WO2024038523A1 - Dispositif de conversion, procédé de conversion, et programme de conversion - Google Patents

Dispositif de conversion, procédé de conversion, et programme de conversion Download PDF

Info

Publication number
WO2024038523A1
WO2024038523A1 PCT/JP2022/031106 JP2022031106W WO2024038523A1 WO 2024038523 A1 WO2024038523 A1 WO 2024038523A1 JP 2022031106 W JP2022031106 W JP 2022031106W WO 2024038523 A1 WO2024038523 A1 WO 2024038523A1
Authority
WO
WIPO (PCT)
Prior art keywords
packet
header
hardware
processing
packets
Prior art date
Application number
PCT/JP2022/031106
Other languages
English (en)
Japanese (ja)
Inventor
勇樹 三好
千晴 森岡
裕平 林
里美 井上
Original Assignee
日本電信電話株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電信電話株式会社 filed Critical 日本電信電話株式会社
Priority to PCT/JP2022/031106 priority Critical patent/WO2024038523A1/fr
Publication of WO2024038523A1 publication Critical patent/WO2024038523A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/022Capturing of monitoring data by sampling

Definitions

  • the present invention relates to a conversion device, a conversion method, and a conversion program.
  • xFlow technology performs traffic aggregation and analysis by sampling packets and transmitting flow statistical information calculated from header information and the header part itself (header sample). be.
  • header sample the header information and the header part itself
  • packet encapsulation technique that embeds a packet in the payload of another packet and transfers it over a network.
  • JP2019-097069A JP2021-090161A International Publication No. 2021/149245 Japanese Patent Application Publication No. 2020-174257
  • the multiple header samples are split and reassembled into a single header sample, statistics are aggregated, and the analyzer is sent to the analyzer. Need to send.
  • the present invention has been made in view of the above, and provides a conversion device, a conversion method, and a conversion program that can reduce software processing load, speed up processing, and increase the amount of traffic that can be processed.
  • the purpose is to
  • a conversion device analyzes input packet information using hardware, and determines whether or not to perform predetermined pre-processing using the hardware.
  • an analysis unit that determines whether a packet to be subjected to predetermined pre-processing by the hardware is a packet equipped with a plurality of header samples or a packet equipped with a single header sample; a reconstruction unit that reconstructs a packet carrying a single header sample into a packet carrying a single header sample; and a packet carrying a single header sample determined by the analysis unit; For packets equipped with a single header sample reconstructed by the reconstruction unit, an identification indicating a group of the packets based on information in a fixed length header of the packet equipped with the single header sample.
  • an attaching unit that performs a process of attaching metadata including information to the packet using the hardware; and a process of generating an analysis packet corresponding to the group of packets using the metadata attached by the attaching unit.
  • the invention is characterized in that it has a generation unit that performs this using software.
  • FIG. 1 is a block diagram showing an example of the configuration of a communication system according to an embodiment.
  • FIG. 2 is a diagram illustrating the flow of processing in the conversion apparatus shown in FIG. 1.
  • FIG. 3 is a block diagram showing an example of the configuration of the conversion device shown in FIG. 1.
  • FIG. 4 is a diagram illustrating reconstruction processing by the reconstruction unit shown in FIG. 3.
  • FIG. 5 is a diagram illustrating reconstruction processing by the reconstruction unit shown in FIG. 3.
  • FIG. 6 is a diagram illustrating adding metadata to an IPFIX packet.
  • FIG. 7 is a diagram illustrating the flow of processing in the conversion device shown in FIG. 1.
  • FIG. 8 is a diagram illustrating the flow of processing in the conversion device shown in FIG. 1.
  • FIG. 9 is a diagram illustrating the circuit architecture of the reconstruction unit shown in FIG. 3.
  • FIG. 10 is a flowchart illustrating an example of the processing procedure of the conversion process according to the embodiment.
  • FIG. 11 is a diagram illustrating a conventional conversion technique.
  • FIG. 12 is a diagram illustrating an example of a computer that implements a conversion device by executing a program.
  • the conversion device 10 offloads some processing to the preceding hardware and analyzes packets using the hardware.
  • the conversion device 10 determines whether to perform hardware processing or subsequent software processing.
  • the conversion device 10 When determining that hardware processing is to be performed, the conversion device 10 further identifies the header information by protocol analysis, and converts the packet to either a packet with multiple header samples (multi-header sample packet) or a single header sample. packet (single header sample packet). For multiple header sample packets, the conversion device 10 uses upstream hardware to divide the multiple header samples and reconstruct them into a single header sample packet.
  • the conversion device 10 writes metadata including grouping information to the end of the packet as a result of the analysis performed on the packet by the preceding hardware. Then, the conversion device 10 identifies the metadata in the subsequent software, and performs coordination between hardware and software by replacing the protocol analysis and grouping processing.
