JP2017139680A - Communication device and transfer device control method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To enable transfer to an appropriate internal process device if fragment packets are dispersed to a plurality of internal transfer devices.SOLUTION: A communication device which receives and processes a packet includes: a plurality of processing devices which process packets; and a plurality of transfer devices which receive the packets from the outside of the communication device to transfer the packets to either one processing device out of the plurality of processing devices. A first transfer device among the plurality of transfer devices receives a first packet from outside the communication device, and receives a second packet from a second transfer device among the plurality of transfer devices, to reconfigure a packet using the first packet and the second packet, and further, selects a processing device from among the plurality of processing devices according to set policy information, to transfer the reconfigured packet to the selected processing device.SELECTED DRAWING: Figure 1

Description

  The present invention relates to a control method for a communication device and a transfer device.

  In a network system composed of a transmission source device, a destination device, and several transfer devices, an MTU (maximum transfer unit) is defined as a packet size that can be transferred in one packet transfer. In packet transfer from a transmission source device to a destination device, the transmission source device transmits a packet having a size exceeding the MTU into fragment packets so as not to exceed the MTU. When the destination device receives the fragment packets, the destination device reassembles (reassembles) the original packets before the division. Below, the packet before division | segmentation is called an original packet.

  Also, the original packet data is divided into a plurality of datagrams, and a packet with an IP header attached to each divided datagram is a fragment packet. Information of a layer higher than the IP layer (layer 3) is included in any one fragment packet when being divided, and is not included in other fragment packets.

  As information for determining from which original packet a fragment packet is divided, fragment packets divided from the same original packet have the same IP header identifier. When each received fragment packet has the same IP header identifier, the destination device generates an original packet by reassembling from the fragment packet having the same IP header identifier.

  When there are a plurality of transfer paths in the network, there are mainly two types of packet transfer methods. One is a transfer method using a routing table based on the most common destination IP address. The other is a transfer method (policy-based routing) that transfers a packet to a specific path using layer information higher than the IP layer (Layer 3) such as a TCP / UDP port number and a tunnel identifier of a tunneling protocol as a transfer condition. It is. Policy-based routing is characterized by more flexible and finer path control than the transfer method based on the destination IP address.

  Since higher layer information is required, when a fragment packet is received by a transfer device that performs policy-based routing, the fragment packet cannot be transferred as it is. Therefore, it is reassembled into the original packet and is more than the IP (layer 3) of the original packet. It is necessary to restore upper layer information and select a transfer destination based on transfer destination policy information.

  Patent Document 1 discloses that a fragment packet ID table 3 that associates a fragmented IP packet with an entry of a flow table that matches a fragment source IP packet, obtains fragment information, and packet ID based on header information of the IP packet. A flow entry describing an action to be applied to an IP packet having a packet ID by referring to the fragment packet ID table, and a fragment packet processing function 103 to apply the action to the IP packet, and the leading IP packet A fragment packet ID table update function 107 that adds the entry to the fragment packet ID table when receiving the last packet and deletes the entry from the fragment packet ID table when the last packet is received. It discloses fragmented packet processing in OpenFlow (R) of the comprising "(Abstract).

  Patent Document 2 states that “the reconfiguration processing unit 24 determines whether or not the received IP packet is divided, and if it is divided, the IP packet is temporarily stored in the packet storage unit 25, After the divided IP packets are accumulated, it is reconstructed into the original IP packet data before the fragment processing, after which the reception processing unit 26 searches the address translation table 27 and stores it in the header of the IP packet. A data relay apparatus is disclosed that “converts addresses into addresses set in a destination network and enables data relay between networks” (summary).

Japanese Patent Laying-Open No. 2015-70434 Japanese Patent Laid-Open No. 2005-12698

  In recent years, for the purpose of improving network bandwidth and device reliability, a destination device may include a plurality of internal transfer devices (multiple redundant configuration) and a plurality of internal processing devices (multiple redundant configuration). An original packet generated by a transmission source device existing in the external network is transferred to any one processing device via any one internal transfer device. Thereafter, the processing device performs processing based on the acquired original packet.

  Furthermore, in order to perform fine path control, the transfer device in the external network performs policy-based routing, and the internal transfer device also distributes and transfers the original packet to each processing device based on the transfer destination policy information.

  In the case of fragment packet transfer, the transmission source device transmits a plurality of fragment packets generated by dividing the original packet to the destination device. The transmitted fragment packet arrives at the internal transfer device in the destination device via several transfer devices.

