JP5883926B2 - Management server and flow processing method - Google Patents

Description

Import by reference

  This application claims the priority of Japanese Patent Application No. 2012-87799 filed on April 6, 2012, and is incorporated herein by reference.

  The present invention relates to a management server and a flow processing method.

In a multi-tenant network system that accommodates a plurality of tenants, the number of tenants accommodated is increasing, and the scale of the network system is also increasing. Since each tenant flows its own flow on the network system without considering other tenants, a large number of flows tend to concentrate on specific switches in the network system.
A flow is a logically distinct unit of traffic (a group). For example, a set of frames with the same source address and destination address set is divided into one same flow.

  As described in Non-Patent Document 1, for a plurality of flows flowing on the network system, means for measuring the traffic of the flows as measured data is mounted on each switch in the network system. As a result, the administrator who has obtained the measured data of each switch can identify the switch where the flow is concentrated in the network system, and change the concentrated switch to a high-performance switch. Overall congestion can be avoided.

  On the other hand, as another means for avoiding congestion, a Fat Tree configuration of a network topology may be used. By using multipaths in the Fat Tree configuration, it is possible to simultaneously use a plurality of paths as paths for transmitting the same flow, and it is possible to suppress the concentration of traffic to a specific switch on the path route. .

Cisco Systems, “Cisco Systems NetFlow Services Export Version 9”, IETF, [March 23, 2012 search], Internet <URL: http://www.ietf.org/rfc/rfc3954.txt>

  The actual measurement data of each switch in the network system is data indicating the communication status of the network system with high accuracy, but the actual measurement cost is high. This is because the actual measurement means shown in Non-Patent Document 1 and the like is prepared in advance in all the switches of the network system, and the processing capability of each switch is not only the data transfer process that is the original task of each switch but also the transferred data. This is because the processing capability for operating the actual measurement processing of the quantity is necessary.

  In particular, what is more expensive in the data amount measurement process is the process of specifying the flow to which each data frame belongs than in the process of acquiring the data amount of each data frame. Since the flow specific information to which each data frame belongs is stored at various frame positions in each data frame, the flow specific information position specifying process or the flow specific information from the specified position is read. By performing the processing for each of a large number of data frames, the data amount actual measurement processing becomes a heavy load.

  On the other hand, instead of using the actual measurement data of each switch, a method of creating prediction data of the communication amount of each switch is also examined. With this prediction data, it is not necessary to operate a data amount actual measurement process, so traffic data of the network system can be acquired at low cost.

  However, while the cost is low, the prediction data created from the past statistical data of each switch can only obtain low-precision traffic data. This is because there is a great difference in the contents and number of operating flows between the past and the present, and the communication status of the network system is greatly affected by the currently operating flows.

  Accordingly, the main object of the present invention is to solve the above-described problems and obtain highly accurate data indicating the communication status of the network system at a low cost.

In order to solve the above-mentioned problem, the present invention is a flow processing method by a management server that processes a traffic amount of a flow defining communication of a data frame in a tunneling environment from a transmission source device to a destination device,
The management server is
For each flow, collect flow identification information for identifying the flow and the traffic volume of the identified flow from the transmission source device,
From the switch located on the path of the flow from the transmission source device to the destination device, the path specification information about the path through which the flow configured between the switches passes, and the flow specification information of the flow passing through the path Collect flow / path correspondence information that can be used to derive correspondence relationships with
Using the flow identification information collected from the transmission source device as a key, search from the flow route information including the route through which the path specified by the path identification information derived by searching the flow / path correspondence information is derived and the route map By performing a process for obtaining the traffic volume of the group grouped according to a predetermined standard corresponding to the flow specifying information, at least creating the traffic volume flowing through each link of the route map as traffic estimation data Features.
Other means will be described later.

  ADVANTAGE OF THE INVENTION According to this invention, the highly accurate data which show the communication condition of a network system can be acquired at low cost.

