WO2015189971A1 - Packet capture apparatus, packet capture method, and packet reconstruction method - Google Patents

Packet capture apparatus, packet capture method, and packet reconstruction method Download PDF

Info

Publication number
WO2015189971A1
WO2015189971A1 PCT/JP2014/065680 JP2014065680W WO2015189971A1 WO 2015189971 A1 WO2015189971 A1 WO 2015189971A1 JP 2014065680 W JP2014065680 W JP 2014065680W WO 2015189971 A1 WO2015189971 A1 WO 2015189971A1
Authority
WO
WIPO (PCT)
Prior art keywords
packet
packet capture
packets
predetermined information
capture
Prior art date
Application number
PCT/JP2014/065680
Other languages
French (fr)
Japanese (ja)
Inventor
隆志 床次
河野 徹
Original Assignee
株式会社アルチザネットワークス
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社アルチザネットワークス filed Critical 株式会社アルチザネットワークス
Priority to PCT/JP2014/065680 priority Critical patent/WO2015189971A1/en
Publication of WO2015189971A1 publication Critical patent/WO2015189971A1/en

Links

Images

Definitions

  • the present invention relates to a packet capture device, a packet capture method, and a packet reconstruction method capable of performing full capture of high-speed and large-capacity packets.
  • Patent Document 1 discloses a packet capture system including a plurality of traffic collection / analysis means and a share adjustment means for adjusting the share in the traffic collection / analysis means. Is disclosed.
  • Patent Document 2 discloses a packet capture system that performs full capture of packets by a plurality of measuring devices without requiring time synchronization between the plurality of measuring devices.
  • the conventional packet capture system has a problem that it is difficult to support full capture of 40 GbE / 100 GbE packets.
  • the present invention has been made to solve such a conventional problem, and is a packet capture system, a packet capture method, and a packet capture system capable of realizing full capture of a high-speed and large-capacity packet at a low cost.
  • An object is to provide a method for reconstructing a packet.
  • the present invention is a packet capture system comprising a plurality of packet capture devices, a packet receiving means capable of receiving a packet, an information giving means for giving predetermined information to the packet received by the packet receiving means, A packet distribution unit that distributes the packet after the predetermined information is added by the information addition unit to any one of the plurality of packet capture devices, and a plurality of packets that are distributed by the packet distribution unit
  • a packet capture system comprising: a packet reconstruction unit that rearranges packets in the order received by the packet reception unit based on the predetermined information.
  • the present invention is also a packet capture method using a plurality of packet capture devices, a packet receiving step for receiving a packet, an information adding step for giving predetermined information to the received packet, and the predetermined information
  • a packet distribution step of distributing the packet after being assigned to any one of the plurality of packet capture devices, and the plurality of packets after the distribution are received in the order received based on the predetermined information.
  • a packet restructuring step for rearranging the packets.
  • the present invention is also a packet reconstructing method using a plurality of packet capture devices, wherein predetermined information is given to a received packet, and the packet after the predetermined information is given is A packet reconstruction method characterized in that a packet is distributed to any one of the packet capture devices, and the plurality of packets after the distribution are rearranged in the order of reception based on the predetermined information.
  • the packet capture device According to the packet capture device, the packet capture method, and the packet reconstruction method according to the present invention, full capture of high-speed and large-capacity packets can be realized at low cost.
  • FIG. 1 is a block diagram illustrating a configuration example of a packet capture system 10.
  • FIG. It is the figure which showed an example of the packet distribution process and the packet reconstruction process.
  • FIG. 1 is a block diagram illustrating a configuration example of the packet capture system 10.
  • a packet capture system 10 includes a control PC 12 that controls the entire system, one packet processor 14 connected to the control PC 12 via a network NW1, and a plurality of (in this example, three). ) Packet capture device 16 (16a to 16c).
  • the packet capture system 10 As an example of the packet capture system according to the present invention, three packet capture devices 16a capable of full capture of a maximum of 20 GbE packets from 40 GbE packets input to one packet processor 14. Although the packet capture system 10 using ⁇ 16c will be described, the present invention is not limited to this example.
  • “40 GbE / 100 GbE” refers to the Ethernet (registered trademark) standard with a maximum transmission rate of 40 G ⁇ 100 Gbit / sec approved as IEEE 802.3ba.
  • the packet that can be fully captured by the packet capture system according to the present invention is not limited to a 40 GbE packet.
  • a full capture of a 100 GbE packet is possible, and in this case, the packet is input to the packet processor 14.
  • 100 GbE packets may be configured to use, for example, six packet capture devices capable of full capture of a maximum of 20 GbE packets.
  • the minimum packet length of the packet input to the packet processor 14 is 64 bytes long, so it is transmitted to the packet capture device at the subsequent stage.
  • the maximum transmission rate of packets input to the packet processor 14 is n (n is a positive integer) G bits / second, and the full capture capability per packet capture device is maximum m (m is a positive integer).
  • the number of packet capture devices is set to 3.
  • a packet that can be fully captured by the packet capture system according to the present invention is not limited to a packet that conforms to the IEEE 802.3ba standard, and may be a packet other than 40 GbE or 100 GbE.
  • control PC 12 controls the entire packet capture system 10 by controlling the packet processor 14 and the plurality of packet capture devices 16a to 16c, and a conventionally known server machine or personal computer is applied. be able to.
  • the control PC 12 instructs the packet processor 14 to perform “packet distribution processing” to be described later, and executes “packet reconstruction processing” to be described later using the plurality of packet capture devices 16a to 16c. .
  • a wired LAN is applied as the network NW1, and the control PC 12 is configured to perform mutual communication with the packet processor 14 and the packet capture devices 16a to 16c via the wired LAN.
  • the network NW1 is not limited to a wired LAN, and may be a wireless LAN or other communication means, for example.
  • control PCs 12 are not limited to this example.
  • the packet processor 14 and the packet capture devices 16a to 16c may be controlled using a plurality of control PCs 12. With such a configuration, the control burden on the control PC 12 can be reduced, and the processing capability of the entire packet capture system 10 can be increased.
  • the packet processor 14 includes a control unit 141 that controls the entire packet processor 14, a PC communication unit 142 that controls communication with the control PC 12, and an external network NW2 (in this example, a wired LAN.
  • NW2 in this example, a wired LAN.
  • An external communication unit 143 that performs communication control with a LAN or a WAN
  • a storage unit 144 that can store a control program and various data
  • an information addition unit 145 that adds predetermined information to a received packet.
  • a packet distribution unit 146 that distributes (distributes) the packet after the predetermined information is given, and a packet transmission unit 147 that can transmit the distributed packet to the packet capture devices 16a to 16c ( 147a to 147f).
  • the control unit 141 is a unit that controls the entire packet processor 14 based on a control program stored in the storage unit 144 and a command from the control PC 12, and is configured by, for example, a microcomputer.
  • the PC communication unit 142 is a unit that performs communication control with the control PC 12, and includes, for example, hardware such as a LAN terminal, software (program) that performs network control, and the like.
  • the external communication unit 143 is a unit that performs communication control with the external network NW2, and includes, for example, hardware such as a LAN terminal, software (program) that performs network control, and the like.
  • the storage unit 144 is a unit for storing a control program and various data, and is configured by, for example, a RAM or an HDD.
  • the information adding unit 145 is a unit that adds predetermined information (in this example, a time stamp and a sequence number) to the packet received by the external communication unit 143.
  • predetermined information in this example, a time stamp and a sequence number
  • software program
  • hardware such as an electronic circuit Consists of.
  • time stamp is time information indicating the date, time, etc. when a predetermined event (event) occurs.
  • the information for identifying a packet One time stamp is assigned to each unit packet.
  • the format of the time stamp is not particularly limited, but the time stamp of this example is UNIX (registered trademark) time (the time of midnight on January 1, 1970 (00:00:00) in Coordinated Universal Time (UTC)). Data having a length of 8 bytes).
  • the resolution of the time stamp is preferably equal to or less than the minimum packet reception interval of the external communication unit 143.
  • the minimum packet reception interval of the external communication unit 143 is 6 Therefore, the time stamp resolution is preferably 6.5 nsec or less (for example, 4 nsec).
  • sequence number is a serial number given continuously, and in this example, one sequence number is given to one unit of packet as information for identifying the packet.
  • the format of the sequence number is not particularly limited, but the sequence number in this example is 4-byte data composed of positive integers starting from 0.
  • the packet distribution unit 146 is a unit for distributing a packet after predetermined information (in this example, a time stamp and a sequence number) is added by the information addition unit 145 to one of the packet transmission units 147a to 147f.
  • predetermined information in this example, a time stamp and a sequence number
  • it is configured by hardware such as software (program) and an electronic circuit.
  • the packet transmission means 147 (147a to 147f) temporarily stores the packets distributed by the packet distribution means 146 and sequentially transmits the packets to any of the corresponding packet capture devices 16a to 16c.
  • it is composed of a FIFO memory.
  • two of the packet transmission units 147a to 147f are connected to two LAN terminals (packet reception unit 164 described later) of one packet capture device 16.
  • the packet capture device 16 includes a control unit 161 that controls the entire packet processor 16, a PC communication unit 162 that controls communication with the control PC 12, a storage unit 163 that can store control programs and various data, and an external Packet receiving means 164 capable of receiving packets from packet receivers, and packet storage means 165 (165a to 165c) capable of storing packets received from the packet receiving means 164.
  • the control means 161 is a means for controlling the entire packet capture device 16 based on a control program stored in the storage means 163 and a command from the control PC 12, and is composed of, for example, a microcomputer.
  • the PC communication unit 162 is a unit that performs communication control with the control PC 12, and includes, for example, hardware such as a LAN terminal, software (program) that performs network control, and the like.
  • the packet receiving unit 164 is a unit for receiving packets transmitted from the packet transmitting unit 147 (147a to 147f) of the packet processor 14, and includes, for example, hardware such as a LAN terminal, and software (program) for performing network control. ) Etc.
