JP6531419B2 - Control device, communication system, management method of virtual network and program - Google Patents

Description

  The present invention relates to a control device, a communication system, a method and program for managing a virtual network, and more particularly to a control device, a communication system, and a method and program for managing a virtual network which provide a virtual network to a user.

  In Patent Document 1, a plurality of transfer nodes are referred to with reference to a virtual network route information storage unit that stores a correspondence relationship between a transfer path configured by a transfer node, the virtual network, and the virtual network route information storage unit. And a virtual network control unit for identifying a virtual network affected by a change in the state of any of the forwarding nodes, and a control device capable of presenting the affected part on the virtual network to the user is disclosed. ing.

  In Patent Document 2, a virtual network configuration information storage unit that stores the configuration of a virtual network configured by a packet transfer node, a virtual end point on the virtual network, and an end point that stores an end point of the packet transfer node A control unit that controls packet transfer on the virtual network by the packet transfer node by referring to information stored in the information storage unit, the virtual network configuration information storage unit, and the end point information storage unit; A virtual endpoint addition rule that defines the correspondence between the value of a predetermined field in the packet header and the connection position of the virtual endpoint on the virtual network when a packet is received from a source that is not connected to the virtual endpoint And adding a virtual endpoint to the virtual network and a new event to the endpoint information storage unit. Controller having a virtual network updating unit that performs add and birds, and has been disclosed.

  Patent Document 3 discloses that instead of interactively providing a service in real time on a network device using a graphical user interface (GUI), a service using an operation support service (OSS) client and a template interactively and non-interactively The concept of providing template-driven service provisioning is disclosed (Paragraph 0386).

  Patent Document 4 discloses a method of visualizing a virtual network of a computer system using open flow technology. Paragraph 0002 of Patent Document 5 also discloses that a network controller of a software defined network (SDN) creates and maintains a view of network status and allows access to the view of network status.

  Patent Document 6 discloses a network service plan provisioning system for proposing a service plan of a network to a user. Patent Document 7 discloses a unified policy management system for an organization including a central policy server and a policy enforcer at a remote location. Patent Document 8 discloses a utility meter comprising a processor configured to initiate restart / lokback of a utility meter using a firmware instruction set when it is determined that the network interface is inoperable. ing.

WO 2011/118585 International Publication No. 2013/062070 Japanese Patent Publication No. 2003-534748 International Publication No. 2013/118690 Japanese Patent Application Publication No. 2014-526225 JP-A-2014-502066 JP 2005-65305 A JP 2014-130585 A

  The following analysis is given by the present invention. As described in Patent Documents 1 and 2, the spread of OpenFlow and SDN makes it possible to easily construct a virtual network. Along with this, there is a user need to change the parameters of the virtual network. The parameters of these virtual networks include network topology, route, ACL (access control list) policy, hardware configuration such as switch and router, bandwidth (link bandwidth, maximum bandwidth, threshold), routing table, flow table, port status ( Up / down), queue length, service chain (NFV (Network Function Virtualization)) and the like.

  However, if the parameters of the virtual network described above are changed at random, for example, if a problem occurs in the changed content, it becomes difficult to restore the original content. For this purpose, it is necessary to prepare for backup of control information and the like set in advance in each physical node. In addition, in order for the virtual network to function properly, it is necessary to set consistent contents for each physical node. Therefore, deletion or invalidation processing of conflicting setting information may be required.

  An object of the present invention is to provide a control device, communication system, virtual network management method and program that can contribute to facilitation of setting of consistent control information to each physical node, etc. accompanying updating of the virtual network described above. I assume.

  According to the first aspect, it is configured of a physical switch with reference to a database that stores information of a virtual network to which version information is added, and functions as virtual network information management means, and information stored in the database. A route setting unit that determines a packet transfer route on the network; and a node management unit that sets control information to the physical switch on the route, and at least according to the updated content of the information on the virtual network stored in the database Provided is a control device for constructing a virtual network reflecting the updated content of the virtual network by setting control information having a higher priority than control information before updating on a physical switch corresponding to the updated virtual network. Be done.

  According to a second aspect, a communication system is provided that includes the control device described above and a physical node that operates based on control information set from the control device.

  According to the third aspect, the information processing apparatus stores virtual network information to which version information is added, and is configured as a physical switch with reference to a database functioning as virtual network information management means and information stored in the database. A control device comprising: a route setting unit that determines a packet transfer route on a network; and a node management unit that sets control information to a physical switch on the route, updates the information on the virtual network stored in the database. Setting control information having a higher priority than control information before update in at least the physical switch corresponding to the virtual network after update according to the step of receiving and the update contents of the information of the virtual network stored in the database Virtual net reflecting the updated contents of the virtual network A step of constructing a chromatography click, management method of the virtual network including a is provided. The method is tied to a specific machine, a controller that provides a virtual network to the user.

