JP4222566B2 - Congestion control method, congestion control program, and congestion control system - Google Patents

Description

  The present invention relates to a congestion control method, a congestion control program, and a congestion control system.

  Due to the widespread use of broadband lines, the decline in broadband line unit prices is expected to continue. Therefore, a provider that uses a line for a user can add value by means of SLA (Service Level Agreement) that guarantees the quality of the provided line in order to differentiate it from the communication service provided by another provider. A high line is provided as a service. If a line that complies with the SLA is provided, the user's satisfaction with using the line is improved. On the other hand, if the line quality is poor and falls below the SLA standard, the user's satisfaction level is lowered.

  There are various indicators for guaranteed communication quality, such as bandwidth, communication delay, and low unavailable time. Since these communication qualities are affected by congestion, which is a network congestion state, it is important for provider providers to suppress congestion.

  In order to suppress congestion, a method of increasing the sum of communication bandwidths used by all users can be given. As a simple means, the communication bandwidth of a line can be increased by capital investment. However, it is costly to replace the already installed communication devices with higher-performance communication devices for capital investment in line with the increase in traffic, so it is easy for provider providers to adopt. Is difficult. Furthermore, since there are applications that use the available bandwidth as much as possible, it is difficult to establish a standard that congestion does not occur if capital investment is made up to this point.

  There is also a means for improving the utilization efficiency of network resources such as existing lines instead of increasing the communication band of the lines. However, although the total communication bandwidth used by the user can be increased, the amount of packets from the user continues to fluctuate, so the tolerance to fluctuations in the amount of communication decreases and congestion is likely to occur.

  Therefore, there is a technique for realizing fair use of the communication line by each user, instead of increasing the sum of the communication bands used by all users. For example, when 100 people use a free bandwidth of 100 [Mbps], one person should use 1 [Mbps] fairly. If a specific user occupies 50 [Mbps] and other users can use only about 0.5 [Mbps], the communication of the specific user occupying the band should be restricted. It is. On the other hand, if there are only two users currently using 100 [Mbps] on the communication line, if 50 [Mbps] are allocated to each of the two users, fair use can be realized and it is subject to regulation. Must not.

  The reason why a specific user improperly occupies the communication band is that the flow through which the specific user communicates becomes a malignant flow. In other words, the flow of communication packets is a malignant flow that causes congestion on the communication line when the amount of packets flowing on the flow becomes excessive with respect to the communication line that is the path of the flow. Become. On the other hand, if the amount of packets flowing on the flow does not give a load that causes congestion on the communication line, the flow is a benign flow. Although the number of flows occupying the entire malignant flow is small, the band occupancy rate of the malignant flow is large, causing congestion and affecting the benign flows of the majority of users.

  As a conventional congestion control method, there is a shaping method in which bandwidth control is selectively performed only on a flow that always sends packets at a high rate at the network end (for example, Patent Document 1). FIG. 7 is an explanatory diagram showing a certain amount of shaping processing.

Further, as an application of the shaping method, there is a port filtering method that always performs filtering / shaping based on port number information of a specific application such as P2P (see Patent Document 2). FIG. 8 is an explanatory diagram showing a bandwidth control process in which a port number is designated.
JP-A-8-79265 Japanese Patent Application No. 2000-357441

  However, in the conventional technology, the flow for bandwidth control and the actual malignant flow have been different.

  For example, in the prior art, by performing bandwidth control on a flow that is not a malignant flow, the user's flow is discarded at the network entrance even though there are surplus resources in the network, and sufficient throughput cannot be obtained. Since one application may be used for several purposes, if you perform bandwidth control for all applicable flows from a specific port number in advance, regardless of the presence or absence of congestion, all flows for the purposes that use that application The user's convenience is lost due to the control.

  In addition, the conventional technology does not specify a malicious flow that passes through a communication device in which congestion has occurred, and bandwidth control is also performed for flows that are not related to congestion.

  Therefore, the main object of the present invention is to solve the above-described problems and control congestion without excessively degrading user convenience.

