Patent Application
20160277251
This application is based upon and claims the benefit of the priority of Japanese Patent Application No. 2012-255886 filed on Nov. 22, 2012, the disclosure of which is incorporated herein in its entirety by reference thereto.
The present invention relates to a communication system, a virtual network management apparatus, a communication node, a communication method, and a program. In particular, it relates to: a communication system including a control apparatus controlling communication nodes; a virtual network management apparatus; a communication node; a communication method; and a program.
PTL 1 discloses a single physical server apparatus that is arranged in a server-side closed network. According to PTL 1, a plurality of user-side closed networks do not share this server apparatus. Instead, each of the user-side closed networks independently uses the server apparatus as a dedicated server for each of the user-side closed networks. In addition, according to PTL 1, when an access server connected to the user-side closed networks via respective IP tunnels receives a connection request packet from a host, the access server identifies from which closed network the request packet has been transmitted, assigns a unique identification code to the identified user-side closed network in the form of a packet tag, and forwards the request packet to the server apparatus. Next, from the identification tag in the received packet, the server apparatus determines the closed network to which the source host belongs.
PTL 2 discloses a technique for associating physical identification information of a physical server with virtual identification information of a virtual server. According to PTL 2, a server apparatus connected to a layer 2 network includes a server virtualization means, a physical identification information storage means for storing physical identification information of the server apparatus, and an OAM (Operation Administration and Maintenance) function means for causing a virtual interface, a virtual switch, or a physical interface to transmit/receive an OAM frame that includes virtual identification information of the virtual server on the basis of an Ethernet OAM protocol. In addition, the OAM function means reads the physical identification information from the physical identification information storage means and stores the read information in the OAM frame that is transmitted to the layer 2 network from the virtual interface.
NPLs 1 and 2 disclose a network architecture called OpenFlow in which physical switches are controlled in a centralized manner. Since OpenFlow enables fine-grained control on a per-flow basis, a physical network configured with OpenFlow switches can be sliced by using VLAN IDs, for example. Namely, a plurality of virtual networks can be provided. In addition, OpenFlow allows a user to use a physical switch as a virtual node on such a virtual network.
Recent years have seen development of various services using cloud computing (hereinafter, referred to as “cloud services”) by applying at least one of the techniques disclosed in the above PTLs 1 and 2 and NPLs 1 and 2. Companies and data center operators have responded to the increased use of these cloud services by enhancing server resources.
Japanese Patent Kokai Publication No. JP2003-167805A
Japanese Patent Kokai Publication No. JP2012-80263A
Nick McKeown, and seven others, “OpenFlow: Enabling Innovation in Campus Networks,” [online], [searched Nov. 8, 2012], Internet <URL:http://www.openflow.org/documents/openflow-wp-latest.pdf>
“OpenFlow Switch Specification” Version 1.1.0 Implemented (Wire Protocol 0x02), [online], [searched on Nov. 8, 2012], Internet <URL:http://www.openflow.org/documents/openflow-spec-v1.1.0.pdf>
The following analysis has been made by the present inventor. However, for example, if a natural disaster occurs and an unpredictable increase of load is caused, the above countermeasures are not sufficient. For example, if a natural disaster occurs and facilities in the disaster area malfunction, available server resources are reduced. In contrast, since emergency communications and simultaneous accesses to the servers in such area are performed, demands for services rapidly increase. As a result, network congestions can easily occur.
To respond to such sudden change of supply-demand balance, a technique of connecting a plurality of sites and sharing a server resource among the connected sites has been considered. In addition, to enable flexible management of a server resource among a plurality of sites, the plurality of sites need to be connected to each other dynamically. In particular, in a cloud service, a dedicated environment called a tenant is established per use mode. Thus, when a plurality of sites are connected to each other, network connectivity per tenant needs to be improved.
An object of the present invention is to provide a communication system, a virtual network management apparatus, a communication node, a communication method, and a program that can contribute to improvement of connectivity of a virtual network established in each of a plurality of sites.
