JP5169992B2 - Network, network device, and load balancing method used therefor - Google Patents

Description

  The present invention relates to a network, a network device, and a load distribution method used therefor, and more particularly, to a load distribution method of a NAT (Network Address Translation) / NAPT (Network Address Port Translation) device.

  In routers used for connection between networks, means using VRRP (Virtual Router Redundancy Protocol) is widely known as means for distributing loads.

  VRRP is a protocol for multiplexing routers. In this protocol, a plurality of routers corresponding to VRRP belong to one group, and usually one of those routers communicates. When a failure occurs in that router, the routers belonging to the same group are automatically Inherit the communication.

  In the same group, the number of routers that perform communication is limited to one. However, since one router can belong to a plurality of groups, load distribution can be realized at the same time by the setting. VRRP is described in Non-Patent Document 1 below.

“Virtual Router Redundancy Protocol” [RFC (Request For Comments) 2338, April 1998].

  In the router related to the present invention described above, when NAPT is used, addresses are aggregated into one, so that there is a problem that load distribution cannot be performed with VRRP.

  Here, NAPT is a function used when a plurality of terminals on a LAN that want to use private addresses want to access the Internet at the same time with a global address that is smaller than the number of terminals. Each communication session is distinguished by the gateway converting the TCP / UDP port number for each private address of the terminal.

  In the VRRP mechanism related to the present invention, even if both routers in a redundant configuration convert to the same NAPT address, only the router having the NAPT address as the master can receive the communication return packet. It does not work without a system that shares the conversion table.

  SUMMARY OF THE INVENTION Accordingly, an object of the present invention is to solve the above-described problems and to perform a NAT / NAPT conversion without being aware of the NAT / NAPT conversion table of the other router, and a load used for them. It is to provide a dispersion method.

A network according to the present invention is a network including first and second network devices that connect between a first network and a second network and execute NAT (Network Address Translation) / NAPT (Network Address Port Translation),
For the first and second network devices, different first and second VRIDs (Virtual Router IDentifiers) are set on the first network side and the second network side, respectively. A common first virtual IP (Internet Protocol) address is set for each of the first and second VRIDs on the network side, and for each of the first and second VRIDs on the second network side. Setting a second virtual IP address different from and common to the first virtual IP address;
Each of the first and second network devices operates to receive a packet even in a VRRP (Virtual Router Redundancy Protocol) backup state,
The first VRID has a means for processing only a packet having an even port number to be port-converted in the master network device,
The second VRID has a means for processing only packets having an odd port number for port conversion in the master network device.

A network device according to the present invention is a network device that connects between a first network and a second network, and executes NAT (Network Address Translation) / NAPT (Network Address Port Translation),
Different first and second VRIDs (Virtual Router IDentifiers) are set on the first network side and the second network side, respectively, and each of the first and second VRIDs is set on the first network side. A common first virtual IP (Internet Protocol) address is set for each of the first and second VRIDs on the second network side, which is different from and common to the first virtual IP address. Set the second virtual IP address,
It operates to receive packets even in the VRRP (Virtual Router Redundancy Protocol) backup state,
When the first VRID is a master, only the port conversion target port number is processed, and when the second VRID is the master, only the port conversion target port number is an odd number. At least one of processing means.

The load distribution method according to the present invention is used for a network including first and second network devices that connect between a first network and a second network and execute NAT (Network Address Translation) / NAPT (Network Address Port Translation). A load balancing method,
For the first and second network devices, different first and second VRIDs (Virtual Router IDentifiers) are set on the first network side and the second network side, respectively. A common first virtual IP (Internet Protocol) address is set for each of the first and second VRIDs on the network side, and for each of the first and second VRIDs on the second network side. Setting a second virtual IP address different from and common to the first virtual IP address;
Each of the first and second network devices operates to receive a packet even in a VRRP (Virtual Router Redundancy Protocol) backup state,
The first VRID has a process for processing only the port number to be converted into an even number in the master network device,
The second VRID has a process of processing only the odd port number of the port conversion target in the master network device.

