The present invention relates to network functions for performing communication services in a communication system.
In a communication system such as a mobile network, communication by users of the communication system passes through network functions (CPE (Customer Premises Equipment), BRAS (Broadband Remote Access Server), and the like) to obtain communication services performed by the network functions
PTL 1 (FIG. 1 and others) discloses a mobile network architecture. In PTL 1, a terminal such as a PC (Personal Computer) accesses the Internet via CPE and BRAS. A communication from the terminal obtains communication services for accessing the Internet through the CPE and BRAS.
Japanese Patent Application Unexamined Publication No. 2012-161089
Communication systems as disclosed in PTL 1 have the problem that communication services that can be provided by a communication system depend on the architecture of the communication system. For example, in a communication system as disclosed in PTL 1, it is conceivable that communication services a terminal accessing the Internet can obtain are limited to the services that are performed by the CPE and BRAS. That is, in a communication system as disclosed in PTL 1, it is difficult to change network functions which users' communication passes through, thereby causing difficulty in providing variable communication services to users.
An object of the present invention is to provide a technique that is capable of making a change to communication services that can be provided by a communication system.
A control apparatus having: first means that receives first information from a management apparatus, which is capable of creating a group of network functions for providing communication services, wherein the first information indicates a connection structure of the network functions in the group; and second means that generates second information based on the first information and sends the second information to the network function, wherein the second information is information for forwarding a packet to which second identification information corresponding to first identification information that is assigned to the group is added.
A management apparatus includes: first means that creates a group of network functions for providing communication services in accordance with an instruction from an operator; second means that generates first information, which indicates a connection structure of the network functions in the created group; and third means that instructs a control apparatus, which can send second information to the network functions, to generate the second information based on the first information, wherein the second information is information for forwarding a packet to which second identification information corresponding to first identification information that is assigned to the group is added.
A management apparatus includes: first means for displaying icons corresponding to network functions for providing communication services, and a window for creating a group of the network functions by connecting the icons; second means that generates first information, which indicates a connection structure of the group of the network functions created by connecting the icons; and third means that instructs a control apparatus, which can send second information to the network functions, to generate the second information based on the first information, wherein the second information is information for forwarding a packet to which second identification information corresponding to first identification information that is assigned to the group is added.
A control method includes: receiving first information from a management apparatus, which is capable of creating a group of network functions for providing communication services, wherein the first information indicates a connection structure of the network functions in the group; and generating second information based on the first information and sending the second information to the network function, wherein the second information is information for forwarding a packet to which second identification information corresponding to first identification information that is assigned to the group is added.
A management method includes: creating a group of network functions for providing communication services, in accordance with an instruction from an operator; generating first information, which indicates a connection structure of the network functions in the created group; and instructing a control apparatus, which can send second information to the network functions, to generate the second information based on the first information, wherein the second information is information for forwarding a packet to which second identification information corresponding to first identification information that is assigned to the group is added.
A management method includes: displaying icons corresponding to network functions for providing communication services, and a window for creating a group of the network functions by connecting the icons; generating first information, which indicates a connection structure of the group of the network functions created by connecting the icons; and instructing a control apparatus, which can send second information to the network functions, to generate the second information based on the first information, wherein the second information is information for forwarding a packet to which second identification information corresponding to first identification information that is assigned to the group is added.
A program causes a computer to execute: processing for receiving first information from a management apparatus, which is capable of creating a group of network functions for providing communication services, wherein the first information indicates a connection structure of the network functions in the group; and processing for generating second information based on the first information and sending the second information to the network functions, wherein the second information is information for forwarding a packet to which second identification information corresponding to first identification information that is assigned to the group is added.
A program causes a computer to execute: processing for creating a group of network functions for providing communication services, in accordance with an instruction from an operator; processing for generating first information, which indicates a connection structure of the network functions in the created group; and processing for instructing a control apparatus, which can send second information to the network functions, to generate the second information based on the first information, wherein the second information is information for forwarding a packet to which second identification information corresponding to first identification information that is assigned to the group is added.
According to the present invention, it is possible to provide a technique that enables communication services that can be provided by a communication system to be changed.
Hereinafter, exemplary embodiments of the present invention will be described. Each embodiment is shown for illustration, and the present invention is not limited to such exemplary embodiments.
A first exemplary embodiment of the present invention will be described.