According to a first aspect, there is provided a communication system, comprising: a virtual network management apparatus comprising: an endpoint management unit configured to manage virtual network endpoints of control target communication nodes; a policy control unit configured to select, when a communication occurs between two sites in each of which a virtual network is configured, virtual network endpoints for realizing the communication from among the virtual network endpoints managed by the endpoint management unit; and a network configuration unit configured to generate and manage a third virtual network that connects the selected endpoints to each other; a control apparatus configured to notify the virtual network management apparatus of occurrence of a communication between the two sites and control a communication node group including the communication nodes having the virtual network endpoints so as to configure the third virtual network on the basis of an instruction from the virtual network management apparatus; and communication nodes configured to be controlled by the control apparatus in a centralized manner.
According to a second aspect, there are provided the virtual network management apparatus and the communication nodes used in the above communication system.
According to a third aspect, there is provided a communication method, causing a virtual network management apparatus comprising an endpoint management unit managing virtual network endpoints of control target communication nodes to perform steps of: selecting, when a communication occurs between two sites in each of which a virtual network is configured, virtual network endpoints for realizing the communication from among the virtual network endpoints managed by the endpoint management unit; generating a third virtual network that connects the selected endpoints to each other; and controlling a communication node group including the communication nodes having the virtual network endpoints so as to configure the third virtual network. This method is associated with a certain machine, namely, with the virtual network management apparatus including the above endpoint management unit.
According to a fourth aspect, there is provided a program, causing a computer constituting a virtual network management apparatus connected to a control apparatus controlling a communication node group including communication nodes having virtual network endpoints to perform processing for: selecting, when a communication occurs between two sites in each of which a virtual network is configured, virtual network endpoints for realizing the communication from among the virtual network endpoints managed by the endpoint management unit; generating a third virtual network that connects the selected endpoints to each other; and instructing the control apparatus to control the communication node group so as to configure the third virtual network. This program can be recorded in a computer-readable (non-transient) storage medium. Namely, the present invention can be embodied as a computer program product.
The present invention can contribute to improvement of connectivity of a virtual network established in each of a plurality of sites.
First, an outline of an exemplary embodiment according to the present invention will be described with reference to drawings. In the following outline, various components are denoted by reference characters for the sake of convenience. Namely, the following reference characters are merely used as examples to facilitate understanding of the present invention, not to limit the present invention to the illustrated modes.
As illustrated in
The virtual network management apparatus 10A includes an endpoint management unit 11 that manages virtual network endpoints TAP1 and TAP2 of control target communication nodes 30A, a policy control unit 12 that selects, when a communication occurs between the sites 51 and 52, virtual network endpoints for realizing the communication from among the virtual network endpoints managed by the endpoint management unit 11, and a network configuration unit 13 that generates and manages a third virtual network that connects the selected endpoints to each other. Next, the following description will be made assuming that a new virtual machine (VM2) has been established in the site 52 to respond to a rapid increase in service demand in the site 51, as illustrated in
For example, if the control apparatus 20A detects that occurrence of a communication between the sites 51 and 52 by receiving a service start notification from the VM2, the control apparatus 20A notifies the virtual network management apparatus 10A of the occurrence of the communication between the sites 51 and 52. In addition, the control apparatus 20A controls a communication node group that includes communication nodes having the virtual network endpoints so as to configure a third virtual network 43 on the basis of an instruction from the virtual network management apparatus 10A, as illustrated in
Next, a first exemplary embodiment of the present invention will be described in detail with reference to the drawings.
In addition, in the sites A and B, a tenant environment that can exclusively be used by certain users can be established. For example, such a user can establish a virtual network by using virtual machines, virtual switches, etc. in the site B, in the same way as in the site A.
The switch function unit 31 performs packet processing equivalent to that performed by an OpenFlow switch in NPLs 1 and 2. More specifically, the switch function unit 31 stores control information (flow entries) set by the control apparatus 20. When receiving a packet, the switch function unit 31 performs a processing content(s) defined in control information (a flow entry) having a matching condition(s) that matches the received packet.