  • the packet receiver 164 of the packet capture device 16a is connected to the packet transmitters 147a and 147b
  • the packet receiver 164 of the packet capture device 16b is connected to the packet transmitters 147c and 147d
  • the packet capture device 16c is connected.
  • the packet receiving means 164 is connected to the packet transmitting means 147e, 147f.
  • the packet receiving means 164 is composed of two LAN terminals capable of receiving a packet at a maximum of 10 Gbps
  • the packet capture capability of the packet capture device 16 is not limited to a maximum of 20 Gbps
  • the configuration of the packet reception unit 164 is not limited to two LAN terminals.
  • the packet storage unit 165 (165a to 165c) is a unit for storing the packet received from the packet reception unit 164, and is configured by, for example, an HDD.
  • the packets transmitted from the packet transmission units 147a and 147b of the packet processor 14 are stored in the packet storage unit 165a of the packet capture device 16a and transmitted from the packet transmission units 147c and 147d of the packet processor 14.
  • the packet is stored in the packet storage unit 165b of the packet capture device 16b, and the packets transmitted from the packet transmission units 147e and 147f of the packet processor 14 are stored in the packet storage unit 165c of the packet capture device 16c. Yes.
  • FIG. 2 is a diagram showing an example of packet distribution processing and packet reconstruction processing.
  • the packet processor 14 includes only four packet transmission units 147a to 147d will be described in order to simplify the description.
  • FIG. 2 (a) is a diagram schematically showing a packet received by the packet processor 14 at time T.
  • the external communication means 143 of the packet processor 14 receives a total of 10 packets P0 to P9 at time T.
  • the information adding unit 145 adds a time stamp TS to each of the packets.
  • the information adding unit 145 adds a time stamp to each packet.
  • the present invention is not limited to this example, and the above sequence number is added to the packet instead of the time stamp.
  • the packet reconstruction process described later may be realized using the assigned sequence number, or both the time stamp and the sequence number are assigned, and the packet reconstruction process described later is realized using at least one of them. May be. However, if the time stamp resolution described above cannot be made smaller than the minimum packet interval due to hardware restrictions or the like, it is necessary to assign a sequence number to the packet.
  • FIG. 2 (b) is a diagram schematically showing the packet after the time stamp is given.
  • the information adding unit 145 adds time stamps TS0 to TS9 to each of the ten packets P0 to P9.
  • the packet distribution unit 146 completes the provision of the time stamp TS to the FIFO memory having the largest free space among the packet transmission units (FIFO memories) 147a to 147d.
  • the distribution target packet is stored. If there are a plurality of FIFO memories having the same free capacity, the packet to be distributed is stored in the FIFO memory assigned the smallest number.
  • young numbers are assigned in the order of the packet transmission units 147a, 147b, 147c, and 147d.
  • the packet distribution rule by the packet distribution unit 146 is not limited to this example, and any algorithm can be applied as long as it does not exceed the full capture capability of the packet capture device.
  • the packet allocating unit 146 distributes the packet P0 to which the time stamp TS0 is assigned first, but since the free capacities of the FIFO memories 147a to 147d at the time of distribution are the same, the time stamp TS0 is assigned.
  • the packet P0 is stored in the FIFO memory 147a to which the youngest number is assigned among the FIFO memories 147a to 147d (see reference numeral (b0)).
  • the free capacity of the FIFO memory 147a becomes the smallest, and the free capacity of the other FIFO memories 147b to 147d becomes the same and the largest.
  • the packet distribution unit 146 distributes the packet P1 to which the time stamp TS1 is assigned. Since the free memories of the FIFO memories 147b to 147d at the time of distribution are the same and the largest, the time stamp TS1 is The assigned packet P1 is stored in the FIFO memory 147b to which the youngest number is assigned among the FIFO memories 147b to 147d (see code (b1)). In this example, since the data amount of the packet P0 to which the time stamp TS0 is assigned is larger than the data amount of the packet P1 to which the time stamp TS1 is assigned, the free capacity of the FIFO memory 147a is the smallest and the FIFO memory 147b is free. The capacity becomes the second smallest, and the free capacity of the FIFO memories 147c and 147d becomes the same and the largest.
  • the packet distribution unit 146 distributes the packet P2 to which the time stamp TS2 is assigned. However, since the free capacities of the FIFO memories 147c and 147d at the time of distribution are the same, the time stamp TS2 is assigned.
  • the packet P2 is stored in the FIFO memory 147c assigned the youngest number among the FIFO memories 147c and 147d (see symbol (b2)).
  • the free capacity of the FIFO memory 147a is the smallest, and the FIFO memories 147b and 147c Are the same and second smallest, and the FIFO memory 147d has the largest free capacity.
  • the packet allocating unit 146 distributes the packet P3 to which the time stamp TS3 is assigned.
  • the packet P3 to which the time stamp TS3 is assigned is stored in the FIFO memory. It memorize
  • the data amount of the packet P3 to which the time stamp TS3 is attached is the same as the data amount of the packets P1 and P2 to which the time stamps TS1 and TS2 are attached, the free capacity of the FIFO memory 147a becomes the smallest, and the FIFO The free capacities of the memories 147b to 147d are the same and the largest.
  • the packet distribution unit 146 distributes the packet P4 to which the time stamp TS4 is assigned. Since the free memories of the FIFO memories 147b to 147d at the time of distribution are the same and the largest, the time stamp TS4 is The assigned packet P4 is stored in the FIFO memory 147b to which the youngest number is assigned among the FIFO memories 147b to 147d (see symbol (b4)).
  • the free capacity of the FIFO memory 147b becomes the smallest, and the FIFO memory 147a
  • the available capacity becomes the second smallest, and the available capacity of the FIFO memories 147c and 147d becomes the same and the largest.
  • the packets P5 to P9 are stored in any of the FIFO memories 147b to 147d by the same method (see symbols (b5) to (b9)), thereby completing the distribution process of the packets P0 to P9.
  • the packet capture device 16a stores the packets transmitted from the packet transmission means 147a and 147b of the packet processor 14 in the packet storage means (HDD) 165a, and the packet capture device 16b receives the packets from the packet transmission means 147c and 147d of the packet processor 14.
  • the transmitted packet is stored in the packet storage means (HDD) 165b.
  • control PC 12 sequentially scans the packets stored in the HDDs 165a to 165c of the packet capture devices 16a to 16c, and when it finds the packet with the lowest time stamp, Output to a file stored in the PC 12.
  • the control PC 12 outputs the packet P0 of the time stamp TS0 stored in the HDD 165a to the file as a packet to which the time stamp having the youngest number is given from the HDDs 165a to 165c (symbol (c0).
  • the packet P1 of the time stamp TS1 stored in the HDD 165a is output to a file as a packet to which the time stamp having the second smallest number is assigned (see the code (c1)).
  • control PC 12 outputs the packet P2 of the time stamp TS2 stored in the HDD 165b to the file as a packet to which the time stamp with the third lowest number is assigned from among the HDDs 165a to 165c (reference sign ( Then, the packet P3 of the time stamp TS3 stored in the HDD 165b is output to the file as a packet to which the time stamp having the fourth lowest number is assigned (see reference (c3)).
  • the control PC 12 outputs the packet P4 of the time stamp TS4 stored in the HDD 165a as a packet to which the time stamp with the fifth lowest number is assigned from among the HDDs 165a to 165c (reference sign ( Subsequently, the packet P5 of the time stamp TS5 stored in the HDD 165b is output to a file as a packet to which the time stamp having the sixth smallest number is assigned (see reference (c5)).
  • the packets P6 to P9, to which the time stamps TS6 to TS9 are assigned are sequentially output to the file by the same method, whereby the reconstruction of the packets P0 to P9 is completed, and the pre-distribution shown in FIG. Can be reproduced (the temporarily disassembled packet can be changed to the original packet).
  • the packet capture system (for example, the packet capture system 10) according to the present embodiment is a packet capture system including a plurality of packet capture devices (for example, the packet capture devices 16a to 16c), Packet receiving means (for example, external communication means 143), information giving means (for example, information giving means 145) for giving predetermined information to the packets received by the packet receiving means, and information giving means
  • the packet distribution unit (for example, packet distribution unit 146) that distributes the packet after the predetermined information is assigned to one of the plurality of packet capture devices and the packet distribution unit.
  • a plurality of packets after Based on the packet receiving means arranged in the order of reception changing packet reconstruction means (e.g., control PC12) and is configured to have a, a packet capture system, characterized in that.
  • the packet capture system since packet capture processing can be distributed to a plurality of packet capture devices, it is not necessary to increase the packet capture capability of the packet capture device more than necessary.
  • the device can be applied. As a result, full capture of a high-speed and large-capacity packet can be realized at low cost. Further, since the sorted packets can be reconstructed as they are, the high-speed packet communication is not hindered while full capture of high-speed and large-capacity packets is realized.
  • the packet distribution unit may distribute the packet after the predetermined information is assigned to a device having the smallest total number of distributed packets among the plurality of packet capture devices.
  • the load is not concentrated on a specific packet capture device, the packet capture capability of each packet capture device can be utilized to the maximum, and the processing capability of the entire system can be increased. .
  • the packet capture device and the packet capture method according to the present invention can be applied to full capture of packets of server machines and network devices compatible with IEEE 802.3ba.
  • Packet capture system 12 PC for control 14
  • Packet processor 141 Control means 142 PC communication means 143 External communication means 144
  • Storage means 145
  • Information giving means 146
  • Packet distribution means 147a to 147f Packet transmission means 16
  • Packet capture device 161
  • Control means 162
  • PC communication means 163
  • Packet reception means 165a to 165c Packet storage means

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

[Problem] To provide a packet capture system, a packet capture method and a packet reconstruction method whereby a high-speed high-capacity packet full-capture can be achieved at low cost. [Solution] A packet capture system (10) is configured such that the packet capture system (10), which includes a plurality of packet capture apparatuses (16a-16c), comprises: an external communication means (143) that can receive packets; an information addition means (145) that adds predetermined information to the received packets; a packet distribution means (146) that distributes the packets, to which the predetermined information has been added, to any ones of the plurality of packet capture apparatuses (16a-16c); and a control PC (12) that rearranges, on the basis of the predetermined information, the packets, which have been distributed, in a reception sequence.

