JP7380091B2 - Packet processing device and packet processing method - Google Patents

Description

The present invention relates to an apparatus and method for processing communication packets.

In order to provide flexible information processing services, information processing systems that operate in virtual environments have been put into practical use. An information processing system that operates under a virtual environment includes, for example, a plurality of virtual servers and a virtual switch provided between the virtual servers. The plurality of virtual servers transmits and receives communication packets via the virtual switch, thereby realizing the requested information processing. Note that in the following description, an information processing system that operates in a virtual environment may be referred to as a "virtual information processing system."

When monitoring a virtual information processing system, the mirroring function of a virtual switch is used to copy communication packets sent between virtual servers. The copied communication packet is transferred to the system analysis device by the relay device. The system analysis device monitors the virtual information processing system based on the received communication packets. For example, the system analysis device monitors the number of packets, packet loss rate, response time, throughput, etc. of the virtual information processing system.

Note that as a related technique, a method has been proposed to improve the efficiency of TCP transmission processing (for example, Patent Document 1). Furthermore, a method has been proposed for transmitting and receiving video data constituting a data stream to improve video quality when operating on an unreliable transmission path (for example, Patent Document 2).

WO2010/073671 Japanese Patent Application Publication No. 2004-007823

When monitoring a virtual information processing system using a system analysis device provided outside the virtual environment, it is necessary to reproduce the behavior of communication packets transmitted between virtual servers on the system analysis device. However, in a virtual environment, processing specific to the virtual environment may be performed in order to increase computational efficiency. For this reason, there are cases where it is difficult to reproduce the behavior of communication packets transmitted between virtual servers on a system analysis device. If the behavior of communication packets transmitted between virtual servers cannot be accurately reproduced on the system analysis device, the accuracy of monitoring the virtual information processing system will decrease.

An object of one aspect of the present invention is to improve the accuracy of monitoring virtual information processing systems.

A packet processing method according to one aspect of the present invention includes receiving a communication packet transmitted within a virtual information processing system from the virtual information processing system, wherein the communication packet is a retransmission packet transmitted within the virtual information processing system. If the communication packet is not a retransmission packet transmitted within the virtual information processing system, a first segment offload function for performing division processing of transmission data is set to an on state. a second output unit that outputs the communication packet via an output unit, and when the communication packet is a retransmission packet transmitted within the virtual information processing system, the segment offload function is set to an off state; The communication packet is outputted via.

According to the above aspect, the monitoring accuracy of the virtual information processing system is improved.

FIG. 1 is a diagram illustrating an example of a monitoring system that monitors a virtual information processing system. FIG. 2 is a diagram illustrating a problem related to a segment offload function. FIG. 7 is a diagram illustrating another problem related to the segment offload function. 1 is a diagram showing an example of a monitoring system according to an embodiment of the present invention. FIG. 3 is a diagram illustrating an example of the operation of a relay device when a normal packet is transmitted between virtual servers. FIG. 6 is a diagram illustrating an example of the operation of a relay device when a retransmission packet is transmitted between virtual servers. FIG. 2 is a diagram illustrating an example of a hardware configuration of a relay device. FIG. 3 is a diagram illustrating an example of a retransmission procedure due to packet loss. FIG. 3 is a diagram showing an example of a capsule packet. FIG. 3 is a diagram illustrating an example of a packet buffer, a session management table, and a parameter table. 7 is a flowchart illustrating an example of processing by a packet receiving unit. 3 is a flowchart illustrating an example of processing by a retransmission determination section. 5 is a flowchart illustrating an example of processing by a transfer control unit. 3 is a flowchart illustrating an example of processing by a transfer unit.

FIG. 1 shows an example of a monitoring system that monitors a virtual information processing system. In this example, the monitoring system includes a relay device 2 and a system analysis device 3 in order to monitor the operating state of the virtual information processing system 1. The virtual information processing system 1 is an information processing system that operates under a virtual environment. The relay device 2 receives communication packets transmitted within the virtual information processing system 1 from the virtual information processing system 1 and transfers them to the system analysis device 3. The system analysis device 3 monitors the operation of the virtual information processing system 1 using communication packets transferred from the relay device 2.

As shown in FIG. 1, the virtual information processing system 1 includes a plurality of virtual servers 11 (11a, 11b), a virtual switch 12, a collection server 13, and a NIC (network interface card) 14. Note that the virtual information processing system 1 may include other functions not shown in FIG. Further, the virtual information processing system 1 may include three or more virtual servers 11.

The virtual server 11 is realized by a virtual machine. Then, the virtual server 11 can transmit the calculation results to other virtual servers 11. Further, the virtual server 11 can receive calculation results of other virtual servers 11. The calculation result (and control information) is stored in, for example, a TCP packet and transmitted.

The virtual switch 12 transfers communication packets between the virtual servers 11. Further, the virtual switch 12 can copy communication packets transmitted between the virtual servers 11 and guide them to the collection server 13 by using a mirroring function. Therefore, the collection server 13 can collect communication packets transmitted between the virtual servers 11. Note that the collection server 13 is also realized by a virtual machine.

The collection server 13 transmits the collected communication packets to the relay device 2 via the NIC 14. Then, the relay device 2 receives the communication packet via the NIC 21. That is, the relay device 2 receives communication packets transmitted between the virtual servers 11. Note that communication is performed between the virtual information processing system 1 and the relay device 2 using the TCP protocol. That is, communication packets transmitted between the virtual servers 11 are stored in TCP packets and transmitted from the virtual information processing system 1 to the relay device 2.

