JP2019161257A - Packet transfer device, packet transfer system, packet transfer program, and packet transfer method - Google Patents

Abstract

To reduce a switch-back time by inhibiting packet discarding at the time of route switch-back following failure recovery.SOLUTION: A packet transfer device 110 comprises a communication unit 111 and a control unit 112. The communication unit 111 performs communication including packet transfer based on correspondence information between an IP address and a MAC address. When a failure generated in the communication of the communication unit 111 causes switching of a packet transmission route to a route that dose not pass through the packet transfer device and then the communication of the communication unit 111 recovers from the failure, the control unit 112 updates the correspondence information on the basis of a backup of the correspondence information before the failure's generation and route information received from another packet transfer device. After updating the correspondence information, the control unit 112 performs control of switching back the packet transmission route to a route passing through the packet transfer device.SELECTED DRAWING: Figure 1

Description

  The present invention relates to a packet transfer device, a packet transfer system, a packet transfer program, and a packet transfer method.

  2. Description of the Related Art Conventionally, in an IP network, a technique for increasing network redundancy by duplicating a packet communication path using an active network device and a redundant network device is known. In addition, a technique is known in which transfer processing is temporarily started by backup of an ARP table when a failure is recovered (see, for example, Patent Document 1 below).

JP 2012-39360 A

  However, in the above-described prior art, for example, when recovery from a failure, ARP resolution and path switchback are performed in parallel, and if the path switches back before ARP resolution is completed, packet transfer based on the ARP table is performed. May not be possible and the packet may be discarded.

  For example, even if the transfer process is temporarily started with the backup of the ARP table, the packet to the host that has changed after the last update of the backup of the ARP table cannot be transferred, and the packet is discarded. There is a case.

  In addition, if the path is switched back after ARP resolution, packet discard can be avoided. However, for ARP resolution, for example, ARP requests are sequentially transmitted to all network layer addresses belonging to the target subnet. It may take a considerable amount of time.

  Also, a configuration in which the ARP table is transferred from another network device having a redundant configuration is conceivable. However, it may take time to add transfer processing to the other network device or to transfer the ARP table.

  In one aspect, the present invention suppresses packet discard at the time of switching back a path accompanying failure recovery, and can shorten the switching time, a packet transfer system, a packet transfer program, and a packet transfer method. The purpose is to provide.

  In order to solve the above-described problems and achieve the object, in one embodiment, a packet transfer apparatus performs communication including transfer of a packet based on correspondence information between a network layer address and a data link layer address. When a failure occurs in the communication that passes through the device, the packet transmission path is switched to a route that does not pass through the own device, and when the communication that passes through the own device recovers from the failure, the response before the failure occurs A packet transfer device that performs control to switch back the transmission route of the packet to a route that passes through the device after updating the correspondence information based on the backup of information and the route information received from another packet transfer device; A packet transfer system, a packet transfer program, and a packet transfer method are proposed.

  According to one aspect of the present invention, it is possible to suppress packet discard when a path is switched back due to failure recovery, and to shorten the switching time.

FIG. 1 is a diagram illustrating an example of a packet transfer system according to an embodiment. FIG. 2 is a diagram illustrating an example of the IP data communication network according to the embodiment. FIG. 3 is a diagram illustrating an example of packet transmission before a failure occurs in the IP data communication network according to the embodiment. FIG. 4 is a diagram illustrating an example of the ARP table before the occurrence of the failure of the router according to the embodiment. FIG. 5 is a diagram illustrating an example of packet transmission when a failure occurs in the IP data communication network according to the embodiment. FIG. 6 is a diagram illustrating an example of the ARP table when a failure occurs in the router according to the embodiment. FIG. 7 is a diagram illustrating an example of packet transmission at the time of failure recovery in the IP data communication network according to the embodiment. FIG. 8 is a diagram illustrating an example of a copy of the ARP table backup in the validation check process according to the embodiment. FIG. 9 is a diagram illustrating an example of updating the validation check table in the validation check process according to the embodiment. FIG. 10 is a diagram illustrating an example of unicast transmission of an ARP request by the router according to the embodiment. FIG. 11 is a diagram illustrating an example of updating the ARP table by the router according to the embodiment. FIG. 12 is a diagram illustrating an example of a change in the completion rate of the validation check according to the embodiment. FIG. 13 is a diagram illustrating an example of transmission path switchback in the IP data communication network according to the embodiment. FIG. 14 is a diagram illustrating another example of a change in the completion rate of the validation check according to the embodiment. FIG. 15 is a diagram illustrating still another example of the change in the completion rate of the validation check according to the embodiment. FIG. 16 is a flowchart illustrating an example of processing by the router according to the embodiment. FIG. 17 is a flowchart illustrating an example of a validation check process by the router according to the embodiment. FIG. 18 is a block diagram of an example of a router according to the embodiment. FIG. 19 is a diagram illustrating an example of generation of the routing table by the router according to the embodiment. FIG. 20 is a block diagram illustrating an example of normal processing by the router according to the embodiment. FIG. 21 is a block diagram illustrating another example of normal processing by the router according to the embodiment. FIG. 22 is a block diagram illustrating an example of processing at the start of the validation check by the router according to the embodiment. FIG. 23 is a block diagram of an example of processing during validation checking by the router according to the embodiment. FIG. 24 is a block diagram illustrating an example of processing at the end of the validation check by the router according to the embodiment. FIG. 25 is a diagram illustrating an example of a hardware configuration of the router according to the embodiment. FIG. 26 is a diagram illustrating an example of setting of an interface unit that is a target of the validation check according to the embodiment. FIG. 27 is a diagram illustrating an example of setting of an interface unit that is not a target of the validation check according to the embodiment.

  Exemplary embodiments of a packet transfer device, a packet transfer system, a packet transfer program, and a packet transfer method according to the present invention will be described below in detail with reference to the drawings.

(Embodiment)
(Packet transfer system according to the embodiment)
FIG. 1 is a diagram illustrating an example of a packet transfer system according to an embodiment. As illustrated in FIG. 1, a packet transfer system 100 according to the embodiment includes, for example, packet transfer apparatuses 110 and 130. The packet transfer system 100 may further include a packet transfer device 120. Then, for example, the packet transfer system 100 transfers the packet transmitted from the communication device 101 to the communication device 102.

  For example, the communication apparatus 101 transmits a packet destined for the communication apparatus 102 to the packet transfer apparatus 120. The communication device 101 and the packet transfer device 120 may be directly connected or may be connected via another communication device.

  The packet transfer device 120 transfers the packet to the communication device 102 received from the communication device 101 based on the route information of the packet transfer device 120. For example, when there is no failure in communication by the packet transfer device 110, the packet transfer device 120 transfers a packet to the communication device 102 to the packet transfer device 110. The packet transfer device 120 and the packet transfer device 110 may be directly connected or may be connected via another communication device.

  Further, when a failure occurs in communication by the packet transfer device 110, the packet transfer device 120 transfers the packet to the communication device 102 to the packet transfer device 130. The packet transfer device 120 and the packet transfer device 130 may be directly connected or may be connected via another communication device.

  The packet transfer device 110 transfers the packet to the communication device 102 received from the packet transfer device 120 to the communication device 102. The packet transfer apparatus 110 and the communication apparatus 102 may be directly connected or may be connected via another communication apparatus.

  The packet transfer device 110 includes a communication unit 111 and a control unit 112. The communication unit 111 performs communication including packet transfer based on correspondence information between the network layer address and the data link layer address. The network layer address is, for example, an IP address. IP is an abbreviation for Internet Protocol. The data link layer address is, for example, a MAC address. MAC is an abbreviation for Media Access Control. In the following description, a case where the network layer address is an IP address and the data link layer address is a MAC address will be described.

  The correspondence information between the IP address and the MAC address is an ARP table described later as an example. ARP is an abbreviation for Address Resolution Protocol. For example, the correspondence information between the IP address and the MAC address includes a combination of the IP address of the communication device 102 and the MAC address of the communication device 102.

  For example, the communication unit 111 transfers a packet based on correspondence information between an IP address and a MAC address and correspondence information between an IP address and a transfer destination based on route information received from another packet transfer device.

  Other packet transfer apparatuses include, for example, a packet transfer apparatus 130. In addition, the packet transfer device 120 may be included in other packet transfer devices. The route information received from the other packet transfer device is, for example, route information transmitted / received by the packet transfer device 110 to / from another packet transfer device by BGP. BGP is an abbreviation for the Border Gateway Protocol. As an example, the correspondence information between the IP address and the transfer destination is RIB. RIB is an abbreviation for Routing Information Base (routing information base). Alternatively, the correspondence information between the IP address and the transfer destination may be a routing table based on RIB.

