WO2011043416A1 - 情報システム、制御サーバ、仮想ネットワーク管理方法およびプログラム - Google Patents
情報システム、制御サーバ、仮想ネットワーク管理方法およびプログラム Download PDFInfo
- Publication number
- WO2011043416A1 WO2011043416A1 PCT/JP2010/067640 JP2010067640W WO2011043416A1 WO 2011043416 A1 WO2011043416 A1 WO 2011043416A1 JP 2010067640 W JP2010067640 W JP 2010067640W WO 2011043416 A1 WO2011043416 A1 WO 2011043416A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- virtual network
- node
- virtual
- packet
- information
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/085—Retrieval of network configuration; Tracking network configuration history
- H04L41/0853—Retrieval of network configuration; Tracking network configuration history by actively collecting configuration information or by backing up configuration information
- H04L41/0856—Retrieval of network configuration; Tracking network configuration history by actively collecting configuration information or by backing up configuration information by backing up or archiving configuration information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0806—Configuration setting for initial configuration or provisioning, e.g. plug-and-play
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0895—Configuration of virtualised networks or elements, e.g. virtualised network function or OpenFlow elements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/02—Topology update or discovery
- H04L45/036—Updating the topology between route computation elements, e.g. between OpenFlow controllers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/42—Centralised routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/38—Flow based routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/64—Routing or path finding of packets in data switching networks using an overlay routing layer
Definitions
- the present invention is based on the priority claim of Japanese patent application: Japanese Patent Application No. 2009-233895 (filed on Oct. 7, 2009), the entire contents of which are incorporated herein by reference. Shall.
- the present invention relates to an information system, a control server, a virtual network management method, and a program, and more particularly, to an information system, a control server, a virtual network management method, and a program that provide a virtual network.
- Patent Document 1 discloses a virtual network construction device that realizes end-to-end security for each service, security between services at a client, and scalability for a large-scale system.
- a client selects an available service from launcher software transmitted from the path control server after successful authentication
- a corresponding path construction request is transmitted to the path control server.
- the path control server issues a connection instruction with the base router to the client and also issues a connection instruction with the client to the base router 133.
- the intra-base VLAN between the client and the base router can be dynamically constructed.
- Patent Document 2 discloses a system for managing customers hierarchically.
- Patent Document 3 discloses a peer-to-peer network that can provide a new network topology.
- Non-patent document 1 proposes a technique called OpenFlow.
- OpenFlow captures communication as an end-to-end flow and performs path control, failure recovery, load balancing, and optimization on a per-flow basis.
- the OpenFlow switch functioning as a forwarding node operates according to a flow table added / updated by the OpenFlow controller according to the OpenFlow protocol.
- a packet matching rule for specifying a packet and a set of actions such as outputting to a specific port, discarding, and rewriting a header are registered as a flow entry.
- the OpenFlow switch processes the received packet according to the action described in the entry.
- the OpenFlow switch notifies the OpenFlow protocol of the reception of the packet.
- Patent Documents 1 to 3 and Non-Patent Document 1 are incorporated herein by reference.
- the following analysis has been made by the present invention.
- the techniques of Patent Documents 1-3 logically divide the network, but do not determine a policy for each flow and perform fine path control.
- a problem that the net amount of data that can be included in the packet is reduced.
- Non-Patent Document 1 proposes a configuration in which path control is performed by an open flow switch that operates based on a flow table that defines actions in units of flows. Specifically, these mechanisms are used. Thus, it only describes that network management and access control can be performed, and that an OpenFlow switch can be virtualized to build a virtual network.
- the present invention has been made in view of the above circumstances, and the object of the present invention is to configure a virtual network by virtualizing a physical network and realize fine path control in the virtual network. Is to provide.
- a plurality of physical nodes that hold control information that defines operations according to characteristics of input / output packets, process input / output packets according to the control information, and one or more physical nodes
- a first storage unit that stores configuration information of a virtual network including a virtual node configured by using the physical node, and a second storage unit that stores virtual network specifying information for specifying the virtual network from features of an input packet. Then, based on a request from the physical node, the physical node constituting the virtual network that handles the packet having the characteristics common to the packet received by the physical node is specified, and the control information of each physical node is updated.
- An information system comprising a control server is provided.
- the control information defining the operation according to the characteristics of the input / output packet is held, and connected to a plurality of physical nodes that process the input / output packet according to the control information.
- a first storage unit that stores configuration information of a virtual network including a virtual node configured using the physical node, and a second storage unit that stores virtual network specifying information for specifying the virtual network from the characteristics of an input packet.
- a physical node that configures a virtual network that handles a packet having characteristics in common with the packet received by the physical node is specified, and control information of each physical node is obtained.
- a control server characterized by comprising a control unit for updating.
- a plurality of physical nodes that hold control information that defines operations according to features of input / output packets and that process input / output packets according to the control information
- a connected control server There is provided a virtual network management method to be executed.
- the control server stores a first storage unit that stores configuration information of a virtual network including a virtual node configured by using one or more physical nodes, and the virtual network is calculated based on characteristics of an input packet.
- a step of updating the control information of each identified physical node This method is connected to a specific machine called a control server that is connected to a physical node and updates its control information.
- a plurality of physical nodes that hold control information that defines operations according to characteristics of input / output packets and that process input / output packets according to the control information, and connected control servers
- a first storage unit that stores configuration information of a virtual network including a virtual node configured by using the one or more physical nodes; and an input packet.
- a second storage unit that stores virtual network specifying information for specifying the virtual network from the characteristics of, and based on a request from the physical node, has a feature common to the packet received by the physical node
- Program for executing the processing and, to the computer is provided. This program can be recorded on a computer-readable storage medium. That is, the present invention can be embodied as a computer program product.
- the present invention it is possible to perform route control according to the characteristics of the packet on the configured virtual network. Further, after the control information is updated, it is not necessary to make an inquiry to the control server, and it is not necessary for each physical node to refer to the routing table or the like, so that the processing speed can be increased.
- FIG. 9 is a schematic diagram of a virtual network corresponding to the virtual network configuration information of FIG. 8. It is an example of the virtual network specific information which the control server of the 1st Embodiment of this invention hold
- FIG. 6 is a diagram illustrating a correspondence relationship between the configuration of FIG. 2 and the virtual network of FIG. 5.
- the present invention holds control information that defines operations according to the characteristics of input / output packets, and processes a plurality of physical nodes 10 that process input / output packets according to the control information. This can be realized by the control server 20 having a function of updating 10 control information.
- the control server 20 includes a first storage unit (virtual network configuration information storage unit) 202 that stores configuration information of a virtual network configured to include a virtual node obtained by virtualizing the physical node 10, and the characteristics of the input packet.