It is a block diagram which shows the network system regarding one Embodiment of this invention. It is explanatory drawing which shows the transmission process of the data frame in the tunneling environment regarding one Embodiment of this invention. It is a block diagram which shows the hardware constitutions of each apparatus of the network system regarding one Embodiment of this invention. 3A shows the hardware configuration of the apparatus, and FIG. 3B shows an ID address correspondence table. It is a block diagram which shows the function structure of each apparatus of the network system regarding one Embodiment of this invention. It is a block diagram which shows the detail of the function structure of FIG. 4 regarding one Embodiment of this invention. It is a flowchart which shows the traffic estimation process regarding one Embodiment of this invention. It is a block diagram which shows the detail of each table of FIG. 5 regarding one Embodiment of this invention. FIG. 7A shows a flow information individual table, and FIG. 7B shows each table read by the traffic estimation unit. It is a block diagram which shows the detail of each table of the network system regarding one Embodiment of this invention. FIG. 8A shows a path route table, and FIG. 8B shows a traffic estimation table. It is a flowchart which shows the transmission process of the data frame of the network system regarding one Embodiment of this invention. It is a flowchart which shows the route change process of the network system regarding one Embodiment of this invention. It is a graph which shows the flow traffic volume for every link regarding one Embodiment of this invention. FIG. 11A shows the state before the route is changed, and FIG. 11B shows the time when the route is changed. It is explanatory drawing which shows the path | route for every flow regarding one Embodiment of this invention. 12A shows that congestion has occurred in the link L41 (between ASW2a and TSW3d), and FIG. 12B shows that congestion has been avoided by changing the route of the flow f3.

  Hereinafter, an embodiment of the present invention will be described in detail with reference to the drawings.

FIG. 1 is a configuration diagram showing a network system. The network topology of each device illustrated in FIG. 1 is merely an example, and the number of devices and the connection configuration between the devices may be different configurations.
In the network system, ASW2 (2a to 2c) that is an aggregation switch, TSW3 (3a to 3d) that is a ToR (Top of Rack) switch, and a physical machine 7 are linked to each of links (L11 to L13, L21 to L23, L31 to L33, L41 to L43, and L91 to L94). That is, the communication device of the network system includes each device (ASW2, TSW3, physical machine 7) and a link between the devices.

  The management server 1 is connected to each physical machine 7 in order to estimate the amount of flow that passes through each link in the network system. Here, the flow is a collection of information of data frames having common attributes transferred within the network system.

Each ASW 2 has a Fat Tree configuration connected to each TSW 3 with a full mesh, and each TSW 3 accommodates one physical machine 7. In the physical machine 7, VSW8 and VM9, which are virtual machines constructed by software using hardware resources, are configured.
VSW8 (8a to 8d) is a virtual switch connected to TSW3, and VM9 (VM911 to 913, VM921 to 923, VM931 to 933, VM941 to 943) is a virtual computer accommodated in VSW8.
A flow is a data frame transferred from one VM 9 to another VM 9. The starting point (source) and end point (destination) of the flow are not limited to the VM 9 and may be other devices (ASW2, TSW3, physical machine 7, VSW8).

FIG. 2 is an explanatory diagram showing data frame transmission processing in a tunneling environment.
The flow f1 is a flow that sequentially passes from the transmission source: VM911 → VSW8a → TSW3a → ASW2a → TSW3d → VSW8d → VM941 (see also FIG. 12A described later).
Each data frame of the flow f1 includes, in addition to data and a footer, a VMSA (Virtual Machine Source Address) indicating a transmission source of the flow f1 as information for specifying the flow of the flow f1 (hereinafter, flow specifying information), a flow A pair with a VMDA (Virtual Machine Destination Address) indicating the destination of f1 is attached to the header.

  The flow f1 is transferred using a path that is a VXLAN (Virtual eXtensible Local Area Network) tunnel (path that passes in the order of VSW8a → TSW3a → ASW2a → TSW3d → VSW8d). In each data frame passing through this path, VSSA (Virtual Switch Source Address) indicating the transmission source of the path and VSDA (VSDA ( A pair with (Virtual Switch Destination Address) is encapsulated in the header.

Each address information (VMSA, VMDA) may be a device address assigned to each virtual machine or an interface address assigned to each network interface accommodated by the virtual machine.
Furthermore, although flow specific information and path specific information are expressed as a combination of address information, the specific information includes a source / destination MAC (Media Access Control) address, a source / destination IP address, a source / destination port number, Information indicating a difference in communication of a specific target, such as a UUID (Universally Unique Identifier) of a device and a protocol number, may be configured alone or as a combination of a plurality of pieces of information.
In addition, each parameter of these enumerated specific information is an example to the last, It is not limited to the enumerated parameter, You may use arbitrary parameters as specific information.
The tunnel is not necessarily VXLAN, and may be another tunnel system in which a header is newly added to the original frame format.

