WO2016143066A1 - Dispositif de traitement d'information et procédé de sélection de positions de duplication de ports - Google Patents

Dispositif de traitement d'information et procédé de sélection de positions de duplication de ports Download PDF

Info

Publication number
WO2016143066A1
WO2016143066A1 PCT/JP2015/056983 JP2015056983W WO2016143066A1 WO 2016143066 A1 WO2016143066 A1 WO 2016143066A1 JP 2015056983 W JP2015056983 W JP 2015056983W WO 2016143066 A1 WO2016143066 A1 WO 2016143066A1
Authority
WO
WIPO (PCT)
Prior art keywords
traffic
mirror position
mirror
communication
port
Prior art date
Application number
PCT/JP2015/056983
Other languages
English (en)
Japanese (ja)
Inventor
貴也 井出
恭宏 相樂
順史 木下
高田 治
Original Assignee
株式会社日立製作所
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社日立製作所 filed Critical 株式会社日立製作所
Priority to PCT/JP2015/056983 priority Critical patent/WO2016143066A1/fr
Publication of WO2016143066A1 publication Critical patent/WO2016143066A1/fr

Links

Images

Definitions

  • the present invention relates to an information processing apparatus and a port mirroring position selection method, and is suitable for application to, for example, a communication system of a cloud provider that provides IaaS (Infrastructure As Service).
  • IaaS Intelligent As Service
  • IaaS An increasing number of companies use a service called IaaS that provides a customer with an environment in which a set of computer resources such as a server device, a storage device, and a network necessary for building a business computer system can be used.
  • IT Internet Technology
  • mirroring In order to perform passive performance monitoring, it is necessary to collect the application traffic to be monitored in the analyzer. This can be done by port mirroring (hereinafter referred to simply as mirroring) using a communication device such as a switch or router that constitutes an IaaS physical network, or by connecting a tap to each link on the network to branch the traffic signal. It is realized by doing.
  • target traffic a communication device that performs mirroring settings
  • a mirror position as appropriate
  • Patent Document 1 and Patent Document 2 disclose a technique for selecting a mirror position based on communication path information.
  • Patent Document 1 discloses selecting a mirror position based on physical topology information
  • Patent Document 2 discloses selecting a mirror position based on BGP (Border Gateway Protocol) information in a communication device. Is disclosed.
  • BGP Border Gateway Protocol
  • the mirror position is selected without considering the bandwidth of the output interface of the packet duplicated by mirroring (hereinafter referred to as the mirror port). Yes.
  • the present invention has been made in view of the above points, and will propose an information processing apparatus and a port mirroring position selection method capable of quickly selecting a communication apparatus capable of performing port mirroring without discarding mirrored traffic. It is what.
  • the present invention relates to each of the traffic passing through the communication device in an information processing device for selecting the communication device to be subjected to port mirroring of traffic flowing through a network composed of a plurality of communication devices.
  • a network information analyzing unit for acquiring the predetermined traffic information from each of the communication devices, and identifying each of the communication devices through which each of the traffic flowing through the network passes by analyzing each of the acquired traffic information; Based on the analysis result of the network information analysis unit, the traffic to be subjected to the port mirroring is specified, all the communication devices through which the specified traffic passes are specified, and the port of each specified communication device is specified.
  • Said mirroring A mirror position candidate enumeration unit for enumerating combinations of communication devices; and the port mirroring of the communication device in the communication device constituting the combination among the combinations of the communication devices enumerated by the mirror position candidate enumeration unit And a satisfactory combination selection unit for selecting a combination that does not cause congestion in the mirror port.
  • the information processing apparatus includes: The communication device through which each of the traffic flowing through the network passes by acquiring predetermined traffic information regarding each of the traffic passing through the communication device from each of the communication devices, and analyzing each of the acquired traffic information.
  • a first step of identifying the information and the information processing device identifies the traffic to be subject to the port mirroring based on the analysis result, identifies all the communication devices through which the identified traffic passes, Port on each identified communication device
  • a second step of enumerating the combinations of the communication devices that perform the error ringing, and the information processing apparatus includes the port mirroring of the communication device in the communication device that constitutes the combination among the enumerated combinations of the communication devices.
  • a third step of selecting a combination that does not cause congestion in the mirror port is
  • the present invention it is possible to realize an information processing apparatus and a port mirroring position selection method that can quickly select a mirror position (communication apparatus) that can execute port mirroring without discarding mirrored traffic.
  • (A) is a conceptual diagram which shows the structure of a communication management table
  • (B) is a conceptual diagram which shows the structure of a path
  • FIG. 11 is a sequence diagram showing a flow of a series of processes from when a mirror position request is transmitted from an operation source to a management apparatus until a mirror position response corresponding to the mirror position request is transmitted from the management apparatus to the operation source. It is a flowchart which shows the process sequence of a network information analysis process. It is a conceptual diagram which shows the data format of an IPFIX message. It is a flowchart which shows the process sequence of a mirror position candidate enumeration process. It is a flowchart which shows the process sequence of a candidate search process.
  • (A) to (E) are diagrams for explaining candidate search processing. It is a flowchart which shows the process sequence of a candidate registration process. It is a flowchart which shows the process sequence of a satisfaction combination selection process. It is a figure which shows schematic structure of a mirroring condition display screen. It is a block diagram which shows the whole structure of the communication system by 2nd Embodiment. It is a conceptual diagram which shows the structure of the mirror position request
  • FIG. 1 indicates a communication system according to the present embodiment as a whole.
  • the communication system 1 is connected to a plurality of computers 3 and a plurality of communication devices 4 connected to a data network 2, an aggregation communication device 5 connected to these communication devices 4, and an aggregation communication device 5.
  • the electronic computer 3 is composed of, for example, a server device or a personal computer, and communicates with each other via the data network 2.
  • the communication device 4 includes, for example, a LAN (Local Area Network) switch, a router, and the like, and includes one or a plurality of interfaces (not shown) connected to the data network 2, an interface connected to the control network 7, and aggregation. And one or a plurality of mirror ports MP connected to the communication device 5. Note that the communication device 4 of the present embodiment includes only one mirror port MP.
  • LAN Local Area Network
  • the communication device 4 is equipped with a transfer function 10, a mirroring function 11, and a communication information notification function 12.
  • the transfer function 10 analyzes the traffic received via an arbitrary interface of the communication device 4, and based on information such as a 5-tuple obtained by the analysis, an interface to output the traffic according to a predetermined rule. This function determines and outputs traffic from the determined interface.
  • the 5-tuple refers to a “source IP address” that is an IP (Internet Protocol) address of a communication device (electronic computer 3) that is a transmission source of the traffic, and transmission of traffic from a plurality of programs operated by the communication device.
  • “Sender port number” that specifies the source program
  • "Destination IP address” that is the IP address of the communication device (electronic computer 3) that is the destination of the traffic
  • a plurality of programs that the communication device operates Indicates a “destination port number” that specifies a destination program of traffic and “IP protocol” that indicates the type of IP protocol used when sending / receiving the traffic. Such information can be acquired from the header portion of each packet constituting the traffic.
  • the mirroring function 11 is a function that duplicates traffic designated using information such as a 5-tuple out of traffic passing through the communication device 4 and outputs it from the mirror port MP.
  • the communication information notification function 12 uses predetermined traffic information related to traffic passing through the communication device 4 (information such as accumulated traffic for each traffic and 5 tuples) as the notification information 13, and a predetermined device (the present embodiment). Is a function of transmitting to the management apparatus 8) via the control network 7.
  • the transfer function 10, mirroring function 11, and communication information notification function 12 of the communication device 4 are all based on existing technology.
  • the transfer function 10 includes a LAN switch switching function
  • the mirroring function 11 includes LAN switch access control.
  • IPFIX IP Flow Information Export
  • IPFIX IP Flow Information Export
  • the aggregation communication device 5 is composed of, for example, a network packet broker, and includes a plurality of reception ports RP and one or a plurality of transmission ports TP. Each reception port RP is connected to a mirror port MP of a different communication device 4, and one or more transmission ports TP are connected to an arbitrary analysis device 6. Then, the aggregation communication device 5 transfers the traffic copied (mirrored) by each communication device 4 received via the reception port RP to the corresponding analysis device 6 via the transmission port TP.
