JP5953109B2 - Management server and verification method - Google Patents

Description

  The subject matter disclosed in this specification relates to a management server that manages setting information to be set in a device that configures a network, and a setting information verification method that is performed by the management server.

  In recent years, in the technical field of computer networking, it has become possible to construct a complex virtual network that can take various configurations by using a combination of a plurality of virtualization technologies.

  There are various virtualization technologies, and the server field includes a technology for dividing a physical server into a plurality of virtual machines. In the network field, there is a virtualization technology for each layer of the network, which includes an L2 (Layer 2) layer and an L3 (Layer 3) layer. The L2 layer virtualization technology includes a virtual LAN (Local Area Network) technology such as a VLAN (Virtual Local Area Network), and a virtual interface technology such as a VLAN interface or a sub-interface. The L3 layer virtualization technology includes virtual router technology such as VRF (Virtual Routing and Forwarding) and VR (Virtual Router). The storage field includes technology that logically divides one storage including a plurality of physical hard disks into a plurality of LUNs (Logical Unit Numbers). Various virtual resources such as VLANs and virtual machines divided by such a virtualization technique are collectively referred to as virtual resources.

  By using the virtual LAN technology and the virtual interface technology, it is possible to construct and change a virtual network without requiring a physical configuration change. For example, in a data center network, customers' networks with various network configurations (hereinafter referred to as tenants) are virtualized, aggregated on a single physical network, and the customer can simply change the configuration of the virtual network. You can build a network that meets your needs.

  However, since the configuration of a virtual network can be easily changed by simply changing the setting information input to the device, for example, a command, the virtual network of a tenant can be changed by inputting incorrect setting information to the device. There is a possibility that a failure such as connection to a virtual network of a different tenant may occur. When virtual networks are connected between different tenants, for example, a serious failure may occur in which a virtual machine used by a tenant can connect to a virtual machine used by a different tenant as a file server.

  There is a demand for operators and managers who operate data centers to detect or prevent errors in setting information that may cause such a failure before inputting the setting information to a device.

  As a background art of this technical field, there is Patent Document 1. This publication describes that an input method setting file that describes the input order of commands is provided, and that when a command is input, it is input based on whether or not the command exists in the input method setting file.

  Moreover, there exists patent document 2. FIG. This publication states that “a design-time topology calculation unit generates a design-time topology for each layer of a network based on design information and physical connection information for each layer set in a communication device, and a post-construction topology calculation unit Collects configuration information for each layer actually set for each communication device, generates a post-construction topology for each layer of the actually constructed network based on the collected configuration information, and the topology comparison unit designs It is described that the time topology and the post-construction topology are compared for each layer.

JP 2011-60105 A JP 2008-182445 A

  In the technique described in Patent Document 1, a command to be newly input is compared with an input method setting file in which commands that can be input are described. Since the command does not have an identifier that indicates the tenant and does not maintain the correspondence between the tenant and the command, a failure to connect a virtual resource of a tenant to a virtual resource of a different tenant should be detected using a new input command I can't.

  In the technique described in Patent Document 2, network connectivity is verified using the topology of each layer of the network. Since tenant information is not included in the information to be verified, it is not possible to verify that the network is not connected to a different tenant network (independence of tenants). In addition, input the configuration information to the device, and compare the topology generated based on the configuration information collected from the device after construction with the topology generated from the design information. Cannot be detected.

  What is disclosed is that a logical structure (hereinafter referred to as a logical topology) of an information processing system constituted by virtual resources and edges connecting these virtual resources is determined by setting information to be newly input to a device. It is a logical topology verification server that simulates how it changes and verifies a failure caused by setting information input before setting information is input, and a verification method used therefor.

In this specification, a plurality of methods for solving the above-described problems are disclosed, but an example thereof is constituted by a plurality of types of virtualization technologies constructed on an information processing system in which a plurality of types of physical devices are connected via a network. A management server that manages logical topology information including one or more types of virtual resources and edges connecting the plurality of virtual resources separately for each tenant,
Holding a correspondence relationship between the setting information related to the operation to the physical device and the operation to the logical topology corresponding to the setting information;
Based on the correspondence relationship, from the setting information to the physical device, a setting information analysis unit that identifies an operation to any of the logical topologies,
The tenant after being changed by inputting the setting information to the physical device based on the logical topology information for each tenant, the operation on the logical topology, and the tenant identifier that identifies each tenant A topology generator for simulating the logical topology of
And a verification unit that verifies the correctness of the setting information related to the operation based on the logical topology of the tenant generated by simulation.

  According to the disclosure, it is possible to check whether or not the new setting information is correct before setting input to the physical device.

It is a figure which shows the system configuration example in embodiment. It is an example of composition of service server 106a and L2 switch 105a in an embodiment. This is a configuration example of the FC switch 107a and the storage 108a in the embodiment. It is an example of a physical configuration of the management server 109 in the embodiment. It is an example of a structure of the management server 109 in embodiment. It is a structural example of 504 of tenant topology DB. It is an example of a visualization screen of 504 of the tenant topology DB. It is a structural example of the node pattern table 534a. It is an example of a structure of the edge pattern table 534b. It is an example of a structure of the importance level table 525. FIG. It is an example of a structure of the setting information analysis part 512. FIG. 10 is a configuration example of new setting information 531. It is an example of the flowchart explaining the process of the new setting topology production | generation part 513. It is an example of the flowchart explaining a node addition process. It is an example of the flowchart explaining a node deletion process. It is an example of the flowchart explaining an edge addition process. It is an example of the flowchart explaining an edge deletion process. 6 is a configuration example of a new setting topology 526. It is an example of a visualization screen of the new setting topology 526. It is an example of the flowchart explaining the double production | generation deletion verification part 516. It is an example of the flowchart explaining the verification part 517 between tenants. It is an example of the flowchart explaining the independence verification part 518. It is an example of the flowchart explaining the attribute verification part 519. It is an example of the flowchart explaining the verification part 520 in a tenant. 10 is an example of a flowchart for explaining an IP duplication verification unit 521 and a connectivity verification unit 522. It is an example of a structure of the verification result table 527. FIG. It is an example of a tenant topology verification screen. 10 is a diagram illustrating an example of a system configuration in Embodiment 2. FIG. It is an example of a structure of the exception node management table 528. 10 is an example of a flowchart illustrating an independence verification unit 529 according to the second embodiment.

  Hereinafter, examples will be described with reference to the drawings.

  In the data center network system according to the first embodiment, after setting information is input using a logical topology for each tenant generated based on setting information set in the device and setting information newly input into the device. An example will be described in which the logical topology of the tenant is simulated and the setting information is verified in advance.

  A logical topology is a logical structure that indicates the relationship between virtual resources that constitute a virtual network and edges that connect the virtual resources. In a logical topology, virtual resources are called nodes. The tenant logical topology indicates a logical topology for constructing an information processing system for each tenant, that is, a connection relationship between a virtual resource (node) and an edge.

  For example, a node includes a virtual machine, a VLAN, a VLAN interface, a virtual router, a virtual storage interface, a zone, an LU, and the like, and an edge includes a connection between a virtual machine and a VLAN, a connection between a VLAN and a virtual router, and the like. included. Each virtual resource will be described in detail later.

  FIG. 1 is a diagram illustrating an example of a system configuration in the present embodiment.

  The data center 100 constitutes a system for providing an appropriate ICT service via the network 101. In addition to network devices such as the firewall 102, load balancer 103, L3 switch 104, and L2 switches 105a and 105b, devices that can be components of the system include server devices such as servers 106a, 106b, 106c, and 106d, and FC ( It includes SAN (Storage Area Network) switch devices such as Fiber Channel (Switch) 107a and 107b, and storage devices such as storages 108a and 108b. It is not necessary to configure a system using all of these devices, and a system for providing an appropriate ICT service may be configured using an appropriate number of appropriate types of devices. In addition, a management server 109 is connected to this system. The management server 109 is connected to the console 110.

  Network devices such as the firewall 102, the load balancer 103, the L3 switch 104, and the L2 switches 105a and 105b construct a LAN (Local Area Network), provide network connectivity to the servers 106a to 106d, and transmit / receive the server. Control packets. These network devices may be connected to a server, or may be connected to a network outside the management server 109 or the data center 100. The protocol for performing intra-LAN communication includes Ethernet (registered trademark), and the protocol for performing inter-LAN communication includes IP (Internet Protocol). These network devices have virtual LAN technology such as VLAN, virtual interface technology such as VLAN interface and sub-interface, and virtual router technology such as VRF and VR. Configure the network.

