JP5712725B2 - Management apparatus and method - Google Patents

Description

  The present invention relates to a technical field of a network using a communication method for mutual connection confirmation between network devices, and to a technical field of a management apparatus and method for managing a network to which each network device is connected via an access point.

  In this type of network, network devices on the network communicate with each other network device on the network by connecting to a large-scale network such as a carrier network via an access point. I can do it.

  In such a large-scale network, communication between network devices may be hindered due to a failure caused by some factor. For example, the scale at which communication is hindered due to a failure, such as a failure of a device in a carrier network or a failure of an individual network device, is different.

  In order to provide a high-quality service to the user, it is preferable that an administrator who manages the network quickly detects the occurrence of such a failure and takes some measures if necessary. For this reason, it is preferable that there is a system that can quickly detect the failure that has occurred and the scale of communication inhibition caused by the failure.

  Conventionally, when some kind of failure occurs in the carrier network, the network management system cannot grasp the details of the failure, and the network administrator side directly responds to each network device user. Measures such as confirming failures were performed. However, it is practically difficult to implement such a response in a large-scale network.

  As a technology for solving such difficulties, the following prior art documents describe whether a failure occurred in an access point such as a gateway or a failure in an individual network device when communication was interrupted due to the occurrence of a failure. There is a description of a defect detection method capable of discriminating between the two.

JP 7-66865 A JP 2010-220048 A

  The network devices described above are connected to other network devices on a one-to-one basis by, for example, IPsec (Security Architecture for Internet Protocol), and the connection is periodically checked. In such a mode of communication, when communication between network devices is hindered for some reason and connection cannot be confirmed for a predetermined period of time, each network device determines that a communication failure has occurred. To do. At this time, each network device reports a failure occurrence to the network management device. By receiving the notification, the network management device can detect the occurrence of a failure.

  At this time, when a failure occurs in a device in the carrier network such as an access point, all the IPsec communication of the network device communicating through the device is blocked, and the connection cannot be confirmed. At this time, since failure notifications are simultaneously notified from the network devices at both ends of each IPsec to the network management device, a huge amount of failure notifications are collected by the network management device.

  At this time, on the network management device side, a huge amount of processing is required in order to check the failure by processing a huge amount of failure notifications collected. On the other hand, if it is possible to specify that the collected failure notification is caused by a single failure in the carrier network, the failure can be quickly identified without performing such an enormous amount of processing. .

  The present invention has been made in view of the above-described technical problems, and an object of the present invention is to provide a management apparatus and method capable of suitably identifying a failure when a failure occurs in a network.

  In order to solve the above problems, a disclosed management device is a network management device including a plurality of network terminals connected to each other via an access point, and includes a grouping unit, a failure detection unit, a determination unit, Is provided. The grouping means groups a plurality of network terminals for each access point that relays connection. The failure detection means detects whether or not the connection between the network terminals is disconnected. The determination means determines that the disconnection of the connection between the network terminals is caused by the failure of the access point corresponding to the group when the disconnection of the number of connections exceeding the threshold is detected within a predetermined period in the group of network terminals. To do.

  According to the above-described configuration, the management apparatus can suitably determine whether a failure that has occurred on the managed network is a failure at the access point or another failure.

It is a figure which shows the structural example of a network. It is a figure which shows the example of the IPsec communication in a network. It is a figure which shows the example of an IPsec failure notification message. It is a figure which shows the structural example of a management apparatus. It is a figure which shows an example of the storage information of the database with which a management apparatus is provided. It is a figure which shows an example of the storage information of the database with which a management apparatus is provided. It is a figure which shows an example of the storage information of the database with which a management apparatus is provided. It is a flowchart which shows an example of operation | movement of a management apparatus. It is a flowchart which shows an example of operation | movement of a management apparatus. It is a flowchart which shows an example of operation | movement of a management apparatus. It is a flowchart which shows an example of operation | movement of a management apparatus. It is a flowchart which shows an example of operation | movement of a management apparatus. It is a flowchart which shows an example of operation | movement of a management apparatus. It is a figure which shows the example of the classification of the user terminal for every access point.

  Embodiments for carrying out the invention will be described below.

(1) Overview of Network With reference to the drawings, a configuration of a disclosed management device and a network managed by the management device will be described. FIG. 1 is a block diagram illustrating a configuration of a management apparatus 1 which is an example of a disclosed management apparatus and a network 100 managed by the management apparatus 1.

