JP2022025684A - Network switch and IP flow monitoring system - Google Patents

Abstract

To provide a network switch and an IP flow monitoring system for efficiently and accurately monitoring information on the quality and route of an IP flow in a network system.SOLUTION: In an IP flow monitoring system, a network switch in a system constructed with a network of Ethernet (R) or IP (Internet Protocol) packets has a function of adding information of the network switch as metadata to an input packet and outputting it as an output packet, and a function of analyzing the input packet and outputting the IP flow information obtained by the analysis as an IP flow information packet. Further, the IP flow monitoring system includes the network switch and a monitoring device that receives the IP flow information packet from the network switch and analyzes the same.SELECTED DRAWING: Figure 1

Description

The present invention relates to a network switch and an IP flow monitoring system, and more particularly to a switch that transfers and analyzes data on a network, and an IP flow monitoring system that monitors the flow and quality of packets on the network.

Video / audio for program production by the signal transmission method by SDI (Serial Digital Interface: see Non-Patent Document 1) and MADI (Multichannel Audio Digital Interface: see Non-Patent Document 2), which have been conventionally developed for program production. A program production system for transmitting synchronization information was configured.

As an example of a program production system of the SDI / MADI signal transmission system, it can be configured as shown in FIG. 11, for example. The video transmission device 11 that transmits video from a photographing camera or the like transmits the video to the SDI router 51 as an SDI format signal (SDI signal), and distributes the video from the SDI router 51 to a designated receiving device 70 such as a receiver. To transmit. Further, the voice transmitting device 12 for transmitting voice such as a microphone transmits the voice as a MADI format signal (MADI signal) to the SDI router 51 via the voice router 52, and the designated receiving device 70 is transmitted from the SDI router 51. It is distributed to and transmitted. The video transmitting device 11, the audio transmitting device 12, the SDI router 51, the audio router 52, and the receiving device 70 can be synchronized by the synchronization signal from the synchronization signal generator 60.

In recent years, the program production system will be replaced with an exchange method (IP program production system) that stores and transmits video and audio information in IP (Internet Protocol) packets using the widely used Ethernet (registered trademark) technology. Has been studied (see Non-Patent Document 3).

As an example of a program production system constructed by a network of Ethernet frames or IP packets, it can be configured as shown in FIG. 12, for example. The image transmission device 11 for transmitting an image of a photographing camera or the like stores the image in an Ethernet frame or an IP packet (hereinafter, referred to as an Ethernet / IP packet, or simply referred to as a packet) and transmits the image to a certain network switch 55. The route is selected and transmitted from the network switch 55 to a designated receiving device 70 such as a receiver based on the header information in the packet via another network switch 55 or directly. Further, the voice transmission device 12 that transmits voice such as a microphone stores the voice in an Ethernet / IP packet and transmits the voice to a certain network switch 55, and the voice is transmitted from the network switch 55 via another network switch 55. Alternatively, the route is directly selected and transmitted to the designated receiving device 70 based on the header information in the packet.

One network switch 55 is, for example, a LAN (Local Area Network) cable to another network switch 55, a transmission device such as a video transmission device 11 and an audio transmission device 12, and one or a plurality of reception devices 70. Etc., which are connected by a communication cable such as, and are transmitted to each input port for inputting a packet from another network switch 55 and a transmitting device, and to another network switch 55 and one or a plurality of receiving devices 70. It has an output port for relaying and outputting the packets to be output. In a program production system constructed with an Ethernet / IP packet network, each network switch 55 is synchronized by a synchronization signal from a synchronization signal generator 60 so that video, audio, and synchronization information can be transmitted in real time. Can be taken.

Since Ethernet is widely used all over the world, it is expected to reduce the equipment cost as compared with the dedicated equipment specialized for program production. Further, while the maximum transmission speed of SDI is 12 Gbps, the latest standard of Ethernet is 400 Gbps, which has a very large transmission capacity as compared with SDI, and since it is a packet switching method, it is possible to multiplex signals. There are advantages such as being able to reduce the number of cables.

U.S. Pat. No. 6243667

SMPTE ST 292-1: 1.5 Gb / S Signal / Data Serial Interface AES 10-2008: AES Recommended Practice for Digital Audio Engineering --Serial Multicahnnel Audio Digital Interface (MADI) BBC Research & Development White Paper 268: The IP Studio B.Claise, "Cisco Systems NetFlow Services Export Version 9", RFC 3954, Oct.2004 In-Band Network Telemetry, [Search July 1, 2020], Internet <URL: https://github.com/p4lang/p4-applications/blob/master/docs/INT_v1_0.pdf>

If a failure occurs in a certain video while the program production system is in operation or the system is being built, it is necessary to isolate the cause and recover from the failure. In the conventional SDI / MADI signal format program production system, it is clear which cable the signal is transmitted by, and a method for measuring the quality of the signal has also been established.