Description

パケットキャプチャ装置、パケットキャプチャ方法、およびパケットの再構築方法Packet capture device, packet capture method, and packet reconstruction method
 本発明は、高速大容量のパケットのフルキャプチャを行うことができるパケットキャプチャ装置、パケットキャプチャ方法、およびパケットの再構築方法に関する。 The present invention relates to a packet capture device, a packet capture method, and a packet reconstruction method capable of performing full capture of high-speed and large-capacity packets.
 従来、複数のパケットキャプチャ装置を用いて大量のIPパケットのフルキャプチャを行うパケットキャプチャシステムが広く知られている。 Conventionally, a packet capture system that performs full capture of a large number of IP packets using a plurality of packet capture devices is widely known.
 このようなパケットキャプチャシステムの一つとして、例えば、特許文献1には、複数のトラフィック収集・分析手段と、このトラフィック収集・分析手段における分担を調整する分担調整手段と、を備えたパケットキャプチャシステムが開示されている。 As one of such packet capture systems, for example, Patent Document 1 discloses a packet capture system including a plurality of traffic collection / analysis means and a share adjustment means for adjusting the share in the traffic collection / analysis means. Is disclosed.
 また、特許文献2には、複数の計測装置間での時刻同期を必要とせずに、複数の計測装置によるパケットのフルキャプチャを行うパケットキャプチャシステムが開示されている。 Patent Document 2 discloses a packet capture system that performs full capture of packets by a plurality of measuring devices without requiring time synchronization between the plurality of measuring devices.
特開平11-88328号公報Japanese Patent Laid-Open No. 11-88328 特許第5013001号公報Japanese Patent No. 5013001
 ところで、近年、最大伝送速度が40Gビット/秒・100Gビット/秒のイーサネット(登録商標)規格(40GbE・100GbE)であるIEEE802.3baに対応するサーバー機やネットワーク機器が登場しており、高速大容量のパケットのフルキャプチャに対する要望が高まっている。 By the way, in recent years, server machines and network devices corresponding to IEEE 802.3ba, which is an Ethernet (registered trademark) standard (40 GbE / 100 GbE) having a maximum transmission rate of 40 Gbit / second / 100 Gbit / second, have appeared, and high speed and large There is a growing demand for full capture of packets of capacity.
 しかしながら、従来のパケットキャプチャシステムでは、40GbE・100GbEのパケットのフルキャプチャへの対応が難しいといった問題点があった。 However, the conventional packet capture system has a problem that it is difficult to support full capture of 40 GbE / 100 GbE packets.
 また、従来のパケットキャプチャシステムを用いて40GbE・100GbEのパケットのフルキャプチャを実現するためには、ハードウェアやソフトウェアの大幅な改良が必要であり、低コストでの実現が困難であるといった問題点もあった。 In addition, in order to realize full capture of 40 GbE / 100 GbE packets using a conventional packet capture system, it is necessary to significantly improve hardware and software, and it is difficult to realize at low cost. There was also.
 本発明は、このような従来の問題点を解決するためになされたものであって、高速大容量のパケットのフルキャプチャを低コストで実現することが可能なパケットキャプチャシステム、パケットキャプチャ方法、およびパケットの再構築方法を提供することを目的とする。 The present invention has been made to solve such a conventional problem, and is a packet capture system, a packet capture method, and a packet capture system capable of realizing full capture of a high-speed and large-capacity packet at a low cost. An object is to provide a method for reconstructing a packet.
 本発明は、複数のパケットキャプチャ装置を備えたパケットキャプチャシステムであって、パケットを受信可能なパケット受信手段と、前記パケット受信手段が受信した前記パケットに所定の情報を付与する情報付与手段と、前記情報付与手段によって前記所定の情報が付与された後のパケットを、前記複数のパケットキャプチャ装置のいずれかの装置に振り分けるパケット振分手段と、前記パケット振分手段によって振り分けられた後の複数のパケットを、前記所定の情報に基づいて、前記パケット受信手段が受信した順番に並び替えるパケット再構築手段と、を有して構成されている、ことを特徴とするパケットキャプチャシステムである。 The present invention is a packet capture system comprising a plurality of packet capture devices, a packet receiving means capable of receiving a packet, an information giving means for giving predetermined information to the packet received by the packet receiving means, A packet distribution unit that distributes the packet after the predetermined information is added by the information addition unit to any one of the plurality of packet capture devices, and a plurality of packets that are distributed by the packet distribution unit A packet capture system comprising: a packet reconstruction unit that rearranges packets in the order received by the packet reception unit based on the predetermined information.
 また、本発明は、複数のパケットキャプチャ装置を用いたパケットキャプチャ方法であって、パケットを受信するパケット受信ステップと、受信した前記パケットに所定の情報を付与する情報付与ステップと、前記所定の情報が付与された後のパケットを、前記複数のパケットキャプチャ装置のいずれかの装置に振り分けるパケット振分ステップと、振り分けられた後の複数のパケットを、前記所定の情報に基づいて、受信した順番に並び替えるパケット再構築ステップと、を有して構成されている、ことを特徴とするパケットキャプチャ方法である。 The present invention is also a packet capture method using a plurality of packet capture devices, a packet receiving step for receiving a packet, an information adding step for giving predetermined information to the received packet, and the predetermined information A packet distribution step of distributing the packet after being assigned to any one of the plurality of packet capture devices, and the plurality of packets after the distribution are received in the order received based on the predetermined information. And a packet restructuring step for rearranging the packets.
 また、本発明は、複数のパケットキャプチャ装置を用いたパケットの再構築方法であって、受信したパケットに所定の情報を付与し、前記所定の情報が付与された後のパケットを、前記複数のパケットキャプチャ装置のいずれかの装置に振り分け、振り分けられた後の複数のパケットを、前記所定の情報に基づいて、受信した順番に並び替える、ことを特徴とするパケットの再構築方法である。 The present invention is also a packet reconstructing method using a plurality of packet capture devices, wherein predetermined information is given to a received packet, and the packet after the predetermined information is given is A packet reconstruction method characterized in that a packet is distributed to any one of the packet capture devices, and the plurality of packets after the distribution are rearranged in the order of reception based on the predetermined information.
 本発明に係るパケットキャプチャ装置、パケットキャプチャ方法、およびパケットの再構築方法によれば、高速大容量のパケットのフルキャプチャを低コストで実現することがすることができる。 According to the packet capture device, the packet capture method, and the packet reconstruction method according to the present invention, full capture of high-speed and large-capacity packets can be realized at low cost.
パケットキャプチャシステム10の構成例を示したブロック図である。1 is a block diagram illustrating a configuration example of a packet capture system 10. FIG. パケットの振分処理とパケットの再構築処理の一例を示した図である。It is the figure which showed an example of the packet distribution process and the packet reconstruction process.
 以下、図面を用いて、本実施形態に係るパケットキャプチャシステム10について詳細に説明する。 Hereinafter, the packet capture system 10 according to the present embodiment will be described in detail with reference to the drawings.
 <全体構成>
 最初に、図1を用いて、パケットキャプチャシステム10の全体構成について説明する。なお、図1は、パケットキャプチャシステム10の構成例を示したブロック図である。 <Overall configuration>
First, the overall configuration of the packet capture system 10 will be described with reference to FIG. FIG. 1 is a block diagram illustrating a configuration example of the packet capture system 10.
 本実施形態に係るパケットキャプチャシステム10は、システム全体の制御を行う制御用PC12と、この制御用PC12にネットワークNW1を介して接続された1台のパケットプロセッサ14および複数(本例では、3台)のパケットキャプチャ装置16(16a~16c)と、を有して構成されている。 A packet capture system 10 according to the present embodiment includes a control PC 12 that controls the entire system, one packet processor 14 connected to the control PC 12 via a network NW1, and a plurality of (in this example, three). ) Packet capture device 16 (16a to 16c).
 なお、本実施形態では、本発明に係るパケットキャプチャシステムの一例として、1台のパケットプロセッサ14に入力される40GbEのパケットを、最大20GbEのパケットのフルキャプチャが可能な3台のパケットキャプチャ装置16a~16cを用いたパケットキャプチャシステム10について説明するが、本発明は本例に限定されるものではない。ここで、「40GbE/100GbE」とは、IEEE802.3baとして承認された最大伝送速度が40G・100Gビット/秒のイーサネット(登録商標)規格のことである。 In this embodiment, as an example of the packet capture system according to the present invention, three packet capture devices 16a capable of full capture of a maximum of 20 GbE packets from 40 GbE packets input to one packet processor 14. Although the packet capture system 10 using ˜16c will be described, the present invention is not limited to this example. Here, “40 GbE / 100 GbE” refers to the Ethernet (registered trademark) standard with a maximum transmission rate of 40 G · 100 Gbit / sec approved as IEEE 802.3ba.
 また、本発明に係るパケットキャプチャシステムでフルキャプチャ可能なパケットは、40GbEのパケットに限定されるものではなく、例えば、100GbEのパケットのフルキャプチャも可能であり、この場合、パケットプロセッサ14に入力される100GbEのパケットを、例えば、最大20GbEのパケットのフルキャプチャが可能な6台のパケットキャプチャ装置を用いる構成とすればよい。 The packet that can be fully captured by the packet capture system according to the present invention is not limited to a 40 GbE packet. For example, a full capture of a 100 GbE packet is possible, and in this case, the packet is input to the packet processor 14. 100 GbE packets may be configured to use, for example, six packet capture devices capable of full capture of a maximum of 20 GbE packets.
 ここで、後述するタイムスタンプが8バイト長、シーケンス番号が4バイト長と仮定した場合、パケットプロセッサ14に入力されるパケットの最小パケット長は64バイト長であるため、後段のパケットキャプチャ装置に送信されるパケットの伝送速度は、タイムスタンプとシーケンス番号を付与することで、約20%(=(8バイト+4バイト)/64バイト×100%)だけ増加することになる。 Here, assuming that the time stamp, which will be described later, is 8 bytes long and the sequence number is 4 bytes long, the minimum packet length of the packet input to the packet processor 14 is 64 bytes long, so it is transmitted to the packet capture device at the subsequent stage. The transmission rate of the received packet increases by about 20% (= (8 bytes + 4 bytes) / 64 bytes × 100%) by adding the time stamp and the sequence number.
 このため、パケットプロセッサ14に入力されるパケットの最大伝送速度がn(nは正の整数)Gビット/秒、パケットキャプチャ装置の1台あたりのフルキャプチャ能力が最大m(mは正の整数)Gビット/秒、パケットキャプチャ装置の台数がc(cは正の整数)台の場合、パケットの取りこぼしを回避するためには、「n×1.2=<m×c」の関係が成立していることが好ましい。 For this reason, the maximum transmission rate of packets input to the packet processor 14 is n (n is a positive integer) G bits / second, and the full capture capability per packet capture device is maximum m (m is a positive integer). In the case of G bits / second and the number of packet capture devices is c (c is a positive integer), the relationship “n × 1.2 = <m × c” is established in order to avoid packet loss. It is preferable.
 例えば、パケットプロセッサ14に入力されるパケットの最大伝送速度が40Gビット/秒、パケットキャプチャ装置の1台あたりのフルキャプチャ能力が最大20Gビット/秒の場合、パケットキャプチャ装置の台数を3台に設定すれば、「40Gbps×1.2<60Gbps(=20Gbps×3台)」の関係が成立し、40GbEのパケットの取りこぼしを回避し、40GbEのパケットのフルキャプチャが可能となる。 For example, when the maximum transmission rate of packets input to the packet processor 14 is 40 Gbit / s and the full capture capability per packet capture device is 20 Gbit / s, the number of packet capture devices is set to 3. In this case, the relationship of “40 Gbps × 1.2 <60 Gbps (= 20 Gbps × 3)” is established, so that a 40 Gbps packet can be avoided and a 40 Gbps packet can be fully captured.