  The network 100 includes a plurality of access points (APs) 2 (that is, APs 2a to 2e) that are wirelessly or wiredly connected to each other, and a plurality of user terminals 3 that are connected to the management apparatus 1 via the AP2. (That is, user terminals 3a to 3j) and a repeater 4 (that is, repeaters 4a to 4g) that relays communication between APs 2. In the following description, when the APs 2a to 2e are described or collectively referred to without distinction, the description AP2 is used. In addition, when the user terminals 3a to 3j are described or collectively referred to without being distinguished from each other, the description of the user terminal 3 is used. In addition, when the repeaters 4a to 4g are described or collectively referred to without being distinguished, the description of the repeater 4 is used.

  The AP 2 and the repeater 4 form a carrier network 110 that relays communication between the user terminals 3 in the network 100. The user terminal 3 is connected to the carrier network 110 via a predetermined AP 2 (AP 2a to 2f in the example of FIG. 1). Such a relationship between the AP 2 and the user terminal 3 is referred to as the AP 2 accommodating the user terminal 3. Each of the user terminals 3 is connected to the carrier network 110 via any of the accommodated APs 2 and communicates with other user terminals 3. The repeater 4 is a repeater that relays communication, and implements the carrier network 110 by wireless or wired connection between each other or with the AP 2. The configuration of the repeater 4 may be the same as that of a known communication facility repeater, for example, an access point.

  In the example shown in FIG. 1, the management apparatus 1 is a management apparatus of the network 100 that is connected to the carrier network 110 via the AP 2e and communicates with the user terminals 3a to 3j.

  AP 2 is arranged in carrier network 110 and communicates with other AP 2 or repeater 4, so-called access point on carrier network network 110 side, and so-called user terminal 3 side access point connected to user terminal 3. Is comprehensively shown. Communication between either the management device 1 or the user terminal 3 and the carrier network network 110 by communication between access points that allows the access point on the carrier network network 110 side and the access point on the user terminal 3 side to communicate with each other on a one-to-one basis. Relay. With such a configuration, by specifying an access point on the carrier network network 110 side, an access point on the user terminal 3 side and a subordinate user terminal 3 that communicate with the access point on the carrier network network 110 side on a one-to-one basis. Can be specified.

  The user terminal 3 is a communication device such as a communication terminal or a router possessed by a user of the carrier network 110, and forms a user network under the AP 2 accommodated therein. The user terminals 3 can communicate via the AP 2 by connecting to each other using a protocol such as IPsec.

  1 illustrates an example in which the network 100 includes APs 2a to 2e as AP2, user terminals 3a to 3j as user terminals 3, and relays 4a to 4g as relays 4. However, these are merely descriptions for convenience, and the network 100 may include a larger or smaller number of APs 2, user terminals 3, or repeaters 4.

  An example of communication using IPsec between user terminals 3 will be described with reference to FIG. FIG. 2 is a diagram focusing on IPsec communication between the user terminal 3a and the user terminal 3b among the user terminals 3 included in the network 100 shown in FIG.

  As shown in FIG. 2A, the user terminal 3a and the user terminal 3b form an IPsec and perform data communication with each other. At this time, the user terminal 3a is connected to the carrier network 110 through the corresponding AP 2a, and the user terminal 3b is connected to the carrier network 110 through the corresponding AP 2b. The management apparatus 1 is connected to the carrier network 110 via AP2. In IPsec communication, the user terminal 3a and the user terminal 3b to be connected regularly confirm the connection.

  FIG. 2B illustrates a case where, for example, a failure occurs in the AP 2a and the IPsec communication between the user terminal 3a and the user terminal 3b is blocked. The user terminal 3a and the user terminal 3b transmit an IPsec failure notification to the management apparatus 1 after detecting the interruption of the IPsec communication by checking the connection that is periodically performed. At this time, since a failure has occurred in the AP 2a, the user terminal 3a cannot transmit an IPsec failure notification. For this reason, the management apparatus 1 will receive the IPsec failure notification from the user terminal 3b. FIG. 2C illustrates how the user terminal 3b transmits an IPsec failure report to the management apparatus 1 when the IPsec communication is interrupted as illustrated in FIG. 2B.

