JP5177246B2 - Network failure detection apparatus and network failure detection method - Google Patents

Description

  The present invention relates to a network failure detection device and a network failure detection method for detecting a failure that occurs on a network, and more particularly to a network failure detection device and a network for detecting a layer 2 loop that is a failure that occurs in a relay device that constitutes a network. The present invention relates to a failure detection method.

  A relay device called a layer 2 (L2) switch that constitutes a network such as a LAN is one of the network relay devices, and determines the destination of a packet from data in the data link layer (second layer) of the OSI reference model. It has a function to perform transfer. The data link layer protocol includes MAC (Media Access Control) in Ethernet (registered trademark) and the like, and the Ethernet (registered trademark) relay device that determines the destination of data by looking at the MAC address is also called a switching hub. Since protocols such as IP, TCP, and HTTP are located above the network layer (third layer), the layer 2 switch can transfer packets even when the protocols of the third layer and higher are different.

  In a network in which a plurality of terminals are connected by a layer 2 switch, a failure called a layer 2 loop occurs in the entire network due to an erroneous connection of a cable or a failure of a layer 2 switch. Due to the occurrence of the layer 2 loop, the high load state of the terminal is caused in the entire network, and the network communication is disabled.

  1 to 3 are diagrams for explaining a network failure due to a layer 2 loop. In FIG. 1, the network includes switches SW2, SW3, and SW4 connected under the layer 2 switch (hereinafter referred to as “switch”) SW1, and switches SW5, SW6, and SW7 under the switches SW2, SW3, and SW4, respectively. The terminals Y1, Y2, and X are connected to the switches SW5, SW6, and SW7, respectively. Then, it is assumed that the switch SW2 is loop-connected due to a cable misconnection in the switch SW2, and a layer 2 loop is generated here.

  An example where terminal X transmits a broadcast packet will be described. When a broadcast packet is transmitted from the terminal X, the broadcast packet reaches the switch SW2 where the L2 loop is generated via the switches SW7, SW4, and SW1. The broadcast packet is sent to the entire network (subnet) every time it circulates in the loop with the switch SW2. Since loop wrapping is performed at wire speed, as a result, broadcast packets continue to be transmitted from the switch SW2 to the entire network at wire speed (referred to as broadcast storm), and terminals in the network are in a high load state.

  When a broadcast packet is input to one of the ports of each switch, the switch stores the MAC address of the source terminal included in the broadcast packet, and there is a source terminal for the broadcast packet. In order to recognize the direction as the direction of the input port (hereinafter, this may be expressed as “learning the address”), a switch that mislearns the address of the source terminal appears by the broadcast storm. . In other words, each switch recognizes that the source address of the broadcast packet is in the direction of the L2 loop occurrence point (switch SW2), and therefore, in each switch on the route between the terminal X and the L2 loop occurrence point, Incorrect address learning occurs. Specifically, since the terminal X learns the address as if there is a virtual image of the terminal X that sent the broadcast packet to the switch SW2 where the L2 loop has occurred, in the figure, between the terminal X and the location where the L2 loop occurred In the switches SW7, SW4, SW1, and SW2 on the route, the address of the terminal X is erroneously learned. In this way, when a broadcast packet is transmitted from a terminal while an L2 loop is occurring, the switch on the route to the location where the terminal and the L2 loop are generated mislearns the address of the terminal. To do.

  For switches SW3, SW5, and SW6, the packet reception direction when the packet was transmitted from the actual terminal X and that when the packet was transmitted from the location where the L2 loop occurred matched, and as a result, there was no mislearning Not too much.

  In the state where the address of the terminal X is erroneously learned as described above, the terminal Y1 transmits a unicast packet to the terminal X as shown in FIG. The unicast packet reaches the switch SW2 via the switch SW5. Switch SW2 mis-learns the address of terminal X, and the unicast packet continues to circulate in the L2 loop generated in switch SW2, does not reach terminal X, and cannot communicate with terminal X. Become. Also, the switch SW2 mislearns the address of the terminal Y1 as if the terminal Y1 exists in the L2 loop. Thus, when a unicast packet is sent to an address that has been mislearned to reach the L2 loop occurrence location, the address of the source terminal of the unicast packet is set in the L2 loop direction at the L2 loop generation switch SW2. Mislearned. The other switch SW5 normally learns the address of the terminal Y1.

  Similarly, in a state where the address of the terminal X is mislearned as described above, the terminal Y2 transmits a unicast packet to the terminal X as shown in FIG. The unicast packet reaches the switch SW2 via the switches SW6, SW3, and SW1. Switch SW2 mis-learns the address of terminal X, and the unicast packet continues to circulate in the L2 loop generated in switch SW2, does not reach terminal X, and cannot communicate with terminal X. Become. In addition, the switch SW2 erroneously learns the address of the terminal Y2 as if the terminal Y2 exists in the L2 loop. The other switches SW6, SW3, and SW1 normally learn the address of the terminal Y2.

  As a technique for detecting a layer 2 loop that causes a network failure, for example, Patent Document 1 below discloses a method for determining an infinite loop of a frame by analyzing a received frame and detecting an L2 loop.

JP 2001-197114 A

  Conventionally, when an L2 loop occurs, the location of the L2 loop has been narrowed down by manually connecting / disconnecting the cable of the layer 2 switch or repeating the procedure for obtaining information on the connection status from the suspect switch. Therefore, it took a lot of time (several hours to several days) and labor to find the L2 loop.

