JP5566952B2 - Network system, relay control device, relay control method, and relay control program - Google Patents

Description

  Embodiments described herein relate generally to a network system, a relay control device, a relay control method, and a relay control program.

  2. Description of the Related Art Conventionally, a technology for connecting bases scattered in a plurality of locations using an access network such as a public telephone network or the Internet has been proposed. And by connecting multiple bases using this technology, services such as voice (telephone) conferences, video conferences, and WEB conferences that allow voices and images to be exchanged simultaneously between users scattered at each base Offering is also done.

  In recent years, technologies such as a VLAN (Virtual Local Area Network) and a tag VLAN that form a plurality of virtual networks in an in-company network are known. A network to which such a technique as VLAN is applied enables data communication between specific users in the virtual network.

Tony Jeffree et al, "IEEE Standard for Local and metropolitan area networks Virtual Bridged Local Area Networks", IEEE Std 802.1Q-2005, [online], [searched May 31, 2011], Internet <http: // standards .ieee.org / getieee802 / download / 802.1Q-2005.pdf> Tony Jeffree et al, "IEEE Standard for Local and metropolitan area networks Virtual Bridged Local Area Networks Amendment 4: Provider Bridges", IEEE Std 802.1ad-2005, [online], [searched May 31, 2011], Internet < http://standards.ieee.org/getieee802/download/802.1ad-2005.pdf> Tony Jeffree et al, "IEEE Standard for Local and metropolitan area networks Virtual Bridged Local Area Networks Amendment 7: Provider Backbone Bridges", IEEE Std 802.1ah-2008, [online], [searched May 31, 2011], Internet <Http://standards.ieee.org/getieee802/download/802.1ah-2008.pdf> OpenFlow Switching Consortium, "Open Flow", [online], [searched May 31, 2011], Internet <http://www.openflow.org/>

  However, in the related art related to the virtual network, the work cost for constructing the virtual network may increase. For example, when a virtual network is constructed by VLAN, it is necessary to set a VLAN table or the like in a relay device such as a switch. Since there are a plurality of such relay apparatuses in the network, the work cost for the setting work increases.

  The present invention has been made in view of the above, and an object of the present invention is to provide a network system, a relay control device, a relay control method, and a relay control program that can easily realize data communication in a virtual network. And

  The network system according to the embodiment is a network system including a plurality of switches that relay data, and the switch inputs a plurality of ports connected to other switches or terminals and data from the other switches or terminals. A port identifier for identifying an input port that is a received port, a MAC address and an IP address of a transmission source terminal that is a transmission source of the data, a MAC address and an IP address of a destination terminal that is a destination of the data, The flow table in which the port identifier of the output port that is the port that outputs the data is registered, and when data is input to the predetermined input port from another switch or terminal, the port identifier of the predetermined input port , The MAC address and IP address of the transmission source terminal of the input data input to the predetermined input port And an acquisition unit for acquiring the port identifier of the output port registered in the flow table in association with the MAC address and IP address of the destination terminal of the input data, and the port identifier acquired by the acquisition unit And a transmission unit for transmitting the input data from the output port shown.

  The relay control device according to the embodiment is a relay control device that controls a plurality of switches that relay data, and the switch includes a plurality of ports connected to other switches or terminals, and other switches or A port identifier for identifying an input port that is a port to which data is input from the terminal, a MAC address and an IP address of the transmission source terminal that is the transmission source of the data, and a MAC address of the destination terminal that is the destination of the data And a flow table in which the IP address and the port identifier of the output port that is the data output port are registered, and when the data is input to the predetermined input port from another switch or terminal, the predetermined input The port identifier of the port, and the MAC address and IP address of the transmission source terminal of the input data input to the predetermined input port; A relay unit that transmits the input data from an output port indicated by a port identifier of the output port registered in the flow table in association with a MAC address and an IP address of a destination terminal of the input data, and the relay control The apparatus includes, for each port identifier for identifying a port included in the plurality of switches, a group identifier for identifying a virtual network to which the port belongs, and a MAC address and an IP address of a terminal connected to the port, or A connection information storage unit for storing a MAC address of another switch connected to the port, a port identifier indicating a port of the predetermined switch connected to the terminal from a predetermined switch, and communication of the terminal A reception unit that receives the IP address of the destination terminal, and a port that is received by the reception unit The terminal and the communication partner terminal belong to a virtual network to which the port to which the terminal is connected and the port to which the communication partner terminal is connected belong using the IP address of the other child and the communication partner terminal. A path search unit that searches the connection information storage unit for a port identifier of a port that becomes a path when communicating with each other, and a switch having a port indicated by the port identifier searched by the route search unit. An update unit that updates the flow table of the switch by transmitting route information including an identifier, and the MAC address and IP address of the terminal and the communication partner terminal.