  For example, when the transfer device in the preceding stage of the destination device performs the transfer method based on the destination IP address, the fragment packet is transferred from the transfer device to one internal transfer device. The internal transfer device that has received the fragment packet reassembles the original packet from the IP header identifier, and transfers the packet to the internal processing device based on the transfer destination policy information.

  However, when a forwarding device in the previous stage of the destination device performs policy-based routing, or when a link failure occurs between the forwarding device and the internal forwarding device in the destination device, each fragment divided from the same original packet Packets can arrive at different internal forwarding devices in the destination device.

  Each internal transfer apparatus that receives the fragment packet holds the fragment packet in order to reassemble the original packet. However, since the fragment packets are transferred to different internal transfer devices, some of the fragment packets cannot be received by one internal transfer device, and the received fragment packets are also discarded at a predetermined time. .

  On the other hand, in the packet processing of Patent Document 1, the fragment packet can be transferred as it is by using the fragment packet ID table that links the flow table and the fragment packet, but the fragment packet arrives at a different internal transfer device. The case is not disclosed.

  Further, the data relay device of Patent Document 2 can select an appropriate processing device and transfer a packet when a fragment packet arrives at the same internal transfer device, but the fragment packet arrives at a different internal transfer device. No case is disclosed.

  Therefore, an object of the present invention is to enable transfer of a fragment packet to an appropriate internal processing device even if it is distributed to a plurality of internal transfer devices.

  A representative communication apparatus according to the present invention is a communication apparatus that receives and processes a packet, and includes a plurality of processing apparatuses that process the packet, a packet received from outside the communication apparatus, and the plurality of processing apparatuses A plurality of transfer devices that transfer packets to any of the processing devices, wherein the first transfer device of the plurality of transfer devices receives the first packet from outside the communication device, The second packet is received from the second transfer device among the plurality of transfer devices, the packet is reconfigured using the first packet and the second packet, and the setting is made from the plurality of processing devices. The processing apparatus is selected based on the policy information thus set, and the reconstructed packet is transferred to the selected processing apparatus.

  According to the present invention, even if fragment packets are distributed to a plurality of internal transfer devices, they can be transferred to an appropriate internal processing device.

It is a figure which shows the example of a network system. It is a figure which shows the example of a structure in a destination apparatus. It is a figure which shows the example of a structure of an internal transfer apparatus. It is a figure which shows the example of a logical structure of an internal transfer apparatus. It is a figure which shows the example of a structure of transfer destination policy information. It is a figure which shows the example of a format of a fragment packet. It is a figure which shows the example of a structure of the determination table of a packet. It is a figure which shows an example of the transfer sequence of a fragment packet. It is a figure which shows an example of the transfer sequence of a fragment packet. It is a figure which shows an example of the transfer sequence of a fragment packet. It is a figure which shows an example of the transfer sequence of a fragment packet. It is a flowchart which shows an example from the packet reception of an internal transfer apparatus to transfer. It is a flowchart which shows the example of the broadcast transmission of an internal transfer apparatus.

  Embodiments of the present invention will be described below with reference to the drawings. It should be noted that the present embodiment is merely an example for realizing the present invention and does not limit the technical scope of the present invention. In each figure, the same code | symbol is attached | subjected to the common structure.

  In this embodiment, the internal configuration of the device includes, for example, a policy setting device that sets transfer destination policy information in the internal transfer device, and an internal transfer device that receives a packet from an external network and transfers the packet based on the transfer destination policy information And a processing device that receives and processes the transferred packet. Each of the internal transfer device and the processing device has a redundant configuration.

  The internal transfer device has transfer destination policy information for determining a transfer destination processing device. When each internal transfer device receives a packet, it refers to transfer destination policy information held in a shared memory that can be referred to by a plurality of processes, selects a processing device as a transfer destination, and transfers the packet. For example, the source / destination IP address of the received packet or the port number of TCP or UDP is used for the transfer destination policy information. The term “packet” described here is a broad term including an original packet before division and a fragment packet after division.

  Further, the processing apparatus has one representative IP address that is common to the plurality of processing apparatuses. The transmission source device in the external network does not need to change the transmission destination IP address even when the number of processing devices increases or decreases by transmitting packets toward the representative IP address. Then, by increasing or decreasing the number of distribution destination processing devices in the transfer destination policy information of the internal transfer device, it is possible to cope with an increase or decrease in the number of processing devices without changing at the transmission source device.