The endpoint information transmission unit 32 transmits information (hereinafter, referred to as “endpoint information”) about a virtual network endpoint of the switch 30 to the control apparatus 20 via the switch function unit 31. For example, as an extension item of LLDP defined in IEEE 801AB, the endpoint information transmission unit 32 may transmit an LLDP (Link Layer Discovery Protocol) packet (an extended LLDP packet) when transmitting endpoint information illustrated in
The GRETAP (virtual network endpoint) 33 is an endpoint of a GRE tunnel established by the GRE protocol. While GRE is used in the present exemplary embodiment, the protocol is not limited to GRE. Namely, any other suitable tunnel protocol may be used.
When receiving the above LLDP packet from the switch 30 or a packet transmitted from a virtual machine (VM) in the site, the control apparatus 20 forwards the received packet to the virtual NW management apparatus 10. The control apparatus 20 sets control information (a flow entry) in the switch function unit 31 in the switch 30 on the basis of an instruction from the virtual NW management apparatus 10. As the control apparatus 20, the OpenFlow controller disclosed in NPLs 1 and 2 may be used.
The virtual NW management apparatus 10 includes an endpoint management unit 11, a policy control unit 12, and a network configuration unit 13.
The endpoint management unit 11 receives endpoint information from the switch 30 via the control apparatus 20 and manages the received endpoint information.
When notified of occurrence of a communication between sites by the control apparatus 20, the policy control unit 12 determines whether to configure a virtual network between the sites on the basis of a predetermined virtual network configuration policy. For example, whether the source and the destination belong to the same tenant may be determined, as one simple example of the virtual network configuration policy. In addition, for example, presence of an access right between the source and the destination may be added to the determination condition. If, as a result of the determination, the policy control unit 12 permits the communication, the policy control unit 12 selects virtual network endpoints for realizing the communication from among the virtual network endpoints managed by the endpoint management unit 11 and notifies the network configuration unit 13 of the selected endpoints. For example, if a communication occurs between the sites A and B in
When notified of the set of endpoints that configures a virtual network by the policy control unit 12, the network configuration unit 13 requests the control apparatus 20 to transmit control messages to be set in a switch group including the switches 30 so as to connect these endpoints to each other. The network configuration unit 13 may create the control messages or the network configuration unit 13 may instruct the control apparatus 20 to create the control messages on the basis of virtual network configuration information stored in the network configuration unit 13.
Each unit (processing means) in the virtual NW management apparatus 10 and the switches 30 illustrated in
Next, the present exemplary embodiment will be described in detail with reference to the drawings. First, an endpoint information acquisition operation of the virtual NW management apparatus 10 performed as a preparation for a dynamic network configuration described below will be described.
First, the endpoint information transmission unit 32 in the switch 30 transmits information about its own port to the switch function unit 31 by using LLDP (step S001 in
When receiving the extended LDP packet transmitted by using LLDP, the switch function unit 31 forwards the extended LLDP packet to the control apparatus 20 (step S002 in
The control apparatus 20 transmits the extended LLDP packet to the virtual NW management apparatus 10 to register the received extended LLDP packet in the endpoint management unit 11 (step S003 in
Next, a flow for configuring a dynamic network between the sites performed by the virtual NW management apparatus 10 will be described. The following description will be made assuming that congestion has occurred in server resources (VM1 and VM2) in a cloud system in the site A in
In
If a packet is transmitted from the server resource VM3 to the VM1 or the VM2 in this state (step S101 in
When notified of the reception of the new packet, the control apparatus 20 queries the virtual NW management apparatus 10 about whether the control apparatus 20 needs to forward the packet from the VM3 in the site B to the destination (the VM1, for example) in the site A (step S103; TRANSMIT QUERY ABOUT POLICY).