  In order to solve the above-mentioned problems, the present invention provides a controlled network having a plurality of routers that relay flows, and among the routers, an ingress router that is an inflow side of a flow and an egress router that is an egress side of a flow And a congestion control method for controlling a malignant flow that is a factor of congestion occurring in the control target network, wherein the ingress router includes a congestion detection unit, a malignant flow identification unit, a communication control unit, The egress router has at least a passing flow notification unit, and the congestion detection unit of the ingress router is congested based on a monitoring packet transmitted to and received from the egress router. The congestion detection procedure for detecting the router in which the traffic has occurred, and the passing flow notification unit of the outgoing router detects the passing flow passing through the congestion from the congestion detected by the congestion detection procedure. A passing flow notification procedure to be determined; a malignant flow specifying procedure for the malignant flow specifying unit of the ingress router to specify the malignant flow from the passing flow specified by the passing flow notification procedure; The communication control unit executes a communication control procedure for executing communication control of the malignant flow specified by the malignant flow specifying procedure for the router.

  As a result, the user's convenience can be prevented from being excessively impaired by selecting and controlling the malignant flow that causes congestion.

  In the present invention, the ingress router and the egress router are edge routers connected to the outside of the controlled network, and the router in which the congestion has occurred is a core router that is not connected to the outside of the controlled network. It is characterized by.

  As a result, congestion can be controlled without placing a burden on the core router operated by another operator.

  In the present invention, when the malignant flow specifying procedure specifies a plurality of malignant flows, the ingress router further executes a control order specifying procedure for specifying the order of the malignant flows controlled by the communication control procedure. It is characterized by.

  As a result, the malignant flow having a high degree of influence on the congestion is preferentially controlled, thereby shortening the time until the congestion is recovered.

  The present invention is characterized in that the congestion detection procedure detects congestion when a packet loss rate of the monitoring packet exceeds a threshold value.

  This makes it possible to detect congestion without adding a function to the router in which congestion has occurred.

  The present invention is characterized in that the congestion detection procedure detects congestion when a response delay time of the monitoring packet exceeds a threshold value.

  This makes it possible to detect congestion without adding a function to the router in which congestion has occurred.

  The present invention is characterized in that the congestion detection procedure detects congestion when a congestion state described by the router in which the congestion has occurred in the monitoring packet exceeds a threshold value.

  Thereby, since the degree of congestion of the router is directly measured, it becomes possible to know the information on the exact congestion occurrence location.

  The present invention is characterized in that the passing flow notification procedure specifies the passing flow of the congestion detected by the congestion detection procedure from a tag identifying the ingress router attached to the packet.

  Thereby, the ingress router through which the passing flow passes can be specified without depending on the routing domain.

  The present invention is characterized in that the passing flow notification procedure specifies the passing flow of the congestion detected by the congestion detecting procedure from the packet source address information and the information held by the routing protocol.

  This makes it possible to identify the ingress router through which the flow has passed from the information held by the protocol without adding a new process to the transfer process that is already in operation.

  The present invention is characterized in that the router further executes a congestion mitigation detection procedure for performing communication control of the malicious flows in order until congestion is alleviated according to the order determined by the control order specifying procedure.

  As a result, by confirming the congestion state of the communication device where congestion has occurred in the process of sequentially controlling the flow, it is possible to identify the flow that causes the congestion and at the same time avoid communication control of unrelated flows. .

  The present invention is characterized in that communication control of a plurality of the malignant flows specified by the malignant flow specifying procedure is performed collectively before executing the congestion mitigation detection procedure.

  Thereby, congestion can be alleviated quickly by narrowing all N flows by a certain amount.

  The present invention is characterized in that the communication control performs communication control at a flow rate calculated based on congestion and malignant flow information.

  As a result, it is possible to determine the flow rate while checking the congestion state, so that it is possible to prevent communication control more than necessary and keep the user's throughput as high as possible.

  The present invention is characterized in that the congestion and malicious flow information is collected based on the monitoring packet transmitted from the router.

