JP7155673B2 - Network management device, method and program - Google Patents

Description

The present invention relates to a network management device, network management method, and program.

Ethernet (registered trademark) is used not only for LANs (Local Area Networks) but also for VPNs (Virtual Private Networks) that provide layer 2 (L2) connections of the OSI (Open Systems Interconnection) reference model between sites. is also used. Ethernet OAM (Operation Administration and Maintenance) is a technology that standardizes Ethernet operation, maintenance, and management (OAM). 1731, and IEEE802 (Institute of Electrical and Electronics Engineers) also defines IEEE802.1ag.

Ethernet OAM introduces two concepts: MEP (MEG (Maintenance Entity Group) End Point) and MIP (MEG Intermediate Point). MEPs and MIPs are provided, for example, for each management level by network operators and service providers who provide network services, and transmit and receive Ethernet OAM frames. MEPs are maintenance endpoints that generate and terminate Ethernet OAM frames (abbreviated as "OAM frames"), and MIPs are maintenance entity group (MEG) intermediate points that relay OAM frames. Ethernet OAM is implemented on full-duplex point-to-point or emulated point-to-point Ethernet links.

FIG. 1 is a diagram for explaining the OAM frame format (ITU-T.Y.1731). Referring to FIG. 1, the destination MAC (Media Access Control) address (48 bits: 6 octets) of the Ethernet frame header, the source MAC (Media Access Control) address (6 octets), the VLAN (Virtual Local Area Network) tag (4 Octet), OAM Ether-type (2 octets), MEG (Maintenance Entity Group) level and version number (1 octet), Operation code (control code) (1 octet), Flag (1 octet), TLV (Type-Length-Value) ) offset (1 octet), OAM data information (36 to 1494 octets), and FCS (Frame Check Sequence) (4 octets). Before the destination MAC address, a preamble (7 octets) + SFD (Start of Frame Delimiter: 1 octet fixed bit string) (IEEE802.3) or a preamble (8 octets) (Ethernet ver.2) is added. be.

The VLAN tag (4 octets) consists of a Tag Protocol Identifier (TPID) (2 octets) and Tag Control Information (TCI) (2 octets).

TCI is
3-bit priority (PCP: Priority Code Point),
1-bit CFI (Canonical Format Identifier) (used in Token Ring, 0 in Ethernet),
12-bit VLAN-ID (VID)
consists of

OAM Ether-type (2 octets) is set to 0x8902 (where 0x represents hexadecimal notation). The MEG (Maintenance Entity Group) level is 3 bits, and the MEG level numerical value (eg, 0 to 7) of the OAM PDU (Protocol Data Unit) is set. For example, MEG levels 0, 1 and 2 are operator levels, MEG levels 3 and 4 are service provider levels, and MEG levels 5, 6 and 7 are subscriber (customer) levels. In general, a management point allows an OAM frame whose MEG level is set higher than itself to pass through, and discards an OAM frame of a lower level. The version number is set to an integer value representing the OAM protocol version (eg, 0). The opcode (control code) represents the type of OAM PDU. CCM (Continuity Check Message) is 1, LBM (Loop Back Message) is 3, LBR (Loop Back Reply) is 2, LTM (Link Trace Message) is 5, and LTR (Link Trace Reply) is 4. The TLV (Type-Length-Value) offset contains an offset corresponding to the TLV (Type-Length-Value) offset field to the first TLV in the OAM PDU (associated with the type of OAM PDU). If the TLV offset is 0, it points to the first octet (OAM data information) following the TLV offset field.

Ethernet OAM includes the following Link OAM, Connectivity OAM and Service OAM.

(1) Link OAM: Monitors the line status between two adjacent devices (compliant standards: IEEE802.3ah, ITU-T Y.1731):
(1-1) Discovery: Identify devices in the network and their OAM capabilities.
(1-2) Remote Link Monitoring: Detect and display link failures.
(1-3) Link Failure Indication: A function by which an OAM entity communicates a failure status to a peer through a specific flag in an OAM PDU.
(1-4) Remote LoopBack: Loopback control, put peer in loopback mode using OAM PDUs.

(2) Connectivity OAM: Monitors line status between two remote devices (compliant standards: IEEE802.1ag, ITU-T Y.1731):
(2-1) Continuity Check (CC),
(2-2) Loopback (LB) (equivalent to Layer 3 PING function)
(2-3) Link Trace (LT) (equivalent to layer 3 trace route function)

(3) Service OAM: Monitors line status and performance between multiple devices on a communication path (corresponding standard: ITU-T Y.1731).

Referring to FIG. 2A, the Continuity Check (CC) confirms connectivity between MEPs. Specifically, in order to detect a communication disconnection, an end MEP transmits a CCM (Continuity Check Message) to another end MEP. The CCM check interval is, for example, 3.3 ms/10 ms/100 ms/1 s/1 min. /10 min. Loopback (LB) exchanges loopback frames between MEPs and between MEPs and MIPs on demand to check continuity and isolate faults.

Referring to FIG. 2B, LoopBack (LB) unicasts an LBM (Loopback Message) from the MEP to the destination MIP or MEP, for example. When MIPs and MEPs receive LBM frames, they generate LBR (Loopback Reply) frames and transmit them to source MEPs. The destination MAC address and source MAC address of the LBR frame are obtained by replacing the destination MAC address and source MAC address of the LBM frame. The opcode field of the LBR frame header is changed from LBM to LBR. If no LBR is received within a predetermined period of time (for example, at least 5 seconds), it becomes "loss of connectivity". For example, in a MEP, after sending a unicast LBM frame, the transaction ID is kept, for example, for a minimum of 5 seconds.

Referring to FIG. 2(C), Link Trace (LT) exchanges loopback messages between MEPs and MEPs and between MEPs and MIPs to confirm the normality of the route. For example, when a failure occurs, it is used to isolate the failure location. The MEP stores the target MAC address in the TLV field, describes the multicast address in the DA field, and transmits LTM (Link Trace Message). When a source MEP multicast-transmits an LTM frame, all MIPs/MEPs through which the LTM frame passes return a response frame (LTR (Link Trace Reply)) to the source MEP. Note that the MEP that received the LTM frame last does not forward it any more.

Ethernet (registered trademark) is used not only for LANs (Local Area Networks) but also for VPNs (Virtual Private Networks) that provide layer 2 connections of the OSI (Open Systems Interconnection) reference model between sites. ing. Ethernet OAM (Operation Administration and Maintenance) is a technology that standardizes Ethernet operation, maintenance, and management (OAM). 1731, and IEEE802 (Institute of Electrical and Electronics Engineers) also defines IEEE802.1ag.

Link Aggregation uses multiple physical ports (interfaces) as Link Aggregation member ports and configures a Ling Aggregation Group (LAG) that logically accommodates as one line. Broaden the communication bandwidth with the node. A bundle of ports is called a link aggregation group (LAG) (also called a "trunk group"). One MAC (Media Access Control) address of a plurality of ports (LAG port members) configuring the LAG may be used as the system ID (Identification) of the LAG.

In LAG, a plurality of hash values (hash keys) prepared in advance are evenly assigned to LAG member ports, and based on the IP (Internet Protocol) address, MAC address, or port ID of the packet to be transmitted, for example, each manufacturer It is common to convert to a hash value (hash key) using a unique algorithm and determine the transmission interface. As schematically shown in FIG. 3, in the L2 switch (SW1), a frame sent from the LAG is, for example, based on a hash value (hash key) converted from the destination and/or source MAC address of the frame header, Allocate to any one interface (port) of a plurality of lines (links) of the LAG.

When calculating a hash value (hash key) based on a destination MAC address and a source MAC address, a plurality of prepared hash values (hash keys), for example 32, and two LAG lines (NIF (Network Interface ) consists of P1 and P2), the frames (packets) are allocated by assigning 16 hash values to each of the two LAG member ports. Frames (packets) with the same hash value always pass through the same physical port. Alternatively, if there are two LAG member ports, convert the first digit (or the 12th digit from the beginning) of the frame source MAC address into a hash value depending on whether it is even or odd, and assign it to two LAG member ports. conduct. As another example, in the case of a line with eight hash value (hash key) elements and four LAGs (the number of NIFs is four from P1 to P4), as an example of distribution based on hash values, for example Hash values H1 and H5 are distributed to port P1, hash values H2 and H6 to port P2, hash values H3 and H7 to port P3, and hash values H4 and H8 to port P4. Alternatively, a router such as a layer 3 (L3) switch may obtain a hash value based on, for example, an IP (Internet Protocol) address. For example, based on the hash value of at least one of the source IP address and the destination IP address, the output port of the distribution destination is determined. Alternatively, the destination output port may be determined based on a hash value such as a port ID.

In link aggregation, for example, port information for setting MIP or MEP is not individual port (physical port), but logical port information that bundles a plurality of ports (physical port) is used. may occur. For example, one MAC address of a plurality of ports forming a LAG may be used as the system ID (system identification) of the LAG. In this case, in a communication device (node device) in which multiple ports (physical ports) are bundled into logical ports, when confirming reachability using an LBM frame or the like, a specific physical port among multiple ports (physical ports) It is known that confirmation using a port ends up being the case (for example, see Patent Document 1).

For example, an LBM frame with the MAC address of the MEP that generates and transmits the LBM frame and the MAC address of the destination MIP/MEP port as the source MAC address and the destination MAC address, respectively, is generated in the switch SW1 in FIG. , the destination port is determined by hash calculation based on the MAC address. Therefore, although the LBM frame reaches the port, the reachability of other ports cannot be confirmed.

FIG. 4 is a diagram created based on FIG. 3 of the drawing of Patent Document 1. FIG. FIG. 4A shows an operation example of an Ethernet OAM loopback test. In FIG. 4B, UpMEPs are indicated by triangles, and how LBM and LBR frames are logically transferred in a section sandwiched between two UpMEPs is indicated by long two-dot chain lines. In FIG. 4A, the physical transfer paths of LBM and LBR are indicated by long dashed lines.

UpMEPs communicate via a relay function. UpMEP is set for, for example, the output port+VLAN (Virtual LAN) after the frame is switched (relayed) within the device and the output port is determined. An UpMEP drops its own level or lower level OAM frames coming from the line direction and bridge relay side, processes its level OAM frames coming from the bridge relay side, and receives from the bridge side or line side. Incoming higher-level OAM frames are forwarded transparently.

DownMEPs, on the other hand, communicate via lines and can be located on ports of a switch, for example. A Down MEP is, for example, a MEP that terminates an OAM frame input from outside the device at a port that receives it, and the Down MEP port also transmits a maintenance management frame from that port to the outside of the device. A DownMEP port processes OAM frames of its own level arriving from the line direction, discards lower level frames, and transparently forwards higher level OAM frames arriving from the bridge relay side or the line side.

As described with reference to FIG. 3, LBM and LBR frames transferred to LAG are distributed to any one port (physical port: network interface) based on the hash value converted based on the MAC address. .

In a loopback between MEPs, the combination of the destination and source MAC addresses in the headers of the LBM frame and its response LBR frame does not change (in the LBR frame, the destination and source MAC addresses are the same as those of the LBM frame destination and source MAC addresses). Therefore, the hash value in the LAG of any LBM frame does not change from packet to packet. Also, the hash value in the LAG of an LBR frame replied from a peer MEP in response to any LBM frame does not change from frame to frame. Therefore, the physical link through which the LBM and LBR pass is the same each time in each of the LBM frame and the LBR frame. Therefore, as illustrated in FIG. 4, when transferring an LBM frame from the MEP of port P2 of switch SW1 to the MIP of port P1 of switch SW2 over Trunk 1 (LAG), the A link to port P1 is selectively used. Therefore, the link between the port P3 of the switch SW1 and the port P2 of the switch SW2 becomes a section (path) through which LBM and LBR do not pass, and the normality of frame transmission in this section cannot be confirmed.

When sorting to one port out of multiple ports (physical ports) connected to the LAG based on the hash value of the MAC address of the frame, for example, increase the MAC address of the source (MEP) of the LBM frame. It is possible to allocate LBM frames to another physical port connected to the LAG by (addition of NIF (network interface)). However, if the number of elements of the hash value increases, the number of additional network interfaces of transmission sources of LBM frames increases, which is not practical.

In order to address the above problem, JP-A-2003-100001 describes a method for comprehensively confirming the normality of multiple frame transfer paths inside a communication device in which multiple physical ports are bundled into a logical port. Techniques are disclosed. The frame transmission device described in Patent Document 1 includes a plurality of ports of a line unit and a setting control unit, and the setting control unit transfers an OAM frame from a first port to a second port inside the device. confirms the normality of the frame transfer status inside the device. When the first port is a logical port in which a plurality of physical ports are link-aggregated, the configuration control unit selects each of the plurality of physical ports as a source port, and selects the second port from the plurality of physical ports. to forward multiple OAM frames.

Also, in Patent Document 2, a maintenance entity such as a MEP or MIP is configured to inspect a designated link of a group by forwarding at least one CFM (Connectivity Fault Management) over the designated link. An arrangement is disclosed with a definer module that allows all LAG members to check whether a MEP is associated with all links during a unicast LBM check.

Further, in Patent Document 3, a layer 2 network device transmits an Ethernet OAM frame received from a first port to all of a plurality of second ports connected to link-aggregated lines (links). A configuration is disclosed in which a link failure between communication devices can be detected by having OAM frame duplicating means for duplicating and transferring OAM frames to all links that constitute link aggregation.

Furthermore, a tagged VLAN (Virtual Local Area Network) may be configured on the link aggregation described above. A number (VLAN ID) is assigned to each VLAN in the tagged VLAN and registered in a database (DB) for VLAN information management of each switch. The switch refers to the DB to associate the source VLAN of the frame with the destination VLAN. For example, in a trunk link between switches 1 and 2, switch 1 adds a tag VLAN number corresponding to VLAN A to the header of a frame sent from VLAN A, for example, and sends the frame to switch 2 from the trunk port. , the tag field of the header of the frame received from the trunk port recognizes that the frame belongs to VLAN A, removes the tag inserted by switch 1, and transfers the frame to the VLAN A port of switch 2, The frame is forwarded only to the target VLAN.

When a layer 2 switch receives a frame, it registers the source MAC address in a table called a filtering database (FDB). Each entry in the FDB records the correspondence between the MAC address and the port that received the frame. Upon receiving a frame, the layer 2 switch compares the destination MAC address with the MAC address in the FDB, and if there is no matching entry, broadcasts to all interfaces except the interface (port) on which the frame was received, and connects the ports. Get the destination MAC address. If there is an entry in the FDB that matches the destination MAC address, the switch compares the interface on which the frame was received with the interface in the FDB entry, and if the interfaces differ, relays the frame to the interface indicated in the FDB entry. .

Note that when link aggregation is used as a layer 3 interface in a switch, a hash value of an IP address may be used to distribute links to be used. In a subnet-based VLAN or the like, when the IP address of a packet belongs to a specific subnet, it is regarded as belonging to a specific VLAN.

When distributing LAG ports based on the hash value of the VLAN number (VLAN ID (VID)) in a switch, monitor the LAG interconnectivity between VLAN nodes between the source and destination of frames with the same VLAN number. is not easy.

In access ports where one VLAN belongs to a port of a switch, the VLAN number can be changed in either a static method of assigning a VLAN to each port or a dynamic method of mapping a MAC address, IP address, or user name to a VLAN. are the same, they are assigned to the same port.