According to the fourth aspect, it is configured of a physical switch with reference to a database that stores information of a virtual network to which version information is added and that functions as virtual network information management means, and information stored in the database. A computer comprising a control device comprising: a route setting unit that determines a packet transfer route on a network; and a node management unit that sets control information to a physical switch on the route, the virtual network stored in the database. Control information having a higher priority than control information before update in a physical switch corresponding to at least the virtual network after update according to the process of accepting update of information and the update content of the information of virtual network stored in the database Update the virtual network by setting And a process of constructing a virtual network that reflects the computer program to be executed by the computer is provided. Note that this program can be recorded on a computer readable (non-transient) storage medium. That is, the present invention can also be embodied as a computer program product.
Each element of the control device, the communication system, the method of managing a virtual network, and the program contributes to the solution of the problems described above.

  According to the present invention, it is possible to contribute to the facilitation of setting of control information consistent with each physical node, etc., accompanied by updating of a virtual network.

It is a figure which shows the structure of one Embodiment of this invention. It is a figure for demonstrating the operation | movement of one Embodiment of this invention. It is a figure which shows the structure of the communication system of the 1st Embodiment of this invention. It is a figure which shows the detailed structure of the control node of the 1st Embodiment of this invention. It is a figure which shows an example of the virtual network information stored in the database of the control node of the 1st Embodiment of this invention. It is a figure which shows the correspondence of the virtual network comprised by the control node of the 1st Embodiment of this invention, and a node. It is a figure which shows the example in which the update was performed to the virtual network information of the database of the control node of the 1st Embodiment of this invention. It is an image figure of version update of a virtual network in a 1st embodiment of the present invention. It is a figure which shows the example of an update (new entry creation) of the database using the template in the 1st Embodiment of this invention. It is an image figure of creation processing of a virtual network using a template in a 1st embodiment of the present invention. It is a figure which shows the example of an update (version update) of the database using the template in the 1st Embodiment of this invention. It is a figure which shows the detailed structure of the control node of the 2nd Embodiment of this invention. It is a figure which shows the example of update of the database in 2nd Embodiment of this invention (entry deletion of an old version). FIG. 7 is an image diagram of deletion of an older version virtual network in the second embodiment of the present invention. It is a figure which shows the detailed structure of the control node of the 3rd Embodiment of this invention. It is a figure which shows the example of an update (rollback process) of the database in the 3rd Embodiment of this invention. It is an image figure of rollback processing of a virtual network in a 3rd embodiment of the present invention. It is a figure which shows the structure of the communication system of the 4th Embodiment of this invention. It is a figure which shows the detailed structure of the management node of the 4th Embodiment of this invention. It is a figure which shows an example of the network operation management policy which can be set from the management node of the 4th Embodiment of this invention. It is a figure which shows an example of the setting screen of the network operation management policy to virtual network information in the management node of the 4th Embodiment of this invention. It is a figure for demonstrating the whole operation | movement of the communication system of the 4th Embodiment of this invention. It is a figure which shows the structure of the communication system of the 5th Embodiment of this invention. It is a figure which shows the detailed structure of OpenFlowController of 5th Embodiment of this invention, and OpenFlowSwitch. It is a figure which shows an example of the flow entry which OpenFlowController of the 5th Embodiment of this invention sets to OpenFlowSwitch. It is an image figure of the virtual network constituted by OpenFlowController of a 5th embodiment of the present invention. It is a figure for demonstrating the modification embodiment of the 5th Embodiment of this invention. It is a figure which shows the structure of the communication system of the 6th Embodiment of this invention. It is a figure which shows the state by which the service chain was comprised by the control node of the 6th Embodiment of this invention. It is a figure for demonstrating the setting change process of the service chain by the control node of the 6th Embodiment of this invention. It is a figure showing an example of updating of a database (service chain setting change) in a 6th embodiment of the present invention. It is an image figure of switching of the service chain by service chain setting change in a 6th embodiment of the present invention. It is a figure which shows the example of update of the database in the 6th Embodiment of this invention (entry deletion of an old service chain). FIG. 20 is an image diagram of deletion of an old version service chain in the sixth embodiment of the present invention. It is a figure which shows the example of an update (rollback process) of the database in the 6th Embodiment of this invention. It is an image figure of rollback processing of a service chain in a 6th embodiment of the present invention.

