JP4624216B2 - Traffic control method - Google Patents

Description

  The present invention relates to a method of controlling traffic by cooperation between a communication device such as a portable terminal and a server in a packet switching network.

  2. Description of the Related Art Conventionally, in a network such as a cellular phone network, outgoing calls are regulated so that traffic does not become excessive and a failure occurs in the entire network. That is, when congestion such as a specific time, date and time is expected, an instruction is given from the control server on the network side to the terminal so that only a part of the requested call is connected to the line, and the terminal follows the instruction. The amount of traffic is controlled by (see, for example, Patent Document 1).

In addition, there are communication carriers that control traffic using a bandwidth control device in order to suppress an increase in traffic due to a P2P (Peer to Peer) application or the like. This bandwidth control device also serves as a relay device placed in the network path. After identifying packets for each user, the bandwidth control device functions such as buffering the flowing data and narrowing the bandwidth for each data type. (For example, refer nonpatent literature 1).
JP-A-3-154597 “Programmable Network Elements for IP Service Control and Bandwidth Shaping”, [online], P-Cube, [Search June 15, 2005], Internet, <URL: http: //www.p-cube .com / Japanese />

  By the way, mobile phone terminals in recent years have been remarkably highly functional, and have become flexible, such as having functions similar to personal computers and unique program execution environments, and the network technology itself has become open. Yes. For this reason, it is considered that a situation may occur in which a terminal whose specification is determined by a person other than the communication carrier is connected to the network, or a so-called third party program runs on the terminal. In such a case, the method of Patent Document 1 has a problem that it is difficult for a communication carrier to control traffic for a terminal that does not follow the instruction of the control server.

  The method of Non-Patent Document 1 is a method of directly restricting traffic flowing in the network, so that it can cope with the above situation, but there is a problem in terms of scalability with respect to the number of users and ensuring the reliability of the network. In other words, the bandwidth control device must monitor the traffic in which data transmitted and received by many users is bundled and identify the packet for each user. Is required. In addition, since the bandwidth control device is placed in a network path through which normal traffic flows, high reliability must be ensured in order not to interrupt normal communication.

  The present invention has been made in view of these points, and an object of the present invention is to be able to control traffic even for a communication device that does not follow the instructions of the control server, and for that purpose, it has special reliability. It is an object of the present invention to provide a traffic control method that does not require introduction of a high-cost device.

  The present invention has been made to solve the above problems, and the invention according to claim 1 is characterized in that a traffic control mechanism provided in a communication device for transmitting and receiving packets is provided between the communication device and an external network. In a network that controls traffic on the route between the packets, whether the measurement server receives and transmits the packet that flows on the route, and the packet is transmitted and received according to the predetermined control condition of the traffic control mechanism. The measurement server notifies the traffic inflow restriction mechanism of the communication device when a communication device that does not transmit / receive a packet is detected according to a predetermined control condition of the traffic control mechanism. And the traffic inflow restriction mechanism is connected to the network from the communication device for A traffic control method characterized by limiting the connections to over click.

  The invention according to claim 2 is the traffic control method according to claim 1, wherein the measurement server simulates a control algorithm executed by the traffic control mechanism by using the captured packet. It is determined whether a packet is transmitted / received according to a predetermined control condition of the traffic control mechanism.

  Further, the invention according to claim 3 is the traffic control method according to claim 2, wherein the traffic control mechanism performs traffic control by a token bucket method characterized by a token generation rate and a token bucket size. The measurement server simulates the control algorithm using a token bucket that is larger than the token bucket size by a predetermined size.

  According to a fourth aspect of the present invention, there is provided the traffic control method according to the second or third aspect, wherein the measurement server is a packet larger by a predetermined size than a packet buffer size used by the traffic control mechanism. The control algorithm is simulated using a buffer.

  Further, the invention according to claim 5 is the traffic control method according to any one of claims 1 to 4, wherein the traffic inflow restriction mechanism authenticates the network connection of the communication device by a predetermined procedure. And a relay node that permits network connection only to a communication device authenticated by the authentication server.

  The invention according to claim 6 is the traffic control method according to any one of claims 1 to 5, wherein the communication device is an information terminal for a user to perform a call or data communication. It is characterized by that.

