JP2018007093A - Physical and logical asymmetric routing prevention mechanism in redundant configuration of relay device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a method for preventing the occurrence of asymmetric routing in redundant relay devices including interfaces with different routing priority, and a redundant relay device using the method.SOLUTION: In a backup side relay device (20), routing priority of an inter-relay device route (S) is set higher than that of a direct connection route, and at least the backup side relay device blocks an inter-relay device interface when a LAN side of a main side relay device (10) detects the occurrence of failure.SELECTED DRAWING: Figure 3

Description

  The present invention relates to a technique for preventing asymmetric routing when a network configuration is made redundant.

  When normal routing is used in a network redundancy configuration, asymmetric routing in which the path of transmission traffic and reception traffic are different may occur. The occurrence of asymmetric routing is known to cause an increase in network load and a decrease in network performance, and various methods for solving such asymmetric routing problems have been proposed.

  For example, in Patent Document 1, when asymmetric routing via a server proxy in which transmission traffic and reception traffic are different is detected, aging of the MAC table and the ARP table is performed by switching the master right between redundant relay apparatuses. A control method for preventing unicast flooding due to a time difference is disclosed. Patent Document 2 discloses a method of exchanging connection information with neighboring proxies and redirecting traffic so that communication between the client and the server passes through the same proxy.

JP 2014-183549 A Special table 2008-536369

  However, any of the background arts described above is a response process after the occurrence of asymmetric routing is detected, and is not a technique for preventing the occurrence of asymmetric routing itself.

  Further, in any background art, a multi-stage configuration such as a proxy and an L3 switch is assumed, and the reliability of a routing protocol (hereinafter referred to as a routing priority) in a relay device such as a proxy and an L3 switch is considered. It has not been. The routing priority is also called AD (Administrative Distance) or preference value (Preference value). Usually, the directly connected route has the highest priority, and is based on static route, OSFP (Open Shortest Path First), etc. It is defined that the routing priority decreases in the order of dynamic routes.

  The method of determining the output interface for each of the directly connected route, the static route, and the dynamic route is described in RFC (Request for Comments) 2328 (page 167; “16.1.1 The next hop calculation”). As a specific example, the default AD value in a router manufactured by Cisco Systems, which is the de facto standard, is set such that direct connection is 0, static is 1, dynamic (OSPF) is 110, and Juniper Networks The default preference values for routers made by the manufacturer are set such that direct connection is 0, static is 20, and dynamic (OSPF) is 60. In any case, the smaller the value, the higher the routing priority.

  In a relay device that does not consider such a difference in routing priority, there is a case where asymmetric routing cannot be prevented as described below. Hereinafter, an example of a redundant configuration in which asymmetric routing occurs will be briefly described with reference to FIG.

  As illustrated in FIG. 1, the redundant routers RT1 and RT2 are customer edge routers that connect a LAN (Local Area Network) segment A to a main line and a backup line on the WAN (Wide Area Network) side, respectively. (CE router). The respective ports P11 and P21 of the routers RT1 and RT2 are directly connected to the hub HUB on the LAN side, and the respective ports P13 and P23 are connected to each other through a static or dynamic route (crossover route). Furthermore, it is assumed that the ports P12 and P22 are connected to the WAN side as dynamic routes. When no failure has occurred, the host computer in the LAN segment A can send and receive IP packets to and from the host computer at the opposite base B through the main line using the main router RT1 as the default gateway. Note that a network device that operates dynamic routing is installed at the opposite base B, and the routing information is directly exchanged or indirectly shared with the routers RT1 and RT2 on the LAN segment A side. To do.

  In the above network configuration, it is assumed that a failure has occurred in the main line connecting the LAN segment A and the opposite base B while both the routers RT1 and RT2 are operating normally. In this case, the router RT1 transfers the packet from the LAN segment A to the router RT2 through the route according to the dynamic routing protocol such as OSPF, and the router RT2 also transfers the packet to the opposite base B through the backup line by the dynamic routing ( Backup path (bound) R10a).

  However, when the router RT2 receives an IP packet from the opposite site B through the backup line, the router RT2 performs routing in preference to the directly connected LAN side route having a higher routing priority than the static route or the dynamic route. That is, even if the router RT2 is designed so as to pass through a static route or a dynamic route, the router RT2 ignores this and transfers the received packet directly to the LAN segment A through the LAN side route (backup route (return) R20a ). In this way, an asymmetric routing is generated in which the route R10a goes through the crossover route and the return route R20a does not go through the crossover route but through the directly connected LAN side route.

  As described above, when the directly connected route having the highest routing priority is included in the redundant router, it is not possible to prevent the occurrence of asymmetric routing by simply redirecting traffic.

  Next, a case where master right switching control is applied to the redundant configuration of the routers RT1 and RT2 described above will be described. That is, redundancy of the default gateway is performed between the routers RT1 and RT2 by VRRP (Virtual Router Redundancy Protocol). Here, it is assumed that the port P11 of the router RT1 has the master right. In this case, the router RT1 having the master right monitors one counter base B, and when a failure is detected, the master right is failed over from the router RT1 to the RT2. When the switching control of the master right adopted between such single bases is applied to a network configuration having a plurality of opposing bases B and C, asymmetric routing may occur as described below.

  As shown in FIG. 2, it is assumed that segment A can communicate independently with a plurality of opposing bases B and C through a redundant configuration of routers RT1 and RT2. If both routers RT1 and RT2 are operating normally and a failure occurs on the main line connecting LAN segment A and opposite base B, the master right is switched from router RT1 to RT2, and router RT2 is set as the default gateway. Become. Since the router RT2 has become the default gateway, the router RT2 transfers the packet from the segment A to the router RT1 through the cross route according to the dynamic routing between the segment A and the opposite base C, and the router RT1 dynamically transfers the packet. It is transferred to the opposite base C through the main line by routing (backup route (bound) R10a).

  However, when the router RT1 receives an IP packet from the opposite base C through the main line, the router RT1 receives the received packet in order to give priority to the directly connected LAN side route having a higher routing priority than the static route. Transfer directly to LAN segment A (backup path (return) R20a). That is, the outgoing route R10a goes through the crossover route, and the return route R20a goes through the directly connected LAN side route instead of the crossover route, and the master right is switched due to the relationship with the opposite base B. As a result, asymmetric routing occurs in the IP packet transmitted / received to / from the opposite base C that is not related to the opposite base B.