  • the conversion device 10 by offloading some processing to the hardware, it is possible to reduce the amount of processing on the software side and perform flexible processing that differs depending on the attributes of the operator etc. at high speed. do. Furthermore, in the conversion device 10, by using hardware to process the division and reassembly of packets equipped with multiple header samples, it is possible to reduce the software processing load, which requires high calculation costs, and to process large volumes of traffic information at high speed. It becomes possible to do so.
  • FIG. 1 is a block diagram showing an example of the configuration of a communication system according to an embodiment.
  • the communication system 1 includes a plurality of NW devices 2, a conversion device 10, and a plurality of analysis devices 3 (external devices).
  • NW devices 2 and the conversion device 10 communicate via the network N.
  • the configuration shown in FIG. 1 is only an example, and the specific configuration and number of each device are not particularly limited.
  • the NW device 2 samples packets in the traffic to be monitored. For example, the NW device 2 may transfer the mirrored encapsulated packet to the conversion device 10, or may cut out the sampled packet header sample and transfer the xFlow packet in which the cut header sample is encapsulated to the conversion device 10. It's okay. At this time, the NW device 2 may include statistical information regarding the flow, such as the number of packets, in the xFlow packet to be transferred, or may transfer it to the conversion device 10 as a separate xFlow packet.
  • the conversion device 10 converts xFlow packets input from various NW devices 2 into xFlow packets in a format according to the processing content of the external analysis device 3. Specifically, the conversion device 10 identifies header information through protocol analysis, divides and reconstructs multiple header sample packets into single header sample packets, and then performs grouping based on conditions. Then, the conversion device 10 performs processing defined for each group and transmits the generated packets to the analysis device 3. For example, as a process defined for each group, the conversion device 10 aggregates statistics of inner headers of xFlow packets input from various NW devices 2, and converts xFlow packets that include at least statistical information indicating statistics of the determined inner headers. is generated and sent to the external analysis device 3.
  • Each analysis device 3 analyzes the traffic to be monitored and aggregates packets in the traffic to be monitored. For example, the analysis device 3 performs analysis and aggregation using statistical information included in the xFlow packet converted by the conversion device 10.
  • the conversion device 10 performs flexible format conversion processing based on packet header information.
  • FIG. 2 is a diagram illustrating the flow of processing in the conversion apparatus shown in FIG. 1.
  • explanations such as processing in which the conversion device 10 offloads some processing to hardware are omitted, and it is not stated whether the processing is performed by hardware or software. The overall flow of processing will be explained. Furthermore, processing for offloading some processing to hardware will be described later.
  • the conversion device 10 upon receiving an input of an encapsulated packet mirrored by the NW device 2 or an xFlow packet including a header sample, the conversion device 10 identifies the header information by protocol analysis (see FIG. 2). (See (1)).
  • the conversion device 10 reconstructs the multiple header sample packets into single header sample packets (see (2) in FIG. 2), and then performs grouping based on conditions (see (2) in FIG. 2). (See 2 (3)).
  • the example in FIG. 2 illustrates a case where the conversion device 10 classifies a packet into one of a plurality of groups "groups #1 to #3" based on conditions regarding both the outer header and the inner header. are doing.
  • the conversion device 10 performs information shaping processing defined for each group (see (4) in FIG. 2). For example, in the example shown in FIG. 2, the conversion device 10 obtains inner header statistics for packets classified into group "#1" and generates an xFlow packet that includes at least statistical information indicating the inner header statistics. Then, the conversion device 10 transmits the generated xFlow packet to the xFlow analysis device 3A (also described as the destination “analysis A” in FIG. 2) as the destination.
  • the xFlow analysis device 3A also described as the destination “analysis A” in FIG. 2
  • the conversion device 10 obtains statistics of the outer header for packets classified into group "#2" and generates an xFlow packet that includes at least statistical information indicating the statistics of the outer header. Then, the conversion device 10 transmits the generated xFlow packet to the xFlow analysis device 3B (also described as the destination “analysis B” in FIG. 2) as the destination.
  • the xFlow analysis device 3B also described as the destination “analysis B” in FIG. 2
  • the conversion device 10 performs a process of removing the capsule header from the packets classified into the group “#3” and generating (formatting) the packets with the transmission destination rewritten to the external analysis device 3C. Then, the conversion device 10 transmits the generated packet to the packet capture device 3C (also described as the destination “capture C” in FIG. 2) as the destination. Note that the conversion device 10 may generate and transmit packets at any timing for each of the above-described processes.
