WO2017068618A1 - Routing control device and network - Google Patents

Routing control device and network Download PDF

Info

Publication number
WO2017068618A1
WO2017068618A1 PCT/JP2015/079403 JP2015079403W WO2017068618A1 WO 2017068618 A1 WO2017068618 A1 WO 2017068618A1 JP 2015079403 W JP2015079403 W JP 2015079403W WO 2017068618 A1 WO2017068618 A1 WO 2017068618A1
Authority
WO
WIPO (PCT)
Prior art keywords
sdn
flow
packet
network
route
Prior art date
Application number
PCT/JP2015/079403
Other languages
French (fr)
Japanese (ja)
Inventor
古谷 信司
Original Assignee
三菱電機株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 三菱電機株式会社 filed Critical 三菱電機株式会社
Priority to PCT/JP2015/079403 priority Critical patent/WO2017068618A1/en
Publication of WO2017068618A1 publication Critical patent/WO2017068618A1/en

Links

Images

Definitions

  • the present invention relates to a route control device and a network for controlling a route of a packet in the network.
  • Non-Patent Document 1 a method is known in which a control device (controller) that manages the network system performs this connection path control. Yes.
  • this control device has been used in an architecture called SDN (Software Defined Network).
  • SDN Software Defined Network
  • IP Internet Protocol
  • the safest approach is to replace the department or build a new one and connect it to an existing IP network and identify each characteristic before developing. In this case, a request to connect the existing IP network and the SDN is generated, and the existing IP network and the SDN must be able to cooperate particularly in an interface and a device redundancy function.
  • IP addresses can be managed in units of systems, departments, etc. as in the past.
  • FIG. 37 shows a configuration example of an existing redundant IP network. This is often used in in-house data centers or bases composed of a plurality of buildings. Each IP network in which a plurality of L2 switches are connected with a router or L3 switch at the top is connected to the backbone switch. When applying SDN, it is the safest way to start by selecting and replacing places with less impact. This is shown in FIG. Here, a combination of SDN and a router is connected. With this configuration, it is possible to link an existing IP network with a redundant function and perform IP address management in an existing manner. There are some SDNs that can virtually configure L3 functions, but the number is small, and connection may not be successful due to differences in vendors between SDNs and existing IP networks. It is.
  • FIG. 7 of Non-Patent Document 2 shows a state where an appliance pool is connected to the SDN.
  • the conventional network configuration is necessary for normal communication.
  • communication packets are always input to the routers 11 and 12 in FIG. 39 and the network appliance in Non-Patent Document 2, which are conventional techniques. Therefore, it is impossible to apply an inexpensive router or network appliance with low performance.
  • SDN controllers in OSS open source software
  • SDN switches are becoming cheaper, and the routers or network appliances to be applied are expensive. It can be a disturbing factor.
  • the processing load is reduced by reducing packets passing through the router or network appliance, and it is possible to support routers or network appliances that do not have high processing capacity such as forwarding. It becomes a problem to have a simple network configuration.
  • the present invention has been made to solve the above-described problem, and reduces the processing load of the router or the network appliance by reducing packets passing through the router or the network appliance, and is inexpensive and does not have a high processing capacity.
  • Another object is to construct a network that can be supported by a network appliance.
  • the path control device has a connection relationship with another network, and a network control unit that sets a packet path in SDN (Software Defined Network), is input to the SDN from another network, and the SDN A packet that is calculated in its own device through the first path that passes through the network appliance outside the SDN from the input location that is input to the output location that is output from the SDN to the network appliance. And a flow direct connection unit that constructs the second path so as to be transmitted through the second path from the input location to the output location without going through.
  • SDN Software Defined Network
  • the present invention it is possible to reduce the processing load of the router or the network appliance by reducing packets passing through the router or the network appliance, and to construct a network that can be handled by an inexpensive router or network appliance having a low processing capacity. Can do.
  • the figure which shows the exchange of the routing protocol in the existing IP network The physical block diagram at the time of connecting SDN to the existing IP network.
  • the logical block diagram of SDN which has a virtual router function.
  • FIG. The figure which shows operation
  • Each flow setting information of the return path in Embodiment 4 of this invention The block diagram at the time of mounting the flow direct connection part 110 on the computer physically different from the SDN controller in Embodiment 4 of this invention.
  • the block diagram in the case of receiving a log via the communication interface in Embodiment 4 of this invention.
  • the block diagram of the existing redundant IP network The network block diagram which connected SDN and IP network. A state of constructing a connection path in the prior art.
  • Embodiment 1 FIG. Embodiment 1 of the present invention will be described below.
  • FIG. 37 shows an example of a physical configuration of redundant connection in an existing IP (Internet Protocol) network.
  • IP Internet Protocol
  • Terminals are normally managed in units of IP subnets, and are connected in units of departments, floors, bases, etc. starting from a router / L3 (Layer 3) switch.
  • the L2 switch in the center of FIG. 37 constitutes a backbone network and connects each floor and base.
  • a routing table is constructed by developing the IP subnet information formed by each router and L3 switch by using a dynamic routing protocol. The state of routing protocol exchange is shown in FIG.
  • the IP subnet information is not expanded from the device, so it is automatically excluded from the destination, and it is possible to avoid the operation of trying to transfer an IP packet to the down destination. . Further, by connecting in a stub shape, it is possible to prevent a phenomenon in which when a single device goes down, a plurality of normal devices adjacent thereto are not substantially used.
  • FIG. 2 shows an example of a physical configuration when an SDN (Software Defined Network) is connected.
  • SDN Software Defined Network
  • two SDN switches SW00, SW01
  • SW00, SW01 which are positioned on an equal basis
  • the L3 functions such as the router and the L3 switch are also used as the backbone as in the existing IP network of each base. Need to be placed between. For this reason, some SDNs have a virtual router function, and this virtual router function can achieve the purpose of arranging the L3 function.
  • FIG. 3 shows a logical configuration, and the physical configuration of the SDN is the same as FIG.
  • the virtual router is a function that is virtually realized by the SDN controller which is a network control unit, a dynamic routing protocol or the like that operates therein is mounted on the SDN controller. Therefore, as shown in FIG. 3, the virtual router function operating on the SDN controller exchanges IP subnet information with the router / L3 switch of the existing IP network by a dynamic routing protocol, and stores a routing table in the SDN controller. Once constructed, the virtual router can perform IP forwarding processing.
  • the state of the SDN virtual router includes the following.
  • A1 Virtual router function not supported (A2) Virtual router function supported but dynamic routing protocol not supported (A3) Virtual router function and standard dynamic routing protocol supported OSS (Open Source Software)
  • A2 Virtual router function not supported
  • A3 Virtual router function and standard dynamic routing protocol supported OSS (Open Source Software)
  • SDN controllers and vendors There is no particular trend of SDN controllers and vendors from each project. There are some in the SDN controller provided by the vendor in the state (A2). In that case, forwarding is performed by a static routing protocol, and a redundant configuration cannot be supported. However, there is an aspect that the user expects to independently develop addition of a dynamic routing function using OSS.
  • the SDN controller product in the state (A3) includes an SDN controller in the state (A1) added with OSS router software.
  • the SDN controller in the state (A1) and the state (A2) applies the virtual router function that has been developed and supported the dynamic routing protocol as the configuration of the state (A3). Connect to the network. As a result, it becomes possible to link and maintain the existing IP network and the redundant function.
  • RIP IETF RFC2453-Routing Information Protocol Version 2
  • OSPF IETF RFC2328-Open Shortest Path First Version 2
  • EIGRP IETF draft-Enhanced Interior Gateway Routing Protocol
  • the existing IP network uses the above (a) or (b).
  • many vendor routers to which a unique protocol is applied support the standard protocol, and can be linked by setting both protocols in the router.
  • FIG. 1 An example of the configuration is shown in FIG.
  • two routers 101 and 102 which are one form of network appliance, are installed for redundancy support, and the two interfaces are connected to different SDN switches.
  • each interface is a trunk connection of two VLANs (Virtual Local Area Network), and each interface is connected to a VLAN on the existing IP network side and a VLAN on the terminal server side in the SDN.
  • the logical configuration of the network is shown in FIG. A description of the logical configuration of FIG. 6 will be described later.
  • the router applied here must be high-speed. It is desirable to be able to perform forwarding by hardware while maintaining the functionality of a router as performed by an SDN switch.
  • FIG. 6 which is an example in which FIG. 5 is replaced with a logical configuration will be described.
  • the high-speed router shown in FIG. 6 has a configuration in which each high-speed router connects the IP subnet of the terminal / server group directly below the SDN and the backbone subnet, similarly to the virtual router shown in FIG.
  • Each interface of the high-speed router is a trunk connection of two VLANs, one is connected to the VLAN on the existing IP network side, and the other is connected to the VLAN of the terminal / server accommodated by the SDN.
  • the router 102 can perform the forwarding function because it is connected to the backbone network and the terminal / server in the SDN by IF-2. Even when the router 101 goes down, the router 102 is connected to each VLAN (VLAN 311, VLAN 312, VLAN 331, and VLAN 332) through the IF-1 and IF-2 trunk connections without any problem in the IP network configuration. Therefore, it is possible to transfer packets between the VLANs, and the transfer environment is necessary and sufficient.
  • connection request for example, TCP-SYN
  • the router 100 searches the routing table held by itself for the IP address of the packet destination, and obtains the IF-1 of the router 102 as the next destination as a result. (IP forwarding process).
  • IP forwarding process the next transfer destination candidates for the IP address of the router 100 are IF-1 and IF-2 of the router 101, and IF-1 and IF-2 of the router 102, but connection information (here, TCP / Generally, the load is distributed according to a certain algorithm using (IP header information).
  • the SDNC searches the connection destination interface of the destination MAC (Media Access Control) address and calculates the route, finds that the destination is the IF-1 of the SDN switch SDNS 222, and each SDN switch in the SDN.
  • the connection path is set, the connection path 103 shown in FIG. 7 is constructed, and the request packet is transferred to IF-2 of the router 102.
  • the router 102 has found that the destination IP address is in the same subnet as the IP address of the IF-1 of the router 102. Send from. Since the destination IP address is that of IF-1 of server B, the request packet arrives safely at IF-1 of server B.
  • the SDN switch SDNS 221 searches the connection path table for the packet input from IF-1, and notifies the SDN controller SDNC to that effect because it does not hit.
  • the SDNC searches the connection destination interface of the destination MAC address of the packet and calculates the route, finds out that it is connected to IF-1 of the SDN switch SDNS231, and connects the connection path to each SDN switch in the SDN. Settings are made, the connection path 104 shown in FIG. 7 is constructed, and the packet is transferred to IF-1 of server B. In this way, the SDN controller SDNC always constructs two connection paths and passes through the SDN. This flow is the same in communication between a terminal and a server having different IP subnets in the SDN.
  • the router interface is a VLAN trunk connection, and the existing IP network and server interfaces are not. Therefore, the VLAN tag is added in S1 and the VLAN tag is deleted in S2, using the SDN switch on each route. It is set as follows. In addition, this is an example when a connection establishment request is made from a terminal in an existing IP network to a server under SDN, but in the reverse case, the order and direction only change, as described here, It is the same that two connection paths (flows) per one direction and a total of four connection paths per TCP / IP 1 connection (bidirectional) are built in the SDN. Here, two connection paths are entered through the network appliance outside the SDN from the IF-1 of the SDNS 211 that is one of the entrances to the SDN to the output location that is output from the SDN. The path constructed by these two connection paths is called the first path.
  • the configuration shown in FIG. 5 solves the problem of connecting the existing IP network and the SDN with the redundant function in any state of the above-mentioned (A1) to (A3). Can do. Therefore, it is the most effective approach. Therefore, the following is applied as means for solving the problem in the configuration of FIG. Instead of a high-speed router, a dedicated router for dynamic routing processing, which is inexpensive and supports a dynamic routing protocol as a function but has a low IP forward processing capability, is arranged. b. Directly connect the connection paths established via the high-speed router immediately after establishment, thereby avoiding the data packet forwarding processing at the router for exclusive use of dynamic routing. Problem (iv) can be solved by applying means a and b. Since the problem (iii) is eventually replaced with the communication closed to the SDN, it is possible to apply the function unique to the SDN. That is, both (iii) and (iv) are solved.
  • FIG. 8 shows a state in which the connection path direct connection function unit (hereinafter, flow direct connection unit) 110 is applied.
  • FIG. 8 illustrates a configuration in which the route control device 120 includes an SDN controller that is a network control unit and a flow (connection path) direct connection unit 110.
  • the route control device 120 includes an SDN controller that is a network control unit and a flow (connection path) direct connection unit 110.
  • SDN controller that is a network control unit
  • flow (connection path) direct connection unit 110 In the configuration shown in FIG. 8, it is possible to link with a redundant function of an existing IP network not only by the vendor but also by a dynamic routing protocol as well as a standard, and a router as one form of network appliance is inexpensive and the existing IP network side There is no need to change the setting and no test evaluation is required.
  • the flow direct connection unit 110 is applied as a part of the function of the SDN controller.
  • the process itself is in the same network appliance (or computer / PC) as the SDN controller through an API (Application Programming Interface). May be on other network appliances.
  • the dedicated router for dynamic routing processing is a low-cost router that does not have high forwarding processing capability and supports the dynamic routing protocol at a minimum.
  • the packet forwarding process is only required to forward two or three packets at the time of establishing the connection path without delay. There is a possibility that the price can be reduced by one or two digits compared to a high-speed router.
  • the outline of the flow direct connection part 110 is shown.
  • a packet transmitted from a terminal in an existing IP network to a server in the SDN is relayed by a dedicated router for dynamic routing processing and reaches a server in the destination SDN. Therefore, in order to once go out of the SDN and input again to the SDN, two one-way connection paths (flows) are constructed as shown in FIG.
  • the flow direct connection unit 110 includes an input location to the SDN (SDN switch SDNS 211 and its interface IF-1) of a connection path (first connection path: “previous” flow) addressed to the dedicated router for dynamic routing processing, A connection path (the SDN switch SDNS 231 and its interface IF-1) output from the SDN of the connection path (second connection path: “after” flow) from the router to the server is captured and the connection path connecting them is shown in FIG. Build as shown in).
  • the router since the router rewrites the MAC address of the packet, one of the SDN switches on the connection path in FIG. 9B performs connection path setting including the rewriting.
  • connection path to be rewritten is set at the first or last SDN switch on the route, and it is preferable to fix to either of them when mounting.
  • the route that once passes through the network appliance outside the SDN from the input location input to the SDN to the output location output from the SDN is defined as the first route.
  • a route from the input location to the output location without going through the network appliance as shown in FIG. 9B is referred to as a second route.
  • connection paths in the “previous relationship” have the following relationship.
  • B1 The TCPUDP / IP header information is the same, but the MAC address is different. This is because the dedicated router for dynamic routing processes performs IP forwarding processing on communication packets, so even if the L2 transmission / reception address (MAC address) changes, the transmission / reception address information of the L3 and higher layers does not change. That is, since the dedicated router for dynamic routing processing is a connection relayed by IP, the following conditions are satisfied for the IP address and the MAC address.
  • B2) The IP address of the router dedicated to dynamic routing is not included in the transmission / reception IP address.
  • B3) Either the sending or receiving MAC address is for a router dedicated to dynamic routing, "Front" connection path: destination MAC address "Back" connection path: source MAC address.
  • the information to be confirmed in the above (B1) to (B3) is all packet header information, and is information that can be acquired by the SDN controller in the existing SDN. Therefore, the identification can be performed by the SDN controller, and there is no function required for the SDN switch, and no function addition to the SDN switch is required.
  • the route control device 120 includes an SDN controller which is a network control unit and a flow (connection path) direct connection unit 110.
  • SDN the SDN
  • the devices constituting the existing IP network, and the dedicated router for dynamic routing processing (hereinafter referred to as a dedicated router) are existing.
  • the logical configuration in this case is shown in FIG. FIG. 10 is obtained by replacing the high-speed router of FIG. 6 with an existing router (a dedicated router for dynamic routing processing).
  • the SDN controller itself, an OSS or a commercially available one added with a function using a public software API (Application Programming Interface) is included.
  • each dedicated router is set as VLAN trunks as shown in FIG. 10, and are connected to the VLANs of terminals and servers directly accommodated by the existing IP network and SDN. This is a minimum configuration in which one down does not involve another device or interface in each of the interface down and the device down.
  • FIG. 11 shows a state in which communication is performed between a terminal and a server at the end of an existing IP network.
  • a packet is transferred from the terminal to the server, a configuration in which there is an SDN before and after the dedicated router Shown along the flow.
  • the gray background indicates that these are one SDN and is folded back into one SDN before and after the dedicated router.
  • the interface connected to the dedicated router corresponds to a total of four black thin lines drawn from the router 111 and the router 112 which are one form of the network appliance of FIG. Thus, it is not always physically different.
  • the SDN controller is equipped with a connection path direct connection function.
  • the MAC address of the router is obtained from the console of the dedicated router and others, and is set in the flow direct connection unit 110 together with the IP address set for the corresponding interface.
  • the IP address and the MAC address may not be associated.
  • the setting method depends on the implementation, and there are means such as setting from a dedicated console, setting on a dedicated Web page, or writing in a setting file that the flow direct connection unit 110 refers to when starting itself. This completes the basic preparation.
  • FIG. 12 shows a processing flow when setting in the flow direct connection unit 110.
  • the flow direct connection unit 110 first reads the IP address of the interface used for relaying the dedicated router from the flow direct connection function setting file and stores it inside (S1201), inquires the SDN controller using the IP address as a key, and corresponding MAC An address is acquired and stored internally (S1202).
  • the communication packet arrives at one interface (SDNS 211, IF-1) of one SDN switch of the SDN.
  • the SDN switch searches its own flow table, and if it hits, processes it accordingly, but if it does not hit, generates a PACKET_IN message in which the packet is posted and transfers it to the SDN controller (S1).
  • the SDN switch and interface of the output destination are specified from the input SDN switch and interface number indicated in the PACKET_IN message and the destination information of the packet, and the FLOW_MOD message is constructed and transmitted to the necessary SDN switch.
  • the flow is set (S2).
  • the communication packet generated by generating the PACKET_OUT message is transferred to the output destination of the SDN (S3).
  • FIG. 14 shows a processing flow performed by this SDN controller.
  • SDN controller when PACKET_IN arrives, normal processing by the SDN controller is performed. Of the flows in the “front-rear relationship”, S1 to S3 correspond to “front” and S4 to S6 correspond to “rear”.
  • S1 to S3 correspond to “front”
  • S4 to S6 correspond to “rear”.
  • the implementation of the flow direct connection unit 110 is a process in which processing for determining which PACKET_IN is used is interwoven as necessary. In the following, processing contents that do not assume whether the PACKET_IN is S1 or S4 in FIG. 13 are shown. Therefore, this can be considered as an example of the processing content of the flow direct connection unit 110 as it is.
  • FIG. 15 is a functional configuration diagram of the flow direct connection unit 110, the SDN controller, and the path control device 120 including the flow direct connection unit 110 and the SDN controller according to the first embodiment. Further, FIG. 16 shows processing performed in the flow direct connection unit 110 of the first embodiment, and FIG. 17 shows “after” flow processing performed in the flow direct connection unit 110.
  • the flow direct coupling unit 110 receives the PACKET_IN (corresponding to S1 or S4 in FIG. 13) or the constructed flow information (corresponding to PACKET_IN) copied by the SDN controller in the PACKET_IN receiving unit 150, it is posted in the PACKET_IN.
  • the transmission / reception IP address of the communication packet is extracted (S1601).
  • the processing contents are different as shown below depending on whether the MAC address matching the dedicated router is the destination MAC address or the source MAC address of the input packet.
  • the destination MAC address matches the dedicated router Since it corresponds to “previous” in the “previous” and “previous” relationships, “front” of the flow direct connection unit 110
  • the process is completed by registering in the previous flow entry table 154 which is a list of “previous” flows held by the flow processing unit 153 (S1606).
  • the contents to be registered include TCP / UDP / IP / MAC header information for later retrieval and the SDN switch I input to the SDN. D and interface number.
  • the “after” flow processing unit 155 Searches for the corresponding "previous" flow in the previous flow entry table 154, and if found, extracts the entry, deletes it from the previous flow entry table 154, enters the direct processing, and if not found, completes the processing there To do. Since the MAC address match is confirmed in the order of destination and source, the processing may be completed here.
  • searching the previous flow entry table information necessary for identifying the TCP / IP connection is used. Specifically: The following are all the same in the flow in the “previous relationship”.
  • FIG. 17 shows a processing flow related to PACKET_IN of the “after” flow performed in the flow direct connection unit 110.
  • the flow direct connection unit 110 first searches the previous flow entry table with the TCP / IP header information (S1701). If there is information (PACKET_IN message) of the “previous” flow that has been searched and hit (S1702), the matched entry information is extracted and the entry is deleted from the table (S1703). Then, the input SDN switch ID and interface number are extracted from the matched entry information (S1704), and the destination MAC address is extracted from PACKET_IN of the subsequent flow (S1705).
  • (D2) Obtain SDN switch ID and interface number with destination MAC address as key SDN controller MAC address and SDN switch ID / interface number of terminal (any device) directly connected to SDN managed by itself The table is held. This is also the basic function of the SDN switch as an L2 switch, and without this, a flow cannot be constructed. In mounting, flow direct connection part 1 It is also possible that 10 retrieves a correspondence list of MAC addresses, SDN switch IDs, and interface numbers. (D3) Calculate the route in the SDN from the SDN switch ID and interface number at both ends. SDN switch ID and input interface number that the communication packet has input to the SDN. And the output destination SDN searched by the function (D2) from the destination information of the communication packet.
  • the route is calculated from the switch ID and output interface number information, and the SD on the route is calculated. It is possible to obtain the N switch and the interface number that becomes the entrance and exit of each. This is also an essential function for building a flow.
  • the flow direct connection unit 110 succeeds in acquiring the output destination switch ID and interface number in S1706 (S1707), the input SDN switch ID and interface of the “previous” flow are input locations, and the output SDN switch ID and interface of the “rear” flow are input. Is output to the SDN controller from the route inquiry processing unit 157 (S1708), and when the inquiry is successful (S1709), each SDN switch on the route is referred to based on the acquired route and flow information.
  • Flow setting is performed via the flow setting transmission unit 158 and the SDN controller (S1710). Since all the routes have been found through such processing, a flow is set for each SDN switch on the route. That is, a route is calculated in the route control device 120, and finally, each SDN switch is set based on the calculated route.
  • n is an integer from 1 to N, which indicates the nth SDN switch on the path.
  • SDN switch IDn input interface number n
  • output interface number n the number of SDN switches on the path.
  • the communication packet actually passes through the router, it is necessary to rewrite the transmission / reception MAC address on the way. It is not essential to include the MAC address as matching information when setting a flow, but it is better to include it when considering multi-tenant.
  • the SDN switch at the most downstream position on the route is rewritten. In this case, the flow set for each SDN switch IDn is as shown in FIG. In FIG. 18, “interface” is expressed as “IF”.
  • the order of setting change is performed from the downstream.
  • the next input communication packet is hit there and the SDN switch forwards according to the flow.
  • the setting is completed for all SDN switches on the route.
  • a meaningless PACKET_IN is transmitted from the SDN switch on the route.
  • the sending / receiving MAC address is converted from the communication packet (A) in FIG. 13 to (D). That is the rewriting of the MAC address performed at the most downstream.
  • Generalizing the header conversion performed here is that the header of the communication packet (A) may be changed to the header information of (D) by the processing in the flow direct connection unit 110. This includes, for example, when the VLAN tag is on one side and not on the other, or the value changes.
  • the L2 header including the VLAN tag and the like is converted from the communication packet (A) to (D).
  • I will touch on the priority of flows. It is possible to define the priority for matching for each flow, and the flow that the SDN controller dynamically sets itself, such as the setting of “before and after” flow, is usually higher than the fixed one.
  • a flow in which an external function that is not an SDN controller such as the current flow direct connection unit 110 is set anew is generally set to a higher priority in order to make it hit here.
  • the flow direct connection unit 110 also needs to have a higher priority than that dynamically set by the SDN controller, including the reasons described later.
  • the priority is an integer value of 16 bits, and the priority of the dynamic flow is generally the first half value. If the flow direct connection part 110 is set to a value of 10,000 or more, it is considered that there is usually no problem. Since this is due to the implementation of the SDN controller, confirmation is required at the time of setting.
  • the flow in SDN shown in FIG. 19 is finally constructed.
  • This is a flow that does not pass through a dedicated router and is consistent with the IP network.
  • the “before” and “after” flows constructed by the SDN controller itself shown in FIG. 13 are not used when the flow in FIG. 19 is constructed, and each SDN switch is deleted after a certain time-out.
  • the SDNS 211 is sure to hit both the “previous” flow and the direct connection flow of FIG. 19 in the flow entry search when the corresponding communication packet is input, but the direct connection flow has higher priority as described above. Therefore, the search result is always a direct connection flow. Therefore, the “previous” flow is not used, and the SDN switch itself deletes after a timeout.
  • the flow direct connection unit 110 is a software program and is usually stored in a nonvolatile memory such as an external storage device. Then, under an appropriate OS, the CPU reads the program from the external storage device and develops the program on a RAM (Random Access Memory), and the operation is started as a process. When the operation is started, the setting file saved in the external storage device is read, and settings are made for the flow direct connection unit 110 itself.
  • the setting includes IP address information, MAC address information, and priority of the dedicated router.
  • the setting file is, for example, a text editor generally attached to the OS, manually edited via an input / output device, and saved in the external device. Each table handled by the flow direct connection unit 110 is normally developed on the RAM to ensure the maximum processing speed.
  • FIG. 20 shows a configuration when the SDN controller is also configured by software and is operating within the same CPU 190.
  • the SDN controller and the flow direct connection unit 110 send and receive information such as commands via the API / OS (Operating System) in the CPU 190.
  • the program of the present invention is stored in the RAM 191.
  • FIG. 21 shows a case where the SDN controller is a network appliance but is running on a different computer.
  • the API is connected to the OS and further to the SDN controller 201 via the communication interface 200, and sends and receives information such as commands.
  • this embodiment can be applied to any gateway-type network appliance (a method of transferring between devices while rewriting the MAC address) that can fulfill its purpose in the early stages of communication.
  • FW Firewall
  • the embodiment shown here can be applied as it is. If it is necessary to determine that transmission is possible only after a complicated filtering process that requires exchange of several packets, PACKET_IN processing is performed, but FW log information (indicating completion of transmission processing, (Including connection information) as a trigger of the flow direct connection unit 110.
  • the system in which the flow direct connection unit 110 operates is specified as the destination of the syslog function normally provided by the FW device, and the flow direct connection unit 110 reads the syslog message.
  • the following means are applicable.
  • Each unit in the flow direct connection unit 110 shown in FIG. 15 is also called a CPU (Central Processing Unit, a central processing unit, a processing unit, a processing unit, a microprocessor, a microcomputer, a processor, and a DSP that executes a program stored in a memory. ).
  • the flow direct connection unit 110 includes a receiving device, a processing circuit, and a memory.
  • the function of each unit in the flow direct connection unit 110 is realized by software, firmware, or a combination of software and firmware.
  • Software and firmware are described as programs and stored in a memory.
  • the processing circuit reads out and executes the program stored in the memory, thereby realizing the function of each unit.
  • the memory corresponds to, for example, a nonvolatile or volatile semiconductor memory such as RAM, ROM, flash memory, EPROM, or EEPROM, a magnetic disk, a flexible disk, an optical disk, a compact disk, a mini disk, a DVD, or the like. To do.
  • the route control device has a connection relationship with another network, and is input to the SDN from the network control unit that sets the route of the packet in the SDN (Software Defined Network) and the other network.
  • SDN Software Defined Network
  • the SDN may not have a virtual router function. With this configuration, even when the virtual router function is not provided, appropriate route setting can be performed at low cost.
  • the network control unit calculates the first route and sets the first route for the SDN, and the flow direct connection unit 110 sets the second route instead of the first route for the SDN. It is characterized by setting.
  • the flow direct connection unit 110 is configured to reset the necessary route, and by adding the flow control unit to the conventional network control unit, It is possible to smoothly incorporate the flow direct connection function.
  • the routers 111 and 112 which are one form of network appliances, are mainly described.
  • the network appliance is an L3 switch, a router, or an FW (FireWall), Similar effects of the invention can be obtained.
  • the flow direct coupling unit 110 identifies whether or not the input packet input to the SDN is a target packet for constructing the second route, based on the header information of the input packet. It is characterized by that.
  • packets that pass through the network appliance can be extracted from the input packets, and it is possible to perform processing efficiently by performing reconfiguration processing only on packets that require reconfiguration. Become.
  • MAC Media Access Control
  • the flow direct connection unit 110 does not match a transmission / reception IP (Internet Protocol) address included in the input packet with an IP address of a router included in the network appliance, and the destination MAC included in the input packet.
  • Control) address matches the MAC address of the router contained in the said network appliance, and the transmission origin MAC address which the said input packet has when the input packet is again input into SDN via the said network appliance is said network
  • the MAC address of the router included in the appliance matches, it is determined that the input packet is a target packet for constructing the second route.
  • the IP address and the MAC address it is possible to efficiently extract a packet passing through the network appliance.
  • the flow direct connection unit 110 outputs the header information that the target packet for constructing the second route has before reaching the network appliance, and the target packet for constructing the second route outputs the header information. It is characterized in that rewriting is performed using header information that is included when output from a location. With such a configuration, a route passing through the network appliance can be smoothly changed to a direct connection flow.
  • the present embodiment includes a network to which this routing control device is applied.
  • this network configuration it is possible to reduce the processing load on the router or the network appliance, and it is possible to configure a network that can be handled by a router or network appliance that is inexpensive and does not have a high processing capacity.
  • Embodiment 2 The basic configuration of the second embodiment is the same as that of the first embodiment, but the processing procedure in the flow direct connection unit 110 and the response to PACKET_IN in the SDN controller are different from the first embodiment.
  • FIG. 22 is a functional configuration diagram of the flow direct connection unit 110, the SDN controller, and the path control device 120 including the flow direct connection unit 110 and the SDN controller according to the second embodiment.
  • FIG. 23 shows a processing flow in the flow direct connection unit 110 in the second embodiment. In FIG. 23, processes S2201, S2202, S2203, S2204, and S2205 are newly inserted into the process flow of FIG. 16 of the first embodiment.
  • the PACKET_IN receiving / returning unit 160 extracts the destination MAC address from the PACKET_IN information (S2201), and uses the MAC address as a key to the SDN controller.
  • the inquiry and output destination SDN switch and interface are acquired (S2202). If the acquisition is successful (S2203), the PACKET_OUT transmission unit 161 generates PACKET_OUT and transmits it to the output destination SDN switch (S2204), and registers the PACKET_IN information in the previous flow entry table (S1606).
  • the PACKET_IN is returned to the SDN controller before returning to the event waiting state (S2205).
  • FIG. 24 shows a processing flow related to PACKET_IN of the “after” flow performed in the flow direct connection unit 110 of the second embodiment.
  • process S2301 is newly added to the process flow of FIG. 17 of the first embodiment.
  • the SDN controller is inquired about the path using the input SDN switch ID and interface of the “before” flow as the input location and the output SDN switch ID and interface of the “after” flow as the output location (S1708), and the output SDN switch If the interface is successfully acquired (S1709), PACKET_OUT is generated and transmitted to the output destination SDN switch (S2301), and the flow setting is performed for each SDN switch on the path based on the acquired path and flow information.
  • Implement (S1710) is implemented using the input SDN switch ID and interface of the “before” flow as the input location and the output SDN switch ID and interface of the “after” flow as the output location (S1708), and the output SDN switch If the interface is successfully acquired (S1709), PACKET_OUT is generated and transmitted to the output
  • the flow setting to the SDN switch becomes slow, and the terminal may retransmit the connection request before the flow setting.
  • the same two are registered in the previous flow entry table and one is used, but the other is deleted by timeout, or the same flow setting request is sent to the SDN switch, The flow setting request is replied to the SDN switch, so that the user can safely settle down.
  • the second embodiment is characterized in that the route control device 120 sets the second route without setting the first route for the SDN.
  • the network can be notified in a single process, and the processing load on the SDN controller can be reduced.
  • Embodiment 3 is a further improvement of the second embodiment, and constructs a bidirectional flow including not only the forward path but also the return path at the same time on the same path.
  • outward indicates a route within the SDN of a packet transmitted from the first end user to the second end user in a network having a part of the SDN
  • return indicates from the second end user.
  • route in SDN of the packet transmitted to a 1st end user is shown.
  • FIG. 25 shows a functional configuration diagram of the flow direct connection unit 110, the SDN controller, and the route control device 120 including the flow direct connection unit 110 and the SDN controller according to the third embodiment.
  • the third embodiment neither the “front and back” flows are constructed.
  • the directly connected flow processed entry table 170 is added, and the directly connected flows that are in the opposite direction to each other are searched. Then, when it is found, the route search is performed using the first input portion to the SDN as both ends of the input / output of the flow, and the interval between them is set as a bidirectional flow.
  • the procedure shown in the second embodiment is performed for PACKET_IN, and when the flow direct connection processing is performed, the transmission of PACKET_OUT is performed, but the route acquisition and the flow setting to the SDN switch are performed. Shall not be implemented. Instead, the flow directly connected entry table 170 held in the flow directly connected unit 110 is searched with header information in the reverse direction to the directly connected flow that is the current processing target.
  • the reverse direction is a state in which TCP / IP or UDP / IP send / receive addresses are reversed. Therefore, the following conversion is performed for searching.
  • each entry in the directly connected entry table 170 has the following field configuration.
  • Transmission / reception L4 port number L4: TCP or UDP
  • transmission / reception MAC address before rewriting
  • the above SDN switch and interface are the SDN switch ID and interface number listed in the PACKET_IN of the “previous” flow, and the output destination and route are not required.
  • the transmission / reception MAC address before rewriting is necessary as flow setting information, but is not used in the search.
  • FIG. 27 shows a state of establishing a direct connection flow for each of the outward path and the inbound path as seen from the terminal.
  • FIG. 29 shows a processing flow in the bidirectional direct connection processing unit 171 of the flow direct connection unit 110 related to FIG.
  • the flow direct connection unit 110 extracts matched entry information, deletes the entry from the table (S2801), and extracts an input SDN switch ID and interface number from the matched entry information (S2802).
  • the SDN controller is queried with the input SDN switch ID and IF number extracted from the matched entry as the input location and the input SDN switch ID and IF number of the directly connected flow that is the current processing target as the output location (S2803).
  • S2804 a bidirectional flow setting is performed for each SDN switch on the route based on the acquired route and flow information (S2805).
  • n an integer from 1 to N.
  • SDN switch IDn input IF number n
  • output IF number n the MAC address of the outbound packet before being relayed by the dedicated router.
  • the MAC address of the return packet before being relayed by the dedicated router is set as the source return MAC address and the destination return MAC address
  • Source IP address Terminal IP address
  • the forward and backward flow setting information is as shown in FIGS. 30 and 31, respectively.
  • the MAC address of the rewrite destination of the forward path is the reverse of the MAC address of the return path.
  • the matching and action interfaces must be swapped because the directions are reversed.
  • the header information of matching communication packets must also be reversed at the same time. Since the SDN switch N is the first and the last is the first in the packet flow, the rewriting is performed last, and the MAC address of the rewriting destination is the same as the outgoing route, but the sending and receiving of the outgoing MAC address are switched. ing.
  • the route calculation is performed in each round trip in the second embodiment, and the number that is twice is reduced to one.
  • the number of times of flow setting itself does not change because it is set back and forth.
  • the route calculation amount is halved and the forward route and the return route are the same route, there are administrative advantages such as fault isolation.
  • the flow direct connection unit 110 can be mounted on a computer physically different from the SDN controller, and may have this configuration.
  • the message protocol between the SDN controller and the SDN switch is shown as OpenFlow (especially after OpenFlow 1.1 or later). However, it is considered that the architecture does not change significantly except for OpenFlow.
  • the invention is not limited to OpenFlow.
  • two tables the previous flow entry table and the flow table that has been directly connected to the flow, are defined, and the entry is registered in each.
  • the process is such that the search is performed later and the entry is taken out (deleted from the table) when it hits, there is a possibility that it will remain indefinitely without being hit.
  • it is effective to record the time when the entry is registered as one of the entry information and add a process of deleting it after a few tens of seconds. Since this process does not require much precision, it is only necessary to check the timeout once every few seconds and delete entries exceeding the specified number of seconds. Checking the timeout is very simple.
  • the time is acquired when the process is executed, and the entry time is subtracted and compared with the specified number of seconds for the timeout.
  • the entry is deleted when the following conditions are met.
  • the value of the time is the time acquisition function provided by a normal OS, such as Epoch seconds (seconds elapsed since January 1, 1970).
  • Epoch seconds seconds elapsed since January 1, 1970.
  • the returned value can be used as it is.
  • TCP communication when TCP communication is assumed, it may be more effective to set the round trip at the same time. TCP communication definitely requires a return flow, and the processing load of the SDN controller will be reduced by almost half if the route is the same on the way back and forth. Even in such a configuration, as in the second and third embodiments, setting the flow for the first time at the last stage saves the computing resources of the SDN controller and suppresses the temporary increase in consumption of the flow. It is effective for.
  • multicast is a method of reconfiguring routes and output destination interface groups each time IGMP is registered as a multicast destination. Is the most appropriate. At this time, a part of the interface goes through a dedicated router, so one or more of the registered interfaces in the output destination interface group is an interface to which the SDN switch connects the dedicated router.
  • One way of thinking is to apply a means that directly connects this to the flow forwarded by the dedicated router.
  • the tenant needs to be held as a logical configuration, but it is easiest to connect them all directly in the SDN regardless of the VLAN configuration. Therefore, it is considered unsuitable for dealing with the flow direct connection unit 110.
  • the flow direct coupling unit 110 transmits a packet transmitted from the first end user to the second end user and the second end user transmitted to the first end user.
  • the same route is used for transmitting packets within the SDN.
  • the route calculation of the SDN controller can be further reduced as compared with the second embodiment.
  • Embodiment 4 an example of a system for receiving a trigger for performing direct connection by another means will be described.
  • a trigger it is possible to use a log describing information indicating connection (TCP / UDP / IP header information, etc.) output from the network appliance and processing contents for the information.
  • TCP / UDP / IP header information, etc. a log describing information indicating connection
  • Embodiment 4 shows a processing flow in the flow direct connection unit 110 related to the fourth embodiment.
  • FIG. 35 shows a functional configuration diagram of the flow direct coupling unit 110, the SDN controller, and the path control device 120 including the flow direct coupling unit 110 and the SDN controller according to the fourth embodiment.
  • the flow setting is not performed, and all the information for the flow setting (FIG. 18) is registered in the directly connected flow setting entry table (S3001), and the process ends.
  • the log monitoring process is activated and a log indicating that the filter processing is completed is received, whether there is a corresponding directly connected flow in the directly connected flow setting entry table is searched (S3101) and hit.
  • the flow direct connection unit 110 sets the second route for the SDN using a specific signal such as log information as a trigger after the preparation for the second route construction is completed. It is characterized by that. With this configuration, the second route can be set at an appropriate timing based on log information and the like.