Note that in the following description, the packet transmitted from the virtual information processing system 1 to the relay device 2 may be referred to as a "capsule packet." That is, communication packets transmitted between the virtual servers 11 are stored in capsule packets and transmitted from the virtual information processing system 1 to the relay device 2. Furthermore, a "communication packet" refers to a packet transmitted between virtual servers 11 or a packet generated by copying a packet transmitted between virtual servers 11.

As shown in FIG. 1, the relay device 2 includes a NIC 21, a packet receiving section 22, a packet buffer 23, a transfer section 24, and a NIC 25. Note that the relay device 2 may include other functions not shown in FIG.

The packet receiving unit 22 receives capsule packets transmitted from the virtual information processing system 1. Then, the packet receiving unit 22 extracts the communication packet from the capsule packet and writes it into the packet buffer 23. That is, communication packets transmitted between the virtual servers 11 are written into the packet buffer 23. The transfer unit 24 reads communication packets from the packet buffer 23. Then, the transfer unit 24 transmits this communication packet to the system analysis device 2 via the NIC 25.

The system analysis device 3 receives communication packets via the NIC 31. The analysis unit 32 then analyzes the communication packet received from the relay device 2. Here, the communication packet received by the system analysis device 3 is a communication packet transmitted between the virtual servers 11. Therefore, the analysis unit 32 can monitor the virtual information processing system 1 by analyzing this communication packet. At this time, the analysis unit 32 monitors, for example, the number of packets, packet loss rate, response time, throughput, etc. of the virtual information processing system 1.

FIG. 2 is a diagram illustrating problems related to the segment offload function. Note that the configurations of the virtual information processing system 1, the relay device 2, and the system analysis device 3 are substantially the same in FIGS. 1 and 2.

In the virtual information processing system 1, in order to reduce the overhead of communication processing, the segment offload function of the virtual NIC (V_NIC in FIG. 2) is often set to the on state. The segment offload function executes division processing of transmission data in TCP communication instead of the CPU. In the virtual information processing system 1 shown in FIG. 2, when the segment offload function is set to the on state, communication packets larger than the MTU can be transmitted between the virtual servers 11. Note that the MTU (maximum transmission unit) value is set to, for example, 1500B. It is assumed that a communication packet larger than the MTU (a 64 KB packet in FIG. 2) is transmitted between the virtual servers 11.

Communication is performed between the virtual information processing system 1 and the relay device 2 using the TCP protocol. Therefore, communication packets transmitted between the virtual servers 11 are stored in one or more capsule packets and transmitted from the virtual information processing system 1 to the relay device 2. At this time, the communication packets transmitted between the virtual servers 11 are divided into a plurality of packets as necessary.

Relay device 2 extracts communication packets transmitted between virtual servers 11 from one or more capsule packets received from virtual information processing system 1 . The extracted communication packet is then temporarily stored in the packet buffer 23, as shown in FIG. Thereafter, the transfer unit 24 reads the communication packet from the packet buffer 23 and passes it to the NIC 25.

It is assumed that the relay device 2 and the system analysis device 3 are physically connected via Ethernet (registered trademark), and the MTU value is 1500B. Here, in order to accurately monitor the behavior of communication packets in the virtual information processing system 1 with the system analysis device 3, the relay device 2 must stream output the communication packets read from the packet buffer 23 as they are to the system analysis device 3. It is preferable to do so. Therefore, the segment offload function of the NIC (namely, NIC 25, 31) installed between the relay device 2 and the system analysis device 3 is set to the off state.

However, the MTU value of the NICs 25 and 31 is set to 1500B. Therefore, when the size of a communication packet transmitted between the virtual servers 11 is larger than the MTU value, the communication packet is discarded by the NICs 25 and 31. That is, the segment offload function of the virtual NIC in the virtual information processing system 1 is set to the on state, and the segment offload function of the NIC implemented between the relay device 2 and the system analysis device 3 is set to the off state. Then, the system analysis device 3 cannot correctly monitor the behavior of communication packets within the virtual information processing system 1.

The problem described with reference to FIG. 2 can be solved by turning on the segment offload function of the NIC installed between the relay device 2 and the system analysis device 3. That is, when the segment offload function of the NICs 25 and 31 is set to the on state, a communication packet larger than the MTU is divided into communication packets smaller than the MTU by the NIC 25 and transmitted to the system analysis device 3. Then, the NIC 31 reproduces the original communication packet by combining the communication packets divided by the NIC 25. Therefore, even if a communication packet larger than the MTU is transmitted between the virtual servers 11, the communication packet will not be discarded between the relay device 2 and the system analysis device 3.

However, when the segment offload function of the NIC installed between the relay device 2 and the system analysis device 3 is set to the on state, another problem may occur. For example, if a packet loss occurs between the virtual servers 11, retransmission is performed between the virtual servers 11. At this time, if a packet loss occurs again in the retransmission procedure after a communication packet loss larger than the MTU occurs, the processing cost for recovery increases. Therefore, if a loss of a communication packet larger than MTU occurs, the communication packet may be divided into packets smaller than MTU and retransmitted. In the example shown in FIG. 3, after a loss of a 64 KB communication packet occurs, a plurality of retransmission packets P1 to Pn of less than MTU are transmitted.

