This application claims the priority of Japanese Patent Application No. 2013-266316 filed on Dec. 25, 2013, the entire contents of which are incorporated herein by reference in its entirety.
The subject matter to be disclosed relates to construction of a logical network.
In recent years, in order to reduce cost of owning IT resources and a cope with a severely fluctuating business environment, a cloud service is expected to be used in a system for which performance and reliability are needed, for example, a backbone system. In the system for which performance and reliability are needed, it is necessary to guarantee a performance requirement in regard to a network similarly to a virtual machine or the like.
In most cloud management systems in the related art, a virtual network coupling virtual machines to each other is constructed in an overlay type by a tunnel between virtual switches accommodating the virtual machines. In the overlay type, a virtual network can be constructed without the need for understanding or setting the configuration of a physical network through the tunnel.
However, determination of a physical device in which the virtual network considering performance for a device constituting the physical network and the capacity of a resource or the like is deployed, and setting for guaranteeing the performance of the determined physical device are necessary for guaranteeing the performance of the virtual network.
Further, in networks for tenant administrators of each cloud, a virtual network coupling the virtual machines to each other, and a middlebox apparatus (hereinafter, also referred to as MB) which is coupled to the virtual network and controls a packet such as a firewall (hereinafter, referred to as FW) or a load balancer (hereinafter, referred to as LB) are necessary, and the performance guarantee is necessary with respect to the location of the MB and the MB itself. In IETF RFC 3234, a middlebox is defined as a device performing a process beyond the normal performance of an IP router or a “function” virtually incorporated in a device. Further, here, networks for each of the tenant administrators including the virtual network and the MB are referred to as “logical networks.”
In a cloud management system in the related art, since the physical network and the MB are not managed, construction of the logical network guaranteeing the performance requirement is difficult.
In the related art, as a technique for constructing a virtual network in consideration of the physical configuration, there is a method of designing a virtual network which automates the allocation of the virtual network onto the physical network and avoids allocation which may cause an inefficient state on the physical network (JP-A-2012-169874, paragraphs [0012] to [0015]).
Problems in the related art are as follows.
In the related art, allocation of the virtual network onto the physical network is determined by considering the number of hops and delay of the physical network. However, there are various requirements such as a guaranteed bandwidth and availability in addition to the delay of the network in the performance requirements with respect to the virtual network. Further, in addition to the virtual network coupling the virtual machines to each other, the FW or the MB such as the LB is included in the logical network, and there are also performance requirements such as a throughput of the MB and the like. In the related art, a deployment location on the physical network cannot be determined in correspondence with these various performance requirements. In addition, the number of candidates of deployment locations to the physical network is increased so that the amount of calculation becomes larger as the kinds of performance requirements which are dealt with are increased in general. Further, the kinds or the values of the performance requirements intended to be specified vary depending on a tenant administrator, and it is necessary to easily specify the performance requirements.
In the related art, there is a problem in that the performance requirements of the logical network are difficult to specify easily and the deployment location of the logical network is difficult to determine in correspondence with the various performance requirements described above.
For solving the above-described problem, a method of constructing a logical network in which a logical network guaranteeing a performance requirement can be easily constructed even when a physical configuration is not considered and a management server used therefor are disclosed in the present specification.
Specifically, there is provided a method of constructing a logical network which determines a network apparatus of a deployment location and a middlebox apparatus when the logical network is constructed on a physical network to which the network apparatus, the middlebox apparatus, and a physical server are coupled, in which an abstract configuration of the logical network and logical network information including a performance requirement with respect to a configuration element are received, and the network apparatus which becomes a deployment location of the logical network and the middlebox apparatus are determined according to the abstract configuration of the logical network and the performance requirement; and there is provided a management server used therefor.
According to an aspect of the invention, there is provided a method of constructing a logical network in which a management server is coupled to a physical network to which a plurality of physical servers or a plurality of physical servers and a physical middlebox are respectively coupled through a physical network apparatus, the logical network is a network to which a virtual machine, and any one or both of a physical middlebox and a virtual middlebox are coupled through any one or both of the physical network apparatus and a virtual network apparatus, the virtual middlebox is realized on any one or both of the physical server and a physical middlebox apparatus, and the method includes, causing the management server to receive configuration information of the logical network and a logical network reservation request including a performance requirement with respect to a constituent element of the logical network, to determine the plurality of physical servers, or the plurality of physical servers and the physical middlebox, and the physical network apparatus which are deployment locations of the logical network, and setting contents therefor based on the received configuration information and the received performance requirement of the logical network, and to determine the setting contents for the plurality of physical servers, or the plurality of physical servers and the physical middlebox, and the physical network apparatus which are all determined.