  • the analysis device 6 is composed of a passive type performance monitoring device.
  • the analysis device 6 analyzes the traffic transferred from the aggregation communication device 5 to monitor the response performance of the application that transmits and receives the traffic, for example.
  • the management device 8 is, for example, a server device used by a system administrator to manage the communication system 1, and in response to a mirror position request 17 to be described later given from the operation source 9, in the mirror position request 17. Equipped with a function to select the communication device 4 to be the mirror position when analyzing the specified traffic and return the selection result to the operation source 9 as a mirror position response 18 (hereinafter referred to as a mirror position selection function) Has been.
  • the operation source 9 is assumed to be, for example, a client terminal 15 operated by the user 14 or an operation management apparatus 16 installed by a cloud operator who operates the communication system 1.
  • the client terminal 15 uses the traffic to be analyzed by the analysis device 6 (hereinafter referred to as target traffic) and, if necessary, the mirror position of the target traffic.
  • GUI Graphic User Interface
  • the client terminal 15 transmits a request for selecting the mirror position of the target traffic designated by the user 14 to the management apparatus 8 as the above-described mirror position request 17 by using this GUI.
  • the client terminal 15 determines the mirror position of the target traffic selected by the management apparatus 8 that is recognized based on the mirror position response 18. Display in format.
  • the mirror position request 17 includes one or more combinations of communication requirements and mirror position communication device IDs.
  • the communication requirement is a requirement for target traffic, and is composed of information on five tuples of the target traffic (hereinafter referred to as five-tuple information). In this case, the communication requirement does not need to include all of the 5-tuple information, and only a part thereof may be used.
  • a VLAN (Virtual LAN) identifier may be included.
  • the mirror position communication device ID is an identifier (communication device ID) of the communication device 4 to be the mirror position of the target traffic designated by the operation source 9 as described above.
  • the mirror position communication device ID may be empty (that is, the communication device 4 to be the mirror position of the target traffic may not be specified).
  • the mirror position response 18 should be the mirror position selected by the management apparatus 8 in addition to the information (combination of one or more communication requirements and the mirror position communication apparatus ID) included in the corresponding mirror position request 17.
  • the identifier (communication device ID) of the communication device 4 is included.
  • interface information for executing port mirroring is required in addition to mirror position (communication device) information.
  • mirroring can be performed even if only the communication device 4 is specified.
  • port mirroring is activated in advance for all ports of the communication device 4, and any traffic is denied (deny) by access control. After the mirror position is specified, the communication that becomes the mirror position is performed. By permitting the mirroring of the traffic to be mirrored by the access control of the device 4, the interface information becomes unnecessary when performing the port mirroring.
  • the mirror position request 17 and the mirror position response 18 are described in XML (eXtensible Markup Language), for example, and are transmitted and received between the operation source 9 and the management device 8 by HTTP (Hyper Text Transfer Protocol).
  • XML eXtensible Markup Language
  • HTTP Hyper Text Transfer Protocol
  • FIG. 2 shows a configuration example of the data network 2.
  • the configuration of the data network 2 and the traffic flowing through the data network 2 are simplified.
  • the data network is configured by a large number of communication devices, and a large number of traffics are generated on the data network. Flowing.
  • the data network 2 is composed of a plurality of communication devices 4A to 4D having the same functions and configurations as the communication device 4 described above with reference to FIG. 1, and a plurality of electronic computers 3S to 3W are connected to the data network 2. ing.
  • the communication devices 4A to 4D and the electronic computers 3S to 3W do not need to be devices having physical entities, but may be virtual switches or virtual machines implemented by software.
  • the communication devices 4A to 4D and the electronic computers 3S to 3W are connected to each other using a LAN cable.
  • the electronic computer 3S is connected to the communication device 4A
  • the communication device 4A is connected to the communication device 4C and the communication device 4D, respectively.
  • the electronic computer 3T is connected to a communication device 4B
  • this communication device 4B is connected to the communication device 4C and the communication device 4D, respectively.
  • the communication device 4C is connected to the electronic computer 3U
  • the communication device 4D is connected to the electronic computer 3V and the electronic computer 3W.
  • the traffic 19K flows from the electronic computer 3S to the electronic computer 3U via the communication device 4A and the communication device 4C
  • the traffic 19M flows from the electronic computer 3T via the communication device 4B and the communication device 4D
  • traffic 19L flows from the computer 3V via the communication device 4D, the communication device 4B, and the communication device 4C.
  • FIGS. 5 to 8 used in the following description, in the data network 2 having such a configuration, it is desired to mirror the traffic to the electronic computer 3U (the transmission source is not specified) and the traffic from the electronic computer 3T to the electronic computer 3W.
  • the traffic of each traffic is always 800 Mbps, and the bandwidth of the mirror port MP (FIG. 1) of the communication device 4 (hereinafter including 4A to 4D). Is set to 1024 [Mbps]. Under such a situation, when a plurality of traffics are mirrored by the same communication device 4, congestion occurs at the mirror port MP, so that the mirror position needs to be distributed to the plurality of communication devices 4.
  • FIG. 3 shows a simplified hardware configuration of the management device 8.
  • the management device 8 includes a processor 21, a main storage device 22, an external storage device 23, a communication control device 24, and an input / output device 26 connected to each other via an internal bus 20. Configured.
  • the processor 21 is hardware having a function for controlling operation of the entire management apparatus 8.
  • the main storage device 22 is composed of, for example, a semiconductor memory and is used to temporarily hold various programs and control data.
  • the mirror position request management table 34 and the mirror position candidate management table group 35 are also stored and held in the main storage device 22.
  • the external storage device 23 is a storage device having a large storage capacity, and is composed of, for example, a hard disk device or an SSD (Solid State Drive). The external storage device 23 is used for holding various programs and data for a long period of time.
  • the communication control device 24 is hardware having a function of controlling communication with each communication device 4, and is connected to the control network 7 via the interface 27.
  • the input / output device 26 includes an input device such as a keyboard and a mouse for a user to perform various operation inputs, and an output device such as a liquid crystal display for displaying various information.
  • FIG. 4 shows a simple logical configuration of the management device 8.
  • the management device 8 includes a network information analysis unit 40, a mirror position selection unit 41, a mirror position candidate listing unit 42, and a satisfaction combination selection unit 43.
  • the network information analysis unit 40, the mirror position selection unit 41, the mirror position candidate listing unit 42, and the satisfaction combination selection unit 43 are stored in the main storage device 22 (FIG. 3) by the processor 21 (FIG. 3) of the management device 8. This is a function embodied by executing the management program 31 (FIG. 3).
  • the network information analysis unit 40 analyzes the above notification information 13 transmitted from each communication device 4 constituting the data network 2 via the control network 7, and includes 5-tuple information on each traffic flowing through the data network 2, The communication device 4 through which each of the traffic passes and information such as the traffic of the traffic in the communication device 4 are acquired, and processing for storing the acquired information in the communication analysis information table group 33 is executed.
  • the mirror position selection unit 41 executes a process of receiving the mirror position request 17 transmitted from the operation source 9 and newly registering it in the mirror position request management table 34.
  • the mirror position selection unit 41 is the case where the mirror position request 17 is given from the operation source 9 and the 5-tuple information of the target traffic specified in the mirror position request 17 in the mirror position request management table 34. If all the same records already exist, no records are added.
  • the mirror position selection unit 41 notifies the operation source 9 as a mirror position response 18.
  • the mirror position candidate enumeration unit 42 sequentially reads the mirror position request 17 registered in the mirror position request management table 34, and the network topology information table 32 and communication analysis described later for the target traffic specified in the read mirror position request 17.
  • the information table group 33 is used to list one communication device 4 or a combination of a plurality of communication devices 4 that can be mirrored without omission or duplication as mirror position candidates (hereinafter referred to as mirror position candidates), and Is stored in the mirror position candidate management table group 35.