  The network system, the relay control device, the relay control method, and the relay control program according to the embodiment have an effect that data communication in a virtual network can be easily realized.

FIG. 1 is a diagram illustrating a physical configuration example of the network system according to the first embodiment. FIG. 2 is a diagram illustrating a logical configuration example of the network system according to the first embodiment. FIG. 3 is a block diagram illustrating a configuration example of the relay control apparatus according to the first embodiment. FIG. 4 is a diagram illustrating an example of the connection information storage unit according to the first embodiment. FIG. 5 is a diagram illustrating an example of a flow table included in the switch according to the first embodiment. FIG. 6 is a diagram illustrating an example of a flow table included in the switch according to the first embodiment. FIG. 7 is a diagram illustrating an example of a flow table included in the switch according to the first embodiment. FIG. 8 is a block diagram illustrating a configuration example of a switch according to the first embodiment. FIG. 9 is a sequence diagram illustrating a relay control procedure by the network system according to the first embodiment. FIG. 10 is a diagram illustrating a computer that executes a relay control program.

  Hereinafter, embodiments of a network system, a relay control device, a relay control method, and a relay control program according to the present invention will be described in detail with reference to the drawings. In addition, this invention is not limited by this Example.

[Network system configuration]
First, the configuration of the network system according to the first embodiment will be described with reference to FIG. FIG. 1 is a diagram illustrating a physical configuration example of the network system according to the first embodiment. As illustrated in FIG. 1, the network system N1 according to the first embodiment includes switches 10, 20 and 30, terminals M11 to M17, and a relay control device 100.

  The switches 10, 20, and 30 are relay devices that relay data transmitted and received between terminals. As illustrated in FIG. 1, the switch 10 includes network ports (hereinafter also referred to as “NW ports”) 11 to 14. The NW ports 11 to 14 transmit and receive data (packets and the like) to and from the switch 20 that is another switch and the terminals M11 to M13. Specifically, the NW port 11 is connected to the terminal M11 and transmits / receives data to / from the terminal M11. Similarly, the NW port 12 transmits / receives data to / from the terminal M12, and the terminal M13 transmits / receives data to / from the terminal M13. The NW port 14 is connected to an NW port 23 included in the switch 20 described later, and transmits / receives data to / from the NW port 23.

  The switch 20 has NW ports 21 to 24. The NW port 21 transmits / receives data to / from the terminal M14, and the NW port 22 transmits / receives data to / from the terminal M15. The NW port 23 transmits and receives data to and from the NW port 14 of the switch 10 as described above. The NW port 24 is connected to an NW port 33 included in the switch 30 described later, and transmits / receives data to / from the NW port 33.

  The switch 30 has NW ports 31 to 33. The NW port 31 transmits / receives data to / from the terminal M16, and the NW port 32 transmits / receives data to / from the terminal M17. Further, the NW port 33 transmits and receives data to and from the NW port 24 of the switch 20 as described above.

  The terminals M11 to M17 are information processing apparatuses such as PCs (Personal Computers), for example, and communicate with other terminals via the switch 10, 20 or 30. For example, the terminal M11 may communicate with the terminal M16 via the switches 10, 20, and 30.

  The relay control device 100 controls relay processing by the switches 10, 20 and 30. Here, the network system N1 according to the first embodiment can easily form a virtual network (hereinafter also referred to as “group”) under the control of the relay control apparatus 100. To do.

  For example, a network administrator of the network system N1 according to the first embodiment divides each NW port included in each switch into several groups when forming a virtual network. At this time, when a VLAN or the like is used, the network administrator needs to set a VLAN table or the like in each of the switches 10, 20 and 30. For this reason, the work cost of the network administrator increases. However, in the network system N1 according to the first embodiment, the network administrator simply registers the group information about the group to which each NW port of each switch belongs in the relay control device 100, and the group R and the network R in the network system N1. Group B can be formed.

  Specifically, the relay control apparatus 100 holds group information received from a network administrator. When the relay control apparatus 100 receives a search request for a communication path between predetermined terminals from the switch 10, 20 or 30, the NW port belonging to the same group based on the group information received from the network administrator The communication path between the terminals is determined so as to pass only through the terminal.

  Then, the relay control device 100 generates flow table information stored in a table (a flow table described later) used when the switches 10, 20 and 30 perform data relay processing using the determined communication path. At this time, the relay control apparatus 100 according to the first embodiment includes an “input port” to which data is input, a “source MAC (Media Access Control) address” of the data transmission source terminal, and a “destination” of the data destination terminal. Flow table information including a “MAC address”, a “source IP (Internet Protocol) address” of the source terminal, a “destination IP address” of the destination terminal, and an “output port” to which data is output is generated. The relay control device 100 registers the flow table information generated in this way in the switches 10, 20 and 30.

