Patent Grant
12041027
This application is a National Stage application under 35 U.S.C. § 371 of International Application No. PCT/JP2020/004418, having an International Filing Date of Feb. 5, 2020. The disclosure of the prior application is considered part of the disclosure of this application, and is incorporated by reference in its entirety into this application.
The present invention relates to a technique for connecting an L3 tunnel and an L2 tunnel in a communication system.
In a VPN (Virtual Private Network) service or the like in a network, connection of an L3 (Layer 3) tunnel and an L2 (Layer 2) tunnel (e.g., a VXLAN: Non-Patent Literature 1) may be needed.
For connection of an L3 tunnel and an L2 tunnel, a router (hereinafter referred to as an intermediate router) which is capable of terminating both an L3 tunnel and an L2 tunnel is generally used, and the L3 tunnel and the L2 tunnel are connected via the intermediate router.
An IP packet which is transmitted from an opposite router connected to the intermediate router by the L3 tunnel arrives at the intermediate router via the L3 tunnel and is transmitted to an L2 apparatus (a switch, a server, or the like called here an L2 apparatus for convenience) which is connected to the intermediate router by the L2 tunnel.
To perform transmission from the intermediate router to the L2 apparatus, the intermediate router needs to know a MAC address (destination MAC address) of an interface for the L2 tunnel in the L2 apparatus.
If IP addresses are set for an interface for the L2 tunnel in the intermediate router and the interface for the L2 tunnel in the L2 apparatus, the intermediate router can acquire the destination MAC address by ARP (Address Resolution Protocol).
To set an IP address for the interface for the L2 tunnel in the intermediate router, an IP address of a VPN service user needs to be provided from a service provider which provides a VPN service by an L2 tunnel, for example. However, in some cases, provision of an IP address may be impossible.
In such a case, the intermediate router is unable to resolve the destination MAC address by ARP and cannot transfer the IP packet received via the L3 tunnel to the L2 apparatus via the L2 tunnel. That is, the IP packet cannot be communicated.
The present invention has been made in view of the above-described point, and has as its object to provide a technique for allowing communication of an IP packet via an L2 tunnel without setting an IP address for an interface for the L2 tunnel in a communication apparatus which terminates an L3 tunnel and the L2 tunnel.
According to the disclosed technique, there is provided a communication apparatus which terminates an L2 tunnel and an L3 tunnel, including
According to the disclosed technique, it is possible to communicate an IP packet via an L2 tunnel without setting an IP address for an interface for the L2 tunnel in a communication apparatus which terminates an L3 tunnel and the L2 tunnel.
An embodiment of the present invention (the present embodiment) will be described below with reference to the drawings. The embodiment to be described below are merely illustrative, and embodiments to which the present invention is applied are not limited to the embodiment below.
A technique for communicating an IP packet via the L2 tunnel without setting an IP address for an interface for the L2 tunnel in a communication apparatus which terminates both an L3 tunnel and an L2 tunnel will be described below in detail. Note that although an example which uses a router as a communication apparatus in question is illustrated below, the technique according to the present invention can also be applied to a communication apparatus other than a router.
(System Configuration)
The router 10, the L2 apparatus 20, the router 30, the host 40, and the controller 50 are all connected to a communication network. As shown in
As an interface which terminates the L3 tunnel in the router 30, L3-1 is shown. As an interface which terminates the L3 tunnel in the router 10, L3-2 is shown. As an interface which terminates the L2 tunnel in the router 10, L2-2 is shown. As an interface which terminates the L3 tunnel in the L2 apparatus 20, L2-1 is shown.
Note that, for example, the fact that an interface terminating the L2 tunnel in the router 10 is denoted as “eth4” and “L2-2” means that the logical interface L2-2 is set on a physical interface eth4. Note that the term “logical” may be interchanged with the term “software-based.” The same applies to other interfaces shown in
The controller 50 is an apparatus which is capable of making settings on the router 10 and settings on the L2 apparatus 20. The host 40 is an apparatus which communicates with the L2 apparatus 20.