  As a result, the flow rate suitable for mitigating congestion is known, and only the minimum communication control necessary for mitigating congestion is performed, avoiding excessively narrowing the bandwidth of malicious flows, and maximizing user throughput. Can be retained.

  The present invention is characterized in that the congestion and malicious flow information is a packet loss rate of a router in which the congestion has occurred.

  As a result, the flow rate suitable for mitigating congestion is known, and only the minimum communication control necessary for mitigating congestion is performed, avoiding excessively narrowing the bandwidth of malicious flows, and maximizing user throughput. Can be retained.

  The present invention is a congestion control program for causing the router to execute the congestion control method.

  As a result, the user's convenience can be prevented from being excessively impaired by selecting and controlling the malignant flow that causes congestion.

  The present invention provides a control target network having a plurality of routers that relay a flow, and among the routers, using an ingress router that is an inflow side of a flow and an egress side router that is an exit side of a flow, A congestion control system that controls a malignant flow that causes congestion in a network, wherein the ingress router includes at least a congestion detection unit, a malignant flow identification unit, and a communication control unit, and the outgoing side A router has at least a passing flow notification unit, and the congestion detection unit of the ingress router detects a router in which congestion has occurred based on a monitoring packet transmitted / received to / from the egress router, The passing flow notification unit of the outgoing router identifies the passing flow passing through the congestion from the congestion detected by the congestion detecting unit, and the malicious flow characteristic of the incoming router. The communication flow control unit of the ingress router specifies communication control of the malignant flow specified by the malignant flow specification unit from the passage flow specified by the passage flow notification unit. The router is configured to execute.

  As a result, the user's convenience can be prevented from being excessively impaired by selecting and controlling the malignant flow that causes congestion.

  In the present invention, the ingress router and the egress router are edge routers connected to the outside of the controlled network, and the router in which the congestion has occurred is a core router that is not connected to the outside of the controlled network. It is characterized by.

  As a result, congestion can be controlled without placing a burden on the core router operated by another operator.

  The present invention further includes a control order specifying unit that specifies the order of the malignant flows controlled by the communication control unit when the malignant flow specifying unit specifies a plurality of the malignant flows. It is characterized by.

  As a result, the malignant flow having a high degree of influence on the congestion is preferentially controlled, thereby shortening the time until the congestion is recovered.

  According to the present invention, an edge router identifies a flow that passes through a congestion occurrence point after occurrence of congestion, selectively controls only a relatively high rate flow among the flows, and a flow unrelated to congestion. Therefore, it is possible to appropriately alleviate the congestion that causes a decrease in the service quality of general users while maximizing the network throughput. Furthermore, since the present invention can be implemented without placing a burden on the core router under the control of another operator, there is also an advantage that it can be easily introduced into an operating network.

  Hereinafter, an embodiment of a congestion control system to which the present invention is applied will be described in detail with reference to the drawings. First, the configuration of the congestion control system of this embodiment will be described with reference to FIGS.

  FIG. 1A is a configuration diagram showing the control target network 10. The control target network 10 is a communication network that controls congestion, and includes a communication device 12 (core router 14 and edge router 16) that relays a flow. And the user terminal 18 is a terminal which communicates via the communication apparatus 12, and generates a malignant flow or a benign flow.

  As shown in FIG. 1B, the communication device 12 corresponds to a core router 14 and an edge router 16. The communication device 12 is configured as a computer including at least a memory serving as storage means used when performing arithmetic processing and an arithmetic processing device that performs the arithmetic processing. The memory is constituted by a RAM (Random Access Memory) or the like. Arithmetic processing is realized by an arithmetic processing unit configured by a CPU (Central Processing Unit) executing a program on a memory.

  The core router 14 is the communication device 12 in the control target network, and is not connected to the outside of the control target network 10. The core router 14 may add the congestion state of the own device to the passed packet. The congestion state includes the amount of packets in the queue of the core router 14 and the utilization rate of the output link. This congestion state addition processing simply adds the information acquired by the network management processing already performed by the core router 14 to the packet, and therefore the burden on the core router 14 is small.

