP address of the adjacent communication device, and receives the terminal information. In the table 700, the IP address of the edge device 300 included in the response packet and the MAC address of the communication device adjacent to the edge device are associated with each other and stored in the MAC learning information, and the identified destination VNI and the first communication Using the MAC address of the device, the MAC address of the adjacent communication device, the MAC address of the edge device facing the MAC address of the own device, and the destination IP address, receiving from the node belonging to the same VNI and via the facing edge device Packets destined for nodes that are connected and belong to different VNIs Cell of.

  The transmission processing unit 306 creates an ARP request packet that resolves the MAC address corresponding to the destination IP address of the received packet, and performs flooding on the destination VNI of the received packet.

  The transmission processing unit 306 transmits a packet to the interface instructed to be transmitted. If the instructed interface is an IP address of another edge device, an extended VXLAN packet for L3 relay is generated. At this time, the inner packet 202 uses the instructed packet as it is. The destination edge device IP address uses the output destination information 803 acquired from the MAC learning table 800. The source edge device IP address stores an IP address for transmitting a packet addressed to the output destination information 803. The destination VNI 211 uses the VNI 604 acquired from the forwarding table 600. The transmission source VNI uses the VNI 404 acquired from the interface information table 400. Then, the generated packet is transmitted.

  FIG. 5 is an explanatory diagram of the interface information table 400. The interface information table 400 is a table that holds various types of information of the interface 303 that each edge device 300 has. The interface information table 400 holds an interface type 402, a VNI group number 403, and a VNI 404 in association with the interface number 401. The interface number 401 stores a number for identifying the interface 303. The interface type 402 is a value indicating a network to which the interface is connected. When connecting to the WAN 500, the interface type 402 is “VXLAN trunk”, and when connecting to the virtual L2 network 101, it is “VXLAN access”. When the interface type 402 is “VXLAN access”, the VNI group number 403 and VNI 404 are set. The VNI group number 403 is a number for identifying the VNI group. The VNI 404 is a number for identifying the virtual L2 networks 101A and 101B.

  In the example of FIG. 5, the entry 405 indicates that the interface 303A is connected to the virtual L2 network 101A belonging to the VNI group 1. An entry 406 indicates that the interface 303B is connected to the WAN 500.

  FIG. 6 is an explanatory diagram of the VNI group table 500. The VNI group table 500 is a table that represents a virtual L2 network belonging to the VNI group. It consists of a VNI group number 501 and a VNI number 502. In the example of FIG. 6, it is shown that the virtual L2 network 101A with the VNI number VNI1 and the 101B with the VNI number VNI2 belong to the VNI group 1.

  FIG. 7 is an explanatory diagram of the forwarding table 600. The forwarding table is a table including information indicating a route through which an IP packet is relayed by L3 in each VNI group. The forwarding table 600 holds the next hop information 603 and the VNI number 604 in association with the VNI group number 601 and the IP address / prefix length 602. In particular, the forwarding table 600 includes information indicating a correspondence between an IP address of a communication device and a VNI that is a network identifier for identifying a virtual network to which the communication device belongs. In the forwarding table 600, the VNI group number 601 is a value representing a VNI group that performs L3 relay, and the IP address / prefix length 602 represents the IP address and prefix length of the route. The next hop information 603 is information indicating the next hop device (adjacent communication device) of each route for the VNI group number. The next hop here includes a case where the WAN 500 is connected by tunneling with VXLAN. When the next hop is the destination node, the value of the next hop information 603 is “Direct Connect”, and in other cases, the IP address of the relay destination node is stored. The VNI number 604 is an identifier that identifies the relay destination virtual L2 network.

  In the example of FIG. 7, entries 605, 606, and 607 all represent route information related to VNI group 1. An entry 605 indicates that the IP address / prefix 101A is connected to the virtual L2 network 101A whose VNI number is represented by VNI1. An entry 606 indicates that the IP address / prefix 101B is connected by the virtual L2 network 101B represented by VNI2. The entry 607 indicates that the IP address / prefix 101 is connected via the node 102B having the VNI number belonging to VNI2 and having the IP 102B.