  As described above, when the directly connected route having the highest routing priority is included in the redundant router, the switching of the master right and the traffic redirection cannot completely prevent the occurrence of asymmetric routing.

  Accordingly, an object of the present invention is to provide a method for preventing the occurrence of asymmetric routing in a redundant configuration of a relay device in which interfaces having different routing priorities coexist, and a redundant configuration and a relay device using the method.

According to the first aspect of the present invention, when the routing priority of the transition route is set higher than that of the direct connection route in the backup side relay device, and at the time of occurrence of a failure on the LAN side of the main side relay device, at least the backup is performed. The relay device on the side crosses the interface.
According to the second aspect of the present invention, the routing priority of the transition route is set higher than that of the direct connection route in the backup side relay device, and the failure point of the main side relay device is the main side relay device itself or the main side relay device. In the case of the LAN side, the priority order between the routing priority of the transition route and the routing priority of the direct route is changed.

The asymmetric routing prevention method according to the present invention prevents asymmetric routing from occurring in a redundant configuration of a plurality of relay devices that are directly connected to a local area network (LAN) and provided between the LAN and a wide area network (WAN). A first relay device operating as a main relay device and a second relay device operating as a backup relay device set a route between them, and the second relay device sends a packet addressed to the LAN. On the other hand, if the routing priority of the transition route is set higher than the direct route on the LAN side and a failure occurrence is detected on the LAN side of the first relay device, at least the second relay device It is characterized in that the interface is closed.
A redundant configuration according to the present invention is a redundant configuration of a plurality of relay devices that are directly connected to a local area network (LAN) and provided between the LAN and a wide area network (WAN), and are used as a main relay device. A first relay device that operates and a second relay device that operates as a backup relay device and is connected to the first relay device via a crossover route. The first control means for setting the routing priority of the transit route higher than the direct route on the LAN side and the LAN side interface of the first relay device are monitored, and the occurrence of a failure is detected on the LAN side interface. Then, a second control means for closing the interface of the crossing route is provided.
A relay device according to the present invention is a relay device that is directly connected to a local area network (LAN) and is provided between the LAN and a wide area network (WAN), and is redundant with a relay device adjacent to the relay device. Redundant configuration control means that operates as a main relay device or a backup relay device in the configuration, a direct route to the LAN, a transition route connected to the adjacent relay device, a dynamic route, and routing priority of these routes, And a first control means for setting the routing priority of the transit route higher than the direct route on the LAN side for the packet addressed to the LAN when the relay device operates as a backup relay device. And the LAN side of the adjacent relay device operating as the main relay device Monitor interface, a failure occurs in the LAN side interface is detected, and having a, a second control means for closing the own station interface of said crossing routes.
The asymmetric routing prevention method according to the present invention prevents asymmetric routing from occurring in a redundant configuration of a plurality of relay devices that are directly connected to a local area network (LAN) and provided between the LAN and a wide area network (WAN). A first relay device operating as a main relay device and a second relay device operating as a backup relay device set a route between them, and the second relay device sends a packet addressed to the LAN. On the other hand, when the routing priority of the transition route is set higher than the direct route on the LAN side, and the failure occurrence position of the first relay device is the first relay device itself or the LAN side, the transition route Changing the priority between the routing priority of the LAN and the routing priority of the direct route on the LAN side, And butterflies.

  As described above, according to the present invention, the routing priority differs depending on the routing priority setting and the crossing route blocking control, or by adjusting the routing priority on the backup side depending on the location of the failure. Occurrence of asymmetric routing can be prevented in a redundant configuration of relay apparatuses in which interfaces are mixed.

FIG. 1 is a network configuration diagram schematically showing an example of a redundant configuration for explaining a problem to be solved by the present invention. FIG. 2 is a network configuration diagram schematically showing another example of a redundant configuration for explaining the problem to be solved by the present invention. FIG. 3 is a network configuration diagram schematically showing a redundant router configuration according to the first embodiment of the present invention. FIG. 4 is a sequence diagram showing an example of the routing control operation according to the present embodiment. FIG. 5 is a network configuration diagram schematically showing the routing control operation shown in FIG. FIG. 6 is a sequence diagram showing another example of the routing control operation according to this embodiment. FIG. 7 is a network configuration diagram schematically showing the routing control operation shown in FIG. FIG. 8 is a network configuration diagram schematically showing an example of occurrence of asymmetric routing when the routing control operation shown in FIG. 6 is not performed. FIG. 9 is a network configuration diagram schematically showing a router redundancy configuration according to the second embodiment of the present invention. FIG. 10 is a block diagram showing a configuration of a router according to an embodiment of the present invention. FIG. 11A is a schematic diagram illustrating an example of a routing table in the router according to the present embodiment. FIG. 11B is a schematic diagram illustrating an example of an ARP table in the router according to the present embodiment. FIG. 12 is a flowchart showing the control operation when the router according to this embodiment is the main system. FIG. 13 is a flowchart showing the control operation when the router according to this embodiment is a backup system. FIG. 14 is a network configuration diagram schematically showing a first example of a redundant configuration to which a router according to this embodiment is applied. FIG. 15 is a network configuration diagram schematically showing a first example of the routing operation in the redundant configuration shown in FIG. FIG. 16 is a network configuration diagram schematically showing a second example of the routing operation in the redundant configuration shown in FIG. FIG. 17 is a network configuration diagram schematically showing a third example of the routing operation in the redundant configuration shown in FIG. FIG. 18 is a network configuration diagram schematically showing a fourth example of the routing operation in the redundant configuration shown in FIG. FIG. 19 is a network configuration diagram schematically showing a second example of a redundant configuration to which the router according to this embodiment is applied. FIG. 20 is a network configuration diagram schematically showing a first example of an access operation in the redundant configuration shown in FIG. FIG. 21 is a network configuration diagram schematically showing a second example of the access operation in the redundant configuration shown in FIG. FIG. 22 is a network configuration diagram schematically showing a third example of the access operation in the redundant configuration shown in FIG. FIG. 23 is a network configuration diagram schematically showing a fourth example of the access operation in the redundant configuration shown in FIG.