On the other hand, in a production system constructed with an Ethernet / IP packet network, video signals and audio signals are treated as packets, and a plurality of material signals are multiplexed on one cable. In addition, the forwarding destination and discarding of packets are autonomously determined by the table information and the amount of packets held in the network switch. Therefore, it is difficult to know which cable and route the video signal to be measured is flowing through, and it is necessary to separate it from other video / audio signals and acquire only the necessary IP packet flow (hereinafter, IP flow). be. One IP flow represents one video signal or audio signal, ancillary data such as subtitles, and is composed of a combination of source IP address, destination IP address, source port number, destination port number, L3 protocol, and DCSP. .. Therefore, in the conventional SDI / MADI method, it is sufficient to measure the physical layer, but in the IP production system, it is necessary to confirm many layers from the physical layer to the application layer.

In general, network switches are provided with several means of determining the quality of the data flowing through the switch. For example, as a network monitoring method on a general communication system, quality information such as the number of input / output packets, the number of discarded packets, and the average bit rate value is obtained by using SNMP (Simple Network Management Protocol) for each network switch interface. There may be a monitoring server to acquire. However, even if such a monitoring server is applied to the program production system shown in FIG. 12, the values indicating these quality information that can be acquired by the monitoring server are all the packets that store the video signal and the audio signal are multiplexed. It is the total value of the packets of the above, and there is a problem that the information cannot be acquired for each IP flow and the quality of the video signal to be measured cannot be known.

In addition, since a network switch in a general communication system usually has a function of replicating a packet to be transmitted, the IP flow monitoring system should be configured by using the packet duplication function in the network switch. Can be considered. For example, as shown in FIG. 13, a dedicated analysis device 80 for analyzing an IP flow is provided for each network switch 55. The network switch 55 can be configured to transmit the duplicated packet to the analysis device 80, and the analysis device 80 collects the duplicated packet, analyzes it, and monitors each IP flow. However, in the case of using the packet duplication function in the network switch 55, a plurality of communication cables connected to the duplication data transfer ports as many as the number of ports used for data transfer are required. Furthermore, the media data used in the production system is difficult to analyze because it generates a huge amount of traffic. That is, in this form, in order to monitor all the packets processed by the network switch 55, the same number of ports and receiving devices as those for normal data transfer are required, which is not realistic.

Further, as a method of monitoring the multiplexed IP flow in the switch, there is NetFlow that acquires the packet passing through the switch for each IP flow (Patent Document 1 and Non-Patent Document 4). In this method, packets arriving at the NetFlow enabled interface are inspected, and the source IP address, destination IP address, source port number, destination port number, L3 protocol, DCCP, and input interface are used as keys to determine the number of packets. It is a system that calculates the count and the amount of traffic and provides the information to an external monitoring device. However, while a relatively accurate amount of traffic can be obtained for each IP flow, what kind of route the packet has taken, the passage processing time of each switch, the detection of packet loss, and the case where the packet is dropped in the switch. There is a problem that the cause of the problem cannot be obtained.

Further, as a method for analyzing the state of a network in detail, there is an INT (In-Band Network Telemetry) technique (Non-Patent Document 5). This uses a technology that allows the user to freely define the processing of the network switch by programming instead of the ASIC that can process only a predetermined protocol in the past. Using this technology, packets that pass through a network switch are added as metadata to packets that pass through the network switch ID (hereinafter referred to as switch ID), switch passage processing time, queue congestion status, etc., and the packet is added to the packet at the downstream switch. The network status is obtained by duplicating and transmitting to an external analyzer. However, while it is possible to obtain detailed network information by using INT, it is not realistic to analyze packets on the monitoring server side in a situation where there is a huge amount of traffic such as program production, and as a result. There is a problem that information for each IP flow cannot be obtained.

Therefore, an object of the present invention made in view of the above problems is to efficiently and highly accurately monitor information on the quality and route of an IP flow in a system composed of a network of Ethernet frames or IP packets. To provide network switches and IP flow monitoring systems for.

In order to solve the above problems, the network switch according to the present invention is a network switch in a system constructed by a network of Ethernet (registered trademark) or IP (Internet Protocol) packets, and is a network switch for an input packet. A function to add switch information and IP flow information as metadata and output it as an output packet, and a function to analyze the input packet and output the IP flow information obtained by the analysis as an IP flow information packet. It is characterized by having and.

Further, in the network switch, the information of the network switch includes the switch ID and the presence / absence of drop (discard) or the number of dropped packets, and is added to the header part of the input packet as INT (In-Band Network Telemetry) metadata. It is desirable to be done.

Further, in the network switch, the information of the network switch may include the switch ID and the sequence number of the previous packet in the IP flow, and may be added to the header part of the input packet as INT (In-Band Network Telemetry) metadata. desirable.

Further, in the network switch, it is desirable that the IP flow information includes the average throughput and the information of the switch ID via the network switch.

Further, in the network switch, the system constructed by the network is a program production system, and it is desirable that the IP flow information packet contains information specialized for program production.

Further, the network switch has a function of deleting the metadata added by each network switch from the packet and outputting it as the output packet when the device to which the output packet is output does not support the metadata. It is desirable to prepare.

Further, it is desirable that the network switch limits the monitoring target to which the metadata is added and analyzed to a specific packet, and attaches the metadata.