The communication system of
The first exemplary embodiment provides a technique for interconnecting NFs 2 through which each communication passes (i.e., a network function group through which each communication passes) so as to make it possible to change communication services to be obtained by each communication, depending on a communication.
In the example of
Note that “A” in the Figure is, for example, an access network, which is a network that a user terminal connects to via a radio base station and equipment within the user's premises. Moreover, “B” in the Figure is, for example, a core network, which is a communication circuit that the communication system uses for a communication backbone. For example, the core network is EPC (Evolved Packet Core) of LTE (Long Term Evolution), or the like. In the present description, an example in which “A” is an access network and “B” is a core network will be used in description hereinafter. However, the present invention is not limited to this example.
Each NF 2 is capable of executing the functionality of BRAS, CPE, IPS (Intrusion Prevention System), Firewall, or the like. For example, in the example of
The communication apparatus 1 includes a packet processing section 10, a forwarding section 11, and a table storage section 12.
For example, the table storage section 12 stores information in formats as illustrated in
For example, the packet processing tables 111 are created by an operation manager of the communication system or the like, based on the group management table 110. For example, the operation manager determines a network function group corresponding to a user's communication, for each user of the communication system. In the examples of
For example, the operation manager sets an indication in the packet processing table 111 of the communication apparatus 1 on the access network (A) side to translate the destination address of a packet that is sent from the user of ID “100.64.1.1” to a predetermined address (“100.64.2.1” in the example of
For example, the operation manager sets an indication in the packet processing table 111 of the communication apparatus 1 on the core network (B) side to restore the destination address that has been translated at the communication apparatus 1 on the access network (A) side, to the original address, as illustrated in
The operation manager sets indications similar to the foregoing in the packet processing tables 111, with respect to packets from the user of ID “100.64.1.2”.
The operation manager sets an indication in the packet processing table 111 of the communication apparatus 1 on the access network (A) side to translate the destination address of a received packet that is a pseudo address (e.g., “10.1.0.1”) to the ID (“100.64.1.1”) of the user of the network function group (1) corresponding to the pseudo address (“10.1.0.1”), as illustrated in
The operation manager sets an indication in the packet processing table 111 of the communication apparatus 1 on the core network (B) side to translate the destination address of a received packet that is a user ID (e.g., “100.64.1.1”) to a pseudo address (“10.1.0.1”) corresponding to the network function group (1), as illustrated in
Note that the table storage section 12 of the communication apparatus 1 only needs to store the packet processing table 111 of
The packet processing section 10 adds identification information to a packet, based on the packet processing table 111 in the packet storage section 12. For example, the packet processing section 10, based on the original address of a received packet, retrieves a table entry corresponding to the original address from the packet processing table 111. The packet processing section 101 translates the destination address of the received packet to an address indicated by the retrieved entry.
The forwarding section 11 forwards a packet with identification information (e.g., a pseudo address) added thereto to a NF 2. For example, the forwarding section 11 forwards a packet to a NF 2 corresponding to identification information. In the example of
Each NF 2 executes network functionality it can provide. Each NF 2 may be implemented by using a dedicated apparatus, or may be implemented by using software operating on a virtual machine (VM). For example, if a NF 2 is a network function corresponding to Firewall, the NF 2 performs access control by filtering packets in accordance with predetermined policies.
Each NF 2 (NFs (a) to (d) in
The routing table 20 includes a network address corresponding to a pseudo address and information on a next hop (e.g., a network interface (port) number corresponding to a next hop) associated with the network address. In the example of
In the example of
For example, each NF 2 identifies a network address that a pseudo address added to a packet by the communication apparatus 1 belongs to, and forwards the packet to an address corresponding to a next hop identified.
One of the communication apparatuses 1, when receiving a packet (Operation S1), adds identification information (e.g., a pseudo address) to the packet based on the packet processing table 111 (Operation S2). The communication apparatus 1 forwards the packet with the identification information added thereto to a NF 2.
Each NF 2 executes the network functionality it can execute (Operation S3).
Each NF 2 performs routing of the packet based on the identification information added to the packet (Operation S4).
When the other communication apparatus 1 receives the packet with the identification information added thereto, the communication apparatus 1 deletes the identification information from the packet and restores the packet (Operation S5). If the destination address of the packet has been translated to the identification information (e.g., a pseudo address), the communication apparatus 1 having received the packet, which has passed via NFs 2, restores the translated destination address to the original address and forwards the packet to the destination address.