  When a failure occurs in communication by the communication unit 111, the packet transmission path to the communication apparatus 102 is switched to a path that passes through the packet transfer apparatus 130 without passing through the packet transfer apparatus 110. This switching is performed by VRRP, which will be described later, as an example. VRRP is an abbreviation for Virtual Router Redundancy Protocol (virtual router redundancy protocol).

  It is assumed that after a failure occurs in communication by the communication unit 111 and the transmission path of the packet to the communication device 102 is switched to a route that does not pass through the own device, the communication by the communication unit 111 is recovered from the failure. In this case, the control unit 112 determines whether the IP address and the MAC address are based on the backup of the correspondence information between the IP address and the MAC address before the failure occurs, and the path information received from another packet transfer device. Update the corresponding information. The route information received from another packet transfer device is, for example, route information included in the BGP table of the packet transfer device 110 and transmitted / received by the packet transfer device 110 to / from another router or the like by BGP.

  Then, after updating the correspondence information between the IP address and the MAC address as described above, the control unit 112 performs control to switch back the packet transmission path to the communication apparatus 102 to the path via the own apparatus. For example, the control unit 112 transmits information about the correspondence information between the IP address and the transfer destination after the communication of the communication unit 111 is recovered from the failure to the other packet transfer device, thereby transmitting the packet to the communication device 102. Control is performed to switch the route back to the route via the device itself. Information regarding correspondence information (for example, RIB) between the IP address and the transfer destination is, for example, information included in the RIB described above or information included in the routing table based on the RIB described above.

  The packet transfer device 130 transfers the packet to the communication device 102 received from the packet transfer device 120 to the communication device 102. The packet transfer device 130 and the communication device 102 may be directly connected or may be connected via another communication device.

  According to the packet transfer apparatus 110 shown in FIG. 1, a communication failure occurs and the packet transmission path is switched to a path that does not pass through the own apparatus, backup of correspondence information between the IP address and the MAC address, and other packet transfer The correspondence information can be updated based on the route information received from the device. Thereby, the time for switching back can be shortened.

  Further, according to the packet transfer device 110, the correspondence information between the IP address and the MAC address is updated based on the backup of the correspondence information between the IP address and the MAC address and the path information received from the other packet transfer devices. Later, control can be performed to switch the packet transmission path back to the path via the device itself. As a result, after the communication is recovered from the failure, it is possible to prevent the packet route from being switched back to the route via the own device without the correspondence information between the IP address and the MAC address. For this reason, it is possible to suppress packet discard at the time of switching back the path due to failure recovery, and to shorten the switching time.

  In addition, it is possible to avoid packet discard by switching back the route after ARP resolution by the packet transfer device 110. For ARP resolution, for example, ARP requests are sequentially transmitted to all network layer addresses belonging to the target subnet. For this reason, a considerable time may be required until switching back. In the present embodiment, this processing is unnecessary and the time until switch back can be shortened.

  A method of receiving the transfer of the ARP table from the packet transfer apparatus 130 which is another network device adopting a redundant configuration is also conceivable, but it may take time to add transfer processing to the other network device side or to transfer. In this embodiment, time required for processing addition to the other network device side and ARP table transfer is unnecessary.

  Furthermore, there is a BGP table as an example of route information received from other packet transfer apparatuses. The BGP table includes correspondence between IP addresses and MAC addresses as shown in FIG. Then, a method of creating an ARP table from the BGP table without using the backup of the ARP table is conceivable, but a processing load for creating the ARP table from the BGP table occurs. In this embodiment, since the backup of the ARP table is used, a processing load for newly creating the ARP table does not occur.

  Further, the control unit 112 may perform the following processing for a combination of an IP address and a MAC address (for example, a later-described validation check table) based on the backup of the correspondence information between the IP address and the MAC address and the path information. Good. That is, the control unit 112 transmits a first signal that inquires about the MAC address corresponding to the IP address of the combination by unicast with the IP address and the MAC address of the combination as destinations, and according to the transmitted first signal A second signal to be transmitted is received.

  For example, the first signal is an ARP request transmitted by unicast. In this case, the second signal is an ARP reply as an example. The transmission of the first signal and the reception of the second signal can be performed by the control unit 112 controlling the communication unit 111, for example. The control unit 112 updates the correspondence information between the IP address and the MAC address based on the received second signal, and then performs control to switch back the packet transmission path to the path via the own apparatus.

  As a result, even if the latest correspondence relationship between the IP address and the MAC address has changed from the correspondence relationship indicated by the backup or route information described above, the packet transfer apparatus 110 correctly performs packet transfer after switching back the transmission route. Can do. Further, for example, the load on the network can be suppressed as compared with the case where the first signal is transmitted by broadcast.

(IP data communication network according to the embodiment)
FIG. 2 is a diagram illustrating an example of the IP data communication network according to the embodiment. The packet transfer system 100 shown in FIG. 1 can be applied to the IP data communication network 200 shown in FIG. 2, for example. The IP data communication network 200 includes a remote host 210, a host network 220, a 0-system transmission path 230, a 1-system transmission path 240, N hosts 251 to 25N, and a Syslog server 260.

  The remote host 210 is a communication device that is connected to the upper network 220 and transmits packets destined for at least one of the hosts 251 to 25N via the upper network 220. The host network 220 is a communication network that connects the remote host 210, the 0-system transmission path 230, the 1-system transmission path 240, and the Syslog server 260.

  The 0-system transmission path 230 is a path for transmitting packets from the higher-level network 220 to the hosts 251 to 25N, and is an active (active) path. The 1-system transmission path 240 is a path for transmitting packets from the higher-level network 220 to the hosts 251 to 25N, and is a standby system (redundant system) used when a communication failure occurs in the 0-system transmission path 230. ).

  The 0-system transmission path 230 includes an upper router 231 (# 0), a router 232 (# 0), and a switch 233 (# 0). The upper router 231 is a router connected to the upper network 220. The router 232 is a router connected to the upper network 220 via the upper router 231. The switch 233 is a switch (for example, an L2 switch) that connects the router 232 and the hosts 251 to 25N.

  The 1-system transmission path 240 includes an upper router 241 (# 1), a router 242 (# 1), and a switch 243 (# 1). The upper router 241 is a router connected to the upper network 220. The router 242 is a router connected to the upper network 220 via the upper router 241. The switch 243 is a switch (for example, L2 switch) that connects the router 242 and the hosts 251 to 25N. The switch 233 of the 0-system transmission path 230 and the switch 243 of the 1-system transmission path 240 are connected to each other.

  The N hosts 251 to 25N are local hosts connected to the upper network 220 via the transmission path 230 and the transmission path 240. Further, the N hosts 251 to 25N may be virtually realized by a smaller number of communication devices than N.

  Redundancy (duplication) by the transmission paths 230 and 240 for transmitting packets from the upper network 220 to the hosts 251 to 25N is realized by using VRRP, for example.

  The Syslog server 260 is a server that accepts a Syslog log message transmitted from a communication device in the IP data communication network 200. Syslog is a standard for transferring log messages over an IP network. The Syslog server 260 is operated by the operator 261. For example, the Syslog log message received by the Syslog server 260 can be browsed by the operator 261, and the operator 261 can perform maintenance management of the IP data communication network 200 according to the Syslog log message.

  The packet transfer apparatus 110 illustrated in FIG. 1 can be realized by the router 232, for example. The packet transfer apparatus 120 shown in FIG. 1 can be realized by a router of the upper network 220, for example. The packet transfer apparatus 130 illustrated in FIG. 1 can be realized by, for example, the router 242 or the upper router 241. The communication apparatus 101 shown in FIG. 1 can be realized by the remote host 210, for example. The communication apparatus 102 illustrated in FIG. 1 can be realized by at least one of the hosts 251 to 25N, for example.

(Packet transmission before failure in the IP data communication network according to the embodiment)
FIG. 3 is a diagram illustrating an example of packet transmission before a failure occurs in the IP data communication network according to the embodiment. 3, parts that are the same as the parts shown in FIG. 2 are given the same reference numerals, and explanation thereof is omitted. A transmission path 301 shown in FIG. 3 is a transmission path of a packet whose source is the remote host 210 and whose destination is the host 251.

  In a state where no failure has occurred in the 0-system transmission path 230, the transmission path 301 is a path that passes through the 0-system transmission path 230, as shown in FIG. 3. That is, a packet transmitted from the remote host 210 is transmitted to the host 251 via the upper network 220, the upper router 231, the router 232, and the switch 233.

  In this case, for example, when VRRP is used, the flow is as follows. The router 232 is a VRRP master, and periodically transmits a VRRP packet (ADVERTISEMENT) to the router 242. The VRRP packet from the router 232 is transmitted to the router 242 via the switch 233 and the switch 243, for example. Based on the VRRP packet from the router 232, the router 242 determines that no failure has occurred in communication by the router 232, becomes a standby for VRRP, and does not transmit the VRRP packet.

