JP5655661B2 - Communication duplexer and communication duplex method - Google Patents

Description

  The present invention relates to a communication duplication device and a communication duplication method for duplicating a communication device that performs stateful communication.

  As a means for improving the reliability of a communication system, a duplex configuration of communication apparatuses has been widely adopted. In Internet communication, IP (Internet Protocol) is used as a layer 3 (network layer) protocol. IP is a stateless protocol that transmits and receives packets without depending on the state of a communication session.

  In Internet communication, TCP (Transmission Control Protocol) is used as a layer 4 (transport layer) protocol. TCP is a stateful protocol that establishes a connection and sends and receives packets according to the state of a communication session.

  In the conventional IP communication model, packet relay processing is performed by a layer 3 communication device (that is, an IP router device), and the layer 3 communication device only transfers an IP packet based on a route table. However, in recent years, communication apparatuses that perform advanced relay processing by referring to information of layer 4 or higher such as a communication session state and packet contents in a higher protocol such as TCP have appeared.

  The duplex configuration of the IP router device is autonomously switched from the master system to the backup system by a protocol such as VRRP (Virtual Router Redundancy Protocol) or HSRP (Hot Standby Router Protocol). Therefore, the IP communication apparatus can continue IP communication without providing a function corresponding to the failure of the IP router apparatus.

  Redundant configuration in which the network is connected between the working gateway and the backup gateway, and the working gateway test data is sent from the backup gateway to monitor the operation of the working gateway and start the backup operation when an abnormality is detected in the working gateway The method and the like are known from Patent Document 1 and the like.

  Further, a technique for duplicating a router, transmitting and receiving each other by a hot standby protocol (HSRP), and determining a relative priority is known from cited document 2 and the like.

JP-A 64-001350 JP 2000-78199 A

  For a communication device that performs advanced relay processing by referring to information of layer 4 or higher, such as the communication session state and packet contents described above, the operation of the communication system is continued while maintaining the communication session state. There is a need for a duplex configuration that can be used. In order to maintain the same communication session state in the duplexed communication device, a technique of transferring the internal state of the communication device to the other communication device in real time is used.

  Since the internal state of the communication device depends on the structure of the communication device, the internal state is defined by an individual method for each communication device, and accordingly, the structure of each communication device becomes complicated. Therefore, if it is attempted to maintain the state of the communication session for a communication device that does not support redundancy, there is a problem that the implementation cost of the communication device increases and it is difficult to add a function.

  The present invention maintains the session state of communication by the stateful protocol in the same state with the duplexed communication devices without changing the structure of the communication devices for redundancy without using the communication devices that do not support redundancy. A communication duplication device and a communication duplication method are provided that can continue the communication operation.

A communication duplexer that solves the above problems is a communication duplexer that is connected to each of a pair of duplexed second communication devices that perform stateful communication with a first communication device, and relays packets of the stateful communication. The first packet received from the first communication device is transmitted to the second communication device connected to the communication duplexer , and the first packet is duplicated and transferred to the other communication duplexer. means duplicates the second packet received from the second communication apparatus connected to the communication duplex device, means for transferring the packets of the second to the other communication duplex device, to said communication duplex device a first response number of the second packet received from the second communication device connected, a second packet from the second communication apparatus connected to said other communication duplex device A storage unit for storing session information and a second response number of the second packets transferred the duplicates with other communication duplex device to the communication duplex device, wherein connected to the communication duplex device for a second packet received from the second communication device, refers to the session information stored in the storage unit, so as to synchronize the session state, the packet of the second updates the response No. Means for transmitting to one communication device.

Further, the communication duplexing method duplexes a second communication device that performs stateful communication with the first communication device, and a pair of communications connected between the first communication device and the second communication device. a communication duplication method using a duplex system, each communication duplex device, transmits to each said first first said that the packets are connected to the respective communication duplexing device of the second communication device received from the communication device And a step of copying the first packet and transferring it to the other second communication device via the other communication duplexer, and receiving from the second communication device connected to each communication duplexer the the second packet replicating, and forwarding packets of the second to the other communication duplex device, wherein the second packet received from the communication duplex device connected to said second communication device 1 And response number, a second second packet to the second packet has been transferred to replicate in the other communication duplex device from a second communication device of the other connected to said other communication duplex device the relative second packet, the session stored in the storage unit that receives the session information and storing in the storage unit, from the communication duplex device is connected to the second communication device including a response number Referring to the information and updating the response number to synchronize the session state and transmitting the second packet to the first communication device.