  FIG. 3 shows an example of an IPsec failure report accepted by the management apparatus 1. The user terminal 3 that has detected a communication failure, together with the identification number for each IPsec, the date and time of failure occurrence, the user terminal ID for identification of the user terminal 3 connected via IPsec (that is, one of the IPsec communication) The ID of the user terminal and the other ID). If the IPsec failure notification is a notification notifying the restoration of IPsec, the IPsec recovery time is added to the notification.

  At this time, if there are other user terminals 3 connected to the carrier network 110 via the AP 2a, the user terminals 3 that have detected the interruption of the IPsec due to the failure that has occurred in the AP 2a, A plurality of IPsec failure reports are transmitted to the management apparatus 1.

  In the management apparatus 1, whether the received plurality of IPsec failure notifications is for reporting individual failures for each user terminal 3 or for reporting failures in the AP 2 a that manages a plurality of IPsec communications in the carrier network 110. When it cannot be determined, the management apparatus 1 preferably verifies the received IPsec failure report. For example, it is preferable that the management device 1 specifies the failure by individually confirming each of the user terminals 3 in which the failure has occurred. At this time, when there are a plurality of user terminals 3 connected to the carrier network 110 via the AP 2a, the number of IPsec failure notifications to be verified becomes enormous, and the processing amount for processing a huge number of IPSec failure notifications Will also be enormous.

  The management apparatus 1 described in the present embodiment can preferably determine whether or not a plurality of received IPsec fault reports are faults in the AP 2 in the carrier network 100 by the following specific configuration and operation.

(2) Device Configuration Example The configuration and function of the management device 1 will be described with reference to FIG. FIG. 4 is a block diagram illustrating a hardware configuration included in the management apparatus 1 and functional units that represent the functions realized by the configuration for convenience.

  As shown in FIG. 4, the management device 1 includes a CPU (Central Processing Unit) 10 and a data storage 20. The CPU 10 is an integrated circuit that controls the operation of the management apparatus 1 and, for example, executes a program stored in the data storage 20 to realize functions shown in each functional unit described later. The CPU 10 includes functional units such as a route search unit 11, a result reception unit 12, a failure reception unit 14, a failure determination unit 15, and an AP detection unit 13.

  The data storage 20 is a device for storing data such as an HDD (Hard Disk Drive), and stores a plurality of databases such as a terminal information database 21, a connection path database 22, and a device correspondence database 23. Further, the data storage 20 includes a failure occurrence status table 24 that is a recording area for storing the report content of failure occurrence notifications collected from the AP 2 (for example, the IPSec failure notification described above).

  The route search unit 11 searches for a connection route in the carrier network 110 from the management device 1 to each user terminal 3 by executing a Traceroute command for each of the user terminals 3. Specifically, the IP address of the AP 2 that passes from the management device 1 acquired by Traceroute to each user terminal 3 is extracted. When receiving the execution result of Traceroute, the route search unit 11 transmits the execution result to the result reception unit 12. However, the route search unit 11 may search for a connection route by executing any command other than the Traceroute command, or may search for a connection route using any other method.

  The result receiving unit 12 receives the execution result of the Traceroute by the route search unit 11 and stores it in the connection route database 22.

  The AP detection unit 13 refers to the data stored in the connection path database 22 to identify the AP 2 that relays the connection with the carrier network 110 for the desired user terminal 3. Specifically, referring to the execution result of Traceroute to each terminal 3 stored in the user connection route database 22, the number of hops is one less than that of each user terminal 3 (that is, from the management device 1, the target A device immediately before the user terminal 3 is detected as an AP 2 corresponding to the user terminal 3. Then, information (for example, a user terminal ID and an IP address) for identifying each of the detected AP 2 and the corresponding user terminal 3 is registered in the device correspondence database 23.

  The failure accepting unit 14 receives an IPsec failure report from the user terminal that was performing the relevant IPsec communication when the IPsec communication between the user terminals 3 is cut off, and transmits it to the failure determining unit 15.

  The failure determination unit 15 receives an IPsec failure report input from the failure reception unit 14 and determines whether or not the failure has occurred in the carrier network 110. Furthermore, when the failure determination unit 15 determines that a failure has occurred at an access point in the carrier network 110, the failure determination unit 15 may include a function unit that notifies the administrator of the network 100 of the determination result. Good.