Operations S1 to S5 show operations related to a communication sent from the access network (A) to the core network (B).
Operations related to a communication sent from the core network (B) to the access network (A) are shown at Operations S6 to S8. These operations are similar to Operations S1 to S5, and therefore a detailed description thereof will be omitted.
As described above, in the first exemplary embodiment, each communication apparatus 1 adds identification information corresponding to a network function group to a packet and sends the packet with the identification information added thereto to a NF 2. Each NF 2 has a function of forwarding the packet, based on the identification information, to a NF 2 belonging the network function group corresponding to the identification information. That is, a packet sent by each communication apparatus 1 with identification information added thereto is forwarded so that the packet will pass via the NFs 2 corresponding to the identification information (i.e., the network function group corresponding to the identification information). Accordingly, according to the first exemplary embodiment, it is possible to change communication services that can be provided by the communication system, depending on a communication.
Moreover, each NF 2 only needs to manage, with the routing table 20, a network address corresponding to a network function group the NF 2 belongs to. Accordingly, each NF 2 only needs to perform routing based on a network address and does not need to perform special processing or have a special device to solve the problems to be solved by the present invention.
A second exemplary embodiment of the present invention will be described. In the second exemplary embodiment, it is possible to apply the technologies disclosed in the above-described first exemplary embodiment.
In the second exemplary embodiment, a controller 3 controls the operations of a plurality of communication apparatuses 1 in a centralized manner. Since the plurality of communication apparatuses 1 can be controlled in a centralized manner, the management efficiency in system operation of the operation manager of the communication system is enhanced.
The controller 3 controls the operations of the communication apparatuses 1, for example, by using a predetermined control protocol (e.g., OpenFlow, I2RS (Interface to the Routing System), or ForCES (Forwarding and Control Element Separation)). For example, the controller 3 controls the operations of the communication apparatuses 1 by creating, updating, and changing the contents of a packet processing table 111 retained by each communication apparatus 1.
The controller 3 includes a table storage section 30, a NF management section 31, a table management section 32, a control section 33, and a user information storage section 34.
For example, the table storage section 30 stores the group management table 110 illustrated in
The user information storage section 34 stores a user management table 112 illustrated in
The NF management section 31 manages the NFs 2 present in the communication system. For example, the NF management section 31 manages network functionalities that can be executed by the individual NFs 2 (i.e., the types of NFs, such as CPE and BRAS), a connection structure of NFs 2 (i.e., a network topology composed of NFs 2) and the like.
The table management section 32 creates the group management table 110, for example, based on the information managed by the NF management section 31, and stores it in the table storage section 30. For example, the table management section 32 acquires from the NF management section 31 information related to the NFs 2 present in the communication system and respective network functionalities that can be executed by the NFs 2. The table management section 32 determines network function groups based on the acquired information. The table management section 32 may determine network function groups based on an instruction from the operation manager of the communication system. Moreover, the table management section 32 determines a pseudo network address to be assigned to each network function group. The table management section 32 may determine the pseudo network address based on an instruction from the operation manager of the communication system, or may automatically determine the pseudo network address independently of an instruction from the operation manager.
The control section 33 manages the packet processing tables 111 of the communication apparatuses based on the information stored in the user information storage section 34 and table storage section 30. For example, the control section 33 performs creation, update, change, and the like of the packet processing tables 111 of the communication apparatuses 1, based on the user management table 112 and group management table 110.
For example, the control section 33 determines the correspondence between each user ID and a network function group based on the user management table 112 and group management table 110. For example, the control section 33 associates user ID “100.64.1.1” with a group (1). For example, the control section 33 determines the correspondence between each user ID and a network function group based on a policy (e.g., SLA (Service Level Agreement) contracted by each user, or the like) set by the operation manager. For example, the control section 33 assigns a network function group to a user so that the quality of communication services provided by the group to be assigned to the user will comply with the user's SLA.
