WO2018179683A1 - Monitoring system, monitoring method, information processing device, and monitoring program - Google Patents

Monitoring system, monitoring method, information processing device, and monitoring program Download PDF

Info

Publication number
WO2018179683A1
WO2018179683A1 PCT/JP2018/000836 JP2018000836W WO2018179683A1 WO 2018179683 A1 WO2018179683 A1 WO 2018179683A1 JP 2018000836 W JP2018000836 W JP 2018000836W WO 2018179683 A1 WO2018179683 A1 WO 2018179683A1
Authority
WO
WIPO (PCT)
Prior art keywords
vnf
mac address
virtual mac
monitoring
frame
Prior art date
Application number
PCT/JP2018/000836
Other languages
French (fr)
Japanese (ja)
Inventor
寛樹 奥井
直輝 宮田
Original Assignee
エヌ・ティ・ティ・コミュニケーションズ株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by エヌ・ティ・ティ・コミュニケーションズ株式会社 filed Critical エヌ・ティ・ティ・コミュニケーションズ株式会社
Publication of WO2018179683A1 publication Critical patent/WO2018179683A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks

Definitions

  • the present invention relates to a monitoring system, a monitoring method, an information processing apparatus, and a monitoring program.
  • EtherOAM is a technical standard used to operate and maintain L2 layer networks and services.
  • ITU-T recommendation Y.
  • IEEE is standardized as 802.1ag.
  • EtherOAM the endpoint device to be monitored is called MEP (Maintenance Entity Group End Point) and uses the standard monitoring CCM (Continuity Check Message) frame and the LMM (Loss Measurement Message) frame. Loss measurement, delay measurement using a DMM (Delay Measurement Message) frame, and the like can be performed in the L2 layer.
  • NFV Network Function Virtualization
  • VNF Virtual Network Function
  • Whiteboxes which have been re-implemented with software, have been provided with dedicated hardware so that flexible network design can be realized at low cost using NFV.
  • NFV / VNF The flow of NFV / VNF is being driven by the needs of users who want to design networks more flexibly. VNF products are gradually released from higher layers, and NFV / VNF of many functions are realized in L3 and above. ing. However, the NFV / VNF conversion of the L2 function is still under development because it cannot be controlled using IP, and high performance requirements are required.
  • dis-aggregation NW that realizes functions by separating each optical device module installed in an integrated transmission device and combining pizza box type devices that realize only the respective functions is nowadays. It is being considered.
  • the purpose is to improve the flexibility of equipment procurement and equipment design by dividing all-in-one type optical transmission equipment into functional parts such as L2 switches, transponders, optical switches, and optical amplifiers.
  • dis-aggregation NW instead of being able to realize functions at low cost by freely procuring and constructing separated function modules, it is necessary to separately arrange and construct the EtherOAM function that is standard in integrated transmission equipment. .
  • a function for monitoring an opposing terminal that can be accommodated by EtherOAM is often provided, and the monitoring function can be used simultaneously with the introduction of the device.
  • additional function support is required, such as separately arranging a dedicated appliance device for monitoring, or implementing the EtherOAM function using software and VNF. Become.
  • the carrier transmission network has a separate EtherOAM function, it must be designed in consideration of scale-out because there are many monitoring targets and performance requirements are severe. Since all access devices accommodated in the carrier transmission network must be monitored, the number of devices to be monitored is larger than that of a general L2 network. If scale-out with an increased number of monitoring targets is required, it is possible to manually construct and set up more physical devices. However, considering operation costs, it is desirable to automatically scale out using NFV / VNF technology.
  • VIM Virtual Infrastructure Management
  • OpenStack the operation and management infrastructure of VNF.
  • ETSI's NFV MANO Management and Orchestration
  • NFV MANO Management and Orchestration
  • the monitoring target device and the monitoring VNF each asynchronously send out a CCM frame, and confirm the normality of interconnection with the opposite side by arrival of the CCM frame from the opposite side.
  • CCM regular monitoring is performed using the unicast mode
  • the MAC address dynamically assigned to the VNF is set as the frame transmission destination of the monitoring target device, so that the monitoring target device cannot be easily monitored. was there.
  • the monitoring system of the present invention is a monitoring system having an information processing device that operates a plurality of VNFs, and the information processing device is monitored by each VNF.
  • a storage unit that stores the virtual MAC address of the own VNF set for each target device, and when each VNF receives a frame transmitted from the monitoring target device, the destination MAC address of the frame is the own VNF
  • a determination control unit that controls each VNF to match each of the virtual MAC addresses, and controls to discard the frame for the VNFs that do not match the destination MAC address and the virtual MAC address; VNFs for which the destination MAC address matches the virtual MAC address are included in the frame.
  • the monitoring control unit that controls the monitoring target device to monitor communication based on the information to be transmitted from the storage unit to the transmission destination monitoring target device
  • a setting control unit configured to acquire a virtual MAC address of a corresponding VNF and control the acquired virtual MAC address to be set as a transmission source MAC address.
  • the monitoring method of the present invention is a monitoring method executed by an information processing device that operates a plurality of VNFs, and the information processing device has its own VNF set for each monitoring target device managed by each VNF.
  • Storage unit that stores the virtual MAC address of the VNF, when each VNF receives a frame transmitted from the monitored device, the destination MAC address of the frame matches one of the virtual MAC addresses of the own VNF
  • the virtual MAC address of the VNF corresponding to the transmission destination monitoring target device is acquired from the storage unit when the VNF transmits a frame to the monitoring target device. And a setting control step for controlling to set the acquired virtual MAC address as the source MAC address.
  • the information processing apparatus of the present invention is an information processing apparatus that operates a plurality of VNFs, and stores a virtual MAC address of the own VNF set for each monitoring target apparatus managed by each VNF, and When each VNF receives a frame transmitted from the monitored device, each VNF determines whether the destination MAC address of the frame matches one of the virtual MAC addresses of its own VNF, and the destination MAC A VNF in which the address and the virtual MAC address do not match is included in the frame, and a determination control unit that controls to discard the frame and a VNF in which the destination MAC address and the virtual MAC address match are included in the frame A monitoring control unit that controls to monitor communication of the monitoring target device based on the information to be monitored; When the VNF transmits a frame to the monitoring target device, the virtual MAC address of the VNF corresponding to the monitoring target device of the transmission destination is acquired from the storage unit, and the acquired virtual MAC address is set as the transmission source MAC address. And a setting control unit that controls the setting.
  • FIG. 1 is a schematic diagram illustrating the overall configuration of the monitoring system according to the first embodiment.
  • FIG. 2 is a block diagram illustrating a configuration example of the information processing apparatus according to the first embodiment.
  • FIG. 3 is a diagram illustrating an example of a table stored in the virtual MAC management table storage unit.
  • FIG. 4 is a diagram for explaining an example of a virtual MAC address pre-setting process.
  • FIG. 5 is a diagram for explaining an example of an EtherOAM frame reception process.
  • FIG. 6 is a diagram for explaining an example of an EtherOAM frame transmission process.
  • FIG. 7 is a diagram for explaining an example of processing when scale-out is performed on the same physical host.
  • FIG. 8 is a diagram for explaining an example of processing when performing scale-out to another physical host.
  • FIG. 1 is a schematic diagram illustrating the overall configuration of the monitoring system according to the first embodiment.
  • FIG. 2 is a block diagram illustrating a configuration example of the information processing apparatus according to the first embodiment.
  • FIG. 9 is a diagram illustrating an outline of processing for transmitting and receiving a frame using a virtual MAC address set for each monitoring target device.
  • FIG. 10 is a sequence diagram illustrating an example of the flow of the pre-setting process in the monitoring system according to the first embodiment.
  • FIG. 11 is a flowchart illustrating an example of a flow of reception processing in the VNF according to the first embodiment.
  • FIG. 12 is a flowchart illustrating an example of a flow of transmission processing in the VNF according to the first embodiment.
  • FIG. 13 is a diagram for explaining a problem of the conventional method.
  • FIG. 14 is a diagram for explaining a problem of the conventional method.
  • FIG. 15 is a diagram illustrating a computer that executes a monitoring program.
  • FIG. 1 is a diagram illustrating an example of a configuration of a monitoring system according to the first embodiment.
  • the monitoring system 1 according to the first embodiment includes a plurality of VNFs 10A to 10C, an EtherOAM controller 20, an SDN (Software-Defined Networking) controller 30, a VNFM (Virtual Network Function Manager) 40, a VIM (Virtualized Infrastructure Manager) 50, and a plurality. Access devices 60A and 60B.
  • the VNFs 10A to 10C are connected to the access devices 60A and 60B to be monitored via the L2 transmission network 70 and the L2 switch 80.
  • the configuration illustrated in FIG. 1 is merely an example, and the specific configuration and the number of devices are not particularly limited. Further, when a plurality of VNFs 10A to 10C and a plurality of access devices 60A and 60B are described without distinction, they are referred to as VNF 10 and access device 60.
  • the VNFs 10A to 10C are connected to the L2 transmission network 70, and realize monitoring by transmitting and receiving EtherOAM to and from the access device 60 via the L2 transmission network 70 and the L2 switch 80.
  • the access device 60 and the VNF 10 that monitors each access device must be transparently connected to each other in the L2 layer. .
  • the access device 60A is transparently connected to the VNF 10A that monitors the access device 60A
  • the access device 60B is transparent to the VNF 10B that monitors the access device 60B. Connected.
  • the access device 60A and the access device 60B need not be transparently connected. For example, by making a port connected to the VNF 10 of the L2 switch 80 a trunk port and accommodating a plurality of VLANs, the access devices 60 and the VNF 10 that monitors each access device are transparent while the access devices 60 are separated into different L2 segments. Connect.
  • VNFs 10A to 10C are virtually constructed on the VIM 50 represented by OpenStack. Further, life cycle management such as instance creation / deletion / scale-out / in of the VNFs 10A to 10C is controlled by the VNFM 40. Management of the EtherOAM related setting information in the VNFs 10A to 10C is performed by the EtherOAM controller 20.
  • the EtherOAM related setting information is, for example, the MEG ID, MEP ID, MAC address, VLAN, etc. of the access devices 60A and 60B to be monitored. Further, it is necessary to perform consistent provisioning for both of the VNFs 10A to 10C and the access devices 60A and 60B, and this is performed by the upper SDN controller 30.
  • the functions of the EtherOAM controller 20, the SDN controller 30, the VNFM 40, and the VIM 50 may be realized by the same physical machine or may be realized by separate physical machines.
  • the EtherOAM controller 20, the SDN controller 30, the VNFM 40, and the VIM 50 are realized by the information processing apparatus 100 that is the same physical machine.
  • FIG. 2 is a block diagram illustrating a configuration example of the information processing apparatus according to the first embodiment.
  • the information processing apparatus 100 includes a communication processing unit 11, a control unit 12, and a storage unit 13.
  • processing of each unit included in the information processing apparatus 100 will be described.
  • the communication processing unit 11 controls communication related to various information. For example, the communication processing unit 11 transmits / receives an EtherOAM frame between the access device 60 via the transmission network 70 and the L2 switch 80.
  • the storage unit 13 stores data and programs necessary for various types of processing by the control unit 12, and has a virtual MAC management table storage unit 13a particularly closely related to the present invention.
  • the storage unit 13 is a semiconductor memory element such as a RAM (Random Access Memory) or a flash memory, or a storage device such as a hard disk or an optical disk.
  • the virtual MAC management table storage unit 13a stores the virtual MAC address of the VNF 10 set for each monitored access device 60 managed by each VNF 10, and the MAC address / VLAN ID of the access device 60. For example, as illustrated in FIG. 3, the virtual MAC management table storage unit 13a associates the “MEG ID” and “MEP ID” with the virtual MAC address of each VNF 10 set for each access device 60 to be monitored. Is stored as a “virtual MAC”. Further, “monitoring target MAC” and “VLAN ID” are stored as configuration information of the access device 60. Although FIG. 3 shows the case where one “VLAN ID” is used, “VLAN ID” may be assigned in multiple stages.
  • the virtual MAC management table storage unit 13a includes MEG ID “MEG10” and MEP ID “100” as information corresponding to the managed access device 60A managed by the VNF 10A.
  • the configuration information of the access device 60B (monitoring target MAC“ YY: YY: YY: YY: Y2 ”and VLAN) And stores the ID "20”) and in association with
  • the EtherOAM controller 20 holds all the records included in the virtual MAC management table.
  • Each VNF 10 holds a record corresponding to the managed access device 60 managed by each VNF 10 in the virtual MAC management table.
  • the VNF 10A includes, as information corresponding to the managed access device 60A managed by the VNF 10A, the MEG ID “MEG10”, the MEP ID “100”, and the virtual MAC “XX: XX: XX: XX: X1”.
  • the configuration information of the access device 60A (monitoring target MAC “YY: YY: YY: YY: YY: Y1” and VLAN ID “10”) are stored as a virtual MAC management table.
  • the control unit 12 has an internal memory for storing a program that defines various processing procedures and necessary data, and performs various processes using them, and particularly as closely related to the present invention, It includes a presetting unit 12a, a determination control unit 12b, a monitoring control unit 12c, a setting control unit 12d, a determination unit 12e, a notification unit 12f, and an update unit 12g.
  • the control unit 12 is an electronic circuit such as a CPU (Central Processing Unit) or MPU (Micro Processing Unit) or an integrated circuit such as an ASIC (Application Specific Integrated Circuit) or FPGA (Field Programmable Gate Array).
  • the pre-setting unit 12a is a function that the SDN controller 30 has, and the determination control unit 12b, the monitoring control unit 12c, and the setting control unit 12d are functions that the VNF 10 has, the determination unit 12e, the notification unit 12f, and It is assumed that the updating unit 12g has a function that the EtherOAM controller 20 has.
  • the pre-setting unit 12a issues a virtual MAC address of the VNF 10 corresponding to the monitoring target access device 60, and sends the virtual MAC address to the monitoring target access device 60 in the EtherOAM frame. While being set as a transmission destination MAC address, the issued virtual MAC address is set in the virtual MAC management table storage unit 13a.
  • FIG. 4 is a diagram for explaining an example of a virtual MAC address pre-setting process.
  • VNF 10 and the monitoring target access device 60 are in a one-to-one relationship will be described as an example.
  • the present invention is not limited to this example.
  • a plurality of access devices 60 may be monitored.
  • the SDN controller 30 issues an arbitrary virtual MAC address as an EtherOAM transmission destination MAC address to the monitored access devices 60A and 60B, and uses the virtual MAC address as the MEG ID, MEP ID, and VLAN ID. And set in the access devices 60A and 60B. Note that when the virtual MAC address is paid out, it is necessary to satisfy the above-described uniqueness constraint.
  • the SDN controller 30 sets the virtual MAC “XX: XX: XX: XX: XX: X1” as the EtherOAM transmission destination MAC address for the monitoring target access device 60A.
  • MEG ID “MEG10”, MEP ID “100”, and VLAN ID “10” are set.
  • the SDN controller 30 sets the virtual MAC “XX: XX: XX: XX: X2” as the EtherOAM transmission destination MAC address for the monitoring target access device 60B, and the MEG ID “MEG20”. Set MEP ID “200” and VLAN ID “20”.
  • the SDN controller 30 acquires the MAC address of the access device 60, and issues the virtual MAC address issued to the EtherOAM controller 20 together with the configuration information (MEG ID, MEP ID, MAC address, VLAN ID) of the access device 60.
  • the EtherOAM controller 20 stores the issued virtual MAC address, the MAC address of the access device, and the VLAN ID in a virtual MAC management table having “MEG ID” and “MEP ID” as composite main keys. 4, for example, the EtherOAM controller 20 includes the MEG ID “MEG10”, the MEP ID “100”, the virtual MAC “XX: XX: XX: XX: X1”, and configuration information.
  • the EtherOAM controller 20 determines which VNF 10 is responsible for monitoring the registered access devices 60A and 60B, and notifies the VNF 10 of the corresponding record in the virtual MAC management table. Then, the VNF 10 monitors the designated access device 60 based on the record notified from the EtherOAM controller 20. For example, in the EtherOAM controller 20, the MEG ID “MEG10”, the MEP ID “100”, and the virtual MAC “XX: XX: XX: XX: X1” are associated with each other.
  • the determination control unit 12b determines whether the destination MAC address of the EtherOAM frame matches any of the virtual MAC addresses of the own VNF 10. Each VNF 10 for which the destination MAC address and the virtual MAC address do not match is controlled to discard the EtherOAM frame.
  • the monitoring control unit 12c performs control so that the communication of the monitoring target access device 60 is monitored based on the information included in the EtherOAM frame for the VNF 10 whose transmission destination MAC address and virtual MAC address match. Specifically, the monitoring control unit 12c controls the VNF 10 whose transmission destination MAC address and virtual MAC address match to acquire information from the EtherOAM frame and update the status of the monitoring target access device 60. .
  • FIG. 5 is a diagram for explaining an example of an EtherOAM frame reception process.
  • the access device 60A transmits an EtherOAM frame with the virtual MAC address “XX: XX: XX: XX: X1” as a transmission destination.
  • the interface is set to the promiscuous mode. As a result, all the VNFs 10A to 10C in the same physical host receive the EtherOAM frame.
  • the EtherOAM frame received by each VNF 10A to 10C is drawn into the application through the socket.
  • the EtherOAM application of each VNF 10A to 10C searches the virtual MAC management table using the transmission destination MAC address as a key. Then, the EtherOAM application discards the EtherOAM frame if the record does not exist as a result of the search, that is, if it is not the EtherOAM frame from the monitoring target for the self-VNF 10.
  • the EtherOAM application also monitors the monitoring target access device 60 based on the information included in the EtherOAM frame when there is a record as a result of the search, that is, when the local VNF 10 is an EtherOAM frame from the monitoring target. As a process, the status of the access device 60 is updated.
  • the virtual MAC management table of VNF 10A is associated with MEG ID “MEG10”, MEP ID “100”, and virtual MAC “XX: XX: XX: XX: X1”. Records are stored.
  • the virtual MAC management table of the VNF 10B stores a record in which the MEG ID “MEG20”, the MEP ID “200”, and the virtual MAC “XX: XX: XX: XX: X2” are associated with each other. .
  • the VNF 10A has a record of the virtual MAC “XX: XX: XX: XX: XX: X1” that matches the destination MAC address “XX: XX: XX: XX: X1”. Is received and monitoring processing is performed. Further, the VNF 10B and the VNF 10C discard the EtherOAM frame because there is no record that matches the transmission destination MAC address “XX: XX: XX: XX: X1”.
  • the setting control unit 12d acquires the virtual MAC address of the VNF 10 corresponding to the destination access device 60 from the virtual MAC management table storage unit 13a. Control is performed so that the acquired virtual MAC address is set as the source MAC address.
  • FIG. 6 is a diagram for explaining an example of an EtherOAM frame transmission process.
  • the VNF 10A sequentially acquires records to be monitored from the virtual MAC management table, transmits the virtual MAC address “XX: XX: XX: XX: X1”, and the MAC address of the access device 60A.
  • the EtherOAM frame is transmitted with “YY: YY: YY: YY: YY: Y1” as a transmission destination.
  • the VNFs 10B and 10C other than the VNF 10A that transmitted the EtherOAM frame receive the EtherOAM frame because the interface is set to the promiscuous mode.
  • this frame since the EtherOAM frame that does not match the virtual MAC management table is discarded, this frame does not affect the status change.
  • the determination unit 12e determines an access apparatus 60 to be monitored by the new VNF 10 among the monitored access apparatuses 60 managed by the already operating VNF 10. . That is, when the VNF 10 is scaled out and the number of VNF instances is increased, the determination unit 12e determines a monitoring target to be delegated from the operating VNF 10 to the new VNF 10.
  • the determination unit 12 e creates a new one of the monitored access devices 60 managed by the already operating VNF 10.
  • the access device 60 to be monitored by the VNF 10 is determined. That is, even when the determination unit 12e scales out to another physical host, the determination unit 12e determines a monitoring target to be delegated from the operating VNF 10 to the new VNF 10 of another physical host.
  • the notification unit 12f notifies another VNF 10 to register the virtual MAC address corresponding to the monitored access device 60 to be monitored by the new VNF 10 determined by the determination unit 12e as the virtual MAC address of the new VNF 10. .
  • the notification unit 12f is not only generated on a different physical host, but also when a new VNF is generated on the same physical host, the monitored access device 60 to be monitored by the new VNF 10. Is notified to another VNF 10 so as to be registered as a virtual MAC address of the new VNF 10.
  • the update unit 12g updates the virtual MAC management table storage unit 13a so as to change the virtual MAC address corresponding to the monitored access device 60 to be monitored by the new VNF 10 to the virtual MAC address notified by the notification unit 12f. .
  • FIG. 7 is a diagram for explaining an example of processing when scale-out is performed on the same physical host.
  • FIG. 8 is a diagram for explaining an example of processing when performing scale-out to another physical host.
  • the EtherOAM controller 20 determines a monitoring target to be delegated from the operating VNF 10A to the new VNF 10D.
  • the EtherOAM controller 20 has determined the access device 60A as a monitoring target to be delegated from the operating VNF 10A to the new VNF 10D.
  • the record of the target access device 60A is discarded from the virtual MAC management table of the delegation source VNF 10A, and the record of the access device 60A is added to the virtual MAC management table of the new VNF 10D.
  • the record of the access device 60A is, as illustrated in FIG. 7, MEG ID “MEG10”, MEP ID “100”, and virtual MAC “XX: XX: XX: XX: X1”. Is a record associated with. In this way, the VNF instance to be monitored is changed by delegation, but even in this case, the MAC address of the transmission / reception frame does not change and does not affect the monitoring.
  • the EtherOAM controller 20 controls the determination of the monitoring target to be delegated at the time of the scale-out execution and the update of the virtual MAC management table
  • the VNF 10 delegates
  • the monitoring target may be determined, or the virtual MAC management table may be updated by performing communication between the VNFs 10.
  • the EtherOAM controller 20 determines the monitoring target access device 60B to be delegated from the operating VNF 10B to the new VNF 10E, the virtual MAC address “XX: XX: XX: XX: XX” corresponding to the monitoring target access device 60B. "X2" is notified to another physical host so as to be changed as the virtual MAC address of the new VNF 10E.
  • the scale-out destination VNF 10E transmits the EtherOAM frame, thereby learning the MAC learning table of the L2 switch 80A on the path. As a result, the frame reaches only the destination physical host, and the processing load can be distributed.
  • a virtual MAC address is prepared for each monitoring target, and the virtual MAC address for the monitoring target device is used instead of the MAC address dynamically assigned when the VM instance is generated. Is used to transmit and receive frames between the VNF 10 and the access device 60.
  • Each VNF 10 has a virtual MAC management table and uses a different MAC address for each opposing device.
  • FIG. 9 is a diagram illustrating an outline of processing for transmitting and receiving a frame using a virtual MAC address set for each monitoring target device.
  • the VNF 10B uses “XX: XX: XX: XX: 10”, “XX: XX: XX: XX: 11” as virtual MAC addresses for each monitoring target. It has a virtual MAC management table in which “XX: XX: XX: XX: XX” is defined.
  • the monitoring system 1 when there are 1000 access devices 60 monitored by one VNF 10, the virtual MAC addresses for every 1000 opposing devices are used.
  • the VNF 10 updates a record in the virtual MAC management table and transmits / receives a frame using the virtual MAC address in the destination VNF 10.
  • the virtual MAC management table of the VNF 10B The record is discarded and the record of the access device 60 is added to the virtual MAC management table of the new VNF 10E.
  • the record of the access device 60 includes the MEG ID “MEG10”, the MEP ID “100”, and the virtual MAC “XX: XX: XX: XX: 10”. Is a record associated with.
  • FIG. 10 is a sequence diagram illustrating an example of the flow of the pre-setting process in the monitoring system according to the first embodiment.
  • the SDN controller 30 issues an arbitrary virtual MAC address as the EtherOAM transmission destination MAC address to the monitored access device 60 (step S101), and the virtual MAC address is assigned to the MEG ID, MEP ID, The access device 60 is notified together with the VLAN ID (step S102). When paying out the virtual MAC address, it is necessary to avoid duplication within the same L2 segment. Then, when receiving the virtual MAC address, the access device 60 sets the received virtual MAC address as the EtherOAM transmission destination MAC address (step S103).
  • the SDN controller 30 acquires the MAC address of the access device 60 (step S104). Then, the SDN controller 30 notifies the EtherOAM controller 20 of the issued virtual MAC address together with the configuration information (MEG ID, MEP ID, MAC address, VLAN ID) of the access device 60 (step S105). The EtherOAM controller 20 stores the issued virtual MAC address in the virtual MAC management table using the configuration information of the access device 60 as a composite key (step S106). The EtherOAM controller 20 determines a VNF in charge of monitoring the registered access device 60 from among the VNFs 10A to 10C (step S107). Here, for example, it is assumed that the VNF 10A is in charge of monitoring the access device 60.
  • the EtherOAM controller 20 notifies the virtual MAC address corresponding to the monitored access device 60 to the VNF 10A (step S108). Then, the VNF 10A sets the virtual MAC address notified from the EtherOAM controller 20 in the virtual MAC management table (step S109).
  • FIG. 11 is a flowchart illustrating an example of a flow of reception processing in the VNF according to the first embodiment.
  • FIG. 12 is a flowchart illustrating an example of a flow of transmission processing in the VNF according to the first embodiment.
  • Step S201 when the VNF 10 receives a frame (Yes at Step S201), the VNF 10 searches the virtual MAC management table using the transmission destination MAC address as a key (Step S202).
  • step S203 If the record is found as a result of the search (Yes in step S203), that is, if the VNF 10 is a frame from the monitoring target for the own VNF, the monitoring target access device is based on the information included in the EtherOAM frame. A monitoring process for 60 is performed (step S204).
  • the VNF 10 discards the EtherOAM frame (Step S205).
  • the VNF 10 acquires a record of the monitored access device 60 from the virtual MAC management table (step S301).
  • the VNF 10 refers to the acquired record, sets the virtual MAC address as the transmission source, sets the MAC address of the access device 60 as the transmission destination in the EtherOAM frame (step S302), and transmits the EtherOAM frame (step S303).
  • the information processing apparatus 100 in the monitoring system 1 includes a virtual MAC management table storage unit 13a that stores the virtual MAC address of each VNF 10 set for each access device 60 managed by each VNF 10. Then, when each VNF 10 receives a frame transmitted from the access device 60, the information processing apparatus 100 causes each VNF 10 to determine whether or not the transmission destination MAC address of the frame matches the virtual MAC address of the own VNF 10, For the VNF 10 whose destination MAC address and virtual MAC address do not match, control is performed so that the frame is discarded. Further, the information processing apparatus 100 controls the VNF 10 whose transmission destination MAC address and virtual MAC address match to monitor communication of the access apparatus 60 based on information included in the frame.
  • the information processing device 100 acquires the virtual MAC address of the VNF 10 corresponding to the access device 60 that is the transmission destination from the virtual MAC management table storage unit 13a and acquires the virtual MAC address. Control is performed so that the virtual MAC address thus set is set as the source MAC address.
  • a virtual MAC address is prepared in advance for each monitoring target access device 60 and a virtual MAC management table that holds the virtual MAC address is used. It is possible to easily perform monitoring processing without reducing the operation cost, without using the MAC address assigned to.
  • the virtual MAC address is taken over, so that it is not necessary to track the MAC address of the destination VNF.
  • the conventional method in which the MAC address dynamically assigned to the VNF is used it is necessary to track the MAC address of the destination VNF.
  • the EtherOAM transmission destination MAC address is changed from the MAC address (A) of VNF 110 ⁇ / b> B to VNF 110 ⁇ / b> D. It is necessary to notify the change to the MAC address (B).
  • the MAC address (A) is the MAC address of the VNF 110B that is dynamically assigned when the VNF 110B is generated
  • the MAC address (B) is the MAC address of the VNF 110D that is dynamically assigned when the VNF 110D is generated. is there.
  • the frame reaches only the necessary VIM physical host, and load distribution among the VIM physical hosts becomes possible.
  • the monitoring system 1 according to the first embodiment by using a different unicast address for each monitoring target, it is possible to appropriately perform the MAC with the L2 switch on the path even if the physical host is straddled while maintaining the same virtual MAC address. Learning will be implemented, and it will be possible to move across physical hosts.
  • a multicast address if a multicast address is used, it reaches all the physical hosts of the VIM, not the MAC learning target. For this reason, a load of kernel domain processing such as NIC I / O load or L2 forwarding in a virtual bridge occurs in all the physical hosts constituting the VIM, and the processing load cannot be distributed.
  • the monitoring system 1 according to the first embodiment since a different unicast address is used for each VNF 10, the frame reaches only the necessary VIM physical host, and load distribution among the VIM physical hosts is reduced. It becomes possible.
  • a unicast address is used as a common virtual MAC address across multiple VIM physical hosts
  • EtherOAM with the same MAC address as the source arrives from multiple VIM physical hosts. Can't learn MAC properly.
  • the monitoring system 1 according to the first embodiment uses a different unicast address for each monitoring target, the L2 switch on the path is appropriate even if the physical host is straddled while maintaining the same virtual MAC address. MAC learning is now performed, and movement across physical hosts becomes possible.
  • the monitoring system 1 instead of performing monitoring target determination using the MEG ID or MEP ID in the CCM header, based on the destination MAC address using the virtual MAC management table. Judge whether or not to be monitored. As a result, it is possible to perform the monitoring target determination only by decoding the Ether frame, and the user domain processing load can be reduced.
  • the VNF extracts the MEG ID and MEP ID in the header to determine whether or not the received EtherOAM frame is a monitoring target, and transmits using the MEG ID and MEP ID.
  • the original solution was performed.
  • the VNF 10 does not extract the MEG ID or MEP ID from the CCM header, and creates a virtual MAC management table based on the destination MAC address of the Ether header. Since it can be used to determine whether or not it is a monitoring target, the load can be reduced.
  • the A process illustrated in FIG. 14 is a process that occurs in common to all VNFs that reach the Ether frame, and the B process is a process that occurs only for VNFs in charge of monitoring.
  • the B process since the load is distributed in units of VNF, a high load distribution effect can be expected. Since the A process occurs in all the VNFs on the same physical host, the load can be distributed only in units of physical hosts constituting the VIM, and the effect is low compared to the B process.
  • processing performed in the user domain has lower processing performance than processing in a kernel domain that is optimized for processing in the kernel or hypervisor. For this reason, it is possible to effectively reduce the load by minimizing the user domain process of the A process having a low load distribution effect.
  • the VNF 10A that transmitted the EtherOAM frame receives the EtherOAM frame from the other VNFs 10B and 10C, so that the number of receptions increases and there is a concern about an increase in NIC load. Since the load on the user domain processing is reduced, the overall load can be reduced as a result.
  • the monitoring system 1 it is possible to realize scale-in / out of VNF using only the functions of standard VIM and VNFM products such as OpenStack, and no additional function is required. Become.
  • each component of each illustrated apparatus is functionally conceptual, and does not necessarily need to be physically configured as illustrated.
  • the specific form of distribution / integration of each device is not limited to that shown in the figure, and all or a part thereof may be functionally or physically distributed or arbitrarily distributed in arbitrary units according to various loads or usage conditions. Can be integrated and configured.
  • all or any part of each processing function performed in each device may be realized by a CPU and a program analyzed and executed by the CPU, or may be realized as hardware by wired logic.
  • program It is also possible to create a program in which the processing executed by the information processing apparatus described in the above embodiment is described in a language that can be executed by a computer.
  • a monitoring program in which processing executed by the information processing apparatus 100 according to the embodiment is described in a language that can be executed by a computer can be created.
  • the computer executes the monitoring program, the same effect as in the above embodiment can be obtained.
  • the monitoring program may be recorded on a computer-readable recording medium, and the monitoring program recorded on the recording medium may be read by the computer and executed to execute the same processing as in the above embodiment.
  • FIG. 15 is a diagram illustrating a computer that executes a monitoring program.
  • the computer 1000 includes, for example, a memory 1010, a CPU 1020, a hard disk drive interface 1030, a disk drive interface 1040, a serial port interface 1050, a video adapter 1060, and a network interface 1070. These units are connected by a bus 1080.
  • the memory 1010 includes a ROM (Read Only Memory) 1011 and a RAM 1012 as illustrated in FIG.
  • the ROM 1011 stores a boot program such as BIOS (Basic Input Output System).
  • BIOS Basic Input Output System
  • the hard disk drive interface 1030 is connected to the hard disk drive 1090 as illustrated in FIG.
  • the disk drive interface 1040 is connected to the disk drive 1100 as illustrated in FIG.
  • a removable storage medium such as a magnetic disk or an optical disk is inserted into the disk drive 1100.
  • the serial port interface 1050 is connected to, for example, a mouse 1110 and a keyboard 1120 as illustrated in FIG.
  • the video adapter 1060 is connected to a display 1130, for example, as illustrated in FIG.
  • the hard disk drive 1090 stores, for example, an OS 1091, an application program 1092, a program module 1093, and program data 1094. That is, the above monitoring program is stored in, for example, the hard disk drive 1090 as a program module in which a command to be executed by the computer 1000 is described.
  • various data described in the above embodiment is stored as program data in, for example, the memory 1010 or the hard disk drive 1090.
  • the CPU 1020 reads the program module 1093 and the program data 1094 stored in the memory 1010 and the hard disk drive 1090 to the RAM 1012 as necessary, and executes various processing procedures.
  • program module 1093 and the program data 1094 related to the monitoring program are not limited to being stored in the hard disk drive 1090, but may be stored in, for example, a removable storage medium and read out by the CPU 1020 via the disk drive or the like. Good.
  • the program module 1093 and the program data 1094 related to the monitoring program are stored in another computer connected via a network (LAN (Local Area Network), WAN (Wide Area Network), etc.), and via the network interface 1070. May be read by the CPU 1020.
  • LAN Local Area Network
  • WAN Wide Area Network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

An information processing device (100) includes a virtual MAC management table storage unit (13a) which stores virtual MAC addresses of VNFs (10) set for respective access devices (60) managed by the VNFs (10). When the VNFs (10) each receive a frame, the information processing device (100) causes each of the VNFs (10) to determine whether the transmission destination MAC address of said frame matches any of the virtual MAC addresses of the VNF (10), and performs control to cause a VNF (10) having no virtual MAC address that matches the transmission destination MAC address to discard the frame. Furthermore, the information processing device (100) performs control to cause a VNF (10) having a virtual MAC address that matches the transmission destination MAC address to monitor communication of the corresponding access device (60) on the basis of information included in the frame.

