JP3806129B2 - Communication method - Google Patents

Description

  The present invention relates to a router device having a label switch function and a communication method in a system including the router device.

  (1) A router that transfers a datagram by analyzing an IP (Internet Protocol) header uses a routing protocol to determine the next transfer destination. In OSPF (Open Shortest Path Fast; for example, see J. Moy, “OSPF Version 2”, Intenrt RFC 2328, April 1998) used as one of them, the route of the same cost to the final destination network or host When there are a plurality of next transfer destinations, it is possible to hold a plurality of next transfer destination information. Here, the cost is, for example, information such as the number of routers on the way, and means arrival at the shortest route when the cost is low.

  This function is used for load balancing (load balancing). For example, when a router device that transfers data has multiple pieces of next transfer destination router information, only one router device is output by outputting each of them uniformly. To prevent high loads. Here, it should be noted that the order of datagrams must not be reversed in data transfer between two hosts during load balancing.

  On the other hand, the label switch technology devised as a method for speeding up datagram transfer such as IP does not look at the IP header information during datagram transfer. The order guarantee is difficult.

  Therefore, a plurality of cut-through transfer paths (referred to as label switch paths) are currently set from a device that performs transfer using an IP header (referred to herein as an edge router), and a plurality of cuts set by the edge router. The technique of transferring the datagram to one of the through paths is taken.

  As the label switch path setting in this method, there is a setting (Explicit Route) that forcibly passes each path when the setting is started from the edge router.

  In the case of setting with explicit route, it is necessary for the edge router to recognize whenever the specified route (router device) is deleted due to the route change in the router device in the middle, and the specified route is deleted. When notifying the edge router from the detected router, special means such as using a routing protocol or protocol information for generating cut-through may be required.

  Also, with the conventional method, even if it does not have multiple routes, it is necessary to recognize multiple routes, which may be difficult depending on the routing protocol, and must be registered by the network administrator at the time of network design there is a possibility.

  (2) By the way, there is an interest in building a VPN (Virtual Private Network) that operates on a non-private network composed of routers having a label switch function. In this case, when the bases of the private network are separated from each other, the CPE (Customer Equipment Equipment) of each base is interconnected by an LSP (Label Switched Path; label switch path) on the non-private network. On each set LSP, only packets belonging to the VPN flow, and other packets do not flow.

  A device that is located at an end on a non-private network and terminates the LSP and accommodates a specific private network base by connecting to the CPE is called an edge router. A plurality of different VPNs may be established on a non-private network. Among them, one edge router may accommodate a plurality of private networks belonging to different address spaces.

  The edge router has an interface on the non-private network side and an interface on each private network side connected to each CPE to be accommodated.

  As a conventional type of this kind of edge router, there are known two types of network layer processing modules, that is, those composed of a non-private module and a private module.

  Both the non-private module and the private module are interconnected by a network interface. Both perform LDP (Label Distribution Protocol) to form an LSP between them. On the other hand, the LSP on the non-private side is independent of the LSP between the two, but by connecting them directly by switching, the end interface of the LSP is finally extended to the module on the private side. I have to.

  Such an LSP termination interface is called a virtual network interface. When one edge router device accommodates a plurality of VPNs, a corresponding number of private side modules are provided.

  Such an edge router device may be an individual device in which a non-private module and a private module are separated. In this case, the non-private device is an edge router, and the private device is a CPE. Become.

  (3) By the way, there are mainly two conventional techniques for realizing a VPN (Virtual Private Network).

  One is a technique for encapsulating a private packet with a non-private packet, and the other is a technique for transferring a private packet through a label switch path on a non-private network.

  The VPN using the former encapsulation technology has the advantage of being able to implement a VPN without assuming the existence of a label switch network, but has the advantage of high speed of data transfer and guarantee of communication quality in the label switch network. There is a drawback that the function cannot be used exclusively for VPN.

  On the other hand, in the VPN using the latter label switch path technology, the advantages and disadvantages of the former are just interchanged.

  (2) In the conventional apparatus, for the purpose of extending the LSP to the private side module, the non-private side module and the private side module have to communicate with each other by LDP. .

  One is that either the former or the latter must have both a non-private address space interface and a private address space interface on a module. This is disadvantageous in that even when only one private space is accommodated, a packet filtering function must be added to each network interface on the module, which reduces the packet transfer capability.

  In addition, when a conventional device accommodates multiple private spaces, software or hardware technology currently commonly used to implement network layer processing cannot identify multiple network address spaces to which a packet belongs. For example, an address space identifier must be added to every network component, such as a network interface or routing table. In other words, it can be said that the conventional apparatus configuration requires a large modification to the current general software or hardware, and is difficult to put into practical use.

  A further problem is that such a multi-address space processing function is premised and the private side module must perform LDP. This is not only because the implementation of the private side module becomes complicated and expensive, but also when the LDP specification is updated, the implementation of the private part must be updated each time, so that it is not adaptable to the future. I can say that.

  The present invention eliminates the disadvantages of the conventional apparatus as described above, allows the private side module to be easily mounted, and changes only the non-private side module when changing the use of the label switch standard. It is an object to provide a communication method.

  The present invention relates to a private processing module having means for transferring packets connected to a private network consisting of a private address space, and a non-private processing module having means for label-switching packets connected to a non-private network consisting of a non-private address space. The non-private processing module includes a private network to which the private processing module is connected and the private address space. When it is recognized that another system that accommodates another shared private network exists in the non-private network, it is directed to the other system. Protocol communication for setting a label switch path passing through the non-private network is performed, and the non-private processing module extends the set label switch path to the private processing module, and sends the other to the private processing module. The private address of the other system (creating a virtual interface corresponding to the other system in the private processing module), and the private processing module extended the packet addressed to the private address of the other system. Transfer to the label switch path.

  Thus, even if the private processing module does not perform the protocol communication for setting the label switch path, and the non-private processing module does not manage the private address space of each VPN (Virtual Private Network), the private processing module can be It is possible to set a label switch path as an end point, and to easily connect private networks belonging to the same VPN with a label switch path via a non-private (public) network.

  Preferably, a plurality of paths (for example, virtual connections) are prepared in advance between the private processing module and the non-private processing module, and the extension of the label switch path is a single path selected from the plurality of paths. And the set label switching path in the non-private processing module, and the private address of the other system is notified in association with the selected one path. Also good.

  Preferably, the extension of the label switch path may be performed after it is confirmed that the label switch path is set to reach the other system.

  The timing at which the non-private processing module extends the label switch path and generates the virtual interface corresponding to the partner system in the private processing module is at least after the label switch path is set up to the adjacent node of the own system. Good, but if the label switch path is terminated inside the non-private network, there is a possibility that the packet transferred from the private processing module of the own system may be lost due to unknown destination. As described above, if this timing is set after the label switch path is set so as to reach the other party's system, such packet loss can be prevented.

  Preferably, the notification of the private address of the other system is configured with both the label switch for carrying a packet to the other system and another label switch for carrying the packet from the other system. You may make it perform in a case.

  In this way, when two label switches are paired and bi-directional communication is possible with the partner system, one virtual interface corresponding to the partner system is created in the private processing module. Thus, the private processing module can handle the virtual interface of the present invention in the same manner as a normal network interface.

  Preferably, the system also comprises a second private processing module connected to a second private network comprising a private address space different from the private address space and having means for forwarding packets, the non-private The processing module has another system in the non-private network that accommodates another second private network that shares the different private address space with the second private network to which the second private processing module is connected. Even when recognizing this, protocol communication for setting a label switch path via the non-private network is performed to the other system, and the non-private processing module is set. The label switch path is extended to the second private processing module, and the second private processing module is notified of the private address of the other system. The second private processing module A packet addressed to a private address may be transferred to the extended label switch path.

  As described above, according to the present invention, when a plurality of private address spaces are accommodated in one edge system, the same private address space as that corresponding to a newly accommodated private address space is obtained. Since it is only necessary to connect another private processing module to the non-private processing module, an edge system with high expandability can be realized.

  Here, a description will be made in relation to the operation and effect of the present invention. According to the present invention, for example, in an edge router apparatus or the like, it is necessary to execute the LSP setting protocol between the non-private processing module and the private processing module. Each network module only needs to process a single network space. The non-private processing module executes a process of the network layer belonging to the non-private network space and executes a protocol for setting an LSP for the accommodated VPN. On the other hand, the private processing module executes network layer processing belonging to the private address space.

  An LSP formed on a non-private network is once terminated with a non-private processing module. For example, a path that internally connects both modules and the LSP are substantially changed by operating a switch unit or the like. Extend the end point of the LSP to the private processing module. At that time, the private processing module treats the end point as a virtual network interface, but information necessary for this is obtained from a non-private processing module (for example, an LSP setting protocol control unit), By extending the lower layer protocol, the non-private processing module notifies the private processing module.

  The lower layer protocol does not depend on the specification of the LSP setting protocol. For example, the lower layer protocol simply provides a pair of path identification information of the lower layer and the private address of the partner edge router interconnected by the LSP.

  As described above, even if the private processing module does not perform protocol communication for setting the LSP and does not manage the private address space of the VPN written by the non-private processing module, the LSP having the private processing module as an end point is set. It is possible to easily connect private networks belonging to the same VPN via LSP via a non-private network.

  The present invention relating to the apparatus is also established as an invention relating to a method, and the present invention relating to a method is also established as an invention relating to an apparatus.

  Further, the present invention relating to an apparatus or a method has a function for causing a computer to execute a procedure corresponding to the invention (or for causing a computer to function as a means corresponding to the invention, or for a computer to have a function corresponding to the invention. It can also be realized as a computer-readable recording medium on which a program (for realizing) is recorded.

  According to the present invention, each private unit module does not need to perform label switch control or packet filtering. Therefore, each module can be easily implemented, and a private communication path can be realized without impairing packet transfer performance. This is effective in terms of the performance cost ratio.

  In addition, when changing the specifications of the label switching standard, only the global module needs to be changed, and when multiple private address spaces are accommodated in one edge system, it corresponds to the newly accommodated private address space. Therefore, it is only necessary to newly connect another private processing module having the same configuration as that in the case where there is one private address space to a non-private processing module, so that an edge system with high expandability can be realized.