  First, an outline of an embodiment of the present invention will be described with reference to the drawings. The reference numerals of the drawings appended to this summary are added for convenience to the respective elements as an example for aiding understanding, and the present invention is not intended to be limited to the illustrated embodiments.

  The present invention can be realized by a control device 10A provided with virtual network update acceptance means 11 and virtual network construction means 12 as shown in FIG. 1 in one embodiment thereof. More specifically, the virtual network update accepting unit 11 accepts the update content of the virtual network provided to the user from the network administrator or the user himself. The virtual network construction means 12 sets the control information having a higher priority than the control information before the update to at least the physical node corresponding to the virtual network after the update according to the update contents of the virtual network. Construct a virtual network that reflects the updated content of the network.

  For example, as shown in FIG. 1, in a state where the virtual network VN1 having an upper limit transfer rate (band) of 10 Mbps is provided, the virtual network update acceptance unit 11 changes the upper limit transfer rate (band) to 100 Mbps. It is assumed that the updated content has been accepted. In this case, the virtual network construction means 12 gives higher priority (priority) to the (physical) node corresponding to the virtual network after the update than the control information before the update (priority = Low) according to the update contents of the virtual network. Set control information with degree = high). As a result, a virtual network VN2 having an upper limit transfer rate (band) of 100 Mbps reflecting the updated contents of the virtual network is constructed. It is also possible to create a link between nodes of the virtual network by setting control information (instruction to transfer a packet) having high priority in the same procedure.

  As described above, according to the present invention, it is possible to update a virtual network by setting control information with different priorities to a plurality of (physical) nodes. Also, as described later, in the present invention, if control information with high priority is deleted, it is possible to restore the virtual network to the content before the update. In addition, when it is desired to make space in the control information storage area of each (physical) node, it is possible to delete control information with low priority.

First Embodiment
Subsequently, a first embodiment of the present invention will be described in detail with reference to the drawings. FIG. 3 is a diagram showing the configuration of the communication system of the first exemplary embodiment of the present invention. Referring to FIG. 3, there is shown a configuration in which a plurality of nodes (physical nodes) 111 to 118 connected to one another to configure a network 120 and a control node 100 to control these nodes 111 to 118 are connected. The broken line in FIG. 3 indicates a control channel between the control node 100 and the nodes 111 to 118.

  FIG. 4 is a diagram showing a detailed configuration of a control node according to the first embodiment of this invention. Referring to FIG. 4, a control node 100 including a path setting unit 101, a node management unit 102, a database 103, and a control unit 104 is shown.

  In response to a request from the control unit 104, the route setting unit 101 calculates the routes of the nodes 111 to 118 corresponding to the routes between arbitrary end points of the virtual network based on the topology information of the network 120 stored in the database 103. Do.

  The node management unit 102 creates control information for causing the nodes on the route calculated by the route setting unit 101 to execute packet transfer and associated processing along the route, and the control unit 104 sends control information to each node. Control information having a priority designated by the control unit 104 is set. In addition, the node management unit 102 causes the node to inquire through the control unit 104 whether or not there is a failure of the node, resource status, data statistical status (band usage status), and the like, as needed. You may The collected result may be stored in the database 103 as node information, or may be held by the node management unit 102 itself.

  In the present embodiment, control information for realizing virtual networks of different versions of new and old is set in one node. For this reason, when a wildcard is used for the match condition, control information corresponding to an older version virtual network may be applied. Therefore, the node management unit 102 may be added with a check function of the consistency between the new and old control information.

  The database 103 is a database storing virtual network information including information on the network 120 in which the nodes 111 to 118 are arranged, and the configuration and parameters of a virtual network configured using the resources of the network 120. Further, the database 103 may store prioritized control information set in each node corresponding to the virtual network information.

  The control unit 104 communicates with the nodes 111 to 118 on the network 120, and sets control information in these nodes 111 to 118 to provide a virtual network. In addition, when the control unit 104 receives the updated content of the virtual network from the network administrator or the user, the control unit 104 updates the virtual network information of the database 103, and the virtual network after the update to the route setting unit 101 and the node management unit 102. Request setting of prioritized control information to realize

  FIG. 5 is a diagram showing an example of virtual network information stored in the database 103. As shown in FIG. The example of FIG. 5 shows a state in which two virtual networks of the virtual network 131 and the virtual network 132 are set. In the example of FIG. 5, the virtual network 131 is configured by the nodes 112, 113, 114, and 115 of the network 120, and its maximum bandwidth (upper limit transfer rate) is 100 Mbps. In addition, "1" is set in the version field. Similarly, the virtual network 132 is configured by nodes 116 and 117 of the network 120, and its maximum bandwidth (upper limit transfer rate) is 100 Mbps. In addition, "1" is set in the version field. In this embodiment, the number of versions is used as a priority of control information to be set in a node, and a version with a large number of versions is treated as one having a high priority. Therefore, the database 103 also functions as a virtual network information management unit that manages the priority given to the control information in association with the version of the virtual network.