<Outline of Embodiment>
According to the embodiment of the present invention, a relay device directly connected to a user-side or customer-side LAN is made redundant, and between the redundant main-side first relay device and backup-side second relay device. The route is set. The first relay device has a default routing priority, and the second relay device has a routing priority set so that the crossing route is higher than the direct route on the LAN side. Further, when a failure is detected in the LAN side interface of the first relay device, at least the second relay device crosses the interface.

  Owing to such routing priority setting and transition route blocking control, it is possible to prevent the occurrence of asymmetric routing in a redundant configuration of a relay apparatus in which interfaces having different routing priorities are mixed.

  In another embodiment, the same effect can be obtained by changing the routing priority of the backup relay device according to the location of the failure of the main relay device. For example, if a failure occurs on the LAN side including the relay device itself in the first relay device on the main side, it is also possible to obtain an asymmetric routing prevention effect by changing the routing priority of the second relay device on the backup side It is.

  The term “relay device” represents a network node having a routing function and a plurality of interfaces having different routing priorities, and includes a router, a layer 3 switch, and the like. Hereinafter, a mechanism for preventing asymmetric routing in a redundant configuration using routers will be described. However, the present invention is also applicable to a case where a network node such as a layer 3 switch having a similar function is used. Hereinafter, embodiments and examples of the present invention will be described in detail with reference to the drawings.

1. First Embodiment In the first embodiment of the present invention described below, an edge router on the LAN side is used in a virtual dedicated network that connects geographically separated LANs using an IP-based closed network provided by the WAN side. A case where redundancy is achieved will be described as an example. By providing redundancy, if the main router fails, for example, the role of the default gateway can be automatically taken over from the main router by the backup router, and communication between the base LANs can be maintained. As a redundancy protocol used in the present embodiment, VRRP (Virtual Router Redundancy Protocol), HSRP (Hot Standby Router Protocol), and the like are known, but are not limited thereto.

1.1) Configuration As illustrated in FIG. 3, it is assumed that routers 10 and 20 as edge routers on the LAN side are made redundant. Here, it is assumed that router 10 is a main and router 20 is a backup. Here, as an example, the router 10 has three physical ports P11, P12, and P13, and the router 20 has three physical ports P21, P22, and P23, and these ports can be used as routed ports. To do.

  The port P11 of the router 10 is directly connected to the hub 11 on the LAN side, the port P12 is connected to the main line 12m provided by the WAN side, and the port P13 is connected to the port P23 of the backup router 20. These ports P11, P12, and P13 are connected to a LAN side IF (interface), a WAN side IF, and a transition IF in the router 10, respectively. Similarly, the port P21 of the router 20 is directly connected to the hub 11 on the LAN side, the port P22 is connected to the backup line 12b provided by the WAN side, and the port P23 is connected to the port P13 of the main router 10. . These ports P21, P22 and P23 are connected to the LAN side IF, the WAN side IF and the transition IF in the router 20, respectively.

  The main router 10 has a blocking control function for automatically blocking the transition IF of the port P13 when a failure occurrence is detected on the LAN side, in addition to a normal routing priority and network monitoring function.

  The backup router 20 is reset to a routing priority different from normal. The normal (default) routing priority is that the directly connected route has the highest priority (minimum AD value or preference value). On the other hand, the routing priority newly set for the backup router 20 is set higher for the transition route S than for the direct route (LAN side route). That is, in order from the highest routing priority, 1) the transition route S, 2) the LAN side route, and 3) the dynamic route. Usually, a directly-connected route has the highest routing priority, and a static route has the next highest routing priority, but in the backup route 20, the transition route S is set as a static route, Reconfigure static routes with higher routing priority than directly-connected routes. As a result, it is possible to realize the order of the routing priority: 1) the transition route S, 2) the LAN side route, and 3) the dynamic route.

  Further, the backup router 20 monitors the LAN side IF or the transition IF of the port P11 of the router 10 in addition to the routing function and the network monitoring function based on the set routing priority, and troubles on the LAN side of the main router 10 Has occurred, or when the transition IF of the main router 10 is blocked, the transition IF of the port P23 of the own station is also automatically blocked.

1.2) Operation <Normal operation>
As shown in FIG. 4, first, assume that the router 10 and the router 20 are made redundant by the redundancy protocol, and the router 10 is determined as the main and the router 20 is determined as the backup (operation S101). The backup router 20 sets the routing priority so that the transition route S is higher than the direct route (LAN side route) (operation S102). Subsequently, the routers 10 and 20 monitor the network (operations S103 and S104), and the backup router 20 transmits a packet for monitoring the LAN side IF of the main router 10 to the main router 10 at a predetermined cycle, and the response packet or The occurrence of a failure in the LAN side IF of the main router 10 can be detected based on whether or not there is a response (operation S105).

  If no failure is detected in the network, the LAN segment can perform normal communication with the opposite base through the main router 10 and the main line 12m (operation S106). That is, the main router 10 transfers the IP packet entered from the LAN segment side port P11 to the WAN side port P12 by dynamic routing, and transmits it to the opposite site through the main line 12m. Conversely, the main router 10 transfers the IP packet that has entered from the WAN side port P12 to the LAN side port P11 by directly-connected, and outputs it to the LAN segment. Therefore, in a state where no failure has occurred, the LAN segment can transmit and receive IP packets with the opposite base through the main router 10 and the main line 12m, and asymmetric routing occurs between the transmission traffic and the reception traffic. Absent.

<Operation when main line fails>
As shown in FIG. 4, when the main router 10 detects a failure on the main line 12m on the WAN side (operation S107), the LAN segment passes through the main router 10, the transfer route S, the backup router 20, and the backup line 12b. Backup communication can be performed with the base (operation S108). This backup communication will be described with reference to FIG.

  In FIG. 5, when the main router 10 detects that a failure has occurred in the main line 12m, the main router 10 transfers the IP packet that has entered from the port P11 on the LAN segment side to the port P13 by dynamic routing, and the backup router through the transfer route S 20 output. The backup router 20 transfers the IP packet entered from the port P23 of the crossover route S to the WAN side port P22 by dynamic routing, and transmits it to the opposite site through the backup line 12b.