 また、パケットプロセッサ14に入力されるパケットの最大伝送速度が100Gビット/秒、パケットキャプチャ装置の1台あたりのフルキャプチャ能力が最大20Gビット/秒の場合、パケットキャプチャ装置の台数を6台に設定すれば、「100Gbps×1.2=<120Gbps(=20Gbps×6台)」の関係が成立し、100GbEのパケットの取りこぼしを回避し、100GbEのパケットのフルキャプチャが可能となる。 If the maximum transmission rate of packets input to the packet processor 14 is 100 Gbit / s and the full capture capacity per packet capture device is 20 Gbit / s, the number of packet capture devices is set to 6. In this case, the relationship of “100 Gbps × 1.2 = <120 Gbps (= 20 Gbps × 6)” is established, and it is possible to avoid the loss of 100 Gbps packets and to fully capture 100 Gbps packets.
 なお、パケットに付与する情報の種類やデータ長によって後段のパケットキャプチャ装置に送信されるパケットの伝送速度が変化するため、n,m,cの関係は、「n×1.2=<m×c」の関係に限定されるものではなく、パケットの伝送速度の増加分を考慮して適宜、決定すればよい。 Since the transmission rate of the packet transmitted to the subsequent packet capture device changes depending on the type of information added to the packet and the data length, the relationship between n, m, and c is “n × 1.2 = <m × It is not limited to the relationship of “c”, and may be determined as appropriate in consideration of an increase in packet transmission rate.
 また、本発明に係るパケットキャプチャシステムでフルキャプチャ可能なパケットは、IEEE802.3ba規格に準拠したパケットに限定されるものでなく、40GbEまたは100GbE以外のパケットであってもよい。 Further, a packet that can be fully captured by the packet capture system according to the present invention is not limited to a packet that conforms to the IEEE 802.3ba standard, and may be a packet other than 40 GbE or 100 GbE.
 <制御用PC>
 次に、制御用PC12について説明する。制御用PC12は、パケットプロセッサ14や複数のパケットキャプチャ装置16a~16cの制御を行うことで、パケットキャプチャシステム10の全体の制御を行うものであり、従来公知のサーバー機やパーソナルコンピュータなどを適用することができる。 <Control PC>
Next, the control PC 12 will be described. The control PC 12 controls the entire packet capture system 10 by controlling the packet processor 14 and the plurality of packet capture devices 16a to 16c, and a conventionally known server machine or personal computer is applied. be able to.
 制御用PC12は、パケットプロセッサ14に対して、後述する「パケットの振分処理」を指示するとともに、複数のパケットキャプチャ装置16a~16cを用いて、後述する「パケットの再構築処理」を実行する。 The control PC 12 instructs the packet processor 14 to perform “packet distribution processing” to be described later, and executes “packet reconstruction processing” to be described later using the plurality of packet capture devices 16a to 16c. .
 本例では、ネットワークNW1として有線のLANを適用し、制御用PC12は、有線のLANを介してパケットプロセッサ14やパケットキャプチャ装置16a~16cとの相互通信を行うように構成している。なお、ネットワークNW1は、有線のLANに限定されるものではなく、例えば、無線のLANでもよいし、他の通信手段を適用してもよい。 In this example, a wired LAN is applied as the network NW1, and the control PC 12 is configured to perform mutual communication with the packet processor 14 and the packet capture devices 16a to 16c via the wired LAN. The network NW1 is not limited to a wired LAN, and may be a wireless LAN or other communication means, for example.
 また、制御用PC12の台数は、本例に限定されず、例えば、複数台の制御用PC12を用いてパケットプロセッサ14やパケットキャプチャ装置16a~16cの制御を行うように構成してもよい。このような構成とすれば、制御用PC12の制御負担を軽減することができ、パケットキャプチャシステム10全体の処理能力を高めることが可能となる。 Further, the number of control PCs 12 is not limited to this example. For example, the packet processor 14 and the packet capture devices 16a to 16c may be controlled using a plurality of control PCs 12. With such a configuration, the control burden on the control PC 12 can be reduced, and the processing capability of the entire packet capture system 10 can be increased.
 <パケットプロセッサ>
 次に、パケットプロセッサ14について詳細に説明する。パケットプロセッサ14は、パケットプロセッサ14全体の制御を行う制御手段141と、制御用PC12との通信制御を行うPC通信手段142と、外部のネットワークNW2(本例では、有線のLAN。なお、無線のLANでもよいし、WANでもよい)との通信制御を行う外部通信手段143と、制御プログラムや各種データの記憶が可能な記憶手段144と、受信したパケットに所定の情報を付与する情報付与手段145と、所定の情報が付与された後のパケットの振分(配分)を行うパケット振分手段146と、振分後のパケットをパケットキャプチャ装置16a~16cに向けて送信可能なパケット送信手段147(147a~147f)と、を有して構成される。 <Packet processor>
Next, the packet processor 14 will be described in detail. The packet processor 14 includes a control unit 141 that controls the entire packet processor 14, a PC communication unit 142 that controls communication with the control PC 12, and an external network NW2 (in this example, a wired LAN. An external communication unit 143 that performs communication control with a LAN or a WAN), a storage unit 144 that can store a control program and various data, and an information addition unit 145 that adds predetermined information to a received packet. A packet distribution unit 146 that distributes (distributes) the packet after the predetermined information is given, and a packet transmission unit 147 that can transmit the distributed packet to the packet capture devices 16a to 16c ( 147a to 147f).
 <パケットプロセッサ/制御手段、PC通信手段>
 制御手段141は、記憶手段144に記憶された制御プログラムや制御用PC12からの指令に基づいてパケットプロセッサ14全体の制御を行う手段であり、例えば、マイクロコンピュータなどで構成される。PC通信手段142は、制御用PC12との通信制御を行う手段であり、例えば、LAN端子などのハードウェアや、ネットワーク制御を行うソフトウェア(プログラム)などで構成される。 <Packet processor / control means, PC communication means>
The control unit 141 is a unit that controls the entire packet processor 14 based on a control program stored in the storage unit 144 and a command from the control PC 12, and is configured by, for example, a microcomputer. The PC communication unit 142 is a unit that performs communication control with the control PC 12, and includes, for example, hardware such as a LAN terminal, software (program) that performs network control, and the like.
 <パケットプロセッサ/外部通信手段、記憶手段>
 外部通信手段143は、外部のネットワークNW2との通信制御を行う手段であり、例えば、LAN端子などのハードウェアや、ネットワーク制御を行うソフトウェア(プログラム)などで構成される。記憶手段144は、制御プログラムや各種データを記憶するための手段であり、例えば、RAMやHDDなどで構成される。 <Packet processor / external communication means, storage means>
The external communication unit 143 is a unit that performs communication control with the external network NW2, and includes, for example, hardware such as a LAN terminal, software (program) that performs network control, and the like. The storage unit 144 is a unit for storing a control program and various data, and is configured by, for example, a RAM or an HDD.
 <パケットプロセッサ/情報付与手段>
 情報付与手段145は、外部通信手段143が受信したパケットに所定の情報(本例では、タイムスタンプとシーケンス番号)を付与する手段であり、例えば、ソフトウェア(プログラム)や、電子回路などのハードウェアで構成される。 <Packet processor / information providing means>
The information adding unit 145 is a unit that adds predetermined information (in this example, a time stamp and a sequence number) to the packet received by the external communication unit 143. For example, software (program) or hardware such as an electronic circuit Consists of.
 ここで、「タイムスタンプ」とは、所定のイベント(出来事)が発生したときの年月日、時間などを示す時間情報のことであり、本例では、パケットを識別するための情報として、一単位のパケットに対して一つのタイムスタンプが付与される。タイムスタンプの形式は特に限定されないが、本例のタイムスタンプは、UNIX(登録商標)時間(協定世界時(UTC)での1970年1月1日真夜中(午前0時0分0秒)の時刻からの形式的な経過秒数)によって構成される8バイト長のデータである。 Here, the “time stamp” is time information indicating the date, time, etc. when a predetermined event (event) occurs. In this example, as the information for identifying a packet, One time stamp is assigned to each unit packet. The format of the time stamp is not particularly limited, but the time stamp of this example is UNIX (registered trademark) time (the time of midnight on January 1, 1970 (00:00:00) in Coordinated Universal Time (UTC)). Data having a length of 8 bytes).
 なお、タイムスタンプの分解能は、外部通信手段143の最小パケット受信間隔以下であることが好ましく、例えば、外部通信手段143が100GbEのパケットを受信する場合、外部通信手段143の最小パケット受信間隔は6.5nsecとなるため、タイムスタンプの分解能は、6.5nsec以下の値(例えば、4nsec)であることが好ましい。 The resolution of the time stamp is preferably equal to or less than the minimum packet reception interval of the external communication unit 143. For example, when the external communication unit 143 receives a 100 GbE packet, the minimum packet reception interval of the external communication unit 143 is 6 Therefore, the time stamp resolution is preferably 6.5 nsec or less (for example, 4 nsec).
 また、「シーケンス番号」とは、連続的に付与される通し番号のことであり、本例では、パケットを識別するための情報として、一単位のパケットに対して一つのシーケンス番号が付与される。シーケンス番号の形式は特に限定されないが、本例のシーケンス番号は、0から始まる正の整数によって構成される4バイト長のデータである。 Also, the “sequence number” is a serial number given continuously, and in this example, one sequence number is given to one unit of packet as information for identifying the packet. The format of the sequence number is not particularly limited, but the sequence number in this example is 4-byte data composed of positive integers starting from 0.
 <パケットプロセッサ/パケット振分手段>
 パケット振分手段146は、情報付与手段145によって所定の情報(本例では、タイムスタンプとシーケンス番号)が付与された後のパケットをパケット送信手段147a~147fのいずれかに振り分けるための手段であり、例えば、ソフトウェア(プログラム)や、電子回路などのハードウェアで構成される。 <Packet processor / packet distribution means>
The packet distribution unit 146 is a unit for distributing a packet after predetermined information (in this example, a time stamp and a sequence number) is added by the information addition unit 145 to one of the packet transmission units 147a to 147f. For example, it is configured by hardware such as software (program) and an electronic circuit.
 <パケットプロセッサ/パケット送信手段>
 パケット送信手段147(147a~147f)は、パケット振分手段146によって振り分けられたパケットを一時的に記憶するとともに、当該パケットを、順次、対応するパケットキャプチャ装置16a~16cのいずれかに送信する手段であり、例えば、FIFOメモリで構成される。なお、本例では、パケット送信手段147a~147fのうちの2つを、1台のパケットキャプチャ装置16の2つのLAN端子(後述するパケット受信手段164)に接続している。 <Packet processor / packet transmission means>
The packet transmission means 147 (147a to 147f) temporarily stores the packets distributed by the packet distribution means 146 and sequentially transmits the packets to any of the corresponding packet capture devices 16a to 16c. For example, it is composed of a FIFO memory. In this example, two of the packet transmission units 147a to 147f are connected to two LAN terminals (packet reception unit 164 described later) of one packet capture device 16.
 <パケットキャプチャ装置>
 次に、パケットキャプチャ装置16(16a~16c)について詳細に説明する。パケットキャプチャ装置16は、パケットプロセッサ16全体の制御を行う制御手段161と、制御用PC12との通信制御を行うPC通信手段162と、制御プログラムや各種データの記憶が可能な記憶手段163と、外部からパケットを受信することが可能なパケット受信手段164と、パケット受信手段164から受信したパケットを記憶することが可能なパケット記憶手段165(165a~165c)と、を有して構成される。 <Packet capture device>
Next, the packet capture device 16 (16a to 16c) will be described in detail. The packet capture device 16 includes a control unit 161 that controls the entire packet processor 16, a PC communication unit 162 that controls communication with the control PC 12, a storage unit 163 that can store control programs and various data, and an external Packet receiving means 164 capable of receiving packets from packet receivers, and packet storage means 165 (165a to 165c) capable of storing packets received from the packet receiving means 164.
 <パケットキャプチャ装置/制御手段、PC通信手段>