In the example shown in
Assume here that the host 40 transmits an IP packet to the L2 apparatus 20 (i.e., to 10.10.1.2).
The IP packet transmitted from the host 40 first arrives at the router 30 and is transmitted from the router 30 to the router 10 by the L3 tunnel.
The router 10 that has received the IP packet via the L3 tunnel does not have a destination MAC address required to deliver the IP packet to the L2 apparatus 20 through the L2 tunnel. For this reason, the idea of resolving the destination MAC address using ARP which is generally used to resolve a destination MAC address of an IP packet is conceivable. If ARP resolution is successful, a destination IP address and the destination MAC address are linked and recorded in an ARP table 11 of the router 10, and the router 10 can acquire the destination MAC address corresponding to the destination IP address by referring to the ARP table 11.
However, since no IP address is set for the interface L2-2 of the router 10 in the present embodiment, it is impossible to resolve the destination MAC address using ARP. In this state, the IP packet cannot be transmitted to the L2 apparatus 20 via the L2 tunnel. A configuration and operation for solving the problem will be described below in detail.
(Configuration and Setup of ARP Table)
In order to implement L2-based communication even in a state as described above where ARP resolution is impossible and a destination MAC address is not acquirable, a broadcast MAC address (ff-ff-ff-ff-ff-ff) is set as a MAC address which is linked to a destination IP address in the ARP table 11 of the router 10 in the present embodiment.
A frame (or more specifically, an Ethernet® frame) in which the broadcast MAC address is set as a destination MAC address is received by all Ethernet® interfaces on the same network. However, since an Ethernet® frame (having an IP packet in a payload) is transmitted through an L2 tunnel in the present embodiment, only an interface terminating an L2 tunnel receives an Ethernet® frame. That is, since a frame given the broadcast MAC address passes only through an L2 tunnel, communication is possible without affecting an interface other than an interface for an L2 tunnel.
Note that use of the broadcast MAC address as a MAC address linked to a destination IP address is an example.
The controller 50 shown in
(Example of Operation of Communication System)
An example of operation of the communication system according to the present embodiment will be described with reference to a sequence chart shown in
First, in S101 and S102, L3 tunnel setup in the router 30 and L3 tunnel setup in the router 10 are executed.
In S103, the controller 50 provides L2 tunnel information to the L2 apparatus 20, and the L2 apparatus 20 executes L2 tunnel setup. The L2 tunnel information that the controller 50 provides to the L2 apparatus 20 includes the IP address (10.10.1.2) of L2-1 in addition to information of an L2 tunnel header and the like.
The controller 50 executes L2 tunnel setup for the router 10 in S105 and executes ARP table setup in S106.
The L2 tunnel setup in S105 refers to setting an interface (e.g., L2-2) for the L2 tunnel on an Ethernet® interface (e.g., eth4).
In the ARP table setup in S106, the broadcast MAC address is set as a MAC address corresponding to the IP address (10.10.1.2) of L2-1 provided to the L2 apparatus 20. With this setup, the ARP table 11 is set as shown in
In S107, an IP packet is transmitted from the host 40. The router 30 receives the IP packet. In S108, the router 30 transmits the IP packet to the router 10 via the L3 interfaces.
The router 10 acquires the broadcast MAC address as the MAC address corresponding to the destination IP address (10.10.1.2) by searching the ARP table 11 by the destination IP address (10.10.1.2) of the IP packet received from the L3 tunnel. The router 10 then generates an Ethernet® frame which has the IP packet in a payload and has the broadcast MAC address as a destination MAC address.
The router 10 generates a frame for the L2 tunnel to be transmitted by adding an L2 tunnel header to the Ethernet® frame and transmits the frame from the interface L2-2 (S109).
The L2 apparatus 20 receives the frame, removes the L2 tunnel header, and extracts the Ethernet® frame. Since the destination MAC address of the Ethernet® frame is the broadcast MAC address, the L2 apparatus 20 receives the Ethernet® frame. The L2 apparatus 20 extracts data in the IP packet in the Ethernet® frame and performs processing.