  • the conversion device 10 when performing statistical processing such as processing corresponding to groups "#1" and "#2", the conversion device 10 performs statistical processing when the number of grouped packets reaches a predetermined number, Generate and send a packet. Further, for example, when the conversion device 10 removes the capsule header and rewrites the transmission destination to the external analysis device 3 as in the process corresponding to the group “#3”, the conversion device 10 is grouped into the group “#3”. Each time, a packet is generated and sent.
  • the conversion device 10 groups input packets and performs different processing for each group, such as deleting the outer packet header of the capsule, statistical processing, and changing the destination IP address. This makes it possible to flexibly perform individual processing and analysis.
  • the conversion device 10 by offloading some processing to hardware, the amount of processing on the software side is reduced, and it is possible to perform flexible processing that differs depending on the attributes of the business operator, etc. at high speed. . Furthermore, in the conversion device 10, hardware processes the division and reassembly of a plurality of header samples for packets equipped with a plurality of header samples, thereby reducing the software processing load that requires large calculation costs, and reducing the burden on large-volume traffic. It becomes possible to process information at high speed.
  • FIG. 3 is a block diagram showing an example of the configuration of the conversion device 10 shown in FIG. 1.
  • the conversion device 10 includes a packet analysis section 11, a reconstruction section 12, a metadata adding section 13, a generation section 14, and a rule information DB 15.
  • the conversion device 10 is configured such that a predetermined program is loaded into a computer, etc., including, for example, ROM (Read Only Memory), RAM (Random Access Memory), CPU (Central Processing Unit), etc., and the CPU executes the predetermined program. This is achieved by doing.
  • the conversion device 10 has a communication interface that transmits and receives various information to and from other devices connected via a network or the like.
  • the conversion device 10 includes a NIC (Network Interface Card) and the like, and performs communication with other devices via a telecommunication line such as a LAN (Local Area Network) or the Internet.
  • NIC Network Interface Card
  • the rule information DB 15 is a preset rule, and stores a rule for determining whether to offload some processing to the preceding hardware. For example, the rule information DB 15 determines which packets are to be subjected to predetermined pre-processing by hardware (packets to be hardware offloaded), depending on the information in one or both of the outer header and inner header of the input packet. , a determination rule for determining whether a packet is to be processed by software without performing predetermined pre-processing by hardware (a packet other than hardware offload) is stored. The rule information DB 15 stores a determination rule for determining whether a packet to be subjected to hardware processing is a multiple header sample packet or a single header sample packet.
  • the rule information DB 15 stores rules for specifying a hardware processing portion and a software processing portion in a packet.
  • the rule information DB 15 stores rules for specifying a hardware processing portion and a software processing portion for each type of packet.
  • the rule information DB 15 stores grouping conditions, which are conditions for grouping input packets. Further, for example, the rule information DB 15 stores, as a grouping condition, a condition regarding information included in one or both of the outer header and the inner header.
  • the rule information DB 15 stores processes defined for each group. That is, the rule information DB 15 stores the details of the processing to be performed for each group for each grouped packet. For example, the rule information DB 15 stores processing details and destinations of generated analysis packets in association with group IDs. Note that the information stored in the rule information DB 15 described above is set in advance by the operator, and can be changed, added, or deleted as appropriate.
  • the packet analysis unit 11 analyzes the input packet information using hardware, and determines whether or not to perform predetermined pre-processing using the hardware. For example, upon receiving an input of an encapsulated packet (RAW packet) or an xFlow packet including a header sample that is the header portion itself, the packet analysis unit 11 performs protocol analysis on the encapsulated packet or xFlow packet using hardware.
  • RAW packet encapsulated packet
  • xFlow packet including a header sample that is the header portion itself
  • the packet analysis unit 11 determines whether or not to perform predetermined pre-processing by hardware, and also determines whether or not to perform predetermined pre-processing using hardware, and also determines whether or not to perform predetermined pre-processing using hardware. Determine if there is.
  • the packet analysis unit 11 refers to the determination rules stored in the rule information DB 15 and determines whether the input packet is a hardware offload target packet and a multi-header sample packet, or a hardware offload target packet. to determine whether it is a single header sample packet or a packet other than hardware offload.
  • the packet analysis unit 11 determines that the packet is a non-hardware offload packet, it causes the generation unit 14 (software) to perform the following processing.