For example, the control section 33 sets an instruction in the packet processing table 111 of the communication apparatus 1 on the access network (A) side to translate the destination address of a packet whose source is user ID “100.64.1.1” to “10.0.0.1”, a pseudo address corresponding to the group (1), as in the example of
For example, the control section 33 may notify an original destination address that has been translated to a pseudo address by a communication apparatus 1 (e.g., the apparatus on the access network (A) side) to the other-end communication apparatus 1 (e.g., the apparatus on the core network (B) side). For example, the control section 33 acquires an original destination address before translation from a communication apparatus 1 that has translated the destination address to a pseudo address. The control section 33, based on the acquired original destination address, sets an instruction to restore a packet with the translated destination address in the other-end communication apparatus 1.
Moreover, in the communication system, a case is conceivable in which the type of a communication service (e.g., a video delivery service or the like) provided via the communication apparatus 1 on the access network (A) side and the communication apparatus 1 on the core network (B) side is predetermined. In this case, the operation manager and the controller 3 can gain previously knowledge of the destination a user will access (e.g., a video delivery server). Accordingly, in such a case, the control section 33 can set the packet processing tables 111 of the communication apparatuses 1 based on an address expected to be the destination the user will access. For example, in the example of
Moreover, in the communication system, a case is conceivable in which it is difficult to assume a user's destination beforehand when a communication service provided via the communication apparatus 1 on the access network (A) side and the communication apparatus 1 on the core network (B) side is Internet access or the like. In this case, for example, it is only necessary for the packet processing section 10 of each communication apparatus 1 to inquire of the controller 3 if any entry corresponding to the source and destination addresses of a received packet is not in the table 111.
For example, it is assumed that the communication apparatus 1 on the access network (A) side receives a packet with source address “100.64.1.1” and destination address “100.64.2.1”, and that an entry for address translation of this packet is not in the table 111. In this case, the packet processing section 10 of the communication apparatus 1 requests an entry for dealing with this packet of the controller 3. The control section 33 of the controller 3 sets an entry for translating the destination address of a packet with source address “100.64.1.1” and destination address “100.64.2.1” to pseudo address “10.0.0.1”, in the communication apparatus 1 on the access network (A) side. Moreover, the control section 33 sets an entry for restoring the translated destination address to the original address, “100.64.2.1”, in the communication apparatus 1 on the core network (B) side. The communication apparatuses 1 each can process subsequent packets of the same type, based on the respective entries set through the above-described operations.
The controller 3 may send instructions to the communication apparatuses 1 via a network control apparatus 4, not directly sending instructions to the control apparatuses 1.
The network control apparatus 4 includes a table storage section 40, a control interface 41, and a NW control section 42.
The control interface 41 is an interface for communication with the controller 3. For example, the control interface 41 receives the group management table 110 from the control section 33 of the controller 3 and stores it in the table storage section 40. Moreover, the control interface 41 receives user information (e.g., user IDs and policies such as SLAs) managed by the controller 3.
The NW control section 42 performs creation, update, change, and the like of the packet processing tables 111 of the control apparatuses 1 through a method similar to that used by the control section 33 as described above, based on the information acquired from the controller 3 via the control interface 41.
The NF 2 includes a routing table 20, a packet forwarding section 21, and a network functionality execution section 22. Note that the NF 2 may be hardware equipment (e.g., a network device 200 such as a server or L2/L3 device) that executes predetermined network functionality, or may be software executed on a virtual machine activated on a network device 200. In case where the NF 2 is software, for example, the functionality of the NF 2 is executed by an application that operates on a virtual machine activated on a network device 200.
The packet forwarding section 21 transfers a received packet to the network functionality execution section 22.
The network functionality execution section 22 processes the transferred packet, based on the predetermined network functionality.
The packet forwarding section 21 forwards the packet processed by the network functionality execution section 22, based on the routing table 20. The routing table 20 is, for example, any table illustrated in
In case where the NF 2 is implemented by using software operating on a virtual machine (VM), for example, the NF 2 is managed by a network function management apparatus 6 (see
Existing communication systems use a dedicated appliance, which is hardware equipment, for each network function in order to execute various network functionalities. Since such dedicated appliances are needed to construct a communication system, a network operator is forced to introduce a new dedicated appliance or appliances, for example, when it newly launches a network service. To introduce dedicated appliances, network operators pay a lot of costs such as purchase expenses, installation spaces, and the like for the dedicated appliances.
Moreover, in recent years, the life cycles of dedicated appliances are becoming shorter. Accordingly, network operators have the problem that the lifecycles of appliances come to an end without the network operators gaining sufficient profits from the introduced dedicated appliances.