Description

監視システム、監視方法、情報処理装置および監視プログラムMonitoring system, monitoring method, information processing apparatus, and monitoring program
 本発明は、監視システム、監視方法、情報処理装置および監視プログラムに関する。 The present invention relates to a monitoring system, a monitoring method, an information processing apparatus, and a monitoring program.
 従来、専用線などの品質保証型のキャリア伝送ネットワークサービスでは、EtherOAMによる品質測定および監視が実施されている。EtherOAMは、L2レイヤのネットワークおよびサービスを運用・維持管理するために使用される技術標準である。ITU-T勧告では、Y.1731、IEEEでは、802.1agとして標準化がなされている。EtherOAMでは、監視対象のエンドポイント機器をMEP(Maintenance Entity Group End Point)と呼び、標準にて定義されているCCM(Continuity Check Message)フレームを用いた定常監視、LMM(Loss Measurement Message)フレームを用いたロス測定、DMM(Delay Measurement Message)フレームを用いた遅延測定などを、L2レイヤで実施することができる。 Conventionally, in quality assurance type carrier transmission network services such as dedicated lines, quality measurement and monitoring by EtherOAM has been performed. EtherOAM is a technical standard used to operate and maintain L2 layer networks and services. In the ITU-T recommendation, Y. In 1731, IEEE is standardized as 802.1ag. In EtherOAM, the endpoint device to be monitored is called MEP (Maintenance Entity Group End Point) and uses the standard monitoring CCM (Continuity Check Message) frame and the LMM (Loss Measurement Message) frame. Loss measurement, delay measurement using a DMM (Delay Measurement Message) frame, and the like can be performed in the L2 layer.
 近年、ネットワーク技術をソフトウェアで実装してコモディティ化した汎用ハード上で機能実現するNFV(Network Function Virtualization)の機運が上位レイヤを中心に高まっており、伝送ネットワークにおいても今後流れが加速すると想定される。NFVを用いて柔軟なネットワーク設計を低コストに実現できるように、専用ハードで提供されていた機能をソフトウェアで再実装したVNF(Virtual Network Function)製品やWhiteboxといった製品が多く市場に送り出されている。 In recent years, NFV (Network Function Virtualization), which implements functions on general-purpose hardware that is implemented with software by implementing network technology in software, has been growing mainly in higher layers, and it is expected that the flow will also accelerate in the future in transmission networks. . Many products such as VNF (Virtual Network Function) products and Whiteboxes, which have been re-implemented with software, have been provided with dedicated hardware so that flexible network design can be realized at low cost using NFV. .
 NFV/VNF化の流れは、ネットワークをより柔軟に設計したいというユーザのニーズ主導で進められており、上位レイヤから徐々にVNF製品がリリースされL3以上では多くの機能のNFV/VNF化が実現されている。しかしながら、L2機能のNFV/VNF化については、IPを用いた制御ができない点、高い性能要件が求められる点などから、未だ発展途上である。 The flow of NFV / VNF is being driven by the needs of users who want to design networks more flexibly. VNF products are gradually released from higher layers, and NFV / VNF of many functions are realized in L3 and above. ing. However, the NFV / VNF conversion of the L2 function is still under development because it cannot be controlled using IP, and high performance requirements are required.
 また、現在伝送ネットワーク業界では、統合伝送装置に組み込まれた各光デバイス・モジュールを分離し、それぞれの機能のみを実現したピザボックスタイプの装置を組み合わせることで機能実現するdis-aggregation NWが盛んに検討されている。All-in-oneタイプだった光伝送装置をL2スイッチ、トランスポンダ、光スイッチ、光アンプなどの機能部に分けることで、装置調達と設備設計の柔軟性を向上することが目的である。 In addition, in the current transmission network industry, dis-aggregation NW that realizes functions by separating each optical device module installed in an integrated transmission device and combining pizza box type devices that realize only the respective functions is prosperous. It is being considered. The purpose is to improve the flexibility of equipment procurement and equipment design by dividing all-in-one type optical transmission equipment into functional parts such as L2 switches, transponders, optical switches, and optical amplifiers.
 dis-aggregation NWでは、分離された機能モジュールを自由に調達・構築することで安価に機能実現できる代わりに、統合伝送装置では標準的に具備されていたEtherOAM機能を別途手配し構築しなければならない。キャリア向けの統合伝送装置であれば、収容可能な対向端末をEtherOAMで監視する機能は具備されていることが多く、装置導入と同時に監視機能が利用できる。dis-aggregationされた機能モジュールを用いて伝送機能を実現する場合、監視専用のアプライアンス機器を別途手配するか、ソフトウェアで実装しVNFを用いてEtherOAM機能を実現するなど、機能追加対応が別途必要となる。 In dis-aggregation NW, instead of being able to realize functions at low cost by freely procuring and constructing separated function modules, it is necessary to separately arrange and construct the EtherOAM function that is standard in integrated transmission equipment. . In the case of an integrated transmission device for a carrier, a function for monitoring an opposing terminal that can be accommodated by EtherOAM is often provided, and the monitoring function can be used simultaneously with the introduction of the device. When using the dis-aggregated function module to implement the transmission function, additional function support is required, such as separately arranging a dedicated appliance device for monitoring, or implementing the EtherOAM function using software and VNF. Become.
 キャリア伝送ネットワークに別途EtherOAMの機能を具備する場合、監視対象が多く性能要件が厳しいため、スケールアウトを考慮した設計にする必要がある。キャリア伝送ネットワークでは収容している全アクセス装置を監視しなければならないことから、監視対象装置数が一般的なL2ネットワークよりも多い。監視対象が増加したスケールアウトが必要な場合、物理装置を増やして手動で構築・設定することも可能だが、運用コストを考慮するとNFV/VNF技術を活用して自動でスケールアウトすることが望ましい。 If the carrier transmission network has a separate EtherOAM function, it must be designed in consideration of scale-out because there are many monitoring targets and performance requirements are severe. Since all access devices accommodated in the carrier transmission network must be monitored, the number of devices to be monitored is larger than that of a general L2 network. If scale-out with an increased number of monitoring targets is required, it is possible to manually construct and set up more physical devices. However, considering operation costs, it is desirable to automatically scale out using NFV / VNF technology.
 NFV/VNF技術を活用してEtherOAM機能を実現する場合、VNFの動作・管理基盤としてOpenStackなどのVIM(Virtual Infrastructure Management)技術を採用することが有効である。OpenStack環境でVNFのライフサイクル管理を行う際のリファレンスモデルとして、ETSIのNFV MANO(Management and Orchestration)が広く知られており、VNFのスケールアウト・イン、およびライフサイクル管理については、市中製品を利活用する観点からも前記モデルに従うことが望ましい。 When implementing the EtherOAM function using NFV / VNF technology, it is effective to adopt VIM (Virtual Infrastructure Management) technology such as OpenStack as the operation and management infrastructure of VNF. ETSI's NFV MANO (Management and Orchestration) is widely known as a reference model for VNF lifecycle management in the OpenStack environment, and commercial products are available for VNF scale-out and lifecycle management. It is desirable to follow the model from the viewpoint of utilization.
 EtherOAMを用いて監視対象装置の監視を行う場合、監視対象装置および監視用VNFがそれぞれ非同期にCCMフレームを送出し、対向からのCCMフレームの到達によって対向との相互接続正常性を確認する。ここで、例えば、ユニキャストモードを使用してCCM定常監視を行う場合には、監視対象装置および監視用VNFに対し各々のフレーム送信先のMACアドレスを設定する必要がある。このため、EtherOAM機能をVNF化する場合には、VNFに動的に割り当てられるMACアドレスを監視対象装置のフレーム送信先として設定する。 When monitoring a monitoring target device using EtherOAM, the monitoring target device and the monitoring VNF each asynchronously send out a CCM frame, and confirm the normality of interconnection with the opposite side by arrival of the CCM frame from the opposite side. Here, for example, when CCM regular monitoring is performed using the unicast mode, it is necessary to set the MAC address of each frame transmission destination for the monitoring target device and the monitoring VNF. Therefore, when the EtherOAM function is converted to VNF, the MAC address dynamically assigned to VNF is set as the frame transmission destination of the monitoring target device.
特開2012-015607号公報JP 2012-015607 A
 上述したように、従来のEtherOAMの手法では、VNFに動的に割り当てられるMACアドレスを監視対象装置のフレーム送信先として設定するので、簡易に監視対象装置の監視を行うことができなかったという課題があった。 As described above, in the conventional EtherOAM method, the MAC address dynamically assigned to the VNF is set as the frame transmission destination of the monitoring target device, so that the monitoring target device cannot be easily monitored. was there.
 例えば、OpenStackを用いて監視用VNFインスタンスを生成した際に、当該VNFのMACアドレスにはOpenStackでプールされているMACアドレス帯から任意の値が自動的にアサインされる。このため、VNF生成前に事前にアクセス装置にCCM送信先MACアドレスを指定しておくことは不可能であり、VNF生成後に自動生成されたMACアドレスをフレーム送信先として設定する必要がある。また、複数VNFインスタンスを利用する場合各VNFが異なるMACアドレスを持つため、スケールアウトなどにより監視対象装置の監視を行うVNFが切り替わるたびに監視対象装置のフレーム送信先を変える必要がある。これらのオペレーションコストがかかり、簡易に監視処理を行うことができなかった。 For example, when a monitoring VNF instance is generated using OpenStack, an arbitrary value is automatically assigned to the MAC address of the VNF from the MAC address band pooled in OpenStack. For this reason, it is impossible to specify the CCM transmission destination MAC address in advance in the access device before generating the VNF, and it is necessary to set the MAC address automatically generated after the VNF generation as the frame transmission destination. Further, when using a plurality of VNF instances, since each VNF has a different MAC address, it is necessary to change the frame transmission destination of the monitoring target device every time the VNF for monitoring the monitoring target device is switched due to scale-out or the like. These operation costs are incurred, and the monitoring process cannot be easily performed.
 なお、動的に設定されるMACアドレスではなく静的なアドレスを使用するために、一般的には、あらかじめ決められた静的なMACアドレスを各VNFにおいて共通的に使用する手法が用いられる。この方法は、動的なMACアドレスを追跡するオペレーションコストを削減することはできるが、全VNFにフレームが到達し負荷分散できない課題、および監視対象装置および監視VNFの通信経路上にMAC学習を行うL2スイッチがある場合、送信元MACアドレスが同一のフレームが複数経路から到達することで正しくMAC学習ができない課題、などが生じる。 Note that, in order to use a static address instead of a dynamically set MAC address, generally, a technique of commonly using a predetermined static MAC address in each VNF is used. Although this method can reduce the operation cost of tracking dynamic MAC addresses, MAC learning is performed on the communication path of the monitoring target device and the monitoring VNF, and the problem that the frame reaches all the VNFs and the load cannot be distributed. When there is an L2 switch, there is a problem that MAC learning cannot be performed correctly because frames having the same source MAC address arrive from a plurality of paths.
 上述した課題を解決し、目的を達成するために、本発明の監視システムは、複数のVNFを動作させる情報処理装置を有する監視システムであって、前記情報処理装置は、各VNFが管理する監視対象装置ごとにそれぞれ設定された自VNFの仮想MACアドレスを記憶する記憶部と、前記各VNFが前記監視対象装置から送信されたフレームを受信した場合に、該フレームの送信先MACアドレスが自VNFの仮想MACアドレスのいずれかと一致するか各VNFにそれぞれ判定させ、前記送信先MACアドレスと前記仮想MACアドレスとが一致しないVNFについては、前記フレームを破棄させるように制御する判定制御部と、前記送信先MACアドレスと前記仮想MACアドレスとが一致するVNFについては、前記フレームに含まれる情報を基に前記監視対象装置の通信を監視させるように制御する監視制御部と、前記VNFが前記監視対象装置にフレームを送信する際には、前記記憶部から送信先の監視対象装置に対応するVNFの仮想MACアドレスを取得し、該取得した仮想MACアドレスを送信元MACアドレスに設定するように制御する設定制御部とを備えたことを特徴とする。 In order to solve the above-described problems and achieve the object, the monitoring system of the present invention is a monitoring system having an information processing device that operates a plurality of VNFs, and the information processing device is monitored by each VNF. A storage unit that stores the virtual MAC address of the own VNF set for each target device, and when each VNF receives a frame transmitted from the monitoring target device, the destination MAC address of the frame is the own VNF A determination control unit that controls each VNF to match each of the virtual MAC addresses, and controls to discard the frame for the VNFs that do not match the destination MAC address and the virtual MAC address; VNFs for which the destination MAC address matches the virtual MAC address are included in the frame. When the VNF transmits a frame to the monitoring target device, the monitoring control unit that controls the monitoring target device to monitor communication based on the information to be transmitted from the storage unit to the transmission destination monitoring target device And a setting control unit configured to acquire a virtual MAC address of a corresponding VNF and control the acquired virtual MAC address to be set as a transmission source MAC address.
 また、本発明の監視方法は、複数のVNFを動作させる情報処理装置によって実行される監視方法であって、前記情報処理装置は、各VNFが管理する監視対象装置ごとにそれぞれ設定された自VNFの仮想MACアドレスを記憶する記憶部を有し、前記各VNFが前記監視対象装置から送信されたフレームを受信した場合に、該フレームの送信先MACアドレスが自VNFの仮想MACアドレスのいずれかと一致するか各VNFにそれぞれ判定させ、前記送信先MACアドレスと前記仮想MACアドレスとが一致しないVNFについては、前記フレームを破棄させるように制御する判定制御工程と、前記送信先MACアドレスと前記仮想MACアドレスとが一致するVNFについては、前記フレームに含まれる情報を基に前記監視対象装置の通信を監視させるように制御する監視制御工程と、前記VNFが前記監視対象装置にフレームを送信する際には、前記記憶部から送信先の監視対象装置に対応するVNFの仮想MACアドレスを取得し、該取得した仮想MACアドレスを送信元MACアドレスに設定するように制御する設定制御工程とを含んだことを特徴とする。 The monitoring method of the present invention is a monitoring method executed by an information processing device that operates a plurality of VNFs, and the information processing device has its own VNF set for each monitoring target device managed by each VNF. Storage unit that stores the virtual MAC address of the VNF, when each VNF receives a frame transmitted from the monitored device, the destination MAC address of the frame matches one of the virtual MAC addresses of the own VNF A determination control step for controlling each VNF to discard the frame for the VNF in which the destination MAC address and the virtual MAC address do not match, and the destination MAC address and the virtual MAC For VNFs with matching addresses, the monitoring target device is based on information contained in the frame. When the VNF transmits a frame to the monitoring target device, the virtual MAC address of the VNF corresponding to the transmission destination monitoring target device is acquired from the storage unit when the VNF transmits a frame to the monitoring target device. And a setting control step for controlling to set the acquired virtual MAC address as the source MAC address.
 また、本発明の情報処理装置は、複数のVNFを動作させる情報処理装置であって、各VNFが管理する監視対象装置ごとにそれぞれ設定された自VNFの仮想MACアドレスを記憶する記憶部と、前記各VNFが前記監視対象装置から送信されたフレームを受信した場合に、該フレームの送信先MACアドレスが自VNFの仮想MACアドレスのいずれかと一致するか各VNFにそれぞれ判定させ、前記送信先MACアドレスと前記仮想MACアドレスとが一致しないVNFについては、前記フレームを破棄させるように制御する判定制御部と、前記送信先MACアドレスと前記仮想MACアドレスとが一致するVNFについては、前記フレームに含まれる情報を基に前記監視対象装置の通信を監視させるように制御する監視制御部と、前記VNFが前記監視対象装置にフレームを送信する際には、前記記憶部から送信先の監視対象装置に対応するVNFの仮想MACアドレスを取得し、該取得した仮想MACアドレスを送信元MACアドレスに設定するように制御する設定制御部とを備えたことを特徴とする。 The information processing apparatus of the present invention is an information processing apparatus that operates a plurality of VNFs, and stores a virtual MAC address of the own VNF set for each monitoring target apparatus managed by each VNF, and When each VNF receives a frame transmitted from the monitored device, each VNF determines whether the destination MAC address of the frame matches one of the virtual MAC addresses of its own VNF, and the destination MAC A VNF in which the address and the virtual MAC address do not match is included in the frame, and a determination control unit that controls to discard the frame and a VNF in which the destination MAC address and the virtual MAC address match are included in the frame A monitoring control unit that controls to monitor communication of the monitoring target device based on the information to be monitored; When the VNF transmits a frame to the monitoring target device, the virtual MAC address of the VNF corresponding to the monitoring target device of the transmission destination is acquired from the storage unit, and the acquired virtual MAC address is set as the transmission source MAC address. And a setting control unit that controls the setting.