  It becomes possible to continue the operation of the communication system while duplexing communication apparatuses that do not support redundancy and maintaining the session state of communication by the stateful protocol between the master system and the backup system. Redundant communication devices that do not support redundancy need only be connected to the network ports of those communication devices, and duplication without changing the structure of these communication devices for duplication. Can do. Also, communication devices having different structures can be duplexed using the same communication duplexer, and duplexing of communication devices can be realized at low cost.

It is a figure which shows the structural example of the communication system containing a communication duplexer. It is a figure which shows an example of a structure of a layer 2 relay apparatus, and an example of a MAC address table. It is a figure which shows the structural example of a communication duplication apparatus. It is a figure which shows an example of a layer 3 routing table and a session status table. It is a figure which shows the example of a processing flow of the received packet of the network port A in a master system. It is a figure which shows the example of a processing flow of the received packet of the network port B in a master type | system | group. It is a figure which shows the example of a processing flow of the received packet of the network port A in a backup type | system | group. It is a figure which shows the example of a processing flow of the received packet of the network port B in a backup type | system | group. It is a figure which shows the example of a processing flow of the communication duplication apparatus in a degeneration mode.

FIG. 1 shows a configuration example of a communication system including a communication duplexer disclosed in FIG. In FIG. 1, a communication device 10 is connected to duplex communication devices 30 and 30 ′ via a layer 2 relay device 20, and the duplex communication devices 30 and 30 ′ are duplexed communication devices 40 and 40, respectively. Connected with '. Each apparatus is connected by a communication line of a layer 2 network protocol such as Ethernet (registered trademark).

  FIG. 2A shows a configuration example of the layer 2 relay apparatus 20. The layer 2 relay device 20 includes a MAC address table 21 and a packet transfer processing unit 22. As illustrated in FIG. 2B, the MAC address table 21 stores a MAC (Media Access Control) address of a communication device connected to each network port and a network port number in association with each other.

  The packet transfer processing unit 22 transfers a packet input from each network port to the network port associated with the MAC address table 21 based on the destination MAC address of the packet, and transmits the packet between the network ports. Perform the transfer process.

  FIG. 3 shows a configuration example of the communication duplexer 30, 30 '. The duplex communication duplexers 30 and 30 ′ have the same configuration and are connected to the layer 2 relay device 20 via the network port A. The first communication duplexer 30 is connected to the first communication device 40 via the network port B, and the second communication duplexer 30 ′ is connected to the second communication device 40 ′ via the network port B. Is done.

  The first and second communication duplexers 30 and 30 'are connected to each other via a network port A' and a network port B ', respectively. The first and second communication devices 40 and 40 'are communication devices to be duplicated, and are set with the same IP address as each individual MAC address.

  The communication duplexers 30 and 30 ′ include packet transfer processing units 31A and 31B, packet duplication processing units 32A and 32B, packet analysis processing units 33A and 33B, a packet relay determination unit 34, a packet update processing unit 35, and a layer 3 route, respectively. Table 36, session state table 37, session state monitoring unit 38, and layer 3 redundancy function unit 39 are provided.

  The packet transfer processing unit 31 </ b> A performs IP routing processing on the packet received from the network port A based on the layer 3 route table 36. The packet transfer processing unit 31B performs an IP routing process on the packet received from the network port B based on the layer 3 route table 36.

  The packet duplication processing unit 32A duplicates the packet input from the packet transfer processing unit 31A, transmits the packet from the network port A 'to the other communication duplexer, and transmits the packet from the network port B. The packet duplication processing unit 32B duplicates the packet input from the packet transfer processing unit 31B, sends the packet from the network port B ′ to the other communication duplexer, and forwards the packet to the packet relay determination unit 34. To do.

  The packet analysis processing unit 33A analyzes the packet received from the network port A ′ and sends the packet to the network port B. The packet analysis processing unit 33B analyzes the packet received from the network port B 'and sends the packet to the packet relay determination unit 34.

  The packet relay determination unit 34 determines whether or not to relay the packet input from the packet replication processing unit 32B and the packet input from the packet analysis processing unit 33B, and determines the packet to be relayed as a packet update processing unit. Transfer to 35. The packet update processing unit 35 performs a packet content update process on the packet input from the packet relay determination unit 34 and transmits the packet from the network port A.