  According to the traffic control method of the present invention, a traffic status is grasped by measuring a packet by a measurement server, and a connection to a network is disconnected for a certain period for a communication device that does not transmit / receive a packet according to a predetermined instruction. Therefore, it is possible to control traffic regardless of whether or not the communication device follows the instructions on the network side. In addition, unlike the conventional bandwidth control device, the measurement server is not placed in the network path through which packets flow. Therefore, even if the operation stops, traffic is not affected, and the reliability of the device is high. It does not have to be.

  According to the second to fourth aspects of the present invention, whether or not the communication device is following the instructions on the network side is determined by the measurement server simulating the operation of the traffic control mechanism. Accuracy is improved.

In addition, according to the fifth aspect of the present invention, traffic inflow can be restricted without using a special device.
According to the invention described in claim 6, it is possible to control traffic for the subscriber network.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.
FIG. 1 is a configuration diagram of a network for realizing a traffic control method according to an embodiment of the present invention. In the present embodiment, traffic control is performed on the user terminal 1.

  The user terminal 1 is a mobile phone terminal for a user to make a call or data communication, and is provided with a traffic control mechanism 10 that regulates packets transmitted and received by the user terminal 1. Communication by the user terminal 1 is performed with the external network 6 via the relay node 2. Here, the external network 6 is a network other than a network managed by a communication carrier who intends to perform traffic control according to the present invention.

  Further, when the user terminal 1 is connected to the network (relay node 2), the user terminal 1 is authenticated by the authentication server 3 based on the identification code assigned to each terminal, and is connected to the network only when the authentication is obtained. It has become so. Therefore, as described later, when the authentication server 3 does not authenticate the user terminal 1, the traffic of the user terminal 1 can be controlled.

  The traffic control in the user terminal 1 is realized by the traffic control mechanism 10 regulating transmission / reception of packets according to predetermined control parameters received from the control server 4 (server managing traffic control parameters). The Therefore, as long as the traffic control mechanism 10 functions correctly in all the user terminals 1, the traffic in the network between the user terminal 1 and the external network 6 is completely controlled. In other words, for example, an unauthorized user such as the traffic control mechanism 10 being intentionally disabled or a program for operating the traffic control mechanism 10 with a parameter different from the distributed control parameter being executed. There is a possibility that the traffic control is not properly performed for the terminal 1.

An example of the configuration of the traffic control mechanism 10 is shown in FIG. This control mechanism controls the inflow and outflow of packets using tokens.
In the figure, each packet 21 is sent to a packet buffer 22. The packet buffer 22 has a predetermined buffer size that is the maximum capacity of the packet 21, and can store a maximum amount of data that is equal to the buffer size. This buffer size is defined by the control parameter distributed from the control server 4.

  In the traffic control mechanism 10, the token 24 is used to control the passage of the packet 21. That is, the token generation unit 25 generates tokens 24 at a constant rate α in time, and the generated tokens 24 are sequentially stored in the token bucket 26. Each packet 21 is allowed to pass through the packet buffer 22 only when an amount of tokens corresponding to the data size of the packet can be extracted from the token bucket 26. Therefore, even if packets are accumulated in the packet buffer 22, when the required amount of tokens is not accumulated in the token bucket 26, the packet 21 cannot be output. Control is performed so that the rate α cannot be exceeded.

  Furthermore, a token bucket size L representing the maximum amount of tokens that can be accumulated is defined in the token bucket 26, and tokens 24 gradually accumulate in the token bucket 26 while the packet 21 does not flow. Thus, for example, when a large amount of packets 21 flows in a state where the packet buffer 22 is empty and the token bucket 26 is filled with tokens, a packet having a data size corresponding to the token bucket size L is transmitted in a burst manner. It is possible.

  In this manner, the traffic control mechanism 10 realizes traffic control by adjusting the average packet transmission rate (token generation rate α) and the maximum burst length (token bucket size L). A telecommunications carrier that manages the network instructs the two parameters α and L from the control server 4 to the user terminal 1 to manage traffic according to the situation.