(ARP table before failure of router according to the embodiment)
FIG. 4 is a diagram illustrating an example of the ARP table before the occurrence of the failure of the router according to the embodiment. The router 232 illustrated in FIG. 3 stores, for example, the ARP table 400 illustrated in FIG. The first line of the ARP table 400 indicates the IP address and MAC address for Eth1 / 1 among the interface units included in the router 232.

  In the example illustrated in FIG. 4, the ARP table 400 includes the router 232 having Eth 1/1 as an interface unit, the IP address of Eth 1/1 is “192.168.0.1”, and the MAC address of Eth 1/1. Indicates “EE.1”. Eth1 / 1 is an interface unit (for example, interface unit 1801 shown in FIG. 18) for the router 232 to communicate with the hosts 251 to 25N via the switch 233.

  From the second line onward in the ARP table 400, for each communication device different from the router 232, the IP address of the communication device, the MAC address of the communication device, and the router 232 used by the router 232 for communication with the communication device. IF showing an interface part is shown.

  For example, the IP addresses “192.168.0.2” to “192.168.0.101” in the second and subsequent lines of the ARP table 400 indicate physical or virtual communications included in the hosts 251 to 25N. This is the IP address of the node. In the second and subsequent rows of the ARP table 400, the MAC addresses of the communication nodes having IP addresses “192.168.0.2” to “192.168.0.101” are respectively “EE.2”. ”To“ EE.64 ”. If the communication node is virtually realized, each communication node having a different IP address may have the same MAC address.

  In the second and subsequent rows of the ARP table 400, the routers 232 used for communication with the communication nodes having IP addresses “192.168.0.2” to “192.168.0.101”, respectively. It shows that the interface unit is Eth1 / 1.

  In the example illustrated in FIG. 4, the ARP table 400 includes information on Eth1 / 1 among the interface units included in the router 232. However, the ARP table 400 may further include information on an interface unit (for example, Eth1 / 2 described later) different from Eth1 / 1 among the interface units included in the router 232.

(Packet transmission when a failure occurs in the IP data communication network according to the embodiment)
FIG. 5 is a diagram illustrating an example of packet transmission when a failure occurs in the IP data communication network according to the embodiment. In FIG. 5, the same parts as those shown in FIG. For example, as shown in FIG. 5, it is assumed that a failure 501 has occurred in communication between the router 232 and the switch 233. The failure 501 is a failure accompanied by a link down, for example, a failure of an interface unit (port) or a line card of the router 232, or a failure of the switch 233. In this case, the router 232 is on standby.

  In this case, for example, when VRRP is used, the VRRP packet from the router 232 does not reach the router 242, and the router 242 detects that some failure has occurred in the router 232. The router 242 then becomes a master and starts transmitting VRRP packets to other communication devices.

  The route information from the router 232 to the host is deleted from the RIB of the router 232, the routing table of the router 232 is updated, and the routing tables of other routers (for example, the router 231 and the router 242 of the upper network 220) are also updated. Is done. As a result, the packet transmission path 301 from the remote host 210 to the host 251 becomes a path via the 1-system transmission path 240. That is, a packet transmitted from the remote host 210 is transmitted to the host 251 via the upper network 220, the upper router 241, the router 242, and the switch 243. The RIB is a database indicating, for example, an IP address, an interface unit (IF), and a connection relationship for each host. The connection relationship is a relationship such as whether the host is a host under the router 232 or a host under another router.

(ARP table when a router failure occurs according to the embodiment)
FIG. 6 is a diagram illustrating an example of the ARP table when a failure occurs in the router according to the embodiment. In FIG. 6, the same parts as those shown in FIG. When the failure 501 shown in FIG. 5 occurs, the router 232 deletes each piece of information except the first line from the information regarding Eth1 / 1 in the ARP table 400, as shown in FIG.

(Packet transmission at the time of failure recovery in the IP data communication network according to the embodiment)
FIG. 7 is a diagram illustrating an example of packet transmission at the time of failure recovery in the IP data communication network according to the embodiment. In FIG. 7, the same parts as those shown in FIG.

  As illustrated in FIG. 7, it is assumed that communication between the router 232 and the switch 233 is restored from the failure 501 illustrated in FIG. 5. In this case, the router 232 performs link-up of the interface unit (Eth1 / 1) for communicating with the hosts 251 to 25N. Link-up is, for example, a state in which communication at the data link layer (layer 2: L2) is possible.

  However, after this link-up, the router 232 updates the routing table of its own device and before switching back the transmission path 301 to the 0-system transmission path 230, whether or not the ARP has been resolved for the hosts 251 to 25N. Perform validation check process to confirm. The validation check process will be described later. Further, the router 232 puts Eth1 / 1 in which the failure has occurred into a validation check state in which VRRP packet or the like is not transmitted when registration of route information in the RIB, VRRP, or the like is used. As a result, it is possible to avoid the transmission path 301 from switching back to the 0-system transmission path 230 in a state where the ARP is not resolved for the hosts 251 to 25N.

(Copy of ARP table backup in validation check processing according to the embodiment)
FIG. 8 is a diagram illustrating an example of a copy of the ARP table backup in the validation check process according to the embodiment. An ARP table backup 810 shown in FIG. 8 is a backup of the ARP table 400 shown in FIG. The router 232 stores the ARP table backup 810 by periodically creating a copy of the ARP table 400, for example. The router 232 retains the information in the ARP table backup 810 without deleting it even when information on other communication devices in the ARP table 400 is deleted due to a communication failure (see, for example, FIG. 6). deep.

  The ARP table backup 810 shown in FIG. 8 is a backup of the ARP table 400 before the failure shown in FIG. Further, the ARP table backup 810 shown in FIG. 8 includes not only Eth1 / 1, but also a backup of the ARP table for each piece of information related to Eth1 / 2.

  When the link up of communication with the switch 233 is completed, the router 232 first reads out the ARP table backup 810 shown in FIG. 8 as a validation check process. Then, the router 232 copies each piece of information whose IF is Eth1 / 1 among the read ARP table backup 810 to the validation check table 820. In the example shown in the figure, information on Eth1 / 1 in the first line and information on 100 hosts in the second and subsequent lines are copied to the validation check table 820.

(Update of validation check table in validation check processing according to embodiment)
FIG. 9 is a diagram illustrating an example of updating the validation check table in the validation check process according to the embodiment. In FIG. 9, the same parts as those shown in FIG. The router 232 updates (updates) the validation check table 820 obtained by copying the contents of the ARP table backup 810 as shown in FIG. 8 based on the BGP table 910.

  The BGP table 910 is a table including route information of the IP network received by the router 232 from another router or the L3 switch by BGP. BGP is a routing protocol that can use a general router or an L3 switch and has a low load on a network band. A BGP table 910 shown in FIG. 9 is, for example, a BGP BGP table. EVPN is an abbreviation for Ethernet VPN. VPN is an abbreviation for Virtual Private Network. For example, by using the route type 2 of BGP EVPN, information corresponding to the ARP table 400 (corresponding information between IP address and MAC address) can be obtained.

  For example, the BGP table 910 is information that associates an IP address and a MAC address, which are information corresponding to the ARP table, and VRF information. VRF is an abbreviation for Virtual Routing and Forwarding. The BGP table 910 does not include IF information, for example.

  The router 232 updates the validation check table 820 by comparing the validation check table 820 and the BGP table 910. In the example illustrated in FIG. 9, the host “192.168.0.50” included in the validation check table 820 is not included in the BGP table 910. Therefore, the router 232 deletes the information “192.168.0.50” from the validation check table 820.

  Further, the host “192.168.0.110” not included in the validation check table 820 is included in the BGP table 910. Therefore, the router 232 adds the information “192.168.0.110” to the validation check table 820. As a result, the validation check table 820 can be updated based on the BGP table 910.

(Unicast transmission of an ARP request in the validation check processing according to the embodiment)
FIG. 10 is a diagram illustrating an example of unicast transmission of an ARP request by the router according to the embodiment. In FIG. 10, the same parts as those shown in FIG. The router 232 transmits an ARP request to each host whose information is included in the validation check table 820 updated by the processing shown in FIG. 9 by unicast.

  For example, when the IP address “192.168.0.2” is the IP address of the host 251, the router 232 assigns the MAC address corresponding to “192.168.0.2” to the host 251. An ARP request to be inquired is transmitted by unicast. This ARP request includes the IP address “192.168.0.2” and the MAC address “EE.2” corresponding to the IP address as destinations.

  Similarly, the router 232 transmits an ARP request for inquiring a corresponding MAC address for each IP address included in the validation check table 820 by unicast. However, since the first line of the validation check table 820 is Eth1 / 1 information of the router 232, the router 232 does not need to transmit an ARP request based on the information of the first line of the validation check table 820.