In order to solve the above problems, the IP flow monitoring system according to the present invention is an IP flow monitoring system that monitors an IP flow in a network of Ethernet (registered trademark) or an IP packet, from the network switch and the network switch. It is characterized by including a monitoring device that receives and analyzes the IP flow information packet.

Further, it is desirable that the IP flow monitoring system includes a destination for receiving the output packet from the network switch, and the destination outputs receiver status information as a packet to the monitoring device.

According to the network switch and the IP flow monitoring system of the present invention, information on the quality and route of the IP flow in the system composed of the network of Ethernet frames or IP packets can be efficiently and highly accurately monitored.

It is a figure which shows the schematic structure of the IP flow monitoring system of 1st Embodiment. It is an example of the block diagram of the network switch of this invention. This is an example of a protocol stack output from each switch of the first embodiment. This is an example of the format of INT metadata used in the present invention. It is a flowchart of packet analysis in a network switch. This is an example of an item of an IP flow information packet. It is a figure which shows the schematic structure of the IP flow monitoring system of 2nd Embodiment. This is an example of a protocol stack output from each switch of the second embodiment. It is a figure which shows the example of the IP flow in a network. It is an example of IP flow information in the network of FIG. This is an example of a program production system of SDI / MADI signal transmission method. This is an example of a program production system built on an IP network. This is a configuration example of an IP flow monitoring system using the packet replication function.

Hereinafter, embodiments of the present invention will be described.

(First Embodiment)
FIG. 1 is a schematic configuration of an IP flow monitoring system (network monitoring system) according to the first embodiment of the present invention. The IP flow monitoring system of the present embodiment is a program production system constructed by a network of Ethernet / IP packets, and the flow of packets (IP flow) passing through one or more network switches 20 on the network and the packet flow (IP flow) thereof. It is a system for monitoring quality, and includes _one or more network switches 20 ₍ 201 to 203) and a monitoring device 30. Further, the transmission source 10 and the transmission destination 40 may be included as the configuration. The IP flow monitoring system of the present invention can be used not only in the program production system but also in other systems for monitoring the IP flow passing through the network switch 20 and its quality.

In the present embodiment, the transmission source 10 and the transmission destination 40 are program production devices. The program production device of the transmission source 10 is, for example, a shooting camera or a microphone, and the program production device of the transmission destination 40 includes a video / audio processing device such as a video switcher and an audio mixer, and a display.

_The network switch 20 ₍ 201 to 203) of the present invention is a network switch equipped with a packet analysis function, and the information of the network switch (the information of the network switch) with respect to the input packet received from the source 10 or another network switch 20. The switch ID, input / output port, input time stamp, information when an error occurs, sequence number of the immediately preceding RTP packet in the corresponding IP flow, etc.) are added as metadata and output as an output packet. Further, by analyzing the INT metadata of the input packet in the network switch 20, if the loss is within one packet, it is possible to analyze which network switch in the route the drop occurred without referring to the monitoring device 30. It is possible. Further, it is possible to determine whether or not there was packet loss in the immediately preceding section without referring to the monitoring device 30 regardless of the number of packet losses. _The network switch 20 ₍ 201 to 203) of the present invention generates IP flow information calculated from a plurality of packets passing through the network switch 20, and outputs the IP flow information packet to the monitoring device 30. The IP flow information packet includes, for example, the average throughput, the ID of the switch that has passed through, the reason why the packet is discarded, and the like, and the details will be described later.

In the present embodiment, the program production device 40, which is the transmission destination, also analyzes the metadata of the received Ethernet / IP packet, analyzes the reception state, and outputs the receiver state information as a packet to the monitoring device 30. ..

In the program production device 40, which is the transmission destination, the sequence number of the last received RTP packet header in the switch in the route is stored in the INT metadata, so if the loss is within one packet, which network switch in the route is used. It is possible to analyze whether a drop has occurred in (route) or not without using the monitoring device 30. When there is no data by INT, the monitoring device 30 detects that a drop has occurred by comparing the sequence number of the RTP packet with the sequence number of the previous RTP packet held in the program production device 40. Yes, but it is not possible to detect which switch caused the drop.

The monitoring device 30 receives the IP flow information packet from _each network switch 20 ₍ 201 to 203), receives the receiver status information packet from the transmission destination (program production device) 40, and analyzes these. Monitor the packet flow (IP flow) in the system (program production system). The monitoring device 30 is configured by, for example, an analysis server. The monitoring device 30 summarizes the packet state as aggregated data for each IP flow, analyzes the quality of each IP flow, and outputs the aggregated data and quality information to the outside as necessary. In addition, if a failure occurs in the IP flow, the location of the failure is identified.

In the present embodiment, the transmission destination (reception device) 40 also informs the monitoring device 30 that the information and the media data contained in the INT metadata can be normally received, so that the final transmission is performed from the input of the switch. It is possible to confirm that it is working normally.

FIG. 2 shows an example of a block diagram of the network switch 20 _{( 201} to 203) equipped with the packet analysis function of the present invention. For the packet passing through the network switch 20, the IP header portion required for forwarding is analyzed, and the destination port is determined based on the forwarding table held in the switch. Further, the information of the network switch is added as metadata, and the packet such as multicast is duplicated as necessary and output from the output unit of the output port.