In a case where such retransmission is performed, a plurality of retransmission packets P1 to Pn are transferred from relay device 2 to system analysis device 3, as shown in FIG. However, the segment offload functions of the NICs 25 and 31 are set to the on state. Therefore, the NIC 31 combines the plurality of retransmission packets P1 to Pn and reproduces one communication packet. That is, even though a plurality of retransmission packets P1 to Pn are actually transmitted between the virtual servers 11, the analysis unit 32 recognizes that one communication packet has been transmitted. As a result, monitoring accuracy will be reduced.

In this way, if the segment offload function of the NIC implemented between the relay device 2 and the system analysis device 3 is set to ON, the size of communication packets sent between the virtual servers 11 will be larger than the MTU. However, when the communication packet is retransmitted between the virtual servers 11, the monitoring accuracy may deteriorate. Therefore, the packet processing device according to the embodiment of the present invention has a function of determining whether a communication packet received from the virtual information processing system is a retransmission packet transmitted between the virtual servers 11. The packet processing device then performs different packet processing depending on the determination result.

<Embodiment>
FIG. 4 shows an example of a monitoring system according to an embodiment of the present invention. In this example, the monitoring system includes a relay device 2A and a system analysis device 3A in order to monitor the operating state of the virtual information processing system 1. The virtual information processing system 1 is an information processing system that operates under a virtual environment. The relay device 2A receives communication packets transmitted within the virtual information processing system 1 from the virtual information processing system 1, and transfers them to the system analysis device 3A. The system analysis device 3A monitors the operating state of the virtual information processing system 1 using communication packets transferred from the relay device 2A.

The virtual information processing system 1 is substantially the same in FIGS. 1 and 4. That is, the virtual servers 11 (11a, 11b) transmit and receive communication packets via the virtual NIC. The segment offload function of the virtual NIC is set to the on state. That is, communication packets larger than MTU can be transmitted between virtual servers 11. Further, the virtual switch 12 and the collection server 13 copy communication packets transmitted between the virtual servers 11 and transmit the copy to the relay device 2A. Note that communication packets transmitted between the virtual servers 11 are stored in capsule packets and transmitted from the virtual information processing system 1 to the relay device 2A.

The relay device 2A includes a NIC 21, a packet receiving section 22, a packet buffer 23, a retransmission determining section 26, a transfer control section 27, transfer sections 24a and 24b, and NICs 25a and 25b. The NIC 21, packet receiver 22, and packet buffer 23 are substantially the same in FIGS. 1 and 4. That is, the packet receiving unit 22 extracts communication packets transmitted between the virtual servers 11 from the capsule packets received from the virtual information processing system 1 . Then, the packet receiving unit 22 stores communication packets transmitted between the virtual servers 11 in the packet buffer 23. Note that the relay device 2 may include other functions not shown in FIG. 4.

The retransmission determination unit 26 determines whether the communication packet stored in the packet buffer 23 is a retransmission packet transmitted within the virtual information processing system 1. That is, the retransmission determination unit 26 determines whether the communication packet stored in the packet buffer 23 is a normal packet or a retransmission packet. A retransmitted packet is a packet that is transmitted due to a packet loss that occurs within the virtual information processing system 1. A normal packet is a packet other than a retransmission packet that is transmitted within the virtual information processing system 1.

Note that in this embodiment, it is assumed that the size of the retransmitted packet is less than or equal to the MTU value. Therefore, when a loss of a normal packet larger than MTU occurs, multiple retransmission packets are transmitted for that normal packet.

The transfer units 24a and 24b read communication packets from the packet buffer 23 in accordance with instructions given from the transfer control unit 27. The NICs 25a and 25b output communication packets read by the transfer units 24a and 24b, respectively. Here, the segment offload function of the NIC 25a is set to the on state, and the segment offload function of the NIC 25b is set to the off state. That is, when the size of the communication packet read by the transfer unit 24a is larger than the MTU value, the NIC 25a divides the communication packet into a plurality of packets and outputs the divided packets. On the other hand, the NIC 25b outputs the communication packet as it is, regardless of the size of the communication packet read by the transfer unit 24b. Note that the transfer unit 24a and the NIC 25a are examples of a first output unit in which the segment offload function is set to an on state. Further, the transfer unit 24b and the NIC 25b are an example of a second output unit in which the segment offload function is set to an off state.

The transfer control section 27 gives instructions to the transfer sections 24a and 24b according to the determination result by the retransmission determination section 26. Specifically, when the communication packet stored in the packet buffer 23 is not a retransmission packet (that is, when the communication packet stored in the packet buffer 23 is a normal packet), the transfer control unit 27 transmits the communication packet. An instruction to output is given to the transfer unit 24a. In this case, the transfer unit 24a reads the communication packet, and the NIC 25a outputs the communication packet. On the other hand, when the communication packet stored in the packet buffer 23 is a retransmission packet, the transfer control unit 27 gives an instruction to the transfer unit 24b to output the communication packet. In this case, the transfer unit 24b reads the communication packet, and the NIC 25b outputs the communication packet.

The system analysis section 3A includes NICs 31a and 31b and an analysis section 32. Here, the segment offload function of the NIC 31a is set to the on state, and the segment offload function of the NIC 31b is set to the off state.

The NIC 31a receives communication packets output from the NIC 25a. That is, the NIC 31a receives normal packets. Here, the segment offload function of the NIC 31a is set to the on state. Therefore, when a packet is divided by the segment offload function in the NIC 25a, the NIC 31a reproduces the original communication packet from the plurality of packets.