  Server devices such as the servers 106a to 106d execute applications for performing appropriate ICT services. Hereinafter, the servers 106a to 106d are referred to as service servers. These server devices are connected to each other via the network device described above, and are connected to the outside of the data center 100. Further, as will be described later, the storage devices 108a and 108b are accessed via the FC switches 107a and 107b. Each server device is equipped with a network interface card (NIC), a host bus adapter (HBA), or a converged network adapter (CNA), and accesses the LAN and SAN. In the server device, a plurality of virtual servers (VMs) may be generated by a VMM (Virtual Machine Monitor) technology or an LPAR (Logical Partitioning) technology. In this case, the VM generates vNIC (Virtual Network Interface Card), vHBA (Virtual Host Bus Adapter), and virtual CNA, which are virtual interfaces, and accesses a network device or a storage device using these virtual interfaces.

  SAN switch devices such as the FC switches 107a and 107b constitute a SAN, transfer I / O (Input / Output) requests from the service servers 106a to 106d to the storages 108a and 108b, and read I / Os read from the storage 108. The O data is transferred to the service servers 106a to 106d. Protocols for intra-SAN communication and inter-SAN communication include FC, FCIP (FC over IP), FCoE (FC over Ethernet), and iSCSI (Internet Small Computer System Interface). These SAN switch devices also include virtualization technologies such as Zoning, NPIV (N Port_ID Virtualization), and VSAN (Virtual Storage Area Networking). Other virtualization technologies may be provided.

  Storage devices such as the storages 108a and 108b provide external storage areas to the service servers 106a to 106d via the above-described SAN. The storage device 108 includes an NPIV for virtualizing a physical port that accesses the storage, and an LU (Logical Unit) that is a logical volume configured in the physical storage. The storage 108 may have a function such as LUN (Logical Unit Number) masking that associates a storage port with an LU and a server.

  The management server 109 holds a logical topology for each tenant, and generates a simulated tenant logical topology or verifies the setting information from setting information input to a device in the system.

  Note that the functions of the above-described system components (firewalls, load balancers, etc.) may be provided by hardware or software.

  FIG. 2 shows a device configuration example of the service server 106a and the L2 switch 105a. The service server 106 a includes a physical CPU 202, a physical memory 203, a physical NIC 204, and a physical HBA 205 as hardware 201. Each resource (202 to 205) provided as the hardware 201 is divided into a plurality of virtual machines (220, 230, 240) by the virtualization processing unit 210. Each virtual machine 220, 230, 240 includes one or more virtual NICs 221 and virtual HBAs 222. The virtual NIC 221 is connected to the physical NIC 204 via the virtual switch unit 212, and the virtual HBA 222 is connected to the physical HBA 205 via the virtual port unit 213.

  The virtualization processing unit 210 holds server setting information 211. The server setting information 211 includes the virtual machine (220, 230, 240) generated in the service server 106a, the virtual NIC 221 provided in the virtual machine, information on the virtual HBA 222, the virtual NIC 221, the physical NIC 204 associated with the virtual HBA 222, and the physical HBA 205. To manage the correspondence. The server setting information 211 also includes a correspondence relationship with the VLAN to which the virtual NIC 221 belongs.

  A plurality of virtual resources are set in the service server 106a. Virtual machines (220, 230, 240) are represented in the logical topology as virtual machine node N705.

  The virtual NIC 221 and the VLAN to which the virtual NIC 221 belongs are one of the virtual resources of the LAN, and are represented as a VLAN interface node N702 and a VLAN node N701 in the logical topology. The virtual HBA 222 is one of SAN virtual resources, and is represented as a virtual storage interface node N704 in the logical topology. Information of these virtual resources (nodes) generated in the service server 106a and information on edges between virtual resources are held as setting information in the server setting information 211, and by analyzing the server setting information 211, Information on the logical topology generated in the service server 106a can be acquired.

  The L2 switch 105 a includes a physical CPU 251, a physical memory 252, and one or more physical NICs 253 as hardware 250. Furthermore, the L2 switch 105a includes a virtualization processing unit 260 in order to perform virtualization processing for each layer of the network. The virtualization processing unit 260 holds the L2 switch setting information 261 and includes a VLAN processing unit 262 and a VRF processing unit 263.

  The L2 switch setting information 261 is setting information necessary for the processing of the VLAN processing unit 262 and the VRF processing unit 263. The definition information of the VLAN and the VRF, the correspondence between the VLAN and the VRF, the information of the interface included in the VLAN, the VRF And the correspondence relationship between VRF and the like. Other information may be included.

  The VLAN processing unit 262 refers to the information set in the L2 switch setting information 261, and performs VLAN processing that is an L2 layer virtualization technology. The VRF processing unit 263 refers to the information set in the L2 switch setting information 261 and performs processing of the VRF that is the L3 layer virtualization technology. Depending on the model of the L2 switch, the VRF processing unit may be a VR processing unit that is another L3 layer virtualization technology. The processing of the virtualization processing unit 260 may be performed by hardware or software.

  In the logical topology, the VLAN definition information is VLAN node N701, the VRF definition information is VRF node N703, the interface information included in the VLAN is VLAN interface node N702, the correspondence between VLAN and VRF, and the correspondence between VRF and VRF. Are represented as edges. Therefore, by analyzing the L2 switch setting information 261, information on the logical topology set in the L2 switch 105a can be acquired.

  FIG. 3 shows a device configuration example of the FC switch 107a and the storage 108a.

  The FC switch 107 a includes a physical CPU 301, a physical memory 302, and one or more physical FC ports 303 as hardware 300. Further, the FC switch 107a transfers an I / O request from a specific server (any one of 106a to 106d) to an appropriate storage (either 108a or 109b) including an LU associated with the server. For this purpose, a zoning processing unit 305 is provided that is implemented by executing a program stored in the physical memory 302 by the physical CPU 301 or by hardware. The zoning processing unit 305 refers to zone information (stored in the physical memory 302 or a recording device (not shown)) indicating the correspondence between the initiator and target of the storage adapter. The zone information is held in the FC switch setting information 304.

  In the logical topology, the zone information is represented as a zone node N706.

  The storage 108 a includes a physical CPU 311, a physical memory 312, one or more physical FC ports 313, and one or more physical disks 314 as hardware 310. The physical FC port 313 may be an FCoE port. The physical disk 314 is logically divided into a plurality of LUs 317.

  Further, the storage 108a is configured to transfer an I / O request from a specific server (any one of 106a to 106d) input from the specific physical FC port 313 to the LU 317 associated with the server. The CPU 311 includes a LUN masking processing unit 316 that is implemented by executing a program stored in the physical memory 312 or by hardware. The LUN masking processing unit 316 refers to LUN masking information that associates an initiator of a server with an LU number (LUN).

  LU definition information and LUN masking information for logically dividing the physical disk 314 into a plurality of LUs 317 are held in storage setting information 315 (stored in the physical memory 312 or a recording device (not shown)).

  In the logical topology, the definition information of the LU 317 is represented as a virtual storage interface node N704 and an LU node N707. The LUN masking information is represented as an edge connecting the virtual storage interface node and the Zone node.

  FIG. 4 shows an example of the device configuration of the management server 109. The management server 109 can be realized by using a general computer including a physical CPU 401, a physical memory 402, and an auxiliary storage device 403. Furthermore, each function which comprises each apparatus is embodied on the said computer, when CPU runs the program stored in the auxiliary storage device. Each program may be stored in advance in the auxiliary storage device 403 in the computer. Alternatively, each program may be introduced into the storage device from another device via a communication interface 404 or a media interface 405 via a medium that can be used by the computer when necessary. The medium refers to, for example, a communication medium (that is, a wired, wireless, optical, or other network, a carrier wave or a digital signal that propagates through the network), or an external storage medium 407 that is detachable from the media interface 405. The management server 109 may be connected to the console 110 that operates the management server via the input / output device 406.

  FIG. 5 is a diagram illustrating a functional configuration example of the management server 109.

  The management server 109 includes a management request receiving unit 501, a visualization unit 502, a tenant topology generation unit 503, and a tenant topology verification unit 510 as components.