Further, in the method of constructing a logical network, the configuration information of the logical network includes information related to one or more logical switches which are constituent elements, and one or more logical middlebox apparatuses, the logical switch is configured using a plurality of the physical network apparatuses, and includes setting items including a segment representing a broadcast domain in the logical switch, an abstracted physical port in association with the segment, and an abstracted logical port to which the logical middlebox apparatus is coupled, and the performance requirement with respect to the logical network is specified by setting at least any one of performance requirement specification objects including the logical switch, the segment in the logical switch, the abstracted physical port in association with the segment, the logical middlebox apparatus, and the abstracted logical port as an object.
According to the above-described aspect, when the logical network required by a cloud administrator is constructed on the physical network, an infrastructure administrator can determine an apparatus on the physical network, which constructs the logical network satisfying the performance requirement specified by the cloud administrator and determine the setting contents for the apparatus.
The cloud administrator can specify a logical network specification using various performance requirements such as delay, a guaranteed bandwidth, and a throughput with respect to a middlebox, which can be understood by the cloud administrator, without considering the configuration of the physical network, the performance of a physical apparatus, resource capacity, and the like.
According to the disclosure, it is possible to construct a logical network satisfying a performance requirement even when a physical configuration is not considered.
Problems, configurations, and effects which are not described above will become obvious from the description of the embodiments below.
The details of one or more implementations of the subject matter described in the specification are set forth in the accompanying drawings and the description below. Other features, aspects, and advantages of the subject matter will become apparent from the description, the drawings, and the claims.
Hereinafter, the embodiments will be described with reference to the accompanying drawings.
The network system of the present embodiment is configured by including a plurality of physical network apparatuses (hereinafter, also referred to as a Network (NW) apparatus) transferring a packet, a plurality of computers, and a management computer. Specifically, as illustrated in
Hereinafter, the core SW (100), the aggregated SW (100), and the ToR SW (110) are collectively referred to as an SW.
The physical server for virtual MB 200 creates a virtual machine (Virtual Machine: hereinafter, noted as a VM) and operates the virtual MB on the VM. In regard to the physical MB 250A, there are a case in which one tenant uses one apparatus and a case in which the physical MB is logically partitioned in plural, a plurality of middlebox functions are constructed thereon, and each of the middlebox functions is used by a tenant. The middlebox function which is operated when the VM or the physical MB is logically partitioned and can be handled as a virtual apparatus, and accordingly, the function is referred to as a virtual middlebox apparatus (virtual MB). The virtual MBs are, for example, an FW apparatus, an LB apparatus, and a VPN apparatus. In addition, the middlebox function or the middlebox apparatus controls discarding of the packet or conversion of a header.
The physical server generates the VM and operates a server with a tenant. The physical server is not an object to be managed by the physical NW management server.
The physical NW management server manages the SW, the physical server for virtual MB, the physical MB, and the Inter-DC NW. The deployment location of the MB, the abstracted physical port provided to the NW for a tenant, and the SW coupling the MB and the abstracted physical port are calculated and setting for guaranteeing performance is performed according to the performance requirement from the cloud administrator.
The tenant management server constructs a tenant. Particularly, the NW for a tenant creates a tunnel between the virtual SWs on the physical server. The virtual network for a tenant whose performance is guaranteed can be constructed by constructing the VM on the physical server coupled to the abstracted physical port provided by the physical NW management server. In addition, in order to couple the VM with the MB, it is necessary to set termination of the tunnel on the virtual SW accommodating the MB or the Tor SW.