 制御手段161は、記憶手段163に記憶された制御プログラムや制御用PC12からの指令に基づいてパケットキャプチャ装置16全体の制御を行う手段であり、例えば、マイクロコンピュータなどで構成される。PC通信手段162は、制御用PC12との通信制御を行う手段であり、例えば、LAN端子などのハードウェアや、ネットワーク制御を行うソフトウェア(プログラム)などで構成される。 <Packet capture device / control means, PC communication means>
The control means 161 is a means for controlling the entire packet capture device 16 based on a control program stored in the storage means 163 and a command from the control PC 12, and is composed of, for example, a microcomputer. The PC communication unit 162 is a unit that performs communication control with the control PC 12, and includes, for example, hardware such as a LAN terminal, software (program) that performs network control, and the like.
 <パケットキャプチャ装置/パケット受信手段>
 パケット受信手段164は、パケットプロセッサ14のパケット送信手段147(147a~147f)から送信されるパケットを受信するための手段であり、例えば、LAN端子などのハードウェアや、ネットワーク制御を行うソフトウェア(プログラム)などで構成される。本例では、パケットキャプチャ装置16aのパケット受信手段164を、パケット送信手段147a、147bに接続し、パケットキャプチャ装置16bのパケット受信手段164を、パケット送信手段147c、147dに接続し、パケットキャプチャ装置16cのパケット受信手段164を、パケット送信手段147e、147fに接続している。 <Packet capture device / packet receiving means>
The packet receiving unit 164 is a unit for receiving packets transmitted from the packet transmitting unit 147 (147a to 147f) of the packet processor 14, and includes, for example, hardware such as a LAN terminal, and software (program) for performing network control. ) Etc. In this example, the packet receiver 164 of the packet capture device 16a is connected to the packet transmitters 147a and 147b, the packet receiver 164 of the packet capture device 16b is connected to the packet transmitters 147c and 147d, and the packet capture device 16c is connected. The packet receiving means 164 is connected to the packet transmitting means 147e, 147f.
 また、本例では、パケット受信手段164を、最大10Gbpsのパケット受信が可能な2本のLAN端子で構成しているため、1台のパケットキャプチャ装置16のパケットキャプチャ能力は、最大20Gbps(=10Gbps×2本)である。なお、上述の通り、パケットキャプチャ装置16のパケットキャプチャ能力は、最大20Gbpsに限定されるものではなく、パケット受信手段164の構成も、2本のLAN端子に限定されるものではない。 In this example, since the packet receiving means 164 is composed of two LAN terminals capable of receiving a packet at a maximum of 10 Gbps, the packet capture capability of one packet capture device 16 is a maximum of 20 Gbps (= 10 Gbps). × 2). As described above, the packet capture capability of the packet capture device 16 is not limited to a maximum of 20 Gbps, and the configuration of the packet reception unit 164 is not limited to two LAN terminals.
 <パケットキャプチャ装置/パケット記憶手段>
 パケット記憶手段165(165a~165c)は、パケット受信手段164から受信したパケットを記憶するための手段であり、例えば、HDDなどで構成される。なお、本例では、パケットプロセッサ14のパケット送信手段147a、147bから送信されるパケットを、パケットキャプチャ装置16aのパケット記憶手段165aに記憶し、パケットプロセッサ14のパケット送信手段147c、147dから送信されるパケットを、パケットキャプチャ装置16bのパケット記憶手段165bに記憶し、パケットプロセッサ14のパケット送信手段147e、147fから送信されるパケットを、パケットキャプチャ装置16cのパケット記憶手段165cに記憶するように構成している。 <Packet capture device / packet storage means>
The packet storage unit 165 (165a to 165c) is a unit for storing the packet received from the packet reception unit 164, and is configured by, for example, an HDD. In this example, the packets transmitted from the packet transmission units 147a and 147b of the packet processor 14 are stored in the packet storage unit 165a of the packet capture device 16a and transmitted from the packet transmission units 147c and 147d of the packet processor 14. The packet is stored in the packet storage unit 165b of the packet capture device 16b, and the packets transmitted from the packet transmission units 147e and 147f of the packet processor 14 are stored in the packet storage unit 165c of the packet capture device 16c. Yes.
 <パケットの振分処理>
 次に、図2を用いて、パケットの振分処理について説明する。なお、図2は、パケットの振分処理とパケットの再構築処理の一例を示した図である。本例では、説明を簡略化するため、パケットプロセッサ14が4つのパケット送信手段147a~147dのみを備えている場合について説明する。 <Packet distribution processing>
Next, packet distribution processing will be described with reference to FIG. FIG. 2 is a diagram showing an example of packet distribution processing and packet reconstruction processing. In this example, a case where the packet processor 14 includes only four packet transmission units 147a to 147d will be described in order to simplify the description.
 図2(a)は、時間Tにおいてパケットプロセッサ14が受信したパケットを模式的に示した図である。本例は、パケットプロセッサ14の外部通信手段143が、時間Tにおいて、合計10個のパケットP0~P9を受信した例である。外部通信手段143が一単位のパケットを受信すると、情報付与手段145は、パケットの各々にタイムスタンプTSを付与する。 FIG. 2 (a) is a diagram schematically showing a packet received by the packet processor 14 at time T. FIG. In this example, the external communication means 143 of the packet processor 14 receives a total of 10 packets P0 to P9 at time T. When the external communication unit 143 receives one unit of packet, the information adding unit 145 adds a time stamp TS to each of the packets.
 なお、本例では、情報付与手段145がパケットの各々にタイムスタンプを付与する例について説明するが、本発明は本例に限定されず、タイムスタンプに代えて上述のシーケンス番号をパケットに付与し、付与したシーケンス番号を用いて、後述するパケットの再構築処理を実現してもよいし、タイムスタンプとシーケンス番号の両方を付与し、少なくとも一方を用いて、後述するパケットの再構築処理を実現してもよい。ただし、ハードウェアの制約などにより、上述のタイムスタンプの分解能を最小パケット間隔よりも小さくできない場合、パケットにシーケンス番号を付与することが必要となる。 In this example, an example in which the information adding unit 145 adds a time stamp to each packet will be described. However, the present invention is not limited to this example, and the above sequence number is added to the packet instead of the time stamp. The packet reconstruction process described later may be realized using the assigned sequence number, or both the time stamp and the sequence number are assigned, and the packet reconstruction process described later is realized using at least one of them. May be. However, if the time stamp resolution described above cannot be made smaller than the minimum packet interval due to hardware restrictions or the like, it is necessary to assign a sequence number to the packet.
 図2(b)は、タイムスタンプを付与した後のパケットを模式的に示した図である。本例では、情報付与手段145が、10個のパケットP0~P9の各々にタイムスタンプTS0~TS9を付与している。 FIG. 2 (b) is a diagram schematically showing the packet after the time stamp is given. In this example, the information adding unit 145 adds time stamps TS0 to TS9 to each of the ten packets P0 to P9.
 情報付与手段145がタイムスタンプTSの付与を完了すると、パケット振分手段146は、パケット送信手段(FIFOメモリ)147a~147dのうち、最も空き容量が大きいFIFOメモリに、タイムスタンプTSの付与が完了した振分対象のパケットを記憶する。また、空き容量が同一のFIFOメモリが複数存在する場合には、振分対象のパケットを、最も若い番号が付与されたFIFOメモリに記憶する。ここで、本例では、パケット送信手段147a、147b、147c、147dの順番で若い番号が付与されていると仮定する。 When the information adding unit 145 completes the provision of the time stamp TS, the packet distribution unit 146 completes the provision of the time stamp TS to the FIFO memory having the largest free space among the packet transmission units (FIFO memories) 147a to 147d. The distribution target packet is stored. If there are a plurality of FIFO memories having the same free capacity, the packet to be distributed is stored in the FIFO memory assigned the smallest number. Here, in this example, it is assumed that young numbers are assigned in the order of the packet transmission units 147a, 147b, 147c, and 147d.
 なお、パケット振分手段146によるパケット振分のルールは、本例に限定されるものではなく、パケットキャプチャ装置のフルキャプチャ能力を超えない限りにおいて、任意のアルゴリズムを適用可能である。 Note that the packet distribution rule by the packet distribution unit 146 is not limited to this example, and any algorithm can be applied as long as it does not exceed the full capture capability of the packet capture device.
 パケット振分手段146は、最初にタイムスタンプTS0が付与されたパケットP0の振分を行うが、振分時のFIFOメモリ147a~147dの空き容量が同一であるため、タイムスタンプTS0が付与されたパケットP0を、FIFOメモリ147a~147dのうち、最も若い番号が付与されたFIFOメモリ147aに記憶する(符号(b0)参照)。この結果、FIFOメモリ147aの空き容量が最も小さくなり、その他のFIFOメモリ147b~147dの空き容量が同一、かつ最も大きくなる。 The packet allocating unit 146 distributes the packet P0 to which the time stamp TS0 is assigned first, but since the free capacities of the FIFO memories 147a to 147d at the time of distribution are the same, the time stamp TS0 is assigned. The packet P0 is stored in the FIFO memory 147a to which the youngest number is assigned among the FIFO memories 147a to 147d (see reference numeral (b0)). As a result, the free capacity of the FIFO memory 147a becomes the smallest, and the free capacity of the other FIFO memories 147b to 147d becomes the same and the largest.
 続いて、パケット振分手段146は、タイムスタンプTS1が付与されたパケットP1の振分を行うが、振分時のFIFOメモリ147b~147dの空き容量が同一、かつ最も大きいため、タイムスタンプTS1が付与されたパケットP1を、FIFOメモリ147b~147dのうち、最も若い番号が付与されたFIFOメモリ147bに記憶する(符号(b1)参照)。本例では、タイムスタンプTS1が付与されたパケットP1のデータ量よりもタイムスタンプTS0が付与されたパケットP0のデータ量が大きいため、FIFOメモリ147aの空き容量が最も小さくなり、FIFOメモリ147bの空き容量が2番目に小さくなり、FIFOメモリ147c、147dの空き容量が同一、かつ最も大きくなる。 Subsequently, the packet distribution unit 146 distributes the packet P1 to which the time stamp TS1 is assigned. Since the free memories of the FIFO memories 147b to 147d at the time of distribution are the same and the largest, the time stamp TS1 is The assigned packet P1 is stored in the FIFO memory 147b to which the youngest number is assigned among the FIFO memories 147b to 147d (see code (b1)). In this example, since the data amount of the packet P0 to which the time stamp TS0 is assigned is larger than the data amount of the packet P1 to which the time stamp TS1 is assigned, the free capacity of the FIFO memory 147a is the smallest and the FIFO memory 147b is free. The capacity becomes the second smallest, and the free capacity of the FIFO memories 147c and 147d becomes the same and the largest.
 続いて、パケット振分手段146は、タイムスタンプTS2が付与されたパケットP2の振分を行うが、振分時のFIFOメモリ147c、147dの空き容量が同一であるため、タイムスタンプTS2が付与されたパケットP2を、FIFOメモリ147c、147dのうち、最も若い番号が付与されたFIFOメモリ147cに記憶する(符号(b2)参照)。本例では、タイムスタンプTS2が付与されたパケットP2のデータ量はタイムスタンプTS1が付与されたパケットP1のデータ量と同一のため、FIFOメモリ147aの空き容量が最も小さくなり、FIFOメモリ147b、147cの空き容量が同一、かつ2番目に小さくなり、FIFOメモリ147dの空き容量が最も大きくなる。 Subsequently, the packet distribution unit 146 distributes the packet P2 to which the time stamp TS2 is assigned. However, since the free capacities of the FIFO memories 147c and 147d at the time of distribution are the same, the time stamp TS2 is assigned. The packet P2 is stored in the FIFO memory 147c assigned the youngest number among the FIFO memories 147c and 147d (see symbol (b2)). In this example, since the data amount of the packet P2 to which the time stamp TS2 is attached is the same as the data amount of the packet P1 to which the time stamp TS1 is attached, the free capacity of the FIFO memory 147a is the smallest, and the FIFO memories 147b and 147c Are the same and second smallest, and the FIFO memory 147d has the largest free capacity.