 本発明によれば、オペレーションコストを低減して簡易に監視処理を行うことができるという効果を奏する。 According to the present invention, there is an effect that the monitoring process can be easily performed while reducing the operation cost.
図1は、第1の実施形態に係る監視システムの全体構成を示す概略図である。FIG. 1 is a schematic diagram illustrating the overall configuration of the monitoring system according to the first embodiment. 図2は、第1の実施形態に係る情報処理装置の構成例を示すブロック図である。FIG. 2 is a block diagram illustrating a configuration example of the information processing apparatus according to the first embodiment. 図3は、仮想MAC管理テーブル記憶部が記憶するテーブルの一例を示す図である。FIG. 3 is a diagram illustrating an example of a table stored in the virtual MAC management table storage unit. 図4は、仮想MACアドレスの事前設定処理の一例を説明する図である。FIG. 4 is a diagram for explaining an example of a virtual MAC address pre-setting process. 図5は、EtherOAMフレームの受信処理の一例を説明する図である。FIG. 5 is a diagram for explaining an example of an EtherOAM frame reception process. 図6は、EtherOAMフレームの送信処理の一例を説明する図である。FIG. 6 is a diagram for explaining an example of an EtherOAM frame transmission process. 図7は、同一物理ホスト上でのスケールアウト実施時の処理の一例を説明する図である。FIG. 7 is a diagram for explaining an example of processing when scale-out is performed on the same physical host. 図8は、別物理ホストへのスケールアウト実施時の処理の一例を説明する図である。FIG. 8 is a diagram for explaining an example of processing when performing scale-out to another physical host. 図9は、監視対象装置ごとに設定された仮想MACアドレスを用いてフレームの送受信を行う処理の概要を説明する図である。FIG. 9 is a diagram illustrating an outline of processing for transmitting and receiving a frame using a virtual MAC address set for each monitoring target device. 図10は、第1の実施形態に係る監視システムにおける事前設定処理の流れの一例を示すシーケンス図である。FIG. 10 is a sequence diagram illustrating an example of the flow of the pre-setting process in the monitoring system according to the first embodiment. 図11は、第1の実施形態に係るVNFにおける受信処理の流れの一例を示すフローチャートである。FIG. 11 is a flowchart illustrating an example of a flow of reception processing in the VNF according to the first embodiment. 図12は、第1の実施形態に係るVNFにおける送信処理の流れの一例を示すフローチャートである。FIG. 12 is a flowchart illustrating an example of a flow of transmission processing in the VNF according to the first embodiment. 図13は、従来方式の課題を説明する図である。FIG. 13 is a diagram for explaining a problem of the conventional method. 図14は、従来方式の課題を説明する図である。FIG. 14 is a diagram for explaining a problem of the conventional method. 図15は、監視プログラムを実行するコンピュータを示す図である。FIG. 15 is a diagram illustrating a computer that executes a monitoring program.
 以下に、本願に係る監視システム、監視方法、情報処理装置および監視プログラムの実施の形態を図面に基づいて詳細に説明する。なお、この実施の形態により本願に係る監視システム、監視方法、情報処理装置および監視プログラムが限定されるものではない。 Hereinafter, embodiments of a monitoring system, a monitoring method, an information processing apparatus, and a monitoring program according to the present application will be described in detail with reference to the drawings. The embodiment does not limit the monitoring system, the monitoring method, the information processing apparatus, and the monitoring program according to the present application.
[第1の実施形態]
 以下の実施の形態では、第1の実施形態に係る監視システム1の構成、情報処理装置100の構成、監視システム1における処理の流れを順に説明し、最後に第1の実施形態による効果を説明する。 [First Embodiment]
In the following embodiments, the configuration of the monitoring system 1 according to the first embodiment, the configuration of the information processing apparatus 100, the processing flow in the monitoring system 1 will be described in order, and finally the effects of the first embodiment will be described. To do.
[監視システムの構成]
 図1は、第1の実施形態に係る監視システムの構成の一例を示す図である。第1の実施形態に係る監視システム1は、複数のVNF10A~10C、EtherOAMコントローラ20、SDN(Software-Defined Networking)コントローラ30、VNFM(Virtual Network Function Manager)40、VIM(Virtualized Infrastructure Manager)50、複数のアクセス装置60A、60Bを有する。 [Configuration of monitoring system]
FIG. 1 is a diagram illustrating an example of a configuration of a monitoring system according to the first embodiment. The monitoring system 1 according to the first embodiment includes a plurality of VNFs 10A to 10C, an EtherOAM controller 20, an SDN (Software-Defined Networking) controller 30, a VNFM (Virtual Network Function Manager) 40, a VIM (Virtualized Infrastructure Manager) 50, and a plurality. Access devices 60A and 60B.
 また、各VNF10A~10Cは、L2伝送ネットワーク70およびL2スイッチ80を介して、監視対象のアクセス装置60A、60Bと接続されている。なお、図1に示す構成は一例にすぎず、具体的な構成や各装置の数は特に限定されない。また、複数のVNF10A~10C、複数のアクセス装置60A、60Bについて、特に区別なく説明する場合には、VNF10、アクセス装置60と記載する。 The VNFs 10A to 10C are connected to the access devices 60A and 60B to be monitored via the L2 transmission network 70 and the L2 switch 80. The configuration illustrated in FIG. 1 is merely an example, and the specific configuration and the number of devices are not particularly limited. Further, when a plurality of VNFs 10A to 10C and a plurality of access devices 60A and 60B are described without distinction, they are referred to as VNF 10 and access device 60.
 VNF10A~10Cは、L2伝送ネットワーク70に接続され、L2伝送ネットワーク70およびL2スイッチ80を介してアクセス装置60との間でEtherOAMを送受信することで、監視を実現する。監視システム1では、EtherOAMの送信先MACアドレスとして対向のMACアドレスを指定して伝送するため、アクセス装置60と各アクセス装置を監視するVNF10はそれぞれL2レイヤで透過的に接続されている必要がある。ここで、図1の例を上げて説明すると、例えば、アクセス装置60Aは、アクセス装置60Aを監視するVNF10Aと透過的に接続されており、アクセス装置60Bは、アクセス装置60Bを監視するVNF10Bと透過的に接続されている。アクセス装置60Aとアクセス装置60Bの間は透過的に接続される必要はない。例えば、L2スイッチ80のVNF10と接続するポートをトランクポートにし複数VLAN収容可能にすることで、アクセス装置60間は別L2セグメントに分離しつつ、アクセス装置60と各アクセス装置を監視するVNF10は透過的に接続する。 The VNFs 10A to 10C are connected to the L2 transmission network 70, and realize monitoring by transmitting and receiving EtherOAM to and from the access device 60 via the L2 transmission network 70 and the L2 switch 80. In the monitoring system 1, since the opposite MAC address is designated as the transmission destination MAC address of EtherOAM for transmission, the access device 60 and the VNF 10 that monitors each access device must be transparently connected to each other in the L2 layer. . Here, to explain with reference to the example of FIG. 1, for example, the access device 60A is transparently connected to the VNF 10A that monitors the access device 60A, and the access device 60B is transparent to the VNF 10B that monitors the access device 60B. Connected. The access device 60A and the access device 60B need not be transparently connected. For example, by making a port connected to the VNF 10 of the L2 switch 80 a trunk port and accommodating a plurality of VLANs, the access devices 60 and the VNF 10 that monitors each access device are transparent while the access devices 60 are separated into different L2 segments. Connect.
 VNF10A~10Cは、OpenStackに代表されるVIM50上に仮想的に構築される。また、VNF10A~10Cのインスタンス生成・削除・スケールアウト・インなどのライフサイクル管理は、VNFM40によって制御される。VNF10A~10CにおけるEtherOAM関連設定情報の管理は、EtherOAMコントローラ20によって実施される。なお、ここでEtherOAM関連設定情報とは、例えば、監視対象のアクセス装置60A、60BのMEG ID、MEP ID、MACアドレス、VLANなどである。また、VNF10A~10Cおよびアクセス装置60A、60Bの両者に整合性の取れたプロビジョニングを実施する必要があり、上位のSDNコントローラ30によって実施される。 VNFs 10A to 10C are virtually constructed on the VIM 50 represented by OpenStack. Further, life cycle management such as instance creation / deletion / scale-out / in of the VNFs 10A to 10C is controlled by the VNFM 40. Management of the EtherOAM related setting information in the VNFs 10A to 10C is performed by the EtherOAM controller 20. Here, the EtherOAM related setting information is, for example, the MEG ID, MEP ID, MAC address, VLAN, etc. of the access devices 60A and 60B to be monitored. Further, it is necessary to perform consistent provisioning for both of the VNFs 10A to 10C and the access devices 60A and 60B, and this is performed by the upper SDN controller 30.
 ここで、図1では、EtherOAMコントローラ20、SDNコントローラ30、VNFM40、VIM50の各機能は、同一の物理マシンで実現してもよいし、別々の物理マシンで実現してもよい。以下の説明では、EtherOAMコントローラ20、SDNコントローラ30、VNFM40、VIM50が同一の物理マシンである情報処理装置100で実現しているものとして説明する。 Here, in FIG. 1, the functions of the EtherOAM controller 20, the SDN controller 30, the VNFM 40, and the VIM 50 may be realized by the same physical machine or may be realized by separate physical machines. In the following description, it is assumed that the EtherOAM controller 20, the SDN controller 30, the VNFM 40, and the VIM 50 are realized by the information processing apparatus 100 that is the same physical machine.
[情報処理装置の構成]
 次に、図2を用いて、情報処理装置100の構成を説明する。図2は、第1の実施形態に係る情報処理装置の構成例を示すブロック図である。図2に示すように、この情報処理装置100は、通信処理部11、制御部12および記憶部13を有する。以下に情報処理装置100が有する各部の処理を説明する。 [Configuration of information processing device]
Next, the configuration of the information processing apparatus 100 will be described with reference to FIG. FIG. 2 is a block diagram illustrating a configuration example of the information processing apparatus according to the first embodiment. As illustrated in FIG. 2, the information processing apparatus 100 includes a communication processing unit 11, a control unit 12, and a storage unit 13. Hereinafter, processing of each unit included in the information processing apparatus 100 will be described.
 通信処理部11は、各種情報に関する通信を制御する。例えば、通信処理部11は、伝送ネットワーク70とL2スイッチ80を介してアクセス装置60との間でEtherOAMフレームの送受信を行う。 The communication processing unit 11 controls communication related to various information. For example, the communication processing unit 11 transmits / receives an EtherOAM frame between the access device 60 via the transmission network 70 and the L2 switch 80.
 記憶部13は、制御部12による各種処理に必要なデータおよびプログラムを格納するが、特に本発明に密接に関連するものとしては、仮想MAC管理テーブル記憶部13aを有する。例えば、記憶部13は、RAM(Random Access Memory)、フラッシュメモリ(Flash Memory)等の半導体メモリ素子、又は、ハードディスク、光ディスク等の記憶装置などである。 The storage unit 13 stores data and programs necessary for various types of processing by the control unit 12, and has a virtual MAC management table storage unit 13a particularly closely related to the present invention. For example, the storage unit 13 is a semiconductor memory element such as a RAM (Random Access Memory) or a flash memory, or a storage device such as a hard disk or an optical disk.
 仮想MAC管理テーブル記憶部13aは、各VNF10が管理する監視対象のアクセス装置60ごとにそれぞれ設定されたVNF10の仮想MACアドレスと、アクセス装置60のMACアドレス・VLAN IDを記憶する。例えば、仮想MAC管理テーブル記憶部13aは、図3に例示するように、「MEG ID」と「MEP ID」に対応付けて、監視対象のアクセス装置60ごとにそれぞれ設定されたVNF10の仮想MACアドレスである「仮想MAC」を記憶する。また、アクセス装置60の構成情報として、「監視対象MAC」および「VLAN ID」を記憶する。図3では「VLAN ID」が一つ使用する場合を示しているが、「VLAN ID」は多段に付与してもよい。ただし、前提条件として、「監視対象MAC」と0以上の「VLAN ID」の組み合わせで一意性の制約を満たし、同様に「仮想MAC」と0以上の「VLAN ID」の組み合わせで一意性の制約を満たす。 The virtual MAC management table storage unit 13a stores the virtual MAC address of the VNF 10 set for each monitored access device 60 managed by each VNF 10, and the MAC address / VLAN ID of the access device 60. For example, as illustrated in FIG. 3, the virtual MAC management table storage unit 13a associates the “MEG ID” and “MEP ID” with the virtual MAC address of each VNF 10 set for each access device 60 to be monitored. Is stored as a “virtual MAC”. Further, “monitoring target MAC” and “VLAN ID” are stored as configuration information of the access device 60. Although FIG. 3 shows the case where one “VLAN ID” is used, “VLAN ID” may be assigned in multiple stages. However, as a precondition, the combination of “monitored MAC” and zero or more “VLAN ID” satisfies the uniqueness constraint, and similarly, the combination of “virtual MAC” and zero or more “VLAN ID” restricts uniqueness. Meet.
 以降の記述では、記述を簡易化するために、「仮想MAC」だけで一意性の制約を満たしている場合を例とするが、上述の通り「仮想MAC」だけで一意性の制約を満たすことは要しない。「仮想MAC」と0以上の「VLAN ID」の組み合わせで一意性の制約を満たしていればよい。 In the following description, in order to simplify the description, an example is given in which the “virtual MAC” alone satisfies the uniqueness constraint. However, as described above, the “virtual MAC” alone satisfies the uniqueness constraint. Is not required. The combination of “virtual MAC” and zero or more “VLAN ID” only needs to satisfy the uniqueness constraint.
 図3の例を挙げて説明すると、例えば、仮想MAC管理テーブル記憶部13aは、VNF10Aが管理する管理対象のアクセス装置60Aに対応する情報として、MEG ID「MEG10」と、MEP ID「100」と、仮想MAC「XX:XX:XX:XX:XX:X1」と、アクセス装置60Aの構成情報(監視対象MAC「YY:YY:YY:YY:YY:Y1」およびVLAN ID「10」)とを対応付けて記憶し、VNF10Bが管理する管理対象のアクセス装置60Bに対応する情報として、MEG ID「MEG20」と、MEP ID「200」と、仮想MAC「XX:XX:XX:XX:XX:X2」と、アクセス装置60Bの構成情報(監視対象MAC「YY:YY:YY:YY:YY:Y2」およびVLAN ID「20」)とを対応付けて記憶する。 3, for example, the virtual MAC management table storage unit 13a includes MEG ID “MEG10” and MEP ID “100” as information corresponding to the managed access device 60A managed by the VNF 10A. , The virtual MAC “XX: XX: XX: XX: XX: X1” and the configuration information of the access device 60A (monitoring target MAC “YY: YY: YY: YY: YY: Y1” and VLAN ID “10”) MEG ID “MEG20”, MEP ID “200”, and virtual MAC “XX: XX: XX: XX: XX: X2” as information corresponding to the managed access device 60B managed by the VNF 10B are stored in association with each other. ”And the configuration information of the access device 60B (monitoring target MAC“ YY: YY: YY: YY: YY: Y2 ”and VLAN) And stores the ID "20") and in association with each other.
 図3に例示する仮想MAC管理テーブルについて、EtherOAMコントローラ20は、仮想MAC管理テーブルに含まれる全てのレコードを保持する。各VNF10は、仮想MAC管理テーブルのうち、各自が管理する管理対象のアクセス装置60に対応するレコードをそれぞれ保持する。例えば、VNF10Aは、VNF10Aが管理する管理対象のアクセス装置60Aに対応する情報として、MEG ID「MEG10」と、MEP ID「100」と、仮想MAC「XX:XX:XX:XX:XX:X1」と、アクセス装置60Aの構成情報(監視対象MAC「YY:YY:YY:YY:YY:Y1」およびVLAN ID「10」)とが対応付けられたレコードを仮想MAC管理テーブルとして保持する。 For the virtual MAC management table illustrated in FIG. 3, the EtherOAM controller 20 holds all the records included in the virtual MAC management table. Each VNF 10 holds a record corresponding to the managed access device 60 managed by each VNF 10 in the virtual MAC management table. For example, the VNF 10A includes, as information corresponding to the managed access device 60A managed by the VNF 10A, the MEG ID “MEG10”, the MEP ID “100”, and the virtual MAC “XX: XX: XX: XX: XX: X1”. And the configuration information of the access device 60A (monitoring target MAC “YY: YY: YY: YY: YY: Y1” and VLAN ID “10”) are stored as a virtual MAC management table.
 制御部12は、各種の処理手順などを規定したプログラムおよび所要データを格納するための内部メモリを有し、これらによって種々の処理を実行するが、特に本発明に密接に関連するものとしては、事前設定部12a、判定制御部12b、監視制御部12c、設定制御部12d、決定部12e、通知部12fおよび更新部12gを有する。ここで、制御部12は、CPU(Central Processing Unit)やMPU(Micro Processing Unit)などの電子回路やASIC(Application Specific Integrated Circuit)やFPGA(Field Programmable Gate Array)などの集積回路である。 The control unit 12 has an internal memory for storing a program that defines various processing procedures and necessary data, and performs various processes using them, and particularly as closely related to the present invention, It includes a presetting unit 12a, a determination control unit 12b, a monitoring control unit 12c, a setting control unit 12d, a determination unit 12e, a notification unit 12f, and an update unit 12g. Here, the control unit 12 is an electronic circuit such as a CPU (Central Processing Unit) or MPU (Micro Processing Unit) or an integrated circuit such as an ASIC (Application Specific Integrated Circuit) or FPGA (Field Programmable Gate Array).