  When the internal transfer device receives a fragment packet, the internal transfer device that has received a packet other than the first fragment packet starts a broadcast transmission timer. Capsule (encapsulate) and broadcast to other internal transfer devices.

  When the broadcast transmission timer is activated at that time, the internal transfer device that has received the first fragment packet stops the broadcast transmission timer, waits for a fragment packet other than the first from other internal transfer devices, and all fragment packets. After all the data are collected, reassemble the original packet. Then, with reference to the header information and transfer destination policy information of the original packet after being resembled, a processing device as a transfer destination is selected, and the original packet is transferred to the selected processing device.

  More specific description will be given below. FIG. 1 shows an example of a network system in this embodiment. A packet is transmitted from the external network 101 to the destination device 108. A packet transmitted from the external network 101 to the destination device 108 reaches the destination device 108 via the transfer device 102. For this reason, the external network 101 and the transfer device 102 are connected, and the transfer device 102 and the destination device 108 are connected. The destination device 108 is a communication device that receives a packet.

  The transfer apparatus 102 converts the original packet received from the external network 101 into a fragment packet, and transmits the fragment packet to the destination apparatus 108 via a plurality of communication lines, or transmits the original packet as it is to the destination apparatus 108. . The plurality of communication lines are ECMP (Equal Cost Multi Path), and fragment packets are distributed so that the communication costs are equal in each of the plurality of communication lines.

  A plurality of internal transfer devices 104 in the destination device 108 (in the case where the internal transfer devices 104-1 to 104-N are representatively referred to without being distinguished from each other are described as the internal transfer device 104. The other symbols are also described in the same manner. Is logically connected to each of the plurality of processing devices 107 in the destination device 108.

  The plurality of internal transfer devices 104-1 to 104-N constitute a plurality of internal transfer device redundant configuration 103, and the plurality of processing devices 107-1 to 107-M constitute a multiple processing device redundant configuration 106. Here, N and M are integers of 2 or more, and N and M may be the same number or different numbers. Further, the policy setting device 105 in the destination device 108 is connected to the internal transfer device redundant configuration 103 and the processing device redundant configuration 106.

  Note that the transfer device 102 and the internal transfer device 104 can also be referred to as an external transfer device and a transfer device, respectively, due to their relative positional relationship.

  FIG. 2 shows an example of the configuration in the destination device 108. The policy setting device 105, all the internal transfer devices 104-1 to 104-N, and all the processing devices 107-1 to 107-M are connected to the layer 2 switch 109, and each of the devices connected by the layer 2 switch 109 is connected. It is possible to communicate between them.

  A packet transmitted in one transmission via the layer 2 switch 109 is an original packet that is not divided or a fragment packet that is divided from the original packet. In this embodiment, an example of a TCP / IP packet will be described, but the present invention is not limited to this. The packet transfer in this embodiment may be a packet transfer using another protocol in order to encapsulate the fragment packet and exchange it between the internal transfer devices 104 and reassemble the original packet.

  1 and 2 show an example in which the policy setting device 105 is included in the destination device 108, the policy setting device 105 may be connected outside the destination device 108. Instead of being connected to the layer 2 switch 109, each device in the destination device 108 may be directly connected as in the example of FIG.

  FIG. 3 shows an example of the configuration of the internal transfer device 104. The internal transfer devices 104-1 to 104-N are physically different, but have the same configuration. The internal transfer device 104 includes a CPU 201 as a processor, a main memory 202, an inter-process shared memory 204, a local disk 206, a network I / F (interface) unit 208, and a bus 209 for connecting them. The internal transfer device 104 may have an input device and an output device (not shown).

  The network I / F unit 208 includes an external I / F unit 209 and an internal I / F unit 210. The external I / F unit 209 is connected to the transfer device 102, receives packets from the external network 101 via the transfer device 102, and stores them in the main memory 202 via the bus 209.

  The internal I / F unit 210 is connected to the layer 2 switch 109, acquires the packet stored in the main memory 202 via the bus 209, and passes to the other internal transfer device 104 and processing device 107 via the layer 2 switch 109. Information or packets transmitted via the layer 2 switch 109 from the policy setting device 105, another internal transfer device 104, or the processing device 107 is transmitted via the bus 209 to the inter-process shared memory 204 or the main memory 202. Or store.

  A transfer program 207 is stored in the local disk 206. The main memory 202 stores a transfer program 203 loaded from the local disk 206 by the CPU 201. In addition to the transfer program 203, the main memory 202 stores a program (not shown), data necessary for executing the program, packets, and the like, and the stored program includes an OS (Operating System) and the like.