  In this way, the router 232 can reduce the load on the network by transmitting the ARP request by unicast in the validation check process in the same manner as the ARP refresh instead of broadcasting. The ARP refresh is an ARP process for confirming and updating each IP address, MAC address, and IF registered in the ARP table so as to be the latest.

  Further, the router 232 may transmit the ARP request at a predetermined pps rate instead of transmitting the ARP request to all the hosts whose information is included in the validation check table 820 at a time. Thereby, the load on the network can be reduced. pps is an abbreviation for packet per second. The predetermined pps rate is set in the router 232 by, for example, a configuration or the like (see, for example, FIG. 28).

(Update of the ARP table by the router according to the embodiment)
FIG. 11 is a diagram illustrating an example of updating the ARP table by the router according to the embodiment. 11, the same parts as those shown in FIGS. 6 and 9 are denoted by the same reference numerals, and the description thereof is omitted. The router 232 transmits an ARP request to 100 hosts, but does not receive an ARP reply from one of the hosts (ARP resolution has failed). This one host is assumed to be a host having an IP address of “192.168.0.99” and a MAC address of “EE.63”.

  In this case, the router 232 copies the ARP-resolved 99 host data (IP address, MAC address, and IF) from the validation check table 820 to the ARP table 400. In the example shown in FIG. 11, since the validation check is completed for 99 hosts out of 100 hosts, the validation check completion rate is 99%.

  In this way, the router 232 performs ARP resolution by unicast to prevent communication interruption such as when a certain host disappears but is not reflected in the BGP table 910 or when a silent failure occurs. be able to.

(Change in validation check completion rate according to the embodiment)
FIG. 12 is a diagram illustrating an example of a change in the completion rate of the validation check according to the embodiment. In FIG. 12, the horizontal axis represents time, and the vertical axis represents the validation check completion rate. The completion rate of the validation check is the ratio of the hosts that have completed the validation check among the hosts whose information is included in the validation check table 820.

  The completion rate 1201 indicates the completion rate of the validation check that changes over time. In the example shown in FIG. 11, ARP resolution of 99 hosts out of 100 hosts registered in the validation check table 820 is completed, and the data of the 99 hosts is registered in the ARP table 400. Yes. Therefore, the completion rate of the validation check is 99%.

  When the completion rate of the validation check becomes equal to or higher than a predetermined threshold value, the router 232 determines that the validation check has passed, and cancels the Eth1 / 1 validation check state. The predetermined threshold is set in the router 232 by, for example, a configuration or the like, and is 90% as an example.

(Transmission path switchback in the IP data communication network according to the embodiment)
FIG. 13 is a diagram illustrating an example of transmission path switchback in the IP data communication network according to the embodiment. In FIG. 13, the same parts as those shown in FIG. When the validation check state of Eth1 / 1 is canceled, the router 232 registers route information regarding the hosts 251 to 25N obtained by link-up between the Eth1 / 1 and the hosts 251 to 25N in the RIB of the own device.

  Then, the router 232 updates its own routing table based on the RIB in which the route information is registered. Further, the router 232 transmits the update information of the routing table to another router by BGP. Other routers are, for example, the upper router 241 and the router of the upper network 220.

  As a result, the routing table of the other router is also updated, and the packet transmission path 301 from the remote host 210 to the host 251 is switched back to the path via the 0-system transmission path 230 as shown in FIG. That is, a packet transmitted from the remote host 210 is transmitted to the host 251 via the upper network 220, the upper router 231, the router 232, and the switch 233.

  At this time, since the ARP table of the router 232 has been updated to the latest information (ARP has been resolved), even if the router 232 receives a packet to the host 251, the router 232 transmits the packet based on the ARP table. It can be transferred to the host 251. For this reason, it is possible to suppress packet discard at the time of switching back the path due to failure recovery, and to shorten the switching time.

(Change in validation check completion rate according to the embodiment)
FIG. 14 is a diagram illustrating another example of a change in the completion rate of the validation check according to the embodiment. In FIG. 13, the same parts as those shown in FIG. As shown in the completion rate 1201, in the validation check process, the router 232 transmits the ARP request to 100 hosts by unicast, but the number of hosts that transmitted the ARP reply to the router 232 is less than 90. .

  In this case, since the completion rate of the validation check has not reached 90%, the router 232 waits for a predetermined time T. The predetermined time T is set in the router 232 by a configuration or the like, for example, and is 5 minutes as an example. Then, the router 232 transmits the ARP request again to the host that has not received the ARP reply among the 100 hosts whose information is included in the validation check table 820 by unicast.

  As a result, assume that 90 or more hosts have transmitted ARP replies to the router 232 in the validation check process, that is, the validation check completion rate is 90% or more. In this case, the router 232 cancels the validation check state of Eth1 / 1, and the packet transmission path 301 from the remote host 210 to the host 251 passes through the 0-system transmission path 230 as shown in FIG. Switch back to the path.

  FIG. 15 is a diagram illustrating still another example of the change in the completion rate of the validation check according to the embodiment. 15, the same parts as those shown in FIGS. 12 and 14 are denoted by the same reference numerals, and the description thereof is omitted. For example, it is assumed that the router 232 repeats a process of transmitting an ARP request by unicast to an unresolved ARP host a predetermined number of times, but the validation check completion rate does not reach 90%. The predetermined number of times is set in the router 232 by a configuration or the like, for example, and is three times in the example shown in FIG.

  In this case, the router 232 determines that the validation check has failed, and notifies the Syslog server 260 and the like of the abnormality. Further, the router 232 forcibly shuts down Eth1 / 1.

(Processing by the router according to the embodiment)
FIG. 16 is a flowchart illustrating an example of processing by the router according to the embodiment. The router 232 according to the embodiment executes, for example, each step shown in FIG. 16 for each interface unit (communication port) of its own device, separately from normal routing and forwarding. For example, the router 232 executes the steps shown in FIG. 16 for each of the above-described Eth1 / 1 and Eth1 / 2.

  First, the router 232 determines whether or not a communication failure has occurred in the target interface unit (for example, Eth1 / 1) (step S1601), and waits until a failure occurs (step S1601: No loop). When a failure occurs (step S1601: Yes), the router 232 determines whether the target interface unit has recovered from the failure (step S1602) and waits until the failure is recovered (step S1602: No loop). . When recovering from the failure (step S1602: Yes), the router 232 performs communication link-up by the target interface unit (step S1603).

  Next, the router 232 determines whether or not the target interface unit is a validation check target (step S1604). For example, the router 232 stores a configuration (for example, see FIG. 26 and FIG. 27) indicating the setting of whether or not each interface unit of the router 232 is subject to validation check. The determination in step S1604 can be made based on this configuration or the like. If it is not the subject of the validation check (step S1604: No), the router 232 proceeds to step S1607.

  In step S1604, if the target is a validation check (step S1604: Yes), the router 232 executes a validation check process for the target interface unit (step S1605). The validation check process will be described later (see, for example, FIG. 17).

  Next, the router 232 determines whether or not the target interface unit has passed the validation check based on the result of the validation check process in step S1605 (step S1606). When the validation check is passed (step S1606: Yes), the router 232 registers the route information regarding the target interface unit in the RIB of the router 232 (step S1607), and ends the series of processes. The route information regarding the target interface unit is the route information obtained by the link-up in step S1603, for example.

  In step S1607, the routing table of the router 232 is updated based on the RIB in which the route information is registered, and the routing tables of other routers (for example, the upper router 231 and the upper network 220) are updated accordingly. Thereby, for example, a router different from the router 232 recognizes that the router 232 can be used, and the route switched due to the failure that occurred in step S1601 is switched back.

  In step S1606, when the validation check is not passed (step S1606: No), the router 232 performs predetermined error processing (step S1608). As an example, the predetermined error processing includes generation of a Syslog notification message described later. Alternatively, the predetermined error processing may include shutdown of the target interface unit.

  Next, the router 232 notifies the Syslog server 260 of Syslog that notifies the Syslog server 260 that the normality of communication by the target interface unit has not been confirmed (Step S1609), and ends the series of processes. The Syslog notification in step S1609 can be performed via the upper router 231 and the upper network 220, for example.

(Validation check processing by the router according to the embodiment)
FIG. 17 is a flowchart illustrating an example of a validation check process by the router according to the embodiment. In step S1605 shown in FIG. 16, the router 232 executes, for example, each step shown in FIG. 17 as the validation check process.

  First, the router 232 sets the target interface unit in the validation check state (step S1701). As described above, the validation check state is a state in which registration of route information in the RIB, VRRP packet, or the like is not performed when VRRP or the like is used. Next, the router 232 copies the information of the target interface unit in the ARP table backup 810 to the validation check table 820 (step S1702). Thereby, the validation check table 820 including the contents of the ARP table 400 before the failure occurs can be obtained.

