JP4394675B2 - TCP processing device, packet relay device, and TCP processing method - Google Patents

Description

  The present invention relates to a TCP processing device, a packet relay device, and a TCP processing method.

  In data communication using a TCP frame, for example, a relay apparatus that relays between networks such as a LAN and a WAN receives a frame having a FIN bit or RST bit of 1 from a terminal on the network before disconnecting the session. When the relay device performs hardware routing or the like, the entry data of the disconnected session is unnecessary.

  A TCP flow communication quality estimation device has been proposed that can appropriately estimate the communication quality of the entire flow in the link without biasing to a large flow size communication while reducing the size of the table required for flow management. (For example, refer to Patent Document 1). In Patent Literature 1, if the arrived packet is a packet from a flow already entered in the user flow management table, and the FIN flag indicating the end of TCP communication or the RST flag indicating the interruption of TCP communication is set. And deleting the flow from the user flow management table.

JP 2006-229701 A (paragraphs 0037 and 0052)

  If the entry data that is no longer needed is left as it is, the entry table (routing table) is wasted. In addition, there is a problem that if the control unit performs processing to delete the entry table by executing software, a load is applied, which hinders high-speed data communication.

  Further, for example, when relaying between networks such as a LAN and a WAN, one session includes communication in the direction from the LAN to the WAN and communication in the direction from the WAN to the LAN. However, in the method described in Patent Document 1, even when the FIN flag or the RST flag is set in the packet in one communication direction, if the other communication is not finished, the one communication direction Only the other flow is deleted, and the flow in the other communication direction is not deleted.

  SUMMARY An advantage of some aspects of the invention is that it provides a TCP processing device, a packet relay device, and a TCP processing method for effectively using an entry table.

  The TCP processing device according to the present invention includes a first entry table including first entry data for performing routing when data transmission from the first network to the second network is performed, and a second entry from the second network. A second entry table including second entry data for performing routing when data transmission to one network is associated with the first entry data, and information indicating that the received packet indicates the end of the session And a first entry data corresponding to the received packet when the packet received by the determining unit is determined to include information indicating the end of the session. And the second entry data corresponding to the first entry data is deleted from the second entry table Characterized in that it comprises a entry table control means for deleting et.

  The determination unit selects first entry data based on a packet received via the first network, and when the first entry data is selected, the received packet includes information indicating the end of the session. It may be determined whether or not. According to such a configuration, when a received packet is selected, it can be determined whether or not information indicating the end of the session is included.

  The determination unit may determine whether or not the received packet includes information indicating the end of the session when the received packet is a TCP frame. According to such a configuration, when the received packet is a TCP frame, it can be determined whether or not the information indicating the end of the session is included.

  The determination unit may determine that the information indicating the end of the session is included when the FIN bit or the RST bit included in the received packet is 1. According to such a configuration, it can be determined whether or not information indicating the end of the session is included based on the FIN or RST of the flag of the TCP frame.

  The packet relay apparatus according to the present invention includes a first entry table including first entry data for performing routing when data transmission from the first network to the second network is performed, and a second entry from the second network. A second entry table including second entry data for performing routing when data transmission to one network is associated with the first entry data, and information indicating that the received packet indicates the end of the session And a first entry data corresponding to the received packet when the packet received by the determining unit is determined to include information indicating the end of the session. And the second entry data corresponding to the first entry data is deleted from the second entry table. Characterized in that it comprises a entry table control means for deleting from.

  A TCP processing method according to the present invention stores a first entry table including first entry data for performing routing when data transmission from a first network to a second network is performed, and the second network Storing a second entry table including second entry data for performing routing when data transmission from the first network to the first network is associated with the first entry data, and the received packet is stored in the session It is determined whether or not information indicating end is included, and when it is determined that the received packet includes information indicating end of session, the first entry data corresponding to the received packet is deleted from the first entry table. And deleting the second entry data corresponding to the first entry data from the second entry table. It is characterized in.