Returning to FIG. 1, the description will be continued.
The measurement server 5 copies and captures a packet flowing on the route between the relay node 2 and the external network 6 and verifies whether each user terminal 1 complies with the traffic regulation instructed from the control server 4 (described later). Yes. As is apparent from the arrangement of FIG. 1, even if the measurement server 5 exists, the packet flowing through the path is only copied and is not affected by the other. Therefore, even if the reliability of the measurement server 5 is low and the operation of the measurement server 5 becomes abnormal or the operation stops, the measurement server 5 does not cause a failure to the network.

  As a result of verification by the measurement server 5, if a user terminal that does not comply with the regulation (control parameter) by the control server 4 is detected, the identification code of the user terminal is notified from the measurement server 5 to the authentication server 3 and the relay node 2. The Then, by using the authentication function to the network by the authentication server 3 and the relay node 2, the user terminal is disconnected from the network, or the network connection from the user terminal is rejected for a certain period of time. It is avoided that unauthorized traffic flows into the network by user terminals that do not follow the control indicated by.

Here, the traffic verification performed by the measurement server 5 is as follows.
First, the measurement server 5 classifies captured packets (same as packets flowing between the relay node 2 and the external network 6) for each user terminal. And the measurement server 5 performs the same process as the process actually performed with the traffic control mechanism 10 in the said user terminal as a simulation about the packet classified into each user terminal.

  FIG. 3 shows a configuration when the traffic control mechanism 10 described in FIG. 2 is used. In the figure, in the simulation of the measurement server 5, as in the actual operation of the traffic control mechanism, the virtual token generator 35 generates a virtual token 34 at a constant rate α, and this virtual token 34 is transferred to the virtual token bucket 36. Sent and stored. When the packet (virtual packet 31) is taken into the measurement server 5, the virtual packet is output from the virtual packet buffer 32 when the required amount of virtual tokens is accumulated, and when the virtual token is insufficient, the virtual tokens are output. The virtual packet remains in the virtual packet buffer 32 until the necessary amount is accumulated.

  In this simulation, whether or not the traffic of each user terminal overflows from the virtual packet buffer 32 is determined as a criterion, and if it does not overflow, it is determined that traffic control is performed as prescribed. For the terminal, it is determined that traffic control is not performed according to the instruction of the control server 4.

  Specifically, for communication in the upstream direction (from the user terminal 1 to the external network 6), if the user terminal 1 operates according to the token generation rate α and the token bucket size L instructed from the control server 4, the user terminal Since the traffic control is reflected in the packet actually transmitted from 1, the virtual packet buffer 32 does not overflow when the verification simulation is performed using the actual control parameters α and L in the measurement server 5. Therefore, in this case, it is determined that the user terminal is following predetermined traffic control.

  However, if the user terminal 1 does not comply with the instructed α and L, the user terminal 1 may send an abnormally large number of packets, for example. Then, overflow occurs in the virtual packet buffer 32 in the simulation of the measurement server 5. In this case, since it is determined that the user terminal does not comply with the predetermined traffic control, the authentication server 3 is disconnected from the network as described above.

  On the other hand, for communication in the downstream direction (from the external network 6 to the user terminal 1), the measurement server 5 sends a packet transmitted from the external network 6 to the user terminal 1 before the user terminal 1 that is the control target ( A verification simulation is executed by monitoring at a point on the external network 6 side that is a transmission source). Therefore, if the simulation is performed using the actual control parameters as in the case of the uplink direction, the verification accuracy deteriorates for the following two reasons.

(1) Since there is a packet transmission delay fluctuation between the measurement server 5 and the user terminal 1, there is a difference between the traffic measured at the position of the measurement server 5 and the traffic at the position of the user terminal 1. Will cause traffic measurement error.
(2) When the communication protocol is TCP (Transmission Control Protocol), packets can be sent in bursts by window control, and the burst length is determined by the window size, but the window size is variable and depends on the network conditions Adjusted. For this reason, even when the window size is appropriately enlarged, if the traffic increases beyond the original window size, the measurement server 5 misidentifies that the user terminal 1 violates the traffic regulation.