  The inter-process shared memory 204 temporarily holds transfer destination policy information 205 indicating a packet transfer destination, and is referred to by a plurality of processes executed by the CPU 201. The CPU 201 operates as described below by executing the transfer program 203 stored in the main memory 202. Note that the CPU 201 may incorporate a timer, and the timer may be realized by hardware or by executing a program.

  Note that the CPU 201 may transfer information or packets between the main memory 202 or the inter-process shared memory 204 and the network I / F unit 208 via the bus 209. Further, the transfer program 207 stored in the local disk 206 may be stored in a portable storage medium and read into the local disk 206 by a portable storage medium reading device, or may be read via the network. 206 may be read.

  FIG. 4 shows an example of a logical configuration of the internal transfer apparatus 104-1. The internal transfer devices 104-2 to 104-N have the same configuration. The transfer destination policy information 205 is information set by the policy setting device 105 in accordance with the load status of each processing device 107, and will be further described with reference to FIG. The packet buffer 302 is a buffer for temporarily storing a packet transferred from the transfer apparatus 102, and may be a part of the area of the main memory 202 or in the network I / F unit 208. Also good.

  The packet determination module 301 is a module realized by the CPU 201 executing the transfer program 203, and the packet determination module 301 may be realized as a plurality of processes. The packet determination module 301 extracts a packet from the packet buffer 302 and analyzes the extracted packet to determine whether it is a fragment packet.

  When it is determined that the extracted packet is not a fragment packet, the packet determination module 301 selects a transfer destination from the processing devices 107-1 to 107-M according to the transfer destination policy information 205, and transfers the packet. .

  When it is determined that the extracted packet is a fragment packet, the packet determination module 301 reassembles the original packet from the fragment packets acquired by the packet determination module 301 so far. When the original packet is successfully reassembled, a transfer destination is selected from the processing devices 107-1 to 107-M based on the transfer destination policy information 205, and the reassembled original packet is transferred.

  If the reassembly of the original packet fails, the packet determination module 301 suspends the packet transfer to the processing device 107. When it is determined that the fragment packet is the second and subsequent fragment packets, a broadcast transmission timer to the internal transfer apparatuses 104-2 to 104-N other than the internal transfer apparatus 104-1 is started. Thereafter, when the broadcast transmission timer expires due to the elapse of a preset time, the fragment packet is encapsulated and broadcast to other internal transfer apparatuses 104-2 to 104-N.

  The packet determination module 301 acquires fragment packets broadcast from other internal transfer apparatuses 104-2 to 104-N and uses them for reassembling the fragment packets into the original packets. Fragment packets broadcast from the other internal transfer apparatuses 104-2 to 104-N may be stored in the packet buffer 302 and processed in the same manner as the packets transferred from the transfer apparatus 102.

  The transfer destination policy information 205 stores and manages information related to the transfer destination of the fragment packet set from the policy setting device 105. FIG. 5 shows an example of the configuration of the transfer destination policy information 205. The transfer destination policy information 205 includes a protocol column 401, a transmission source IP address column 402, a transmission destination representative IP address column 403, a transmission source port number column 404, a transmission destination port number column 405, and a transfer destination internal IP address column 406.

  A protocol column 401 indicates the type of the layer 4 protocol of the original packet. In this embodiment, the TCP protocol is used, but other layer 4 protocols such as UDP may be used. The transmission source IP address column 402 indicates the transmission source of the original packet, and in the example of FIG.

  A transmission destination representative IP address column 403 indicates an IP address representing the redundant configuration 106 of multiple processing apparatuses that is a transmission destination of the original packet transmitted from the external network 101. The original packet transmitted from the external network 101 does not use the processing devices 107-1 to 107-M individually as transmission destinations, but uses the destination device 108 or the multiple processing device redundant configuration 106 as a representative transmission destination.

  The destination representative IP address column 403 may or may not have one IP address in the destination device 108 or the multiple processing device redundant configuration 106. For example, an IP address representing each of a plurality of types of processing contents of the processing device 107 may be used, and one processing content is handled by the processing devices 107-1 and 107-2, and the processing device 107-M is not in charge. In this case, in the destination representative IP address column 403, the processing device 107-1 and the processing device 107-2 may be the same IP address, and the processing device 107-M may be a different IP address.