  According to the present invention, two entry tables, the first entry table and the second entry table, are provided, the entry data are associated, one entry data is deleted, and the associated entry data is deleted. Therefore, there is an effect that the entry table can be utilized more effectively.

Embodiment 1 FIG.
Hereinafter, embodiments of the present invention will be described with reference to the drawings. FIG. 1 is a block diagram showing a configuration example of a TCP processing apparatus according to the present invention. The TCP processing device shown in FIG. 1 includes a data transmission / reception unit 1, a frame detection unit 2, an entry table 3, a hardware routing control unit 4, a control unit 5, and a data transmission / reception unit 6. FIG. 1 illustrates a case where the TCP processing apparatus is connected to the WAN via the data transmission / reception unit 1 and connected to the LAN via the data transmission / reception unit 6. Specifically, the TCP processing device according to the present invention is realized by using a control circuit such as an LSI. Note that the TCP processing device (specifically, LSI or the like) is mounted on, for example, a packet relay device (router or the like).

  The data transmitter / receiver 1 has a function of transmitting and receiving an Ethernet frame (hereinafter referred to as an Ethernet frame) from the WAN side. Note that Ethernet is a registered trademark. The data transmitting / receiving unit 1 is connected to a LAN cable via, for example, a WAN IC (PHY). The data transmitter / receiver 6 has a function of transmitting / receiving an Ether frame from the LAN side. The data transmission / reception unit 6 is connected to a LAN cable via a LAN IC (switch), for example. That is, the data transmission / reception units 1 and 6 include an interface unit for a connected network.

  The frame detection unit 2 has a function of determining whether or not the received Ether frame is a TCP frame. The frame detection unit 2 has a function of determining whether the FIN bit or the RST bit of the TCP flag is 1 when the received Ether frame is a TCP frame. The frame detection unit 2 has a function of selecting entry data from the entry table 3 and deleting it.

  Specifically, the entry table 3 is stored in a storage unit such as a memory of the TCP processing apparatus. The entry table 3 includes entry data for routing in advance. For example, entry data is registered in the entry table 3 when the control unit 5 executes software based on a user operation. The entry data is registered in the entry table 3 by the control unit 5 based on, for example, an address included in the received frame.

  FIG. 2 is an explanatory diagram illustrating an example of the entry table 3 according to the first embodiment. As shown in FIG. 2, the entry table 3 includes a LAN side entry table and a WAN side entry table. The LAN side entry table is an entry table for communication in the direction from the LAN to the WAN, and is searched by the hardware routing control unit 4 when a frame in the direction from the LAN to the WAN is received. The WAN entry table is an entry table for communication in the direction from the WAN to the LAN, and is searched by the hardware routing control unit 4 when a frame in the direction from the WAN to the LAN is received.

  The hardware (H / W) routing control unit 4 has a function of performing hardware routing processing. For example, the hardware routing control unit 4 searches the entry table 3 based on the received frame, and based on the selected entry data, the interface corresponding to the received frame (data transmission / reception unit 1 or data transmission / reception unit 6). Routing processing to be transmitted via

  For example, the control unit 5 has a function of controlling the entire TCP processing apparatus by executing software (program) stored in a storage unit (not shown). For example, the control unit 5 performs routing protocol control, update of the entry table 3, processing for distributing the entry table 3 to the hardware routing control unit 4, and the like.

  In the first embodiment, the first entry table and the second entry table are realized by either the WAN side entry table or the LAN side entry table of the entry table 3, respectively. The determination unit and the entry table control unit are realized by the frame detection unit 2.

  Next, the operation of the first embodiment will be described with reference to the drawings. FIG. 3 is a flowchart illustrating the operation of the TCP processing apparatus according to the first embodiment.

  Hereinafter, a case where the TCP processing device according to the present invention receives a frame from the WAN side and performs hardware routing processing will be described as an example. Further, the entry table 3 is registered with the entry data shown in FIG. 2, and the case where the received data (frame) matches any of the entry data and the routing process is performed is illustrated.