  FIG. 8 is an explanatory diagram of the terminal information table 700. The terminal information table 700 represents IP addresses and MAC addresses that have been address-resolved using ARP or the like on each VNI group. The terminal information table 700 holds a MAC address 703 in association with the VNI group number 701 and the IP address 702. The terminal information table 700 is updated when the route control unit 305 receives an address resolution response.

  In the example of FIG. 8, an entry 704 belongs to the VNI group 1 and a device whose IP address is IP102A indicates the MAC address of the MAC 102A. An entry 705 shows a device that belongs to the VNI group 1 and the IP address is IP102B. , Indicates the MAC address of the MAC 102B. The initial state of the terminal information table 700 is a state in which the entry 705 is deleted from FIG.

  FIG. 9 is an explanatory diagram of the MAC learning table 800. The MAC learning table 800 is a table showing which interface or edge device is connected to a terminal belonging to the virtual L2 network. The MAC learning table 800 stores output destination information 803 in association with the VNI number 801 and the MAC address 802. When the node represented by the VNI number 801 and the MAC address 802 is directly connected through an interface, the output destination information 803 stores an interface number indicating the interface and is connected by VXLAN tunneling on the WAN 500. The IP address of the edge device serving as the tunnel exit is stored. The MAC learning table 800 is updated through the path control unit when the reception processing unit 304 receives a packet. Unlike a normal VXLAN, information about the virtual L2 network 101 in which the edge device 300 that holds the MAC learning table 800 does not participate is also stored.

  In the example of FIG. 9, the entry 804 indicates that the node 102A, which is a node having the MAC 102A belonging to the virtual L2 network 101A whose VNI number is VNI1, is connected via the interface 303A. The entry 805 is an entry related to the virtual L2 network 101B in which the VNI number to which the edge device 300A does not belong is VNI2. An entry 805 indicates that the node 102B belonging to the virtual L2 network 101B having the VNI number VNI2 and having the MAC address of the MAC 102B is connected via the edge device 300B to which the IP 300B is assigned. Note that the initial state of the MAC learning table 800 is a state in which the entry 805 is deleted from FIG. FIG. 10 is a flowchart showing the processing contents of the packet reception process performed by the reception processing unit 304 at the time of packet reception. When the edge device 300 receives a packet from the interfaces 303A and 303B, the reception processing unit 304 starts packet reception processing. (S901) First, the reception processing unit 304 searches the interface information table 400 for the interface number of the received interface 303. As a result of the search, the interface type 402 is acquired from the corresponding entry. When the interface type 402 is “VXLAN access” (S903), the VNI group number 403 and VNI 404 to which the interface belongs are further acquired from the entry, and the relay processing (S1100) of the reception processing unit 304 is called. When the interface type 402 is “VXLAN trunk” (S903), the VXLAN decapsulation process (S1000) of the reception processing unit 304 is called.

  FIG. 11 is a flowchart showing the processing contents of the VXLAN decapsulation processing performed by the path control unit 305. This process is executed when the type of the interface that received the packet is “VXLAN trunk”, that is, an interface connected to the WAN 500. The path control unit 305 confirms whether the received packet is a VXLAN packet or an extended VXLAN packet (S1002). Specifically, the path control unit 305 determines that the destination edge device MAC address 213 and the destination node IP address 215 included in the received packet are those of the own device, and further confirms the destination UDP port number 210 included in the received packet. Thus, it is confirmed whether the packet is a VXLAN or an extended VXLAN packet.

  In the case of an extended VXLAN packet or a VXLAN packet, the path control unit 305 updates the MAC learning table 800 (S1003). Specifically, the path control unit 305 creates or updates an entry in which the VNI number 801 is the transmission source VNI 211 and the MAC address 802 is the transmission source node MAC address 214, and the value of the output destination information 803 is set to the transmission source edge device IP. Store as address 215. In the case of a VXLAN packet, the destination VNI 210 included in the received packet is stored as the VNI number 801.

  Next, the path control unit 305 removes the Outer IP header 201 of the received packet and generates a user packet (step 1004). When the packet is an extended VXLAN packet, the path control unit 305 rewrites the source node MAC address 214 of the received packet with the MAC address of the own device.