 続いて、パケット振分手段146は、タイムスタンプTS3が付与されたパケットP3の振分を行うが、FIFOメモリ147dの空き容量が最も大きいため、タイムスタンプTS3が付与されたパケットP3を、FIFOメモリ147dに記憶する(符号(b3)参照)。本例では、タイムスタンプTS3が付与されたパケットP3のデータ量はタイムスタンプTS1、TS2が付与されたパケットP1、P2のデータ量と同一のため、FIFOメモリ147aの空き容量が最も小さくなり、FIFOメモリ147b~147dの空き容量が同一、かつ最も大きくなる。 Subsequently, the packet allocating unit 146 distributes the packet P3 to which the time stamp TS3 is assigned. However, since the free space of the FIFO memory 147d is the largest, the packet P3 to which the time stamp TS3 is assigned is stored in the FIFO memory. It memorize | stores in 147d (refer code | symbol (b3)). In this example, since the data amount of the packet P3 to which the time stamp TS3 is attached is the same as the data amount of the packets P1 and P2 to which the time stamps TS1 and TS2 are attached, the free capacity of the FIFO memory 147a becomes the smallest, and the FIFO The free capacities of the memories 147b to 147d are the same and the largest.
 続いて、パケット振分手段146は、タイムスタンプTS4が付与されたパケットP4の振分を行うが、振分時のFIFOメモリ147b~147dの空き容量が同一、かつ最も大きいため、タイムスタンプTS4が付与されたパケットP4を、FIFOメモリ147b~147dのうち、最も若い番号が付与されたFIFOメモリ147bに記憶する(符号(b4)参照)。本例では、パケットP0のデータ量よりも、パケットP1のデータ量とパケットP4のデータ量を加算した合計データ量の方が大きいため、FIFOメモリ147bの空き容量が最も小さくなり、FIFOメモリ147aの空き容量が2番目に小さくなり、FIFOメモリ147c、147dの空き容量が同一、かつ最も大きくなる。 Subsequently, the packet distribution unit 146 distributes the packet P4 to which the time stamp TS4 is assigned. Since the free memories of the FIFO memories 147b to 147d at the time of distribution are the same and the largest, the time stamp TS4 is The assigned packet P4 is stored in the FIFO memory 147b to which the youngest number is assigned among the FIFO memories 147b to 147d (see symbol (b4)). In this example, since the total data amount obtained by adding the data amount of the packet P1 and the data amount of the packet P4 is larger than the data amount of the packet P0, the free capacity of the FIFO memory 147b becomes the smallest, and the FIFO memory 147a The available capacity becomes the second smallest, and the available capacity of the FIFO memories 147c and 147d becomes the same and the largest.
 以降、同様の方法で、パケットP5~P9を、FIFOメモリ147b~147dのいずれかに記憶することで(符号(b5)~(b9)参照)、パケットP0~P9の振分処理を完了する。 Thereafter, the packets P5 to P9 are stored in any of the FIFO memories 147b to 147d by the same method (see symbols (b5) to (b9)), thereby completing the distribution process of the packets P0 to P9.
 <パケットの再構築処理>
 次に、図2(c)を用いて、パケットの再構築処理について説明する。パケットキャプチャ装置16aは、パケットプロセッサ14のパケット送信手段147a、147bから送信されるパケットをパケット記憶手段(HDD)165aに記憶し、パケットキャプチャ装置16bは、パケットプロセッサ14のパケット送信手段147c、147dから送信されるパケットをパケット記憶手段(HDD)165bに記憶する。 <Packet reconstruction process>
Next, packet reconstruction processing will be described with reference to FIG. The packet capture device 16a stores the packets transmitted from the packet transmission means 147a and 147b of the packet processor 14 in the packet storage means (HDD) 165a, and the packet capture device 16b receives the packets from the packet transmission means 147c and 147d of the packet processor 14. The transmitted packet is stored in the packet storage means (HDD) 165b.
 また、制御用PC12は、パケットキャプチャ装置16a~16cのHDD165a~165cに記憶されたパケットを順次走査し、最も若い番号のタイムスタンプが付与されたパケットを見つけた場合に、当該パケットを、制御用PC12に記憶されたファイルに出力する。 Also, the control PC 12 sequentially scans the packets stored in the HDDs 165a to 165c of the packet capture devices 16a to 16c, and when it finds the packet with the lowest time stamp, Output to a file stored in the PC 12.
 本例では、制御用PC12は、HDD165a~165cの中から、最も若い番号のタイムスタンプが付与されたパケットとして、HDD165aに記憶された、タイムスタンプTS0のパケットP0をファイルに出力し(符号(c0)参照)、続いて、2番目に若い番号のタイムスタンプが付与されたパケットとして、HDD165aに記憶された、タイムスタンプTS1のパケットP1をファイルに出力する(符号(c1)参照)。 In this example, the control PC 12 outputs the packet P0 of the time stamp TS0 stored in the HDD 165a to the file as a packet to which the time stamp having the youngest number is given from the HDDs 165a to 165c (symbol (c0 Next, the packet P1 of the time stamp TS1 stored in the HDD 165a is output to a file as a packet to which the time stamp having the second smallest number is assigned (see the code (c1)).
 続いて、制御用PC12は、HDD165a~165cの中から、3番目に若い番号のタイムスタンプが付与されたパケットとして、HDD165bに記憶された、タイムスタンプTS2のパケットP2をファイルに出力し(符号(c2)参照)、続いて、4番目に若い番号のタイムスタンプが付与されたパケットとして、HDD165bに記憶された、タイムスタンプTS3のパケットP3をファイルに出力する(符号(c3)参照)。 Subsequently, the control PC 12 outputs the packet P2 of the time stamp TS2 stored in the HDD 165b to the file as a packet to which the time stamp with the third lowest number is assigned from among the HDDs 165a to 165c (reference sign ( Then, the packet P3 of the time stamp TS3 stored in the HDD 165b is output to the file as a packet to which the time stamp having the fourth lowest number is assigned (see reference (c3)).
 続いて、制御用PC12は、HDD165a~165cの中から、5番目に若い番号のタイムスタンプが付与されたパケットとして、HDD165aに記憶された、タイムスタンプTS4のパケットP4をファイルに出力し(符号(c4)参照)、続いて、6番目に若い番号のタイムスタンプが付与されたパケットとして、HDD165bに記憶された、タイムスタンプTS5のパケットP5をファイルに出力する(符号(c5)参照)。 Subsequently, the control PC 12 outputs the packet P4 of the time stamp TS4 stored in the HDD 165a as a packet to which the time stamp with the fifth lowest number is assigned from among the HDDs 165a to 165c (reference sign ( Subsequently, the packet P5 of the time stamp TS5 stored in the HDD 165b is output to a file as a packet to which the time stamp having the sixth smallest number is assigned (see reference (c5)).
 以降、同様の方法で、タイムスタンプTS6~TS9が付与されたパケットP6~P9をファイルに順次出力することで、パケットP0~P9の再構築が完了し、図2(a)に示す、振り分け前のパケットを再現することができる(一時的に分解したパケットを元通りのパケットにすることができる)。 Thereafter, the packets P6 to P9, to which the time stamps TS6 to TS9 are assigned, are sequentially output to the file by the same method, whereby the reconstruction of the packets P0 to P9 is completed, and the pre-distribution shown in FIG. Can be reproduced (the temporarily disassembled packet can be changed to the original packet).
 以上説明したように、本実施形態に係るパケットキャプチャシステム(例えば、パケットキャプチャシステム10)は、複数のパケットキャプチャ装置(例えば、パケットキャプチャ装置16a~16c)を備えたパケットキャプチャシステムであって、パケットを受信可能なパケット受信手段(例えば、外部通信手段143)と、前記パケット受信手段が受信した前記パケットに所定の情報を付与する情報付与手段(例えば、情報付与手段145)と、前記情報付与手段によって前記所定の情報が付与された後のパケットを、前記複数のパケットキャプチャ装置のいずれかの装置に振り分けるパケット振分手段(例えば、パケット振分手段146)と、前記パケット振分手段によって振り分けられた後の複数のパケットを、前記所定の情報に基づいて、前記パケット受信手段が受信した順番に並び替えるパケット再構築手段(例えば、制御用PC12)と、を有して構成されている、ことを特徴とするパケットキャプチャシステムである。 As described above, the packet capture system (for example, the packet capture system 10) according to the present embodiment is a packet capture system including a plurality of packet capture devices (for example, the packet capture devices 16a to 16c), Packet receiving means (for example, external communication means 143), information giving means (for example, information giving means 145) for giving predetermined information to the packets received by the packet receiving means, and information giving means The packet distribution unit (for example, packet distribution unit 146) that distributes the packet after the predetermined information is assigned to one of the plurality of packet capture devices and the packet distribution unit. A plurality of packets after Based on the packet receiving means arranged in the order of reception changing packet reconstruction means (e.g., control PC12) and is configured to have a, a packet capture system, characterized in that.
 本実施形態に係るパケットキャプチャシステムによれば、パケットキャプチャの処理を複数のパケットキャプチャ装置に分散することができるため、パケットキャプチャ装置のパケットキャプチャ能力を必要以上に高める必要がなく、従来のパケットキャプチャ装置を適用することができる。このため、高速大容量のパケットのフルキャプチャを低コストで実現することが可能となる。また、振り分け後のパケットを元通りに再構築することができるため、高速大容量のパケットのフルキャプチャを実現しながらも、高速のパケット通信の妨げとなることがない。 According to the packet capture system according to the present embodiment, since packet capture processing can be distributed to a plurality of packet capture devices, it is not necessary to increase the packet capture capability of the packet capture device more than necessary. The device can be applied. As a result, full capture of a high-speed and large-capacity packet can be realized at low cost. Further, since the sorted packets can be reconstructed as they are, the high-speed packet communication is not hindered while full capture of high-speed and large-capacity packets is realized.
 また、前記パケット振分手段は、前記所定の情報が付与された後のパケットを、前記複数のパケットキャプチャ装置のうち、振り分けられたパケットの総量が最も少ない装置に振り分けるようにしてもよい。 Further, the packet distribution unit may distribute the packet after the predetermined information is assigned to a device having the smallest total number of distributed packets among the plurality of packet capture devices.
 このような構成とすれば、特定のパケットキャプチャ装置に負荷が集中することがなく、各々のパケットキャプチャ装置のパケットキャプチャ能力を最大限に生かすことができ、システム全体の処理能力を高めることができる。 With such a configuration, the load is not concentrated on a specific packet capture device, the packet capture capability of each packet capture device can be utilized to the maximum, and the processing capability of the entire system can be increased. .
 なお、本発明の実施の形態に記載された作用および効果は、本発明から生じる最も好適な作用および効果を列挙したに過ぎず、本発明による作用および効果は、本発明の実施の形態に記載されたものに限定されるものではない。また、実施例に記載した複数の構成のうち、1つの構成に記載している内容を、他の構成に適用することで、発明の効果を高めることができる場合がある。 Note that the actions and effects described in the embodiments of the present invention only list the most preferable actions and effects resulting from the present invention, and the actions and effects according to the present invention are described in the embodiments of the present invention. It is not limited to what was done. Moreover, the effect of invention may be able to be heightened by applying the content described in one structure among the several structures described in the Example to another structure.
 本発明に係るパケットキャプチャ装置、およびパケットキャプチャ方法は、IEEE802.3baに対応するサーバー機やネットワーク機器のパケットのフルキャプチャに適用することができる。 The packet capture device and the packet capture method according to the present invention can be applied to full capture of packets of server machines and network devices compatible with IEEE 802.3ba.
 10 パケットキャプチャシステム
 12 制御用PC
 14 パケットプロセッサ
 141 制御手段
 142 PC通信手段
 143 外部通信手段
 144 記憶手段
 145 情報付与手段
 146 パケット振分手段
 147a~147f パケット送信手段
 16 パケットキャプチャ装置
 161 制御手段
 162 PC通信手段
 163 記憶手段
 164 パケット受信手段
 165a~165c パケット記憶手段 10 Packet capture system 12 PC for control
14 Packet processor 141 Control means 142 PC communication means 143 External communication means 144 Storage means 145 Information giving means 146 Packet distribution means 147a to 147f Packet transmission means 16 Packet capture device 161 Control means 162 PC communication means 163 Storage means 164 Packet reception means 165a to 165c Packet storage means

