WO2015098797A1 - Communication system, control device, control method, and program - Google Patents

Communication system, control device, control method, and program Download PDF

Info

Publication number
WO2015098797A1
WO2015098797A1 PCT/JP2014/083837 JP2014083837W WO2015098797A1 WO 2015098797 A1 WO2015098797 A1 WO 2015098797A1 JP 2014083837 W JP2014083837 W JP 2014083837W WO 2015098797 A1 WO2015098797 A1 WO 2015098797A1
Authority
WO
WIPO (PCT)
Prior art keywords
communication
switch
network
networks
control device
Prior art date
Application number
PCT/JP2014/083837
Other languages
French (fr)
Japanese (ja)
Inventor
修平 山口
Original Assignee
日本電気株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電気株式会社 filed Critical 日本電気株式会社
Publication of WO2015098797A1 publication Critical patent/WO2015098797A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4604LAN interconnection over a backbone network, e.g. Internet, Frame Relay
    • H04L12/462LAN interconnection over a bridge based backbone
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0654Management of faults, events, alarms or notifications using network fault recovery
    • H04L41/0663Performing the actions predefined by failover planning, e.g. switching to standby network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/40Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using virtualisation of network functions or resources, e.g. SDN or NFV entities

Definitions

  • the present invention is based on a Japanese patent application: Japanese Patent Application No. 2013-265483 (filed on Dec. 24, 2013), and the entire description of the application is incorporated herein by reference.
  • the present invention relates to a communication system, a control device, a communication method, and a program, and more particularly, to a communication system, a control device, a communication method, and a program for connecting two networks.
  • Patent Document 1 discloses a system that realizes topological redundancy and tolerance between nodes of a plurality of data networks using (Multi-Chassis Link Aggregation: hereinafter “MCLAG”).
  • MLAG Multi-Chassis Link Aggregation
  • Patent Document 2 discloses an OpenFlow network system in which a redundant network device can be connected to a centralized control network called OpenFlow while maintaining a redundant configuration.
  • Patent Document 3 discloses a configuration in which a centralized control type network control device is added with a management function of a redundant link using a technique called trunking or link aggregation, and a path control function using these links. Has been.
  • LANs local area networks
  • a device for terminating the L2 network such as a router or a gateway
  • a device for performing L2 encapsulation / decapsulation called a tunnel end point (TEP) or the like is installed between the underlay network and the overlay network.
  • TEP tunnel end point
  • MCLAG multi-chassis link aggregation
  • VRRP Virtual Router Redundancy Protocol
  • FIG. 10 shows an example in which two IP subnets are connected using an L3 switch having the MCLAG function.
  • the LAGs of the L2 switches of the segments A and B are terminated with the MCLAG of the L3 switch. If it is desired to dynamically build a LAG with a protocol such as LACP (Link Aggregation Control Protocol), the L3 switch needs to have a function that can implement the MCLAG.
  • LACP Link Aggregation Control Protocol
  • the present invention provides a communication system, a control device, a communication method, and a program that can contribute to effective use of bandwidth between networks and improvement of redundancy when connecting two networks without using a device that implements the MCLAG function.
  • the purpose is to do.
  • each communication node is connected in parallel between the link-aggregated port group of the switch of the first network and the link-aggregated port group of the switch of the second network.
  • Two or more communication nodes arranged to be connected to a switch of the second network, and a source address and a destination address referred to by each of the switches for communication packets between the first and second networks.
  • a communication system including a control device that controls each of the communication nodes so as to transfer the address after conversion to a predetermined address commonly assigned to the communication node.
  • each communication node is connected in parallel between the link-aggregated port group of the switch of the first network and the link-aggregated port group of the switch of the second network.
  • a source address and a destination address that are connected to two or more communication nodes arranged to be connected to a switch of the second network and that are referred to by each of the switches for communication packets between the first and second networks.
  • a control device that controls each of the communication nodes to transfer the information to a predetermined address assigned in common to the communication nodes.
  • each communication node is connected in parallel between the link-aggregated port group of the switch of the first network and the link-aggregated port group of the switch of the second network.
  • the control device connected to the two or more communication nodes arranged to be connected to the switch of the second network performs communication between the first and second networks based on the notification from the communication node.
  • the source address and the destination address referred to by each switch are converted into a predetermined address assigned in common to the communication nodes. And then controlling each of the communication nodes to transfer it.
  • This method is linked to a specific machine called a control device for controlling communication nodes arranged in parallel between the two networks.
  • each communication node is connected in parallel between the link-aggregated port group of the switch of the first network and the link-aggregated port group of the switch of the second network.
  • the communication between the first and second networks occurs in a computer connected to two or more communication nodes arranged to be connected to the switch of the second network based on the notification from the communication node.
  • the source address and the destination address referred to by each switch are converted into a predetermined address assigned in common to the communication nodes.
  • a process for controlling each of the communication nodes so as to transfer the data after the transfer.
  • This program can be recorded on a computer-readable (non-transient) storage medium. That is, the present invention can be embodied as a computer program product.
  • FIG. 6 is a diagram for explaining the operation of the communication system (packet transfer operation between terminal X and terminal Y) according to the first embodiment of the present invention.
  • the link-aggregated port group (LAG) of the switch 31 of the first network and the link-aggregated port group of the switch 32 of the second network as shown in FIG. (LAG), two or more communication nodes 11, 12 arranged so that each communication node is connected in parallel to the switches 31, 32 of the first and second networks, and these communication nodes 11, 12 can be realized.
  • control device 20 uses the transmission source address x (y) and the destination address ⁇ ( ⁇ ) referred to by the switches 31 and 32 for the communication packet between the first and second networks.
  • the communication nodes 11 and 12 are controlled so as to be transferred after being converted into predetermined addresses ⁇ ( ⁇ ) and y (x) assigned in common to the communication nodes.
  • the communication nodes 11 and 12 perform an operation of relaying packets transmitted and received between the LAGs of the switches 31 and 32 of the first and second networks. At this time, since the communication nodes 11 and 12 are arranged in parallel, communication can be continued even if a failure or the like occurs in one of them. Further, it is not necessary to use a device having an MCLAG function as a communication node, and a device having a function of rewriting a header of a designated packet in accordance with an instruction from the control device can be used. As such a device, for example, the open flow switch of Non-Patent Document 2 can be cited.
  • FIG. 2 is a diagram showing the configuration of the first exemplary embodiment of the present invention. Referring to FIG. 2, there is shown a configuration in which OpenFlow switches 11A and 12A are connected in parallel between two local area networks divided into segments A and B.
  • L2 switches each having a LAG function are arranged in segments A and B.
  • the LAG configuration port # 1 of the segment A L2 switch 31A is connected to the port a of the OpenFlow switch 11A, and the LAG configuration port # 2 of the L2 switch 31A is connected to the port a of the OpenFlow switch 12A.
  • the LAG configuration port # 1 of the segment B L2 switch 32A is connected to the port b of the OpenFlow switch 11A, and the LAG configuration port # 2 of the L2 switch 32A is connected to the port b of the OpenFlow switch 12A.
  • the L2 switch 31A, 32A When the L2 switch 31A, 32A receives a packet (frame) to be transmitted to the opposing segment side, the L2 switch 31A, 32A transfers it to one of the OpenFlow switches 11A, 12A by the LAG function. Thereby, distributed use of the line is realized.
  • OpenFlow switches 11 ⁇ / b> A and 12 ⁇ / b> A are devices (communication nodes) compliant with the specifications of Non-Patent Document 2. Specifically, the OpenFlow switches 11A and 12A perform an operation of processing a received packet in accordance with a flow entry having a matching condition that matches the received packet from among the flow entries set by the OpenFlow controller 20A. In addition, when the OpenFlow switches 11A and 12A do not hold a flow entry having a matching condition that matches the received packet, the OpenFlow controller 11A transmits the received packet or information extracted from the received packet to the OpenFlow controller 20A (Non-patent Document 2). Packet-In message), requesting setting of a flow entry.
  • a common MAC address that terminates both segments is set in each of the ports a and b of the OpenFlow switches 11A and 12A.
  • the MAC address set for the port a on the segment A side is represented by “ ⁇ ”
  • the MAC address set for the port b on the segment B side is represented by “ ⁇ ”.
  • the IP address and MAC address of the terminal X on the segment A side are represented as “X” and “x”
  • the IP address and MAC address of the terminal Y on the segment B side are represented as “Y” and “y”, respectively.
  • the OpenFlow controller 20A is a device that controls a device (communication node) conforming to the specification of Non-Patent Document 2 by setting a flow entry for the OpenFlow switches 11A and 12A.
  • the OpenFlow controller 20A according to the present embodiment sets the flow entry shown in FIG. 3 in both the OpenFlow switches 11A and 12A.
  • the destination MAC address is rewritten to the MAC address “y” of the terminal Y
  • the source MAC address is rewritten to the MAC address “ ⁇ ” of the port b of the OpenFlow switch, and then output from the port b on the segment B side Indicates what to do.
  • the flow entry as shown in FIG. 3 may be set when the OpenFlow controller 20A detects the occurrence of communication between the terminal X and the terminal Y in response to a flow entry setting request from the OpenFlow switches 11A and 12A. .
  • the example of FIG. 3 shows a flow entry for communication between the terminal X and the terminal Y.
  • the MAC address and IP address (X, x, Y, z) of the terminal may be replaced with (P, p, Q, q), respectively.
  • a flow entry may be set in advance.
  • the functions of the above OpenFlow controller can also be realized by a computer program that causes a computer constituting the OpenFlow controller to execute the above-described setting process of each flow entry by using the hardware thereof.
  • the L2 switch 31A selects a port from the LAG configuration ports according to a predetermined rule, and either the OpenFlow switch 11A or 12A is selected. (Step S001).
  • a packet addressed to the terminal Y is transmitted from the terminal X to the OpenFlow switch 11A.
  • the OpenFlow switch 11A When the OpenFlow switch 11A receives a packet addressed to the terminal Y from the terminal X, the OpenFlow switch 11A searches the flow entry set from the OpenFlow controller 20A for a flow entry having a matching condition that matches the received packet. However, since the flow entry shown in FIG. 3 is not set at this point, the OpenFlow switch 11A requests the OpenFlow controller 20A to set the flow entry corresponding to the packet addressed to the terminal Y from the terminal X ( Step S002; Packet-In).
  • the OpenFlow controller 20A Upon receiving the flow entry setting request, the OpenFlow controller 20A creates a flow entry as shown in FIG. 3 and sets it in both the OpenFlow switches 11A and 12A in order to enable communication between the terminal X and the terminal Y. (Step S003 in FIG. 5). Further, the OpenFlow controller 20A instructs the requester of the flow entry setting request (in this case, the OpenFlow switch 11A) to output the packet received in step S002 from the port b. Note that when creating the flow entry, the OpenFlow controller 20A refers to a separately prepared access control list or the like, and confirms whether communication between the terminal X and the terminal Y may be permitted. Good.
  • the L2 switch 32A on the segment B side receives the packet in which the destination / source MAC address has been rewritten, it aggregates these traffics by the LAG function and transfers them to the terminal Y.
  • the packet addressed from terminal Y to terminal X is the same operation, and the entry No. in FIG. It is delivered to the terminal X by the flow entry 2.
  • the OpenFlow controller 20A links down the port b (or port a) corresponding to the port a (or port b). It is also preferable to do. In this way, the LAG function of the L2 switch makes it possible to continue communication using the OpenFlow switch in which no failure has occurred in the port.
  • the Port Status message of Non-Patent Document 2 that notifies the OpenFlow controller of the OpenFlow switch to the OpenFlow controller can be used.
  • the OpenFlow controller 20A sets the flow entries shown in FIG. 7 in the OpenFlow switches 11A and 12A. Also good.
  • the OpenFlow controller 20A may set the flow entries shown in FIG. 8 in the OpenFlow switches 11A and 12A. .
  • Ether-CC continuity check
  • EtherType 0x8902
  • L2 switches 31A and 32A can be utilized across segments.
  • the segments on both sides are IP networks.
  • it can be handled by setting the flow entry corresponding to FIG. 3 according to the flow entry configuration and the network configuration.
  • a flow entry that encapsulates from port a to port b and a flow entry that decapsulates from port b to port a are set.
  • the same effect can be exhibited.
  • the control device converts a transmission source MAC address of a communication packet between the first and second networks into a MAC address assigned to a port of the own device, and communicates between the first and second networks.
  • a communication system that converts a destination MAC address of a destination device into a MAC address of a destination device learned in advance.
  • the control device for each communication node, By setting control information that associates a match condition for identifying a packet addressed to the other network from one of the first and second networks and a process to be applied to a packet that matches the match condition A communication system for controlling the first and second communication nodes.
  • the control device further provides the first and second communication nodes with respect to the first and second communication nodes.
  • a source MAC address of a communication packet between the first and second networks is converted into a MAC address assigned to a port of the own device, and a destination MAC address of the communication packet between the first and second networks is converted.
  • For each communication node By setting control information that associates a match condition for identifying a packet addressed to the other network from one of the first and second networks and a process to be applied to a packet that matches the match condition A control device for controlling the first and second communication nodes.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention improves redundancy and effectively uses the bandwidth between two networks. A communication system contains: two or more communication nodes disposed between a group of ports, which are link aggregated to a switch in a first network, and a group of ports, which are link aggregated to a switch in a second network, so that each communication node is connected to the switches of the first and second networks in parallel; and a control device which controls each communication node so that communication packets between the first and second networks are transferred after the transmission source address and reception address, to which each switch refers, are converted into a predetermined common address allocated to the communication nodes.