  Conversely, when an IP packet enters from the WAN side port P22, the backup router 20 transfers the packet to the port P23 on the transition route S side with the highest routing priority, and outputs it to the main router 10 through the transition route S. To do. The main router 10 transfers the IP packet that has entered from the port P13 of the transit route S to the LAN side port P11 having the highest routing priority, and outputs it to the LAN segment through the hub 11. Thus, when a failure occurs in the main line 12m, the LAN segment can transmit and receive IP packets to and from the opposite base through the main router 10, the transfer route S, the backup router 20, and the backup line 12b. Asymmetric routing like this does not occur.

<Operation at the time of LAN side failure>
As shown in FIG. 6, it is assumed that the main router 10 detects the occurrence of a failure on its own LAN side during normal operation through the main router 10 (operation S201). When a failure occurs on the LAN side, as described above, the backup router 20 takes over the role of the default gateway, and the router 10 automatically closes the transition IF of its own station (operation S203). As a result, the backup router 20 automatically closes the transit IF of its own station (Operation S205) when there is no response to the monitoring packet periodically transmitted through the link with the main router 10 (Operation S204). As described above, the backup router 20 may detect the presence or absence of the response of the monitoring packet as to how the LAN router IF failure occurs in the main router 10, but the output is performed according to the failure of the main router 10. The backup router 20 may detect it by using a syslog message or the like as a trigger. In this manner, the LAN segment can perform communication through the backup path with the opposite base through the backup router 20 and the backup line 12b (operation S206). This backup communication will be described with reference to FIG.

  As shown in FIG. 7, when the main router 10 detects that a failure has occurred on the LAN side, the main router 10 closes the transit IF of its own station. As a result, the backup router 20 no longer responds to the monitoring packet, and therefore automatically closes the transition IF of its own station. That is, due to the failure of the main router 10 on the LAN side, the transition IF of the backup router 20 is finally closed. When the backup router 20 takes over the role of the default gateway from the router 10, the backup router 20 transfers the IP packet received from the port P21 on the LAN segment side to the port P22 by dynamic routing and transmits it to the opposite site through the backup line 12b.

  On the contrary, when the IP packet enters from the WAN side port P22, the backup router 20 blocks the port P23 on the transition route S side with the highest routing priority. The data is transferred to the port P21 and output to the LAN segment through the hub 11. Thus, when a failure occurs on the LAN side of the main router 10, the LAN segment can send and receive IP packets to and from the opposite base through the backup router 20 and the backup line 12b. Does not occur.

  Next, the reason for closing the transfer route S between the main and backup routers will be briefly described.

  As illustrated in FIG. 8, for example, a case is considered in which even if a failure on the LAN side of the main router 10 occurs, the transition IF of any router is not blocked. In this case, when an IP packet enters from the WAN side port P22, the backup router 20 'transfers the packet to the port P23 on the crossing route S side having the highest routing priority. Since a failure has occurred on the LAN side, the router 10 'returns the packet that has entered from the transfer route S to the router 20' through the transfer route S by dynamic routing. Therefore, if the crossover route S is not blocked, a routing loop occurs between the routers via the crossover route S and communication is interrupted.

  Also, consider a case where the main IF only block is blocked by the main router 10 on the LAN side. First, when the router having a redundant configuration has an IF closing function at Layer 1, when the transition IF of the main router 10 is blocked at Layer 1, the transition IF of the backup router 20 is also linked to be down from Layer 1. Therefore, the operation is the same as that illustrated in FIG.

  However, when a router having a redundant configuration performs blockage at layer 2 instead of layer 1, for example, when the router does not have a block function at layer 1 but has only a block function at layer 2, the main router 10 ' Even if the crossover IF is blocked at layer 2, the crossover route S is still alive at layer 1. As will be described in detail later, information (IP address, port information, etc.) regarding the transit route S remains in the ARP (Address Resolution Protocol) table of the backup router 20 'until it is dynamically updated. Therefore, when an IP packet enters from the WAN side port P22, the backup router 20 ′ refers to the ARP table, and if the destination MAC address (MAC address of the NextHop of the static route) can be resolved, the backup router 20 ′ passes the IP packet. The data is transferred to the port P23 of the route S and output to the blocked port P13 of the router 10 ′, whereby communication is interrupted.

  Therefore, as shown in FIG. 7, when a failure occurs on the LAN side of the main router 10, at least the transfer IF of the backup router 20 is blocked so that the IP packet is not transferred to the port P23 of the transfer route S. It is necessary to make it. However, since the main router 10 cannot immediately detect that the crossover IF of the backup router 20 is blocked, the main router 10 continues to notify the WAN side that the crossover route is alive until the adjacent node of the dynamic routing is detected. . In order to prevent this, when a failure occurs on the LAN side of the main router 10, it is desirable to block both the transition IF of the main router 10 and the transition IF of the backup router 20.

  In particular, when the redundant routers 10 and 20 are provided with a plurality of segments, the crossing route connecting the redundant routers may cause a loop depending on the use state of the ports. Therefore, it is desirable that the redundant routers 10 and 20 work together to block the crossover route so that the crossover route is reliably invalidated and does not cause a loop.

1.3) Effects As described above, according to the present embodiment, a crossover route is set between the main router and the backup router, and the crossover route is higher in the backup router than in the direct route on the LAN side. When the routing priority is set and a failure is detected on the LAN side of the main router, at least the backup router, preferably the main router and the backup router, control the interface so as to block the transit route. By setting the routing priority and controlling the blocking of the crossing route, it is possible to prevent asymmetric routing in a configuration in which the customer side edge router is made redundant.

2. Second Embodiment As in the first embodiment described above, the present invention is not limited to a configuration that prevents asymmetric routing by setting routing priority and blocking control of a transit route. According to the second embodiment of the present invention, when the location of the failure is on the LAN side including the router itself, the setting of the routing priority of the backup router 20 is changed to prevent asymmetric routing similar to the first embodiment. An effect can be obtained.

  As illustrated in FIG. 9, in the redundant configuration according to the second embodiment of the present invention, as in the first embodiment, the routers 10 and 20 are made redundant, and the ports P11 and P21 of the routers 10 and 20 are connected to the LAN side. The ports P12 and P22 are respectively connected to a main line 12m and a backup line 12b provided by the WAN side, and the ports P13 and P23 are connected to each other by a route S.

