JP4041038B2 - Higher-layer processing method and system - Google Patents

Description

The present invention relates to a high-layer processing method and system, more particularly, and server load balancing device (SLB), firewalls performed (FireWall:: FW protective wall function) or the like, mainly based on the layer 4 above the high-level layer information processing about high layer processing method and system in the field of high-level layer processing unit.

Here, the high-level layer processing unit, placed in front of such different networks boundaries and enterprise data centers various servers of (Web server / application Sea Deployment server), based on the high-level layer information, discard, relay, NAT (Network address Translation: and performs a process of transferring such with network address Translation) address translation or the like.

Clients to servers to be accessed, the load is known load distribution control system to allocate access to balancing.

As this type of system, for n number of servers, to measure a predetermined load measurement items, the load value of the n-number of servers together to obtain respectively, leave calculate their average load value, from the client the hash value is calculated for each receiving a request for identification information request data, the hash to determine a server corresponding to the value, technology for accessing locate a predetermined server according to the load value of the server known are (for example, see Patent Document 1).

Further, in front of the higher layer processing unit group in parallel arrangement, the session management is not performed, based on the best hash value obtained an IP address value of the packet as a hash key, see the distribution destination table the hash value as a search key in determining the high-level layer processing unit assignment destination, place the packet distribution mechanism to accommodate the high-speed interface, there is a technique to ensure the scalability (band variable).

Figure 14 is an operation explanatory diagram of a conventional system. When a packet from the client 1 is transmitted, this packet is notified to the pre-stage packet distributing device 6 via the Internet 20. In the former distribution section 32 of the preceding packet distributing device 6, using the IP address of the packet as input of a hash function to calculate a hash value, determines the ID of the corresponding to the distribution destination higher layer processing unit to the hash value to. 21 illustration is a distribution management table created in this way. The contents of which is composed of the ID of the corresponding distribution destination higher layer processing unit and the hash value.

Preceding packet distributing unit 3 selects the high-level layer processing unit 5 of the distribution destination on the basis of the hash value generated in this way, to transmit the packet. For example, a hash value is input in the case was 2, and transmits the packet by selecting the higher layer processing unit 5 of #a as higher layer processing unit 5. The output from the high-order layer processing unit 5 is connected to the server 2.

Figure 15 is a block diagram showing the main table in the distribution management module of the conventional packet sorting device. (1) is a diagram showing a configuration example of a high-order layer processor status management table. As shown, the high-order layer processor ID, a valid display, and the normal / fault indication, and session processing state, and a CPU utilization. Session processing conditions, and a number of sessions and session processing speed. (2) the high layer device - is a diagram showing a configuration example of a hash value correspondence table. As shown, the high-level layer processing unit ID, and the hash value effective display, a hash value (normal), and a distribution target high-order layer processor ID failure.

Currently, high-speed interface is, for example, and between the carrier (service provider) iDC that assumes the high-level layer service (internet Data Center), is required for the purpose of lowering the line cost of iDC borrow from the carrier side, flowing therethrough speed of the session data does not reach the high-speed interface speed. That is, a large number of session data streams are aggregated (aggregation), flows over the high speed interface.

Therefore, it is not necessary to implement the high-speed interface speed session management, the aggregate particle size finely into smaller speed than the high-speed interface speed may be carried out high-level layer processing for the particle size.

As in the prior art described above, to accommodate the high-speed interface, and a block for distributing packets flowing it into a subsequent stage, may take a configuration in parallel deploying high layer processing block of smaller processing speed than high-speed interface.
JP 2001-297046 JP (page 4 - page 6, Figure 1)

In the prior art, in order to roughen the aggregate particle size, using the IP address of the packet to the hash key based on the hash value generated in response to the hash key, and divert aggregate flow. That is, when a long length thereof If it is normal address, lengthy process. Therefore, for example, by using a hash value, if the IP address (e.g. 32 bits) is compressed to about 8 bits by the hash function, than the session management function handles the amount of data is small, the distribution destination table in which the hash value as a search key corner in reference only, only a number of tables accessed less. It occurs overhead hash calculation process, but supplemented with lack of the number of table access, it is high-speed processing.

Here, the distribution management table, for example, the number of parallel expanded higher layer processor, equally dividing the range of the hash output value, the high-level layer processing unit in each range divided by each was correspondence table there 21 (see FIG. 14).

However, a method to determine the static high-order layer processor sorting destination as described above does not fulfill the uniformity of the number distribution sessions, centralized session handling load to a particular high-level layer processing unit, occur deviation, the service degradation (packet loss / delay) occurs.

The reason is that want achieving distribution homogenization, although respect Akuchiibu sessions, in the static allocation rule, random in the address all space is used to hash the key sessions, including idle (not used) This is because only a uniform.

When viewed in Actinobacillus I blanking session, there biased distribution to a particular high-level layer processing unit, where service degradation (packet loss / delay) occurs.

Well, here, the session against aggregated hash output value is considered to consider scheme Akuchiibu properties. That is, for a hash value calculated in the new by receiving the activator I blanking session, in dynamically round robin or the like, by assigning the distribution destination higher layer processor, miscalculation hash value of the number of sessions to be aggregated order in, it is uniformity of distribution.

However, this function, in addition to whether table reference is assigned a higher layer processor, selection process and higher layer processing unit when not allocated, the process of registering the correspondence table entry for the high-order layer processing unit and the hash value selected the need, the number of table access Shoyo is close to the management function of the session, it is difficult to still faster.

An object of the present invention is to provide multiplexed session flow speed interface, it is to build a scalable high-level layer processing system. Factors that impede scalability, may be as follows.
○ in the higher layer processing, first session management function (session recognition / detection / registration / state recognition) it is difficult large-capacity / high-speed interfaces support a bottleneck.
○ A session management function, consisting of the following processing.
· IP address and refers to the packet in the information up TCP / UDP port number, etc. L4, to determine a new session or service during the session, the management table entry retrieval developed in the external memory / CAM. Here, TCP stands for Transmission Control Protocol, UDP stands for User Datagram Protocol, CAM stands for Content Addressable Memory.
• If a new session, to add the appropriate entry in the management table.
- for determining the end of the session, to monitor the TCP flags, it stores the session state in the management table.

As described above, the amount of information to be manipulated or extracted from the packet, and, abundance of the number of accesses to the table developed on the external memory / CAM becomes the bottleneck of the processing speed.

The present invention was made in view of such problems, without impairing the high speed of the packet sorting unit, evenly full advantage of the resources of the layer processing unit group in parallel development, Agri fast interface and its object is to provide a higher layer processing method and system capable of processing gates session flow.

(1) a first aspect of the present invention is as follows. Figure 1 is a flow chart illustrating the principles of the present invention method. The present invention provides a higher layer processing system having different positioned in front of the various servers such as a border or iDC and corporate data center between the network performs processing on the basis of the layer 4 above the high-level layer information of the received packet, the system for scalability secure, the higher layer processing unit arranged plurality in parallel, their high-order layer processing unit group, the higher layer processing system comprising a packet sorting device that sorts the packets based on the L3 following information of the received packet, the packet calculated sorting apparatus from the information in the received packet, the hash value used in the determination of the higher layer processing unit is distribution destination, and notifies the higher layer processing unit with transfer packet (step 1), the higher layer processing unit the monitoring the processing resources for each hash value, holds information on the result, punished own higher layer If the device is expected congestion or congestion, leave selected session group to deliver the treatment to the other high-order layer processing unit by the hash value units, take over and the selected hash value, the processing of a session corresponding to the hash value the information required, and notifies the operation management section of the packet sorting device for monitoring the resources of the higher layer processing unit units higher layer processing unit group (step 2), the management unit, takeover destination higher layer processor select notifies the session takeover information in the high position layer processing unit, also determines the congestion state of the higher layer processing, at the time of congestion, the packets which the packet distributing device corresponding to the hash value, it is determined that the congestion change the distribution destination to the higher layer processing unit of migration destination from the higher layer processing unit for transferring (step 3), characterized in that.
(2) According to a second aspect of the invention is as follows. Figure 2 is a principle block diagram of the present invention. The system shown in FIG. Is a higher layer processing system having different positioned in front of the various servers such as a border or iDC and corporate data center between the network performs processing on the basis of the layer 4 above the high-level layer information of the received packet , for scalability secure system, the high-level layer processing unit arranged plurality in parallel, their high-order layer processing unit group, the higher layer processing system comprising a packet sorting device that sorts the packets based on the L3 following information of the received packet It is configured. In FIG, 1 is a plurality of clients (Web browser) 20 is the Internet, which is connected to these clients 1.