The network switch 20 equipped with a packet analysis function includes a packet input unit 21, an input packet analysis / determination unit 22, a transfer / replication processing unit 23, a packet rewriting unit 24, a packet output unit 25, a temporary storage unit 261 for packet analysis, and IP flow information. It includes a generation storage unit 262, a transfer information / monitoring target storage unit 263, a switch state information storage unit 264, an IP flow information generation unit 27, and an IP flow information output unit 28. In FIG. 2, the solid line shows the flow of packet information, and the broken line shows the flow of information in the control system. The functions and operations of each block will be described below.

The packet input unit 21 receives an input packet transferred from the source 10 or another network switch 20, and outputs the input packet to the input packet analysis / determination unit 22.

The input packet analysis / determination unit 22 analyzes the structure of the input packet, and stores the packet input time and the input port information of each input packet in the packet analysis temporary storage unit 261. In addition, the continuity of the sequence number in the RTP header section is checked, and if a non-continuous value arrives, error information is recorded. This error information is added to the INT field as an error flag in the INT metadata described later. Further, the input packet analysis / determination unit 22 determines (determines) whether to forward or discard the packet based on the information recorded in the transfer information / monitored storage unit 263, and the determined packet. Is output to the transfer / duplication processing unit 23. Further, if the input packet is a packet to be monitored, the analysis result is written in the IP flow information generation storage unit 262.

The following formula is given as an example for checking the continuity of the sequence number of the RTP header part. It can be carried out by taking the difference between the sequence number of the RTP header part currently being analyzed and the sequence number of the header of the previous RTP packet in the corresponding flow.
Number of packet losses = sequence number of the current packet-sequence number of the previous packet-1
Since the field of the sequence number is 16 bits, the calculation used for the calculation is also limited to 16 bits. As a result, the maximum value of the sequence number, that is, the state 0xFFFF (decimal number 65535) in which all the bits are 1, and then the counter returns to 0x0000 (decimal number 0), but even in that case, the calculation result becomes 0, which is an error. Can be calculated without.

For the sequence number of the packet before the RTP packet, the information stored in the IP flow information generation storage unit 262 can be used, or the information stored in the INT header described later can be referred to.

When a new IP flow appears, the sequence number of the RTP header part of the previous packet is unknown, so the calculation of the number of dropped packets becomes undefined, and there is a risk of outputting invalid data. If the sequence number of the RTP header section of the previous packet is undefined, the calculation result shall be 0 and no drop has occurred, or the information shall not be output by the IP flow information generation section 27.

Here, the packet analysis temporary storage unit 261 is an intermediate database for analyzing the IP flow, and records information and the like of individual packets obtained by analyzing the metadata of the input packet.

The transfer information / monitoring target storage unit 263 includes information regarding forwarding, duplication, destruction, etc. of the packet, and, if necessary, information for specifying the packet as the monitoring target. That is, the packets to be monitored are, in principle, all packets, but for example, a combination of a source IP address and a port number, or a whitelist specified by a destination IP address and a port number is a transfer information / monitoring target. Packets that are stored in the storage unit 263 and correspond to the whitelist may be monitored.

The IP flow information generation storage unit 262 is a hash table using a source IP address, a destination IP address, a source L port number, a destination port number, an L3 protocol number, a DCSP, an input interface number, and the like as keys. In the IP flow information generation storage unit 262, in addition to the information of individual packets transferred from the packet analysis temporary storage unit 261 and the like, information obtained by analyzing a plurality of packets (for example, total transfer data amount and total). Information such as the number of transferred packets, the number of marker bit counts, the time stamp of the analysis process, etc.) is also recorded.

The transfer / duplication processing unit 23 performs duplication / transfer processing of the actual packet. For example, the destination port of the packet is determined based on the forwarding table held in the switch. If the destination is a multicast address, the packet is duplicated according to the forwarding table information. The duplicated / forwarded packet is output to the packet rewriting unit 24. Further, the transfer / duplication processing unit 23 discards (drops) the packet based on the transfer information / information of the monitoring target storage unit 263. When dropping a packet, the reason is written in the packet analysis temporary storage unit 261. The reason for dropping the packet is also transferred and recorded in the IP flow information generation storage unit 262.

The packet rewriting unit 24 uses metadata (for example, for example, switch status information) based on the data recorded in the IP flow information generation storage unit 262, the transfer information / monitoring target storage unit 263, and the switch status information storage unit 264. It performs write processing to be added to the packet as (INT metadata), update of checksum, and the like. As will be described later, if it is necessary to delete the INT header at the output destination, the process of deleting the INT header is performed. Further, in the case of L3, the address is rewritten. The rewritten packet is output to the packet output unit 25.

The switch ID of the network switch 20 and the like are recorded in the switch state information storage unit 264, and these data are designated from the outside.

The packet output unit 25 outputs an output packet that has undergone necessary processing (for example, an output packet to which metadata related to the network switch 20 is added).