  Hereinafter, embodiments of the invention will be described with reference to the drawings.

  (1) FIG. 1 shows an example of a network in which a label switch is introduced and in which a router device can have a plurality of pieces of next-stage information.

  The router devices 101 to 103 obtain a common recognition between the information of the datagram flow to be transferred and the information of the lower layer among the routers, so that the router devices 101 to 103 can perform high speed based only on the lower layer information without looking at the IP header information. This is a device having a function of generating a path (hereinafter referred to as a cut-through path) that enables datagram transfer to be performed.

  Examples of means for obtaining common recognition of specific datagram information and lower layer information (hereinafter referred to as labels) include, for example, FANP (Flow Attribute Notification Protocol), TDP (Tag Distribution Protocol), and LDP (Label Distribution Protocol). Etc. are used.

  The router device 104 is a device connected to the router devices 102 and 103 and the network 120 ahead, and protocols such as FANP, TDP, and LDP are operating between the router device 102 and the router device 103, and cut It functions as a through-pass setting and the final stage of a cut-through path.

  The router apparatuses 111 to 11N are connected to the router apparatus 101, and like the router apparatus 104, protocols such as FANP, TDP, and LDP are operating, and have functions as a cut-through path setting and a final stage of the cut-through path. .

  As described above, the router devices 101 to 103/104/111 to 11N have been distinguished (for the sake of convenience), but all router devices have a cut-through transfer function. It does not matter.

  In the network shown in FIG. 1, a routing protocol for determining a transfer destination of an IP datagram is operating between routers. As the operating protocol, OSPF (Open Shortest Path Fast) or the like can be considered.

  By operating the routing protocol on the network, the router device 101 adopts either the route via the router device 102 or the route via the router device 103 when transferring the datagram to the network 120 or the router device 104. Even so, it can be recognized that it can be reached at the same cost. As a result, the router apparatus 101 may transfer data to either the router apparatus 102 or the router apparatus 103 when transferring the datagram.

  In such a configuration, a case will be described in which the cut-through paths 131 to 13N are generated from the router apparatuses 111 to 11N to the network 120 or the router apparatus 104 using protocols such as FANP, TDP, and LDP.

  In this case, in the router device 101, the setting messages arriving from the router devices 111 to 11N are transferred toward the router device 104 or the network 120. In the router device 101, a datagram is transferred. Similarly to the above, as the next router device for transferring a message in order to extend the cut-through, the message may be transferred to either the router device 102 or the router device 103.

  Here, FIG. 2 shows a configuration example of the router apparatus 101 existing in the network configuration illustrated in FIG. Although the router apparatus 102 and the router apparatus 103 may have the same configuration as this, the router apparatus 101 is taken as an example because only the router apparatus 101 has a multipath in the network configuration example of FIG.

  The IP processing unit 201 checks whether or not the datagram is addressed to itself based on the destination information of the IP datagram. The datagram addressed to the IP processing unit 201 performs reception processing on the datagram addressed to itself and performs a higher-level protocol (eg, TCP If the address is not addressed to itself, the next transfer destination is determined and a process for transferring to the next router device is performed.

  Since the router device 101 has a switching function using labels, it is not always necessary to have a transfer function for datagrams not addressed to the latter. However, when the router device 104 and the router devices 111 to 11N have the configuration shown in FIG. 1, since these can be the start and end points of cut-through, a datagram transfer function is required.

  The cut-through control unit 202 is a part that executes a protocol used for obtaining a common recognition of datagram flow and label information (exchanging datagram flow and label information) with adjacent router devices. .

  The routing table 203 is a table for obtaining a router device to be sent next from the destination address, and it is possible to have a plurality of pieces of next-stage information, but depending on the route, there may be no multipath. is not.

  The network interfaces 211 to 21N are respectively connected to the router devices 111 to 11N, and any physical layer can be used as long as FANP, TDP, LDP, or the like can be used. For example, ATM, frame relay, Ethernet (registered trademark), etc. can be considered.

  The network interface 221 is connected to the router device 102 and operates in the same manner as the network interfaces 211 to 21N (here, the same configuration as the network interfaces 211 to 21N).

  The network interface 222 is connected to the router device 103 and operates in the same manner as the network interfaces 211 to 21N (here, the same configuration as the network interfaces 211 to 21N).

  The switch unit 204 is a switch device that can switch directly from the network interface to the network interface when cut-through transfer is possible.

  The configuration of each network interface will be described by taking the network interface 211 as an example.

  The physical layer processing unit 231 performs different processing depending on the physical layer accommodated by the network interface. In the case of ATM, processing such as cell synchronization, and in the case of Ethernet (registered trademark), MAC processing or the like is performed physically. It corresponds to layer processing.

  The label processing unit 232 extracts the label from the header information of the received datagram (frame), and then searches the label table 233 to determine the label for the next router device, and uses the IP header or the like Without executing the gram transfer process, a process for transferring to the next router as it is through the switch unit 204 is performed.

  In the case of ATM, the label processing unit 232 and the label table 233 can use the VPI / VCI switch table used in the ATM switch or the like as it is, and the network interface possessed by the router apparatus 101 is all ATM. All functions of the network interfaces 211 to 21N, 221, 222, the label processing unit 232, the label table 233, and the switch unit 204 can be realized by the ATM switch.

  Hereinafter, a cut-through path setting procedure of the router apparatus 101 will be described.

  FIG. 3 shows an example of a processing procedure of the router apparatus 101 when a cut-through path is generated from the router apparatuses 111 to 11N with the final destination being the network 120 or the router apparatus 104 in the network illustrated in FIG. . Here, an example in which merging is not performed will be described.

  Although the operation differs depending on the protocol for generating the cut-through protocol, an example in which a message is transferred to the next-stage router in response to a message for generating a cut-through (hereinafter referred to as a setting message) will be described here. .

  The cut-through path generation message received from the network interfaces 211 to 21N of the router 101 is searched for the label table 223 by the label processing unit 232, and then directly processed to the other network interface without being transferred to another network interface. Is transferred to the IP processing unit 201 (step S301).

  The conditions for performing the datagram processing differ depending on each protocol, but basically the switch unit 204 performs the process of transferring to the IP processing unit 201.

  The IP processing unit 201 to which the setting message has been transferred determines whether there is a message to be received by itself, and in the case of a message for the cut-through protocol, data is sent to the cut-through control unit 202 (step S302). .

  On the other hand, when the IP processing unit 201 determines that the message is not to be received by itself, the IP processing unit 201 performs IP forwarding processing. After searching the routing table 203, the IP processing unit 201 selects the next router device. Then, the data is transferred to the next router device (step S303). At this time, if the router device 101 does not have an IP transfer function, the datagram is discarded.

  Now, the cut-through control unit 202 that has received the setting message from the IP processing unit 201 obtains a final destination for generating a cut-through path included in the received message (step S304).

  The cut-through control unit 202 searches the routing table 203 from the acquired final destination to obtain the next-stage router device (step S305). If the final destination is unreachable, the message transfer is stopped. (Step S306).

  The operation after the message transfer is stopped differs depending on the cut-through generation protocol, and a response (hereinafter, the response message is referred to as a setting completion message) is returned from the router apparatus 101 to the preceding router apparatuses 111 to 11N. There are some that stop the protocol operation as it is.

  On the other hand, if the final destination exists in step S305, information on the next-stage router device is obtained from the entry in the routing table 203.

  As already described in the network example of FIG. 1, in the router device 101, the router device 102 and the router device 103 are held as next-stage information for the router device 104 and the network 120.

  At this time, the cut-through control unit 202 confirms the number of cut-through paths already set (the number of cut-throughs) for the same final destination (step S307).

  The set number of cut-throughs is used for determination for obtaining the next-stage information. For example, when there are two pieces of next-stage information as in the network configuration of FIG. The next-stage information is determined by an algorithm that selects the router device 102 when the number is even and selects the router device 103 when the number is odd (step S308).

  When n pieces of next-stage information exist, assuming that the set number of cut-throughs is c, for example, each next-stage router device may be selected in order based on the value of c mod n.

  Further, this next-stage router device selection algorithm is not limited to the above, but each next-stage router device is set to the same (or almost the same) number of paths, or the paths are equally distributed to each next-stage router device. Any method can be used.

  In the cut-through control unit 202 that has determined the next-stage router in this way, when the next-stage router device is determined to be the router device 102, it is determined to be the router device 102 through the network interface 221 and the router device 103. If so, the setting message is sent to the router device 103 through the network interface 222 (step S309).

  After this, when the setting completion message arrives from the router device 104 or the intermediate router that is the end point of cut-through (step S310), the flow information and label information included in the received message and the corresponding transmission flow information And the label information are completed, it is possible to set a cut-through path from the input interface 211 to 211N to the output interface 221 or the output interface 222, and to shift to cut-through transfer (step S311).

  In the case of a router device configured as shown in FIG. 2, the shift to cut-through transfer is completed by setting output label information on the label switch table 233 existing on the reception interfaces 211 to 21N.

  When the shift to cut-through transfer is completed, the cut-through control unit 202 transfers a setting completion message to the previous router device.

  In this way, in the procedure for determining the next-stage router, it is possible to balance the load level at the path level by making the number the same (or almost the same) with reference to the number of cut-through paths already set. Become.

  Next, with respect to the router apparatus 101 shown in FIG. 2, a case where the switch unit 204 supports a merge function capable of sending a plurality of input labels to one output label will be described.

  In FIG. 4, when the router apparatus 101 has a merge function (merges), for example, the router apparatus at the time of generating a cut-through path in which the router apparatuses 111 to 11N have the final destination as the network 120 or the router apparatus 104. An example of the processing procedure 101 is shown.

  The cut-through path generation message received from the network interfaces 211 to 21N of the router 101 is searched for the label table 223 by the label processing unit 232, and then directly processed to the other network interface without being transferred to another network interface. Is transferred to the IP processing unit 201 (step S401).

  The conditions for performing the datagram processing differ depending on each protocol, but basically the switch unit 204 performs the process of transferring to the IP processing unit 201.

  The IP processing unit 201 to which the setting message has been transferred determines whether there is a message to be received by itself, and if it is a message for the cut-through protocol, data is sent to the cut-through control unit 202 (step S402). .