The NIC 31b receives communication packets output from the NIC 25b. That is, the NIC 31b receives the retransmission packet. Here, the segment offload function of the NIC 31b is set to an off state. Therefore, when the NIC 25a receives multiple retransmitted packets within the same TCP session, it does not combine the multiple retransmitted packets. That is, the plurality of retransmitted packets are directly guided to the analysis section 32 without being combined.

The analysis unit 32 analyzes communication packets received from the relay device 2A. Here, the communication packet received by the system analysis device 3A is a communication packet transmitted between the virtual servers 11. Therefore, the analysis unit 32 can monitor the virtual information processing system 1 by analyzing this communication packet. At this time, the analysis unit 32 monitors, for example, the number of packets, packet loss rate, response time, throughput, etc. of the virtual information processing system 1.

FIG. 5 shows an example of the operation of the relay device 2A when a normal packet is transmitted between the virtual servers 11. In this case, normal packets transmitted between the virtual servers 11 are stored in the packet buffer 23. When the retransmission determination section 26 determines that the communication packet stored in the packet buffer 23 is a normal packet, it gives a transmission instruction to the transfer section 24a. Then, the transfer unit 24a reads the normal packet from the packet buffer 23 according to the transmission instruction. Then, the NIC 25a transmits this normal packet to the system analysis device 3A. Here, the segment offload function of the NIC 25a is set to the on state. Therefore, when the size of the normal packet is larger than the MTU value, the NIC 25a divides the normal packet into packets smaller than the MTU and transmits them to the system analysis device 3A.

In this way, when a normal packet is sent between the virtual servers 11, the normal packet is transferred from the relay device 2A to the system analysis device 3A via the NIC in which the segment offload function is set to the on state. Ru. Therefore, even if the size of a normal packet is larger than the MTU value, the normal packet will not be discarded during transfer from the relay device 2A to the system analysis device 3A.

FIG. 6 shows an example of the operation of the relay device 2A when a retransmission packet is transmitted between the virtual servers 11. In this embodiment, it is assumed that in the virtual information processing system 1, a plurality of retransmission packets P1 to Pn are transmitted due to a loss of a normal packet. Furthermore, the size of each retransmission packet P1 to Pn is less than or equal to the MTU value.

In this case, retransmission packets P1 to Pn transmitted between virtual servers 11 are stored in packet buffer 23. When the retransmission determination unit 26 determines that the communication packet stored in the packet buffer 23 is a retransmission packet, it gives a transmission instruction to the transfer unit 24b. Then, the transfer unit 24b sequentially reads retransmission packets P1 to Pn from the packet buffer 23 according to the transmission instruction. Then, the NIC 25a transmits the retransmission packets P1 to Pn to the system analysis device 3A.

In this way, when the retransmitted packets P1 to Pn are transmitted between the virtual servers 11, the retransmitted packets P1 to Pn are transmitted from the relay device 2A to the system analysis via the NIC whose segment offload function is set to the off state. The data is transferred to device 3A. Therefore, the retransmission packets P1 to Pn are not combined in the NIC installed in the system analysis device 3A, and the behavior of communication packets within the virtual information processing system 1 is correctly reproduced.

FIG. 7 shows an example of the hardware configuration of the relay device 2A. The relay device 2A includes a hard disk 41, a memory 42, a CPU 43, and NICs 25a and 25b. Note that the relay device 2A may include circuits or devices not shown in FIG. 7.

The hard disk 41 stores an OS (operating system) program and a relay program. The relay program includes a packet reception program, a retransmission determination program, a transfer control program, and a transfer program. The packet reception program, retransmission determination program, transfer control program, and transfer program describe the processing of the packet reception unit 22, retransmission determination unit 26, transfer control unit 27, and transfer units 24a and 24b, respectively.

The memory 42 is, for example, a semiconductor memory, and implements a work area 42a and a packet buffer 42b. The work area 42a is used as a work area for the CPU 43. Therefore, the OS program and the relay program are loaded into the work area 42a and executed. The packet buffer 42b corresponds to the packet buffer 23 shown in FIGS. 4 to 6.

The CPU 43 executes the packet processing shown in FIGS. 5 and 6 by executing the relay program. At this time, the CPU 43 executes the packet reception program, the retransmission determination program, the transfer control program, and the transfer program, so that the functions of the packet reception section 22, retransmission determination section 26, transfer control section 27, and transfer sections 24a and 24b are provided. That is, the relay device 2A operates as a packet processing device that transfers packets received from the virtual information processing system 1 to the system analysis device 3A. Note that the CPU 43 may be a multiprocessor system including a plurality of processors.

FIG. 8 shows an example of a retransmission procedure due to packet loss. In this embodiment, a SYN packet is transmitted from the virtual server 11a to the virtual server 11b at time T1. The header of the SYN packet includes a destination IP address, a destination port number, a source IP address, a destination port number, and a TCP sequence number. Then, an ACN packet (not shown) is sent back from the virtual server 11b to the virtual server 11a. Through this procedure, a session (or connection) for transmitting communication packets from the virtual server 11a to the virtual server 11b is established.

