JP5926164B2 - High-speed distribution method and connection system for session border controller - Google Patents

Description

  The present invention relates to an SBC (Session Border Controller) for connecting networks such as an IP (Internet Protocol) telephone service network to each other, and in particular, when load balancing is performed using a plurality of SBCs. And a connection system that implements this distribution method and connects networks to each other.

  With the spread of the Internet and the like, an IP telephone service network that provides telephone service on an IP network has been constructed. SIP (Session Initiation Protocol) is generally used as a path control protocol in order to realize services that require real-time performance, such as telephone service, over an IP network and is actually used between terminals connected to the network. Data of information to be communicated (referred to as main information) is transmitted using RTP (Realtime Transfer Protocol). When there are a plurality of networks that can use SIP and an attempt is made to make a telephone call between the networks, for example, by IP telephone, the IP packets are transferred between the networks by connecting the networks to each other. It is necessary to do so. There is a session border controller (SBC) as a device that enables communication of RTP packets of main information between adjacent networks. SIP and RTP are protocols in the application layer, and packet data of SIP and RTP is TCP (Transmission Control Protocol) / IP or UDP (User Datagram Protocol) / It is transmitted using a lower layer communication protocol such as IP.

  When two SIP networks are interconnected, the address system in each network and the port to be used may be different. In this case, conversion of an address and a port number is required in the SBC. In general, NAPT (Network Address Port Translation) technology is used for the conversion of the address and the port number. Also, from a security point of view, it is necessary to prevent traffic across networks as a rule in SBC, and to allow only traffic for permitted sessions specified by IP addresses and port numbers to be transmitted between networks. There is. A mechanism in which only a session specified by an IP address and a port number can be transmitted between networks is called a pinhole technology, compared with a small hole opened in a firewall (firewall if translated directly).

  FIG. 5 illustrates the basic operation of the SBC. A calling terminal AA having an IP telephone number 0501111 exists in one network, and a receiving terminal BB having an IP telephone number 0502222 exists in the other network. The SIP processing when a call is made from the calling terminal AA to the receiving terminal BB is shown. In the figure, it is shown that SIP predetermined INVITE message, Ringing message, OK message, ACK message and BYE message are exchanged between terminals. When the calling terminal AA makes a call by the INVITE message, first, as indicated by a circled numeral 1 in the figure, a pinhole is first opened for a downstream RTP packet (direction from the calling side to the called side). Next, an OK message from the receiving terminal BB to the calling terminal AA opens a pinhole for the upstream (in the direction from the receiving side to the calling side) RTP packet, as indicated by the circled number 2, and main information transfer processing As a result, a call between both parties becomes possible. Thereafter, in accordance with the BYE message, the up and down pinholes are closed as indicated by the circled number 3. FIG. 6 shows such pinhole processing by setting information for the firewall. The circled numbers in FIG. 6 correspond to the circled numbers in FIG.

  FIG. 7 shows the NAPT processing in the example shown in FIG. 5, where it is assumed that a private IP address is used in one network and a global IP address is used in the other network.

  FIG. 8 shows an example in which two networks that can use SIP are interconnected using SBC. Here, it is assumed that both IP telephone service network A and IP telephone service network B, which are packet transfer networks, are provided, data is transferred by an RTP session, and SBC is provided on the IP telephone service network A side. The SBC itself executes the above-described pinhole processing and NAPT processing, and is provided with an address conversion table and the like (that is, a table used for pinhole processing and a NAPT table). An SIP server is also provided for writing data to an address conversion table or the like. The SIP server performs normal SIP processing, refers to the payload portion of the packet of the SIP session, identifies the corresponding RTP session, and describes the processing content to be performed on the packet of the RTP session in the path control signal Then, this path control signal packet is transmitted to the SBC. As a result, the processing content determined by the SIP server is written to an address conversion table or the like in the SBC.

  The IP telephone service network A is provided with a terminal A and a call agent. The IP telephone service network B is provided with a terminal B and an SIP server. When a call is made from terminal A to terminal B, according to a standard SIP procedure, terminal A accesses a SIP server via a call agent and establishes a session. As a result, information necessary for data transfer by RTP between the terminal A and the terminal B is written in the address conversion table of the SBC from the SIP server by the path control signal, and is used for data transfer from the terminal A to the terminal B. RTP session is established.