  When the data transmission / reception unit 1 receives the Ether frame from the WAN side (step S1), the hardware routing control unit 4 determines whether the received Ether frame matches the entry data in the WAN side entry table of the entry table 3. Is determined (step S2). If the received frame does not match the entry data (NO), the frame detection unit 2 assumes that the received data is not a target for hardware routing, and does not process the received frame in a reception buffer (not shown). Store (step S3). The reception frame stored in the reception buffer is subjected to software processing by the control unit 5 (step S4), and a series of processing ends.

  If the received frame matches the entry data in the WAN side entry table of the entry table 3 (YES), the frame detection unit 2 determines whether or not the received frame is a TCP frame (step S5). For example, when the received frame is an IPv4 frame, the frame detection unit 2 determines whether the received frame is a TCP frame based on the value of the IP protocol in the IP header. If the received frame is an IPv6 frame, it is determined whether the received frame is a TCP frame based on the value of Next Header.

  If the received frame is not a TCP frame (NO), the hardware routing control unit 4 performs normal hardware routing processing (step S6). The hardware routing control unit 4 transmits data to the LAN side via the data transmission / reception unit 6 based on the matched entry data (step S7), and ends a series of processing.

  If the received frame is a TCP frame (YES), the frame detection unit 2 determines whether the FIN bit or the RST bit of the TCP flag is 1 (step S8). When the FIN bit and the RST bit are both 0 (NO), the process proceeds to step S6.

  When either the FIN bit or the RST bit is 1 (YES), the frame detection unit 2 stores the received frame in the reception buffer without performing the routing process (step S9). When the received frame is stored in the receive buffer, the received frame is processed by software by the control unit 5 and the session is disconnected (step S10).

  Further, the frame detection unit 2 automatically deletes the entry data matched in step S2 from the WAN side entry table of the entry table 3 (step S11), and ends a series of processing.

  The same processing is performed when the data transmitting / receiving unit 6 receives an Ether frame from the LAN side.

  As described above, according to the first embodiment, for example, when a terminal connected to the LAN transmits a frame having a FIN bit of 1, the terminal connected to the WAN has transmission data remaining. Therefore, when the session is not disconnected and the frame having the FIN bit of 1 is not transmitted, the corresponding entry data stored in the LAN side entry table can be deleted. Further, the corresponding entry data stored in the WAN side entry table can be left without being deleted.

Embodiment 2. FIG.
Next, a second embodiment of the present invention will be described with reference to the drawings. In the second embodiment, in the entry table 3, association is set between entry data included in the LAN side entry table and entry data included in the WAN side entry table. For example, the entry data 1 and the entry data A are associated with each other by adding the same ID to the entry data 1 included in the LAN side entry table and the entry data A included in the WAN side entry table. FIG. 4 is an explanatory diagram illustrating an example of the entry table 3 according to the second embodiment. FIG. 4 illustrates a case where entry data 1 in the LAN side entry table is associated with entry data A in the WAN side entry table. Note that all the entry data included in the LAN side entry table and the WAN side entry table may be associated with each other.

  In the present embodiment, when the association between the entry data stored in the LAN-side entry table and the entry data stored in the WAN-side entry table is set, the frame detection unit 2 may, for example, The corresponding entry data in the entry table is deleted, and the corresponding entry data in the associated WAN side entry table is deleted.

  For example, the association between the entry data stored in the LAN side entry table and the entry data stored in the WAN side entry table is set, the data received from the WAN side matches the entry data A, and the TCP flag FIN When the bit or the RST bit is 1, the frame detection unit 2 deletes the entry data A in the WAN entry table and the entry data 1 in the LAN entry table.

  Next, the operation of the second embodiment will be described with reference to the drawings. FIG. 5 is a flowchart illustrating the operation of the TCP processing apparatus according to the second embodiment. Note that the processing from Step S1 to Step S10 in FIG.