  The default routing priority is set for the main router 10 as in the first embodiment. That is, the directly-connected LAN side route has the highest priority, and thereafter, the priority decreases in the order of the transition route S, which is a static route, and the dynamic route. Further, the routing priority of the backup router 20 is adjusted as in the first embodiment. That is, the transition route S, which is a static route, has the highest priority, and the priority decreases in the order of the directly-connected LAN side route and the dynamic route.

  When a failure occurs on the main line side, the backup router 20 does not change the routing priority. Therefore, as already described with reference to FIG. 5, IP packets can be transmitted and received between the LAN segment and the opposite site through the router 10, the transfer route S, the router 20, and the backup line 12b.

  When a failure occurs on the LAN side of the main router 10 (or the main router 10 itself), the backup router 20 changes the setting of the routing priority as follows. That is, if a failure occurs on the LAN side of the main router 10, the backup router 20 changes the priority of the static route to be lower than directly-connected, and returns the routing priority to the default priority. That is, the routing priority of the backup router 20 is changed to a priority in which the priority decreases in the order of the directly-connected LAN side route, the transition route S that is a static route, and the dynamic route. Therefore, as already described in FIG. 7, the LAN segment can transmit and receive IP packets to and from the opposite base through the backup router 20 and the backup line 12b.

  Taking the AD value as an example of the routing priority of the backup router 20, the transition route (static route) is set to AD value 1, the LAN side route is set to AD value 2, and the dynamic route is set to AD value 10. To do. In this case, when a failure occurs on the LAN side of the main router 10, the backup router 20 changes only the AD value of the crossover route from “1” to “3”, thereby making the direct route on the LAN side the highest priority. Can be a root.

  As described above, when the failure location on the main side is the main router itself or on the LAN side, the routing priority setting of the backup side router is changed to change the edge router on the customer side as in the first embodiment. The effect of preventing the occurrence of asymmetric routing in the configuration in which is made redundant can be obtained.

3. Hereinafter, a router according to an embodiment of the present invention and its control operation will be described in detail with reference to the drawings. The router according to this embodiment can be used as the router 10 or 20 in the redundant configuration illustrated in FIG. In this embodiment, the configuration (first embodiment) that prevents asymmetric routing by setting the routing priority described above and the blocking control of the transit route is adopted. However, it is asymmetric only by changing the setting of the routing priority described above. A configuration for preventing routing (second embodiment) may be employed.

3.1) Configuration of Router As illustrated in FIG. 10, the router 300 according to the present embodiment includes a LAN interface unit 301 including a plurality of LAN interfaces # 1, # 2,... And a WAN side interface connected to the WAN. 302 and a memory 303. In this embodiment, in the LAN side interface unit 301, the physical port P1 of the interface # 1 is directly connected to the hub of the LAN segment A, and the physical port P2 of the interface # 2 is directly connected to the hub of the LAN segment B And Further, the physical port P3 of the interface # 3 is connected to a redundant neighboring router, and a transition route S by static routing is set as will be described later.

  The memory 303 stores a routing table 303R and an ARP table 303A. As will be described later, in addition to the dynamic route, a static route and a direct route are set in the routing table 303R, and the correspondence relationship between the destination IP address, the MAC address, and the port number is stored in the ARP table 303A according to the ARP protocol. .

  The router control unit 304 controls the interface monitoring / blocking control unit 305, the routing control unit 306, and the redundant configuration control unit 307 according to the program stored in the program memory 308, thereby realizing the router routing function according to this embodiment. Each function of the router control unit 304, the interface monitoring / blocking control unit 305, the routing control unit 306, and the redundant configuration control unit 307 executes each program on a central processing unit (CPU) of the router. It can also be realized by software.

  The interface monitoring / blocking control unit 305 monitors the local station's LAN side or a specific IP address of another station. As described above, the monitoring / blocking control differs depending on whether the router 300 is the main side or the backup side. In the case of the router 10 on the main side, the interface monitoring / blocking control unit 305 blocks the port P3 of the local station on the transition route S when detecting the occurrence of a failure on the LAN side. If it is the router 20 on the backup side, the interface monitoring / blocking control unit 305 monitors the LAN interface on the master side. If there is no response packet within a predetermined time, the interface monitoring / blocking control unit 305 determines that a failure has occurred. Port P3 is blocked.

  The routing control unit 306 performs normal routing control using the ARP table 303A and the routing table 303R. As described above, the redundant configuration control unit 307 controls the redundant configuration with the adjacent routers according to a redundancy protocol such as VRRP or HSRP. As will be described later, in the case of a router in which a plurality of LAN segments are directly connected, the router control unit 304 performs the interface monitoring / blocking control, routing control, and redundant configuration control for each LAN segment.

<Routing table>
As illustrated in FIG. 11A, in the routing table 303R, in addition to the destination network address, the next hop, the output port, and the routing information source, the routing priority (AD value or (Preference value) is stored. As described above, in the backup router of the redundant router, the static route is set to a higher routing priority than the directly connected route with respect to the packet addressed to the LAN. Therefore, by setting the crossover route S for connecting the redundant routers by static routing, the crossover route S has the highest priority over the direct route on the LAN side. When the transition route S is blocked, the direct route or the dynamic route automatically emerges as the highest priority route according to the destination network.

  For example, in the example shown in FIG. 11A, if a packet received from LAN segment A or an adjacent router has WAN as the destination network, it is transferred from the port P4 to the WAN side by dynamic routing. On the other hand, in the packet addressed to the LAN segment A received from the WAN side, the transfer route S transferred from the port P3 to the adjacent router has the highest priority. If the transfer route S is blocked, the packet is directly connected to the hub 11. Port P1 is transferred to LAN segment A.

  The routing table of the main router is configured in the same way as in FIG. 11A, but the routing priority is the default order. That is, the direct route has a higher routing priority than the static route, and the static route has a higher routing priority than the dynamic route.

<ARP table>
As illustrated in FIG. 11B, normally, the IP addresses and MAC addresses of the LAN segments A and B connected to the ports P1 and P2 described above are registered in the ARP table. Therefore, when the routing control unit 306 inputs a packet addressed to the LAN segment, the routing control unit 306 can transfer the packet to the destination MAC address by referring to the ARP table 303A. If there is no corresponding entry in the ARP table 303A, the destination MAC address is determined by the ARP request.