  • the sufficiency combination selecting unit 43 selects all the communication devices 4 constituting the mirror position candidate from the mirror position candidates of the target traffic enumerated by the mirror position candidate listing unit 42 and stored in the mirror position candidate management table group 35. 1, one mirror position candidate whose communication amount of the mirror port MP (FIG. 1) is equal to or less than a mirror port threshold value described later is selected, and this is notified to the mirror position selection unit 41 as a mirror position selection result.
  • a network topology information table 32, a communication analysis information table group 33, a mirror position request management table 34, and a mirror position candidate management table group 35 are stored in the main storage device 22 of the management apparatus 8. ing.
  • the network topology information table 32 is a table used to hold device information of each communication device 4 configuring the data network 2, and as shown in FIG. 5, a communication device ID column 32A, an IP address column 32B, A mirror port bandwidth column 32C and a mirror port threshold column 32D are provided. In the network topology information table 32, one row (record) corresponds to one communication device 4.
  • identifiers (communication device IDs) assigned to the respective communication devices 4 constituting the data network 2 are stored, and in the IP address column 32B, the corresponding communication device 4 receives the above notification.
  • the mirror port bandwidth column 32C stores the maximum bandwidth of the mirror port MP (FIG. 1) of the corresponding communication device 4, and the mirror port threshold value column 32D stores the mirror port of the notification device by a system administrator or the like.
  • a preset threshold value of communication traffic (hereinafter referred to as a mirror port threshold value) is stored.
  • These pieces of information in the network topology information table 32 are set in advance by the system administrator or the like using the input / output device 26 (FIG. 3). However, such information may be set by a system administrator or the like via the control network 7.
  • the communication analysis information table group 33 is a table group for managing information obtained based on the notification information 13 transmitted from each communication device 4 constituting the data network 2, and as shown in FIG. It consists of a communication management table 33A and a route management table 33B.
  • the communication management table 33A is a table used for managing traffic flowing on the data network 2, and as shown in FIG. 6A, a communication ID column 33AA, a transmission source IP address column 33AB, a transmission source port. A number field 33AC, a destination IP address field 33AD, a destination port number field 33AE, and an IP protocol field 33AF are provided. In the communication management table 33A, one row corresponds to one traffic flowing through the data network 2.
  • the communication ID column 33AA stores an identifier (communication ID) unique to the traffic assigned to the corresponding traffic, and includes a source IP address column 33AB, a source port number column 33AC, and a destination IP address column 33AD.
  • a source IP address column 33AB In the destination port number column 33AE and the IP protocol column 33AF, corresponding information (source IP address, source port number, destination IP address, destination port number and IP protocol) of the 5-tuple information of the traffic is stored. Each is stored.
  • These pieces of information stored in the communication management table 33 ⁇ / b> A are information included in the notification information 13.
  • the route management table 33B is a table used for managing various types of information regarding the route of each traffic flowing on the data network 2, and as shown in FIG. 6B, the communication ID column 33BA, the communication device ID.
  • a column 33BB, a traffic column 33BC, a cumulative traffic column 33BD, a reception interface column 33BE, a transmission interface column 33BF, and an acquisition time column 33BG are configured. Also in the route management table 33B, one row corresponds to one traffic flowing through the data network 2.
  • the communication ID column 33BA stores the communication ID of the corresponding traffic
  • the communication device ID column 33BB stores the communication device ID of one of the communication devices 4 through which the corresponding traffic passes.
  • the traffic volume column 33BC stores the data volume (communication volume) per second flowing through the communication device 4 to which the corresponding traffic corresponds
  • the accumulated traffic volume column 33BD stores the corresponding traffic in the corresponding communication device 4. Is stored (hereinafter referred to as the accumulated communication amount).
  • the reception interface column 33BE stores the identifier of the interface that has received the corresponding traffic by the corresponding communication device 4, and the transmission interface column 33BF has transmitted the corresponding traffic by the corresponding communication device 4 to another device. Stores the identifier of the interface. Further, in the acquisition time column 33BG, the time when the management device 8 received the corresponding notification information 13 (more precisely, the time when the corresponding communication device 4 generated the notification information 13 is referred to as the acquisition time. Stored) is stored.
  • the information stored in the communication device ID column 33BB, the accumulated communication amount column 33BD, the reception interface column 33BE, the transmission interface column 33BF, and the acquisition time column 33BG is the corresponding notification.
  • Information acquired from the information 13 and stored in the traffic column 33BC (that is, traffic) is stored in the acquisition time column 33BG and information stored in the cumulative traffic column 33BD (that is, cumulative traffic). It is calculated based on the information (that is, the acquisition time).
  • the mirror position request management table 34 is a table used for holding the mirror position request 17 given from the operation source 9 to the management apparatus 8, and as shown in FIG. A requirement column 34B and a mirror position communication device ID column 34C are provided. In the mirror position request management table 34, one row corresponds to one mirror position request 17.
  • an identifier (request ID) unique to the mirror position request 17 assigned to the mirror position request 17 when the management apparatus 8 receives the corresponding mirror position request 17 is stored.
  • the communication requirement column 34B includes a source IP address column 34BA, a source IP port number column 34BB, a destination IP address column 34BC, a destination port number column 34BD, and an IP protocol column 34BE.
  • the communication device ID of the communication device 4 to be set as the mirror position for the corresponding target traffic specified in the corresponding mirror position request 17 is stored.
  • the mirror position candidate management table group 35 is a table group for holding the mirror position candidates listed by the mirror position candidate listing unit 42 (FIG. 4). As shown in FIG. The candidate position management table 35B is used.
  • the candidate management table 35A is a table used for managing the correspondence between the mirror position request 17 and a candidate ID described later, and as shown in FIG. 8A, the request ID column 35AA and the candidate ID column 35AB. It is configured with.
  • the request ID column 35AA stores a request ID unique to the mirror position request 17 assigned to the mirror position request 17 received by the management apparatus 8, and the candidate ID column 35AB stores a candidate ID described later. Is done.
  • one row corresponds to one candidate ID.
  • the candidate position management table 35B is a table used for managing the mirror position candidates listed by the mirror position candidate listing unit 42. As shown in FIG. 8B, the candidate position management table 35B includes a candidate ID column 35BA, a communication device, and the like. An ID column 35BB and a traffic volume column 35BC are provided.
  • identifiers (candidate IDs) assigned to the respective mirror position candidates enumerated by the mirror position candidate enumeration unit 42 with respect to one mirror position request 17 are stored.
  • different candidate IDs are assigned to these mirror position candidates.
  • the communication device ID column 35BB stores the communication device ID of one communication device 4 constituting the mirror position candidate. Accordingly, when the mirror position candidate is configured by a combination of a plurality of communication devices 4, these communication devices 4 are registered in different rows of the candidate position management table 35B.
  • the traffic volume column 35BC when the corresponding communication device 4 is set as the mirror position of the target traffic, the traffic volume of the target traffic flowing through the mirror port MP (FIG. 1) of the communication device 4 (the mirror port MP) Is stored).
  • FIG. 9 shows the state after the mirror position request 17 is transmitted from the operation source 9 to the management device 8 The flow of a series of processes until the mirror position response 18 corresponding to the mirror position request 17 is transmitted from the management apparatus 8 to the operation source 9 is shown.
  • the management device 8 When the mirror position request 17 designating the 5-tuple of the target traffic and the communication device 4 to be the mirror position as necessary is transmitted from the operation source 9 to the management device 8 (SP1), first, the management device 8 The mirror position selection unit 41 extracts the 5-tuple information of the target traffic included in the mirror position request 17 and the communication device ID of the communication device 4 to be the mirror position from the mirror position request 17, and obtains these pieces of information. It is registered in the mirror position request management table 34 (SP2).
  • the mirror position selection unit 41 thereafter issues a request to enumerate mirror position candidates corresponding to the mirror position request 17 at a predetermined timing (hereinafter referred to as a mirror position candidate enumeration request).
  • the position candidate enumeration unit 42 is given (SP3).