  The edge router 16 in FIG. 1C is the communication device 12 in the control target network, and has a connection line with the outside of the control target network 10. The edge router 16 may be attached to a flow that passes a tag that identifies its own device. Note that the edge router 16 pays attention to a specific flow. The ingress edge router 16A (the ingress router in the claims) that is the flow source (upstream) or the egress side that is the flow destination (downstream). The edge router 16B (the outgoing router in the claims) is classified. In general, the control target network 10 includes a plurality of flows. For a predetermined edge router 16, an ingress edge router 16A in the flow A, an egress edge router 16B in the flow B, and the like. The role changes depending on the flow.

  The edge router 16 includes a congestion detection unit 20, a passage flow notification unit 30, a malignant flow specification unit 40, a control order specification unit 60, and a communication control unit 70. FIG. 2 is a diagram for explaining the components of the edge router 16. Focusing on the predetermined flow, the ingress edge router 16A operates the congestion detection unit 20, the malignant flow specification unit 40, the control order specification unit 60, and the communication control unit 70. Then, the outgoing edge router 16B operates the passage flow notification unit 30.

  First, the congestion detector 20 of the ingress edge router 16A detects congestion by sending a monitoring packet to the egress edge router 16B. The passing flow notifying unit 30 of the outgoing edge router 16B specifies a flow that passes the detected congestion and notifies the malicious flow specifying unit 40 of the incoming edge router 16A.

  Then, the malicious flow specifying unit 40 of the ingress edge router 16A selects the malicious flow from the notified flow. The control order specifying unit 60 of the ingress edge router 16A determines the order in which the malignant flow is controlled. The communication control unit 70 of the ingress edge router 16A controls communication of the malicious flow.

  Note that the congestion detection unit 20 may notify the route calculation unit of the occurrence of congestion. The route calculation means operates a routing protocol or the like to create a route table (routing table) indicating a route through which the communication device 12 relays a flow. The route calculation means receives the notification of the occurrence of congestion, and calculates the route so as not to pass through the device or network where the congestion has occurred. The route calculation means may be in a network where congestion has occurred, or may be in another provider network.

  Moreover, the example of a structure of the malignant flow specific | specification part 40 is as follows, for example. The malignant flow specifying unit 40 of the ingress edge router 16A that has received the flow information from the egress edge router 16B starts a timer for a predetermined time. The malignant flow specifying unit 40 holds the information of the outgoing edge router 16B received until the timer for a predetermined time expires in the database. When the predetermined time elapses, the malignant flow identification unit 40 extracts a flow exceeding a preset threshold value from the flows held in the corresponding database. The extracted flow becomes a malignant flow.

  The congestion control processing performed by the edge router 16 described above is shown in the flowchart of FIG. 3 and the configuration diagram of FIG.

  First, the ingress edge router 16A and the egress edge router 16B periodically send and receive monitoring packets to estimate the congestion state of the network from the change in round trip delay time, and the occurrence of network congestion (S10). Is detected (S11).

  Next, the egress edge router 16B specifies a flow that passes through the core router 14 in which the congestion detected in S11 occurs (S12), and the information of the flow (source address, destination address, etc.) is input to the ingress edge router. 16A is notified. Note that the egress edge router 16B may always measure the reception rate for each candidate of the passing flow, and may transmit information on a flow having a relatively high reception rate to the ingress edge router 16A. Thereby, when selecting a malignant flow by S13 mentioned later, the number of candidates can be narrowed down.

  Then, the ingress edge router 16A measures the bandwidth used for each flow based on the specific flow information in S12 notified from the egress edge router 16B, and selects a malignant flow to be controlled. (S13).

  Furthermore, the ingress edge router 16A performs communication control by regulating the transmission rate of the malicious flow selected in S13 (S14). The rate value is determined based on, for example, a change in the round-trip delay time of the monitoring packet, thereby reducing congestion with a minimum rate restriction.