  The layer 3 route table 36 is used when the packet transfer processing units 31A and 31B perform IP routing processing on the packets received from the network ports A and B. An example of the layer 3 route table 36 is shown in FIG.

  The layer 3 route table 36 stores a destination IP address of a received packet and a transfer destination network port number in association with each other. In the example of FIG. 4A, a packet having a destination IP address 192.0.1.0 is transferred to the network port A, and a packet having the destination IP address 192.0.2.0 is transferred to the network port B. Routing processing is performed.

  An example of the session status table 37 is shown in FIG. The session state table 37 shows, for each communication session, the session state, the source IP address, the source port number, and the sequence (SEQ) number included in the packet received by the network port A (packet transmitted by the communication device 10). , A response (ACK) number, and a transmission source IP address, a transmission source port number, a sequence (SEQ) number included in a packet (packet transmitted by the communication device 40, 40 ′) received at the network ports B and B ′, The first response (ACK) number and the second response (ACK) number are associated and stored in the storage unit.

  The first response (ACK) number described above is the latest response number included in the packet transmitted from the communication device connected to the own device and received at the network port B of the own device. The second response (ACK) number is a response (ACK) number included in a packet transmitted by the communication device connected to the other communication duplexer and received from the other communication duplexer at the network port B ′. Hereinafter, the first response (ACK) number is referred to as “ACK number # 1”, and the second response (ACK) number is referred to as “ACK number # 2”.

  The session state monitoring unit 38 monitors the session state table 37 and deletes the TCP communication session information from the session state table 37 when the TCP communication session state is closed (terminated).

  The layer 3 redundancy function unit 39 performs a redundant configuration process using a protocol such as VRRP. The communication duplication devices 30 and 30 ′ use the system switching function of the layer 3 redundancy function unit 39 so that, for example, the communication system of the communication duplication device 30 is a master system and the communication system of the communication duplication device 30 ′ is a backup system. The operating state is set.

  When both the master and backup communication systems are normal, the communication duplication devices 30 and 30 'operate in the redundancy mode. When one of the communication systems is in a failure state, the mode shifts to a degenerate mode that operates only with the communication duplex device of one normal communication system.

  Here, assuming that the communication duplication device 30 operates as a master system, the communication duplication device 30 transmits an advertisement packet of a survival notification to the layer 2 relay device 20 by multicast using a redundant configuration processing function such as VRRP. . Further, the communication duplication device 30 uses a virtual MAC address for the communication device 10 as its own MAC address.

  The layer 2 relay device 20 learns the MAC address, and transfers the packet transmitted from the communication device 10 to the MAC address to the master communication duplication device 30. When the advertisement packet does not arrive from the master communication duplexing device 30, the backup communication duplexing device 30 'recognizes that a failure has occurred in the master communication duplexing device 30, and shifts to the degenerate mode.

  When the communication duplexing device 30 ′ shifts to the degenerate mode, it transmits to the layer 2 relay device 20 an ARP (Address Resolution Protocol) packet having its own MAC address as the source MAC address by broadcast. By the broadcast of the ARP packet, the layer 2 relay apparatus 20 relearns the correspondence between the MAC address and the network port to which the communication duplexer 30 ′ is connected, and as a result, the packet addressed to the MAC address is duplexed. Transfer to device 30 '.

  5 to 8 show processing flow examples of the communication duplication devices 30 and 30 'in the redundancy mode. In the following description, it is assumed that the communication duplexer 30 operates as a master system and the communication duplexer 30 'operates as a backup system.

  FIG. 5 shows an example of the processing flow of the received packet at the network port A in the master system, FIG. 6 shows an example of the processing flow of the received packet at the network port B in the master system, and FIG. 7 shows the network port A in the backup system FIG. 8 shows an example of the processing flow of the received packet at the network port B in the backup system.

  First, an example of a processing flow of a received packet of the network port A in the master system will be described with reference to FIG. When the communication device 10 starts communication with the communication device 40, the packet transmitted by the communication device 10 reaches the network port A of the communication duplexer 30 via the layer 2 relay device 20.

  When the communication duplexer 30 receives the packet (5-1), the packet forwarding processor 31A checks the destination IP address (5-2) and starts the IP routing process. The packet transfer processing unit 31A first determines whether or not the packet is a packet addressed to the own device (5-3), and if the packet is addressed to the own device, transfers the packet to the layer 3 redundancy function unit 39. (5-4).