  In step S21, the frame detection unit 2 automatically deletes the entry data matched in step S2 from the WAN side entry table of the entry table 3. Further, the frame detection unit 2 deletes the entry data in the LAN side entry table corresponding to the entry data matched in step S2.

  As described above, according to the second embodiment, for example, when the FIN bit or the RST bit is detected in the communication from the LAN to the WAN, the FIN bit is also transmitted in the communication from the WAN to the LAN. Alternatively, when a TCP frame including an RST bit is often transmitted, the entry table can be used more efficiently.

  The association between the entry data stored in the LAN side entry table and the entry data stored in the WAN side entry table may be automatically set by the control unit 5, for example, or manually by the user. It may be set.

  According to the present invention, since the two entry tables of the LAN side entry table and the WAN side entry table are provided, the above two usages can be performed depending on whether or not the entry data is associated. That is, when associating entry data, the entry data of one entry table can be deleted and the entry data of the other entry table can be deleted, so that the entry table can be used more effectively. it can. When entry data is not associated, an entry table can be used according to the communication direction.

  That is, according to the present embodiment, the entry table can be effectively used according to the entry data association setting. In addition, software processing can be reduced and high-speed processing can be realized.

  The present invention can be effectively applied to effectively utilize the storage area of the TCP processing device and realize higher-speed communication.

It is a block diagram which shows the structural example of the TCP processing apparatus by this invention. It is explanatory drawing which shows the example of the entry table in 1st Embodiment. It is a flowchart which shows operation | movement of the TCP processing apparatus of 1st Embodiment. It is explanatory drawing which shows the example of the entry table in 2nd Embodiment. It is a flowchart which shows operation | movement of the TCP processing apparatus of 2nd Embodiment.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Data transmission / reception part 2 Frame detection part 3 Entry table 4 Hardware routing control part 5 Control part 6 Data transmission / reception part

Claims (6)

A first entry table including first entry data for performing routing when performing data transmission from the first network to the second network;
A second entry table including second entry data for performing routing when data transmission from the second network to the first network is associated with the first entry data;
Determining means for determining whether or not the received packet includes information indicating the end of the session;
When the determination unit determines that the received packet includes information indicating the end of a session, the first entry data corresponding to the received packet is deleted from the first entry table, and the first entry is deleted. A TCP processing apparatus comprising: entry table control means for deleting second entry data corresponding to data from the second entry table.   The determination unit selects first entry data based on a packet received via the first network, and when the first entry data is selected, the received packet includes information indicating the end of the session. The TCP processing device according to claim 1, which determines whether or not.   The TCP processing apparatus according to claim 1 or 2, wherein the determination unit determines whether or not the received packet includes information indicating the end of the session when the received packet is a TCP frame.   4. The TCP processing apparatus according to claim 3, wherein the determining means determines that the information indicating the end of the session is included when the FIN bit or the RST bit included in the received packet is 1. A first entry table including first entry data for performing routing when performing data transmission from the first network to the second network;
A second entry table including second entry data for performing routing when data transmission from the second network to the first network is associated with the first entry data;
Determining means for determining whether or not the received packet includes information indicating the end of the session;
When the determination unit determines that the received packet includes information indicating the end of a session, the first entry data corresponding to the received packet is deleted from the first entry table, and the first entry is deleted. An entry table control unit that deletes second entry data corresponding to data from the second entry table. Storing a first entry table including first entry data for performing routing when performing data transmission from the first network to the second network;
Storing a second entry table including second entry data for performing routing when performing data transmission from the second network to the first network in association with the first entry data; ,
Determine whether the received packet contains information indicating the end of the session,
When it is determined that the received packet includes information indicating the end of the session, the first entry data corresponding to the received packet is deleted from the first entry table, and the first entry data corresponds to the first entry data A TCP processing method, wherein the second entry data is deleted from the second entry table.

Images