JP 2015-002413 A Japanese translation of PCT publication No. 2009-543500 JP 2008-131615 A

In the above-described related art, when VLANs are configured on link aggregation, for example, when a switch sorts LAG member ports based on VLAN numbers, only the connectivity test of the same VLAN can be performed. Connectivity is difficult to monitor and test.

Moreover, even when the switch sorts the LAG member ports based on the VLAN ID and MAC address, only connectivity tests for the same VLAN can be performed.

In order to perform a connectivity test on all link-aggregated physical ports and confirm normality, a communication device such as a switch that constitutes MEP or MIP is modified (modified) according to the specifications of each of the above patent documents. ) or need to be redesigned.

For example, in a network such as a wide area Ethernet service in which an Ethernet VPN is configured to connect bases as the same segment, the modification of each switch as described above makes it difficult to apply to existing systems. In addition, modification (redesign) of switches or replacement of models when applying to an existing system leads to an increase in cost, man-hours, and the like.

Accordingly, the present invention has been invented in view of the above problems, and its object is to reduce the cost and work man-hours by estimating or judging the failure section or failure part of a network including a plurality of communication devices having a link aggregation port. To provide a network management device, a network management method, and a program capable of suppressing an increase in

According to one aspect of the present invention, as a monitoring frame to be transmitted to a network including one or more communication devices having multiple ports aggregated into a link aggregation group (LAG), identification of the header of the frame Means for generating a plurality of frames in which predetermined identification information with different values is set in the information column and transmitting them to target terminals over a network to which a plurality of communication devices (network devices) are hierarchically connected. A network management device is provided. According to one aspect of the present invention, as a monitoring frame to be transmitted to a network including one or more communication devices having multiple ports aggregated into a link aggregation group (LAG), identification of the header of the frame A first means for generating a plurality of frames in which predetermined identification information with different values is set in an information column and transmitting the frames to a target terminal, and a second means for detecting reception of a reply to the transmitted frames. and a third means for judging a failure section and/or a failure part based on whether or not a reply to a frame transmitted to a plurality of target terminals has been received and failure judgment conditions, provided.

According to one aspect of the present invention, an EoE (Ether over Ether) tagged PING function for monitoring a network including one or more communication devices having multiple ports aggregated into a link aggregation group (LAG), A network management device comprising means for transmitting a frame obtained by sweeping at least one of a source MAC address and VLAN-ID of an Ethernet frame header, and a source IP address of an IP packet encapsulated in the frame. is provided.

According to one aspect of the present invention, as an EoE PING function for monitoring a network including one or more communication devices having multiple ports aggregated into a Link Aggregation Group (LAG), an Ethernet frame header source (source) A network management device is provided comprising means for transmitting a frame that has been swept at least one of a MAC address and a VLAN-ID.

According to one aspect of the present invention, transmission of Ether-OAM frame headers as an Ether-OAM function for monitoring a network including one or more communication devices having multiple ports aggregated into a Link Aggregation Group (LAG). A network management device is provided comprising means for transmitting frames that have been swept at least one of a source MAC address and a VLAN-ID.

According to one aspect of the present invention, the transmission of Etherframe headers as a tagged PING function monitoring a network comprising one or more communication devices having multiple ports aggregated into a Link Aggregation Group (LAG). A network management device is provided comprising means for transmitting a frame that sweeps at least one of a source MAC address, a VLAN-ID and a source IP address of an IP packet encapsulated in said frame.

According to one aspect of the present invention, there is provided a network system comprising the above network management device.

According to one aspect of the present invention, as a monitoring frame to be transmitted to a network including one or more communication devices having multiple ports aggregated into a link aggregation group (LAG), identification of the header of the frame A network management method is provided for generating a plurality of frames in which predetermined identification information with different values is set in information columns, transmitting the frames to a target terminal, and monitoring reception of replies corresponding to the frames. According to one aspect of the present invention, as a monitoring frame to be transmitted to a network including one or more communication devices having multiple ports aggregated into a link aggregation group (LAG), identification of the header of the frame generating a plurality of frames in which predetermined identification information with different values is set in the information column and transmitting them to the target terminal; detecting whether or not a reply to the transmitted frame is received; A network management method for judging a failure section and/or a failure part based on the presence or absence of reception of a reply to a frame transmitted to a network and failure determination conditions is provided.

According to one aspect of the present invention, as a monitoring frame to be transmitted to a network including one or more communication devices having multiple ports aggregated into a link aggregation group (LAG), identification of the header of the frame The computer executes a process of generating a plurality of frames in which predetermined identification information with different values is set in the information column and transmitting the frames to the target terminal, and a process of monitoring reception of replies corresponding to the frames. A program is provided to According to one aspect of the present invention, as a monitoring frame to be transmitted to a network including one or more communication devices having multiple ports aggregated into a link aggregation group (LAG), identification of the header of the frame A process of generating a plurality of frames in which predetermined identification information with different values is set in the information column and transmitting the frames to the target terminal;
a process of detecting whether or not a reply to the transmitted frame is received;
a process of determining a failure section and/or a failure part based on whether or not a reply to a frame transmitted to a plurality of target terminals is received and failure determination conditions;
A program is provided that causes a computer to execute

According to one aspect of the present invention, a computer-readable recording medium (for example, RAM (Random Access Memory), ROM (Read Only Memory), or EEPROM (Electrically Erasable and Programmable ROM)) storing the program and non-transitory computer readable recording mediums such as HDDs (Hard Disk Drives), CDs (Compact Discs), DVDs (Digital Versatile Discs).

According to the present invention, monitoring such as connectivity confirmation (communication confirmation) of a network including a plurality of communication devices having a link aggregation port can be realized while suppressing an increase in cost, man-hours, and the like.

FIG. 2 is a diagram for explaining an Ethernet OAM frame; FIG. (A), (B), and (C) are diagrams for explaining connectivity OAM. It is a figure explaining hash of related technology. (A) and (B) are diagrams based on the disclosure of Patent Document 1. FIG. BRIEF DESCRIPTION OF THE DRAWINGS It is a figure explaining the 1st Embodiment of this invention. BRIEF DESCRIPTION OF THE DRAWINGS It is a figure explaining the 1st Embodiment of this invention. 1 is a diagram illustrating an example of a configuration of a network management device (server) according to the first embodiment of this invention; FIG. It is a figure explaining an example of operation|movement of the 1st Embodiment of this invention. It is a figure explaining the 2nd Embodiment of this invention. It is a figure explaining the 2nd Embodiment of this invention. It is a figure explaining embodiment of this invention. It is a figure explaining embodiment of this invention. It is a figure explaining embodiment of this invention. It is a figure explaining embodiment of this invention. It is a figure explaining embodiment of this invention. (A) and (B) are diagrams for explaining a third embodiment of the present invention. It is a figure explaining an example of a structure of the server of the 3rd Embodiment of this invention. It is a figure explaining an example of operation|movement of the 3rd Embodiment of this invention. It is a figure explaining an example of a structure of the server of the 4th Embodiment of this invention. It is a figure explaining the 4th Embodiment of this invention. It is a figure explaining an example of operation|movement of the 4th Embodiment of this invention. It is a figure explaining an example of a structure of the server of the 5th Embodiment of this invention. It is a figure explaining an example of the operation|movement of the 5th Embodiment of this invention. It is a figure explaining an example of a structure of the server of the 6th Embodiment of this invention. It is a figure explaining the 6th Embodiment of this invention. It is a figure explaining the 7th Embodiment of this invention. It is a figure explaining the 9th Embodiment of this invention. It is a figure explaining the structure of the 10th Embodiment of this invention. It is a figure explaining the 10th Embodiment of this invention. It is a figure explaining the 11th Embodiment of this invention. It is a figure explaining the 11th Embodiment of this invention. It is a figure explaining embodiment of this invention. (A) and (B) are diagrams for explaining an embodiment of the present invention. FIG. 32 is a diagram illustrating the configuration of a server according to the twelfth embodiment of this invention; (A) and (B) are diagrams for explaining a twelfth embodiment of the present invention. FIG. 10 is a diagram illustrating an example of port-to-port connection information; FIG.

An embodiment of the present invention will be described. In one aspect of the present invention, a network management device is configured to: in a network including a plurality of network devices hierarchically connected using a link aggregation connection, a plurality of targets ahead of a plurality of hierarchically connected network devices; A plurality of frames, as monitoring frames (packets) destined for a terminal, in which predetermined identification information is set in the identification information column of the frame header and is at least equal to or greater than the number of link aggregation member ports on the route. A configuration is provided with means for generating and transmitting to a plurality of target terminals in parallel or at the same time.

In one aspect of the present invention, the network management device transmits a frame with a variable VLAN ID value as identification information in the frame header, and monitors reception of responses from a plurality of target terminals in parallel or simultaneously. By doing so, the bidirectional normality of transmission and reception of all physical lines constituting link aggregation on paths to a plurality of target terminals can be confirmed in parallel or simultaneously.

In one embodiment of the present invention, the header of the supervisory frame is a supervisory frame using a VLAN extension frame format typified by Mac in Mac (Ethernet (registered trademark) technology for encapsulating and carrying MAC frames in MAC frames). It is also possible to generate and transmit a plurality of frames in which a predetermined address with a different value is set in the source address information column included in the header of the extended VLAN of the monitoring frame.

In a network that includes multiple network devices that are hierarchically connected using multiple link aggregation connections, connectivity confirmation (communication check) to multiple target terminals beyond the hierarchically connected multiple network devices ), etc. can be realized by minimizing the monitoring traffic, increasing the cost, labor, man-hours, etc. In one embodiment of the present invention, the source address information set in the frame or packet is In addition, other LAG allocation reference parameter information set in the network devices on the paths may be used in the communication devices of the networks on the plurality of paths of the supervisory frame.

According to one aspect of the present invention, a network management device, as a PING monitoring function for monitoring a network including a plurality of network devices hierarchically connected using a plurality of link aggregation connections, detects the transmission source of an Ethernet frame header. (source) Spontaneously generates monitoring frames by sweeping any one of the MAC address, VLAN ID, Mac in Mac address of the IP packet encapsulated using the Mac in Mac frame format, or a combination of a plurality of them. It is also possible to have a configuration that includes means for transmitting by

According to one aspect of the present invention, an EoE (Ethernet Over Ethernet or Ether Over Ether) network, a PBB network, or other networks including a plurality of network devices hierarchically connected using a plurality of link aggregation connections. Directly from the server without going through a network device such as an EoE edge switch, a PBB edge switch, or an edge switch that performs encapsulation/decapsulation using other VLAN extension technology for networks using VLAN extension technology. A PING monitoring frame encapsulated in the Mac in Mac frame format, an encapsulated Ether-OAM LBM frame, or an encapsulated TS1000 frame is generated by itself, and the SA, EID, and EVID of the EoE address are generated. A configuration may be provided with means for sweeping and transmitting at least one.

According to one aspect of the present invention, in a network including a plurality of network devices hierarchically connected using a plurality of link aggregation connections, a plurality of targets ahead of the plurality of hierarchically connected network devices As an Ether-OAM function that monitors multiple paths to the terminal in parallel or simultaneously, by providing means for sending a frame that sweeps at least one of the source MAC address of the Ethernet OAM frame header and the VLAN ID , Ether-OAM frames are sent from the server by sweeping the SA (source address), and by sending LBM, sorting is performed by SA on the transmission path, and from the target terminal, multiple DA ( By responding with the LBR that has become the destination address), in the LAG on the receiving side route, by sorting by SA (source address), even if the target side does not have a supervisory frame transmission function, bi-directional link A configuration in which the normality of all member ports of the aggregation can be confirmed may be employed.

According to one aspect of the present invention, in a network including a plurality of network devices that are hierarchically connected using a plurality of link aggregation connections, a network management device is provided at the top of a plurality of hierarchically connected network devices. By transmitting a PING frame with VLAN TAG for monitoring multiple routes to multiple target terminals in the Ether frame, the source MAC address and VLAN ID in the header of the Ether frame and the TAG attached to the frame. By sending an ICMP request that sweeps at least one of the source IP addresses of the IP packet, on the transmission route, based on the information of multiple SAs (source address) of the ICMP request, LAG allocation On the receiving path, by performing LAG allocation based on the information of DA (destination address) of multiple ICMP replies (responses) from the target terminal, the target side has the function of sending and receiving the monitoring frame. It is also possible to provide a configuration with means for confirming the normality of all member ports of bidirectional link aggregation even without such means.

According to one aspect of the present invention, the network management device sets the values included in the source information in the predetermined field of the header of the supervisory frame or supervisory packet to different values (or values swept within a certain range). In a network that includes multiple network devices that are hierarchically connected using link aggregation connections, multiple target terminals ahead of multiple network devices that are hierarchically connected A configuration may be adopted in which the normality of all the transmission/reception bi-directional directions of all physical lines constituting the link aggregation on the route to multiple target terminals is confirmed in parallel or at the same time. The value included in the source information in the predetermined field of the header of the monitor frame or monitor packet may be any one of VLAN-ID (VID), MAC address, IP address, port ID, etc., or a plurality of these selected. (eg, VID and MAC address) may be used. A MAC address and an IP address may be a source (source) address, a destination (destination) address, or a combination of a source address (source) and a destination (destination) address. It may be a combination.

The plurality of MAC addresses, IP addresses (sweep addresses), etc. prepared by the network management device may be virtual MAC addresses or virtual IP addresses different from the MAC address or IP address of the transmission source device. Also, the port ID may be a virtual port ID.

<First Embodiment>
FIG. 5 is a diagram schematically illustrating a first exemplary embodiment of the invention. Referring to FIG. 5, the network management device 10 is a node that performs network monitoring and control, attaches a VLAN tag to a PING frame by software, and assigns a VID (Virtual LAN Identifier: 12 bits) to at least a LAG on a communication path. The number of member ports is varied within a predetermined range equal to or greater than the maximum number of member ports, and is transmitted to the target terminal 3 via the edge switch 2-2 of the network 1. FIG. It should be noted that the configuration may include a plurality of target terminals 3 connected to the edge switch 2-2. The network management device 10 may be implemented in a computer such as a server having a communication function. In this case, the server functions as a network management function device. Therefore, in this specification, the reference numeral 10 may indicate a server that implements the functions of the network management function device.

In FIG. 5, the edge switch 2-1 is connected to the target terminal 3 via the switches 20-A to 20-D and the edge switch 2-2 during normal operation of the network 1. good. Note that the edge switch 2-1 may be in an operating state when the network management device 10 monitors and controls the network 1. FIG.

Each of the switches 20-A to 20-D performs distribution based on the hash value of the VLAN ID (VID (12 bits), also called VLAN number), and assigns the PING (frame) received from the input port to the destination LAG member. Output from a port (output port). Ports of switches 20-A to 20-D may include LAG member ports, and ports may be connected by trunk links, for example. A plurality of VLAN traffic can be transmitted over one trunk link, and frames transmitted over the trunk link are identified by a tag (VID). In the switches 20-A to 20-D, if a port can be switched between a trunk port (tagged port) and an access port (untagged), one port can belong to multiple VLANs. configured as a valid trunk port. Then, for each trunk port of the switches 20-A to 20-D, VLANs (VLANs 2 to 5) of VIDs (for example, VID=2 to 5 in FIG. 5) variably set (sweeped) by the network management device 10 may be set in advance to allow traffic of

In FIG. 5, in a configuration in which four ports (four lines) facing each of switches 20-A to 20-D are combined into one by LAG, the dashed arrow from network management device 10 indicates VID. , four PING paths are shown. Of course, the number of LAG member ports (the number of lines aggregated into LAG) is not limited to four.