When receiving the query, the virtual NW management apparatus 10 causes the policy control unit 12 to determine whether a virtual network needs to be configured between the sites on the basis of a predetermined virtual network configuration policy. In this exemplary embodiment, since the VM1 and the VM2 belong to the same tenant environment as that of the VM3, the policy control unit 12 permits the communication. In addition, the network configuration unit 13 in the virtual NW management apparatus 10 instructs the control apparatus 20 to generate a communication path via GRETAP1 and GRETAP2 in the respective switches 30 in
When receiving the instruction, the control apparatus 20 connects GRETAP1 in the site A and GRETAP2 so that the virtual network 41 in the site A and the virtual network 42 in the site B are connected to each other via a virtual network 43. In
As a result, as illustrated in
While the exemplary embodiment of the present invention has thus been described, the present invention is not limited thereto. Further variations, substitutions, or adjustments can be made without departing from the basic technical concept of the present invention. For example, the configurations of the networks and the components illustrated in the drawings are merely used as examples to facilitate understanding of the present invention, not to limit the present invention to the configurations illustrated in these drawings.
In addition, for example, the above exemplary embodiment has been described on the basis of the example in which the VM3 is newly established in the site B. However, even in a case where a server resource (for example, the VM2) that has been operated in the site A is moved (migrated) to the site B, communication between the VM1 and the VM2 can be realized by an operation similar to the above operation.
In addition, for example, the above exemplary embodiment has been described on the basis of the example in which the site A includes the virtual NW management apparatus 10 and the control apparatus 20. However, the locations of the virtual NW management apparatus 10 and the control apparatus 20 are not limited to the above locations, as long as the virtual NW management apparatus 10 and the control apparatus 20 can communicate with the switches 30. In addition, for example, as illustrated in
In addition, for example, the above exemplary embodiment has been described on the basis of the example in which the policy control unit 12 determines whether to permit exchange of packets between the VM3 and the VM1. However, for example, if the VM3 and the VM1 belong to their respective tenant environments or if the VM1 (VM3) does not have a right to access the VM3 (VM1), the policy control unit 12 may transmit a negative acknowledgement to the control apparatus 20, instead of performing the selection of virtual network endpoints.
Finally, suitable modes of the present invention will be summarized.
(See the communication system according to the above first aspect)
The communication system according to mode 1;
wherein each of the communication nodes comprises an endpoint information transmission unit configured to generate information about a corresponding virtual network endpoint and transmit the generated information to the control apparatus; and
wherein the control apparatus transmits the endpoint information received from the communication nodes to the endpoint management unit.
The communication system according to mode 2;
wherein the endpoint information transmission unit transmits the endpoint information by using an extended item field of LLDP (Link Layer Discovery Protocol).
The communication system according to any one of modes 1 to 3;
wherein, if the communication between the two sites is a communication performed in the same tenant environment, the policy control unit performs the selection of virtual network endpoints.
The communication system according to any one of modes 1 to 4;
wherein, if the communication between the two sites does not satisfy a predetermined condition(s), the policy control unit does not perform the selection of virtual network endpoints.
(See the virtual network management apparatus and the communication node according to the above second aspect)
(See the communication method according to the above third aspect)
(See the program according to the above fourth aspect)
Modes 6 to 8 can be expanded in the same way as mode 1 is expanded to modes 2 to 5.
The disclosure of each of the above PTLs and NPLs is incorporated herein by reference thereto. Modifications and adjustments of the exemplary embodiments and the examples are possible within the scope of the overall disclosure (including the claims) of the present invention and based on the basic technical concept of the present invention. In addition, various combinations and selections of various disclosed elements (including the elements in each of the claims, exemplary embodiments, examples, drawings, etc.) are possible within the scope of the claims of the present invention. Namely, the present invention of course includes various variations and modifications that could be made by those skilled in the art according to the overall disclosure including the claims and the technical concept. In particular, the present description discloses numerical value ranges. However, even if the description does not particularly disclose arbitrary numerical values or small ranges included in the ranges, these values and ranges should be deemed to have been specifically disclosed.
| Number | Date | Country | Kind |
|---|---|---|---|
| 2012-255886 | Nov 2012 | JP | national |
| Filing Document | Filing Date | Country | Kind |
|---|---|---|---|
| PCT/JP2013/081432 | 11/21/2013 | WO | 00 |