  The switches 10, 20, and 30 in the first embodiment are the “input port”, “source MAC address”, “destination MAC address”, “source IP address”, “destination IP address”, “output port”. Data is relayed based on the combination of “”. Specifically, when the switch 10 or the like receives data, the “input port” that received the data and the “source MAC address”, “destination MAC address”, “source” set in the data The “output port” corresponding to the “IP address” and the “destination IP address” is specified, and the data related to the specified output port is transmitted.

  This will be described more specifically using the example shown in FIG. In the example shown in FIG. 1, the network administrator adds a vertical line to a group to which the NW ports 11, 12, 21, and 31 to which the NW ports 11, 12, 21 and 31 belong indicated by a horizontal line (hereinafter referred to as “group R”). It is assumed that a group (hereinafter referred to as “group B”) to which the NW ports 13, 22 and 32 indicated by rectangles belong is formed. That is, when each terminal is connected to the NW port as in the example shown in FIG. 1, the terminals M11, M12, M14, and M16 are allowed to communicate with each other, and the terminals M13, M15, and M17 are allowed to communicate with each other. Communication with each other is permitted. In the first embodiment, the NW ports connecting the switches such as the NW ports 14, 23, 24, and 33 illustrated in FIG. 1 do not belong to a specific group, and any group (group R and group B) It is assumed that data can be transmitted / received also in the internal communication.

  In the case of the above example, the relay control apparatus 100 according to the first embodiment transmits group information indicating that the NW ports 11, 12, 21, and 31 belong to the group R and the NW ports 13, 22, and 32 belong to the group B. Accept from the administrator. Then, when each terminal communicates with another terminal, the relay control apparatus 100 accepts a search request for a communication path between the terminals from the switch 10, 20 or 30. For example, the relay control apparatus 100 receives a search request for a communication path between the terminals M11 and M16 from the switch 10 when the terminals M11 and M16 communicate for the first time.

  In such a case, the relay control apparatus 100 has NW ports 11 and 14 of the switch 10, NW ports 23 and 24 of the switch 20, and NW ports 30 and 30 as NW ports for transmitting and receiving data between the terminals M11 and M16. NW ports 33 and 31 are selected. At this time, since the NW port 11 to which the terminal M11 is connected and the NW port 31 to which the terminal M16 is connected belong to the group R, the relay control apparatus 100 has the terminal M11 and the terminal out of the NW ports belonging to the group R. An NW port that can communicate with M16 is selected. And the relay control apparatus 100 produces | generates the flow table information for registering to switch 10,20,30 based on the NW port selected in this way.

  Specifically, when the NW port 11 receives data addressed to the terminal M16 transmitted from the terminal M11 as the flow table information registered in the switch 10, the relay control apparatus 100 outputs the data to the NW port 14. Generate information that indicates what to do. Further, the relay control apparatus 100 includes, as flow table information registered in the switch 10, information indicating that, when the NW port 14 receives data addressed to the terminal M11 from the terminal M16, the data is output to the NW port 11. Generate.

  Further, the relay control apparatus 100 includes, as flow table information registered in the switch 20, information indicating that, when the NW port 23 receives data addressed to the terminal M16 from the terminal M11, the data is output to the NW port 24. Generate. Further, the relay control apparatus 100 includes, as flow table information registered in the switch 20, information indicating that, when the NW port 24 receives data addressed to the terminal M11 from the terminal M16, the data is output to the NW port 23. Generate.

  Further, the relay control apparatus 100 includes, as flow table information registered in the switch 30, information indicating that, when the NW port 33 receives data addressed to the terminal M16 from the terminal M11, the data is output to the NW port 31. Generate. Further, the relay control apparatus 100 includes, as flow table information registered in the switch 30, information indicating that, when the NW port 31 receives data addressed to the terminal M11 from the terminal M16, the data is output to the NW port 33. Generate.

  Then, the relay control device 100 registers the flow table information generated in this way in the switches 10, 20 and 30. Thereby, the switches 10, 20 and 30 can relay data transmitted and received between the terminal M11 and the terminal M16 using the flow table information registered by the relay control device 100.

  Similarly, the relay control apparatus 100 is used when the terminals M11 and M14 communicate first, when the terminals M12 and M16 communicate first, or when the terminals M12 and M14 communicate first. Etc., the flow table information for each switch is generated, and the generated flow table information is registered in each switch. The relay control apparatus 100 also registers the flow table information in each switch even when the terminals M13, M15, and M17 first perform mutual communication. Since the switches 10, 20, and 30 perform data relay processing according to the flow table information generated by the relay control device 100, communication between terminals that are not permitted to communicate with each other is not established. In this way, the relay control device 100 can form a group (virtual network) in the network system N1.