  Next, the packet transfer processing unit 31A determines whether the packet is a packet to be transferred to the network port B based on the layer 3 route table 36 (5-5). The packet is discarded (5-6). When the packet is a packet to be transferred to the network port B, that is, the communication device 40, the packet transfer processing unit 31A checks the protocol number of the packet (5-7) and determines whether the packet is a TCP packet. (5-8).

  If the packet is not a TCP packet, the packet transfer processing unit 31A transmits the packet from the network port B (5-15). When the packet is a TCP packet, the packet transfer processing unit 31A refers to the session state table 37 illustrated in FIG. 4B (5-9).

  The packet transfer processing unit 31A searches the session state table 37, and there is no TCP communication session information that matches the source IP address, source port number, destination IP address, and destination port number of the packet (new session). (5-10).

  If the session state table 37 includes TCP communication session information that matches the session of the packet, the packet transfer processing unit 31A updates the session information (5-11). The session information updated here is information including the latest sequence (SEQ) number and the latest response (ACK) number.

  If there is no TCP communication session information that matches the session of the packet in the session state table 37, and the communication session is a new communication session, the packet transfer processing unit 31A newly registers the TCP communication session information of the packet. (5-12).

  Next, the packet transfer processing unit 31A transfers the packet to the packet replication processing unit 32A. The packet duplication processing unit 32A duplicates the packet (5-13), and transmits the packet from both the network port A 'and the network port B (5-14, 5-15). When a packet is received at the network port A ′ in the master communication duplexer 30 (5-16), the packet is analyzed by the packet analysis processing unit 33A and discarded (5-17).

  Next, an example of the processing flow of the received packet at the network port B in the master system will be described with reference to FIG. When the communication device 40 receives a TCP packet from the communication duplexing device 30, the communication device 40 transmits a response packet (ACK packet) to the TCP packet. The packet transmitted by the communication device 40 reaches the network port B of the communication duplex device 30.

  When the communication duplexer 30 receives the packet (6-1), the packet forwarding processor 31B checks the destination IP address (6-2) and starts the IP routing process. The packet transfer processing unit 31B determines whether the packet is a packet to be transferred to the network port A (6-3). If the packet is not a packet to be transferred to the network port A, the packet transfer processing unit 31B discards the packet (6-4).

  When the packet is a packet to be transferred to the network port A, that is, to the communication device 10, the packet transfer processing unit 31B confirms the protocol number of the packet (6-5) and determines whether the packet is a TCP packet. (6-6).

  If the packet is not a TCP packet, the packet transfer processing unit 31B transmits the packet from the network port A (6-22). When the packet is a TCP packet, the packet transfer processing unit 31B refers to the session state table 37 illustrated in FIG. 4B (6-7).

  The packet transfer processing unit 31B searches the session state table 37, and there is no TCP communication session information that matches the source IP address, source port number, destination IP address, and destination port number of the packet (new session). (6-8).

  When there is no TCP communication session information that matches the session of the packet in the session state table 37 (a new communication session), the packet transfer processing unit 31B transmits the packet from the network port A (6-22). ).

  When session information of TCP communication that matches the session of the packet exists in the session state table 37 (not a new session), the packet transfer processing unit 31B updates the session information (6-9). The session information updated here is information including the latest sequence (SEQ) number and the latest response (ACK) number. Next, the packet transfer processing unit 31B transfers the packet to the packet relay determination unit 34.

  On the other hand, the master communication duplication device 30 receives the response packet transmitted from the backup communication device 40 ′ from the backup communication duplication device 30 ′ via the network port B ′ (6-10). . The master communication duplication device 30 analyzes the response packet from the backup system by the packet analysis processing unit 33B and confirms the protocol number of the packet (6-11).

  The packet analysis processing unit 33B determines whether or not the packet is a TCP packet based on the protocol number of the packet (6-12). If the packet is not a TCP packet, the packet analysis processing unit 33B discards the packet (6-13). When the packet is a TCP packet, the packet analysis processing unit 33B refers to the session state table 37 (6-14).

  The packet analysis processing unit 33B searches the session state table 37, and there is no TCP communication session information that matches the source IP address, source port number, destination IP address, and destination port number of the packet (new session). (6-15).

  If there is no TCP communication session information that matches the session of the packet in the session state table 37 (a new session), the packet analysis processing unit 33B discards the packet (6-16). If there is TCP communication session information matching the session of the packet in the session state table 37 (not a new session), the packet analysis processing unit 33B updates the session information (6-17). The session information updated here is information including the latest sequence (SEQ) number and the latest response (ACK) number.