A technology for constructing the network function of a dedicated appliance by using software can be a solution to the above-described problems. However, in case where a network function is constructed by using software, a technology for constructing a network function chain by dynamically linking network functions is more important. This is because a network function constructed by using software is dynamically activated by a virtual machine or the like, and it is therefore conceivable that an operation for adding a network function to a system is frequently performed, and each time, it is requested to dynamically link network functions and provide communication services.
The communication section 60 is an interface for communication with the controller 3.
For example, the VM manager 61 performs activation and deactivation of a virtual machine-based NF 2. Moreover, for example, the VM manager 61 moves a virtual machine operating on a server to another server (migration). For example, the operation manager of the communication system performs activation, deactivation, migration, and the like of a NF 2 through the VM manager 61.
For example, the VM manager 61 notifies the controller 3 of information concerning the NFs 2 present in the communication system and respective network functionalities that can be executed by the NFs 2.
As described above, according to the second exemplary embodiment, the controller 3 controls the operations of the plurality of communication apparatuses 1 in a centralized manner. Since the plurality of communication apparatuses 1 can be controlled in a centralized manner, the management efficiency in system operation of the operation manager of the communication system is enhanced.
A third exemplary embodiment of the present invention will be described. In the third exemplary embodiment, it is possible to apply at least one of the above-described first and second exemplary embodiments.
In the third exemplary embodiment, the controller 3 controls the routing table 20 of each NF 2. Since the controller 3 can manage the routing table 20 of each NF 2 in a centralized manner, the efficiency in operation of the communication system is enhanced.
For example, the controller 3 controls the routing tables 20 based on a group management table 110-2 illustrated in
The controller 3 may control the routing table 20 of each NF 2 via the network control apparatus 4, as in an example of
A fourth exemplary embodiment of the present invention will be described. In the fourth exemplary embodiment, it is possible to apply at least one of the above-described first to third exemplary embodiments.
In the fourth exemplary embodiment, the controller 3 controls the packet processing tables 111 of the communication apparatuses 1 and the routing tables 20 of the NFs 2, depending on a change in a network function group, the addition of a network function group, or the like. According to the fourth exemplary embodiment, the efficiency in operation of the communication system is further enhanced.
The controller 3 updates the packet processing tables 111 of the communication apparatuses 1 in response to an update in the table 110-2.
For example, the controller 3 determines a user who will belong to the added group (3), for example, in response to an instruction from the operation manager. In the examples of
In the example of
A fifth exemplary embodiment of the present invention will be described. In the fifth exemplary embodiment, it is possible to apply at least one of the above-described first to fourth exemplary embodiments.
In the fifth exemplary embodiment, a management apparatus 5 is provided for the operation manager of the communication system to manage the NFs 2 and network function groups. The operation manager can manage the NFs 2 and network function groups, for example, by using a GUI (Graphical User Interface) of the management apparatus 5, and the efficiency in system operation is enhanced.
For example, the management apparatus 5 is an apparatus for managing the NFs 2 and network function groups in coordination with the controller 3 and network function management apparatus 6. Although the management apparatus 5, controller 3, and network function management apparatus 6 are discrete apparatuses in the example of
The management apparatus 5 includes a UI (User Interface) display section 500, a control section 501, a communication section 502, and a display 503.
The UI display section 500 has a function of displaying a UI for a user (the operation manager or the like) of the management apparatus 5 to operate on the display 503. The display 503 may be incorporated in the management apparatus 5 or may be another device separate from the management apparatus 5.
The communication section 502 has a function of communicating with the controller 3 and network function management apparatus 6. The control section 501 and UI display section 500 communicate with the controller 3 and network function management apparatus 6 via the communication section 502.
For example, the control section 501 exchanges information related to the network function groups and NFs 2 with the controller 3 and network function management apparatus 6 via the communication section 502. For example, the control section 501 exchanges the network function group management table 110 or 110-2 with the controller 3. Moreover, for example, the control section 501 exchanges information related to the NFs present in the communication system (e.g., information concerning the types of the NFs, such as CPE and BRAS) with the network function management apparatus 6. For example, the UI display section 500 uses the above-described information received from the controller 3 and network function management apparatus 6 to display the UI for the operation manager to operate on the display 503.