  The details of data stored in the terminal information database 21, the connection route database 22, and the device correspondence database 23 will be described with reference to FIGS. 5 shows an example of the terminal information database 21, FIG. 6 shows an example of the connection route database 22, and FIG.

  As shown in FIG. 5, the terminal information database 21 stores an ID for identification by the management apparatus 1 and an assigned IP address for each of the user terminals 3 in the network 100. The route search unit 11 issues a Traceroute command to each of the user terminals 3 included in the network 100 by referring to the record stored in the terminal information database 21.

  As shown in FIG. 6, the connection path database 22 uses the user terminal ID as a primary key for each of the user terminals 3 in the network 100, for each hop number from the management apparatus 1, the AP 2 or the relay 4 that passes therethrough. Stores the IP address.

  As shown in FIG. 7, the device correspondence database 23 uses, for each of the user terminals 3 in the network 100, an ID for identifying AP 2 that relays the connection with the carrier network 110 using the user terminal ID as a main key (hereinafter, “ , APID) and the IP address of the AP2.

  In the configuration described above, the AP detection unit 13 attaches an identification APID to each AP 2 and stores it in the device correspondence database 23 together with the user terminal ID or IP address of the corresponding user terminal 3. As a result, the user terminals 3 connected to the carrier network 110 via the same AP 2 can be managed as a group for each area corresponding to the arrangement of the AP 2.

  The failure determination unit 15 refers to the information in the device correspondence database 23 when receiving the IPsec failure notification from the user terminal 3, so that the received IPSec failure notification is transmitted to AP2 (or carrier) from the aspect of the IPSec failure notification in the group. Whether or not the device is in the network network 110). If the received IPsec failure notification relates to the AP 2 failure occurrence, the failure determination unit 15 stores information related to the IPSec failure notification in the failure occurrence status table 24. The failure occurrence status table 24 is a table for storing information related to the failure occurrence status of the AP 2 and may be provided in a plurality of ways corresponding to each AP 2. When the failure determination unit 15 determines that a failure has occurred for each AP2, the failure determination unit 15 adds new failure information (that is, the newly received IPSec failure notification) for the AP2 to the existing failure occurrence status table 24 for the AP2. Information). When the failure occurrence status table 24 for the AP 2 does not exist, the failure determination unit 15 newly creates a failure occurrence status table 24 corresponding to the AP 2 and stores failure information for the AP 2.

(3) Operation Example With reference to FIGS. 8 to 13, the operation of each unit of the management apparatus 1 will be described.

  The route search unit 11 searches the connection route for each user terminal 3 by performing the operation shown in FIG. FIG. 8 is a flowchart showing an operation flow of the route search unit 11.

  First, the route search unit 11 refers to the terminal information database 21 and acquires an IP address for the user terminal 3 that performs route search (step S101). Next, the route search unit 11 issues a Traceroute command for the acquired IP address, and acquires a connection route for the user terminal 3 that performs the route search (step S102). Thereafter, the route search unit 11 outputs the acquired connection route to the result reception unit 12 (step S103).

  As shown in FIG. 9, the result receiving unit 12 receives input of connection route information for each user terminal 3 and stores the information in the connection route database 22. FIG. 9 is a flowchart showing an operation flow of the result receiving unit 12.

  The result receiving unit 12 appropriately acquires information on the connection route acquired by issuing the Traceroute command by the route searching unit 11 and the user terminal ID of the user terminal 3 that is the route search destination (step S201). The result reception unit 12 stores the input connection route information in the connection route database 22 for each user terminal ID (step S202).

  As illustrated in FIG. 10, the AP detection unit 13 detects AP2 used for connection with the carrier network 110 for each user terminal 3. FIG. 10 is a flowchart showing an operation flow of the AP detection unit 13.

  First, the AP detection unit 13 acquires information such as a user terminal ID, an IP address, and a connection route from the connection route database 22 for the user terminal 3 that detects the corresponding AP 2 (step S301).