  Further, according to the above-mentioned Patent Document 1, it is possible to detect that an L2 loop has occurred somewhere in the network (subnet), but specify where the L2 loop has occurred in the subnet. I can't.

  Accordingly, an object of the present invention is to provide a network failure detection apparatus and a network failure detection method capable of quickly and easily detecting the occurrence of an L2 loop and the occurrence location thereof.

  In order to achieve the above object, a first configuration of a network failure detection apparatus of the present invention is a first terminal among a plurality of terminals, each terminal being at least one relay apparatus among a plurality of relay apparatuses. In a network failure detection device for detecting a failure of a network connected to another terminal via a network, reception from each of the plurality of ports of the first relay device from the first relay device of the plurality of relay devices A communication unit that acquires statistical information about data, and whether or not a loop causing a predetermined network failure has occurred in the first relay device based on the statistical information, or another loop in which the loop has occurred And a determination unit that determines a direction of the relay device from the first relay device.

  A second configuration of the network failure detection device according to the present invention is characterized in that, in the first configuration, the statistical information is a received data amount or a received data number for each port of the first relay device. To do.

  According to a third configuration of the network failure detection apparatus of the present invention, in the second configuration, the determination unit receives the amount of received data or the number of received data per unit time among the plurality of ports of the first relay apparatus. If there are two ports having a threshold equal to or greater than a predetermined threshold, it is determined that the loop has occurred in the first relay device, and the received data amount per unit time is equal to or greater than the predetermined threshold. When there is one port, it is determined that there is another relay device in which the loop occurs in the downstream direction of the port.

  According to a fourth configuration of the network failure detection apparatus of the present invention, in the third configuration, the threshold is set based on the amount of received data or the number of received data per unit time in the network failure detection device. It is characterized by that.

  According to a fifth configuration of the network failure detection device of the present invention, in the third configuration, the threshold value is a received data amount or a received data number per unit time of each port of the first relay device. It is set based on the maximum value of.

  According to a sixth configuration of the network failure detection apparatus of the present invention, in the first configuration, the communication unit broadcasts a plurality of predetermined request data having a predetermined data length before acquiring the statistical information. The predetermined data length is longer than the data length of response data to the predetermined request data.

  According to a seventh configuration of the network fault detection apparatus of the present invention, in the first configuration, the communication unit includes a plurality of ports of the interface type related to the loop among all the ports of the first relay device. It is characterized by acquiring statistical information about received data.

  According to an eighth configuration of the network failure detection apparatus of the present invention, in the first configuration, the communication unit is a port whose received data amount per unit time in the first relay device is a predetermined threshold value or more. In response to this, a blocking request is transmitted.

  According to a ninth configuration of the network failure detection device of the present invention, in the first configuration described above, the network failure detection device includes a communication recovery processing unit that broadcast-transmits a plurality of data having a source address other than the network failure detection device, The communication recovery processing unit broadcasts the plurality of data before the communication unit acquires the statistical information.

  According to a tenth configuration of the network fault detection apparatus of the present invention, in the first configuration, a plurality of data having a data length longer than a data length of data circulating in the loop is broadcasted when the loop occurs. A load reduction processing unit is provided, and the load reduction processing unit broadcasts the plurality of data before the communication unit acquires the statistical information.

  According to an eleventh configuration of the network failure detection apparatus of the present invention, in the first configuration, the network failure is a layer 2 loop failure in which data circulating around the loop is continuously transmitted from the loop. And

  The first network failure detection method of the present invention is implemented by a first terminal among a plurality of terminals, and each terminal is connected to another terminal via at least one relay apparatus among the plurality of relay apparatuses. In the network failure detection method for detecting a network failure, an acquisition step of acquiring statistical information about data received at each of a plurality of ports of the first relay device from a first relay device of the plurality of relay devices. Whether or not a loop causing a predetermined network failure has occurred in the first relay device based on the statistical information, or the first relay device of another relay device in which the loop has occurred And a determination step of determining a direction from.

  The second network failure detection method of the present invention is characterized in that, in the first method, the statistical information is a received data amount or a received data number for each port of the first relay device.

  According to a third network failure detection method of the present invention, in the second method, in the determination step, a reception data amount or a reception data number per unit time is predetermined among the plurality of ports of the first relay device. If there are two ports that are equal to or greater than the threshold value, it is determined that the loop has occurred in the first relay device, and the amount of received data per unit time is equal to or greater than the predetermined threshold value Is one, it is determined that there is another relay apparatus in which the loop is generated in the downstream direction of the port.

  According to a fourth network failure detection method of the present invention, in the third method, the threshold value is based on the amount of received data or the number of received data per unit time in the network failure detection device before the obtaining step. It is characterized by comprising a setting step for setting.

  According to a fifth network failure detection method of the present invention, in the third method, the received data amount per unit time of each port of the first relay device acquired in the acquisition step before the determination step. Alternatively, a setting step of setting the threshold value based on a maximum value among the number of received data is provided.

  According to a sixth network failure detection method of the present invention, in the first method, before the obtaining step, a transmission step of broadcasting a plurality of predetermined request data having a predetermined data length is provided, and the predetermined data The length is longer than the data length of response data to the predetermined request data.

  According to a seventh network failure detection method of the present invention, in the first method, in the acquisition step, reception is performed at each of the plurality of ports of the interface type related to the loop among all the ports of the first relay device. It is characterized by acquiring statistical information about data.

  According to an eighth network failure detection method of the present invention, in the first method, a blocking request is made to a port whose received data amount per unit time in the first relay device is a predetermined threshold value or more. A transmission step of transmitting is provided.