Thereafter, at time T2, a communication packet (that is, a normal packet) is transmitted from the virtual server 11a to the virtual server 11b. The destination IP address, destination port number, source IP address, and destination port number set in the header of the normal packet are the same as those of the SYN packet. However, the TCP sequence number of a normal packet is different from that of a SYN packet. Further, it is assumed that the size of this normal packet is larger than the MTU value. When the virtual server 11b receives the communication packet, it returns an ACK packet (not shown). That is, when the virtual server 11b receives a communication packet from the virtual server 11a, it transmits an ACK packet to the virtual server 11a.

However, in the example shown in FIG. 8, a packet loss occurs and the virtual server 11b does not receive the normal packet transmitted from the virtual server 11a. In this case, the virtual server 11b does not transmit an ACK packet to the virtual server 11a. That is, the virtual server 11a cannot receive the ACK packet corresponding to the normal packet transmitted at time T2. Then, when a predetermined timeout period has elapsed from time T2, the virtual server 11a starts a retransmission procedure.

In the retransmission procedure, the virtual server 11a transmits retransmission packets P1 to Pn instead of the previously transmitted normal packet. The size of each retransmission packet P1 to Pn is less than or equal to the MTU value. Each of the retransmission packets P1 to Pn is sequentially transmitted one by one at a predetermined time interval ΔT or at a time interval shorter than ΔT. The destination IP address, destination port number, source IP address, and destination port number stored in the header of each retransmission packet P1 to Pn are the same as those of the previously transmitted normal packet. Furthermore, it is assumed that the TCP sequence number of the first transmitted packet (ie, retransmitted packet P1) among the retransmitted packets P1 to Pn is the same as the TCP sequence number of the previously transmitted normal packet. Furthermore, it is assumed that the TCP sequence numbers of retransmission packets P2 to Pn are uniquely calculated from the TCP sequence number of retransmission packet P1.

In the above transmission/retransmission procedure, the virtual switch 12 copies packets received from the virtual server 11a. Then, the virtual information processing system 1 (specifically, the collection server 13 or NIC 14) transmits this packet to the relay device 2A. At this time, the collection server 13 or NIC 14 adds transmission time information to the communication packet to be transmitted to the relay device 2A. However, when the virtual server 11a sends a communication packet and adds sending time information to the communication packet, the collection server 13 or NIC 14 does not need to add sending time information to the communication packet sent to the relay device 2A. do not have. In any case, the communication packet received by the relay device 2A is given transmission time information indicating the transmission time of the communication packet.

FIG. 9 shows an example of a capsule packet transmitted from the virtual information processing system 1 to the relay device 2A. In this embodiment, communication packets transmitted between virtual servers 11 are stored in the payload of a capsule packet, as shown in FIG. At this time, transmission time information is also stored in the payload of this capsule packet. The transmission time information represents the time when a communication packet transmitted between the virtual servers 11 was stored in a capsule packet. However, immediately after a communication packet is transmitted between virtual servers 11, the communication packet is stored in a capsule packet. Therefore, the transmission time information substantially represents the time at which the communication packet was transmitted between the virtual servers 11.

Note that depending on the size of the communication packet transmitted between the virtual servers 11, the communication packet is divided into a plurality of packet parts and transmitted to the relay device 2A using a plurality of capsule packets. In this case, the relay device 2A can reproduce the original communication packet by combining the plurality of packet parts.

The relay device 2A extracts communication packets transmitted between the virtual servers 11 from one or more capsule packets received from the virtual information processing system 1. The extracted communication packets are stored in the packet buffer 23. Further, the relay device 2A manages communication packets for each TCP session. A TCP session is identified in this example by a combination of destination IP address, destination port number, source IP address, and destination port number.

FIG. 10(a) shows an example of the packet buffer 23. The packet buffer 23 stores communication packets transmitted between the virtual servers 11. Note that transmission time information given to the communication packet in the virtual information processing system 1 is also stored in the packet buffer 23 in association with the communication packet.

FIG. 10(b) shows an example of a session management table that manages communication packets for each TCP session. The session management table manages sequence numbers and transmission time information of communication packets for each TCP session. Note that the sequence number and transmission time information of the latest communication packet are recorded in the session management table for each TCP session.

FIG. 10(c) shows an example of a parameter table. The MTU value, timeout time, and continuous transmission interval are recorded in the parameter table. The MTU value is an example of the maximum transmission size and is predetermined. The timeout period is used to detect packet loss occurring within the virtual information processing system 1. For example, if the virtual server 11 cannot receive a corresponding ACK packet within a timeout period from the time when the communication packet was sent to the partner device, it determines that a packet loss has occurred. In this case, the virtual server 11 executes a retransmission procedure. The continuous transmission interval represents the interval at which multiple retransmission packets are sequentially transmitted in the retransmission procedure. In the example shown in FIG. 8, the continuous transmission interval is expressed as ΔT.

FIG. 11 is a flowchart illustrating an example of processing by the packet receiving unit 22. Note that the packet receiving unit 22 generates a socket for TCP communication with the virtual information processing system 1 in S1. Thereafter, each time a TCP protocol packet arrives at the packet receiving unit 22 from the virtual information processing system 1, the processes of S2 to S5 are executed.

In S2, the packet receiving unit 22 receives a TCP protocol packet from the virtual information processing system 1. In this embodiment, the packet receiving unit 22 receives capsule packets from the virtual information processing system 1. As shown in FIG. 9, the capsule packet includes a communication packet transmitted between the virtual servers 11 and transmission time information.