  By adopting the configuration and operation as described above, the present invention provides an effect that NAT / NAPT conversion can be executed without being conscious of the NAT / NAPT conversion table of the other router.

It is a block diagram which shows the structural example of the network by the 1st Embodiment of this invention. It is a block diagram which shows the internal structure of the router 1 shown in FIG. (A) is a figure which shows the structural example of the private side receiving condition memory | storage part 114 shown in FIG. 2, (b) is a figure which shows the structural example of the global side receiving condition memory | storage part 124 shown in FIG. It is a figure which shows an example of the header of the packet transmitted from the terminal 3 shown in FIG. It is a figure which shows an example of the header of the packet after conversion in the router 1 shown in FIG. It is a figure which shows an example of the header of the response packet with respect to the packet shown in FIG. It is a figure which shows an example of the header of the response packet after the conversion in the router 1 shown in FIG.

  Next, embodiments of the present invention will be described with reference to the drawings. First, a network according to the present invention will be described. The network according to the present invention is characterized in that load distribution by VRRP (Virtual Router Redundancy Protocol) is enabled in a router executing NAT (Network Address Translation) / NAPT (Network Address Port Translation).

  Hereinafter, a case where the load distribution is performed by two routers in the network according to the present invention will be described.

  In the network according to the present invention, VRID (Virtual Router IDentifier) # 1 and VRID # 2 are set on each of two routers on the LAN (Local Area Network) side and WAN (Wide Area Network) side, respectively. The same virtual IP (Internet Protocol) address is set on the side. That is, in each of the two routers, the same virtual IP address is set on the LAN side and the WAN side.

  VRRP changes its operation to receive packets even in the backup state. Instead, the router whose VRID # 1 is the master port number for port conversion (source port number as seen from the LAN side terminal) Change the behavior so that only processes even numbers. Also, the router whose master is VRID # 2 changes the operation so that only the port conversion target port number is an odd number.

  The network according to the present invention performs port conversion so that the port conversion of NAPT does not change even number and odd number, so that even if there is only one address, the router to be processed is changed depending on whether the port number is even or odd, Load balancing is performed.

  Since the above conditions can be arbitrarily changed, load distribution in an environment where there is communication other than three or more than TCP (Transmission Control Protocol) / UDP (User Datagram Protocol) is also possible as described above.

  FIG. 1 is a block diagram showing a configuration example of a network according to the first embodiment of the present invention. In FIG. 1, the network according to the first embodiment of the present invention includes routers 1 and 2, a private network 100 (the LAN side), and a global network 200 (the WAN side). Terminals 3 and 4 belong to the private network 100, and terminal 5 belongs to the global network 200.

  The routers 1 and 2 have an IP address A that is a common NAPT address on the global address side, and a common IP address B that serves as a gateway address for the private terminals (terminals 3 and 4) on the private address side. To do.

  The VRRP is set as follows. First, VRID # 1 and VRID # 2 are set with IP address A as the virtual IP address, VRID # 1 is the master for router 1, and VRID # 2 is the router 2 for backup. The master and router 1 are set to be backup.

  Similarly, VRID # 1 and VRID # 2 on the private side have a virtual IP address set by IP address B. VRID # 1 is a router, and router 2 is a backup, and VRID # 2 is a router. 2 is set as a master and router 1 is set as a backup.

  Except for the fact that the addresses are the same, the VRRP load distribution setting is well known, and therefore the description of the setting method for the master and the backup is omitted.

  Since the same address is set with a plurality of VRIDs, the VRRP function in the present embodiment has some points that should be changed. First, it is necessary to be able to assign the same address to different VRIDs, and it is preferable that an ARP (Address Resolution Protocol) response to a virtual MAC (Media Access Control) address can be made to respond only to a specific VRID.