10 is the present invention system to be connected to the Internet 20. 30 is a iDC / corporate data center comprising the present invention system 10. 3 is connected to the Internet 20, is calculated from the information in the received packet, the hash value used in the determination of the higher layer processing unit is assignment destination is the pre-stage packet distributing unit to pass to the higher layer processing unit with transfer packet . L2 switch 6 is connected to a front stage packet distribution apparatus 3, if 5 monitors the processing resources for each of the hash value, holds information on the result, the own higher layer processing unit expect congestion or congestion to, leave selected session group to deliver the treatment to the other high-order layer processing unit by the hash value units, and the selected hash value, the information necessary to take over the processing of the session corresponding to the hash value, the higher layer processing a higher layer processing unit to pass to the operation management unit of the packet sorting device for monitoring the resources of the higher layer processing unit unit device group (HL processor). Each high-level layer processing unit 5 is provided to the # 0 to # n.

7 is a L2 switch connected with the high-level layer processing unit 5. 4 is a subsequent packet distributing apparatus connected to the L2 switch 7. Operation of the rear-stage packet distributing unit 4 is basically the same as preceding packet distributing unit 3. 8 L2 switch connected with the subsequent packet distribution device 4, 2 is a Web server that is connected to the L2 switch 8. Web server 2 there are a plurality, constitute a server farm group 40 in the plurality of Web servers. iDC / corporate data center 30 has a function for connecting the client 1 and the Web server 2.

Preceding packet distributing unit 3, a management unit 31, and a distributing unit 32. Operation management unit 31 selects the migration destination higher layer processor, notifies the session takeover information in the high position layer processing unit, also determines the congestion state of the higher layer processing unit, at the time of congestion, the packet sorting device There has a function of transferring to change the distribution destination to the higher layer processing unit migration destination from the higher layer processing unit determines that the congestion of packets corresponding to the hash value.

In the thus constructed system, packets that are sent to the server 2 from the client 1 via the Internet 20 into the pre-stage packet distributing unit 3 of the present invention system 10. In the packet distribution apparatus 3, distribution unit 32 transmits a predetermined high-order layer processing unit 5 the hash value with forwarding packets used for the determination of the higher layer processing unit 5 is a distribution destination via the L2 switch 6. The layer processing unit 5 manages the processing resources for each hash value, and passes the operation management unit 31 information necessary to take over the processing of the session corresponding to the hash value.

該運 administrative unit 31 receives this information, determines the congestion state of the higher layer processing unit 5, at the time of congestion, the packets which the packet distributing unit 3 corresponding to the hash value, migration destination higher layer processing by changing the distribution destination to a device 5 to transfer.
(3) According to a third aspect of the invention, the information necessary to take over the processing of the session corresponding to the hash value selected, rather than through the operation management unit of the packet sorting device, the packet sorting unit and the higher layer processing via a switch mechanism deployed between device group, the higher layer processing unit to obtain information takeover destination higher layer processing unit from the operation management unit, characterized in that transfer device itself in migration destination device.
(4) invention of claim 4, without transferring the migration destination higher layer processing unit the information necessary to take over the processing of the session corresponding to the hash value selected in accordance with the attribute of the hash value selected, simply packet distributing apparatus determines the congestion state of the higher layer processing unit, the congestion time, and characterized by performing the packets corresponding to the hash value only distributed to the takeover destination higher layer processing unit from the determined higher layer processing congestion to.
(5) invention of claim 5, wherein, without transferring the migration destination higher layer processing unit the information necessary to take over the processing of the session corresponding to the hash value selected, the packet sorting device higher layer processing unit determining a congestion state, during congestion, and characterized in that copies the packets corresponding to the hash value, also forwards the packets to the migration destination higher layer processing unit with high-order layer processing unit of the current processing system it is determined that congestion state to.
(6) In the present invention, without transferring the migration destination higher layer processing unit the information necessary to take over the processing of the session corresponding to the hash value selected and deployed between the packet distributing unit and the high-level layer processing unit L2 using switches in advance to set the VLAN between the packet distributing unit and the high-level layer processing unit two possible pairs, the packet sorting apparatus determines the congestion state of the higher layer processing unit, a congestion state characterized in that the determined current process based high-layer processor and takeover destination higher layer processing device broadcasts a packet that corresponds to the hash value belongs VLAN.
(7) Further, in the present invention, high-layer processing system, for the external, provides a VLAN configuration service, corresponding to the outbound VLAN also between the packet distributing unit and the high-level layer processing unit for the case of providing a VLAN, outbound VLAN tag values ​​assigned to not used as VLAN tag value distribution for VLAN congestion startup value, corresponding to the outbound VLAN service from the VLAN tag value to use when sorting congestion startup the VLAN tag value, L2 switch and performing conversion to rewrite.
(8) Further, in the present invention, the conversion / rewrite the VLAN tag value associated with the external VLAN service from the VLAN tag value to use when distributing the congested startup, and performing at high layer processing unit .
(9) Further, in the present invention, high-layer processing system, for the external, provides a VLAN configuration service, the VLAN associated with the external VLAN also between packet distributing unit and the high-level layer processing unit If for, and providing a VLAN to be used when sorting congestion at startup and VLAN associated with the external VLAN between packet distributing unit and the high-level layer processing unit hierarchically provided.
(10) Further, in the present invention, the packet sorting device, grant information indicating whether to change the distribution destination with congestion of certain high-order layer processing unit to the packet, higher layer that has received the distribution destination change packet processing apparatus, with these allocation destination change session and the it until the service during the session of, about it until the service object new session of, and performs differentiation control processing resource allocation.
(11) Further, in the present invention, as the notification method for the hash value to be notified for each packet to a higher layer processing unit from the packet sorting device, characterized in that embedded in the ToS field of the IP header.

Here, ToS stands for Type of Service (service type).
(12) Further, in the present invention, as the notification method for the hash value to be notified for each packet to a higher layer processing unit from the packet sorting device, using a VLAN packet transfer, and characterized in that embedded in Priority field of the VLAN header to.
(13) Further, in the present invention, as the notification method for the hash value to be notified for each packet to a higher layer processing unit from the packet sorting device, in the case of IPv6 packets, characterized in that embedded in Flow ID field of the IP header .

Here, IPv6 and is an abbreviation for Internet Protocol version 6.
(14) Further, in the present invention, as the notification method for the hash value to be notified for each packet to a higher layer processing unit from the packet sorting device, encapsulates the transfer packet, is characterized in that embedded in the encapsulation header.
(15) Further, in the present invention, the higher layer processing unit provides a server load balancing services, the packet sorter server direction from the client, when performing packet distribution, notification method of the hash value to be notified for each packet as, characterized in that embedded in the destination IP address field of the packet.
(16) Further, in the present invention, the high-order layer processing device, which comprises using the session processing speed value as a processing resource information to be monitored for each hash value.
(17) Further, in the present invention performs weighting corresponding to the service type carried in the session to the session processing speed value, it is characterized by using the selection of the hash value.
(18) Further, in the present invention, the high-order layer processing device, as the processing resource information to be monitored for each hash value, characterized by using the CPU utilization.
(19) Further, in the present invention, the hash value selecting method of the higher layer processing unit, among the processing resources monitoring results are stored for each hash value, and selects the smallest non-zero.
(20) Further, in the present invention, the hash value selecting method of the higher layer processing unit, among the processing resources monitoring results are stored for each hash value, and characterized by selecting a close to a predetermined value to.
(21) Further, in the present invention, the holding was held for each hash value is processing resource monitoring result of a predetermined high-order layer processing device provides services for each quality, based on quality of service, the notification hash value and selects.
(22) Further, in the present invention, one notification hash value at a time instead, pass a plurality lists, and monitor resource value of the packet sorting device said list, based on the load status in each higher layer processing unit , and selects the sorting destination higher layer processor.