In S3, the packet receiving unit 22 extracts a communication packet from the received capsule packet. In S4, the packet receiving unit 22 extracts transmission time information from the received capsule packet. In S5, the packet receiving unit 22 stores the communication packet and transmission time information extracted from the received capsule packet in the packet buffer 23, as shown in FIG. 10(a).

FIG. 12 is a flowchart illustrating an example of processing by the retransmission determination unit 26. The processing in this flowchart is executed when the packet receiving unit 22 stores a communication packet in the packet buffer 23.

In S11, the retransmission determination unit 26 refers to the communication packet stored in the packet buffer 23. In S12, the retransmission determination unit 26 identifies the TCP session (or TCP connection) based on the destination IP address, destination port number, source IP address, and destination port number set in the header of the communication packet. In S13, the retransmission determination unit 26 extracts the TCP sequence number set in the header of the communication packet. Thereafter, the retransmission determination unit 26 executes the processes of S14 to S21 for the TCP session identified in S12. In the following description, the communication packets processed in the flowchart shown in FIG. 12 may be referred to as "target communication packets."

In S14, the retransmission determination unit 26 determines whether the target communication packet is a retransmission packet based on the TCP sequence number extracted in S13. For example, when a retransmission procedure is executed due to a packet loss in the virtual information processing system 1 and one or more retransmission packets are transmitted, the TCP sequence number of the first retransmission packet is the TCP sequence number of the original communication packet. shall be the same as the number. In this case, if the TCP sequence number extracted in S13 is the same as the TCP sequence number of the previously received communication packet, the retransmission determination unit 26 determines that the target communication packet is a retransmission packet. Note that the TCP sequence number of the communication packet received immediately before the target communication packet is recorded in the session management table.

When it is determined that the target communication packet is a retransmission packet (S14: Yes), the retransmission determination unit 26 generates a retransmission packet notification in S20. The retransmission packet notification indicates that the target communication packet is a retransmission packet. On the other hand, when it is determined that the target communication packet is not a retransmission packet (S14: No), the process of the retransmission determination unit 26 proceeds to S15.

In S15, the retransmission determination unit 26 calculates the transmission interval of the target communication packet. Specifically, the difference between the transmission time of the target communication packet and the transmission time of the communication packet received immediately before the target communication packet is calculated. Note that information representing the transmission time of the target communication packet is stored in the packet buffer 23, as shown in FIG. 10(a). Furthermore, information representing the transmission time of the communication packet received immediately before the target communication packet is recorded in the session management table, as shown in FIG. 10(b).

In S16, the retransmission determination unit 26 updates the session management table. At this time, in the session management table, the TCP sequence number and transmission time information in the record corresponding to the TCP session of the target communication packet are rewritten to the TCP sequence number and transmission time information of the target communication packet. That is, the session management table manages the latest communication packets.

In S17, the retransmission determination unit 26 determines whether the transmission interval of the target communication packet is equal to or longer than the timeout period. The timeout period is used to detect packet loss in the virtual information processing system 1, and is registered in the parameter table shown in FIG. 10(c). If the transmission interval of the target communication packet is equal to or longer than the timeout time, the process of the retransmission determination unit 26 proceeds to S19.

In S19, the retransmission determination unit 26 compares the size of the target communication packet and the MTU value. The MTU value is registered in the parameter table shown in FIG. 10(c). Then, when the size of the target communication packet is less than or equal to the MTU value, the process of the retransmission determination unit 26 proceeds to S20. That is, when the transmission interval of the target communication packet is longer than the timeout time and the size of the target communication packet is lower than or equal to the MTU value, the retransmission determination unit 26 generates a retransmission packet notification in S20.

When the transmission interval of the target communication packet is shorter than the timeout time, the retransmission determination unit 26 compares the transmission interval of the target communication packet with a predetermined continuous transmission interval in S18. Note that when a plurality of retransmission packets are transmitted in the retransmission procedure of the virtual information processing system 1, the retransmission packets are transmitted at intervals equal to or less than a predetermined continuous transmission interval. Therefore, if the transmission interval of the target communication packet is equal to or less than the continuous transmission interval, the process of the retransmission determination unit 26 proceeds to S19. That is, when the transmission interval of the target communication packet is equal to or less than the continuous transmission interval and the size of the target communication packet is equal to or less than the MTU value, the retransmission determination unit 26 generates a retransmission packet notification in S20.

On the other hand, when the transmission interval of the target communication packet is shorter than the time-over time and longer than the continuous transmission interval (S17 and S18: No), the process of the retransmission determination unit 26 proceeds to S21. Also, when the size of the target communication packet is larger than the MTU value (S19: No), the process of the retransmission determination unit 26 proceeds to S21. In S21, the retransmission determination unit 26 generates a normal packet notification. The normal packet notification indicates that the target communication packet is a normal packet.

In this manner, the retransmission determination unit 26 determines whether the target packet is a normal packet or a retransmission packet based on the transmission interval and packet size of the target communication packet. Then, the retransmission determination unit 26 generates a normal packet notification or a retransmission packet notification according to the determination result.

FIG. 13 is a flowchart illustrating an example of processing by the transfer control unit 27. The transfer control section 27 activates the transfer section 24a or the transfer section 24b according to the determination result of the retransmission determination section 26.

In S31 and S32, the transfer control unit 27 receives a notification representing the determination result of the retransmission determination unit 26. That is, the transfer control unit 27 receives the retransmission packet notification generated in S20 or the normal packet notification generated in S21.