  According to a ninth network failure detection method of the present invention, in the first method, a communication recovery process in which a plurality of data having an address other than the first terminal as a transmission source address is broadcast before the acquisition step. It is characterized by comprising a step.

  In a tenth network failure detection method of the present invention, in the first method, before the acquisition step, a plurality of data lengths having a data length longer than a data length of data circulating in the loop when the loop occurs A load reduction processing step of broadcasting data is provided.

  The eleventh network failure detection method of the present invention is characterized in that, in the first method, the network failure is a layer 2 loop failure in which data circulating around the loop is continuously broadcast from the loop. .

  According to the present invention, it is possible to detect the occurrence of a loop that causes a failure in the network and the location of the occurrence.

  In addition, the loop can be detected by the processing of the terminals constituting the network, and the loop can be detected without requiring the processing of the relay device constituting the network. In other words, it takes a relatively large amount of labor and time to implement a new function in the relay device, but the present invention does not require it and can be executed on a terminal that can easily add a new function simply by installing an application program. Therefore, by installing an application program for executing the processing of the present invention on a terminal and executing it, the present invention can be realized easily, simply, and universally.

It is a figure explaining the network failure by a layer 2 loop. It is a figure explaining the network failure by a layer 2 loop. It is a figure explaining the network failure by a layer 2 loop. It is a principle block diagram of the network failure detection apparatus in embodiment of this invention. It is a general | schematic process flowchart of the network failure detection apparatus in embodiment of this invention. It is a processing flowchart of the network failure detection apparatus in the first embodiment of the present invention. It is a figure explaining the process of the 1st embodiment of this invention. It is a figure explaining the process of the 1st embodiment of this invention. It is a flowchart which shows the 1st method of setting a threshold value dynamically. It is a figure explaining the 2nd method of setting a threshold dynamically. It is a figure explaining the 2nd method of setting a threshold dynamically. It is a process flowchart of the network failure detection apparatus in the 2nd embodiment of this invention. It is a figure explaining the process of the 2nd embodiment of this invention. It is a figure explaining the process of the 2nd embodiment of this invention. It is a figure explaining the example which transmits the broadcast request with a large packet size. It is a flowchart of the process which extracts the port relevant to a L2 loop from the port of a search object switch. It is a figure explaining the process which extracts the port relevant to a L2 loop from the port of a search object switch. It is a process flowchart for acquiring the address of a search object switch.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. However, this embodiment does not limit the technical scope of the present invention.

  When a layer 2 (L2) loop, which is a network failure, occurs, broadcast packets sent from within the same network (subnet) reach the relay device that makes up the L2 loop, and every time the loop circulates, the entire area within the same subnet Is sent out. Since the loop in the loop is performed at the wire speed, as a result, a broadcast packet is transmitted at the wire speed from the relay apparatus constituting the loop to the same subnet. Paying attention to this loop traffic, when an L2 loop occurs, a large amount of packets are received from one port in the direction of the relay device constituting the loop. In particular, in a relay device that forms a loop, there are clockwise and counterclockwise loops, and a large amount of packets are received by two ports.

  Therefore, it is possible to specify the loop location or limit the range of the loop location by acquiring the packet reception statistical information for each port of the relay device and extracting the port with a large amount of received packets per unit time. . Specifically, when a certain relay device has one mass reception port, it can be determined that an L2 loop has occurred in the downstream direction of the port. Also, if a relay device has two mass reception ports, it can be determined that a loop is formed by these two ports and an L2 loop has occurred.

  FIG. 4 is a principle configuration diagram of the network failure detection apparatus according to the embodiment of the present invention. In FIG. 4, the network is configured by connecting layer 2 switches SW2, SW3, and SW4 under the layer 2 switch SW1, and connecting terminals 10, 20, and 30 to the switches SW2, SW3, and SW4, respectively. The terminal 10 is a network failure detection device, and includes a statistical information acquisition unit 11, a data analysis unit 12, a communication recovery processing unit 13, and a load reduction processing unit 14 as functions of the network failure detection device. The processing of the communication recovery processing unit 13 and the load reduction processing unit 14 will be described later. In the example of FIG. 4, an L2 loop has occurred at port 1 and port 3 of switch SW2, and broadcast packets continue to be sent out at wire speed from the L2 loop. In switch SW2, port 1 and port 3 that make up the L2 loop Becomes a mass reception port, and in the switches SW1, SW3 and SW4, each port 1 in the direction of the switch SW2 becomes a mass reception port. That is, there is one mass reception port for the switches SW1, SW3, and SW4, and two for the switch SW2.

  FIG. 5 is a schematic process flowchart of the network failure detection apparatus according to the embodiment of the present invention. The statistical information acquisition unit 11 of the network failure detection apparatus 10 is a communication means having a packet (data) transmission / reception function, and transmits a statistical information request for requesting transmission of packet reception statistical information of each port to the search target switch. Then, statistical information (packet reception number information) that is a response from the search target switch is acquired (S10). At this time, the statistical information acquisition unit 11 acquires two pieces of statistical information at different times, and obtains the number of packets received per unit time at each port by subtracting them.

  The data analysis unit 12 compares the number of received packets per unit time of each port of the search target switch with a predetermined threshold value, and determines the number of ports that receive packets equal to or greater than the predetermined threshold value (S11). ). If the number of corresponding ports is two, it is determined that an L2 loop has occurred in the search target switch (S12). If the number of corresponding ports is one, the L2 loop further downstream of the search target switch. Is determined to occur (S13). In the present invention, if the corresponding port is 0, it is determined that no L2 loop occurs (S14). In this embodiment, it is assumed that one L2 loop occurs in the network (subnet). In this case, the upper limit of the number of ports that receive packets exceeding the threshold is two. . The possibility that a plurality of L2 loops are generated in one subnet is extremely low, and it is not necessary to consider the possibility in the L2 loop detection process.