(1) According to the first aspect of the present invention, in a system consisting of the packet sorting unit and the high-order layer processor, speed can not be added as high-order layer processing unit, a packet sorting device according to the speed bottleneck can do. Also, the session load concentration to a specific high-order layer processing device due to the distribution do not see a session, can be avoided by mechanism of dynamic allocation destination change, it is possible to effectively utilize the entire resources of the high-order layer processor.
(2) According to the second aspect of the present invention, in a system consisting of the packet sorting unit and the high-order layer processor, not upgradable as higher layer processor, speeding the packet distributing device according to the speed bottleneck can do. Further, the load concentration in session to a specific high-order layer processing device due to the distribution do not see a session, can be avoided by mechanism of dynamic allocation destination change, it is possible to effectively utilize the entire resources of the high-order layer processor.
(3) According to the third aspect of the present invention, the packet sorting device, the session information transfer process is not required, feature becomes lighter.
(4) According to the fourth aspect of the present invention, if the service quality is multiplexed different sessions can session synchronization to perform differentiation of unwanted low-priority sessions and services for others.
(5) According to the fifth aspect of the present invention, eliminates the simultaneous processing of the session information between the higher layer processing that can occur in advance of the period, it is possible to reduce the consumption of the L2 switch resource in the session information transfer.
(6) Further, according to the present invention, as a result of copy processing in the packet sorting unit is not required, it is possible to perform high-speed processing.
(7) Further, according to the present invention, it is possible to accommodate a plurality of intranet network address conflict may occur.
(8) Further, according to the present invention, it is possible to prevent deterioration of transfer performance VLAN in the case of using the generic L2 switch.
(9) Further, according to the present invention, by layering, VLAN tag value can be used freely, and increasing even if the number of available, it is possible to hold the scalability.
(10) Further, according to the present invention, it is possible to protect the processing resources of delivery target of the process during a session.
(11) Further, according to the present invention, the server → also clients and either direction client → server can be used without impairing the address information field of the transfer.
(12) Further, according to the present invention, the server → also clients and either direction client → server can be used without impairing the address information field of the transfer.
(13) Further, according to the present invention, the (11) / can be increased a hash-value range in comparison with (12).
(14) Further, according to the present invention, the (11) / (12) can be increased a hash-value range in comparison with.
(15) Further, according to the present invention, the (11) / can be increased a hash-value range in comparison with (12).
(16) Further, according to the present invention, the session processing speed observation itself, by utilizing the session management table may be implemented in hardware, requiring less load software processing.
(17) Further, according to the present invention enables accurate resource consumption situation estimate.
(18) Further, according to the present invention enables more accurate resource status estimates.
(19) Further, according to the present invention, can be selected easily hash value.
(20) Further, according to the present invention, it is possible to obtain a reliable control effect (processing amount reduction effect delivery).
(21) Further, according to the present invention, it is possible to differentiate the service.
(22) Further, according to the present invention, in accordance with the packet sorting unit is listed, a plurality of times, can handover process, taking into account the influence of the effect and delivery destination delivery, it is possible to resource allocation.

Thus, according to the present invention, without impairing the high speed of the packet sorting unit, by equally full advantage of the resources of the higher layer processing unit group in parallel deployment, the session streams are aggregated to a high speed interface it can be processed.

The present invention is by linking the packet sorting unit and the higher layer processing unit, it is an attempt is made effective use of all processing resources. Incidentally, in this case resolution techniques applied, are a prerequisite of the following contents are expressed in the prior art.
And assumptions distribution scheme for packet sorting unit, the existing technology-based, that is, the hash value calculation based.
- high layer processing assumes L2-L4 processing and session management functions for device performed in hardware.
· L5 above processing is essentially performed by software.
· L5 in the above process, the session management function will be used. Primarily performs software processing in the start phase of a session, set the session management information in the session management function, a simple data transfer phase, only the corresponding the session management function. This means that, (sessions / sec) value, which means you can use as a guide of the software processing load.

A linkage for use in the solution of the present invention, outline of the processing is as follows. The system configuration using the FIG.
(A) the packet sorting device 3 embeds the hash output value to the packet, and notifies the higher layer processing unit 5.
(B) the high level layer processing unit 5 collects processing resources statistics for each of the hash value, previously selected hash value to be requested to process the other higher layer processing unit during their congestion (session group). Via the operation management unit 31, the entry for the session information associated with the hash value, it creates a higher layer processor for request processing takeover.
(C) high-level layer processing unit 5 notifies regularly the selected hash value to the packet sorting unit 3. If it becomes congested, not the notification.
(D) packet distributing unit 3, with that the notification is not performed (not received), to change the distribution destination higher layer processing unit about the hash value had been recorded.

Hash value of the (a) is for calculating to originally select the high-level layer processing unit of the distribution destination, the packet distributing unit 3, at the time of packet transfer, requires a table access for extracting new information no. The packet forwarding is the process of embedding the hash value is overhead (a), from the management process of the activator I blanking session, small amount of processing, it is possible to speed.

Thus, in a system consisting of the packet sorting unit 3 and the high-order layer processor 5 can not added as high-order layer processing unit 5, the packet distributing unit 3 to become the speed bottleneck can be increased. Also, the session load concentration to a specific high-order layer processing device due to the distribution do not see a session, can be avoided by dynamic allocation destination changing the mechanism of the (b) ~ (d), the entire resources of the higher layer processing unit 5 the can be effectively used.

It will be described below in detail embodiments of the embodiment of the present invention with reference to the accompanying drawings. The positioning of the high layer processing system as an application subject of the present invention shown in FIG. Packet distributing device is a device to apply the functions of the present invention, and each diagram a configuration example of a high-level layer processing unit 3, shown in FIG. Further, FIGS. 5 to 8 is a process sequence diagram of a device level. 9 to 12, the device for applying the present invention, is a diagram showing a configuration example of the main table.

Figure 3 is a block diagram showing a configuration example of a packet sorting device. The solid arrows packet data stream in the drawing, the dashed arrows indicate respectively the internal control data stream. In the figure, 51 is a packet receiving unit that receives a packet from the Internet 20, 52 is a packet identifying unit for identifying a packet by receiving a packet from the packet receiving unit 51. 53 assignment destination determination unit determines distribution destination by receiving the output of the packet identification unit 52, 54 is a sorting table. Assignment destination determination unit 53 determines a distribution destination by referring to the distribution table 54. 55 packet processing unit for processing a packet in response to an output of the distribution destination determination section 53, 56 is a packet transmission unit for packet transmission to outside in response to an output of the packet processing unit 55.

57 high-order layer processing device monitoring unit for monitoring the high-level layer processing unit data based on from the message type determining unit 60, 58 is connected to the high-level layer processing unit 57 is the distribution management unit for managing the distribution . 59 is connected to the vibrating component management unit 58, a high-level layer processing unit setting information management unit which manages the high-level layer processing unit setting information for managing the configuration information of the higher layer processing unit. 60 is connected to the packet identification unit 52, the message type determination unit determines the type of message, 61 in the high-level layer processing unit cooperating unit cooperating with high-order layer processor receives the information from the message type determining unit 60 is there. The output of the high-order layer processor monitoring unit 57 and the high-order layer processor cooperating unit 61 is transmitted to the packet transmission unit 56. Moreover, the distribution management module 58 and the sorting table 54 are interconnected.

The high-order layer processor monitoring unit 57, the distribution management module 58, higher layer processing unit setting information management unit 59, with the message type determining unit 60 and the high-order layer processing unit 61, the operation management unit 31 described for FIG. 2 It is configured. Then, configuration and 該運 administrative unit 31, a packet receiving unit 51, packet identification unit 52, the distribution destination determining unit 53, the sorting table 54, the packet sorting unit 3 in the packet processing unit 55 and the packet transmitting unit 56 ing. To describe the operation of the thus constituted apparatus is as follows.

Packet from the client 1 enters the packet receiver 51 through the Internet 20. The packet receiving unit 51 passes the received packet to the packet identification unit 52. The packet identification unit 52 identifies the type of the input packet, and passes the message type determining unit 60 or the distribution destination determining unit 53 in accordance with the identification result. Shake amount determination unit 53 refers to the sorting table 54 corresponding to the input packet, recognizes the high-level layer processing unit of the distribution destination.

Next, the distribution destination determining unit 53 passes the packet to the packet processing unit 55. The packet processing unit 55 notifies the packet transmission unit 56 crowded put the hash value into the packet, the the packet transmitting unit 56 transmits the packet to the higher layer processing unit 5.

The operation management unit 31 selects the migration destination higher layer processor, notifies the session takeover information in the high position layer processing unit 5, also determines the congestion state of the higher layer processing unit 5, at the time of congestion, the packet sorting the device 3 corresponding to the hash value packet, changes the distribution destination to the takeover destination of the higher layer processing unit from the higher layer processing unit determines that the congestion.

Specifically, the packet identification unit 52, was determined to be processed by the operation control unit 31 packet packet passes by sorting the message type determining unit 60, the message type determining unit 60 has received from the packet identifying unit 52 packet, further, a packet for monitoring the state of the high-level layer processing unit 5 is conventional and classified into packets for takeover information, the former to a higher layer processing unit monitoring unit 57, higher layer processing unit interconnecting part of the latter pass to the 61.