  • the mirror position candidate enumeration unit 42 When the mirror position candidate enumeration unit 42 receives the above-described mirror position candidate enumeration request from the mirror position selection unit 41, the mirror position candidate enumeration unit 42 performs communication analysis information table group 33 for each mirror position request 17 registered in the mirror position request management table 34. Referring to the communication management table 33A (FIG. 6A) and the path management table 33B (FIG. 6B), all the mirror position candidates corresponding to the mirror position request 17 are listed (SP4).
  • the mirror position candidate enumeration unit 42 obtains necessary information regarding the enumerated mirror position candidates from the candidate management table 35A (FIG. 8A) and the candidate position management table 35B (FIG. 8) of the mirror position candidate management table group 35. (B)) is registered (SP5).
  • the mirror position candidate enumeration unit 42 then requests that one mirror position candidate should be selected as a mirror position from these mirror position candidates at a predetermined timing (hereinafter, this is referred to as a satisfaction combination selection request).
  • SP6 To the satisfaction combination selection unit 43 (SP6).
  • the satisfaction combination selection section 43 configures the mirror position candidates from the mirror position candidates registered in the mirror position candidate management table group 35. For all the communication devices 4 that perform this, one mirror position candidate is selected at which the traffic of the mirror port MP (FIG. 1) is equal to or less than the mirror port threshold (SP7). The sufficiency combination selection unit 43 selects one such mirror position candidate for each mirror position request 17. Then, the satisfaction combination selection unit 43 notifies the mirror position selection unit 41 of the mirror position selection result for each mirror position request 17 obtained in this way (SP8).
  • the mirror position selection unit 41 is notified from the satisfaction combination selection unit 43 of a mirror position selection result (a set of request ID 34A (FIG. 7) and a plurality of communication device IDs 32A (FIG. 5)) for each mirror position request 17 described above. Then, the communication requirement 34B corresponding to the request ID 34 included in the mirror position selection result is obtained by referring to the mirror position request management table 34, and the communication device ID 32A corresponding to the obtained communication requirement 34B and the mirror position selection result is obtained. Is created (SP9), and the created mirror position response 18 is transmitted to the operation source 9 (SP10).
  • FIG. 10 shows notification information transmitted from each communication device 4 constituting the data network 2 13 shows the specific processing contents of processing (hereinafter referred to as network information analysis processing) executed by the network information analysis unit 40 (FIG. 4) that has received 13 (FIG. 1).
  • network information analysis processing executed by the network information analysis unit 40 (FIG. 4) that has received 13 (FIG. 1).
  • the network information analysis unit 40 analyzes the notification information 13 in accordance with the processing procedure shown in FIG. 10 and stores necessary information in the communication analysis information table group 33.
  • IPFIX is applied as the communication information notification function 12 (FIG. 1) of the communication device 4 as described above, and the description will be made on the assumption that the notification information 13 is an IPFIX message.
  • the IPFIX message is a message having the data structure shown in FIG. That is, the IPFIX message 50 includes an IP header 50A, a UDP header 50B, an IPFIX header 50C, and a payload portion 50D.
  • the payload portion 50D is associated with each traffic passing through the communication device that is the source of the IPFIX message 50.
  • the 5-tuple information (source IP address, destination IP address, source port number, destination port number and IP protocol) of the traffic and the identifier (“input physical IF” and the physical interface for inputting / outputting the traffic)
  • a data set 51 including information such as “output physical IF”) and cumulative communication amount (“cumulative communication amount”) is stored.
  • the network information analysis unit 40 When the network information analysis unit 40 receives the notification information 13 as described above transmitted from any one of the communication devices 4 constituting the data network 2, the network information analysis unit 40 starts the network information analysis process shown in FIG.
  • the source IP address included in the IP header 50A (FIG. 11) of the notification information 13 is compared with the IP address 32B of the network topology information table 32 (FIG. 5), and the communication device 4 that is the source of the notification information
  • the communication device ID is acquired (SP20). Further, the network information analysis unit 40 acquires the Unix time (“Unix (registered trademark) Secs”) stored in the IPFIX header 50C (FIG. 11) of the notification information 13 as the acquisition time of the notification information 13 (SP21). .
  • Unix time (“Unix (registered trademark) Secs”
  • the network information analysis unit 40 extracts one data set 51 (FIG. 11) from the payload portion 50D (FIG. 11) of the notification information 13 (SP22), and the 5-tuple information included in the acquired data set 51. It is determined whether or not a record having the same 5-tuple information exists in the communication management table 33A (FIG. 6A) of the communication analysis information table group 33 (SP23).
  • the network information analysis unit 40 assigns a unique communication ID to the traffic corresponding to the data set 51 extracted in step SP22, and includes the communication ID and 5 included in the data set 51.
  • the tuple information is newly registered in the communication management table 33A (SP24).
  • the network information analysis unit 40 stores the communication ID assigned to the traffic in the communication ID column 33AA of the new row in the communication management table 33A, and the source IP address column 33AB, source port of the row.
  • the number field 33AC, the destination IP address field 33AD, the destination port number field 33AE, and the IP protocol field 33AF corresponding information of the 5-tuple information included in the data set 51 extracted in step SP22 is stored.
  • the network information analysis unit 40 thereafter registers the traffic route corresponding to the data set 51 extracted in step SP22 in the route management table 33B (FIG. 6B) (SP25).
  • the network information analysis unit 40 stores the communication ID assigned to the traffic at step SP24 in the communication ID column 33BA of the new line in the route management table 33B, and steps into the communication device ID column 33BB of the row. Stores the communication device ID acquired in SP20.
  • the network information analyzing unit 40 adds corresponding information of the identifier of the reception physical interface and the identifier of the transmission physical interface included in the data set 51 extracted in step SP22 to the reception interface column 33BE and the transmission interface column 33BF of the row. And the acquisition time of the communication information acquired in step SP21 is stored in the acquisition time column 33BG of the row. Furthermore, the network information analysis unit 40 stores the accumulated communication amount included in the data set 51 extracted in step SP22 in the communication amount column 33BC and the accumulated communication amount column 33BD of the row.
  • step SP25 the process proceeds to step SP29.
  • obtaining a negative result in the determination at step SP23 means that the traffic corresponding to the data set 51 extracted at step SP22 has already been registered in the communication analysis information table group 33.
  • the network information analysis unit 40 acquires the communication ID of the traffic already registered in the communication analysis information table group 33 from the communication management table 33A (FIG. 6A) (SP26).
  • the network information analysis unit 40 matches the communication ID stored in the communication ID column 33BA in the record of the route management table 33B (FIG. 6B) with the communication ID acquired in step SP26 and the communication device ID. It is determined whether there is a record in which the communication device ID stored in the column 33BB matches the communication device ID acquired in step SP20 (SP27).
  • step SP27 registers the new route of the traffic in the route management table as described above, and then proceeds to step SP29.
  • obtaining a positive result in the determination at step SP27 means that the traffic has already been registered in the communication analysis information table group 33 and there is no change in the route.
  • the network information analysis unit 40 updates the traffic volume stored in the traffic volume column 33BC of the line corresponding to the traffic in the route management table 33B (SP28).
  • the network information analysis unit 40 uses CCV1 as the cumulative communication amount included in the data set 51 extracted at step SP22, T1 as the generation time of the notification information 13 acquired at step SP21, and the corresponding record detected at step SP26.
  • CCV2 is the cumulative communication amount stored in the cumulative communication amount column 33BD
  • T2 is the time stored in the acquisition time column 33BG of the record
  • the traffic stored in the column 33BC is expressed as Is updated to the communication amount CV calculated by.
  • the network information analysis unit 40 determines whether or not the processing of step SP23 to step SP28 has been executed for all the data sets 51 stored in the payload portion 50D (FIG. 11) of the notification information 13 received at that time. (SP29). If the network information analysis unit 40 obtains a negative result in this determination, it returns to step SP22, and thereafter, the data set 51 selected in step SP22 is sequentially switched to another unprocessed data set 51 while step SP22 to step SP22. The processing of SP29 is repeated.
  • the network information analysis unit 40 eventually obtains a positive result at step SP29 by completing the processing of step SP23 to step SP28 for all the data sets 51 stored in the payload portion 50D of the notification information 13 received at that time. And this network information analysis processing is complete
  • FIG. 12 is executed by the mirror position candidate enumeration unit 42 (FIG. 4) to which the mirror position candidate enumeration request is given from the mirror position selection unit 41 (FIG. 4).