  Finally, the relay process (S1100) is called with the source VNI 212 and the generated user packet as arguments.

  If the route control unit 305 does not correspond to either the extended VXLAN packet or the VXLAN packet, the route control unit 305 ends the processing (S1005) and discards the packet. The above is the description of the flowchart of FIG.

  FIG. 12 is a flowchart showing the processing contents of the relay processing performed by the route control unit 305. In this processing, it is determined whether the user packet to be relayed is a packet to be relayed by L2 relay, a packet to be relayed by L3 relay, or a control packet, and processing in each case is performed.

  After the start of relay processing (S1101), the path control unit 305 determines whether the destination MAC address 213 is that of its own device (S1102). The route control unit 305 performs L2 relay processing (S1103) if the packet is addressed to another device. The L2 relay processing (S1103) here includes a case where an L2 packet is transmitted from the port of the own device and a case where the L2 packet is relayed to another device via VXLAN.

  If the packet is addressed to the own device, the path control unit 305 determines whether the packet is a packet of a protocol that needs to be processed by the own device such as an ARP packet (S1104), and operates according to the protocol. For example, if the packet is an ARP reply packet, the path control unit 305 registers the combination of the IP address and the MAC address resolved by the ARP and the VNI group to which the VNI included in the received packet belongs in the terminal information table (S1105). ).

  If the packet to be relayed is a normal IP packet, the path control unit 305 performs L3 relay processing (S1200). 13 and 14 show a flowchart of the L3 relay process. In the L3 relay processing, first, the path control unit 305 searches the VNI group number 403 included in the received packet with reference to the VNI group table 500 (S1202). If there is no corresponding VNI group (S1203), the relay process is terminated. (S1304) Next, as a result of the search in S1202, the route control unit 305 searches the forwarding table 600 for the acquired VNI group and the destination IP address 215 of the packet, the VNI group number 601 matches, and the IP address / prefix length 602. Next hop information 603 and VNI number 604 of the entry with the longest match are acquired (S1204). If there is no matching entry, the path control unit 305 ends the relay process (S1304). Next, the route control unit 305 searches the terminal information table (S1206). At this time, as the VNI group number 701, the VNI group number 502 acquired from the VNI group table is set as the IP address 702, and when the next hop information 603 is “Direct Connect”, the destination IP address 215 is set. Search using the IP described in the next hop information 603. If there is no corresponding entry (S1207), the path control unit 305 instructs the transmission processing unit to transmit the ARP to the corresponding IP, and waits until the address resolution is completed (S1400). When there is an entry (S1207), or when the address resolution is completed, the path control unit 305 acquires the MAC address 703 and searches the MAC learning table 800 with the MAC address 703 and the destination VNI. When there is no corresponding entry (S1302), the reception processing unit 304 waits until the instruction address resolution is completed for transmission of the ARP to the transmission control unit (S1400). If there is a corresponding entry, the reception processing unit 304 acquires the output destination information 803, rewrites the destination MAC 213 of the user packet with that value (S1303), and then sends the destination VNI from the output destination information 803 to the transmission processing unit 306. The user packet transmission process is instructed (S1500).

  Next, focusing on the edge device 300A, the operation of FIGS. 1 and 2 will be described.