Description

通信システム、制御装置、通信方法及びプログラムCOMMUNICATION SYSTEM, CONTROL DEVICE, COMMUNICATION METHOD, AND PROGRAM
 [関連出願についての記載]
 本発明は、日本国特許出願:特願2013-265483号(2013年12月24日出願)に基づくものであり、同出願の全記載内容は引用をもって本書に組み込み記載されているものとする。
 本発明は、通信システム、制御装置、通信方法及びプログラムに関し、特に、2つのネットワークを接続するための通信システム、制御装置、通信方法及びプログラムに関する。 [Description of related applications]
The present invention is based on a Japanese patent application: Japanese Patent Application No. 2013-265483 (filed on Dec. 24, 2013), and the entire description of the application is incorporated herein by reference.
The present invention relates to a communication system, a control device, a communication method, and a program, and more particularly, to a communication system, a control device, a communication method, and a program for connecting two networks.
 特許文献1に、(Multi-Chasis Link Aggregation:以下、「MCLAG」)を用いて、複数のデータネットワークのノード間のトポロジカル冗長性および耐性を実現するシステムが開示されている。 Patent Document 1 discloses a system that realizes topological redundancy and tolerance between nodes of a plurality of data networks using (Multi-Chassis Link Aggregation: hereinafter “MCLAG”).
 特許文献2に、オープンフローと呼ばれる集中制御型のネットワークに対し、冗長化構成を維持した状態で、冗長化されたネットワーク機器を接続することができるというオープンフローネットワークシステムが開示されている。 Patent Document 2 discloses an OpenFlow network system in which a redundant network device can be connected to a centralized control network called OpenFlow while maintaining a redundant configuration.
 特許文献3に、集中制御型のネットワークの制御装置に、トランキング、リンクアグリゲーションと呼ばれる技術を用いて冗長化されたリンクの管理機能と、これらリンクを用いた経路制御機能を追加した構成が開示されている。 Patent Document 3 discloses a configuration in which a centralized control type network control device is added with a management function of a redundant link using a technique called trunking or link aggregation, and a path control function using these links. Has been.
特表2013-535922号公報Special table 2013-535922 gazette 特開2013-211706号公報Japanese Patent Application Laid-Open No. 2013-21706 国際公開第2012/050071号International Publication No. 2012/050071
 以下の分析は、本発明によって与えられたものである。一般に、2つのローカルエリアネットワーク(以下、LAN)を接続する場合、その間にルータやゲートウェイなど、L2ネットワークを終端する装置が設置される。また、L2オーバーレイネットワークを構築する場合でも同様に、アンダーレイネットワークとオーバーレイネットワークの間に、トンネルエンドポイント(TEP)等と呼ばれるL2カプセル化/デカプセル化を行う装置が設置される。 The following analysis is given by the present invention. Generally, when two local area networks (hereinafter referred to as LANs) are connected, a device for terminating the L2 network, such as a router or a gateway, is installed between them. Similarly, when an L2 overlay network is constructed, a device for performing L2 encapsulation / decapsulation called a tunnel end point (TEP) or the like is installed between the underlay network and the overlay network.
 このように2つのネットワークを接続する場合、これらの装置が単一障害点(Single Point of Failure:以下、SPOF)とならないように冗長化することが要請される。この場合、特許文献1のマルチシャーシリンクアグリゲーション(Multi-Chasis Link Aggregation:以下、MCLAG)と呼ばれる機能や特許文献2で利用されているVRRP(Virtual Router Redundancy Protocol)が利用される。 When connecting two networks in this way, it is required to make these devices redundant so that they do not become a single point of failure (hereinafter referred to as SPOF). In this case, a function called multi-chassis link aggregation (hereinafter referred to as MCLAG) of Patent Document 1 or VRRP (Virtual Router Redundancy Protocol) used in Patent Document 2 is used.
 VRRPの場合、接続対象のネットワークが共にIP(Internet Protocol)網でなければならないという制約がある。加えて、VRRPの場合、複数用意した装置をActive/Standbyとして動作させるため、Standby装置の帯域や資源が有効活用されないという問題点がある。 In the case of VRRP, there is a restriction that both networks to be connected must be IP (Internet Protocol) networks. In addition, in the case of VRRP, since a plurality of devices are operated as Active / Standby, there is a problem that the bandwidth and resources of the Standby device are not effectively used.
 一方、MCLAGの場合、冗長する全装置で分散して処理を行うため、VRRPのような帯域の無駄は軽減される。図10は、MCLAG機能を有するL3スイッチを用いて2つのIPサブネットを接続した例である。以下、説明を簡単にするため、両セグメントの端末は1台ずつとする。図10の例では、セグメントAやBのL2スイッチのLAGは、L3スイッチのMCLAGで終端されている。仮に、LACP(Link Aggregation Control Protocol)などのプロトコルでダイナミックにLAGを構築したい場合、L3スイッチには、そのプロトコルが実装され、なおかつ、MCLAGが構築できる機能が必要となる。 On the other hand, in the case of MCLAG, processing is performed in a distributed manner in all redundant devices, so that the waste of bandwidth like VRRP is reduced. FIG. 10 shows an example in which two IP subnets are connected using an L3 switch having the MCLAG function. Hereinafter, in order to simplify the description, it is assumed that there is one terminal in both segments. In the example of FIG. 10, the LAGs of the L2 switches of the segments A and B are terminated with the MCLAG of the L3 switch. If it is desired to dynamically build a LAG with a protocol such as LACP (Link Aggregation Control Protocol), the L3 switch needs to have a function that can implement the MCLAG.
 しかしながら、通常のLAG機能ならともかく、MCLAG機能を実装した装置は一般的に非常に高価なものとなる。また冗長装置同士を接続する専用回線(図10のL3スイッチ間のリンク)を用意する必要があるため、その分の帯域・資源の無駄は免れない。また例えば、EthernetOAMなどのL2通信はL3スイッチで終端されるため、セグメントを越えてそれらの機能を活用することはできないという問題点も派生する。 However, regardless of the normal LAG function, a device having the MCLAG function is generally very expensive. Further, since it is necessary to prepare a dedicated line (link between the L3 switches in FIG. 10) for connecting the redundant devices, it is inevitable that there is a waste of bandwidth and resources. Further, for example, since L2 communication such as EthernetOAM is terminated by an L3 switch, there is a problem that these functions cannot be utilized across segments.
 本発明は、MCLAG機能を実装した装置を用いずとも、2つのネットワークを接続する際のネットワーク間の帯域の有効活用と冗長性向上に貢献可能な通信システム、制御装置、通信方法及びプログラムを提供することを目的とする。 The present invention provides a communication system, a control device, a communication method, and a program that can contribute to effective use of bandwidth between networks and improvement of redundancy when connecting two networks without using a device that implements the MCLAG function. The purpose is to do.
 第1の視点によれば、第1のネットワークのスイッチのリンクアグリゲーションされたポート群と、第2のネットワークのスイッチのリンクアグリゲーションされたポート群との間に、各通信ノードが並列に前記第1、第2のネットワークのスイッチと接続されるよう配置された2以上の通信ノードと、前記第1、第2のネットワーク間の通信パケットについて、前記各スイッチが参照する送信元アドレスと宛先アドレスとを前記通信ノードに共通して割り当てた所定のアドレスに変換してから転送するよう前記各通信ノードを制御する制御装置と、を含む通信システムが提供される。 According to the first aspect, each communication node is connected in parallel between the link-aggregated port group of the switch of the first network and the link-aggregated port group of the switch of the second network. Two or more communication nodes arranged to be connected to a switch of the second network, and a source address and a destination address referred to by each of the switches for communication packets between the first and second networks. There is provided a communication system including a control device that controls each of the communication nodes so as to transfer the address after conversion to a predetermined address commonly assigned to the communication node.
 第2の視点によれば、第1のネットワークのスイッチのリンクアグリゲーションされたポート群と、第2のネットワークのスイッチのリンクアグリゲーションされたポート群との間に、各通信ノードが並列に前記第1、第2のネットワークのスイッチと接続されるよう配置された2以上の通信ノードと接続され、前記第1、第2のネットワーク間の通信パケットについて、前記各スイッチが参照する送信元アドレスと宛先アドレスとを前記通信ノードに共通して割り当てた所定のアドレスに変換してから転送するよう前記各通信ノードを制御する制御装置が提供される。 According to the second aspect, each communication node is connected in parallel between the link-aggregated port group of the switch of the first network and the link-aggregated port group of the switch of the second network. A source address and a destination address that are connected to two or more communication nodes arranged to be connected to a switch of the second network and that are referred to by each of the switches for communication packets between the first and second networks. And a control device that controls each of the communication nodes to transfer the information to a predetermined address assigned in common to the communication nodes.