  The management request receiving unit 501 receives a processing request related to generation and verification of a tenant's logical topology from an operator, and instructs each functional unit to execute the processing. The processing requested by the operator is, for example, a verification request for setting information (hereinafter referred to as new setting information) to be newly set for a device, or visualization of a tenant's logical topology that is changed by the new setting information. The processing request from the operator includes a table and DB registration request used by each processing unit in the management server. In response to these processing requests, the tenant topology verification unit 510 and the visualization unit 502 are executed. Information such as new setting information and tenant ID required by each processing unit is also notified to each processing unit via the management request receiving unit 501.

  The visualization unit 502 visualizes the verification result of the new setting information newly set in the device and the topology information of the tenant changed by the new setting information. For visualization of the verification result, the verification result is output to a CLI (Command Line Interface) screen using the CLI display control unit 506. For visualization of topology information, the GUI display control unit 505 is used to output a logical topology on a GUI (Graphical User Interface) screen.

  The tenant topology generation unit 503 collects setting information (server setting information 211, L2 switch setting information 261, FC switch setting information 304, storage setting information 315, etc.) from each device (102 to 108b) in the data center, and collects it. A logical topology for each tenant is generated from the set information and stored in the tenant topology DB 504. Note that the tenant topology generation unit 503 is not necessarily a necessary processing unit, and an operator may manually create an entry in the tenant topology DB 504 and set the entry in the tenant topology DB 504 via the management request reception unit 501.

  FIG. 6 shows a configuration example of the tenant topology DB 504. The tenant topology DB 504 is a database that shows a connection relationship between virtual resources that construct a tenant information processing system and edges between virtual resources, that is, a logical topology for each tenant. The tenant topology DB 504 is composed of one or more logical topology entries. One logical topology entry indicates the logical topology of one tenant. One logical topology entry 600 a includes a topology ID 601, a tenant ID 602, a node management table 610, and an edge management table 620.

  The topology ID 601 is an identifier for uniquely identifying the logical topology in the tenant topology DB 504. The tenant ID 602 is an identifier for identifying a tenant. As long as the tenant topology DB 504 can uniquely identify a tenant, the identifier may be a character string, a number, or a symbol. When a virtual resource that is not related to a tenant is set in the device, the tenant ID 602 of the logical topology entry uses NULL.

  The node management table 610 is a table for managing information on virtual resources (nodes) constituting the tenant information processing system. The component includes a node identifier 611, a node type 612, a device identifier 613, and an in-type identifier 614. The node identifier 611 is an identifier for uniquely identifying a node in the entire virtual network. The node type 612 is an identifier indicating the type of virtual resource. The virtual resources include a VLAN node N701, a VLAN interface node N702, a VRF node N703, a virtual storage interface node N704, a virtual machine node N705, a zone node N706, an LU node N707, and the like.

  In this embodiment, the node type N1 is a VLAN node, the node type N2 is a VLAN interface node N702, the node type N3 is a VRF node N703, the node type N4 is a virtual storage interface node N704, the node type N5 is a virtual machine node N705, and the node type. N6 corresponds to the Zone node N706, and the node type N7 corresponds to the LU node N707.

  The device identifier 613 indicates an identifier of a physical device in which a node is defined. When the node is defined by a plurality of physical devices, the device identifier 613 includes the identifiers of the plurality of physical devices.

  In-type identifier 614 includes an identifier associated with node type 612. In the case of a VLAN of the node type N1, the in-type identifier 614 includes a VLAN ID. In the case of the VLAN interface of the node type N2, the intra-type identifier 614 includes both the VLAN interface number and the IP address assigned to the interface. In the case of the VRF of the node type N3, the intra-type identifier 614 includes a virtual router number. In the case of the virtual storage interface of the node type N4, the in-type identifier 614 includes the WWN of the virtual HBA or the WWN of the physical FC port of the storage. In the case of a virtual machine of node type N5, the in-type identifier 614 includes a virtual machine identifier. In the case of a zone of the node type N6, the in-type identifier 614 includes the initiator and the target WWN included in the zone. In the case of the LU of the node type N7, the in-type identifier 614 includes the LUN.

  Line 615 means that the device SW1 and Server1 have a VLAN (node N1) with a VLAN number (in-type identifier of the node N1) of 10, and the line 616 shows the VLAN interface number (node N2 of the node N2). Type identifier) is 10, and the IP address is x. x. x. This means that a VLAN interface (node N2) of x exists, and row 617 means that a virtual router (node N3) having a virtual router number (in-type identifier of node N3) of 1 exists in the device FW1.

  The edge management table 620 is a table for managing edges connecting virtual resources (nodes) constituting the tenant information processing system. The edge management table 620 includes an edge identifier 621, an edge type 622, and node identifiers 623-1 and 623-2 as components. The edge identifier 621 is an identifier for uniquely identifying an edge in the entire virtual network. The edge type 622 is an identifier indicating the type of edge. Node identifiers 623-1 and 623-2 are node identifiers of nodes connected to both ends of the edge.

  A logical topology configuration example in which the tenant topology DB 504 is visualized on the console 110 is shown in FIG. Visualization is realized by the GUI display control unit 505 of the visualization unit 502, and the outer frame of FIG. 7 corresponds to the newly set topology display area 2701 of the tenant topology verification screen shown in FIG.

  The information processing system of the tenant indicated by the identifier 1000 is composed of two virtual machine nodes N705. The virtual machine node N70 is connected to the LU node N707 via the virtual storage interface node N704 and the zone node N706. Further, the virtual machine node N705 is connected to the VRFN 703 via the VLAN interface node N702 and the VLAN, and the VRF is connected to a different VRF. In this configuration example, the logical topology is visualized for each tenant, but the logical topologies of a plurality of tenants may be visualized simultaneously.

  Returning to FIG. 5, the tenant topology verification unit 510 will be described.

  The tenant topology verification unit 510 includes, as components, a table registration unit 511, a setting information analysis unit 512, a new setting topology generation unit 513, a double generation deletion verification unit 516, an inter-tenant verification unit 517, an in-tenant verification unit 520, a pattern A table 524, an importance table 525, a newly set topology 526, and a verification result table 527.

  The table registration unit 511 registers, changes, and deletes a table used by each process of the tenant topology verification unit 510. When the operator makes a table registration, deletion, or change request, the registration request, change, or deletion information requested by the operator is received from the management request receiving unit 501, and each table is operated. The tables registered in this process are a pattern table 524 and an importance level table 525.

  The setting information analysis unit 512 specifies the operation target and the operation for the logical topology of the corresponding tenant one by one from the new setting information for each device related to the construction, change, and deletion of the information processing system of the tenant, and the new setting topology generation unit 513, command the double generation deletion verification unit 516, the inter-tenant verification unit 517, and the intra-tenant verification unit 520.

  The new setting topology generation unit 513 analyzes how the tenant's logical topology changes by inputting the new setting information to the device, and generates a simulated tenant's logical topology after the new setting information is input. The newly set topology generation unit 513 includes a node operation unit 514 and an edge operation unit 515, and different processing units are executed depending on the operation target. The generated logical topology is stored in the newly set topology 526.

  The double generation deletion verification unit 516 generates a node or edge that already exists in the tenant topology DB 504 by a setting operation (double generation), or deletes a node or edge that does not exist in the tenant topology DB 504 (double deletion). Verify whether or not. The verification result is registered in the verification result table 527.

  The inter-tenant verification unit 517 verifies that the logical topology of tenants other than the operation target tenant is not affected by inputting the new setting information to the device. The independence verification unit 518 verifies the possibility of a failure in connection with a tenant logical topology in which the operation target tenant has a different logical topology by one setting operation. The attribute verification unit 519 verifies the possibility of a failure that deletes the logical topology of a tenant other than the operation target through a setting operation. The verification result is registered in the verification result table 527.

  The in-tenant verification unit 520 verifies that connectivity within the tenant is maintained even after the logical topology of the operation target tenant is changed by a plurality of setting operations. The IP duplication verification unit 521 verifies the possibility of a failure in which a virtual resource including the same IP address exists in the tenant and communication is impossible. The connectivity verification unit 522 verifies the possibility of a failure in which the virtual resources constituting the tenant's logical topology are not connected by the edge and communication between the virtual resources becomes impossible. The reachability verification unit 523 passes through a routing table, ACL (Access Control List), LB (Load Balancer), etc. in communication between virtual resources in the tenant, so that connectivity at the L3 layer or higher is not ensured and communication is performed. Verify the possibility of failure that will not be possible. The verification result is registered in the verification result table 527.

  8 and 9 show examples of the structure of the pattern table 524. FIG. The pattern table 524 is a table used by the setting information analysis unit 512 to identify an operation to a tenant's logical topology from setting information newly set for a physical device. The pattern table 524 includes a node pattern table 524a (FIG. 8) and an edge pattern table 524b (FIG. 9).