The tenant operator terminal 700 is a terminal providing a user interface for operating the physical NW management server and the tenant management server. The terminal for an administrator is used by the cloud administrator or the tenant administrator. The cloud administrator acquires the logical NW, couples the physical server with the logical NW, and provides the cloud service using the physical NW management server 500. The tenant administrator creates a tenant on the cloud service provided by the cloud administrator using the tenant management server. Further, even when the logical NW is used for each tenant, the logical NW may be used by a plurality of tenants by being prepared for each of the cloud service. Further, the logical NW can be used for the management network for each cloud service. In this case, the tenant administrator uses the terminal when the logical NW is used for each tenant and the cloud administrator uses the terminal when the logical NW is used for the management network.
The hypervisor management server constructs the physical server for virtual MB, and the VM and the virtual SW on the physical server.
The sub physical network (NW) sub physical network (SPN) is obtained by grouping at least one SW. In the sub physical NW, when a multi-path configuration such as fabric or a redundant configuration is employed and has a performance guideline such as a bandwidth or delay, a performance requirement such as availability related to the redundant configuration can be specified to the segment of the logical NW or the configuration can be set as a deployment location candidate of the segment of the logical NW. Further, the SW may not belong to the sub physical NW. For example, the ToR SW110H does not belong to the sub physical NW in
The logical NW5 includes the logical SW10 and the MB15. The logical SW and the MB may be plural and the plurality of logical SWs are coupled with one another through the MB. The logical SW10 includes an abstracted physical port, an abstracted logical port, and a segment which are abstracted constituent elements. Further, the segment, the abstracted physical port, and the abstracted logical port are associated with one another. The cloud administrator specifies the performance requirement with respect to the segment, the abstracted physical port, the abstracted logical port, and the MB which are the constituent elements of the logical NW. Since these constituent elements are abstracted, the physical configuration does not have to be considered so that the cloud administrator can easily specify the performance requirement. The performance requirement includes the types of requirements such as the bandwidth, delay, and availability, and the value of performance.
The logical SW 10 may be configured to be across a plurality of DCs in correspondence with a plurality of SWs in the physical network. The logical SW includes the abstracted physical port and the abstracted logical port. The abstracted physical port corresponds to the physical port of SW. The cloud administrator couples the physical port to the physical server and deploys the VM, on the physical server. At the time of the input, only the number of the abstracted physical ports may be specified or the correspondence to the physical port may be specified. In the case where only the number thereof is specified, the physical NW management server calculates the physical port positioned in a location corresponding to the abstracted physical port.
The abstracted logical port is a port for coupling the MB and does not present which port of the physical network is to be coupled with the MB to the cloud administrator. This is because the physical MB is an object to be managed by the infrastructure administrator, and thus the cloud administrator does not need to grasp where to be coupled physically. The cloud administrator can specify the performance requirement with respect to the abstracted logical port.
Further, the abstracted logical port may be coupled with an external network. The external network is the Internet or a virtual private network (VPN).
The segment indicates a broadcast domain. The segment is coupled with the abstracted physical port and the abstracted logical port.
The physical NW management server 500 includes a processor 550, a memory 510, an internal storage device 560, an I/O interface (I/F) 570, and a network interface (I/F) 580.
The management server 500 transmits or receives information through another devices coupled with the network, for example, the SW 100 and the like, and the network I/F 580.
The processor 550 executes a program to be held by the memory 510. The memory 510 holds the program executed by the processor 550 and information necessary for executing the program.
Specifically, the memory 510 holds a deployment target decision program 511, an MB connection program 512, and a performance assurance configuration program 513. Further, the memory 510 holds mapping information between performance requirement and physical item candidates 521 satisfying the object for specifying the performance requirement (hereinafter, simply noted as the mapping information), physical device management information 522, physical port information 523, physical coupling information 524, physical MB information 525, physical server information 526 for a virtual MB, sub physical NW information 527, logical NW information 528, and user information 529.
The processor 550 is operated as a function unit having a predetermined function by being operated according to the program held by the memory 510.
In the description below, in a case where the description is made by using the function unit as the subject, this means that the processor 550 is operated according to the program for realizing the function unit.
In addition, each program may be held by a non-transitory storage medium such as the internal storage device 560. In this case, the processor 550 reads the program from the internal storage device 560 and loads the read program in the memory 510, and executes the loaded program.
Further, information such as a table held by the memory 510 can be held in storage devices such as the internal storage device 560, a non-volatile semiconductor memory, a hard disk drive, and a Solid State Drive (SSD), or computer-readable non-transitory data storage media such as an IC card, an SD card, and a DVD.