FIG. 3 is a configuration diagram showing a hardware configuration of each device of the network system.
Each device shown in FIG. 3A includes a CPU 111, a memory 112, a storage device 113, an external medium reading device 114, a communication device 115, an input device 116, an output device 117, and one or more ports 118. Are configured as computers connected by an internal bus.
In the memory 112, a program and data being executed are recorded. Programs and data in each device may be stored in the memory 112 in advance, may be stored in the storage device 113, or may be input from the external medium reading device 114. Further, the function realized by the corresponding program may be realized by dedicated hardware.
Examples of the storage medium handled by the external medium reading device 114 include an SD memory card and a CD-ROM.
The port 118 is a network interface for communicating with other devices, and performs communication based on, for example, the Ethernet (registered trademark) standard defined by IEEE802.3.

  The ID address correspondence table shown in FIG. 3B is data stored in the storage device 113 of each device shown in FIG. The ID address correspondence table is a table in which “machine ID” in the left column and “machine address (2 digits × 6 MAC addresses are illustrated in the figure)” in the right column are associated with each other on a 1: 1 basis.

  Instead of each piece of address information (VMSA, VMDA, VSSA, VSDA) in the data frame transmitted by itself, the device uses the “machine ID” associated with the ID address correspondence table by reversible conversion from these pieces of address information. By describing in the frame, the data amount of the data frame can be compressed. In the ID address correspondence table, one ID may be associated with a combination of a plurality of address information.

FIG. 4 is a configuration diagram showing a functional configuration of each device of the network system. FIG. 4 is a drawing for enumerating the components of each device, and details of each component will be made clear from FIG.
The management server 1 includes an OS 11, a transfer unit 12, a transfer table 13, a path route table 14, a traffic management unit 15, and a route management unit 16.
The physical machine 7 includes an OS 71, a transfer unit 72, a transfer table 73, a traffic measurement unit 74, a VSW 8, and a VM 9.

The VSW 8 includes a management server communication unit 81, a path control unit 82, a DA correspondence table 83, a tunnel processing unit 84, and a VSW control unit 85.
The VSW control unit 85 is a virtual switch configured as a virtual computer capable of executing the functions of a computer with software using components on the physical machine 7 such as the CPU 111, the memory 112, and the communication device 115. SW is controlled.

The VM control unit 91 reads a VM disk image 92 stored in a storage device 113 that is built in or externally connected to the physical machine 7, uses the CPU 111 of the physical machine 7 and a partial area of the memory 112, and physically Inside the machine 7, a VM 9 is generated as a virtual machine that can execute the function of a computer with software.
Since the VM 9 is connected to the bus of the physical machine 7, each interface (external medium reading device 114, communication device 115, input device 116, output device 117) of the physical machine 7 can be used.

FIG. 5 is a block diagram showing details of the functional configuration of FIG. Details of each component shown in FIG. 5 (input / output relationship indicated by arrows in FIG. 5 and the like) will be clarified in FIG. 6 and subsequent figures.
The traffic measurement unit 74 includes a flow information measurement unit 41, a flow information individual table 42, and a management server communication unit 43.
The traffic management unit 15 includes a physical machine communication unit 51, a flow information recording unit 52, a flow information aggregation table 53, a traffic estimation unit 54, a traffic recording unit 55, a traffic estimation table 56, and a path change determination unit 57. And have.
The route management unit 16 includes a physical machine communication unit 61, a path route management unit 62, a DA correspondence table 63, a VM accommodation management table 64, an SA correspondence table 65, and a route map 66. The route management unit 16 collects this information from each device.
The route map 66 is data indicating a network topology (links between devices).

FIG. 6 is a flowchart showing traffic estimation processing.
In S <b> 201, the flow information measurement unit 41 records the amount of traffic transmitted from the VSW 8, that is, the number of data frames in a predetermined time, in the flow information individual table 42.
In S202, the management server communication unit 43 reads the traffic amount recorded in the flow information individual table 42 in S201, and transmits it to the management server 1 at regular intervals in association with the flow identification information.

In S <b> 203, the physical machine communication unit 51 passes the traffic amount information received in S <b> 202 to the flow information recording unit 52.
In S204, the flow information recording unit 52 writes the information received in S203 into the flow information aggregation table 53 (details are described in FIG. 7A).

In S205, the traffic estimation unit 54 determines the flow information aggregation table 53, the path route table 14, the DA correspondence table 63, the VM accommodation management table 64 (see FIG. 5), and the SA correspondence table 65 (see FIG. 5). The route map 66 is read.
In S206, the traffic estimation unit 54 calculates a communication amount for each flow specifying information based on each table read in S205 (for details, see FIG. 7B and FIG. 8).
In S207, the traffic estimation unit 54 passes the calculation result of S206 to the traffic recording unit 55.
In S208, the traffic recording unit 55 writes the calculation result of S207 into the traffic estimation table 56.