  On the other hand, if the IP processing unit 201 determines that the message is not to be received by itself, it performs a datagram transfer process such as IP. At this time, the IP processing unit 201 searches the routing table 203. The next router device is determined, and the data is transferred to the next router device (step S403). At this time, if the router apparatus 101 does not have a datagram transfer function, the data may be discarded.

  Now, the cut-through control unit 202 that has received the setting message from the IP processing unit 201 acquires a final destination for generating a cut-through path included in the message (step S404).

  The routing table 203 is searched from the final destination acquired from the message to obtain the next router device (step S405). If the final destination is unreachable, the message transfer is stopped (step S406).

  The operation after the message transfer is stopped differs depending on the cut-through generation protocol. The router device 101 returns a response to the preceding router devices 111 to 11N, or the protocol operation is stopped as it is. Exists.

  On the other hand, if there is a final destination in step S405, it is possible to acquire information on the next-stage router device from the entry in the routing table 203. In the case of the router device 101 in FIG. For the router device 104 and the network 120, the router device 102 and the router device 103 are held as next-stage information.

  The cut-through control unit 202 selects the next-stage router device. At this time, the number of cut-through paths already set for the same final destination is confirmed (step S407).

  The set cut-through number is used for the determination to obtain the next stage information. For example, when the set cut-through number is 0 and an even number, the router device 102 is selected as shown in FIG. In the case of an odd number, the next stage information is determined by an algorithm for selecting the router device 103 (step S408). As described above, this algorithm is not limited to the above, and any algorithm may be used as long as each next-stage router apparatus is set to the same number of paths.

  Next, when the set number of cut-throughs is less than the next stage information to be held, that is, in this example, when the set number of cut-throughs is 0 and 1, the maximum number of cut-through paths is still present (in this example, 2) Since it has not been generated, a setting message is sent to the determined next-stage router (step S409).

  Thereafter, when a setting completion message arrives from the router device 104 that is the end point of cut-through or an intermediate router (step S410), the flow information and label information included in the received message, and the corresponding transmission flow The association between the information and the label information is completed, and a cut-through path can be set from the input interface 211 to 211N to the output interface 221 or 222, and a shift to cut-through transfer is possible (step S411).

  In the case of a router device configured as shown in FIG. 2, the shift to cut-through transfer is completed by setting output label information on the label switch table 233 existing on the reception interfaces 211 to 21N.

  When the set number of cut-throughs is greater than or equal to the number of next-stage information to be held, that is, in this example, when the number of set-throughs is two or more, the cut-through path to be transmitted is the next-stage router. In the cut-through control unit 202, the determined next-stage router information is merged into the set cut-through path and sent out on the input interface 211 to the received setting message. The setting is completed in the label switch table on 211N (step S411).

  Thereafter, a setting completion message is returned to the router device that has transmitted the setting message.

  When merging is performed in this way, in the determination of next-stage information in step S408, one next-stage information is not selected a plurality of times until all the next-stage information is selected once. Is preferred (in the example shown above, this is the case). However, the selection criteria may be relaxed so that one next-stage information may be selected a plurality of times before all the next-stage information is selected once. In this case, in the procedure described above, the number of cut-through paths that have been set> = the number of next-stage information to be retained is that the cut-through path to be merged has already been set and has already been set. The condition of the number of cut-through paths <the number of next-stage information to be held is that a cut-through path to be merged has not yet been set (this condition can also be used in the procedure of FIG. 4).

  Next, a case will be described in which it is considered that the link speed (network bandwidth) of each network interface corresponding to a plurality of selectable next-stage information is different.

  For example, a case where the link speeds of the network interface 221 and the network interface 222 of the router device 101 are different can be considered. Therefore, it is preferable to distribute the load in consideration of the link speed.

  FIG. 5 shows an example of a processing procedure of the router apparatus 101 when generating a cut-through path in such a case. Here, the case of not merging will be described.

  Here, as an example, a cut-through path is generated from the router apparatuses 111 to 11N so that the final destination is the network 120 or the router apparatus 104, and the link speed between the network interface 221 and the network interface 222 is 1: 2. The network interface 222 is high speed).

  The cut-through path generation message received from the network interface 211 of the router apparatus 101 searches the label table 223 in the label processing unit 232, determines that it performs IP processing by itself, and transfers the message to the IP processing unit 201 (step). S501).

  The IP processing unit 201 to which the setting message has been transferred determines whether there is a message to be received by itself, and if it is a message for the cut-through protocol, data is sent to the cut-through control unit 202 (step S502). .

  On the other hand, if the IP processing unit 201 determines that the message is not to be received by itself, it performs a datagram transfer process such as IP. At this time, the IP processing unit 201 searches the routing table 203. The next router device is determined and the data is transferred to the next router device (step S503). At this time, if the router apparatus 101 does not have an IP transfer function, the data may be discarded.

  Now, the cut-through control unit 202 that has received the setting message from the IP processing unit 201 acquires a final destination for generating a cut-through path from the information included in the message (step S504).

  The routing table 203 is searched from the final destination acquired from the message, and the next router device is obtained (step S505). If the final destination is unreachable, the message transfer is stopped (step S506).

  The operation after the message transfer is stopped differs depending on the cut-through generation protocol. The router device 101 returns a response to the preceding router devices 111 to 11N, or the protocol operation is stopped as it is. Exists.

  On the other hand, if there is a final destination in step S505, information on the next-stage router device can be obtained from the entry in the routing table 203. In the case of the router device 101 in FIG. For the router device 104 and the network 120, the router device 102 and the router device 103 are held as next-stage information.

  The cut-through control unit 202 selects the next-stage router device. At this time, the number of cut-through paths already set for the same final destination is confirmed (step S507).

  The set cut-through number is used for determination to obtain the next stage information. For example, when the set cut-through number is a multiple of 3, the router device 102 is selected, and in other cases, the router device is selected. Next-stage information is determined by an algorithm that selects 103 (step S508).

  If there is n next-stage information and the link speed for each next-stage i is r (i), for example, y = c mod (r (1) + ... + r (n)) based on the value of each next-stage router device at a frequency according to the link speed (the number (number of types) of y values for which the next-stage i should be selected) Proportional to the link speed r (i) of the next stage i).

  For example, there are three pieces of next stage information (next stage 1, next stage 2, and next stage 3), link speed for next stage 1: link speed for next stage 2: link speed for next stage 3 = 1: 2. : 3 (the sum of the elements of the link speed ratio (in this case, 1, 2, 3) = 6), y = c mod If the sum of the elements of the link speed ratio (= 6) is 0 If the next stage 3 is selected and 1, 2, 3, 4, 5 are selected, then the next stage 2, the next stage 1, the next stage 3, the next stage 2, and the next stage 3 are selected. May be.

  In addition, the selection algorithm is not limited to the above, and any method that allows the ratio of the number of paths to each next-stage router to match (or substantially match) the link speed ratio. Anything is acceptable.

  The cut-through control unit 202 that has determined the next-stage router in this way sends a setting message to the next-stage router through the network interface 221 when the next-stage router is the router apparatus 102, and the network when the router apparatus 103 is used. The data is transmitted through the interface 222 (step S509).

  Thereafter, when a setting completion message arrives from the router device 104 that is the end point of cut-through or an intermediate router (step S510), the flow information and label information included in the received message, and the corresponding transmission flow The association between the information and the label information is completed, and it is possible to set a cut-through path from the input interface 211 to 211N to the output interface 221 or 222, and to shift to cut-through transfer (step S511).

  In the case of a router device configured as shown in FIG. 2, the transition to cut-through transfer is completed by setting output label information on the label switch table existing on the reception interfaces 211 to 21N.

  In this way, it can be seen that when the link speed is basically different, it can be dealt with only by changing the algorithm for selecting the next router device.

  Note that the case where the difference in link speed is taken into consideration and the switch to be merged is used (merging is performed) is almost the same as that described with respect to the example of FIG. 4, and only the selection process in step S408 is performed. For example, it may be changed to a value considering the link speed as in step S508 in FIG.

  In the present embodiment, when the next stage information is determined in the processes of FIGS. 3 to 5, that is, by changing the processing algorithm of step S 308, step S 408, and step S 508, the merge is not performed. Again, various applications and load balances can be implemented. Some applications are shown below.

  In the router device 101, various cut-through paths may be generated in addition to the router device 104 or the network 120. For example, in the router device 101, for the cut-through path to another destination, the number of cut-through paths already set with the router device 102 as the next-stage router device and the number of cut-through paths already set with the router device 103 as the next-stage router device In consideration of the number, when either one (for example, the router device 102) is set to a large number, weighting is performed so that the selection probability for the other router device (in this case, the router device 103) increases. . This makes it possible to balance the total cut-through path for the router device 102 and the router device 103.

  If the edge router device includes QoS information when generating a cut-through path, it is easy to satisfy the specified QoS depending on the number of cut-through paths already set including QoS. What is necessary is just to change an algorithm so that an appropriate router apparatus may be selected.

  In addition, various variations can be considered.

  FIG. 6 shows a configuration example of the routing table 203 used for obtaining next-stage information from header information such as IP in the present embodiment.

  The column of the destination address 601 is information serving as a key for obtaining next-stage information from the destination address information of the transfer message and the setting message.

  The next-stage information 602 field is used to hold the number of next-stage information held for the corresponding destination information, and a value of 2 or more is set in the case of multipath.

  The next-stage information 611 to 61N holds the address of the next-stage information for transferring the datagram to the corresponding destination information, and the number of entries changes depending on the value set in the next-stage information 602. However, this entry does not need to contain the address information of the actual next-stage router device, and may be information indicating the position of the information storing the next-stage router device information.

  The column of cut-through setting number 603 represents the number of cut-through path settings already set for the corresponding destination information, and determines a plurality of next-stage router apparatuses for the processes shown in FIGS. May be used in processing.

  FIG. 7 shows a configuration example of a label switch table 233 used for obtaining a transmission interface and a transmission label from a label value added to a received datagram (frame) in the present embodiment and transferring it without going through IP processing. Show.

  The column of the reception label 701 matches the label included in the header information of the reception frame and serves as a search key for this table. In the case of ATM, VPI / VCI is used.

  The transmission interface 702 designates a network interface to be transmitted, and is used for switching by the switch unit 204.