Hereinafter, the programs and information held by the memory 510 will be described.
The deployment target decision program 511 realizes a deployment target decision unit that calculates a path coupling the MB with the deployment location of the abstracted physical port and coupling the MB with the abstracted physical port based on configuration information of the logical NW from the cloud administrator and the performance requirement.
The MB connection program 512 sets a tunnel for a segment on the virtual SW on the physical server for the virtual MB or on the SW accommodating the physical MB for connecting the virtual MB or the physical MB managed by a physical NW management system to the segment between the VMs created by the tenant management server 600.
The performance assurance configuration program 513 realizes a performance assurance configuration unit that performs the setting for the performance guarantee such as bandwidth control and priority transfer control on the SW for guaranteeing the specified performance.
The mapping information 521 holds information indicating the type of the performance requirement, the corresponding physical item candidate, the value of performance requirement, and the attribute of the corresponding physical item for each object for specifying the performance requirement. The details of the mapping information 521 will be described with reference to
The physical device management information 522 holds information indicating management IP addresses or the like for setting the SW. The details of the physical device management information 522 will be described with reference to
The physical port information 523 is a physical port information managing unit that holds information indicating the abstracted physical port of the SW, and the line bandwidth or a used bandwidth of the abstracted physical port. The details of the physical port information 523 will be described with reference to
The physical coupling information 524 is a link information managing unit between network apparatuses holding information indicating attributes such as a link coupling physical apparatuses and delay or a bandwidth of the link. The details of the physical coupling information 524 will be described with reference to
The physical MB information 525 holds information indicating the number of virtual MBs which can be provided by logically partitioning the physical MB and the use state. The details of the physical MB information 525 will be described with reference to
The physical server information 526 for a virtual MB holds information indicating the number of the virtual MBs which can be provided by the physical server for virtual MB and the use state. The details of the physical server information 526 for a virtual MB will be described with reference to
The sub physical NW information 527 is a sub physical NW information managing unit which holds information indicating a redundancy method in the sub physical NW, delay, and the like. The details of the sub physical NW information 527 will be described with reference to
The logical NW information 528 holds information indicating the MB in which the logical NW is deployed, the abstracted physical port, and the state of the process. The details of the logical NW information 528 will be described with reference to
The user information 529 holds information indicating a contact address of the user. Since the user information whose element can be used is set in the physical MB information and the physical port information, the deployment location can be calculated from the physical MB allocated for each user and the abstracted physical port. In this manner, the physical items usable for each user can be controlled. The details of the user information 529 will be described with reference to
A type of a requirement specification target item 5211 is a type of an object for specifying the performance requirement in the virtual NW information which is the input information. As the values of the items, an “abstracted physical port,” an “abstracted logical port,” a “segment,” and “logical MB” can be exemplified.
A type 5212 of the performance requirement is a type of the performance requirement, and line bandwidth guarantee, delay, or availability is included therein. In addition, the values of the items are requirements with respect to the constituent element of the virtual NW and a cloud administrator that does not understand the physical configuration can perform specification.
A corresponding physical guideline 5213 is a guideline of the physical item to be used when the deployment location is determined.
A corresponding physical item list 5214 is a list of physical items which becomes the deployment location candidate of the logical NW constituent element specified by the type of the requirement specification target item 5211. The deployment location is determined from among the items of the list.
configuration 5215 for the performance guarantee is the setting content necessary for guaranteeing the required performance requirement. For example, in a case of guaranteeing the line bandwidth, shaping for an object port is set. “-” means that there is no content to be set.
An exclusive unit 5216 is information for not deploying the element of the virtual NW in which the same requirement is specified in the same virtual NW in the same range. For example, in a case of “another rack”, the logical MB in which the performance requirement is specified is deployed to the physical device of another rack. In this manner, the deployment location of a redundant device can be controlled by considering an expected failure range.
An individual algorithm is necessary for each performance requirement in a deployment location determining technique in the related art, but since the mapping information 521 does not depend on the types of the performance requirement, it is possible to easily correspond to a new requirement and to correspond to various performance requirements by adding items to the information.