In FIG. 5, a tagged (for example, VID=2) PING frame (Echo request) transmitted by sweeping the VID in the TAG from 2 to 5 for the IP address of the target terminal 3 from the network management device 10 is input to the input port. is received from one port.

The switch 20-A is set to VID distribution by setting, and based on a hash algorithm uniquely determined by the device manufacturer, the LAG member port (output port) to which the frame is distributed is determined based on the VID value. The frame is sorted and output to the determined output port. However, when focusing only on the 1 digit of the VID value, the hash algorithm differs depending on the device manufacturer, so which member port is assigned to which supervisory frame. Although it is unknown whether or not they pass through, even if the DA (destination address) is the same IP address, if the VIDs are serial numbers, they are evenly distributed.

For the frame (tagged PING frame) output from the switch 20-A, PINGs with VLAN tags of VIDs 2 to 5 are comprehensively input to the LAG member ports of the switch 20-B.

In the switches 20-B and 20-C as well, LAG is set to VID distribution by setting, and even if the switches 20-B, 20-C and 20-D have mutually different hash algorithms, It may also have a different hash algorithm than switch 20-A. For each device, the LAG member port (output port) to which the frame is to be distributed is determined based on the VID value based on a hash algorithm uniquely determined by each device manufacturer, and the frame is distributed to the determined output port. However, since the hash algorithm differs depending on the device manufacturer, it is unknown which supervisory frame passes through which member port. Even if the DAs have the same IP address, the first digit of the VID is serialized, such as VID2 to VID5, so that the VIDs are evenly distributed.

The edge switch 2 - 2 outputs the received PING frame with the VLAN tag to the port connected to the target terminal 3 as it is, and the PING frame with the VLAN tag reaches the target terminal 3 .

The target terminal 3 receives the PING with the tag attached. The target terminal 3 returns a tagged PING reply (Echo reply), which is a response to the tagged PING request, to the network management device 10 . The destination (destination) IP address of the packet of the PING reply with TAG is set to the source (source) IP address (IP address of the network management device 10) of the IP header included in the PING request with TAG received by the target terminal 3, The source (source) IP address is returned as the IP address of the target terminal 3 .

The target terminal 3 copies the ID number and sequence number of the ICMP header of the PING request with tag received by the target terminal 3 as they are, sets them in the ICMP header with tag of the PING reply with tag, and sets the type to reply (=0). set and send back.

The edge switch 2-2 connected to the target terminal 3 receives the PING reply with TAG, and since there is a VID in the VLAN tag of the frame header of the PING reply with TAG, the switch 20-D receives the PING reply within the VLAN. transfer to In the switches 20-C and 20-B, the LAG is also set to VID distribution by setting, and the switch 20-D, the switch 20-C, and the switch 20-B have mutually different hash algorithms. It may also have a different hash algorithm than switch 20-A. For each device, the LAG member port (output port) to which the PING frame with tag is to be distributed is determined based on the hash algorithm uniquely determined by each device manufacturer based on the VID value, and the determined output port Divide and output the frames. Since the hash algorithm differs depending on the equipment manufacturer, it is unknown which surveillance frame passes through which member port, but even if the DA is the same IP address, the first digit of the VID is VID2 to VID5. By assigning serial numbers, they are distributed evenly. In this way, the PING reply with TAG is finally returned to the network management device 10 via the switches 20-D to 20-A.

For simplicity, FIG. 5 shows only one target terminal 3 connected to the switch 2-2. A configuration in which a plurality of target terminals to be connected respectively are connected may be employed.

6(A) and 6(B) show that the network management function device (server) 10 in FIG. The process of detecting a failure section by simultaneously or in parallel transmitting and receiving a plurality of tagged PINGs with variable (sweeping) VLAN ID (VID) values will be described schematically. It is a diagram.

FIG. 6A is a diagram illustrating an example of the topology of network 1 of FIG. In FIG. 6A, devices A to D may correspond to the switches 20-A to 20-D in FIG. 5, for example, and devices E and F may correspond to the edge switch 2. FIG. The destination (target) nodes A, B, C may correspond to the destination (target) node 3 in FIG. Numbers 1-4 indicate intervals between devices.

FIG. 6(B) is a diagram showing an example of conditions under which the network management function device (server) 10 of FIG. 5 detects a section failure in the network topology of FIG. 6(A).

The network management function device (server) 10 receives a tagged PING reply to a plurality of tagged PING requests sent to the target terminal A when even one reply is not returned (a tagged PING from other target terminals received a reply), it may be determined as a failure in section 1.

The network management function device (server) 10 receives no tagged PING reply to a plurality of tagged PING requests sent to the target terminal B (there is no PING reply from other target terminals). received), and may be determined as a failure in section 2.

The network management function device (server) 10 receives a tagged PING reply from a plurality of tagged PING requests sent to the target terminal C when even one reply is not returned. ), it may be determined that the failure occurred in section 3.

If even one tagged PING reply to a plurality of tagged PING requests sent to the target terminals A, B, and C does not return, the network management function device (server) 10 determines that section 4 has failed. You can judge.

In this way, in a network using LAG, it is possible to determine a section in which a silent failure or the like has occurred, based on information on a target terminal in which a tagged PING request has failed to arrive.

In FIG. 5 , the network management function device (server) 10 also sweeps the MTU (Maximum Transfer Unit) size, UTP (Unshielded Twisted Pair) port number, etc. when transmitting the tagged PING, so that the specific packet Needless to say, it is possible to detect transfer failures of lengths greater than or equal to a specific packet length, or only a specific packet length, and silent failures related to communication of applications using a specific UTP port.

FIG. 7A is a diagram for explaining an example of the configuration of the network management device (server) 10. As shown in FIG. FIG. 7B is a diagram for explaining the ICMP header.

Referring to FIG. 7A, the management module 18 includes a monitor control section 12, a PING frame creation section 33, a frame transmission section 14, and a PING reply reception determination section . The PING frame creation unit 33 has a VID setting unit 331 that sets a VID (12 bits) in the VID field of the VLAN tag of the PING frame. The VID setting unit 331 stores VIDs equal to or greater than the number of LAG member ports of the switches 20-A to 20-D in FIG. can be The VID, the upper limit value, and the lower limit value held in the VID setting unit 331 may be set by an administrator or the like for the network management device (server) 10 .

The transmitter 111 and receiver 112 of the network interface (NIF, also called NIC (Network Interface Card)) 11 such as an Ethernet card use, for example, a UTP (Unshielded Twisted Pair) cable (for example, Category 3 (10BASE-T Ethernet standard) as a transmission medium. 10 Mbps (Megabit per second), 100 Mbps in 100BASE-T2/T4 standards) to Category 6 (1 Gbps (Giga bit per second) in 1000BASE-T and 1000BASE-TX standards), STP (Shielded Twisted Pair) cable, A wired connection may be made using an optical fiber or a coaxial cable (100base).

The management module 18 may be implemented as an L2 (data link layer) and L3 (network layer) processing module.

The tagged PING frame creation unit 33 receives a PING frame whose destination IP address is the target terminal 3 (FIG. 5) from the monitoring control unit 12, sets a VID value in the VID field of the VLAN tag, and receives the frame transmission unit 14. hand over.

Each time the tagged PING command is executed, a different identification number is set in the ID number of the tagged ICMP header (FIG. 7B). When multiple tagged PINGs are executed with a single tagged PING command, multiple frames are given the same ID number. A different sequence number (FIG. 7B) is assigned to each transmitted packet (frame). Note that FIG. 7B schematically illustrates a tagged ICMP header of a tagged PING request (echo request (ICMP_ECHO): type 8).

The frame transmitter 14 transmits the tagged PING frame via the transmitter 111 . The frame transmission unit 14 stores transmission time information (time stamp) for the transmitted tagged PING frame in a storage unit (not shown) in association with, for example, the ID number and sequence number of the tagged ICMP header. good too. The network interface (NIF) 11 passes the tagged PING reply received by the receiver 112 to the tagged PING reply reception determination unit 35 .

The tagged PING reply reception determining unit 35 associates the tagged PING request with the response based on the ID number and sequence number of the tagged PING reply (Echo reply (ICMP_ECHOREPLY): type 0). The header of the tagged PING reply returned from the target terminal 3 is also the same as that shown in FIG. 7B, and the ID number and sequence number are set in the tagged PING request (echo request) received by the target terminal 3. Copy and return the ID number and sequence number. Note that the type of the ICMP header included in the tagged PING reply is 0. The tagged PING reply reception determining unit 35 determines that there is a response when a tagged PING reply with an ID number and a sequence number corresponding to the tagged PING request is received.

The tagged PING reply reception determining unit 35 determines that there is no response when a tagged PING reply with an ID number and a sequence number corresponding to the tagged PING request (ICMP frame of type 0) is not received.

The tagged PING reply reception determination unit 35 notifies the monitoring control unit 12 of whether or not a tagged PING reply has been received.

After transmitting the tagged PING request frame, the tagged PING reply reception determination unit 35 performs timer monitoring to determine whether the target terminal 3 returns a tagged PING reply within a predetermined time. If a PING reply with a corresponding tag is not returned from the corresponding target terminal 3 even after a predetermined period of time has elapsed, it may be determined that there is no response, and the monitor control unit 12 may be notified.

Alternatively, a router (L3 switch) or the like (not shown) arranged in the network 1 between the network management device 10 and the target terminal 3 receives the PING request (echo request) transmitted from the network management device 10, and the target terminal 3, but the PING request does not reach the target terminal 3, or if the transmission time-out occurs, the router (L3 switch) or the like sends the network management device 10 an ICMP frame with a tag (for example, type 3 : unreachable (ICMP_UNREACH), type 11: time exceeded (ICMP_TIMXCEED)). Of course, the tagged PING reply reception determination unit 35 may determine the type of the tagged ICMP frame returned via the network 1 and detect unreachability of the tagged PING request. .

The monitor control unit 12 deletes the VID set in the target terminal 3 that does not respond to the tagged PING reply and the tagged PING frame from the correspondence between the target terminal and the VID. On the other hand, the combination of the target terminal 3 that normally returned the tagged PING reply and the VID set in the tagged PING frame is fixed and stored, and the IP address of the target terminal is used as the destination IP address, and the VLAN tag is applied. The VLAN to which the target terminal 3 is connected may be monitored using PING with a tag set to the VID. The monitoring control unit 12 may determine the failure section based on the topology information of the network 1 based on the result of the PING response, as described with reference to FIG.

FIG. 8 is a flow diagram illustrating the operation of the first embodiment of the invention. During normal operation, the network management device 10 prepares VLAN IDs (VIDs) equal to or more than the number of LAG member ports, or reserves a specified range of VIDs and changes the range, and prepares a plurality of tagged PING requests (Echo request) to one or more target terminals. At that time, a plurality of PING requests in which the tags (VID) of the frame headers are set to different values are transmitted to the same target terminal (S101).

The network management device 10 monitors whether a tagged PING reply has been returned from the target terminal (S102).

When a tagged PING reply is not returned from the target terminal (tagged PING unreachable), the network management device 10 selects the target Remove the terminal (S103).

When a tagged PING reply is returned from the target terminal (tagged PING arrival), the network management device 10 associates and manages the target terminal and the VID (S104).

The network management device 10 performs monitoring by PING with a tag using the combination of the target terminal and VID (S105).

According to the first embodiment, when a VLAN is configured on a link aggregation, for example, when a communication device such as a switch is set to sort LAG member ports based on VLAN IDs, a network is configured. Even if the VLAN allocation algorithm is different for each device, or even if the VLAN hash algorithm is unknown and it is unknown which VID is output to which port, the communication device such as the switch is modified. monitoring such as connectivity confirmation (communication confirmation) of different VLANs, detection of a faulty section, etc., can be realized without changing (using existing communication devices such as switches as they are). For example, by retrofitting an existing network, two-way silent fault monitoring of the network, efficiency and facilitation of inspection, and suppression or reduction of cost increase are enabled. Similarly, even if the switch distributes the LAG port based on the VLAN ID and MAC address, it is possible to monitor the connectivity confirmation (communication confirmation) of different VLANs and detect the failure section of the silent failure. there is

<Second embodiment>
The exemplary second embodiment configures the network 1 in FIG. 5 as an EoE (Ether Over Ether) network. A network management function device (server) 10 has a LAG monitoring VID hash function by EoE-PING. In FIG. 5, in the switches 20-A to 20-D, if the LAG distribution rule is VLAN ID (VID), by sweeping the VID of the EoE PING request, multiple link aggregation connections can be used to create hierarchical connections. Sending EoE PNIG requests simultaneously, in parallel, or in parallel to multiple target terminals or multiple EoE edge switches connected to a network that includes multiple interconnected network devices. Thus, a section in which a silent failure may occur is logically identified by a combination of EoE PING arrival/non-arrival. automatically or semi-automatically sweep the VID and send an EoE PING to the representative EoE MAC address of the device having a port facing the server in the section assumed to be the silent failure occurrence section; Automatically or semi-automatically, as a port that receives the frame of the EoE PING reply that is the response and lacks a Port ID that is not included in the EoE PING reply, the port that occurs in the silent failure of each LAG member port identify. When the switches 20-A to 20-D are set to sort the LAG ports by MAC address, the EoE MAC address on the server side may be swept and transmitted.

In EoE (Ether over Ether), as schematically shown in FIG. 9, a unique EoEMAC address may be defined for each subscriber port of edge switches (edge routers) 5-1 and 5-3. Edge switches 5-1 and 5-3 are PE routers (Provider Edge routers) by using LBM of Ether-OAM instead of EoE ping and having the device side return LBR, which is a response packet, including Port ID. There may be. In FIG. 9, the network 1 may be MPLS (Multi-Protocol Label Switching), VPLS (Virtual Private LAN Service), or the like.

The edge switch 5-1 encapsulates the Ethernet frame 501 received from the source node 4 with an EoE header. The EoE header is
- Destination EoE MAC address (EoE DA (Destination Address): DA2): the EoE MAC address of the device of the edge switch 5-3,
- Source EoE MAC address (EOE SA (Source Address): SA2): EoEMAC address of the edge switch 5-1 device: a,
• Tag (Tag2): contains VID. Edge switch 5-1 forwards encapsulated Ethernet frame 502 to edge switch 5-3 via core switch(es) 5-2.

The edge switch 5-3 removes (decapsulates) the EoE header added by the edge switch 5-1 from the Ethernet frame 502 and transmits the original Ethernet frame 503 to the destination node 6. FIG. As a result, the number of MAC addresses that must be learned by the core switch 5-2 can be dramatically reduced.

The relationship between pre-allocated ports and VIDs is managed in the database of the network management function device (server) 10, and the absence of an EoE PING reply is determined not only by the sequence number but also by the received EoE PING reply. , and indirectly specify the port ID corresponding to the VID with no response. Alternatively, the Port ID included in the EoE PING Reply may be absent in the responded EoE PING Reply to automatically or semi-automatically identify the port in which the silent failure has occurred.

In order to distribute tagged PING requests to all lines grouped into LAGs, the network management function device (server) 10 has VIDs with different values that are greater in number than the number of LAG member ports, A PING frame with a tag is generated and transmitted in which a VID number whose last digit is a serial number is set in each tag. As a result, as schematically shown in FIG. 10, multiple EoE PING requests (frames) will arrive at the same port of the switch, for example. In FIG. 10, arrows schematically indicate that a plurality of EoE PING requests have arrived at each of the input ports 1-4 of the switch 20-D.