 第3の視点によれば、第1のネットワークのスイッチのリンクアグリゲーションされたポート群と、第2のネットワークのスイッチのリンクアグリゲーションされたポート群との間に、各通信ノードが並列に前記第1、第2のネットワークのスイッチと接続されるよう配置された2以上の通信ノードと接続された制御装置が、前記通信ノードからの通知に基づいて、前記第1、第2のネットワーク間の通信が発生したことを検出するステップと、前記第1、第2のネットワーク間の通信について、前記各スイッチが参照する送信元アドレスと宛先アドレスとを前記通信ノードに共通して割り当てた所定のアドレスに変換してから転送するよう前記各通信ノードを制御するステップと、を含む通信方法が提供される。本方法は、前記2つのネットワーク間に並列して配置された通信ノードを制御する制御装置という、特定の機械に結びつけられている。 According to the third aspect, each communication node is connected in parallel between the link-aggregated port group of the switch of the first network and the link-aggregated port group of the switch of the second network. The control device connected to the two or more communication nodes arranged to be connected to the switch of the second network performs communication between the first and second networks based on the notification from the communication node. In the step of detecting the occurrence and the communication between the first and second networks, the source address and the destination address referred to by each switch are converted into a predetermined address assigned in common to the communication nodes. And then controlling each of the communication nodes to transfer it. This method is linked to a specific machine called a control device for controlling communication nodes arranged in parallel between the two networks.
 第4の視点によれば、第1のネットワークのスイッチのリンクアグリゲーションされたポート群と、第2のネットワークのスイッチのリンクアグリゲーションされたポート群との間に、各通信ノードが並列に前記第1、第2のネットワークのスイッチと接続されるよう配置された2以上の通信ノードと接続されたコンピュータに、前記通信ノードからの通知に基づいて、前記第1、第2のネットワーク間の通信が発生したことを検出する処理と、前記第1、第2のネットワーク間の通信について、前記各スイッチが参照する送信元アドレスと宛先アドレスとを前記通信ノードに共通して割り当てた所定のアドレスに変換してから転送するよう前記各通信ノードを制御する処理と、を実行させるプログラムが提供される。なお、このプログラムは、コンピュータが読み取り可能な(非トランジエントな)記憶媒体に記録することができる。即ち、本発明は、コンピュータプログラム製品として具現することも可能である。 According to the fourth aspect, each communication node is connected in parallel between the link-aggregated port group of the switch of the first network and the link-aggregated port group of the switch of the second network. The communication between the first and second networks occurs in a computer connected to two or more communication nodes arranged to be connected to the switch of the second network based on the notification from the communication node. For the process of detecting the communication and the communication between the first and second networks, the source address and the destination address referred to by each switch are converted into a predetermined address assigned in common to the communication nodes. And a process for controlling each of the communication nodes so as to transfer the data after the transfer. This program can be recorded on a computer-readable (non-transient) storage medium. That is, the present invention can be embodied as a computer program product.
 本発明によれば、MCLAG機能を実装した装置を用いずとも、2つのネットワーク間の帯域の有効活用と冗長性向上に貢献することが可能となる。 According to the present invention, it is possible to contribute to effective utilization of bandwidth between two networks and improvement of redundancy without using a device equipped with the MCLAG function.
本発明の一実施形態の構成を示す図である。It is a figure which shows the structure of one Embodiment of this invention. 本発明の第1の実施形態の構成を示す図である。It is a figure which shows the structure of the 1st Embodiment of this invention. 本発明の第1の実施形態の通信ノードに設定される制御情報(フローエントリ)の例を示す図である。It is a figure which shows the example of the control information (flow entry) set to the communication node of the 1st Embodiment of this invention. 本発明の第1の実施形態の通信システムの動作(新規通信検出)を説明するための図である。It is a figure for demonstrating operation | movement (new communication detection) of the communication system of the 1st Embodiment of this invention. 本発明の第1の実施形態の通信システムの動作(制御情報(フローエントリ)設定)を説明するための図である。It is a figure for demonstrating operation | movement (control information (flow entry) setting) of the communication system of the 1st Embodiment of this invention. 本発明の第1の実施形態の通信システムの動作(端末X-端末Y間のパケット転送動作)を説明するための図である。FIG. 6 is a diagram for explaining the operation of the communication system (packet transfer operation between terminal X and terminal Y) according to the first embodiment of the present invention. 本発明の変形実施形態において通信ノードに設定される制御情報(フローエントリ)の例を示す図である。It is a figure which shows the example of the control information (flow entry) set to the communication node in the deformation | transformation embodiment of this invention. 本発明の変形実施形態において通信ノードに設定される別の制御情報(フローエントリ)の例を示す図である。It is a figure which shows the example of another control information (flow entry) set to the communication node in the deformation | transformation embodiment of this invention. 本発明の第2の実施形態の通信システムの構成を示す図である。It is a figure which shows the structure of the communication system of the 2nd Embodiment of this invention. MCLAG機能付きのL3スイッチを用いてセグメント間を接続した構成を示す図である。It is a figure which shows the structure which connected between segments using the L3 switch with a MCLAG function.
 はじめに本発明の一実施形態の概要について図面を参照して説明する。なお、この概要に付記した図面参照符号は、理解を助けるための一例として各要素に便宜上付記したものであり、本発明を図示の態様に限定することを意図するものではない。 First, an outline of an embodiment of the present invention will be described with reference to the drawings. Note that the reference numerals of the drawings attached to this summary are attached to the respective elements for convenience as an example for facilitating understanding, and are not intended to limit the present invention to the illustrated embodiment.
 本発明は、その一実施形態において、図1に示すように、第1のネットワークのスイッチ31のリンクアグリゲーションされたポート群(LAG)と、第2のネットワークのスイッチ32のリンクアグリゲーションされたポート群(LAG)との間に、各通信ノードが並列に前記第1、第2のネットワークのスイッチ31、32と接続されるよう配置された2以上の通信ノード11、12と、これら通信ノード11、12を制御する制御装置20と、を含む構成にて実現できる。 In one embodiment of the present invention, as shown in FIG. 1, the link-aggregated port group (LAG) of the switch 31 of the first network and the link-aggregated port group of the switch 32 of the second network, as shown in FIG. (LAG), two or more communication nodes 11, 12 arranged so that each communication node is connected in parallel to the switches 31, 32 of the first and second networks, and these communication nodes 11, 12 can be realized.
 より具体的には、制御装置20は、前記第1、第2のネットワーク間の通信パケットについて、前記各スイッチ31、32が参照する送信元アドレスx(y)と宛先アドレスα(β)とを前記通信ノードに共通して割り当てた所定のアドレスβ(α)、y(x)に変換してから転送するよう前記各通信ノード11、12を制御する。 More specifically, the control device 20 uses the transmission source address x (y) and the destination address α (β) referred to by the switches 31 and 32 for the communication packet between the first and second networks. The communication nodes 11 and 12 are controlled so as to be transferred after being converted into predetermined addresses β (α) and y (x) assigned in common to the communication nodes.
 以上のように構成することで、通信ノード11、12は、第1、第2のネットワークのスイッチ31、32のLAG間で送受信されるパケットを中継する動作を行う。このとき、通信ノード11、12は並列して配置されているため、いずれか一方に障害等が発生しても、通信を継続することが可能である。また、通信ノードとして、MCLAG機能を備える機器を用いる必要はなく、制御装置からの指示に従い、指定されたパケットのヘッダを書き換える機能を備えている機器を用いることができる。このような機器としては、例えば、非特許文献2のオープンフロースイッチが挙げられる。 With the configuration described above, the communication nodes 11 and 12 perform an operation of relaying packets transmitted and received between the LAGs of the switches 31 and 32 of the first and second networks. At this time, since the communication nodes 11 and 12 are arranged in parallel, communication can be continued even if a failure or the like occurs in one of them. Further, it is not necessary to use a device having an MCLAG function as a communication node, and a device having a function of rewriting a header of a designated packet in accordance with an instruction from the control device can be used. As such a device, for example, the open flow switch of Non-Patent Document 2 can be cited.