  The node pattern table 524a is a table for extracting operations related to virtual resources (nodes) from setting information set in a device. The node pattern table 524a manages the correspondence between the setting pattern 801 relating to the operation of the virtual resource, the node type 802, and the operation type 803. The node type 802 indicates the type of virtual resource operated by the setting pattern 801. The type of the node type 802 matches the node type 612 in the tenant topology DB 504. The operation type 803 indicates whether the operation of the virtual resource by the setting pattern 801 is addition or deletion.

  The contents described in each cell of the setting pattern 801 will be described. The first line in the cell means a command for starting setting of an item, and the last line means a command for ending setting for the item. For example, in the VLAN interface setting pattern 812, “interface vlan <id>” means a command for starting setting of a certain VLAN interface, and the last “exit” line ends this setting. Means a command. Further, as described in the intra-type identifier 614 of the tenant topology DB 504, the intra-type identifier of the VLAN interface is a VLAN ID and an IP address. From “interface vlan <id>”, the VLAN interface ID, which is the in-type identifier of the VLAN interface, is <id>, and from “ip address <xx.x.x / y>”, the IP is the in-type identifier of the VLAN interface. The address is <x. x. x. x / y> is specified. It is indicated that a command not shown in the setting pattern 801 may exist at a place described by “:”.

  The edge pattern table 524b is a table for extracting an operation relating to an edge connecting a virtual resource (node) from setting information set in a device. The edge pattern table 524b manages the correspondence between the connection pattern 901 related to edge operations, the edge type 902, the connection node type 903, and the operation type 904. The edge type 902 indicates the type of edge. For example, the edge E1 is a connection between virtual resources of the VLAN and the VLAN interface, the edge E2 is a connection between the virtual resources of the VLAN interface and the VRF, and the edge E3 is a connection between two virtual resources of the VRF.

  The contents described in each cell of the connection pattern 901 will be described. The first line in the cell means a command for starting setting of an item, and the last line means a command for ending setting for the item. For example, in the connection pattern 911, a command starting from “interface vlan” means a command for starting edge setting, and “exit” means a command for ending this setting. This indicates that an edge connecting the virtual resource of the VLAN indicated by “<id>” and the virtual resource of the VLAN interface is added. It should be noted that a command not shown in the example of the connection pattern may exist at the location described by “:”.

  The connection pattern 912 indicates that an edge connecting the virtual resource of the VLAN interface indicated by <id1> and the virtual resource of the VRF indicated by <id2> is added. In the connection pattern 913, the virtual resource of the VRF indicated by <id1> and the virtual resource of the VRF indicated by <id2> are associated by a character string indicated by <name>, and the two VRF virtual resources are connected. Indicates that the edge to be added is added.

  The connection pattern 914 indicates that an edge connecting the virtual resource of the VLAN indicated by <id> and the virtual resource of the VLAN interface is deleted.

  The pattern table 524 holds a table for each device. For this reason, the pattern table 524 includes pattern tables for the firewall 102, load balancer 103, L3 switch 104, L2 switch 105, service server 106, FC switch 107, and storage 108. In addition, when the model is different depending on the device, for example, when the model is different between the service server 106a and the service server 106b, the pattern table for the service server 106a and the pattern table for the service server 106b are held.

  FIG. 10 shows a configuration example of the importance level table 525. The importance level table 525 is a table used when determining the importance level of the verification result determined by the double generation deletion verification unit 516, the inter-tenant verification unit 517, and the intra-tenant verification unit 520 and registering it in the verification result table 527. .

  In the importance level table 525, the correspondence relationship between the verification ID 1001, the verification result 1002, the importance level 1003, and the verification result description 1004 is set in advance so as to match the verification result in each verification unit 516 to 523. Keep it.

  The verification ID 1001 is an identifier indicating a verification result verified by each verification unit 516 to 523 in the tenant topology verification unit 510. The verification result 1002 indicates whether the verification result is “Warning”, “Fail”, or “Pass”. The importance 1003 indicates the importance of the verification result. The verification result description 1004 is a character string for explaining the verification result. The verification result description 1004 is not necessarily a necessary component.

  Although the verification result 1002 has three stages of Warning, Fail, and Pass, the operator can set the importance 1003 to an arbitrary value for each verification unit. Therefore, even when the verification result 1002 is the same, the importance of the verification result can be changed. For example, the verification result Fail in the inter-tenant verification unit 517 can set the importance high, and the verification result Fail in the in-tenant verification unit 520 can set the importance low. This is because the failure verified by the inter-tenant verification unit 517 has a wider range of failure.

  The new setting topology 526 and the verification result table 527 will be described together with detailed processing flows of a new setting topology generation unit 513, a double generation deletion verification unit 516, an inter-tenant verification unit 517, and an in-tenant verification unit 520, which will be described later.

  Next, a processing flow for simulating and generating a tenant logical topology and a processing flow for verifying the tenant logical topology from the tenant topology DB 504 and new setting information 531 newly set for the device will be described in detail.

  The operator inputs new setting information 531 to be newly set to the device and tenant ID 532 associated with the new setting information 531 from the console 110. The input new setting information 531 and tenant ID 532 are notified to the setting information analysis unit 512 via the management request receiving unit 501.

  FIG. 11 shows a processing flow of the setting information analysis unit 512.

  The setting information analysis unit 512 acquires the new setting information 531 and the tenant ID 532 (step 1101).

  FIG. 12 shows an example of the new setting information 531. The new setting information 531 is a list of setting commands input to the device in association with one tenant. A device using a setting method other than a command, such as a WEB interface, may be a list of setting information written in HTML (Hypertext Markup Language) or XML (Extensible Markup Language). When setting information is input to a plurality of devices, a list of setting operations is input for each device. For example, 531a is a list of setting operations input to the model aaa of the L2 switch, 531b is a list of setting operations input to the server, and 531c is a list of setting operations input to the FC switch. . It is assumed that the new setting information 531 describes setting operations that can be input to the corresponding device and does not include grammatical errors. The grammatical error in the setting operation is verified in advance using an existing method.

  Next, the setting information analysis unit 512 refers to the device and model pattern table 524 corresponding to the new setting information 531a (step 1102), and the setting pattern 801 or connection pattern of the pattern table 524 is selected from the new setting information 531a. One setting operation that matches 901 is specified (step 1103). The setting operation is a group of one or more commands for performing one operation of the logical topology specified by the setting pattern 801 of the node pattern management table or the connection pattern 901 of the edge pattern table. Further, the object information and operation (addition or deletion) in the operation of the logical topology corresponding to the setting operation, and the device identifier of the device to be set are specified (step 1104). The object information is node or edge information, and in the case of a node, includes node type and in-type identifier information. In the case of an edge, information on an edge type, node types of two nodes connected by the edge, and in-type identifiers are included.

  For example, when the new setting information 531a is searched with reference to the node pattern table 524a and the edge pattern table 524b, the setting pattern 801 on line 811 hits the search, one setting operation 1201 is specified, and the node pattern table From the node type 802 and the operation type 803 of 524a, it can be specified that the operation by the setting operation 1201 is addition of the node type N1 (VLAN node), and the VLAN ID which is the in-type identifier of the VLAN node is 100. Can be identified.

  The new setting topology generation unit 513, the double generation deletion verification unit 516, and the inter-tenant verification unit 517 are executed using the object information and operation specified in step 1104, the device identifier, and the tenant ID 532 as arguments (steps 1105, 1106, 1107). ).

  When the processing of steps 1102 to 1107 is repeated for all setting operations and the processing of all setting operations is completed (Yes in step 1108), the processing of the in-tenant verification unit 520 is executed (step 1109). When the new setting information 531 includes setting information of a plurality of devices, the processing of the setting information analysis unit 512 is executed for each device.

  FIG. 13 shows a processing flow of the newly set topology generation unit 513.

  The new setting topology generation unit 513 acquires object information, operation, device identifier, and tenant ID 532 from the setting information analysis unit 512 (step 1301).

  If there is no new setting topology in which the tenant ID acquired in step 1301 is set (No in step 1302), initialization processing (step 1303) is executed to initialize the new setting topology 526.