  • the packet analysis unit 11 determines that the packet is a hardware offload target packet and is a multi-header sample packet
  • the packet analysis unit 11 refers to the information stored in the rule information DB 15, and the reconstruction unit 12 (hardware) performs the following processing.
  • the packet analysis unit 11 determines that the packet is a hardware offload target packet and is a single header sample packet, the packet analysis unit 11 refers to the information stored in the rule information DB 15 and determines the hardware processing portion of the packet.
  • the software processing part is specified, and the metadata adding unit 13 (hardware) is made to perform the following processing.
  • the packet analysis unit 11 when the packet analysis unit 11 receives an input of an L2TP packet that is an encapsulated packet, it includes the "first Ether header", “first IPv4/IPv6 header” and “UDP (User Datagram Protocol)".
  • the "header” is specified as the hardware processing part
  • the "second IPv4/IPv6 header” is specified as the software processing part.
  • the information in the fixed-length header outside the capsule is easily determined even if it is processed in hardware, so it is processed in hardware.
  • the information in the variable length header and the capsule inner header needs to be read in bit units and is a hardware processing part.
  • the packet analysis unit 11 when the packet analysis unit 11 receives an input of an IPFIX packet that is an xFlow packet including a header sample, the packet analysis unit 11 inputs the "IPFIX Ether header", the "IPFIX IPv4/IPv6 header”, and the L2TP header in the IPFIX set.
  • the "first Ether header,” “first IPv4/IPv6 header,” and “UDP header” in sampling are identified as the hardware processing part, and the "second IPv4/IPv6 header" in L2TP header sampling is identified as the software processing part. do.
  • the reconstruction unit 12 reconstructs the multiple header sample packet into a single header sample packet.
  • the reconstruction unit 12 divides the multiple header sample packet into a header part and each data part. Then, the reconstruction unit 12 reconstructs it into a single header sample packet according to the number of data.
  • the reconstruction unit 12 outputs each reconstructed single header sample packet to the metadata adding unit 13.
  • 4 and 5 are diagrams illustrating the reconstruction process by the reconstruction unit 12 shown in FIG. 3. 4 and 5, the reconstruction process of an IPFIX packet having two samples will be described.
  • the reconstruction unit 12 obtains the data length of the entire IPFIX multisample and the data length of each sample from FlowSet Length and string_len_short stored in the IPFIX header, and Divide into parts.
  • the data is divided into an L2/L3 header section, an IPFIX header section, sample data S1, and sample data S2.
  • the reconstruction unit 12 reconstructs the IPFIX packet of the single header sample according to the number of samples.
  • the reconstruction unit 12 reconstructs a single header sample IPFIX packet including the sample data S1 based on the L2/L3 header section, the IPFIX header section, and the sample data S1.
  • the reconstruction unit 12 reconstructs a single header sample IPFIX packet including the sample data S2 based on the L2/L3 header section, the IPFIX header section, and the sample data S2.
  • the metadata adding unit 13 inputs metadata including identification information indicating a group of input packets based on the fixed length header information in the single header sample packet input by the packet analysis unit 11 or the reconstruction unit 12.
  • the processing to add to the packet is performed by hardware.
  • the metadata adding unit 13 refers to the rules stored in the rule information DB 15, obtains information in the header identified by the packet analysis unit 11 as a hardware processing part, and performs grouping based on the information in the header.
  • the processing for determining the grouping ID and adding metadata including the grouping ID to the packet is performed by hardware.
  • the metadata adding unit 13 performs information shaping processing to change the source IP address of the packet to the IP address of the conversion device 10 and change the destination IP address to the IP address of the analysis device 3.
  • the metadata adding unit 13 adds metadata that follows the rules based on the information in the header identified as the hardware processing part.
  • the metadata includes protocol analysis results such as the protocol type and header length of each header, and grouping primary identification results.
  • FIG. 6 is a diagram illustrating adding metadata to IPFIX packets. As illustrated in FIG. 6, for example, the metadata adding unit 13 creates metadata (Meta1, Meta2) corresponding to each sample and adds it to the IPFIX packet.
  • Meta1, Meta2 metadata adding unit 13 creates metadata (Meta1, Meta2) corresponding to each sample and adds it to the IPFIX packet.
  • the metadata adding unit 13 adds metadata including "number of VLANs", “number of MPLS labels”, “various header positions”, and "xFlow packet type” to the IPFIX packet.
  • the metadata adding unit 13 inserts 0 to 3 bytes of padding between the reconfigured IPFIX packet and the metadata, aligns it to 4 bytes, and adds the metadata.
  • the metadata adding unit 13 performs padding according to the packet length after reconfiguration.
  • the metadata adding unit 13 may also add, for the L2TP packet, "VLAN number,” “MPLS label number,” “IP header position,” “grouping ID based on the rule table,” “transmission source before information shaping.” IP address and destination IP address.