[第1の実施形態]
 続いて、本発明の第1の実施形態について図面を参照して詳細に説明する。図2は、本発明の第1の実施形態の構成を表した図である。図2を参照すると、セグメントAとBに分けられた2つのローカルエリアネットワークの間に、OpenFlowスイッチ11A、12Aを並列に接続した構成が示されている。 [First Embodiment]
Next, a first embodiment of the present invention will be described in detail with reference to the drawings. FIG. 2 is a diagram showing the configuration of the first exemplary embodiment of the present invention. Referring to FIG. 2, there is shown a configuration in which OpenFlow switches 11A and 12A are connected in parallel between two local area networks divided into segments A and B.
 また、セグメントA、Bには、それぞれLAG機能を備えたレイヤ2スイッチ(以下、「L2スイッチ」)が配置されている。セグメントAのL2スイッチ31AのLAG構成ポート#1は、OpenFlowスイッチ11Aのポートaと接続され、L2スイッチ31AのLAG構成ポート#2は、OpenFlowスイッチ12Aのポートaと接続されている。同様に、セグメントBのL2スイッチ32AのLAG構成ポート#1は、OpenFlowスイッチ11Aのポートbと接続され、L2スイッチ32AのLAG構成ポート#2は、OpenFlowスイッチ12Aのポートbと接続されている。L2スイッチ31A、32Aは、対抗するセグメント側に送信すべきパケット(フレーム)を受信すると、LAG機能により、OpenFlowスイッチ11A、12Aのいずれかに転送する。これにより、回線の分散利用が実現される。 In addition, layer 2 switches (hereinafter referred to as “L2 switches”) each having a LAG function are arranged in segments A and B. The LAG configuration port # 1 of the segment A L2 switch 31A is connected to the port a of the OpenFlow switch 11A, and the LAG configuration port # 2 of the L2 switch 31A is connected to the port a of the OpenFlow switch 12A. Similarly, the LAG configuration port # 1 of the segment B L2 switch 32A is connected to the port b of the OpenFlow switch 11A, and the LAG configuration port # 2 of the L2 switch 32A is connected to the port b of the OpenFlow switch 12A. When the L2 switch 31A, 32A receives a packet (frame) to be transmitted to the opposing segment side, the L2 switch 31A, 32A transfers it to one of the OpenFlow switches 11A, 12A by the LAG function. Thereby, distributed use of the line is realized.
 OpenFlowスイッチ11A、12Aは、非特許文献2の仕様に準拠した機器(通信ノード)である。具体的には、OpenFlowスイッチ11A、12Aは、OpenFlowコントローラ20Aから設定されたフローエントリの中から、受信パケットに適合するマッチ条件を持つフローエントリに従って、受信パケットを処理する動作を行う。また、OpenFlowスイッチ11A、12Aは、受信パケットに適合するマッチ条件を持つフローエントリを保持していない場合、OpenFlowコントローラ20Aに対し、受信パケット又は受信パケットから抽出した情報を送信し(非特許文献2のPacket-Inメッセージ)、フローエントリの設定を要求する。 OpenFlow switches 11 </ b> A and 12 </ b> A are devices (communication nodes) compliant with the specifications of Non-Patent Document 2. Specifically, the OpenFlow switches 11A and 12A perform an operation of processing a received packet in accordance with a flow entry having a matching condition that matches the received packet from among the flow entries set by the OpenFlow controller 20A. In addition, when the OpenFlow switches 11A and 12A do not hold a flow entry having a matching condition that matches the received packet, the OpenFlow controller 11A transmits the received packet or information extracted from the received packet to the OpenFlow controller 20A (Non-patent Document 2). Packet-In message), requesting setting of a flow entry.
 また、OpenFlowスイッチ11A、12Aの各ポートa、bには、両セグメントを終端する共通のMACアドレスが設定されている。以下の説明では、セグメントA側のポートaに設定されているMACアドレスを「α」、セグメントB側のポートbに設定されているMACアドレスを「β」と表す。また、セグメントA側の端末XのIPアドレス及びMACアドレスを「X」、「x」と表し、セグメントB側の端末YのIPアドレス及びMACアドレスをそれぞれ「Y」、「y」と表す。 In addition, a common MAC address that terminates both segments is set in each of the ports a and b of the OpenFlow switches 11A and 12A. In the following description, the MAC address set for the port a on the segment A side is represented by “α”, and the MAC address set for the port b on the segment B side is represented by “β”. Further, the IP address and MAC address of the terminal X on the segment A side are represented as “X” and “x”, and the IP address and MAC address of the terminal Y on the segment B side are represented as “Y” and “y”, respectively.
 OpenFlowコントローラ20Aは、OpenFlowスイッチ11A、12Aに対し、フローエントリを設定することにより、非特許文献2の仕様に準拠した機器(通信ノード)を制御する装置である。本実施形態のOpenFlowコントローラ20Aは、OpenFlowスイッチ11A、12Aの双方に、図3に示すフローエントリを設定する。 The OpenFlow controller 20A is a device that controls a device (communication node) conforming to the specification of Non-Patent Document 2 by setting a flow entry for the OpenFlow switches 11A and 12A. The OpenFlow controller 20A according to the present embodiment sets the flow entry shown in FIG. 3 in both the OpenFlow switches 11A and 12A.
 図3のエントリNo.1のフローエントリは、入力ポート=「a」、宛先MACアドレス=「α」、宛先IPアドレス=「Y」であるパケットを受信した場合にOpenFlowスイッチ11A、12Aに実行させる処理を示している。図3の例では、宛先MACアドレスを端末YのMACアドレス「y」に書き換え、送信元MACアドレスをOpenFlowスイッチのポートbのMACアドレス「β」に書き換えた後、セグメントB側のポートbから出力すべきことを示している。 Entry No. in Fig. 3 A flow entry 1 indicates a process to be executed by the OpenFlow switches 11A and 12A when a packet having an input port = “a”, a destination MAC address = “α”, and a destination IP address = “Y” is received. In the example of FIG. 3, the destination MAC address is rewritten to the MAC address “y” of the terminal Y, the source MAC address is rewritten to the MAC address “β” of the port b of the OpenFlow switch, and then output from the port b on the segment B side Indicates what to do.
 図3のエントリNo.2のフローエントリは、上記No.1のフローエントリと逆方向のフローに対応するものである。具体的には、入力ポート=「b」、宛先MACアドレス=「β」、宛先IPアドレス=「X」であるパケットを受信した場合、OpenFlowスイッチ11A、12Aは、宛先MACアドレスを端末XのMACアドレス「x」に書き換え、送信元MACアドレスをOpenFlowスイッチのポートaのMACアドレス「α」に書き換えた後、セグメントA側のポートaから出力すべきことを示している。 Entry No. in Fig. 3 The flow entry of No. 2 This corresponds to the flow in the reverse direction to the flow entry 1. Specifically, when a packet with input port = “b”, destination MAC address = “β”, and destination IP address = “X” is received, the OpenFlow switches 11A and 12A set the destination MAC address to the MAC of the terminal X. This indicates that after rewriting to the address “x” and rewriting the source MAC address to the MAC address “α” of the port a of the OpenFlow switch, it should be output from the port a on the segment A side.
 図3に示したようなフローエントリは、OpenFlowスイッチ11A、12Aからのフローエントリの設定要求により、OpenFlowコントローラ20Aが端末Xと端末Y間の通信が発生したことを検出した段階で設定すればよい。図3の例では、端末Xと端末Y間の通信用のフローエントリを示しているが、例えば、セグメントAの端末PとセグメントBの端末Q間で通信が発生した場合、図3のフローエントリの端末のMACアドレス、IPアドレス(X、x、Y、z)をそれぞれ(P、p、Q、q)に置き換えればよい。もちろん、予め通信が発生することが分かっている場合には、事前にフローエントリを設定しておいてもよい。 The flow entry as shown in FIG. 3 may be set when the OpenFlow controller 20A detects the occurrence of communication between the terminal X and the terminal Y in response to a flow entry setting request from the OpenFlow switches 11A and 12A. . The example of FIG. 3 shows a flow entry for communication between the terminal X and the terminal Y. For example, when communication occurs between the terminal P of the segment A and the terminal Q of the segment B, the flow entry of FIG. The MAC address and IP address (X, x, Y, z) of the terminal may be replaced with (P, p, Q, q), respectively. Of course, if it is known in advance that communication will occur, a flow entry may be set in advance.
 なお、上記したOpenFlowコントローラの機能は、OpenFlowコントローラを構成するコンピュータに、そのハードウェアを用いて、上記した各フローエントリの設定処理を実行させるコンピュータプログラムにより実現することもできる。 Note that the functions of the above OpenFlow controller can also be realized by a computer program that causes a computer constituting the OpenFlow controller to execute the above-described setting process of each flow entry by using the hardware thereof.