  The transmission source port number column 404 indicates the transmission source port number in the TCP header of the transmission source of the original packet. The transmission destination port number column 405 indicates the transmission destination port number in the TCP header of the transmission destination of the original packet. The transfer destination internal IP address column 406 indicates the IP address of each processing device 107 used for internal communication within the destination device 108. The internal transfer device 104 transfers the packet that matches the columns 401 to 405 of the transfer destination policy information 205 to the IP address of the transfer destination internal IP address column 406.

  FIG. 6 shows a format example of a fragment packet. The original packet 501 is fragmented when the packet size exceeds the MTU value. In particular, the first fragment packet 502 has a format different from that of the subsequent fragment packet 503. Specifically, the top fragment packet 502 has an IP header and a TCP header in addition to the datagram divided from the data of the original packet 501.

  On the other hand, the second and subsequent Kth fragment packets 503 have a datagram and an IP header divided from the remaining data of the original packet 501, but do not have a TCP header. FIG. 6 illustrates an IP packet having a TCP header, but the same applies to IP packets having other layer 4 protocols such as a UDP header. Hereinafter, the first fragment packet is FP-1, and the second and subsequent Kth fragment packets are FP-K.

  The IP header of each fragment packet 502, 503 has the same IP address as that of the original packet 501, an IP identifier indicating that the packet is divided from the same original packet 501, a fragment flag indicating whether or not the fragment is fragmented, the head A fragment offset indicating the number of the fragment packet is added.

  FIG. 7 shows a configuration example of the packet determination table 601 referred to by the packet determination module 301. The transfer program 203 includes a packet determination table 601. The fragment flag (hereinafter referred to as FF) and the fragment offset (hereinafter referred to as FO) in the packet determination table 601 are information used as a criterion for determining the FF and FO of the IP header. These values are used for determination of a fragment packet, which will be described later, and information indicating the packet type in the packet determination table 601 is obtained as a result of the determination.

  Specifically, if the FF value of the IP header is “0” and the FO value is “0”, this indicates that the packet is not fragmented, and the FF value is “1” and the FO value. “0” indicates that it is the first fragment packet. Also, if the FF value is “1” and the FO value is “K” equal to or greater than “1”, it indicates the second and subsequent Kth fragment packets, and the FF value is “0” and the FO value. If it is “1” or more, it indicates the last fragment packet.

  The packet determination table 601 is used for determining fragment packets (fragment packets to which the same IP header identifier is assigned) divided from the same original packet.

  Hereinafter, with reference to FIGS. 8 to 13, some examples of sequences for transferring fragment packets will be described. In these examples, when each fragment packet arrives at a different internal transfer device 104, a sequence for appropriately transferring the packet is included.

  The example of FIG. 8 is a sequence when the fragment packet arrives at the same internal transfer apparatus 104-1 in order from the first fragment packet. First, transfer destination policy information 205 is set in advance from the policy setting device 105 to each of the internal transfer devices 104-1 to 104-3 (steps 151-1 to 151-3). Since these steps 151-1 to 151-3 are the same settings in FIGS. 9 to 11 hereafter, illustration of the settings is omitted in FIGS.

  The internal transfer apparatus 104-1 receives the first fragment packet FP-1 (step 152). After the reception, the internal transfer device 104-1 executes reassembly, but fails to reassemble because there are no fragment packets (step 153). After reassembly failure, the transfer of the fragment packet FP-1 is suspended and the second and subsequent fragment packets FP-K are awaited.

  After receiving the Kth fragment packet FP-K (step 154), the internal transfer device 104-1 executes reassembly again (step 155), succeeds in reassembling, and transfers the information contained in the TCP header of the original packet. The destination policy information 205 is searched (step 156), and the processing device 107-M to be the transfer destination is selected. Thereafter, the internal transfer device 104-1 transfers the original packet to the processing device 107-M (step 157).

  The example of FIG. 9 is a sequence when the order of fragment packets is reversed and arrives at the same internal transfer device 104-1. First, the internal transfer device 104-1 receives the Kth fragment packet FP-K (step 251). After receiving, since the internal transfer apparatus 104-1 has received a fragment packet other than the head fragment packet, it starts a broadcast transmission timer (step 252).

  After the broadcast transmission timer is started, the internal transfer apparatus 104-1 executes reassembly, but the reassembly fails because there are not all fragment packets (step 253). After reassembly failure, the transmission of the Kth fragment packet FP-K is suspended until the broadcast transmission timer expires.