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

This routing control device is provided with a network control unit for setting the route of a packet in a software defined network (SDN) having a connection relation with other networks, and further provided with a direct flow connection unit for reconstructing the route of a packet so that a packet inputted from another network to the SND network and having had a route set along which the packet is transmitted via a network appliance from an input place where the packet is inputted to the SDN network to an output place where the packet is outputted from the SDN network is transmitted directly from the input place to the output place without going via the network appliance. This configuration allows settings to be changed to a route that does not go via the network appliance, and makes it possible to construct a network using a network appliance which is inexpensive and the processing capacity of which is not high.

Description

経路制御装置及びネットワークRoute control apparatus and network
 この発明は、ネットワークにおけるパケットの経路を制御する経路制御装置及びネットワークに関する。 The present invention relates to a route control device and a network for controlling a route of a packet in the network.
OpenFlow (例えば、非特許文献1)を始めとするコネクション識別情報に基づくコネクションパスを確立可能なネットワークシステムでは、このコネクションパス制御をネットワークシステムを管理する制御装置(コントローラ)が行う方式が知られている。この制御装置は、近年ではSDN (Software Defined Network)と呼ばれるアーキテクチャで用いられている。 In a network system capable of establishing a connection path based on connection identification information such as OpenFlow® (for example, Non-Patent Document 1), a method is known in which a control device (controller) that manages the network system performs this connection path control. Yes. In recent years, this control device has been used in an architecture called SDN (Software Defined Network).
 SDN(Software Defined Network)は、既存のIP(Internet Protocol)ネットワークとは機器構成や運用管理上の特性を大きく異にするものであるため、導入に当たってネットワーク全体のリプレースを行うのではなく、まずは一部をリプレースするか、あるいは新規に構築して既存のIPネットワークに接続し、各特性を見極めてから展開していくのが最も安全なアプローチである。そこでは、既存IPネットワークとSDNを接続するという要求が発生し、既存IPネットワークとSDNが、特にインタフェースおよび機器冗長化機能において連係できなければならない。一方で、従来通りIPアドレスはシステム単位、部門単位などで管理できることが望まれる。 SDN (Software Defined Network) differs from the existing IP (Internet Protocol) network in terms of device configuration and operational management characteristics. The safest approach is to replace the department or build a new one and connect it to an existing IP network and identify each characteristic before developing. In this case, a request to connect the existing IP network and the SDN is generated, and the existing IP network and the SDN must be able to cooperate particularly in an interface and a device redundancy function. On the other hand, it is desired that IP addresses can be managed in units of systems, departments, etc. as in the past.
 図37に既存の冗長化されたIPネットワークの構成例を示す。これは企業内データセンタ、あるいは複数の建屋からなる拠点などで多く採用されているものである。基幹となるスイッチに、ルータあるいはL3スイッチをトップとしてL2スイッチを複数接続した各IPネットワークが接続されている。SDNを適用するにあたっては、影響の少ないところを選択して置き換えるといったことから始めるのが最も安全なやり方である。その様子を図38に示す。ここでは、SDNにルータを組み合わせたものを接続している。この構成では、既存IPネットワークと冗長機能の連係、およびIPアドレス管理を既存のやり方で実施することが可能となる。SDNにはL3機能を仮想的に構成することが可能なものがあるが、その数は少なく、SDNと既存IPネットワークのベンダの違いにより、接続がうまくいかないこともあるため、図38の構成が有効である。 FIG. 37 shows a configuration example of an existing redundant IP network. This is often used in in-house data centers or bases composed of a plurality of buildings. Each IP network in which a plurality of L2 switches are connected with a router or L3 switch at the top is connected to the backbone switch. When applying SDN, it is the safest way to start by selecting and replacing places with less impact. This is shown in FIG. Here, a combination of SDN and a router is connected. With this configuration, it is possible to link an existing IP network with a redundant function and perform IP address management in an existing manner. There are some SDNs that can virtually configure L3 functions, but the number is small, and connection may not be successful due to differences in vendors between SDNs and existing IP networks. It is.
 この構成で、基幹ネットワークの先にある端末(端末A)とSDN内の端末(サーバB)との間で通常の通信が行われるときに、SDN内で構築されるコネクションパスの様子を図39に示す。ルータ11、12はSDNとは関係のない外部の装置なので、ルータ11、12を経由する通信は一度SDNの外へ出てから折り返してまたSDN内に入ってくることになる。従って、通信1セッションにつき2本のコネクションパス(片方向ずつで数えた場合、往復で計4本)が構築される。これは、非特許文献2において示されている1又は複数のネットワークアプライアンスが配置されるネットワークアプライアンスプールを各通信セッションが通過する際の動作と同じである。非特許文献2の図7に、SDNにアプライアンスプールを接続した様子が示されている。この構成では、通信は非特許文献2の図4右側に示されているようにSDNから外へ出て、また戻ってくる経路をたどるため、図39に示したのと同じ動作になる。 With this configuration, when normal communication is performed between a terminal (terminal A) ahead of the backbone network and a terminal (server B) in the SDN, the state of the connection path established in the SDN is shown in FIG. Shown in Since the routers 11 and 12 are external devices unrelated to the SDN, communication via the routers 11 and 12 once goes out of the SDN and then returns to the SDN. Therefore, two connection paths are established per communication session (a total of four round trips when counted in one direction). This is the same as the operation when each communication session passes through a network appliance pool in which one or more network appliances shown in Non-Patent Document 2 are arranged. FIG. 7 of Non-Patent Document 2 shows a state where an appliance pool is connected to the SDN. In this configuration, since the communication goes out of the SDN and follows the return path as shown in the right side of FIG. 4 of Non-Patent Document 2, the operation is the same as that shown in FIG.
 従来のネットワーク構成は、通常の通信を行う上で必要であるが、従来技術である図39のルータ11、12や非特許文献2におけるネットワークアプライアンスには、常に通信パケットが入力され、それぞれに対して処理を行う必要があるため、性能の低い安価なルータやネットワークアプライアンスを適用することができない。しかし、SDNコントローラはOSS(オープンソースソフトウエア)での展開が進み、また、SDNスイッチも安価となりつつあり、適用するルータ、あるいはネットワークアプライアンスが高価なものであることは、SDNの今後の展開を阻害する要因となり得る。適用するルータ、あるいはネットワークアプライアンスを安価にするためには、ルータまたはネットワークアプライアンスを経由するパケットを低減することで処理負荷を軽減し、フォワーディングなどの処理能力の高くないルータ、あるいはネットワークアプライアンスでも対応可能なネットワーク構成とすることが課題となる。 The conventional network configuration is necessary for normal communication. However, communication packets are always input to the routers 11 and 12 in FIG. 39 and the network appliance in Non-Patent Document 2, which are conventional techniques. Therefore, it is impossible to apply an inexpensive router or network appliance with low performance. However, the development of SDN controllers in OSS (open source software) has progressed, and SDN switches are becoming cheaper, and the routers or network appliances to be applied are expensive. It can be a disturbing factor. In order to reduce the cost of the router or network appliance to be applied, the processing load is reduced by reducing packets passing through the router or network appliance, and it is possible to support routers or network appliances that do not have high processing capacity such as forwarding. It becomes a problem to have a simple network configuration.
 本発明は上記の課題を解決するためになされたものであって、ルータまたはネットワークアプライアンスを経由するパケットを低減することでルータまたはネットワークアプライアンスの処理負荷を軽減し、安価で処理能力の高くないルータまたはネットワークアプライアンスでも対応可能なネットワークを構成することを目的とする。 The present invention has been made to solve the above-described problem, and reduces the processing load of the router or the network appliance by reducing packets passing through the router or the network appliance, and is inexpensive and does not have a high processing capacity. Another object is to construct a network that can be supported by a network appliance.
 この発明に係る経路制御装置は、他のネットワークと接続関係を持ち、SDN(Software Defined Network)におけるパケットの経路を設定するネットワーク制御部と、他のネットワークから前記SDNに入力され、かつ、前記SDNに入力される入力箇所から前記SDNから出力される出力箇所に至るまでに前記SDNの外部にあるネットワークアプライアンスを一旦経由する第1の経路が自装置内で計算されたパケットが、前記ネットワークアプライアンスを経由することなく前記入力箇所から前記出力箇所に至る第2の経路で伝送されるように前記第2の経路を構築するフロー直結部と、を備えたことを特徴とする。 The path control device according to the present invention has a connection relationship with another network, and a network control unit that sets a packet path in SDN (Software Defined Network), is input to the SDN from another network, and the SDN A packet that is calculated in its own device through the first path that passes through the network appliance outside the SDN from the input location that is input to the output location that is output from the SDN to the network appliance. And a flow direct connection unit that constructs the second path so as to be transmitted through the second path from the input location to the output location without going through.
 この発明によれば、ルータまたはネットワークアプライアンスを経由するパケットを低減することでルータまたはネットワークアプライアンスの処理負荷を軽減でき、安価で処理能力の高くないルータまたはネットワークアプライアンスでも対応可能なネットワークを構成することができる。 According to the present invention, it is possible to reduce the processing load of the router or the network appliance by reducing packets passing through the router or the network appliance, and to construct a network that can be handled by an inexpensive router or network appliance having a low processing capacity. Can do.
既存のIPネットワークにおけるルーティングプロトコルのやり取りを示す図。The figure which shows the exchange of the routing protocol in the existing IP network. 既存のIPネットワークにSDNを接続した場合の物理構成図。The physical block diagram at the time of connecting SDN to the existing IP network. 仮想ルータ機能を有するSDNの論理構成図。The logical block diagram of SDN which has a virtual router function. 既存IPネットワークの冗長機能と連係させてSDNを接続する構成図。The block diagram which connects SDN in cooperation with the redundancy function of the existing IP network. SDNの内部に独自プロトコルをサポートするルータを設置した構成図。The block diagram which installed the router which supports an original protocol inside SDN. 既存IPネットワークとSDNにより構成されるネットワークの論理構成図。The logical block diagram of the network comprised by the existing IP network and SDN. 既存IPネットワークとSDNにより構成されるネットワークにおいてコネクションのリクエストを送信したときの動作図。The operation | movement figure when the request of a connection is transmitted in the network comprised by the existing IP network and SDN. この発明の実施の形態1におけるフロー直結部110を適用したネットワーク構成図。The network block diagram to which the flow direct connection part 110 in Embodiment 1 of this invention is applied. この発明の実施の形態1におけるフロー直結部110のフロー直結機能を示す図。The figure which shows the flow direct connection function of the flow direct connection part 110 in Embodiment 1 of this invention. この発明の実施の形態1における高速ルータを既存ルータに置き換えた場合の構成図。The block diagram at the time of replacing the high speed router in Embodiment 1 of this invention with the existing router. この発明の実施の形態1におけるフロー直結部110の動作を示す図。The figure which shows operation | movement of the flow direct connection part 110 in Embodiment 1 of this invention. この発明の実施の形態1における専用ルータのMACアドレスをフロー直結部110に設定する処理フロー。The processing flow which sets the MAC address of the exclusive router in Embodiment 1 of this invention to the flow direct connection part 110. FIG. この発明の実施の形態1における既存IPネットワーク内の端末から通信パケットが送信された場合の動作を示す図。The figure which shows operation | movement when a communication packet is transmitted from the terminal in the existing IP network in Embodiment 1 of this invention. この発明の実施の形態1におけるSDNコントローラで行われる処理フロー。The processing flow performed with the SDN controller in Embodiment 1 of this invention. この発明の実施の形態1における経路制御装置120の機能構成図。The function block diagram of the route control apparatus 120 in Embodiment 1 of this invention. この発明の実施の形態1におけるフロー直結部110で行われる処理フロー。The processing flow performed in the flow direct connection part 110 in Embodiment 1 of this invention. この発明の実施の形態1におけるフロー直結部110で行われる"後フロー"処理フロー。The “post-flow” processing flow performed in the flow direct connection unit 110 according to Embodiment 1 of the present invention. この発明の実施の形態1における各SDNスイッチIDnに設定されるフロー設定情報。Flow setting information set in each SDN switch IDn in the first embodiment of the present invention. この発明の実施の形態1におけるSDNでの直結後のフローを示す図。The figure which shows the flow after the direct connection in SDN in Embodiment 1 of this invention. この発明の実施の形態1におけるSDNコントローラとフロー直結部110がソフトウエアで構成され、同一のCPU内で稼働している場合の構成図。The block diagram in case the SDN controller and the flow direct connection part 110 in Embodiment 1 of this invention are comprised by software, and are operate | moving in the same CPU. この発明の実施の形態1におけるSDNコントローラが異なるコンピュータ上で稼働している場合の構成図。The block diagram when the SDN controller in Embodiment 1 of this invention is operate | moving on a different computer. この発明の実施の形態2における経路制御装置120の機能構成図。The function block diagram of the route control apparatus 120 in Embodiment 2 of this invention. この発明の実施の形態2におけるフロー直結部110での処理フローを示す図。The figure which shows the processing flow in the flow direct connection part 110 in Embodiment 2 of this invention. この発明の実施の形態2におけるフロー直結部110で行われる"後"フローのPACKET_INに関する処理フロー。The process flow regarding PACKET_IN of the “after” flow performed in the flow direct connection unit 110 according to the second embodiment of the present invention. この発明の実施の形態3における経路制御装置120の機能構成図。The function block diagram of the path | route control apparatus 120 in Embodiment 3 of this invention. この発明の実施の形態3におけるフロー直結部110での処理フローを示す図。The figure which shows the processing flow in the flow direct connection part 110 in Embodiment 3 of this invention. この発明の実施の形態3における往路および復路それぞれの直結フローの確立の様子を示す図。The figure which shows the mode of the establishment of the direct connection flow of each of the outward path and the inbound path in Embodiment 3 of this invention. この発明の実施の形態3における再構築フローを示す図。The figure which shows the reconstruction flow in Embodiment 3 of this invention. この発明の実施の形態3におけるフロー直結部110の双方向直結処理部171での処理フロー。The processing flow in the bidirectional | two-way direct connection process part 171 of the flow direct connection part 110 in Embodiment 3 of this invention. この発明の実施の形態4における往路の各フロー設定情報。Each flow setting information of the outward path in Embodiment 4 of this invention. この発明の実施の形態4における復路の各フロー設定情報。Each flow setting information of the return path in Embodiment 4 of this invention. この発明の実施の形態4におけるSDNコントローラとは物理的に別の計算機上にフロー直結部110を実装した場合の構成図。The block diagram at the time of mounting the flow direct connection part 110 on the computer physically different from the SDN controller in Embodiment 4 of this invention. この発明の実施の形態4における“後”フロー処理部155での処理フロー。The process flow in the “after” flow process part 155 in Embodiment 4 of this invention. この発明の実施の形態4におけるログ受信処理部180を主体とする処理フロー。The process flow which makes the log reception process part 180 the main body in Embodiment 4 of this invention. この発明の実施の形態4における経路制御装置120の機能構成図。The function block diagram of the route control apparatus 120 in Embodiment 4 of this invention. この発明の実施の形態4における通信インタフェースを介してログを受け取る場合の構成図。The block diagram in the case of receiving a log via the communication interface in Embodiment 4 of this invention. 既存の冗長化されたIPネットワークの構成図。The block diagram of the existing redundant IP network. SDNとIPネットワークを接続したネットワーク構成図。The network block diagram which connected SDN and IP network. 従来技術においてコネクションパスを構築する様子。A state of constructing a connection path in the prior art.
 実施の形態1.
 以下、この発明の実施の形態1について説明する。 Embodiment 1 FIG.
Embodiment 1 of the present invention will be described below.
 まず、本発明の構成に至った経緯を説明する。図37は既存のIP(Internet Protocol)ネットワークにおける冗長接続の物理構成の一例を示している。図37では、各機器は、対等の位置づけにあるものが1台ずつ、計2台用意され、それらが主にたすき状に接続されてネットワークを構成する。端末は、通常IPサブネット単位で管理され、ルータ/L3(Layer 3)スイッチを起点に、部門別、フロア別、拠点別などの単位で接続される。図37の中心にあるL2スイッチが基幹ネットワークを構成し、各フロアや拠点を接続する。ここでは、動的ルーティングプロトコルによって、各ルータおよびL3スイッチの間で、それぞれが構成するIPサブネット情報を展開してルーティングテーブルを構築する。ルーティングプロトコルのやりとりの様子を図1に示す。各インタフェースやL3機器がダウンすると、当該機器からはIPサブネット情報が展開されないため、宛先からは自動的に除外され、ダウンした宛先にIPパケットを転送しようとするといった動作を避けることが可能となる。また、たすき状に接続することで、1台の機器がダウンしたときにそれに隣接する複数の正常な機器が実質的に利用されなくなってしまう現象を防ぐことができる。 First, the background that led to the configuration of the present invention will be described. FIG. 37 shows an example of a physical configuration of redundant connection in an existing IP (Internet Protocol) network. In FIG. 37, a total of two devices are prepared, one for each device in the same position, and these are mainly connected in a square shape to constitute a network. Terminals are normally managed in units of IP subnets, and are connected in units of departments, floors, bases, etc. starting from a router / L3 (Layer 3) switch. The L2 switch in the center of FIG. 37 constitutes a backbone network and connects each floor and base. Here, a routing table is constructed by developing the IP subnet information formed by each router and L3 switch by using a dynamic routing protocol. The state of routing protocol exchange is shown in FIG. When each interface or L3 device goes down, the IP subnet information is not expanded from the device, so it is automatically excluded from the destination, and it is possible to avoid the operation of trying to transfer an IP packet to the down destination. . Further, by connecting in a stub shape, it is possible to prevent a phenomenon in which when a single device goes down, a plurality of normal devices adjacent thereto are not substantially used.
 続いて、図2にSDN(Software Defined Network)を接続した場合の物理構成の一例を示す。この例では、対等の位置づけとする2台のSDNスイッチ(SW00、SW01)に対して基幹機器からたすき状に接続している。SDNとして、インタフェースおよび機器の冗長にはこれで問題なく対応可能である。ここで、SDNにおいて、接続されたサーバや端末のIPアドレス管理を既存IPネットワークと同様に行おうとすると、やはり各拠点の既存IPネットワークのように、ルータやL3スイッチなどのL3機能を基幹との間に配置する必要がある。このため、SDNでは仮想ルータ機能を持つものがあり、この仮想ルータ機能によって、L3機能を配置するという目的を達成することが可能である。この仮想ルータ機能を有するSDNの論理構成を図3に示す。図3は論理構成であり、SDNの物理構成は図2と同じである。ここでは既存IPネットワークとの接続が一つのみである場合を示しているが、接続が複数である構成も同様に可能である。仮想ルータはネットワーク制御部であるSDNコントローラが仮想的に実現する機能であるため、そこで稼働する動的ルーティングプロトコルなどは、SDNコントローラに搭載される。従って、実質的に図3に示すようにSDNコントローラ上で稼働する仮想ルータ機能が、動的ルーティングプロトコルによって既存IPネットワークのルータ/L3スイッチとIPサブネット情報を交換し、SDNコントローラ内にルーティングテーブルを構築して仮想ルータがIPフォワーディング処理を行うことができる。ここで、SDNの仮想ルータの状態には以下のものがある。
 (A1)仮想ルータ機能を未サポート
 (A2)仮想ルータ機能をサポートするが、動的ルーティングプロトコルを未サポート
 (A3)仮想ルータ機能および標準的な動的ルーティングプロトコルをサポート
 OSS(Open Source Software)の各プロジェクトによるSDNコントローラおよびベンダによるものなどの傾向は特にない。状態(A2)にあるものは、ベンダが提供するSDNコントローラにおいてもいくつか存在する。その場合、静的ルーティングプロトコルによってフォワーディングを行うことになり、冗長構成に対応することができない。ただし、OSSを利用した動的ルーティング機能の追加をユーザが独自に開発することに期待している面がある。実際、状態(A3)にあるSDNコントローラ製品には、状態(A1)のSDNコントローラに、OSSのルータソフトウエアを付加して構成したものが存在する。いずれにしても、状態(A1)および状態(A2)にあるSDNコントローラは、一定の開発を行って動的ルーティングプロトコルをサポートした仮想ルータ機能を適用して状態(A3)の構成として、既存IPネットワークと接続する。その結果、既存IPネットワークと冗長機能を連係させ、維持することが可能となる。 Next, FIG. 2 shows an example of a physical configuration when an SDN (Software Defined Network) is connected. In this example, two SDN switches (SW00, SW01), which are positioned on an equal basis, are connected like a pavement from the backbone device. As an SDN, interface and equipment redundancy can be handled without any problems. Here, in the SDN, if the IP address management of the connected server or terminal is performed in the same manner as the existing IP network, the L3 functions such as the router and the L3 switch are also used as the backbone as in the existing IP network of each base. Need to be placed between. For this reason, some SDNs have a virtual router function, and this virtual router function can achieve the purpose of arranging the L3 function. The logical configuration of the SDN having this virtual router function is shown in FIG. FIG. 3 shows a logical configuration, and the physical configuration of the SDN is the same as FIG. Here, a case where there is only one connection with the existing IP network is shown, but a configuration with a plurality of connections is also possible. Since the virtual router is a function that is virtually realized by the SDN controller which is a network control unit, a dynamic routing protocol or the like that operates therein is mounted on the SDN controller. Therefore, as shown in FIG. 3, the virtual router function operating on the SDN controller exchanges IP subnet information with the router / L3 switch of the existing IP network by a dynamic routing protocol, and stores a routing table in the SDN controller. Once constructed, the virtual router can perform IP forwarding processing. Here, the state of the SDN virtual router includes the following.
(A1) Virtual router function not supported (A2) Virtual router function supported but dynamic routing protocol not supported (A3) Virtual router function and standard dynamic routing protocol supported OSS (Open Source Software) There is no particular trend of SDN controllers and vendors from each project. There are some in the SDN controller provided by the vendor in the state (A2). In that case, forwarding is performed by a static routing protocol, and a redundant configuration cannot be supported. However, there is an aspect that the user expects to independently develop addition of a dynamic routing function using OSS. Actually, the SDN controller product in the state (A3) includes an SDN controller in the state (A1) added with OSS router software. In any case, the SDN controller in the state (A1) and the state (A2) applies the virtual router function that has been developed and supported the dynamic routing protocol as the configuration of the state (A3). Connect to the network. As a result, it becomes possible to link and maintain the existing IP network and the redundant function.
 ここで、動的ルーティングプロトコルの標準的なものとしては、特に以下が該当する。これらは現在、それぞれRIPng、OSPFv3としてIPv6対応となっている。
 (a) RIP(IETF RFC2453 - Routing Information Protocol Version 2) 
 (b) OSPF(IETF RFC2328 - Open Shortest Path First Version 2)
 そして、特に企業内IPネットワークでは機器のシェアが大きいため広く利用されていると予想される、EIGRPがある。
 (c)EIGRP(IETF draft   - Enhanced Interior Gateway Routing Protocol)
 上記の(c)は2013年に開発ベンダからIETF(Internet Engineering Task Force)にドラフトが提出されたため実質的に公開仕様となっているが、現時点では開発ベンダ以外は当該プロトコルを提供するソフトウエアを保持しておらず、独自プロトコルの位置づけである状況は変わっていない模様である。したがって、従来技術においては、既存IPネットワークが上記(a)または(b)を利用していることが前提となる。ただし、独自プロトコルを適用したベンダのルータの多くは標準プロトコルをサポートしており、当該ルータに両方のプロトコルの設定をすることで連係が可能である。結果として、既存IPネットワークの冗長機能と連係させながらSDNを接続することが可能となる。その様子を図4に示す。 Here, the following is particularly applicable as a standard dynamic routing protocol. These are currently IPv6 compatible as RIPng and OSPFv3, respectively.
(a) RIP (IETF RFC2453-Routing Information Protocol Version 2)
(b) OSPF (IETF RFC2328-Open Shortest Path First Version 2)
In particular, there is EIGRP, which is expected to be widely used due to the large share of equipment in corporate IP networks.
(c) EIGRP (IETF draft-Enhanced Interior Gateway Routing Protocol)
The above (c) is essentially a public specification because a development vendor submitted a draft to the Internet Engineering Task Force (IETF) in 2013, but at this time software other than the development vendor provides the protocol. It does not hold, and it seems that the situation of the original protocol has not changed. Therefore, in the prior art, it is assumed that the existing IP network uses the above (a) or (b). However, many vendor routers to which a unique protocol is applied support the standard protocol, and can be linked by setting both protocols in the router. As a result, it is possible to connect the SDN while linking with the redundancy function of the existing IP network. This is shown in FIG.