  However, these are not essential requirements. If the same address cannot be assigned to different VRIDs, an arbitrary address not used as a dummy may be set. In this case, since only the VRID having the virtual IP address to be used makes an ARP response, it is not necessary to prepare a function for making an ARP response only to a specific VRID.

  Furthermore, VRRP normally receives a packet only when the VRID corresponding to the virtual MAC address is the master, but the VRRP function according to this embodiment can set different packet reception conditions instead of the master and backup conditions. There must be.

  Another condition is that VRID # 1 is a master router that receives only port conversion target port numbers (source port numbers viewed from the LAN side terminal), and VRID # 2 is the master router. In FIG. 4, the operation is performed so that only the port numbers subject to port conversion are odd numbers.

  FIG. 2 is a block diagram showing an internal configuration of the router 1 shown in FIG. In FIG. 2, the router 1 includes a private side interface 11 and a global side interface 12. Although not shown, the internal configuration of the router 2 shown in FIG. 1 is the same as the internal configuration of the router 1 shown in FIG.

  The private side interface 11 includes a receiving unit 111, a transmitting unit 112, a reception determining unit 113, a private side receiving condition storage unit 114, and a VRRP state storage unit 115.

  The global side interface 12 includes a reception unit 121, a transmission unit 122, a reception determination unit 123, a global side reception condition storage unit 124, a VRRP state storage unit 125, and a NAPT conversion storage unit 126. The transmission unit 122 includes NAPT processing units 1211 and 1221, respectively.

  The reception determination units 113 and 123 are unique to the present invention. The reception determination unit 113 refers to the private-side reception condition storage unit 114 and the VRRP state storage unit 115. The reception determination unit 123 refers to the global side reception condition storage unit 124 and the VRRP state storage unit 125.

  3A is a diagram illustrating a configuration example of the private-side reception condition storage unit 114 illustrated in FIG. 2, and FIG. 3B is a diagram illustrating a configuration example of the global-side reception condition storage unit 124 illustrated in FIG. is there.

  In FIG. 3A, the private-side reception condition storage unit 114 stores processing conditions for each received packet type. In the case of TCP, VRID # 1 is the master if the source port is odd, and VRID # 2 is the master if the source port is even. In the case of UDP, VRID # 1 is the VRID # 2 if the source port is odd. If 1 is the master and the source port is an even number, VRID # 2 is the master. In the case of a protocol other than TCP / UDP, VRID # 1 is the master.

  In FIG. 3B, the global-side reception condition storage unit 124 stores a processing condition for each received packet type. In the case of TCP, VRID # 1 is the master if the destination port is an odd number, and VRID # 2 is the master if the destination port is an even number. In the case of UDP, the VRID # 1 is an odd number if the destination port is an odd number. If 1 is the master and the destination port is an even number, VRID # 2 is the master. In the case of a protocol other than TCP / UDP, VRID # 1 is the master.

  The reception determination unit 113 operates by referring to the private side reception condition storage unit 114, and the reception determination unit 123 operates by referring to the global side reception condition storage unit 124.

  There are also necessary conditions for the NAT / NAPT function according to the present embodiment. As shown in FIG. 2, the NAPT processing units 1211 and 1221 are operated by the reception unit 121 and the transmission unit 122, respectively, and operate by referring to the NAPT conversion storage unit 126. This configuration is that of a normal NAPT.

  However, the NAPT must maintain the VRRP reception conditions shown in FIG. 3 for the port number after conversion at the time of port conversion. Specifically, in the example shown in FIG. 3, it is necessary that the port number after conversion is always an even number when NAPT converts an even number port, and an odd number when converting an odd number port. There is. This is an essential condition for ensuring that packets of the same session pass through the same router.

  In the present embodiment, by providing the above features to the VRRP function and the NAT / NAPT function, load distribution by VRRP is possible even in a NAPT environment. The operations of NAT / NAPT and VRRP are well known to those skilled in the art, and detailed description of the configuration and operation will be omitted.