On the other hand, the distribution management module 58, higher layer processing unit monitoring unit 57, higher layer processing unit cooperating unit 61, higher layer processing unit setting information management unit 59, and are connected in sorting table 54 and the internal control line, change the sorting table 54 based on the detected failure information of high-order layer processing unit 5 in the high-level layer processing unit monitoring unit 57, the information gathered in the higher layer processing unit cooperating unit 61 high-order layer processing device setting information management unit 59 to the transfer, also transferred based on the information of the higher layer processing unit setting information management unit 59 generates a session takeover information, the takeover information to the appropriate high-level layer processing unit 5 via the high-order layer processing device cooperation unit 61 the control, such as performing.

Figure 4 is a block diagram showing a configuration example of a high-level layer processing unit. Solid arrows packet data stream, the dashed arrow is the internal control data stream. In the figure, 41 is a packet receiving unit which receives the output from the packet transmitter 56 of the packet distributing unit 3, 72 is a packet identification unit for identifying the packet in response to an output of the packet receiving unit 71, 73 is packet identification unit 72 a packet information extraction unit for extracting the packet information in response to the output of.

74 session management unit which receives the output of the packet information extracting unit 73, 75 is the session management table to be interconnected with the session management unit 74, 76 is connected to the packet information extracting unit 73 and the session management unit 74 packets packet processing unit for processing, 77 is connected to the packet processing unit 76, a packet transmitting unit which transmits towards the packet to the external device. 78 high-level layer processing unit interconnected with the session management unit 74, 79 is a device manager which is interconnected with high-level layer processing unit 78. The device management unit 79, the packet identifying unit 72, a management unit connected to the session management unit 74 and the packet transmitting unit 77.

Of these components, the high-level layer processing unit 78 and the device management unit 79 is constituted by software, the packet reception unit 71, packet identification unit 72, a packet information extracting unit 73, the session management unit 74, the session management table 75, the packet processing unit 76 and the packet transmitting unit 77 is composed of hardware. To describe the operation of the thus constituted apparatus is as follows.

Packet receiving unit 71 receives the output packet from the packet transmitting unit 56 of the packet distributing unit 3, passes the packet identifying unit 72. Packet identification unit 72, based on the information of the received packet, should be processed by the device management unit 79 a packet identifies the packet should pass the packet information extraction unit 73, based on the identification result, the device management unit 79, a packet It passes the packet to any one of the information extraction section 73. If it passed to the packet information extracting unit 73, a packet information extracting unit 73, a hash value included in the packet, and extracted with information necessary to the conventional session processing, and notifies the session management unit 74.

In the session managing unit 74, using the session management table 75, obtains the session management information, or performs updates and product, at the same time, using the extracted hash value, records the state of use of resources for the session process. Furthermore, the session management unit 74 reads the information of the destination IP address and the like necessary for packet transfer from the session management table 75, notifies the packet processing unit 76. Moreover, the session management unit 74 is connected to both high-level layer processing information processing unit 78 inside the control line, according to an instruction based on the processing results, such as the transfer destination determining a new session of the high-level layer processing information processing unit 78, the session management table to implement the rewriting of 75.

On the other hand, the packet processing unit 76, a packet from the packet information extraction unit 73 is processed based on information from the session management unit 74. The processed packet is transmitted from the packet transmitting unit 77 to the device outside.

5 to 8 showing a flow of processing of the present invention system, respectively, a client 1, a packet distribution unit (front) 3, and high-level layer processing unit 5-1, a high-level layer processing unit 5-2, packet distributing unit (rear stage) 4 shows the interaction between the server 2. In packet distributing unit 3, 31 is the operation management unit, 32 is a sorting unit. In packet distributing device 4, 41 is the operation management unit, 42 is a sorting unit.

9, FIG. 10 is a diagram showing a configuration example of the main table in the distribution management module of the packet sorting device. (1) shows an example of the configuration of the distribution destination change hash value table. As shown, the high-order layer processor ID, a hash value effective display, a control target hash value, and resource consumption index value, and a watchdog timer. Here, the resource consumption index value, the session processing speed of the appended 16,17, a CPU usage rate of E18.

(2) the high layer device - shows a configuration example of a hash value correspondence table. As shown, the high-order layer processor ID, a hash value effective display, a control target hash value, during congestion, the distribution target high-order layer processing device ID, the time of congestion, than the use VLAN (Virtual LAN) tag value It is configured. (3) shows a configuration example of a session takeover information control table. As shown, the high-order layer processor ID, a valid display, and a takeover session information storage location pointer.

Figure 11 is a diagram showing a configuration example of a session management table of the higher layer processing unit. (1) shows an example of a configuration of the session management table. The session management table, a source IP address, a source port, and protocol ID, a destination IP address, a destination port, a session state, the transfer route, a conversion content, and a hash value . (2) is a hash for each session handling information table. The hash each session processing information table is composed of a hash value, from the session processing speed (Session / sec).

Figure 12 is a diagram showing a configuration example of the main table in the device management unit of the higher layer processing unit. (1) shows the hash each information table. The table, the hash value, the notification target display, and resource consumption index value, and a service priority. Resource consumption index value, and session processing speed, CPU usage may be used. (2) is a diagram showing a configuration example of a service information table (conventional apparatus). The table includes a source IP address, and source port, protocol ID and a destination IP address, and a destination port, the service ID and the service type and, and a service priority (claim 1, 2 of the description)
Invention of claim 1, wherein, different located in front of the various servers such as a border or iDC and corporate data center between the network, higher layer processing for based processing on Layer 4 or more high-level layer information of the received packet a system, for scalability secure systems, high order the high-level layer processing unit arranged plurality in parallel, their high-order layer processing unit group composed of a packet sorting device that sorts the packets based on the L3 following information of the received packet in layer processing system, calculated from the information in the received packet, the hash value used in the determination of the higher layer processing unit is the distribution destination, a packet sorting device to notify the higher layer processing unit with transfer packet, the hash value processing resources to monitor every, it holds information of the result, the own higher layer processor congestion or If you anticipate 輳, leave selected session group to deliver the treatment to the other high-order layer processing unit by the hash value units, information necessary to take over and the selected hash value, the processing of a session corresponding to the hash value to highlight the high-order layer processing device notifies the operation management unit of the packet sorting device for monitoring the resources of the higher layer processing unit units higher layer processing unit group, the takeover destination of the higher layer processing unit, the high level layer processing device notifies the session takeover information, also, to determine the congestion state of the higher layer processing unit, at the time of congestion, the packet sorting apparatus of takeover destination from the higher layer processing unit determines that the congestion of packets corresponding to the hash value in high-layer processing system configured by comprising: a management unit, a to change the distribution destination to the higher layer processing unit transfers That.

Features of the invention of claim 1, wherein, as described above, the packet sorting device 3, in cooperation with the high-level layer processing unit 5, without degrading the transmission performance of the packet distributing unit 3, parks of distribution to the point that can be corrected there. It will be described with reference to FIG. Here, FIG. 2 is a client 1 → server in two directions packet sorting performed front stage packet distributing unit 3, a sorting of the return of the server 2 → client 1 direction subsequent packet distributing device 4 performs.

Client - since that must be performed at a particular high-level layer processing unit processing for the session between the server and must be the same higher layer processor assignment destination in the forward and reverse passes. Therefore, in order to disperse the distribution destination, using the client IP address to the hash key in front / rear stage both.

That is, the forward source address, return selects a destination address in the hash key by calculating the hash value, to obtain the same hash value, it is judged the high-level layer processing unit corresponding thereto, distributed (FIG. 14 reference). In Figure 5 (A-1) as (A-1 ') flow through the same high-order layer processor #a the hash value 101 is illustrated in the figure in both flow distributing unit 32 and 42 which is a result of the calculation.

Portion ● in FIG. 5 and FIG. 6 shows the point at which the flow passes. Of the process contents that describes each point, those bold under drawing, showing the process of claim 1.

Next, FIG 5 shows referring to FIG 3 and FIG 4 the internal movement of the device corresponding to FIG.
1. Packet distributing unit 3 receives the packet of (A-1) flow by the packet receiving unit 51, and passes the packet identifying unit 52. The packet identifying unit 52 is a portion that identifies a packet that terminates in the device, in the conventional apparatus identifies the ICMP (Inter Control Message Protocol) packets or Keep alive packets for monitoring the state of the high-level layer device, upper It passed to the operation management unit 31 of the.