  FIG. 6 is a diagram showing the correspondence between the virtual networks 131 and 132 and the nodes 111 to 118. In FIG. In the initial stage, as shown in FIG. 5, since the information of the virtual network of version = 1 is set, the control information of priority = 1 is set to the node of FIG. The virtual network of version N will be described hereinafter as the virtual network 131-N, and the control information for realizing the virtual network of version N will be given priority = N.

  Subsequently, the operation of the present embodiment will be described in detail with reference to the drawings. Hereinafter, as shown in FIG. 7, it is assumed that the virtual network information of the database 103 of the control node 100 has been updated. First, for the virtual network 131, it is assumed that the maximum bandwidth is increased from 100 Mbps to 200 Mbps without changing the topology. In this case, as shown in the virtual network 131-2 of FIG. 8, the control node 100 sets control information (priority = 2) having a higher priority than the virtual network 131-1 in the node. Construct a virtual network 131-2. Although the update contents for the virtual network 131 only increase the maximum bandwidth from 100 Mbps to 200 Mbps, as the maximum bandwidth 200 Mbps is realized, the route setting unit 101 and the node management unit 102 recalculate and each node The control information set to 112 to 115 is also updated.

  Similarly, for the virtual network 132, it is assumed that a topology change operation has been performed. Also in this case, as shown in the virtual network 132-2 of FIG. 8, the control node 100 sets the control information (priority = 2) higher in priority than the virtual network 132-1 in the node. The virtual network 132-2 is constructed. Also, since the contents of the update to the virtual network 132 change the topology, in this case as well, the route setting unit 101 and the node management unit 102 recalculate and set new control information in each of the nodes 114 to 117. Be done.

  By doing as described above, a new version of virtual network is constructed corresponding to the updated contents of the virtual network shown in FIG. Since control information for realizing a virtual network is applied based on priority, consistency is ensured. Also, as described in the background art, when the virtual network is updated and the control information is rewritten, the virtual network information and control information of the old version will be lost, but according to the present invention, the old version It is possible to hold virtual network information and control information of

  Note that providing the template to the user can further facilitate the above-described virtual network construction and update processing. FIG. 9 is a diagram for describing processing in the case of using a template when newly constructing a virtual network.

  For example, as shown in the right column of FIG. 9, a table storing templates serving as templates in a virtual network is prepared in advance. Such a template can be created in advance by a network administrator based on the contract content with the user and the charge plan.

  The user selects a virtual network that meets his requirements from the template shown in the right column of FIG. By doing this, as shown in FIG. 10, the user can easily construct a virtual network.

  Also, the virtual network can be updated using the template described above. For example, the user selects a virtual network whose maximum bandwidth of template No. 2 is 200 Mbps from the template shown in the right column of FIG. 11 and registers it as a new entry of the virtual network 131 in the database 103. By doing this, it is possible to perform update processing equivalent to the update content of the virtual network 131 in FIG. 8 (no change in topology, change the maximum bandwidth to 200 Mbps).

  In the examples shown in FIGS. 9 and 11, only two templates are shown to simplify the explanation, but it is preferable to prepare a large number of templates. In this case, preferably, a virtual network ID currently in use is determined from the user name, and a template search function is preferably added using a node included in the determined virtual network as a search key. Alternatively, the control node 100 may store the usage history of the template for each user, and present the template related to the previously used template as a version upgrade candidate or the like.

Second Embodiment
Subsequently, a second embodiment in which the deletion function of the old version virtual network is added to the first embodiment will be described. FIG. 12 is a diagram showing a detailed configuration of a control node according to the second embodiment of this invention. The difference from the control node 100 of the first embodiment shown in FIG. 4 is that an entry deletion unit 1041 is added in the control unit 104a. The other configurations and operations are the same as those of the first embodiment, and therefore, differences from the first embodiment will be mainly described.

  The entry deletion unit 1041 deletes, from the database 103, the old version virtual network information which is no longer used due to the version update. As a trigger of deletion of the virtual network information of the old version by the entry deletion unit 1041, a case where the predetermined period after version update has elapsed, a case where the corresponding traffic is zero for a predetermined period, and the like can be considered.

  Subsequently, the operation of this embodiment will be described. FIG. 13 is a diagram showing an example of updating a database (deletion of an old version of an entry) according to the second embodiment of the present invention. The entry deletion unit 1041 deletes the old version virtual network information when the conditions such as the predetermined period elapse and the corresponding traffic is zero are satisfied.