 また、各部のうち、事前設定部12aがSDNコントローラ30が有する機能であり、判定制御部12b、監視制御部12cおよび設定制御部12dがVNF10が有する機能であり、決定部12e、通知部12fおよび更新部12gがEtherOAMコントローラ20が有する機能であるものとする。 Among the units, the pre-setting unit 12a is a function that the SDN controller 30 has, and the determination control unit 12b, the monitoring control unit 12c, and the setting control unit 12d are functions that the VNF 10 has, the determination unit 12e, the notification unit 12f, and It is assumed that the updating unit 12g has a function that the EtherOAM controller 20 has.
 事前設定部12aは、仮想MACアドレスの事前設定処理として、監視対象のアクセス装置60に対応するVNF10の仮想MACアドレスを払い出し、該監視対象のアクセス装置60に対して該仮想MACアドレスをEtherOAMフレームの送信先MACアドレスとして設定するとともに、払い出された仮想MACアドレスを仮想MAC管理テーブル記憶部13aに設定する。 As a virtual MAC address pre-setting process, the pre-setting unit 12a issues a virtual MAC address of the VNF 10 corresponding to the monitoring target access device 60, and sends the virtual MAC address to the monitoring target access device 60 in the EtherOAM frame. While being set as a transmission destination MAC address, the issued virtual MAC address is set in the virtual MAC management table storage unit 13a.
 ここで、図4を用いて、仮想MACアドレスの事前設定処理の一例を説明する。図4は、仮想MACアドレスの事前設定処理の一例を説明する図である。なお、以下の説明では、VNF10と監視対象のアクセス装置60とが一対一の関係である場合を例に説明するが、当然これに限定されるものではなく、例えば、VNF10が一つに対して、複数のアクセス装置60を監視対象としてもよい。 Here, an example of the virtual MAC address pre-setting process will be described with reference to FIG. FIG. 4 is a diagram for explaining an example of a virtual MAC address pre-setting process. In the following description, a case where the VNF 10 and the monitoring target access device 60 are in a one-to-one relationship will be described as an example. However, the present invention is not limited to this example. A plurality of access devices 60 may be monitored.
 図4に示すように、SDNコントローラ30は、監視対象のアクセス装置60A、60Bに対してEtherOAM送信先MACアドレスとして任意の仮想MACアドレスを払い出し、該仮想MACアドレスをMEG ID、MEP ID、VLAN IDと合わせてアクセス装置60A、60Bに設定する。なお、仮想MACアドレスを払い出す際には、前述の一意性の制約を満たす必要がある。 As shown in FIG. 4, the SDN controller 30 issues an arbitrary virtual MAC address as an EtherOAM transmission destination MAC address to the monitored access devices 60A and 60B, and uses the virtual MAC address as the MEG ID, MEP ID, and VLAN ID. And set in the access devices 60A and 60B. Note that when the virtual MAC address is paid out, it is necessary to satisfy the above-described uniqueness constraint.
 図4の例を挙げて説明すると、例えば、SDNコントローラ30は、監視対象のアクセス装置60Aに対してEtherOAM送信先MACアドレスとして、仮想MAC「XX:XX:XX:XX:XX:X1」を設定するとともに、MEG ID「MEG10」と、MEP ID「100」と、VLAN ID「10」を設定する。また、SDNコントローラ30は、監視対象のアクセス装置60Bに対してEtherOAM送信先MACアドレスとして、仮想MAC「XX:XX:XX:XX:XX:X2」を設定するとともに、MEG ID「MEG20」と、MEP ID「200」と、VLAN ID「20」を設定する。 4, for example, the SDN controller 30 sets the virtual MAC “XX: XX: XX: XX: XX: X1” as the EtherOAM transmission destination MAC address for the monitoring target access device 60A. In addition, MEG ID “MEG10”, MEP ID “100”, and VLAN ID “10” are set. Further, the SDN controller 30 sets the virtual MAC “XX: XX: XX: XX: XX: X2” as the EtherOAM transmission destination MAC address for the monitoring target access device 60B, and the MEG ID “MEG20”. Set MEP ID “200” and VLAN ID “20”.
 また、SDNコントローラ30は、アクセス装置60の有するMACアドレスを取得し、EtherOAMコントローラ20に対してアクセス装置60の構成情報(MEG ID、MEP ID、MACアドレス、VLAN ID)とともに、払い出した仮想MACアドレスを設定する。EtherOAMコントローラ20は、払い出された仮想MACアドレス、アクセス装置のMACアドレス、VLAN IDを、「MEG ID」、「MEP ID」を複合主キーとする仮想MAC管理テーブルに格納する。図4の例を挙げて説明すると、例えば、EtherOAMコントローラ20は、MEG ID「MEG10」と、MEP ID「100」と、仮想MAC「XX:XX:XX:XX:XX:X1」と、構成情報(監視対象MAC「YY:YY:YY:YY:YY:Y1」およびVLAN ID「10」)とが対応付けられたレコードと、MEG ID「MEG20」と、MEP ID「200」と、仮想MAC「XX:XX:XX:XX:XX:X2」と、構成情報(監視対象MAC「YY:YY:YY:YY:YY:Y2」およびVLAN ID「20」)とが対応付けられたレコードを記憶する。 Further, the SDN controller 30 acquires the MAC address of the access device 60, and issues the virtual MAC address issued to the EtherOAM controller 20 together with the configuration information (MEG ID, MEP ID, MAC address, VLAN ID) of the access device 60. Set. The EtherOAM controller 20 stores the issued virtual MAC address, the MAC address of the access device, and the VLAN ID in a virtual MAC management table having “MEG ID” and “MEP ID” as composite main keys. 4, for example, the EtherOAM controller 20 includes the MEG ID “MEG10”, the MEP ID “100”, the virtual MAC “XX: XX: XX: XX: XX: X1”, and configuration information. (Monitored MAC “YY: YY: YY: YY: YY: Y1” and VLAN ID “10”), MEG ID “MEG20”, MEP ID “200”, and virtual MAC “ XX: XX: XX: XX: XX: X2 ”and a record in which configuration information (monitoring target MAC“ YY: YY: YY: YY: YY: Y2 ”and VLAN ID“ 20 ”) is associated are stored. .
 そして、EtherOAMコントローラ20は、登録されたアクセス装置60A、60Bの監視をどのVNF10が担当するかを決定し、仮想MAC管理テーブルの該当レコードをVNF10に通知する。そして、VNF10は、EtherOAMコントローラ20から通知されたレコードを基に、指定されたアクセス装置60の監視を行う。図4の例を挙げて説明すると、例えば、EtherOAMコントローラ20は、MEG ID「MEG10」と、MEP ID「100」と、仮想MAC「XX:XX:XX:XX:XX:X1」とが対応付けられたレコードをVNF10Aに通知し、VMEG ID「MEG20」と、MEP ID「200」と、仮想MAC「XX:XX:XX:XX:XX:X2」とが対応付けられたレコードをVNF10Bに通知する。 The EtherOAM controller 20 determines which VNF 10 is responsible for monitoring the registered access devices 60A and 60B, and notifies the VNF 10 of the corresponding record in the virtual MAC management table. Then, the VNF 10 monitors the designated access device 60 based on the record notified from the EtherOAM controller 20. For example, in the EtherOAM controller 20, the MEG ID “MEG10”, the MEP ID “100”, and the virtual MAC “XX: XX: XX: XX: XX: X1” are associated with each other. Is notified to the VNF 10A, and the record in which the VMEG ID “MEG20”, the MEP ID “200”, and the virtual MAC “XX: XX: XX: XX: XX: X2” are associated is notified to the VNF 10B. .
 判定制御部12bは、各VNF10が監視対象のアクセス装置60から送信されたEtherOAMフレームを受信した場合に、該EtherOAMフレームの送信先MACアドレスが自VNF10の仮想MACアドレスのいずれかと一致するか各VNF10にそれぞれ判定させ、送信先MACアドレスと仮想MACアドレスとが一致しないVNF10については、EtherOAMフレームを破棄させるように制御する。 When each VNF 10 receives an EtherOAM frame transmitted from the monitored access device 60, the determination control unit 12b determines whether the destination MAC address of the EtherOAM frame matches any of the virtual MAC addresses of the own VNF 10. Each VNF 10 for which the destination MAC address and the virtual MAC address do not match is controlled to discard the EtherOAM frame.
 監視制御部12cは、送信先MACアドレスと仮想MACアドレスとが一致するVNF10については、EtherOAMフレームに含まれる情報を基に監視対象のアクセス装置60の通信を監視させるように制御する。具体的には、監視制御部12cは、送信先MACアドレスと仮想MACアドレスとが一致するVNF10については、EtherOAMフレームから情報を取得させ、監視対象のアクセス装置60のステータスを更新させるように制御する。 The monitoring control unit 12c performs control so that the communication of the monitoring target access device 60 is monitored based on the information included in the EtherOAM frame for the VNF 10 whose transmission destination MAC address and virtual MAC address match. Specifically, the monitoring control unit 12c controls the VNF 10 whose transmission destination MAC address and virtual MAC address match to acquire information from the EtherOAM frame and update the status of the monitoring target access device 60. .
 ここで、図5を用いて、EtherOAMフレームの受信処理の一例を説明する。図5は、EtherOAMフレームの受信処理の一例を説明する図である。図5に示すように、アクセス装置60Aは、仮想MACアドレス「XX:XX:XX:XX:XX:X1」を送信先として、EtherOAMフレームを送信する。VNF10A~10Cでは、自身のMACアドレスと異なるEtherOAMフレームを取得するために、インタフェースをプロミスキャスモードに設定しておく。これにより、同一物理ホスト内の全てのVNF10A~10Cが、EtherOAMフレームを受信する。 Here, an example of an EtherOAM frame reception process will be described with reference to FIG. FIG. 5 is a diagram for explaining an example of an EtherOAM frame reception process. As illustrated in FIG. 5, the access device 60A transmits an EtherOAM frame with the virtual MAC address “XX: XX: XX: XX: XX: X1” as a transmission destination. In the VNFs 10A to 10C, in order to acquire an EtherOAM frame different from its own MAC address, the interface is set to the promiscuous mode. As a result, all the VNFs 10A to 10C in the same physical host receive the EtherOAM frame.
 各VNF10A~10Cが受信したEtherOAMフレームは、ソケットを通じてアプリケーション内に引き込まれる。各VNF10A~10CのEtherOAMアプリケーションでは、送信先MACアドレスをキーとして仮想MAC管理テーブルを検索する。そして、EtherOAMアプリケーションは、検索の結果、レコードが存在しない場合、つまり、自VNF10にとって監視対象からのEtherOAMフレームでない場合には、EtherOAMフレームを破棄する。 The EtherOAM frame received by each VNF 10A to 10C is drawn into the application through the socket. The EtherOAM application of each VNF 10A to 10C searches the virtual MAC management table using the transmission destination MAC address as a key. Then, the EtherOAM application discards the EtherOAM frame if the record does not exist as a result of the search, that is, if it is not the EtherOAM frame from the monitoring target for the self-VNF 10.
 また、EtherOAMアプリケーションは、検索の結果、レコードが存在する場合、つまり、自VNF10にとって監視対象からのEtherOAMフレームである場合には、EtherOAMフレームに含まれる情報を基に監視対象のアクセス装置60に対する監視処理として、アクセス装置60のステータス更新を実施する。 The EtherOAM application also monitors the monitoring target access device 60 based on the information included in the EtherOAM frame when there is a record as a result of the search, that is, when the local VNF 10 is an EtherOAM frame from the monitoring target. As a process, the status of the access device 60 is updated.
 図5の例では、VNF10Aの仮想MAC管理テーブルには、MEG ID「MEG10」と、MEP ID「100」と、仮想MAC「XX:XX:XX:XX:XX:X1」とが対応付けられたレコードが記憶されている。VNF10Bの仮想MAC管理テーブルには、MEG ID「MEG20」と、MEP ID「200」と、仮想MAC「XX:XX:XX:XX:XX:X2」とが対応付けられたレコードが記憶されている。このため、VNF10Aは、送信先MACアドレス「XX:XX:XX:XX:XX:X1」と一致する仮想MAC「XX:XX:XX:XX:XX:X1」のレコードが存在するので、EtherOAMフレームを受信して監視処理を行う。また、VNF10BおよびVNF10Cは、送信先MACアドレス「XX:XX:XX:XX:XX:X1」と一致するレコードが存在しないので、EtherOAMフレームを破棄する。 In the example of FIG. 5, the virtual MAC management table of VNF 10A is associated with MEG ID “MEG10”, MEP ID “100”, and virtual MAC “XX: XX: XX: XX: XX: X1”. Records are stored. The virtual MAC management table of the VNF 10B stores a record in which the MEG ID “MEG20”, the MEP ID “200”, and the virtual MAC “XX: XX: XX: XX: XX: X2” are associated with each other. . For this reason, the VNF 10A has a record of the virtual MAC “XX: XX: XX: XX: XX: XX: X1” that matches the destination MAC address “XX: XX: XX: XX: XX: X1”. Is received and monitoring processing is performed. Further, the VNF 10B and the VNF 10C discard the EtherOAM frame because there is no record that matches the transmission destination MAC address “XX: XX: XX: XX: XX: X1”.
 設定制御部12dは、VNF10が監視対象のアクセス装置60にEtherOAMフレームを送信する際には、仮想MAC管理テーブル記憶部13aから送信先のアクセス装置60に対応するVNF10の仮想MACアドレスを取得し、該取得した仮想MACアドレスを送信元MACアドレスに設定するように制御する。 When the VNF 10 transmits an EtherOAM frame to the monitored access device 60, the setting control unit 12d acquires the virtual MAC address of the VNF 10 corresponding to the destination access device 60 from the virtual MAC management table storage unit 13a. Control is performed so that the acquired virtual MAC address is set as the source MAC address.
 ここで、図6を用いて、EtherOAMフレームの送信処理の一例を説明する。図6は、EtherOAMフレームの送信処理の一例を説明する図である。図6に示すように、VNF10Aは、仮想MAC管理テーブルより監視対象のレコードを順次取得し、仮想MACアドレス「XX:XX:XX:XX:XX:X1」を送信元、アクセス装置60AのMACアドレス「YY:YY:YY:YY:YY:Y1」を送信先として、EtherOAMフレームを送信する。 Here, an example of an EtherOAM frame transmission process will be described with reference to FIG. FIG. 6 is a diagram for explaining an example of an EtherOAM frame transmission process. As illustrated in FIG. 6, the VNF 10A sequentially acquires records to be monitored from the virtual MAC management table, transmits the virtual MAC address “XX: XX: XX: XX: XX: X1”, and the MAC address of the access device 60A. The EtherOAM frame is transmitted with “YY: YY: YY: YY: YY: Y1” as a transmission destination.
 この際、EtherOAMフレームを送信したVNF10Aを除く他のVNF10B、10Cは、インタフェースがプロミスキャスモードに設定されているため、当該EtherOAMフレームを受信する。EtherOAMアプリケーションでは、仮想MAC管理テーブルに合致しないEtherOAMフレームは破棄されるため、本フレームがステータス変更には影響しない。 At this time, the VNFs 10B and 10C other than the VNF 10A that transmitted the EtherOAM frame receive the EtherOAM frame because the interface is set to the promiscuous mode. In the EtherOAM application, since the EtherOAM frame that does not match the virtual MAC management table is discarded, this frame does not affect the status change.
 決定部12eは、情報処理装置100に新たなVNF10が生成された場合に、すでに動作しているVNF10が管理する監視対象のアクセス装置60のうち、新たなVNF10に監視させるアクセス装置60を決定する。つまり、決定部12eは、VNF10がスケールアウトしVNFインスタンスを増やした場合、稼働中のVNF10から新規VNF10に委譲する監視対象を決定する。 When a new VNF 10 is generated in the information processing apparatus 100, the determination unit 12e determines an access apparatus 60 to be monitored by the new VNF 10 among the monitored access apparatuses 60 managed by the already operating VNF 10. . That is, when the VNF 10 is scaled out and the number of VNF instances is increased, the determination unit 12e determines a monitoring target to be delegated from the operating VNF 10 to the new VNF 10.
 また、決定部12eは、情報処理装置100とは異なる別の情報処理装置に新たなVNF10が生成された場合に、すでに動作しているVNF10が管理する監視対象のアクセス装置60のうち、新たなVNF10に監視させるアクセス装置60を決定する。つまり、決定部12eは、別物理ホストにスケールアウトする場合も、稼働中のVNF10から別物理ホストの新規VNF10に委譲する監視対象を決定する。 In addition, when a new VNF 10 is generated in another information processing apparatus different from the information processing apparatus 100, the determination unit 12 e creates a new one of the monitored access devices 60 managed by the already operating VNF 10. The access device 60 to be monitored by the VNF 10 is determined. That is, even when the determination unit 12e scales out to another physical host, the determination unit 12e determines a monitoring target to be delegated from the operating VNF 10 to the new VNF 10 of another physical host.
 通知部12fは、決定部12eによって決定された新たなVNF10に監視させる監視対象のアクセス装置60に対応する仮想MACアドレスを、新たなVNF10の仮想MACアドレスとして登録するように別のVNF10に通知する。なお、通知部12fは、異なる物理ホスト上で生成された場合だけでなく、新たなVNFが同一物理ホスト上で生成された場合であっても、新たなVNF10に監視させる監視対象のアクセス装置60に対応する仮想MACアドレスを、新たなVNF10の仮想MACアドレスとして登録するように別のVNF10に通知する。 The notification unit 12f notifies another VNF 10 to register the virtual MAC address corresponding to the monitored access device 60 to be monitored by the new VNF 10 determined by the determination unit 12e as the virtual MAC address of the new VNF 10. . Note that the notification unit 12f is not only generated on a different physical host, but also when a new VNF is generated on the same physical host, the monitored access device 60 to be monitored by the new VNF 10. Is notified to another VNF 10 so as to be registered as a virtual MAC address of the new VNF 10.
 更新部12gは、新たなVNF10に監視させる監視対象のアクセス装置60に対応する仮想MACアドレスを、通知部12fによって通知された仮想MACアドレスに変更するように仮想MAC管理テーブル記憶部13aを更新する。 The update unit 12g updates the virtual MAC management table storage unit 13a so as to change the virtual MAC address corresponding to the monitored access device 60 to be monitored by the new VNF 10 to the virtual MAC address notified by the notification unit 12f. .
 ここで、図7および図8を用いて、スケールアウト実施時の処理の一例を説明する。図7は、同一物理ホスト上でのスケールアウト実施時の処理の一例を説明する図である。図8は、別物理ホストへのスケールアウト実施時の処理の一例を説明する図である。図7に例示するように、同一物理ホスト上でEtherOAM VNFをスケールアウトし、新たにVNF10Dを増やした場合、EtherOAMコントローラ20は、稼働中のVNF10Aから新規VNF10Dに委譲する監視対象を決定する。ここでは、EtherOAMコントローラ20は、稼働中のVNF10Aから新規VNF10Dに委譲する監視対象として、アクセス装置60Aを決定したものとする。 Here, an example of processing at the time of performing scale-out will be described with reference to FIGS. 7 and 8. FIG. 7 is a diagram for explaining an example of processing when scale-out is performed on the same physical host. FIG. 8 is a diagram for explaining an example of processing when performing scale-out to another physical host. As illustrated in FIG. 7, when the EtherOAM VNF is scaled out on the same physical host and the VNF 10D is newly increased, the EtherOAM controller 20 determines a monitoring target to be delegated from the operating VNF 10A to the new VNF 10D. Here, it is assumed that the EtherOAM controller 20 has determined the access device 60A as a monitoring target to be delegated from the operating VNF 10A to the new VNF 10D.