According to this embodiment, the network management function device (server) 10 compares the VIDs of a plurality of duplicated EoE PING requests for EoE PING requests in which the port IDs of the EoE PING replies are duplicated, and , to continue resending EoE PING requests with at least one VID. By doing so, it is possible to reduce the amount of traffic in the network 1 and reduce the impact on network resources.

If a LAG member port links down, the EoE PING request is hashed to avoid the linked down port. Therefore, all responses to EoE PING requests are returned to the network management device 10 .

Therefore, only silent failures that are not notified by SNMP Trap can be determined from EoE PING requests that do not return EoE PING replies.

Specifically, identification of an EoE PING request with no response can be regarded as an EoE PING request sent to a silent failed port if the sequence number of the EoE PING request packet is not present in the EoE PING reply. . Alternatively, the VID of the received EoE PING reply may be extracted, not only by the sequence number, and indirectly the non-response VID may identify the port ID corresponding to the non-response VID. Alternatively, the Port ID included in the EoE PING Reply may be absent in the EoE PING Reply received, thereby automatically or semi-automatically identifying the port in which the silent failure has occurred.

FIG. 11 is a diagram illustrating fields of a frame header used by the switch for sorting LAG member ports. The network management device 10 simultaneously, parallelly, or in parallel transmits a monitor frame obtained by sweeping the values of the information elements in the header column within a predetermined range to a plurality of target terminals. FIG. 11 shows formats of untagged frames 101A, 802.1Q C-TAG frames, 802.1ad S-TAG frames, 802.1ah I-TAG frames, and 802.1ah B-TAG frames.

When the tagged monitor frame is an EoE-TAG frame, the network management device 10 may sweep EIDs or EVIDs corresponding to VLAN extension information.

When the tagged monitor frame is an S-TAG frame, the network management device 10 may sweep the SVID, sweep the CTAG in the second stage, or the like.

If the tagged supervisory frame is a C-TAG frame, the network management device 10 may sweep VIDs within the CTAG.

When tagged supervisory frames are PBBs (Provider Backbone Bridges), the network management device 10 may sweep B-TAGs, I-SIDs, and the like.

FIG. 12 is a diagram for explaining the format of the header of EoE-tagged PING (EoE-encapsulated ICMP) transmitted and received by the network management device 10 of FIG. The network management device 10 may sweep (variably set) not only the EoE source MAC address (EoE SA) but also the VID and IP packet source IP address.

FIG. 13 is a diagram for explaining the format of the EoE PING (ECP) header transmitted by the network management device 10 of FIG. The network management device 10 may sweep (variably set) not only the EoE source MAC address (EoE SA) but also the VID.

FIG. 14 is a diagram for explaining the format of the Ether-OAM LBM function header transmitted by the network management device 10 of FIG. The network management device 10 may sweep (variably set) not only the source MAC address (SA) but also the VID.

FIG. 15 is a diagram for explaining the format of the tagged PING (tagged ICMP header) transmitted by the network management device 10 in FIG. , the source IP address of the IP packet may be swept (variably set).

In the above embodiment, the switches (20-A to 20-D) may have a configuration in which one EoE MAC address is assigned to each port.

The Ether-OAM LBM function in a configuration in which a MAC address is assigned to each switch port will be described below as an example.

The network management device (function) (for example, 10 in FIG. 16) is preferably implemented in a computer system such as a server, and the MAC address of the network interface of its own device is set in the source MAC (Media Access Control) address field of the frame header. A monitor frame is created in which at least the number of member ports of the LAG or more is set as a virtual source MAC address among predetermined MAC addresses prepared in advance, and a plurality of ports that are member ports of the link aggregation group are created. The frame is addressed to at least one of the plurality of ports of a communication device (switch, etc.) having the frame, and is transmitted to the network to which the communication device is connected via the network interface (for example, 11 in FIG. 17). In one embodiment of the present invention, a network management device (function) (for example, 10 in FIG. 17) is preferably implemented in a computer system such as a server, and is a communication device having a plurality of ports aggregated into a link aggregation group ( For example, the MAC (Media Access Control) address of one of the plurality of ports of the switches 20, 30, etc. in FIG. 5 is set in the destination address column, and the network interface (for example, Means for creating a frame in which at least the number of member ports of the LAG or more is set as a virtual source MAC address among predetermined MAC addresses different from the MAC address of 11) in FIG. 17 (for example, 13) means for transmitting the frame addressed to the port to the network to which the communication device is connected via the network interface (for example, 14 in FIG. 17); A configuration may be provided with means (for example, 15 in FIG. 17) for confirming reception of a response frame to be addressed.

In one embodiment of the present invention, the network management device (for example, 10 in FIG. 17) sets the destination address field to the MAC address of the port and sets the source address field to another virtual transmission when the response frame for the frame is not received. The configuration may include means for controlling to transmit a frame with the original MAC address. When a response frame (e.g., LBR) is received for the frame (e.g., LBM), the source address field of the frame is fixed to the virtual source MAC address, and the destination address field is set to the MAC address of the port. A configuration may be adopted in which the frame is transmitted and the port of the communication device is monitored.

In one embodiment of the present invention, the network management device (for example, 10 in FIG. 19) sets the destination address column to the MAC address of the port and the source address column to the virtual When a frame (for example, LBM) in which the value of the source MAC address is changed is transmitted, and a response (for example, LBR) is received for the frame, the virtual source in the source address column of the frame (for example, LBM) The configuration may include means (16 in FIG. 19A) for storing the MAC address in the management table (17 in FIG. 19A) in association with the port number and the MAC address.

In one embodiment of the present invention, the network management device uses the MAC address of each port stored as having a response in the management table (17 in FIG. 19A) as a destination address, may be configured to monitor a plurality of ports of the link aggregation group of the communication device by transmitting a frame (for example, LBM) in which the virtual source MAC address stored in is set in the source address column. In addition, transmission may be stopped for those stored as having a response, or for virtual source MAC addresses for which it has been confirmed that duplicate arrivals have been made to the same port (same MAC address).

In another aspect of the present invention, the network management device (for example, 10 in FIG. 22) is configured with means (121 in FIG. 22) for detecting the port where the frame (for example, LBM) has not arrived and no response has been received. good too. The network management device (10 in FIG. 22) leaves the MAC address of the port without changing the destination address column for the port that has lost the response, and changes the value of the virtual source MAC address in the source address column. frame (for example, LBM) is transmitted. As a result, when a response frame (for example, LBR) is received from the same port as before the frame (for example, LBM) is unreachable, the port is determined to be normal, and the virtual source MAC address is changed. A configuration may be provided with means (122 in FIG. 22) for determining that the port is abnormal when the response frame (LBR) is not received even if the frame (LBM) is transmitted.

In another aspect of the present invention, a network management device (eg, 10 in FIG. 24) acquires configuration information of the network based on transmission of the frame (eg, LBM) and reception of a response frame (eg, LBR). (123 in FIG. 24) may be provided.

According to the embodiment of the present invention, for a plurality of link-aggregated physical ports, for example, when confirming communication at layer 2 of the OSI reference model, it is possible to confirm communication without modifying existing communication devices. and Therefore, according to the embodiment of the present invention, it is possible to suppress an increase in cost, labor, and man-hours.

<Third Embodiment>
16A and 16B are diagrams illustrating the principle of operation of the third exemplary embodiment of the present invention. Referring to FIG. 16A, the network system 1 includes a server 10, and a switch (SW1) 20 and a switch (SW2) 30, which are communication devices (network devices) that relay and transmit layer 2 frames, for example. . The server 10 is configured, for example, as an Ethernet OAM server and functions as a network management device.

Although FIG. 16 exemplifies a configuration in which the network includes two switches for the sake of simplicity, the configuration may of course include a plurality of switches. As an example, the switch (SW1) 20 and switch (SW2) 30 in FIG. A configuration including another switch or the like that is not connected may be used.

The server 10 is configured to transmit a generated LBM (LoopBack Message) frame via a network interface (NIF) 11 and receive an LBR (LoopBack Reply) frame via the network interface (NIF) 11 .

The switch (SW1) 20 receives the LBM frame from the port P1 and aggregates the links as a link aggregation group LAG1 based on the hash value calculated based on the MAC address (destination MAC address, source MAC address) of the header of the LBM frame. port P2 or P3 (LAG member port).

The switch (SW2) 30 has ports P1 and P2 link-aggregated as LAG1 and another port P3. For example, if the switch (SW2) 30 is an edge switch, the port P1 or P2 of the switch (SW2) 30 may be connected to the port P3, and the port P3 may be connected to an end user (not shown) via a line (not shown). good. In FIG. 16, the number of LAG lines is two and the number of switch ports is three for ease of explanation, but the present invention is not limited to such a configuration. Of course.

In one embodiment of the present invention, as an example, in the switch (SW2) 30, one end (end point) of the port P1 among the LAG member ports P1 and P2 of the link aggregation group LAG1, the network interface (NIF) 11 of the server 10 is the other end (end point), a method of monitoring each LAG member port will be described.

In the server 10, unlike the unique MAC address of the network interface (NIF) 11 of the server 10, the network interface (NIF) 11 and other network devices are assigned to the vendor that provides the network device, and other network devices provided by the vendor. An LBM frame is created in which a MAC address that does not conflict with the MAC address of is set in the source MAC address field as a virtual source MAC address.

The server 10 sets the port MAC address of the port P1, which is the LAG member port of the LAG1 in the switch (SW2) 30, in the destination MAC address column of the LBM frame header, and transmits it from the network interface 11. FIG.

As shown in FIG. 16A, the switch (SW1) 20 receives the LBM frame from the server 10 from the port P1, and uses the MAC address (destination, source MAC address) of the LBM frame to It is assumed that it is distributed to port P3 (LAG port member) according to the hash calculation method.

The switch (SW1) 20 transmits the LBM frame from P2, which is _one of the LAG member ports, to the port P1 of the switch (SW2) 30 via the line 401. FIG.

When the port P2 of the switch (SW2) 30 receives the LBM frame from the port P3 of the switch (SW1) ₂₀ via the line 402, for example, the destination MAC address of the LBM frame header and the unique MAC address of the port P2 are Check if they match. In this case, since the destination MAC address of the LBM frame is different from the MAC address of port P2, port P2 does not receive the LBM frame and discards it. Therefore, port P2 of switch (SW2) 30 does not send back an LBR frame as a response.

In this case, the server 10 does not receive a response frame even after a predetermined period of time (for example, at least 5 seconds) has passed since the time when the LBM frame was transmitted, resulting in a timeout error and "loss of connectivity".

Therefore, the server 10 sets the source MAC address field of the header to a MAC address variable from the value of the virtual source MAC address set in the previously transmitted LBR frame, and sets the destination MAC address field to the previously transmitted LBR frame. As with the frame, an LBR frame with the MAC address of the port P2 of the switch (SW2) 30 is generated and transmitted via the network interface 11 .

As shown in FIG. 16B, the switch (SW1) 20 uses the MAC address (destination, source MAC address) of the LBM frame received from the port P1 to calculate the port P2 (LAG port members). That is, in the switch (SW1) 20, the virtual source MAC address of the LBM frame received from the port P1 this time is different from the virtual source MAC address of the previous LBM frame. Assume that the value (H1) is different from the hash value (H2). When the switch (SW1) 20 does not know the connection destination of the port P2, flooding is performed. Here, in the switch (SW1) 20, it is assumed that the MAC address of the connection destination of the port P2 is stored in the MAC address table of the switch (SW1) 20. FIG. The switch (SW1) 20 distributes the LBM frame received this time to the port P2 and transmits it to the port P1 of the switch (SW2) 30 via the line ₄₀₁ .

The port P1 of the switch (SW2) 30 terminates an LBM frame, which is an OAM frame, as a MEP (DownMEP). That is, the port P1 of the switch (SW2) 30 receives the LBM frame from the port P2 of the switch (SW1) ₂₀ via the line 401. FIG. Since the MAC address of the port P1 of the switch (SW2) 30 matches the destination MAC address of the LBM frame, the port P1 sets the destination MAC address column to the virtual MAC address of the LBM frame, and sets the source MAC address column to An LBR frame is generated in which the MAC address of port P1 is set and the operation code is set to LBR, and is transmitted to server 10 via line 40 ₁ of LAG and port P2 and port P1 of switch (SW1) 20 .

During normal operation, the network interface 11 of the server 10 and its device driver store the destination MAC address in the header of the frame arriving at the receiver and the unique MAC address of the network interface 11 (EEPROM (Electrically Erasable Programmable Read-Only Memory)). written) matches, it is determined that the frame is addressed to the device itself, and if they do not match, the frame is discarded. A mode in which all frames arriving at the receiver are received may be set.

The server 10 analyzes the received frame, the destination MAC address column matches the virtual source MAC address set in the LBM frame, and the source MAC address column indicates the destination MAC address (of the switch (SW2) 30) of the LBM frame. MAC address of port P1), the type is OAM Ether-type (0x8902), and the operation code is LBR(3). When the received frame is an LBR frame that matches the above conditions, the server 10 monitors each LAG member port by an LBM frame in which the source MAC address is the virtual source MAC address and the destination MAC address is the MAC address of P2. You can do it. As an endpoint, the port P2 of the switch (SW2) 30, which is a member port of LAG1, may be similarly monitored for each LAG member port.

Furthermore, as endpoints, the connectivity confirmation test may be performed using the ports P2 and P3 of the switch (SW1) 20, which is a port member of the LAG. In this case, a communication test is performed with the network interface (NIF) 11 of the server 10 and the port P2 or P3 of the switch (SW1) 20 as endpoints.

FIG. 17 is a diagram illustrating the configuration of the server 10 functioning as a network management device such as an Ethernet OAM server in the third embodiment described with reference to FIG. Referring to FIG. 17, the management module 18 includes a monitor control unit 12, a frame creation unit 13 having a virtual source MAC address setting unit 131, a frame transmission unit 14, and a response frame reception determination unit 15. there is

The transmitter 111 and receiver 112 of the network interface (NIF, also called NIC (Network Interface Card)) 11 such as an Ethernet card use, for example, a UTP (Unshielded Twisted Pair) cable (for example, Category 3 (10BASE-T Ethernet standard) as a transmission medium. 10 Mbps (Megabit per second), 100 Mbps in 100BASE-T2/T4 standards) to Category 6 (1 Gbps (Giga bit per second) in 1000BASE-T and 1000BASE-TX standards), STP (Shielded Twisted Pair) cable, A wired connection may be made using an optical fiber or a coaxial cable (100base). Network interface 11 may constitute a full duplex point to point Ethernet link.

Ethernet OAM frames are received and processed, for example, at layer 2 (MAC (Media Access Control) sublayer) that performs the function of connecting logical channels (control channels, traffic channels) and transmission channels. The management module 18 that performs processing related to maintenance and management of Ethernet OAM may be implemented as an L2 (data link layer) processing module (sublayer) in the device driver of the network interface 11 or the like. Note that the management module 18 may implement part of its functions (display function, etc.) as an application for managing the device driver of the network interface 11 .

The frame creation unit 13 creates an LBM frame in which the destination MAC address, source MAC address, type, opcode, MEG level, etc. are set in the header. It is set by the monitor control unit 12 . For the destination MAC address, for example, the MAC address (port MAC address) of the LAG member port set by the supervisory control unit 12 is set.