  • the generation unit 14 performs a process of generating analysis packets corresponding to a group of packets using the metadata added by the metadata addition unit 13 when predetermined pre-processing by hardware is performed. This is done by software. For example, the generation unit 14 acquires a grouping ID included in the metadata assigned by the metadata assignment unit 13, and refers to the rule information DB 15 to determine a process corresponding to the grouping ID.
  • the generation unit 14 performs packet protocol analysis processing and grouping processing by software, and then performs processing corresponding to the group to generate packets. Perform the process to generate. Thereafter, the generation unit 14 transmits the generated packet to the analysis device 3.
  • the generation unit 14 may perform a process of generating an analysis packet corresponding to a group by aggregating the statistics of the inner header and generating an xFlow packet that includes at least statistical information indicating the statistics of the inner header; A process of aggregating statistics and generating an xFlow packet that includes at least statistical information indicating the statistics of the outer header, and a process of generating (shaping) a packet with the outer header removed and the destination rewritten to the external analysis device 3. Execute one or more of the following processes. Note that the process of generating a packet by the generation unit 14 includes a process of generating a new packet for analysis, and a process of rewriting or deleting the information of the input packet to format it into a packet for analysis. shall include.
  • FIGS. 7 and 8 are diagrams illustrating the flow of processing in the conversion device 10 shown in FIG. 1.
  • FIG. 8 a case will be described in which, as a process of generating a packet for analysis, statistics of the inner header are totaled and an xFlow packet including statistical information indicating the statistics of the inner header is generated.
  • the input packet is either a non-hardware offload packet or a single header sample packet of a hardware offload target packet. It is determined whether there is a sample packet with multiple headers of the packet to be hardware offloaded (for example, xFlow).
  • the conversion device 10 analyzes the packet using the front-end hardware, and depending on the analysis result, it determines whether the packet is a multiple-header sample packet to be processed by the front-end hardware (high-speed processing), or whether it is a single-header sample packet to be processed by the front-end hardware. Analyze whether the packet is a sample packet or a packet to be subjected to subsequent software processing (low-speed processing).
  • the conversion device 10 performs packet protocol analysis processing and grouping processing using software as internal software processing, and then performs group processing.
  • statistics of the inner header are totaled, and an xFlow packet including at least statistical information indicating the statistics of the inner header is generated.
  • the hardware at the front stage of the conversion device 10 determines whether the input packet is a packet equipped with a plurality of header samples based on the variable in the xFlow IP header of the input packet (( 1)).
  • the front-end hardware determines that the packet has multiple header samples, it divides the multiple header samples, reconstructs the packet, and collaborates with other existing functional units. For example, as shown in FIG. 8, the front-end hardware divides and restores a packet carrying three header samples to reconstruct it into three single header sample packets. In this way, by adding the function of reassembling a single header sample packet to the front-end hardware, there is no need to change the rear-end hardware (HW) processing and software (SW) processing (see Figure 8). (2)).
  • HW rear-end hardware
  • SW software
  • the conversion device 10 performs in-hardware processing on the single header sample packet that is the input packet or the reconstructed single header sample packet, and performs grouping based on the information in the header. After performing information shaping processing (chaining destination selection, etc.) to change the IP address and destination IP address, metadata that conforms to the rules is added based on the information in the header identified as the hardware processing part.
  • information shaping processing chaining destination selection, etc.
  • the conversion device 10 identifies the metadata added in the hardware processing as the software processing, and determines the processing content using the grouping ID included in the metadata. Then, the conversion device 10 performs a process within the software to analyze the inner header, aggregate the statistics of the inner header, and generate an xFlow packet that includes at least statistical information indicating the statistics of the inner header.
  • the conversion device 10 divides the multiple header samples and reconstructs them into a single header sample packet based on the analysis result performed by the previous stage hardware, and then converts the grouping information into a single header sample packet. Writes the included metadata to the end of the packet.
  • the metadata identification process replaces the computationally expensive protocol analysis and grouping process in the subsequent software, allowing hardware and software to cooperate.