  When the deletion of the version is performed, the control unit 104a requests the node management unit 102 to delete the control information set in each node. The node management unit 102 which has received the request executes deletion of control information corresponding to the corresponding old version virtual network 131-1, as shown in FIG. The request for deletion can be made by specifying the control information to be deleted by the node management unit 102 with reference to the control information already set for each node managed by the node management unit 102 itself. Alternatively, the node management unit 102 may interact with the node to specify the set control information corresponding to the corresponding version. Although only the virtual network 131-1 is deleted in the example of FIG. 14, the virtual network 132-1 can be deleted as well.

  Thus, for example, in the case of the example of FIG. 14, the old control information is deleted from the nodes 112 to 115. As a result, according to the present embodiment, it is possible to release the resources of the nodes 112 to 115, in short, the storable area of the control information used for the old virtual network.

Third Embodiment
Subsequently, a third embodiment will be described in which a rollback processing function to a virtual network before update is added to the first embodiment. FIG. 15 is a diagram showing a detailed configuration of a control node according to the third embodiment of this invention. The difference from the control node 100 of the first embodiment shown in FIG. 4 is that a rollback processing unit 1042 is added in the control unit 104b. The other configurations and operations are the same as those of the first embodiment, and therefore, differences from the first embodiment will be mainly described.

  When a predetermined rollback execution condition is satisfied, the rollback processing unit 1042 deletes virtual network information of the latest version of the database 103, and performs rollback to the second version of virtual network information. Examples of the rollback execution condition include a virtual network and its constituent nodes, link failure detection, and a user's explicit instruction.

  Subsequently, the operation of this embodiment will be described. FIG. 16 is a diagram showing an example of updating a database (rollback process) according to the third embodiment of the present invention. The rollback processing unit 1042 deletes the latest version of virtual network information when the above-described rollback execution condition is satisfied.

  When the deletion of the version is performed, the control unit 104 b requests the node management unit 102 to delete the control information set in each node. The node management unit 102 which has received the request executes deletion of control information corresponding to the latest version virtual network 132-2 as shown in FIG. The request for deletion can be made by specifying the control information to be deleted by the node management unit 102 with reference to the control information already set for each node managed by the node management unit 102 itself. Alternatively, the node management unit 102 may interact with the node to specify the set control information corresponding to the corresponding version. Although only the virtual network 132-2 is deleted in the example of FIG. 16, the virtual network 131-2 can be similarly deleted and rolled back.

  Thus, for example, as shown in FIG. 17, the virtual network 132 can be prevented from being affected by the failure of the link between the nodes 115 and 117. Although the example of FIGS. 16 and 17 has been described as deleting the latest version virtual network and its control information, there is no need to physically delete the virtual network and processing such as invalidation while leaving the corresponding entry is performed. May be In this way, when the failure of the link between the nodes 115 and 117 is recovered, it is possible to quickly return to the virtual network 132-2.

Fourth Embodiment
Next, a fourth embodiment in which a virtual network management function is added to the configuration of the first embodiment will be described. FIG. 18 is a diagram showing the configuration of the communication system of the fourth exemplary embodiment of the present invention. The difference from the communication system of the first embodiment shown in FIG. 3 is that a management node 140 is added to the control node 100. The other configurations and operations are the same as those of the first embodiment, and therefore, differences from the first embodiment will be mainly described.

  FIG. 19 is a diagram showing a detailed configuration of a management node according to the fourth embodiment of this invention. Referring to FIG. 19, a management node 140 including a user interface 141, a setting unit 142, and a communication interface 145 is shown.

  The setting unit 142 includes a condition setting unit 143 and a policy setting unit 144. The policy setting unit 144 is a means for receiving and holding the setting of the network operation management policy as shown in FIG. Policy No. in FIG. The network operation management policy of 1 is a policy of deleting an older version virtual network when either a predetermined period elapses or traffic volume = 0 holds. Policy No. in FIG. The network operation management policy 2 is a policy of performing rollback processing of the virtual network when detecting a failure of the virtual network.

  The condition setting unit 143 receives the setting of the network operation policy applied to the virtual network of the user from the user via the user interface 141, and requests the control node 100 to update the database 103. FIG. 21 is a diagram showing an example of a setting screen of a network operation management policy to a virtual network by the condition setting unit 143. In the example of FIG. 21, for the virtual network 132, a policy for deleting an old virtual network on the condition of 10 hours since creation of the latest version and a policy for implementing rollback at the time of failure are already set. The application policy is preferably selected using a drop-down list or the like as shown in the upper part of FIG.