(A-1) packets, since relay packet to the server 2, are passed from the packet identifying unit 52 to the distribution destination determining unit 53. Here, the distribution destination determining unit 53 extracts the hash key, performs a hash calculation determines the allocation destination higher layer processing unit 5 using the sorting table 54 (see FIG. 14), the packet processing unit 55 hand over. In the conventional apparatus performs framing imparted with MAC address assignment destination higher layer processing unit 5 in the packet processing unit 55, but here, after the process of embedding the calculated hash value to the packet, the packet communication unit 56 and it sends to the outside of the apparatus from.
2. High-order layer processor # 0 and # 1 receives the packet received from the packet distribution apparatus 3 by the packet receiving unit 71, by the packet information extraction unit 73 through the packet identifying unit 72, necessary for the conventional session processing in addition to the information (information to L4), the 1. In to extract a given hash value. As the session management table (1) in FIG. 11, the hash value to the information of the session entry is also stored, in the case of a new session, the session processing speed of the hashing each session processing information table (2) in FIG. 11 reflect, resource consumption information for each hash (in this case, the session processing speed) to collect.

The received packet is similar to the conventional session processing, when a new session, registered in the session management table is performed, go to the packet processing unit 76 → the packet transmission unit 77 → the high-level layer processing unit 78, followed by high-level layer information to the outside from the processing unit 78 → the packet receiving unit 71 → ... → packet transmission unit 77, the route through the high-level layer processing unit 78. When transfer phase of the user data in an existing session, without passing through the high-level layer processing unit 78, based on the information in the session management table is transferred from the packet transmission unit 77 to the outside. Here, when forwarding to the subsequent packet distributing unit 4, the hash value applied to the packet by the packet processing section 76 erases / removed.
3. The subsequent packet distributing unit 4, the (A-1 ') flow packets, the 1. It performs the same processing as.
4. Now, high-order layer processor # 0, # 1, above 2. In with information management unit 79 for each hash siphoning periodically that collected in the form of a hash for each information table (1) in FIG. 12, manages information for each hash value. Then, periodically select a hash value of the handover candidates, and notifies it to flow in the packet sorting device 3 in FIG. 5 (A-2).

Internal notification route at that time is a packet transmission unit 77 from the device management unit 79. Here, in addition to the hash value, also passes the session management table information corresponding to the hash. Collecting information in the session management table (1) of FIG. 11 with an entry of the selected hash value is transferred to the packet sorting unit 32.
5. Packet distributing unit 3, the 4. The forwarding information by the packet identification unit 52 (the IP address and protocol number, etc.) identification, and passes the message type determining unit 60. The message type determining unit 60, the 1 which is also a conventional device. In identifying and transfer of ICMP packets and Keep alive packets and the hash information described, it passes the hash information to the higher layer processing unit linkage unit 61.

To extract the information required by the headquarters, and passes to the distribution management unit 58. Shake amount management unit 58, in addition to the table of the conventional apparatus of FIG. 15, the session takeover information control table (3) in FIG. 10 together with information from other higher layer processing unit holds the received information. Here, select the high-order layer processor status from the resource information of the higher layer processing unit unit of the management table, a hash of congestion when undertaken destination of the notice from the high-order layer processing unit (1) in FIG. 15, FIG. 9 higher layer processing unit (2) - to retain the information in the hash value correspondence table.

Here, holds and transfers the selected session management table information corresponding to the hash value to the higher layer processing unit underwriting destination was ((A-3 in FIG. 5)). It should be noted that the above-mentioned 4. These session management table information received in, for example previously managed by the session takeover information form the control table (3) in FIG. 10, sequentially reads out and transfers.
6. High-layer processing unit # 0, the conventional apparatus as well as its own device overall resource usage are also monitored, during a state where the congestion state, or congestion is predicted (★ mark of 5-1 of FIG. 5) , the above-mentioned 4. Refrain notification message to the packet sorting unit 3.
7. Packet distributing unit 3, the 6. That does not come notification message by, detected by the distribution destination change the hash value information table monitoring timer (1) in FIG. 9 (★ mark portion of the packet sorting device 3 in FIG. 5). Once detected, the hash value and the delivery destination corresponding to the high position layer processing unit 5, higher layer device (2) in Fig. 9 - retrieves from the hash value correspondence table, based on the information, in Figure 14 relating to the hash It rewrites the entry of the distribution management table.
8. The packet sorting unit 3, the 7. As to notify it is determined that the congestion to higher layer processing unit # 0. This notification, through higher layer processor cooperating unit 61 from the distribution management unit 58 of FIG. 3, carried out in the route of the packet transmission unit 56 (in FIG. 6 (B-1)).
9. The high-order layer processing unit 5-1, the 8. Receiving a message at the root of the packet transmission unit 77 → device manager 79 (in advance, if the registered statically to keep mounted to the session managing unit 74 a communication session with the packet distribution apparatus 3), notified of exclude the hash value from the notification target (disable notified valid flag hash each information table (1) in FIG. 12).
10. Packet distributing unit 3, the 6. The change of the hash value and the distribution destination corresponding to notify the subsequent packet distributing device 4 (in FIG. 6 (B-2): The operations in both devices, as in the case of high-order layer processing unit 5-1 Since the description thereof is omitted).
11. 7 above. And 10. By the processing, the above-mentioned 1. And 3. In flow that has been allocated to the higher layer processing unit 5-1, with the forward / backward allocated to higher layer processing unit 5-2, the 5. Since the information of the service session is also in high layer processing unit 5-2 in without session expires, it is possible to continue the service ((B-3 in FIG. 6) and (B-3 ')).

According to the invention of claim 1, wherein said hash value is for calculating to originally select the high-level layer processing unit of the distribution destination, the packet sorting apparatus, at the time of packet transmission, a new information It does not require a table access for pulling out. The packet forwarding is embedding the hash value is overhead, from the management device of the active session, small amount of processing, it is possible to speed.

Thus, in a system consisting of the packet sorting unit and the high-order layer processor, not upgradable as higher layer processor, it can speed up the packet distributing device comprising a speed bottleneck. Moreover, the session load concentration to a specific high-order layer processing device due to the distribution do not see a session, can be avoided by mechanisms dynamic distribution destination changes described above, to effectively utilize the entire resources of the high-order layer processor can.
(Description of claim 3)
The invention according to claim 3, among the information necessary to take over the processing of the session corresponding to the hash value selected, rather than through the operation management unit of the packet sorting device, the packet sorting unit and the higher layer processing unit group via a switch mechanism deployed in the higher layer processing unit to obtain information takeover destination higher layer processing unit from the operation management unit, characterized in that transfer device itself in migration destination device.

7 and 8 show the operation sequence of claim 3. Underlined processing description S1, S2, S3 in FIG. 7 is a difference point between Fig. The difference between claims 1 and 2, a of FIG. 7 (A-2) ~ (A-2 '). Notifies only the hash value (A-2), (A-3) delivery destination device from the packet sorting device asked to notify (higher layer processing unit 5-2), the high-order layer processing unit 5-1 without passing through the packet distributing unit 3 transfers the session information corresponding to the relevant hash value directly high-order layer processing unit 5-2. For example, although not described in FIG. 7, performed via L2 switch 6 of Figure 2.

According to the second aspect of the present invention, the packet processing device, eliminating the need session information transfer process according to claim 1 and 2, functions becomes lighter. Further, for aligning a large number of high-order layer processing unit as shown in FIG. 2 in claim 1, in the configuration in which the L2 switch 6, towards the invention of the claims described, the L2 switch of resources by the session information transfer it is possible to reduce the consumption.
(Description of claim 4)
Congestion state according the invention in claim 4, wherein the not transferred to the migration destination higher layer processing unit the information necessary to take over the processing of the session corresponding to the hash value selected, simply packet distributing apparatus high layer processing unit determine, during congestion, the packets corresponding to the hash value, and performing only sorting the migration destination higher layer processing unit from the determined higher layer processing and congestion.

Fourth aspect of the present invention, (A-3) of FIG. 5 and is obtained by so as not to perform the synchronization session information between the higher layer processing unit of (A-2 ') in FIG. Meaningful in combination with Appendix 21. For example, if the service different quality of service is multiplexed, for low-priority services, so that the session disconnection is observed.

According to the fourth aspect of the present invention, without performing synchronization session can be performed to differentiate their services.
(Description of claim 5)
According to a fifth aspect of the invention, without transferring the migration destination higher layer processing unit the information necessary to take over the processing of the session corresponding to the hash value selected, the congestion state of the packet sorting device high layer processing unit determining, during congestion, copies the packets corresponding to the hash value, and wherein the transfer of packets to the takeover destination higher layer processing unit with high-order layer processing unit of the current processing system it is determined that congestion state.