  • the conversion device 10 realizes the protocol analysis processing and grouping processing using software through the metadata adding processing using hardware and the metadata reading processing using software, thereby making it possible to omit software protocol analysis with high calculation costs. can. Therefore, by offloading some processing to hardware, it is possible to reduce the amount of processing on the software side.
  • the front-stage hardware performs processing that the hardware is good at, such as uniformity processing
  • the rear-stage software performs flexible judgments and complex processing, such as processing based on internal information of encapsulated packets. This makes it possible to process even large-volume traffic at high speed while reducing the amount of processing on the software side.
  • the conversion device 10 by using hardware to process the division and reassembly of packets equipped with multiple header samples, it is possible to reduce the software processing load, which requires high calculation costs, and to process large volumes of traffic information at high speed. It becomes possible to do so.
  • FIG. 9 is a diagram illustrating the circuit architecture of the reconstruction unit 12 shown in FIG. 3.
  • the circuit architecture of the reconstruction unit 12 includes a write address calculation/data distribution unit, a plurality of block RAMs, and a data selection/shaping unit.
  • As the Block RAM a Block RAM corresponding to the MAC to IPFIX header section, a Block RAM corresponding to sample data, and a Block RAM corresponding to each metadata are provided.
  • the header section, sample data, and metadata are stored in corresponding block RAMs.
  • the front-end hardware reconstructs an IPFIX packet of a single header sample according to the number of samples at the time of output.
  • Block RAM records the memory address information ((1) in FIG. 9).
  • the write address calculation/data distribution unit sends various information and data addresses for the number of samples to the data selection/formation unit ((2) in FIG. 9).
  • the write address calculation/data distribution unit transmits the address information and the number of multi-samples to the data selection/formation unit via a FIFO (First-In First Out).
  • the data selection/shaping unit reconstructs a single header sample packet by reading data for the number of samples from each Block RAM according to the received address information and the number of multi-samples ((3) in FIG. 9).
  • FIFO First-In First Out
  • the reconstruction unit 12 divides a multi-header sample packet and reconstructs it into a single header sample packet.
  • the reconstruction unit 12 can process the division of a multi-header sample packet into multiple header samples and the reassembly into a single header sample packet using hardware, thereby processing large amounts of traffic information at high speed. becomes possible.
  • FIG. 10 is a flowchart illustrating an example of the processing procedure of the conversion process according to the embodiment.
  • step S101 when the packet analysis unit 11 of the conversion device 10 receives a packet input (step S101: Yes), it analyzes the information of the input packet using hardware, and performs pre-processing using the hardware. It is determined whether to do so (step S102).
  • step S102 determines whether the information of the input packet is to be analyzed by hardware.
  • step S103 determines whether the input packet is a multi-header sample packet.
  • the reconstruction unit 12 performs packet reconstruction in which the plural header samples of the multi-header sample packet are divided and reconstructed into a single header sample packet (step S104). ).
  • the metadata adding unit 13 adds information based on the fixed-length header information of the single-header sample packet. Then, metadata is added (step S105).
  • the generation unit 14 uses software to identify the metadata (step S106), and uses software to generate an analysis packet according to the grouping ID included in the metadata (step S109).
  • step S102 if the packet analysis unit 11 determines that the input packet information is not to be analyzed by hardware (step S102: No), the generation unit 14 performs protocol processing by software (step S107), grouping processing is performed by software (step S108). Next, the generation unit 14 generates an analysis packet using software according to the grouping result (step S109).
  • FIG. 11 is a diagram illustrating a conventional conversion technique.
  • the format is converted by performing software processing as a packet that is not subject to hardware offload.
  • multi-header sample packets are not subject to hardware offloading, resulting in software processing with high calculation costs, resulting in an increase in calculation costs. For this reason, with conventional conversion techniques, it has been difficult to process large amounts of traffic information contained in a multi-header sample packet at high speed using software.
  • the conversion device 10 analyzes the information of the input packet using hardware, determines whether or not to perform predetermined pre-processing by the hardware, and determines whether or not to perform predetermined pre-processing on the packets that are to be processed by the hardware. It is determined whether the packet is a multiple header sample packet or a single header sample packet. If the conversion device 10 determines to perform the pre-processing and determines that the packet is a multi-header sample packet, the converter 10 uses hardware to divide the multiple header samples of the multi-header sample packet and re-create it into a single header sample packet. To construct.