- a second storage unit (virtual network specifying information storage unit) 203 that stores virtual network specifying information for specifying a virtual network, and a feature common to a packet received by the physical node based on a request from the physical node 10
- a control unit 210 that identifies a physical node that configures a virtual network that handles the packet and updates the control information of each physical node 10.
- the physical node 10 can be realized by a switch or router equivalent to the OpenFlow switch of Non-Patent Document 1 that operates according to the flow table.
- the physical node 10 sends the packet to the control server 20 (Flow entry creation request; arrow line from the physical node 10 to the control unit 210 in FIG. 1).
- the control server 20 When receiving the flow entry creation request, the control server 20 refers to the second storage unit 203 and determines the virtual packet to which the packet should belong from the characteristics of the input packet (port number, physical node ID, header information). Identify the network. Next, the control server 20 refers to the first storage unit 202 and appropriately performs transfer processing within the virtual network for the received packet, specifies a physical node corresponding to the specified virtual network, and specifies the specified The control information of the physical node that has been updated is updated (arrow line from the control unit 210 to the physical node 10 in FIG. 1). In this way, subsequent packets are successively transferred by the physical nodes according to the control information updated for each virtual network.
- the control server 20 can be realized by adding on the functions related to the virtual network based on the OpenFlow controller of Non-Patent Document 1. Alternatively, it can be realized by a separate server that operates in cooperation with the OpenFlow controller of Non-Patent Document 1 and provides the functions related to the virtual network described above.
- FIG. 2 is a diagram showing the configuration of the first exemplary embodiment of the present invention. Referring to FIG. 2, a plurality of physical nodes 10, a control server 20, and an external node 30 are shown.
- the physical node 10 is configured by a switch or a router that is connected to each other and transfers packets transmitted and received between the external network and the external node 30. In the present embodiment, it is assumed that the physical node 10 is an OpenFlow switch.
- the control server 20 is a server that is connected to the physical node 10 via a secure channel and instructs the physical node 10 to update the control information.
- the control server 20 is assumed to be a server having a function as an OpenFlow controller that communicates with the physical node 10 using the OpenFlow protocol.
- the external node 30 is configured by a server that provides various services to user terminals accessed from an external network.
- the external node 30 will be described as being an HTTP (Hyper-Text Transfer Protocol) server.
- FIG. 3 is a diagram illustrating a detailed configuration of the physical node according to the first embodiment of this invention.
- the physical node 10 includes a server communication unit 11 that communicates with the control server 20, a flow table 12, and a control unit 13.
- the control unit 13 adds a new entry to the flow table 12, or searches the flow table 12 for an entry having a matching key that matches the received packet, and executes the corresponding action. Perform processing.
- FIG. 4 is a diagram showing a detailed configuration of the control server according to the first embodiment of this invention.
- the control server 20 includes a virtual node emulation unit 211, a virtual network control unit 212, a path control unit 213, an OpenFlow protocol processing unit 214, and a storage functioning as a storage unit that stores information to be described later.
- Equipment included in the control server 20.
- the control server 20 includes a virtual node object storage unit 201, a virtual network configuration information storage unit 202, a virtual network specific information storage unit 203, and a physical topology information storage unit 204 configured by the storage device.
- control server 20 constructs a virtual network including the layer 3 switch (L3SW), the firewall (FW), the load balancer (LB), and the layer 2 switch (L2SW) illustrated in FIG. It will be explained as a thing.
- L3SW layer 3 switch
- FW firewall
- LB load balancer
- L2SW layer 2 switch
- the virtual node emulation unit 211 executes processing as a virtual node using a virtual object having a class corresponding to the L3SW, FW, LB, and L2SW stored in the virtual node object storage unit 201.
- Each virtual object is specified by, for example, a virtual node table shown in FIG. 6 in which a virtual node ID on the virtual network is associated with an object ID.
- FIG. 7 shows an example of virtual router object setting information stored in the virtual node object storage unit 201.
- the basic operation is the same as that of a normal physical router device.
- the destination is determined by referring to the routing table, the MAC address is resolved by the ARP (Address Resolution Protocol) table, and the MAC address of the router with the Source MAC address is determined. Conversion to etc.
- the difference from the router device in the real network is that the virtual interface ID is stored in the routing table and the virtual interface ID is resolved as the destination.
- the virtual node emulation unit 211 when the virtual node emulation unit 211 receives a packet designating the virtual router as a virtual node ID from the virtual network control unit 212, the virtual node emulation unit 211 performs a process as a router on the virtual network, and the virtual interface ID, the destination MAC, etc. Output the converted packet.
- the setting of the virtual node as shown in FIG. 7 can be changed by a user who is authorized to use the virtual network.
- the correspondence relationship between a physical node and a virtual network which will be described later, is hidden from the user, so that the user can use the virtual node on the virtual network as if it were a physical node.
- the virtual network control unit 212 performs packet information exchange with the virtual node emulation unit 211 in accordance with the virtual network configuration information stored in the virtual network configuration information storage unit 202 and the virtual network specifying information storage unit 203 and the corresponding relationship information with the real network. Perform input / output. In addition, the virtual network control unit 212 temporarily stores the received packet in the packet cache 215, and creates the conversion contents of the packet header instructing the physical node that finally outputs the packet.
- FIG. 8 is an example of virtual network configuration information stored in the virtual network configuration information storage unit 202. This indicates that the virtual interface of the virtual node indicated in the KEY field is connected by the virtual interface of the virtual node in the Value field.
- the virtual node with ID # 1 is a virtual interface with virtual interface ID # 10 and is connected to the virtual node with ID # 2
- the virtual node with ID # 2 is a virtual interface with virtual interface ID # 30. It indicates that it is connected to an external node.
- FIG. 9 is a schematic diagram of a virtual network corresponding to the virtual network configuration information of FIG. Based on such virtual network configuration information, the virtual network control unit 212 can input a packet by designating a virtual node ID to the virtual node emulation unit 211 and obtain the result.
- FIG. 10 is an example of virtual network specifying information indicating the correspondence between the virtual network stored in the virtual network specifying information storage unit 203 and the packet characteristics.
- the virtual network, the virtual node ID, and the virtual interface to which the packet matches the condition indicated in the KEY field can be uniquely determined. Further, by reversely looking up the table as shown in FIG. 10, the physical switch ID, physical port ID, and vlan-tag on the real network to which a packet having a certain virtual network, virtual node ID, and virtual interface should be output are determined. It becomes possible to do.
- the conversion operation between the virtual network and the real network is referred to as “physical virtual conversion”. In the example of FIG.
- the source IP address (ip (src)), destination IP address (ip (dst)), source layer 4 port number (l4port (src)), destination layer 4 port number (l4port (dst)), etc. are shown. It is not necessary to use all these pieces of information, and other header information or packet information may be designated as necessary.