  Next, the router 232 updates the validation check table 820 based on the BGP table 910 (step S1703). Next, the router 232 determines whether or not the validation check completion rate is greater than or equal to a predetermined threshold (step S1704). The completion rate of the validation check is a ratio of IP addresses for which the validation check has been completed among IP addresses (for example, IP addresses of the hosts 251 to 25N) whose information is included in the validation check table 820. Is 0%. That the validation check has been completed means that the ARP has been resolved (the ARP reply has been received) in, for example, steps S1706 to S1709 described later.

  If the completion rate is not greater than or equal to the threshold value in step S1704 (step S1704: No), the router 232 determines whether or not the number of ARP resolution trials for the validation check is greater than or equal to N (step S1705). The number of ARP resolution trials for the validation check is, for example, the number of times that steps S1706 to S1709 have been executed. N is the number of times set in the router 232 by configuration or the like, for example, and is 3 as an example.

  If the number of trials is not greater than or equal to N in step S1705 (step S1705: No), the router 232 identifies an IP address that has not been ARP-resolved based on the validation check table 820 (step S1706). An IP address that is not ARP-resolved is an IP address that has received an ARP reply in response to an ARP request transmitted in step S1708, which will be described later. Note that the router 232 may start the process of step S1706 after a predetermined time T has elapsed from the previous process of steps S1706 to S1709 when the process proceeds to step S1706 for the second time or later.

  Next, the router 232 specifies the route corresponding to the IP address specified in step S1706 based on the routing table of the own device (step S1707). The route corresponding to the IP address is, for example, a transmission destination of a packet whose destination is the IP address. For example, when the IP address is the IP address of the hosts 251 to 25N, the route corresponding to the IP address is the switch 233.

  Next, the router 232 transmits an ARP request for inquiring about the MAC address of the IP address specified in step S1706 to the specified route (for example, the switch 233) (step S1708). In step S1708, the router 232 may transmit at a predetermined pps. Then, the router 232 receives the ARP reply transmitted in response to the ARP request transmitted in step S1708.

  Next, the router 232 updates the validation check table 820 based on the ARP reply received in response to the ARP request transmitted in step S1708 (step S1709), and returns to step S1704.

  In step S1705, when the number of trials is N or more (step S1705: Yes), the router 232 determines that the validation check has failed (step S1710), and ends the series of validation checks.

  In step S1704, when the completion rate is equal to or higher than the threshold (step S1704: Yes), the router 232 copies the contents of the validation check table 820 to the ARP table 400 (step S1711). Next, the router 232 cancels the validation check state of the target interface unit (step S1712). As a result, when VRRP or the like is used, the target interface unit starts transmission of a VRRP packet or the like to another router (for example, router 242). Then, the router 232 determines that the validation check has passed (step S1713), and ends the series of validation check processing.

(Router according to the embodiment)
FIG. 18 is a block diagram of an example of a router according to the embodiment. As shown in FIG. 18, the router 232 includes, for example, interface units 1801 and 1802, an interface processing unit 1803, a routing table / RIB storage unit 1804, a BGP table storage unit 1805, and an ARP table storage unit 1806. Prepare. In addition, the router 232 includes, for example, a setting information management unit 1807, a packet processing unit 1808, a validation check unit 1809, an ARP table backup storage unit 1810, and a validation check table storage unit 1811.

  The interface unit 1801 is an Ethernet physical interface (port) on the side of the hosts 251 to 25N that is connected to the switch 233 and communicates with the hosts 251 to 25N. Ethernet is a registered trademark. The interface unit 1801 is, for example, the above-described Eth1 / 1. The interface unit 1802 is an Ethernet physical interface on the upper network 220 side that is connected to the upper router 231 and communicates with the upper network 220. The interface unit 1802 is, for example, Eth1 / 2 described above. Note that the router 232 may include a physical interface in addition to the interface units 1801 and 1802.

  The interface processing unit 1803 performs control and status management of each interface unit of the router 232 including the interface units 1801 and 1802. The routing table / RIB storage unit 1804 stores an RIB that manages the routing information of the router 232 described above and a routing table that is generated based on the RIB. The BGP table storage unit 1805 stores a BGP table 910 that manages information collected by BGP. Also, the routing table in the BGP table storage unit 1805 is updated based on the BGP table 910 in the BGP table storage unit 1805.

  The ARP table storage unit 1806 stores an ARP table 400 that manages ARP cache information. A setting information management unit 1807 manages setting contents for each function of the router 232. The packet processing unit 1808 performs ARP resolution processing and management of the ARP table 400 stored in the ARP table storage unit 1806.

  The validation check unit 1809 executes the validation check process described above. The ARP table backup storage unit 1810 stores an ARP table backup 810 that is a backup of the ARP table stored in the ARP table storage unit 1806. The validation check table storage unit 1811 stores a validation check table 820.

  The communication unit 111 of the packet transfer apparatus 110 illustrated in FIG. 1 can be realized by, for example, the interface units 1801 and 1802, the interface processing unit 1803, and the packet processing unit 1808. The control unit 112 of the packet transfer apparatus 110 illustrated in FIG. 1 can be realized by the validation check unit 1809, for example.

(Generation of routing table by router according to embodiment)
FIG. 19 is a diagram illustrating an example of generation of the routing table by the router according to the embodiment. The RIB 1901 and routing table 1902 shown in FIG. 19 are RIB and routing tables stored in the routing table / RIB storage unit 1804 shown in FIG.

  As shown in FIG. 19, the router 232 generates an RIB 1901 based on information including a BGP table 910 based on route information transmitted / received to / from another router by BGP. Further, the router 232 generates a routing table 1902 based on the RIB 1901. The router 232 forwards the packet based on the routing table 1902.

(Normal processing by the router according to the embodiment)
FIG. 20 is a block diagram illustrating an example of normal processing by the router according to the embodiment. 20, parts that are the same as the parts shown in FIG. 18 are given the same reference numerals, and descriptions thereof will be omitted. In the example illustrated in FIG. 20, when the router 232 receives a packet addressed to the host 251 from the remote host 210 via the upper network 220 when no failure has occurred in the communication of the router 232 (normal state). Will be described.

(1) First, the interface unit 1802 (Eth1 / 2) receives a packet addressed to the host 251 from the remote host 210 via the upper network 220 and outputs the received packet to the interface processing unit 1803.

(2) The interface processing unit 1803 outputs the packet output from the interface unit 1802 to the packet processing unit 1808.

(3) The packet processing unit 1808 processes the packet output from the interface processing unit 1803. For example, the packet processing unit 1808 refers to the routing table 1902 of the routing table / RIB storage unit 1804 and determines whether this packet is a packet addressed to a host under the router 232 or a packet to be transferred to another router. Confirm. As described above, in the example illustrated in FIG. 20, this packet is a packet addressed to the host 251 under the router 232.

(4) For this reason, the packet processing unit 1808 refers to the ARP table 400 of the ARP table storage unit 1806 and replaces the destination MAC address of the packet with the MAC address of the host 251. The MAC address of the host 251 is, for example, a MAC address associated with the IP address of the host 251 in the ARP table 400.

(5) Then, the packet processing unit 1808 outputs the packet with the destination MAC address changed to the interface processing unit 1803.

(6) The interface processing unit 1803 outputs the packet output from the packet processing unit 1808 to the interface unit 1801 (Eth1 / 1). The interface unit 1801 transmits the packet output from the packet processing unit 1808 to the switch 233 (see, for example, FIG. 2). As a result, the switch 233 transmits the packet to the host 251 based on the destination MAC address of the packet (the MAC address of the host 251).

(Normal processing by the router according to the embodiment)
FIG. 21 is a block diagram illustrating another example of normal processing by the router according to the embodiment. In FIG. 21, the same parts as those shown in FIG. In the example illustrated in FIG. 21, processing when the router 232 receives a packet addressed to the remote host 210 from the host 251 when a failure has not occurred in the communication of the router 232 (normal time) will be described.

(1) First, the interface unit 1801 (Eth1 / 1) receives a packet addressed to the remote host 210 from the host 251 and outputs the received packet to the interface processing unit 1803.

(2) The interface processing unit 1803 outputs the packet output from the interface unit 1801 to the packet processing unit 1808.

(3) The packet processing unit 1808 processes the packet output from the interface processing unit 1803. For example, the packet processing unit 1808 refers to the routing table in the routing table / RIB storage unit 1804 and determines whether the packet is a packet addressed to a host under the router 232 or a packet to be transferred to another router. Check. In the example shown in FIG. 21, since this packet is a packet addressed to the remote host 210 as described above, it is a packet to be transferred to the upper router 231.