When receiving the normal packet notification, the transfer control unit 27 in S33 gives a transmission instruction to the transfer unit corresponding to the NIC whose segment offload function is set to the ON state. In this embodiment, the segment offload function of the NIC 25a is set to the on state. Therefore, when receiving a normal packet notification, the transfer control section 27 gives a transmission instruction to the transfer section 24a. Note that the transmission instruction includes the address where the target communication packet (here, the normal packet) is stored.

When receiving the retransmission packet notification, in S34, the transfer control unit 27 gives a transmission instruction to the transfer unit corresponding to the NIC whose segment offload function is set to the off state. In this embodiment, the segment offload function of the NIC 25b is set to an off state. Therefore, when receiving the retransmission packet notification, the transfer control section 27 gives a transmission instruction to the transfer section 24b. Note that the transmission instruction includes the address where the target communication packet (here, the retransmission packet) is stored.

FIG. 14 is a flowchart illustrating an example of processing by the transfer unit 24. Note that in the explanation of the flowchart shown in FIG. 14, the transfer unit 24 is a general term for the transfer unit 24a or the transfer unit 24b.

In S41, the transfer unit 24 receives a transmission instruction from the transfer control unit 27. In S42, the transfer unit 24 obtains a communication packet from the packet buffer 23 according to the transmission instruction. The transmission instruction includes the address where the communication packet is stored, as described above. In S43, the transfer unit 24 outputs the communication packet obtained in S42 as a stream to the NIC. That is, the communication packet read from the packet buffer 23 is output as is via the NIC.

Here, the flowcharts shown in FIGS. 12 to 14 will be explained with reference to the two cases shown in FIG. In the following description, the SYN packet transmitted from the virtual server 11a at time T1 arrives at the virtual server 11b and also at the relay device 2A. As a result, the TCP sequence number and transmission time information of the SYN packet are recorded in the session management table. Further, at time T2, a normal packet is transmitted from the virtual server 11a. Here, it is assumed that the size of this normal packet is larger than the MTU value.

In the case shown in FIG. 8A, a loss occurs in the normal packet transmitted from the virtual server 11a between the virtual switch 12 and the virtual server 11b. In this case, this normal packet does not arrive at the virtual server 11b, but arrives at the relay device 2A. Then, the following process is executed in the relay device 2A.

The TCP sequence number of a regular packet is different from the TCP sequence number of the immediately previous received packet (ie, SYN packet). Therefore, the determination result in S14 is "No". Further, the normal packet transmission interval (that is, the difference between time T1 and time T2) is shorter than the timeout time and longer than the continuous transmission interval. Therefore, the determination results in S17 and S18 are "No", respectively. As a result, a normal packet notification is generated in S21, and a transmission instruction is given to the transfer unit 24a in S33. This normal packet is then transmitted to the system analysis device 3A via the NIC 25a.

When the timeout period elapses from time T2, a retransmission packet P1 is transmitted from the virtual server 11a. Here, it is assumed that the TCP sequence number of the retransmission packet P1 is the same as the TCP sequence number of the normal packet transmitted at time T2. In this case, the following process is executed in the relay device 2A.

The TCP sequence number of the retransmitted packet P1 is the same as the TCP sequence number of the immediately previous received packet (ie, the normal packet transmitted at time T2). Therefore, the determination result in S14 is "Yes", and a retransmission packet notification is generated in S20. Then, in S34, a transmission instruction is given to the transfer unit 24b, so the retransmission packet P1 is transmitted to the system analysis device 3A via the NIC 25b.

When the continuous transmission interval ΔT has elapsed since the retransmission packet P1 was transmitted, the retransmission packet P2 is transmitted from the virtual server 11a. Here, the TCP sequence number of retransmission packet P2 is different from the TCP sequence number of retransmission packet P1. In this case, the following process is executed in the relay device 2A.

The TCP sequence number of retransmission packet P2 is different from the TCP sequence number of the immediately previous received packet (ie, retransmission packet P1). Therefore, the determination result in S14 is "No". However, the transmission interval of retransmission packet P1 (that is, the time from when retransmission packet P1 is transmitted to when retransmission packet P2 is transmitted) is the continuous transmission interval ΔT. Therefore, the determination result in S18 is "Yes". Furthermore, since the size of retransmission packet P2 is smaller than the MTU value, the determination result in S19 is also "Yes". As a result, a retransmission packet notification is generated in S20, and a transmission instruction is given to the transfer unit 24b in S34. Therefore, the retransmission packet P2 is also transmitted to the system analysis device 3A via the NIC 25b. Note that each retransmission packet transmitted thereafter is processed in the same manner as retransmission packet P2.

In the case shown in FIG. 8B, a loss occurs between the virtual server 11a and the virtual switch 12 in the normal packet transmitted from the virtual server 11a. In this case, this normal packet not only does not arrive at the virtual server 11b, but also does not arrive at the relay device 2A. Therefore, the TCP sequence number and transmission time information of the SYN packet transmitted at time T1 are registered in the session management table. Then, the following process is executed in the relay device 2A.

When the timeout period elapses from time T2, the retransmission packet P1 is transmitted from the virtual server 11a, similar to the case shown in FIG. 8(a). The TCP sequence number of the retransmission packet P1 is different from the TCP sequence number of the immediately previous received packet (in the case shown in FIG. 8B, the SYN packet transmitted at time T1). Therefore, the determination result in S14 is "No", and the processes in S15 to S21 are executed.