  • the specific processing content of the processing (the processing of step SP4 in FIG. 9 and hereinafter referred to as mirror position candidate enumeration processing) is shown.
  • the mirror position candidate enumeration unit 42 for each mirror position request 17 registered in the mirror position request management table 34 (FIG. 7), in accordance with the processing procedure shown in FIG. All the position candidates are detected (enumerated), and each mirror position candidate for each detected mirror position request 17 is registered in the mirror position candidate management table group 35 (FIG. 4).
  • the mirror position candidate enumeration unit 42 when receiving the mirror position candidate enumeration request 42, the mirror position candidate enumeration unit 42 starts the mirror position candidate enumeration process shown in FIG.
  • One record (mirror position request 17) is selected, and its contents are stored as record R (SP30).
  • the mirror position candidate listing unit 42 obtains a traffic set T that satisfies the communication requirements of the record R (SP31). Specifically, the mirror position candidate listing unit 42 sets the communication requirement of the record R selected in step SP30 among the records of the communication management table 33A (FIG. 6B) of the communication analysis information table group 33 (FIG. 6). Each communication ID stored in the communication ID column 33AA (FIG. 6A) of each record to be satisfied is acquired, and these acquired communication IDs are stored as a set T.
  • the record R is a record corresponding to the mirror position request 17 “req2” in FIG. 7 (record on the second line from the top in FIG. 7), this is indicated in the communication management table 33A (FIG. 6A). Since the record satisfying the communication requirement of the record R is a record corresponding to the traffic of the communication ID “trM” (record on the third line from the top in FIG. 6A), the mirror position candidate enumeration unit 42 The communication ID “trM” is stored as a set T.
  • the record R corresponds to the mirror position request 17 “req1” in FIG. 7 (this is a mirror position request for requesting the mirror position for all traffic input to the computer 3 whose IP address is “10.2.0.50”).
  • the record satisfying the communication requirement of the record R in the communication management table 33A is a record corresponding to the traffic with the communication ID “trK” (record on the first line from the top in FIG. 6A).
  • “TrL” is a record corresponding to the traffic of the communication ID “trL” (record on the second line from the top in FIG. 6A), the mirror position candidate enumeration unit 42 “trK” which is the communication ID of these traffics.
  • “trL” is stored as a set T.
  • the mirror position candidate listing unit 42 selects a set P of records corresponding to each traffic obtained in step SP31 from the records in the route management table 33B (FIG. 6B) of the communication analysis information table group 33. Obtain (SP32). Specifically, the mirror position candidate enumeration unit 42 selects any one of the records in the path management table 33B whose communication ID stored in the communication ID column 33BA (FIG. 6B) belongs to the set T obtained in step SP31. A record matching the communication ID is detected, and a set of the records is set as a set P.
  • the mirror position candidate listing unit 42 determines whether or not the number of elements of the set P obtained in step SP32 is greater than 0 (SP33).
  • Obtaining a negative result in this determination means that there is no traffic that satisfies the communication request of the mirror position request 17 corresponding to the record R selected in step SP30 or there is no route of the traffic (for example, the record R is the first line in FIG. 7). In other words, the traffic having “10.2.0.50” as the destination IP address or the route of the traffic does not exist).
  • the mirror position candidate listing unit 42 transmits an error notification to the mirror position selection unit 41 (SP38), and then proceeds to step SP44.
  • the mirror position selection unit 41 receives the error notification from the mirror position candidate listing unit 42 and transmits the mirror position response 18 corresponding thereto to the operation source 9.
  • obtaining a positive result in the determination in step SP33 means that there is traffic or a route of the traffic that satisfies the communication request of the mirror position request 17 corresponding to the record R selected in step SP30.
  • the mirror position candidate listing unit 42 determines whether the communication device ID of any communication device is stored in the mirror position communication device ID column 34C (FIG. 7) of the record R selected in step SP40 (step S40). It is determined whether or not the communication device 4 to be the mirror position is specified in the mirror position request 17 corresponding to the record R selected in SP30 (SP34).
  • the mirror position candidate listing unit 42 is stored in the mirror position communication device ID column 34C of the record R selected in step SP30 from the records belonging to the set P in the route management table 33B. All the records whose communication device IDs are stored in the communication device ID column 33BB (FIG. 6B) are extracted, and the extracted record group is stored as a set F (SP35).
  • the mirror position candidate listing unit 42 determines whether or not the number of elements of the set F obtained in step SP35 is greater than 0 (SP36).
  • the target traffic specified in the mirror position request 17 corresponding to the record R selected in step SP30 passes through the communication device 4 specified as the mirror position in the mirror position request 17. Means no.
  • the mirror position candidate listing unit 42 transmits an error notification to the mirror position selection unit 41 (SP38), and then proceeds to step SP44.
  • obtaining a positive result in the determination at step SP36 means that the traffic specified in the mirror position request 17 corresponding to the record R selected in step SP30 is the communication specified as the mirror position in the mirror position request 17. This means that the device 4 is being routed.
  • the mirror position candidate listing unit 42 selects the communication device 4 specified in the mirror position request 17 as a mirror position candidate corresponding to the mirror position request 17 corresponding to the record R selected in step SP30.
  • the candidate registration process mentioned later is performed (SP37). Further, after completing the candidate registration process, the mirror position candidate listing unit 42 proceeds to step SP44.
  • the mirror position candidate listing unit 42 uses the record set P of the route management table 33B (FIG. 6B) obtained at step SP32 as the record set for each traffic. Classify into P1 to Pn (SP39). Specifically, the mirror position candidate enumeration unit 42 uses the records P having the same communication ID stored in the communication ID column 33BA (FIG. 6B) as the set P of the records in the route management table 33B obtained in step SP32. Into sets P1 to Pn.
  • the communication device IDs of all the communication devices 4 through which the traffic passes are obtained as a set Si. .
  • the mirror position candidate listing unit 42 executes a candidate search process to be described later in order to search for a mirror position candidate corresponding to the mirror position request 17 corresponding to the record R selected in step SP30 (SP41).
  • the mirror position candidate listing unit 42 stores necessary information of all candidates Ui obtained by the candidate search process in step SP41 (more precisely, all sets Vi converted in step SP42) in the mirror position candidate management table group 35.
  • a candidate registration process for registration is executed (SP43).
  • the mirror position candidate listing unit 42 performs the processing of steps SP31 to SP43 for all the records in the mirror position request management table 34 (FIG. 7) (for all mirror position requests 17 registered in the mirror position request management table 34). It is determined whether or not the execution of the process has been completed (SP44).
  • the mirror position candidate listing unit 42 When the mirror position candidate listing unit 42 obtains a negative result in this determination, it returns to step SP30, and then sequentially switches the record R selected in step SP30 to another record that has not been processed, and then performs the processing in steps SP30 to SP44. repeat.
  • the mirror position candidate enumeration unit 42 executes the processing of steps SP31 to SP43 for all the records in the mirror position request management table 34 (for all the mirror position requests 17 registered in the mirror position request management table 34). If a positive result is obtained in step SP44 by finishing, this mirror position candidate enumeration process is terminated.
  • the mirror position candidate enumeration unit 42 proceeds to step SP41 of the mirror position candidate enumeration process, the mirror position candidate enumeration unit 42 starts the candidate search process shown in FIG. 13, and first selects one communication device ID included in each of the sets S1 to Sn. A set C1 including each of them is created (SP50).
  • step SP50 the unit 42 collects all kinds of elements of the sets S1 to S4 so as not to overlap, which is 7 A, B, C, D, E, F, G.
  • a set C1 having one communication device ID as an element is created.
  • the mirror position candidate listing unit 42 creates a power set of the set C1 created in step SP50, and removes the remaining elements (excluding the empty set and two sets having the same value as C1 from the power set. That is, zero or more sets including the heel set) are set as sets C2 to Cp, respectively (SP51).
  • sets C2 to Cp which are two smaller than the number of elements in the set of sets C1, are created.
  • the mirror position candidate enumeration unit 42 extracts from the sets C1 to Cp a set in which the number of elements in the common part with each set of the sets S1 to Sn is all 1, and sets these as candidates U1 to Uq. (SP52). For example, as shown in FIG. 14 (D), a set C9 having two communication device IDs A and B as elements has two common part elements in the set S1, and therefore may be a candidate Ui. However, the set C13 having two communication device IDs A and F as elements is extracted as a candidate because there is one common element in all of the sets S1 to S4.
  • the purpose of the SP 42 is to calculate a combination of mirror positions for mirroring a plurality of traffics that are simultaneously mirrored to satisfy the mirror position request 17 without collection omission or duplication.