  FIG. 18 shows a configuration example of the new setting topology 526. The new setting topology 526 is a table for simulating a change in the tenant's logical topology based on the new setting information. The components of the newly set topology 526 include a topology ID 1801, a tenant ID 1802, a node management table 1810, and an edge management table 1820. Constituent elements of the node management table 1810 include a node identifier 1811, a node type 1812, a device identifier 1813, an in-type identifier 1814, and a tenant ID 1815. The constituent elements of the edge management table 1820 include an edge identifier 1821, an edge type 1822, and node identifiers 1823-1, 1823-2.

  The configuration of the newly set topology 526 is the same as one logical topology entry that configures the tenant topology DB 504, except that the tenant ID 1815 is included in the components of the node management table 1810.

  In the initialization process (step 1303), after a new setting topology 526 is newly generated, the tenant topology DB 504 is searched based on the tenant ID acquired in step 1301. If there is a logical topology entry of the tenant with the same tenant ID, all information set in the corresponding entry is copied to the newly set topology 526 and acquired in step 1301 to the tenant ID 1815 in the node management table 1810 Register the tenant ID. If there is no tenant topology entry with the same tenant ID, only the tenant ID acquired in step 1301 is registered in the tenant ID 1802 of the newly set topology 526.

  If a newly set topology exists (Yes in step 1302), the initialization process (step 1303) is not performed.

  Next, when the object information acquired in step 1301 is a node (Yes in step 1304), the process of the node operation unit 514 is executed (step 1305). If the object information acquired in step 1301 is an edge (Yes in step 1306), the processing of the edge operation unit 515 is executed (step 1307). If the object information does not correspond to a node or edge, the process ends.

  Next, processing of the node operation unit 514 will be described.

  Step 1301 If the acquired operation is addition (Yes in Step 1308), node addition processing is executed (Step 1309). If the operation acquired in step 1301 is deletion (Yes in step 1310), node deletion processing is executed (step 1311).

  FIG. 14 shows a process flow of the node addition process of the node operation unit 514.

  In the node addition process, the newly set topology 526 is searched based on the node type and the in-type identifier included in the object information (step 1401). If there is a node having the same node type and in-type identifier in the node management table 1810 of the newly set topology 526 (Yes in step 1402), the device identifier 1813 of the node that has hit the search is referred to. If the device identifier acquired in step 1301 has already been registered in the device identifier 1813 of the relevant node (Yes in step 1403), the process ends. If the device identifier is not registered (No in step 1403), the device identifier acquired in step 1301 is registered in the device identifier 1813 of the node that has been found in the search, and the process ends. If there is no node having the same node type and in-type identifier in the node management table 1810 of the newly set topology 526 (No in step 1402), the node type 1812 The identifier 1813, the in-type identifier 1814, and the tenant ID 1815 are registered, and the process ends.

  FIG. 15 shows a processing flow of node deletion processing of the node operation unit 514.

  In the node deletion process, the newly set topology 526 is searched based on the node type, device identifier, and in-type identifier included in the object information (step 1501).

  If there is a node having the same node type, device identifier, and in-type identifier in the node management table 1810 of the newly set topology 526 (Yes in step 1502), the device identifier 1813 of the corresponding node in the newly set topology 526 is used. The device identifier of the corresponding device is deleted (step 1506). When all device identifiers are deleted from the device identifier 1813 of the corresponding node (Yes in Step 1507), the entry of the corresponding node is deleted from the node management table 1810 of the newly set topology 526 (Step 1508). If the device identifier of another device is registered in the device identifier 1813 of the corresponding node (No in step 1507), the process ends.

  If there is no node having the same node type, device identifier, and in-type identifier in the node management table 1810 of the newly set topology 526 (No in step 1502), based on the node type, device identifier, and in-type identifier, The tenant topology DB 504 is searched (step 1503). If there is no node having the same node type, device identifier, and in-type identifier in the node management table 610 of the logical topology entry in the tenant topology DB 504 (No in step 1504), the process ends.

  If there is a node having the same node type, device identifier, and in-type identifier in the node management table 610 of the logical topology entry in the tenant topology DB 504 (Yes in step 1504), the logical topology entry of the tenant including the node is searched. The node management table 610 and the edge management table 620 are taken into the node management table 1810 and the edge management table 1820 of the newly set topology 526, and registered in the tenant ID 602 of the logical topology entry of the tenant topology DB 504 in the tenant ID 1815 of the node management table 1810. The registered value is registered (step 1505). The processing after step 1506 is as described above.

  Returning to FIG. 13, the processing flow of the edge operation unit 515 will be described.

  If the operation acquired in Step 1301 is an addition (Yes in Step 1312), the edge operation unit 515 executes an edge addition process (Step 1313). If the operation acquired in step 1301 is deletion (Yes in step 1314), edge deletion processing is executed (step 1315).

  FIG. 16 shows a processing flow of edge addition processing of the edge operation unit 515.

  In the edge addition process, one of the information of the two nodes included in the object information acquired in step 1301 is selected (step 1601). The newly set topology 526 is searched based on the node type, device identifier, and in-type identifier of the node selected in step 1601 (step 1602). If there is a node having the same node type, device identifier, and in-type identifier in the node management table 1810 of the newly set topology 526 (Yes in Step 1603), Step 1608 is executed. If there is no node having the same node type, device identifier, and in-type identifier in the node management table 1810 of the newly set topology 526 (No in step 1603), the tenant topology DB 504 is searched based on the node type and in-type identifier. (Step 1604). If the node management table 610 of the logical topology entry in the tenant topology DB 504 does not have a node having the same node type and in-type identifier (No in step 1605), it is determined that there is no one end node constituting the edge. Step 1608 is executed.

  If there is a node having the same node type and in-type identifier in the node management table 610 of the logical topology entry in the tenant topology DB 504 (Yes in step 1605), the logical topology entry including the node hit in the search in step 1604 The tenant ID 602 and the tenant ID acquired in step 1301 are compared. If the tenant IDs match (No in step 1606), step 1608 is executed.

  If the tenant IDs do not match (Yes in Step 1606), the node management table 610 and the edge management table 620 of the logical topology entry including the node hit in the search in Step 1604 are replaced with the node management table 1810 of the newly set topology 526 and the edge management. The value registered in the tenant ID 602 of the logical topology entry of the tenant topology DB 504 is registered in the tenant ID 1815 of the added node added to the table 1820 (step 1607).

  In step 1608, it is determined whether the search for the newly set topology has been completed based on the two nodes constituting the edge. If the search for the two nodes constituting the edge has not been completed (No in step 1608), the process returns to step 1601 to search for the other node. When the search for the two nodes constituting the edge is completed (Yes in step 1608), it is determined whether nodes at both ends of the edge exist. If nodes at both ends of the edge do not exist (No in step 1609), the process ends. If both edge nodes exist (Yes in Step 1609), an edge is added to the newly set topology 526 (Step 1610).

  FIG. 17 shows a processing flow of edge deletion processing of the edge operation unit 515.

  The node management table 1810 and edge management table 1820 of the newly set topology 526 are searched based on the edge type included in the object information, the node type of the two nodes connected by the edge, the device identifier, and the intra-type identifier (step 1701). ).

  If there is an edge that matches the edge type, the node type of the two nodes connected by the edge, the device identifier, and the identifier within the type (Yes in step 1702), the corresponding edge is designated as the edge management table 1820 of the newly set topology 526. (Step 1707), and the process ends.

  If there is no edge (No in Step 1702), the node management table 610 of the tenant topology DB 504, the edge management table, based on the edge type, the node type of two nodes connected by the edge, the device identifier, and the in-type identifier 620 is searched (step 1703).

  If there is no edge that matches the edge type, the node type of the two nodes connected by the edge, the device identifier, and the intra-type identifier (No in step 1704), the process ends. If there is an edge (Yes in step 1704), the tenant ID 602 of the logical topology entry including the corresponding edge is compared with the tenant ID acquired in step 1301. If the tenant IDs match (No in step 1705), the process ends. If the tenant IDs do not match (Yes in Step 1705), the node management table 610 and the edge management table 620 of the logical topology entry including the edge hit in the search in Step 1704 are replaced with the node management table 1810 and the edge management of the newly set topology 526. The value registered in the tenant ID 602 of the logical topology entry of the tenant topology DB 504 is registered in the tenant ID 1815 of the node management table 1810 in addition to the table 1820 (step 1706). In step 1707, the corresponding edge is deleted from the edge management table 1820 of the newly set topology 526, and the process ends.

  As described above, how the tenant's logical topology is changed by inputting the setting information to the device can be simulated for each setting operation.