The virtual source MAC address setting unit 131, for example, among the lower 3 octets of the MAC address (6 octets) assigned to the vendor (upper 3 octets are the OUI (Organizationally Unique Identifier)), the MAC address of another network device collides. One of the prepared MAC addresses is set in the source MAC address field of the LBM frame as a virtual source MAC address from among the MAC addresses that are not used (also different from the MAC address of the NIF 11).

In setting the virtual source MAC address, a MAC address prepared in advance from MAC addresses that do not conflict with MAC addresses of other network devices (different from the MAC address of the network interface 11) among the MAC addresses assigned by the vendor. is displayed on a display device (not shown) of the server 10 (or a maintenance terminal or the like connected to the server 10) (this processing is performed by an application different from Layer 2), and the system administrator or the like can confirm the displayed MAC address. It is also possible to select one MAC address from among them and notify the virtual source MAC address setting unit 131 of the selected MAC address as the virtual source MAC address.

Alternatively, the virtual source MAC address setting unit 131 selects a MAC address that does not conflict with the MAC addresses of other network devices among the lower 3 octets of the MAC address assigned to the vendor (also different from the MAC address of the network interface 11). , MAC addresses prepared in advance may be held in a storage unit, and one of them may be automatically selected (for example, in numerical order).

The frame transmitting unit 14 transmits, via the transmitter 111, an LBM frame in which the MAC address of one of the LAG member ports is set as the destination MAC address and the virtual source MAC address is set in the source MAC address field. The frame transmission unit 14 may store transmission time information (time stamp) for the transmitted LBM frame in a storage unit (not shown) in association with a transmission ID. The frame transmission unit 14 associates the transmission ID with the destination MAC address of the LBM frame, the virtual transmission source MAC address, and the transmission time of the LBM frame, and manages them in a storage unit (table) not shown. may This contributes to efficiency and simplification of confirmation processing of whether or not the received frame is a normal LBR frame in the response frame reception determination unit 15, which will be described later.

The monitor control unit 12 displays a list of switches connected to the Ethernet, a list of LAG member ports and MAC addresses, a list of switches to be connected to the Ethernet, a list of MAC addresses such as the NIF 11, and a MAC address different from the MAC address of the NIF 11 assigned to a vendor such as the NIF 11, on a display device (not shown) of the server 10. A list of prepared MAC addresses etc. is displayed on the screen, and the network system administrator (operator) selects the LAG member port to be monitored and the virtual source MAC address from the display device, and the selected LAG member port and An LBM frame may be created by passing the MAC address and the virtual source MAC address to the frame creation unit 13 .

The network interface (NIF) 11 and its device driver pass the frame received by the receiver 112 to the response frame reception determination unit 15 when set to the Ethernet OAM mode (loopback mode).

The network interface (NIF) 11 and its device driver perform the following control, for example.

For example, when a frame is received by the network interface (NIF) 11 in a mode other than the monitor mode (normal mode) using an OAM frame, the destination MAC address of the header is the unique MAC address of the network interface (NIF) 11 (or broadcast address), and if the MAC address does not match, discard the frame.

In the monitoring mode using OAM frames, the network interface (NIF) 11 and its device driver determine the destination MAC address of the received frame and the MAC address of the network interface (NIF) 11 based on the mode setting of the network interface (NIF) 11 and the like. match, all the frames received by the receiver 112 may be passed to the response frame reception determination unit 15 without comparison.

In the loopback mode by the OAM frame, the supervisory control unit 12 sets the network interface (NIF) 11 and its device driver to a mode corresponding to a so-called promiscuous mode, and responds all received frames. It may be passed to the frame reception determination unit 15 .

In this embodiment, when a response frame (LBR frame) to an LBM frame is received, the destination MAC address of the LBR frame is set to a virtual source MAC address different from the unique MAC address of the network interface (NIF) 11. Although it does not match the MAC address of the network interface (NIF) 11, it is passed to the response frame reception determination unit 15 without being discarded, and the response frame reception determination unit 15 analyzes the content of the frame header.

That is, the response frame reception determination unit 15, for example,
- The destination MAC address of the received frame is the virtual source MAC address set as the source of the transmitted LBM frame,
- The source MAC address is the MAC address of the LAG member port set as the destination of the transmitted LBM frame,
- OAM Ether-type (2 octets) is "0x8902"
・Opcode is LBR (=4),
- The received frame is an LBR frame, and is received before a predetermined time has elapsed from the transmission time of the LBM frame (held in the storage unit).
If so, it is determined that the LBR frame has been received normally. The response frame reception determining unit 15 may further determine the MEG level of the OAM frame.

The response frame reception determination unit 15 refers to a storage unit (table) that stores and manages the destination MAC address of the LBM frame, the virtual transmission source MAC address, and the transmission time of the LBM frame by the frame transmission unit 14 described above. It may be configured to determine whether or not a predetermined time has elapsed from the difference between the LBR frame reception time and the LBM frame transmission time.

The response frame reception determining unit 15 determines that a frame that does not meet the above requirements is not an LBR frame or is not normally received as an LBR frame, and discards the frame.

In addition, in the monitoring mode using the OAM frame, the network interface (NIF) 11 and its device driver compare the destination MAC address field of the frame header with the virtual source MAC address, select only the matching received frame, and respond. A configuration may be adopted in which all received frames are passed to the frame reception determination unit 15 and the destination MAC address field is other than the virtual source MAC address and discarded. In this case, the response frame reception determining unit 15 omits the process of determining whether or not the destination MAC address of the received frame matches the virtual source MAC address set as the source of the transmitted LBM frame. Moreover, the processing load on the response frame reception determination unit 15 is reduced compared to the case where all received frames are supplied to the response frame reception determination unit 15 .

After the LBM frame is transmitted, the monitor control unit 12 disconnects the connection (“loss of connectivity”) if the detection of the LBR frame is not notified from the response frame reception determination unit 15 within a predetermined time. ). That is, the supervisory control unit 12 determines that the LBM frame has not reached the LAG member port set as the destination of the LBM frame by distributing the LAG port based on the hash value calculated based on the MAC address. Then, it instructs the virtual source MAC address setting unit 131 to select and set another MAC address.

For example, as shown in FIG. 16, when the LAG consists of two lines and the number of hash value elements is two, the hash value based on the MAC address of the frame by the switch (SW1) 20 is H1 or H1 depending on whether the MAC address is even or odd. becomes H2.

In the frame creation unit 13, via the virtual source MAC address setting unit 131, from among the MAC addresses assigned to the vendor or the like of the network interface 11 and not colliding with other devices, the previous source MAC A MAC address different even or odd from the MAC address set as an address (for example, a MAC address that is continuous with the MAC address set as the source MAC address of the previously transmitted LBR frame (but does not collide with other devices) is assigned. ) is set and transmitted from the transmitter 111 .

When the response frame reception determination unit 15 detects the reception of the LBR frame, the response frame reception determination unit 15 notifies the monitor control unit 12 of the fact.

The monitor control unit 12 instructs the virtual source MAC address setting unit 131 to fix the virtual source MAC address to the previously set value, and the frame creation unit 13 sets the fixed virtual source MAC address as the source. Then, under the control of the supervisory control unit 12, the communication of the LAG member port, which is the end point, is confirmed. When the response frame reception determining unit 15 does not detect an LBR frame within a predetermined period of time for a transmitted LBM frame, the monitoring control unit 12 determines that the link is down. This information may be output to a higher layer processing unit, a communication information log (failure log) managed by the server 10, or a display device (not shown) of the server 10 or the like.

FIG. 18 is a flow chart describing the operation of the third embodiment of the invention. The virtual source MAC address setting unit 131 determines one virtual source MAC address and assigns it to the port MAC address of the monitored LAG member port (LBM peer MEP) when normal (when the link is not down). An LBM frame is created and transmitted via the network interface 11 (S11).

Based on the detection result of the response frame reception determination unit 15, the monitor control unit 12 checks whether the LBR frame has been received normally (S12). 131 changes the virtual source MAC address (S13). Then, an LBM frame addressed to the port MAC address of the monitored LAG member port (LBM peer MEP) is created and transmitted via the network interface 11 (S11).

As a result of the determination in step S12, when the LBR frame is normally received (Yes branch of S12), the virtual source MAC address for the port MAC address of the LAG port member is fixed (S14).

The monitoring control unit 12 starts monitoring by transmitting an LBM frame with a combination of the MAC address of the LAG member port and the fixed virtual source MAC address in the destination and source MAC address fields (S15).

In the execution of monitoring, if the response frame reception determination unit 15 detects an LBR frame within a predetermined period of time for the LBM frame transmitted by the server 10 (Yes branch of S16), the monitoring control unit 12 determines that the operation is normal. (S17). The supervisory control unit 12 further performs a loopback test (transmitting an LBM frame with the MAC address of the LAG member port and the fixed virtual source MAC address in the destination and source MAC address fields and receiving the LBR frame as a response ).

On the other hand, when the LBR frame is not normally received (No branch of S16), the monitor control unit 12 determines that the link connected to the port is down (S18).

Note that the processing described with reference to FIG. 18 is effective in the case of two LAGs. If there are three or more LAGs, the hash algorithm is different from that for two, and depending on the hash algorithm, even normal LBM frames may not reach the LAG member ports of the endpoints.

<Fourth Embodiment>
In the exemplary fourth embodiment of the present invention, a plurality of virtual source MAC addresses are prepared. Alternatively, a plurality of virtual source MAC addresses within a predetermined address range are reserved. In the fourth embodiment, while varying the virtual source MAC address, or by continuously sweeping the value of the virtual source MAC address, by transmitting the LBM frame to the monitored LAG member port , searches for virtual source MAC addresses arriving at the monitored LAG member ports. Virtual source MAC address setting unit 131 preferably stores a plurality of virtual source MAC addresses in a storage unit (not shown) in advance.

For example, when the maximum number of LAG member ports on the communication path is N (N≧2), at least N or more virtual source MAC addresses are secured. This is because a certain virtual source MAC address and another virtual source MAC address may have the same hash value and the same distribution destination port. Also, when the virtual source MAC addresses are discontinuous, the transmission MAC addresses with the same hash value may be selected, or even if the hash values are different, they may be distributed to the same port. For example, as described above, the number of LAGs is 4, the number of hash value elements is 8 (H1 to H8), and hash values H1 and H5, H2 and H6, H3 and H7, H4 and H8 are connected to ports P1 to P4, respectively. When distributed, even if hash values H1 and H5 for two different source MAC addresses are obtained, they are distributed to the same port P1. For example, if there are four consecutive virtual source MAC addresses and the LBM hash value calculation results are H1 or H5, H2 or H6, H3 or H7, H4 or H8, then four virtual Four source MAC addresses may be selected. In this case, since four hash values are assigned to different ports, they are assigned to four different ports. That is, as a method of selecting a virtual source MAC address, a method of securing consecutively numbered virtual MAC addresses for convenience in management may be used. In addition, as a method according to the above, a method of securing at least one virtual source MAC address each having an even number and an odd number in the first digit at the same time may be used.

When the response frame is normally received, the combination of the port number of the monitored LAG port member, the virtual source MAC address, and the destination MAC address is stored. By transmitting the LBM frame of this combination, the LAG member port is monitored (communication confirmation).

FIG. 19A is a diagram illustrating a configuration example of the server 10 according to the fourth embodiment. In addition to the configuration of FIG. 17 , the server 10 includes a port/address correspondence generation unit 16 and a port/address management table 17 . The monitoring control unit 12A also includes a state change detection unit 121 . FIG. 19B is a diagram schematically illustrating the port/address management table 17 managed by the port/address correspondence generation unit 16 .

When the response frame reception determination unit 15 detects the LBR frame from the destination endpoint to which the LBM frame was transmitted, the port/address correspondence generation unit 16 generates the port number of the monitored LAG member port, the virtual source MAC address, and the destination MAC. Address correspondence is registered in the port/address management table 17 .

Automatically changing the virtual source MAC address for the same destination MAC address and transmitting the LBM frame,
the virtual source MAC address from which the response frame was received;
a virtual source MAC address from which no response frame is received, or
a combination of both virtual source MAC address information and destination MAC address;
may be stored. After that, the LBM frame is transmitted to the destination MAC address of the specific port, and the state change is detected. Since LBM frames do not reach a specific port when the hash rule (distribution rule) is changed due to LAG degeneracy in order to send to the destination MAC address of a specific port, detection of silent failures of LAG member ports. becomes possible. In addition, in the above-mentioned PING, even if the LAG is degraded due to link down, it is hashed and the IP address of the destination is reached. Therefore, if a silent failure of the LAG member port occurs after the LAG degeneration, Silent fault detection is not possible.

FIG. 20 is a diagram explaining the operation of the fourth embodiment. When the maximum number of LAG member ports on the communication path is N (N>2), the port MAC address of port P1 of the switch (SW2) 30 is set as the destination address, and different virtual source MAC addresses are transmitted. The server 10 sequentially transmits the LBM frames set in the original MAC address column.

When the server 10 receives an LBR frame corresponding to the transmitted LBM frame, the port/address correspondence generation unit 16 in FIG. Set in the address management table 17 . By sequentially performing this procedure from the ports P2 to PN of the switch (SW2) 30, the port address management table 17 as schematically illustrated in FIG. 19B is created. Note that when the LBR frame corresponding to the transmitted LBM frame is not received, the port/address correspondence generation unit 16 does not set the virtual source MAC address in the corresponding port column of the port/address management table 17, and the response is It is also possible to set a specific code to the effect that it will not be received.

Based on the setting information of the port/address management table 17, the monitor/control unit 12A confirms communication of some or all of the ports P1 to PN of the LAG2. Then, the state change detection unit 121 checks whether there is a monitor frame that is not linked down but does not receive a normal response (Reply). That is, it monitors whether there is a port for which an LBR frame is not received within a predetermined time after transmitting an LBM frame.

FIG. 21 is a flow chart explaining the operation of the fourth embodiment. During normal operation of the network, etc., the virtual source MAC address setting unit 131 stores a plurality of virtual source MAC addresses. The frame creating unit 13 creates an LBM frame in which the destination address column is set to a plurality of virtual source MAC addresses. Alternatively, the virtual transmission source MAC address is secured within a predetermined address range, and the virtual transmission source MAC address is sequentially changed within the range (continuously changed within the range), or the LBM frame is transmitted. You may do so. Although not particularly limited, in the example of FIG. 21, if the LBR frame for the LBM frame is not normally received (No branch of S22), the port is excluded from the combination of the virtual source MAC address and destination address (S23). That is, the port is not registered in the port/address management table 17 .

Through steps S21 to S23, the information of the link ports that are not linked down among the LAG member ports from port P1 to port PN, which are endpoints, is registered in the port/address management table 17 (S24).

Based on the information set in the port/address management table 17, the monitoring control unit 12A
A plurality of LAG member ports (for example, port P1 to port PN) are monitored by a loopback test (transmitting an LBM frame and receiving an LBR frame as a response) (S25).

The state change detection unit 121 of the monitoring control unit 12A determines whether or not a loopback with no response (LBR frame) has occurred, although the link is not down (S26).

If there is a port with no response to the LBM frame (Yes branch of S26), and loopback with no response (LBR frame) is detected in any of the relevant ports, although the link is not down, a silent failure occurs. (S28).