According to a fifth aspect of the invention, as claimed in claim 1 to 3, wherein, in advance without synchronization session information between the higher layer processing, and a method that does not cause a session disconnection as claimed in claim 4. It sends a packet to both, as described above, by performing both the processing, to already session can continue in high-order layer processing device currently processing system, can be a new session is treated with takeover destination higher layer processor.

In the current processing system, and controlled so as not to accept a new session of the selected hash, in the takeover destination to accept only the new session to the contrary, the other is discarded. Here, it is assumed-min, controlled identified by identification information in the packet sorting device described in Appendix 10 which will be described later.

According to the invention described in claim 5, it is possible to omit the synchronous processing of the session information between the higher layer processing unit that can occur prior periodically for aligning a large number of high-order layer processing unit as shown in FIG. 2, in the configuration in which the L2 switch 6 may be towards the claims, to reduce the consumption of L2 switches resource by the session information transfer.
(Invention of Appendices 6)
The invention Supplementary Note 6, wherein, without transferring the migration destination higher layer processing unit the information necessary to take over the processing of the session corresponding to the hash value selected and deployed between the packet distributing unit and the high-level layer processing unit L2 using switches in advance to set the VLAN between the packet distributing unit and the high-level layer processing unit two possible pairs, the packet sorting apparatus determines the congestion state of the higher layer processing unit, a congestion state characterized in that the determined current process based high-layer processor and takeover destination higher layer processing device broadcasts a packet that corresponds to the hash value belongs VLAN.

Invention according to Note 6, wherein, for example, in FIG. 2, front packet distributing unit 3 and the high-order layer processor # 0 and # 1 to VLAN1, the pre-stage packet distributing unit 3 and the high-order layer processor # 2 and # 3 to VLAN2 preset, by the same purpose as claimed in claim 5, if you want to send a packet to both # 1 and the higher layer processing unit # 0 is for broadcast to VLAN1. According to claim 5, it is necessary to copy processing in the packet sorting device, in this manner, the packet sorting unit without the need for packet copying, requires only VLAN tagging and broadcast addressing. In this case, the tag information value granted to the VLAN higher layer device (2) in Fig. 9 - will add to the hash value correspondence table.

The packet transfer apparatus of the L2 switch 6 of Figure 2 is tagged VLAN setting, in high-order layer processing device side port VLAN configuration processing to remove one stage VLAN tags to the transfer side to the higher layer processing unit side is required. In other words, it is necessary to configure multiple port VLAN to a physical port. Or, in the higher layer processing unit side, it is necessary to perform a process to remove one stage VLAN tags unconditionally.

According to the invention of note 6, wherein, the copy processing is not required in the packet sorting device, such as according to claim 5, high-speed processing is possible.
(Invention of Appendices 7)
The invention Supplementary Note 7, wherein the higher layer processing system, for the external, provides a VLAN configuration service, the VLAN associated with the external VLAN also between the packet distributing unit and the high-level layer processing unit If the, outbound VLAN tag values ​​assigned to not used as VLAN tag value distribution for VLAN congestion startup value, VLAN tag associated with the external VLAN service from the VLAN tag value to use when sorting congestion startup providing the value, L2 switch and performing conversion to rewrite.

If high layer processing system to accommodate a plurality of intranet network, the IP address used in each of the intranets are independent, there is a possibility of collision. Therefore, it is necessary to set the VLAN for each intranet. The present invention, in such a case, aim the same control as claimed in claim 6, in which previously ensuring the VLAN tag space for distribution of congestion at startup.

According to the invention of note 7, it is possible to accommodate a plurality of intranet networks the address collision can occur.
(Description of Appendix 8)
Invention of Supplementary Note 8, wherein the converted / rewritten VLAN tag value associated with the external VLAN service from the VLAN tag value to use when distributing the congested startup, and performing at higher layer processor.

The present invention, In Addition 7, is obtained by the VLAN tag value conversion functions necessary for processing continuity of the higher layer processing unit to have the high-order layer processor itself.

According to the invention of note 8, wherein, when using a general-purpose L2 switch, VLAN tag value conversion function according to claim 7, there are cases where the transfer performance deteriorates, this can be avoided.
(Invention appendices 9)
For invention Supplementary Note 9, wherein the higher layer processing system, for the external, provides a VLAN configuration service, providing the VLAN associated with the external VLAN also between packet distributing unit and the high-level layer processing unit for, and providing a VLAN to be used when sorting congestion at startup and VLAN associated with the external VLAN between packet distributing unit and the high-level layer processing unit hierarchically.

The invention of this appendix description, like the appended 7 and Appendix 8, without using the same VLAN tag space for exterior and interior distribution is obtained by so stratified.

According to the invention of note 9, wherein, by layering, VLAN tag value can be used freely, and also the number of available increasing than appended 7/8 can hold scalability.
(Invention of Appendices 10)
Appendix 10 the described invention, the packet sorting device, grant information indicating whether to change the distribution destination with congestion of certain high-order layer processing unit to the packet, the higher layer processing unit that has received the distribution destination change packet includes these distribution destination change session and the it until the service during the session of, about it until the service object new session of, and performs differentiation control processing resource allocation.

The invention of this appendix described, for example, if there is no synchronization session information between the higher layer processing unit as claimed in claim 4, in which the purpose of protection of delivery destination of the processing in the resource. For identification information (flag) applied, it requires additional grant indication field to the distribution management table 21 in FIG. 14.

According to the invention of appendix 10, wherein it is possible to protect the processing resources of delivery target of the process during a session.
(Invention of Appendices 11)
Invention of Supplementary Note 11, wherein, as a notification method for the hash value to be notified for each packet to a higher layer processing unit from the packet sorting device, characterized in that embedded in the ToS field of the IP header.

The invention of this appendix description has to embed the identity of the hash value and claim 10 in the ToS field.

According to the invention of Appendix 11, wherein the server → client, in either direction of the client → server, without compromising the address information field of the transfer, can be used.
(Invention according to Note 12)
Supplementary Note 12 the described invention, as a notification method for the hash value to be notified for each packet to a higher layer processing unit from the packet sorting device, using a VLAN packet transfer, characterized in that embedded in Priority field of the VLAN header.

The invention of this appendix 12, wherein the use of a VLAN, is obtained so as to fill the identification information of the hash value and note 10 in the Priority field in the VLAN header.

According to the invention of this appendix 12, wherein, using a VLAN frame is obtained by such embedding identification information of the hash value and note 10 (flag) in the Priority field in the VLAN header.

According to the invention according to Note 12, wherein, server → in either direction of the client and the client → server, impairing the address information field of the transfer IP layer, i.e., used without, can convey the hash value.
(Invention of Appendices 13)
Supplementary Note 13 invention of the described, as a notification method for the hash value to be notified for each packet to a higher layer processing unit from the packet sorting device, in the case of IPv6 packets, characterized in that embedded in Flow ID field of the IP header.

The invention of this appendix description, when the IPv6 packet, in which so as to fill the hash value to the Flow ID field of the IP header.

According to the invention of appendix 13, wherein it is possible to increase the hash value range than the case of Appendices 11/12.
(Invention of Appendices 14)
Invention of Supplementary Note 14, wherein, as a notification method for the hash value to be notified for each packet to a higher layer processing unit from the packet sorting device, encapsulates the transfer packet, is characterized in that embedded in the encapsulation header.

The invention of this appendix according encapsulates the transfer packet, is characterized in that the embedding a hash value into the encapsulation head. For example, the destination address is a fixed value indicating the capsule is to use the source address.

According to the invention of appendix 14, wherein it is possible to increase the hash value range than the case of Appendices 11/12.
(Invention of Appendices 15)
Appendix 15 the described invention, the higher layer processing unit provides a server load balancing services, the packet sorter server direction from the client, when performing packet distribution, as a notification method for the hash value to be notified for each packet, characterized in that embedded in the destination IP address field of the packet.

For server load balancing, the destination IP address of the server direction from the client indicates the address of the virtual server. Previously, the high-order layer processing apparatus defines the ID of the virtual server has a table ID and IP address relationships, the packet sorting device pulls a virtual server ID from the virtual IP address, the destination IP address field, and the hash value by embedding the virtual server ID, by in high layer processing apparatus utilizing said server ID-IP address association table can be carried out service without any problem.

However, because there is no field that can be used as well in the client direction from the server, the method as shown in FIG. 13, there is no subsequent packet distributing apparatus, when the high-level layer processing unit accommodates the server directly (the case of FIG. 2 housing division loss of the server than applied to is large) is limited.