  The statistical information is a management information database (MIB) owned by each switch. The MIB is information indicating the state of each network device (including each switch and terminal in this embodiment) managed by SNMP (Simple Network Management Protocol), and has the number of packets received at each port. The MIB is defined in RFC 1156 and RFC 1213. Hereinafter, embodiments of the present invention will be described in more detail.

  FIG. 6 is a process flowchart of the network failure detection apparatus in the first embodiment of the present invention. In the first example, the amount of data received at each port is compared with a preset threshold value, and the occurrence of the L2 loop and its occurrence location are determined based on the number of ports whose data amount is equal to or greater than the threshold value. To detect.

  In step S100, a threshold for the amount of data for determining whether a large amount of packets are received is set in advance. The statistical information acquisition unit 11 requests the target search switch to transmit statistical information having the received data amount of each port, and the target search switch receives the statistical information having the received data amount of each port in response to the request. And the statistical information acquisition unit 11 acquires it (S101). The statistical information having the received data amount of each port is ifInOctetsMIB.

  When a predetermined period (for example, 1 second) has elapsed after acquiring the first statistical information (S102), the statistical information acquisition unit 11 again receives the statistical information having the received data amount of each port for the target search switch. In response to the request, the target search switch transmits statistical information (ifInOctetsMIB) having the received data amount of each port for the second time, and the statistical information acquisition unit 11 acquires it (S103).

  The data analysis unit 12 calculates the received data amount per unit time of each port by subtracting the first statistical information (reference value) from the second statistical information (increment value) (S104). Since the statistical information is the amount of data at a certain time, the received data amount per unit time can be obtained from the difference between two pieces of statistical information at different times.

  The data analysis unit 12 compares the received data amount per unit time of each port with the threshold value set in step S100, and determines the number of ports that receive the data amount equal to or greater than the threshold value (S105). . If the number of ports is one, it is determined that there is an L2 loop in the downstream direction of that port of the search target switch (S106). If the number of ports is two, it is determined that an L2 loop has occurred in the port pair of the search target switch (S107). If the number of ports is 0, it is determined that no L2 loop has occurred (S108).

  7 and 8 are diagrams for explaining the processing of the first embodiment of the present invention. FIG. 7 is an example in which the network failure detection device 10 acquires the statistical information of the switch SW1, and FIG. 8 is an example in which the network failure detection device 10 acquires the statistical information of the switch SW2. The thresholds for determining the presence or absence of the L2 loop are each set to 80 Mbps.

  In FIG. 7, the first statistical information (reference value) and the second statistical information (increment value) at each port 1, 2, and 3 of the switch SW1 are acquired, and the difference value and reception per unit time are obtained. The amount of data is calculated. As is apparent from FIG. 7, the number of ports that receive a data amount exceeding the threshold is one, and that port is port 1. Therefore, it is determined that an L2 loop has occurred in the downstream direction of the port 1 of the switch SW1 from the network failure detection apparatus 10 side.

  In FIG. 8, similarly, the first statistical information (reference value) and the second statistical information (increment value) at each port 1, 2, and 3 of the switch SW2 are acquired, and the difference value and unit time are obtained. The amount of received data per hit is calculated. As shown in FIG. 8, the number of ports that receive the data amount exceeding the threshold is two, and the ports are port 1 and port 3. Therefore, it is determined that an L2 loop has occurred at port 1 and port 3 of switch SW2.

  The threshold value may be set in advance as in step S100 of FIG. 6, but may be set dynamically according to the communication status of the network.

  FIG. 9 is a flowchart showing a first method for dynamically setting the threshold value. The network failure detection apparatus 10 counts the data amount of broadcast packets received by itself, and measures the amount of received data per unit time (S201). Then, a threshold value is set based on the calculated data amount (202). For example, a constant magnification of the calculated received data amount per unit time is set as the threshold value. Specifically, if the amount of received data per unit time is 95 Mbps and the constant magnification is 0.8, the threshold value is 76 Mbps.

  10 and 11 are diagrams for explaining a second method for dynamically setting the threshold value. In the second method, a constant multiple of the maximum value of the received data amount (or the number of received packets) of each port included in the acquired statistical information is set as the threshold value. FIG. 10 is a table showing the statistical information of the switch SW1 and the data reception amount per unit time calculated from each port. As shown in FIG. 10, the maximum value of the data reception amount per unit time is 96 Mbps of port 1. If the constant magnification is 0.8, the threshold is 76.8Mbps. In the switch SW1, the port exceeding the threshold of 76.8 Mbps is only the port 1, and the determination result is the same as in FIG.

  A lower limit value may be set as a threshold value obtained by multiplying by a constant magnification. This is because none of the ports may be a mass reception port. If the calculated threshold is below the lower limit, the lower limit is set as the threshold. In the example of FIGS. 10 and 11, the lower limit value is, for example, 8 Mbps.

  FIG. 11 is a table showing the statistical information of the switch SW2 and the data reception amount per unit time of each port calculated from the statistical information. As shown in FIG. 11, the maximum value of the data reception amount per unit time is 96 Mbps of port 1. If the constant magnification is 0.8, the threshold is 76.8Mbps. In the switch SW2, the ports exceeding the threshold of 76.8 Mbps are the port 1 and the port 3, and the determination result is the same as in FIG.