 この際、EtherOAMコントローラ20からの通知により、委譲元のVNF10Aの仮想MAC管理テーブルからは対象のアクセス装置60Aのレコードは破棄され、新規VNF10Dの仮想MAC管理テーブルにアクセス装置60Aのレコードが追加される。ここで、アクセス装置60Aのレコードとは、図7に例示されるように、MEG ID「MEG10」と、MEP ID「100」と、仮想MAC「XX:XX:XX:XX:XX:X1」とが対応付けられたレコードである。このように、委譲により監視を行うVNFインスタンスが変更されるが、この場合でも送受信フレームのMACアドレスは変化せず、監視に影響を及ぼさない。 At this time, by the notification from the EtherOAM controller 20, the record of the target access device 60A is discarded from the virtual MAC management table of the delegation source VNF 10A, and the record of the access device 60A is added to the virtual MAC management table of the new VNF 10D. . Here, the record of the access device 60A is, as illustrated in FIG. 7, MEG ID “MEG10”, MEP ID “100”, and virtual MAC “XX: XX: XX: XX: XX: X1”. Is a record associated with. In this way, the VNF instance to be monitored is changed by delegation, but even in this case, the MAC address of the transmission / reception frame does not change and does not affect the monitoring.
 このため、スケールアウト時だけでなく、スケールインや障害発生時など、VNF10間で監視対象の委譲を行うケースにおいて、監視処理に影響を与えることなく容易に実施することが可能となる。ただし、VNF10に障害が発生した場合には、EtherOAMコントローラ20にて障害検知し、フェールオーバを行う必要がある。 For this reason, in the case of delegating the monitoring target between the VNFs 10 not only at the time of scale-out but also at the time of scale-in or failure occurrence, it becomes possible to easily carry out without affecting the monitoring process. However, when a failure occurs in the VNF 10, it is necessary to detect the failure in the EtherOAM controller 20 and perform failover.
 なお、スケールアウト実施時の委譲する監視対象の決定や仮想MAC管理テーブルの更新をEtherOAMコントローラ20が制御する場合を例に説明するが、これに限定されるものではなく、例えば、VNF10が委譲する監視対象を決定してもよいし、VNF10間で通信を行うことで仮想MAC管理テーブルの更新を実施するようにしてもよい。 In addition, although the case where the EtherOAM controller 20 controls the determination of the monitoring target to be delegated at the time of the scale-out execution and the update of the virtual MAC management table will be described as an example, it is not limited to this, for example, the VNF 10 delegates The monitoring target may be determined, or the virtual MAC management table may be updated by performing communication between the VNFs 10.
 続いて、図8を用いて、別物理ホストへのスケールアウト実施時の処理の一例を説明する。図8に示すように、別物理ホストにスケールアウトする場合も、図7の場合と同様に、仮想MAC管理テーブルの更新を実施する。 Next, an example of processing when performing scale-out to another physical host will be described with reference to FIG. As shown in FIG. 8, also when scaling out to another physical host, the virtual MAC management table is updated as in the case of FIG.
 例えば、EtherOAMコントローラ20は、稼働中のVNF10Bから新規VNF10Eに委譲する監視対象のアクセス装置60Bを決定すると、監視対象のアクセス装置60Bに対応する仮想MACアドレス「XX:XX:XX:XX:XX:X2」を、新規VNF10Eの仮想MACアドレスとして変更させるように別の物理ホストに通知する。そして、スケールアウト先のVNF10EがEtherOAMフレームを送出することで、経路上にあるL2スイッチ80AのMAC学習テーブルが学習される。これにより、移動先の物理ホストにのみフレームが到達するようになり、処理の負荷分散を実現することが可能である。 For example, when the EtherOAM controller 20 determines the monitoring target access device 60B to be delegated from the operating VNF 10B to the new VNF 10E, the virtual MAC address “XX: XX: XX: XX: XX: XX” corresponding to the monitoring target access device 60B. "X2" is notified to another physical host so as to be changed as the virtual MAC address of the new VNF 10E. The scale-out destination VNF 10E transmits the EtherOAM frame, thereby learning the MAC learning table of the L2 switch 80A on the path. As a result, the frame reaches only the destination physical host, and the processing load can be distributed.
 このように、第1の実施形態に係る監視システム1では、監視対象ごとに仮想MACアドレスを用意し、VMインスタンス生成時に動的に割り当てられたMACアドレスではなく、監視対象装置用の仮想MACアドレスを用いて、VNF10とアクセス装置60との間でフレームの送受信を行う。各VNF10は、仮想MAC管理テーブルを持ち、対向装置ごとに別のMACアドレスを使用する。 As described above, in the monitoring system 1 according to the first embodiment, a virtual MAC address is prepared for each monitoring target, and the virtual MAC address for the monitoring target device is used instead of the MAC address dynamically assigned when the VM instance is generated. Is used to transmit and receive frames between the VNF 10 and the access device 60. Each VNF 10 has a virtual MAC management table and uses a different MAC address for each opposing device.
 ここで、図9を用いて、監視対象装置ごとに設定された仮想MACアドレスを用いてフレームの送受信を行う処理の概要について説明する。図9は、監視対象装置ごとに設定された仮想MACアドレスを用いてフレームの送受信を行う処理の概要を説明する図である。例えば、図9の例では、VNF10Bは、監視対象ごとの仮想MACアドレスとして、「XX:XX:XX:XX:XX:10」、「XX:XX:XX:XX:XX:11」・・・「XX:XX:XX:XX:XX:XX」が規定された仮想MAC管理テーブルを有している。例えば、第1の実施形態に係る監視システム1では、1つのVNF10で監視するアクセス装置60が1000台ある場合には、1000個の対向装置ごとの仮想MACアドレスを使用することとなる。 Here, an outline of processing for transmitting and receiving a frame using a virtual MAC address set for each monitoring target device will be described with reference to FIG. FIG. 9 is a diagram illustrating an outline of processing for transmitting and receiving a frame using a virtual MAC address set for each monitoring target device. For example, in the example of FIG. 9, the VNF 10B uses “XX: XX: XX: XX: XX: 10”, “XX: XX: XX: XX: XX: 11” as virtual MAC addresses for each monitoring target. It has a virtual MAC management table in which “XX: XX: XX: XX: XX: XX” is defined. For example, in the monitoring system 1 according to the first embodiment, when there are 1000 access devices 60 monitored by one VNF 10, the virtual MAC addresses for every 1000 opposing devices are used.
 また、スケールアウトやフェールオーバにより監視元VNFが変更になった際は、VNF10は、仮想MAC管理テーブルのレコードを更新し、移動先のVNF10にて同仮想MACアドレスを使用してフレームの送受信を行う。例えば、図9の例では、別物理ホストのVIM50Aに新しくVNF10E~10Gが生成され、アクセス装置60の監視をVNF10BからVNF10Eに変更する場合には、VNF10Bの仮想MAC管理テーブルからはアクセス装置60のレコードが破棄され、新規VNF10Eの仮想MAC管理テーブルにアクセス装置60のレコードが追加される。ここで、アクセス装置60のレコードとは、図9に例示されるように、MEG ID「MEG10」と、MEP ID「100」と、仮想MAC「XX:XX:XX:XX:XX:10」とが対応付けられたレコードである。 When the monitoring source VNF is changed due to scale-out or failover, the VNF 10 updates a record in the virtual MAC management table and transmits / receives a frame using the virtual MAC address in the destination VNF 10. . For example, in the example of FIG. 9, when new VNFs 10E to 10G are generated in the VIM 50A of another physical host and the monitoring of the access device 60 is changed from VNF 10B to VNF 10E, the virtual MAC management table of the VNF 10B The record is discarded and the record of the access device 60 is added to the virtual MAC management table of the new VNF 10E. Here, as illustrated in FIG. 9, the record of the access device 60 includes the MEG ID “MEG10”, the MEP ID “100”, and the virtual MAC “XX: XX: XX: XX: XX: 10”. Is a record associated with.
[監視システムの処理手順]
 次に、図10を用いて、第1の実施形態に係る監視システム1による事前設定処理の手順の例を説明する。図10は、第1の実施形態に係る監視システムにおける事前設定処理の流れの一例を示すシーケンス図である。 [Processing procedure of the monitoring system]
Next, an example of the procedure of the pre-setting process by the monitoring system 1 according to the first embodiment will be described using FIG. FIG. 10 is a sequence diagram illustrating an example of the flow of the pre-setting process in the monitoring system according to the first embodiment.
 図10に示すように、SDNコントローラ30は、監視対象のアクセス装置60に対してEtherOAM送信先MACアドレスとして任意の仮想MACアドレスを払い出し(ステップS101)、該仮想MACアドレスをMEG ID、MEP ID、VLAN IDと合わせてアクセス装置60に通知する(ステップS102)。なお、仮想MACアドレスを払い出す際には、同一L2セグメント内で重複がないようにする必要がある。そして、アクセス装置60は、仮想MACアドレスを受信すると、該受信した仮想MACアドレスをEtherOAM送信先MACアドレスとして設定する(ステップS103)。 As shown in FIG. 10, the SDN controller 30 issues an arbitrary virtual MAC address as the EtherOAM transmission destination MAC address to the monitored access device 60 (step S101), and the virtual MAC address is assigned to the MEG ID, MEP ID, The access device 60 is notified together with the VLAN ID (step S102). When paying out the virtual MAC address, it is necessary to avoid duplication within the same L2 segment. Then, when receiving the virtual MAC address, the access device 60 sets the received virtual MAC address as the EtherOAM transmission destination MAC address (step S103).
 その後、SDNコントローラ30は、アクセス装置60の有するMACアドレスを取得する(ステップS104)。そして、SDNコントローラ30は、EtherOAMコントローラ20に対してアクセス装置60の構成情報(MEG ID、MEP ID、MACアドレス、VLAN ID)とともに、払い出した仮想MACアドレスを通知する(ステップS105)。そして、EtherOAMコントローラ20は、払い出された仮想MACアドレスを、アクセス装置60の構成情報を複合キーとして仮想MAC管理テーブルに格納する(ステップS106)。そして、EtherOAMコントローラ20は、登録されたアクセス装置60の監視を担当する担当VNFをVNF10A~10Cのなかから決定する(ステップS107)。ここでは、例えば、アクセス装置60の監視をVNF10Aが担当すると決定したものとする。 Thereafter, the SDN controller 30 acquires the MAC address of the access device 60 (step S104). Then, the SDN controller 30 notifies the EtherOAM controller 20 of the issued virtual MAC address together with the configuration information (MEG ID, MEP ID, MAC address, VLAN ID) of the access device 60 (step S105). The EtherOAM controller 20 stores the issued virtual MAC address in the virtual MAC management table using the configuration information of the access device 60 as a composite key (step S106). The EtherOAM controller 20 determines a VNF in charge of monitoring the registered access device 60 from among the VNFs 10A to 10C (step S107). Here, for example, it is assumed that the VNF 10A is in charge of monitoring the access device 60.
 この場合には、EtherOAMコントローラ20は、監視対象のアクセス装置60に対応する仮想MACアドレスをVNF10Aに通知する(ステップS108)。そして、VNF10Aは、EtherOAMコントローラ20から通知された仮想MACアドレスを仮想MAC管理テーブルに設定する(ステップS109)。 In this case, the EtherOAM controller 20 notifies the virtual MAC address corresponding to the monitored access device 60 to the VNF 10A (step S108). Then, the VNF 10A sets the virtual MAC address notified from the EtherOAM controller 20 in the virtual MAC management table (step S109).
 次に、図11および図12を用いて、第1の実施形態に係るVNFによる送受信処理の手順の例を説明する。図11は、第1の実施形態に係るVNFにおける受信処理の流れの一例を示すフローチャートである。図12は、第1の実施形態に係るVNFにおける送信処理の流れの一例を示すフローチャートである。 Next, an example of a procedure of transmission / reception processing by the VNF according to the first embodiment will be described using FIG. 11 and FIG. FIG. 11 is a flowchart illustrating an example of a flow of reception processing in the VNF according to the first embodiment. FIG. 12 is a flowchart illustrating an example of a flow of transmission processing in the VNF according to the first embodiment.
 まず、図11を用いて、VNF10における受信処理の流れを説明する。図11に例示するように、VNF10は、フレームを受信すると(ステップS201肯定)、送信先MACアドレスをキーとして仮想MAC管理テーブルを検索する(ステップS202)。 First, the flow of reception processing in the VNF 10 will be described with reference to FIG. As illustrated in FIG. 11, when the VNF 10 receives a frame (Yes at Step S201), the VNF 10 searches the virtual MAC management table using the transmission destination MAC address as a key (Step S202).
 そして、VNF10は、検索の結果、レコードが存在する場合(ステップS203肯定)、つまり、自VNFにとって監視対象からのフレームである場合には、EtherOAMフレームに含まれる情報を基に監視対象のアクセス装置60に対する監視処理を実施する(ステップS204)。 If the record is found as a result of the search (Yes in step S203), that is, if the VNF 10 is a frame from the monitoring target for the own VNF, the monitoring target access device is based on the information included in the EtherOAM frame. A monitoring process for 60 is performed (step S204).
 また、VNF10は、検索の結果、仮想MAC管理テーブルにレコードが存在しない場合(ステップS203否定)、つまり、自VNFにとって監視対象からのフレームでない場合には、EtherOAMフレームを破棄する(ステップS205)。 In addition, if the record does not exist in the virtual MAC management table as a result of the search (No at Step S203), that is, if the VNF 10 is not a frame from the monitoring target for the own VNF, the VNF 10 discards the EtherOAM frame (Step S205).
 次に、図12を用いて、VNF10における送信処理の流れを説明する。図12に例示するように、VNF10は、アクセス装置60に対してEtherOAMフレームを送信する際には、仮想MAC管理テーブルより監視対象のアクセス装置60のレコードを取得する(ステップS301)。 Next, the flow of transmission processing in the VNF 10 will be described with reference to FIG. As illustrated in FIG. 12, when transmitting an EtherOAM frame to the access device 60, the VNF 10 acquires a record of the monitored access device 60 from the virtual MAC management table (step S301).
 そして、VNF10は、取得したレコードを参照し、仮想MACアドレスを送信元、アクセス装置60のMACアドレスを送信先としてEtherOAMフレームに設定し(ステップS302)、EtherOAMフレームを送信する(ステップS303)。 Then, the VNF 10 refers to the acquired record, sets the virtual MAC address as the transmission source, sets the MAC address of the access device 60 as the transmission destination in the EtherOAM frame (step S302), and transmits the EtherOAM frame (step S303).
[第1の実施形態の効果]
 第1の実施形態に係る監視システム1における情報処理装置100は、各VNF10が管理するアクセス装置60ごとにそれぞれ設定されたVNF10の仮想MACアドレスを記憶する仮想MAC管理テーブル記憶部13aを有する。そして、情報処理装置100は、各VNF10がアクセス装置60から送信されたフレームを受信した場合に、該フレームの送信先MACアドレスが自VNF10の仮想MACアドレスと一致するか各VNF10にそれぞれ判定させ、送信先MACアドレスと仮想MACアドレスとが一致しないVNF10については、フレームを破棄させるように制御する。また、情報処理装置100は、送信先MACアドレスと仮想MACアドレスとが一致するVNF10については、フレームに含まれる情報を基にアクセス装置60の通信を監視させるように制御する。また、情報処理装置100は、VNF10がアクセス装置60にフレームを送信する際には、仮想MAC管理テーブル記憶部13aから送信先のアクセス装置60に対応するVNF10の仮想MACアドレスを取得し、該取得した仮想MACアドレスを送信元MACアドレスに設定するように制御する。 [Effect of the first embodiment]
The information processing apparatus 100 in the monitoring system 1 according to the first embodiment includes a virtual MAC management table storage unit 13a that stores the virtual MAC address of each VNF 10 set for each access device 60 managed by each VNF 10. Then, when each VNF 10 receives a frame transmitted from the access device 60, the information processing apparatus 100 causes each VNF 10 to determine whether or not the transmission destination MAC address of the frame matches the virtual MAC address of the own VNF 10, For the VNF 10 whose destination MAC address and virtual MAC address do not match, control is performed so that the frame is discarded. Further, the information processing apparatus 100 controls the VNF 10 whose transmission destination MAC address and virtual MAC address match to monitor communication of the access apparatus 60 based on information included in the frame. Further, when the VNF 10 transmits a frame to the access device 60, the information processing device 100 acquires the virtual MAC address of the VNF 10 corresponding to the access device 60 that is the transmission destination from the virtual MAC management table storage unit 13a and acquires the virtual MAC address. Control is performed so that the virtual MAC address thus set is set as the source MAC address.
 このように、第1の実施形態に係る監視システム1では、監視対象のアクセス装置60ごとに仮想MACアドレスを事前に用意し、それを保持する仮想MAC管理テーブルを使用するので、VNF10に動的に割り当てられるMACアドレスを用いることなく、オペレーションコストを低減して簡易に監視処理を行うことが可能である。 As described above, in the monitoring system 1 according to the first embodiment, a virtual MAC address is prepared in advance for each monitoring target access device 60 and a virtual MAC management table that holds the virtual MAC address is used. It is possible to easily perform monitoring processing without reducing the operation cost, without using the MAC address assigned to.