FIG. 7 is a block diagram showing details of each table in FIG.
The flow information individual table 42 in FIG. 7A stores the flow traffic for each flow specifying information (combination of VMSA and VMDA) in time series (time = t, t + 1, t + 2,...). With respect to the flow communication amount in the flow information individual table 42, stored data may be continuously accumulated, or data older than a predetermined period may be deleted. Further, the value of the flow communication amount may be the sum of the data amounts of all the data frames in a predetermined period (such as the period from time = t to time = t + 1), or the average of the data amounts obtained by dividing the sum by the data frames. It may be a value.
In addition, the expression method of time t is arbitrary and may represent date and time. Also, the time measurement intervals indicated as t + 1, t + 2,... Are not limited to certain intervals, and may be arbitrary intervals. For example, it may be 100 milliseconds or 1 second or 10 seconds.

  Since the flow information individual table 42 is created for each physical machine 7 to be accommodated, the flow information individual table 42 in the first physical machine 7 that is the transmission source of the flow f1 and the transmission source of the flow f2. The contents may differ from the flow information individual table 42 in the second physical machine 7.

In S204, the flow information aggregation table 53 written by the flow information recording unit 52 is a table in which the management server 1 aggregates the data contents of one or more flow information individual tables 42, and the stored data format is individual flow information. The same as the table 42.
As in the flow information individual table 42, the information in the flow information aggregation table 53 may be updated at regular intervals or may be stored in the past. The flow information aggregation table 53 may be divided into a plurality of tables instead of a single table.

  FIG. 7B shows each table read by the traffic estimation unit 54 in S205. The contents of each table are continuously updated in response to the notification from the end node VSW 8 of the path according to the setting status of the path that changes every moment. Hereinafter, the traffic estimation unit 54 clarifies the details of the process of specifying the path specifying information of the path through which the flow passes (hereinafter referred to as the path solving process) based on the flow specifying information.

The VM accommodation management table 64 is correspondence data between the VSW 8 (the VSID that is the device ID) accommodated in the same physical machine 7 and the VM 9, and is a table showing the accommodation relationship between the VSW 8 and the VM 9. For example, although three VMs 9 (VMs 911 to 913) are accommodated in the VSW 8a in FIG. 1, this accommodation relationship is reflected in the records in the first to third rows in the VM accommodation management table 64. Yes.
The traffic estimation unit 54 refers to the VM accommodation management table 64 to resolve the path specifying information (VSID) from the flow specifying information (VMSA).

The DA correspondence table 63 is a table showing a correspondence relationship between the VM 9 indicated by the VMDA and the VSW 8 (VSDA) in which the VM 9 is accommodated. The traffic estimation unit 54 refers to the DA correspondence table 63 to resolve the path identification information (VSDA) from the flow identification information (VMDA).
For example, the VMDA of the flow f1 is the VM 941, and the VM 941 is accommodated in the VSW 8d. Therefore, the correspondence relationship between the VMDA “VM 941” and the VSDA “VSW 8d” is described in the third row of the DA correspondence table 63. Yes.

The SA correspondence table 65 is a table showing the correspondence between the VSID that is the ID of the VSW 8 and the VSSA assigned to the VSW 8. The reason why three VSSAs (VSW8a1 to VSW8a3) are assigned to one VSW8 (for example, VSW8a) is because ASW2 through which paths associated with each VSSA pass is different.
The traffic estimation unit 54 refers to the SA correspondence table 65 to resolve the path specifying information (VSSA) from the path specifying information (VSID).

  As described above with reference to FIG. 7, the traffic estimation unit 54 uses the DA correspondence table 63, the VM accommodation management table 64, and the SA correspondence table 65 to identify the flow identification information (if flow f1, VMSA “VM911”, VMDA “VM941”). )), The path identification information (VSSA “VSW8a1”, VSDA “VSW8d”) can be resolved. The resolved path specifying information is a header that is encapsulated in a flow, as described in FIG.

FIG. 8 is a configuration diagram showing details of each table of the network system.
The path route table 14 in FIG. 8A is a table in which, for each path specifying information, the route through which the path passes is described in the order of the link that passes. For example, the first line of the path route table 14 describes that the path specifying information (VSSA “VSW8a1”, VSDA “VSW8d”) through which the flow f1 passes passes in the order of link L11 → link L41. ing.
In addition, the path route table 14 is another information that can specify the path route instead of holding the path route itself as information associated with the path specifying information (a path determination function held by the ASW2 or TSW3, The path of the path using specific information as an argument may be associated.