(4) Therefore, the packet processing unit 1808 refers to the ARP table 400 of the ARP table storage unit 1806 and replaces the destination MAC address of the packet with the MAC address of the upper router 231. The MAC address of the upper router 231 is a MAC address associated with the IP address of the upper router 231 in the ARP table 400, for example.

(5) Then, the packet processing unit 1808 outputs the packet with the destination MAC address changed to the interface processing unit 1803.

(6) The interface processing unit 1803 outputs the packet output from the packet processing unit 1808 to the interface unit 1802 (Eth1 / 2). The interface unit 1802 transmits the packet output from the packet processing unit 1808 to the upper router 231 (see, for example, FIG. 2) based on the destination MAC address of the packet (the MAC address of the upper router 231).

(Processing at the start of validation check by the router according to the embodiment)
FIG. 22 is a block diagram illustrating an example of processing at the start of the validation check by the router according to the embodiment. In FIG. 22, the same parts as those shown in FIG. In the example illustrated in FIG. 22, processing when the router 232 recovers from the failure 501 illustrated in FIG. 5 and links up the interface unit 1801 (Eth1 / 1) will be described.

(1) When the interface unit 1801 is linked up, the interface unit 1801 outputs information indicating that the interface unit 1801 is linked up to the interface processing unit 1803.

(2) When information indicating that the interface unit 1801 has been linked up is output from the interface unit 1801, the interface processing unit 1803 outputs the information to the validation check unit 1809.

(3) When the information indicating that the interface unit 1801 is linked up is output from the interface processing unit 1803, the validation check unit 1809 refers to the setting information management unit 1807. The validation check unit 1809 confirms whether the interface unit 1801 is subject to validation check based on the setting information of the setting information management unit 1807. In the example illustrated in FIG. 22, it is assumed that the interface unit 1801 is set as a validation check target.

(4) In this case, the validation check unit 1809 instructs the interface processing unit 1803 to put the interface unit 1801 into a validation check state. As described above, the validation check state is a state in which registration of route information in the RIB, VRRP packet, or the like is not performed when VRRP or the like is used.

(5) The interface processing unit 1803 puts the interface unit 1801 into a validation check state in accordance with an instruction from the validation check unit 1809.

(Processing during validation check by the router according to the embodiment)
FIG. 23 is a block diagram of an example of processing during validation checking by the router according to the embodiment. In FIG. 23, the same parts as those shown in FIG.

(6) Next to the processing shown in FIG. 22, the validation check unit 1809 checks the information of the interface unit 1801 (Eth1 / 1) subject to validation check in the ARP table backup 810 of the ARP table backup storage unit 1810. To do.

(7) Then, the validation check unit 1809 copies the information to the validation check table 820 of the validation check table storage unit 1811.

(8) Next, the validation check unit 1809 refers to the BGP table 910 in the BGP table storage unit 1805.

(9) Then, the validation check unit 1809 updates the validation check table 820 based on the referenced BGP table 910.

(10) Next, the validation check unit 1809 refers to the setting information of the setting information management unit 1807, confirms the threshold value of the validation check completion rate, and confirms how many pps the ARP request is transmitted.

(11) Next, the validation check unit 1809 refers to the validation check table 820 of the validation check table storage unit 1811 and confirms that the validation check completion rate is less than the threshold value confirmed in (10). In addition, the validation check unit 1809 refers to the validation check table 820 of the validation check table storage unit 1811 and confirms an IP address that requires ARP resolution.

(12) Next, the validation check unit 1809 refers to the routing table 1902 of the routing table / RIB storage unit 1804 and confirms the route to the communication node of the confirmed IP address.

(13) Next, the validation check unit 1809 instructs the packet processing unit 1808 to send an ARP request to the route confirmed in (12).

(14) The packet processing unit 1808 instructs the interface processing unit 1803 to transmit an ARP request via the interface unit 1801 (Eth1 / 1).

(15) The interface processing unit 1803 causes the interface unit 1801 to transmit an ARP request by unicast.

(16) The interface unit 1801 receives the ARP reply from the destination host that has transmitted the ARP request, and outputs the received ARP reply to the interface processing unit 1803.

(17) The interface processing unit 1803 outputs the ARP reply output from the interface unit 1801 to the packet processing unit 1808.

(18) The packet processing unit 1808 notifies the validation check unit 1809 of the ARP reply result output from the interface processing unit 1803.

(19) Based on the notification from the packet processing unit 1808, the validation check unit 1809 updates the contents of the validation check table 820 in the validation check table storage unit 1811 for the IP address that has been ARP-resolved. An IP address that can be resolved by ARP means that, for example, an ARP reply that notifies a MAC address corresponding to the IP address has been received.

  The router 232 repeats the processes (11) to (19) at predetermined time intervals until the validation check completion rate is equal to or higher than the threshold value confirmed in (10).

(Processing at the end of validation check by the router according to the embodiment)
FIG. 24 is a block diagram illustrating an example of processing at the end of the validation check by the router according to the embodiment. In FIG. 24, the same parts as those shown in FIG. In the example illustrated in FIG. 24, the processing of the router 232 when the validation check completion rate is equal to or higher than the threshold will be described.

(20) First, the validation check unit 1809 refers to the validation check table 820 in the validation check table storage unit 1811.

(21) Then, the validation check unit 1809 copies the contents of the validation check table 820 to the ARP table 400 of the ARP table storage unit 1806.

(22) The validation check unit 1809 instructs the interface processing unit 1803 to end the validation check state of the interface unit 1801.

(23) Next, the interface processing unit 1803 ends the validation check state of the interface unit 1801.

(24) Also, the validation check unit 1809 registers route information obtained by link-up of the interface unit 1801 in the RIB 1901 of the routing table / RIB storage unit 1804. As a result, the routing table 1902 of the routing table / RIB storage unit 1804 is updated based on the RIB 1901 of the routing table / RIB storage unit 1804 in which the route information is registered. The update of the routing table 1902 based on the RIB 1901 is executed by the packet processing unit 1808, for example.

  As a result, the routing tables of other routers (for example, the upper router 231 and the upper network 220) are also updated, and a router different from the router 232 recognizes that the router 232 can be used. Therefore, for example, as illustrated in FIG. 13, the packet transmission path 301 switches back to the path via the transmission path 230.

(Hardware configuration of the router according to the embodiment)
FIG. 25 is a diagram illustrating an example of a hardware configuration of the router according to the embodiment. The router 232 can be realized, for example, by a computer 2500 shown in FIG. The computer 2500 includes a CPU 2501, a memory 2502, a packet transfer engine 2504, a router information management memory 2503, and communication interfaces 2505 and 2506. The CPU 2501, the memory 2502, the router information management memory 2503, and the packet transfer engine 2504 are connected to each other via a bus line 2507. The packet transfer engine 2504 and the communication interfaces 2505 and 2506 are connected to each other by a bus line 2508. CPU is an abbreviation for Central Processing Unit.

  The CPU 2501 is a circuit that performs signal processing, and is a processor that controls the entire computer 2500, for example. The memory 2502 is, for example, a RAM (Random Access Memory). The memory 2502 is used as a work area for the CPU 2501.

  The router information management memory 2503 is a setting information management memory. The router information management memory 2503 stores various programs that cause the computer 2500 to operate. The program stored in the router information management memory 2503 is loaded into the memory 2502 and executed by the CPU 2501. The router information management memory 2503 can be realized by a non-volatile memory such as a magnetic disk, an optical disk, or a flash memory.

  The packet transfer engine 2504 is a circuit that performs packet transfer processing such as determination of a packet transfer destination. The packet transfer engine 2504 can be realized by an ASIC, for example. ASIC is an abbreviation for Application Specific Integrated Circuit. Alternatively, the function of the packet transfer engine 2504 may be realized by software by loading the program stored in the router information management memory 2503 into the memory 2502 and executing it by the CPU 2501 without providing the packet transfer engine 2504.

  The communication interface 2505 is a communication interface for the upper router 231 that performs communication with the upper router 231 (the upper network 220). The communication interface 2506 is a communication interface for the switch 233 that performs communication with the switch 233 (hosts 251 to 25N). The communication interfaces 2505 and 2506 are controlled by the packet transfer engine 2504, for example.

  The interface unit 1802 shown in FIG. 18 and the like can be realized by the communication interface 2505, for example. The interface unit 1801 shown in FIG. 18 and the like can be realized by the communication interface 2506, for example. The packet processing unit 1808 shown in FIG. 18 and the like can be realized by the packet transfer engine 2504, for example. The validation check unit 1809 shown in FIG. 18 and the like can be realized by the CPU 2501, for example. The routing table / RIB storage unit 1804, the BGP table storage unit 1805, and the ARP table storage unit 1806 shown in FIG. 18 and the like can be realized by the memory 2502, for example. The ARP table backup storage unit 1810 and the validation check table storage unit 1811 illustrated in FIG. 18 and the like can be realized by the memory 2502, for example. The setting information management unit 1807 shown in FIG. 18 and the like can be realized by the router information management memory 2503, for example.