A processing state 5287 is a processing state of the logical NW and a “reserved” state is a state in which a deployment location is determined and a resource of the deployment location is reserved and setting for the performance guarantee or setting for coupling the MB with the segment has not been performed. A “set” state is a state in which setting for the performance guarantee or setting for coupling the MB to the segment is completed.
First, the tenant operator terminal 700 requires the physical NW management server 500 to perform logical NW reservation (S101). The configuration information of the logical NW, the logical NW information including performance requirements, and the user information related to the required user, which are illustrated in
The physical NW management server 500 sets a processing state of the logical NW in which the logical NW information is created of
The tenant operator terminal 700 requires the tenant management server 600 to perform tenant creation (S104). In the requirement, the physical server for a VM coupled with the provided physical port transmitted in S103 is specified as a deployment location of the VM.
The tenant management server 600 requires the hypervisor management server 650 to perform segment creation for VM deploy and a tenant NW (S105). When the hypervisor management server 650 receives a requirement, the VM is deployed to the physical server for a VM (S106). Next, configuring of the tunnel for a tenant NW is performed on a vSW on the VM side (S107). The vSW accommodating the VM is set for terminating the tunnel corresponding to the segment (S108). As a technology for the tunnel for realizing the segment, VXLAN or GRE is exemplified, and logical partitioning may be performed using a VLAN.
The vSW on the VM side transmits process results to the hypervisor management server after setting for terminating the tunnel is completed (S109). The hypervisor management server 650 transmits process results of VM deploy and segment creation for a tenant NW to the tenant management server (S110). The tenant management server 600 transmits process results of the tenant creation to the tenant operator terminal 700 (S111).
The tenant operator terminal 700 requires the physical NW management server 500 to construct the logical NW (S121). The requirement contents include the reserved logical NW ID notified from the physical NW management server 500 and the created tenant ID notified from the tenant management server 600 in S103. Further, the processes subsequent to S122 may be continuously performed after the process of S110 is finished. In this case, information transmitted to the physical NW management server in S121 is transmitted when the process of S101 is performed.
The physical NW management server 500 deploys the virtual MB on the physical server for virtual MB 200 in the deployment location of the virtual MB which is determined at the time of reservation (S122). Specifically, a VM is created on the physical server for virtual MB 200 and a middlebox function is constructed.
The physical NW management server 500 deploys the logical MB on the physical MB 250 in the deployment location of the physical MB which is determined at the time of reservation (S124). In a case where the providing type 5254 illustrated in
The physical NW management server 500 requires the hypervisor management server 650 to provide the tunnel information for a tenant NW (S126). The hypervisor management server 650 notifies the physical NW management server 500 of a list of the identification information related to a VXLAN tunnel for each vSW of the specified tenant (S127).
The physical NW management server 500 specifies the identification information of the VXLAN tunnel corresponding to the segment of the logical SW 10 (S128). Specifically, a set of the physical port included in the segment of the logical SW 10 and a set of the physical port coupled with the vSW to which the VXLAN is set are specified and then the VXLAN is set to a VXLAN corresponding to the segment. Further, the identification information (tunnel identification information) of the specified VXLAN is used for coupling of the MB with the segment and for QoS setting.
The physical NW management server 500 requires an MB-accommodating vSW or the VXLAN GW to configure termination of the tunnel such that the MB can be coupled with the segment (S129). Specifically, the vSW accommodating the MB coupled through the abstracted logical port for each segment or the VXLAN GW is set to terminate the tunnel of the identification information specified in S128, which corresponds to an object segment. The MB-accommodating vSW or the VXLAN GW notifies of the process results (S130).
The physical NW management server 500 performs setting of QoS for the performance guarantee on the physical port corresponding to the abstracted logical port with which the logical MB is coupled (S131). For example, the setting specified in the configuration 5215 for the performance assurance in
The physical NW management server 500 performs setting of QoS for the performance guarantee on the physical port corresponding to the abstracted physical port (S133).
The physical NW management server 500 notifies the tenant operator terminal 700 of the process results (S135).