 続いて、本実施形態の動作について図面を参照して詳細に説明する。例えば、図4に示すように、端末Xが端末Y宛てのパケットを送信すると、L2スイッチ31Aは、LAG構成ポートの中から、所定のルールによりポートを選択し、OpenFlowスイッチ11A、12Aのいずれかに送信する(ステップS001)。図4の例では、OpenFlowスイッチ11Aに端末Xから端末Y宛てのパケットが送信されている。 Subsequently, the operation of the present embodiment will be described in detail with reference to the drawings. For example, as shown in FIG. 4, when the terminal X transmits a packet addressed to the terminal Y, the L2 switch 31A selects a port from the LAG configuration ports according to a predetermined rule, and either the OpenFlow switch 11A or 12A is selected. (Step S001). In the example of FIG. 4, a packet addressed to the terminal Y is transmitted from the terminal X to the OpenFlow switch 11A.
 OpenFlowスイッチ11Aは、端末Xから端末Y宛てのパケットを受信すると、OpenFlowコントローラ20Aから設定されたフローエントリの中から、受信パケットに適合するマッチ条件を持つフローエントリを検索する。しかしながら、この時点では、図3に示すフローエントリは設定されていないため、OpenFlowスイッチ11Aは、OpenFlowコントローラ20Aに対して、端末Xから端末Y宛てのパケットに対応するフローエントリの設定を要求する(ステップS002;Packet-In)。 When the OpenFlow switch 11A receives a packet addressed to the terminal Y from the terminal X, the OpenFlow switch 11A searches the flow entry set from the OpenFlow controller 20A for a flow entry having a matching condition that matches the received packet. However, since the flow entry shown in FIG. 3 is not set at this point, the OpenFlow switch 11A requests the OpenFlow controller 20A to set the flow entry corresponding to the packet addressed to the terminal Y from the terminal X ( Step S002; Packet-In).
 前記フローエントリの設定要求を受けたOpenFlowコントローラ20Aは、端末X、端末Y間の通信を可能にするために、図3に示すようなフローエントリを作成し、OpenFlowスイッチ11A、12Aの双方に設定する(図5のステップS003)。また、OpenFlowコントローラ20Aは、フローエントリの設定要求の要求元(この場合、OpenFlowスイッチ11A)に対し、ステップS002で受信したパケットをポートbから出力するよう指示する。なお、前記フローエントリを作成する際に、OpenFlowコントローラ20Aが、別途用意したアクセスコントロールリスト等を参照し、端末X、端末Y間の通信を許可して良いか否かを確認するようにしてもよい。 Upon receiving the flow entry setting request, the OpenFlow controller 20A creates a flow entry as shown in FIG. 3 and sets it in both the OpenFlow switches 11A and 12A in order to enable communication between the terminal X and the terminal Y. (Step S003 in FIG. 5). Further, the OpenFlow controller 20A instructs the requester of the flow entry setting request (in this case, the OpenFlow switch 11A) to output the packet received in step S002 from the port b. Note that when creating the flow entry, the OpenFlow controller 20A refers to a separately prepared access control list or the like, and confirms whether communication between the terminal X and the terminal Y may be permitted. Good.
 その後、OpenFlowスイッチ11A、12Aは、端末Xから端末Y宛てのパケットを受信すると、図3のフローエントリのエントリNo.1のフローエントリに従って宛先MACアドレスを端末YのMACアドレス「y」に書き換え、かつ、送信元MACアドレスをOpenFlowスイッチのポートbのMACアドレス「β」に書き換えた後、セグメントB側のポートbから出力する(図6のステップS004)。 After that, when the OpenFlow switches 11A and 12A receive a packet addressed to the terminal Y from the terminal X, the entry No. After rewriting the destination MAC address to the MAC address “y” of the terminal Y according to the flow entry of 1 and rewriting the source MAC address to the MAC address “β” of the port b of the OpenFlow switch, from the port b on the segment B side This is output (step S004 in FIG. 6).
 セグメントB側のL2スイッチ32Aは、前記宛先/送信元MACアドレスが書き換えられたパケットを受信すると、LAG機能により、これらのトラフィックを集約して、端末Yへと転送する。 When the L2 switch 32A on the segment B side receives the packet in which the destination / source MAC address has been rewritten, it aggregates these traffics by the LAG function and transfers them to the terminal Y.
 端末Yから端末X宛てのパケットも同様の動作で、図3のエントリNo.2のフローエントリにより端末Xに届けられることになる。 The packet addressed from terminal Y to terminal X is the same operation, and the entry No. in FIG. It is delivered to the terminal X by the flow entry 2.
 その後、何らかの理由でOpenFlowスイッチ11A、12Aのいずれかが障害となった場合、L2スイッチ31A、32Aは、LAG機能により、残るOpenFlowスイッチを利用して通信を継続する。 Thereafter, when any of the OpenFlow switches 11A and 12A fails for some reason, the L2 switches 31A and 32A continue communication using the remaining OpenFlow switch by the LAG function.
 また、OpenFlowスイッチ11A、12Aのポートa(又はポートb)が障害となった場合、OpenFlowコントローラ20Aが、ポートa(又はポートb)に対応するポートb(又はポートa)をリンクダウンさせるようにすることも好ましい。このようにすることで、L2スイッチのLAG機能により、ポートに障害が発生していないOpenFlowスイッチを利用して通信を継続することが可能となる。OpenFlowスイッチ11A、12Aのポートの障害を検出する仕組みとしては、OpenFlowスイッチからOpenFlowコントローラにポートの死活状態を通知する非特許文献2のPort Statusメッセージ等を用いることができる。 Further, when the port a (or port b) of the OpenFlow switches 11A and 12A becomes a failure, the OpenFlow controller 20A links down the port b (or port a) corresponding to the port a (or port b). It is also preferable to do. In this way, the LAG function of the L2 switch makes it possible to continue communication using the OpenFlow switch in which no failure has occurred in the port. As a mechanism for detecting the failure of the ports of the OpenFlow switches 11A and 12A, the Port Status message of Non-Patent Document 2 that notifies the OpenFlow controller of the OpenFlow switch to the OpenFlow controller can be used.
 以上のように、本実施形態によれば、複数台のOpenFlowスイッチの帯域を無駄なく使い、かつ、対障害性の確保することが可能となる。 As described above, according to the present embodiment, it is possible to use the bandwidth of a plurality of OpenFlow switches without waste and to secure fault tolerance.
 また、本実施形態において、OpenFlowスイッチのポートaとポートbが1対1対応していることを利用すれば、セグメントを跨いで、特定のプロトコルのメッセージを透過させることができる。 Also, in the present embodiment, by utilizing the one-to-one correspondence between the port a and the port b of the OpenFlow switch, it is possible to transmit a message of a specific protocol across the segments.
 例えば、両端のL2スイッチ31A、32AがLACP(Link Aggregation Control Protocol;IEEE802.3ad)機能を持つ場合、OpenFlowコントローラ20Aが、OpenFlowスイッチ11A、12Aに、図7に示すフローエントリを設定するようにしてもよい。図7の例では、EtherType=0x8809のLACPフレームについては、ヘッダ等を変換することなく対向するセグメントに転送することを指示している。このようにLACPフレームを透過させること、ダイナミックなMCLAGの構築が可能となる。 For example, if the L2 switches 31A and 32A at both ends have the LACP (Link Aggregation Control Protocol; IEEE802.3ad) function, the OpenFlow controller 20A sets the flow entries shown in FIG. 7 in the OpenFlow switches 11A and 12A. Also good. In the example of FIG. 7, the LACP frame of EtherType = 0x8809 is instructed to be transferred to the opposite segment without converting the header or the like. Thus, it is possible to construct a dynamic MCLAG by transmitting the LACP frame.
 同様に両端のL2スイッチ31A、32AがEtherOAM(operations、administration、maintenance)の機能を持つ場合、OpenFlowコントローラ20Aが、OpenFlowスイッチ11A、12Aに、図8に示すフローエントリを設定するようにしてもよい。図8の例では、EtherType=0x8902のEther-CC(continuity check)フレームについては、ヘッダ等を変換することなく対向するセグメントに転送することを指示している。このようにEther-CCを透過させること、セグメントを跨った機器監視を実現することができる。なお、Ether-CCはVLANに依存するため、図8のように素通しさせる場合は、両セグメントのVLAN-IDが等しい必要がある。異なる場合は、単純な素通しではなく、VLAN-IDの変換を行うようなフローエントリを登録することで対応できる。 Similarly, when the L2 switches 31A and 32A at both ends have the function of EtherOAM (operations, administration, maintenance), the OpenFlow controller 20A may set the flow entries shown in FIG. 8 in the OpenFlow switches 11A and 12A. . In the example of FIG. 8, an Ether-CC (continuity check) frame with EtherType = 0x8902 is instructed to be transferred to the opposite segment without converting the header or the like. In this way, it is possible to realize Ether-CC transmission and device monitoring across segments. Note that since Ether-CC depends on the VLAN, the VLAN-IDs of both segments must be equal when passing through as shown in FIG. Different cases can be dealt with by registering a flow entry that performs VLAN-ID conversion, rather than simple passage.
 以上のように、本実施形態によれば、セグメントを跨いで、L2スイッチ31A、32Aの一部機能を活用することもできる。 As described above, according to the present embodiment, some functions of the L2 switches 31A and 32A can be utilized across segments.