- a plurality of virtual networks can be constructed by preparing as many tables as shown in FIG. Then, by defining the packet characteristics for each user and the virtual network that the user has authority to use in the table as shown in FIG. 9, the virtual network is logically separated into a plurality of users. Can be provided.
- the virtual network control unit 212 When the virtual network control unit 212 inputs an input packet to the virtual node emulation unit 211 and obtains a processing result thereof, the virtual network control unit 212 gives the path control unit 213 the physical node that received the packet, its port number, and the virtual node emulation unit. The physical node after the physical / virtual conversion of the packet after network processing by 211 and its output port number are input.
- the path control unit 213 Based on the physical network topology information stored in the physical topology information storage unit 204, the path control unit 213 generates a transfer path for outputting the packet input to the physical node from the physical node after the physical virtual conversion. calculate. For this route calculation, for example, Dijkstra's shortest route algorithm can be used.
- the route control unit 213 stores the result of the route calculation as a cache in the shortest route information storage unit 205 for a predetermined period. In the next and subsequent route calculation, the route control unit 213 refers to the shortest route stored in the shortest route information storage unit 205 and can omit the route calculation process if the cache remains.
- the route control unit 213 stores the set of the flow and the shortest route information in the set flow transfer route information storage unit 206 as well. In the next and subsequent route calculation, the route control unit 213 can use the route information stored in the set flow transfer route information storage unit 206.
- the shortest path information storage unit 205 and the set flow transfer path information storage unit 206 can be omitted. Further, how much information is stored in the route information to each can be appropriately changed according to the use of the system and hardware specifications.
- the OpenFlow protocol processing unit 214 instructs each physical node 10 to update the flow table 12 according to the route information calculated by the route control unit 213 as described above.
- FIG. 11 is an example of a management switch table referred to by the OpenFlow protocol processing unit 214 when performing the above processing.
- FIG. 12 is an example of a flow entry.
- FIG. 13 is a diagram showing the correspondence between the virtual network of FIG. 5 and the actual network configuration shown in FIG. For example, if a packet is received from a port connected to the external network of the physical node 10 # 1 in FIG. 13, the physical node 10 # 1 will control the control server 20 if there is no entry matching the packet in the flow table 12. An inquiry is issued to the OpenFlow protocol processing unit 214. The OpenFlow protocol processing unit 214 adds the ID and port number of the physical node 10 # 1 to the inquiry and transfers them to the virtual network control unit 212.
- the virtual network control unit 212 refers to the virtual network configuration information storage unit 202 and the virtual network specific information storage unit 203, and performs physical-to-virtual conversion on the received packet, and is input to the virtual network shown in the upper part of FIG. Network processing is executed using the virtual node emulation unit 211 as appropriate. Then, the virtual network control unit 212 performs physical / virtual conversion again on the processing result from the virtual node emulation unit 211 and inputs the result to the path control unit 213.
- a result indicating that the output from the virtual node emulation unit 211 should be output from the port connected to the HTTP server 1 of the physical node 10 # 2 is obtained from the result of virtual physical conversion, and the path control unit 213 receives the physical node.
- the OpenFlow protocol processing unit 214 controls to output the packet from the physical port corresponding to the virtual interface with the physical node ID 10 # 2. At the same time, it instructs the physical node 10 # 1 and the physical node 10 # 2 to update the flow table on the path so that subsequent packets are processed in the same manner.
- the network processing equivalent to the upper virtual network in FIG. 13 is realized by the combination of the physical nodes 10 # 1 to 10 # 3 and the control server 20 shown in the lower part of FIG.
- One advantage of such a configuration is that even if the physical configuration of a physical node or HTTP server is changed, it can be handled by correcting the table used in the physical virtual conversion illustrated in FIG. It is to be. For example, when the replacement of the physical node 10 # 1 shown in the lower part of FIG. 13 is performed, the table used in the physical virtual conversion illustrated in FIG. 10 may be corrected, and the configuration of the virtual network visible to the user (FIG. 13). (Refer to the upper row).
- the physical node # 1 searches the flow table 12 for an entry having a matching key that matches the packet (step S001).
- the physical node # 1 issues a query to the control server 20 attached with the packet number (input port number) that received the previous packet and the packet, and requests generation / transmission of a flow entry (step S002; packet) Reception notification (Packet-In)).
- the OpenFlow protocol processing unit 214 of the control server 20 When receiving the packet reception notification (Packet-In), the OpenFlow protocol processing unit 214 of the control server 20 adds the physical node ID (input physical node) of the transmission source of the packet reception notification (Packet-In), and adds the virtual node.
- the data is transferred to the network control unit 212 (step S003).
- the physical node ID can be obtained from the management switch table shown in FIG. 11 or the security channel identifier (SecChan identifier) that received the packet.
- the virtual network control unit 212 stores the received packet in the packet cache 215, and the virtual network specifying information illustrated in FIG. 10 from the physical node ID (input physical node) of the packet transmission source, the input port number, and the header information. With reference to the packet, the virtual physical conversion is performed (step S004). Note that a configuration in which the packet cache 215 is omitted may be employed, and in this case, storage of received packets in the packet cache 215 is omitted.
- step S005 when the virtual network control unit 212 inputs the packet after virtual physical conversion to the virtual router, the virtual router refers to the routing table illustrated in FIG. The packet with the virtual interface ID resolved and the MAC address rewritten is transmitted (step S005).
- the virtual network control unit 212 reverses the virtual network identification information illustrated in FIG. 10 from the virtual interface ID of the transmitted packet, resolves the physical node ID and the physical port ID that output the packet, By comparing the received packet stored in the packet cache 215 with the header information of the transmitted packet, the content of header conversion instructed to the physical node is resolved (step S006).
- a method of receiving a corresponding packet from the route control unit 213 or the like may be adopted as appropriate.
- the virtual network control unit 212 requests setting of a flow entry including an input physical node, an input port number, header information, a physical node ID and a physical port ID that output the resolved packet, and header conversion contents. .
- the path control unit 213 that has received the flow entry setting request resolves the shortest path from the input physical node to the output physical node (step S007).
- the path control unit 213 instructs the physical node # 2 to transmit the received packet and output it from the designated port, and realizes the resolved shortest path to the OpenFlow protocol processing unit 214. Request to add a flow entry.
- the physical node # 2 outputs the received packet from the designated port according to the instruction from the route control unit 213 (step S008). Also, at this time, the OpenFlow protocol processing unit 214 acquires an IP DA (Internet Protocol Destination Address) from the header of the received packet to the physical node # 2, and sends an ARP request to a port other than the port to which the received packet is input. May be executed to acquire the corresponding MAC DA.