  In particular, by the processing from step 1503 to step 1508, a logical topology in which node information of different tenants is deleted can be generated by a setting operation that is newly input to the device. Further, through the processing from step 1604 to step 1610, a logical topology connected to nodes of different tenants can be generated by a setting operation that is newly input to a device. Furthermore, the processing from steps 1703 to 1707 can generate a logical topology in which edge information of different tenants is deleted by a setting operation that is newly input to a device.

  FIG. 19 shows an example in which the newly set topology 526 is visualized in the topology display area 2701 of the tenant topology verification screen shown in FIG. In this example, the virtual resource N 1901 of the virtual router with the tenant ID 1000 and the virtual resource N 1902 of the VLAN interface with the tenant ID 2000 are connected by the edge E 1903 by setting information including an erroneous setting operation.

  FIG. 20 shows a processing flow of the double generation deletion verification unit 516. The double generation deletion verification unit 516 includes two processing flows: a double generation verification unit 516a and a double deletion verification unit 516b.

  First, the double generation verification unit 516a will be described.

  The double generation verification unit 516a verifies that the virtual resource to be added by the setting operation is not already set.

  The double generation verification unit 516a acquires the object information, operation, device identifier, and tenant ID 532 from the setting information analysis unit 512 (step 2001).

  If the operation is other than an addition operation (No in step 2002), the process is terminated. When the operation is an addition operation (Yes in Step 2002), the tenant topology DB 504 is searched based on the object information (Step 2003). The object information is node or edge information, and in the case of a node, includes node type and in-type identifier information. In the case of an edge, information on an edge type, node types of two nodes connected by the edge, and in-type identifiers are included.

  For example, when the object is a node, the node management table 610 of the tenant topology DB 504 is searched based on the node type, the in-type identifier, and the device identifier. In the case of an object, the node management table 610 and the edge management table 620 of the tenant topology DB 504 are searched based on the edge type, the node type of two nodes connected by the edge, the type identifier, and the device identifier.

  It is determined whether or not an object with matching object information exists in the tenant topology DB 504 (step 2004). If the object is a node, it is determined whether or not there is a node that matches the object information (node type, in-type identifier) acquired in step 2001 and the device identifier. If the object is an edge, it is determined whether there is an edge that matches the object information (edge type, node type of the two nodes connected by the edge and in-type identifier) acquired in step 2001 (step 2005). .

  If the object already exists (Yes in step 2004), it is determined to be double generation, and a verification ID (for example, v1) corresponding to the verification result is acquired. The verification ID is an identifier that can uniquely identify the verification result in the verification process, and matches one of the values registered in the verification ID 1001 of the importance level table 525.

  If the object does not exist (No in step 2004), it is determined as verification pass, and a verification ID (for example, v1000) corresponding to the verification result is acquired (step 2006).

  The importance level table 525 is referred to based on the acquired verification ID, the verification result 1002 and the importance level 1003 are acquired, and the setting operation 1201, the verification result 1002, and the importance level 1003 are registered in the verification result table 527. The setting operation 1201 is not registered if it has already been registered (step 2007).

  FIG. 26 shows a configuration example of the verification result table 527. The verification result table 527 is a table for managing the setting operation 2601, the verification result of the operation based on the setting information, and the importance, and is managed for each tenant. As configuration elements, a setting operation 2601 and verification result and importance registration fields (2602 to 2607) corresponding to each verification unit are included. The verification unit in this embodiment includes a double generation deletion verification unit 516, an independence verification unit 518 and an attribute verification unit 519 in the inter-tenant verification unit 517, an IP duplication verification unit 521 in the intra-tenant verification unit 520, and a connectivity verification unit 522. The reachability verification unit 523 includes a verification result registration field corresponding to each verification unit. For example, the verification result and importance of the double generation deletion verification unit 516 are registered in the double generation deletion verification result registration field 2602. In this configuration example, the verification result is registered in the upper part of each registration field, and the importance is shown in the lower part. The verification result WA indicates Warning. The importance L1 indicates that the importance is 1.

  Returning to FIG. 20, the double deletion verification unit 516b will be described.

  The double deletion verification unit 516b verifies that a virtual resource to be deleted by a setting operation exists.

  The double deletion verification unit 516b acquires the object information, operation, device identifier, and tenant ID 532 from the setting information analysis unit 512 (step 2011).

  If the operation is other than a delete operation (No in step 2012), the process ends. If the operation is a delete operation (Yes in step 2012), the tenant topology DB 504 is searched based on the object information (step 2013). The object search method is the same as that of the double generation verification unit.

  If the object does not exist (No in step 2014), it is determined as double deletion, and a verification ID (for example, v2) corresponding to the verification result is acquired. If the object exists (Yes in step 2014), it is determined as a verification pass, and a verification ID (for example, v1002) corresponding to the verification result is acquired.

  The importance level table 525 is referred to based on the acquired verification ID, the verification result 1002 and the importance level 1003 are acquired, and the setting operation 1201, the verification result 1002, and the importance level 1003 are registered in the verification result table 527 (step 2017). The setting operation is not registered if it has already been registered.

  Next, a processing flow of the inter-tenant verification unit 517 is shown.

  The inter-tenant verification unit 517 verifies that the logical topology of tenants other than the operation target tenant is not affected by inputting the new setting information to the device. The independence verification unit 518 verifies the possibility that a single connection operation causes a failure to connect to a logical topology of a tenant whose operation target tenant has a different logical topology. The attribute verification unit 519 verifies the possibility that the setting operation may cause a failure that the logical topology of a tenant other than the operation target operates.

  FIG. 21 shows a processing flow of the inter-tenant verification unit 517.

  The inter-tenant verification unit 517 acquires object information, operation, device identifier, and tenant ID 532 from the setting information analysis unit 512 (step 2101).

  If the operation is a delete operation (Yes in step 2102), the processing of the attribute verification unit 519 is executed (step 2103). If the operation is an add operation (Yes in Step 2105), the process of the independence verification unit 518 is executed if the object information acquired in Step 2101 is an edge (Yes in Step 2105) (Step 2106).

  Independence verification is a verification item required when an edge is added. Attribute verification is a verification item necessary when deleting virtual resources, that is, nodes and / or edges.

  FIG. 22 shows a processing flow of the independence verification unit 518.

  The independence verification unit 518 acquires object information, operation, device identifier, and tenant ID from the inter-tenant verification unit 517 (step 2201). Since the independence verification unit 518 is a process executed in the case of an edge addition operation, the object information is edge information. The edge information includes edge type, node type information of two nodes connected by the edge, and in-type identifier information.

  One node information is selected from the two node information connected at the edge (step 2202), and the newly set topology 526 is searched based on the node type and the in-type identifier (step 2203). If there is a node whose node type and node type identifier match (Yes in Step 2204), the node searched in Step 2203 can be determined as a node included in the same tenant. Next, step 2210 is executed.

  If the node type and the node type identifier do not match (No in step 2204), the node to be connected at the edge does not exist in the newly set topology 526, and the node is connected to the node included in the logical topology of another tenant. there's a possibility that. Therefore, the tenant topology DB 504 is searched based on the node type and the in-type identifier of the node (step 2205). If there is no node whose node type and node type identifier match (No in step 2206), it is determined that there is no node to be connected by the setting operation, and a corresponding verification ID is acquired (step 2207). ).

  If there is a node whose node type and node type identifier match (Yes in step 2206), the tenant ID 602 of the logical topology entry of the tenant including the node is acquired.

  If the tenant ID 602 matches the tenant ID acquired in step 2201 or is not NULL (No in step 2208), it is determined as an independence violation because an edge is added to connect to a node of a different tenant. A corresponding verification ID is acquired (step 2209).

  If the tenant ID 602 matches the tenant ID acquired in step 2201 or is NULL (Yes in step 2208), the verification of the node selected in step 2202 is determined to be Pass. When the tenant ID 602 is NULL, it indicates that the logical topology entry is not associated with a specific tenant. For example, in order to reduce new setting information when adding a tenant, when a virtual resource such as a VLAN is set in a device in advance, the logical topology entry has a tenant ID of NULL.

  In step 2210, it is determined whether the verification of the two nodes connected by the edge is completed. If verification of the two nodes has not been completed (No in step 2210), the process returns to step 2202, and verification of the other node is performed. When the verification of the two nodes is completed (Yes in Step 2210), the verification is determined as Pass and the corresponding verification ID is acquired (Step 2211). In step 2212, the importance level table 525 is referred to, and a verification result 1002 and an importance level 1003 corresponding to the verification ID are acquired. The acquired verification result 1002 and importance 1003 are registered in the verification result table 527 (step 2212).