The transmission interval of the retransmission packet P1 is the time from when the SYN packet is transmitted to when the retransmission packet P1 is transmitted. That is, the transmission interval of the retransmission packet P1 is "timeout time+continuous transmission interval ΔT". Therefore, the determination result in S17 is "Yes". Furthermore, since the size of each retransmitted packet is less than or equal to the MTU value, the determination result in S19 is also "Yes". Therefore, a retransmission packet notification is generated in S20, and a transmission instruction is given to the transfer unit 24b in S34, so that the retransmission packet P1 is transmitted to the system analysis device 3A via the NIC 25b. After this, the processing for retransmission packets P2 to Pn is the same in FIGS. 8(a) and 8(b).

In this way, the relay device 2A determines whether the communication packet transmitted within the virtual information processing system 1 is a normal packet or a retransmission packet. Specifically, it is determined whether the communication packet is a normal packet or a retransmission packet based on the TCP sequence number, transmission interval, and packet size of the communication packet. When the communication packet is a normal packet, the communication packet is transmitted from the relay device 2A to the system analysis device 3A via the NIC whose segment offload function is set to the ON state. Therefore, even if the size of a communication packet is larger than the MTU value, the communication packet will not be discarded at the NIC. Furthermore, when the communication packet is a retransmission packet, the communication packet is transmitted from the relay device 2A to the system analysis device 3A via a NIC whose segment offload function is set to an off state. Therefore, even if a plurality of retransmission packets are transmitted due to normal packet loss, the plurality of retransmission packets are not combined in the system analysis device 3A. Therefore, since the behavior of communication packets transmitted within the virtual information processing system 1 is accurately reproduced in the system analysis device 3A, the virtual information processing system 1 can be monitored with accuracy.

1 Virtual information processing system 2A Relay device 3A System analysis device 11 (11a, 11b) Virtual server 22 Packet receiving section 23 Packet buffer 24a, 24b Transfer section 25a, 25b NIC
26 Retransmission determination unit 27 Transfer control unit 31a, 31b NIC
32 Analysis section 41 Hard disk 42 Memory 43 CPU

Claims (6)

A packet processing method executed by a packet processing device that receives and processes communication packets transmitted within a virtual information processing system from the virtual information processing system, the method comprising:
The packet processing device includes:
receiving the communication packet from the virtual information processing system;
determining whether the communication packet is a retransmission packet transmitted within the virtual information processing system;
When the communication packet is not a retransmission packet transmitted within the virtual information processing system, the communication packet is transmitted through a first output unit in which a segment offload function that performs division processing of transmission data is set to an on state. Outputs
When the communication packet is a retransmission packet transmitted within the virtual information processing system, the communication packet is output through a second output unit in which the segment offload function is set to an off state. packet processing method. When the sequence number of the communication packet is the same as the sequence number of a packet transmitted immediately before the communication packet within the same session as the communication packet , the packet processing device 2. The packet processing method according to claim 1, further comprising: determining that the packet is a retransmitted packet transmitted at In the virtual information processing system, when an ACK packet corresponding to the period from the transmission time of the first packet to the elapse of a predetermined timeout period is not obtained, a predetermined ACK packet corresponding to the first packet is obtained. In the case where multiple retransmission packets smaller than the maximum transmission size are sent,
The difference between the transmission time of the communication packet and the transmission time of a packet transmitted immediately before the communication packet within the same session as the communication packet is greater than or equal to the timeout time, and the size of the communication packet is greater than or equal to the timeout time, and 2. The packet processing method according to claim 1, wherein when the size is less than or equal to the maximum transmission size , the packet processing device determines that the communication packet is a retransmission packet transmitted within the virtual information processing system. . In the virtual information processing system, in a case where the plurality of retransmission packets are sequentially transmitted at intervals equal to or less than a predetermined continuous transmission interval,
The difference between the transmission time of the communication packet and the transmission time of a packet transmitted immediately before the communication packet within the same session as the communication packet is less than or equal to the continuous transmission interval, and the size of the communication packet is Packet processing according to claim 3, characterized in that when the size is less than or equal to the maximum transmission size , the packet processing device determines that the communication packet is a retransmission packet transmitted within the virtual information processing system. Method. a packet receiving unit that receives communication packets transmitted within the virtual information processing system from the virtual information processing system;
a retransmission determination unit that determines whether the communication packet is a retransmission packet transmitted within the virtual information processing system;
a first output unit in which a segment offload function for performing division processing of transmission data is set to an on state;
a second output section in which the segment offload function is set to an off state;
When the communication packet is not a retransmission packet transmitted within the virtual information processing system, the first output unit outputs the communication packet, and the communication packet is a retransmission packet transmitted within the virtual information processing system. If so, a transfer control unit that causes the second output unit to output the communication packet;
A packet processing device comprising: receiving a communication packet transmitted within the virtual information processing system from the virtual information processing system;
determining whether the communication packet is a retransmission packet transmitted within the virtual information processing system;
When the communication packet is not a retransmission packet transmitted within the virtual information processing system, the communication packet is transmitted through a first output unit in which a segment offload function that performs division processing of transmission data is set to an on state. Outputs
When the communication packet is a retransmission packet transmitted within the virtual information processing system, the processor outputs the communication packet via a second output unit in which the segment offload function is set to an off state. A packet processing program that is executed by

Images