- IP DA Internet Protocol Destination Address
- the OpenFlow protocol processing unit 214 creates a flow entry for each physical node corresponding to the instructed shortest path, and transmits the flow entry to the physical nodes # 1 and # 2 (flow entry addition request). FlowMod (Add)). At this time, the OpenFlow protocol processing unit 214 also transmits a flow entry that defines an action for header conversion to the physical node # 2.
- the physical node # 1 and the physical node # 2 add a flow entry to the flow table 12 in accordance with the instruction from the OpenFlow protocol processing unit 214 (step S009).
- step S ⁇ b> 101 since the set flow entry is detected in the search of the flow table 12 (step S ⁇ b> 101), the physical node # 1 does not issue an inquiry or the like to the control server 20. Subsequent packets are successively transferred to the physical node # 2 (step S102).
- the physical node # 2 designates the packets received from the physical node # 1 one after another. Output from the port (step S104).
- the firewall (FW), the load balancer (LB), and the like on the virtual network illustrated in FIG. This can be achieved by specifying the behavior of the node.
- the virtual node emulation unit 211 when operated as a firewall in accordance with a firewall policy of filtering by referring to header information of a specific layer, an output packet from the previous virtual router is input and based on the result
- a function equivalent to a firewall on the virtual network is realized.
- the virtual network emulation unit 211 operates on the virtual network.
- a function equivalent to a load balancer is realized.
- the OpenFlow switch is used as the physical node and the communication with the control server is described as using the OpenFlow protocol.
- the embodiment is limited to the above example as long as it has an equivalent function. is not.
- the physical node can be realized by a router in an IP network and an MPLS switch in an MPLS (Multi-Protocol Label Switching) network.
- Control unit 10 10 # 1, 10 # 2, 10 # 3 Physical node 11 Server communication unit 12 Flow table 13 Control unit 20 Control server 30 External node 201 Virtual node object storage unit 202 First storage unit (virtual network configuration information storage unit ) 203 2nd memory
Abstract
Description
本発明は、日本国特許出願:特願2009-233895号(2009年10月 7日出願)の優先権主張に基づくものであり、同出願の全記載内容は引用をもって本書に組み込み記載されているものとする。
本発明は、情報システム、制御サーバ、仮想ネットワーク管理方法およびプログラムに関し、特に、仮想的なネットワークを提供する情報システム、制御サーバ、仮想ネットワーク管理方法およびプログラムに関する。
以下の分析は、本発明によってなされたものである。
特許文献1-3の技術は、ネットワークを論理的に分割するものであるが、フロー単位でポリシを決定し、きめ細かい経路制御を行うものではない。また、経路制御を行うために、ソースルーティング等の方法を用いることも考えられるが、この場合、パケットが含むことができる正味のデータ量が小さくなってしまうという問題点が生じてしまう。
続いて、本発明の第1の実施形態について図面を参照して詳細に説明する。図2は、本発明の第1の実施形態の構成を表した図である。図2を参照すると、複数の物理ノード10と、制御サーバ20と、外部ノード30とが示されている。
11 サーバ通信部
12 フローテーブル
13 制御部
20 制御サーバ
30 外部ノード
201 仮想ノードオブジェクト記憶部
202 第1の記憶部(仮想ネットワーク構成情報記憶部)
203 第2の記憶部(仮想ネットワーク特定情報記憶部)
204 物理トポロジ情報記憶部
205 最短経路情報記憶部
206 設定済みフロー転送経路情報記憶部
207 フローエントリ記憶部
208 管理スイッチ情報記憶部
210 制御部
211 仮想ノードエミュレーション部
212 仮想ネットワーク制御部
213 経路制御部
214 OpenFlowプロトコル処理部
215 パケットキャッシュ
Claims (16)
- 入出力パケットの特徴に応じた動作を定義した制御情報を保持し、当該制御情報に従って入出力パケットの処理を行う複数の物理ノードと、
前記物理ノードを一つ以上用いて構成した仮想ノードを含む仮想ネットワークの構成情報を記憶する第1の記憶部と、
入力パケットの特徴から前記仮想ネットワークを特定する仮想ネットワーク特定情報を記憶する第2の記憶部と、
前記物理ノードからの要求に基づいて、当該物理ノードが受信したパケットと共通する特徴を有するパケットを取り扱う仮想ネットワークを構成する物理ノードを特定して、前記各物理ノードの制御情報を更新する制御サーバと、を備えたこと、を特徴とする情報システム。 - さらに、前記仮想ネットワーク上の仮想ノードとして動作し、前記制御サーバからパケットの入力を受け付け、前記制御サーバにその処理結果を出力する仮想ノードエミュレーション部を備え、
前記制御サーバは、前記処理結果に基づいて、前記制御情報を更新する物理ノードを特定する請求項1の情報システム。 - 前記仮想ネットワークの利用権限を有するユーザに、該当する仮想ネットワークの前記仮想ノードエミュレーション部の動作設定の変更権限を付与する請求項2の情報システム。
- 前記制御サーバは、
前記仮想ノードエミュレーション部から出力された処理結果に基づいて、前記物理ノードから入力されたパケットを転送する経路情報を作成し、当該経路上にある物理ノードに、前記経路に従ったパケットの転送を行わせる制御情報を作成する請求項2または3の情報システム。 - 前記第1の記憶部の仮想ネットワークの構成情報は、前記仮想ネットワーク上で接続されたノード同士の接続関係を示したテーブルを含んで構成され、
前記第2の記憶部の仮想ネットワーク特定情報は、入出力物理ノード、該入出力物理ノードの入出力ポート情報およびヘッダ情報を含むパケットの特徴と、前記仮想ネットワークにおける仮想ノード及び仮想ノードのインタフェース(仮想インタフェース)との関係を示したテーブルを含んで構成されている請求項1から4いずれか一の情報システム。 - 前記仮想ノードエミュレーション部として、仮想的に動作するルータ、ブリッジ、ファイアウォール、ロードバランサのいずれか1つ以上を含む請求項2から5いずれか一の情報システム。
- 前記物理ノードは、前記制御情報としてフローテーブルを備えるスイッチであり、前記制御サーバは、前記スイッチのフローテーブルを更新する請求項1から6いずれか一の情報システム。
- 入出力パケットの特徴に応じた動作を定義した制御情報を保持し、当該制御情報に従って入出力パケットの処理を行う複数の物理ノードと接続され、
前記物理ノードを一つ以上用いて構成した仮想ノードを含む仮想ネットワークの構成情報を記憶する第1の記憶部と、
入力パケットの特徴から前記仮想ネットワークを特定する仮想ネットワーク特定情報を記憶する第2の記憶部と、