Claims (7)

  1.  複数のパケットキャプチャ装置を備えたパケットキャプチャシステムであって、
     パケットを受信可能なパケット受信手段と、
     前記パケット受信手段が受信した前記パケットに所定の情報を付与する情報付与手段と、
     前記情報付与手段によって前記所定の情報が付与された後のパケットを、前記複数のパケットキャプチャ装置のいずれかの装置に振り分けるパケット振分手段と、
     前記パケット振分手段によって振り分けられた後の複数のパケットを、前記所定の情報に基づいて、前記パケット受信手段が受信した順番に並び替えるパケット再構築手段と、を有して構成されている、
    ことを特徴とするパケットキャプチャシステム。     A packet capture system comprising a plurality of packet capture devices,
    A packet receiving means capable of receiving a packet;
    Information giving means for giving predetermined information to the packet received by the packet receiving means;
    A packet distribution unit that distributes the packet after the predetermined information is added by the information addition unit to any one of the plurality of packet capture devices;
    A packet restructuring unit that rearranges the plurality of packets after being sorted by the packet sorting unit in the order received by the packet receiving unit based on the predetermined information; and
    A packet capture system characterized by that.
  2.  請求項1に記載のパケットキャプチャシステムであって、
     前記パケット振分手段は、前記所定の情報が付与された後のパケットを、前記複数のパケットキャプチャ装置のうち、振り分けられたパケットの総量が最も少ない装置に振り分ける、
    ことを特徴とするパケットキャプチャシステム。     The packet capture system according to claim 1,
    The packet distribution unit distributes the packet after the predetermined information is assigned to a device having the smallest total number of distributed packets among the plurality of packet capture devices,
    A packet capture system characterized by that.
  3.  請求項1または2に記載のパケットキャプチャシステムであって、
     前記所定の情報は、タイムスタンプである、
    ことを特徴とするパケットキャプチャシステム。     The packet capture system according to claim 1 or 2,
    The predetermined information is a time stamp.
    A packet capture system characterized by that.
  4.  複数のパケットキャプチャ装置を用いたパケットキャプチャ方法であって、
     パケットを受信するパケット受信ステップと、
     受信した前記パケットに所定の情報を付与する情報付与ステップと、
     前記所定の情報が付与された後のパケットを、前記複数のパケットキャプチャ装置のいずれかの装置に振り分けるパケット振分ステップと、
     振り分けられた後の複数のパケットを、前記所定の情報に基づいて、受信した順番に並び替えるパケット再構築ステップと、を有して構成されている、
    ことを特徴とするパケットキャプチャ方法。     A packet capture method using a plurality of packet capture devices,
    A packet receiving step for receiving a packet;
    An information giving step for giving predetermined information to the received packet;
    A packet distribution step of distributing the packet after the predetermined information is given to any one of the plurality of packet capture devices;
    A packet restructuring step for rearranging a plurality of packets after sorting, based on the predetermined information, in a received order; and
    And a packet capture method.
  5.  請求項4に記載のパケットキャプチャ方法であって、
     前記パケット振分ステップは、前記所定の情報が付与された後のパケットを、前記複数のパケットキャプチャ装置のうち、振り分けられたパケットの総量が最も少ない装置に振り分けるステップである、
    ことを特徴とするパケットキャプチャシステム。     The packet capture method according to claim 4, comprising:
    The packet distribution step is a step of distributing the packet after the predetermined information is assigned to a device having the smallest total amount of distributed packets among the plurality of packet capture devices.
    A packet capture system characterized by that.
  6.  請求項4または5に記載のパケットキャプチャ方法であって、
     前記所定の情報は、タイムスタンプである、
    ことを特徴とするパケットキャプチャ方法。     The packet capture method according to claim 4 or 5,
    The predetermined information is a time stamp.
    And a packet capture method.
  7.  複数のパケットキャプチャ装置を用いたパケットの再構築方法であって、
     受信したパケットに所定の情報を付与し、前記所定の情報が付与された後のパケットを、前記複数のパケットキャプチャ装置のいずれかの装置に振り分け、振り分けられた後の複数のパケットを、前記所定の情報に基づいて、受信した順番に並び替える、
    ことを特徴とするパケットの再構築方法。     A packet reconstruction method using a plurality of packet capture devices,
    Assign predetermined information to the received packet, distribute the packet after the predetermined information is assigned to any one of the plurality of packet capture devices, and assign the plurality of packets after distribution to the predetermined packet Sort in the order received based on the information of
    A method for reconstructing a packet.
PCT/JP2014/065680 2014-06-13 2014-06-13 Packet capture apparatus, packet capture method, and packet reconstruction method WO2015189971A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2014/065680 WO2015189971A1 (en) 2014-06-13 2014-06-13 Packet capture apparatus, packet capture method, and packet reconstruction method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2014/065680 WO2015189971A1 (en) 2014-06-13 2014-06-13 Packet capture apparatus, packet capture method, and packet reconstruction method