Hereinafter, the method of the congestion detection process (S11) will be specifically described. The edge router 16 detects congestion by any one of the following methods. Note that the following schemes are merely examples and are not limited to the schemes listed in the present embodiment.

  Method 1-A is a method in which the congestion detection unit 20 generates a monitoring packet, and periodically transmits and receives the monitoring packet between predetermined devices. At this time, the packet loss rate of the route between the two routers can be estimated on the receiving side by adding the sequence number and information capable of identifying the transmitting side device to the monitoring packet. By determining whether or not the packet loss rate exceeds the threshold C1, congestion is detected (see FIG. 5). Thereby, congestion can be detected without adding a function to the core router 14.

  Method 1-B is a method in which the congestion detection unit 20 generates a monitoring packet, and periodically transmits and receives the monitoring packet between predetermined devices. At this time, by adding information that can identify the packet transmission time and the transmission side device to the monitoring packet, the delay time of the packet of the route between the two routers can be estimated on the reception side. Congestion is detected by determining whether or not this delay time (RTT: Round Trip Time) exceeds a threshold C1. Thereby, congestion can be detected without adding a function to the core router 14.

  In Method 1-C, the congestion detection unit 20 constantly transmits and receives monitoring packets between devices, and each core router 14 to which the packets are transferred describes the congestion state of the device itself. In the receiving device of the packet, it is determined whether the congestion state exceeds the threshold C1. When the threshold value is exceeded, it is determined that congestion has occurred in the corresponding core router 14. As a result, the degree of congestion of the core router 14 is directly measured and notified to the congestion detection unit 20, so that it is possible to know accurate information on the location where the congestion has occurred without imposing a burden on the core router 14.

  The identifiable information may be, for example, a ToS (Type of Service) field of an IP (Internet Protocol) header, a flow label of an IPv6 header, or an MPLS (Multi-Protocol Label Switching) label.

  In methods 1-A to 1-C, for example, the address of the monitoring packet receiving device is used as the destination address of the monitoring packet. As a result, the amount of processing for creating the monitoring packet can be reduced, so that even a low-performance CPU can perform the calculation.

  On the other hand, in method 1-A to method 1-C, a plurality of flows are extracted from flows passing through a device that generates a monitoring packet as a monitoring packet destination address, and the destination address of the flow is monitored. May be used as the destination address of the packet. As a result, congestion can be detected even when a plurality of routes exist between specific edges due to load balance between core routers.

Hereinafter, the method of specifying the passage flow (S12) will be described in detail. The edge router 16 specifies the passing flow by any one of the following methods. Note that the following schemes are merely examples and are not limited to the schemes listed in the present embodiment.

  In method 2-A, the ingress edge router 16A performs tagging (tagging) on the passing packet (see FIG. 6). Information that can identify the incoming edge is given to this tag. The apparatus provided with the passing flow notification unit 30 measures the reception rate from the network side and discriminates the flow passing through the route determined to be congested from the given tag among the flows having a relatively high rate. Is transmitted to the ingress edge router 16A. As a result, the edge router 16 needs a function of adding a tag to the packet, but the ingress edge router 16A through which the passing flow has passed can be identified without depending on the routing domain.

  In Method 2-B, a reception rate from the network side is measured, a source address of a flow having a relatively high rate is acquired, and a route determined to be congested from the address information and information held by the routing protocol The flow passing through the core router 14 in which congestion occurs is transmitted to the ingress edge router 16A. As a result, the ingress edge router 16A through which the flow has passed can be identified from the information held by the protocol without adding a new process to the transfer process that is already in operation.

  Hereinafter, the method of specifying the malignant flow (S13) will be specifically described. The edge router 16 identifies one of the following flows as a malignant flow. Note that the following schemes are merely examples and are not limited to the schemes listed in the present embodiment.

  The edge router 16 is a flow whose duration is higher than the reference value and the average rate is higher, a flow whose average rate is higher than the reference value and whose peak rate is higher, a flow whose average rate and peak rate are higher than the reference value, or within a certain period of time A flow in which the number of packets arriving at is greater than the reference value is identified as a malignant flow.