  4 is a diagram showing an example of a header of a packet transmitted from the terminal 3 shown in FIG. 1, and FIG. 5 is a diagram showing an example of a header of a packet after conversion by the router 1 shown in FIG. 6 is a diagram showing an example of a response packet header for the packet shown in FIG. 5, and FIG. 7 is a diagram showing an example of a response packet header after conversion by the router 1 shown in FIG. An example in which packets are load-balanced will be described with reference to FIGS.

  The routers 1 and 2 shown in FIG. 1 set VRID # 1 and VRID # 2 on both the global network 200 side and the private network 100 side.

  VRID # 1 on the global address side is set with a virtual IP address A and a virtual MAC address C determined from the VRID. In VRID # 2 on the global address side, virtual IP address A and virtual MAC address D determined from VRID are set.

  Ordinary VRRP cannot be operated correctly by setting the same virtual IP address with different VRRPs (because the MAC address that responds when ARP is resolved cannot be determined), but it needs to be settable here. In order to make an ARP response become one MAC address when a plurality of virtual MAC addresses C and D are set for one virtual IP address A, for example, an ARP response operation other than a specific VRID may be stopped. Here, it is assumed that only the master router 1 with VRID # 1 makes an ARP response.

  Similarly, VRID # 1 on the private address side is set with virtual IP address B and virtual MAC address E determined from VRID. In VRID # 2 on the private address side, virtual IP address B and virtual MAC address F determined from VRID are set. Here again, it is assumed that only the master router 1 of VRID # 1 makes an ARP response.

  The virtual IP address A is used as a NAPT address. The same NAPT address is set in the router 1 and the router 2.

  The terminal 3 has an IP address a, and the IP address B is set as the default gateway. The terminal 4 has an IP address b, and an IP address B is set as a default gateway. The terminal 5 has an IP address c, and the IP address A is set as the default gateway.

  Here, a case where communication is performed from the terminal 3 to the terminal 5 will be described. The protocol may be TCP or UDP. The destination MAC address is determined by ARP resolution for the IP address B set as the default gateway of the terminal 3. Since the ARP response to the IP address B is determined to be performed by the master router of VRID # 1, as described above, the router 1 responds with the virtual MAC address E.

  In the packet transmitted from the terminal 3 to the terminal 5, the destination MAC address is the virtual MAC address E. Therefore, in normal VRRP, VRID # 1 having a virtual MAC address E is received and processed only by the master router 1, but in this embodiment, this packet is not whether VRID # 1 is a master or a backup, Both the router 1 and the router 2 receive the packet at the reception unit 111, and the reception determination unit 113 receives the packet by referring to the information [conditions shown in FIG. 3A] in the private-side reception condition storage unit 114 and the VRRP state storage unit 115. Decide whether you want to continue processing or discard.

  In this example, as shown in FIG. 4, since the transmission source port number “5001” and an odd-numbered packet are transmitted, this packet is received only by the router 1 whose VRID # 1 is the master according to the conditions shown in FIG. Is done. In the router 2, since VRID # 1 is not the master, the packet is discarded and no processing is performed.

  The router 1 processes the packet as usual, and the NAPT processing unit 1221 performs NAPT conversion on the global side interface 12 and transmits the packet. The converted packet at that time is as shown in FIG. Although detailed description of NAT / NAPT conversion is omitted, the NAPT processing unit 1221 according to the present embodiment needs to process the port number to be an odd number in the router 1 when it is necessary to convert the port number. (Here, “50001” is assumed).

  This is to ensure that the response packet of the packet converted by the router 1 (see the header shown in FIG. 6) always returns to the NAPT-processed router. Information obtained by converting the header packet shown in FIG. 4 into the header packet shown in FIG. 5 by the router 1 is recorded in the NAPT conversion storage unit 126 of the router 1.

  The NAPT-converted header packet shown in FIG. 5 is transmitted to the terminal 5 as usual, and the terminal 5 generates and transmits a header response packet shown in FIG.