  The transmission label value field 703 is used to store a label to be sent to the next router device and header information related to the physical layer when the physical layer is different.

  As described above, according to the present embodiment, when load balancing is executed, it can be performed only by a router apparatus that actually has multipath information without involvement of an edge router.

  In addition, it is possible to avoid complicated control and mounting and to realize an effective load balance.

  Up to now, the setting of the cut-through path has been described, particularly the selection of the next stage for load distribution. Hereinafter, the reset of the cut-through path performed according to the actual traffic volume will be described.

  FIG. 8 shows a configuration example of the router apparatus 101 having a function of resetting a cut-through path according to the actual traffic volume.

  The IP processing unit 801 checks whether or not the datagram is addressed to itself based on the destination information of the IP datagram. The datagram addressed to the IP processing unit 801 performs reception processing and performs an upper protocol (for example, TCP If the address is not addressed to itself, the next transfer destination is determined and a process for transferring to the next router device is performed.

  Since the router device 101 has a switching function using labels, it is not always necessary to have a transfer function for datagrams not addressed to the latter.

  The cut-through control unit 802 is a part that executes a protocol used for obtaining a common recognition of datagram flow and label information (exchanging datagram flow and label information) with adjacent router devices. .

  The routing table 803 is a table for obtaining a router device to be sent next from the destination address, and it is possible to have a plurality of pieces of next-stage information. However, depending on the route, there may be no multipath. is not.

  The network interfaces 811 to 81N are respectively connected to the router devices 111 to 11N, and any physical layer can be used as long as it can use FANP, TDP, LDP, etc., for example, ATM, frame relay, Ethernet ( Registered trademark).

  The network interface 821 is connected to the router device 102 and operates in the same manner as the network interfaces 811 to 81N (here, the same configuration as the network interfaces 811 to 81N).

  The network interface 822 is connected to the router device 103 and operates in the same manner as the network interfaces 811 to 81N (here, the same configuration as the network interfaces 811 to 81N).

  The switch unit 804 is a switch device that can switch directly from the network interface to the network interface when cut-through transfer is possible.

  The configuration of each network interface will be described by taking the network interface 821 as an example.

  The physical layer processing unit 831 performs different processing depending on the physical layer accommodated by the network interface. In the case of ATM, processing such as cell synchronization, and in the case of Ethernet (registered trademark), MAC processing is performed. It corresponds to layer processing.

  The physical layer counter 832 holds the number of physical layer frames transmitted from the network interface 821.

  The label processing unit 832 extracts a label from the header information of the received datagram (frame), and then searches the label table 833 to determine a label for the next router device, without executing the IP processing. , A process for transferring to the next router as it is through the label switch unit 804 is performed.

  In the case of ATM, the label processing unit 833 and the label table 834 can use the VPI / VCI switch table used in the ATM switch or the like as they are. If the router device 101 is all ATM, the network interface All functions of 811 to 81N, 821, 822, label processing unit 832, label table 833, and switch unit 804 can be realized by an ATM switch.

  As a procedure for resetting the cut-through path according to the actual traffic volume, roughly refer to the traffic volume count periodically for each target network interface, and reset the cut-through path according to a predetermined standard. If it is determined whether or not to reset, and it is determined that resetting is to be performed, resetting of one or a plurality of cut-through paths selected by a predetermined method (setting / release and merging are performed when merging is not performed) If it has been done, the contents of the label switch table are changed sequentially or collectively.

  9, in the network shown in FIG. 1, for example, the router apparatuses 111 to 11N generate a cut-through having the final destination as the network 120 or the router apparatus 104 by the method illustrated in FIG. An example of a processing procedure for measuring and re-setting the cut-through path is shown. Here, an example in which the router apparatus 101 does not perform merging is shown.

  This procedure is repeatedly executed at an appropriate timing.

  In the router apparatus 101, when a multipath exists in the routing table 803 (in this example, the network 120 and the router apparatus 104), the traffic is measured for the designated output interface (step S901). In this case, the network interface 821 and the network interface 822 are measured.

  Although the traffic can be measured by the traffic on the set cut-through path, it is more efficient to use the physical layer counter 832 existing on the network interface 821 in order to check whether the balance is achieved. The same applies to the network interface 822.

  If the transmission counter values are acquired by the physical layer counters 832 for the network interface 821 and the network interface 822, the transmission counter values of the two are compared or evaluated, and the relationship between the values (for example, the ratio) is within an allowable range. It is checked whether or not (step S902).

  Here, the allowable range is determined by the link speed and usage rate of the network interface 821 and the network interface 822. For example, the allowable range is a count value of the traffic amount of the network interface 821 and a count value of the traffic amount of the network interface 822. Preferably, the ratio matches or approximates the link speed ratio. Moreover, when both traffics are low, it is good also as an allowable range even if it is not balanced.

  After the above check, if it is within the allowable range, it may be terminated assuming that the traffic is balanced (step S903).

  On the other hand, if the allowable range is exceeded in step S902, the cut-through path to be reset from among the multi-path cut-through paths set in the network interface having a large transmission amount (for example, the network interface 821 side). Is selected (step S904), and the count value of the traffic amount flowing through the selected cut-through path is checked (step S905).

  Next, a value (M + x) obtained by adding the traffic amount x of the checked cut-through path to the traffic amount M of the network interface (822) with a small transmission amount, and the network interface with a large transmission amount of the traffic amount x of the checked cut-through path The value (N−x) subtracted from the traffic amount N of the face (821) is compared or evaluated (step S906), and it is too biased toward the network interface (821) with a large allowable range and transmission amount, and the transmission amount is small. Check for excessive bias toward the network interface (822).

  When it is biased toward the network interface (821) having a large allowable range or transmission amount, the router device (102) corresponding to the network interface (821) having a large transmission amount is designated as the next-stage router of the cut-through path where the traffic is measured. The cut-through path is reset so as to switch to the router device (103) corresponding to the network interface (822) with a small amount of transmission (step S907), and if it is within the permissible range, the processing ends (step S908). If the network interface (821) is biased, the processes after step S904 are repeated (step S909).

  The resetting method differs depending on the cut-through protocol, and there are a method for setting a cut-through path after releasing it and a method for performing a releasing process after setting.

  On the other hand, when it is biased toward the network interface (822) with a small amount of transmission, the processing from step S904 is repeated in order to switch another cut-through path without changing the output destination of the measured cut-through path ( Step S910).

  In the case of such a method, the balance may not reach the allowable range, but in that case, the method close to the allowable range may be taken between the current state and the state assumed after resetting. Conceivable.

  Next, in FIG. 10, in the network shown in FIG. 1, for example, after the router devices 111 to 11N generate a cut-through with the final destination as the network 120 or the router device 104 by the method illustrated in FIG. An example of a processing procedure for measuring outgoing traffic and resetting a cut-through path is shown. Here, an example in which the router apparatus 101 performs merging will be described.

  This procedure is repeatedly executed at an appropriate timing.

  In the router apparatus 101, when a multipath exists in the routing table 803 (in this example, the network 120 and the router apparatus 104), the traffic is measured for the designated output interface (step S1001). In this case, the network interface 821 and the network interface 822 are measured.

  Although the traffic can be measured by the traffic on the set cut-through path, it is more efficient to use the physical layer counter 832 existing on the network interface 821 in order to check whether the balance is achieved. The same applies to the network interface 822.

  If the transmission counter is acquired by the respective physical layer counters 832 for the network interface 821 and the network interface 822, the transmission counters of both are compared or evaluated, and whether the relationship (for example, ratio) of these values is within an allowable range. Is checked (step S1002).

  Here, the allowable range is determined by the link speed and usage rate of the network interface 821 and the network interface 822. For example, the allowable range is a count value of the traffic amount of the network interface 821 and a count value of the traffic amount of the network interface 822. Preferably, the ratio matches or approximates the link speed ratio. Moreover, when both traffics are low, it is good also as an allowable range even if it is not balanced.

  After the above check, if it is within the allowable range, the processing may be terminated assuming that the traffic is balanced (step S1003).

  On the other hand, if the allowable range is exceeded in step S1002, the cut-through path to be reset from among the multi-path cut-through paths set in the network interface having a large transmission amount (for example, the network interface 821 side). Is selected (step S1004), and the count value of the traffic amount flowing through the selected cut-through path is checked (step S1005).

  Here, it should be noted that since the outgoing traffic of each cut-through path has already been merged, it is necessary to measure the received traffic before merging.

  Next, a value (M + x) obtained by adding the traffic amount x of the checked cut-through path to the traffic amount M of the network interface (822) with a small transmission amount, and the network interface with a large transmission amount of the traffic amount x of the checked cut-through path The value (N−x) subtracted from the traffic amount N of the face (821) is compared or evaluated (step S1006) to check the allowable range, too biased toward the network interface 821 and too biased toward the network interface 822. .

  If it is biased toward the network interface face (821) having a large allowable range or transmission amount, the label switch table 823 of the cut-through path for which traffic is measured is rewritten with a label to be output to the network interface (822) having a small transmission amount. (Step S1007). After the setting, if the allowable range is reached in the process of step S1006, the process ends (step S1008). If it is biased to the network interface face (821) having a large transmission amount, the processes after step S1004 are repeated. (Step S1009).

  Here, whether or not protocol processing is necessary for the cut-through path whose output destination has been changed depends on the protocol being used.

  On the other hand, if it is biased toward the network interface (822) with a small amount of transmission, the processing after step S1004 is repeated to switch another cut-through path without changing the output destination of the measured cut-through path (step S1004). S1010).

  In the case of such a method, the balance may not reach the allowable range, but in that case, the method close to the allowable range may be taken between the current state and the state assumed after resetting. Conceivable.

  It should be noted that various standards can be considered as the comparison or evaluation criteria in step S906 of the procedure of FIG. 9 or step S1006 of the procedure of FIG.