  When a packet is input from the packet replication processing unit 32B, the packet relay determination unit 34 refers to the session state table 37 (6-18), and transmits the source IP address, source port number, destination IP address, Search TCP session information that matches the destination port number. Here, the session information to be referred to is ACK number # 1 and ACK number # 2 on the network port B side.

  ACK number # 1 indicates the latest response (ACK) number included in the TCP packet received from network port B, and ACK number # 2 indicates the latest response (ACK) included in the TCP packet received from network port B ′. ) Indicates the number.

  The packet relay determination unit 34 determines whether the packet is a packet to be transferred based on the comparison result of the response (ACK) number of the packet and whether the packet includes data (6- 19). In this determination, (1) the response (ACK) number of the packet matches ACK number # 1 and ACK number # 2, or (2) the ACK number # 1 or ACK number # 2 whichever is older Is an older response (ACK) number, or (3) the packet contains data, and if any of these conditions is met, it is determined that the packet is a packet to be transferred, and the packet Is transferred to the packet update processing unit 35.

  If the packet does not satisfy any of the above conditions, that is, the response (ACK) number of the packet is newer than the ACK number # 1 or ACK number # 2, and the packet is data Is not included, the packet is discarded (6-20).

  The packet update processing unit 35 refers to the session state table 37 for the input packet and searches for session information that matches the source IP address, source port number, destination IP address, and destination port number of the packet. To do. The session information referred to here is a response (ACK) number on the network port A side, an ACK number # 1 and an ACK number # 2 on the network port B side.

  When the latest sequence (SEQ) number obtained from the sequence (SEQ) number included in the packet and the data length of the packet is older than the response (ACK) number on the network port A side, the data portion of the packet is Since the packet has already been received by the communication device 10, the packet update processing unit 35 deletes the data portion of the packet and updates the content of the packet (6-21).

  Further, when the packet includes data, and the response (ACK) number of the packet is a response (ACK) number that is newer than either the ACK number # 1 or the ACK number # 2 on the network port B side, The response (ACK) number of the packet is rewritten to the older one of ACK number # 1 and ACK number # 2, and the content of the packet is updated (6-21).

  The packet update processing unit 35 updates the packet contents described above for the packet input from the packet relay determination unit 34, and then transmits the packet from the network port A (6-22).

  When the above condition (1) is satisfied, that is, when the response (ACK) number of the response packet matches the ACK number # 1 and the ACK number # 2, a session is established between the communication device 40 and the communication device 40 ′. Since the state is a synchronized state, the response packet is transmitted to the transmission device 10.

  Further, when the above condition (2) is satisfied, that is, the response (ACK) number of the response packet is a response (ACK) number that is older than either the ACK number # 1 or the ACK number # 2. In this case, since the packet retransmission request is issued by the communication device 40, the response packet is transmitted to the transmission device 10.

  When the above condition (3) is satisfied, that is, when the response packet includes communication data, the response packet is transmitted to the transmission device 10 to notify the transmission device 10 unconditionally. To do.

  On the other hand, when the response packet does not satisfy any of the above conditions (1) to (3), that is, the response (ACK) number of the packet is older than either the ACK number # 1 or the ACK number # 2. If the packet is new and does not contain data, the following can be performed.

  The response packet from the communication device 40 received from the network port B and the response packet from the communication device 40 ′ received via the network port B ′ do not necessarily match the reception timing, and the reception timing is shifted. ACK number # 1 may not match ACK number # 2. In that case, the response packet is discarded.

  Even if the response packet is discarded, the response packet with the same response number is repeatedly transmitted from the communication device 40. Therefore, by waiting for the response packets with the same response number to be aligned, the shift in the reception timing is absorbed, and The condition (1) is satisfied.

  In addition, when there is a difference between ACK number # 1 and ACK number # 2 due to a transmission error or the like not due to a shift in reception timing, the response packet is communicated when communication data is included in the response packet. When transmitting to the device 10, the session state of the communication device 40 and the communication device 40 ′ can be synchronized by rewriting the response (ACK) number to the old number of the ACK number # 1 and the ACK number # 2. The update process for rewriting the response (ACK) number can be performed even when communication data is not included.

  Next, an example of a processing flow of the received packet of the network port A in the backup system will be described with reference to FIG. When the backup communication duplication device 30 ′ receives the packet at the network port A (7-1), the packet transfer processing unit 31 A checks the destination IP address (7-2) and starts the IP routing process.