Publications (1)

Publication Number Publication Date
WO2015189971A1 true WO2015189971A1 (en) 2015-12-17

Family

ID=54833099

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2014/065680 WO2015189971A1 (en) 2014-06-13 2014-06-13 Packet capture apparatus, packet capture method, and packet reconstruction method

Country Status (1)

Country Link
WO (1) WO2015189971A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2021078080A (en) * 2019-11-13 2021-05-20 学校法人幾徳学園 Data processing device, data processing method, and data processing system
WO2022264239A1 (en) * 2021-06-14 2022-12-22 日本電信電話株式会社 Alert verification device, alert verification method, and alert verification program

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009231890A (en) * 2008-03-19 2009-10-08 Alaxala Networks Corp Packet relay device and traffic monitoring system
JP2010268434A (en) * 2009-04-08 2010-11-25 Ixia Traffic receiver using parallel capture engines

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009231890A (en) * 2008-03-19 2009-10-08 Alaxala Networks Corp Packet relay device and traffic monitoring system
JP2010268434A (en) * 2009-04-08 2010-11-25 Ixia Traffic receiver using parallel capture engines

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2021078080A (en) * 2019-11-13 2021-05-20 学校法人幾徳学園 Data processing device, data processing method, and data processing system
WO2022264239A1 (en) * 2021-06-14 2022-12-22 日本電信電話株式会社 Alert verification device, alert verification method, and alert verification program

Similar Documents

Publication Publication Date Title
JP7154399B2 (en) DATA TRANSMISSION METHOD, APPARATUS, COMPUTER-READABLE MEDIUM AND ELECTRONIC DEVICE
US7769049B2 (en) Traffic generator using parallel coherent transmit engines
US10348646B2 (en) Two-stage port-channel resolution in a multistage fabric switch
JP2012018525A (en) Content conversion program, content conversion system, and content conversion server
EP4287591A1 (en) Data transmission method and apparatus, and server, storage medium and program product
CN103971687A (en) Method and device for realizing load balance of voice recognition system
CN113422818B (en) Data cascade transmission method, system and node equipment
CN109561395A (en) A kind of blue-tooth transmission method and device
KR20130045788A (en) Method and system for multiplexing data streaming in audio/video networks
CN104038505A (en) Method and device for preventing IPSec (internet protocol security) replaying
CN105743811A (en) Data Transmitter Apparatus And Method For Data Communication Using The Same
US10856297B2 (en) Pre-calculation of sub-event RF channel
CN103825841A (en) Ethernet message sequencing method and device
CN104219298A (en) Cluster system and data backup method thereof
JP6631232B2 (en) System and method for determining routing information
WO2015189971A1 (en) Packet capture apparatus, packet capture method, and packet reconstruction method
CN110545230B (en) Method and device for forwarding VXLAN message
CN113542148B (en) Message aggregation method and device, network card and readable storage medium
JP5382812B2 (en) Data compression / transfer system, transmission apparatus, and data compression / transfer method used therefor
JP2019122023A (en) Video encoding apparatus for rearranging packet transmission order, and method of operating the same
US11206574B2 (en) Method and apparatus for data communication between MU and RU using multi-channel compression algorithm
CN112350979B (en) Data transmission method and device
US10142247B2 (en) Communication device, communication system, communication method, and storage medium storing program transferring data using a plurality of lines
EP2533440B1 (en) Method and device for sequencing members of multiple virtual concatenation groups
JP6895354B2 (en) Communication relay device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14894341

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

NENP Non-entry into the national phase

Ref country code: JP

122 Ep: pct application non-entry in european phase

Ref document number: 14894341

Country of ref document: EP

Kind code of ref document: A1