The IP flow information generation unit 27 creates an IP flow information packet based on the data recorded in the IP flow information generation storage unit 262. The timing for creating a packet may be every designated time, or when the amount of transferred data reaches a predetermined amount, or when an event for discarding a packet occurs. The created IP flow information packet is sent to the IP flow information output unit 28.

The IP flow information generation unit 27 includes the total transfer data amount and the number of transfer packets recorded in the IP flow information generation storage unit 262, the count number of the marker bits, and the previous total transfer data amount and the number of transfer packets and the marker bits. It may have a function of calculating information per unit time such as an average throughput value, an average number of output packets, and an average number of marker bits from the difference from the count value and the time stamp obtained from the previous analysis process. The time stamp of the timing at which the analysis process is performed is written in the IP flow information generation storage unit 262.

The IP flow information output unit 28 outputs the created IP flow information packet to the monitoring device 30.

FIG. 3 shows an example of a protocol stack output from each switch in this embodiment. From the left side of FIG. ₃ , the outline of the packet output from the source 10 and the packet output from each network switch _A , B, C (201 to 203) equipped with the packet analysis function is shown.

The packets output from the source 10 are, for example, Ethernet Header, IP Header, UDP (User Datagram Protocol) Header, RTP (Real-time Transport Protocol) Header, SMPTE (Society of Motion Picture and Television Engineers) ST 2022-X. It contains / ST2110-X Header, followed by Payload.

In general, the SMPTE ST 2110-20 standard is defined when video signal data is stored in a packet and transmitted on an IP network, and voice signal data is stored in a packet on an IP network. The SMPTE ST 2110-30 standard is defined for transmission. Further, the SMPTE ST 2022-6 standard is defined when video / audio information is stored in a packet and transmitted.

The network switch _A (201) adds the INT Header (metadata) including the information of the INT Header and the switch A to the packet received from the source 10 after the IP Header. This INT metadata has a Payload of INT metadata in it, as will be described later. After that, the output packet is continuously created with the configuration in which UDP Header, RTP Header, SMPTE ST 2022-X / ST 2110-X Header, Payload are received. That is, INT metadata is added to the header part of the input packet.

The network switch B ( ₂₀₂ ) adds INT metadata (including the payload) including the information of the switch B to the packet received from the network switch _A (201) after the INT metadata of the switch A. .. After that, the output packet is continuously created with the configuration in which UDP Header, RTP Header, SMPTE ST 2022-X / ST 2110-X Header, Payload are received.

Similarly, the network switch C ₍ 203) includes the INT metadata (Payload) including the information of the switch C after the INT metadata of the switch B for the packet received from the network switch B ( ₂₀₂ ). ) Is added. After that, the output packet is continuously created with the configuration in which UDP Header, RTP Header, SMPTE ST 2022-X / ST 2110-X Header, Payload are received.

As described above, _each network switch 20 ₍ 201 to 203) equipped with the packet analysis function sequentially adds and outputs the information of each switch as INT metadata. By doing so, it is possible to know information on which switch the packet has passed through even on the downstream switch, and the state of the upstream switch (delay time when passing through the switch, etc.). Further, in the downstream network switch, it is possible to specify whether or not the corresponding IP flow is dropped in the upstream portion.

FIG. 4 is an example of the format of INT metadata. The format of the INT metadata used in this embodiment uses the data format defined by INT (In-Band Network Telemetry) as the basic structure. 16 Bits are secured as the Instruction Bitmap, and each Bit is set as follows. Here, Bit8 and Bit9 are added to the standard of Non-Patent Document 5. The remaining Bits are reserved.

Bit 0: Switch ID
Bit 1: Input port ID
Bit 2: Hot Latency
Bit 3: Queue congestion Bit 4: Input time stamp Bit 5: Output port ID
Bit 6: Queue congestion Bit 7: Output port TX Installation
Bit 8: Number of lost packets in RTP packet Bit 9: Sequence number of previous RTP packet in the corresponding IP flow Bit 15: Checksum Complete

In the present embodiment, the network switch 20 checks the continuity of the sequence number of the RTP header section. When adding the packet loss number of the RTP packet to the INT metadata, the Bit8 flag is set to indicate that the corresponding field exists. Further, by setting the Bit9 flag, the sequence number of the previous RTP packet in the corresponding IP flow can be stored, and the packet drop can be analyzed by the downstream device.

If no loss has occurred, a value (for example, 0) indicating that no drop has occurred in the INT field data is put in Bit8. Otherwise, store the number of dropped packets.

Bit9 is used to detect packet loss at a downstream network switch or destination. Stores the sequence number of the RTP header part of the previous packet of the corresponding IP flow received by the network switch 20. In the downstream network switch, destination (receiver), and external analysis device, the number of drops is calculated by taking the difference between the sequence number in the RTP header of the previous packet and the current sequence number, that is, the occurrence of packet drops. It is possible to analyze the presence or absence.

FIG. 5 is a flowchart of packet analysis in the network switch 20. The network switch 20 mainly analyzes the input packet by the input packet analysis / determination unit 22. Each step will be briefly described.