  The transmission destination MAC address of the header shown in FIG. 6 becomes the virtual MAC address C of VRID # 1 by the ARP resolution similar to that of the private side described above. As in the case of the private side interface 11, both the router 1 and the router 2 receive the response packet in the global side interface 12, and each reception determination unit 123 receives information in the global side reception condition storage unit 124 and the VRRP state storage unit 125 [ With reference to the conditions shown in FIG. 3B, it is determined whether to continue the reception process or discard it.

  The condition shown in FIG. 3 is that VRRP on the private network side not used for NAPT is the source port number, and VRRP on the global network side used for NAPT is the destination port number, and the router to be processed is determined. Be careful.

  It is the router 1 whose conversion information is stored in the NAPT storage unit 126 that can NAPT-convert the response packet in the header shown in FIG. For this reason, the response packet transmitted from the terminal 5 needs to be processed by the same router as the transmission packet, but both are port numbers used for conversion by NAPT. As described above, NAPT is the port number. This can be realized by storing even-numbered and odd-numbered conditions.

  Since the transmission destination port number of the response packet in the header shown in FIG. 6 is an odd number “50001”, the router 2 does not perform any processing. The router 1 processes the response packet as usual, and the NAPT processing unit 1221 refers to the NAPT storage unit 126 and performs NAPT conversion. Since this conversion is a normal NAPT conversion, its description is omitted. The header of the packet after conversion is as shown in FIG.

  Further, when the transmission source port number of the packet transmitted from the terminal 3 is an even number, the communication addressed to the terminal 5 passes through the router 2 and the response packet from the terminal 5 also passes through the router 2. It is clear from the explanation when is an odd number.

  Thereby, if the port number used for the NAPT conversion is an odd number, the router 1 processes, and if it is an even number, the router 2 processes, and communication between the terminal 3 and the terminal 5 is established. The router for processing is switched depending on whether the port number is even or odd, and the router that processes only the odd port does not need to have an even port conversion table, so load distribution is realized.

  If router 1 or router 2 becomes faulty, both VRID # 1 and VRID # 2 become master routers, so that only one of them can continue the conversion process. However, it is necessary to pay attention to the session that was communicating at the time of the failure because communication continuation is not guaranteed with this method.

  As described above, the present embodiment has the following effects. Normally, in NAPT load distribution, it is necessary to monitor each other's conversion tables or refer to the same conversion table so that the conversion tables of a plurality of routers do not compete with each other. Since packets to be processed are separated under a fixed condition, NAT / NAPT conversion can be executed without being aware of the NAT / NAPT conversion table of the other router. For this reason, it is possible to easily realize load distribution even with an inexpensive router.

  In the present invention, as described above, the case of two routers 1 and 2 has been described. However, even when implemented with n routers (n is an integer of 3 or more), the port number is divided by n. If the rules are changed such as processing according to the remainder, the same manner as in the above embodiment can be applied.

  In the present invention, load distribution is performed using a source port number when viewed from a terminal on the private network side. However, a destination port and a destination address may be included in the condition. When the source port is not included in the condition, it is not necessary to give a special condition (such as storing even / odd number) to the NAPT conversion port, but the load distribution is more likely to be biased than when the source port is used.

1, 2 routers
3-5 terminals
11 Private side interface
12 Global interface
100 Private network 111, 121 Receiving unit 112, 122 Transmitting unit 113, 123 Reception determining unit
114 Private-side reception condition storage unit 115, 125 VRRP state storage unit
124 Global-side reception condition storage unit
126 NAPT conversion storage unit
200 Global Network 1211, 1221 NAPT Processing Unit

Claims (15)