(Setting of interface part for validation check according to the embodiment)
FIG. 26 is a diagram illustrating an example of setting of an interface unit that is a target of the validation check according to the embodiment. For example, when the interface unit 1801 of the router 232 is a target for validation check, for example, the configuration 2600 shown in FIG. 26 is registered in the setting information of the setting information management unit 1807 shown in FIG.

  “Interface Ethernet 1/1” in the configuration 2600 indicates the interface unit 1801 (Eth1 / 1). Further, “validation check enable” in the configuration 2600 indicates that it is a target of a validation check. That is, the configuration 2600 indicates that the interface unit 1801 is a target for validation check.

  “Validation check ARP 25 (pps)” in the configuration 2600 indicates that the pp rate of transmission of the ARP request in the validation check process is 25 [pps]. As an example, if the predetermined pps rate is 25 [pps] and there are 100 ARP request destination hosts, transmission of the ARP request to these hosts will be completed in about 4 seconds.

  The “validation check threshold 90 (%)” of the configuration 2600 indicates that the threshold value of the above-described validation check completion rate (for example, see FIGS. 12, 14, and 15) is 90%. “Validation check retry-interval 5 (min)” in the configuration 2600 indicates that the predetermined time T (see, for example, FIG. 14) described above is 5 minutes. “Validation check max-try 3 (times)” of the configuration 2600 indicates that the number of times of repeating the process of transmitting the ARP request to the ARP unresolved host by unicast in the above-described validation check process is three.

(Setting of interface part not subject to validation check according to the embodiment)
FIG. 27 is a diagram illustrating an example of setting of an interface unit that is not a target of the validation check according to the embodiment. For example, when the interface unit 1802 of the router 232 is excluded from the validation check, for example, the configuration 2700 shown in FIG. 27 is registered in the setting information of the setting information management unit 1807 shown in FIG.

  “Interface Ethernet 1/2” in the configuration 2700 indicates the interface unit 1802 (Eth1 / 2). In addition, “validation check disable” in the configuration 2700 indicates that the validation check is not performed. That is, the configuration 2700 indicates that the interface unit 1802 is not subject to validation check.

  As described above, according to the router 232 according to the embodiment, a communication failure 501 occurs and the packet transmission path 301 is switched to a path that does not pass through the own apparatus, and the ARP is based on the backup of the ARP table and the BGP table. The table can be updated. Thereby, the time for switching back can be shortened. Also, the router 232 can perform control to switch the packet transmission path 301 back to the path via the own apparatus after updating the ARP table based on the backup of the ARP table and the BGP table. As a result, after the communication is recovered from the failure 501, it is possible to prevent the packet transmission path 301 from being switched back when there is no correspondence information between the IP address and the MAC address of the other device in the ARP table. For this reason, it is possible to suppress packet discard in the router 232 when switching the transmission path 301 due to recovery from the failure 501, and to shorten the switching time.

  The configuration in which the packet transfer apparatus 110 illustrated in FIG. 1 is applied to the router 232 has been described. However, the packet transfer apparatus 110 is not limited to the router 232, and the router 242, the upper routers 231 and 241, or the router included in the transmission path 230. It can also be applied to. Further, the packet transfer apparatus 110 can be applied not only to a router but also to an L3 switch.

  As described above, according to the packet transfer apparatus, the packet transfer system, the packet transfer program, and the packet transfer method, it is possible to suppress the packet discard at the time of switching the route due to the failure recovery and to shorten the switching time. it can.

  For example, currently widely used IP data communication networks are configured based on network communication devices represented by routers and switches. In particular, a device having a router function notifies the opposite router of the route information of the held IP network using BGP or the like as a routing protocol. Thereby, communication of IP communication, such as a server and a PC terminal, is ensured. PC is an abbreviation for Personal Computer.

  In a large-scale IP data communication network and a backbone communication network operated by a communication carrier, each network device is often made redundant physically or logically. For example, when a failure occurs in a network device or a communication line, communication is continued using another redundant detour path. For example, in a communication carrier, it is determined by the SLA that path switching when a failure occurs is within one second. SLA is an abbreviation for Service Level Agreement, and is a level of service linked between a service provider and its users.

  In recent years, in large-scale networks such as telecommunications carriers, network sharing and virtualization have been promoted. Network commonization is a transition from a form in which each system has a dedicated network to a form in which a plurality of systems are accommodated in a common network. Virtualization is a transition from a form that uses a small number of high-performance dedicated servers to a form that uses a large number of general-purpose servers.

  In such network sharing and virtualization, the number of hosts connected to one network device such as a router or an L3 switch is increasing. When a failure accompanied by a link down occurs in a network device such as a router or an L3 switch, and the network device recovers from the failure, the network device recovered from the failure sends an ARP request to each host under its own device.

  Then, by receiving the ARP reply transmitted from the host in response to the ARP request, the ARP resolution is completed, and the MAC address associated with the IP address is registered in the ARP table. Since the route information is registered in the RIB and notified to another router or the like when the link is up, the recovered network device may be recognized as a route from the other router or the like even before the completion of the ARP resolution.

  For this reason, a packet addressed to a host for which ARP resolution has not been completed reaches the recovered network device, and the packet may be discarded. As described above, in the network device recovered from the failure, there is a host in a communication cut-off state until the ARP resolution is completed for each subordinate host. For example, if ARP resolution for all the hosts is not completed within 1 second, a communication disconnection of 1 second or more occurs.

  In general, in a network device such as a router, an upper limit of CPU resources that can be used for ARP processing is determined from the viewpoint of router CPU protection (policing). For this reason, for example, when the number of hosts under the network device increases, the upper limit of CPU resources that can be used for ARP processing is reached, and long-time communication disconnection is likely to occur. In a general communication carrier, a communication disconnection of 1 second or more is a communication disconnection exceeding the SLA.

  On the other hand, for example, for ARP processing, a method of eliminating the limitation of CPU resources due to policing can be considered. However, the CPU of the router is responsible for various processes in addition to the ARP process. If all the CPU resources are used for the ARP process, the router function requiring the process by the CPU cannot be used. In addition, with this method, when the number of hosts under the router further increases, the limit of the CPU processing capacity becomes a bottleneck, causing problems such as inability to send ARP requests, inability to receive ARP replies, and inability to register in the ARP table. Can occur.

  As another method, when the link up occurs, transfer of the upper port is shut down, and all the subordinate hosts are pinged to force ARP resolution, and then transfer of the upper port is performed. A method of restarting (no shutdown) is conceivable.

  However, this method has a problem that the number of ping transmissions increases and is not efficient. For example, it is assumed that there are 100 hosts of 192.168.0.1 to 192.168.0.100 (subnet mask: / 24) under the router. In actual operation, it is not practical to check which IP address of the 192.168.0.0/24 network address is actually assigned to the host and hit the ping. A method of pinging the address is conceivable. If pings are sent to many hosts in this way, network bandwidth is consumed, which may affect the service. For example, even if there are only 100 hosts, a ping is transmitted to 254 destinations.

  In addition, if the transfer of the higher-order port is stopped, the hosts under other ports where no failure has occurred are also completely disconnected. In addition, when the switches under the router are not physical switches but virtual switches, and each virtual switch accommodates a large number of hosts, the virtual switch may not be able to process. In addition, since a broadcast is transferred from each virtual switch, a large amount of bandwidth is consumed.

  As another method, a method of registering a route to the RIB after a certain waiting time after link-up is considered. However, with this method, it is necessary to set a waiting time after link-up so that the ARP resolution of all hosts under the router is completed, but it is difficult to estimate the time required for the ARP resolution of each host. Further, when the number of hosts under the router increases, it is considered that the ARP resolution of all the hosts is not completed within the set waiting time.

  As another method, a method of temporarily starting transfer processing with backup of the ARP table at the time of failure recovery can be considered. However, in this method, a packet cannot be transferred to a host that has changed after the last update of the backup of the ARP table, and packet discard occurs.

  On the other hand, according to the above-described embodiment, it is possible to register the route information in the RIB after performing the validation check process after linking up and confirming the normality of the ARP table. As a result, it is possible to prevent the route from being switched back to the router for which ARP resolution has not been completed, and to suppress communication disconnection.

  Further, communication disconnection can be suppressed without removing the CPU resource limitation due to policing. In addition, it is possible to suppress the disconnection of communication without stopping the transfer of the higher-order port at the time of link up. Therefore, avoiding the disconnection of the hosts under other ports that have not failed. Can do. Moreover, since ARP can be resolved without pinging all the subordinate hosts, the load on the network can be suppressed. Communication interruption can be suppressed without estimating in advance the time required for ARP resolution of each host. Further, a packet for a host that has been changed after the last update of the ARP table backup can be transferred without being discarded.