  The communication interface 145 is means for mediating communication between the management node 140 and the control node 100.

  In addition to the setting function of the network operation management policy described above in the management node 140 as shown in FIG. 19, the function of receiving the update contents of the virtual network as described in the first to third embodiments, the old version The virtual network deletion condition and the rollback execution condition reception function may be provided.

  Subsequently, the operation of this embodiment will be described. FIG. 22 is a diagram for explaining the overall operation of the communication system of the fourth embodiment of the present invention. As shown in FIG. 22, first, the management node 140 receives an input (selection) of a (network) operation management policy from the user (speech 1 in FIG. 22).

  Next, the management node 140 sets the (network) operation management policy for which the input (selection) has been received, to the corresponding virtual network information in the database 103 of the control node 100 (Speaker 2 in FIG. 22).

  The control node 100 implements the operation (deletion, rollback, etc.) of the virtual network in accordance with the set (network) operation management policy (blowout 3 in FIG. 22).

  As described above, according to this embodiment, it is possible to leave the operation after setting of the virtual network to the control node 100. Note that the example of the network operation management policy is not limited to the example of FIG. For example, instead of the rollback process to the previous generation version, the oldest generation version of the virtual network may be returned. Also, with regard to deletion of an old virtual network, exception processing may be defined such that the initial version virtual network is not targeted for deletion.

Fifth Embodiment
Subsequently, a fifth embodiment configured using the open flow described as the background art will be described in detail with reference to the drawings. FIG. 23 is a diagram showing the configuration of the communication system of the fifth exemplary embodiment of the present invention. The difference from the communication system of the first embodiment shown in FIG. 3 is that the nodes 111 to 118 are replaced by the OpenFlow Switches 211 to 218, and the control node 100 is replaced by the OpenFlow Controller 200. The basic configuration and operation are the same as in the first embodiment, and therefore, differences from the first embodiment will be mainly described.

  FIG. 24 is a diagram showing a detailed configuration of the OpenFlow Controller 200 and the OpenFlow Switches 211 to 218 functioning as control nodes in the fifth embodiment of the present invention. The difference with the control node 100 of the first embodiment shown in FIG. 4 is that the control unit 204 communicates with the OpenFlow Switches 211 to 218 using the OpenFlow protocol, and the control information flows in the flow table 2112 of the OpenFlow Switches 211 to 218. It is a point stored as an entry.

  The OpenFlow Switch 211 includes a control unit 2111, a flow table 2112, and a communication interface 2113.

  FIG. 25 is a diagram showing an example of the flow entry held in the flow table 2112 of the OpenFlowSwitch. As shown in FIG. 25, the flow entry is provided with a PRIORITY field, and the priority can be set. The symbol “*” in the flow entry of FIG. 25 indicates that a wildcard is set.

  When the control unit 2111 of the OpenFlowSwitch 211 receives a packet from the communication interface 2113, it selects from the flow table 2112 a flow entry having a value matching the received packet, which has the highest value in the PRIORITY field, and the contents of the ACTION field Process the packet according to

  For example, when receiving a packet in which the MAC TYPE = IP, the destination IP address is 172.16.0.0/16, the IP Protocol is TCP, and the destination port is 80, the control unit 2111 executes the process shown in FIG. Would select version 3 flow entry above. On the other hand, when the same packet is received in a state where the flow entry of version 3 is deleted, triggered by the above-described rollback process or the like, the flow entry of version 2 of the next highest priority is selected.

  Also in the present embodiment, an entry deletion unit and a rollback processing unit can be added to the OpenFlow Controller 200 functioning as a control node, as in the second and third embodiments. FIG. 26 is an image diagram of a virtual network configured by the OpenFlow Controller 200. In the example of FIG. 26, by setting the flow entry having the priority illustrated in FIG. 25 to the OpenFlowSwitch corresponding to each virtual network, virtual networks of new and old different versions are constructed. As described in the second and third embodiments, the virtual network 231-1 of the old version is deleted by deleting the flow entry corresponding to the virtual network 231-1 of the old version from the OpenFlowSwitch 212-215 at a predetermined timing. Can be removed. Also, when a failure occurs, rollback processing can be realized by deleting the flow entry corresponding to the latest version virtual network 231-2 from the OpenFlow Switches 212 and 213.

  As described above, the present invention can be easily realized using an open flow mechanism.

  In the above description, although the example applied to the open flow has been described, the communication system to which the present invention can be applied is not limited to the open flow. For example, even in a non-open flow switch, as shown in FIG. 27, a time stamp field can be provided in the existing transfer table 2112a, and an entry with a new date and time can be treated as a high priority entry. Of course, the present invention is not limited to the time stamp field, and a Priority field similar to that of FIG. 25 may be provided, or a value available as a priority may be set to the other existing fields.