  Next, the AP detection unit 13 detects the AP 2 corresponding to the acquired IP address of the device having the maximum number of hops stored in the connection route information (in other words, the IP address of the user terminal 3 to be processed). It is determined whether it is an address (step S302). As shown in FIG. 6, the connection route database 22 includes a device (that is, the AP 2 and the relay device 4) that passes through the searched route with the user terminal ID of the user terminal that is the target of the connection route search as a main key. The IP address of the user terminal 3) to be searched for is stored together with the number of hops from the management apparatus 1. Therefore, when the route search is correctly executed, the device having the maximum number of hops in each route is the user terminal 3 that is the target of the route search.

  When the IP address of the device with the maximum number of hops matches the IP address of the user terminal 3 to be processed (step S302: Yes), the AP detection unit 13 refers to the connection route database 22 and has the maximum number of hops −1. The IP address of the device is acquired (step S303). When the IP address of the device with the maximum number of hops does not match the IP address of the user terminal 3 to be processed (step S302: No), the AP detection unit 13 instructs the route search unit 11 to be the user to be processed. An instruction is given to re-execute the route search for the terminal 3 (step S307).

  Next, the AP detection unit 13 determines whether or not the APID of the AP 2 corresponding to the IP address corresponding to the previously acquired IP address of the device with the maximum hop count −1 is stored in the device correspondence database 23. (Step S304). When the APID of AP2 corresponding to the IP address does not exist in the device correspondence database 23 (step S304: No), the AP detection unit 13 assigns a new APID to the target AP2 (step S306).

  Thereafter, the AP detection unit 13 stores the acquired IP address and APID of AP2 in the device correspondence database 23 together with the user terminal ID of the corresponding user terminal 3 (step S305).

  FIG. 11 is a flowchart showing a flow of operation of the failure accepting unit 14. After receiving the IPsec failure notification transmitted from each user terminal 3 (step S401), the failure reception unit 14 outputs the notification content (that is, the received IPSec failure notification) to the failure determination unit 15 (step S402).

Upon receiving an IPsec failure notification, the failure determination unit 15 identifies the device in which the failure has occurred and confirms the failure occurrence status based on the IPsec failure notification. 12 and 13 are flowcharts showing the flow of operation of the failure determination unit 15. The notification transmitted from the user terminal 3 to the management apparatus 1 includes an IPsec failure notification for notifying that a failure has occurred in the IPsec communication and the communication has been cut off, and a failure that has occurred in the IPsec communication is restored. And an IPsec failure recovery notification for notifying that communication has been recovered .
FIG. 12 is a flowchart showing an operation flow of the failure determination unit 15 when an IPsec failure notification is received. When receiving the IPsec failure notification from the user terminal 3 (step S501), the failure determination unit 15 refers to the device correspondence database 23 and acquires the APID of AP2 corresponding to the notification (step S502).

  Subsequently, the failure determination unit 15 determines whether or not the failure occurrence status table 24 for the acquired APID exists (step S503). If it does not exist (step S503: No), a failure occurrence status table 24 for the APID is newly created (step S504).

  The failure determination unit 15 stores information indicating that the user terminal 3 that has reported the failure is occurring in the failure occurrence status table 24 for the APID (step S505).

Thereafter, the failure determination unit 15 refers to the failure occurrence status table 24 for the APID, and T = τ _d + τ _T. The number of IPsec failure reports received between the time before _O and the current time is acquired. At this time, τ _d indicates a keep alive confirmation interval, which is confirmation of the connection status between the user terminals 3, and τ _{T. O} indicates the time until the monitoring timeout of the keep alive confirmation. However, T = τ _d + τ _{T.E. O} is an example, and τ _d + τ _T.I. Any time other than _O may be set to T. The failure determination unit 15 determines that a failure has occurred in the AP 2 indicated by the APID when the number of acquired IPsec failure notifications exceeds a preset threshold value (step S508: Yes), and notifies the administrator of the network 100 The failure is reported as AP2 failure (step S508).

  On the other hand, FIG. 13 is a flowchart showing a flow of operation of the failure determination unit 15 when receiving a failure recovery report of IPsec. From the viewpoint of detecting a failure of AP2, the failure determination unit 15 does not necessarily perform the operation shown in FIG. However, from the viewpoint of securing the operation after the failure is recovered after the failure of AP2, the failure determination unit 15 may perform the operation shown in FIG.

  When the failure determination unit 15 receives an IPsec failure recovery report from the user terminal 3 (step S601), the failure determination unit 15 refers to the failure occurrence status table 24, and the AP 2 corresponding to the user terminal 3 that made the notification has failed. It is determined whether it is in the middle (step S602).