  For example, if the selected cut-through path is reset, the selected cut-through path is not adopted (not reset) when the magnitude relationship of the traffic volume is reversed, that is, when N> M and (N−x) <(M + x). ), When (N−x) <(M + x), the network interface (822 in this example) with a small transmission amount is overbiased and the process returns from step S906 / step S1006 to step S904 / step S1004. Otherwise, the process ends from step S907 / step S1007. Otherwise, the network interface (821 in this example) still has a large transmission amount, and the process returns from step S906 / step S1006 to step S904 / step S1004. You may do

  Also, for example, an allowable range when the upper limit allowable value> = (N−x) / (M + x)> = lower limit allowable value, and a network interface with a large transmission amount when (N−x) / (M + x)> the upper limit allowable value ( In this example, it may be too biased toward the 821) side, and when the lower limit allowable value> (N−x) / (M + x), it may be too biased toward the network interface (822 in this example) with a small transmission amount.

  Further, various methods can be considered as the selection method of the cut-through path in step S904 of the procedure of FIG. 9 and step S1004 of the procedure of FIG.

  For example, the entries in the label switch table 834 may be selected one by one in the arrangement order. Further, for example, entries in the label switch table 834 may be selected in descending order of the traffic volume count value.

  Also, in the procedure examples of FIGS. 9 and 10, selection of one cut-through path to be reset / determination whether to reset / reset the selected cut-through path / reset / repetition when it is determined to reset Although a series of processes such as determination as to whether or not to continue the process is repeatedly performed, it is also possible to first select a cut-through path to be reset, and then reset all at once.

  In addition, in consideration of the traffic volume of each network interface and the traffic volume of each cut-through path set by multipath, an optimal solution or a suboptimal solution for one or more cut-through paths to be reset is obtained. It may be. In this case, when there are a plurality of solutions, the one with the smallest number of cut-through paths to be reset may be selected. Further, when there are a plurality of solutions, the solution may be selected by comprehensively considering the degree of balance to be obtained and the number of cut-through paths to be reset.

  Next, FIG. 11 shows a label switch table 834 used for obtaining a transmission interface and a transmission label from the label value added to the received datagram (frame) in this embodiment and transferring it without going through IP processing. A configuration example is shown.

  The column of the reception label 1101 matches the label included in the header information of the reception frame and serves as a search key for this table. In the case of ATM, VPI / VCI is used.

  The transmission interface 1102 designates a network interface to be transmitted, and is used for switching by the switch unit 804.

  The sending label value column 1103 is used to store header information related to the physical layer when the label added to the next router device and the physical layer are different.

  The received frame number column 1104 means the number of frames transferred by this label table information, and is referred to when measuring traffic in units of cut-through paths shown in FIG. 9 and FIG.

  According to the present embodiment, since the cut-through path is reset according to the actual traffic volume, a more effective load balance can be realized.

  The invention relating to the router apparatus and setting procedure described in FIGS. 1 to 7 and the invention relating to the router apparatus and resetting procedure described in FIGS. 1 and 8 to 11 can be implemented in combination or independently. It is also possible to carry out.

  The above functions can also be realized as software.

  In addition, each embodiment of each invention is a computer that records a program for causing a computer to execute a predetermined procedure (or for causing a computer to function as a predetermined means or for causing a computer to realize a predetermined function). It can also be implemented as a readable recording medium.

  The present invention is not limited to the embodiment described above, and can be implemented with various modifications within the technical scope thereof.

  (2) Now, other embodiments of the invention will be described with reference to FIGS.

  The present invention relates to, for example, a router device (label switch router device) that accommodates one or more VPNs, a communication method thereof, and the like.

<Embodiment 2-1>
FIG. 12 shows an example of a network configuration that accommodates one VPN using the router device of the present invention.

  A network 1201 is a network for accommodating a VPN (Virtual Private Network).

  The router devices 1211 to 121M obtain a common recognition between the information of the datagram flow to be transferred and the information of the lower layer among the routers, and without using the packet header information, the router devices 1211 to 121M can perform high-speed operation only. This is a device having a function of generating a label switch path (hereinafter also referred to as LSP) that enables datagram transfer, and plays a role as a middle stage of the label switch.

  The edge router devices 1221 to 122N are router devices that can accommodate a private network, and have a function as a starting point and an ending point of an LSP.

  The networks 1231 to 123N are accommodated in the edge router devices 1221 to 122N, respectively. A single virtual network (hereinafter referred to as VPN) 1202 is formed via the network 1201.

  Here, the address space in the VPN will be described.

In each private network constituting the VPN, a local address space that is effective only within the VPN (hereinafter referred to as a private address space) is shared and used. There is no address overlap in one private address space. On the other hand, in a non-private network, an effective address space (for example, global space or provider space) is used between a plurality of VPNs. ***
In the example of FIG. 12, the following description will be made assuming that the network 1201 uses the global address space, while the networks 1231 to 123N constitute a VPN using the private address space.

  The edge router devices 1221 to 122N exist at the boundary between the global address space and the private address space, and each network interface is provided for each address space.

  In the example of FIG. 12, the network interfaces (1251 to 125N) on the non-private network 1201 side have addresses belonging to the global address space, while the network interfaces (1261 to 126N) on the private network side belong to the private address space. An address is attached. Hereinafter, it is assumed that an identifier “1202” is given to this private address space.

  The label switch paths 1242 to 124L are set by the edge router devices 1221 to 122N in order to configure the VPN 1202.

  The datagram flowing through the LSP is not IP-processed by an intermediate router device (for example, 1211-121M). Therefore, even if the packet header has a private address, it is delivered directly to the edge router device connected by the LSP. By using this, it becomes possible for each private network to exchange private packets via the LSP on the non-private network.

  For example, in the VPN of FIG. 12, packets belonging to the private address space 1202 are allowed to flow inside the LSPs 1241 to 124L. This is controlled by the edge router devices 1221 to 122N that are the starting points of the LSP.

  FIG. 13 shows a configuration example of the edge router 1221 shown in FIG. 12, taking the edge router 1221 as an example.

  The global processing module 1301 in FIG. 13 is for connecting to a non-private network.

  The IP processing unit 1302 performs network layer processing, but here processes packets belonging to the global address space.

  The routing table 1303 manages destination addresses and next-stage information belonging to the global address space.

  The LSP control unit 1304 executes a protocol (hereinafter referred to as an LSP setting protocol) for setting a label switch path that passes through a non-private network.

  A network interface 1305 is an interface for connecting to a non-private network, has an address belonging to the global address space, and functions as a communication interface of the LSP setting protocol.

  The lower layer of the network interface 1305 may be any layer as long as the LSP can be set. For example, ATM, frame relay, Ethernet (registered trademark), etc. can be considered. The switch unit 1306 provides this.

  The switch unit 1306 is connected to the private processing module 1311 through a data link.

  The private processing module 1311 is for accommodating a private network.

  The IP processing unit 1312 performs the same processing as the IP processing unit 1302, but here processes a packet belonging to the private address space.

  The routing table 1313 manages destination addresses and next-stage information belonging to the private address space.

  The network interface 1314 is an example of an interface for accommodating a private network, and has an address belonging to the private address space.

  The private processing module 1311 includes one network interface 1314. If there are a plurality of private networks belonging to the same space as the private space, a similar network interface is provided in this module to accommodate them. You may have a number.

  As a lower layer of the network interface, the LSP may not necessarily be settable. It can be implemented in any lower layer that is generally used below the network layer.

  A plurality of paths are prepared in advance on the data link connecting the private processing module 1311 and the global processing module 1301. As an example of the path, if the data link is, for example, ATM, it can be realized by a virtual connection.

  The identifiers of the respective paths are 1321 to 132M and 1331 to 133M in the example of FIG.

  Unlike the global processing module 1301, the private processing module 1311 does not need to implement the LSP control unit 1304 because the LSP setting protocol does not have to be performed in order to extend the LSP as shown in FIG.

  As described above, each module performs network layer processing, but one module does not have to manage a plurality of address spaces.

  Such network layer processing can be implemented, for example, by incorporating software or hardware currently used in general routers. Further, the software or hardware may perform only processing belonging to one address space per network layer (sufficient).

  In FIG. 14, the processing procedure of the edge router device for establishing a VPN by interconnecting private networks with LSPs on a non-private network will be described by taking the edge router device 1221 shown in FIG. 12 as an example.

  First, the edge router device 1221 performs its own initial setting (step S1401).

  Specifically, a global address, a private address, and an identifier of a private address space (hereinafter referred to as a VPN identifier) are set. In this example, the VPN identifier is “1202”.

  At the time of such setting, in the apparatus configuration example of FIG. 13, the global address is added to the network interface 1305 of the global processing module 1301, and the private address is added to the network interface 1314 of the private processing module 1311.

  Further, these addresses and the VPN identifier are stored in the LSP control unit 1304.

  Here, the triple (VPN identifier, private address, global address) used for setting is referred to as VPN membership information.

  Next, the edge router apparatus 1221 in FIG. 12 is the non-private edge router apparatus that accommodates the private network having the same VPN identifier “1202” as that of the other party to which the LSP is to be set. In order to recognize that it exists on the network 1201, the VPN membership information is additionally acquired (step S1402).

  Since the presence of others on the non-private network 1201 must be recognized, the collection of the membership information is performed by the global processing module 1301. As such specific means, means having an additional function such as authentication so that the membership information is not falsified by a third party is appropriate in this case. For example, SNMP (Simple Network Management Protocol) or A dynamic distribution protocol such as LDAP (Lightweight Directory Access Protocol) or manual setting is conceivable.

  The global processing module 1301 holds the collected VPN membership information as a local database.

  Next, the LSP control unit 1304 transmits an LSP setting request message from the global-side interface 1305 in order to form an LSP toward the edge router device (step S1403). In this case, the transmission LSP is called.

  In the LSP setting request message, the flow identification information includes three values of (VPN identifier, global address of LSP origin edge router, global address of LSP end edge router). Flow identification information including this triplet information is referred to as a VPN flow identifier.

  Thereafter, when the LSP setting completion notification related to the LSP requested by the LSP setting message arrives at the LSP processing unit 1304 shown in FIG. 13 (step S1404), the global processing module 1301 operates the switch unit 1306 to set it. The LSP thus extended is connected to the private processing module 1311 (step S1405).

  For example, when it is confirmed that the LSP reaching the edge router 122N from the edge router 1221 is set, both the LSP having the label value 136N and the path having the identifier value 132M are connected by the switch unit 1306.

  This operation is performed internally by the edge router device and does not affect the LSP connection state on the non-private network.

  Here, the label value is assigned by the LSP setting protocol.