  However, when the router 300 according to the present embodiment is on the backup side, the router control unit 304 deletes all the registrations related to the transfer route S from the ARP table 303A when the transfer route S is blocked as described above. Since the NextHop address of the destination static route disappears from the ARP table, the static route is invalidated. Therefore, when a packet addressed to the LAN segment A arrives, the routing table 303R is referred to, the segment A recognizes that it is a segment directly connected to the local station IF, transmits an ARP request, and the local IF in the ARP table. Segment A including is registered. As a result, the packet is transferred to the LAN segment A as the destination network by directly-connected. Next, router control when the router 300 is a main router and a backup router will be described with reference to FIGS. 12 and 13.

3.2) Router Control Operation In FIG. 12, when the router 300 operates as a main router, the interface monitoring / blocking control unit 305 starts monitoring the LAN side interface unit 301 of its own station (operation S401) and operates normally. If so (NO in operation S402), communication between the LAN segment and the opposite base is executed through the main line 12m (operation S403).

  If the occurrence of a failure is detected (YES in operation S402) and this is a failure on the main line (YES in operation S404), the routing control unit 306 backs up the IP packet from the LAN segment through the route S by dynamic routing. Transfer to the router (operation S405). If the failure is not on the main line but on the local LAN side (YES in operation S406), the interface monitoring / blocking control unit 305 blocks interface # 3 of the static route (crossover route S) (operation S407). If the failure does not occur on the WAN side or the LAN side, the failure can be further analyzed and communication on the main line can be continued.

  In FIG. 13, when the router 300 operates as a backup router, the router control unit 304 sets the routing priority in the routing table 303R so that the static route (crossover route S) is higher than the direct route (operation S501). That is, the routing priority is set to decrease in the order of static route, direct route, and dynamic route.

  Subsequently, the interface monitoring / blocking control unit 305 starts monitoring the LAN side interface unit 301 of the main router through the transfer route S (operation S503). The normal transfer control is performed (operation S504). When a failure occurrence is detected on the LAN side interface # 1 of the main router (YES in operation S503), the interface monitoring / blocking control unit 305 blocks the interface # 3 of the static route (transition route S) (operation S505) The role of the default gateway is taken over from the main router, and packet transfer control is executed (operation S506).

3.3) Effect As described above, by configuring the router according to this embodiment as a redundant edge router, a route is set between the main router and the backup router, and the backup router has a direct route on the LAN side. The routing priority is set so that the crossing route is higher. Further, when a failure is detected on the LAN side of the main router, the main router and the backup router control the interface so as to block the route. As a result, as in the above embodiment, it is possible to prevent the occurrence of asymmetric routing when the customer-side edge router is made redundant.

  Hereinafter, a configuration example in which the router according to the present embodiment is made redundant as a CE router and its routing operation will be described in detail with reference to the drawings.

4). Network configuration example 1
4.1) Configuration As illustrated in FIG. 14, the redundant configuration including the router 10 and the router 20 functions as a redundant CE router for each of the LAN segments A and B. That is, the router 10 is the main and the router 20 is the backup for the LAN segment A, and the router 10 is the backup and the router 20 is the main for the LAN segment B. The redundant configuration of the routers 10 and 20 for one LAN segment, the setting of the routing priority, the blocking control of the transition route S, and the routing operation are the same as the configurations, operations and basics described in the above-described embodiment (FIGS. 3 to 9). Is the same.

  In FIG. 14, the router 10 has four physical ports P11, P12, P13, and P14, and the ports P11, P12, and P13 are connected to the LAN side interfaces # 1 to # 3 in the router 300 shown in FIG. , Port P14 is connected to the WAN side interface 302. Similarly, the router 20 has four physical ports P21, P22, P23, and P24, and the ports P21, P22, and P23 are connected to the LAN side interfaces # 1 to # 3 in the router 300 shown in FIG. The port P24 is connected to the WAN side interface 302.

  The redundant CE router for LAN segment A is configured as follows. In the router 10 which is the main router related to the LAN segment A, the port P11 is directly connected to the hub 11 of the LAN segment A, the port P13 is connected to the port P23 of the router 20, and the port P14 is provided by the WAN side 12m. It is connected to the. In the router 20 that is a backup router for the LAN segment A, the port P22 is directly connected to the hub 11 of the LAN segment A, the port P23 is connected to the port P13 of the router 10, and the port P24 is provided by the WAN side. It is connected to the.

  The redundant CE router for LAN segment B is configured as follows. In the router 20, which is the main router for the LAN segment B, the port P21 is directly connected to the hub 21 of the LAN segment B, the port P23 is connected to the port P13 of the router 10, and the port P24 is provided by the WAN side 22m. It is connected to the. In the router 10 as a backup router for the LAN segment B, the port P12 is directly connected to the hub 11 of the LAN segment B, the port P13 is connected to the port P23 of the router 20, and the backup line 12b provided by the WAN side is the port P14. It is connected to the.

  The port P13 of the router 10 is set by static routing for the LAN segment B and by dynamic routing for the other segment. On the contrary, the port P23 of the router 20 is set by static routing for the LAN segment A and by dynamic routing for the other segment. In this way, between the router 10 and the router 20, the crossing routes S (A) and S (B) are set for the LAN segments A and B, respectively.

  Each port of the routers 10 and 20 is used as a routed port, and it is only necessary to connect a cable to the hub 11 in the LAN segment A and to the hub 21 in the LAN segment B. In this way, by using a single segment hub on the LAN side, the user does not need to be aware of the connection port, and it is possible to prevent connection mistakes, occurrence of loops, etc. during replacement work at the time of failure.

  As described above, the redundant CE router related to the LAN segment A and the redundant CE router related to the LAN segment B perform substantially the same operations as those in the above-described embodiment (FIGS. 3 to 9), and cause various failures. In contrast, the occurrence of asymmetric routing can be avoided. Therefore, in the following description, the routing operation of the redundant CE router related to the LAN segment A is exemplified, but the same applies to the redundant CE router related to the LAN segment B.