Hereinafter, the method of the malignant flow control process (S14) will be described in detail. The edge router 16 controls the malicious flow by any one of the following methods. Note that the following schemes are merely examples and are not limited to the schemes listed in the present embodiment.

  Method 3-A is a method in which the communication control unit 70 sequentially controls N malignant flows. That is, when communication control is performed on the specified N malignant flows, the control order specifying unit 60 receives information on the N malignant flows from the malignant flow specifying unit 40, determines the order of communication control, and follows the order. The malignant flow identification unit 40 issues a communication control instruction, the malignant flow identification unit 40 issues a communication control instruction to the target communication control unit 70, and the communication control unit 70 performs communication control. In the meantime, the control order specifying unit 60 receives information on the congestion state from the congestion detection unit 20 and instructs communication control in order until the congestion is alleviated. If the congestion is not alleviated, an instruction is issued to the malignant flow identification unit 40 corresponding to the communication control unit 70 in the next order.

  The order in which the malignant flow is controlled is, for example, the flow information received from the malignant flow specifying unit 40 in the order of large flow, dictionary sequence, the order calculated by the round robin algorithm, or the network collected by the control order specifying unit 60 The order determined from information.

  Accordingly, by confirming the congestion state of the communication device 12 in which congestion has occurred in the process of sequentially controlling the flows, the flow causing the congestion can be identified, and at the same time, communication control of unrelated flows can be avoided.

  Method 3-B is a method in which the communication control unit 70 controls N malignant flows in a batch and then sequentially controls them. That is, when communication control is performed on the specified N number of malignant flows, the control order specifying unit 60 determines the order of communication control of the N number of malignant flows, and first performs communication control of a certain amount of all the N flows. Then, a communication control instruction is issued to the malignant flow identification unit 40 by method 3-A.

  Thereby, congestion can be alleviated quickly by narrowing all N flows by a certain amount.

  Method 3-C is a method in which calculation of the flow rate and control at the flow rate are repeated until the communication control unit 70 relieves congestion. That is, when communication control is performed on the identified N malignant flows, the control order specifying unit 60 refers to the information on the congestion state confirmed by the congestion detection unit 20 by the control order specifying unit 60, and the information Using the malignant flow information received from the flow specifying unit 40 as a parameter, a flow rate after determining the control of each malignant flow is determined using a flow rate calculation algorithm, and communication is performed with the malignant flow specifying unit 40 so as to control communication at that flow rate. A control instruction is issued, and then the malignant flow identification unit 40 issues a communication control instruction to the communication control unit 70.

  Specifically, while the communication control unit 70 performs communication control, while confirming the latest congestion state, instructions for communication control are sequentially issued to the communication control unit 70 until the congestion state is resolved. The order in which the malignant flow is controlled is, for example, the flow information received from the malignant flow specifying unit 40 in the order of large flow, dictionary sequence, the order calculated by the round robin algorithm, or the network collected by the control order specifying unit 60 The order determined from information.

  The flow rate calculation algorithm is as follows, for example. First, when the measurement rate of the selected flow is Ri, each flow is band-controlled at a rate of α · Ri. Here, α is a real number not less than 0 and less than 1. The monitoring packet is observed T2 hours after the bandwidth control is performed, and it is determined whether the threshold of the packet loss rate (delay time, in-queue packet amount) is below C1. If it is below, it is considered congestion relief. When the threshold value C1 is exceeded, the bandwidth control rate is further multiplied by α (that is, α × Ri × α) for each flow to perform bandwidth control, and the same processing as waiting for T2 time is performed. .

  As a result, it is possible to determine the flow rate while checking the congestion state, so that it is possible to prevent communication control more than necessary and keep the user's throughput as high as possible.

  Method 3-D is a method in which the communication control unit 70 monitors a congestion state with a monitoring packet and performs control at a flow rate suitable for the congestion state. That is, when controlling the specified N number of malicious flows, a monitoring packet such as ping is skipped from the edge router 16, and the malicious flow specifying unit 40 monitors a network congestion state and is suitable for reducing congestion. The rate is calculated using the flow rate calculation algorithm to control communication of the malignant flow.