  The traffic estimation table 56 in FIG. 8B stores, for each link indicated in the route map 66, the traffic (flow communication amount) flowing through the link for each component indicated by the flow specifying information. In FIG. 8B, as the “flow traffic” column, only the time = t column is shown, but in actuality, as with the flow information aggregation table 53, a time-series column ( time = t, t + 1, t + 2,.

  For example, in the first row (the link L11 row) of the traffic estimation table 56, the flow identification information of the flow flowing in the link L11 is “VM911 → VM943 flow f1”, and the flow traffic amount of the flow f1 alone is Since it is “100” and there is no other flow flowing in the link L11, it is described that the total amount of flow traffic is also “100”.

In S206, the traffic estimation unit 54 specifies the record of the link L11 and the record of the link L41 by referring to the path route table 14 as a record in the traffic estimation table 56 for registering the flow traffic of the flow f1. . Then, the traffic estimation unit 54 stores the flow identification information of the flow f1 and the flow traffic of the flow f1 in association with each of the identified records of the links L11 and L41.
That is, the traffic estimation unit 54 creates the traffic estimation table 56 by performing an operation for obtaining the amount of flow traffic for each link through which the path passes based on the path identification information solved from the flow identification information.

  The flow traffic volume to be calculated may not be for each link, but may be the total value of each flow traffic volume or the traffic volume of a flow related to a specific tenant. That is, here, the record of the traffic estimation table 56 is a record for each link, but not only the link but also a record for each device (ASW2, TSW3) connected by the link may be added to the traffic estimation table 56. . In this case, the traffic estimation unit 54 may create the traffic estimation table 56 by performing a calculation for obtaining the amount of flow traffic for each link and each device through which the path passes. The flow communication amount obtained for each link or device may be a total value of flows grouped according to a predetermined standard. For example, the total value of each flow communication amount may be used, or the communication amount of a flow related to a specific tenant over a plurality of links may be used.

The traffic estimation unit 54 considers the delay time associated with the flow communication on the upstream side (L11) and the downstream side (L41) of the flow f1 as the time to add the flow communication amount “100” of the same flow f1. May be.
For example, if the delay time is not considered, the flow traffic amount “100” is added to the time = t column of the link L11 and the time = t column of the link L41, but the link L11 is considered when the delay time is considered. The amount of flow traffic “100” is added to each of the time = t field and the time = t + 2 field of the link L41 (in this case, L41 is delayed by time = 2 than L11). .

  The details of the process of creating the traffic estimation table 56 by the traffic estimation unit 54 have been described above. The management server 1 can utilize this traffic estimation table 56 for various purposes as described below. Hereinafter, three uses of the traffic estimation table 56 will be exemplified.

The first application is network monitoring. The management server 1 reads the traffic amount information in the traffic estimation table 56 from, for example, the management server 1 and provides a GUI (Graphical User Interface) that is displayed on a display device built in or connected to the management server 1. In this GUI display, for example, each flow passing on the network as shown in FIG. 12 is displayed, or the total amount of flow traffic in the traffic estimation table 56 is displayed on each link in the network topology diagram as shown in FIG. Or display.
Then, the GUI may be displayed in such a manner that all flows are shown separately. For example, traffic of the own tenant, traffic of other tenants, and surplus traffic may be displayed. The information to be displayed may be acquired from each physical machine 7 instead of being acquired from the management server 1.

  This GUI display makes it clear which route the traffic between which end nodes flows, so even if congestion or failure occurs, the affected end node can be immediately identified. be able to.

The second application is automatic fault detection. The management server 1 separately acquires actual traffic volume measurement data from each switch (ASW2, TSW3, VSW8) in addition to the estimation data of the traffic estimation table 56. In an actual network, the estimated data and the measurement data may be different due to a failure or the like. Therefore, the management server 1 can perform verification, for example, by detecting a failure or a mistake in a route rule by comparing data contents (such as traffic type and amount) with the estimated data and the measured data. .
In this case, the management server 1 may be connected not only to each physical machine 7 but also to ASW 2 and TSW 3.

Thus, by grasping which flow is flowing through which location in the network system, the range of influence can be specified when congestion or failure occurs in the network system.
On the other hand, as a comparative example, Japanese Patent Application Laid-Open No. 2007-189615 describes that when a failure or congestion occurs, information is acquired from a network device and its influence range is analyzed. However, the network range that can be collected is limited only by using the actual traffic volume measurement data without using the estimated data of the traffic estimation table 56, and therefore the range of influence when congestion or failure occurs is specified. Is difficult.