 以上、本発明の実施形態を説明したが、本発明は、上記した実施形態に限定されるものではなく、本発明の基本的技術的思想を逸脱しない範囲で、更なる変形・置換・調整を加えることができる。例えば、各図面に示したネットワーク構成、各要素の構成、メッセージの表現形態は、本発明の理解を助けるための一例であり、これらの図面に示した構成に限定されるものではない。 Although the embodiments of the present invention have been described above, the present invention is not limited to the above-described embodiments, and further modifications, substitutions, and adjustments may be made without departing from the basic technical idea of the present invention. Can be added. For example, the network configuration, the configuration of each element, and the expression form of a message shown in each drawing are examples for helping understanding of the present invention, and are not limited to the configuration shown in these drawings.
 また上記した実施形態では、2台のOpenFlowスイッチを配置してトラフィック分散と、冗長性確保を図ったが、図9に示すように、3台以上のOpenFlowスイッチを並列に配置した構成として冗長度(多重度)を高めることもできる(第2の実施形態)。冗長度の上限は、両端のL2スイッチのLAG機能に依存する。上記した説明のとおり、各々のOpenFlowスイッチは冗長度に依存せず個別に動作するため、リニアにスケールすることが可能である。 In the above-described embodiment, two OpenFlow switches are arranged to distribute traffic and ensure redundancy. However, as shown in FIG. 9, redundancy is achieved with a configuration in which three or more OpenFlow switches are arranged in parallel. (Multiplicity) can also be increased (second embodiment). The upper limit of redundancy depends on the LAG function of the L2 switches at both ends. As described above, each OpenFlow switch operates independently without depending on redundancy, and thus can be linearly scaled.
 また上記した実施形態では、両側のセグメントがIP網であるものとして説明したが、そうでない場合でも、図3に相当するフローエントリをフローエントリ構成、ネットワーク構成に合わせて設定することで対応できる。例えば、セグメントAがアンダーレイネットワーク、セグメントBがオーバーレイネットワークとなるL2オーバーレイ構成の場合なら、ポートaからポートbへカプセル化するフローエントリと、ポートbからポートaへデカプセル化するフローエントリを設定することで、同様の効果を発揮することができる。 In the above-described embodiment, it has been described that the segments on both sides are IP networks. However, even if this is not the case, it can be handled by setting the flow entry corresponding to FIG. 3 according to the flow entry configuration and the network configuration. For example, in the case of an L2 overlay configuration in which segment A is an underlay network and segment B is an overlay network, a flow entry that encapsulates from port a to port b and a flow entry that decapsulates from port b to port a are set. Thus, the same effect can be exhibited.
 最後に、本発明の好ましい形態を要約する。
[第1の形態]
 (上記第1の視点による通信システム参照)
[第2の形態]
 第1の形態の通信システムにおいて、
 前記制御装置は、前記第1、第2のネットワーク間の通信パケットの送信元MACアドレスを自装置のポートに割り当てられたMACアドレスに変換するとともに、前記第1、第2のネットワーク間の通信パケットの宛先MACアドレスを予め学習した宛先機器のMACアドレスに変換する通信システム。
[第3の形態]
 第1又は第2の形態の通信システムにおいて、
 前記制御装置は、前記各通信ノードに対し、
 前記第1、第2のネットワークの一方から他方のネットワークに宛てたパケットを識別するためのマッチ条件と、前記マッチ条件に適合するパケットに適用する処理とを対応付けた制御情報を設定することにより、前記第1、第2の通信ノードを制御する通信システム。
[第4の形態]
 第1から第3いずれか一の形態の通信システムにおいて、
 前記制御装置は、さらに、前記第1、第2の通信ノードに対し、
 前記第1、第2のネットワーク間の管理用パケットを通過させる制御情報を設定する通信システム。
[第5の形態]
 (上記第2の視点による制御装置参照)
[第6の形態]
 第5の形態の制御装置において、
 前記第1、第2のネットワーク間の通信パケットの送信元MACアドレスを自装置のポートに割り当てられたMACアドレスに変換するとともに、前記第1、第2のネットワーク間の通信パケットの宛先MACアドレスを予め学習した宛先機器のMACアドレスに変換する制御装置。
[第7の形態]
 第5又は第6の形態の制御装置において、
 前記各通信ノードに対し、
 前記第1、第2のネットワークの一方から他方のネットワークに宛てたパケットを識別するためのマッチ条件と、前記マッチ条件に適合するパケットに適用する処理とを対応付けた制御情報を設定することにより、前記第1、第2の通信ノードを制御する制御装置。
[第8の形態]
 第5から第7いずれか一の形態の制御装置において、
 さらに、前記各通信ノードに対し、
 前記第1、第2のネットワーク間の管理用パケットを通過させる制御情報を設定する制御装置。
[第9の形態]
 (上記第3の視点による通信方法参照)
[第10の形態]
 (上記第4の視点によるプログラム参照)
 なお、上記第9~第10の形態は、第1の形態と同様に、第2~第4の形態に展開することが可能である。 Finally, a preferred form of the invention is summarized.
[First embodiment]
(Refer to the communication system according to the first viewpoint)
[Second form]
In the communication system of the first form,
The control device converts a transmission source MAC address of a communication packet between the first and second networks into a MAC address assigned to a port of the own device, and communicates between the first and second networks. A communication system that converts a destination MAC address of a destination device into a MAC address of a destination device learned in advance.
[Third embodiment]
In the communication system of the first or second form,
The control device, for each communication node,
By setting control information that associates a match condition for identifying a packet addressed to the other network from one of the first and second networks and a process to be applied to a packet that matches the match condition A communication system for controlling the first and second communication nodes.
[Fourth form]
In the communication system according to any one of the first to third aspects,
The control device further provides the first and second communication nodes with respect to the first and second communication nodes.
A communication system for setting control information for passing a management packet between the first and second networks.
[Fifth embodiment]
(Refer to the control device according to the second viewpoint)
[Sixth embodiment]
In the control device of the fifth aspect,
A source MAC address of a communication packet between the first and second networks is converted into a MAC address assigned to a port of the own device, and a destination MAC address of the communication packet between the first and second networks is converted. A control device that converts the MAC address of the destination device learned in advance.
[Seventh form]
In the control device of the fifth or sixth aspect,
For each communication node,
By setting control information that associates a match condition for identifying a packet addressed to the other network from one of the first and second networks and a process to be applied to a packet that matches the match condition A control device for controlling the first and second communication nodes.
[Eighth form]
In the control device according to any one of the fifth to seventh aspects,
Further, for each communication node,
A control device that sets control information for passing a management packet between the first and second networks.
[Ninth Embodiment]
(Refer to the communication method according to the third viewpoint)
[Tenth embodiment]
(Refer to the program from the fourth viewpoint above.)
Note that the ninth to tenth embodiments can be developed into the second to fourth embodiments as in the first embodiment.
 なお、上記の特許文献および非特許文献の各開示を、本書に引用をもって繰り込むものとする。本発明の全開示(請求の範囲を含む)の枠内において、さらにその基本的技術思想に基づいて、実施形態ないし実施例の変更・調整が可能である。また、本発明の請求の範囲の枠内において種々の開示要素(各請求項の各要素、各実施形態ないし実施例の各要素、各図面の各要素等を含む)の多様な組み合わせ、ないし選択が可能である。すなわち、本発明は、請求の範囲を含む全開示、技術的思想にしたがって当業者であればなし得るであろう各種変形、修正を含むことは勿論である。特に、本書に記載した数値範囲については、当該範囲内に含まれる任意の数値ないし小範囲が、別段の記載のない場合でも具体的に記載されているものと解釈されるべきである。 It should be noted that the disclosures of the above patent documents and non-patent documents are incorporated herein by reference. Within the scope of the entire disclosure (including claims) of the present invention, the embodiments and examples can be changed and adjusted based on the basic technical concept. Further, various combinations or selections of various disclosed elements (including each element of each claim, each element of each embodiment or example, each element of each drawing, etc.) within the scope of the claims of the present invention. Is possible. That is, the present invention of course includes various variations and modifications that could be made by those skilled in the art according to the entire disclosure including the claims and the technical idea. In particular, with respect to the numerical ranges described in this document, any numerical value or small range included in the range should be construed as being specifically described even if there is no specific description.
 11、12 通信ノード
 20 制御装置
 31、32 スイッチ
 11A、12A、13A OpenFlowスイッチ
 20A OpenFlowコントローラ
 31A、32A L2スイッチ 11, 12 Communication node 20 Controller 31, 32 switch 11A, 12A, 13A OpenFlow switch 20A OpenFlow controller 31A, 32A L2 switch