The edge device 300A that has received the packet (P1601) addressed to the node 102C from the node 102A through the interface 303A passes the packet to the reception processing unit 304 and calls the packet reception processing. (S901) In the packet reception process, the interface number IF1 of the interface 303A is searched on the interface information table 400, and the entry 405 corresponds. (S902) Since the interface type 402 is “VXLAN access”, the received packet is treated as a user packet, the VNI group number 403 and VNI 404 are extracted, and the VNI group number 403 and VNI 404 and the received packet (P1602) are relayed as arguments (S1100). , S1101). In the relay process, first, it is confirmed whether the destination MAC address 220 of the received packet 218 is MAC1 addressed to the own apparatus. (S1102) Since it is addressed to the own device, it is confirmed that the packet is an IP packet (S1104), and L3 relay processing (S1200, S1201) is called. In the L3 process, the edge device 300A searches the VNI group table 500 with VNI1, and acquires VNI group 1 as the VNI group number 501 from the entry 503. (S1202, S1203) Next, IP102C is extracted from the user packet 218 as the value of the destination IP node address 215, and is searched in the forwarding table 600. (S1204) As a result, it is confirmed that the entry 697 corresponds to the IP 102B that is the IP address of the next hop from the next hop information 603 and the VNI 2 that indicates the virtual L2 network to which the next hop belongs from the VNI number 604. (S1205)
Next, the reception processing unit 304 of the edge device 300A searches the terminal information table 700 for the acquired VNI group 1 and IP 102B. (S1206) As a result, since there is no entry corresponding to IP102B, it is determined that address resolution is necessary (S1207), and the transmission processing unit 306 is instructed to send ARP to IP102B on VNI2. (S1400, S1401) The transmission processing unit 306 generates an ARP request packet P1602 encapsulated in VXLAN in order to resolve IP102B (S1402), and broadcasts it in the VNI2 to which the next hop belongs. It transmits to address (S1403).

  When the reply P1604 corresponding to the transmitted ARP is received by the interface 303B, it is passed to the reception processing unit 304 and the packet reception process is called. As a result of the search of the interface information table (S902), the entry 406 is applicable, the interface type of the interface 303B is found to be “VXLAN trunk” (S903), and the VXLAN decapsulation process is called. (S1000, S1001) The packet type is confirmed, and since it is a VXLAN packet (S1002), the MAC learning table update (S1003), decapsulation (S1004), and relay processing (S1100) are called. In updating the MAC learning table (S1003), VNI2 is acquired from the destination VNI 211, MAC 102B is acquired from the source node MAC address 214, and IP 300B is acquired from the source edge device IP address 209, and an entry such as the entry 805 in FIG. 9 is registered. When the relay process is started (S1101), it is confirmed that the destination node MAC address of the packet is the MAC 300B indicating the own device. (S1102) Thereafter, it is confirmed that the packet is an ARP reply packet (S1104), and the combination of the IP 102B and the MAC 102B as shown in the entry 705 in FIG. 8 described in the ARP reply packet is recorded in the terminal information table 700. To do. (S1105).

  Since the terminal information table has been updated, the terminal information table is confirmed again in the relay process. (S1206) Since the learned entry 705 is applicable (S1207), VNI2 that is the destination VNI and MAC102B that is the destination MAC address are searched on the MAC learning table 800 (S1301), and the learned entry 805 is applicable. (S1302) Thereafter, the destination MAC address of the packet is rewritten to the MAC 300B acquired from the entry 705, and the transmission control unit 306 is instructed to transmit the packet. (S1500, S1501) The transmission control 306 generates and transmits an extended VXLAN packet in which the destination edge device IP address is IP300B, the source edge device IP address is IP102A, the destination VNI is VNI2, and the source VNI is VNI1.

  Thereafter, when the node A sends the packet P1609 to the node C again, the edge device 300A can obtain the entry 705 for the VNI group 1 and the IP 102B from the terminal information table 700. Similarly, since the entry 805 for the MAC 102B can be obtained from the MAC learning table 800, the packet P1610 is generated and transmitted without performing address resolution.

  The effect of performing the above operation is that the contents of the MAC learning table 800 regarding the L3 relay of the edge device 300A can be reduced. The edge device 300A learns that the node 102B is connected to the edge device 300B only when it is necessary for L3 relay. Since entries for other nodes 100 belonging to the virtual L2 network 101B are not learned, the number of entries can be reduced.

  Next, FIG. 15 shows a packet flow when the node 102B moves from the edge device 300B to the edge device 300C, and FIG. 16 shows a sequence diagram. The initial state of the MAC learning table of the edge device 300A is shown in FIG.

  When the node 102B moves and moves from the edge device 300B to another edge device 300C belonging to the same virtual L2 network 101B, the edge device 300C and the node 102B are connected via the physical network 103C, and the MAC in the edge device 300A There is a problem that the entry related to the node 102B that is being learned in the learning table 800 must be changed. When the entry related to the node 102B is not changed, when the packet addressed to the node 102B is relayed from the edge device 300A by L3 relay, the packet is relayed to the edge device 300B connected before the movement. Such a situation occurs when the node 102B is a virtual machine and the physical server that operates the virtual machine is changed by live migration or the like.