Step S1: The network switch 20 parses the Ethernet header (the work of analyzing and reading the structure).

Step S2: Determine whether the payload format is IPv4. If it is IPv4, the process proceeds to step S3. If it is not IPv4, the process proceeds to step S16.

Step S3: Parse the IP header.

Step S4: It is determined whether or not the INT header exists. If the INT header is present, the process proceeds to step S5. If it does not exist, the process proceeds to step S6.

Step S5: Parse the INT header. By analyzing this INT header, the length of the INT payload can be known, and where the UDP header starts can be recognized.

Step S6: Determine whether the payload is UDP or not. If it is UDP, the process proceeds to step S7. If it is not UDP, the process proceeds to step S8.

Step S7: Parse the UDP header. After that, the process proceeds to step S10.

Step S8: It is determined whether or not the payload is TCP. If it is TCP, the process proceeds to step S9. If it is not TCP, the process proceeds to step S16.

Step S9: Parse the TCP header. Then, the process proceeds to step S16.

Step S10: It is determined whether or not the payload is RTP. If it is RTP, the process proceeds to step S11. If it is not RTP, the process proceeds to step S16.

Step S11: Parse the RTP header.

Step S12: It is determined whether or not the packet is the ST 2022 standard packet of SMPTE. If the packet is of the ST 2022 standard, the process proceeds to step S13. If it is not the ST 2022 standard, the process proceeds to step S14.

Step S13: Parse the ST 2022 header of SMPTE. Then, the process proceeds to step S16.

Step S14: It is determined whether or not the packet is of the ST2110 standard of SMPTE. If the packet is of the ST2110 standard, the process proceeds to step S15. If it is not the ST 2110 standard, the process proceeds to step 16.

Step S15: Parse the ST2110 header of SMPTE. Then, the process proceeds to step S16.

Step S16: The network switch 20 stores each parameter obtained by the packet analysis in the IP flow information generation storage unit 262, and ends the process.

In the present embodiment, the network switch 20 stores the parameters obtained by the analysis of each packet and the data obtained by analyzing a plurality of passing packets (input packets) in the IP flow information generation storage unit 262. After that, the network switch 20 creates an IP flow information packet based on the data stored in the IP flow information generation storage unit 262 and outputs the IP flow information packet to the monitoring device 30.

FIG. 6 shows an example of an item of the IP flow information packet. The items are broadly divided into Ethernet aggregated data, IP aggregated data, TCP / UDP aggregated data, RTP aggregated data, and data aggregated individually according to the SMPTE protocol.

The Ethernet aggregate data is, for example, the source MAC address, destination MAC address, Ethernet frame type number, average throughput, total number of received packets, switch ID, switch ID via, input port, output port, and drop for each IP flow. Includes reasons (if there is a drop), etc.

The IP aggregate data includes source MAC address, destination MAC address, source IP address, destination IP address, IP header protocol number, average throughput, total number of received packets, switch ID, switch ID via, and input for each IP flow. Includes port, output port, reason for drop (if any), etc.

The TCP / UDP aggregate data includes the source MAC address, destination MAC address, source IP address, destination IP address, source L4 port number, destination L4 port number, average throughput, total number of received packets, and switch ID for each IP flow. , The ID of the switch that passed through, the input port, the output port, the reason for the drop (if there is a drop), etc.

In addition, the RTP aggregated data includes the source MAC address, destination MAC address, source IP address, destination IP address, source L4 port number, destination L4 port number, average throughput, total number of received packets, and RTP payload for each IP flow. Type, RTP SSRC, number of packets indicating RTP marker bit value and 1, packet reception interval (average / minimum / maximum), packet loss number, maximum burst loss number, switch ID, switch ID via, input port, output port , The reason for the drop (if there is a drop), the switch ID where the drop occurred, etc.

For (ST2110-20), the aggregated data according to the SMPTE protocol is the aggregated data output by RTP, resolution, frame rate, interlaced / progressive identification, and transmission delay (average / minimum / maximum). It is given to the data. Transmission delay is related to the delay time it takes for a packet to pass through the switch.

For (ST 2110-30), each value of data output by RTP, sampling frequency, packet time, payload length, RTP SSRC, and transmission delay (average / minimum / maximum) is added to the aggregated data. To.

For (ST 2022-6), the data output by RTP, the MAP value in ST 2022-6, the FRAME value in ST 2022-6, the FRATE value in ST 2022-6, the SAMPLE value in ST 2022-6, and ST 2022. The R value in -6 is given to the aggregated data.

In this embodiment, various data used for IP flow analysis are written in the IP flow information packet. In particular, the average throughput, the total number of received packets, and the ID of the switch that has passed through are data obtained by analyzing a plurality of or all passing packets (input packets), and by performing these information analysis on each network switch 20. , It becomes easy to identify the faulty part and monitor the quality of the IP flow with the monitoring device (analysis server) 30.

Further, in the present embodiment, information specialized for program production such as ST 2110-20, ST 2110-30, and ST 2022-6 is also written in the IP flow information packet. In particular, the resolution of the video, the sampling frequency of the audio, and the like are data related to the quality of the program, and by analyzing these information with each network switch 20, it becomes easy to monitor the quality in the program production.