The control section 501 can generate information related to a network function group (e.g., a group ID, pseudo network addresses corresponding to the group, the types of the NFs 2 included in the group, the connection structure of the NFs 2 included in the group, and the like). For example, the control section 501 generates the above-described information when a new network function group is created by an operator, a change occurs in the configuration of a group, or the like. For example, the table management section 32 of the controller 3 receives the information generated by the control section 501 from the management apparatus 5. For example, the table management section 32 can create, change, or update the group management table 110, based on the received information.
The control section 501 can instruct the controller 3 to control the communication apparatuses 1 or NFs 2. For example, the control section 501 can instruct the controller 3 to create, change, or update the packet processing tables 111 of the communication apparatuses 1. Moreover, for example, the control section 501 can instruct the controller 3 to create, change, or update the routing tables 20 of NFs 20. The control section 33 of the controller 3 controls the communication apparatuses 1 and NFs 2 in accordance with such indications from the management apparatus 5.
For example, the design GUI 50 includes a NF component window 51, a design window 52, and a group window 53.
For example, the NF component window 51 displays icons each representing NFs 2 that are present in the communication system and that can be operated by the operation manager. In the example of
For example, the operation manager can select an icon displayed in the window 51 by clicking it with a mouse or the like and move the icon into the design window 52 through a “drag & drop” operation.
For example, the operation manager can create a network function group by performing an operation for linking icons moved into the design window 52. In the example of
For example, when the operation manager clicks a registration button 54 displayed in the design window 52, the control section 501 generates information related to the created network function group (e.g., a group ID, pseudo network addresses, and the like) and displays it in a Box 55. Note that the information such as a group ID and pseudo network addresses may be created by the controller 3. If these pieces of information are created by the controller 3, the control section 501 receives the information from the controller 3 and displays it in the Box 55.
For example, the ID and pseudo network addresses of the registered network function group are added into the group window 53.
For example, the control section 501 refers to the group management table 110 acquired from the controller 3 and determines pseudo network addresses to assign to a newly created group from among those network addresses that are not assigned to already existing groups. For example, the control section 501 determines pseudo network addresses to correspond to the uplink and downlink communication directions, respectively. The determined pseudo network addresses are displayed in the Box 55. Moreover, the control section 501 may automatically determine an ID to assign to the newly created group. The determined ID is displayed in the Box 55. Note that if a group ID and pseudo network addresses are created by the controller 3 as described above, for example, the table management section 32 of the controller 3 determines the group ID and pseudo network addresses through operations similar to those of the control section 501 described above.
For example, the control section 501 notifies the table management section 32 of the controller 3 that a network function group is newly created. Moreover, the control section 501 sends information related to the newly created network function group (e.g., NFs 2 belonging to the group, the connection structure of the NFs 2, pseudo network addresses, and the like) to the controller 3 via the communication section 502. For example, the NF management section 31 and table management section 32 of the controller 3 updates the network function group management table 110, based on the information received from the management apparatus 5. For example, the control section 33 of the controller 3 can create, change, or update the routing tables 20 of the NFs 2 in response to the notification from the control section 501, based on the information related to the newly created group. Moreover, for example, the control section 33 of the controller 3 can create, change, or update the packet processing tables 111 of the communication apparatuses 1 in response to the notification from the control section 501, based on the information related to the newly created group. Note that it is also possible that the functionality of the controller 3 is implemented on the management apparatus 5, and the management apparatus 5 directly controls the communication apparatuses 1 and NFs 2.
The control section 501 notifies the controller 3 of a user to be assigned to the newly added group. For example, the operator inputs a list of users to be assigned to the group to the management apparatus 5. The control section 501 of the management apparatus 5 can notify the input list to the controller 3. The controller 3 updates the user information storage section 34, based on the list notified from the management apparatus 5. The controller 3 sets a new entry in the packet processing tables 111 of the communication apparatuses 1-1 and 1-2, based on the IDs of the users assigned to the group and information concerning the group (the connection structure of the NFs 2 in the group and the like) sent from the management apparatus 5. Moreover, the controller 3 sets an entry in the routing tables 20 of the NFs 2 belonging to the newly added group. Note that a method for configuring the packet processing tables 111 of the communication apparatuses 1-1 and 1-2 and a method for configuring the routing table 20 of each NF 2 by the controller 3 are similar to those of the above-described exemplary embodiments, and therefore a detailed description thereof will be omitted. Note that the controller 3 may control the communication apparatuses 1 and NFs 2 via the network control apparatus 4.