  The packet transfer processing unit 31A determines whether or not the packet is a packet addressed to the own device (7-3). If the packet is a packet addressed to the own device, the packet transfer processing unit 31A transfers the packet to the layer 3 redundancy function unit 39 ( 7-4). If the packet is not addressed to the own device, the packet is discarded (7-5).

  When the communication duplexer 30 ′ receives the packet at the network port A ′ (7-6), the packet analysis processing unit 33A checks the protocol number (7-7), and determines whether the packet is a TCP packet. (7-8). If the packet is not a TCP packet, the packet analysis processing unit 31A transmits the packet from the network port B (7-13).

  When the packet is a TCP packet, the packet analysis processing unit 31B refers to the session state table 37 (7-9), and the packet is a new session (a TCP communication session that matches the session information of the packet). It is determined whether or not there is no information (7-10).

  If it is not a new session (there is TCP communication session information that matches the session information of the packet), the session information of the packet is updated (7-11). If the packet is a new session, the session information of the packet is registered in the session state table 37 (7-12). Thereafter, the packet analysis processing unit 31A transmits the packet from the network port B (7-13).

  Next, an example of a processing flow of the received packet of the network port B in the backup system will be described with reference to FIG. When receiving the TCP packet from the communication duplexing device 30 ′, the communication device 40 ′ transmits a response packet (ACK) to the TCP packet in parallel with the communication device 40.

  The packet transmitted by the communication device 40 'reaches the network port B of the communication duplex device 30'. When the communication duplexer 30 'receives the packet (8-1), the packet forwarding processor 31B confirms the destination IP address (8-2), and starts the IP routing process.

  The packet transfer processing unit 31B determines whether or not the packet is a packet to be transferred to the network port A (8-3). If the packet is not to be transferred to the network port A, the packet transfer processing unit 31B discards the packet (8-4). When the packet is a packet to be transferred to the network port A, the packet transfer processing unit 31B confirms the protocol number of the packet (8-5) and determines whether the packet is a TCP packet (8-6). .

  If the packet is not a TCP packet, the packet transfer processing unit 31B discards the packet (8-7). When the packet is a TCP packet, the packet transfer processing unit 31B refers to the session state table 37 (8-8). The packet transfer processing unit 31B searches the session state table 37, and there is no TCP communication session information that matches the source IP address, source port number, destination IP address, and destination port number of the packet (new session). (8-9).

  If the packet is a new session, the packet is discarded (8-10). If there is TCP communication session information that matches the session information of the packet, the packet transfer processing unit 31B updates the session information (8-11). The session information updated here is information including the latest sequence (SEQ) number and the latest response (ACK) number.

  Next, the packet transfer processing unit 31B transfers the packet to the packet replication processing unit 32B. The packet duplication processing unit 32B duplicates the packet (8-12), transmits the packet from the network port B '(8-13), and transfers the packet to the packet relay determination unit 34. The packet relay determination unit 34 discards the packet (8-14).

  When the communication duplexer 30 ′ receives the packet at the network port B ′ (8-15), the packet analysis processing unit 33B transfers the packet to the packet relay determination unit 34, and the packet relay determination unit 34 The packet is discarded (8-16).

  Through the above operation, the communication duplication device 30 and the communication duplication device 30 ′ perform TCP communication session information in the TCP communication between the communication device 10 and the communication device 30 and the TCP communication between the communication device 10 and the communication device 30 ′. Are kept in the same state, that is, while the session information is synchronized, the packet is relayed.

  In this redundant mode, the master communication duplication device 30 discards the packet received from the network port A ′. The backup communication duplication device 30 'processes the packet received from the network port A by the packet transfer processing unit 31A. When the packet is a packet addressed to its own device, the packet is transferred to the layer 3 redundancy function unit 39. Other packets are discarded. Further, the backup communication duplication device 30 ′ discards the packet received at the network port B ′.

  In addition, the session state monitoring unit 38 monitors a response packet (ACK) to the TCP packet transmitted from the network port B, waits for a retransmission time of the response packet, and the response packet (ACK) is not received within the retransmission time. If so, it is determined that a failure has occurred in the communication system.

  When a failure occurs in the communication duplication device 30, the communication duplication device 30 'detects the failure occurrence by the layer 3 redundancy function unit 39, and shifts to the degenerate mode. When a failure occurs in the communication device 40, the communication duplication device 30 detects the failure by monitoring a response packet (ACK) from the network port B, and shifts to the degenerate mode.