  In the configuration shown in FIG. 8, the SIP server only performs necessary settings for the SBC when establishing and canceling the RTP session, so the processing load is small. However, the SBC performs NAPT processing every time an RTP packet arrives. In addition, since it is necessary to perform processing for blocking illegal packets, the processing load increases when the number of terminals in each network increases. In order to realize the connection between large-scale networks via the SBC, for example, it is necessary to disperse the processing by arranging a plurality of SBCs in parallel. FIG. 9 shows an example in which a plurality of SBCs (in the illustrated case, SBC # 1 and SBC # 2) are provided and controlled by a single SIP server. A management table is also provided in the SIP server in order to determine which of the plurality of SBCs should be subjected to pinhole and NAPT settings.

  When configured as shown in FIG. 9, as indicated by [1] to [6] in the figure, a plurality of SBCs are accessed by different addresses (for example, MAC (Media Access Control) addresses). Therefore, with respect to the main information data such as the RTP packet and the packet of the path control signal, both the IP telephone service network A and the IP telephone service network B have different addresses of the predetermined SBC. Of course, RTP packets and path control signals belonging to the same session regarding the information to be transferred must be sent to the same SBC, so the number of SBCs is increased or decreased, for example. Change the settings in both the SIP server and the IP telephone service networks A and B In addition, it is difficult to solve the problem when the processing is dynamically concentrated on a specific SBC, and even when a specific SBC breaks down, address setting is difficult. It takes time to recover from a failure because it needs to be changed, and even if load distribution is performed dynamically between SBCs, packet loss, delay, etc. In order to prevent this, it is necessary to go through the same SBC.

  As related to the present invention, Non-Patent Document 1 discloses a bandwidth for data that requires session control by SIP and requires real-time performance such as communication by VoIP (Voice over IP) communication. A call control technique in an IP network that can guarantee the above is disclosed.

Masahiro Miyasaka, Koki Horime, Koji Kishida, “Bandwidth Management Technology in NGN”, NTT Technology Journal, Vol. 20, No. 10, pp. 22-23, October 2008

  As described above, when a plurality of SBCs are arranged in parallel in order to interconnect the networks while distributing the load, since the addresses such as MAC addresses for accessing the SBC are different for each SBC, In order to cope with a failure, an address set in advance for accessing the SBC in the network or SIP server must be changed each time. However, performing such an address change leads to a complicated operation, and makes it difficult to quickly respond to a failure or the like.

  SUMMARY OF THE INVENTION An object of the present invention is a distribution method for distributing calls and sessions to SBCs when a plurality of SBCs for inter-network connection are installed according to traffic, and to perform resetting in a network or the like. It is another object of the present invention to provide a method capable of flexibly increasing / decreasing SBC.

  Therefore, another object of the present invention is a connection system for inter-network connection that includes a plurality of SBCs according to traffic, and distributes calls and sessions to SBCs, without re-setting in a network or the like. An object of the present invention is to provide a connection system capable of flexibly increasing / decreasing SBC.

  A connection system according to the present invention is a connection system that connects a first network and a second network and enables transfer of main information between the first network and the second network, A plurality of SBCs (session border controllers) provided in parallel between one network and a second network, and a plurality of sessions in response to a request by a path control protocol from at least one of the first and second networks A path control server that generates a path control signal for the border controller, and is provided for each of at least one of the first and second networks, and is accessed from the network by a single address for each network. From the first distribution device that distributes to one of the SBCs and the path control server A second distribution device that is accessed at one address and distributes the path control signal to one of the plurality of SBCs, and the main information data and the path control signal are related to the same session of the main information transfer. It is arranged to be distributed to the same SBC.

  The distribution method according to the present invention applies to a plurality of SBCs when transferring main information between a first network and a second network via a plurality of SBCs (session border controllers) arranged in parallel. A method of distributing main information data, wherein at least one of the first and second networks distributes main information data received by a single address for each network to one of a plurality of SBCs. A single address and a path control signal for a plurality of SBCs generated in response to a request based on a path control protocol from at least one of the first and second networks. A second sorting process for sorting to any of a plurality of SBCs, and the same sec- tion in the transfer of main information. Relates Deployment, data and path control signal of the main information in the first and second sorting process is to be distributed to the same SBC.

  In the present invention, the path control protocol is, for example, SIP, and the main information is transferred by, for example, RTP. If the path control protocol is SIP, the path control server is a SIP server. The address for each sorting device or sorting process is, for example, a MAC address.

  In the present invention, by providing a sorting device or a sorting process, a plurality of SBCs are linked to behave as a single device operating at a single address. As a result, the increase / decrease in SBC, which is an internal device, is hidden from the network and the path control server. As a result, according to the present invention, it is not necessary to reset the address on the network side or SIP server side when increasing or decreasing the SBC, and it is not necessary to temporarily stop the service or change the setting when expanding the system. The effect of is obtained.