 また、第1の実施形態に係る監視システム1では、監視元VNF10が移動した場合にも仮想MACアドレスを引き継ぐため、移動先のVNFのMACアドレスを追跡する必要がなくなる。一方、VNFに動的に割り当てられたMACアドレスする従来のやり方では、移動先のVNFのMACアドレスを追跡する必要がある。 Further, in the monitoring system 1 according to the first embodiment, even when the monitoring source VNF 10 moves, the virtual MAC address is taken over, so that it is not necessary to track the MAC address of the destination VNF. On the other hand, in the conventional method in which the MAC address dynamically assigned to the VNF is used, it is necessary to track the MAC address of the destination VNF.
 例えば、図13に例示するように、従来方式では、監視元VNFがVNF110BからVNF110Dに変更した場合に、アクセス装置600に対して、EtherOAMの送信先MACアドレスがVNF110BのMACアドレス(A)からVNF110DのMACアドレス(B)に変更したことを通知する必要がある。なお、ここでMACアドレス(A)とは、VNF110B生成時に動的に割り当てられたVNF110BのMACアドレスであり、MACアドレス(B)とは、VNF110D生成時に動的に割り当てられたVNF110DのMACアドレスである。 For example, as illustrated in FIG. 13, in the conventional method, when the monitoring source VNF is changed from VNF 110 </ b> B to VNF 110 </ b> D, the EtherOAM transmission destination MAC address is changed from the MAC address (A) of VNF 110 </ b> B to VNF 110 </ b> D. It is necessary to notify the change to the MAC address (B). Here, the MAC address (A) is the MAC address of the VNF 110B that is dynamically assigned when the VNF 110B is generated, and the MAC address (B) is the MAC address of the VNF 110D that is dynamically assigned when the VNF 110D is generated. is there.
 また、第1の実施形態に係る監視システム1では、VNF10ごとに異なるユニキャストアドレスを使用するため、必要なVIM物理ホストにのみフレームが到達し、VIM物理ホスト間での負荷分散が可能となる。さらに、第1の実施形態に係る監視システム1では、監視対象ごとに異なるユニキャストアドレスを使用することで、同一仮想MACアドレスを維持したまま物理ホストをまたいでも経路上のL2スイッチで適切にMAC学習が実施されるようになり、物理ホストをまたいだ移動が可能となる。 In the monitoring system 1 according to the first embodiment, since a different unicast address is used for each VNF 10, the frame reaches only the necessary VIM physical host, and load distribution among the VIM physical hosts becomes possible. . Furthermore, in the monitoring system 1 according to the first embodiment, by using a different unicast address for each monitoring target, it is possible to appropriately perform the MAC with the L2 switch on the path even if the physical host is straddled while maintaining the same virtual MAC address. Learning will be implemented, and it will be possible to move across physical hosts.
 つまり、例えば、仮にマルチキャストアドレスを使用した場合には、MAC学習の対象ではなくVIMの全物理ホストに到達する。このため、NIC I/O負荷や仮想ブリッジでのL2フォワーディングなどのカーネルドメイン処理の負荷がVIMを構成する全ての物理ホストで発生し、処理負荷を分散することができない。これに対して、第1の実施形態に係る監視システム1では、VNF10ごとに異なるユニキャストアドレスを使用するため、必要なVIM物理ホストにのみフレームが到達し、VIM物理ホスト間での負荷分散が可能となる。 That is, for example, if a multicast address is used, it reaches all the physical hosts of the VIM, not the MAC learning target. For this reason, a load of kernel domain processing such as NIC I / O load or L2 forwarding in a virtual bridge occurs in all the physical hosts constituting the VIM, and the processing load cannot be distributed. On the other hand, in the monitoring system 1 according to the first embodiment, since a different unicast address is used for each VNF 10, the frame reaches only the necessary VIM physical host, and load distribution among the VIM physical hosts is reduced. It becomes possible.
 また、例えば、仮にユニキャストアドレスを複数VIM物理ホストをまたぐ共通仮想MACアドレスとして使用した場合、複数のVIM物理ホストから同一MACアドレスを送信元とするEtherOAMが到達するため、経路上のL2スイッチで適切にMAC学習することができない。これに対して、第1の実施形態に係る監視システム1では、監視対象ごとに異なるユニキャストアドレスを使用するため、同一仮想MACアドレスを維持したまま物理ホストをまたいでも経路上のL2スイッチで適切にMAC学習が実施されるようになり、物理ホストをまたいだ移動が可能となる。 Also, for example, if a unicast address is used as a common virtual MAC address across multiple VIM physical hosts, EtherOAM with the same MAC address as the source arrives from multiple VIM physical hosts. Can't learn MAC properly. On the other hand, since the monitoring system 1 according to the first embodiment uses a different unicast address for each monitoring target, the L2 switch on the path is appropriate even if the physical host is straddled while maintaining the same virtual MAC address. MAC learning is now performed, and movement across physical hosts becomes possible.
 また、第1の実施形態に係る監視システム1では、CCMヘッダ内のMEG IDやMEP IDを用いた監視対象の判定を行う代わりに、仮想MAC管理テーブルを用いて送信先MACアドレスをもとに監視対象か否かを判断する。これにより、Etherフレームのデコードだけで監視対象判定を実施可能となり、ユーザドメイン処理負荷を低減できる。 Further, in the monitoring system 1 according to the first embodiment, instead of performing monitoring target determination using the MEG ID or MEP ID in the CCM header, based on the destination MAC address using the virtual MAC management table. Judge whether or not to be monitored. As a result, it is possible to perform the monitoring target determination only by decoding the Ether frame, and the user domain processing load can be reduced.
 ここで、CCMヘッダ内のMEG IDやMEP IDを用いた対象判定について、図14を用いて説明する。図14に示すように、VNFは、受信したEtherOAMフレームが監視対象であるか否かを判断するために、ヘッダ内のMEG IDやMEP IDを抽出し、MEG IDやMEP IDを用いて、送信元解決を行っていた。これに対して、第1の実施形態に係る監視システム1では、VNF10は、CCMヘッダからMEG IDやMEP IDを抽出することなく、Etherヘッダの送信先MACアドレスをもとに仮想MAC管理テーブルを用いて監視対象か否かを判断することができるので、負荷を低減することができる。 Here, the object determination using the MEG ID and MEP ID in the CCM header will be described with reference to FIG. As shown in FIG. 14, the VNF extracts the MEG ID and MEP ID in the header to determine whether or not the received EtherOAM frame is a monitoring target, and transmits using the MEG ID and MEP ID. The original solution was performed. On the other hand, in the monitoring system 1 according to the first embodiment, the VNF 10 does not extract the MEG ID or MEP ID from the CCM header, and creates a virtual MAC management table based on the destination MAC address of the Ether header. Since it can be used to determine whether or not it is a monitoring target, the load can be reduced.
 図14に例示するA処理は、Etherフレームが到達する全VNFに共通的に発生する処理であり、B処理は監視を担当するVNFのみ発生する処理である。B処理については、VNF単位で負荷分散されるため、高い負荷分散効果が期待できる。A処理については、同一物理ホスト上の全てのVNFで発生するためVIMを構成する物理ホスト単位でしか負荷分散できず、その効果はB処理に比べて低い。また、一般に、ユーザドメインで実施される処理はカーネルやハイパーバイザにて処理最適化がされているカーネルドメインの処理に比べて処理性能が低い。このため、負荷分散効果が低いA処理のユーザドメイン処理を最小化することで、効果的に負荷を低減することができる。 The A process illustrated in FIG. 14 is a process that occurs in common to all VNFs that reach the Ether frame, and the B process is a process that occurs only for VNFs in charge of monitoring. As for the B process, since the load is distributed in units of VNF, a high load distribution effect can be expected. Since the A process occurs in all the VNFs on the same physical host, the load can be distributed only in units of physical hosts constituting the VIM, and the effect is low compared to the B process. In general, processing performed in the user domain has lower processing performance than processing in a kernel domain that is optimized for processing in the kernel or hypervisor. For this reason, it is possible to effectively reduce the load by minimizing the user domain process of the A process having a low load distribution effect.
 なお、前述の図6で説明したように、EtherOAMフレームを送信したVNF10Aを他のVNF10B、10CがEtherOAMフレームを受信するので、受信回数が増加し、NICの負荷増加が懸念されるが、A処理のユーザドメイン処理の負荷が軽減されているため、結果的に全体の負荷を低減することができる。 As described with reference to FIG. 6 above, the VNF 10A that transmitted the EtherOAM frame receives the EtherOAM frame from the other VNFs 10B and 10C, so that the number of receptions increases and there is a concern about an increase in NIC load. Since the load on the user domain processing is reduced, the overall load can be reduced as a result.
 また、第1の実施形態に係る監視システム1では、OpenStackなどの標準的なVIMおよびVNFM製品の機能のみを用いて、VNFのスケールイン・アウトを実現することが可能となり、機能追加が不要となる。 Further, in the monitoring system 1 according to the first embodiment, it is possible to realize scale-in / out of VNF using only the functions of standard VIM and VNFM products such as OpenStack, and no additional function is required. Become.
[システム構成等]
 また、図示した各装置の各構成要素は機能概念的なものであり、必ずしも物理的に図示の如く構成されていることを要しない。すなわち、各装置の分散・統合の具体的形態は図示のものに限られず、その全部または一部を、各種の負荷や使用状況などに応じて、任意の単位で機能的または物理的に分散・統合して構成することができる。さらに、各装置にて行なわれる各処理機能は、その全部または任意の一部が、CPUおよび当該CPUにて解析実行されるプログラムにて実現され、あるいは、ワイヤードロジックによるハードウェアとして実現され得る。 [System configuration, etc.]
Further, each component of each illustrated apparatus is functionally conceptual, and does not necessarily need to be physically configured as illustrated. In other words, the specific form of distribution / integration of each device is not limited to that shown in the figure, and all or a part thereof may be functionally or physically distributed or arbitrarily distributed in arbitrary units according to various loads or usage conditions. Can be integrated and configured. Further, all or any part of each processing function performed in each device may be realized by a CPU and a program analyzed and executed by the CPU, or may be realized as hardware by wired logic.
 また、本実施の形態において説明した各処理のうち、自動的におこなわれるものとして説明した処理の全部または一部を手動的におこなうこともでき、あるいは、手動的におこなわれるものとして説明した処理の全部または一部を公知の方法で自動的におこなうこともできる。この他、上記文書中や図面中で示した処理手順、制御手順、具体的名称、各種のデータやパラメータを含む情報については、特記する場合を除いて任意に変更することができる。 In addition, among the processes described in this embodiment, all or part of the processes described as being automatically performed can be manually performed, or the processes described as being manually performed All or a part of the above can be automatically performed by a known method. In addition, the processing procedure, control procedure, specific name, and information including various data and parameters shown in the above-described document and drawings can be arbitrarily changed unless otherwise specified.
[プログラム]
 また、上記実施形態において説明した情報処理装置が実行する処理をコンピュータが実行可能な言語で記述したプログラムを作成することもできる。例えば、実施形態に係る情報処理装置100が実行する処理をコンピュータが実行可能な言語で記述した監視プログラムを作成することもできる。この場合、コンピュータが監視プログラムを実行することにより、上記実施形態と同様の効果を得ることができる。さらに、かかる監視プログラムをコンピュータ読み取り可能な記録媒体に記録して、この記録媒体に記録された監視プログラムをコンピュータに読み込ませて実行することにより上記実施形態と同様の処理を実現してもよい。 [program]
It is also possible to create a program in which the processing executed by the information processing apparatus described in the above embodiment is described in a language that can be executed by a computer. For example, a monitoring program in which processing executed by the information processing apparatus 100 according to the embodiment is described in a language that can be executed by a computer can be created. In this case, when the computer executes the monitoring program, the same effect as in the above embodiment can be obtained. Further, the monitoring program may be recorded on a computer-readable recording medium, and the monitoring program recorded on the recording medium may be read by the computer and executed to execute the same processing as in the above embodiment.
 図15は、監視プログラムを実行するコンピュータを示す図である。図15に例示するように、コンピュータ1000は、例えば、メモリ1010と、CPU1020と、ハードディスクドライブインタフェース1030と、ディスクドライブインタフェース1040と、シリアルポートインタフェース1050と、ビデオアダプタ1060と、ネットワークインタフェース1070とを有し、これらの各部はバス1080によって接続される。 FIG. 15 is a diagram illustrating a computer that executes a monitoring program. As illustrated in FIG. 15, the computer 1000 includes, for example, a memory 1010, a CPU 1020, a hard disk drive interface 1030, a disk drive interface 1040, a serial port interface 1050, a video adapter 1060, and a network interface 1070. These units are connected by a bus 1080.
 メモリ1010は、図15に例示するように、ROM(Read Only Memory)1011及びRAM1012を含む。ROM1011は、例えば、BIOS(Basic Input Output System)等のブートプログラムを記憶する。ハードディスクドライブインタフェース1030は、図15に例示するように、ハードディスクドライブ1090に接続される。ディスクドライブインタフェース1040は、図15に例示するように、ディスクドライブ1100に接続される。例えば磁気ディスクや光ディスク等の着脱可能な記憶媒体が、ディスクドライブ1100に挿入される。シリアルポートインタフェース1050は、図15に例示するように、例えばマウス1110、キーボード1120に接続される。ビデオアダプタ1060は、図15に例示するように、例えばディスプレイ1130に接続される。 The memory 1010 includes a ROM (Read Only Memory) 1011 and a RAM 1012 as illustrated in FIG. The ROM 1011 stores a boot program such as BIOS (Basic Input Output System). The hard disk drive interface 1030 is connected to the hard disk drive 1090 as illustrated in FIG. The disk drive interface 1040 is connected to the disk drive 1100 as illustrated in FIG. For example, a removable storage medium such as a magnetic disk or an optical disk is inserted into the disk drive 1100. The serial port interface 1050 is connected to, for example, a mouse 1110 and a keyboard 1120 as illustrated in FIG. The video adapter 1060 is connected to a display 1130, for example, as illustrated in FIG.
 ここで、図15に例示するように、ハードディスクドライブ1090は、例えば、OS1091、アプリケーションプログラム1092、プログラムモジュール1093、プログラムデータ1094を記憶する。すなわち、上記の監視プログラムは、コンピュータ1000によって実行される指令が記述されたプログラムモジュールとして、例えばハードディスクドライブ1090に記憶される。 Here, as illustrated in FIG. 15, the hard disk drive 1090 stores, for example, an OS 1091, an application program 1092, a program module 1093, and program data 1094. That is, the above monitoring program is stored in, for example, the hard disk drive 1090 as a program module in which a command to be executed by the computer 1000 is described.
 また、上記実施形態で説明した各種データは、プログラムデータとして、例えばメモリ1010やハードディスクドライブ1090に記憶される。そして、CPU1020が、メモリ1010やハードディスクドライブ1090に記憶されたプログラムモジュール1093やプログラムデータ1094を必要に応じてRAM1012に読み出し、各種処理手順を実行する。 Further, various data described in the above embodiment is stored as program data in, for example, the memory 1010 or the hard disk drive 1090. Then, the CPU 1020 reads the program module 1093 and the program data 1094 stored in the memory 1010 and the hard disk drive 1090 to the RAM 1012 as necessary, and executes various processing procedures.
 なお、監視プログラムに係るプログラムモジュール1093やプログラムデータ1094は、ハードディスクドライブ1090に記憶される場合に限られず、例えば着脱可能な記憶媒体に記憶され、ディスクドライブ等を介してCPU1020によって読み出されてもよい。あるいは、監視プログラムに係るプログラムモジュール1093やプログラムデータ1094は、ネットワーク(LAN(Local Area Network)、WAN(Wide Area Network)等)を介して接続された他のコンピュータに記憶され、ネットワークインタフェース1070を介してCPU1020によって読み出されてもよい。 Note that the program module 1093 and the program data 1094 related to the monitoring program are not limited to being stored in the hard disk drive 1090, but may be stored in, for example, a removable storage medium and read out by the CPU 1020 via the disk drive or the like. Good. Alternatively, the program module 1093 and the program data 1094 related to the monitoring program are stored in another computer connected via a network (LAN (Local Area Network), WAN (Wide Area Network), etc.), and via the network interface 1070. May be read by the CPU 1020.
 上記の実施形態やその変形は、本願が開示する技術に含まれると同様に、請求の範囲に記載された発明とその均等の範囲に含まれるものである。 The above-described embodiments and modifications thereof are included in the invention described in the claims and equivalents thereof, as well as included in the technology disclosed in the present application.
 1 監視システム
 10、10A~10G VNF
 11 通信処理部
 12 制御部
 12a 事前設定部
 12b 判定制御部
 12c 監視制御部
 12d 設定制御部
 12e 決定部
 12f 通知部
 12g 更新部
 13 記憶部
 13a 仮想MAC管理テーブル記憶部
 20 EtherOAMコントローラ
 30 SDNコントローラ
 40 VNFM
 50 VIM
 60、60A、60B アクセス装置
 70 L2伝送ネットワーク
 80、80A L2スイッチ
 100 情報処理装置 1 Monitoring system 10, 10A-10G VNF
DESCRIPTION OF SYMBOLS 11 Communication processing part 12 Control part 12a Prior setting part 12b Judgment control part 12c Monitoring control part 12d Setting control part 12e Determination part 12f Notification part 12g Update part 13 Storage part 13a Virtual MAC management table storage part 20 EtherOAM controller 30 SDN controller 40 VNFM
50 VIM
60, 60A, 60B Access device 70 L2 transmission network 80, 80A L2 switch 100 Information processing device