In a network, unlike a failure such as a link down, a phenomenon such as performance degradation (generally difficult for administrators to identify when a failure occurs) is called a "silent failure". As a performance degradation, in a high-speed link, although the link is not disconnected, the line (link) is connected at a low speed, packets (frames) do not flow smoothly, and delays and packet losses (frame losses) occur. occur. For example, a delay occurs in the LBR frame with respect to the LBM frame from the server 10 to the port P1 of the switch (SW2) 30. The state change detection unit 121 may detect a silent failure by analyzing a delay in the arrival time of a response frame relative to a frame previously transmitted to the same port, a disturbance in the order of arrival, and the like.

There is a switch between the first and second nodes with opposing LAG ports as a failure without link down, and even if a link failure occurs between the first node and the switch, the second node does not detect it. . To address this problem, for example, LACP (Link Aggregation Control Protocol) dynamically and automatically reconfigures links as links go up and down through negotiation between nodes. Due to a failure of the LAG line (physical line), for example, the switch (SW1) 20 re-determines the line to be used for communication from among the available lines in the LAG, and resumes communication using that line. do.

With this processing, even if a specific line in the LAG becomes unusable, other available lines in the LAG can be used to continue communication. This is called LAG degeneracy. When the degeneration of LAG occurs, the communication flow that was using the unusable line will perform rehash processing after the line becomes unusable, and use another available line within the LAG. Communication stops until

If the LAG is degenerated and the hash destination port based on the MAC address is changed in the switch (SW1) 20 of FIG. . Since an OAM frame whose destination MAC address is the MAC address of the original monitored port does not reach the original monitored port, CC (Continuity Check) is disabled (NG) even if the link is up.

In this way, due to the degeneracy of the LAG, the port number of the allocation destination based on the MAC address is changed, and as a result, the LBM frame (the destination is the MAC address, the source of which is the virtual source MAC address) may not reach the particular port, and as a result, the response frame LBR may not be received. The state change detection unit 121 also detects that there is no response from the port that has responded until then in the loopback.

<Fifth Embodiment>
FIG. 22 is a diagram illustrating the configuration of the server 10 according to the fifth exemplary embodiment of this invention. Referring to FIG. 22, the monitoring control unit 12B of the server 10 includes an abnormality determination unit 122 in addition to the configuration described with reference to FIG.

When LBM frames are sent from the server with a fixed virtual source MAC address for the port MAC of the LAG member port, in the case of three or more LAGs, if degeneration occurs, rehash calculation causes link down. LBM frames for unsupported port MACs may be unreachable.

In the fifth embodiment, the link-down port may not be identified due to non-arrival of the LBM frame. When the non-arrival of the LBR frame is detected, by transmitting with the virtual source MAC address, the link-up port MAC is re-detected, and the link-up port before and after the LBM frame becomes non-arrival. A link-down port is detected by the comparison.

When the status change detection unit 121 detects, for example, a silent failure port that does not involve a link down, the monitoring control unit 12B of the server 10 changes the value of the virtual source MAC address using the port as an endpoint, and changes the value of the LBM. Send frames sequentially.

If the response frame is normally received in response to the LBM frame, and if the LBR frame is normally received from the same port as before detection of the silent fault occurrence (original port before the state change), an abnormality determination is made. The unit 122 determines that the port is normal.

On the other hand, if the response frame is not received normally even if the LBM frame is sequentially transmitted with the virtual source MAC address value changed to the port, the abnormality determination unit 122 determines that the original port before the state change is abnormal. (not normal).

FIG. 23 is a flowchart explaining the operation of the fifth embodiment. Referring to FIG. 23, steps S29 to S32 are added following step S28 in the process of FIG. Description of steps S21 to S28 is omitted.

The monitoring control unit 12B of the server 10 detects the port detected as silent failure in step S28 (for example, the port to which the state change detection unit 121 had received a response until then but the state changed and the response stopped arriving). , similar to step S21, an LBM frame in which the destination is the MAC address of the port and a plurality of different virtual source MAC addresses are set in the source MAC address column (the value of the virtual source MAC address is variable (S29).

As a result of transmitting one or more LBM frames in which the value of the virtual source MAC address set in the source MAC address column is changed, the destination port of the LBM frame has the same MAC address as before the state change in step S28. When an LBR frame, which is a response frame, is received from a port (original port) (the MAC address of the transmission source is the same as before the state change), the abnormality determination unit 122 determines that the destination port of the LBM frame is normal. (S31).

On the other hand, even if a plurality of LBM frames with mutually different virtual source MAC address values in the source MAC address field are all transmitted, the LBR frame, which is a response frame, was not received for the destination port of the LBM frame. In this case, the abnormality determination unit 122 determines that the destination port of the LBM frame is abnormal (S32).

By performing the above control, according to the fifth embodiment, for example, link-down ports can be detected for a degenerated LAG.

<Sixth embodiment>
FIG. 24 is a diagram illustrating the configuration of a server according to the sixth exemplary embodiment of this invention. Referring to FIG. 24 , the monitor control unit 12C has a network configuration information acquisition unit 123 . It transmits an LBM frame, acquires the combination of the MAC address of the port on the route and the transmission/reception port information, and the connection information between the ports, and acquires the logical network configuration and the physical connection configuration of the network. The network configuration information acquisition unit 123 may display the logical network configuration and the physical connection configuration of the network on the display device (table format, graphic display of network topology, etc.).

FIG. 25 is a diagram for explaining the sixth embodiment. Although not particularly limited, in FIG. 25, the switch (SW1) 20 and the switch (SW3) 50 may be edge switches, and the switch (SW2) 30 may be, for example, a core switch (middle core switch) on the network connecting bases. good. A node connected to the edge switch (SW3) 50 may be a server 60 (for example, an IoT (Internet of Things) gateway) or the like.

An LBM frame is transmitted from the server 10 to the server 60 connected to the port PN of the edge switch (SW3) 50 from the server 10 . As a result, a combination of the MAC address of the port on the route, the transmission/reception port information, and the connection information between the ports (SW1, SW2, and SW3) are acquired. As a result, the server 10 can display the logical network configuration and the network physical connection configuration.

<Seventh Embodiment>
FIG. 26 is a diagram illustrating a configuration example of the server 10 of the seventh embodiment. Referring to FIG. 26, the server 10 includes a processor (CPU (Central Processing Unit), data processing device) 101, semiconductor memory (for example, RAM (Random Access Memory), ROM (Read Only Memory), or EEPROM (Electrically Erasable and Programmable ROM, etc.), HDD (Hard Disk Drive), CD (Compact Disc), DVD (Digital Versatile Disc), etc.; ing. A program that implements the functions of the server 10 described in the first to sixth embodiments is stored in the storage device 102, and the processor 101 reads and executes the program to perform each of the above-described implementations. You may make it implement|achieve the function of the server 10 of a form.

In each of the above-described embodiments, the LBM and its response, LBR, have been described as examples, but it is of course possible to apply other OAM frames, such as LTM and its response, LTR.

<Eighth embodiment>
In each of the above embodiments, the server 10 unicast-transmits the LBM frame in which the virtual source MAC address is set as the source address, but the LBM frame may be multicast. The configuration of the eighth embodiment differs from the above embodiment in that the frame creation unit 13 and the frame transmission unit 14 create and transmit a multicast LBR frame in which a virtual source MAC address is set in the source address field. ing. Otherwise, it is the same as the eighth embodiment described with reference to FIG. 19, for example.

The server 10 transmits a plurality of multicast LBM frames each having a virtual source MAC address variable within a predetermined address range set in the source address field of the header. The multicast destination address set in the destination MAC address in the header of a multicast LBM frame is class 1 (OAM frames addressed to all MEPs within a MEG), for example 01-80-C2-00 in hexadecimal notation. -00-3x. x represents MEG levels from 0-7. Multicast LBM frames are sent to peer MEPs in the same MEG as the MEP.

For the port MAC address of the LAG member port (peer MEP) of the monitored device (switch, etc.) that receives the multicast LBM frame, as the MEP of the same MEG, from the peer MEP set in the port MAC of the LAG member port, If the response frame reception determination unit 15 of the server 10 confirms the reception of the unicast LBR frame within the specified time (for example, 5 seconds), the MAC address of the LAG member port to be monitored is sent to the unicast LBR frame Acquired from the source MAC address column and recorded in the port/address management table 17 is the correspondence relationship between the virtual source MAC address set in the destination address column of the unicast LBR frame and the MAC address of the LAG member port. A loopback test is then performed to check the health of the LAG member ports. For example, by confirming the normality of the LAG member ports P ₁ to P _N of the switch SW2 in FIG. 20, the normality of transmission and reception of the LAG member ports P ₁ to P _N of the switch SW1, which is the counterpart device, can also be confirmed.

<Ninth Embodiment>
In each of the above-described embodiments, ports set as Down MEPs (MEPs set on the line side) as LAG member ports to be monitored (for example, P ₁ and P ₂ of the switch (SW2) 30 in FIG. 5, , P ₁ to P _N ) of the switch (SW2) 30 of . In the ninth embodiment, UpMEP (relay side) is set as a LAG member port to be monitored. In FIG. 4A described above, the port P1 of the switch SW1 and the port P4 of the switch SW3 are used as UpMEPs, and an LBM frame and an LBR frame are transferred in a section sandwiched between the two UpMEPs. The device configuration of the server 10 may be the same as that of the eighth embodiment described with reference to FIG.

FIG. 27 is a diagram for explaining the ninth embodiment. Referring to FIG. 27A, unique MAC addresses are assigned to the ports P _N to P _N+m of the switch SW2 (30), which is an UpMEP.

FIG. 27B schematically shows settings of DownMEP (inverted triangle), MIP (o), and UpMEP (triangle) at a certain domain level in FIG. 27A. The DownMEP of the server 10 corresponds to the network interface 11 of the server 10, and the UpMEP of the switch 30 corresponds to the ports P _N to P _N+m of the switch SW2 (30). The line between switches 20 and 30 is LAG2 in FIG. 27(A). The server 10 sets the virtual source MAC address in the transmission MAC address column and sets the destination address column to a multicast address (01-80-C2-00-00-3x: x is an MEG level of 0 to 7). , to the ports P _N to P _N+m of the switch SW2 configured to be UpMEP.

The server 10 transmits a plurality of multicast LBM frames in which the virtual source MAC address is varied by a predetermined range of addresses prepared in advance (32 different addresses).

For the port MAC address of the LAG member port (peer MEP) of the monitored device (switch, etc.) that receives the multicast LBM frame, as the MEP of the same MEG, from the peer MEP set in the port MAC of the LAG member port, If the response frame reception determination unit 15 of the server 10 confirms the reception of the unicast LBR frame within the specified time (for example, 5 seconds), the MAC address of the LAG member port to be monitored is sent to the unicast LBR frame The correspondence relationship between the virtual source MAC address acquired from the source MAC address column and set in the destination address column of the unicast LBR frame and the MAC address of the LAG member port is displayed in the port address management table 17 (see FIG. 19A). Check the health of the LAG member ports by logging to

<Tenth Embodiment>
FIG. 28 is a diagram for explaining the tenth embodiment. The frame transmission unit 14 of the server 10 varies the virtual source MAC address within a predetermined address range, and transmits the destination MAC address field of the multicast LBM frame or unicast LBM frame as the MAC address of the LAG member port (down MEP port). do.

In the server 10, when the response frame reception determination unit 15 confirms the reception of the LBR frame that is the response to the LBM frame, the port/address correspondence generation unit 16B generates the port MAC address of the LAG member port to be monitored and the virtual transmission source A MAC address, a combination of transmission/reception port information, and a port number are acquired.

The server 10 automatically executes a "portDiscovery" command using CLI (Command Line Interpreter) or the like for the port MAC address of the LAG member port to be monitored. get the number. As the syntax of the "portDiscovery" CLI command, for example,
show ethernet-oam port <portlist> discovery
etc.

The configuration (mode) and status of the local DTE (Data Terminal Equipment) and the configuration of the remote DTE, etc. are displayed.

For example, when receiving an LBR frame whose source MAC address is the MAC address of port P1 of switch SW2 in FIG.
show ethernet-oam port P1 discovery
is input, the configuration states of the local port P1 of the switch SW2 and the port P1 of the switch SW1, which is a remote port, are obtained.

The network map generation unit 124 of the server 10 comprehensively acquires the connection information between the ports of the counterpart devices in the network, thereby automatically generating a network map such as that illustrated in FIG. 29, for example. In FIG. 29, the connection state between the physical ports of the L2 switch is graphically displayed on the screen of the display device. FIG. 29 also exemplifies a pop-up screen in which connections between switches are enlarged.

<Eleventh Embodiment>
Next, an eleventh embodiment will be described. The configuration of the server 10 of the eleventh embodiment is the same as in FIG. FIG. 30 is a diagram for explaining the eleventh embodiment.

Ports P ₁ to P _N of the switch (SW1) 20 in FIG. 30 are UpMEPs, and as shown in FIG. It is transferred in the section where

The network interface (NIF) 11 of the server 10 and the ports P ₁ to P _N of the switch (SW1) 20 in FIG. 30 respectively correspond to the Down MEP of the server 10 and the Up MEP of the switch 20 in FIG. 31(A).

Ports P ₁ to P _N of the switch (SW2) 30 in FIG. 30 are DownMEPs, and as shown in FIG. It is transferred in the section where

The network interface (NIF) 11 of the server 10 and the ports P ₁ to P _N of the switch (SW2) 30 in FIG. 30 correspond to the DownMEP of the server 10 and the DownMEP of the switch 30 in FIG. 31B.

A VLAN tag (4 octets) is set in the header of a multicast or unicast LBM frame transmitted from the server 10 so that the frame reaches only the corresponding VLAN. That is, 12 bits of the latter two octets of the VLAN tag (4 octets) are the VLAN number, and the switch forwards the frame to the corresponding VLAN based on this VLAN number.

That is, in the case of FIG. 31A, the VLAN number of the VLAN tag of the multicast or unicast LBM frame is set to "1" (VLAN1).

In the case of FIG. 31B, the VLAN number of the VLAN tag of the multicast or unicast LBM frame is set to "2" (VLAN2). The domain level in FIG. 31A is 1, and the MA (Maintenance Association) divided by VLAN groups is group 1. The domain level in FIG. 31B is 2, and the MAs divided by the VLAN group are group 2. FIG. The lower domain level 1 is set inside domain level 2.

In the server 10, the virtual source MAC address set in the source MAC address field of the multicast or unicast LBM frame in VLAN: 1 in FIG. Receive LBR frames from ports P ₁ to P _N ) of switch 20 . Also, the virtual source MAC address set in the source MAC address column of the multicast or unicast LBM frame in VLAN: 2 in FIG. receive LBR frames from ports (P ₁ to P _N ) of . As a result, the network map generation unit 124 of the monitor control unit 12B of the server 10 can find the connection between the LAG ports of the switch 20 and the switch 30 .

For example, if an LBR frame in response to an LBM frame sent with _a variable virtual source MAC address addressed to the MAC address of port P1 of the switch (SW2) 30 is received, and the virtual source MAC address at that time is SA1. do.

Next, among the response LBR frames to the LBM frame transmitted with the virtual source MAC address changed to each MAC address of the ports P ₁ to P _N of the switch (SW1) 20, the destination MAC address is the virtual source MAC address. The SA1 response LBR frame is from the port of the opposite switch (SW1) 20 on the path from the server 10 to the port P1 of the switch (SW2) 30. FIG. Therefore, the network map generator 124 of the monitor controller 12B can know the port number of the switch (SW1) 20 connected to the port P1 of the switch (SW2) 30 .