The item of receiver status information output from the destination 40 to the monitoring device 30 can also be created according to the item of the IP flow information packet described above, and further, the information of the final reception status can be added.

According to this embodiment, IP flow information calculated from a plurality of (or all) packets is generated in the switch and output as an IP flow information packet. In the case of media packets, the sequence number is checked and packet loss is detected. It also calculates the video resolution and packet transmission delay. When dropping (discarding) a packet, write the reason in the flow information table. By doing so, it is possible to detect packet loss and know the state of the image without using external equipment, so that it can be applied to a large-capacity traffic network such as 4K / 8K. If a switch is experiencing a drop, you can determine that the switch is the cause. In addition, it is possible to know the reason when the packet is dropped by the switch, and it is possible to know that there is an abnormality even downstream. Furthermore, by comparing the IP flow information among a plurality of switches, it is possible to uniquely identify to which switch the packet has arrived.

While uniquely specifying the network route information for each IP flow using INT, the RTP header part and SMPTE header part are analyzed inside the switch and transmitted as IP flow information, reducing the processing on the analysis server. be able to. This makes it possible to know the state of the video / audio packet, the identification of the fault location, the route switching location, and the like.

It is desirable to add INT metadata to all packets in analysis, but in order to suppress the increase in network bandwidth due to the increase in the INT field part, the combination of source IP address and port number, etc. or the destination IP It is also possible to limit the monitoring target to a specific packet and add INT metadata, such as when the white list specified by the address and port number or when the marker bit of the RTP packet is 1.

(Second Embodiment)
FIG. 7 is a schematic configuration of the IP flow monitoring system (network monitoring system) according to the second embodiment of the present invention. Similar to the first embodiment, the IP flow monitoring system of the present embodiment also has a packet flow passing through one or a plurality of network switches 20 on the network in the system constructed by the Ethernet / IP packet network (the packet flow (). It is a system for monitoring IP flow) and its quality. In the present embodiment, the contents common to the first embodiment will be described by omitting or simplifying the description and focusing on the differences.

_The network switch 20 ₍ 201 to 203) of the present invention is a network switch equipped with a packet analysis function, analyzes input packet metadata in the network switch 20, and performs a plurality of packets via the network switch 20. The IP flow information calculated from the above is generated and output to the monitoring device 30 as an IP flow information packet. Further, the network switches A and B (201, 202) add the information of the network switch as metadata to the input packet received from the source 10 or _another network switch ₂₀ , and use it as an output packet. Output. The configuration of the network switches 20 ( ₂₀₁ to ₂₀₃ ) may be basically the same as the block diagram of FIG. 2, and the items of the IP flow information packet may be the same as those of FIG.

In the present embodiment, the program production device 40, which is the transmission destination, is a device that does not support INT metadata. Therefore, the network switch C ₍ 203) in the previous stage of the destination 40 deletes the information (metadata) of each switch added by each network switch from the input packet, and the Ethernet / output by the source 10 is output. Return to the IP packet configuration and output to the destination 40. Since the transmission destination 40 does not analyze the metadata, it does not output the receiver status information to the monitoring device 30.

The monitoring device ₃₀ receives IP flow information packets from _each network switch 20 (201 to 203), analyzes them, and monitors the packet flow (IP flow). The monitoring device 30 analyzes the packet flow for each IP flow, summarizes it as aggregated data, and analyzes the quality of each IP flow. In addition, if a failure occurs in the IP flow, the location of the failure is identified.

FIG. 8 shows an example of a protocol stack output from each switch in this embodiment. From the left side of FIG. 8, the outline of the packet output from the source 10 and the packet output from each network switch _A , B, C (201 to ₂₀₃ ) equipped with the packet analysis function is shown.

The packet output from the source 10 includes, for example, Ethernet Header, IP Header, UDP Header, RTP Header, SMPTE ST 2022-X / ST 2110-X Header, and subsequently has a Payload.

The network switch _A (201) adds the INT Header (metadata) including the information of the INT Header and the switch A to the packet received from the source 10 after the IP Header. After that, the output packet is continuously created with the configuration in which UDP Header, RTP Header, SMPTE ST 2022-X / ST 2110-X Header, Payload are received.

Similarly, the network switch B ( ₂₀₂ ) includes the INT metadata (Payload) including the information of the switch B after the INT metadata of the switch A for the packet received from the network switch _A (201). ) Is added. After that, the output packet is continuously created with the configuration in which UDP Header, RTP Header, SMPTE ST 2022-X / ST 2110-X Header, Payload are received.

However, the network switch C ₍ 203) deletes the INT Header and the INT metadata added by the switches A and B from the packet received from the network switch B ( ₂₀₂ ). Then, UDP Header, RTP Header, SMPTE ST 2022-X / ST 2110-X Header, Payload are continued, and the packet configuration output by the source 10 is restored and output to the destination 40.