前記物理ノードからの要求に基づいて、当該物理ノードが受信したパケットと共通する特徴を有するパケットを取り扱う仮想ネットワークを構成する物理ノードを特定して、前記各物理ノードの制御情報を更新する制御部と、を備えたこと、を特徴とする制御サーバ。 - さらに、前記仮想ネットワーク上の仮想ノードとして動作し、前記制御サーバからパケットの入力を受け付け、前記制御サーバにその処理結果を出力する仮想ノードエミュレーション部を備え、
前記処理結果に基づいて、前記制御情報を更新する物理ノードを特定する請求項8の制御サーバ。 - 前記仮想ネットワークの利用権限を有するユーザに、該当する仮想ネットワークの前記仮想ノードエミュレーション部の動作設定の変更権限を付与する請求項9の制御サーバ。
- 前記仮想ノードエミュレーション部から出力された処理結果に基づいて、前記物理ノードから入力されたパケットを転送する経路情報を作成し、当該経路上にある物理ノードに、前記経路に従ったパケットの転送を行わせる制御情報を作成する請求項9または10の制御サーバ。
- 前記第1の記憶部の仮想ネットワークの構成情報は、前記仮想ネットワーク上で接続されたノード同士の接続関係を示したテーブルを含んで構成され、
前記第2の記憶部の仮想ネットワーク特定情報は、入出力物理ノード、該入出力物理ノードの入出力ポート情報およびヘッダ情報を含むパケットの特徴と、前記仮想ネットワークにおける仮想ノード及び仮想ノードのインタフェース(仮想インタフェース)との関係を示したテーブルを含んで構成されている請求項8から11いずれか一の制御サーバ。 - 前記仮想ノードエミュレーション部として、仮想的に動作するルータ、ブリッジ、ファイアウォール、ロードバランサのいずれか1つ以上を含む請求項9から12いずれか一の制御サーバ。
- 前記物理ノードは、前記制御情報としてフローテーブルを備えるスイッチであり、前記スイッチのフローテーブルを更新する請求項8から13いずれか一の制御サーバ。
- 入出力パケットの特徴に応じた動作を定義した制御情報を保持し当該制御情報に従って入出力パケットの処理を行う複数の物理ノードと、接続された制御サーバに実行させる仮想ネットワーク管理方法であって、
前記制御サーバが、前記物理ノードを一つ以上用いて構成した仮想ノードを含む仮想ネットワークの構成情報を記憶する第1の記憶部と、入力パケットの特徴から前記仮想ネットワークを特定する仮想ネットワーク特定情報を記憶する第2の記憶部と、を参照し、前記物理ノードからの要求に基づいて、当該物理ノードが受信したパケットと共通する特徴を有するパケットを取り扱う仮想ネットワークを構成する物理ノードを特定するステップと、
前記特定した各物理ノードの制御情報を更新するステップと、を含む仮想ネットワーク管理方法。 - 入出力パケットの特徴に応じた動作を定義した制御情報を保持し当該制御情報に従って入出力パケットの処理を行う複数の物理ノードと、接続された制御サーバを構成するコンピュータに実行させるプログラムであって、
前記物理ノードを一つ以上用いて構成した仮想ノードを含む仮想ネットワークの構成情報を記憶する第1の記憶部と、入力パケットの特徴から前記仮想ネットワークを特定する仮想ネットワーク特定情報を記憶する第2の記憶部と、を参照し、前記物理ノードからの要求に基づいて、当該物理ノードが受信したパケットと共通する特徴を有するパケットを取り扱う仮想ネットワークを構成する物理ノードを特定する処理と、
前記特定した各物理ノードの制御情報を更新する処理と、を前記コンピュータに実行させるプログラム。
Priority Applications (7)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201080045081.7A CN102577271B (zh) | 2009-10-07 | 2010-10-07 | 信息系统、控制服务器、虚拟网络管理方法以及程序 |
JP2011535449A JP5494668B2 (ja) | 2009-10-07 | 2010-10-07 | 情報システム、制御サーバ、仮想ネットワーク管理方法およびプログラム |
EP10822086.4A EP2487843B1 (en) | 2009-10-07 | 2010-10-07 | Information system, control server, virtual network management method, and program |
US13/500,564 US9148342B2 (en) | 2009-10-07 | 2010-10-07 | Information system, control server, virtual network management method, and program |
EP20170730.4A EP3720062A1 (en) | 2009-10-07 | 2010-10-07 | Information system, control server, virtual network management method, and program |
US14/825,406 US9794124B2 (en) | 2009-10-07 | 2015-08-13 | Information system, control server, virtual network management method, and program |
US15/699,466 US11381455B2 (en) | 2009-10-07 | 2017-09-08 | Information system, control server, virtual network management method, and program |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2009233895 | 2009-10-07 | ||
JP2009-233895 | 2009-10-07 |
Related Child Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/500,564 A-371-Of-International US9148342B2 (en) | 2009-10-07 | 2010-10-07 | Information system, control server, virtual network management method, and program |
US14/825,406 Continuation US9794124B2 (en) | 2009-10-07 | 2015-08-13 | Information system, control server, virtual network management method, and program |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2011043416A1 true WO2011043416A1 (ja) | 2011-04-14 |
Family
ID=43856866
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2010/067640 WO2011043416A1 (ja) | 2009-10-07 | 2010-10-07 | 情報システム、制御サーバ、仮想ネットワーク管理方法およびプログラム |
Country Status (5)
Country | Link |
---|---|
US (3) | US9148342B2 (ja) |
EP (2) | EP2487843B1 (ja) |
JP (2) | JP5494668B2 (ja) |
CN (2) | CN102577271B (ja) |
WO (1) | WO2011043416A1 (ja) |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103166866A (zh) * | 2011-12-12 | 2013-06-19 | 华为技术有限公司 | 生成表项的方法、接收报文的方法及相应装置和系统 |
WO2013128514A1 (en) * | 2012-03-02 | 2013-09-06 | Nec Corporation | Communication system, control apparatus, control method and program |
US20130329578A1 (en) * | 2012-06-11 | 2013-12-12 | Microsoft Corporation | Large-scale passive network monitoring using multiple tiers of ordinary network switches |
CN104272676A (zh) * | 2012-05-01 | 2015-01-07 | 日本电气株式会社 | 通信系统、访问控制装置、交换机、网络控制方法及程序 |
WO2015019530A1 (en) * | 2013-08-07 | 2015-02-12 | International Business Machines Corporation | Switch clusters having layer-3 distributed router functionality |
JP2015050717A (ja) * | 2013-09-03 | 2015-03-16 | ビッグローブ株式会社 | コントローラ、コンピュータシステム、ネットワーク構成変更方法、及びネットワーク構成変更プログラム |
JP2016504854A (ja) * | 2012-12-13 | 2016-02-12 | ゼットティーイー (ユーエスエー) インコーポレイテッド | レイヤー3(ネットワーク)のエンティティの仮想化のための方法およびシステム |
JP5904285B2 (ja) * | 2012-11-22 | 2016-04-13 | 日本電気株式会社 | 通信システム、仮想ネットワーク管理装置、通信ノード、通信方法及びプログラム |