According to the invention of appendix 15, wherein it is possible to increase the hash value range than the case of claim 11/12.
(Invention of Appendices 16)
Invention of Appendices 16 wherein, said high-order layer processing device, which comprises using the session processing speed value as a processing resource information to be monitored for each hash value.

As shown in assumptions about the higher-layer processing equipment, software processing of the higher layer processing device, mainly occur at the start of a session, the processing part is likely to be a bottleneck of the relay processing. Therefore, as the monitoring parameter for the resource used higher layer processing unit, in which to use a session processing apparatus according to the number of new sessions within a predetermined time.

According to the invention of appendix 16, wherein, the session processing speed observation itself, by utilizing the session management table may be implemented in hardware, requiring less load software processing of the higher layer processing apparatus according to the processing.
(Description of Appendix 17)
Invention according to Supplementary Note 17 further performs a weighting corresponding to the service type carried out in the session to the session processing speed value, it is characterized by using the selection of the hash value.

For example, if the server load balancing, there is a process of determining the distribution server based on the information For HTTP, the range of information to be references HTTP (e.g., only the file extension, or file name itself) in the processing load is different. In this case, the Appendix 16, can not recognize the difference between these loads. Thus, previously determined weighting for each service type, determines on which multiplied by its weighting in the session processing speed (see service information table (2) in FIG. 12).

According to the invention of appendix 17, wherein, thereby enabling more accurate resource consumption situation estimate than claim 16.
(Invention of Appendices 18)
Appendix 18 the described invention, the high-order layer processing device, as the processing resource information to be monitored for each hash value, characterized by using the CPU utilization.

The invention of this appendix description has to use a CPU utilization as a processing resource information.

According to the invention of appendix 18, it is possible to more accurately resource consumption situation estimated than in Appendix 17.
(Invention of Appendices 19)
Invention of Appendix 19, wherein, for the hash value selecting method of the higher layer processing unit, among the processing resources monitoring results are stored for each hash value, and selects the smallest non-zero.

According to the invention of Appendix 19, it can be selected easily hash value.
(Invention of Appendices 20)
Invention of Supplementary Note 20, wherein, for the hash value selecting method of the higher layer processing unit, among the processing resources monitoring results are stored for each hash value, and selects the one closer to the predetermined value.

This invention has to be able to select a hash value together with the congestion determination described higher layer processor.

According to the invention of appendix 20, wherein it is possible to obtain a reliable control effect (processing amount reduction effect delivery).
(Invention of Appendices 21)
Invention of Supplementary Note 21, wherein the predetermined high-order layer processor processing resources monitoring results held in each of the hash value is stored for each quality of service provided, based on service quality, selects a notification hash value it is characterized in.

The invention of this appendix description has to choose a hash value in consideration of service quality. 12 (1), selected using a hash for each management table, the service priority of the service information table (2). For example, with respect to what is lower service priority, and controls a combination of claims 4.

According to the invention of appendix 21, wherein it is possible to differentiate the service.
(Invention according to Supplementary Note 22)
Invention according to Note 22, wherein, one notification hash value at a time instead, pass a plurality lists, and monitor resource value of the packet sorting device said list, based on the load status in each higher layer processing unit, sorting and selects the previous high-level layer processing unit.

A plurality of candidate hash, in which to pass the list to the packet distributing device. After the packet sorter selects the delivery hash value based on a list, in which to perform the synchronization process of delivery session information.

According to the invention of appendix 22, wherein, in accordance with a bucket sorting device list can multiple delivery process, taking into account the influence of the effect and delivery destination delivery, it is possible to resource allocation.

(Supplementary Note 1) different located in front of the various servers such as a border or iDC and corporate data center between the network and a higher layer processing system that performs processing based on the layer 4 above the high-level layer information of the received packet, the system for scalability secure, the higher layer processing unit arranged plurality in parallel, their high-order layer processing unit group, the higher layer processing system comprising a packet sorting device that sorts the packets based on the L3 following information of the received packet,
Calculated packet distributing device from the information in the received packet, the hash value used in the determination of the higher layer processing unit is distribution destination, and notifies the higher layer processing unit with transfer packet (Step 1),
Higher layer processing unit monitors the processing resources for each said hash value, holds information on the result, when the own higher layer processor has predicted congestion or congestion, session group to deliver the treatment to the other high-order layer processor leave selected hash value units, and the selected hash value, the information necessary to take over the processing of the session corresponding to the hash value, monitoring the resources of the higher layer processing unit units higher layer processing unit group notifies the operation management section of the packet sorter (step 2),
The operation management unit selects the migration destination higher layer processor, notifies the session takeover information in the high position layer processing unit, also determines the congestion state of the higher layer processing, at the time of congestion, the packet sorter is the the packets corresponding to the hash value, the distribution destination is changed to the higher layer processing unit migration destination from the higher layer processing unit determines that congestion transferring (step 3),
Higher layer processing method characterized by.

(Supplementary Note 2) The higher layer processing system having different positioned in front of the various servers such as a border or iDC and corporate data center between the network performs processing on the basis of the layer 4 above the high-level layer information of the received packet, the system for scalability secure, the higher layer processing unit arranged plurality in parallel, their high-order layer processing unit group, the higher layer processing system comprising a packet sorting device that sorts the packets based on the L3 following information of the received packet,
Calculated from the information in the received packet, and the packet sorting device to notify the higher layer processing unit the hash value used in the determination of the higher layer processing unit, the transfer packet is a distribution destination,
Monitoring the processing resources for each of the hash value, it holds information on the result, when the own higher layer processor has predicted congestion or congestion, the hash value units session group to deliver the treatment to the other high-order layer processor selection and advance, and the selected hash value, the information necessary to take over the processing of the session corresponding to the hash value of the packet sorting device for monitoring the resources of the higher layer processing unit units higher layer processing unit group and the higher layer processing unit to notify the operation management unit,
Select the takeover destination of the higher layer processing unit, notifies the session takeover information in the high position layer processing unit, also determines the congestion state of the higher layer processing, at the time of congestion, the packet sorting device corresponding to the hash value a management unit which changes the distribution destination transfer to higher layer processing unit migration destination from the higher layer processing unit determines that the congestion packet,
High layer processing system configured to include a.

Switch (Supplementary Note 3) The selected information necessary to take over the corresponding session to the hash value, rather than through the operation management unit of the packet sorting device, which is deployed between the packet distributing unit and the high-level layer processing unit group through mechanism, the higher layer processing unit to obtain information takeover destination higher layer processing unit from the operation management unit, higher layer processing system according to note 2, wherein the transfer to the migration destination device unit itself.

(Supplementary Note 4) not transferred to the migration destination higher layer processing unit the information necessary to take over the processing of the session corresponding to the selected hash value, simply packet distributing apparatus determines the congestion state of the higher layer processing unit, during periods of congestion, Appendix 2 or 3 high layer processing system, wherein the performing packet corresponding to the hash value only distributed to the takeover destination higher layer processing unit from the determined higher layer processing and congestion.

(Supplementary Note 5) without transferring to the migration destination higher layer processing unit the information necessary to take over the processing of the session corresponding to the selected hash value, the packet sorting apparatus determines the congestion state of the higher layer processing unit, the congestion when copies the packets corresponding to the hash value, according to note 2 or 3, wherein the transfer of packets to the takeover destination higher layer processing unit with high-order layer processing unit of the current processing system it is determined that congestion state higher-layer processing system.

(Supplementary Note 6) without transferring to the migration destination higher layer processing unit the information necessary to take over the processing of the session corresponding to the selected hash value, the L2 switch deployed between packet distributing unit and the high-level layer processing unit using Te, currently set the VLAN advance between the packet distributing unit and the high-level layer processing unit two possible pairs, the packet sorting apparatus determines the congestion state of the higher layer processing unit determines that the congestion state high layer processing system according to note 2 or 3, wherein the broadcast packets corresponding to the hash value to the higher layer processing unit and takeover destination higher layer processor belongs VLAN processing system.

(Supplementary Note 7) high layer processing system, for the external, provides a VLAN configuration service, the case where the VLAN associated with the external VLAN also between the packet distributing unit and the high-level layer processing unit , outbound VLAN tag value, assigns a value not used as VLAN tag value of the congestion at the start of distribution for VLAN, the VLAN tag value associated with the external VLAN service from the VLAN tag value to use when congestion startup distribution, high layer processing system according to Supplementary note 6, wherein the L2 switch and performing conversion to rewrite.

(Supplementary Note 8) high of the conversion / rewrite the VLAN tag value to use when sorting congestion at startup VLAN tag value associated with the external VLAN services, note 7, wherein the performing by high layer processing unit layer processing system.