It is a block diagram which shows the structure of the network to which the distribution method of one Embodiment of this invention is applied. It is a block diagram which shows the structure of a distribution apparatus. It is a figure explaining the 1st distribution method. It is a figure explaining the 2nd distribution method. It is a sequence diagram which shows the basic operation | movement of SBC. It is a figure explaining a pinhole process. It is a figure explaining a NAPT process. It is a figure explaining the connection between networks using single SBC. It is a figure explaining the connection between the conventional networks by which load distribution was carried out to several SBC.

  Next, a preferred embodiment of the present invention will be described with reference to the drawings. FIG. 1 shows a network to which a distribution method according to an embodiment of the present invention is applied.

  In the example shown in FIG. 1, in order to enable the exchange of information between the IP telephone service network A and the IP telephone service network B, as shown in FIG. 9, a plurality of SBCs (here, SBC # 1 and SBC # 2) are provided and controlled by a single SIP server. 1 differs from that shown in FIG. 9 in that an IP telephone service network A distributes RTP packets to a plurality of SBCs, and a path control signal from an SIP server is transmitted to a plurality of SBCs. And a sorting device C that sorts RTP packets from the IP telephone service network B to a plurality of SBCs. As shown in the drawings [1] to [3], the sorting apparatuses A to C each have an access address (for example, a MAC address). For example, the IP telephone service network A receives an address [1]. ] Is used to access the sorting apparatus A to send an RTP packet to any one of the plurality of SBCs via the sorting apparatus A. Similarly, the SIP server can set a pinhole or NAPT in any of a plurality of SBCs by sending a path control signal to the allocating device B using the address [2]. ing. As described above, in the configuration shown in FIG. 1, a plurality of SBCs can be accessed using the addresses assigned to the sorting apparatuses A to C. From the network and SIP server, there are as many SBCs as 1 It will appear as if it were a stand device. That is, the internal configuration of having a plurality of SBCs is concealed, and in each network (IP telephone service networks A and B) and the SIP server, the corresponding allocation is made regardless of the increase or decrease of SBC or the occurrence of a failure in SBC. Access to a plurality of SBCs becomes possible by permanently setting the address of the distribution device.

  In the configuration shown in FIG. 1, when a session is formed between two networks and the main information data is transmitted by an RTP packet or the like, the session starts (when the IP phone service is used, the call originates) and the session ends. At the time (end call in the case of IP phone service), a path control signal is sent from the SIP server to the SBC, and path creation / deletion such as change of address translation table (pinhole table and NAPT table) is performed. It is necessary to perform the process. Therefore, for the same session, the SBC that is the distribution destination of the main information data by the distribution apparatuses A and C and the SBC that is the distribution destination of the path control signal by the distribution apparatus B must match. In order to make the distribution destinations by the distribution devices A to C the same for each session, a method of setting the same distribution rule in each distribution device in advance, or the distribution device B and the distribution device A 1 and C, a notification line is set as shown by the dotted line in FIG. 1, and the distribution destination dynamically determined by the distribution apparatus B is applied to the distribution apparatuses A and C.

  The distribution device A and the distribution device C differ only in which of the IP telephone service networks A and B is connected, and are the same in other respects. The distribution method of the present embodiment will be described in more detail with the device B.

  When the same sorting rule is set in advance in the sorting devices A and B, the sorting devices A and B have a difference whether the input packet is an RTP packet or a packet for transmitting a path control signal. Alone, having substantially the same configuration as shown in FIG.

  Assuming that the communication protocol used in the IP telephone service networks A and B is TCP / IP or UDP / IP, as is well known, a session is a 5-tuple (5-tuple), that is, a source IP address, It can be specified by a combination of a destination IP address, a transmission source port number, a destination port number, and a protocol type. The pinhole process in the SBC is also executed by a combination of the transmission source IP address, the destination IP address, the transmission source port number, and the destination port number. Therefore, the distribution apparatus hashes the 5-tuple from the header of the received RTP packet or the packet of the received path control signal with respect to the packet receiving unit 11 and the 5-tuple extracted by the packet receiving unit 11. A hash value processing unit 12 that calculates a hash value by applying a function, and a destination device determination unit that determines a destination device ID corresponding to the SBC that is a distribution destination from the hash value calculated by the hash value processing unit 12 13 and the MAC address of the RTP packet or path control signal packet received by the packet receiving unit based on the destination device ID determined by the destination device determining unit 13, and these packets are transferred to the distribution destination SBC. And a packet transmission unit 15 for making it possible. A plurality of SBCs are assigned unique destination device IDs in advance, and the destination device determination unit 13 is provided with a distribution table 14 describing destination device IDs corresponding to the hash values for each hash value. . The destination device determination unit 13 searches the distribution table 14 according to the hash value to extract the SBC that should be a packet distribution destination as the destination device ID. The packet transmission unit 15 is provided with a MAC address table 16 describing the MAC address (destination MAC address) of the SBC specified by the destination device ID. The packet transmission unit 15 obtains a MAC address for rewriting the RTP packet or the path control signal packet by searching the MAC address table 16 based on the received destination device ID.