  • each of the sets S1 to Sn represents a communication path as a communication device ID of the communication device 4 for each set of traffic, in order to mirror Si without collection omission or duplication, an element of the set Si is used.
  • the one or more communication device IDs exactly one communication device ID may be selected as the mirror position (when 0, traffic is not collected, and when there are 2 or more, one traffic is duplicated) And mirror it).
  • a set of communication device IDs that select exactly one communication device ID from each set as a mirror position is a set of communication devices ID for which all sets S1 to Sn represent communication paths. Represents a combination of mirror positions where collection omissions and duplication do not occur even when mirroring at the same time.
  • the number of elements in the common part is used to determine whether the set Ck has just selected one communication device ID among the elements of the set Si.
  • the mirror position candidate listing unit 42 ends this candidate search process, and uses the candidates U1 to Uq as shown in FIG. 14E obtained in step SP52 of this candidate search process, as shown in FIG. Step SP41 of the mirror position candidate enumeration process described above is executed.
  • FIG. 15 shows specific contents of the candidate registration process executed by the mirror position candidate enumeration unit 42 in step SP37 or step SP43 of the mirror position candidate enumeration process (FIG. 12).
  • the mirror position candidate enumeration unit 42 starts this candidate registration process.
  • the unique candidate to be given to the mirror position candidate to be registered at that time An ID is generated, and the generated candidate ID is assigned to the request ID column 34A (in the record (record R) of the mirror position request management table 34 (FIG. 7) selected in step SP30 of the mirror position candidate enumeration process (FIG. 12) ( It is registered in the candidate management table 35A (FIG. 8A) of the mirror position candidate management table group 35 (FIG. 8) in association with the request ID stored in FIG. 7 (SP60).
  • the mirror position candidate listing unit 42 in the case of step SP37 of the mirror position candidate listing process, in the corresponding record in the route management table 33B (FIG. 6B) of the communication analysis information table group 33 (FIG. 6). Records belonging to the record set F, records belonging to the record set V1 to Vm in the case of step SP43), and those having the same communication device ID stored in the communication device ID column 33BB (FIG. 6B) The records are grouped together, and the record groups having the same communication device ID obtained by the classification are set as sets X1 to Xp, respectively (SP61).
  • the mirror position candidate listing unit 42 associates the total communication amount calculated in step SP63 and the communication device ID corresponding to the selected record group Xi with the candidate ID generated in step SP60, and the mirror position candidate management table group 35.
  • the candidate position management table 35B (FIG. 8B) (FIG. 8B) of FIG. 8 is registered (SP64). Thereafter, the processing of steps SP63 to SP64 is performed for all sets X1 to Xp obtained by the classification of step SP61. It is determined whether or not the execution has been completed (SP65).
  • step SP62 When the mirror position candidate listing unit 42 obtains a negative result in this determination, it returns to step SP62, and then sequentially switches the set Xi selected in step SP62 to another set Xi that has not been processed, and then proceeds from step SP62 to step SP65. Repeat the process.
  • FIG. 16 shows processing executed by the satisfaction combination selection unit 43 that has received the combination search request from the mirror position candidate listing unit 42 (in the process of step SP7 in FIG. 9). Yes, this is hereinafter referred to as a satisfaction combination selection process).
  • the sufficiency combination selection unit 43 follows the processing procedure shown in FIG. 16 for each mirror position request 17 and selects one mirror from the mirror position candidates enumerated by the mirror position candidate enumeration unit 42. A position candidate is selected, and the selected mirror position candidate is notified to the mirror position selection unit 41 as a mirror position selection result.
  • the satisfaction combination selection unit 43 when the satisfaction combination selection unit 43 receives such a combination search request, the satisfaction combination selection unit 43 starts the satisfaction combination selection process shown in FIG. 16, and first, a candidate management table 35A (FIG. 8) configuring the mirror position candidate management table group 35.
  • a set of candidate IDs C1 to Cn is generated by classifying the candidate IDs stored in the candidate ID column 35AB (FIG. 8A) of each record of (A)) for each requirement ID (SP70). Accordingly, the sets C1 to Cn correspond to different requirement IDs.
  • the sufficiency combination selection unit 43 extracts candidate IDs one by one from the sets C1 to Cn generated in step SP70 and stores them as a set of candidate IDs Sk. As many sets Sk as the number of combinations of candidate IDs that are unique are created and stored as candidate ID sets S1 to Sp (SP71).
  • the sufficiency combination selection unit 43 sets the variable k to 1 (SP72), and corresponds to each candidate ID included in the candidate ID group Sk among the records of the candidate position management table 35B (FIG. 8B).
  • Each of the records that is, each record in which any candidate ID included in the candidate ID group Sk is stored in the candidate ID column 35BA (FIG. 8B)
  • the total value of the stored traffic is calculated for each communication device ID (SP73).
  • the sufficiency combination selection unit 43 refers to the network topology information table 32 (FIG. 5), and in all the communication devices 4 respectively corresponding to the respective communication device IDs for which the total value of the communication amount has been calculated in step SP73. Then, it is determined whether or not the total value is less than or equal to the mirror port threshold (SP74).
  • the satisfaction combination selection unit 43 determines whether or not the value of the variable k is equal to or greater than the number of candidate ID groups S1 to Sp described above (SP75). If the satisfaction combination selection unit 43 obtains a negative result in this determination, it increments (increases by 1) the value of the variable k (SP76), returns to step SP73, and thereafter gives a positive result in step SP74 or step SP75. Steps SP73 to SP76 are repeated until it is obtained.
  • the sufficiency combination selecting unit 43 eventually selects a candidate ID group Sk in which the total amount of traffic in all the communication devices 4 from the candidate ID groups S1 to Sp enumerated in step SP71 is less than or equal to the mirror port threshold of the communication device 4.
  • a positive result is obtained in step SP74 by first detecting the ID, the requirement ID indicated by the candidate included in the candidate ID group Sk and the correspondence relationship between the communication device IDs are selected as mirror positions (SP78). Then, the satisfaction combination selection process is terminated.
  • the sufficiency combination selecting unit 43 can detect a candidate ID group Sk in which the total value of the communication amount is less than or equal to the mirror port threshold value of the communication device 4 among the candidate ID groups Sk listed in step SP71. If a positive result is obtained in step SP75, a predetermined error notification is transmitted to the mirror position selection unit 41 (SP77), and then the satisfaction combination selection process is terminated.
  • FIG. 17 shows a mirroring status display screen 60 that can be displayed on the client terminal 15 (FIG. 1) or the operation management apparatus 16 (FIG. 1) of the operation source 9 by a predetermined operation.
  • the mirroring status display screen 60 displays the mirroring status of traffic that has a mirror position set in the traffic flowing through the data network 2, and the traffic on the mirror port MP of the traffic in each communication device 4 that is set to the mirror position. Is a screen for presenting to the user.
  • the mirroring status display screen 60 includes a mirror acquisition status display area 61 and a mirror port traffic display area 62.
  • the mirror acquisition status display area 61 is an area for displaying the mirroring acquisition status in the data network 2
  • the mirror port traffic display area 62 is a mirror of the communication device 4 set as the mirror position in the data network 2. This is an area for displaying the traffic of the port MP.
  • one or more communication device icons 70 are displayed in correspondence with the communication devices 4 constituting the data network 2.
  • the target traffic line 71 represents a path of traffic (target traffic) that is mirrored, and the mirror position icon 72 corresponds to the communication device icon 70 of the communication device 4 that is mirroring the target traffic. Is displayed.
  • the target traffic line 71 is displayed in a different color or line type (solid line or broken line) for each mirror position request 17 (request ID), and the correspondence between the target traffic and the target traffic line 71 is displayed in the legend 73.
  • two-dimensional coordinates 80 are displayed with the traffic volume on the vertical axis and the time on the horizontal axis.
  • a specific communication device icon 70 communication device icon 70 corresponding to the communication device 4 set at the mirror position
  • the communication device corresponding to the communication device icon 70 is displayed.
  • One or a plurality of graphs 81 each representing the traffic amount of each target traffic in the four mirror ports MP are displayed in a two-dimensional coordinate 80 in a stacked graph format.
  • a threshold line 82 indicating the threshold of the traffic amount of the mirror port MP is also displayed.
  • the graph 81 for each target traffic in the two-dimensional coordinate 80 is a traffic volume column 33BC in the row corresponding to the communication device 4 of the target traffic in the path management table 33B described above with reference to FIG. 6B (FIG. 6B).
  • the threshold line 82 is generated based on the mirror port threshold value of the communication device 4 registered in the network topology information table 32 described above with reference to FIG.