Case (Supplementary Note 9) high layer processing system, for the external, provides a VLAN configuration service, providing the VLAN associated with the external VLAN also between packet distributing unit and the high-level layer processing unit, a packet high layer processing system according to Supplementary note 6, wherein the hierarchically provided that the VLAN to be used when sorting congestion at startup and VLAN associated with the external VLAN between distribution device and the high-order layer processor.

(Supplementary Note 10) The packet sorting device, grant information indicating whether to change the distribution destination with congestion of certain high-order layer processing unit to the packet, the higher layer processing unit that has received the distribution destination change packet, these a distribution destination change session, until the service during the session it, about it until the service object new session of higher layer according to any one of Appendixes 2 to 4, characterized by performing differentiated control of the processing resource allocation processing system.

(Supplementary Note 11) as a notification method for the hash value to be notified for each of the packet from the packet sorting device to a higher-layer processing unit, high according to any one of Appendices 2 to 10, characterized in that embedded in the ToS field of the IP header layer processing system.

(Supplementary Note 12) as a notification method for the hash value to be notified for each packet from the packet distributing device to a higher-layer processing unit, using a VLAN packet transfer, Appendix 2 to 10, characterized in that embedded in Priority field of the VLAN header high layer processing system according to any one of.

From (Supplementary Note 13) The packet sorter as the notification method of the hash value to be notified for each packet to a higher-layer processing unit, in the case of IPv6 packets, according to Note 2 to 10, characterized in that embedded in Flow ID field of the IP header high layer processing system according to any.

(Supplementary Note 14) as a notification method for the hash value to be notified for each of the packet from the packet sorting device to a higher-layer processing unit encapsulates the transfer packet, one of Appendices 2 to 10, characterized in that embedded in the encapsulation header higher layer processing system according to.

(Supplementary Note 15) The higher layer processing unit provides a server load balancing services, the packet sorter server direction from the client, when performing packet distribution, as a notification method for the hash value to be notified for each packet, the packet destination high layer processing system according to any one of Appendixes 2 to 10, characterized in that embedded in the IP address field.

(Supplementary Note 16) The higher layer processing unit, high layer processing system according to any one of Appendixes 2 to 10, characterized by using a session processing speed value as a processing resource information to be monitored for each hash value.

(Supplementary Note 17) performs weighting corresponding to the service type carried in the session to the session processing speed value, high layer processing system according to Note 16, wherein the use in the selection of the hash value.

(Supplementary Note 18) The higher layer processing device, as the processing resource information to be monitored for each hash value, the higher layer processing system according to any one of Appendixes 2 to 10, wherein the use of CPU utilization.

For (Supplementary Note 19) hash value selection method of the higher layer processing unit, among the processing resources monitoring results are stored for each hash value, any note 2 to 10, characterized in that selecting the smallest non-zero higher layer processing system of crab described.

(Supplementary Note 20) The hash value selection method of the higher layer processing unit, among the processing resources monitoring results are stored for each hash value, Appendix 2 to 10, characterized by selecting a close to a predetermined value high layer processing system according to any one of.

Characterized in that (Supplementary Note 21) The process holds for each hash value resource monitoring results predetermined high-order layer processing device is stored for each quality of service provided, based on service quality, selects a notification hash value high layer processing system according to any one of Appendixes 18 to 20,.

(Supplementary Note 22) rather than one per notification hash value once, passed as multiple lists, a monitor resource value of the packet sorting device said list, based on the load status in each higher layer processing unit, the distribution destination higher layer high layer processing system according to Supplementary note 19 or 21, wherein selecting a processing device.

Is a flowchart illustrating the principles of the present invention method. It is a principle block diagram of the present invention. It is a block diagram showing a configuration example of a packet sorting device. It is a block diagram showing a configuration example of a high-level layer processing unit. Is a sequence diagram showing the flow of processing of the present invention system. Is a sequence diagram showing the flow of processing of the present invention system. Is a sequence diagram showing the flow of another process of the present invention system. Is a sequence diagram showing the flow of another process of the present invention system. It is a diagram illustrating a configuration example of the main table of the allocation processing unit of the packet sorting device. It is a diagram illustrating a configuration example of the main table in the distribution management module of the packet sorting device. It is a diagram showing a configuration example of a session management table of the higher layer processing unit. It is a diagram illustrating a configuration example of the main table in the device management unit of the higher layer processing unit. Is a block diagram showing an embodiment of the present invention. It illustrates the operation of the conventional system. It is a block diagram showing the main table in the distribution management module of the conventional packet sorting device.

DESCRIPTION OF SYMBOLS

1 client 2 server 3 preceding packet distributing device 4 subsequent packet distributing device 5 high-order layer processing unit 6 L2 switch 7 L2 switch 8 L2 switch 10 present invention system 20 Internet 30 iDC / corporate data center 40 servers form a group

Claims (5)

1. Different located in front of the various servers such as a border or iDC and corporate data center between the network and a higher layer processing system for performing based processing on Layer 4 or more high-level layer information of the received packet, the system scalability ensuring Therefore, the high-level layer processing unit arranged plurality in parallel, their high-order layer processing unit group, the higher layer processing system comprising a packet sorting device that sorts the packets based on the L3 following information of the received packet,
   Calculated packet distributing device from the information in the received packet, the hash value used in the determination of the higher layer processing unit is distribution destination, and notifies the higher layer processing unit with transfer packet (Step 1),
   Higher layer processing unit monitors the processing resources for each said hash value, holds information on the result, when the own higher layer processor has predicted congestion or congestion, session group to deliver the treatment to the other high-order layer processor leave selected hash value units, and the selected hash value, the information necessary to take over the processing of the session corresponding to the hash value, monitoring the resources of the higher layer processing unit units higher layer processing unit group notifies the operation management section of the packet sorter (step 2),
   The operation management unit selects the migration destination higher layer processor, notifies the session takeover information in the high position layer processing unit, also determines the congestion state of the higher layer processing unit, at the time of congestion, said packet distributing device the packets corresponding to the hash value, to change the distribution destination to the higher layer processing unit migration destination from the higher layer processing unit determines that congestion transferring (step 3),
   Higher layer processing method characterized by.
2. Different located in front of the various servers such as a border or iDC and corporate data center between the network and a higher layer processing system for performing based processing on Layer 4 or more high-level layer information of the received packet, the system scalability ensuring Therefore, the high-level layer processing unit arranged plurality in parallel, their high-order layer processing unit group, the higher layer processing system comprising a packet sorting device that sorts the packets based on the L3 following information of the received packet,
   Calculated from the information in the received packet, and the packet sorting device to notify the higher layer processing unit the hash value used in the determination of the higher layer processing unit, the transfer packet is a distribution destination,
   Monitoring the processing resources for each of the hash value, it holds information on the result, when the own higher layer processor has predicted congestion or congestion, the hash value units session group to deliver the treatment to the other high-order layer processor selection and advance, and the selected hash value, the information necessary to take over the processing of the session corresponding to the hash value of the packet sorting device for monitoring the resources of the higher layer processing unit units higher layer processing unit group and the higher layer processing unit to notify the operation management unit,
   Select the takeover destination of the higher layer processing unit, notifies the session takeover information in the high position layer processing unit, also determines the congestion state of the higher layer processing unit, at the time of congestion, the packet sorting device corresponding to the hash value a management unit which changes the distribution destination transfer to higher layer processing unit migration destination from the higher layer processing unit determines that the congestion of packets,
   High layer processing system configured to include a.
3. The information necessary to take over the processing of the session corresponding to the selected hash value, rather than through the operation management unit of the packet sorting device, through a switch mechanism deployed between packet distributing unit and the high-level layer processing unit group, high layer processing system according to claim 2, wherein said higher layer processing unit to obtain information takeover destination higher layer processing unit from the operation management unit, and transfers the takeover destination device unit itself.
4. Depending on the attributes of the selected hash value, without transferring the migration destination higher layer processing unit the information necessary to take over the processing of the session corresponding to the hash value selected, simply packet distributing apparatus higher layer processing unit determining a congestion state, the congestion time, the hash corresponds to the value packets, higher layer according to claim 2 or 3, wherein the performing only sorting the migration destination higher layer processing unit from the determined higher layer processing congestion processing system.
5. Selected without transferring the migration destination higher layer processing unit the information necessary to take over the corresponding session to the hash value, to determine the congestion state of the packet sorting apparatus high-layer processing unit, the congestion time, the hash copy corresponding to the value packets, higher layer processing according to claim 2 or 3, wherein the transfer of packets to the takeover destination higher layer processing unit with high-order layer processing unit of the current processing system it is determined that congestion state system.

Images