  As a result, the flow rate X [bps] suitable for alleviating the congestion is known, and as a result, only the minimum communication control necessary for alleviating the congestion is performed to avoid narrowing the bandwidth of the malignant flow, User throughput can be kept as high as possible.

  Method 3-E is a method in which the communication control unit 70 controls the flow rate calculated from the packet loss rate. In other words, when communication control is performed on the identified N malicious flows, the control order specifying unit 60 refers to the packet loss rate information of the core router 14 in which congestion occurs, which is periodically measured by the congestion detection unit 20. By calculating the flow rate X [bps] to be controlled using the flow rate calculation algorithm, the malignant flow is subjected to communication control at an appropriate flow rate.

  As a result, the flow rate suitable for mitigating congestion can be found, and as a result, only the minimum communication control necessary for mitigating congestion can be performed, avoiding excessively narrowing the bandwidth of malignant flows, and reducing user throughput. It can be kept as high as possible.

  In the method 3-A to the method 3-E, a plurality of communication controls may be performed in parallel, or may be performed according to the order determined by the control order specifying unit 60. The order in which the malignant flow is controlled is, for example, the flow information received from the malignant flow specifying unit 40 in the order of large flow, dictionary sequence, the order calculated by the round robin algorithm, or the network collected by the control order specifying unit 60 The order determined from information.

  The present invention described above can be widely modified without departing from the spirit thereof as follows.

  For example, the order determination process for controlling the malignant flow may be omitted. As an example that needs to be omitted, when only one malignant flow is found, there is a case where an urgent recovery is required so that a recovery time for controlling the malignant flows one by one cannot be obtained. When the order determination is omitted, communication control is performed simultaneously for a plurality of malignant flows (S14). As a result, it is possible to shorten the time required for network recovery by congestion control.

  Further, a plurality of components of the edge router 16 may exist by starting a plurality of processes. Thereby, even when large-scale congestion occurs, data parallel processing between a plurality of components can be realized, and the time required to suppress the congestion can be shortened.

  Furthermore, the format of the control target network 10 (line type, communication protocol, etc.) is not limited to a specific one. For example, the control target network 10 is a circuit switching network such as TDM (Time Division Multiplexing) or WDM (Wavelength Division Multiplexing), or an MPLS network that labels and transfers IP, Ethernet (registered trademark), and IP packets. Also good. Each communication apparatus is connected by a logical path provided by setting a lower layer path positioned relatively lower than the network layer in which the node exists. For example, the communication device 12 may be an MPLS router of an MPLS network or a router of a packet network.

It is a block diagram which shows the control object network regarding one Embodiment of this invention. It is a block diagram which shows the edge router regarding one Embodiment of this invention. It is a flowchart which shows the congestion control process regarding one Embodiment of this invention. It is a block diagram which shows the control object network regarding one Embodiment of this invention. It is explanatory drawing of the detection process of the congestion by the packet loss rate regarding one Embodiment of this invention. It is explanatory drawing of tagging of the packet regarding one Embodiment of this invention. It is explanatory drawing which shows a fixed amount of shaping processing. It is explanatory drawing which shows the bandwidth control process which designated the port number.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 Control object network 12 Communication apparatus 14 Core router 16 Edge router 16A Incoming edge router 16B Outgoing edge router 20 Congestion detection part 30 Passing flow notification part 40 Malignant flow specific part 60 Control order specific part 70 Communication control part

Claims (17)