  • the mirror position candidate enumeration unit 42 identifies and identifies all the communication devices 4 through which the target traffic passes. All combinations of these communication devices 4 are listed as mirror position candidates, and thereafter, in the satisfaction combination selection unit 43, the mirror position candidates are configured from the mirror position candidates listed by the mirror position candidate listing unit 42. For all the communication devices 4, one mirror position candidate whose communication amount of the mirror port MP is equal to or less than a mirror port threshold value to be described later is selected, and this is notified to the mirror position selection unit 41 as a mirror position selection result.
  • the communication device 4 that does not cause congestion in the mirror port MP can be selected as the mirror position, and thus the mirror position (where the mirrored traffic can be executed without discarding the mirrored traffic) The communication device 4) can be selected quickly.
  • FIG. 18 which shows the same reference numerals corresponding to FIGS. 1 to 4, shows a logical configuration of a communication system 90 according to the second embodiment.
  • This communication system 90 performs the reselection of the mirror position when the free bandwidth of the mirror port MP (FIG. 1) of the communication device 91 is below a certain amount, and when the reselection of the mirror position is unnecessary. It is characterized in that a user or the like can be set so as not to perform such reselection.
  • the hardware configuration and other functions of the communication system 90 according to the present embodiment are the same as those of the communication system 1 according to the first embodiment, and a description thereof will be omitted here.
  • a band information output function 92 is installed in the communication device 91.
  • This band information output function 92 uses the current use band of the mirror port MP of the communication device 91 (hereinafter referred to as the mirror port use band) as mirror port band information 93 at a predetermined time interval set as a control network.
  • 7 is a function of transmitting to the management apparatus 94 via 7.
  • Such a function is publicly known, and for example, a function of an SNNP (Simple Network Management Protocol) agent provided in a general communication apparatus can be applied.
  • SNNP Simple Network Management Protocol
  • the management device 94 is the same as that of the first embodiment except that the mirror port bandwidth monitoring unit 100 is provided, the function of the mirror position selection unit 101 is different, and the configuration of the mirror position request management table 102 is different.
  • the configuration is the same as that of the management device 8.
  • the mirror port bandwidth monitoring unit 100 and the mirror position selection unit 101 according to the present embodiment execute the management program 103 (FIG. 3) of the present embodiment stored in the main storage device 22 by the processor of the management device 8. It is a function that is embodied.
  • the mirror port bandwidth monitoring unit 100 performs processing for monitoring the mirror port usage bandwidth of each communication device 91 based on the above-described mirror port bandwidth information 93 transmitted from each communication device 91 constituting the data network 2. Execute.
  • the mirror port bandwidth monitoring unit 100 refers to the network topology information table 32 (FIG. 5) and the mirror port bandwidth information 93. Is specified in the communication device ID column 32A (FIG. 5), and the mirror port threshold column 32D (FIG. 5) of the record is specified. From this, the mirror port threshold value of the communication device 91 is acquired.
  • the mirror port bandwidth monitoring unit 100 compares the acquired mirror port threshold value with the current mirror port usage bandwidth stored in the mirror port bandwidth information 93, and the mirror port usage bandwidth is greater than the mirror port threshold value. In this case, a mirror position reselection request is given to the mirror position selection unit 101.
  • the mirror position request 103 transmitted from the operation source 9 to the management apparatus 94 is fixed to the mirror position in addition to one or more combinations of communication requirements and mirror position communication apparatus ID. It differs from the communication system 1 of the first embodiment in that a flag is included.
  • the mirror position fixing flag is a Boolean value indicating whether the mirror position of the target traffic can be changed from the communication apparatus 91 once set to another communication apparatus 91, and is “true (cannot be changed)” or “false (changeable). ) ”.
  • the mirror position request management table 102 of the present embodiment has a request ID column 34A and a communication requirement column 34B of the mirror position request management table 34 of the first embodiment described above with reference to FIG.
  • a mirror position fixing flag column 102D is provided in addition to the request ID column 102A, the communication requirement column 102B, and the mirror position communication device ID column 102C having the same function and configuration as the mirror position communication device ID column 34C.
  • the mirror position fixing flag included in the mirror position request 103 received by the selection unit 101 is stored and managed in this mirror position fixing flag column 102D.
  • the mirror position selection unit 101 has a mirror position fixing flag included in the mirror position request 103 of “false”. If the mirror port bandwidth monitoring unit 100 gives the above-described mirror position reselection request, the function for re-selecting the mirror position is executed. It is equipped with functions.
  • the mirror position selection unit 101 registers this in the mirror position request management table 102 as in the case of the mirror position selection unit 41 of the first embodiment.
  • a mirror position candidate enumeration request is given to the mirror position candidate enumeration unit 42 at a predetermined timing.
  • the request included in this notification (mirror position selection result) on the mirror position request management table 102.
  • a record in which the same request ID as the ID is stored in the request ID column 102A (FIG. 19) is searched, and the mirror position fixing flag stored in the mirror position fixing flag column 102D (FIG. 19) of the record detected by this search is acquired. To do.
  • the mirror position selection unit 101 stores the record of the candidate position management table 35B (FIG. 8B) in the mirror position candidate management table group 35.
  • a record in which the same candidate ID as the candidate ID included in the mirror position selection result is stored in the candidate ID column 35BA (FIG. 8B) is detected, and the communication device ID column 35BB (FIG. 8) of the record is detected.
  • the communication device ID stored in (B)) (hereinafter referred to as a candidate communication device ID) is acquired.
  • the mirror position selection unit 101 has the same request ID as the request ID included in the mirror position selection result given from the satisfaction combination selection unit 43 among the records in the mirror position request management table 102.
  • the record stored in FIG. 19) is detected, and the candidate communication device ID acquired as described above is stored in the mirror position communication device ID column 102C (FIG. 19) of the record.
  • the mirror position selection unit 101 does not update the value.
  • the other processes are the same as the processes after step SP9 in FIG. 9 described above for the first embodiment.
  • the mirror position selection unit 101 performs the same processing as the mirror position selection unit 41 (FIG. 4) of the first embodiment. I do.
  • the mirror position selection unit 101 executes the same process as when the mirror position request 103 is given from the operation source 9 described above.
  • the mirror position is automatically reselected when the mirror port bandwidth of the communication device 91 exceeds the threshold value (mirror port threshold value) set for the mirror port MP.
  • the result is notified to the operation source 9 as a mirror position response 18.
  • the mirror port use band of the communication device 91 exceeds a predetermined mirror port threshold (that is, the empty band of the mirror port MP is less than a certain amount).
  • a predetermined mirror port threshold that is, the empty band of the mirror port MP is less than a certain amount.
  • the mirror position is reselected, so that it is possible to prevent the occurrence of a situation in which the mirror port congestion occurs in the communication device 4 set at the mirror position and the mirrored traffic is discarded. it can.
  • the mirror position can be fixed by setting the mirror position fixing flag to “true” in the mirror position request. Therefore, the mirror position is changed for important traffic. It is possible to prevent a momentary interruption of traffic collection.
  • the network information analysis unit 40 the mirror position selection unit 41, the mirror position candidate listing unit 42, and the satisfaction combination of the management devices 8 and 94 are provided.
  • the selection unit 43 and the mirror port bandwidth monitoring unit 100 are configured as software has been described, the present invention is not limited to this, and some or all of these may be configured as hardware.
  • the mirroring status display screen 60 described above with reference to FIG. 17 among the traffic flowing through the data network 2, the status of mirroring of the traffic whose mirror position is set, and the mirror
  • the present invention is not limited to this, for example, the mirroring status display screen 60 May be used to add traffic that is being mirrored, specify a mirror position, and perform access control for each user.
  • the table format is applied as the format for holding information such as communication analysis information and network topology information
  • the present invention is not limited to this.
  • various other formats can be widely applied.
  • the present invention is not limited to this, and a dedicated device may be provided separately from the management device used by the system administrator for managing the data network 2, and such a mirror position selection function may be installed in the dedicated device.
  • the present invention can be widely applied to various communication systems.