  When a failure occurs in the communication duplex device 30 'or the communication device 40', the communication duplex device 30 detects the failure by monitoring a response packet (ACK) from the network port B 'and shifts to the degenerate mode.

  FIG. 9 shows a processing flow example of the communication duplexer in the degenerate mode. In the deduplication mode communication duplexer, when receiving a packet at network port A (9-1), packet transfer processing unit 31A confirms the destination IP address of the received packet (9-2), and performs IP routing processing. Do.

  The packet transfer processing unit 31A determines whether or not the packet is a packet addressed to the own device. If the packet is a packet addressed to the own device, the packet transfer processing unit 31A transfers the packet to the layer 3 redundancy function unit 39 (9-4). If the packet is not a packet addressed to its own device, it is determined whether or not the packet is a packet to be transferred to the network port B (9-5). If the packet is not transferred to the network port B, the packet is discarded (9-6). When the packet is a packet to be transferred to the network port B, the packet is transmitted from the network port B (9-7).

  In the deduplication mode communication duplexer, when a packet is received at the network port B (9-8), the packet transfer processing unit 31B confirms the destination IP address of the received packet (9-9) and performs IP routing processing. Do. The packet transfer processing unit 31B determines whether the packet is a packet to be transferred to the network port A (9-10). If the packet is not to be transferred to the network port A, the packet transfer processing unit 31B discards the packet (9-11). ). When the packet is a packet to be transferred to the network port A, the packet is transmitted from the network port A (9-12).

  In the deduplication mode communication duplexer, when receiving a packet at the network port A '(9-13), the packet analysis processing unit 33A discards the packet (9-14). When a packet is received at the network port B ′ (9-15), the packet analysis processing unit 33B discards the packet (9-16). The packet analysis processing unit 33B may discard the packet relay determination unit 34 instead of discarding it.

  When the communication system in which the failure has occurred is recovered, the layer 3 redundancy function unit 39 notifies the other communication duplexer that the communication has been recovered. Thereafter, the communication duplexing devices 30 and 30 ′ each shift to the redundancy mode and start the duplexing operation for the new stateful communication. At this time, which of the communication duplication devices 30 and 30 ′ operates as a master system or a backup system depends on the control of the layer 3 redundancy function unit 39.

  Depending on the structure of the communication devices 40, 40 ′, the sequence (SEQ) number and response (ACK) number included in the TCP packet may not always match. This case can be dealt with by separately recording the difference between the sequence (SEQ) number and the response (ACK) number in the session state table 37 at the start of TCP session establishment and correcting it at the time of reference.

The following additional notes are further disclosed with respect to the embodiment including the above examples.
(Appendix 1)
A communication duplexer that is connected to each of a pair of duplexed second communication devices that perform stateful communication with a first communication device and relays packets of the stateful communication,
Means for transmitting a first packet received from the first communication device to a second communication device connected to the communication duplexing device, copying the first packet, and transferring it to the other communication duplexing device When,
It means for transferring said is connected to the communication duplex device to replicate the second packet received from the second communication device, a packet of the second to the other communication duplex device,
Second packet from the first and response number, a second communication device connected to the other communication duplex device of the second packet received from the second communication apparatus connected to the communication duplex device a storage unit for storing session information including the second response number of the second packets transferred by replication in the other communication duplex device to the communication duplex device,
For a second packet received from the second communication apparatus connected to the communication duplex device, it refers to the session information stored in the storage unit, so as to synchronize the session state, to update the response number Means for transmitting the second packet to the first communication device;
A communication duplication device characterized by comprising:
(Appendix 2)
For a second packet received from the second communication device, the response number of the second packet, one of the said first response number stored in the storage unit second response number The second packet is updated by rewriting the response number of the second packet to an older one of the first response number and the second response number when the number is newer than the old number. The communication duplex device according to appendix 1.
(Appendix 3)
If the response number of the second packet is newer than either the first response number or the second response number stored in the storage unit, the second packet is transmitted together with the response number as communication data. Is included, the response number of the second packet is rewritten to the oldest one of the first response number and the second response number, and the second packet does not contain communication data The communication duplexer according to appendix 2, wherein the second packet is discarded.
(Appendix 4)
Communication duplication method using a pair of communication duplication devices connected between each of the first communication device and the second communication device by duplicating a second communication device that performs stateful communication with the first communication device Because
Each communication duplexer transmits the first packet received from the first communication device to the second communication device connected to each communication duplexer and duplicates the first packet. Transferring to the other second communication device via the other communication duplication device;
And transferring said duplicated second packet received from the communication duplex device connected to said second communication device, a packet of the second to the other communication duplex device,
A first response number of a second packet received from the second communication device connected to each of the communication duplexers, and from the other second communication device connected to the other communication duplexer . and storing the session information including the second response number of the second packet has been transferred to the second packet replication in the other communication duplex device in the storage unit,
For a second packet received from the second communication apparatus connected to the communication duplex device, it refers to the session information stored in the storage unit, so as to synchronize the session state, to update the response number Transmitting the second packet to the first communication device;
A communication duplication method characterized by comprising:
(Appendix 5)
For a second packet received from the second communication device, the response number of the second packet, one of the said first response number stored in the storage unit second response number Updating the second packet by rewriting the response number of the second packet with the oldest one of the first response number and the second response number when newer than the old number The communication duplexing method according to appendix 4, characterized by:
(Appendix 6)
If the response number of the second packet is newer than either the first response number or the second response number stored in the storage unit, the second packet is transmitted together with the response number as communication data. Is included, the response number of the second packet is rewritten to the oldest one of the first response number and the second response number, and the second packet does not contain communication data The communication duplexing method according to appendix 5, further comprising a step of discarding the second packet.