In a controlled network having a plurality of routers that relay a flow, an outbreak occurred in the controlled network using an ingress router that is an inflow side of the flow and an egress router that is an exit side of the flow among the routers A congestion control method for controlling malignant flows that cause congestion,
The ingress router has at least a congestion detection unit, a malicious flow identification unit, and a communication control unit, and the egress router has at least a passing flow notification unit,
A congestion detection procedure in which the congestion detection unit of the ingress router detects a router in which congestion has occurred based on a monitoring packet transmitted / received to / from the egress router;
The passing flow notifying unit of the outgoing router specifies a passing flow passing through the congestion from the congestion detected by the congestion detecting procedure, and
The malignant flow identifying unit of the ingress router identifies the malignant flow from the passing flow identified by the passing flow notification procedure;
A communication control procedure in which the communication control unit of the ingress router executes communication control of the malignant flow specified by the malignant flow specifying procedure for the router;
The congestion control method characterized by performing. The ingress router and the egress router are edge routers connected to the outside of the controlled network,
The congestion control method according to claim 1, wherein the router in which the congestion has occurred is a core router that is not connected to the outside of the controlled network.   When the malignant flow specifying procedure specifies a plurality of malignant flows, the ingress router further executes a control order specifying procedure for specifying the order of the malignant flows controlled by the communication control procedure. The congestion control method according to claim 1 or 2.   The congestion control method according to any one of claims 1 to 3, wherein the congestion detection procedure detects congestion when a packet loss rate of the monitoring packet exceeds a threshold value.   The congestion control method according to any one of claims 1 to 3, wherein the congestion detection procedure detects congestion when a response delay time of the monitoring packet exceeds a threshold value.   4. The congestion detection procedure according to claim 1, wherein the congestion detection procedure detects congestion when a congestion state described by a router in which the congestion has occurred in the monitoring packet exceeds a threshold value. The congestion control method described.   The said passing flow notification procedure specifies the said passing flow of the congestion detected by the said congestion detection procedure from the tag which identifies the said ingress | route side router provided to the packet, The Claim 1 thru | or 6 characterized by the above-mentioned. The congestion control method according to any one of the above items.   The said passing flow notification procedure specifies the said passing flow of the congestion detected by the said congestion detection procedure from the transmission source address information of a packet and the information which a routing protocol hold | maintains, The Claim 1 thru | or 6 characterized by the above-mentioned. The congestion control method according to any one of the above.   The said router further performs the congestion mitigation detection procedure which carries out communication control of the said malignant flow in order until congestion is relieved according to the order which the said control order specific procedure determined. Congestion control method.   The congestion control method according to claim 9, wherein communication control is performed for a plurality of the malignant flows identified by the malignant flow identification procedure before executing the congestion mitigation detection procedure.   The congestion control method according to claim 10, wherein the communication control is performed at a flow rate calculated based on congestion and malignant flow information.   The congestion control method according to claim 11, wherein the congestion and malicious flow information is collected based on the monitoring packet transmitted from the router.   The congestion control method according to claim 11, wherein the congestion and malicious flow information is a packet loss rate of a router in which the congestion has occurred.   A congestion control program for causing the router to execute the congestion control method according to any one of claims 1 to 13. In a controlled network having a plurality of routers that relay a flow, an outbreak occurred in the controlled network using an ingress router that is an inflow side of the flow and an egress router that is an exit side of the flow among the routers A congestion control system that controls malignant flows that cause congestion,
The ingress router has at least a congestion detection unit, a malicious flow identification unit, and a communication control unit, and the egress router has at least a passing flow notification unit,
The congestion detection unit of the ingress router detects a router in which congestion has occurred based on a monitoring packet transmitted / received to / from the egress router,
The passing flow notifying unit of the outgoing router identifies the passing flow passing through the congestion from the congestion detected by the congestion detecting unit,
The malignant flow identification unit of the ingress router identifies the malignant flow from the passage flow identified by the passage flow notification unit,
The congestion control system, wherein the communication control unit of the ingress router is configured to execute communication control of the malicious flow specified by the malicious flow specifying unit for the router. The ingress router and the egress router are edge routers connected to the outside of the controlled network,
The congestion control system according to claim 15, wherein the router in which the congestion has occurred is a core router that is not connected to the outside of the control target network.   The ingress router further includes a control order specifying unit that specifies the order of the malignant flows controlled by the communication control unit when the malignant flow specifying unit specifies a plurality of the malignant flows. The congestion control system according to claim 15 or claim 16.

Images