JP2018050306A (ja) * | 2011-08-17 | 2018-03-29 | ニシラ, インコーポレイテッド | 分散論理l3ルーティング |
CN114301656A (zh) * | 2021-12-23 | 2022-04-08 | 北京赛宁网安科技有限公司 | 一种网络攻防平台虚实结合系统与方法 |
JP7470320B2 (ja) | 2020-01-08 | 2024-04-18 | 国立大学法人 名古屋工業大学 | ネットワーク管理装置 |
Families Citing this family (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2011043416A1 (ja) * | 2009-10-07 | 2011-04-14 | 日本電気株式会社 | 情報システム、制御サーバ、仮想ネットワーク管理方法およびプログラム |
US9444743B2 (en) | 2011-04-04 | 2016-09-13 | Nec Corporation | Network system, switch and connected terminal detection method |
CN102739549B (zh) * | 2012-07-13 | 2015-10-21 | 华为技术有限公司 | 接收报文的方法、发送报文的方法及装置 |
US9019967B2 (en) * | 2012-07-30 | 2015-04-28 | Dell Products L.P. | VLAN advertisement and automated configuration |
KR20150038245A (ko) | 2012-09-13 | 2015-04-08 | 닛본 덴끼 가부시끼가이샤 | 정보 처리 장치, 구성 방법, 통신 시스템, 및 프로그램 |
JP6299754B2 (ja) * | 2012-09-13 | 2018-03-28 | 日本電気株式会社 | 制御装置、制御方法、通信システム及びプログラム |
US9491801B2 (en) * | 2012-09-25 | 2016-11-08 | Parallel Wireless, Inc. | Dynamic multi-access wireless network virtualization |
CN103891237B (zh) * | 2012-09-29 | 2017-12-05 | 华为技术有限公司 | 一种网络存储的方法、交换设备和控制器 |
FI20126105L (fi) * | 2012-10-25 | 2014-04-26 | Tellabs Oy | Menetelmä ja ohjauslaite ohjelmallisesti määriteltävän verkon konfiguroimiseksi |
US9929919B2 (en) * | 2012-10-30 | 2018-03-27 | Futurewei Technologies, Inc. | System and method for virtual network abstraction and switching |
CN104871500A (zh) * | 2012-12-19 | 2015-08-26 | 日本电气株式会社 | 通信节点、控制装置、通信系统、分组处理方法、通信节点控制方法及程序 |
FI20135058L (fi) * | 2013-01-21 | 2014-07-22 | Tellabs Oy | Menetelmä ja ohjausjärjestelmä ohjelmallisesti määriteltävän verkon kontrolloimiseksi |
US9172604B1 (en) | 2013-02-25 | 2015-10-27 | Google Inc. | Target mapping and implementation of abstract device model |
WO2014201085A1 (en) * | 2013-06-14 | 2014-12-18 | Zte (Usa) Inc. | Method and system for virtualized network entity (vne) based network operations support systems (noss) |
ES2663017T3 (es) * | 2013-11-07 | 2018-04-10 | Huawei Technologies Co., Ltd. | Dispositivo de control y método de control en red definida por software (SDN) |
JPWO2016013200A1 (ja) * | 2014-07-22 | 2017-04-27 | 日本電気株式会社 | 情報処理システム及びネットワークリソース管理方法 |
CN105763356A (zh) * | 2014-12-19 | 2016-07-13 | 中兴通讯股份有限公司 | 一种资源虚拟化处理的方法、装置及控制器 |
JP6712545B2 (ja) * | 2016-12-19 | 2020-06-24 | 日立オートモティブシステムズ株式会社 | 電子制御装置、電子制御システム、及び電子制御方法 |
CN108462594B (zh) * | 2017-02-21 | 2022-03-04 | 阿里巴巴集团控股有限公司 | 虚拟专有网络及规则表生成方法、装置及路由方法 |
CN109495309A (zh) * | 2018-11-27 | 2019-03-19 | 广东电网有限责任公司信息中心 | 云平台虚拟网络状态的智能检测方法和装置 |
CN111200550B (zh) * | 2020-01-07 | 2021-11-26 | 中国烟草总公司郑州烟草研究院 | 一种虚拟网络映射方法及装置 |
US11451960B2 (en) * | 2020-02-04 | 2022-09-20 | Blackberry Limited | Methods and systems for segmenting computing devices in a network |
JP2021182689A (ja) * | 2020-05-19 | 2021-11-25 | 富士通株式会社 | スイッチ特定方法、及びスイッチ特定プログラム |
CN113162677B (zh) * | 2021-03-31 | 2023-04-07 | 网络通信与安全紫金山实验室 | 一种实物设备与虚拟网络仿真平台的通信方法及装置 |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001237876A (ja) * | 2000-02-21 | 2001-08-31 | Nec Corp | Ip仮想プライベート網の構築方法及びip仮想プライベート網 |
JP2003304278A (ja) * | 2002-04-08 | 2003-10-24 | Hitachi Ltd | フロー検出装置およびフロー検出機能を備えたパケット転送装置 |
JP2005051648A (ja) * | 2003-07-31 | 2005-02-24 | Nippon Telegr & Teleph Corp <Ntt> | Vpn用テーブル検索装置 |
JP2006086889A (ja) * | 2004-09-16 | 2006-03-30 | Fujitsu Ltd | L2−vpnサービスを提供するプロバイダ網、及びエッジルータ |
JP2007525728A (ja) | 2003-04-25 | 2007-09-06 | アイポリシー ネットワークス, インコーポレイテッド | 階層的サービス管理システム |
JP2008306725A (ja) | 2007-06-06 | 2008-12-18 | Avaya Technology Llc | 仮想プライベート・ネットワーク上のピア・ツー・ピア・ネットワーク |
JP2009135805A (ja) | 2007-11-30 | 2009-06-18 | Fujitsu Ltd | 仮想網構築プログラム、仮想網構築装置、および仮想網構築方法 |
Family Cites Families (27)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7133407B2 (en) * | 2000-01-25 | 2006-11-07 | Fujitsu Limited | Data communications system |
EP1133108A1 (en) * | 2000-03-07 | 2001-09-12 | Sony International (Europe) GmbH | Interface link layer device for long delay connections |
EP1164754B1 (en) * | 2000-06-15 | 2006-05-17 | Telefonaktiebolaget LM Ericsson (publ) | Methods and arrangements in a telecommunications system |
JP2002077266A (ja) | 2000-09-05 | 2002-03-15 | Nec Commun Syst Ltd | 論理ルータ及びそのルーチング情報設定方法 |
JP2002252631A (ja) | 2001-02-26 | 2002-09-06 | Nippon Telegr & Teleph Corp <Ntt> | Vpn情報提供システム及びその方法 |
JP2002325090A (ja) | 2001-04-26 | 2002-11-08 | Nec Corp | 仮想ルータ |
JP2003023444A (ja) | 2001-07-06 | 2003-01-24 | Fujitsu Ltd | 仮想ルータを利用した動的な負荷分散システム |