In this way, _each network switch 20 ₍ 201 to 203) equipped with the packet analysis function analyzes the INT metadata of the information of each switch sequentially added, and the packet passes through any switch even in the downstream switch. It is possible to know the information and the state of the upstream switch (delay time when passing through the switch, etc.). In addition, by deleting the metadata and outputting it to the device that does not support the metadata, it is possible to communicate with the device that does not support the metadata as before. Since there is metadata in front of the payload, transfer processing can be performed as before even with network devices that do not support metadata. A flexible network can be configured by giving information on the function (whether or not metadata can be supported) of the device to which the packet is forwarded to the network switch 20.

Next, the actual IP flow analysis will be described using an example.

FIG. 9 is an example of an IP flow in a network. The network of FIG. 9 includes Senders _1-3 , network switches A (201), B ( ₂₀₂ ), and Receivers 1-3. The IP flow from Sender 1 is input to port 1 of switch A, and is output from port 2 to Receiver 1. The IP flow from Sender 2 is input to port 5 of switch A, but is dropped by switch A and is not output. Further, the IP flow from the Sender 3 is input to the port 3 of the switch A via the switch B, duplicated by the switch A, and output from the port 4 to the Receiver 2 and from the port 6 to the Receiver 3.

FIG. 10 is an example of IP flow information in the network of FIG. The upper side is the IP flow information output from the network switch A, and the lower side is the IP flow information output from the network switch B. As for the IP flow information of the network switch A, four records are created by the combination of the Ingress Port and the Egress Port. The hatched part of the IP flow information is a particularly noteworthy item, and the analysis result of the packet at each network switch is entered. For example, the second line on the upper side shows the flow information input to the port 5, and the drop (discard) and the reason for the drop are entered. By analyzing this IP flow information, the status of the IP flow at each switch can be easily grasped.

In the above embodiment, the configuration and operation of the network switch 20 have been described, but the present invention is not limited to this, and the present invention is not limited to this, the input packet is analyzed, the information of the switch is added to the packet as metadata, and the IP It may be configured as a method of generating and outputting flow information.

A computer can be preferably used to function as the network switch 20 described above, and such a computer stores a program describing the processing contents for realizing each function of the network switch 20 in the storage unit of the computer. However, this can be realized by reading and executing this program by the CPU of the computer. This program can be recorded on a computer-readable recording medium.

Although the above embodiments have been described as typical examples, it will be apparent to those skilled in the art that many modifications and substitutions can be made within the spirit and scope of the present invention. Therefore, the present invention should not be construed as being limited by the above-described embodiments, and various modifications and modifications can be made without departing from the scope of claims. For example, it is possible to combine the plurality of constituent blocks described in the embodiment into one, or to divide one constituent block into one.

10 Source 11 Video transmitter 12 Voice transmitter 20 Network switch 21 Packet input unit 22 Input packet analysis / judgment unit 23 Transfer / replication processing unit 24 Packet rewriting unit 25 Packet output unit 261 Temporary storage unit for packet analysis 262 IP flow information Generation storage unit 263 Transfer information / monitoring target storage unit 264 Switch status information storage unit 27 IP flow information generation unit 28 IP flow information output unit 30 Monitoring device 40 Destination 51 SDI router 52 Voice router 55 Network switch 60 Synchronous signal generator 70 Receiver 80 Analyzer

Claims (9)

A network switch in a system constructed with a network of Ethernet® or IP (Internet Protocol) packets.
A function to add the network switch information and IP flow information as metadata to the input packet and output it as an output packet.
A network switch characterized by having a function of analyzing the input packet and outputting the IP flow information obtained by the analysis as an IP flow information packet. In the network switch according to claim 1,
The network switch information includes the switch ID, the presence / absence of drop (discard), or the number of dropped packets, and is added to the header portion of the input packet as INT (In-Band Network Telemetry) metadata. Network switch. In the network switch according to claim 1,
The network switch information includes a switch ID and a sequence number of a previous packet in an IP flow, and is added to a header portion of an input packet as INT (In-Band Network Telemetry) metadata. The network switch according to any one of claims 1 to 3.
The network switch is characterized in that the IP flow information includes information on an average throughput and an information of a switch ID via the switch. In the network switch according to any one of claims 1 to 4.
The system constructed by the network is a program production system, and the IP flow information packet is a network switch characterized in that information specialized for program production is included. The network switch according to any one of claims 1 to 5.
When the device to which the output packet is output does not support the metadata, the network is characterized by having a function of deleting the metadata added by each network switch from the packet and outputting it as the output packet. switch. In the network switch according to any one of claims 1 to 6.
A network switch characterized in that the monitoring target to which metadata is attached and analyzed is limited to a specific packet and the metadata is attached. An IP flow monitoring system that monitors IP flow in a network of Ethernet® or IP packets.
The network switch according to any one of claims 1 to 7.
An IP flow monitoring system including a monitoring device that receives and analyzes the IP flow information packet from the network switch. In the IP flow monitoring system according to claim 8,
A destination for receiving the output packet from the network switch is provided.
The destination is an IP flow monitoring system characterized in that receiver status information is output as a packet to the monitoring device.

Images