  The path identifier is one identifier selected from the plurality of previously prepared paths.

  After performing the above operation, the global processing module 1301 issues the virtual interface setting command shown in FIG. 13 and sets the virtual interface in the private processing module 1311 as the VPN identifier (step S1406).

  In the virtual interface setting command in this case, information that can additionally write a new entry in the routing table provided in the private processing module 1311 is notified.

  Here, the DOWN state is set as the initial state of the virtual interface.

  Note that the timing at which the global processing module extends the LSP and sets the virtual interface corresponding to the other edge router in the private processing module is after the label switch path is set up to at least the adjacent node of the own edge router. However, in this case, when the LSP is terminated inside the non-private network, the packet transferred from the private processing module of the own edge router may be lost due to unknown destination. As described above, if this timing is set after the label switch path is set so as to reach the other edge router, such packet loss can be prevented.

  Thereafter, the LSP setting message arrives at the network interface 1305 on the global side (step S1407).

  At this time, the edge router 1221 first checks the VPN membership information database to determine whether or not to accept the setting message (step S1408).

  The VPN flow identifier associated with the LSP label in the message may include the VPN identifier and the private network VPN identifier ("1202" in this example) that it contains. And the global address of the LSP destination edge router matches its own global address (the above means an incoming call of the receiving LSP) and the private address of the source edge router (this has at this point) In which the receiving LSP has not yet been established.

  In such a case, a setting completion notification message is transmitted (step S1409), and otherwise the process ends (step S1410). Although depending on the specification of the LSP setting protocol, if a mechanism for returning Nack is defined, Nack may be returned instead of simply terminating.

  When the setting completion notification is sent, the global processing module 1301 shown in FIG. 13 operates the switch unit 1306 to extend and connect the set LSP to the private processing module 1311 (step S1411).

  For example, when an LSP setting related to the VPN 1202 reaching the edge router 1221 from the edge router 122N is received, both the LSP having the label value 137N and the path having the identifier value 133M are connected by the switch unit 1306.

  As a result of this operation, the actual end point of the LSP becomes the virtual network interface 1341 in the private processing module 1311.

  This operation is performed internally by the edge router device and does not affect the LSP connection state on the non-private network.

  The label value is assigned by the LSP setting protocol, and the path identifier is one identifier selected from the plurality of paths prepared in advance.

  After performing the extension operation of the LSP, the global processing module 1301 issues the virtual interface setting command shown in FIG. 13 and puts the virtual interface into the UP state (step S1412).

  In this way, when the two LSPs are paired and bi-directional communication is possible with the counterpart system, use of the virtual interface corresponding to the counterpart system is started. The virtual network interface according to the present invention can be handled in the same manner as a normal network interface.

  Although omitted in FIG. 14, when an interrupt event occurs that the edge router of the other party or the other party withdraws from the VPN membership due to the VPN membership distribution protocol or manual setting, Immediately release the LSP, erase the virtual interface itself, and return to the initial state.

  All the state transitions as described above are driven by changes in the global module or membership information that governs the LSP setting protocol. Therefore, in the apparatus configuration example of FIG. 13, all control related to the virtual interface can be realized by instructions from the global processing module 1301.

  Further, the private processing module 1311 does not need to execute the LSP setting protocol itself, and only has to wait for a command from the global processing module 1301 for the control of the virtual interface. Processing power can be concentrated solely for path control.

  The virtual interface control command can be implemented by extending any lower layer protocol.

  This protocol does not depend on the specification of the LSP setting protocol, and simply sets a pair of the lower layer information of the path added to the LSP and the private address of the partner edge router interconnected by the LSP. It only has to be included as information.

  When all the processing procedures described so far are performed, the edge routers are interconnected by LSP as shown in FIG. 12, and normal communication in the private address space 1202 can be performed.

  Thereafter, the routing control protocol can be executed in the same manner as a normal network, and network communication belonging to the private address space 1202 can be performed between the private networks 1231 to 123N.

  Further, according to the procedure described so far, for example, in the edge router 1221, it is guaranteed that all interfaces handled by the private processing module 1311 belong to the private address space 1201.

  Therefore, the private processing module 1311 can perform packet transfer between network interfaces using a method similar to that of a normal network including virtual interfaces.

  Such an edge router device may be an individual device in which a non-private processing module and a private processing module are separated. In this case, the non-private processing module is an edge router device, and the private processing module is a CPE device. .

  In this example, the virtual I / F is generated in the private processing module when the label switch path is set in both directions. However, even when only one direction of the label switch path is set, It is also possible to carry out a modification so as to generate a virtual I / F while allowing the private processing module to recognize this.

  FIG. 15 shows an example of a database of VPN membership information held by the global processing module.

  For example, if VPN membership information related to the private network 123N in FIG. 12 is obtained, entries added to the database in FIG. 15 include the value in the VPN identifier column 1501, the value in the private address column 1502, and the global address column. The values of 1503 are (1202, 126N, 125N), respectively.

  FIG. 16 shows a format of a table related to the VPN flow identifier managed by the LSP control unit 1304.

  In the VPN flow identifier column 1601, only those whose VPN identifier matches the VPN identifier of the private network accommodated by the VPN identifier are entered.

  In the LSP label value column 1602, the label value assigned to the VPN flow identifier by the LSP setting protocol is entered.

  In the path identifier field 1603, a path identifier connected to the LSP on the non-private network is entered.

  FIG. 17 shows a configuration example of the virtual interface.

  The network layer and lower layer inputs / outputs 1701 to 1704 in FIG. 17 may be implemented as software functions in a general network operating system implementation, or may be implemented in hardware.

  A transmission-direction path 1705 and a reception-direction path 1706 are combined to constitute one network interface 1707 capable of transmission and reception.

  As described above, the virtual network interface may be configured only by elements used for a normal network interface that does not depend on the LSP technology.

  By connecting the path in the transmission direction with the LSP for transmission, the substantial starting point of the LSP is the virtual network interface.

  The path in the reception direction is connected to the reception LSP.

  FIG. 18 shows an example of the format of the routing table managed by the private processing module.

  When the virtual interface setting command is issued, the private address of the partner edge router is displayed in the destination column 1801, and one path selected from a plurality of paths prepared in advance in the next-stage information column 1802. The identifier value, the DOWN state as the initial state are entered in the status column 1803, and the name of the virtual interface is entered in the interface name column 1804, respectively.

  However, the value of the interface name 1804 is not necessarily notified specifically by the setting command.

  For example, the private processing module associates the virtual interface name locally managed in advance with the path identifier, so that it can be uniquely derived from the path identifier notified by the setting command.

<Embodiment 2-2>
FIG. 19 shows an example of a network configuration that accommodates a plurality (N) of VPNs using the router device of the present invention.

  The network 1901 is a network for accommodating a VPN (Virtual Private Network).

  The router devices 1911 to 191M are devices having the same functions as the router devices 1211 to 121M described in the embodiment 2-1.

  The edge router devices 1920 to 192N have the same functions as the devices 1221 to 122N described in the embodiment 2-1.

  The edge router device 1920 is different from the embodiment 2-1 in that one edge router can accommodate a plurality (N) of private networks 1931 to 193N.

  Moreover, the private networks 1931 to 193N form different VPNs 1941 to 194N. Different VPNs have different private address spaces. Hereinafter, these address spaces are identified by identifiers “1941”, “1942”,..., “194N”, respectively.

  The private networks 1991 to 199N are accommodated in the edge router devices 1921 to 192N, respectively, and their address spaces are identified by identifiers “1941”, “1942”,..., “194N”, respectively. To do.

  The edge router devices 1920 to 192N exist at the boundary between the global address space and the private address space, and each network interface is provided for each address space.

  As for the edge router device 1920, the network interface 1950 on the non-private network 1901 side has an address belonging to the global address space, while the interfaces 1951 to 195N on the private network side have addresses belonging to the private address spaces 1941 to 194N, respectively. Stick.

  The label switch paths 1961 to 196N are set by the edge router devices 1920 to 192N in order to configure the VPNs 1941 to 194N, respectively.

  FIG. 20 shows an example of the configuration of the edge router device shown in FIG. 19, taking the edge router device 1920 as an example.

  This apparatus includes (N + 1) modules having functions similar to those described in the embodiment 2-1.

  The global processing module 2001 in FIG. 20 is for connecting to a non-private network.

  The IP processing unit 2002 performs network layer processing, but here processes packets belonging to the global address space.

  The routing table 2003 manages destination addresses and next-stage information belonging to the global address space.

  The LSP control unit 2004 executes an LSP setting protocol via a non-private network.

  A network interface 2005 is an interface for connecting to a non-private network, has an address belonging to the global address space, and functions as a communication interface of the LSP setting protocol.

  As the lower layer of the network interface 2005, any layer can be used as long as the LSP can be set. For example, ATM, frame relay, Ethernet (registered trademark), etc. can be considered. The switch unit 2006 provides this.

  The switch unit 2006 is connected to the private processing modules 2011 to 201N via a data link.

  The private processing modules 2011-201N are for accommodating a private network.

  These private processing modules have functions similar to those described in the embodiment 2-1, but here perform processing of network layers belonging to different private address spaces 1941 to 194N.

  A plurality of paths are prepared in advance on the data link connecting the private processing module and the global processing module. As an example of realizing the path, if the data link is, for example, ATM, it can be realized by a virtual connection.

  The identifiers of the paths are 2021 to 202M and 2031 to 203M in the example of FIG.

  In the private processing modules 2011 to 201N, since the LSP setting protocol does not have to be performed in order to extend the LSP as shown in FIG. 19, unlike the global unit 2001, the LSP control unit need not be installed.

  As a processing procedure for constructing a plurality of VPNs using LSPs on a non-private network, the processing procedure shown in FIG. 14 can be used as it is.

  Hereinafter, the case of the edge router device 1920 will be described as an example.

  First, the edge router apparatus 1920 performs its own initial setting (step S1401).

  Specifically, a global address, N private addresses and private address space identifiers (hereinafter referred to as VPN identifiers) are set. In this example, the VPN identifier is “1941”, “1942”,..., “194N”.

  At the time of such setting, in the apparatus configuration example of FIG. 20, the global side address is added to the network interface 2005 of the global processing module, and the N private side addresses are added to the network interface of each private processing module. .