  In the present embodiment, as means for solving the above-described problems, the MAC address and VNI of the transmission source node 102 are added to the extended VXLAN packet 200, so that the edge device 300 that has received the extended VXLAN packet 200 transmits it. The correspondence between the original edge device 300 and the transmission source node 102 is learned.

Packets P2001 to P2004 are a packet flow of the edge device 300A when the edge device 300A does not detect the movement of the node 102B. The edge device 300A detects the movement by relaying the packet from the moved node 102B, and updates the MAC learning table 800. For this reason, the MAC learning table 800 in the edge device 300A is not updated until the node 102B moves or relaying via the edge device 300A is performed or the table entry is deleted due to a timeout or the like. Under this situation, when the packet (P2001) addressed to the node 102B is transmitted from the node 102A, the edge device 300A encapsulates it into an extended VXLAN packet, relays it to the edge device 300B (P2002), and the edge device 300B performs a normal VXLAN. The packet is refilled, relayed to the edge device 300C (P2003), and transmitted to the node 102B. (P2004)
Packets P2005 to P2007 are packets that flow when a packet addressed to the node 102A is transmitted from the node 102B. When the edge device 300C receives the packet (P2005) transmitted from the node 102B, it is encapsulated into an extended VXLAN packet and relayed to the edge device 300A. (P2006) Upon receiving the extended VXLAN packet, the edge device 300A updates the MAC learning table 800, performs decapsulation, and relays the node to the node 102A. (P2007) By updating the MAC learning table 800, the node 102B and the edge device 300C can be associated with each other.

After updating the table, when a packet addressed to the node 102C (P2008) is transmitted from the node 102B, the edge device 300A relays it as an extended VXLAN packet to the edge device 300C (P2009) and relays it to the node 102B. (P2010)
The operation of the edge device 300A when receiving the packet P2006 will be described. The edge device 300A starts packet reception processing (901), confirms information on the reception interface in the interface information table 400 (S902, S903), and starts VXLAN decapsulation processing. (S1000, S1001) The packet type of the received packet is confirmed, and it can be seen that it is an extended VXLAN. (S1002) Next, with respect to the MAC learning table 800, the VNI number 801 is VNI2 that is the source VNI 212 of the received packet, the MAC address 802 is MAC 102B that is the source node MAC address 216, and the output destination information 803 is the source An entry in which IP300C is set as the edge device IP address 209 is registered. Since there is an entry 805 having the same VNI number 801 and MAC address 802, the entry is overwritten. Thereafter, the extended VXLAN packet is decapsulated and the inner packet 202 is taken out. (S1004) At this time, the source node MAC address is rewritten to MAC2 of its own device. Then call the relay process. (S1100, S1101) It is confirmed whether the destination MAC address is that of the own device (S1102), and since it is destined for others, L2 relay processing is performed (S1103) and transmitted from the interface 303A connected to the node 102A.

  The edge device 300B when receiving the packet P2002 performs the same operation as that of the edge device 300A when receiving the packet P2006 described above, and calls the L2 relay process (S1103). Here, since the output destination information 803 described in the MAC learning table points to the IP 300C that is the IP address of the edge device 300C, the IP address is relayed to the IP 300C as a normal VXLAN.

  The effect of this operation is to update the information in the MAC learning table 700 of the edge device 300 that has received the packet by the node 102 transmitting the packet even when the edge device 300 to which the node 102 is connected changes. .

  According to one form of the present embodiment, for example, by performing L3 relay between virtual L2 networks by processing between edge devices, the delay at the time of relay is reduced compared to when L3 relay processing is performed by adding an L3 relay device. It can be suppressed.

  According to one form of the present embodiment, for example, the entries in the MAC learning table stored in each edge device need only be managed with respect to the destination node, so the number of entries in the MAC learning table 700 is reduced.