 この他に、SDNの内部に、独自プロトコルをサポートするベンダのルータを設置することで、通信を可能にすることが考えられる。ここではSDNの仮想ルータは不要である。その構成例を図5に示す。この図では冗長対応のためネットワークアプライアンスの一つの形態である2台のルータ101、102を設置し、2本のインタフェースをそれぞれ異なるSDNスイッチに接続している。さらに、各インタフェースは2つのVLAN(Virtual Local Area Network)のトランク接続になっていて、各インタフェースから既存IPネットワーク側のVLANと、SDN内端末サーバ側のVLANにそれぞれ接続されている。そのネットワークの論理構成を図6に示す。図6の論理構成に関する説明は後述する。また、SDN内のサーバ間の通信など、高速かつ大量に行われる通信への対応のため、ここで適用するルータは高速でなければならない。SDNスイッチが行うようなルータの機能性を保持しつつ、ハードウエアによるフォワーディングが可能なものが望ましい。 In addition to this, it is conceivable to enable communication by installing a vendor router that supports a unique protocol inside the SDN. Here, the SDN virtual router is unnecessary. An example of the configuration is shown in FIG. In this figure, two routers 101 and 102, which are one form of network appliance, are installed for redundancy support, and the two interfaces are connected to different SDN switches. Further, each interface is a trunk connection of two VLANs (Virtual Local Area Network), and each interface is connected to a VLAN on the existing IP network side and a VLAN on the terminal server side in the SDN. The logical configuration of the network is shown in FIG. A description of the logical configuration of FIG. 6 will be described later. Also, in order to cope with high-speed and large-volume communication such as communication between servers in the SDN, the router applied here must be high-speed. It is desirable to be able to perform forwarding by hardware while maintaining the functionality of a router as performed by an SDN switch.
 前記のとおり、図4の構成でSDNコントローラの状態(A3)、あるいは図5の構成でSDNコントローラの状態(A1)、(A2)および(A3)において、標準および独自を含めた動的ルーティングプロトコルの既存IPネットワークとSDNを冗長構成を保持した形で接続することが可能となる。しかし、図4の構成では以下の課題がある。
 (i)既存ルータに設定変更を行い、またルーティングプロトコルを変換するというあまり行われない機能の適用でもあるため、事前の検証が必要である。
 (ii)上記設定変更のための、ネットワークの停止を伴う工事が必要である。
 (ii)は手順を踏めば問題なく対応可能と考えられるが、(i)の検証については、試験項目の検討、検証環境の構築、その他、必要な工数、期間などを考えると、ネットワークの設計や運用を担当するサービス会社(システムインテグレータ、SIer)等にとって負担が大きい。 As described above, the SDN controller state (A3) in the configuration of FIG. 4 or the SDN controller states (A1), (A2) and (A3) in the configuration of FIG. It is possible to connect the existing IP network and the SDN while maintaining the redundant configuration. However, the configuration of FIG. 4 has the following problems.
(i) Since it is also an application of a function that is not often performed, such as changing the setting of an existing router and converting the routing protocol, prior verification is required.
(ii) Construction with network outage is required to change the above settings.
(ii) can be handled without any problems if the procedure is followed.However, the verification of (i) can be done by considering the test items, building the verification environment, and other factors such as the required man-hours and period. And a service company (system integrator, SIer) in charge of operation.
 もう一つの解である図5の構成では、設定変更は必要ないが、その一方で以下の課題がある。
 (iii)全ての通信が、SDNとは関係ない、特に連係する機能のない一般のルータを経由するため、SDNならではの機能の適用を阻害する可能性がある。
 (iv)少なくとも、SDN内では高速転送の要求があることが多いため、ルータも高速であることが求められ、高価なルータを適用する必要がある。
 問題ないことを検証する費用と、新たにベンダが提供する機器を購入する費用を比較すると、一般に機器を購入する費用の方が安くなる可能性が高い。従って、図4よりは図5の構成の方が提供する側にとっては都合が良いが、上記の通り、(iii)および(iv)の課題が発生する。 In the configuration of FIG. 5, which is another solution, setting change is not necessary, but there is the following problem.
(iii) Since all communications go through a general router that has nothing to do with SDN, and in particular does not have a function to cooperate with, there is a possibility that the application of functions unique to SDN may be hindered.
(iv) At least, there are many requests for high-speed transfer in the SDN, so the router is also required to be high-speed, and it is necessary to apply an expensive router.
Comparing the cost of verifying that there is no problem and the cost of purchasing a new device provided by a vendor, the cost of purchasing the device is generally likely to be lower. Therefore, although the configuration of FIG. 5 is more convenient than the configuration shown in FIG. 4, the problems (iii) and (iv) occur as described above.
 ここで、以降の説明に前提として必要なため、図5の構成におけるSDNコネクションパスの確立手順を示す。まず、図5を論理構成に置き換えた例である図6を解説する。図6に示した高速ルータは図3に示した仮想ルータと同様に、各高速ルータは、SDN直下の端末・サーバ群のIPサブネットと基幹のサブネットを接続する構成である。なお、高速ルータの各インタフェースは2つのVLANのトランク接続になっていて、一方は既存IPネットワーク側のVLANに、もう一方はSDNが収容する端末/サーバのVLANに接続される。これは、適用するルータのインタフェース数が2つという最低限の構成の場合に、一次障害(1本のインタフェース、あるいは1台の機器のダウン)で、他の稼働中のインタフェースあるいは機器が実質的に利用されなくなることを防ぐための構成である。例えば、ルータ102のIF-1がダウンしても、IF-2によって基幹網とSDN内端末・サーバに接続されているため、ルータ102はフォワーディングの機能を果たすことが可能である。そしてルータ101がダウンした場合も、ルータ102がIF-1およびIF-2の各トランク接続によって、IPネットワーク構成上の問題もなく各VLAN(VLAN311、VLAN312、VLAN331およびVLAN332)にそれぞれ接続されているため、各VLAN間のパケット転送を行うことが可能であり、必要十分な転送環境になっている。なお、各高速ルータに4つ以上のインタフェースがあればトランク接続の必然性はなく、接続構成はこの例で示した限りではない。また、それぞれ既存IPネットワーク側、あるいはSDNが直接収容する端末側に2つを超えるVLANがあった場合は、各インタフェースのトランクVLAN数を増やしてそれぞれ接続するのが基本的な構成である。高速ルータのインタフェース数が2より大きい場合はこの限りではなく、より効果的な冗長構成およびトラフィック分散等を目指して設計するのが適当である。 Here, since it is necessary as a premise for the following description, the procedure for establishing the SDN connection path in the configuration of FIG. First, FIG. 6 which is an example in which FIG. 5 is replaced with a logical configuration will be described. The high-speed router shown in FIG. 6 has a configuration in which each high-speed router connects the IP subnet of the terminal / server group directly below the SDN and the backbone subnet, similarly to the virtual router shown in FIG. Each interface of the high-speed router is a trunk connection of two VLANs, one is connected to the VLAN on the existing IP network side, and the other is connected to the VLAN of the terminal / server accommodated by the SDN. This is because, in the case of a minimum configuration with two router interfaces to be applied, the primary failure (one interface or one device is down) causes other active interfaces or devices to be practical. This is a configuration for preventing the system from being used in the future. For example, even if IF-1 of the router 102 is down, the router 102 can perform the forwarding function because it is connected to the backbone network and the terminal / server in the SDN by IF-2. Even when the router 101 goes down, the router 102 is connected to each VLAN (VLAN 311, VLAN 312, VLAN 331, and VLAN 332) through the IF-1 and IF-2 trunk connections without any problem in the IP network configuration. Therefore, it is possible to transfer packets between the VLANs, and the transfer environment is necessary and sufficient. If each high-speed router has four or more interfaces, there is no necessity for trunk connection, and the connection configuration is not limited to that shown in this example. When there are more than two VLANs on the existing IP network side or on the terminal side directly accommodated by the SDN, the basic configuration is to increase the number of trunk VLANs of each interface and connect them. When the number of interfaces of the high-speed router is larger than 2, this is not limited, and it is appropriate to design for a more effective redundant configuration and traffic distribution.
 図6の構成から、既存IPネットワーク内の端末・サーバとSDN内の端末・サーバが通信を行う場合、2つの高速ルータのどちらかを必ず経由することになる。従って、既存IPネットワーク内の端末・サーバと、SDN直下の端末・サーバの間の通信は、高速ルータを経てSDNを必ず2度通過する。よって、これらの間の通信コネクション1本に対して、コネクションパスは2本(片方向ずつで考えると、双方向では計4本)確立されることになる。 From the configuration of FIG. 6, when a terminal / server in the existing IP network and a terminal / server in the SDN communicate, it always passes through one of the two high-speed routers. Therefore, the communication between the terminal / server in the existing IP network and the terminal / server directly under the SDN always passes through the SDN twice through the high-speed router. Therefore, two connection paths are established for one communication connection between these (a total of four connection paths in one direction).
 その様子を図7に示す。ここでは簡単のため、片方向のみ示している。端末AがサーバBにコネクションのリクエスト(例えばTCP-SYN)を送信したときの動作である。端末Aから送信されたリクエストパケットがルータ100に到着した場合、ルータ100はパケットの宛先のIPアドレスを自らが保持するルーティングテーブルにおいて検索し、次の宛先としてルータ102のIF-1を結果として得る(IPフォワーディング処理)。ここで、ルータ100の当該IPアドレスに対する次の転送先の候補は、ルータ101のIF-1およびIF-2、ルータ102のIF-1およびIF-2であるが、コネクション情報(ここではTCP/IPヘッダ情報)を利用した一定のアルゴリズムに従って負荷分散するように構成されているのが一般的である。この負荷分散機能は、1つのコネクションのパケットに対して必ず同じ転送先が選択されるようになっていて、パケットの順序が入れ替わらないようにしている。図7では、その選択の結果ルータ102のIF-2が選択されたことになる。そして、図7のSDNでは、ルータ102のIF-2の既存IPネットワーク側のVLANがSDNスイッチSDNS211のIF-1に接続されているものとする。従って、ルータ100がルータ102のIF-2宛てに転送すると、SDNへの入り口の1つであるSDNS211のIF-1に入力する。SDNスイッチSDNS211では、入力したパケットをコネクションパステーブルで検索し、ヒットするものがないとSDNコントローラSDNCに、エントリのないコネクションのパケットが入力したことを通知する。これを受けて、SDNCは宛先MAC(Media Access Control)アドレスの接続先インタフェースの検索や経路の計算を行って、宛先がSDNスイッチSDNS222のIF-1であることを突き止め、SDN内の各SDNスイッチにコネクションパス設定を行い、図7に示すコネクションパス103を構築し、ルータ102のIF-2にリクエストパケットを転送する。続いて、ルータ102では、当該リクエストパケットをIPフォワーディング処理にかけた結果、宛先IPアドレスがルータ102のIF-1のIPアドレスと同じサブネットであることがわかったため、当該パケットをルータ102のIF-1から送信する。当該宛先IPアドレスはサーバBのIF-1のものであったため、当該リクエストパケットは無事にサーバBのIF-1へ到着する。SDNスイッチSDNS221は、IF-1から入力した当該パケットを自らのコネクションパステーブルで検索し、ヒットしないためSDNコントローラSDNCにその旨の通知を行う。SDNCは、当該パケットの宛先MACアドレスの接続先インタフェースの検索や経路の計算を行って、それがSDNスイッチSDNS231のIF-1に接続されていることを突き止め、SDN内の各SDNスイッチにコネクションパス設定を行い、図7に示すコネクションパス104を構築して当該パケットをサーバBのIF-1に転送する。このように、SDNコントローラSDNCは必ず2本のコネクションパスを構築してSDN内を通過することになる。SDN内のIPサブネットが異なる端末とサーバ間の通信においてもこの流れは同じである。なお、ルータのインタフェースはVLANトランク接続であり、既存IPネットワークおよびサーバのインタフェースはそうではないため、S1ではVLANタグの付加、S2ではVLANタグの削除が、それぞれの経路上のSDNスイッチで行われるように設定している。また、これは既存IPネットワーク内にある端末からSDN配下のサーバにコネクション確立のリクエストがあった場合の例であるが、逆の場合も順番や方向が変わるだけで、ここで説明したように、片方向につき2本のコネクションパス(フロー)、TCP/IP 1コネクション(双方向)に付き計4本のコネクションパスがSDN内に構築されることは変わらない。ここでは、SDNへの入り口の1つであるSDNS211のIF-1から入力され、SDNから出力される出力箇所に至るまでにSDNの外部にあるネットワークアプライアンスを一旦経由することで2本のコネクションパスが構築されるが、この2本のコネクションパスにより構築される経路を第1の経路と呼ぶ。 This is shown in FIG. For simplicity, only one direction is shown here. This is an operation when the terminal A transmits a connection request (for example, TCP-SYN) to the server B. When the request packet transmitted from the terminal A arrives at the router 100, the router 100 searches the routing table held by itself for the IP address of the packet destination, and obtains the IF-1 of the router 102 as the next destination as a result. (IP forwarding process). Here, the next transfer destination candidates for the IP address of the router 100 are IF-1 and IF-2 of the router 101, and IF-1 and IF-2 of the router 102, but connection information (here, TCP / Generally, the load is distributed according to a certain algorithm using (IP header information). In this load distribution function, the same transfer destination is always selected for a packet of one connection so that the order of the packets is not changed. In FIG. 7, IF-2 of the router 102 is selected as a result of the selection. In the SDN of FIG. 7, it is assumed that the VLAN on the existing IP network side of IF-2 of the router 102 is connected to IF-1 of the SDN switch SDNS211. Therefore, when the router 100 transfers to the IF-2 of the router 102, the data is input to the IF-1 of the SDNS 211 that is one of the entrances to the SDN. The SDN switch SDNS 211 searches the input packet in the connection path table, and if there is no hit, notifies the SDN controller SDNC that a connection packet having no entry has been input. In response to this, the SDNC searches the connection destination interface of the destination MAC (Media Access Control) address and calculates the route, finds that the destination is the IF-1 of the SDN switch SDNS 222, and each SDN switch in the SDN. The connection path is set, the connection path 103 shown in FIG. 7 is constructed, and the request packet is transferred to IF-2 of the router 102. Subsequently, as a result of subjecting the request packet to the IP forwarding process, the router 102 has found that the destination IP address is in the same subnet as the IP address of the IF-1 of the router 102. Send from. Since the destination IP address is that of IF-1 of server B, the request packet arrives safely at IF-1 of server B. The SDN switch SDNS 221 searches the connection path table for the packet input from IF-1, and notifies the SDN controller SDNC to that effect because it does not hit. The SDNC searches the connection destination interface of the destination MAC address of the packet and calculates the route, finds out that it is connected to IF-1 of the SDN switch SDNS231, and connects the connection path to each SDN switch in the SDN. Settings are made, the connection path 104 shown in FIG. 7 is constructed, and the packet is transferred to IF-1 of server B. In this way, the SDN controller SDNC always constructs two connection paths and passes through the SDN. This flow is the same in communication between a terminal and a server having different IP subnets in the SDN. Note that the router interface is a VLAN trunk connection, and the existing IP network and server interfaces are not. Therefore, the VLAN tag is added in S1 and the VLAN tag is deleted in S2, using the SDN switch on each route. It is set as follows. In addition, this is an example when a connection establishment request is made from a terminal in an existing IP network to a server under SDN, but in the reverse case, the order and direction only change, as described here, It is the same that two connection paths (flows) per one direction and a total of four connection paths per TCP / IP 1 connection (bidirectional) are built in the SDN. Here, two connection paths are entered through the network appliance outside the SDN from the IF-1 of the SDNS 211 that is one of the entrances to the SDN to the output location that is output from the SDN. The path constructed by these two connection paths is called the first path.
 結局、図5に示す構成は、SDNコントローラが前記の(A1)~(A3)のどの状態にあっても、既存のIPネットワークとSDNを冗長機能を連係させながら接続するという課題を解決することができる。従って、最も有効なアプローチである。そこで、図5の構成における課題を解決するための手段として、以下を適用する。
高速ルータの代わりに、安価で、動的ルーティングプロトコルは機能としてサポー
トするがIPフォワード処理能力の低い、動的ルーティング処理専用ルータを配置
する。
 b. 高速ルータを経由して確立されていたコネクションパスを、確立直後にそれぞれ
  直結して、上記動的ルーティング処理専用ルータでのデータパケットのフォワー
ディング処理を回避する。
 課題(iv)は手段a, bの適用によって解決することができる。そして、課題(iii)は結果的にSDNに閉じた通信に置き換えるため、SDNならではの機能の適用を可能にする。つまり、(iii)、(iv)が共に解決される。 In the end, the configuration shown in FIG. 5 solves the problem of connecting the existing IP network and the SDN with the redundant function in any state of the above-mentioned (A1) to (A3). Can do. Therefore, it is the most effective approach. Therefore, the following is applied as means for solving the problem in the configuration of FIG.
Instead of a high-speed router, a dedicated router for dynamic routing processing, which is inexpensive and supports a dynamic routing protocol as a function but has a low IP forward processing capability, is arranged.
b. Directly connect the connection paths established via the high-speed router immediately after establishment, thereby avoiding the data packet forwarding processing at the router for exclusive use of dynamic routing.
Problem (iv) can be solved by applying means a and b. Since the problem (iii) is eventually replaced with the communication closed to the SDN, it is possible to apply the function unique to the SDN. That is, both (iii) and (iv) are solved.
 改めて以下にまとめると、上記a.およびb.の適用により、SDNコントローラの実装状況を示す(A1)~(A3)のどの状態においても、課題を解決して目的を果たすことが可能となる。 Summarized below, the application of a. And b. Above makes it possible to solve the problems and fulfill the purpose in any of the states (A1) to (A3) indicating the mounting status of the SDN controller.
 コネクションパス直結機能部(以下、フロー直結部)110を適用した様子を図8に示す。図8では、経路制御装置120がネットワーク制御部であるSDNコントローラとフロー(コネクションパス)直結部110を備えた構成が示されている。図8に示す構成では、ベンダ独自、あるいは標準に限らず動的ルーティングプロトコルによって既存IPネットワークの冗長機能と連係が可能であり、ネットワークアプライアンスの一つの形態であるルータは安価で、既存IPネットワーク側の設定変更も必要なく試験評価も必要がない。フロー直結部110はSDNコントローラの機能の一部として適用されるが、その処理プロセス自体は可能であればAPI(Application Programming Interface)を通してSDNコントローラと同一のネットワークアプライアンス(あるいは計算機/PC)にあっても、他のネットワークアプライアンスにあっても良い。これは実装次第である。ここで、動的ルーティング処理専用ルータは、動的ルーティングプロトコルを最低限サポートする、フォワーディング処理能力の高くない、安価なルータである。パケットのフォワーディング処理は、コネクションパス確立時の2ないし3パケットを滞りなくフォワードできれば良い程度のものある。高速ルータよりは1桁ないし2桁程度、価格を抑えられる可能性がある。 FIG. 8 shows a state in which the connection path direct connection function unit (hereinafter, flow direct connection unit) 110 is applied. FIG. 8 illustrates a configuration in which the route control device 120 includes an SDN controller that is a network control unit and a flow (connection path) direct connection unit 110. In the configuration shown in FIG. 8, it is possible to link with a redundant function of an existing IP network not only by the vendor but also by a dynamic routing protocol as well as a standard, and a router as one form of network appliance is inexpensive and the existing IP network side There is no need to change the setting and no test evaluation is required. The flow direct connection unit 110 is applied as a part of the function of the SDN controller. However, if possible, the process itself is in the same network appliance (or computer / PC) as the SDN controller through an API (Application Programming Interface). May be on other network appliances. This is up to the implementation. Here, the dedicated router for dynamic routing processing is a low-cost router that does not have high forwarding processing capability and supports the dynamic routing protocol at a minimum. The packet forwarding process is only required to forward two or three packets at the time of establishing the connection path without delay. There is a possibility that the price can be reduced by one or two digits compared to a high-speed router.
 ここで、フロー直結部110の概要を示す。図7で示した通り、既存IPネットワーク内の端末からSDN内のサーバに向けて送信されたパケットは、動的ルーティング処理専用ルータで中継されて、宛先のSDN内のサーバに到達する。そのため一度SDNから外へ出て、再びSDNに入力するため、図9(a)のように2本の片方向コネクションパス(フロー)が構築される。このとき、フロー直結部110は、動的ルーティング処理専用ルータ宛のコネクションパス(1本目のコネクションパス:"前"フロー)のSDNへの入力箇所(SDNスイッチSDNS211とそのインタフェースIF-1)と、当該ルータからサーバ宛てのコネクションパス(2本目のコネクションパス:"後"フロー)のSDNからの出力箇所(SDNスイッチSDNS231とそのインタフェースIF-1)を捉え、それらを結ぶコネクションパスを図9(b)に示すように構築する。このときルータがパケットのMACアドレスを書き換えているため、図9(b)のコネクションパス上のSDNスイッチのうち1つが当該書き換えを行うことを含めたコネクションパス設定を行う。一般に書き換えるコネクションパスを設定するのは経路上の最初あるいは最後のSDNスイッチであり、実装にあたってはどちらかに固定するのが良い。ここでは、図9(a)に示すように、SDNに入力される入力箇所からSDNから出力される出力箇所に至るまでにSDNの外部にあるネットワークアプライアンスを一旦経由する経路を第1の経路と呼ぶのに対し、図9(b)に示すようにネットワークアプライアンスを経由することなく前記入力箇所から前記出力箇所に至る経路を第2の経路と呼ぶ。 Here, the outline of the flow direct connection part 110 is shown. As shown in FIG. 7, a packet transmitted from a terminal in an existing IP network to a server in the SDN is relayed by a dedicated router for dynamic routing processing and reaches a server in the destination SDN. Therefore, in order to once go out of the SDN and input again to the SDN, two one-way connection paths (flows) are constructed as shown in FIG. At this time, the flow direct connection unit 110 includes an input location to the SDN (SDN switch SDNS 211 and its interface IF-1) of a connection path (first connection path: “previous” flow) addressed to the dedicated router for dynamic routing processing, A connection path (the SDN switch SDNS 231 and its interface IF-1) output from the SDN of the connection path (second connection path: “after” flow) from the router to the server is captured and the connection path connecting them is shown in FIG. Build as shown in). At this time, since the router rewrites the MAC address of the packet, one of the SDN switches on the connection path in FIG. 9B performs connection path setting including the rewriting. In general, the connection path to be rewritten is set at the first or last SDN switch on the route, and it is preferable to fix to either of them when mounting. Here, as shown in FIG. 9 (a), the route that once passes through the network appliance outside the SDN from the input location input to the SDN to the output location output from the SDN is defined as the first route. In contrast, a route from the input location to the output location without going through the network appliance as shown in FIG. 9B is referred to as a second route.
 さらに、ルータを通過する"前後の関係"にあるコネクションパスを識別するにあたって、具体的に以下の方式を適用する。まず、"前後の関係"にあるコネクションパスは以下の関係にある。
(B1)TCPUDP/IPヘッダ情報は同じであるが、MACアドレスが異なる。
 これは、動的ルーティング処理専用ルータは通信パケットに対してIPフォワーディング処理を行うため、L2送受アドレス(MACアドレス)は変化しても、L3以上のレイヤの送受アドレス情報が変化することはない。つまり、あくまで動的ルーティング処理専用ルータがIP中継するコネクションであることから、IPアドレスおよびMACアドレスにおいて、以下の条件にある。
(B2)送受IPアドレスに、動的ルーティング処理専用ルータのIPアドレスを含まない。
(B3)送受どちらかのMACアドレスが動的ルーティング処理専用ルータのものであり、
  "前" のコネクションパス:宛先MACアドレス
  "後" のコネクションパス:送信元MACアドレス
が該当する。 Furthermore, the following method is specifically applied to identify a connection path having a “previous relationship” passing through a router. First, the connection paths in the “previous relationship” have the following relationship.
(B1) The TCPUDP / IP header information is the same, but the MAC address is different.
This is because the dedicated router for dynamic routing processes performs IP forwarding processing on communication packets, so even if the L2 transmission / reception address (MAC address) changes, the transmission / reception address information of the L3 and higher layers does not change. That is, since the dedicated router for dynamic routing processing is a connection relayed by IP, the following conditions are satisfied for the IP address and the MAC address.
(B2) The IP address of the router dedicated to dynamic routing is not included in the transmission / reception IP address.
(B3) Either the sending or receiving MAC address is for a router dedicated to dynamic routing,
"Front" connection path: destination MAC address "Back" connection path: source MAC address.
 上記(B1)~(B3)で確認すべき情報は、全てパケットのヘッダ情報であり、既存のSDNにおいて、SDNコントローラが取得可能な情報である。従って、識別はSDNコントローラで可能であり、SDNスイッチに求められる機能はなく、SDNスイッチへの機能追加は不要である。 The information to be confirmed in the above (B1) to (B3) is all packet header information, and is information that can be acquired by the SDN controller in the existing SDN. Therefore, the identification can be performed by the SDN controller, and there is no function required for the SDN switch, and no function addition to the SDN switch is required.
 このように、実施の形態1の最も基本的な機器および機能構成は図8に示される。その構成は、経路制御装置120がネットワーク制御部であるSDNコントローラとフロー(コネクションパス)直結部110を備えることに特徴を有する。これ以外はSDNおよび既存IPネットワークを構成する機器、動的ルーティング処理専用ルータ(以下、専用ルータ)は既存のものである。また、この場合の論理構成は図10で示される。図10は図6の高速ルータを既存ルータ(動的ルーティング処理専用ルータ)に置き換えたものである。また、SDNコントローラ自体、OSSあるいは市販のものに公開のソフトウエアAPI(Application Programming Interface)を利用して機能を付加したものを含める。各専用ルータの2本のインタフェースは、図10に示されるようにVLANトランクに設定され、それぞれから既存IPネットワークとSDNが直接収容する端末・サーバのVLANに接続される。これは、インタフェースダウン、機器ダウンそれぞれにおいて1つのダウンが他の機器やインタフェースを巻き添えにしないための最小限の構成である。 Thus, the most basic equipment and functional configuration of the first embodiment are shown in FIG. The configuration is characterized in that the route control device 120 includes an SDN controller which is a network control unit and a flow (connection path) direct connection unit 110. Other than this, the SDN, the devices constituting the existing IP network, and the dedicated router for dynamic routing processing (hereinafter referred to as a dedicated router) are existing. The logical configuration in this case is shown in FIG. FIG. 10 is obtained by replacing the high-speed router of FIG. 6 with an existing router (a dedicated router for dynamic routing processing). In addition, the SDN controller itself, an OSS or a commercially available one added with a function using a public software API (Application Programming Interface) is included. The two interfaces of each dedicated router are set as VLAN trunks as shown in FIG. 10, and are connected to the VLANs of terminals and servers directly accommodated by the existing IP network and SDN. This is a minimum configuration in which one down does not involve another device or interface in each of the interface down and the device down.