Setting the broadcast MAC address as a MAC address corresponding to a destination IP address in the ARP table 11 as described above allows transfer of data without setting an IP address for the L2 tunnel interface of the router 10. That is, protocol conversion from the L3 tunnel to the L2 tunnel is possible without assigning an IP address to the L2 tunnel interface of the router 10.
For the above-described reason, for example, a service provider which provides a VPN service using the router 10 as a relay router is allowed not to use an IP address of a VPN service user.
(Protocol Conversion from L2 Tunnel to L3 Tunnel)
Communication from the L2 apparatus 20 to the host 40 as shown in
An example of operation in a case where data is transmitted from the L2 apparatus 20 toward the host 40 will be described with reference to
In S203, S202, and S203, setup of the L2 tunnel and the L3 tunnel is performed. In the router 10, setup of proxy ARP is performed. In S205, the L2 apparatus 20 transmits an ARP request for checking a MAC address corresponding to an IP address (10.10.1.1) of the host 40.
The router 10 can make IP communication with the host 40. The router 10 uses proxy ARP to return an ARP response to the L2 apparatus 20 as proxy for the host 40 in S206.
The L2 apparatus 20 transmits an IP packet via a tunnel, and the IP packet arrives at the router 30 and is transferred from the router 30 to the host 40 (S207 to S209).
(Case where there are Plurality of Tunnels)
The technique described with reference to
Association between an L3 tunnel and an L2 tunnel is made possible by setting a routing table 12 in the router 10. Even in a case where no IP address is assigned to an L2 tunnel interface, the L2 tunnel interface can be designated by an interface name.
Settings on the ARP table 11 and settings on the routing table 12 can be made from the controller 50.
In the example in
As shown in
As shown in
For example, assume that an IP packet is transmitted from the host 40A to the L2 apparatus 20B (with a destination IP address of 10.10.1.2). In this case, the router 10 that has received the IP packet forwards the IP packet from an interface L3-4 to an interface L2-2 by referring to the routing table 12 (
(Apparatus Configuration)
The communication apparatus 100 has a reception unit 110, a control unit 120, a transmission unit 130, a setup unit 140, and a table storage unit 150. Note that the example shown in
An ARP table corresponding to the ARP table 11 described earlier and a routing table corresponding to the routing table 12 are stored in the table storage unit 150.
The reception unit 110 has one or more interfaces and receives a packet (which may be called data). The control unit 120 generates a frame which has the broadcast MAC address as a destination MAC address by referring to the ARP table and forwards the frame to an interface in the transmission unit 130 which corresponds to a destination of the packet by referring to the routing table. The transmission unit 130 transmits the frame from the interface.
Note that the transmission unit 130 may include a function of the control unit 120. That is, the transmission unit 130 may generate a frame having the broadcast MAC address as a destination MAC address by referring to the ARP table and transmit the frame from an interface in the transmission unit 130 which corresponds to a destination of a packet by referring to the routing table.
The setup unit 140 receives setup information (e.g., header information and a parameter) for the L2 tunnel from the controller 50 and sets an interface for the L2 tunnel in the transmission unit 130 on the basis of the setup information. The setup unit 140 also receives setup information for the ARP table and setup information for the routing table from the controller 50 and stores the pieces of information in the table storage unit 150.
The user IF unit 210 displays a setup screen on a terminal of a user and stores setup information input from the setup screen in the setup information storage unit 240.
The tunnel setup unit 220 reads out setup information for an L2 tunnel from the setup information storage unit 240 and transmits the setup information for an L2 tunnel to the communication apparatus 100, thereby setting an L2 tunnel. The table setup unit 230 reads out pieces of setup information for an ARP table and a routing table from the setup information storage unit 240 and transmits the pieces of setup information for an ARP table and a routing table to the communication apparatus 100, thereby setting an ARP table and a routing table.
The communication apparatus 100 and the control apparatus 200 can be both implemented by, for example, causing a computer to execute a program. The computer may be a physical computer or a virtual machine. The “computer” may be composed of a CPU, a memory, and the like which are included in a router, a switch, or the like.