  In the allocating apparatuses A to C, the hash function for obtaining the hash value is common, the contents of the allocating table 14 are the same, and the contents of the MAC address table 16 are also the same. Thus, if the 5-tuple extracted from the RTP packet and the 5-tuple extracted from the path control signal packet are the same, the RTP packet and the path control signal packet are transferred to the same SBC. Is guaranteed. Therefore, the main information data (RTP packet) and the path control signal are always distributed to the same SBC for the same session. In addition, since the hash function is used, it is difficult for processing to concentrate on a specific SBC. When the SBC is increased or decreased, the distribution table 14 and the MAC address table 16 in each of the distribution devices A to C may be rewritten according to the content of the increase / decrease.

  FIG. 3 illustrates processing in the sorting method described above.

  By the way, in the distribution method shown in FIG. 3, the hash function is used and concentration of processing to a specific SBC is difficult to occur. However, the transfer of main information to a specific small number of terminals is still concentrated. In such a case, processing may concentrate on a specific SBC. Therefore, it is conceivable to dynamically change the contents of the sorting table 14 so that the concentration of processing is less likely to occur. FIG. 4 shows processing when the contents of the distribution table 14 are dynamically changed. Dynamically changing the contents of the distribution table 14 corresponds to dynamically executing load distribution between SBCs. As described above, when load distribution is dynamically performed between SBCs, For a session that is actually established and used, it is necessary to go through the same SBC in order to prevent packet loss and delay.

  In the example shown in FIG. 4, it is assumed that the sorting apparatus B is connected to the sorting apparatus A (and the sorting apparatus C) via a notification line. The destination device determination unit 13 of the sorting device B is provided with a storage unit 17 for storing a destination device ID of a specific SBC as the next destination device, and a column of “number of entries” is provided in the sorting table 14. Yes. The distribution table 14 of the destination device determination unit 13 of the distribution device A (and the distribution device C) is the same as that shown in FIGS. Further, the packet receiver 11, the hash value processor 12, and the packet transmitter 15 shown in FIG. 4 are the same as those shown in FIGS.

  Since the distribution apparatus B processes the path control signal from the SIP server, it can grasp which SBC is currently processing which session, and has a function of counting the number of sessions executed by each SBC. . Therefore, the destination device determination unit 13 of the distribution device B stores the number of sessions currently being processed for each hash value in the entry number column of the distribution table 14. Then, every time a new session occurs, the value in the corresponding entry number column is incremented (+1), and when the session is deleted, the value in the entry number column is decremented (−1). In addition, the destination device determination unit 13 of the distribution device B constantly monitors the number of sessions that each SBC is currently processing in a separate process from the determination of the number of sessions for each hash value. Among them, the destination device ID having the smallest number of sessions is stored in the storage unit 17 as the next destination device. In the distribution table 14, when the value of the entry number column corresponding to a certain hash value changes from 1 to 0, the destination device ID corresponding to the hash value is stored in the storage unit 17 as the next destination device. Is rewritten to the existing destination device ID. When such rewriting of the destination device ID is performed, the allocating device B has performed such rewriting to the allocating device A (and the allocating device C) using the notification line described above. To be notified. In response to this notification, the sorting device A (and the sorting device C) rewrites the sorting table 14 in the destination device determination unit 13 of the own device. Since the notification of rewriting itself is difference information indicating which hash value destination device ID has been changed to what, the amount of processing for rewriting the sorting table 14 in the sorting device A (and the sorting device C) Is small. In addition to the distribution of the path control signal, the distribution device B performs each of the above-described processes. Even if the sorting device B executes the above-described processes, the processing amount in the sorting device B does not become excessive.

  In the distribution method shown in FIG. 4, since the SBC having a relatively small processing load corresponds to more hash values, the load can be distributed among the SBCs. In addition, since the change of the destination device ID for each hash value is performed when there is no session currently being processed corresponding to the hash value, there is no need to process the movement of state information between SBCs. It is possible to prevent occurrence of packet loss and delay due to change of the destination device ID.