  FIG. 23 describes the processing flow of the attribute verification unit 519.

  The attribute verification unit 519 acquires object information, operation, device identifier, and tenant ID from the inter-tenant verification unit 517 (step 2301). The attribute verification unit 519 is a process executed in the case of a deletion operation. The object information includes node or edge information.

  The tenant topology DB 504 is searched based on the object information acquired in step 2301 (step 2302). For example, when the object is a node, the node management table 610 of the tenant topology DB 504 is searched based on the node type, the in-type identifier, and the device identifier. When the object is an edge, the node management table 610 and the edge management table 620 of the tenant topology DB 504 are searched based on the edge type, the node type of two nodes connected by the edge, the type identifier, and the device identifier.

  It is determined whether an object having the same object information exists in the tenant topology DB 504 (step 2303). If the object is a node, it is determined whether or not there is a node that matches the object information (node type, in-type identifier) acquired in step 2301 and the device identifier. If the object is an edge, it is determined whether there is an edge whose object information (edge type, node type of the two nodes connected by the edge and the in-type identifier) matches in step 2301.

  If the object does not exist (No in Step 2303), it is determined that the deletion is double, and a verification ID (for example, v2) corresponding to the verification result is acquired (Step 2304). Since double deletion has been verified by the double generation deletion verification unit 516, the attribute verification unit 519 does not need to assign a verification ID.

  If the object exists (Yes in Step 2303), it is determined whether the tenant ID acquired in Step 2301 matches the tenant ID 602 of the logical topology entry including the node hit in the search in Step 2302.

  If the tenant IDs match, the verification pass is determined, and the corresponding verification ID (for example, v1004) is acquired (step 2306). If the tenant IDs do not match, the logical topology of a different tenant is changed by the corresponding setting operation, so it is determined that the attribute is violated. A corresponding verification ID (for example, v5) is acquired (step 2307).

  In step 2308, the importance level table 525 is referred to, and a verification result 1002 and an importance level 1003 corresponding to the verification ID are acquired. The acquired verification result 1002 and importance 1003 are registered in the verification result table 527 (step 2308).

  FIG. 24 shows a processing flow of the in-tenant verification unit 520. The in-tenant verification unit 520 verifies that connectivity within the tenant is maintained even after the logical topology of the tenant is changed by one or more setting operations included in the new setting information. The processes of the IP duplication verification unit 521, the connectivity verification unit 522, and the reachability verification unit 523 are sequentially executed.

  FIG. 25 shows a processing flow of the IP duplication verification unit 521 and the connectivity verification unit 522.

  The IP duplication verification unit 521 verifies the possibility of a failure in which there is a virtual resource including the same IP address in the operation target tenant and communication is impossible.

  The IP duplication verification unit 521 first acquires the new setting topology 526 (step 2501). By referring to the node management table 1810, all nodes whose IP address is included in the in-type identifier 1814 are acquired (step 2502).

  The IP addresses of the nodes are compared, and it is determined whether or not there are duplicate IP addresses (step 2503). If the IP address is duplicated, it is determined that the IP address is duplicated, and the corresponding verification ID (for example, v6) is acquired (step 2505). If the IP addresses do not overlap, it is determined as a verification pass, and a corresponding verification ID (for example, v1005) is acquired (step 2504).

  In step 2506, the importance level table 525 is referred to, and a verification result 1002 and an importance level 1003 corresponding to the verification ID are acquired. The acquired verification result 1002 and importance 1003 are registered in the IP duplication verification result column of the verification result table 527. IP address duplication verification is performed for a plurality of setting operations 2601. When the corresponding setting operation is specified from the verification result, the setting operation 2601 of the verification result table 527 is searched based on the duplicate IP address, and the verification result is obtained for the setting operation including the duplicate IP address. Fail and importance are registered, and a verification result Pass is registered for a setting operation not including a duplicate IP address.

  The connectivity verification unit 522 verifies the possibility of a failure in which the virtual resources constituting the tenant's logical topology are not connected by the edge and communication between the virtual resources becomes impossible.

  The connectivity verification unit 522 first acquires the new setting topology 526 (step 2511). With reference to the node management table 1810 and the edge management table 1820, it is verified that all nodes and all edges included in the newly set topology are connected using a general search algorithm. If all the nodes and all the edges are not connected (No in step 2512), it is determined that there is a connectivity violation, and a corresponding verification ID (for example, v7) is acquired (step 2514). When all nodes and all edges are connected (Yes in step 2512), it is determined as a verification pass, and a corresponding verification ID (for example, v1006) is acquired.

  In step 2515, the importance level table 525 is referred to, and a verification result 1002 and an importance level 1003 corresponding to the verification ID are acquired. The acquired verification result 1002 and importance 1003 are registered in the connectivity verification result column of the verification result table 527. If the verification result does not correspond to the specific setting operation 2601, the setting operation 2601 is left blank and the verification result is registered.

  The reachability verification unit 523 verifies the possibility of a failure in which the virtual resource in the tenant cannot secure the L3 layer connectivity and cannot communicate. It is possible to connect between appropriate nodes having IP addresses as in-type identifiers via a routing table, ACL (Access Control List), LB, and NAT (Network Address Translation). Verification is performed using On static reachability analysis of IP networks, “IEEE INFOCOM 2005, pp. 2170-2183, March, 2005.

  With the above verification processing, it is possible to verify in advance the possibility of a failure that occurs when new setting information is input to the device.

  FIG. 27 is an example of a tenant topology verification screen displayed on the console 110.

  The tenant topology verification screen includes a new setting topology display area 2701, a tenant ID registration area 2702, a new setting information registration area 2703, and a verification result display area 2706. The newly set topology display area 2701 displays the result of visualizing the newly set topology 526 by the GUI display control unit 505 of the visualization unit 502.

  The tenant ID registration area is an area for the operator to input the tenant ID 532. New setting information registration area 2703 is an area for the operator to register new setting information 531, and includes a registration button 2704 and a verification start button 2705. The verification result display area 2706 displays the verification result visualized by the CLI display control unit 506 in the visualization unit 502.

  According to the present embodiment, in the data center network system, after setting information is input using the logical topology for each tenant generated based on the setting information set for the device and the setting information newly input to the device. The tenant's logical topology can be simulated. As a result, it is possible to visually grasp the possibility of a failure that connects virtual resources included in different tenants. In addition, by verifying the setting information for each setting operation, the setting operation that causes the failure can be quickly identified.

  In the data center network system according to the second embodiment, the setting information is preliminarily used by using the logical topology for each tenant generated based on the setting information set for the device and the setting information newly input to the device. An example of permitting connection between tenants when verifying in the following will be described. As an example of permitting connections between tenants, for example, a network in which a tenant information processing system provides services to users is constructed independently for each tenant, but manages the virtual resources that make up the information processing system This is a case where a network for sharing is constructed between tenants.

  The example of the system configuration in this embodiment is the same as that of the first example. However, an additional function is required for the management server 109. The management server 109 in this embodiment illustrated in FIG. 28 recognizes an exception that permits connections between tenants that are not normally permitted. Therefore, the management server 109 is independent of the exception node management table 528 and the first embodiment. The tenant topology verification unit 510 includes a property verification unit 529.

  The independence verification unit 529 refers to the exception node management table 528 and performs independent performance verification between tenants. The exception node management table 528 is registered in advance by the operator. Information on the components of the table notified by the operator via the console 110 is registered in the exception node management table 528 via the management request reception group 501 and the table registration unit 511. Deletion and modification are performed in the same way.

  FIG. 29 shows a configuration example of the exception node management table 528. The exceptional node management table 528 is a table for managing exceptional nodes that permit connections between tenants. The configuration element includes a node identifier 2911, a node type 2912, a device identifier 2913, an in-type identifier 2914, and an allowed tenant ID 2915. The node identifier 2911 is an identifier for uniquely identifying a node in the entire virtual network. If the identifier 2911 is not assigned to the node at the time when the operator registers the exception node, this field may be blank. The node type 2912 is an identifier indicating the type of virtual resource. The virtual resources include a VLAN node N701, a VLAN interface node N702, a VRF node N703, a virtual storage interface node N704, a virtual machine node N705, a zone node N706, an LU node N707, and the like. The device identifier 2913 is an identifier of a physical device in which a node that exceptionally recognizes connection between tenants is defined. When nodes are defined in a plurality of physical devices like the VLAN node N701, the physical devices that permit inter-tenant connection are limited to physical devices registered in 2913. The in-type identifier 2914 is an identifier associated with the node type 2912. The permitted tenant ID 2915 indicates the ID of a tenant that permits connection to the node specified by the node type 2912 and the in-type identifier 2914.