The physical NW management server 500 calculates the deployment location sub physical NW candidate using mapping information of the performance requirement and the physical item candidate illustrated in
Further, in a case where a bandwidth is specified as the segment performance requirement, the presence of an available bandwidth required based on the resource availability acquired from the resource utilization situation information is confirmed with reference to the bandwidth 5275 and the used bandwidth 5276 of
The sub physical NW of the deployment location candidate is calculated for each segment illustrated in FIG. 16(1) using this process.
A combination of segment deployment physical NWs is created to be set as a configuration candidate (S202). Specifically, a combination of sub physical NWs of the deployment location candidate corresponding to the segment calculated in S201 is created.
Next, the deployment location candidates of the logical MB belonging to a plurality of segments are calculated from the resource availability acquired from the performance requirement illustrated in
The configuration candidate calculated in S201, to which the logical MB belonging to the plurality of segments cannot physically belong is excluded from the object (S204). For example, since a combination of the sub physical NW 11 and 121 does not have a common physical port, and the sub physical NW 121 is not coupled with the physical MB 1 which is the deployment location of FW 1, this combination is excluded from the object. In addition, at this time, the range of the sub physical NW may be expanded to be set as the deployment location candidate of the segment using the link of
A combination of segment deployment physical NWs illustrated in FIG. 16(2) is created by performing this process.
In this manner, the deployment location of the logical network can be determined by establishing both of the performance requirement with respect to the segment and a plurality of performance requirements such as the performance requirement with respect to the logical MB not using a deployment location determination method for each performance requirement in the related art.
An unprocessed segment deployment physical NW is selected (S205).
Candidates of the logical MB and the abstracted physical port are calculated from mapping information of the performance requirement and the physical item candidate, the input logical MB, the performance requirement value to the abstracted physical port, and the resource availability (S206) illustrated in
A combination of the abstracted physical port in an object segment deployment physical NW and the deployment location of the logical MB is calculated, and a path coupling the abstracted physical port with the deployment location is calculated, and then a constituent candidate in the segment deployment physical NW is calculated (S207). In a case where the sub physical NW has a multi-path configuration such as fabric, the path is passed through in a sub physical NW unit. Moreover, in a case where the sub physical NW does not have a multi-path configuration or the sub physical NW is changed into the segment deployment physical NW by the range of the sub physical NW being expanded by the link, the path is calculated using a Dijkstra method or the like.
A candidate of the abstracted physical port in the segment deployment physical NW and the deployment location of the logical MB illustrated in FIG. 16(3) is calculated by performing this process.
The configuration in the segment deployment physical NW is selected by the guideline specified by the user (S208). For example, when the user specifies the guideline as “a configuration with the lowest fee,” a total of the fee is calculated according to the deployment location of the resource having configurations in each of the segment deployment physical NW, and a configuration with the lowest fee is selected with reference to the fee 5258 in
The guideline specified by another user is, for example, speed of the logical NW provision time.
Particularly, when there is no guideline specified by the user, a configuration with maximum distribution of resources such as an MB or a bandwidth being used in addition to the logical NW created until now is selected. In this manner, a broad range of configurations can be employed in the subsequent logical NW creation.
Further, proposed configurations may be presented to the user so as for the user to select a configuration therefrom.
In a case where there is an unprocessed segment, the process is returned to S205. When there is no unprocessed segment, the final configuration is selected from the combination of the segment deployment physical NWs by the guideline specified by the user (S210). The guideline specified by the user is calculated for each combination of the segment deployment physical NW in which the segment deployment physical NW whose internal structure is determined is calculated in S204, and the configuration corresponding to the process of the final logical NW is determined according to the result. The guideline specified by the user is a fee or the like in the same manner as that of S208, and a configuration with the maximum distribution of resources is selected in a case where there is no particular guideline specified by the user. Further, proposed configurations may be presented to the user so as for the user to select a configuration therefrom.
The deployment location to the process of the logical NW is determined illustrated in FIG. 16(4) by performing this process.
In this manner, it is possible to decrease the calculation amount by calculating the combination in the segment unit while the performance requirement to the logical MB is established and then by calculating the configuration in the segment deployment physical NW corresponding to the segment.
Although the present disclosure has been described with reference to example embodiments, those skilled in the art will recognize that various changes and modifications may be made in form and detail without departing from the spirit and scope of the claimed subject matter.
Number | Date | Country | Kind |
---|---|---|---|
2013-266316 | Dec 2013 | JP | national |