  Note that the packet transfer method described in the present embodiment can be realized, for example, by executing a program prepared in advance on a computer such as a personal computer or a workstation. This program is recorded on a computer-readable recording medium such as a hard disk, a flexible disk, a CD-ROM, or a DVD, and is executed by being read from the recording medium by the computer. CD-ROM is an abbreviation for Compact Disc-Read Only Memory. DVD is an abbreviation for Digital Versatile Disc. The program may be distributed via a network such as the Internet.

  Alternatively, the packet transfer method described in the present embodiment can be realized as a function mounted on an OS (Operating System) of a router (for example, routers 232 and 242). Alternatively, the packet transfer method described in the present embodiment can be realized as a function added to a router (for example, routers 232 and 242) via a storage medium or a network by purchasing an additional license or the like. .

  The following additional notes are disclosed with respect to the above-described embodiments.

(Appendix 1) A communication unit that performs communication including packet transfer based on correspondence information between an address of the network layer and an address of the data link layer;
When a failure occurs in the communication that passes through the own device, the transmission path of the packet is switched to a route that does not pass through the own device, and when the communication that passes through the own device recovers from the failure, the failure before the failure occurs A controller that performs control to switch back the transmission path of the packet to a path that passes through the own apparatus after updating the correspondence information based on the backup of the correspondence information and the path information received from another packet transfer apparatus; ,
A packet transfer apparatus comprising:

(Supplementary note 2) The packet transfer device according to supplementary note 1, wherein the route information received from the other packet transfer device is route information received from the other packet transfer device by BGP (Border Gateway Protocol) .

(Supplementary Note 3) For the combination of the network layer address and the data link layer address based on the backup and the path information, the control unit sets the data link layer address corresponding to the network layer address of the combination. The first signal to be inquired is transmitted by unicast with the address of the network layer of the combination and the address of the data link layer of the combination as destinations, and the second signal transmitted in response to the first signal is received and received The packet transfer apparatus according to appendix 1 or 2, wherein the correspondence information is updated based on the second signal.

(Appendix 4) The first signal is an ARP request,
The second signal is an ARP reply;
The packet transfer apparatus according to Supplementary Note 3, wherein

(Additional remark 5) The said control part transmits the said 1st signal about each of the said combination about another communication apparatus, The said correspondence information of the communication apparatus which received the said 2nd signal among the said other communication apparatuses The packet according to appendix 3 or 4, wherein the correspondence information is updated so as not to include the combination of communication devices that include the combination and that have not received the second signal among the other communication devices. Transfer device.

(Additional remark 6) The said control part performs the process which transmits a said 1st signal about each of the said combination about the communication apparatus which has not received the said 2nd signal among other communication apparatuses, It is characterized by the above-mentioned. The packet transfer device according to any one of appendices 3 to 5.

(Supplementary Note 7) The communication unit includes correspondence information between the network layer address and the data link layer address, correspondence information between the network layer address and the transfer destination based on the path information received from another packet transfer device, and And forwarding the packet based on
The control unit performs the control by transmitting information on correspondence information between the network layer address and the transfer destination after the communication via the own device is recovered from the failure, to another packet transfer device.
The packet transfer device according to any one of Supplementary notes 1 to 6, wherein:

(Supplementary Note 8) The correspondence information between the network layer address and the data link layer address is an ARP (Address Resolution Protocol) table,
The correspondence information between the network layer address and the transfer destination is RIB (Routing Information Base).
Item 8. The packet transfer apparatus according to appendix 7, wherein

(Supplementary Note 9) Communication including transfer of a packet based on correspondence information between an address of the network layer and an address of the data link layer is performed, a failure occurs in the communication via the own device, and the transmission path of the packet is When the communication via its own device is recovered from the failure, based on the backup of the correspondence information before the failure occurs and the route information received from another packet transfer device A first packet transfer device that performs control to switch back the transmission route of the packet to a route that passes through the device after updating the correspondence information;
A second packet transfer device for transferring the packet when a failure occurs in the communication of the first packet transfer device;
A packet transfer system comprising:

(Appendix 10)
Perform communication including packet transfer based on correspondence information between network layer address and data link layer address,
When a failure occurs in the communication that passes through the own device, the transmission path of the packet is switched to a route that does not pass through the own device, and when the communication that passes through the own device recovers from the failure, the failure before the failure occurs After updating the correspondence information based on the backup of the correspondence information and the route information received from another packet transfer device, control to switch back the transmission route of the packet to the route via the own device,
A packet transfer program for executing a process.

(Supplementary Note 11) The packet transfer apparatus is
Perform communication including packet transfer based on correspondence information between network layer address and data link layer address,
When a failure occurs in the communication that passes through the own device, the transmission path of the packet is switched to a route that does not pass through the own device, and when the communication that passes through the own device recovers from the failure, the failure before the failure occurs After updating the correspondence information based on the backup of the correspondence information and the route information received from another packet transfer device, control to switch back the transmission route of the packet to the route via the own device,
And a packet transfer method.

DESCRIPTION OF SYMBOLS 100 Packet transfer system 101,102 Communication apparatus 110,120,130 Packet transfer apparatus 111 Communication part 112 Control part 200 IP data communication network 210 Remote host 220 Upper network 230,240,301 Transmission path 231,241 Upper router 232,242 Router 233, 243 switch 251-25N host 260 Syslog server 261 operator 400 ARP table 501 failure 810 ARP table backup 820 validation check table 910 BGP table 1201 completion rate 1801, 1802 interface unit 1803 interface processing unit 1804 routing table / RIB storage unit 1805 BGP table storage unit 1806 ARP table storage unit 18 07 Setting information management unit 1808 Packet processing unit 1809 Validation check unit 1810 ARP table backup storage unit 1811 Validation check table storage unit 1901 RIB
1902 Routing Table 2500 Computer 2501 CPU
2502 Memory 2503 Router information management memory 2504 Packet transfer engine 2505 2506 Communication interface 2507 2508 Bus line 2600 2700 Config

Claims (6)

A communication unit that performs communication including packet transfer based on correspondence information between the address of the network layer and the address of the data link layer;
When a failure occurs in the communication that passes through the own device, the transmission path of the packet is switched to a route that does not pass through the own device, and when the communication that passes through the own device recovers from the failure, the failure before the failure occurs A controller that performs control to switch back the transmission path of the packet to a path that passes through the own apparatus after updating the correspondence information based on the backup of the correspondence information and the path information received from another packet transfer apparatus; ,
A packet transfer apparatus comprising:   The control unit, for a combination of a network layer address and a data link layer address based on the backup and the routing information, a first signal for inquiring a data link layer address corresponding to the network layer address of the combination Is transmitted by unicast with the address of the network layer of the combination and the address of the data link layer of the combination as destinations, and receives the second signal transmitted in response to the first signal, and receives the second received The packet transfer apparatus according to claim 1, wherein the correspondence information is updated based on a signal. The communication unit is based on correspondence information between the network layer address and the data link layer address, and correspondence information between the network layer address and the transfer destination based on the path information received from another packet transfer device. Forwarding the packet,
The control unit performs the control by transmitting information on correspondence information between the network layer address and the transfer destination after the communication via the own device is recovered from the failure, to another packet transfer device.
The packet transfer apparatus according to claim 1, wherein the packet transfer apparatus is a packet transfer apparatus. A route in which communication including packet transfer based on correspondence information between the address of the network layer and the address of the data link layer is performed, and the transmission route of the packet does not pass through the device due to a failure in the communication through the device. When the communication via its own device recovers from the failure, the correspondence information is changed based on the backup of the correspondence information before the failure occurs and the path information received from another packet transfer device. A first packet transfer device that performs control to switch back the packet transmission route to a route that passes through the device after the update;
A second packet transfer device for transferring the packet when a failure occurs in the communication of the first packet transfer device;
A packet transfer system comprising: On the computer,
Perform communication including packet transfer based on correspondence information between network layer address and data link layer address,
When a failure occurs in the communication that passes through the own device, the transmission path of the packet is switched to a route that does not pass through the own device, and when the communication that passes through the own device recovers from the failure, the failure before the failure occurs After updating the correspondence information based on the backup of the correspondence information and the route information received from another packet transfer device, control to switch back the transmission route of the packet to the route via the own device,
A packet transfer program for executing a process. The packet transfer device
Perform communication including packet transfer based on correspondence information between network layer address and data link layer address,
When a failure occurs in the communication that passes through the own device, the transmission path of the packet is switched to a route that does not pass through the own device, and when the communication that passes through the own device recovers from the failure, the failure before the failure occurs After updating the correspondence information based on the backup of the correspondence information and the route information received from another packet transfer device, control to switch back the transmission route of the packet to the route via the own device,
And a packet transfer method.

Images