Sixth Embodiment
Subsequently, a sixth embodiment for realizing update of a service chain represented by connecting virtual network functions provided to a user by giving priority to control information will be described in detail with reference to the drawings. Explain to. FIG. 28 is a diagram showing a configuration of a communication system of the sixth embodiment of the present invention. The difference with the communication system of the first embodiment shown in FIG. 3 is that the control object of the control node 300 is not a virtual network configured by nodes 111 to 118 but a service chain in network function virtualization (NFV) ( Forwarding graph)). The basic configuration and operation of the control node are the same as in the first embodiment, and therefore, differences from the first embodiment will be mainly described below.

  FIG. 29 is a table in which a node (tunnel endpoint) 311, a firewall (FW-1) 312, a deep packet inspection (DPI-1) 313, a network address translation (NAT-1) 314, and a node 318 are connected by the control node 300. It is a figure which shows the state in which the service chain 330-1 was comprised. In the present embodiment, service chain information is stored in the database 103 of the control node 300 instead of the virtual network information of the first embodiment.

  In the state of FIG. 29, the setting change from the control node 300 to the node 311 and the NAT-2 317 can be performed to change the path through which user traffic flows. At the same time, as shown in FIG. 31, the service chain version information is updated by updating the route information of the service chain stored in the database 103 with FW2 315, DPI-2 316, and NAT-2 317. When the version update of the service chain is performed, the control node 300 sets control information with higher priority to the physical node corresponding to the service chain after the update, and performs path switching.

  FIG. 32 is a diagram showing a path after the version update of the service chain. As shown in FIG. 32, with the service chain version update, user traffic flows along the path of the service chain 330-2 after the update.

  As described above, the present invention can also be applied to updating of service chains (forwarding graphs) in network function virtualization (NFV).

  Also in this embodiment, as in the second and third embodiments, deletion of an old service chain and rollback can be realized.

  FIG. 33 is a diagram showing a state in which the control node 300 deletes the entry of the old service chain from the service chain information of the database 103 at a predetermined timing. By doing as described above, deletion of the old service chain as shown in FIG. 34 can be realized.

  FIG. 35 shows that the control node 300 deletes the corresponding service chain entry from the service chain information of the database 103 when a failure or the like occurs in the network function (for example, DPI-2 316 in FIG. 35) on the service chain. It is a figure which shows the state which was carried out. By doing as described above, it is possible to realize the rollback processing of the service chain as shown in FIG.

  In addition, each part (processing means) of the control node and the management node shown in FIGS. 1, 2, 4, 12, 15, 19, 24 and the like uses the hardware for the computer that constitutes these devices, and The present invention can also be realized by a computer program that executes each of the processes described above.

  As mentioned above, although each embodiment of the present invention was described, the present invention is not limited to the above-mentioned embodiment, and further modification, substitution, adjustment in the range which does not deviate from the basic technical idea of the present invention Can be added. For example, the network configuration shown in each drawing, the configuration of each element, and the form of representation of messages are an example to help the understanding of the present invention, and the present invention is not limited to the configuration shown in these drawings.

Finally, the preferred form of the invention is summarized.
[First embodiment]
(Refer to the control device from the above first viewpoint)
[Second form]
In the control device of the first aspect,
The control device using time stamp information indicating a date and time when the virtual network was updated as the priority.
[Third form]
In the control device of the first or second aspect,
The information processing apparatus further comprises an entry deletion unit that deletes information of the virtual network of the version determined based on a predetermined rule from the database.
A control device for deleting control information having a priority corresponding to the version from the physical node in response to deletion of information on the virtual network.
[Fourth embodiment]
In the controller of the third aspect,
The control unit deletes the information of the virtual network, triggered by either the elapse of a predetermined time from the update or the absence of traffic for a predetermined time.
[Fifth embodiment]
In the control device according to any one of the first to fourth aspects,
The information processing apparatus further includes a rollback processing unit that deletes or invalidates information of a virtual network whose version information is new from the database at a predetermined timing.
A control device for deleting control information having a priority corresponding to the version from the physical node in response to deletion or invalidation of information of the virtual network.
Sixth Embodiment
In the control device of the fifth aspect,
The virtual network is updated by deleting or invalidating the control information with the highest priority in response to a rollback instruction from a user or a virtual network failure built reflecting the updated contents of the virtual network. Control device that realizes rollback of content.
[Seventh embodiment]
(Refer to the communication system in the above second aspect)
[Eighth embodiment]
(Refer to the method of managing virtual networks from the above third viewpoint)
[Ninth form]
(Refer to the computer program from the above fourth viewpoint)
The seventh to ninth embodiments can be developed into the second to sixth embodiments as in the first embodiment.