  At this time, if the AP 2 is experiencing a failure (step S602: Yes), the failure determination unit 15 refers to the failure occurrence status table 24 to check whether the number of user terminals 3 in which the failure has occurred is below the above-described threshold value. It is determined whether or not (step S603). When the number of user terminals 3 in which a failure has occurred is below the threshold (step S603: Yes), the failure determination unit 15 notifies the administrator of the network 100 that the failure has been recovered for the corresponding AP2 (step S604). .

  After determining whether or not the AP 2 corresponding to the user terminal 3 that has made the report has a failure (step S602), the failure determination unit 15 is experiencing a failure with respect to the user terminal 3 that has transmitted the failure recovery report. Is stored in the failure occurrence status table 24 (step S605).

  Next, the failure determination unit 15 refers to the failure occurrence status table 24 for the AP 2 and connects to the carrier network 110 via the AP 2 (in other words, includes the AP 2 in the connection path). In step S606, it is determined whether there is a faulty device. When there is no device in which a failure has occurred, the failure determination unit 15 deletes the failure occurrence status table 24 for the AP 2 (step S607).

  According to the operation of the management apparatus 1 described above, regarding any device failure that has occurred in the network 100, an individual failure for each user terminal 3 or a failure in the AP 2 connecting the plurality of user terminals 3 and the carrier network 110. Can be suitably determined. At this time, it is preferable that the failure determination unit 15 of the management device 1 determines the failure by paying attention to the following points regarding the notification about the failure that has occurred.

  The AP 2 connected to the user network in which the user terminal 3 is located accommodates the user terminal 3 in a specific area and connects to the carrier network 110. For this reason, when a failure occurs in a certain AP 2, it can be estimated that a connection failure occurs in the user terminal 3 connected to the carrier network 110 via the AP 2.

  The management apparatus 1 acquires a connection path from the management apparatus 1 for each user terminal 3 by using a command such as Traceroute. Moreover, the management apparatus 1 grasps | ascertains via which AP2 each user terminal 3 is connected to the carrier network 110 based on the acquired connection path | route. For example, FIG. 14 is a table showing the results when the Traceroute command is executed for the network shown in FIG. In FIG. 14, each ID for identification of the AP 2, the repeater 4, or the user terminal 3 that is the target of the Traceroute command via each hop number is shown as a device ID. The The AP detection unit 13 detects the corresponding AP 2 for each user terminal 3 on the basis of the connection path database 21 in which data acquired by such a Traceroute command is stored, and stores the AP 2 in the device correspondence database 23. In the example shown in FIG. 14, the user terminal 3a, 3b, 3f, 3g, 3h, and 3j are shown for each route search result, and classified for each corresponding AP2. As a result of the route search, it has been found that the user terminals 3a and 3b are connected to the carrier network 110 via the AP 2a which is a device having the maximum hop number -1. As a result of the route search, it is known that the user terminals 3f, 3g, 3h and 3i are connected to the carrier network 110 via the AP 2c which is a device having the maximum hop number -1. Therefore, the management device 1 classifies the user terminal 3 for each AP 2 that relays the connection with the carrier network 110 and classifies the IPsec failure report along the classification, thereby causing a failure in IPsec. Can be confirmed for each area.

  At this time, an IPsec connection failure occurs in almost all of the user terminals 3 accommodated in the AP 2. Therefore, the failure determination unit 15 sets a threshold value such as a predetermined ratio with respect to the total number of user terminals 3 accommodated in the AP 2 (in other words, corresponding) for a certain AP 2. The failure determination unit 15 determines whether or not such a failure has occurred in the AP 2 according to whether or not the number of failures in the user terminal 3 accommodated in the AP 2 exceeds the threshold.

Further, when a failure occurs in the AP 2, it can be estimated that a connection failure occurs at substantially the same timing for the user terminal 3 accommodated in the AP 2. At this time, from the user terminal 3 accommodated in another AP 2 communicating with the user terminal 3 accommodated in the AP 2, an IPsec failure notification is transmitted to the management apparatus 1 at substantially the same timing. Therefore, the failure determination unit 15 sets T = τ _d + τ _T.T based on a connection confirmation interval such as keep alive confirmation between user terminals 3 performing IPsec communication for a certain AP 2 _{. If the} number of IPsec failure reports received from the time before _O to the current time exceeds the above threshold, it is determined that a failure has occurred in the AP2.