 まず、SDN内にルータを配置し、それが既存IPネットワークの各ルータ、およびSDNが収容する端末・サーバとARP(Address Resolution Protocol)、DHCP(Dynamic Host Configurable Protocol)、その他のIPの基本手順について通信が行える必要がある。これについては、SDNの基本機能で対応可能である。SDNのデフォルトの設定を変更する必要がある場合もあるが、このために新しい機能を追加する必要はない。物理的に接続し、論理的にも図10に示したように構成され、ルータの設定(IPアドレスや動的ルーティングプロトコルなど)が正常に行われれば、既存IPの動的ルーティングによる冗長機能に対応したネットワークが構築され、通信も可能となる。ここまでは、既存の技術で対応可能である。ただし、フロー直結部110が稼働していなければ、専用ルータが全てのパケットのIPフォワーディングを行うことになり、大きな処理負荷がかかって、通信要求が増えればネットワークが破綻することになる。 First, a router is placed in the SDN, and each router in the existing IP network, the terminal / server that the SDN accommodates, ARP (Address Resolution Protocol), DHCP (Dynamic Host 、 Configurable Protocol), and other basic IP procedures You need to be able to communicate. This can be dealt with by the basic function of SDN. Although it may be necessary to change the default settings of the SDN, no new functionality needs to be added for this purpose. If it is physically connected and logically configured as shown in FIG. 10 and the router setting (IP address, dynamic routing protocol, etc.) is performed normally, the redundant function by dynamic routing of the existing IP is achieved. A corresponding network is established and communication is possible. Up to this point, existing technologies can be used. However, if the flow direct connection unit 110 is not operating, the dedicated router performs IP forwarding of all packets, and a large processing load is applied, and if the number of communication requests increases, the network breaks down.
 続いて、本実施の形態の特徴であるフロー直結部110の動作を示す。当該機能を図11を用いて説明する。図11は、既存IPネットワークの先にある端末とサーバの間で通信を行う様子を示しており、パケットが端末からサーバへ転送されるときに、専用ルータの前後にSDNがある構成をパケットの流れに沿って示している。グレー色の背景は、これらが1つのSDNであることを示しており、専用ルータの前後で1つのSDNに折り返されている。専用ルータに接続されたインタフェースは、図10のネットワークアプライアンスの一つの形態であるルータ111およびルータ112から引き出されている各ルータそれぞれ計4本の黒い細線に相当し、IF-1あるいはIF-2というように物理的に異なるとは限らない。そして、SDNコントローラにはコネクションパス直結機能が搭載されている。 Subsequently, an operation of the flow direct connection unit 110, which is a feature of the present embodiment, will be described. The function will be described with reference to FIG. FIG. 11 shows a state in which communication is performed between a terminal and a server at the end of an existing IP network. When a packet is transferred from the terminal to the server, a configuration in which there is an SDN before and after the dedicated router Shown along the flow. The gray background indicates that these are one SDN and is folded back into one SDN before and after the dedicated router. The interface connected to the dedicated router corresponds to a total of four black thin lines drawn from the router 111 and the router 112 which are one form of the network appliance of FIG. Thus, it is not always physically different. The SDN controller is equipped with a connection path direct connection function.
 まず、フロー直結部110には、自動的に、あるいは手動で設定しておく情報が2種類ある。その一つの情報はフロー直結部110が設定するフローの優先度であり、10000程度をデフォルトにしておけばまず問題は発生しない。もうひとつの情報については以下の2つの設定が可能である。
(C1)     専用ルータの各中継インタフェースのIPアドレスとMACアドレス
(C2)     専用ルータが各中継インタフェースを直接収容するSDNスイッチのIDとインタフェース番号、および専用ルータの各中継インタフェースのIPアドレス First, the flow direct connection unit 110 has two types of information that are set automatically or manually. One of the information is the priority of the flow set by the flow direct connection unit 110. If about 10000 is set as a default, there is no problem. For the other information, the following two settings are possible.
(C1) IP address and MAC address of each relay interface of the dedicated router
(C2) The ID and interface number of the SDN switch that the dedicated router directly accommodates each relay interface, and the IP address of each relay interface of the dedicated router
 各情報の対応関係を図11に示している。実装に当たっては、どちらか一方を最低限採用する必要がある。両方でも良い。また、IPアドレスを自動で登録することは難しいと考えられるが、それに対応するMACアドレス、あるいはSDNの接続箇所は、SDNコントローラが持つ情報を参照すれば、自動的に登録することが可能である。つまりIPアドレスを手動で登録して、それに対応するMACアドレス、あるいは収容箇所(SDNスイッチIDとインタフェース番号)は自動登録する。特に、OSS(Open Source Software)のSDNコントローラであれば対応するAPIを持つことが多い。以下では(C1)を採用し、登録手段は全て手動であるとして説明する。 The correspondence of each information is shown in FIG. For implementation, it is necessary to adopt at least one of them. Both are good. Although it is considered difficult to automatically register an IP address, the corresponding MAC address or SDN connection location can be automatically registered by referring to information held by the SDN controller. . That is, the IP address is manually registered, and the corresponding MAC address or accommodation location (SDN switch ID and interface number) is automatically registered. In particular, an OSS (Open Source Software) SDN controller often has a corresponding API. In the following description, (C1) is adopted and all the registration means are manual.
 まず、専用ルータのコンソール、その他から、当該ルータのMACアドレスを取得し、対応するインタフェースに設定したIPアドレスと合わせてフロー直結部110に設定する。設定に当たり、IPアドレスとMACアドレスの対応付けはなされていなくても良い。設定方法は実装次第であり、専用のコンソールから設定する、専用のWebページ上で設定する、あるいはフロー直結部110が自らの起動時に参照する設定ファイルに書き込むなどの手段がある。基本準備はこれで完了である。図12にフロー直結部110に設定する際の処理フローを示す。フロー直結部110は、まず専用ルータの中継に利用されるインタフェースのIPアドレスをフロー直結機能設定ファイルから読み出して内部に保存し(S1201)、SDNコントローラにIPアドレスをキーにして問い合わせ、対応するMACアドレスを取得して内部に保存する(S1202)。 First, the MAC address of the router is obtained from the console of the dedicated router and others, and is set in the flow direct connection unit 110 together with the IP address set for the corresponding interface. In setting, the IP address and the MAC address may not be associated. The setting method depends on the implementation, and there are means such as setting from a dedicated console, setting on a dedicated Web page, or writing in a setting file that the flow direct connection unit 110 refers to when starting itself. This completes the basic preparation. FIG. 12 shows a processing flow when setting in the flow direct connection unit 110. The flow direct connection unit 110 first reads the IP address of the interface used for relaying the dedicated router from the flow direct connection function setting file and stores it inside (S1201), inquires the SDN controller using the IP address as a key, and corresponding MAC An address is acquired and stored internally (S1202).
 続いて、実際に既存IPネットワーク内の端末からTCP(Transmission Control Protocol)/IPあるいはUDP(User Datagram Protocol)/IPの通信パケットが送信された場合の動作を図13を用いて示す。TCPでもUDPでも手順は同じであるが、広く利用されているTCP/IPのパケットとして示す。なお、以下ではSDNコントローラとSDNスイッチ間のインタフェース仕様として現在最も利用されているOpenFlowを前提に説明する。従って、特に断りがない限り、SDNスイッチはOpenFlowスイッチ、SDNコントローラはOpenFlowコントローラ、コネクションパスはOpenFlowの"フロー"に相当する。 Subsequently, an operation when a TCP (Transmission Control Protocol) / IP or UDP (User Datagram Protocol) / IP communication packet is actually transmitted from a terminal in the existing IP network will be described with reference to FIG. The procedure is the same for both TCP and UDP, but it is shown as a widely used TCP / IP packet. The following description is based on the assumption that OpenFlow, which is currently most used as an interface specification between the SDN controller and the SDN switch. Therefore, unless otherwise specified, the SDN switch corresponds to an “OpenFlow switch”, the SDN controller corresponds to an “OpenFlow controller”, and the connection path corresponds to an “OpenFlow” flow.
 まず、当該通信パケットが、当該SDNの1つのSDNスイッチの1つのインタフェース(SDNS211、IF-1)に到着する。SDNスイッチでは、自身のもつフローテーブルに検索をかけ、ヒットすればそれに従って処理するが、ヒットしなければ当該パケットを掲載したPACKET_INメッセージを生成してSDNコントローラに転送する(S1)。SDNコントローラでは、PACKET_INメッセージに示された入力したSDNスイッチおよびインタフェース番号、そしてパケットの宛先情報から出力先のSDNスイッチとインタフェースを特定し、FLOW_MODメッセージを構築して必要なSDNスイッチに対して送信してフローの設定を行う(S2)。そしてPACKET_OUTメッセージを生成して入力した通信パケットをSDNの出力先へ転送する(S3)。この処理は、ルータを通過後のフロー構築においても同様であり、S1、S2およびS3がそれぞれS4、S5およびS6に相当する。図14にこのSDNコントローラで行われる処理フローを示す。SDNコントローラでは、PACKET_INが到着すると、SDNコントローラによる通常の処理を行う。"前後の関係"にあるフローのうち、S1~S3が"前"、S4~S6が"後"に相当する。なおSDNコントローラおよびフロー直結部110は、PACKET_INについて"前後"のフローのどちらのものかを最初から知ることは困難である。従って、フロー直結部110の実装は、PACKET_INがどちらのものかを判定する処理を必要に応じて織り交ぜたものになる。以下では、当該PACKET_INが、図13のS1なのか、S4なのかを前提としない処理内容を示す。従って、これがそのままフロー直結部110の処理内容の一例と考えて良い。 First, the communication packet arrives at one interface (SDNS 211, IF-1) of one SDN switch of the SDN. The SDN switch searches its own flow table, and if it hits, processes it accordingly, but if it does not hit, generates a PACKET_IN message in which the packet is posted and transfers it to the SDN controller (S1). In the SDN controller, the SDN switch and interface of the output destination are specified from the input SDN switch and interface number indicated in the PACKET_IN message and the destination information of the packet, and the FLOW_MOD message is constructed and transmitted to the necessary SDN switch. The flow is set (S2). Then, the communication packet generated by generating the PACKET_OUT message is transferred to the output destination of the SDN (S3). This process is the same in the flow construction after passing through the router, and S1, S2, and S3 correspond to S4, S5, and S6, respectively. FIG. 14 shows a processing flow performed by this SDN controller. In the SDN controller, when PACKET_IN arrives, normal processing by the SDN controller is performed. Of the flows in the “front-rear relationship”, S1 to S3 correspond to “front” and S4 to S6 correspond to “rear”. Note that it is difficult for the SDN controller and the flow direct connection unit 110 to know from the beginning whether the PACKET_IN is one of the “before and after” flows. Therefore, the implementation of the flow direct connection unit 110 is a process in which processing for determining which PACKET_IN is used is interwoven as necessary. In the following, processing contents that do not assume whether the PACKET_IN is S1 or S4 in FIG. 13 are shown. Therefore, this can be considered as an example of the processing content of the flow direct connection unit 110 as it is.
 図15に実施の形態1のフロー直結部110、SDNコントローラ、そしてフロー直結部110とSDNコントローラを備えた経路制御装置120の機能構成図を示す。また、図16に実施の形態1のフロー直結部110で行われる処理、図17にフロー直結部110で行われる"後"フロー処理を示す。フロー直結部110ではPACKET_IN受信部150でSDNコントローラで複製されたPACKET_IN(図13のS1またはS4に相当)あるいは構築されたフローの情報(PACKET_INに相当するもの)を受け取ると、PACKET_INに掲載された通信パケットの送受IPアドレスを抽出する(S1601)。さらに、その入力したパケットの送受IPアドレスがフロー直結機能設定処理部151で設定された設定情報152に登録された専用ルータのIPアドレスに一致するかどうかを確認する(S1602)。一致するものがあると、フロー直結の対象外であるため処理を中止する。一致するものがなければ、続いてPACKET_INに掲載された通信パケットの送受MACアドレスを抽出する(S1603)。抽出されたMACアドレスが設定情報152に登録された専用ルータのものに一致するものがあるかどうかを宛先MACアドレス、送信元MACアドレスの順に確認し(S1604、 S1605)、あればフロー直結処理の対象であり、なければ処理を中止する。フロー直結処理の対象である場合には、専用ルータに一致するMACアドレスが、当該入力パケットの宛先MACアドレスか送信元MACアドレスかで以下に示すように処理内容が異なる。
  ●宛先MACアドレスが専用ルータに一致する場合
     "前後"の関係にあるフローの内、"前"に相当するため、フロー直結部110の"前"
   フロー処理部153が保持する"前"フローのリストである前フローエントリテーブ
   ル154に登録して処理を完了する(S1606)。登録する内容は、後の検索のた
   めのTCP・UDP/IP/MACヘッダ情報とSDNへ入力したSDNスイッチI
   Dとインタフェース番号である。
  ●送信元MACアドレスが専用ルータに一致する場合
     "前後"の関係にあるフローのうち、"後"に相当するため、"後"フロー処理部155
   は対応する"前"フローを前フローエントリテーブル154にて検索し、見つかれば
   当該エントリを抽出する一方で前フローエントリテーブル154からは削除して直
   結処理に入り、見つからなければそこで処理を完了する。なお、前記MACアドレ
   スの一致確認の際に宛先、送信元の順に確認しているため、ここで処理を完了して
   良い。
 前フローエントリテーブルを検索する際には、TCP/IPコネクションの識別に必要な情報を利用する。具体的には以下である。以下は、"前後の関係"にあるフローにおいて全て一致する。
   フレームタイプ(=0x0800)、送受IPアドレス、
  IPプロトコル(=6:TCP、または17:UDP)、送受L4ポート番号(L4:
  TCPまたはUDP)
 直結処理は、既に構築された"前後"のフローに手を加えるというより、新規に構築するのが最も簡単である。実際、図8に示すような物理構成であるため、図13において専用ルータの直前、直後のSDNスイッチが同じものであるとは限らない。同じSDNスイッチであるなら、当該SDNスイッチにおいてフローの変更を行うだけで済むが、異なる場合は複雑となり、中継されるSDNスイッチが余計に増えるなどの弊害が発生する。そのため、端末からSDNへの入口とサーバへの出口を結ぶフローを再構築することを前提とした方が簡単である。またその方がSDNコントローラがフロー直結部110とは別に提供するQOSや負荷分散などの機能と関連して、再計算するにも都合が良い。 FIG. 15 is a functional configuration diagram of the flow direct connection unit 110, the SDN controller, and the path control device 120 including the flow direct connection unit 110 and the SDN controller according to the first embodiment. Further, FIG. 16 shows processing performed in the flow direct connection unit 110 of the first embodiment, and FIG. 17 shows “after” flow processing performed in the flow direct connection unit 110. When the flow direct coupling unit 110 receives the PACKET_IN (corresponding to S1 or S4 in FIG. 13) or the constructed flow information (corresponding to PACKET_IN) copied by the SDN controller in the PACKET_IN receiving unit 150, it is posted in the PACKET_IN. The transmission / reception IP address of the communication packet is extracted (S1601). Further, it is checked whether the transmission / reception IP address of the input packet matches the IP address of the dedicated router registered in the setting information 152 set by the flow direct connection function setting processing unit 151 (S1602). If there is a match, the process is canceled because it is not subject to direct flow connection. If there is no match, the transmission / reception MAC address of the communication packet posted in PACKET_IN is extracted (S1603). Whether the extracted MAC address matches that of the dedicated router registered in the setting information 152 is checked in the order of the destination MAC address and the source MAC address (S1604, S1605). If it is not the target, the process is canceled. In the case of the flow direct connection processing target, the processing contents are different as shown below depending on whether the MAC address matching the dedicated router is the destination MAC address or the source MAC address of the input packet.
When the destination MAC address matches the dedicated router Since it corresponds to “previous” in the “previous” and “previous” relationships, “front” of the flow direct connection unit 110
The process is completed by registering in the previous flow entry table 154 which is a list of “previous” flows held by the flow processing unit 153 (S1606). The contents to be registered include TCP / UDP / IP / MAC header information for later retrieval and the SDN switch I input to the SDN.
D and interface number.
When the source MAC address matches the dedicated router Since the flow corresponds to “after” among the flows having the “before / after” relationship, the “after” flow processing unit 155
Searches for the corresponding "previous" flow in the previous flow entry table 154, and if found, extracts the entry, deletes it from the previous flow entry table 154, enters the direct processing, and if not found, completes the processing there To do. Since the MAC address match is confirmed in the order of destination and source, the processing may be completed here.
When searching the previous flow entry table, information necessary for identifying the TCP / IP connection is used. Specifically: The following are all the same in the flow in the “previous relationship”.
Frame type (= 0x0800), send / receive IP address,
IP protocol (= 6: TCP or 17: UDP), transmission / reception L4 port number (L4:
(TCP or UDP)
The direct connection process is the easiest to construct a new one rather than modifying the already constructed "before and after" flow. In fact, since the physical configuration is as shown in FIG. 8, the SDN switches immediately before and immediately after the dedicated router in FIG. 13 are not necessarily the same. If they are the same SDN switch, it is only necessary to change the flow in the SDN switch. However, if the SDN switch is different, the flow becomes complicated, and a problem such as an excessive increase of relayed SDN switches occurs. Therefore, it is easier to reconstruct the flow connecting the entrance from the terminal to the SDN and the exit to the server. This is also convenient for recalculation in connection with functions such as QOS and load distribution provided separately from the flow direct connection unit 110 by the SDN controller.
 ここでは、前フローエントリテーブルを検索して一致するものが見つかった後の手順を示す。これは"後"フローのPACKET_INに関する処理となる。図17にフロー直結部110で行われる"後"フローのPACKET_INに関する処理フローを示す。フロー直結部110では、まず、TCP/IPヘッダ情報で前フローエントリテーブルを検索する(S1701)。検索してヒットした"前"フローの情報(PACKET_INメッセージ)があれば(S1702)、一致したエントリ情報を抽出して当該エントリをテーブルから削除する(S1703)。そして、当該一致したエントリ情報から入力したSDNスイッチIDとインタフェース番号を抽出し(S1704)、後フローのPACKET_INから宛先MACアドレスを抽出する(S1705)。さらに、出力先問い合わせ処理部156が現在処理対象としているPACKET_INに掲載されたパケットの宛先情報(MACアドレス)をキーとしてSDNコントローラに問い合わせ、出力先(サーバを収容している)SDNスイッチIDとインタフェース番号を取得する(S1706)。失敗した場合はここで処理を終了する(S1707)。ここで、問い合わせおよびPACKET_INに関する以下の機能は、それぞれSDNコントローラに必須の機能である。フロー直結部110では、該当する機能のAPIを利用する。
 (D1) PACKET_INメッセージのSDNスイッチIDとインタフェース番号
       PACKET_INメッセージには、当該メッセージに掲載されたパケットが入
    力したSDNスイッチIDとインタフェースの番号が必須のフィールドとして定
    義されている。  
 (D2) 宛先MACアドレスをキーにしてSDNスイッチIDとインタフェース番号を取得
      SDNコントローラは、自身の管理するSDNに直接接続されている端末(機器は
      問わない)のMACアドレスとSDNスイッチID・インタフェース番号のテーブ
      ルを保持している。SDNスイッチのL2スイッチとしての基本機能でもあり、こ
      れがないとフローを構築することができない。実装に当たっては、フロー直結部1
   10がMACアドレスとSDNスイッチIDおよびインタフェース番号の対応リス
   トを取得して、検索をするということでも可である。
 (D3) 両端のSDNスイッチIDおよびインタフェース番号からSDN内の経路を計算
   通信パケットがSDNへ入力したSDNスイッチIDと入力インタフェース番号、
      および当該通信パケットの宛先情報から(D2)の機能によって探索した出力先SDN
      スイッチIDと出力インタフェース番号の情報から、経路を計算して経路上のSD
      Nスイッチとそれぞれの入口と出口になるインタフェース番号を取得することが可
      能である。
      これもフローを構築するに当たって必須の機能である。
 フロー直結部110はS1706で出力先スイッチIDとインタフェース番号の取得に成功した時には(S1707)、“前”フローの入力SDNスイッチIDとインタフェースを入力箇所、”後”フローの出力SDNスイッチIDとインタフェースを出力箇所として経路を経路問い合わせ処理部157からSDNコントローラに問合わせ(S1708)、問い合わせに成功した時には(S1709)、取得した経路、およびフローの情報を元に経路上の各SDNスイッチに対してフロー設定送信部158及びSDNコントローラを介してフロー設定を実施する(S1710)。このような処理により、経路が全てわかったので、経路上の各SDNスイッチにフローを設定する。すなわち、経路制御装置120内で経路の計算が行われ、計算された経路に基づき、最終的に各SDNスイッチにその設定が行われる。 Here, the procedure after searching the previous flow entry table and finding a match is shown. This is processing related to PACKET_IN of the “after” flow. FIG. 17 shows a processing flow related to PACKET_IN of the “after” flow performed in the flow direct connection unit 110. The flow direct connection unit 110 first searches the previous flow entry table with the TCP / IP header information (S1701). If there is information (PACKET_IN message) of the “previous” flow that has been searched and hit (S1702), the matched entry information is extracted and the entry is deleted from the table (S1703). Then, the input SDN switch ID and interface number are extracted from the matched entry information (S1704), and the destination MAC address is extracted from PACKET_IN of the subsequent flow (S1705). Further, the output destination inquiry processing unit 156 makes an inquiry to the SDN controller by using the destination information (MAC address) of the packet posted in the PACKET_IN that is currently processed as a key, and outputs the SDN switch ID and the interface. A number is acquired (S1706). If unsuccessful, the process ends here (S1707). Here, the following functions relating to the inquiry and PACKET_IN are functions essential to the SDN controller. The flow direct connection unit 110 uses the API of the corresponding function.
(D1) SDN switch ID and interface number of PACKET_IN message In the PACKET_IN message, the SDN switch ID and interface number entered in the packet included in the message are defined as required fields.
(D2) Obtain SDN switch ID and interface number with destination MAC address as key SDN controller MAC address and SDN switch ID / interface number of terminal (any device) directly connected to SDN managed by itself The table is held. This is also the basic function of the SDN switch as an L2 switch, and without this, a flow cannot be constructed. In mounting, flow direct connection part 1
It is also possible that 10 retrieves a correspondence list of MAC addresses, SDN switch IDs, and interface numbers.
(D3) Calculate the route in the SDN from the SDN switch ID and interface number at both ends. SDN switch ID and input interface number that the communication packet has input to the SDN.
And the output destination SDN searched by the function (D2) from the destination information of the communication packet.
The route is calculated from the switch ID and output interface number information, and the SD on the route is calculated.
It is possible to obtain the N switch and the interface number that becomes the entrance and exit of each.
This is also an essential function for building a flow.
When the flow direct connection unit 110 succeeds in acquiring the output destination switch ID and interface number in S1706 (S1707), the input SDN switch ID and interface of the “previous” flow are input locations, and the output SDN switch ID and interface of the “rear” flow are input. Is output to the SDN controller from the route inquiry processing unit 157 (S1708), and when the inquiry is successful (S1709), each SDN switch on the route is referred to based on the acquired route and flow information. Flow setting is performed via the flow setting transmission unit 158 and the SDN controller (S1710). Since all the routes have been found through such processing, a flow is set for each SDN switch on the route. That is, a route is calculated in the route control device 120, and finally, each SDN switch is set based on the calculated route.
 基本的に、上記(D3)の結果として以下のリストが得られる。下記添え字のnは1~Nの整数で、経路上のn番目のSDNスイッチであることを表す。
   SDNスイッチIDn、入力インタフェース番号n、出力インタフェース番号n
 ここで、通信パケットは実際にはルータを経由しているため、送受MACアドレスを途中で書き換える必要がある。フローを設定する際のマッチング情報としてMACアドレスを含めることは必須ではないが、マルチテナントなどを考えると含めた方が良い。ここでは、経路上の最下流のSDNスイッチで書き換えるものとする。この場合、各SDNスイッチIDnに設定されるフローは図18のようになる。図18では"インタフェース"を"IF"と表記している。 Basically, the following list is obtained as a result of the above (D3). The subscript n below is an integer from 1 to N, which indicates the nth SDN switch on the path.
SDN switch IDn, input interface number n, output interface number n
Here, since the communication packet actually passes through the router, it is necessary to rewrite the transmission / reception MAC address on the way. It is not essential to include the MAC address as matching information when setting a flow, but it is better to include it when considering multi-tenant. Here, it is assumed that the SDN switch at the most downstream position on the route is rewritten. In this case, the flow set for each SDN switch IDn is as shown in FIG. In FIG. 18, “interface” is expressed as “IF”.
 ここで、設定変更を行う順番は下流から実施する。これは、上流から設定すると、次に入力した通信パケットにそこでヒットして当該フローに従ってSDNスイッチがフォワードするが、当該パケットのタイミングによっては、経路上の全てのSDNスイッチに設定が完了しているとは限らず、その場合は経路上のSDNスイッチから意味のないPACKET_INが送信される事態に至る。下流から設定すれば、基本的に他への影響はなく、万一設定の途中でヒットしても無事に宛先に転送されることになる。ここで、マッチング情報のうち入力インタフェース以外を改めて書くと、以下である。
  フレームタイプ(=0x0800)、送受MACアドレス、送受IPアドレス、
  IPプロトコル(=6:TCP、または17:UDP)、
  送受L4ポート番号(L4:TCPまたはUDP) Here, the order of setting change is performed from the downstream. When this is set from upstream, the next input communication packet is hit there and the SDN switch forwards according to the flow. However, depending on the timing of the packet, the setting is completed for all SDN switches on the route. However, in this case, a meaningless PACKET_IN is transmitted from the SDN switch on the route. If the setting is made from the downstream, there is basically no influence on others, and even if a hit occurs in the middle of the setting, it is safely transferred to the destination. Here, the matching information other than the input interface is rewritten as follows.
Frame type (= 0x0800), send / receive MAC address, send / receive IP address,
IP protocol (= 6: TCP or 17: UDP),
Transmission / reception L4 port number (L4: TCP or UDP)
 送受MACアドレス以外は前後のフローで変化しないため上記のように最初から最後まで共通だが、送受MACアドレスは、図13の通信パケット(A)のものから(D)のものへ変換される。それが最下流で行うMACアドレスの書き換えである。ここで行うヘッダの変換について一般化すると、フロー直結部110での処理によって、通信パケット(A)のヘッダを(D)のヘッダ情報に変更すれば良いということである。これは、例えばVLANタグが一方にあって一方にはない、あるいは値が変化する場合も含む。なお、前記の通りL3以上のヘッダは変化しないので、VLANタグ等を含むL2ヘッダを通信パケット(A)のものから(D)のものに変換することになる。 Since other than the sending / receiving MAC address does not change in the flow before and after, it is common from the beginning to the end as described above, but the sending / receiving MAC address is converted from the communication packet (A) in FIG. 13 to (D). That is the rewriting of the MAC address performed at the most downstream. Generalizing the header conversion performed here is that the header of the communication packet (A) may be changed to the header information of (D) by the processing in the flow direct connection unit 110. This includes, for example, when the VLAN tag is on one side and not on the other, or the value changes. As described above, since the headers of L3 and higher do not change, the L2 header including the VLAN tag and the like is converted from the communication packet (A) to (D).