  • a single header sample packet that has been determined to undergo pre-processing or a single header sample packet after reassembly is processed by hardware with identification information indicating a group of packets based on the information in the fixed length header of the packet.
  • the process of adding the included metadata to the packet is performed by hardware.
  • the conversion device 10 uses software to generate a packet for analysis corresponding to the group of packets using the attached metadata. Therefore, the conversion device 10 can perform flexible processing that differs depending on the attributes of business operators and the like at high speed.
  • the conversion device 10 writes metadata including the analysis results performed by the preceding hardware and grouping information to the end of the packet.
  • the metadata identification process replaces the protocol analysis and grouping process in the subsequent software, so that the hardware and software can cooperate.
  • the conversion device 10 when the conversion device 10 receives a packet equipped with a plurality of header samples, by processing the division and reconstruction of the plurality of header samples using hardware, it is possible to reduce the software processing load that requires a large calculation cost.
  • Each component of the conversion device 10 shown in FIG. 1 is functionally conceptual, and does not necessarily need to be physically configured as shown.
  • the specific form of distributing and integrating the functions of the conversion device 10 is not limited to what is shown in the diagram, and all or part of it can be functionally or physically distributed in arbitrary units depending on various loads and usage conditions. It can be configured to be distributed or integrated.
  • each process performed in the conversion device 10 may be realized by a CPU and a program that is analyzed and executed by the CPU. Moreover, each process performed in the conversion device 10 may be realized as hardware using wired logic.
  • FIG. 12 is a diagram showing an example of a computer that implements the conversion device 10 by executing a program.
  • Computer 1000 includes, for example, a memory 1010 and a CPU 1020.
  • the computer 1000 also includes a hard disk drive interface 1030, a disk drive interface 1040, a serial port interface 1050, a video adapter 1060, and a network interface 1070. These parts are connected by a bus 1080.
  • the memory 1010 includes a ROM 1011 and a RAM 1012.
  • the ROM 1011 stores, for example, a boot program such as BIOS (Basic Input Output System).
  • Hard disk drive interface 1030 is connected to hard disk drive 1090.
  • Disk drive interface 1040 is connected to disk drive 1100.
  • Serial port interface 1050 is connected to, for example, mouse 1110 and keyboard 1120.
  • Video adapter 1060 is connected to display 1130, for example.
  • the hard disk drive 1090 stores, for example, an OS (Operating System) 1091, an application program 1092, a program module 1093, and program data 1094. That is, a program that defines each process of the conversion device 10 is implemented as a program module 1093 in which code executable by the computer 1000 is written.
  • Program module 1093 is stored in hard disk drive 1090, for example.
  • a program module 1093 for executing processing similar to the functional configuration of the conversion device 10 is stored in the hard disk drive 1090.
  • the hard disk drive 1090 may be replaced by an SSD (Solid State Drive).
  • the setting data used in the processing of the embodiment described above is stored as program data 1094 in, for example, the memory 1010 or the hard disk drive 1090. Then, the CPU 1020 reads out the program module 1093 and program data 1094 stored in the memory 1010 and the hard disk drive 1090 to the RAM 1012 as necessary and executes them.
  • program module 1093 and the program data 1094 are not limited to being stored in the hard disk drive 1090, but may be stored in a removable storage medium, for example, and read by the CPU 1020 via the disk drive 1100 or the like.
  • the program module 1093 and the program data 1094 may be stored in another computer connected via a network (LAN (Local Area Network), WAN (Wide Area Network), etc.).
  • Program module 1093 and program data 1094 may then be read by CPU 1020 from another computer via network interface 1070.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention concerne un dispositif de conversion (10) qui analyse des informations concernant un paquet d'entrée au moyen d'un matériel, détermine s'il faut ou non effectuer un prétraitement prédéterminé au moyen du matériel, et détermine si un paquet devant être soumis au prétraitement prédéterminé au moyen du matériel est un paquet qui contient une pluralité d'échantillons d'en-tête ou un paquet qui contient un seul échantillon d'en-tête. Le dispositif de conversion (10) reconstruit un paquet qui contient une pluralité d'échantillons d'en-tête en un paquet qui contient un seul échantillon d'en-tête. Sur la base d'informations d'en-tête de longueur fixe dans le paquet qui contient un seul échantillon d'en-tête, le dispositif de conversion (10) effectue, au moyen du matériel, un traitement pour joindre, au paquet, des métadonnées comprenant des informations d'identification indiquant un groupe du paquet. Le dispositif de conversion (10) effectue, au moyen d'un logiciel, un traitement pour générer un paquet d'analyse correspondant au groupe du paquet en utilisant les métadonnées jointes.
PCT/JP2022/031106 2022-08-17 2022-08-17 Dispositif de conversion, procédé de conversion, et programme de conversion WO2024038523A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2022/031106 WO2024038523A1 (fr) 2022-08-17 2022-08-17 Dispositif de conversion, procédé de conversion, et programme de conversion