  FIG. 12 is a process flowchart of the network failure detection apparatus according to the second embodiment of the present invention. In the second embodiment, instead of the amount of data in the first embodiment, the number of packets received at each port is compared with a preset threshold value. Based on the number, the occurrence of the L2 loop and its location are detected.

  In step S300, a threshold value for the number of received packets for determining whether a large number of packets have been received is set in advance. The statistical information acquisition unit 11 requests the target search switch to transmit statistical information having the number of received packets of each port, and the target search switch has statistical information having the number of received packets of each port in response to the request. And the statistical information acquisition unit 11 acquires it (S301). The statistical information having the number of received packets at each port is ifInNUCastPacketsMIB.

  When a predetermined period (for example, 1 second) has elapsed after acquiring the first statistical information (S302), the statistical information acquisition unit 11 again receives the statistical information having the number of received packets at each port with respect to the target search switch. In response to the request, the target search switch transmits statistical information (ifInNUCastPacketsMIB) having the number of received packets of each port for the second time, and the statistical information acquisition unit 11 acquires it (S303).

  The data analysis unit 12 calculates the number of received packets per unit time of each port by subtracting the first statistical information (reference value) from the second statistical information (increment value) (S304). Since the statistical information is the number of received packets at a certain time, the number of received packets per unit time can be obtained from the difference between two statistical information at different times.

  The data analysis unit 12 compares the number of received packets per unit time of each port with the threshold set in step S100, and determines the number of ports that receive the number of packets equal to or greater than the threshold (S305). . If the number of ports is one, it is determined that there is an L2 loop in the downstream direction of the port of the search target switch (S306). If the number of ports is two, it is determined that an L2 loop has occurred in the port pair of the search target switch (S307). If the number of ports is 0, it is determined that no L2 loop has occurred (S308).

  13 and 14 are diagrams for explaining the processing of the second embodiment of the present invention. FIG. 13 is an example in which the network failure detection apparatus 10 acquires the statistical information of the switch SW1, and FIG. 14 is an example in which the network failure detection apparatus 10 acquires the statistical information of the switch SW2. The thresholds for determining the presence or absence of the L2 loop are each set to 8000 pps.

  In FIG. 13, the first statistical information (reference value) and the second statistical information (increment value) at each port 1, 2, and 3 of the switch SW1 are acquired, and these difference values are received per unit time. The number of packets is calculated. As shown in FIG. 13, the number of ports that receive the number of packets exceeding the threshold is one, and that port is port 1. Therefore, it is determined that an L2 loop has occurred in the downstream direction of the port 1 of the switch SW1 from the network failure detection apparatus 10 side.

  In FIG. 14, similarly, the first statistical information (reference value) and the second statistical information (increment value) at each port 1, 2, and 3 of the switch SW2 are acquired, and the difference value and unit time are obtained. The number of received packets is calculated. As shown in FIG. 14, the number of ports that receive the number of packets exceeding the threshold is two, and the ports are port 1 and port 3. Therefore, it is determined that an L2 loop has occurred at port 1 and port 3 of switch SW2.

  Also in the second embodiment, the threshold regarding the number of packets may be dynamically set according to the communication status of the network, as shown in FIGS. 9 and 10 (or FIG. 11). For example, if the calculated number of received packets per unit time is 12000 pps and the constant magnification is 0.8, the threshold value is 9600 pps. Alternatively, the threshold value may be calculated by multiplying the maximum value of the number of received packets at each port by a fixed magnification.

  By the way, when an L2 loop occurs and a large number of broadcast packets are sent from the L2 loop, if the broadcast packet is a packet requesting a response from the destination, the response packet of the broadcast packet is opposite to the broadcast packet sending direction. There is a possibility to transmit a large amount in the direction. Then, in addition to the port that receives the broadcast packet from the L2 loop, the port that receives the response packet also receives a large amount of packets, and the location or direction of occurrence of the L2 loop cannot be specified.

  In order to avoid this problem, for example, the network failure detection apparatus 10 transmits a large number of broadcast requests having a large packet size in advance. A broadcast request is selected and transmitted so that the response packet size of the broadcast request is sufficiently smaller than the packet size of the broadcast request.

  FIG. 15 is a diagram illustrating an example of transmitting a broadcast request having a large packet size. The network failure detection apparatus 10 to which the address “A” is given has a transmission source address “Any” (which may be an arbitrary address and may be a fictitious address that does not exist), and uses its own address “A”. Broadcast ARP (Address Resolution Protocol) requests for resolution are transmitted in a long size (for example, 1500 bytes) in large quantities (for example, 1000) (Step 1). The ARP request reaches the L2 loop and is sent out from the L2 loop (Step 3) while continuing to circulate around the L2 loop (Step 3), and returns to the network failure detection apparatus 10. Since the received ARP request is a packet for resolving its own address, the network failure detection device 10 unicasts an ARP response to the address “Any” in response to the ARP request (Step 4). This ARP response is 64 bytes, which is 1/20 compared with the packet size of the ARP request, and is sufficiently small. The ARP response reaches the L2 loop and circulates.

  In this way, by making the size of the packet sent from the L2 loop sufficiently larger than the size of the packet going to the L2 loop, only the port that receives the packet sent from the L2 loop can be judged as a mass receiving port. It becomes like this. In FIG. 15, port 1 of the switch SWP is a port that receives a large amount of ARP responses, but since the size of the ARP response is sufficiently small, it is not determined as a mass reception port, and port 1 of the switch SWQ has a packet size of Since this is a port that receives a large amount of large ARP requests, it is judged as a mass reception port.