  In the distribution method shown in FIGS. 2 and 3, the distribution device A (and the distribution device C) distributes all transfer data with respect to the RTP packet, and the load on the distribution device A (and the distribution device C) is large. However, in the sorting method shown in FIG. 4, the sorting device A (and the sorting device C) only needs to respond to the notification of the destination information change from the sorting device B, so the processing load is reduced. High-speed information transfer can be realized.

DESCRIPTION OF SYMBOLS 11 Packet receiving part 12 Hash value conversion process part 13 Destination apparatus determination part 14 Distribution table 15 Packet transmission part 16 MAC address table 17 Storage part

Claims (4)

A connection system for connecting a first network and a second network to enable transfer of main information between the first network and the second network by RTP ,
A plurality of session border controllers provided in parallel between the first network and the second network;
A path control server that generates path control signals for the plurality of session border controllers in response to a request by SIP from at least one of the first and second networks;
A first network which is provided for at least one of the first and second networks, is accessed from the network by a single address for each network, and distributes the main information data to any of the plurality of session border controllers; A sorting device;
A second distribution device that is accessed by a single address from the path control server and distributes the path control signal to any of the plurality of session border controllers;
Have
The main information data and the path control signal are distributed to the same session border controller for the same session of the main information transfer ,
The first allocating device calculates a first hash value by applying a hash function to a first packet receiving unit that extracts a 5-tuple from an RTP packet and a 5-tuple extracted from the first packet receiving unit. A hash value conversion processing unit, a first destination device determination unit that selects one of the plurality of session border controllers based on the first hash value, and the first destination device determination unit selected by the first destination device determination unit A first packet transmitter that rewrites the MAC address so that the RTP packet is input to the session border controller,
The second allocating device applies the hash function to a second packet receiving unit that extracts a 5-tuple from the path control signal and a 5-tuple extracted by the second packet receiving unit. A second hash value processing unit that calculates a second hash value, a second destination device determination unit that selects one of the plurality of session border controllers based on the second hash value, And a second packet transmission unit that rewrites a MAC address so that the path control signal is input to the session border controller selected by the second destination device determination unit . The first allocating device calculates a first hash value by applying a hash function to a first packet receiving unit that extracts a 5-tuple from an RTP packet and a 5-tuple extracted from the first packet receiving unit. A hash value conversion processing unit, a first destination device determination unit that selects one of the plurality of session border controllers based on the first hash value, and the first destination device determination unit selected by the first destination device determination unit A first packet transmitter that rewrites the MAC address so that the RTP packet is input to the session border controller,
The second allocating device applies the hash function to a second packet receiving unit that extracts a 5-tuple from the path control signal and a 5-tuple extracted by the second packet receiving unit. A second hash value processing unit that calculates a second hash value, a second destination device determination unit that selects one of the plurality of session border controllers based on the second hash value, comprising a second packet transmission unit to rewrite the MAC address as the path control signal to the session border controller second target device determining unit has selected to input, a connection system according to claim 1. The main information is transferred to the plurality of session border controllers when the main information is transferred by RTP between the first network and the second network via the plurality of session border controllers arranged in parallel. A method of distributing data,
A first distribution process for distributing data of the main information received by a single address for each network to at least one of the first and second networks to any of the plurality of session border controllers;
The path control signal for the plurality of session border controllers generated in response to the SIP request from at least one of the first and second networks is received by a single address, and the path control signal is transmitted to the plurality of sessions. A second distribution process that distributes to one of the border controllers;
Have
With respect to the same session in the transfer of the main information, the data of the main information and the path control signal are distributed to the same session border controller in the first and second distribution processes ,
The first distribution process includes a process of extracting a 5-tuple from an RTP packet and applying a hash function to calculate a first hash value, and the plurality of session borders based on the first hash value. Selecting one of the controllers and rewriting the MAC address so that the RTP packet is input to the selected session border controller,
The second allocating process extracts a 5-tuple from the path control signal, applies the hash function, calculates a second hash value, and sets the plurality of hash values based on the second hash value. And a process of selecting any of the session border controllers and rewriting the MAC address so that the path control signal is input to the selected session border controller . In the second distribution process, the number of sessions currently processed for each of the plurality of session border controllers is stored, and the session border controller with the smallest number of sessions being processed is set as the next destination. Each time a hash value is generated in which the number of sessions currently being processed becomes zero, the session border controller set as the next destination is reset as the session border controller corresponding to the hash value,
The distribution according to claim 3 , wherein the session border controller corresponding to each hash value is described and the table used in the first distribution process is rewritten with the content of the reset every time the reset is performed. Method.

Images