  As described above, according to the operation of the failure determination unit 15, focusing on the feature related to the failure of the AP 2 that relays the connection between the carrier network 110 and the user terminal 3, the failure of the device that occurs in the network 100 is determined. Is going. For this reason, the management apparatus 1 can suitably determine whether the failure is an individual failure for each user terminal 3 or a failure in the AP 2 connecting the plurality of user terminals 3 and the carrier network 110.

  The present invention is not limited to the above-described embodiments, and can be appropriately changed without departing from the spirit or concept of the invention that can be read from the claims and the entire specification, and a management apparatus and method with such changes Etc. are also included in the technical scope of the present invention.

As mentioned above, the following additional remarks are further described about embodiment described in this specification.
(Appendix 1)
A network management device comprising a plurality of network terminals connected to each other via an access point,
Grouping means for grouping a plurality of network terminals for each access point that relays connections;
Failure detection means for detecting whether or not the connection between the network terminals is disconnected;
In the group of network terminals, when disconnection of a number of connections exceeding a threshold is detected within a predetermined period, it is determined that the disconnection between the network terminals is due to a failure of the access point corresponding to the group A management device comprising: determination means for performing
(Appendix 2)
The management apparatus according to appendix 1, wherein the predetermined period is a period determined in accordance with a cycle in which the plurality of network terminals confirm connection to each other.
(Appendix 3)
The management apparatus according to appendix 1 or 2, wherein the threshold is a ratio determined according to the number of all the network terminals belonging to the group.
(Appendix 4)
The grouping means detects the access point to which each network terminal is connected by searching each communication path of the plurality of network terminals, and the network terminal is connected to the access point to which the network terminal is connected according to the detection result. The management device according to any one of appendices 1 to 3, wherein the management device is grouped every time.
(Appendix 5)
The management apparatus according to any one of appendices 1 to 4, wherein the plurality of network terminals are connected to each other by IPsec communication.
(Appendix 6)
A network management method comprising a plurality of network terminals connected to each other via an access point,
A grouping step of grouping the plurality of network terminals for each access point that relays connections;
A failure detection step of detecting whether or not the connection between the network terminals is disconnected;
In the group of network terminals, when disconnection of a number of connections exceeding a threshold is detected within a predetermined period, it is determined that the disconnection between the network terminals is due to a failure of the access point corresponding to the group A network management method comprising: a determination step.

1 management device,
2 access point (AP)
3 user terminals,
10 CPU,
11 Route search unit,
12 Results reception department,
13 Access point (AP) detector,
14 Disability reception department,
20 Disability judgment department,
21 terminal information database,
22 connection route database,
23 Device compatibility database,
24 Failure occurrence situation table,
100 network.

Claims (5)

A network management device comprising a plurality of network terminals connected to each other via an access point,
Grouping means for grouping a plurality of network terminals for each access point that relays connections;
Failure detection means for detecting whether or not the connection between the network terminals is disconnected;
In the group of network terminals, when disconnection of a number of connections exceeding a threshold is detected within a predetermined period, it is determined that the disconnection between the network terminals is due to a failure of the access point corresponding to the group A management device comprising: determination means for performing The management apparatus according to claim 1, wherein the predetermined period is a period that is determined according to a cycle in which the plurality of network terminals confirm connection to each other.   The management apparatus according to claim 1, wherein the threshold is a ratio determined according to the number of all the network terminals belonging to the group.   The grouping means detects the access point to which each network terminal is connected by searching each communication path of the plurality of network terminals, and the network terminal is connected to the access point to which the network terminal is connected according to the detection result. The management apparatus according to any one of claims 1 to 3, wherein grouping is performed for each group. A network management method comprising a plurality of network terminals connected to each other via an access point,
A grouping step of grouping a plurality of the network terminals for each of the access points that relay connections;
A failure detection step of detecting whether or not the connection between the network terminals is disconnected;
In the group of network terminals, when disconnection of a number of connections exceeding a threshold is detected within a predetermined period, it is determined that the disconnection between the network terminals is due to a failure of the access point corresponding to the group A management method comprising: a determination step.

Images