  In addition, the network failure detection apparatus may acquire the interface of each port of the search target switch in advance and search only the port of the interface related to the L2 loop. The L2 loop is a failure that can be identified by ethernet (registered trademark), and the network failure detection device acquires statistical information only from the port of the interface related to ethernet (registered trademark).

  FIG. 16 is a flowchart of processing for extracting ports related to the L2 loop from the ports of the search target switch. FIG. 17 is a diagram for explaining the processing. The network failure detection apparatus holds in advance a table of interface (IF) type information of ports used for L2 loop detection (S400). FIG. 17A is an example of the IF type table, and the IF type table includes interface type information related to ethernet (registered trademark).

  The network failure detection apparatus 10 transmits a notification request for the interface of each port to the search target switch, and acquires the interface type information of each port from the search target switch in advance (S401). FIG. 17B is an example of the acquired interface type information of each port (number 1-10). Port 1-6 is fastEther, port 7-8 is gigabitEthernet (registered trademark), and port 9-10 is ATM. (asynchronous Transfer Mode). The interface type information of each port transmitted by the search target switch is, for example, ifTypeMIB. The network failure detection apparatus 10 extracts an interface type port included in the IF type table based on the acquired interface type information (S402), and sets it as a search target port in the search target switch (S403). In the example of FIG. 17, ports 1-8 are set as search target ports.

  When the switch constituting the L2 loop is specified by the above-described embodiment, processing for avoiding the L2 loop may be further performed. In the example of FIG. 4, the network failure detection device transmits a command for shutting down the port to either switch 1 or port 3 of the switch SW2 constituting the L2 loop to the switch SW2. The command is, for example, an SNMPset command for bringing down ifAdminStatusMIB of port 1 or port 3. This makes it possible not only to detect the occurrence location of the L2 loop but also to avoid the L2 loop. Further, by shutting off the port 1 of the switch SW1, the L2 loop downstream thereof may be avoided. The network failure detection apparatus 10 transmits a command for blocking the port 1 to the switch SW1.

  In addition, before performing the processing according to the embodiment of the present invention, it is necessary to acquire the address of the search target switch in order to acquire statistical information from the search target switch.

  FIG. 18 is a process flowchart for acquiring the address of the search target switch. The network failure detection apparatus 10 transmits an SNMPget command, which is a predetermined MIB acquisition request, to the broadcast address of the search target network (S500). The network failure detection apparatus 10 receives a response packet from a switch that can respond to the SNMPget command, and extracts a source address from the received response packet (S501). As a result, the address of the search target switch can be acquired. The extracted address is set as the address of the search target switch (S502).

  If an L2 loop has occurred, there is a high possibility that a response packet cannot be received from a switch in the network (subnet). For example, when it is clear that communication within the network is normal (the L2 loop has occurred) This address acquisition processing is preferably performed when it is clear that there is not.

  The first 3 bytes of the switch address (MAC address) is an OUI (Organizationally Unique Identifier) that identifies the switch vendor, and the network failure detection device can perform processing considering the vendor characteristics of the switch to be searched. Good.

  For example, when a switch of a certain vendor does not have statistical information about the number of received packets but has only statistical information about the amount of received data, the switch according to the first embodiment that uses the received data amount is executed. There is a need. The network failure detection apparatus holds in advance vendor identification information (OUI) and a table of processing corresponding to the vendor identification information (OUI), and executes processing according to the vendor characteristics of the search target switch based on the vendor identification information.

  By the way, as explained in the “Background Art” section, when a broadcast packet is transmitted from a terminal in a state where an L2 loop has occurred, it is on the route from that terminal to the location where the L2 loop has occurred. The switch mislearns the address of the terminal. Therefore, for example, if a broadcast packet is transmitted from the terminal 10 (network failure detection device) before performing the L2 loop detection processing of the present invention in a state where the L2 loop is generated in the switch SW2, the terminal 10 The address is also mislearned in the L2 loop direction. Then, in response to the statistical information request from the network failure detection device 10, when the search target switch transmits statistical information, the statistical information is transmitted in the mislearned direction, and the network failure detection device (terminal 10) However, statistical information may not be received.

  Therefore, in the embodiment of the present invention, in order to avoid an inconvenient situation in which the network failure detection device cannot acquire statistical information, a process (in which the communication recovery processing unit 13 recovers communication with the search target switch in advance) ( Implement communication recovery processing.

  The communication recovery processing unit 13 of the network failure detection apparatus continuously transmits a plurality of broadcast packets (hereinafter referred to as dummy packets) having a MAC address other than its own MAC address as a transmission source address. When a dummy packet is broadcast, it reaches the L2 loop and starts to circulate. Since the dummy packet is input to the input port of the switch SW2 in which the L2 loop is generated, and the existing broadcast packet that has already been circulated is also input, a 1-output 2-input state is established. Then, by sending these dummy packets continuously and in large quantities, the output queue or input queue exceeds the allowable value, and the packets are discarded. The broadcast packet as the transmission source is replaced with a dummy packet, and finally, all the circulating broadcast packets are replaced with dummy packets. As a result, broadcast packets originating from the network failure detection device are no longer transmitted from the L2 loop, and mislearning of the address of the search target terminal in all switches in the network is resolved. Communication can be restored.