That is, an LBR frame that is a response to an LBM frame transmitted by varying the virtual source MAC address for the DownMEP and an LBR frame that is a response to the LBM frame transmitted by varying the virtual source MAC address for the UpMEP facing the DownMEP. By receiving , it is possible to obtain the port MAC address and port number of the facing switch.

As described above, in the eleventh embodiment, the network map generation unit 124 of FIG. 28 uses a combination of the MAC address of the LAG member port to be monitored and the virtual source MAC address to determine whether an adjacent device such as a facing switch A network map is automatically created by judging interconnection information of LAGs that connect .

Note that the storage device 102 in FIG. 26 stores a program that implements the functions of the server 10 described in the sixth to eleventh embodiments, and the processor 101 in FIG. 26 reads and executes the program. By doing so, the functions of the server 10 of each embodiment described above may be realized.

According to the above embodiment, both the request frame to be transmitted to the target terminal and the response frame from the target terminal are comprehensively distributed to the LAG. Therefore, it is possible to acquire connection information between switches (between LAG ports) based on the presence or absence of a reply from the target terminal.

FIG. 32 shows the LAG ports in each switch of the response frame (response monitor frame) from the target terminal 3 to the monitor frame (monitor frame such as LBM or PING frame) transmitted from the network management device 10 in each of the above embodiments. It is a figure explaining distribution. In the embodiment, a supervisory frame is generated in which the transmission source MAC address of the frame header of the frame is set as predetermined identification information that is different for each target terminal and is at least equal to or greater than the number of LAG member ports of the LAG on the route. and transmit to multiple target terminals in parallel, in parallel, or at the same time. In a network that includes multiple network devices hierarchically connected using multiple link aggregation connections, on multiple routes to multiple target terminals beyond the hierarchically connected multiple network devices Regardless of whether or not all hash algorithms include mutually different devices, for comprehensive distribution to all link aggregation member ports, the link aggregation hash distribution is this virtual source MAC address and Take advantage of what is done based on the destination MAC address. For example, if the hash distribution setting of the link aggregation of the network equipment in the route is set to the address distribution setting, if the destination MAC address is fixed, only the virtual source MAC address is used, and the manufacturer's own hash Distribution is performed based on the distribution algorithm, but the VID of the VLAN tag in the frame header of the monitoring frame in which this virtual source MAC address is set is at least the maximum number of link aggregation member ports in the link aggregation on the route. By making it variable, it is possible to perform comprehensive distribution to LAG ports based on the hash value of VID without the need to intentionally obtain calculation algorithm information for distributing supervisory frames to specific designated ports. .

Below, each switch bi-directionally covers all LAG ports with a maximum of 4 link aggregation member ports on the route from SW1 to SW4 using the source MAC address and destination MAC address of the request monitor frame. An example of sorting according to gender will be described.

From the network management device 10, for the link aggregation member port number 4 on the route, a monitoring frame is sent to the target terminal 3 by sweeping the source MAC address of at least the maximum number of link aggregation member ports on the route or more. Send to the destination MAC address. At this time, for convenience, the monitor frame may be transmitted by changing the first digit of the source MAC address by four serial numbers. With this method, the switch 20-1 (SW1) manufactured by the manufacturer C uses the information of the source MAC address and the destination MAC address to convert the monitoring frame into a hash sorting algorithm unique to the manufacturer C, which is not normally disclosed by the manufacturer. By using the hash value calculated based on the LAG port (evenly to four LAG ports) to perform a comprehensive distribution, for all four ports, from the network management device to the target terminal Check the health of the circuit traffic in the direction.

Next, four monitor frames are input from the switch 20-2 manufactured by the manufacturer C to the switch 20-2 (SW2) manufactured by the manufacturer J, and the switch 20-2 converts the source MAC address and the destination MAC included in the monitor frames. Distributing addresses to LAG ports (equally to two LAG ports) with complete coverage using hash values calculated based on maker J's unique hash distribution algorithm, which is not normally disclosed by the maker. to do As a result, at least two supervisory frames are distributed to the same port as other supervisory frames, but the normality of the line traffic in the direction from the network management device to the target terminal is confirmed for all two ports.

In the switch 20-3 (SW3) manufactured by Maker F, the monitor frame is calculated from the source MAC address and destination MAC address information based on Maker J's unique hash distribution algorithm, which is not normally disclosed by the maker. Hash values are used to distribute to LAG ports (equally to 3 LAG ports). As a result, at least one supervisory frame is distributed to the same port as the other supervisory frames, but the normality of the line traffic from the network management device to the target terminal is confirmed for all three ports. .

The switch 20-4 (SW4) manufactured by Maker A transfers the monitoring frame to the port to which the destination MAC address of the monitoring frame (the MAC address of the target terminal 3) is connected.

The target terminal 3 returns four response monitor frames to the four monitor frames received from the switch 20-4 (SW4). The destination MAC address of the frame header of the response monitor frame is the virtual source MAC address of four different monitor frames, which are the source MAC addresses of the monitor frames, and the source MAC address is the MAC address of the target terminal 3. Sends a monitoring frame to the network management device.

The switch 20-4 (SW4) manufactured by manufacturer A uses four destination MAC addresses out of the source MAC address and destination MAC address information of the response monitor frame, and uses manufacturer A's own Distributing to the LAG ports (equally to three LAG ports) is performed using hash values calculated as mutually different values based on the hash distribution algorithm of . This ensures that at least one response supervisory frame is routed to the same port as the other response supervisory frames, but for all three ports normal traffic on the line in the opposite traffic direction to the supervisory frame is detected. Check gender.

The switch 20-3 (SW3) uses four destination MAC addresses out of the source MAC address and destination MAC address information for the response monitor frame received from the switch 20-4, which is usually undisclosed by the manufacturer. Distributing to the LAG port (equally to two LAG ports) is performed using hash values calculated as mutually different values based on the hash distribution algorithm unique to Maker F. This ensures that at least two response supervisory frames are routed to the same port as other response supervisory frames, but for all two ports normal traffic on the line in the opposite traffic direction to the supervisory frame is detected. Check gender.

The switch 20-2 (SW2) uses four destination MAC addresses out of the source MAC address and destination MAC address information for the response monitor frame received from the switch 20-3, which is usually undisclosed by the manufacturer. Distributing to the LAG ports (equally to four LAG ports) is performed using hash values calculated as mutually different values based on the hash distribution algorithm unique to Maker J. This confirms the normality of the traffic on the line in the traffic direction opposite to the supervisory frame for all four ports.

The switch 20-1 (SW1) transfers the response monitoring frame to the port to which the destination MAC address (the MAC address of the network management device 10) of the response monitoring frame received from the switch 20-2 is connected. It is received by the management device 10 .

It should be noted that the LAG line between the switches may transmit electrical signals or optical signals. In the case of optical signals, for example, as shown in FIG. 33(A), the upstream and downstream lines may be separate, or as shown in FIG. 33(B), the same line may be used for the upstream and downstream. Good (for example, 10GBASE-SR using multimode optical fiber, etc.). As shown in FIG. 33B, when the same optical communication line is used for uplink and downlink, the transmitter (TX) that outputs a specific wavelength and the optical signal are sorted according to the wavelength in the single-fiber bidirectional transmission model. It has a wavelength filter and a receiver (RX) that receives the output from the wavelength filter and converts it to an electrical signal. The upstream and downstream optical signals have different wavelengths. According to this embodiment, the supervisory frames are sent in both directions. For this reason, it has the feature that it is possible to monitor 100% of the outbound and return routes between the network management device 10 and the target terminal 3 by a simple method. In particular, on the way (route from the network management device 10 to the gate terminal 3), a monitor frame having a plurality of virtual source identification information (virtual source MAC address) is sent to each target terminal 3, and on the way back (from the target terminal 3 In the path to the network management device 10), the transmission source identification information and the destination identification information are automatically exchanged and the monitoring frame (response monitoring frame) is returned, thereby easily realizing bi-directional communication monitoring. and In this embodiment, one network management device generates a plurality of virtual source identification information (virtual source MAC address information) and sets the plurality of virtual source identification information in the frame header. This is because the frame is sent to the target terminal 3 .

<Twelfth Embodiment>
FIG. 34 is a diagram illustrating a configuration example of the network management device 10 according to still another embodiment of the present invention. Referring to FIG. 34, the network management device 10 has a storage unit 19 that stores failure determination conditions, and the monitoring control unit 12D has a failure determination unit 125. FIG. In addition, the frame creation unit 13 generates a plurality of virtual source MAC addresses whose values are varied within a predetermined range, sets them in the source MAC address fields of the headers of the plurality of monitor frames, and, if necessary, A virtual source MAC address/VID setting unit 132 generates a VID (VLAN ID) whose value is varied within a predetermined range and sets it in the VLAN tag field of the header of the monitoring frame (PING frame). . Note that the failure judgment unit 125 of the network management device 10 of the embodiment of FIG. 34 and the storage unit 19 for storing failure judgment conditions are added to the network management device 10 of the tenth embodiment of FIG. A configuration in which the source MAC address setting unit 131 is replaced with the virtual source MAC address/VID setting unit 132 may be used.

Similar to the failure section determination condition shown in FIG. 6A, the failure determination condition of the storage unit 19 is, for each section between switches (communication devices) in the network, correspondence between the section and one or more target terminals. Includes table.

In this correspondence table, one or more target terminals corresponding to each section transmit a plurality of monitor frames to the target terminal, and the presence or absence of reception of a response frame from the target terminal is used to determine the silent failure of the section. It shows the target terminal used. A silent failure refers to a failure other than a link down or the like detected in a switch (communication device). The number of lines operated as a link aggregation group by preparing a standby line in advance in a link aggregation group (LAG) and switching to the standby line when a line in operation fails. However, in the case of a silent failure, it is not recognized as a failure, so the line with the silent failure remains as an active link aggregation member port.

Whether or not a response frame has been received is determined by the response frame reception determining section 15, as in each of the above-described embodiments, and the result of determining whether or not a response frame has been received is notified to the failure determining section 125 of the monitor control section 12D. As described with reference to FIGS. 6A and 6B, determination of a failure section can be performed based on network topology information (for example, in the case of FIG. 6A, the network topology is a tree type). . In this case, the failure section determination condition of FIG. 6B is created based on network topology information, for example.

The failure determination conditions in the storage unit 19 may further include failure part determination conditions. The failure site determination condition includes a combination of presence/absence of reception of a response frame from the target terminal with respect to a plurality of monitor frames addressed to each target terminal, and a correspondence table of estimated failure sites. The failure part determination condition is created and set based on predetermined network configuration information (for example, inter-port connection information), etc., and the failure determination unit 125 detects failures of communication devices such as switches and links between communication devices ( A condition may be included that makes it possible to determine a silent failure). The port-to-port connection information may include, for example, port-to-port connection information between devices in FIG. 6A, or port-to-port connection information between target nodes A, B, and C and devices E, F, and D . The network configuration information uses the network configuration information acquired by the network configuration information acquisition unit 123 (capable of acquiring connection information between physical ports such as opposing L2 switches) of the tenth embodiment shown in FIG. You may do so.

The failure judgment unit 125 judges a failure part (failure part) based on whether or not a response frame is received from a plurality of target terminals, which are the destinations of the monitoring frames, and failure part judgment conditions.

35A and 35B are diagrams for explaining the twelfth embodiment of the present invention. It is assumed that the switches are connected by LAG lines. In FIG. 6, a network management device (server) 10, based on network topology information, sends a plurality of VLAN ID (VID) values in the header to variable (sweep) target terminals under the edge switch 2-2. Detection of faulty sections has been described by sending tagged PING frames. Also in this embodiment, the network management device (server) 10 may transmit a tagged PING frame obtained by sweeping the VID of the VLAN tag in the header within a predetermined range. Alternatively, an LBM frame obtained by sweeping the source MAC address of the header within a predetermined range may be transmitted.

Referring to FIG. 35A, switch 20-1 is for example a core switch, switches 20-2 and 20-3 are for example middle switches, switches 21-1 to 21-8 are for example edge switches, and target 3- 1 to 3-8 are target terminals in FIGS. 5 and 6A. Note that the connection example of the switches and target terminals in FIG. 35A is for illustrative purposes only, and the number and connection configuration are not limited to the illustrated example.

As described above, it is possible to determine (estimate) a failure (silent failure) of a part other than the failure of the section by the combination pattern of arrival and non-arrival from the network management device 10 to the target terminals 3-1 to 3-8. .

In the network management device 10, the failure determination condition in the storage unit 19 of FIG. and the correspondence with the fault location.

In the network management device 10, the failure determination unit 125 receives a plurality of request frames from the network management device 10 whose destinations are the target terminals 3-1 to 3-8 (for example, the source MAC address field is the virtual source MAC address, the destination MAC The address column is set to the MAC address of the target terminal), and the failure location (physical failure location) is estimated based on whether or not a response frame has been received from the target terminals 3-1 to 3-8.

In the failure judging section 125 of FIG. 34, when the failure part is estimated from the combination pattern of reaching and not reaching the target terminals 3-1 to 3-8, an individual diagnosis operation or the like is performed to specify the failure part. You may do so. In the failure determination unit 125, the combination patterns of arrival and non-arrival to the target terminals 3-1 to 3-8 are accumulated, and the actual failure location (the location (equipment) actually identified as failure) and the combination pattern statistics. A processing result may be stored.

Alternatively, the failure determination unit 125 may calculate the probability of the cause of the failure based on the results of statistical processing for the combination patterns of arrival and non-arrival of the target terminals 3-1 to 3-8. .

FIG. 35(B) is a diagram for explaining failure part determination conditions included in the failure determination conditions of the storage unit 19 of FIG. Case 1 is an example in which the supervisory frame does not reach the target terminals #5 to #8 (response frame not received) in FIG. That is, the network management device 10 has received the response frames from the target terminals #1 to #4).

At the failure point (estimated failure point) F1 of case 1 in FIG. It may be a silent failure of the interface (NIF9). Alternatively, a fault in a bus connecting a controller (CPU (Central Processing Unit)), a packet processor, a crossbar switch, and NIF (none of which is shown) in the switch 20-3 may also be a candidate. If other causes of failure can be considered based on network topology information and network configuration information (for example, inter-port connection information), the second and third failure candidates are set as the failure location F1 of Case 1. good too.

The failure determination unit 125 confirms that the target terminals #5 to #8 are connected to the edge switches 21-5 to 21-8, and that the edge switches 21-5 to 21-8 are connected to the network interface (NIF9 ) based on the network connection information (port connection information) that it is connected to the port of the switch 20-3, based on the failure part determination condition, all of the target terminals #5 to #8 are unreachable, so the network interface of the switch 20-3 It can be determined (estimated) that the failure (silent failure) of (NIF9) is one of the causes. The port-to-port connection information is given for each port as a trio of chassis number, slot number (slot number connected to the backplane of the chassis), and port number, as schematically shown in FIG. , port-to-port connection information is given by a set of (chassis number, slot number, port number) of two ports to be connected. Note that the port-to-port connection information, which is the network configuration information, may be the port-to-port connection information related to the ports of some switches instead of the ports of all the switches in FIG. 35(A).

In the network management device 10, when monitoring the network by monitoring frames, the combination pattern of arrival and non-arrival of the target terminals 3-1 to 3-8 is collated with the failure part determination conditions, and the failure part candidate is output, or A failure log may be generated.

In FIG. 35B, case 2 of the failure part determination condition (target terminals #5 to #8 have received or not received the monitoring frame, and target terminals #1 to #4 have received the monitoring frame) is switch 20-1. and 20-3 section (line) may be determined (estimated) to be a silent failure.