DESCRIPTION OF SYMBOLS 10 Communication apparatus 20 Layer 2 relay apparatus 21 MAC address table 22 Packet transfer process part 30, 30 'Communication duplexer 31A, 31B Packet transfer process part 32A, 32B Packet replication process part 33A, 33B Packet analysis process part 34 Packet relay determination part 35 packet update processing unit 36 layer 3 routing table 37 session state table 38 session state monitoring unit 39 layer 3 redundancy function unit 40, 40 ′ communication device

Claims (5)

A communication duplexer that is connected to each of a pair of duplexed second communication devices that perform stateful communication with a first communication device and relays packets of the stateful communication,
Means for transmitting a first packet received from the first communication device to a second communication device connected to the communication duplexing device, copying the first packet, and transferring it to the other communication duplexing device When,
It means for transferring said is connected to the communication duplex device to replicate the second packet received from the second communication device, a packet of the second to the other communication duplex device,
Second packet from the first and response number, a second communication device connected to the other communication duplex device of the second packet received from the second communication apparatus connected to the communication duplex device a storage unit for storing session information including the second response number of the second packets transferred by replication in the other communication duplex device to the communication duplex device,
For a second packet received from the second communication apparatus connected to the communication duplex device, it refers to the session information stored in the storage unit, so as to synchronize the session state, to update the response number Means for transmitting the second packet to the first communication device;
A communication duplication device characterized by comprising: For a second packet received from the second communication device, the response number of the second packet, one of the said first response number stored in the storage unit second response number The second packet is updated by rewriting the response number of the second packet to an older one of the first response number and the second response number when the number is newer than the old number. The communication duplexer according to claim 1.   If the response number of the second packet is newer than either the first response number or the second response number stored in the storage unit, the second packet is transmitted together with the response number as communication data. Is included, the response number of the second packet is rewritten to the oldest one of the first response number and the second response number, and the second packet does not contain communication data The communication duplexer according to claim 2, wherein the second packet is discarded. Communication duplication method using a pair of communication duplication devices connected between each of the first communication device and the second communication device by duplicating a second communication device that performs stateful communication with the first communication device Because
Each communication duplexer transmits the first packet received from the first communication device to the second communication device connected to each communication duplexer and duplicates the first packet. Transferring to the other second communication device via the other communication duplication device;
And transferring said duplicated second packet received from the communication duplex device connected to said second communication device, a packet of the second to the other communication duplex device,
A first response number of a second packet received from the second communication device connected to each of the communication duplexers, and from the other second communication device connected to the other communication duplexer . and storing the session information including the second response number of the second packet has been transferred to the second packet replication in the other communication duplex device in the storage unit,
For a second packet received from the second communication apparatus connected to the communication duplex device, it refers to the session information stored in the storage unit, so as to synchronize the session state, to update the response number Transmitting the second packet to the first communication device;
A communication duplication method characterized by comprising: For a second packet received from the second communication device, the response number of the second packet, one of the said first response number stored in the storage unit second response number Updating the second packet by rewriting the response number of the second packet with the oldest one of the first response number and the second response number when newer than the old number The communication duplication method according to claim 4.

Images