That is, an apparatus in question (the communication apparatus 100 or the control apparatus 200) can be implemented by executing a program corresponding to processing to be performed by the apparatus using hardware resources, such as the CPU and the memory, built into the computer. The program can be recorded on a computer-readable recording medium (e.g., a portable memory), saved, and distributed. The program can also be provided through a network, such as the Internet or e-mail.
The program that implements processing in the computer is provided by a recording medium 1001, such as a CD-ROM or a memory card. When the recording medium 1001 storing the program is set in the drive device 1000, the program is installed from the recording medium 1001 into the auxiliary storage device 1002 via the drive device 1000. Note that the installment of the program need not be performed from the recording medium 1001 and that the program may be downloaded from another computer via a network. The auxiliary storage device 1002 stores the installed program and also stores files, data, and the like which are necessary.
The memory device 1003 reads out the program from the auxiliary storage device 1002 and stores the program if there is an instruction to run the program. The CPU 1004 implements functions of the apparatus in accordance with the program stored in the memory device 1003. The interface device 1005 is used as an interface for connection to a network and functions as input means and output means via the network. The display device 1006 displays a GUI (Graphical User Interface) or the like based on the program. An input device 157 is composed of a keyboard, a mouse, a button, a touch panel, or the like and is used to enter various operation instructions.
The present specification discloses at least communication apparatuses, a communication system, a communication method, and a program in the following items.
(First Item)
A communication apparatus which terminates an L2 tunnel and an L3 tunnel, including
The communication apparatus according to the first item, in which
A control apparatus which executes setup of the L2 tunnel and setup of the ARP table for a communication apparatus according to the first item or the second item.
(Fourth Item)
The control apparatus according to the third item, in which the control apparatus sets, in the ARP table, a broadcast MAC address as a MAC address corresponding to an IP address set for an interface of an opposite apparatus which is connected to the communication apparatus by the L2 tunnel.
(Fifth Item)
A communication system including the communication apparatus according to the first item or the second item and the control apparatus according to the third item or the fourth item.
(Sixth Item)
A communication method to be executed by a communication apparatus which terminates an L2 tunnel and an L3 tunnel, in which the communication apparatus
A program for causing a computer to function as the units in a communication apparatus according to the first item or the second item.
The present embodiment has been described above. The present invention is not limited to such a particular embodiment, and various modifications and changes can be made within the scope of the gist of the present invention described in the claims.
| Filing Document | Filing Date | Country | Kind |
|---|---|---|---|
| PCT/JP2020/004418 | 2/5/2020 | WO |
| Publishing Document | Publishing Date | Country | Kind |
|---|---|---|---|
| WO2021/156983 | 8/12/2021 | WO | A |
| Number | Name | Date | Kind |
|---|---|---|---|
| 8284782 | Maufer | Oct 2012 | B1 |
| 10057162 | Singh | Aug 2018 | B1 |
| 10257152 | Wang | Apr 2019 | B2 |
| 10326830 | Singh | Jun 2019 | B1 |
| 11070471 | Chang | Jul 2021 | B1 |
| 20080080512 | Gofman | Apr 2008 | A1 |
| 20090106213 | Danforth | Apr 2009 | A1 |
| 20170104851 | Arangasamy | Apr 2017 | A1 |
| 20200036717 | Akella | Jan 2020 | A1 |
| 20200220838 | Ogawa | Jul 2020 | A1 |
| 20210029087 | Uy | Jan 2021 | A1 |
| Number | Date | Country |
|---|---|---|
| 2010141919 | Jun 2010 | JP |
| Entry |
|---|
| Mahalingam et al., “Virtual extensible Local Area Network (VXLAN): A Framework for Overlaying Virtualized Layer 2 Networks over Layer 3 Networks,” Independent Submission Request for Comments: 7348, Aug. 2014, retrieved from URL <https://tools.ietf.org/html/rfc7348>, 22 pages. |
| Number | Date | Country | |
|---|---|---|---|
| 20230087723 A1 | Mar 2023 | US |