 加えて、フローの優先度について触れる。各フローにはマッチングを行う優先度を定義することが可能であり、"前後"のフローの設定のように、SDNコントローラが自ら動的に設定するフローは、固定のものよりは通常高い値に、今回のフロー直結部110のようにSDNコントローラではない外部機能が改めて設定するようなフローは、こちらにヒットさせるためさらに優先度を高く設定するのが一般的である。フロー直結部110でも、後述する理由を含め、SDNコントローラが動的に設定するものよりも高い優先度にしておく必要がある。優先度は16ビットの整数値であり、一般に動的フローの優先度はその前半の値である。フロー直結部110では10000以上の値にしておけば通常問題はないと考えられる。これはSDNコントローラの実装によるものであるため、設定の際は確認が必要である。 In addition, I will touch on the priority of flows. It is possible to define the priority for matching for each flow, and the flow that the SDN controller dynamically sets itself, such as the setting of “before and after” flow, is usually higher than the fixed one. A flow in which an external function that is not an SDN controller such as the current flow direct connection unit 110 is set anew is generally set to a higher priority in order to make it hit here. The flow direct connection unit 110 also needs to have a higher priority than that dynamically set by the SDN controller, including the reasons described later. The priority is an integer value of 16 bits, and the priority of the dynamic flow is generally the first half value. If the flow direct connection part 110 is set to a value of 10,000 or more, it is considered that there is usually no problem. Since this is due to the implementation of the SDN controller, confirmation is required at the time of setting.
 以上により、最終的に図19に示すSDNでのフローが構築される。これは専用ルータを通らず、かつIPネットワークとして矛盾のないフローである。なお、図13に示されているSDNコントローラ自らが構築した"前後"のフローは、図19のフローが構築されることで使用されなくなり、いずれタイムアウトしてそれぞれのSDNスイッチが削除する。例えばSDNS211は、該当する通信パケットが入力したときのフローエントリ検索において、"前"フローおよび図19の直結フロー共にヒットすることが確実であるが、前記の通り直結フローの方が優先度が高いため、検索の結果は必ず直結フローになる。そのため"前"フローは利用されなくなり、タイムアウトしてSDNスイッチ自身が削除する。 By the above, the flow in SDN shown in FIG. 19 is finally constructed. This is a flow that does not pass through a dedicated router and is consistent with the IP network. Note that the “before” and “after” flows constructed by the SDN controller itself shown in FIG. 13 are not used when the flow in FIG. 19 is constructed, and each SDN switch is deleted after a certain time-out. For example, the SDNS 211 is sure to hit both the “previous” flow and the direct connection flow of FIG. 19 in the flow entry search when the corresponding communication packet is input, but the direct connection flow has higher priority as described above. Therefore, the search result is always a direct connection flow. Therefore, the “previous” flow is not used, and the SDN switch itself deletes after a timeout.
 当該フロー直結部110はソフトウエアプログラムであり、通常外部記憶装置などの不揮発のメモリに保存される。そして、しかるべきOSの下、CPUが当該外部記憶装置からプログラムを読み出してRAM(ランダムアクセスメモリ)上に展開し、プロセスとして稼働が開始される。稼働開始の際は、外部記憶装置に保存された設定ファイルを読み出し、フロー直結部110自身に対して設定を行う。当該設定とは、専用ルータのIPアドレス情報、MACアドレス情報、および優先度である。当該設定ファイルは、一例として、OSに一般に付属しているテキストエディタで、入出力装置を介して手作業で編集し、前記外部装置に保存したものである。なお、フロー直結部110が扱う各テーブルは、通常RAM上に展開し、処理速度を最大限確保する。 The flow direct connection unit 110 is a software program and is usually stored in a nonvolatile memory such as an external storage device. Then, under an appropriate OS, the CPU reads the program from the external storage device and develops the program on a RAM (Random Access Memory), and the operation is started as a process. When the operation is started, the setting file saved in the external storage device is read, and settings are made for the flow direct connection unit 110 itself. The setting includes IP address information, MAC address information, and priority of the dedicated router. The setting file is, for example, a text editor generally attached to the OS, manually edited via an input / output device, and saved in the external device. Each table handled by the flow direct connection unit 110 is normally developed on the RAM to ensure the maximum processing speed.
 図20は、SDNコントローラもソフトウエアで構成され、同一のCPU190内で稼働している場合の構成である。SDNコントローラとフロー直結部110は、CPU190内でAPI/OS(Operating System)を介してコマンド等の情報を送受する。本発明のプログラムはRAM191に格納されている。図21は、SDNコントローラがネットワークアプライアンスであるが、異なるコンピュータ上で稼働している場合である。この場合、APIがOSと、さらには通信インタフェース200を介してSDNコントローラ201と接続され、コマンド等の情報を送受する。 FIG. 20 shows a configuration when the SDN controller is also configured by software and is operating within the same CPU 190. The SDN controller and the flow direct connection unit 110 send and receive information such as commands via the API / OS (Operating System) in the CPU 190. The program of the present invention is stored in the RAM 191. FIG. 21 shows a case where the SDN controller is a network appliance but is running on a different computer. In this case, the API is connected to the OS and further to the SDN controller 201 via the communication interface 200, and sends and receives information such as commands.
 この実施の形態では、IPルータとして記述したが、ゲートウエイ型(MACアドレスを書き換えながら機器間を転送する方式)のネットワークアプライアンスで、通信初期にその目的が果たせるものであればこの実施の形態を適用可能である。FW(Firewall)は、パケットを通した時点でFWの処理が終わっているのが最も一般的な構成であるため、ここで示した実施の形態がそのまま適用可能である。もし、いくつかのパケットのやりとりが必要な複雑なフィルタ処理をして初めて透過可能であると判断する必要がある場合は、PACKET_INの処理は行うものの、FWのログ情報(透過処理完了を示し、コネクション情報を含む)をフロー直結部110のトリガとして実施することで対応可能となる。ログを当該フロー直結部110が受信するためには、FW装置が通常提供するsyslog機能の宛先としてフロー直結部110が稼働するシステムを指定し、フロー直結部110がsyslogメッセージを読み出すようにするなどの手段が適用可能である。 In this embodiment, although described as an IP router, this embodiment can be applied to any gateway-type network appliance (a method of transferring between devices while rewriting the MAC address) that can fulfill its purpose in the early stages of communication. Is possible. Since the FW (Firewall) has the most general configuration in which the FW processing is completed when a packet is passed, the embodiment shown here can be applied as it is. If it is necessary to determine that transmission is possible only after a complicated filtering process that requires exchange of several packets, PACKET_IN processing is performed, but FW log information (indicating completion of transmission processing, (Including connection information) as a trigger of the flow direct connection unit 110. In order for the flow direct connection unit 110 to receive the log, the system in which the flow direct connection unit 110 operates is specified as the destination of the syslog function normally provided by the FW device, and the flow direct connection unit 110 reads the syslog message. The following means are applicable.
 図15で示されるフロー直結部110内の各部は、メモリに格納されるプログラムを実行するCPU(Central Processing Unit、中央処理装置、処理装置、演算装置、マイクロプロセッサ、マイクロコンピュータ、プロセッサー、DSPともいう)により実現される。ここで、フロー直結部110は、受信装置と、処理回路と、メモリとを備える。フロー直結部110内の各部の機能は、ソフトウェア、ファームウェア、またはソフトウェアとファームウェアとの組み合わせにより実現される。ソフトウェアやファームウェアはプログラムとして記述され、メモリに格納される。処理回路は、メモリに記憶されたプログラムを読み出して実行することにより、各部の機能を実現する。また、これらのプログラムは、フロー直結部110内の各部の機能をコンピュータに実行させるものであるともいえる。ここで、メモリとは、例えば、RAM、ROM、フラッシュメモリー、EPROM、EEPROM等の、不揮発性または揮発性の半導体メモリや、磁気ディスク、フレキシブルディスク、光ディスク、コンパクトディスク、ミニディスク、DVD等が該当する。 Each unit in the flow direct connection unit 110 shown in FIG. 15 is also called a CPU (Central Processing Unit, a central processing unit, a processing unit, a processing unit, a microprocessor, a microcomputer, a processor, and a DSP that executes a program stored in a memory. ). Here, the flow direct connection unit 110 includes a receiving device, a processing circuit, and a memory. The function of each unit in the flow direct connection unit 110 is realized by software, firmware, or a combination of software and firmware. Software and firmware are described as programs and stored in a memory. The processing circuit reads out and executes the program stored in the memory, thereby realizing the function of each unit. These programs can also be said to cause a computer to execute the functions of the respective units in the flow direct connection unit 110. Here, the memory corresponds to, for example, a nonvolatile or volatile semiconductor memory such as RAM, ROM, flash memory, EPROM, or EEPROM, a magnetic disk, a flexible disk, an optical disk, a compact disk, a mini disk, a DVD, or the like. To do.
 このように、本実施の形態の経路制御装置は、他のネットワークと接続関係を持ち、SDN(Software Defined Network)におけるパケットの経路を設定するネットワーク制御部と、他のネットワークから前記SDNに入力され、かつ、前記SDNに入力される入力箇所から前記SDNから出力される出力箇所に至るまでに前記SDNの外部にあるネットワークアプライアンスを一旦経由する第1の経路が自装置内で計算されたパケットが、前記ネットワークアプライアンスを経由することなく前記入力箇所から前記出力箇所に至る第2の経路で伝送されるように前記第2の経路を構築するフロー直結部110と、を備えたことを特徴とする。この構成によって、ルータまたはネットワークアプライアンスの処理負荷を軽減でき、安価で処理能力の高くないルータまたはネットワークアプライアンスでも対応可能なネットワークを構成することができる。 As described above, the route control device according to the present embodiment has a connection relationship with another network, and is input to the SDN from the network control unit that sets the route of the packet in the SDN (Software Defined Network) and the other network. In addition, there is a packet in which the first route that once passes through the network appliance outside the SDN from the input location input to the SDN to the output location output from the SDN is calculated in the own device. And a flow direct connection unit 110 for constructing the second route so as to be transmitted through the second route from the input location to the output location without going through the network appliance. . With this configuration, it is possible to reduce the processing load on the router or the network appliance, and it is possible to configure a network that can be handled by a router or network appliance that is inexpensive and does not have a high processing capacity.
 また、本実施の形態の経路制御装置では、前記SDNは仮想ルータ機能を持っていなくてもよいことを特徴とする。この構成によって、仮想ルータ機能を持たない場合でも、適切な経路設定を安価に行うことができる。 In the route control device according to the present embodiment, the SDN may not have a virtual router function. With this configuration, even when the virtual router function is not provided, appropriate route setting can be performed at low cost.
 また、ネットワーク制御部は第1の経路を計算するとともに、SDNに対して第1の経路の設定を行い、フロー直結部110はSDNに対して前記第1の経路に代わる前記第2の経路を設定することを特徴とする。このように、ネットワーク制御部で構築した経路に対して、フロー直結部110で必要な経路の再設定を行う構成とし、これまでのネットワーク制御部にフロー制御部を付加する形式とすることで、フロー直結機能を円滑に取り込むことが可能となる。 In addition, the network control unit calculates the first route and sets the first route for the SDN, and the flow direct connection unit 110 sets the second route instead of the first route for the SDN. It is characterized by setting. In this way, for the route constructed by the network control unit, the flow direct connection unit 110 is configured to reset the necessary route, and by adding the flow control unit to the conventional network control unit, It is possible to smoothly incorporate the flow direct connection function.
 なお、本実施の形態では、ネットワークアプライアンスの形態の一つであるルータ111、112を用いた場合について主に説明したが、ネットワークアプライアンスがL3スイッチ、またはルータ、またはFW(FireWall)であれば、同様の発明の効果を得ることができる。 In the present embodiment, the case where the routers 111 and 112, which are one form of network appliances, are mainly described. However, if the network appliance is an L3 switch, a router, or an FW (FireWall), Similar effects of the invention can be obtained.
 また、本実施の形態において、フロー直結部110は、SDNに入力された入力パケットが第2の経路を構築する対象のパケットであるか否かを、前記入力パケットのヘッダ情報に基づき、識別することを特徴とする。この構成によって、入力パケットの中からネットワークアプライアンスを経由するパケットを抽出することができ、再設定の必要なパケットに対してのみ再設定の処理を行うことで処理を効率的に行うことが可能となる。また、その際、そのヘッダ情報としてMAC(Media Access Control)アドレスを用いることにより、ネットワークアプライアンスを経由するパケットを的確に把握し、再設定の必要なパケットを効率的に抽出することが可能となる。 Further, in the present embodiment, the flow direct coupling unit 110 identifies whether or not the input packet input to the SDN is a target packet for constructing the second route, based on the header information of the input packet. It is characterized by that. With this configuration, packets that pass through the network appliance can be extracted from the input packets, and it is possible to perform processing efficiently by performing reconfiguration processing only on packets that require reconfiguration. Become. At that time, by using a MAC (Media Access Control) address as header information, it is possible to accurately grasp packets passing through the network appliance and efficiently extract packets that need to be reconfigured. .
 また、本実施の形態において、フロー直結部110は、入力パケットの有する送受IP(Internet Protocol)アドレスが前記ネットワークアプライアンスに含まれるルータのIPアドレスと一致せず、かつ、前記入力パケットの有する宛先MAC(Media Access Control)アドレスが前記ネットワークアプライアンスに含まれるルータのMACアドレスと一致し、かつ、前記入力パケットが前記ネットワークアプライアンスを経由してSDNに再び入力されたときに有する送信元MACアドレスが前記ネットワークアプライアンスに含まれるルータのMACアドレスと一致するとき、前記入力パケットは前記第2の経路を構築する対象のパケットであると判定することを特徴とする。このように、IPアドレスとMACアドレスを用いることによって、ネットワークアプライアンスを経由するパケットを効率的に抽出することができる。 Further, in the present embodiment, the flow direct connection unit 110 does not match a transmission / reception IP (Internet Protocol) address included in the input packet with an IP address of a router included in the network appliance, and the destination MAC included in the input packet. (Media | Access | Control) address matches the MAC address of the router contained in the said network appliance, and the transmission origin MAC address which the said input packet has when the input packet is again input into SDN via the said network appliance is said network When the MAC address of the router included in the appliance matches, it is determined that the input packet is a target packet for constructing the second route. As described above, by using the IP address and the MAC address, it is possible to efficiently extract a packet passing through the network appliance.
 また、本実施の形態において、フロー直結部110は、第2の経路を構築する対象のパケットが前記ネットワークアプライアンスに至る前に有するヘッダ情報を、第2の経路を構築する対象のパケットが前記出力箇所から出力されるときに有するヘッダ情報を用いて書き換える設定を行うことを特徴とする。このような構成によって、ネットワークアプライアンスを経由する経路を直結フローに円滑に変更することができる。 Further, in the present embodiment, the flow direct connection unit 110 outputs the header information that the target packet for constructing the second route has before reaching the network appliance, and the target packet for constructing the second route outputs the header information. It is characterized in that rewriting is performed using header information that is included when output from a location. With such a configuration, a route passing through the network appliance can be smoothly changed to a direct connection flow.
 また、本実施の形態は、この経路制御装置を適用したネットワークを含む。このネットワーク構成を用いることにより、ルータまたはネットワークアプライアンスの処理負荷を軽減でき、安価で処理能力の高くないルータまたはネットワークアプライアンスでも対応可能なネットワークを構成することができる。 Further, the present embodiment includes a network to which this routing control device is applied. By using this network configuration, it is possible to reduce the processing load on the router or the network appliance, and it is possible to configure a network that can be handled by a router or network appliance that is inexpensive and does not have a high processing capacity.
実施の形態2.
 実施の形態2は、基本構成は実施の形態1と同じであるが、フロー直結部110における処理手順、およびSDNコントローラにおけるPACKET_INへの対応が実施の形態1と異なる。 Embodiment 2. FIG.
The basic configuration of the second embodiment is the same as that of the first embodiment, but the processing procedure in the flow direct connection unit 110 and the response to PACKET_IN in the SDN controller are different from the first embodiment.
 まず、PACKET_INに対するSDNコントローラの処理について示す。実施の形態1では、フロー直結部110にPACKET_INを渡すのと並行してSDNコントローラで通常の処理を行っていたが、ここではフロー直結部110が完全に横取りし、SDNコントローラがPACKET_INの処理を実施することができない構成とする。そのため、SDNコントローラが行っていた"前後"のフローの構築は実施されない。具体的には、図13のフローにおいて、S2およびS5の手順が実施されないことになる。この場合、フロー直結部110には以下の機能が必要である。
(E1) PACKET_INの通信パケットが、フロー直結処理対象でない場合の動作
     SDNから横取りした処理箇所に、当該PACKET_INメッセージを改めて返
  すのが最も簡単な手順である。その後の処理は完全にSDNコントローラに委任する
  ことができる。PACKET_INを受け取るためのAPIを用意しているSDNコ
  ントローラが存在しており、このAPIを利用して渡すことと同義である。 
(E2) 出力先SDNスイッチ・インタフェースの取得とPACKET_OUTの生成送信
  フロー直結処理対象であった場合、前記フロー直結部110の各処理を実施後、P
  ACKET_INに掲載されていたパケットは、出力先のSDNスイッチおよびイン
  タフェースに転送する必要があり、そのためのPACKET_OUTメッセージを生
  成し、当該SDNスイッチに送信する手順が必要である。これは"前"フロー処理およ
  び"後"フロー処理共に追加が必要である。一方、出力先SDNスイッチおよびインタ
  フェースの取得は、"後"フローの最後の処理手順において実施しており、これを"前"
  フロー処理の最後にも追加する。PACKET_OUTメッセージは、PACKET
  _INに掲載されていた通信パケットをそのまま載せ替え、出力先SDNスイッチと
  インタフェースを指定して、当該SDNスイッチに送信する。 First, the processing of the SDN controller for PACKET_IN will be described. In the first embodiment, normal processing is performed by the SDN controller in parallel with passing PACKET_IN to the flow direct coupling unit 110, but here, the flow direct coupling unit 110 completely intercepts and the SDN controller performs processing of PACKET_IN. The configuration cannot be implemented. For this reason, the “before and after” flow construction performed by the SDN controller is not performed. Specifically, steps S2 and S5 are not performed in the flow of FIG. In this case, the flow direct connection unit 110 needs the following functions.
(E1) Operation when PACKET_IN communication packet is not subject to direct flow processing The simplest procedure is to return the PACKET_IN message again to the processing location that has been intercepted from the SDN. Subsequent processing can be completely delegated to the SDN controller. There is an SDN controller that provides an API for receiving PACKET_IN, which is synonymous with passing this API.
(E2) Acquisition of output destination SDN switch interface and generation / transmission of PACKET_OUT When the flow direct connection processing target is executed, each process of the flow direct connection unit 110 is performed, and then P
The packet listed in ACKET_IN must be transferred to the output destination SDN switch and interface, and a procedure for generating a PACKET_OUT message and transmitting it to the SDN switch is required. This needs to be added to both the "before" and "after" flow processes. On the other hand, the acquisition of the output destination SDN switch and interface is performed in the last processing procedure of the “after” flow.
Also add to the end of the flow process. PACKET_OUT message is PACKET
Replace the communication packet listed in _IN as it is, specify the output destination SDN switch and interface, and send it to the SDN switch.
 これらの差分を適用することで、"前後"それぞれのフローを実際に構築することなく、図19に示すフローを構築することができる。図22に実施の形態2のフロー直結部110、SDNコントローラ、そしてフロー直結部110とSDNコントローラを備えた経路制御装置120の機能構成図を示す。また、図23に実施の形態2におけるフロー直結部110での処理フローを示す。図23では実施の形態1の図16の処理フローに対して、新たに処理S2201、S2202、S2203、S2204およびS2205が挿入されている。具体的には、PACKET_IN受信・返却部160は宛先MACアドレスが専用ルータのものに一致した場合(S1604)、PACKET_IN情報から宛先MACアドレスを抽出し(S2201)、上記MACアドレスをキーにSDNコントローラに問い合わせ、出力先SDNスイッチとインタフェースを取得する(S2202)。その取得に成功した場合には(S2203)、PACKET_OUT送信部161はPACKET_OUTを生成して出力先SDNスイッチに送信し(S2204)、PACKET_IN情報を前フローエントリテーブルに登録する(S1606)。また一方で、S1602およびS1605の判定の結果、処理対象でないと判断された時には、イベント待ち状態に戻る前に当該PACKET_INをSDNコントローラに返却する(S2205)。 By applying these differences, the flow shown in FIG. 19 can be constructed without actually constructing the “before and after” flows. FIG. 22 is a functional configuration diagram of the flow direct connection unit 110, the SDN controller, and the path control device 120 including the flow direct connection unit 110 and the SDN controller according to the second embodiment. FIG. 23 shows a processing flow in the flow direct connection unit 110 in the second embodiment. In FIG. 23, processes S2201, S2202, S2203, S2204, and S2205 are newly inserted into the process flow of FIG. 16 of the first embodiment. Specifically, when the destination MAC address matches that of the dedicated router (S1604), the PACKET_IN receiving / returning unit 160 extracts the destination MAC address from the PACKET_IN information (S2201), and uses the MAC address as a key to the SDN controller. The inquiry and output destination SDN switch and interface are acquired (S2202). If the acquisition is successful (S2203), the PACKET_OUT transmission unit 161 generates PACKET_OUT and transmits it to the output destination SDN switch (S2204), and registers the PACKET_IN information in the previous flow entry table (S1606). On the other hand, if it is determined as a result of the determination in S1602 and S1605 that it is not a processing target, the PACKET_IN is returned to the SDN controller before returning to the event waiting state (S2205).
 また、図24に実施の形態2のフロー直結部110で行われる"後"フローのPACKET_INに関する処理フローを示す。図24では実施の形態1の図17の処理フローに対して、新たに処理S2301が挿入されている。具体的には、“前”フローの入力SDNスイッチIDとインタフェースを入力箇所、”後”フローの出力SDNスイッチIDとインタフェースを出力箇所として経路をSDNコントローラに問合わせ(S1708)、出力先SDNスイッチとインタフェースの取得に成功すると(S1709)、PACKET_OUTを生成して出力先SDNスイッチに送信し(S2301)、取得した経路、およびフローの情報を元に経路上の各SDNスイッチに対してフロー設定を実施する(S1710)。 FIG. 24 shows a processing flow related to PACKET_IN of the “after” flow performed in the flow direct connection unit 110 of the second embodiment. In FIG. 24, process S2301 is newly added to the process flow of FIG. 17 of the first embodiment. Specifically, the SDN controller is inquired about the path using the input SDN switch ID and interface of the “before” flow as the input location and the output SDN switch ID and interface of the “after” flow as the output location (S1708), and the output SDN switch If the interface is successfully acquired (S1709), PACKET_OUT is generated and transmitted to the output destination SDN switch (S2301), and the flow setting is performed for each SDN switch on the path based on the acquired path and flow information. Implement (S1710).
 上記(E1)および(E2)の手順の追加は必要であるが、フローの構築が1回であるため、以下の効率化を図ることができる。
  経路計算:  計3回⇒1回
  フロー設定:計3フロー分⇒ 1フロー分
重なる部分があるため3分の1になるわけではなく、最大でも2分の1程度と考えられるが、どちらも計算量の大きい処理であるため、SDNコントローラの処理負荷を軽減するのに有効である。 Although it is necessary to add the procedures (E1) and (E2) described above, since the flow is constructed once, the following efficiency can be achieved.
Route calculation: 3 times in total ⇒ 1 time Flow setting: 3 flows in total ⇒ Because there is a part that overlaps 1 flow, it does not become 1/3, but it is considered to be about 1/2 at the maximum, but both are calculated Since the amount of processing is large, it is effective in reducing the processing load of the SDN controller.
 なお、実施の形態2では、SDNスイッチへのフロー設定が遅くなり、フロー設定の前に端末がコネクションリクエストを再送する可能性がある。その場合、前フローエントリテーブルに同じものが2つ登録され、1つは利用されるが、もう1つはタイムアウトで削除される動作となるか、あるいはSDNスイッチに同じフロー設定要求が送信され、SDNスイッチに当該フロー設定要求がはじかれることで無事に落ち着くことになる。いずれにしても、SDNスイッチにフローが設定されない、またはフロー直結部110のリソースを使い切るといった状況にはならない。 In the second embodiment, the flow setting to the SDN switch becomes slow, and the terminal may retransmit the connection request before the flow setting. In that case, the same two are registered in the previous flow entry table and one is used, but the other is deleted by timeout, or the same flow setting request is sent to the SDN switch, The flow setting request is replied to the SDN switch, so that the user can safely settle down. In any case, there is no situation where the flow is not set in the SDN switch or the resources of the flow direct connection unit 110 are used up.
 このように、実施の形態2では、経路制御装置120がSDNに対して第1の経路の設定を行わずに前記第2の経路の設定を行うことを特徴とする。この構成によって、1回の処理で前記ネットワークへ通知することができ、SDNコントローラの処理負荷を軽減することができる。 Thus, the second embodiment is characterized in that the route control device 120 sets the second route without setting the first route for the SDN. With this configuration, the network can be notified in a single process, and the processing load on the SDN controller can be reduced.
実施の形態3.
 実施の形態3は、実施の形態2をさらに効率化したものであり、往路のみでなく復路を含めた双方向のフローを同一の経路で一度に構築する。ここで、「往路」はSDNを一部に有するネットワークにおいて第1のエンドユーザから第2のエンドユーザへ送信されるパケットのSDN内での経路を示し、「復路」は第2のエンドユーザから第1のエンドユーザへ送信されるパケットのSDN内での経路を示す。 Embodiment 3 FIG.