  Therefore, when the measurement server 5 verifies the traffic of the downlink communication, in order to improve the verification accuracy, the virtual token bucket 36 is expected to have a certain margin and the simulation is executed with the token bucket size set to L + ΔL. However, ΔL is a positive value and is a parameter determined on the basis of the above-described delay fluctuation or an empirical value of window size fluctuation.

  By verifying the traffic with the token bucket size set to L + ΔL, the virtual packet buffer 32 on the simulation is controlled by the network delay fluctuation or TCP window control even though the user terminal 1 is actually following the predetermined traffic control. If the user terminal 1 does not follow traffic control due to overflow, the possibility of erroneous determination by the measurement server 5 is reduced.

  As described above, according to the above embodiment, the measurement server 5 captures a packet flowing through the network, measures the traffic for each user terminal, verifies the traffic by simulating the processing of the traffic control mechanism 10, and the result When it is determined that each user terminal 1 is not transmitting or receiving a packet according to the parameter instructed from the control server 4, the authentication server 3 rejects the network connection from the user terminal, thereby controlling the traffic. Has been done. Thereby, even if there is an unauthorized user terminal that does not follow the instructions on the network side, the traffic can be controlled. Further, since the measurement server 5 is not placed in the network path, high reliability is not necessary.

  Furthermore, for downstream traffic, since the simulation in the measurement server 5 is performed using a token bucket size that takes into account network delay fluctuations and TCP window control, the traffic control mechanism 10 operates according to predetermined parameters. It is possible to improve the accuracy of the determination of whether or not.

As described above, the embodiment of the present invention has been described in detail with reference to the drawings. However, the specific configuration is not limited to the above, and various design changes and the like can be made without departing from the scope of the present invention. It is possible to
For example, when simulating downlink traffic, the verification accuracy can be increased by making the size of the virtual packet buffer larger than the size of the packet buffer in the same manner as the size of the virtual token bucket is set to L + ΔL. Is possible.

  Moreover, although the case where the control method in the traffic control mechanism 10 is the token bucket method has been described in the above-described embodiment, other general control methods can also be adopted. For example, a TCP window control method may be used.

  In addition to the user terminal 1, a device that receives traffic control of the present invention may be a general communication device such as a router, as long as it has the traffic control mechanism 10.

  The present invention is suitable for use in a packet switching network in which a traffic control mechanism is provided in a communication device to control traffic.

1 is a configuration diagram of a network that realizes a traffic control method according to an embodiment of the present invention. FIG. It is the figure which showed an example of the structure of the traffic control mechanism. It is the figure which showed typically the simulation in a measurement server.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 ... User terminal 2 ... Relay node 3 ... Authentication server 4 ... Control server 5 ... Measurement server 6 ... External network 10 ... Traffic control mechanism 21 ... Packet 22 ... Packet buffer 24 ... Token 25 ... Token generation part 26 ... Token bucket 31 ... Virtual packet 32 ... Virtual packet buffer 34 ... Virtual token 35 ... Virtual token generation unit 36 ... Virtual token bucket

Claims (4)

A traffic control mechanism provided in a communication device that transmits and receives packets controls traffic in a path between the communication device and an external network by using a token bucket method characterized by a token generation rate and a token bucket size. Network
The measurement server captures a packet flowing on the route , and uses the captured packet to convert a token bucket control algorithm executed by the traffic control mechanism into a token bucket larger than the token bucket size by a predetermined size. By determining whether or not the packet is transmitted / received according to a predetermined control condition of the traffic control mechanism for each communication device,
When a communication device that does not transmit and receive packets according to a predetermined control condition of the traffic control mechanism is detected, the measurement server notifies the traffic inflow restriction mechanism of the communication device,
The traffic control method, wherein the traffic inflow restriction mechanism restricts a connection from the communication device to the network for the notification. The traffic control method according to claim 1 , wherein the measurement server simulates the control algorithm using a packet buffer that is larger by a predetermined size than a packet buffer size used by the traffic control mechanism. The traffic inflow restriction mechanism includes an authentication server that authenticates a network connection of the communication device by a predetermined procedure, and a relay node that permits network connection only to the communication device authenticated by the authentication server. The traffic control method according to claim 1 or 2 . The communication device, the traffic control method according to any one of claims 1 to 3, characterized in that the user is a data terminal for making a call or data communication.

Images