Claims (10)

  1.  第1のネットワークのスイッチのリンクアグリゲーションされたポート群と、第2のネットワークのスイッチのリンクアグリゲーションされたポート群との間に、各通信ノードが並列に前記第1、第2のネットワークのスイッチと接続されるよう配置された2以上の通信ノードと、
     前記第1、第2のネットワーク間の通信パケットについて、前記各スイッチが参照する送信元アドレスと宛先アドレスとを前記通信ノードに共通して割り当てた所定のアドレスに変換してから転送するよう前記各通信ノードを制御する制御装置と、を含む通信システム。     Between the link aggregated port group of the switch of the first network and the link aggregated port group of the switch of the second network, each communication node is connected to the switch of the first network and the second network in parallel. Two or more communication nodes arranged to be connected;
    For each communication packet between the first and second networks, the source address and the destination address referred to by each switch are converted into a predetermined address commonly assigned to the communication node and then transferred. And a control device for controlling the communication node.
  2.  前記制御装置は、前記第1、第2のネットワーク間の通信パケットの送信元MACアドレスを自装置のポートに割り当てられたMACアドレスに変換するとともに、前記第1、第2のネットワーク間の通信パケットの宛先MACアドレスを予め学習した宛先機器のMACアドレスに変換する請求項1の通信システム。 The control device converts a transmission source MAC address of a communication packet between the first and second networks into a MAC address assigned to a port of the own device, and communicates between the first and second networks. The communication system according to claim 1, wherein the destination MAC address is converted into a MAC address of a destination device learned in advance.
  3.  前記制御装置は、前記各通信ノードに対し、
     前記第1、第2のネットワークの一方から他方のネットワークに宛てたパケットを識別するためのマッチ条件と、前記マッチ条件に適合するパケットに適用する処理とを対応付けた制御情報を設定することにより、前記第1、第2の通信ノードを制御する請求項1又は2の通信システム。     The control device, for each communication node,
    By setting control information that associates a match condition for identifying a packet addressed to the other network from one of the first and second networks and a process to be applied to a packet that matches the match condition The communication system according to claim 1 or 2, wherein the first and second communication nodes are controlled.
  4.  前記制御装置は、さらに、前記第1、第2の通信ノードに対し、
     前記第1、第2のネットワーク間の管理用パケットを通過させる制御情報を設定する請求項1から3いずれか一の通信システム。     The control device further provides the first and second communication nodes with respect to the first and second communication nodes.
    The communication system according to any one of claims 1 to 3, wherein control information for passing a management packet between the first and second networks is set.
  5.  第1のネットワークのスイッチのリンクアグリゲーションされたポート群と、第2のネットワークのスイッチのリンクアグリゲーションされたポート群との間に、各通信ノードが並列に前記第1、第2のネットワークのスイッチと接続されるよう配置された2以上の通信ノードと接続され、
     前記第1、第2のネットワーク間の通信パケットについて、前記各スイッチが参照する送信元アドレスと宛先アドレスとを前記通信ノードに共通して割り当てた所定のアドレスに変換してから転送するよう前記各通信ノードを制御する制御装置。     Between the link aggregated port group of the switch of the first network and the link aggregated port group of the switch of the second network, each communication node is connected to the switch of the first network and the second network in parallel. Connected to two or more communication nodes arranged to be connected,
    For each communication packet between the first and second networks, the source address and the destination address referred to by each switch are converted into a predetermined address commonly assigned to the communication node and then transferred. A control device that controls a communication node.
  6.  前記第1、第2のネットワーク間の通信パケットの送信元MACアドレスを自装置のポートに割り当てられたMACアドレスに変換するとともに、前記第1、第2のネットワーク間の通信パケットの宛先MACアドレスを予め学習した宛先機器のMACアドレスに変換する請求項5の制御装置。 A source MAC address of a communication packet between the first and second networks is converted into a MAC address assigned to a port of the own device, and a destination MAC address of the communication packet between the first and second networks is converted. 6. The control device according to claim 5, wherein the control device converts the MAC address of the destination device learned in advance.
  7.  前記各通信ノードに対し、
     前記第1、第2のネットワークの一方から他方のネットワークに宛てたパケットを識別するためのマッチ条件と、前記マッチ条件に適合するパケットに適用する処理とを対応付けた制御情報を設定することにより、前記第1、第2の通信ノードを制御する請求項5又は6の制御装置。     For each communication node,
    By setting control information that associates a match condition for identifying a packet addressed to the other network from one of the first and second networks and a process to be applied to a packet that matches the match condition The control device according to claim 5 or 6, which controls the first and second communication nodes.
  8.  さらに、前記各通信ノードに対し、
     前記第1、第2のネットワーク間の管理用パケットを通過させる制御情報を設定する請求項5から7いずれか一の制御装置。     Further, for each communication node,
    The control device according to claim 5, wherein control information for passing a management packet between the first and second networks is set.
  9.  第1のネットワークのスイッチのリンクアグリゲーションされたポート群と、第2のネットワークのスイッチのリンクアグリゲーションされたポート群との間に、各通信ノードが並列に前記第1、第2のネットワークのスイッチと接続されるよう配置された2以上の通信ノードと接続された制御装置が、
     前記通信ノードからの通知に基づいて、前記第1、第2のネットワーク間の通信が発生したことを検出するステップと、
     前記第1、第2のネットワーク間の通信について、前記各スイッチが参照する送信元アドレスと宛先アドレスとを前記通信ノードに共通して割り当てた所定のアドレスに変換してから転送するよう前記各通信ノードを制御するステップと、を含む通信方法。     Between the link aggregated port group of the switch of the first network and the link aggregated port group of the switch of the second network, each communication node is connected to the switch of the first network and the second network in parallel. A control device connected to two or more communication nodes arranged to be connected,
    Detecting the occurrence of communication between the first and second networks based on a notification from the communication node;
    For each communication between the first and second networks, the communication is performed such that a transmission source address and a destination address referred to by each switch are converted into a predetermined address commonly assigned to the communication node and then transferred. Controlling the node.
  10.  第1のネットワークのスイッチのリンクアグリゲーションされたポート群と、第2のネットワークのスイッチのリンクアグリゲーションされたポート群との間に、各通信ノードが並列に前記第1、第2のネットワークのスイッチと接続されるよう配置された2以上の通信ノードと接続されたコンピュータに、
     前記通信ノードからの通知に基づいて、前記第1、第2のネットワーク間の通信が発生したことを検出する処理と、
     前記第1、第2のネットワーク間の通信について、前記各スイッチが参照する送信元アドレスと宛先アドレスとを前記通信ノードに共通して割り当てた所定のアドレスに変換してから転送するよう前記各通信ノードを制御する処理と、を実行させるプログラム。     Between the link aggregated port group of the switch of the first network and the link aggregated port group of the switch of the second network, each communication node is connected to the switch of the first network and the second network in parallel. To a computer connected to two or more communication nodes arranged to be connected,
    A process for detecting that communication between the first and second networks has occurred based on a notification from the communication node;
    For each communication between the first and second networks, the communication is performed such that a transmission source address and a destination address referred to by each switch are converted into a predetermined address commonly assigned to the communication node and then transferred. A program for executing a process for controlling a node.
PCT/JP2014/083837 2013-12-24 2014-12-22 Communication system, control device, control method, and program WO2015098797A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2013265483 2013-12-24
JP2013-265483 2013-12-24