Claims (7)

  1.  複数のVNFを動作させる情報処理装置を有する監視システムであって、
     前記情報処理装置は、
     各VNFが管理する監視対象装置ごとにそれぞれ設定された自VNFの仮想MACアドレスを記憶する記憶部と、
     前記各VNFが前記監視対象装置から送信されたフレームを受信した場合に、該フレームの送信先MACアドレスが自VNFの仮想MACアドレスのいずれかと一致するか各VNFにそれぞれ判定させ、前記送信先MACアドレスと前記仮想MACアドレスとが一致しないVNFについては、前記フレームを破棄させるように制御する判定制御部と、
     前記送信先MACアドレスと前記仮想MACアドレスとが一致するVNFについては、前記フレームに含まれる情報を基に前記監視対象装置の通信を監視させるように制御する監視制御部と、
     前記VNFが前記監視対象装置にフレームを送信する際には、前記記憶部から送信先の監視対象装置に対応するVNFの仮想MACアドレスを取得し、該取得した仮想MACアドレスを送信元MACアドレスに設定するように制御する設定制御部と
     を備えたことを特徴とする監視システム。     A monitoring system having an information processing apparatus that operates a plurality of VNFs,
    The information processing apparatus includes:
    A storage unit for storing the virtual MAC address of the own VNF set for each monitoring target device managed by each VNF;
    When each VNF receives a frame transmitted from the monitored device, each VNF determines whether the destination MAC address of the frame matches one of the virtual MAC addresses of its own VNF, and the destination MAC For a VNF whose address does not match the virtual MAC address, a determination control unit that controls to discard the frame;
    A monitoring control unit that controls to monitor communication of the monitoring target device based on information included in the frame for the VNF in which the transmission destination MAC address and the virtual MAC address match,
    When the VNF transmits a frame to the monitoring target device, the virtual MAC address of the VNF corresponding to the monitoring target device of the transmission destination is acquired from the storage unit, and the acquired virtual MAC address is set as the transmission source MAC address. A monitoring system comprising: a setting control unit that controls to perform setting.
  2.  前記情報処理装置に新たなVNFが生成された場合に、すでに動作しているVNFが管理する監視対象装置のうち、前記新たなVNFに監視させる監視対象装置を決定する決定部と、
     前記決定部によって決定された新たなVNFに監視させる監視対象装置に対応する仮想MACアドレスを、前記新たなVNFの仮想MACアドレスとして登録するように新たなVNFに通知する通知部と、
     前記新たなVNFに監視させる監視対象装置に対応する仮想MACアドレスを、前記通知部によって通知された仮想MACアドレスに変更するように前記記憶部を更新する更新部と、
     をさらに備えたことを特徴とする請求項1に記載の監視システム。     A determination unit that determines a monitoring target device to be monitored by the new VNF among monitoring target devices managed by the already operating VNF when a new VNF is generated in the information processing device;
    A notifying unit for notifying the new VNF to register a virtual MAC address corresponding to a monitoring target device to be monitored by the new VNF determined by the determining unit, as a virtual MAC address of the new VNF;
    An update unit that updates the storage unit to change the virtual MAC address corresponding to the monitoring target device to be monitored by the new VNF to the virtual MAC address notified by the notification unit;
    The monitoring system according to claim 1, further comprising:
  3.  前記情報処理装置とは異なる別の情報処理装置に新たなVNFが生成された場合に、すでに動作しているVNFが管理する監視対象装置のうち、前記新たなVNFに監視させる監視対象装置を決定する決定部と、
     前記決定部によって決定された新たなVNFに監視させる監視対象装置に対応する仮想MACアドレスを、前記新たなVNFの仮想MACアドレスとして登録するように前記別の情報処理装置の新たなVNFに通知する通知部と、
     前記新たなVNFに監視させる監視対象装置に対応する仮想MACアドレスを、前記通知部によって通知された仮想MACアドレスに変更するように前記記憶部を更新する更新部と、
     をさらに備えたことを特徴とする請求項1に記載の監視システム。     When a new VNF is generated in another information processing apparatus different from the information processing apparatus, a monitoring target apparatus to be monitored by the new VNF is determined from among the monitoring target apparatuses managed by the already operating VNF. A decision unit to
    Notifying the new VNF of the other information processing apparatus to register the virtual MAC address corresponding to the monitoring target device to be monitored by the new VNF determined by the determination unit as the virtual MAC address of the new VNF A notification unit;
    An update unit that updates the storage unit to change the virtual MAC address corresponding to the monitoring target device to be monitored by the new VNF to the virtual MAC address notified by the notification unit;
    The monitoring system according to claim 1, further comprising:
  4.  前記監視対象装置に対応するVNFの仮想MACアドレスを払い出し、該監視対象装置に対して該仮想MACアドレスを前記フレームの送信先MACアドレスとして送信するとともに、払い出された仮想MACアドレスを前記記憶部に格納する事前設定部をさらに備えたことを特徴とする請求項1に記載の監視システム。 The virtual MAC address of the VNF corresponding to the monitoring target device is issued, the virtual MAC address is transmitted to the monitoring target device as the transmission destination MAC address of the frame, and the issued virtual MAC address is stored in the storage unit The monitoring system according to claim 1, further comprising a pre-setting unit that stores the information in the storage unit.
  5.  複数のVNFを動作させる情報処理装置によって実行される監視方法であって、
     前記情報処理装置は、各VNFが管理する監視対象装置ごとにそれぞれ設定された自VNFの仮想MACアドレスを記憶する記憶部を有し、
     前記各VNFが前記監視対象装置から送信されたフレームを受信した場合に、該フレームの送信先MACアドレスが自VNFの仮想MACアドレスのいずれかと一致するか各VNFにそれぞれ判定させ、前記送信先MACアドレスと前記仮想MACアドレスとが一致しないVNFについては、前記フレームを破棄させるように制御する判定制御工程と、
     前記送信先MACアドレスと前記仮想MACアドレスとが一致するVNFについては、前記フレームに含まれる情報を基に前記監視対象装置の通信を監視させるように制御する監視制御工程と、
     前記VNFが前記監視対象装置にフレームを送信する際には、前記記憶部から送信先の監視対象装置に対応するVNFの仮想MACアドレスを取得し、該取得した仮想MACアドレスを送信元MACアドレスに設定するように制御する設定制御工程と
     を含んだことを特徴とする監視方法。     A monitoring method executed by an information processing apparatus that operates a plurality of VNFs,
    The information processing apparatus includes a storage unit that stores a virtual MAC address of the own VNF set for each monitoring target apparatus managed by each VNF,
    When each VNF receives a frame transmitted from the monitored device, each VNF determines whether the destination MAC address of the frame matches one of the virtual MAC addresses of its own VNF, and the destination MAC For a VNF whose address and the virtual MAC address do not match, a determination control step for controlling to discard the frame;
    A monitoring control step for controlling the monitoring target device to monitor communication based on information included in the frame for VNFs having the same destination MAC address and virtual MAC address;
    When the VNF transmits a frame to the monitoring target device, the virtual MAC address of the VNF corresponding to the monitoring target device of the transmission destination is acquired from the storage unit, and the acquired virtual MAC address is set as the transmission source MAC address. A monitoring method comprising: a setting control step for controlling to set.
  6.  複数のVNFを動作させる情報処理装置であって、
     各VNFが管理する監視対象装置ごとにそれぞれ設定された自VNFの仮想MACアドレスを記憶する記憶部と、
     前記各VNFが前記監視対象装置から送信されたフレームを受信した場合に、該フレームの送信先MACアドレスが自VNFの仮想MACアドレスのいずれかと一致するか各VNFにそれぞれ判定させ、前記送信先MACアドレスと前記仮想MACアドレスとが一致しないVNFについては、前記フレームを破棄させるように制御する判定制御部と、
     前記送信先MACアドレスと前記仮想MACアドレスとが一致するVNFについては、前記フレームに含まれる情報を基に前記監視対象装置の通信を監視させるように制御する監視制御部と、
     前記VNFが前記監視対象装置にフレームを送信する際には、前記記憶部から送信先の監視対象装置に対応するVNFの仮想MACアドレスを取得し、該取得した仮想MACアドレスを送信元MACアドレスに設定するように制御する設定制御部と
     を備えたことを特徴とする情報処理装置。     An information processing apparatus that operates a plurality of VNFs,
    A storage unit for storing the virtual MAC address of the own VNF set for each monitoring target device managed by each VNF;
    When each VNF receives a frame transmitted from the monitored device, each VNF determines whether the destination MAC address of the frame matches one of the virtual MAC addresses of its own VNF, and the destination MAC For a VNF whose address does not match the virtual MAC address, a determination control unit that controls to discard the frame;
    A monitoring control unit that controls to monitor communication of the monitoring target device based on information included in the frame for the VNF in which the transmission destination MAC address and the virtual MAC address match,
    When the VNF transmits a frame to the monitoring target device, the virtual MAC address of the VNF corresponding to the monitoring target device of the transmission destination is acquired from the storage unit, and the acquired virtual MAC address is set as the transmission source MAC address. An information processing apparatus comprising: a setting control unit that controls to perform setting.
  7.  コンピュータを請求項6に記載の情報処理装置として機能させるための監視プログラム。 A monitoring program for causing a computer to function as the information processing apparatus according to claim 6.
PCT/JP2018/000836 2017-03-28 2018-01-15 Monitoring system, monitoring method, information processing device, and monitoring program WO2018179683A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2017063742A JP6317833B1 (en) 2017-03-28 2017-03-28 Monitoring system, monitoring method, information processing apparatus, and monitoring program
JP2017-063742 2017-03-28