In FIG. 35B, in case 3 (target terminal #1 is or is not reached by a supervisory frame, target terminals #2 to #8 are reached by supervisory frames), for example, switch 20-2 and edge switch 20- It may be determined (estimated) that the line between 1 is silent failure. Alternatively, it is also possible to determine that there is a defect (failure) in the memory of the switch 20-2, for example, a CAM (Content Addressable Memory). process). In this case, it is assumed that intermittent bit errors at fixed positions in the memory of the MAC address table cause the monitor frame to intermittently arrive or fail to reach a node connected to a certain port.

The disclosures of Patent Documents 1 to 3 mentioned above are incorporated herein by reference. Within the framework of the full disclosure of the present invention (including the scope of claims), modifications and adjustments of the embodiments and examples are possible based on the basic technical concept thereof. Also, various combinations and selections of various disclosure elements (including each element of each claim, each element of each embodiment, each element of each drawing, etc.) are possible within the scope of the claims of the present invention. . That is, the present invention naturally includes various variations and modifications that can be made by those skilled in the art according to the entire disclosure including claims and technical ideas.

For example, the above-described embodiments are appended as follows (but not limited thereto).

(Appendix 1)
The address of one of the plurality of ports of a communication device having a plurality of ports aggregated into a link aggregation group is set in the destination address field, and the address of the network interface of the device is set in the source address field. create another frame in which one of the predetermined addresses prepared in advance is set as a virtual source address;
means for transmitting the frame addressed to the port to a network to which the communication device is connected via the network interface;
means for acknowledging receipt of a response frame from said port having a destination address as said virtual source address;
A network management device comprising:

(Appendix 2)
and means for controlling to transmit a frame with a destination address field set to the address of the port and a source address field set to another virtual source address when a response frame to the frame is not received. The network management device according to Supplementary Note 1.

(Appendix 3)
When a response frame is received in response to the frame, the transmission source address column of the frame is fixed to the virtual source address and the destination address column is the address of the port. 3. The network management device according to appendix 1 or 2, further comprising means for monitoring the port.

(Appendix 4)
transmitting to each of the plurality of ports of the link aggregation group a frame in which the destination address field is the address of the port and the value of the virtual source address in the source address field is varied;
Supplementary notes 1 to 3, characterized by comprising means for storing a virtual source address of the frame in a management table in association with the port number and address when a response is received for the frame. The network management device according to any one of 1.

(Appendix 5)
transmitting a frame in which the address of each port stored in the management table as having a response is set as a destination address and the virtual source address stored in the management table corresponding to the port is set in the source address column, 5. The network management device according to appendix 4, further comprising means for monitoring a plurality of ports of a link aggregation group of said communication device.

(Appendix 6)
6. The network management device according to appendix 5, further comprising means for detecting a port at which the frame has not arrived and no response has been received.

(Appendix 7)
sending a frame with a destination address field set to the address of the port and a variable value of the virtual source address in the source address field to the port for which there is no response;
Determining normal when a response frame is received from the port with the same address as before the frame is unreachable;
Means for judging an abnormality when the response frame is not received even if a frame is transmitted in which the value of the virtual source MAC address in the source address column is changed without changing the address of the port in the destination address column. 7. The network management device according to appendix 6, characterized by comprising:

(Appendix 8)
8. The network management device according to any one of additional notes 1 to 7, further comprising means for acquiring configuration information of the network based on the transmission of the frame and the reception of the response frame.

(Appendix 9)
a communication device having a plurality of ports aggregated into a link aggregation group;
The address of one of the plurality of ports of the communication device is set in the destination address field, and the source address is set to a predetermined address prepared in advance and different from the network interface address of the device itself. as a virtual source address, and transmits the frame addressed to the port to the network to which the communication device is connected via the network interface;
a network management device comprising means for confirming reception of a response frame having a destination address from the port as the virtual source address;
A network system comprising:

(Appendix 10)
The network management device controls means for controlling to transmit a frame with a destination address field set to the address of the port and a source address field set to another virtual source address when a response frame to the frame is not received. 10. The network system according to appendix 9, characterized in that:

(Appendix 11)
When a response frame is received for the frame, the network management device fixes the source address field of the frame to the virtual source address and transmits the frame with the destination address field set to the address of the port. 11. The network system according to appendix 9 or 10, further comprising: means for monitoring the port of the communication device as described above.

(Appendix 12)
The network management device transmits, to each of the plurality of ports of the link aggregation group, a frame in which the destination address field is the address of the port and the value of the virtual source address in the source address field is varied. ,
Supplements 9 to 11, characterized by comprising means for storing a virtual source address of the frame in a management table in association with the port number and address when a response is received for the frame. A network system according to any one of

(Appendix 13)
The network management device transmits a frame having, as a destination address, the address of each port stored as having a response in the management table, and having a source address column as a virtual source address corresponding to the port, and the communication device 13. The network system according to appendix 12, further comprising means for monitoring a plurality of ports of the link aggregation group.

(Appendix 14)
14. The network system according to appendix 13, wherein the network management device comprises means for detecting a port where the frame has not arrived and no response has been received.

(Appendix 15)
The network management device transmits a frame with the address of the port in the destination address field and the virtual source address in the source address field changed to the port that has lost the response,
Determining normal when a response frame is received from the port with the same address as before the frame is unreachable;
Means for judging an abnormality when the response frame is not received even if a frame is transmitted in which the value of the virtual source MAC address in the source address column is changed without changing the address of the port in the destination address column. 15. The network system of claim 14, comprising:

(Appendix 16)
16. The network system according to any one of appendices 9 to 15, wherein the network management device comprises means for acquiring configuration information of the network based on transmission of the frame and reception of the reply.

(Appendix 17)
The address of one of the plurality of ports of a communication device having a plurality of ports aggregated into a link aggregation group is set in the destination address field, and the address of the network interface of the device is set in the source address field. create another frame in which one of the predetermined addresses prepared in advance is set as a virtual source address;
transmitting the frame addressed to the port to a network to which the communication device is connected via the network interface;
A network management method characterized by confirming reception of a response frame having a destination address as the virtual source address from the port.

(Appendix 18)
Supplementary note 17, characterized in that when a response frame to the frame is not received, the frame is transmitted with the destination address field set to the address of the port and the source address field set to another virtual source address. network management method described in .

(Appendix 19)
When a response frame is received in response to the frame, the transmission source address column of the frame is fixed to the virtual source address and the destination address column is the address of the port. 19. The network management method according to appendix 17 or 18, wherein the port is monitored.

(Appendix 20)
transmitting to each of the plurality of ports of the link aggregation group a frame in which the destination address field is the address of the port and the value of the virtual source address in the source address field is varied;
20. Any one of appendices 17 to 19, wherein when a response is received for the frame, the virtual source address of the frame is stored in a management table in association with the port number and address. Described network management method.

(Appendix 21)
transmitting a frame in which the address of each port stored in the management table as having a response is set as a destination address and the virtual source address stored in the management table corresponding to the port is set in the source address column, 19. The network management method according to appendix 17 or 18, wherein a plurality of ports of a link aggregation group of said communication device are monitored.

(Appendix 22)
22. The network management method according to appendix 21, further comprising detecting a port where the frame has not arrived and no response has been received.

(Appendix 23)
sending a frame with a destination address field set to the address of the port and a variable virtual source address in the source address field to the port with no response;
Determining normal when a response frame is received from the port with the same address as before the frame is unreachable;
Determining an abnormality when the response frame is not received even if a frame is transmitted in which the value of the virtual source MAC address in the source address column is changed without changing the address of the port in the destination address column, 23. The network management method according to appendix 22, characterized by:

(Appendix 24)
24. The network management method according to any one of appendices 17 to 23, wherein configuration information of the network is acquired based on the transmission of the frame and the reception of the reply.

(Appendix 25)
The address of one of the plurality of ports of a communication device having a plurality of ports aggregated into a link aggregation group is set in the destination address field, and the address of the network interface of the device is set in the source address field. create another frame in which one of the predetermined addresses prepared in advance is set as a virtual source address;
a process of transmitting the frame addressed to the port to a network to which the communication device is connected via the network interface;
a process of confirming reception of a response frame having the virtual source address as the destination address from the port;
A program that makes a computer run

(Appendix 26)
Supplementary note for causing the computer to execute a process of controlling to transmit a frame with the destination address field set to the address of the port and the source address field set to another virtual source address when a response frame to the frame is not received. 25. The program according to 25.

(Appendix 27)
When a response frame is received in response to the frame, the transmission source address column of the frame is fixed to the virtual source address and the destination address column is the address of the port. 27. The program according to appendix 25 or 26, which causes the computer to execute a process of monitoring the port.

(Appendix 28)
transmitting to each of the plurality of ports of the link aggregation group a frame in which the destination address field is the address of the port and the value of the virtual source address in the source address field is varied;
27. According to appendix 25 or 26, causing the computer to execute a process of storing the virtual source address of the frame in a management table in association with the port number and address when a response is received for the frame. program.

(Appendix 29)
transmitting a frame having the address of each port stored in the management table as a destination address and the virtual source address corresponding to the port as a source address column, thereby determining a plurality of ports of the link aggregation group of the communication device; 29. The program according to appendix 28, causing the computer to execute a process to be monitored.

(Appendix 30)
30. The program according to appendix 29, which causes the computer to execute processing for detecting a port to which the frame has not arrived and no response has been received.

(Appendix 31)
sending a frame with a destination address field set to the address of the port and a variable virtual source address in the source address field to the port with no response;
Determining normal when a response frame is received from the port with the same address as before the frame is unreachable,
A process of judging an abnormality when the response frame is not received even if a frame is transmitted with the destination address field unchanged and the value of the virtual source MAC address in the source address field is changed without changing the address of the port. 30. The program according to appendix 29, causing the computer to execute:

(Appendix 32)
32. The program according to any one of appendices 25 to 31, which causes the computer to execute a process of acquiring the configuration information of the network based on the transmission of the frame and the reception of the reply.

1 network (network system)
2-1, 2-2, 5-1, 5-3 Edge switch (router)
3, 3-1 to 3-8 Target terminal 4 Source node 5-2 Core switch 6 Destination node 10 Network management device (server)
11 network interface (NIF)
12, 12A, 12B, 12C, 12D supervisory control unit 13 frame creation unit 14 frame transmission unit 15 response frame reception determination unit 16, 16B port/address correspondence generation unit 17 port/address management tables 18, 18A, 18B, 18C, 18D , 18E management module 19 storage unit (failure determination conditions)
20, 20-A, 20-B, 20-C, 20-D, 30, 50 Switch (communication device)
20-1 to 20-3 switches 21-1 to 21-8 edge switch 33 PING frame creation unit 35 PING reply reception determination unit 40, 40 ₁ , 40 ₂ , line (link)
60 Server (IoT gateway)
101 Processor 102 Storage device 103 Display device 111 Transmitter 112 Receiver 121 State change detection unit 122 Abnormality determination unit 123 Network configuration information acquisition unit 124 Network map generation unit 125 Failure determination unit 131 Virtual source MAC address setting unit 132 Virtual source MAC address /VID setting unit 331 VID setting unit 501, 503 Ethernet frame 502 Ethernet frame (EoE frame)

Claims (13)

Between the network management device and the plurality of target terminals, via a VLAN (Virtual Local Area Network) network in which a plurality of communication devices having a plurality of ports aggregated into a link aggregation group (LAG) are hierarchically connected. generating a plurality of frames in which identification information with different values is set in at least the VLAN identification information column of the header of the frame as a monitoring frame to be transmitted to each target terminal of the plurality of target terminals; a first means for transmitting to a terminal;
second means for detecting receipt of a reply to said transmitted frame;
If any one of the responses to the plurality of frames transmitted to the target terminal does not return, a combination pattern of reception or non-reception of the response to the frames transmitted to the plurality of target terminals; a third means for determining a failure section and/or a failure part based on a failure determination condition including correspondence with failures in each section between communication devices;
A network management device comprising: 2. The network management device according to claim 1, wherein whether or not a response is received from said target terminal is used for judging a silent failure in said section. The first means stores, in at least the VLAN identification information field of the header of the frame, VLAN identification information obtained by sweeping values within a predetermined range equal to or greater than the maximum number of link aggregation group (LAG) ports of the communication device on the network. 2. The network management device according to claim 1, wherein a plurality of set frames are generated. The third means, based on the failure determination condition including a combination pattern of reception/non-reception of responses to the frames transmitted to the plurality of target terminals, and network configuration information, stores information on the memory and bus of the communication device. 4. The network management device according to any one of claims 1 to 3, wherein failure of a line between , a network interface, and said communication device is estimated. 5. The identification information according to any one of claims 1 to 4, wherein the identification information is a virtual source MAC (Media Access Control) address and/or VLAN (Virtual Local Area Network) identification information. Network management device. 2. The frame for replying from the target terminal to the network management device is a monitoring frame in which destination identification information and virtual source identification information of the monitoring frame are exchanged. 5. The network management device according to any one of 4. 7. The apparatus according to any one of claims 1 to 6, wherein said second means sets a network interface and a device driver to promiscuous mode in loopback mode by said monitoring frame. Network management device. 1 to 4, wherein the first means transmits a plurality of frames obtained by sweeping an MTU (Maximum Transfer Unit) size and a UTP (Unshielded Twisted Pair) port number toward the target terminal. 5. The network management device according to any one of 4. A network management method by a network management device,
Via a VLAN (Virtual Local Area Network) network in which a plurality of communication devices having a plurality of ports aggregated into a link aggregation group (LAG) are hierarchically connected between the network management device and the plurality of target terminals. As a monitoring frame to be transmitted to each target terminal of the plurality of target terminals , a plurality of frames in which identification information with different values is set in at least the VLAN identification information column of the header of the frame are generated, sent to the target terminal,
detecting receipt of a reply to the transmitted frame;
If any one of the responses to the plurality of frames transmitted to the target terminal does not return, a combination pattern of reception or non-reception of the response to the frames transmitted to the plurality of target terminals; 1. A network management method, comprising: judging a faulty section and/or a faulty part based on a fault judging condition including a correspondence with a fault in each section between communication devices. 10. The network management method according to claim 9, wherein whether or not a response is received from said target terminal is used for judging a silent failure in said section. generating a plurality of frames in which VLAN identification information is set in the identification information field of the header of the frame, the value being swept within a predetermined range equal to or greater than the maximum number of link aggregation group (LAG) ports of the communication device on the network; 11. The network management method according to claim 9 or 10, characterized by: 10. The frame returned from the target terminal to the network management device is a monitoring frame in which destination identification information and virtual source identification information of the monitoring frame are exchanged. 12. The network management method according to any one of 11. Between the network management device and the plurality of target terminals, via a VLAN (Virtual Local Area Network) network in which a plurality of communication devices having a plurality of ports aggregated into a link aggregation group (LAG) are hierarchically connected. generating a plurality of frames in which identification information with different values is set in at least the VLAN identification information column of the header of the frame as a monitoring frame to be transmitted to each target terminal of the plurality of target terminals; Processing to send to the terminal,
a process of detecting receipt of a reply to the transmitted frame;
If any one of the responses to the plurality of frames transmitted to the target terminal does not return, a combination pattern of reception or non-reception of the response to the frames transmitted to the plurality of target terminals; A process of determining a failure section and/or a failure part based on a failure determination condition including correspondence with a failure in each section between communication devices;
A program that causes a computer that constitutes the network management device to execute.

Images