  Thereafter, when the head fragment packet FP-1 arrives at the internal transfer apparatus 104-1 before the broadcast transmission timer expires (step 254), the internal transfer apparatus 104-1 that has received the head fragment packet FP-1 sets the broadcast transmission timer. Stop (step 255), re-assemble again (step 256), successfully reassemble, search the transfer destination policy information 205 with the information contained in the TCP header of the original packet, and the processing device 107 as the transfer destination -M is selected (step 257). Then, the internal transfer device 104-1 transfers the original packet to the processing device 107-M (step 258).

  The example of FIG. 10 is a sequence when the fragment packet arrives at different internal transfer apparatuses 104-1 and 104-2 in order from the top fragment packet FP-1. First, the internal transfer apparatus 104-1 receives the first fragment packet FP-1 (step 351). After the reception, the internal transfer apparatus 104-1 executes reassembly, but fails to reassemble because there are not all fragment packets (step 352). After reassembly failure, the transfer of the fragment packet FP-1 is suspended and the second and subsequent fragment packets FP-K are awaited.

  Then, when the internal transfer apparatus 104-2 receives the Kth fragment packet FP-K (step 353), since the fragment packet other than the top fragment packet FP-1 is received, the broadcast transmission timer is started (step 354). . Here, the time of the broadcast transmission timer is calculated by multiplying the setting value of the OS fragment packet discard timer (the time until the OS discards the fragment packet) and a preset coefficient less than 1. The broadcast transmission timer may be a timer included in the CPU 201.

  After the start of the broadcast transmission timer, the internal transfer device 104-2 executes reassembly but fails to reassemble because there are not all fragment packets (step 355). After reassembly failure, the transmission of the Kth fragment packet FP-K is suspended until the broadcast transmission timer expires.

  After the broadcast transmission timer expires, the internal transfer device 104-2 performs GRE encapsulation of the Kth fragment packet FP-K (step 356), and all the internal transfer devices 104-1 other than the internal transfer device 104-2, Broadcast transmission to 104-3 (steps 357 and 358). The broadcast transmission in step 357 and step 358 may be multicast transmission in which all internal transfer apparatuses 104-1 and 104-3 other than the internal transfer apparatus 104-2 are set as transmission destinations.

  When the internal transfer apparatus 104-1 receives the GRE-encapsulated Kth fragment packet FP-K (step 358), decapsulation is performed (step 359), reassembly is performed again (step 360), and reassembly is performed. The transfer destination policy information 205 is searched with the information included in the TCP header of the original packet, and the transfer destination processor 107-M is selected (step 361). Then, the internal transfer device 104-1 transfers the original packet to the processing device 107-M (step 362).

  The internal transfer apparatus 104-2 discards the Kth fragment packet FP-K after the OS fragment packet discard timer expires (step 363).

  The example of FIG. 11 is a sequence when the order of fragment packets is reversed and arrives at different internal transfer apparatuses 104-1 and 104-2. First, when the internal transfer apparatus 104-1 receives the K-th fragment packet FP-K (step 371), it receives a fragment packet other than the head fragment packet FP-1, and thus starts a broadcast transmission timer (step 372).

  After the broadcast transmission timer is started, the internal transfer apparatus 104-1 executes reassembly, but fails to reassemble because there are not all fragment packets (step 373). After reassembly failure, the transmission of the Kth fragment packet FP-K is suspended until the broadcast transmission timer expires.

  After the broadcast transmission timer expires, the internal transfer device 104-1 performs GRE encapsulation of the Kth fragment packet FP-K (step 374), and all internal transfer devices 104-2 other than the internal transfer device 104-1, It transmits to 104-3 (step 375, step 376).

  When the internal transfer device 104-2 receives the Kth fragment packet FP-K (step 375), decapsulation is executed (step 377), and the internal transfer device 104-2 performs a fragment packet other than the head fragment packet FP-1. Is received, the broadcast transmission timer is started (step 378).

  After starting the broadcast transmission timer, the internal transfer device 104-2 performs reassembly, but fails to reassemble because there are not all fragment packets (step 379). After reassembly failure, the transmission of the Kth fragment packet FP-K is suspended until the broadcast transmission timer expires.

  Thereafter, when the head fragment packet FP-1 arrives at the internal transfer device 104-2 before the broadcast transmission timer expires (step 380), the internal transfer device 104-2 that has received the head fragment packet FP-1 stops the broadcast transmission timer. (Step 381), the reassembly is executed again (Step 382), the reassembly is successful, the transfer destination policy information 205 is searched with the information included in the TCP header of the original packet, and the processing device 107- M is selected (step 383). Then, the internal transfer device 104-2 transfers the original packet to the processing device 107-M (step 384).