Publications (1)

Publication Number Publication Date
WO2015098797A1 true WO2015098797A1 (en) 2015-07-02

Family

ID=53478651

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2014/083837 WO2015098797A1 (en) 2013-12-24 2014-12-22 Communication system, control device, control method, and program

Country Status (1)

Country Link
WO (1) WO2015098797A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113709046A (en) * 2021-07-19 2021-11-26 国网上海市电力公司 PRP-based cross-three-layer exchange parallel redundancy method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2011250185A (en) * 2010-05-27 2011-12-08 Alaxala Networks Corp Network system and network apparatus
WO2013161409A1 (en) * 2012-04-23 2013-10-31 エスアイアイ・ネットワーク・システムズ株式会社 Layer-2 connection device, communication system, and communication method
JP2014116668A (en) * 2012-12-06 2014-06-26 Hitachi Metals Ltd Communication system and network repeater
JP2014216905A (en) * 2013-04-26 2014-11-17 株式会社日立製作所 Communication path switching device, communication path switching method and communication path switching program

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2011250185A (en) * 2010-05-27 2011-12-08 Alaxala Networks Corp Network system and network apparatus
WO2013161409A1 (en) * 2012-04-23 2013-10-31 エスアイアイ・ネットワーク・システムズ株式会社 Layer-2 connection device, communication system, and communication method
JP2014116668A (en) * 2012-12-06 2014-06-26 Hitachi Metals Ltd Communication system and network repeater
JP2014216905A (en) * 2013-04-26 2014-11-17 株式会社日立製作所 Communication path switching device, communication path switching method and communication path switching program

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
KAHORI HORIUCHI ET AL.: "Net Kochiku no Genba kara", NIKKEI NETWORK, 28 April 2010 (2010-04-28), pages 048 - 051 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113709046A (en) * 2021-07-19 2021-11-26 国网上海市电力公司 PRP-based cross-three-layer exchange parallel redundancy method

Similar Documents

Publication Publication Date Title
US8166187B2 (en) Distributed IP gateway based on sharing a MAC address and IP address concurrently between a first network switching device and a second network switching device
US9215175B2 (en) Computer system including controller and plurality of switches and communication method in computer system
JP5991424B2 (en) Packet rewriting device, control device, communication system, packet transmission method and program
EP2618521B1 (en) Method, apparatus and system for link aggregation failure protection
JP5825351B2 (en) COMMUNICATION SYSTEM, CONTROL DEVICE, COMMUNICATION METHOD, AND PROGRAM
EP2920926B1 (en) Virtual link aggregations across multiple fabric switches
CN105376154A (en) Progressive MAC address learning
WO2012050071A1 (en) Communication system, control device, method for setting processing rules, and program
TWI639325B (en) Automatically configured switch,method of automatically configuring a switch, and software defined network system with auto-deployment switches and auto-deploying method thereof
WO2018171529A1 (en) Method, device and computer storage medium for implementing double control plane
JP5987971B2 (en) Communication system, switch, control device, control channel construction method and program
WO2014087591A1 (en) Communication system, control apparatus, communication control method, transfer control method, and transfer control program
JP5861772B2 (en) Network appliance redundancy system, control device, network appliance redundancy method and program
JP6070700B2 (en) Packet transfer system, control device, packet transfer method and program
CN105490937A (en) Ethernet virtual network gateway switching method and service provider edge node equipment
WO2013141191A1 (en) Control apparatus, communication system, node control method and program
WO2014175423A1 (en) Communication node, communication system, packet processing method and program
US20160277251A1 (en) Communication system, virtual network management apparatus, communication node, communication method, and program
WO2015151442A1 (en) Communication system, communication method, and control device
WO2007104201A1 (en) A method for forwarding message in the service tunnel of the ethernet application and a system thereof
WO2015098797A1 (en) Communication system, control device, control method, and program
JP6206493B2 (en) CONTROL DEVICE, COMMUNICATION SYSTEM, RELAY DEVICE CONTROL METHOD, AND PROGRAM
WO2015093561A1 (en) Packet transfer system, controller, and method and program for controlling relay device
WO2015133561A1 (en) Communication system, control device, communication device, and communication method
WO2014084216A1 (en) Control device, communication system, communication method and program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14874371

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14874371

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: JP