  The line 2916 means that the node included in the tenant IDs 1000 and 1001 is the device SW1, and permits the connection to the VLAN (node N1) with the VLAN number (in-type identifier of the node N1) 500, and the line 2917 This means that a node included in a tenant having any tenant ID is permitted to connect to a VLAN (node N1) having a VLAN number (in-type identifier of the node N1) of 600 in the device SW1.

  FIG. 30 shows a processing flow of the independence verification unit 529 of the inter-tenant verification unit 517 in the present embodiment. The processing from step 2201 to step 2208 is the same as that of the first embodiment. In this embodiment, if the tenant ID 602 matches the tenant ID acquired in Step 2201 or is NULL (Yes in Step 2208) in Step 2208, Step 2210 is executed. In this case, it can be determined to connect to a virtual resource of the same tenant or a virtual resource not associated with the tenant, and it can be determined that independence is ensured.

  In step 2208, if the tenant ID 602 does not match the tenant ID acquired in step 2201 or is not NULL (Yes in step 2208), it is determined that there is a possibility of connecting to a virtual resource of a different tenant. Execute.

  In step 3001, the exceptional node management table 528 is searched based on the node information (node type and in-type identifier) acquired in step 2202. When there is a node having the same node type and in-type identifier in the exception node management table 528, the device identifier 2913 and the permitted tenant ID 2915 registered in the corresponding node are confirmed. When the device identifier 2913 and the permitted tenant ID 2915 registered in the relevant node include both the device identifier and the tenant ID acquired in step 2201 (Yes in step 3002), the inter-tenant connection is exceptionally permitted. It is determined that the node is connected, and then step 2210 is executed.

  If there is no node having the same node type and in-type identifier in the exception node management table 528, or there is a node having the same node type and in-type identifier, the device identifier 2913 of the corresponding node is acquired in step 2201. If the device identifier is not included (No in step 3002), or if the tenant ID acquired in step 2201 is not included in the permitted tenant ID 2915, an exception is connected to a node other than the node that permitted the inter-tenant connection. Therefore, it is determined as an independence violation, and the corresponding verification ID is acquired (step 2209).

  The processing flow from step 2210 to step 2212 is the same as that of the first embodiment. The processing other than the independence verification unit 529 is the same as that in the first embodiment.

In this way, in the second embodiment, it is possible to verify that a virtual resource that constitutes an information processing system of a tenant is permitted to connect in a specific physical device and virtual resource specified by the operator. As a result, the network in which the information processing system provides services to users is secured for each tenant, while the network for managing the virtual resources that make up the information processing system is shared among tenants. Judgment of independence verification can be made more flexibly.

100 Data center 101 Network 102 Firewall 103 Load balancer 104 L3 switch 105a, 105b L2 switch 106a, 106b, 106c, 106d Server 107a, 107b FC switch 108a, 109b Storage 109 Management server 110 Console 201, 260, 300, 310 Hardware 202 , 251, 301, 311, 401 Physical CPU
203, 252, 302, 312, 402 Physical memory 204, 253 Physical NIC
205 Physical HBA
210 Virtual processing unit 211 Server setting information 212 Virtual switch unit 213 Virtual port unit 260 Virtual processing unit 261 L2 switch setting information 262 VLAN processing unit 263 VRF processing unit 303 Physical FC port 305 Zoning processing unit 314 Physical disk 315 Storage setting information 316 LUN masking processing unit 317 LU
403 Auxiliary storage device 404 Communication interface 405 Media interface 406 Input / output device 407 External storage medium 501 Management request reception unit 502 Visualization unit 503 Tenant topology generation unit 504 Tenant topology DB
505 GUI display control unit 506 CLI display control unit 510 Tenant topology verification unit 510
511 Table registration unit 512 Setting information analysis unit 513 New setting topology generation unit 514 Node operation unit 515 Edge operation unit 516 Double generation deletion verification unit 517 Inter-tenant verification unit 518 Independence verification unit 519 Attribute verification unit 520 In-tenant verification unit 521 IP duplication verification unit 522 Connectivity verification unit 523 Reachability verification unit 524 Pattern table 525 Importance table 526 New setting topology 527 Verification result table 528 Exception node management table 529 Independence verification unit 531 New setting information 532 Tenant ID

Claims (12)

One or more types of virtual resources configured by a plurality of types of virtualization technology, constructed on an information processing system in which a plurality of types of physical devices are connected via a network, and an edge connecting the plurality of virtual resources; Management server that manages logical topology information including, separately for each tenant,
Holding a correspondence relationship between the setting information related to the operation to the physical device and the operation to the logical topology corresponding to the setting information;
Based on the correspondence relationship, from the setting information to the physical device, a setting information analysis unit that identifies an operation to any of the logical topologies,
The tenant after being changed by inputting the setting information to the physical device based on the logical topology information for each tenant, the operation on the logical topology, and the tenant identifier that identifies each tenant A topology generator for simulating the logical topology of
And a verification unit that verifies the correctness of the setting information related to the operation based on the logical topology of the tenant generated by simulation. In the management server according to claim 1,
The verification unit
By operating the logical topology corresponding to the setting information related to one of the operations,
When the simulated logical topology of the tenant is not connected to another tenant, the setting information is determined to be correct,
A management server that determines that the setting information is incorrect when the simulated logical topology of the tenant is connected to another tenant. In the management server according to claim 1 or 2,
The verification unit
When a virtual resource and / or edge is deleted from topology information of a tenant different from the simulated tenant by an operation on a logical topology corresponding to the setting information related to one operation, the setting is performed. A management server for determining that information is incorrect. In the management server according to any one of claims 1 to 3,
Preserve the importance of the verification results that have been set in advance,
A visualization unit for visualizing a verification result by the verification unit;
The verification unit stores the determined verification result of the correctness of the setting information related to the operation and the importance corresponding to the verification result in association with each other,
The visual server associates and visualizes the operation related to the tenant, the verification result, and the importance. In the management server according to claim 4,
The visual part further includes:
A management server that visualizes the simulated logical topology of the tenant together. In the management server according to any one of claims 1 to 5,
The verification unit further includes:
IP addresses included in the virtual resources constituting the logical topology of the simulated tenant are not duplicated,
A management server that verifies that virtual resources constituting the simulated logical topology of the tenant are connected by an edge of the virtual resource. One or more types of virtual resources configured by a plurality of types of virtualization technology, constructed on an information processing system in which a plurality of types of physical devices are connected via a network, and an edge connecting the plurality of virtual resources; , Including a management server that manages logical topology information including tenant separately for each tenant,
A correspondence relationship between the setting information related to the operation to the physical device and the operation to the logical topology corresponding to the setting information;
Identifying an operation to any of the logical topologies from the configuration information to the physical device based on the correspondence relationship;
The tenant after being changed by inputting the setting information to the physical device based on the logical topology information for each tenant, the operation on the logical topology, and the tenant identifier that identifies each tenant And a step of verifying the correctness of the setting information related to the operation based on the logically generated logical topology of the tenant. The verification method according to claim 7 further includes:
By operating the logical topology corresponding to the setting information related to one of the operations,
Determining that the setting information is correct when the simulated logical topology of the tenant is not connected to another tenant;
A step of determining that the setting information is incorrect when the simulated logical topology of the tenant is connected to another tenant. The verification method according to claim 7 or 8 further includes:
By operating the logical topology corresponding to the setting information related to one of the operations,
A verification method comprising: determining that the setting information is incorrect when deleting virtual resources and / or edges from topology information of a tenant different from the simulated tenant. The verification method according to any one of claims 7 to 9, further comprising:
Preserve the importance of the verification results that have been set in advance,
Visualizing the determined verification result;
Storing the determined verification result of the correctness of the setting information related to the operation and the importance corresponding to the verification result in association with each other;
And a step of visualizing the tenant, the verification result, and the importance in association with each other. The verification method according to claim 10 further includes:
A verification method comprising the step of visualizing together the simulated tenant's logical topology The verification method according to any one of claims 7 to 11, further comprising:
Verifying that IP addresses included in the virtual resources constituting the simulated tenant's logical topology do not overlap,
Verifying that the virtual resources constituting the simulated logical topology of the tenant are connected by the edges of the virtual resources.

Images