4.2) Routing operation <First example>
As shown in FIG. 15, if there is no failure in the line between the LAN segment A and the main router 10 and the main line 12m between the router 10 and the opposing base C, the LAN segment A is connected to the main router 10 and the main line 12m. Normal communication can be performed with the opposite site C through (route Ra-c). Similarly, if there is no failure in the line between the LAN segment A and the main router 10 and the main line 12m between the main router 10 and the opposing base D, the LAN segment A passes through the main router 10 and the main line 12m. Normal communication can be performed with D. That is, the main router 10 transfers the IP packet entered from the port P11 of the LAN segment A to the WAN side port P14 by dynamic routing, and transmits it to the opposite site C or D through the main line 12m. Conversely, the main router 10 transfers the IP packet that has entered from the WAN side port P14 to the LAN side port P11 by directly-connected, and outputs it to the LAN segment A. Therefore, in a state where no failure has occurred, the LAN segment A can transmit and receive IP packets between the opposite bases C and D through the main router 10 and the main line 12m, and between the transmission traffic and the reception traffic. Asymmetric routing does not occur.

  It is assumed that a failure has occurred on the main line 12m side of the opposing base D in the normal communication state. When the main router 10 detects a failure on the WAN main line 12m, the communication between the LAN segment A and the opposing base D is a backup through the main router 10, the crossover route S, the backup router 20, and the backup line 22b. Switch to communication. Specifically, when the main router 10 detects the occurrence of a failure on the main line 12m, the main router 10 transfers the IP packet received from the port P11 of the LAN segment A to the port P13 by dynamic routing, and outputs it to the backup router 20 through the transfer route S. To do. The backup router 20 transfers the IP packet that has entered from the port P23 of the crossover route S to the WAN side port P24 by dynamic routing, and transmits it to the opposite site D through the backup line 22b (path Ra-d).

  On the other hand, when an IP packet enters from the WAN side port P24, the backup router 20 transfers the packet to the port P23 on the transition route S side having the highest routing priority, and outputs it to the main router 10 through the transition route S. To do. The main router 10 transfers the IP packet that has entered from the port P13 of the transit route S to the LAN side port P11 having the highest routing priority, and outputs it to the LAN segment A through the hub 11 (path Ra-d).

  Thus, when a failure occurs on the main line 12m side of the opposing site D, the LAN segment A communicates with the opposite site D through the route Ra-d of the main router 10, the transfer route S, the backup router 20, and the backup line 22b. Thus, transmission / reception of IP packets can be continued, and asymmetric routing as described above does not occur.

<Second example>
As shown in FIG. 16, when normal communication is performed between the LAN segment A and the opposite site D through the main router 10 and the main line 12m, a failure occurs on the main line 12m side of the router 10. As in the first example, the communication between the LAN segment A and the opposing base D is switched to the backup communication through the main router 10, the transfer route S, the backup router 20, and the backup line 22b. In detail, since it is the same as that of a 1st example, description is abbreviate | omitted.

<Third example>
As shown in FIG. 17, when a failure occurs in the main router 10 during normal operation through the main router 10, the backup router 20 takes over the role of default gateway and the transition IF of the main router 10 is layer 1. By going down at this point, the transition IF of the local station will also go down from layer 1. The automatic blocking process of the IF is running but it is down from layer 1, so the automatic blocking does not work, the deletion of the transition segment information from the ARP table, and the invalidation of the static route for segment A and segment B This has no effect. Thus, the LAN segment A can continue communication with the opposite base D through the backup router 20 and the path Ra-d of the backup line 22b. More specifically, the backup router 20 takes over the role of the default gateway from the router 10 when the keep alive (Keepalive) for determining the master / slave relationship of the default gateway using the multicast packet from the main router 10 is interrupted. As a result, the IP packet entered from the port P22 of the LAN segment A is transferred to the port P24 by dynamic routing and transmitted to the opposite site D through the backup line 22b.

  On the other hand, when an IP packet enters from the WAN side port P24, the backup router 20 has the port P23 on the transition route S side with the highest routing priority down. Transfer to port P22 and output LAN segment A through hub 11. Thus, even when a failure occurs in the main router 10, the LAN segment A can send and receive IP packets to and from the opposite site D through the path Ra-d of the backup router 20 and the backup line 22b. Asymmetric routing as already mentioned does not occur.

<Fourth example>
As shown in FIG. 18, when normal communication is performed between the LAN segment A and the opposite site D through the main router 10 and the main line 12m, if a failure occurs on the LAN side of the router 10, the backup router 20 takes over the role of the default gateway and automatically closes the transition IF of its own station. Thus, the LAN segment A can continue communication with the opposite base D through the backup router 20 and the path Ra-d of the backup line 22b. Similar to the third example, the communication between the LAN segment A and the opposing base D is switched to the backup communication through the backup router 20 and the backup line 22b. In detail, since it is the same as that of a 3rd example, description is abbreviate | omitted.

5. Network configuration example 2
5.1) Configuration In FIG. 19, the redundant configuration including the router 10 and the router 20 functions as a redundant CE router for the LAN segment A, and the LAN segment A is directly connected to the redundant CE routers 10 and 20. . Further, the LAN segment A is connected to redundant firewalls FW1 and FW2. The redundant configuration of the routers 10 and 20 related to the LAN segment A, the setting of the routing priority, the blocking control of the transit route S, and the routing operation are basically the same as the configurations and operations described in the above-described embodiment (FIGS. 3 to 9). Is the same.

  In the redundant firewalls FW1 and FW2, the firewall FW1 is the main and the firewall FW2 is the backup, and the firewalls FW1 and FW2 are connected by an HA (High Availability) link and can notify each other of their operating states. When the interface on the main router 10 side goes down due to HA, the firewall FW1 operates to fail over from the firewall FW2.

  As shown in FIG. 19, the router 10 has three physical ports P11, P13, and P14, and the ports P11 and P13 are respectively connected to LAN side interfaces # 1 and # 3 in the router 300 shown in FIG. The port P14 is connected to the WAN side interface 302. Similarly, the router 20 has three physical ports P21, P23, and P24. The ports P21 and P23 are connected to the LAN side interfaces # 1 and # 3 in the router 300 shown in FIG. 10, respectively, and the port P24 is the WAN. Is connected to the side interface 302.

  The redundant CE router for LAN segment A is configured as follows. In the router 10 which is the main router related to the LAN segment A, the port P11 is directly connected to the LAN segment A, the port P13 is connected to the port P23 of the router 20, and the port P14 is connected to the main line 12m provided by the WAN side. ing. In the router 20, which is a backup router for the LAN segment A, the port P21 is directly connected to the LAN segment A, the port P23 is connected to the port P13 of the router 10, and the port P24 is connected to the backup line 22b provided by the WAN side. ing.