US7801155B2 (en) * | 2002-03-01 | 2010-09-21 | Verizon Business Global Llc | Resource allocation in virtual routers |
US7197553B2 (en) * | 2002-04-19 | 2007-03-27 | Nortel Networks Limited | Network system having a virtual-service-module |
JP3904968B2 (ja) | 2002-04-19 | 2007-04-11 | 日本電信電話株式会社 | Vpnシステムおよびルータ |
US7339929B2 (en) * | 2002-08-23 | 2008-03-04 | Corrigent Systems Ltd. | Virtual private LAN service using a multicast protocol |
US8656050B2 (en) * | 2002-09-24 | 2014-02-18 | Alcatel Lucent | Methods and systems for efficiently configuring IP-based, virtual private networks |
CN100459534C (zh) * | 2002-10-07 | 2009-02-04 | 日本电信电话株式会社 | 分层网络节点及通过该节点构成的网络、节点和分层网络 |
US7428222B1 (en) * | 2003-02-28 | 2008-09-23 | Entropic Communications Inc. | Method of bus configuration to enable device bridging over dissimilar buses |
US20040210623A1 (en) | 2003-03-06 | 2004-10-21 | Aamer Hydrie | Virtual network topology generation |
JP4244872B2 (ja) * | 2004-07-09 | 2009-03-25 | ソニー株式会社 | 情報処理装置および方法、並びにプログラム |
US20060041580A1 (en) * | 2004-07-09 | 2006-02-23 | Intransa, Inc. | Method and system for managing distributed storage |
US7733802B2 (en) * | 2005-09-15 | 2010-06-08 | Tp Lab, Inc. | Method to dynamically create a virtual network |
WO2009042919A2 (en) * | 2007-09-26 | 2009-04-02 | Nicira Networks | Network operating system for managing and securing networks |
GB2458154B (en) * | 2008-03-07 | 2012-06-27 | Hewlett Packard Development Co | Routing across a virtual network |
US7865586B2 (en) * | 2008-03-31 | 2011-01-04 | Amazon Technologies, Inc. | Configuring communications between computing nodes |
US8201168B2 (en) * | 2008-12-25 | 2012-06-12 | Voltaire Ltd. | Virtual input-output connections for machine virtualization |
EP2415221B1 (en) * | 2009-04-01 | 2014-05-07 | Nicira, Inc. | Method and apparatus for implementing and managing virtual switches |
US9003411B2 (en) * | 2009-05-13 | 2015-04-07 | Verizon Patent And Licensing Inc. | Automated provisioning and configuration of virtual and physical servers |
US8644188B1 (en) * | 2009-06-25 | 2014-02-04 | Amazon Technologies, Inc. | Providing virtual networking functionality for managed computer networks |
WO2011043416A1 (ja) * | 2009-10-07 | 2011-04-14 | 日本電気株式会社 | 情報システム、制御サーバ、仮想ネットワーク管理方法およびプログラム |
FR2953352A1 (fr) * | 2009-11-27 | 2011-06-03 | France Telecom | Procede de controle d'un etat de charge d'un lien physique entre deux noeuds de reseau physiques portant une pluralite de liens virtuels |
-
2010
- 2010-10-07 WO PCT/JP2010/067640 patent/WO2011043416A1/ja active Application Filing
- 2010-10-07 JP JP2011535449A patent/JP5494668B2/ja active Active
- 2010-10-07 EP EP10822086.4A patent/EP2487843B1/en active Active
- 2010-10-07 EP EP20170730.4A patent/EP3720062A1/en not_active Withdrawn
- 2010-10-07 CN CN201080045081.7A patent/CN102577271B/zh active Active
- 2010-10-07 CN CN201510003809.4A patent/CN104683146B/zh active Active
- 2010-10-07 US US13/500,564 patent/US9148342B2/en active Active
-
2014
- 2014-03-05 JP JP2014043134A patent/JP2014131347A/ja active Pending
-
2015
- 2015-08-13 US US14/825,406 patent/US9794124B2/en active Active
-
2017
- 2017-09-08 US US15/699,466 patent/US11381455B2/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001237876A (ja) * | 2000-02-21 | 2001-08-31 | Nec Corp | Ip仮想プライベート網の構築方法及びip仮想プライベート網 |
JP2003304278A (ja) * | 2002-04-08 | 2003-10-24 | Hitachi Ltd | フロー検出装置およびフロー検出機能を備えたパケット転送装置 |
JP2007525728A (ja) | 2003-04-25 | 2007-09-06 | アイポリシー ネットワークス, インコーポレイテッド | 階層的サービス管理システム |
JP2005051648A (ja) * | 2003-07-31 | 2005-02-24 | Nippon Telegr & Teleph Corp <Ntt> | Vpn用テーブル検索装置 |
JP2006086889A (ja) * | 2004-09-16 | 2006-03-30 | Fujitsu Ltd | L2−vpnサービスを提供するプロバイダ網、及びエッジルータ |
JP2008306725A (ja) | 2007-06-06 | 2008-12-18 | Avaya Technology Llc | 仮想プライベート・ネットワーク上のピア・ツー・ピア・ネットワーク |
JP2009135805A (ja) | 2007-11-30 | 2009-06-18 | Fujitsu Ltd | 仮想網構築プログラム、仮想網構築装置、および仮想網構築方法 |
Non-Patent Citations (2)
Title |
---|
MCKEOWN, NICK ET AL., OPENFLOW: ENABLING INNOVATION IN CAMPUS NETWORKS, 17 July 2009 (2009-07-17), Retrieved from the Internet <URL:http://www.openflowswitch.org//documents/openflow-wp-latest.pdf>> |
See also references of EP2487843A4 |
Cited By (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2018050306A (ja) * | 2011-08-17 | 2018-03-29 | ニシラ, インコーポレイテッド | 分散論理l3ルーティング |
US11695695B2 (en) | 2011-08-17 | 2023-07-04 | Nicira, Inc. | Logical L3 daemon |
US10868761B2 (en) | 2011-08-17 | 2020-12-15 | Nicira, Inc. | Logical L3 daemon |