  The disclosures of the above-mentioned patent documents are incorporated herein by reference. Within the scope of the entire disclosure of the present invention (including the scope of the claims), modifications and adjustments of the embodiments or examples are possible based on the basic technical concept of the invention. In addition, various combinations or selections of various disclosed elements (including each element of each claim, each element of each embodiment or example, each element of each drawing, and the like) are possible within the scope of the present disclosure. It is. That is, the present invention of course includes the entire disclosure including the scope of the claims, and various modifications and alterations that can be made by those skilled in the art according to the technical concept. In particular, with regard to the numerical ranges described herein, it should be understood that any numerical value or small range falling within the relevant range is specifically described even if it is not otherwise described.

DESCRIPTION OF SYMBOLS 10A control apparatus 11 virtual network update reception means 12 virtual network construction means 100, 300 control node 101, 201 route setting part 102, 202 node management part 103, 203 database 104, 104a, 104b, 204 control part 111-118 nodes (physical node)
120, 220 Network 131, 131-1, 131-2, 132, 132-1, 132-2, 231-1, 231-2, Virtual Network 140 Management Node 141 User Interface 142 Setting Unit 143 Condition Setting Unit 144 Policy Setting Part 145 Communication Interface 200 OpenFlowController
211-218 OpenFlowSwitch
311, 318 node 312, 315 firewall (FW)
313, 316 Deep Packet Inspection (DPI)
314, 317 Network Address Translation (NAT)
330-1 and 330-2 service chain 1041 entry deletion unit 1042 rollback processing unit 2111 control unit 2112 flow table 2112a transfer table 2113 communication interface

Claims (9)

A database which stores virtual network information to which version information is added and which functions as virtual network information management means;
A path setting unit that determines a packet transfer path on a network configured by a physical switch with reference to information stored in the database;
A node management unit configured to set control information in a physical switch on the packet transfer path;
According to the update content of the virtual network information stored in the database, the virtual information is set by setting control information having a higher priority than control information before update in at least a physical switch corresponding to the virtual network after update. Control device that builds a virtual network that reflects the updated contents of the network.   The control device according to claim 1, wherein time stamp information indicating a date and time when the virtual network was updated is used as the priority. The information processing apparatus further comprises an entry deletion unit that deletes information of the virtual network of the version determined based on a predetermined rule from the database.
The control device according to claim 1 or 2, wherein control information having a priority corresponding to the version is deleted from the physical switch in response to deletion of the information of the virtual network.   The control device according to claim 3, wherein the entry deletion unit deletes the information of the virtual network triggered by either elapse of a predetermined time from the update or that there is no traffic of the predetermined time. The information processing apparatus further includes a rollback processing unit that deletes or invalidates information of a virtual network whose version information is new from the database at a predetermined timing.
The control device according to any one of claims 1 to 4, wherein control information having a priority corresponding to the version information is deleted from the physical switch in response to deletion or invalidation of information of the virtual network.   The virtual network is updated by deleting or invalidating the control information with the highest priority in response to a rollback instruction from a user or a virtual network failure built reflecting the updated contents of the virtual network. The control device according to claim 5, wherein rollback of contents is realized. The communication system containing the control apparatus in any one of Claim 1 to 6, and the physical switch which operate | moves based on the control information set from the said control apparatus. It stores information of a virtual network to which version information is added, and determines a packet transfer path on a network configured by a physical switch with reference to a database functioning as virtual network information management means and the information stored in the database. A control apparatus comprising: a path setting unit; and a node management unit configured to set control information in a physical switch on the packet transfer path,
Accepting an update of virtual network information stored in the database;
According to the update content of the virtual network information stored in the database, the virtual information is set by setting control information having a higher priority than control information before update in at least a physical switch corresponding to the virtual network after update. Constructing a virtual network reflecting the updated contents of the network;
How to manage virtual networks, including: It stores information of a virtual network to which version information is added, and determines a packet transfer path on a network configured by a physical switch with reference to a database functioning as virtual network information management means and the information stored in the database. A computer comprising a control device comprising: a route setting unit; and a node management unit for setting control information in a physical switch on the packet transfer route,
A process of receiving an update of information of a virtual network stored in the database;
According to the update content of the virtual network information stored in the database, the virtual information is set by setting control information having a higher priority than control information before update in at least a physical switch corresponding to the virtual network after update. The process of constructing a virtual network reflecting the updated contents of the network,
A computer program that causes the computer to execute.

Images