  Further, these addresses and the VPN identifier are stored in the LSP control unit 2004.

  Here, the triple (VPN identifier, private address, global address) used for setting is referred to as VPN membership information.

  Next, the edge router apparatus 1920 in FIG. 19 is an edge router apparatus that accommodates a private network that matches one of the same VPN identifiers 1941 to 194N as that of the other party to which the LSP is to be set. In order to recognize that it exists on the non-private network 1901 other than itself, the VPN membership information is additionally acquired (step S1402).

  Since the presence of others on the non-private network 1901 has to be recognized, the collection of the membership information is performed by the global processing module 2001. As such specific means, the same ones as described in the embodiment 2-1 can be considered.

  The global processing module 2001 holds the collected VPN membership information as a local database similar to the case of the embodiment 2-1.

  Next, the LSP control unit 2004 transmits an LSP setting request message from the global-side interface 2005 in order to form an LSP toward the edge router device (step S1403). In this case, the transmission LSP is called.

  In the LSP setting request message, the flow identification information includes three values (VPN identifier, LSP origin edge router global address, LSP end edge router global address). Flow identification information including this triplet information is referred to as a VPN flow identifier.

  The VPN flow identifier is managed by the LSP control unit 2004 in, for example, a table entry format as shown in FIG. This management method is the same as that of the embodiment 2-1.

  Thereafter, when the LSP setting completion notification related to the LSP requested by the LSP setting message arrives at the LSP processing unit 2004 shown in FIG. 20 (step S1404), the global processing module 2001 operates the switch unit 2006 to set. The LSP thus extended is connected to the private processing module 2011 (step S1405).

  For example, when it is confirmed that an LSP reaching the edge router 192N from the edge router 1920 is set, both the LSP having the label value 206N and the path having the identifier value 202M are connected by the switch unit 2006. .

  This operation is performed internally by the edge router device and does not affect the LSP connection state on the non-private network.

  Here, the label value is assigned by the LSP setting protocol.

  The path identifier is one identifier selected from the plurality of paths prepared in advance, and is entered in the path identifier field 1603 in FIG.

  After performing the above operations, the global processing module 2001 issues the virtual interface setting command shown in FIG. 20 and sets the virtual interface in the private processing module 2011 as the VPN identifier (step S1406).

  Virtual interface implementation and virtual interface setting instructions can be implemented in the same manner as in the embodiment 2-1.

  Thereafter, the LSP setting message arrives at the network interface 2005 on the global side (step S1407).

  At this time, the edge router device 1920 first checks the VPN membership information database and determines whether or not to accept the setting message (step S1408).

  The VPN flow identifier associated with the LSP label in the message may be accepted as the VPN identifier and the private network VPN identifier (in this example, “1940”, “ 1941 ”,...,“ 194N ”), the global address of the LSP destination edge router matches its own global address (the above means an incoming call of the receiving LSP), and This is the case when all the conditions that the receiving LSP has not yet been established with the private address of the originating edge router (which can be retrieved from the VPN membership information database possessed at this time) are met.

  In such a case, Ack is sent as a setting completion notification message (step S1409), and otherwise, the process ends (step S1410). Although depending on the specification of the LSP setting protocol, if a mechanism for returning Nack is defined, Nack may be returned instead of simply terminating.

  When the setting completion notification is sent, the global processing module 2001 shown in FIG. 20 operates the switch unit 2006 to extend and connect the set LSP to the private processing module (step S1411).

  For example, when an LSP setting relating to the VPN 194N reaching the edge router device 1920 from the edge router device 192N is received, both the LSP having the label value 207N and the path having the identifier value 203M are connected by the switch unit 2006.

  As a result of this operation, the substantial end point of the LSP becomes the virtual network interface in the private processing module 201N.

  This operation is performed internally by the edge router device and does not affect the LSP connection state on the non-private network.

  The label value is assigned by the LSP setting protocol, and the path identifier is one identifier selected from the plurality of paths prepared in advance. The above information is entered as one entry in FIG.

  After performing the extension operation of the LSP, the global processing module 2001 issues a virtual interface setting command shown in FIG. 20 to place the virtual interface in the UP state (step S1412).

  In this way, when the two LSPs are paired and bi-directional communication is possible with the counterpart system, use of the virtual interface corresponding to the counterpart system is started. The virtual network interface according to the present invention can be handled in the same manner as a normal network interface.

  Although omitted in FIG. 14, when an interrupt event occurs that the edge router of the other party or the other party withdraws from the VPN membership due to the VPN membership distribution protocol or manual setting, Immediately release the LSP, erase the virtual interface itself, and return to the initial state.

  The state transitions as described above are all driven by changes in the global module or membership information that controls the LSP setting protocol. Therefore, in the apparatus configuration example of FIG. 20, all the control related to the virtual interface can be realized by a command 2001 from the global processing module.

  Also, the private processing modules 2011 to 201N do not need to execute the LSP setting protocol themselves, and only need to wait for a command from the global processing module for virtual interface control. And processing power can be concentrated only for path control.

  The virtual interface control command can be implemented by extending any lower layer protocol.

  This protocol does not depend on the specification of the LSP setting protocol, and simply sets a pair of the lower layer information of the path added to the LSP and the private address of the partner edge router interconnected by the LSP. It only has to be included as information.

  When all of the processing procedures described so far are performed, the edge routers are interconnected by LSP as shown in FIG. 19, and normal communication can be performed in a private address space unique to each other.

  After that, the routing protocol can be executed in the same way as a normal network, and each between private network 1991 and private network 1931 or similarly between private network 199N and private network 193N. Network communication can be performed in a unique private address space.

  Of course, the same is true even when there are a plurality of private networks sharing one private address space.

  Further, according to the procedure described so far, for example, in the edge router 1920, it is guaranteed that all interfaces handled by each private processing module belong to a single private address space within the module.

  Accordingly, each private processing module, including the virtual interface, can perform packet transfer between network interfaces in the same manner as a normal network.

  Such an edge router device may be an individual device in which a non-private processing module and a private processing module are separated. In this case, the non-private processing module is an edge router device, and the private processing module is a CPE device. .

  In this example, the virtual I / F is generated in the private processing module when the label switch path is set in both directions. However, even when only one direction of the label switch path is set, It is also possible to carry out a modification so as to generate a virtual I / F while allowing the private processing module to recognize this.

  The above functions can also be realized as software.

  In addition, each embodiment of each invention is a computer that records a program for causing a computer to execute a predetermined procedure (or for causing a computer to function as a predetermined means or for causing a computer to realize a predetermined function). It can also be implemented as a readable recording medium.

  The present invention is not limited to the embodiment described above, and can be implemented with various modifications within the technical scope thereof.

  (3) Now, other embodiments of the invention will be described below with reference to FIGS.

  The present invention relates to, for example, a router apparatus for configuring a virtual private network, a communication method thereof, and the like.

  FIG. 21 shows an example of a network including both a label switch network area and a non-label switch network area, and shows a state in which a VPN is configured on this network.

  One network area 2101 is a network having a function similar to that of the network 1901 so that a label switch can be used and a label switch path dedicated to VPN can be set.

  The other network area 2102 is an example of a network that does not use the label switch.

  It is assumed that the combination of both is a non-private network that shares a single non-private address space (hereinafter referred to as a global address space).

  It is assumed that the network 2103 and the network 2104 implement a VPN that shares one private address space across this non-private network.

  The router device 2105 is located at the boundary between the label switch network 2101 in the non-private address space and the network 2103 in the private address space, has a network interface on each side, and the origin of the label switch path (hereinafter referred to as LSP) and It has a function as an end point.

  The router device 2106 is located at the boundary between the label switch network 2101 in the non-private address space and the non-label switch network 2102 in the same address space, has a network interface on each side, and has a function of starting and ending the LSP. And a function of encapsulating and decapsulating packets (hereinafter referred to as a label switch border router device).

  The router device 2107 is located at the boundary between the non-label switch network 2102 and the private network 2104 in the non-private address space, has a network interface on each side, and has a function of performing packet encapsulation and decapsulation.

  The LSP 2108 is for configuring a VPN set between the router apparatus 2105 and the router apparatus 2106 in the same processing procedure as that shown in FIG. A packet with the private address of the VPN flows through this LSP.

  The encapsulated packet transfer path 2109 is for configuring the VPN.

  Here, a packet with a private address is encapsulated in a packet with a non-private address, so that a VPN packet can be transferred on the non-private network between the router device 2106 and the router device 2107. ing.

  FIG. 22 shows an example of the configuration of the label switch border router apparatus according to the present invention, taking the label switch border router apparatus 2106 on the non-private network shown in FIG. 21 as an example.

  The IP processing unit 2201 performs network layer processing, but here processes packets belonging to the global address space.

  The routing table 2202 manages destination addresses and next-stage information belonging to the global address space.

  The LSP control unit 2203 executes a protocol (hereinafter referred to as an LSP setting protocol) for setting an LSP that passes through a non-private network.

  The label switch network interface 2204 is a network interface for connecting to the label switch network 2101, has an address belonging to the global address space, and also functions as a communication interface of the LSP setting protocol.

  As the lower layer of the network interface 2204, any layer can be used as long as the LSP can be set. For example, ATM, frame relay, Ethernet (registered trademark), etc. can be considered.

  A plurality of label switch network interfaces may be provided as necessary.

  The non-label switch network interface 2205 is a network interface for connecting to the non-label switch network 2102 and has an address belonging to the global address space.

  The lower layer of the present network interface 2205 does not need to be able to set the LSP, and can be implemented in any lower layer generally used under the network layer.

  A plurality of non-label switch network interfaces may be provided as necessary.

  The encapsulation unit 2206 encapsulates a datagram received from a specific LSP with a packet header in a non-private address space, and enables transfer to the non-label switch network interface 2205.

  The decapsulation unit 2207 decapsulates a specific datagram received by the non-label switch network interface 2205 (in this case, removes a packet header with a non-private address) and transfers them to a specific LSP. belongs to.

  In FIG. 23, the processing procedure of the label switch border router device for realizing the VPN on the non-private network in which the label switch network and the non-label switch network coexist will be described by taking the label switch border router device 2106 as an example. .