  The source address of the dummy packet may be a MAC address other than the MAC address of the network failure detection device, may be a fictitious address that does not exist, or may be the MAC address of another existing terminal. However, in this case, when communicating with the actual terminal, it is necessary to perform the communication recovery process again.

  After performing the above-described communication recovery processing, the network failure detection device transmits a statistical information request to the search target switch, and performs the above-described processing for detecting the L2 loop.

  In addition, as described in the “Background” section, when an L2 loop occurs, a broadcast storm phenomenon occurs in which broadcast packets continue to be transmitted from the switch where the L2 loop occurs, and all terminals in the network are heavily loaded. It becomes a state. If the L2 loop detection processing in the present embodiment is performed in a high load state, the processing speed of each of the network failure detection device and the search target switch may be delayed or the processing may be stopped, and further the packet transmission speed may be delayed. is there.

  Broadcast packet reception causes interrupt processing to occur at the terminal or switch on the network, causing a high load on the CPU utilization, causing serious failures such as other processing not being performed or processing speed being delayed. . In particular, a broadcast packet is often a packet that requests a response from a specific terminal, such as ARP, and if a large number of broadcast packets arrive at a terminal that should respond, the response processing load is also added, which further increases the response. Loaded.

  For this reason, for example, there is a possibility that the transmission process of the statistical information from the search target switch in response to the statistical information request is delayed, or the statistical information is not transmitted, and the network failure detection apparatus cannot normally receive the statistical information.

  Therefore, in the embodiment of the present invention, in order to avoid an inconvenient situation in which statistical information cannot be received due to the influence of a high load, a process (load reduction process) for the load reduction processing unit 14 to reduce the load on the network. To implement.

  The cause of the high load of devices (including terminals and switches) in the network due to the broadcast storm associated with the L2 loop is that the number of broadcast packets received per unit time is close to or exceeds the limit of the processing capacity of each terminal. This is due to the enormous volume, and the load on each terminal can be reduced by reducing the number of broadcast packets received per unit time.

  Therefore, the load reduction processing unit 14 of the network failure detection device continuously transmits long packets having a long packet length as broadcast packets. In the network, broadcast packets such as ARP, RIP, and NetBIOS are frequently transmitted, and these packets are also dominant in packets that circulate in the L2 loop when an L2 loop occurs. In particular, ARP has a packet length of about 64 bytes, and NetBIOS has a packet length of about 200 bytes. When an L2 loop occurs, these short packets are broadcast throughout the network at the transmission line speed that forms the L2 loop. For example, when only ARP packets circulate in a 100 Mbps L2 loop, theoretically, 140,000 packets are broadcasted from the L2 loop to the entire network per second.

  The load reduction processing unit 14 continuously transmits long packets of about 1500 bytes, for example. In the L2 loop, a packet of about 64 bytes is input, and a packet of 1500 bytes is also input, which is continuously input, so the input queue or output queue exceeds the allowable value. As a result, a short packet of about 64 bytes is discarded, and finally all the 64-byte packets are discarded, and only a 1500-byte packet can be circulated. In the state where only 1500-byte packets circulate, the packets transmitted from the L2 loop are 8000 packets per second, and the number of packets received per unit time is about 1/20 compared to 64 bytes. Can be reduced. As a result, the load on each terminal is reduced, and the load state can be recovered to such an extent that the communication confirmation process can be performed.

  After performing the load reduction process, the network failure detection apparatus transmits a statistical information request to the search target switch, and performs the above-described process of detecting the L2 loop.

  Furthermore, in order to perform the communication recovery processing and load reduction processing simultaneously, a broadcast packet (dummy packet) having a MAC address other than the MAC address of the network failure detection device used as the communication recovery processing is converted into a long packet. By continuously transmitting a plurality of data, load reduction processing can be performed simultaneously.

(Appendix 1)
In a network failure detection device that is a first terminal of a plurality of terminals, each terminal detecting a failure of a network connected to another terminal via at least one relay device of the plurality of relay devices,
A communication unit for obtaining statistical information on data received at each of a plurality of ports of the first relay device from a first relay device of the plurality of relay devices;
Based on the statistical information, whether or not a loop that causes a predetermined network failure has occurred in the first relay device, or from the first relay device of another relay device in which the loop has occurred A network failure detection apparatus comprising: a determination unit that determines a direction.

(Appendix 2)
In Appendix 1,
The network failure detection device, wherein the statistical information is a received data amount or a received data number for each port of the first relay device.

(Appendix 3)
In Appendix 2,
The determination unit, when there are two ports whose received data amount or received data number per unit time is equal to or greater than a predetermined threshold among the plurality of ports of the first relay device, When it is determined that the loop has occurred in the relay device and there is one port whose received data amount per unit time is equal to or greater than a predetermined threshold, the loop is generated in the downstream direction of the port. A network failure detection apparatus, characterized in that it is determined that another relay apparatus exists.

(Appendix 4)
In Appendix 3,
The network failure detection device, wherein the threshold value is set based on the amount of received data or the number of received data per unit time in the network failure detection device.

(Appendix 5)
In Appendix 3,
The network failure detection device, wherein the threshold value is set based on a maximum value of received data amount or received data number per unit time of each port of the first relay device.

(Appendix 6)
In Appendix 1,
The communication unit broadcasts a plurality of predetermined request data having a predetermined data length before acquiring the statistical information, and the predetermined data length is longer than a data length of response data to the predetermined request data. A network failure detection device characterized by its long length.

(Appendix 7)
In Appendix 1,
The communication unit acquires statistical information about data received at each of a plurality of ports of an interface type related to the loop among all ports of the first relay device.