A network including first and second network devices that connect between a first network and a second network and execute NAT (Network Address Translation) / NAPT (Network Address Port Translation),
For the first and second network devices, different first and second VRIDs (Virtual Router IDentifiers) are set on the first network side and the second network side, respectively. A common first virtual IP (Internet Protocol) address is set for each of the first and second VRIDs on the network side, and for each of the first and second VRIDs on the second network side. Setting a second virtual IP address different from and common to the first virtual IP address;
Each of the first and second network devices operates to receive a packet even in a VRRP (Virtual Router Redundancy Protocol) backup state,
The first VRID has a means for processing only a packet having an even port number to be port-converted in the master network device,
The network characterized in that the second VRID has a means for processing only a packet having an odd port number for port conversion in the master network device.   In the network device whose first VRID is the master, only the packets whose port number to be converted is an even number are received, and in the network device whose second VRID is the master, only the packets whose port number to be converted is an odd number The network according to claim 1, wherein the network is received.   3. The network according to claim 1, wherein each of the first and second network devices performs port conversion so that even numbers and odd numbers of port numbers are not changed in port conversion of NAPT. Each of the first and second network devices processes the packet using at least one of a transmission source port number, a transmission destination port, and a transmission destination address of the packet from the terminal on the first network side. The network according to claim 1 , wherein load distribution is performed.   5. The network according to claim 1, wherein the first network is a LAN (Local Area Network), and the second network is a WAN (Wide Area Network). 6. A network device that connects between a first network and a second network and executes NAT (Network Address Translation) / NAPT (Network Address Port Translation),
Different first and second VRIDs (Virtual Router IDentifiers) are set on the first network side and the second network side, respectively, and each of the first and second VRIDs is set on the first network side. A common first virtual IP (Internet Protocol) address is set for each of the first and second VRIDs on the second network side, which is different from and common to the first virtual IP address. Set the second virtual IP address,
It operates to receive packets even in the VRRP (Virtual Router Redundancy Protocol) backup state,
When the first VRID is a master, only the port conversion target port number is processed, and when the second VRID is the master, only the port conversion target port number is an odd number. A network apparatus comprising at least one of processing means.   Means for receiving only the port conversion target port number when the first VRID is a master, and only the odd port conversion target port number when the second VRID is a master The network apparatus according to claim 6, further comprising at least one of:   8. The network device according to claim 6, wherein port conversion is performed so that even numbers and odd numbers of port numbers are not changed in NAPT port conversion. The load distribution of the packet processing is performed using at least one of a transmission source port number, a transmission destination port, and a transmission destination address of a packet from a terminal on the first network side. The network device according to any one of claims 6 to 8.   10. The network device according to claim 6, wherein the first network is a LAN (Local Area Network) and the second network is a WAN (Wide Area Network). 11. A load distribution method used for a network including first and second network devices that connect between a first network and a second network and execute NAT (Network Address Translation) / NAPT (Network Address Port Translation),
For the first and second network devices, different first and second VRIDs (Virtual Router IDentifiers) are set on the first network side and the second network side, respectively. A common first virtual IP (Internet Protocol) address is set for each of the first and second VRIDs on the network side, and for each of the first and second VRIDs on the second network side. Setting a second virtual IP address different from and common to the first virtual IP address;
Each of the first and second network devices operates to receive a packet even in a VRRP (Virtual Router Redundancy Protocol) backup state,
The first VRID has a process for processing only an even number port conversion target port number in the master network device,
The load distribution method, wherein the second VRID has a process for processing only an odd number of port numbers to be port-converted in a master network device.   The first VRID is received only when the port number to be port-converted is an even number in the master network device, and the second VRID is only the port number to be port-converted is an odd number in the master network device. The load distribution method according to claim 11, wherein the load distribution method is received.   13. The load distribution method according to claim 11 or 12, wherein each of the first and second network devices performs port conversion so as not to change even and odd port numbers in NAPT port conversion. Each of the first and second network devices processes the packet using at least one of a transmission source port number, a transmission destination port, and a transmission destination address of the packet from the terminal on the first network side. The load distribution method according to claim 11 , wherein the load distribution is performed.   15. The load distribution method according to claim 11, wherein the first network is a LAN (Local Area Network) and the second network is a WAN (Wide Area Network).

Images