Publications (1)

Publication Number Publication Date
WO2018179683A1 true WO2018179683A1 (en) 2018-10-04

Family

ID=62069442

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2018/000836 WO2018179683A1 (en) 2017-03-28 2018-01-15 Monitoring system, monitoring method, information processing device, and monitoring program

Country Status (2)

Country Link
JP (1) JP6317833B1 (en)
WO (1) WO2018179683A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2012080263A (en) * 2010-09-30 2012-04-19 Ntt Communications Kk Server device, network system, and program
US20160156718A1 (en) * 2014-12-01 2016-06-02 Telefonaktiebolaget L M Ericsson (Publ) Enf selection for nfvi

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2012080263A (en) * 2010-09-30 2012-04-19 Ntt Communications Kk Server device, network system, and program
US20160156718A1 (en) * 2014-12-01 2016-06-02 Telefonaktiebolaget L M Ericsson (Publ) Enf selection for nfvi

Also Published As

Publication number Publication date
JP6317833B1 (en) 2018-04-25
JP2018166305A (en) 2018-10-25

Similar Documents

Publication Publication Date Title
US11477097B2 (en) Hierarchichal sharding of flows from sensors to collectors
US7941539B2 (en) Method and system for creating a virtual router in a blade chassis to maintain connectivity
EP3671452A1 (en) System and method for user customization and automation of operations on a software-defined network
US7984123B2 (en) Method and system for reconfiguring a virtual network path
US7962587B2 (en) Method and system for enforcing resource constraints for virtual machines across migration
US8645952B2 (en) Method for providing location independent dynamic port mirroring on distributed virtual switches
US8086739B2 (en) Method and system for monitoring virtual wires
JP5958164B2 (en) Control apparatus, method and program, system, and information processing method
CN105453492A (en) Switch clusters having layer-3 distributed router functionality
TW201723744A (en) Server system, method for managing power supply units and automatic transfer switches, and non-transitory computer-readable storage medium
JP5757325B2 (en) Virtual desktop system, network processing apparatus, management method, and management program
JP2011077946A (en) Communication apparatus and frame transmission method
CN103067287B (en) Forwarding and realizing under control separation architecture the method for virtual programmable router
US20150312141A1 (en) Information processing system and control method for information processing system
JP5904285B2 (en) Communication system, virtual network management device, communication node, communication method, and program
Mouradian et al. Network functions virtualization architecture for gateways for virtualized wireless sensor and actuator networks
US9036634B2 (en) Multicast route entry synchronization
US20160012008A1 (en) Communication system, control apparatus, communication method, and program
CN108650337B (en) Server detection method, system and storage medium
EP3829111A1 (en) Dynamic mapping of nodes responsible for monitoring traffic of an evolved packet core
JP6496860B2 (en) Monitoring system, monitoring method and monitoring program
JP6317833B1 (en) Monitoring system, monitoring method, information processing apparatus, and monitoring program
JP7268741B2 (en) Communication system, communication method and communication program
US8615600B2 (en) Communication between a host operating system and a guest operating system
CA3064541C (en) Virtual network monitoring system, virtual network monitoring apparatus, virtual network monitoring method, and non-transitory computer-readable recording medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18777488

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18777488

Country of ref document: EP

Kind code of ref document: A1