  According to one form of the present embodiment, for example, when a node moves, for example, even when the edge device connected by live migration or the like is changed while the node is communicating, communication is possible, and the moved node is relayed by L3. By performing the above, it becomes possible to update the MAC learning table of the edge device.

500 WAN
100A, 100B Physical network 101A, 101B Virtual L2 network 102A, 102B, 102C Node 301 Control unit 302 Table group 303A, 303B Interface 304 Reception processing unit 305 Path control unit 306 Transmission processing unit

Claims (7)

A first relay device belonging to the first virtual network, and a second relay device belonging to the second virtual network,
The first virtual network and the second virtual network associated as one virtual network group are connected via the third virtual network,
The first relay device
Pre-stored in transfer information indicating the association between the IP address of the destination communication device of the packet and the network identifier identifying the virtual network to which the destination communication device belongs;
When a packet addressed to the second communication device belonging to the second virtual network is received from the first communication device belonging to the first virtual network, the destination corresponding to the destination IP address of the received packet is referred to by referring to the transfer information Identify the VNI, encapsulate the received packet using the identified destination VNI and the MAC address of the first communication device of the transmission source, send the encapsulated packet to the third virtual network,
The second relay device
When a packet addressed to the second communication device is received from the third virtual network, the MAC address of the first communication device included in the received packet is held, and the received packet is decapsulated and included in the decapsulated packet. A communication system in which the MAC address of the first communication device is updated to the MAC address of the second relay device, and the updated packet is transmitted to the second communication device. The communication system according to claim 1, wherein the first relay device is:
When the packet addressed to the second communication device is received, the destination VNI corresponding to the destination IP address of the received packet and the IP address of the adjacent communication device are specified, and the IP of the specified adjacent communication device including the specified destination VNI When an address resolution packet addressed to the address is transmitted to the third virtual network and a response packet to the address resolution packet is received, the MAC address of the adjacent communication device included in the response packet is associated with the IP address of the adjacent communication device. The MAC address of the second relay device included in the response packet is associated with the MAC address of the adjacent communication device to perform MAC learning, and the specified destination VNI, the MAC address of the first communication device, and the adjacent communication device MAC address, MAC address of the first relay device, and MAC address of the second communication device Using the scan and destination IP address, it encapsulates the packets of the second communication device addressed with the received communication systems.   3. The communication system according to claim 2, wherein when the first relay device receives a packet addressed to the second communication device, the first relay device refers to the transfer information and specifies a destination VNI corresponding to a destination IP address of the received packet. When the IP address of the adjacent communication device is specified and there is no MAC address of the adjacent communication device corresponding to the specified IP address, an address resolution packet destined for the IP address of the specified adjacent communication device is sent to the third virtual network. A communication system for transmission.   3. The communication system according to claim 2, wherein when the second relay device receives the encapsulated packet from the first relay device, the second relay device confirms the destination and does not learn the destination MAC address. A communication system that transmits an address resolution request to a network. A communication system including a first relay device belonging to a first virtual network,
The first relay device is connected via a third virtual network with a second relay device belonging to a second virtual network associated with the first virtual network as one virtual network group,
A memory that stores in advance a correspondence between an IP address of a destination communication device of a packet and a network identifier that identifies a virtual network to which the destination communication device belongs;
When a packet addressed to the second communication device belonging to the second virtual network is received from the first communication device belonging to the first virtual network, the destination corresponding to the destination IP address of the received packet is referred to by referring to the transfer information The VNI is identified, the received packet is encapsulated using the identified destination VNI and the MAC address of the first communication device of the transmission source, and the encapsulated packet is transmitted to the second through the third virtual network. A communication system characterized by transmitting to a relay device. The communication system according to claim 1,
And further comprising the second relay device,
When the relay device receives a packet addressed to the second communication device from the third virtual network, the relay device holds the MAC address of the first communication device included in the received packet, decapsulates the received packet, and decapsulates the packet. A communication system for updating the MAC address of the first communication device included in the packet to the MAC address of the second relay device and transmitting the updated packet to the second communication device. The communication system according to claim 5, wherein
The communication system, wherein the first virtual network and the second virtual network are VLANs, and the third virtual network is a VXLAN.

Images