The third embodiment is a further improvement of the second embodiment, and constructs a bidirectional flow including not only the forward path but also the return path at the same time on the same path. Here, “outward” indicates a route within the SDN of a packet transmitted from the first end user to the second end user in a network having a part of the SDN, and “return” indicates from the second end user. The path | route in SDN of the packet transmitted to a 1st end user is shown.
 図25に実施の形態3のフロー直結部110、SDNコントローラ、そしてフロー直結部110とSDNコントローラを備えた経路制御装置120の機能構成図を示す。実施の形態3では、"前後"のフローをどちらも構築しない実施の形態2において、フロー直結処理済みエントリテーブル170を追加して、これらの間で互いに逆方向の関係にある直結済みフローを検索し、見つかった場合に最初のSDNへの入力箇所をフローの入出力の両端として経路検索を行い、その間を双方向フローとして設定するものである。一般に、TCP(Transmission Control Protocol)の通信はTCP-SYN(Synchronous)にはじまり、その応答としてTCP-SYN-ACK(Acknowledgement)が即時送信されるため、最短の手順で双方向のフロー直結処理が行われることになる。改めて以下に示す。 FIG. 25 shows a functional configuration diagram of the flow direct connection unit 110, the SDN controller, and the route control device 120 including the flow direct connection unit 110 and the SDN controller according to the third embodiment. In the third embodiment, neither the “front and back” flows are constructed. In the second embodiment, the directly connected flow processed entry table 170 is added, and the directly connected flows that are in the opposite direction to each other are searched. Then, when it is found, the route search is performed using the first input portion to the SDN as both ends of the input / output of the flow, and the interval between them is set as a bidirectional flow. In general, TCP (Transmission Control 通信 Protocol) communication starts with TCP-SYN (Synchronous) and TCP-SYN-ACK (Acknowledgement) is immediately sent as a response, so bidirectional flow direct connection processing is performed in the shortest procedure. It will be. It is shown below again.
 実施の形態3では、PACKET_INに対して実施の形態2で示した手順を実施していき、フロー直結処理を行うに至ると、PACKET_OUTの送信は実施するが、経路取得およびSDNスイッチへのフロー設定は実施しないものとする。代わりに、フロー直結部110が内部に保持するフロー直結済みエントリテーブル170を、現在の処理対象である直結処理済みフローと逆方向のヘッダ情報で検索する。逆方向とは、TCP/IPまたはUDP/IPの送受アドレスがそれぞれ逆になっている状態である。従って、以下の変換を行って検索する。
 送信元IPアドレス  ⇔  宛先IPアドレス
       送信元L4ポート番号 ⇔ 宛先L4ポート番号 In the third embodiment, the procedure shown in the second embodiment is performed for PACKET_IN, and when the flow direct connection processing is performed, the transmission of PACKET_OUT is performed, but the route acquisition and the flow setting to the SDN switch are performed. Shall not be implemented. Instead, the flow directly connected entry table 170 held in the flow directly connected unit 110 is searched with header information in the reverse direction to the directly connected flow that is the current processing target. The reverse direction is a state in which TCP / IP or UDP / IP send / receive addresses are reversed. Therefore, the following conversion is performed for searching.
Source IP address ⇔ Destination IP address Source L4 port number 宛 先 Destination L4 port number
 当然ながら、フレームタイプ、IPプロトコル番号は方向とは関係ないため変換不要である。またMACアドレスは異なる場合があるため検索フィールドとはしない。検索して一致するものがなければ、当該直結済みフローを新たなエントリとしてフロー直結済みエントリテーブル170に登録し、"後"フローのPACKET_OUT出力を行って処理を終了する。図26に関連するフロー直結部110での処理フローを示す。図26では実施の形態2の図24の処理フローに対して、新たに処理S2501~S2503が挿入され、経路取得手順S1708、S1709とフロー設定手順S1710が削除されている。具体的には、出力先SDNスイッチとインタフェースの取得に成功すると(S1707)、当該フローのTCP・UDP/IPヘッダとは反対向きのヘッダ情報でフロー直結済みエントリテーブル170を検索(S2501)し、一致するものがなければ(S2502)、当該[直結済み]フローを新たなエントリとしてフロー直結済みエントリテーブル170に登録する(S2503)。ここで、フロー直結済みエントリテーブル170の各エントリは以下のフィールド構成である。
  フレームタイプ(=0x0800)、送受IPアドレス、
 IPプロトコル(=6:TCP、または17:UDP)、
 送受L4ポート番号(L4:TCPまたはUDP)、書き換え前の送受MACアドレス、
 SDNへの入力SDNスイッチIDとインタフェース番号 Of course, since the frame type and the IP protocol number are not related to the direction, conversion is not necessary. Also, since the MAC address may be different, it is not used as a search field. If there is no match in the search, the directly connected flow is registered as a new entry in the flow directly connected entry table 170, PACKET_OUT of the “after” flow is output, and the process ends. The process flow in the flow direct connection part 110 relevant to FIG. 26 is shown. In FIG. 26, processes S2501 to S2503 are newly inserted into the process flow of FIG. 24 of the second embodiment, and the route acquisition procedures S1708 and S1709 and the flow setting procedure S1710 are deleted. Specifically, when acquisition of the interface with the output destination SDN switch succeeds (S1707), the flow directly connected entry table 170 is searched with the header information in the direction opposite to the TCP / UDP / IP header of the flow (S2501), If there is no match (S2502), the [directly connected] flow is registered as a new entry in the flow directly connected entry table 170 (S2503). Here, each entry in the directly connected entry table 170 has the following field configuration.
Frame type (= 0x0800), send / receive IP address,
IP protocol (= 6: TCP or 17: UDP),
Transmission / reception L4 port number (L4: TCP or UDP), transmission / reception MAC address before rewriting,
Input SDN switch ID and interface number to SDN
 上記のSDNスイッチとインタフェースは、"前"フローのPACKET_INに掲載されていたSDNスイッチIDとインタフェース番号で、出力先や経路上のものは不要である。また、書き換え前の送受MACアドレスは、フロー設定情報として必要であるが検索の際には利用しない。 The above SDN switch and interface are the SDN switch ID and interface number listed in the PACKET_IN of the “previous” flow, and the output destination and route are not required. The transmission / reception MAC address before rewriting is necessary as flow setting information, but is not used in the search.
 さて、検索の結果一致するものがあると、当該エントリをテーブルから抽出する一方、テーブルからは削除する。そして、現在の処理対象である直結済みフローの入力SDNスイッチIDとインタフェースを出力箇所、一致したエントリの入力SDNスイッチとインタフェースを入力箇所としてSDNコントローラに問い合わせを行い、経路計算結果を取得する。物理構成上の当該処理フローの関係を図27および図28に示す。図27は、端末からみて往路、および復路それぞれの直結フローの確立の様子を示している。往路・復路でSDNスイッチと専用ルータは異なるものとして書いているが、それぞれ同列にある各SDNスイッチおよび専用ルータは同じものであるかもしれない。また、インタフェースも同じものであるかもしれない。端末からインタフェースが複数接続されていることは滅多にないが、これは、SDNスイッチと端末の間には既存IPネットワークがあり、SDNと既存IPネットワークは複数のインタフェースで接続されているという場合を含むことに基づいている。これまで示してきた構成図(図7など)の通りである。いずれにしても往路、復路それぞれ個別に経路計算が行われ、フロー設定が行われることから、経路上の全ての機器がそれぞれ異なる可能性もあるため、図27のように表記している。ここで、星印で示した各フローの入力箇所を抽出して、それらをそれぞれ入出力のSDNスイッチとインタフェースとしてSDNコントローラにその間の経路を問い合わせる。そして得られた経路に従ってフロー設定を行い、双方向のフローを構築して、最後に"後"フローのPACKET_OUTの生成出力を行って処理を終了する。 If there is a match as a result of the search, the entry is extracted from the table and deleted from the table. Then, an inquiry is made to the SDN controller using the input SDN switch ID and interface of the directly connected flow that is the current processing target as the output location, and the input SDN switch and interface of the matched entry as the input location, and the route calculation result is acquired. The relationship of the processing flow on the physical configuration is shown in FIGS. FIG. 27 shows a state of establishing a direct connection flow for each of the outward path and the inbound path as seen from the terminal. Although the SDN switch and the dedicated router are written as different in the forward and return paths, each SDN switch and the dedicated router in the same row may be the same. The interface may also be the same. It is rare that a plurality of interfaces are connected from a terminal, but this is because there is an existing IP network between the SDN switch and the terminal, and the SDN and the existing IP network are connected by a plurality of interfaces. Is based on inclusion. It is as the configuration diagram (FIG. 7 etc.) shown so far. In any case, since the route calculation is performed separately for each of the outbound route and the inbound route, and the flow setting is performed, all devices on the route may be different from each other. Here, the input location of each flow indicated by an asterisk is extracted, and the route between them is inquired to the SDN controller using the input / output SDN switch and the interface. Then, the flow is set according to the obtained route, a bidirectional flow is constructed, and finally, the generation and output of PACKET_OUT of the “after” flow is performed, and the processing is terminated.
 図29に関連するフロー直結部110の双方向直結処理部171での処理フローを示す。まず、フロー直結部110は一致したエントリ情報を抽出して当該エントリをテーブルから削除(S2801)し、一致したエントリ情報から入力SDNスイッチIDとインタフェース番号を抽出する(S2802)。次に、一致したエントリから抽出した入力SDNスイッチIDとIF番号を入力箇所、現在の処理対象である直結済みフローの入力SDNスイッチIDとIF番号を出力箇所として経路をSDNコントローラに問合わせ(S2803)、その取得に成功すると(S2804)、取得した経路、およびフローの情報を元に経路上の各SDNスイッチに対して往復の双方向フローの設定を実施(S2805)し、現在の処理対象である直結フローの”後”フローのPACKET_OUTを生成して出力先SDNスイッチに送信する(S2806)。このとき、MACアドレス(L2ヘッダ)には往路復路共にそれぞれ書き換えが必要であるため注意する。ここで利用している、それぞれの往路復路のフローの入力箇所を新規フローの端点として新たにフローを構築する手順は、往路と復路が異なる経路を通るときに双方向同一経路のフローに集約する手順として有効である。 FIG. 29 shows a processing flow in the bidirectional direct connection processing unit 171 of the flow direct connection unit 110 related to FIG. First, the flow direct connection unit 110 extracts matched entry information, deletes the entry from the table (S2801), and extracts an input SDN switch ID and interface number from the matched entry information (S2802). Next, the SDN controller is queried with the input SDN switch ID and IF number extracted from the matched entry as the input location and the input SDN switch ID and IF number of the directly connected flow that is the current processing target as the output location (S2803). When the acquisition is successful (S2804), a bidirectional flow setting is performed for each SDN switch on the route based on the acquired route and flow information (S2805). PACKET_OUT of the “after” flow of a directly connected flow is generated and transmitted to the output destination SDN switch (S2806). At this time, it should be noted that the MAC address (L2 header) needs to be rewritten on both the forward and backward paths. The procedure for constructing a new flow using the input location of each forward / return flow as the end point of the new flow used here is aggregated into the same bi-directional flow when the forward route and the return route pass through different routes. It is effective as a procedure.
 続いて、フロー設定手順を示す。最初に示した基本的な実施の形態に示したとおり、経路計算の結果、添え字nは1~Nの整数として、以下のリストが得られる。
  SDNスイッチIDn、入力IF番号n、出力IF番号n
ここで、往路のパケットの、専用ルータで中継される前のMACアドレスを
  送信元往路MACアドレス、宛先往路MACアドレス、
対して復路のパケットの、専用ルータで中継される前のMACアドレスを
  送信元復路MACアドレス、宛先復路MACアドレス
とし、往路のTCP/IPヘッダ情報を
 フレームタイプ(=0x0800)、
 送信元IPアドレス: 端末IPアドレス、宛先IPアドレス:サーバIPアドレス
 IPプロトコル(=6:TCP)、
 送信元L4ポート番号:端末側L4ポート番号、宛先L4ポート番号:サーバ側L4ポート番号
とすると、往路、復路の各フロー設定情報はそれぞれ図30、 図31のようになる。  Subsequently, a flow setting procedure will be described. As shown in the basic embodiment shown first, as a result of the route calculation, the following list is obtained with the subscript n as an integer from 1 to N.
SDN switch IDn, input IF number n, output IF number n
Here, the MAC address of the outbound packet before being relayed by the dedicated router is the source outbound MAC address, the destination outbound MAC address,
On the other hand, the MAC address of the return packet before being relayed by the dedicated router is set as the source return MAC address and the destination return MAC address, and the forward TCP / IP header information is set to the frame type (= 0x0800),
Source IP address: Terminal IP address, Destination IP address: Server IP address IP protocol (= 6: TCP),
Assuming that the transmission source L4 port number is the terminal side L4 port number and the destination L4 port number is the server side L4 port number, the forward and backward flow setting information is as shown in FIGS. 30 and 31, respectively.
 まず、往路の書き換え先のMACアドレスは、復路のMACアドレスを反転したものである。復路では、まずマッチングとアクションのインタフェースは向きが逆になるので入れ替える必要がある。そしてマッチングの通信パケットのヘッダ情報も同時に逆向きにする必要がある。そしてパケットの流れはSDNスイッチN番目が最初で最後が1番目になるので、書き換えは最後に行い、書き換え先のMACアドレスは、往路と同様に、往路のMACアドレスの送受を入れ替えたものになっている。 First, the MAC address of the rewrite destination of the forward path is the reverse of the MAC address of the return path. On the return path, the matching and action interfaces must be swapped because the directions are reversed. The header information of matching communication packets must also be reversed at the same time. Since the SDN switch N is the first and the last is the first in the packet flow, the rewriting is performed last, and the MAC address of the rewriting destination is the same as the outgoing route, but the sending and receiving of the outgoing MAC address are switched. ing.
 この適用によって、経路計算は実施の形態2において、往復それぞれで行われ2回だったものが1回に削減される。フロー設定の回数自体は往復設定するので変わらない。いずれにしても、経路計算量が半分になり、往路と復路が同一経路になるため、障害切り分けなどの管理上のメリットがある。 By this application, the route calculation is performed in each round trip in the second embodiment, and the number that is twice is reduced to one. The number of times of flow setting itself does not change because it is set back and forth. In any case, since the route calculation amount is halved and the forward route and the return route are the same route, there are administrative advantages such as fault isolation.
 なお、フロー直結部110は、図32に示すように、SDNコントローラとは物理的に別の計算機上に実装することも可能であり、この構成であっても良い。さらに、各実施の形態においては、SDNコントローラおよびSDNスイッチ間のメッセージプロトコルをOpenFlow(特にOpenFlow1.1以降)であるものとして示したが、OpenFlow以外でもアーキテクチャとして大きくは変わらないと考えられるため、本発明はOpenFlowに限定されるものではない。 In addition, as shown in FIG. 32, the flow direct connection unit 110 can be mounted on a computer physically different from the SDN controller, and may have this configuration. Furthermore, in each embodiment, the message protocol between the SDN controller and the SDN switch is shown as OpenFlow (especially after OpenFlow 1.1 or later). However, it is considered that the architecture does not change significantly except for OpenFlow. The invention is not limited to OpenFlow.
 実装に当たり、前フローエントリテーブルおよびフロー直結処理済みのフローテーブルの2つのテーブルを規定し、それぞれにエントリを登録していく動作としている。ここでは、後から検索をかけ、ヒットするとそのエントリを取り出して(テーブルからは削除して)いく処理になっているため、ヒットせずにいつまでも残ってしまうものがでる可能性がある。これに対しては、当該エントリを登録した時刻をエントリ情報の1つとして記録し、数十秒経過後には削除する処理を追加すると有効である。この処理は、あまり精度を必要としないため数秒に一度タイムアウトの確認を行い、規定秒数を超えたエントリを削除するようにすれば良い。タイムアウトの確認も極めて簡単で、処理実施時に時刻を取得し、エントリの時刻を差し引いてタイムアウトの規定秒数と比較する。以下の条件の成立で当該エントリを削除する。
    処理実施(開始)時刻 - エントリ登録時刻 > タイムアウト規定秒数
 当該時刻の値は、Epochの秒数(1970年1月1日からの経過秒数)など、通常のOSが提供する時刻取得関数が返す値をそのまま利用可能である。また、フロー設定において、TCP通信を前提にする場合、往復を同時に設定してしまった方が有効な場合がある。TCP通信では間違いなく復路のフローは必要であり、行き帰りで経路が同じであればSDNコントローラの処理負荷は半分近く削減されることになる。このような構成の場合も、実施の形態2および3のように、最後の段階で初めてフローを設定する動作とすることは、SDNコントローラの計算資源の節約、フローの一時的な消費増加の抑制に有効である。 In the implementation, two tables, the previous flow entry table and the flow table that has been directly connected to the flow, are defined, and the entry is registered in each. Here, since the process is such that the search is performed later and the entry is taken out (deleted from the table) when it hits, there is a possibility that it will remain indefinitely without being hit. For this, it is effective to record the time when the entry is registered as one of the entry information and add a process of deleting it after a few tens of seconds. Since this process does not require much precision, it is only necessary to check the timeout once every few seconds and delete entries exceeding the specified number of seconds. Checking the timeout is very simple. The time is acquired when the process is executed, and the entry time is subtracted and compared with the specified number of seconds for the timeout. The entry is deleted when the following conditions are met.
Processing execution (start) time-entry registration time> timeout specified seconds The value of the time is the time acquisition function provided by a normal OS, such as Epoch seconds (seconds elapsed since January 1, 1970). The returned value can be used as it is. Also, in the flow setting, when TCP communication is assumed, it may be more effective to set the round trip at the same time. TCP communication definitely requires a return flow, and the processing load of the SDN controller will be reduced by almost half if the route is the same on the way back and forth. Even in such a configuration, as in the second and third embodiments, setting the flow for the first time at the last stage saves the computing resources of the SDN controller and suppresses the temporary increase in consumption of the flow. It is effective for.
 最後に、マルチキャスト通信について触れておく。マルチキャストは、通常の通信のように動的にフローが構築されることよりも、IGMPでマルチキャストの宛先としての登録がある度に経路や出力先インタフェースのグループを構成し直してフロー設定を行う方式が最も適当であると考える。このとき、一部は専用ルータを経由することになるので、出力先インタフェースのグループの登録インタフェースの1つ以上が、SDNスイッチが専用ルータを接続するインタフェースである。これを、専用ルータがフォワードする先のフローに直結する手段を適用するのも一つの考え方である。しかし、IGMPやMLD等のマルチキャストプロトコルに対応するのであれば、論理構成としてテナントは保持する必要があるが、VLAN構成とは関係なくSDN内で全て直接つないでしまうのが最も簡単である。従って、フロー直結部110で対処するのには不向きであると考えられる。 Finally, I will touch on multicast communication. Rather than dynamically constructing a flow as in normal communication, multicast is a method of reconfiguring routes and output destination interface groups each time IGMP is registered as a multicast destination. Is the most appropriate. At this time, a part of the interface goes through a dedicated router, so one or more of the registered interfaces in the output destination interface group is an interface to which the SDN switch connects the dedicated router. One way of thinking is to apply a means that directly connects this to the flow forwarded by the dedicated router. However, if it corresponds to a multicast protocol such as IGMP or MLD, the tenant needs to be held as a logical configuration, but it is easiest to connect them all directly in the SDN regardless of the VLAN configuration. Therefore, it is considered unsuitable for dealing with the flow direct connection unit 110.
 このように、実施の形態3では、前記フロー直結部110は、第1のエンドユーザから第2のエンドユーザへ送信されるパケットと前記第2のエンドユーザから前記第1のエンドユーザへ送信されるパケットが前記SDN内で伝送される経路を同一とすることを特徴とする。この構成によって、SDNコントローラの経路計算を実施の形態2の場合よりもさらに削減することができる。 As described above, in the third embodiment, the flow direct coupling unit 110 transmits a packet transmitted from the first end user to the second end user and the second end user transmitted to the first end user. The same route is used for transmitting packets within the SDN. With this configuration, the route calculation of the SDN controller can be further reduced as compared with the second embodiment.
実施の形態4.
 実施の形態4では、別の手段で直結を実施するトリガを受け取る方式の実施例を示す。トリガとして、ネットワークアプライアンスが出力する、コネクションを示す情報(TCP・UDP/IPヘッダ情報など)とそれに対する処理内容が記載されたログを利用できるものとする。ここでは実施の形態1の大部分をそのまま適用するが、"後"フロー処理のうち最後のフロー設定を行う手順を変更する。 Embodiment 4 FIG.
In the fourth embodiment, an example of a system for receiving a trigger for performing direct connection by another means will be described. As a trigger, it is possible to use a log describing information indicating connection (TCP / UDP / IP header information, etc.) output from the network appliance and processing contents for the information. Here, most of the first embodiment is applied as it is, but the procedure for performing the last flow setting in the “after” flow processing is changed.
 実施の形態4に実施の形態1からの差分を以下に示す。図33、34に実施の形態4に関連するフロー直結部110での処理フローを示す。図35に実施の形態4のフロー直結部110、SDNコントローラ、そしてフロー直結部110とSDNコントローラを備えた経路制御装置120の機能構成図を示す。実施の形態4では、フロー設定を行わず、フロー設定のための全ての情報(図18)を保存する直結フロー設定エントリテーブルに登録(S3001)して処理を終了する。一方、前記ログを監視するプロセスを稼働させ、フィルタの処理が完了したことを示すログを受け取ると、直結フロー設定エントリテーブル内に対応する直結フローがあるかどうかを検索し(S3101)、ヒットするものがあると(3102)、テーブルからヒットしたエントリを読み出す一方でテーブルからは削除する(S3103)。そしてエントリの内容に従ってフロー設定を行う。これによって、直結フローが構築される。ログを受信した時点で、当該ログに対応する直結フローは往路、復路共に準備されているため、検索は双方向で行い、各方向それぞれ1本ずつ対応するフロー設定を実施する(S3104、 S3105、 S3106、 S3107)。なお、ログ受信処理プロセスは、フロー直結部110の一部であり、起動するプロセスが1つ追加されるだけである。ただし、ログをネットワークアプライアンスで受信するに当たって、当該ネットワークアプライアンスがSDNコントローラとは異なる機器であることが一般的であるため、図36に示すように通信インタフェースを介してログを受け取ることになる。なお、この場合にも、当該ネットワークアプライアンス202の処理性能をかなり低く押さえられ、結果として安価に機能を提供することが可能となる。 The difference from Embodiment 1 is shown in Embodiment 4 below. 33 and 34 show a processing flow in the flow direct connection unit 110 related to the fourth embodiment. FIG. 35 shows a functional configuration diagram of the flow direct coupling unit 110, the SDN controller, and the path control device 120 including the flow direct coupling unit 110 and the SDN controller according to the fourth embodiment. In the fourth embodiment, the flow setting is not performed, and all the information for the flow setting (FIG. 18) is registered in the directly connected flow setting entry table (S3001), and the process ends. On the other hand, when the log monitoring process is activated and a log indicating that the filter processing is completed is received, whether there is a corresponding directly connected flow in the directly connected flow setting entry table is searched (S3101) and hit. If there is something (3102), it reads out the hit entry from the table while deleting it from the table (S3103). Then, the flow is set according to the contents of the entry. Thereby, a direct connection flow is constructed. When the log is received, the direct connection flow corresponding to the log is prepared for both the forward path and the return path, so the search is performed in both directions, and the flow setting corresponding to each direction is performed (S3104, S3105, S3106, S3107). The log reception process is a part of the flow direct connection unit 110, and only one process to be started is added. However, when the log is received by the network appliance, the network appliance is generally a device different from the SDN controller. Therefore, the log is received via the communication interface as shown in FIG. In this case as well, the processing performance of the network appliance 202 can be suppressed to a very low level, and as a result, functions can be provided at low cost.
 このように、実施の形態4では、前記フロー直結部110は、第2の経路構築の準備が整った後、ログ情報などの特定の信号をトリガとしてSDNに対して第2の経路を設定することを特徴とする。この構成によって、ログ情報などに基づき、適切なタイミングで第2の経路を設定することができる。 As described above, in the fourth embodiment, the flow direct connection unit 110 sets the second route for the SDN using a specific signal such as log information as a trigger after the preparation for the second route construction is completed. It is characterized by that. With this configuration, the second route can be set at an appropriate timing based on log information and the like.
11、12、100:ルータ、101、102:高速ルータ、103、104:コネクションパス、110:フロー直結部、111、112:ルータ、120:経路制御装置、150:PACKET_IN受信部、151:フロー直結機能設定処理部、152:設定情報、153:"前"フロー処理部、154:前フローエントリテーブル、155:"後"フロー処理部、156:出力先問い合わせ処理部、157:経路問い合わせ処理部、158:フロー設定送信部、160:PACKET_IN受信・返却部、161:PACKET_OUT送信部、170:フロー直結済みエントリテーブル、171:双方向直結処理部、190:CPU、191:RAM、200:通信インタフェース、201:SDNコントローラ、202:ネットワークアプライアンス、211、221、222、231:SDNスイッチ、311、312、331、332:VLAN 11, 12, 100: router, 101, 102: high-speed router, 103, 104: connection path, 110: flow direct connection unit, 111, 112: router, 120: route control device, 150: PACKET_IN reception unit, 151: flow direct connection Function setting processing unit, 152: setting information, 153: “before” flow processing unit, 154: previous flow entry table, 155: “after” flow processing unit, 156: output destination inquiry processing unit, 157: route inquiry processing unit, 158: Flow setting transmission unit, 160: PACKET_IN reception / return unit, 161: PACKET_OUT transmission unit, 170: Flow direct connection entry table, 171: Bidirectional direct connection processing unit, 190: CPU, 191: RAM, 200: Communication interface, 201: SDN controller, 202: network Appliance, 211, 221, 222, 231: SDN switch, 311, 312, 331, 332: VLAN