The example of
For example, when the operation manager clicks a group ID displayed in the group window 53, the UI display section 500 displays those NFs that belong to a group corresponding to the clicked ID in the design window 52. In the example of
For example, the operation manager moves NF (CPE) into the design window 52 by “drag & drop” and creates a link between the NF (CPE) and NF (BRAS) and between the NF (CPE) and “Downlink” icon, whereby NF (CPE) is added to the group. For example, the operation manager clicks the registration button 54, whereby the addition of NF (CPE) to the group is reflected. The control section 501 of the management apparatus 5 sends the controller 3 information related to the updated network group (e.g., the types of the NFs belonging to the type of the group, the connection structure of the NFs in the group, pseudo network addresses, and the like) to the controller 3 via the communication section 502. For example, the NF management section 31 and table management section 32 of the controller 3 updates the network function group management table 110, based on the information received from the management apparatus 5. Moreover, the control section 501 notifies the controller 3 that the connection structure of the NFs 2 in the group has been updated, and the controller 3, in response to this notification, controls the communication apparatuses 1 and NFs 2. Note that it is also possible that the functionality of the controller 3 is implemented on the management apparatus 5, and the management apparatus 5 directly controls the communication apparatuses 1 and NFs 2.
The control section 501 notifies the controller 3 of a user to be assigned to the newly added group. For example, the operator inputs a list of users to be assigned to the group to the management apparatus 5. The control section 501 of the management apparatus 5 can notify the input list to the controller 3. The controller 3 updates the user information storage section 34, based on the list notified from the management apparatus 5. The controller 3 sets a new entry in the packet processing tables 111 of the communication apparatuses 1-1 and 1-2, based on the IDs of the users assigned to the group. Moreover, the controller 3 sets an entry in the routing table 20 of each NF 2. Note that a method for configuring the packet processing tables 111 of the communication apparatuses 1-1 and 1-2 and a method for configuring the routing table 20 of each NF 2 by the controller 3 are similar to those of the above-described exemplary embodiments, and therefore a detailed description thereof will be omitted. Note that the controller 3 may control the communication apparatuses 1 and NFs 2 via the network control apparatus 4.
As described above, according to the fifth exemplary embodiment, the controller 3 or network control apparatus 4 can autonomously control the communication apparatuses 1 and NFs 2 in response to the operation manager's operation of the GUI. Accordingly the efficiency in system operation of the operation manger is enhanced.
A sixth exemplary embodiment of the present invention will be described. In the sixth exemplary embodiment, it is possible to apply at least one of the above-described first to fifth exemplary embodiments.
In the sixth exemplary embodiment, each NF 2 performs label-based packet forwarding by using the MPLS (Multi Protocol Label Switching) technology or the like. Each NF 2 performs label-based packet forwarding, whereby it is possible to support not only IP (Internet Protocol) but also other-layer protocols.
The label control section 35 controls labels used for the communication apparatuses 1 and NFs 2 to forward packets, based on the group management table 110 and user management table 112.
For example, the label control section 35 refers to the group management table 110 and user management table 112 and learns correspondences between users and network function groups. The label control section 35 sets an entry for adding a label to (or deleting a label from) a packet of interest in the packet processing tables 111 of the communication apparatuses 1, based on the correspondences between users and network function groups.
For example, the label control section 35 refers to the group management table 110 and learns pseudo network addresses corresponding to each network function group. The label control section 35 sets an entry for label-based packet forwarding in the routing table 20 of each NF 20, based on the respective pseudo network addresses mapped to the groups.
The group management table 110 is similar to the examples shown in
In the examples of
In the examples of
The label control section 35 learns the correspondences between users and groups and the IDs of the users (e.g., the users' IP addresses), based on the group management table 110 and user management table 112. The label control section 35, based on the information it has learnt, sets an entry for instruction to add label “A” to a packet belonging to the group (1) in the packet processing table 111-2, as in the example of
The label control section 35 sets an entry for instruction to add label “Z” to a packet belonging to the group (1) in the packet processing table 111-3, as in the example of
The label control section 35 makes settings similar to the foregoing, with respect to packets belonging to the group (2).