  The label switch border router device 2106 acquires VPN membership information (step S2301). Such acquisition means can be realized by the same VPN membership distribution means as in the embodiment 2-1. This is kept in the VPN membership information database.

  In FIG. 21, for example, when VPN membership information regarding the router apparatus 2105 is obtained, the VPN identifier, global address, and private address of the router apparatus 2105 are recognized. Similarly, VPN membership information is also obtained for the router device 2107.

  Therefore, the label switch border router apparatus 2106 itself declares participation in the VPN membership (step S2302).

  In this example, regarding the router device 2105 belonging to the same label switch network area as that of itself, the router device 2107 is notified of the information obtained by substituting the global address term with its own global address. As the notification means, the VPN membership distribution means described above can be used.

  Thereafter, an LSP setting message arrives at the label switch border router device 2106 via the label switch network 2102 (step S2303).

  As an example of the LSP setting message, for example, a message sent by the router apparatus 2105 is considered. In the message, the VPN flow identifier associated with the LSP label includes the identifier of the VPN and the global address of the LSP destination edge router. Consider a case where the global address of the router device 2107 is entered as the address.

  In such a case, the label switch border router device 2106 checks the VPN membership information database to determine whether to accept the setting message (step S2304).

  As an example of the case where the setting message may be accepted with respect to the VPN, for the VPN flow identifier associated with the LSP label in the setting message, a set of the VPN identifier and the global address of the LSP destination edge router is VPN. There is a case where there is a matching entry in the membership information database, and the condition that there is a matching entry in the VPN membership information database for the origin edge router in the setting message is also mentioned.

  If no setting message is accepted, the process ends (step S2305). Note that, depending on the specification of the LSP configuration protocol, if a mechanism for returning Nack is defined, Nack may be returned instead of simply ending.

  When the setting message is received, an LSP setting completion notification is sent (step S2306).

  In this example, the setting of the direction from the router apparatus 2105 to the router apparatus 2106 is completed for the LSP 2108.

  In the datagram flowing on the LSP, the destination address of the packet may be a private space address.

  Based on the VPN flow identifier associated with the label of the LSP, the label switch border router device 2106 determines that the node to which the datagram of the datagram flowing on the LSP is to be transferred is the router device 2107. can do.

  Based on this determination, the label switch border router device 2106 can encapsulate the datagram received from the LSP with a packet header of a non-private address and start forwarding (step S2307).

  In this example of encapsulation, the destination address is set to the global address of the router device 2107, and the source address is set to the global address of the label switch border router device 2106.

  This corresponds to the establishment of the direction from the router apparatus 2106 to the router apparatus 2107 for the encapsulated packet transfer path 2109.

  With the procedure so far, the VPN datagram can be reached in the direction from the private network 2103 to the private network 2104 in FIG.

  Next, the label switch border router device 2106 sends an LSP setting message to the router device 2105 (step S2308).

  In this example, the reverse setting of the LSP 2108 described above is requested.

  Thereafter, when the setting completion notification message arrives (step S2309), the label switch boundary router device 2106 decapsulates the encapsulated packet received from the router device 2107, and starts forwarding to the LSP reaching the router device 2105 described above. (Step S2310).

  For example, when the router device 2107 accommodates only one VPN, the label switch border router device 2106 checks which VPN the packet belongs to by checking the source address of the encapsulated packet and the VPN membership information database. Can be determined uniquely, and to which LSP should be decapsulated and transferred.

  However, although the packet received from the router device 2107 is not necessarily an encapsulated packet, decapsulation or transfer to the specific LSP is not performed at that time.

  Even if the packet is an encapsulated packet, if the router apparatus 2107 accommodates a plurality of different VPNs, the packet is assigned to the LSP only when it is determined to which VPN the packet belongs. Make it forward.

  As means for determining to which VPN the encapsulated packet belongs, for example, GRE tunnel, IPsec, L2TP, etc. can be applied as means for inserting additional information when the packet is encapsulated. In the example of FIG. 21, the router apparatus 2107 may insert a VPN identifier as the additional information.

  In FIG. 24, the processing procedure of the edge router device on the non-label switch network for realizing the VPN on the non-private network in which the label switch network and the non-label switch network coexist is shown in the case of the router device 2107 in FIG. Will be described as an example.

  In an initial state in which the encapsulated packet transfer path 2109 is not set, the router apparatus 2107 newly acquires VPN membership information using the above-described VPN membership information collection unit (step S2401).

  In the example of FIG. 21, information regarding the router device 2105 and the router device 2106 is recognized.

  These information entries have the same VPN identifier and private address term values but different global address term values. Regarding the value of the global address term, the former is the global address of the router device 2105 and the latter is the global address of the router device 2106.

  Therefore, the router device 2017 compares these routers and selects one of the routers (step S2402). Various criteria can be used for such selection. For example, a criterion for selecting a router whose global address is closer to the network is conceivable.

  The router apparatus 2017 encapsulates the VPN packet originating from the private network 2104 with the global address of the selected router so as to pass through the non-private network 2102 and starts forwarding (step S2403).

  If the router 2106 closer to the network distance is selected at the time of the router selection, this means that the direction from the router device 2107 to the router device 2106 is established for the encapsulated packet transfer path 2109 in FIG. Equivalent to.

  With the procedure so far, the VPN datagram can be reached in the direction from the private network 2104 to the private network 2103 in FIG.

  As described above, a bidirectional VPN is established between the private network 2103 and the private network 2104.

  The above functions can also be realized as software.

  In addition, each embodiment of each invention is a computer that records a program for causing a computer to execute a predetermined procedure (or for causing a computer to function as a predetermined means or for causing a computer to realize a predetermined function). It can also be implemented as a readable recording medium.

  The present invention is not limited to the embodiment described above, and can be implemented with various modifications within the technical scope thereof.

The figure which shows the structural example of the network containing the router apparatus which concerns on one Embodiment of this invention. The figure which shows the structural example of the router apparatus which concerns on the same embodiment Flow chart showing an example of a cut-through path setting procedure Flow chart showing another example of cut-through path setting procedure Flowchart showing still another example of cut-through path setting procedure The figure which shows one structural example of a routing table The figure which shows the example of 1 structure of a label switch table The figure which shows the other structural example of the router apparatus which concerns on the same embodiment Flow chart showing an example of cut-through path resetting procedure Flow chart showing another example of cut-through path resetting procedure The figure which shows the other structural example of a label switch table The figure which shows an example of VPN constructed | assembled on a non-private network The figure which shows the structural example of the VPN edge router which concerns on one Embodiment of this invention. Flow chart showing an example of processing procedure of edge router The figure which shows an example of the database which consists of a set of VPN membership information The figure which shows an example of the table regarding the label which a global processing module manages Figure showing a virtual interface implementation example The figure which shows an example of the routing table in a private processing module The figure which shows an example of the some VPN constructed | assembled on a non-private network The figure which shows the other structural example of the VPN edge router which concerns on one Embodiment of this invention. The figure which shows an example of VPN implement | achieved on the non-private network containing a label switch area | region and a non-label switch area | region. The figure which shows the structural example of the label switch border router apparatus which concerns on one Embodiment of this invention. The flowchart which shows an example of the process sequence of a label switch border router apparatus The flowchart which shows an example of the process sequence of a non-label switch router apparatus

Explanation of symbols

  101 to 104, 111 to 11N ... router device, 120 ... network, 201, 801 ... IP processing unit, 202, 802 ... cut-through control unit, 203, 803 ... routing table, 204, 804 ... switch unit, 211-21N, 221, 222, 811 to 81N, 821, 822 ... network interface, 231, 831 ... physical layer processing unit, 232, 833 ... label processing unit, 233, 834 ... label table, 832 ... physical counter, 1221-122N, 1920- 192N: Edge router device, 1211-121M, 1911-191M ... Router device, 1201, 1901 ... Non-private network, 1231-123N, 1931-193N, 1991-199N ... Private network, 1251-125N, 1 61-126N, 1305, 1314, 1950-195N, 1971-197N, 1981-198N, 2005 ... Network interface, 1301, 2001 ... Global processing module, 1302, 1312, 2002 ... IP processing unit, 1303, 1313, 2003 ... Routing Table, 1304, 2004 ... LSP control unit, 1306, 2006 ... Switch unit, 1311,021-201N ... Private processing module, 1341-134N ... Virtual interface, 2101 ... Label switch network, 2102 ... Non-label switch network, 2103, 2104 ... Private network, 2105 to 2107 ... Router device, 2201 ... IP processing unit, 2202 ... Routing table, 2203 ... LS Control unit, 2204 ... label switched network interface, 2205 ... non label switched network interface, 2206 ... encapsulating unit, 2207 ... decapsulation unit

Claims (5)

A private processing module having means for forwarding packets connected to a private network consisting of a private address space, and a non-private processing module having means for label-switching packets connected to a non-private network consisting of a non-private address space. A communication method in a system,
When the non-private processing module recognizes that there is another system in the non-private network that accommodates other private networks that share the private address space with the private network to which the private processing module is connected, Protocol communication for setting the label switch path via the non-private network toward the other system,
The non-private processing module extends the set label switch path to the private processing module, notifies the private processing module of the private address of the other system,
The private processing module transfers a packet addressed to a private address of the other system to the extended label switch path. A plurality of paths are prepared in advance between the private processing module and the non-private processing module, and the extension of the label switch path includes one path selected from the plurality of paths and the set label switching a path performed by associating within said non-private processing module, a private address of the other systems, according to claim 1, characterized in that it is notified in association with the selected one of the path Communication method. The label extension of switch paths The communication method according to claim 1, characterized in that after said label switched path is set so as to reach the other system was confirmed. The notification of the private address of the other system is performed when both the label switch for carrying the packet to the other system and another label switch for carrying the packet from the other system are set. The communication method according to claim 1 . The system also includes a second private processing module connected to a second private network composed of a private address space different from the private address space and having means for transferring packets,
The non-private processing module includes another system that accommodates another second private network that shares the different private address space with the second private network to which the second private processing module is connected. Protocol communication for setting a label switch path passing through the non-private network toward the other system,
The non-private processing module extends the set label switch path to the second private processing module, notifies the second private processing module of the private address of the other system,
The communication method according to claim 1 , wherein the second private processing module transfers a packet addressed to a private address of the other system to the extended label switch path.

Images