Claims (12)

  1.  他のネットワークと接続関係を持ち、SDN(Software Defined Network)におけるパケットの経路を設定するネットワーク制御部と、
     他のネットワークから前記SDNに入力され、かつ、前記SDNに入力される入力箇所から前記SDNから出力される出力箇所に至るまでに前記SDNの外部にあるネットワークアプライアンスを一旦経由する第1の経路が自装置内で計算されたパケットが、前記ネットワークアプライアンスを経由することなく前記入力箇所から前記出力箇所に至る第2の経路で伝送されるように前記第2の経路を構築するフロー直結部と、
    を備えたことを特徴とする経路制御装置。     A network control unit having a connection relationship with other networks and setting a packet path in an SDN (Software Defined Network);
    There is a first path that is input to the SDN from another network and that once passes through the network appliance outside the SDN from the input location that is input to the SDN to the output location that is output from the SDN. A flow direct connection unit that constructs the second path so that a packet calculated in its own device is transmitted through the second path from the input location to the output location without going through the network appliance;
    A path control device comprising:
  2.  前記SDNは仮想ルータ機能を持たないことを特徴とする請求項1に記載の経路制御装置。 The route control apparatus according to claim 1, wherein the SDN does not have a virtual router function.
  3.  前記ネットワーク制御部は前記第1の経路を計算するとともに、前記SDNに対して前記第1の経路の設定を行い、
     前記フロー直結部は前記SDNに対して前記第1の経路に代わる前記第2の経路を構築すること
    を特徴とする請求項1または請求項2に記載の経路制御装置。     The network control unit calculates the first route and sets the first route for the SDN.
    The path control device according to claim 1, wherein the flow direct connection unit constructs the second path instead of the first path with respect to the SDN.
  4.  前記SDNに対して前記第1の経路の設定を行わずに前記第2の経路の設定を行うこと
    を特徴とする請求項1または請求項2に記載の経路制御装置。     The path control device according to claim 1 or 2, wherein the second path is set without setting the first path for the SDN.
  5.  該ネットワークアプライアンスはL3スイッチ、またはルータ、またはFW(FireWall)を含むことを特徴とする請求項1乃至4のいずれか1項に記載の経路制御装置。 The path control device according to any one of claims 1 to 4, wherein the network appliance includes an L3 switch, a router, or an FW (FireWall).
  6.  前記フロー直結部は、前記SDNに入力された入力パケットが前記第2の経路を構築する対象のパケットであるか否かを、前記入力パケットのヘッダ情報に基づき、識別することを特徴とする請求項1乃至5のいずれか1項に記載の経路制御装置。 The flow direct connection unit is configured to identify whether or not an input packet input to the SDN is a target packet for constructing the second route based on header information of the input packet. Item 6. The route control device according to any one of Items 1 to 5.
  7.  前記ヘッダ情報はMAC(Media Access Control)アドレスであることを特徴とする請求項6に記載の経路制御装置。 The route control device according to claim 6, wherein the header information is a MAC (Media Access Control) address.
  8.  前記フロー直結部は、前記入力パケットの有する送受IP(Internet Protocol)アドレスが前記ネットワークアプライアンスに含まれる機器のIPアドレスと一致せず、かつ、前記入力パケットの有する宛先MAC(Media Access Control)アドレスが前記ネットワークアプライアンスに含まれるルータのMACアドレスと一致し、かつ、前記入力パケットが前記ネットワークアプライアンスを経由して前記SDNに再び入力されたときに有する送信元MACアドレスが前記ネットワークアプライアンスに含まれる機器のMACアドレスと一致するとき、前記入力パケットは前記第2の経路を構築する対象のパケットであると判定する
    ことを特徴とする請求項6または請求項7に記載の経路制御装置。     In the flow direct connection unit, a transmission / reception IP (Internet Protocol) address of the input packet does not match an IP address of a device included in the network appliance, and a destination MAC (Media Access Control) address of the input packet is Of a device that matches a MAC address of a router included in the network appliance and that has a source MAC address included in the network appliance when the input packet is input again to the SDN via the network appliance The path control device according to claim 6 or 7, wherein when the MAC address matches, the input packet is determined to be a target packet for constructing the second path.
  9.  前記フロー直結部は、前記第2の経路を構築する対象のパケットが前記ネットワークアプライアンスに至る前に有するヘッダ情報を、前記第2の経路を構築する対象のパケットが前記出力箇所から出力されるときに有するヘッダ情報を用いて書き換える設定を行う
    ことを特徴とする請求項1乃至8のいずれか1項に記載の経路制御装置。     The flow direct connection unit has header information that the target packet for constructing the second route has before it reaches the network appliance, and the target packet for constructing the second route is output from the output location. The route control device according to claim 1, wherein rewriting is performed using header information included in the route control device.
  10.  前記フロー直結部は、第1のエンドユーザから第2のエンドユーザへ送信されるパケットと前記第2のエンドユーザから前記第1のエンドユーザへ送信されるパケットが前記SDN内で伝送される経路を同一とする
    ことを特徴とする請求項1乃至9のいずれか1項に記載の経路制御装置。     The flow direct connection unit is a path through which a packet transmitted from the first end user to the second end user and a packet transmitted from the second end user to the first end user are transmitted in the SDN. The path control device according to claim 1, wherein the path control devices are the same.
  11.  前記フロー直結部は第2の経路構築の準備が整った後、特定の信号をトリガとして前記SDNに対して前記第2の経路を設定すること
    を特徴とする請求項1乃至10のいずれか1項に記載の経路制御装置。     11. The flow direct connection unit sets the second route for the SDN using a specific signal as a trigger after preparation for the construction of the second route is completed. The path control device according to Item.
  12.  請求項1乃至11のいずれか1項に記載の経路制御装置を適用したことを特徴とするネットワーク。 A network to which the route control device according to any one of claims 1 to 11 is applied.
PCT/JP2015/079403 2015-10-19 2015-10-19 Routing control device and network WO2017068618A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2015/079403 WO2017068618A1 (en) 2015-10-19 2015-10-19 Routing control device and network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2015/079403 WO2017068618A1 (en) 2015-10-19 2015-10-19 Routing control device and network