  Each of the internal transfer device 104-1 and the internal transfer device 104-3 discards the Kth fragment packet FP-K after the OS fragment packet discard timer expires (steps 385 and 386).

  The example of FIG. 12 is a flowchart from the packet reception in the internal transfer device 104 to the transfer to the processing device 107. First, the packet determination module 301 of the internal transfer device 104 acquires a packet from the packet buffer 302 (step 451). The packet determination module 301 determines whether the acquired packet is GRE-encapsulated (step 452). When it is determined that the acquired packet is GRE-encapsulated, decapsulation is performed (step 453).

  Next, the packet determination module 301 extracts FF (fragment flag) and FO (fragment offset) values from the IP header of the acquired packet (step 454), and refers to the packet determination table 601 to determine the packet type. To do. Note that the FF value and the FO value may be directly determined (step 455).

  When the packet type determination result by the packet determination module 301 is the first fragment packet (FF = 1, FO = 0), the internal transfer device 104 acquires the status of the broadcast transmission timer (step 459), and the broadcast transmission timer It is determined whether it is activated (step 460). If the broadcast transmission timer has been started, the broadcast transmission timer is stopped (step 461).

  As a result, the internal transfer device 104 that has received the first fragment packet does not broadcast the first fragment packet, fails to reassemble the other internal transfer devices 104, receives all fragment packets, and reassembles them.

  After processing related to the broadcast transmission timer, the reassembly of the fragment packet received from the other internal transfer apparatus 104 and the first fragment packet is executed by the time of execution of step 462 (step 462), and the reassembly execution result Is determined (step 463).

  If the execution result is a successful reassembly, the transfer destination policy information 205 (IP address and port number in columns 401 to 405) is searched based on information such as the TCP header of the reassembled original packet, and the transfer destination and The IP address of the processing device 107 is acquired from the transfer destination internal IP address column 406 (step 464). Then, the reassembled original packet is transferred to the acquired IP address (step 465). If the execution result is a reassessment failure in step 463, the fragment packet subjected to the reassembly in step 462 is held.

  When the determination result of the packet type in step 455 is a non-fragmented packet (FF = 0, FO = 0), the internal transfer device 104 transfers the transfer destination policy information based on information such as the TCP header of the acquired packet. 205 (IP address or port number in columns 401 to 405) is searched, and the IP address of the processing device 107 serving as the transfer destination is acquired from the transfer destination internal IP address column 406 (step 464). Then, the acquired packet is transferred to the acquired IP address (step 465).

  When the determination result of the packet type in step 455 is the second and subsequent fragment packets (FF = 1, FO is 1 or more) or the last fragment packet (FF = 0, FO is 1 or more), the internal transfer apparatus 104 In order to transfer the fragment packet to the internal transfer device 104, the broadcast transmission timer is started (step 458), and the process proceeds to step 462.

  In the reassembly of step 462, the internal transfer apparatus 104 continues the FO values from the first fragment packet (FF = 1, FO = 0) to the last fragment packet (FF = 0, FO is 1 or more). If datagrams exist, the datagrams may be concatenated. In step 463, the internal transfer apparatus 104 determines that the first fragment packet (FF = 1, FO = 0) and the last fragment packet (FF = 0, FO is 1 or more) exist, and the FO values are continuous. May be determined to determine the success of the reassembly.

  The example of FIG. 13 is a flowchart of broadcast transmission after the broadcast transmission timer expires in the internal transfer device 104. When the broadcast transmission timer expires, an interrupt or the like occurs. First, the internal transfer device 104 acquires the held fragment packet (step 551), and performs GRE encapsulation on the fragment packet (step 552).

  Thereafter, the internal transfer device 104 broadcasts the GRE-encapsulated fragment packet to all other internal transfer devices 104 (step 553), and determines whether all the held fragment packets have been broadcast (step 554). ). If it is determined that all the held fragment packets have not been transmitted, the process returns to fragment packet acquisition (step 551) to acquire other untransmitted fragment packets and repeat the same processing.

  For broadcast transmission, the internal transfer device 104 may transmit the GRE-encapsulated fragment packet to the layer 2 switch 109, and the layer 2 switch transfers the packet to some or all of the internal transfer devices 104-1 to 104-N. An address to be transmitted may be included in a fragment packet to be broadcast transmitted with GRE encapsulation. The broadcast transmission may not be transmitted to the processing device 107.

  In the above description, the processing of the packet determination module 301 and the internal transfer device 104 has been described. However, the packet determination module 301 performs only determination, and other processing may be performed by another module when the CPU 201 executes the transfer program 203. Good. Further, the packet determination module 301 may perform all the processing executed by the CPU 201 in the internal transfer device 104.