  A third application is a flow path change. By referring to the traffic estimation table 56, the flow traffic amount for each link is known in time series, so that it is possible to detect that a certain link is congested at a current time or a certain time in the future. For example, in FIG. 8B, the communication amount of the link L41 at time = t is a high load as the total of three flows (310). Therefore, congestion can be suppressed by moving (changing the route) at least one of the flows that pass through the link L41 to a path that does not pass through the L41. The details of the flow path change, which is the third application, will be described with reference to FIGS.

  FIG. 9 is a flowchart showing data frame transmission processing in the network system. FIG. 9 shows processing of the physical machine 7 on the transmission side (apparatus that accommodates the VSW 8a) in the flow f1.

In S101, the VM 911 transmits the data frame of the flow f1 (VMSA = VM911, VMDA = VM941) to the tunnel processing unit 84.
In S102, the tunnel processing unit 84 refers to the DA correspondence table 83 and performs path resolution processing on the data frame in S101. Specifically, the tunnel processing unit 84 acquires “VSDA = VSW8d” corresponding to “VMDA = VM941” from the DA correspondence table 83, and information on correspondence between VMSA and VSSA (for example, the VM accommodation management table 64 and “VSSA = VSW8a1” corresponding to “VMSA = VM911” is acquired with reference to the information that is the generation source of the SA correspondence table 65).

In S103, the tunnel processing unit 84 encapsulates (adds a header) the path specifying information solved in S102 to the data frame of S101.
In S104, the tunnel processing unit 84 passes the data frame of S103 to the VSW control unit 85.
In S <b> 105, the VSW control unit 85 passes the data frame of S <b> 104 to the transfer unit 72.

  Then, the transfer unit 72 refers to the transfer table 73, uses the path specifying information encapsulated in the data frame of S104 as a search key, and next hops of the path route indicated by the path specifying information from the transfer table 73 (here, The TSW 3a) connected by the link L91 is specified. The transfer unit 72 transmits the data frame of S104 to the identified next hop.

  FIG. 10 is a flowchart showing route change processing of the network system. The traffic estimation table 56 describes the flow traffic volume for each link, and performs processing to distribute the route through which the data frame passes so that traffic is not biased to the link where the flow traffic volume is large and congestion may occur. This will be described below.

  In S301, the route change determination unit 57 monitors the traffic estimation table 56, and detects a link in which the total amount of flow traffic using the link exceeds a predetermined threshold (see FIG. 11 for details). Instead of the link detection processing exceeding the predetermined threshold based on the traffic estimation table 56, the predetermined threshold is set by the notification processing to the management server 1 before transmission of a flow requiring a wide band from another device (such as VM9). You may detect links that exceed.

  In S302, the flow specifying information of the flow group passing through the link detected in S301 is associated with the link exceeding the predetermined threshold value and notified to the path route management unit 62 as a target flow for route change. It should be noted that notification may be made after narrowing down to a part of a flow group passing through the link (a flow having the highest flow communication rate increase rate, a flow having the latest update time, etc.).

In S303, the path route management unit 62 obtains path specifying information through which the flow passes from the flow specifying information in S302 (path solving process). For this purpose, for example, the path route management unit 62 extracts the VSID (virtual switch ID) of the VM accommodation management table 64 from the VMSA.
In S304, the path route management unit 62 refers to the path route table 14 and the route map 66.
In S305, the path route management unit 62 calculates the address of a path that does not pass through a link (congestion link) exceeding a predetermined threshold, thereby selecting the path as a change destination path. Specifically, the path route management unit 62 executes the VMDA of the path group (which can be specified from the SA correspondence table 65) having the source of the VSW 8 accommodating the VM 9 of the VMSA. A path that does not pass through a link exceeding a predetermined threshold is extracted from a path group destined for the VSW 8 that accommodates the VM 9. The link route information can be acquired from the path route sequence in the path route table 14 referred to in S304.
In S306, the path route management unit 62 updates and writes the information in the DA correspondence table 63 based on the address of the VSW 8 calculated in S305.

In S307, the physical machine communication unit 61 detects that the address information in the DA correspondence table 63 has been updated.
In S <b> 308, the physical machine communication unit 61 transmits the address information of the DA correspondence table 63 detected in S <b> 307 to the management server communication unit 81.
In S309, the management server communication unit 81 passes the address information received in S308 to the route control unit 82.
In S310, the path control unit 82 updates the DA correspondence table 83 based on the address information received in S309.
As a result, the occurrence of congestion on the link exceeding the predetermined threshold can be prevented by reducing the number of flows passing through the link exceeding the predetermined threshold (the link where the occurrence of congestion is expected).