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2022/031106 WO2024038523A1 (fr) 2022-08-17 2022-08-17 Dispositif de conversion, procédé de conversion, et programme de conversion

Publications (1)

Publication Number Publication Date
WO2024038523A1 true WO2024038523A1 (fr) 2024-02-22

Family

ID=89941456

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2022/031106 WO2024038523A1 (fr) 2022-08-17 2022-08-17 Dispositif de conversion, procédé de conversion, et programme de conversion

Country Status (1)

Country Link
WO (1) WO2024038523A1 (fr)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2019097069A (ja) * 2017-11-24 2019-06-20 日本電信電話株式会社 フォーマット変換装置及びフォーマット変換プログラム
JP2021090161A (ja) * 2019-12-05 2021-06-10 日本電信電話株式会社 フォーマット変換装置及び方法並びにプログラム
WO2021149245A1 (fr) * 2020-01-24 2021-07-29 日本電信電話株式会社 Dispositif de conversion, procédé de conversion, et programme de conversion

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2019097069A (ja) * 2017-11-24 2019-06-20 日本電信電話株式会社 フォーマット変換装置及びフォーマット変換プログラム
JP2021090161A (ja) * 2019-12-05 2021-06-10 日本電信電話株式会社 フォーマット変換装置及び方法並びにプログラム
WO2021149245A1 (fr) * 2020-01-24 2021-07-29 日本電信電話株式会社 Dispositif de conversion, procédé de conversion, et programme de conversion

Similar Documents

Publication Publication Date Title
US7787442B2 (en) Communication statistic information collection apparatus
US7106751B2 (en) Apparatus for linking a SAN with a LAN
CN108809854B (zh) 一种用于大流量网络处理的可重构芯片架构
JP4774357B2 (ja) 統計情報収集システム及び統計情報収集装置
EP2429128B1 (fr) Agrégation de statistiques d'écoulement
US8144609B2 (en) Network monitoring system and method thereof
US6483812B1 (en) Token ring network topology discovery and display
US20120182891A1 (en) Packet analysis system and method using hadoop based parallel computation
EP1791063A1 (fr) Procédé et appareil pour la surveillance du trafic dans un réseau
RU2608874C2 (ru) Способ и устройство для модификации и переадресации сообщения в сети передачи данных
US9276853B2 (en) Hashing of network packet flows for efficient searching
CN108270699B (zh) 报文处理方法、分流交换机及聚合网络
CN112702330B (zh) 面向Overlay网络的轻量级带内网络遥测方法、装置及存储介质
JP7215604B2 (ja) 変換装置、変換方法及び変換プログラム
JP4823156B2 (ja) リモートトラフィック監視方法
CN108141387B (zh) 对于分组报头采样的长度控制
CN113328956B (zh) 一种报文处理方法及装置
KR20060096012A (ko) 데이터 패킷 변환 방법 및 장치와 기록 매체
CN114327833A (zh) 一种基于软件定义复杂规则的高效流量处理方法
WO2024038523A1 (fr) Dispositif de conversion, procédé de conversion, et programme de conversion
US7496688B2 (en) Label switched data unit content evaluation
WO2022176035A1 (fr) Dispositif de conversion, procédé de conversion et programme de conversion
WO2022176034A1 (fr) Dispositif de conversion, procédé de conversion et programme de conversion
GB2587427A (en) Processing local area network diagnostic data
WO2024105892A1 (fr) Dispositif de conversion, procédé de conversion, et programme de conversion

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22955697

Country of ref document: EP

Kind code of ref document: A1