  As described above, even if fragment packets arrive at a plurality of internal transfer devices 104 in a distributed manner, they can be reassembled into original packets by the internal transfer device 104 in which the first fragment packet has arrived. Here, since fragment packets necessary for reassembling can be obtained by broadcast transmission of fragment packets, special management for reassembling is unnecessary.

  Since the original packet can be reassembled, it can be transferred to an appropriate processing device based on the policy information.

101: External network, 102: Transfer device, 104: Internal transfer device, 105: Policy setting device, 107: Processing device, 108: Destination device, 205: Transfer destination policy information, 301: Packet determination module

Claims (12)

A communication device that receives and processes packets,
A plurality of processing devices for processing packets;
A plurality of transfer devices that receive packets from outside the communication device and transfer the packets to any of the plurality of processing devices;
The first transfer device among the plurality of transfer devices is:
Receiving a first packet from outside the communication device;
Receiving a second packet from a second transfer device of the plurality of transfer devices;
Reassemble the packet using the first packet and the second packet;
A communication device, wherein a processing device is selected from the plurality of processing devices based on set policy information, and the reconfigured packet is transferred to the selected processing device. The communication device according to claim 1,
The second transfer device includes:
Receiving a second packet from outside the communication device;
A communication apparatus, wherein the received second packet is transmitted to the first transfer apparatus. The communication device according to claim 2,
The second transfer device includes:
Encapsulating the received second packet and sending it to the first transfer device;
The first transfer device includes:
Determining whether the second packet received from the second transfer device is encapsulated;
A communication device that decapsulates the second packet when it is determined that it is encapsulated. The communication device according to claim 3,
The second transfer device includes:
A communication apparatus that transmits the received second packet to the plurality of transfer apparatuses including the first transfer apparatus. The communication device according to any one of claims 2 to 4,
The second transfer device includes:
Have a timer,
When the second packet is received from the outside of the communication device, it is determined whether the received second packet is a divided first packet. When it is determined that the second packet is not the divided first packet, the timer is started. ,
The communication apparatus, wherein when the timer reaches a preset value, the received second packet is transmitted. The communication device according to claim 1,
The first transfer device includes:
Have a timer,
When the second packet is received from the second transfer device, it is determined whether the received second packet is a divided first packet, and if the second packet is determined to be a packet other than the divided first packet, the timer Start
When the first packet is received from the outside of the communication device, it is determined whether the received first packet is a divided first packet. When it is determined that the first packet is divided, the timer is stopped. And
Execute a process for reconstructing a packet before being divided using the first packet and the second packet, and determine whether the reconfiguration is successful;
A communication apparatus, which determines that reconfiguration is successful, transmits the reconfigured packet to a transfer destination based on the set policy information. The communication device according to claim 6,
The first transfer device includes:
To reconstruct the packet before being divided using the header of the first packet by connecting the datagram of the first packet and the datagram of the second packet as the data of the packet before being divided. The communication apparatus which performs the process of. The communication device according to claim 7,
The first transfer device includes:
Using the information contained in the IP header of the received second packet, determine whether the received second packet is the first packet divided;
A communication apparatus, wherein information received in an IP header of a received first packet is used to determine whether the received first packet is a divided first packet. The communication device according to any one of claims 6 to 8,
The first transfer device includes:
A communication device that searches for set policy information using information included in a TCP header of a first packet and selects a processing device from among the plurality of processing devices. A control method for a transfer device for transmitting and receiving packets,
Receive the packet,
Determine whether the received packet is the first packet divided,
If it is determined that it is a packet other than the divided head, a timer is started, and processing for reconstructing the packet before being divided is performed using the received packet. Judgment,
A method for controlling a transfer device, comprising: determining that the reconfiguration has succeeded, selecting a processing device based on set policy information, and transmitting the reconfigured packet to the selected processing device. It is a control method of the transfer device according to claim 10,
When it is determined that the received packet is the first packet that has been divided, the timer is stopped, and processing for reconstructing the packet before being divided is executed using the received packet. Determine if the configuration was successful,
A method for controlling a transfer apparatus, comprising: determining that the reconfiguration is successful, and transmitting the reconfigured packet to a transfer destination based on the set policy information. A method for controlling a transfer apparatus according to claim 11, comprising:
A method for controlling a transfer apparatus, comprising: transmitting a received packet when the timer reaches a preset value.

Images