  FIG. 11 is a graph showing the flow traffic volume of the link L41. The vertical axis of the graph is the bandwidth, and the horizontal axis is the time. The “upper limit value” on the vertical axis is the maximum bandwidth with which the link L41 can communicate, and the “threshold value” on the vertical axis is a threshold used for determination by the route change determination unit 57 in S301. The threshold value may be changed so that the value becomes an optimum value during operation. The method of changing the value is not particularly limited. For example, a method of changing by a command line may be used, or a GUI for changing interactively may be provided.

In FIG. 11A, there are two flows using the link L41 (flow f1 and flow f2), and there is a margin in the bandwidth of the link L41. Therefore, in S301, it is not determined that the link exceeds the predetermined threshold.
In FIG. 11B, as a result of the addition of the third flow (flow f3) using the link L41, the sum of the three flow traffic volumes exceeds the threshold at the time of the path change trigger. Thereby, the route change determination unit 57 detects the link L41 as a link exceeding the predetermined threshold in S301. That is, three flows (flows f1 to f3) are detected as the route change target flows in the processing of FIG.

FIG. 12 is an explanatory diagram showing a route for each flow.
In FIG. 12A, as described above with reference to FIG. 2, the flow f1 is a flow that sequentially passes from the transmission source in the order of VM911 → VSW8a → TSW3a → ASW2a → TSW3d → VSW8d → VM941. In FIG. 12, illustration of VM9 (VM911, VM941) is omitted.
The flow f2 goes through VM921 → VSW8b → TSW3b → ASW2a → TSW3d → VSW8d → VM941.
The flow f3 goes through VM932 → VSW8c → TSW3c → ASW2a → TSW3d → VSW8d → VM941.

Since the three flows (flows f1 to f3) shown in FIG. 12A share the link L41 (ASW2a → TSW3d), as shown in FIG. 11B, the links exceed the predetermined threshold. Will be detected.
Therefore, as shown in FIG. 12B, as a result of executing the flowchart of FIG. 10, the route of the flow f3 is detoured so as not to pass through the link L41 (change to ASW2c instead of ASW2a). Congestion to the link L41 can be avoided.

  On the other hand, when there is a surplus in the use bandwidth of the link L41 from the state of FIG. 12B (for example, the total amount of flow traffic is significantly below the threshold), the route of the flow f3 is returned to FIG. The number of devices used for flow transfer may be reduced. Thereby, it is possible to suppress the consumption of extra power by consolidating the routes through which the data frames flow into a part of the routes and stopping the network devices configuring the unused routes.

In the present embodiment described above, the traffic estimation unit 54 assigns the flow traffic amount described in the flow information aggregation table 53 to the passing link for each flow described in the path route table 14, A traffic estimation table 56 is created.
Therefore, in order to create the traffic estimation table 56, a means for measuring the flow traffic volume to be transferred by the transfer responsible part of the network system such as ASW2 or TSW3 is not necessary, and the network apparatus responsible for the flow transfer is not required. No load is required. Thereby, data indicating the communication status of the network system can be acquired at low cost.
Furthermore, since the data in the traffic estimation table 56 reflects the amount of flow communication for each flow that the VM 9 actually transfers, data that indicates a communication state with higher accuracy than the prediction data for each device such as ASW2 and TSW3. It is.
The acquired data in the traffic estimation table 56 can be used for network monitoring processing, automatic failure detection processing, and flow path change processing for avoiding a congestion link.

Note that the network system to which the management server 1 performs flow processing (traffic estimation processing, etc.) is not limited to a tunneling environment such as VXLAN operating on the virtual computers (VSW8, VM9) shown in FIG. A normal LAN environment that does not use tunneling that operates on a physical switch having a function of VSW8 and a user terminal having a function of VM9 may be used.
First, in the VXLAN tunneling environment, the traffic estimation unit 54 (estimation processing unit) uses the flow identification information collected by the flow information recording unit 52 (flow collection processing unit) as a key to create the traffic estimation table 56. The DA correspondence table 63, the VM accommodation management table 64, and the SA correspondence table 65 (the DA correspondence table 63, the VM accommodation management table 64, and the SA correspondence table 65 collected by the management unit 16 (path collection processing unit) are combined. And the path specifying information corresponding to the flow specifying information is derived. The speculation processing unit searches the path route table 14 and the route map 66 (the flow route information is combined with the path route table 14 and the route map 66) using the derived path specifying information as a key, thereby specifying the flow. The flow path specified by the information was specified.
On the other hand, in a normal LAN environment, in order for the estimation processing unit to create the traffic estimation table 56, a table corresponding to the path route table 14 using the flow identification information collected by the flow collection processing unit as a key, that is, the above example However, in the normal LAN environment, a table corresponding to the path route table 14 in which the correspondence status between the flow specification information and the route is recorded is prepared. By using the flow identification information as a key, the flow identification information is identified by searching the table and the route map 66 (the table corresponding to the path route table 14 and the route map 66 are collectively referred to as flow route information). Specify the flow path to be performed.