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

[Problème] L'invention a pour objet de permettre la sélection rapide d'un dispositif de communication capable d'exécuter une duplication de ports sans éliminer le trafic dupliqué. [Solution] Au moment de la sélection d'un dispositif de communication en vue de procéder à une duplication de ports d'un trafic circulant à travers un réseau constitué par une pluralité de dispositifs de communication, des dispositifs de communication à travers lesquels passent des trafics circulant à travers le réseau sont déterminés; un trafic devant faire l'objet de la duplication de ports est déterminé; tous les dispositifs de communication à travers lesquels le trafic déterminé passe sont déterminés; des combinaisons des dispositifs de communication servant à procéder à la duplication de ports parmi les dispositifs déterminés de communication sont énumérées et, parmi les combinaisons énumérées des dispositifs de communication, une combinaison telle que, dans les dispositifs de communication constituant les combinaisons, aucun encombrement ne se produit au niveau du port miroir des dispositifs de communication pour procéder à la duplication de ports est sélectionnée.
PCT/JP2015/056983 2015-03-10 2015-03-10 Dispositif de traitement d'information et procédé de sélection de positions de duplication de ports WO2016143066A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2015/056983 WO2016143066A1 (fr) 2015-03-10 2015-03-10 Dispositif de traitement d'information et procédé de sélection de positions de duplication de ports

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2015/056983 WO2016143066A1 (fr) 2015-03-10 2015-03-10 Dispositif de traitement d'information et procédé de sélection de positions de duplication de ports

Publications (1)

Publication Number Publication Date
WO2016143066A1 true WO2016143066A1 (fr) 2016-09-15

Family

ID=56878669

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2015/056983 WO2016143066A1 (fr) 2015-03-10 2015-03-10 Dispositif de traitement d'information et procédé de sélection de positions de duplication de ports

Country Status (1)

Country Link
WO (1) WO2016143066A1 (fr)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2010245710A (ja) * 2009-04-03 2010-10-28 Mitsubishi Electric Corp ネットワーク管理装置及び通信システム及びネットワーク管理方法及びプログラム
WO2011155510A1 (fr) * 2010-06-08 2011-12-15 日本電気株式会社 Système de communication, appareil de contrôle, procédé et programme de capture de paquets
JP2014216991A (ja) * 2013-04-30 2014-11-17 株式会社日立製作所 分析サーバ及び分析方法

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2010245710A (ja) * 2009-04-03 2010-10-28 Mitsubishi Electric Corp ネットワーク管理装置及び通信システム及びネットワーク管理方法及びプログラム
WO2011155510A1 (fr) * 2010-06-08 2011-12-15 日本電気株式会社 Système de communication, appareil de contrôle, procédé et programme de capture de paquets
JP2014216991A (ja) * 2013-04-30 2014-11-17 株式会社日立製作所 分析サーバ及び分析方法

Similar Documents

Publication Publication Date Title
US11689413B2 (en) Configuring system resources for different reference architectures
Kaur et al. A comprehensive survey of service function chain provisioning approaches in SDN and NFV architecture
US11695615B2 (en) Configuring a network
US11323338B2 (en) Verifying service status
US7949882B2 (en) Storage session management system in storage area network
WO2020168356A2 (fr) Systèmes et procédés de mise en etat pour la migration vers le nuage
EP3432551B1 (fr) Division de charge utile de découverte de réseau en fonction du degré des relations entre des noeuds
US11388046B2 (en) Port configuration for cloud migration readiness
US20180343162A1 (en) System management apparatus and system management method
JP2012054622A (ja) ネットワークシステム、管理サーバ及びoam試験管理方法
US11520621B2 (en) Computational instance batching and automation orchestration based on resource usage and availability
WO2019163912A1 (fr) Système de réseau, procédé de gestion de topologie et programme
US10313180B2 (en) Systems and methods for managing switching devices in an information handling system
WO2016143066A1 (fr) Dispositif de traitement d'information et procédé de sélection de positions de duplication de ports
US8041671B2 (en) Method and system for providing a homogeneous view of a distributed common information model (CIM) within a heterogeneous virtual system environment
WO2007086129A1 (fr) Programme de gestion de réseau, appareil de gestion de réseau et méthode de gestion de réseau
US20240231919A1 (en) Efficient Cloud-Based Discovery of Computing Resources
US20240205094A1 (en) Application monitoring system for network orchestration

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15884558

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15884558

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: JP