Publications (1)

Publication Number Publication Date
WO2017068618A1 true WO2017068618A1 (en) 2017-04-27

Family

ID=58557085

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2015/079403 WO2017068618A1 (en) 2015-10-19 2015-10-19 Routing control device and network

Country Status (1)

Country Link
WO (1) WO2017068618A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009005189A (en) * 2007-06-22 2009-01-08 Nippon Telegraph & Telephone West Corp Method and system for shifting connection destination
WO2011083668A1 (en) * 2010-01-05 2011-07-14 日本電気株式会社 Network system, controller, and network control method
WO2011093288A1 (en) * 2010-02-01 2011-08-04 日本電気株式会社 Network system, controller, and network control method
WO2015041706A1 (en) * 2013-09-23 2015-03-26 Mcafee, Inc. Providing a fast path between two entities

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009005189A (en) * 2007-06-22 2009-01-08 Nippon Telegraph & Telephone West Corp Method and system for shifting connection destination
WO2011083668A1 (en) * 2010-01-05 2011-07-14 日本電気株式会社 Network system, controller, and network control method
WO2011093288A1 (en) * 2010-02-01 2011-08-04 日本電気株式会社 Network system, controller, and network control method
WO2015041706A1 (en) * 2013-09-23 2015-03-26 Mcafee, Inc. Providing a fast path between two entities

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
NIKKEI COMMUNICATIONS: "Toshindai no OpenFlow Jisso ya Katsuyo Scene", SEKKEI ENO IMPACT O HAAKU SURU PART2 'DATA SENTER DENO KATSUYO SCENE' VLAN, MULTI TENANT, vol. 577, 1 February 2012 (2012-02-01), pages 20 - 23 *
SHINJI FURUYA ET AL.: "A study for connecting SDN with redundant legacy IP network", IEICE TECHNICAL REPORT, vol. 114, no. 390, 8 January 2015 (2015-01-08), pages 85 - 90 *

Similar Documents

Publication Publication Date Title
US11863625B2 (en) Routing messages between cloud service providers
JP7004405B2 (en) Systems and methods for distributed flow state P2P configuration in virtual networks
US10516590B2 (en) External health checking of virtual private cloud network environments
TWI821463B (en) Logical router comprising disaggregated network elements
JP6445015B2 (en) System and method for providing data services in engineered systems for execution of middleware and applications
US7260648B2 (en) Extension of address resolution protocol (ARP) for internet protocol (IP) virtual networks
US8948181B2 (en) System and method for optimizing next-hop table space in a dual-homed network environment
US7496052B2 (en) Automatic VLAN ID discovery for ethernet ports
JP5710928B2 (en) Network system, virtual network management method, and router
US10079694B2 (en) Scalable virtual networks in SDN-based ethernet networks using VLANs
US9197442B2 (en) Relay apparatus and relay method
CN104852840A (en) Method and device for controlling mutual access between virtual machines
JP2010531602A5 (en)
CN107547403B (en) Message forwarding method, message assistance device, controller and host
ES2944621T3 (en) Technique for executing a service in a local network through an extended communication network
JP2016048811A (en) Network extension system, control device, and network extension method
WO2017068618A1 (en) Routing control device and network
JP2005057693A (en) Network virtualizing system
Cisco Configuring DECnet
JP5911620B2 (en) Virtual network management server and edge router
Cisco Configuring DECnet
Cisco Configuring DECnet
WO2023143186A1 (en) Data transmission method, system and apparatus
CN115473767A (en) Method and system for accessing OVN cluster tenant network by using cloud private line

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15906626

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

NENP Non-entry into the national phase

Ref country code: JP

122 Ep: pct application non-entry in european phase

Ref document number: 15906626

Country of ref document: EP

Kind code of ref document: A1