The label control section 35 sets an entry in the routing table 20 of each NF. The label control section 35 sets an entry for instruction to select a next hop depending on “In Label” in the example of
Referring to the example of
Other NFs 2 illustrated in
In the above-described example, an example of the architecture is described in which the communication system includes communication apparatuses 1. However, the present invention is not limited to the above-described example. For example, an architecture will do in which no communication apparatus 1 is included. In this case, it is only necessary that, for example, NFs 2 at the edges of each network function group (e.g., NF (c) and NF (b) in the group (2) in the example of
As described above, according to the sixth exemplary embodiment, each NF 2 performs label-based packet forwarding by using the MPLS technology or the like. Each NF 2 performs label-based packet forwarding, whereby it is possible to support not only IP (Internet Protocol) but also other-layer protocols. Moreover, since a label is determined with respect to a pseudo network address corresponding to a network function group, the effect can be obtained that the number of entries set in the communication apparatuses 1 and NFs 2 can be reduced. It is conceivable that the number of entries can be enormous if labels are determined based on destination addresses, which can exist in unlimited numbers depending on communication. However, in the sixth exemplary embodiment, the destination addresses of communication are virtually aggregated by using a pseudo network address that is assigned to a network function group, and each NF 2 performs packet routing based on such a pseudo network address. Destination addresses are aggregated into a pseudo network address, whereby the number of entries in the routing table of each NF 2 is compressed.
A seventh exemplary embodiment of the present invention will be described. In the seventh exemplary embodiment, it is possible to apply at least one of the above-described first to sixth exemplary embodiments.
In the seventh exemplary embodiment, each NF 2 performs label-based packet forwarding by using the MPLS technology or the like as in the sixth exemplary embodiment. In the seventh exemplary embodiment, each NF 2 further use the MPLS-VPN (Virtual Private Network) technology or the like, whereby it is possible to enhance security of communication.
The label control section 35 determines a virtual network label to correspond to each network function group. The label control section 35 sets in the communication apparatuses 1 and NFs 2 an entry related to the addition and deletion of a virtual network label.
In the examples of
In the examples of
The other functions of the label control section 35 are similar to those described in the sixth exemplary embodiment, and therefore a detailed description thereof will be omitted.
The control apparatuses 1 add or delete a virtual network label in accordance with the respective packet processing tables 111-4 and 111-5 configured by the label control section 35.
Each NF 2 forwards a packet based on labels added to the packet. Note that each NF 2 forwards a packet without changing a virtual network label added to the packet. Accordingly, the value of a virtual network label of a packet is not changed while the packet passes through NFs 2.
For example, the communication apparatuses 1 can separate communication interfaces used for packet forwarding, depending on virtual network labels. Moreover, each NF 2 can separate communication interfaces used for packet forwarding, depending on virtual network labels. In other words, packets passing via NFs 2 are virtually separated depending on virtual network labels. Accordingly, communications are separated on a network function group basis, and security of communication is improved.
The other functions of the communication apparatuses 1 and NFs 2 are similar to those described in the sixth and other exemplary embodiments, and therefore a detailed description thereof will be omitted.
In the above-described example, an example of the architecture is described in which the communication system includes communication apparatuses 1. However, the present invention is not limited to the above-described example. For example, an architecture will do in which no communication apparatus 1 is included. In this case, it is only necessary that, for example, NFs 2 at the edges of each network function group (e.g., NF (c) and NF (b) in the group (2) in the example of
As described above, according to the seventh exemplary embodiment, each NF 2 further uses the MPLS-VPN technology or the like, whereby it is possible to enhance security of communication.
Exemplary embodiments of the present invention have been described hereinabove, but the present invention is not limited to the above-described individual exemplary embodiments. The present invention can be implemented based on modification, replacement, and arrangement of each exemplary embodiment. Moreover, the present invention can also be implemented by arbitrarily combining each exemplary embodiment. That is, the present invention incorporates various modifications and amendments that can be accomplished based on all of the disclosed content and technical ideas of the present description.
Number | Date | Country | Kind |
---|---|---|---|
2013-157944 | Jul 2013 | JP | national |
Filing Document | Filing Date | Country | Kind |
---|---|---|---|
PCT/JP2014/003941 | 7/25/2014 | WO | 00 |