1 Management server 2 ASW
3 TSW
7 Physical machine 8 VSW
9 VM
11 OS
DESCRIPTION OF SYMBOLS 12 Transfer part 13 Transfer table 14 Path route table 15 Traffic management part 16 Path management part 41 Flow information measurement part 42 Flow information individual table 43 Management server communication part 51 Physical machine communication part 52 Flow information recording part 53 Flow information aggregation table 54 Traffic Estimating unit 55 Traffic recording unit 56 Traffic estimation table 57 Route change determining unit 61 Physical machine communication unit 62 Path route management unit 63 DA correspondence table 64 VM accommodation management table 65 SA correspondence table 66 Route map 71 OS
72 Transfer unit 73 Transfer table 74 Traffic measurement unit 81 Management server communication unit 82 Path control unit 83 DA correspondence table 84 Tunnel processing unit 85 VSW control unit 91 VM control unit 92 VM disk image

Claims (7)

For each flow that defines data frame communication in a tunneling environment from the transmission source device to the destination device, flow identification information for identifying the flow and the identified flow communication amount are collected from the transmission source device. A flow collection processing unit;
From the switch located on the path of the flow from the transmission source device to the destination device, the path specification information about the path through which the flow configured between the switches passes, and the flow specification information of the flow passing through the path A path collection processing unit that collects flow / path correspondence information capable of deriving a correspondence relationship with
Using the flow specification information collected from the transmission source device as a key, search for flow route information including a route and a route map through which a path specified by the path specification information derived by searching the flow / path correspondence information is derived . And at least a flow communication amount that flows in each link of the route map is generated as traffic estimation data by performing a process of obtaining a communication amount of a group grouped according to a predetermined standard corresponding to the flow specifying information. And a management server. A flow processing method by a management server that processes a traffic amount of a flow that defines communication of a data frame in a tunneling environment from a transmission source device to a destination device,
The management server
For each flow, collect flow identification information for identifying the flow and the traffic volume of the identified flow from the transmission source device,
From the switch located on the path of the flow from the transmission source device to the destination device, the path specification information about the path through which the flow configured between the switches passes, and the flow specification information of the flow passing through the path Collect flow / path correspondence information that can be used to derive correspondence relationships with
Using the flow identification information collected from the transmission source device as a key, search from the flow route information including the route through which the path specified by the path identification information derived by searching the flow / path correspondence information is derived and the route map By performing a process for obtaining the traffic volume of the group grouped according to a predetermined standard corresponding to the flow specifying information , at least creating the traffic volume flowing through each link of the route map as traffic estimation data Characteristic flow processing method. The management server reads, from the traffic estimation data, the amount of communication flowing through at least each link of the route map in the network topology diagram including the route of the flow from the transmission source device to the destination device. The flow processing method according to claim 2 , wherein a GUI (Graphical User Interface) to be displayed is output to a display device. The management server, for each link of at least the path map of the traffic guessed data to get the implementation measurement data of traffic flow, traffic flowing to each link of at least the route map in the traffic inferred data And at least the acquired implementation data of the traffic volume flowing in each link of the route map, and if the comparison result is inconsistent, a failure occurs in at least each link of the route map corresponding to the traffic volume The flow processing method according to claim 2 , wherein the flow processing method is determined. The management server, when the traffic flowing in at least each link of the route map of the traffic estimation data exceeds a predetermined traffic threshold, at least each link of the route map corresponding to the excess traffic And at least identify flows that pass through each link of the route map ;
For the identified flow, recalculate another route that does not pass through each link of the specified route map, and re-calculate from the route of the current flow that passes through each link of the specified route map to the route of the recalculated flow. The flow processing method according to claim 2 , wherein a path change process is performed. After the route change process, the management server changes from the route after the change of the route change processing when the amount of communication flowing through each link of the specified route map falls below a predetermined traffic amount threshold. The flow processing method according to claim 5 , wherein the flow is returned to the previous route. The management server refers to a correspondence table in which device addresses and device IDs have a 1: 1 correspondence with respect to at least one of the flow specifying information and the path specifying information, and the devices in the collected specific information The flow processing method according to claim 2 , wherein a corresponding device address is specified from the ID.

Images