  The port P13 of the router 10 is set by dynamic routing, and the port P23 of the router 20 is set by static routing for the LAN segment A and by dynamic routing for the other segments. In this way, a crossover route S is set for the LAN segment A between the router 10 and the router 20.

  As described above, the redundant CE router related to the LAN segment A performs substantially the same operation as the above-described embodiment (FIGS. 3 to 9), and avoids the occurrence of asymmetric routing even when various failures occur. be able to. Hereinafter, an access operation to the firewall FW1 or FW2 which is a communication device in the LAN segment A will be described with reference to the drawings.

5.2) Access operation <First example>
In FIG. 20, when there is no network failure, as in the routing operation shown in FIG. 15, access and communication from the opposite base C to the firewall FW1 are possible through the main router 10 and the main line 12m (route Ra). -c). Similarly, access and communication from the opposite site D to the firewall FW1 are possible through the main router 10 and the main line 12m. At that time, as in the routing operation shown in FIG. 15, asymmetric routing does not occur between the transmission traffic and the reception traffic.

  Further, when a failure occurs on the main line 12m side of the counter site D, the interface on the main router 10 side is not down, so that no failover occurs from the firewall FW1 to the firewall FW2. In this case, as in the routing operation shown in FIG. 15, the access and communication from the opposite site D to the firewall FW1 continue through the route Ra-d of the main router 10, the transfer route S, the backup router 20, and the backup line 22b. And asymmetric routing as already mentioned does not occur.

<Second example>
As shown in FIG. 21, even when a failure occurs on the main line 12m side of the router 10, the access and communication from the opposite base D to the firewall FW1 is performed by the main router 10, the crossover route, as in the first example. S, through the backup router 20 and the backup line 22b.

<Third example>
As shown in FIG. 22, when a failure occurs in the main router 10 during normal operation through the main router 10, the backup router 20 takes over the role of default gateway and the transition IF of the main router 10 is layer 1. By going down at this point, the transition IF of the local station will also go down from layer 1. Although the automatic blocking process of the IF is running but it is down from Layer 1, the automatic blocking does not function, and the transition segment information is deleted from the ARP table and the static route for the segment A is invalidated. There is no effect. Further, when the interface on the main router 10 side goes down, failover occurs from the firewall FW1 to the firewall FW2. Therefore, the access and communication from the opposite site D to the firewall FW2 can be continued through the backup router 20 and the backup line 22b as in the routing operation shown in FIG. 15, and the asymmetric routing as described above does not occur. .

<Fourth example>
As shown in FIG. 23, it is assumed that a failure occurs on the LAN side of the router 10 when normal communication is performed through the main router 10 and the main line 12m. In this case, since the interface on the main router 10 side goes down, failover occurs from the firewall FW1 to the firewall FW2. Therefore, as in the third example, communication between the LAN segment A and the opposing base D is executed through the backup router 20, the main router 20, and the main line 22b.

  The present invention can be applied to a redundant configuration of CE routers.

10 router (relay device)
11 Hub 12 WAN side line 12m Main line 12b Backup line 20 Router (relay device)
21 Hub 22 WAN side line 300 Router 301 LAN side interface unit 302 WAN side interface 303 Memory 303R Routing table 303A ARP table 304 Router control unit 305 Interface monitoring / blocking control unit 306 Routing control unit 307 Redundant configuration control unit 308 Program memory

Claims (6)

A method for preventing occurrence of asymmetric routing in a redundant configuration of a plurality of relay devices connected directly to a local area network (LAN) and provided between the LAN and a wide area network (WAN),
A first relay device that operates as a main relay device and a second relay device that operates as a backup relay device set a route between them,
The second relay device sets the routing priority of the transition route higher than the direct route on the LAN side for the packet addressed to the LAN,
When a failure occurrence is detected on the LAN side of the first relay device, at least the second relay device closes the interface of the transition route,
A method for preventing asymmetric routing. A redundant configuration of a plurality of relay devices connected directly to a local area network (LAN) and provided between the LAN and a wide area network (WAN),
A first relay device operating as a main relay device;
A second relay device that operates as a backup relay device and is connected to the first relay device via a crossover route;
The second relay device is
A first control means for setting a routing priority of the transit route higher than a direct route on the LAN side for a packet addressed to the LAN;
Monitoring the LAN-side interface of the first relay device, and when a failure occurrence is detected on the LAN-side interface, second control means for closing the interface of the transition route;
A redundant configuration characterized by comprising: A relay device directly connected to a local area network (LAN) and provided between the LAN and a wide area network (WAN),
A redundant configuration control means that operates as a main relay device or a backup relay device in a redundant configuration of the relay device and an adjacent relay device;
A routing table for registering a direct route to the LAN, a transition route connected to the adjacent relay device, a dynamic route, and a routing priority of these routes;
When the relay device operates as a backup relay device, the first control means for setting the routing priority of the transition route higher than the direct route on the LAN side for the packet addressed to the LAN;
A second control means for monitoring the LAN side interface of the adjacent relay device operating as a main relay device, and when the occurrence of a failure is detected in the LAN side interface, the second control means for blocking the local station interface of the transition route;
A relay apparatus comprising:   The first control means sets the direct route on the LAN side to a default routing priority higher than that of the transit route when the relay device operates as a main relay device. Relay device.   When the relay device operates as a main relay device, the second control means monitors the LAN interface of its own station, and when a failure is detected in the LAN interface of its own station, the second control means 5. The relay apparatus according to claim 3, wherein the interface is blocked. A method for preventing occurrence of asymmetric routing in a redundant configuration of a plurality of relay devices connected directly to a local area network (LAN) and provided between the LAN and a wide area network (WAN),
A first relay device that operates as a main relay device and a second relay device that operates as a backup relay device set a route between them,
The second relay device is
For the packet addressed to the LAN, the routing priority of the transition route is set higher than the direct route on the LAN side,
When the failure occurrence position of the first relay device is the first relay device itself or its LAN side, change the priority between the routing priority of the transition route and the routing priority of the direct route on the LAN side,
A method for preventing asymmetric routing.

Images