CN103166866B (zh) * | 2011-12-12 | 2016-08-03 | 华为技术有限公司 | 生成表项的方法、接收报文的方法及相应装置和系统 |
CN103166866A (zh) * | 2011-12-12 | 2013-06-19 | 华为技术有限公司 | 生成表项的方法、接收报文的方法及相应装置和系统 |
WO2013128514A1 (en) * | 2012-03-02 | 2013-09-06 | Nec Corporation | Communication system, control apparatus, control method and program |
CN104272676A (zh) * | 2012-05-01 | 2015-01-07 | 日本电气株式会社 | 通信系统、访问控制装置、交换机、网络控制方法及程序 |
US10244537B2 (en) | 2012-05-01 | 2019-03-26 | Nec Corporation | Communication system, access control apparatus, switch, network control method, and program |
US9363152B2 (en) * | 2012-06-11 | 2016-06-07 | Microsoft Technology Licensing, Llc | Large-scale passive network monitoring using multiple tiers of ordinary network switches |
US20130329578A1 (en) * | 2012-06-11 | 2013-12-12 | Microsoft Corporation | Large-scale passive network monitoring using multiple tiers of ordinary network switches |
US10091073B2 (en) | 2012-06-11 | 2018-10-02 | Microsoft Technology Licensing, Llc | Large-scale passive network monitoring using multiple tiers of ordinary network switches |
JP5904285B2 (ja) * | 2012-11-22 | 2016-04-13 | 日本電気株式会社 | 通信システム、仮想ネットワーク管理装置、通信ノード、通信方法及びプログラム |
JP2016504854A (ja) * | 2012-12-13 | 2016-02-12 | ゼットティーイー (ユーエスエー) インコーポレイテッド | レイヤー3(ネットワーク)のエンティティの仮想化のための方法およびシステム |
KR101789894B1 (ko) * | 2012-12-13 | 2017-10-25 | 제트티이 (유에스에이) 잉크. | 레이어-3(네트워크) 엔티티를 가상화하는 방법 및 시스템 |
US9426060B2 (en) | 2013-08-07 | 2016-08-23 | International Business Machines Corporation | Software defined network (SDN) switch clusters having layer-3 distributed router functionality |
US10182005B2 (en) | 2013-08-07 | 2019-01-15 | International Business Machines Corporation | Software defined network (SDN) switch clusters having layer-3 distributed router functionality |
WO2015019530A1 (en) * | 2013-08-07 | 2015-02-12 | International Business Machines Corporation | Switch clusters having layer-3 distributed router functionality |
JP2015050717A (ja) * | 2013-09-03 | 2015-03-16 | ビッグローブ株式会社 | コントローラ、コンピュータシステム、ネットワーク構成変更方法、及びネットワーク構成変更プログラム |
JP7470320B2 (ja) | 2020-01-08 | 2024-04-18 | 国立大学法人 名古屋工業大学 | ネットワーク管理装置 |
CN114301656A (zh) * | 2021-12-23 | 2022-04-08 | 北京赛宁网安科技有限公司 | 一种网络攻防平台虚实结合系统与方法 |
CN114301656B (zh) * | 2021-12-23 | 2023-10-27 | 北京赛宁网安科技有限公司 | 一种网络攻防平台虚实结合系统与方法 |
Also Published As
Publication number | Publication date |
---|---|
JPWO2011043416A1 (ja) | 2013-03-04 |
US20120195318A1 (en) | 2012-08-02 |
EP2487843B1 (en) | 2020-04-22 |
CN104683146B (zh) | 2019-05-07 |
EP3720062A1 (en) | 2020-10-07 |
EP2487843A1 (en) | 2012-08-15 |
US20180013626A1 (en) | 2018-01-11 |
US9794124B2 (en) | 2017-10-17 |
EP2487843A4 (en) | 2013-04-03 |
JP2014131347A (ja) | 2014-07-10 |
US9148342B2 (en) | 2015-09-29 |
CN104683146A (zh) | 2015-06-03 |
CN102577271B (zh) | 2016-04-13 |
JP5494668B2 (ja) | 2014-05-21 |
CN102577271A (zh) | 2012-07-11 |
US11381455B2 (en) | 2022-07-05 |
US20150350026A1 (en) | 2015-12-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP5494668B2 (ja) | 情報システム、制御サーバ、仮想ネットワーク管理方法およびプログラム | |
JP5994851B2 (ja) | 転送装置の制御装置、転送装置の制御方法、通信システムおよびプログラム | |
JP5850068B2 (ja) | 制御装置、通信システム、通信方法およびプログラム | |
JP5626214B2 (ja) | 通信システム、ノード、制御サーバ、通信方法およびプログラム | |
JP5900353B2 (ja) | 通信システム、制御装置、通信ノードおよび通信方法 | |
JP5994846B2 (ja) | 通信システム、制御装置、ノード、ノードの制御方法およびプログラム | |
WO2011118585A1 (ja) | 情報システム、制御装置、仮想ネットワークの管理方法およびプログラム | |
WO2014077306A1 (ja) | 制御装置、通信システム、制御情報の作成方法及びプログラム | |
WO2011118586A1 (ja) | 通信システム、制御装置、転送ノード、処理規則の更新方法およびプログラム | |
JP6440191B2 (ja) | スイッチ装置、vlan設定管理方法及びプログラム | |
JP5747997B2 (ja) | 制御装置、通信システム、仮想ネットワークの管理方法およびプログラム | |
JP5991427B2 (ja) | 制御装置、通信システム、制御情報の送信方法及びプログラム | |
WO2014119602A1 (ja) | 制御装置、スイッチ、通信システム、スイッチの制御方法及びプログラム | |
WO2014175335A1 (ja) | 制御装置、計算機システム、通信制御方法及びプログラム | |
JP5637289B2 (ja) | 通信システム、ノード、制御サーバ、通信方法およびプログラム | |
JP5573909B2 (ja) | 通信システム、ノード、制御装置、通信方法およびプログラム | |
JP6036940B2 (ja) | 通信システム、ノード、制御装置、通信方法およびプログラム | |
JP5794355B2 (ja) | 通信システム、ノード、制御装置、通信方法およびプログラム | |
JP5768600B2 (ja) | 通信システム、制御装置、パケット転送方法およびプログラム | |
WO2014142081A1 (ja) | 転送ノード、制御装置、通信システム、パケット処理方法及びプログラム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 201080045081.7 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 10822086 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 13500564 Country of ref document: US |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2011535449 Country of ref document: JP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2010822086 Country of ref document: EP |