(Appendix 8)
In Appendix 1,
The network failure detection device, wherein the communication unit transmits a blocking request to a port whose received data amount per unit time in the first relay device is a predetermined threshold value or more.

(Appendix 9)
In Appendix 1,
A communication recovery processing unit that broadcast-transmits a plurality of data having a source address other than the network failure detection device;
The network failure detection apparatus, wherein the communication recovery processing unit broadcasts the plurality of data before the communication unit acquires the statistical information.

(Appendix 10)
In Appendix 1,
A load reduction processing unit that broadcast-transmits a plurality of data having a data length longer than a data length of data that circulates in the loop when the loop occurs
The network failure detection apparatus, wherein the load reduction processing unit broadcasts the plurality of data before the communication unit acquires the statistical information.

(Appendix 11)
In Appendix 1,
The network failure detection apparatus according to claim 1, wherein the network failure is a layer 2 loop failure in which data circulating around the loop is continuously broadcast from the loop.

(Appendix 12)
In a network failure detection method implemented by a first terminal of a plurality of terminals, each terminal detecting a failure of a network connected to another terminal via at least one relay device of the plurality of relay devices,
An acquisition step of acquiring statistical information about data received at each of a plurality of ports of the first relay device from a first relay device of the plurality of relay devices;
Based on the statistical information, whether or not a loop that causes a predetermined network failure has occurred in the first relay device, or from the first relay device of another relay device in which the loop has occurred A network failure detection method comprising: a determination step of determining a direction.

(Appendix 13)
In Appendix 12,
The network failure detection method, wherein the statistical information is a received data amount or a received data number for each port of the first relay device.

(Appendix 14)
In Appendix 13,
In the determination step, when there are two ports having a received data amount or received data number per unit time equal to or greater than a predetermined threshold among a plurality of ports of the first relay device, When it is determined that the loop has occurred in the relay device and there is one port whose received data amount per unit time is equal to or greater than a predetermined threshold, the loop is generated in the downstream direction of the port. A network failure detection method comprising determining that another relay device is present.

(Appendix 15)
In Appendix 14,
A network failure detection method comprising: a setting step of setting the threshold value based on the amount of received data or the number of received data per unit time in the network failure detection device before the obtaining step.

(Appendix 16)
In Appendix 14,
Prior to the determination step, the threshold is set based on the maximum value of the received data amount or the received data number per unit time of each port of the first relay device acquired in the acquiring step. A network failure detection method comprising a setting step.

(Appendix 17)
In Appendix 12,
Before the obtaining step, a transmission step of broadcasting a plurality of predetermined request data having a predetermined data length is provided, and the predetermined data length is longer than the data length of response data for the predetermined request data. A characteristic network failure detection method.

(Appendix 18)
In Appendix 12,
In the obtaining step, statistical information regarding data received at each of a plurality of ports of an interface type related to the loop among all the ports of the first relay device is obtained.

(Appendix 19)
In Appendix 12,
A network failure detection method comprising: a transmission step of transmitting a blocking request to a port whose received data amount per unit time in the first relay device is equal to or greater than a predetermined threshold value.

(Appendix 20)
In Appendix 12,
A network failure detection method comprising a communication recovery processing step of broadcasting a plurality of data having a source address other than the first terminal as the source address before the obtaining step.

(Appendix 21)
In Appendix 12,
Before the obtaining step, a network failure detection step comprising a load reduction processing step of broadcasting a plurality of data having a data length longer than the data length of the data circulating in the loop when the loop occurs Method.

(Appendix 22)
In Appendix 12,
The network failure detection method according to claim 1, wherein the network failure is a layer 2 loop failure in which data circulating around the loop is continuously broadcast from the loop.

  DESCRIPTION OF SYMBOLS 10: Network failure detection apparatus, 20, 30: Terminal, SW1-SW7: Layer 2 switch, 11: Statistical information acquisition part, 12: Data analysis part, 13: Communication recovery process part, 14: Load reduction process part

Claims (4)

In a communication apparatus in a communication system including a layer 2 switch and a plurality of communication apparatuses that perform communication via the layer 2 switch,
Means for continuously transmitting a predetermined amount of broadcast packets having a MAC address other than the MAC address unique to the communication device as a transmission source address;
Means for communicating with any of the plurality of communication devices in the communication system after the transmission;
A communication apparatus comprising: In a communication apparatus in a communication system including a layer 2 switch and a plurality of communication apparatuses that perform communication via the layer 2 switch,
Means for transmitting a source address, R IP, continuous transmission of long packets having a data length not long than NetBIOS a MAC address other than the MAC address unique to the communication device,
Means for communicating with any of the plurality of communication devices in the communication system after the transmission;
A communication apparatus comprising: In a communication method in a communication system including a layer 2 switch and a plurality of communication devices that perform communication via the layer 2 switch,
The first communication device of the plurality of communication devices performs a continuous predetermined amount of transmission of a broadcast packet with a MAC address other than the MAC address unique to the first communication device as a source address,
After the transmission, communication is performed between the first communication device and a second communication device of the plurality of communication devices in the communication system.
A communication method comprising the above. In a communication method in a communication system including a layer 2 switch and a plurality of communication devices that perform communication via the layer 2 switch,
The first communication device among the plurality of communication devices, the source address of the MAC address other than the MAC address unique to said first communication device, R IP, long packet having a data length not long than NetBIOS Send continuously,
After the transmission, communication is performed between the first communication device and a second communication device of the plurality of communication devices in the communication system.
A communication method comprising the above.

Images