  In the above example, when the relay control apparatus 100 receives a search request from the switch 10 or the like, the example is shown in which the flow table information is registered in each switch. However, the present invention is not limited to this example, and the relay control apparatus 100 may register the flow table information in each switch even when the search request is not received from the switch 10 or the like. For example, the relay control device 100 registers the flow table information in each switch when the network system N1 is constructed, when a switch is added to the network system N1, or when a terminal is connected to the switch. May be.

  Here, FIG. 2 illustrates a logical configuration example of the network system N1 according to the first embodiment. 2 represents a virtual switch belonging to the group R. As physical switches, the NW ports 11 and 12 of the switch 10, the NW port 21 of the switch 20, and the NW port of the switch 30 are shown. 31 is shown. 2 indicates a virtual switch belonging to the group B. As physical switches, the NW port 13 of the switch 10, the NW port 22 of the switch 20, and the NW port of the switch 30 are used. 32. That is, in the network system N1 according to the first embodiment, as illustrated in FIG. 2, the group R in which the terminals M11, M12, M14, and M16 can communicate with each other via the switch R by the relay control device 100. And a group B in which the terminals M13, M15, and M17 can communicate with each other via the switch B is formed.

  As described above, in the network system N1 according to the first embodiment, the network administrator simply registers the group information in the relay control device 100, and the relay control device 100 performs flow table information for each switch based on the group information. To create a virtual network. Thereby, in the network system N1 according to the first embodiment, the network administrator can easily form a virtual network. For example, when forming a virtual network illustrated in FIG. 2 using a technique such as VLAN, the network administrator needs to set a VLAN table in each switch. However, in the network system N1 according to the first embodiment, the network administrator can form the virtual network illustrated in FIG. 2 simply by registering the group information in the relay control device 100.

  The numbers of switches, terminals, and NW ports described above are not limited to the example shown in FIG. For example, the network system N1 according to the first embodiment may include four or more switches, or may include six or less terminals and eight or more terminals. Each switch may have a number of NW ports different from the number illustrated in FIG. In the example illustrated in FIG. 1, an example in which a terminal is included in the network system N <b> 1 is illustrated, but the terminal may be a server or the like.

[Configuration of relay controller]
Next, the configuration of relay control apparatus 100 shown in FIG. 1 will be described using FIG. FIG. 3 is a block diagram illustrating a configuration example of the relay control apparatus 100 according to the first embodiment. As illustrated in FIG. 3, the relay control device 100 according to the first embodiment includes a connection information storage unit 110, a registration unit 121, a reception unit 122, a route search unit 123, and an update unit 124.

  The connection information storage unit 110 stores group information of each NW port included in each switch, terminal information related to a terminal or switch connected to each NW port, and the like. Specifically, the connection information storage unit 110 stores, for each port included in each switch, group information regarding a group to which the port belongs, and a MAC address and an IP address of a terminal connected to the port and other switches. .

  Here, FIG. 4 illustrates an example of the connection information storage unit 110 according to the first embodiment. In the example illustrated in FIG. 4, the connection information storage unit 110 includes items such as “switch name”, “NW port”, “group”, “MAC address”, and “IP address”.

  “Switch name” is information for identifying a switch included in the network system N1. In the example shown in FIG. 4, it is assumed that “switch name” in the connection information storage unit 110 stores information with “SW” added to the head of the reference numerals assigned to the switches shown in FIG. For example, the connection information storage unit 110 stores “SW10” as the “switch name” of the switch 10, and stores “SW20” as the “switch name” of the switch 20.

  “NW port” is information for identifying an NW port included in each switch (hereinafter, may be referred to as “port identifier”). In the example illustrated in FIG. 4, the “NW port” of the connection information storage unit 110 stores the 1's place (numerical value of the last 1 digit) of the code attached to the NW port illustrated in FIG. 1. . For example, the connection information storage unit 110 stores the port identifier “1” as “NW port” of the NW port 11 and stores the port identifier “2” as “NW port” of the NW port 12. Similarly, the connection information storage unit 110 stores the port identifier “1” as “NW port” of the NW port 21 and stores the port identifier “2” as “NW port” of the NW port 22.

  “Group” is information for identifying a group to which each NW port belongs (hereinafter, sometimes referred to as “group identifier”). In the example illustrated in FIG. 4, it is assumed that either “R” or “B” attached to the group illustrated in FIG. 1 is stored in the “group” of the connection information storage unit 110. For example, the connection information storage unit 110 stores the group identifier “R” as the “group” of the NW port 11 and the group identifier “B” as the “group” of the NW port 13. Note that “U” stored in the “group” of the connection information storage unit 110 does not indicate a specific group but indicates any group. For example, the group identifier “U” is stored in the “group” of the NW ports 14, 23, 24 and 33 connecting the switches.

  “MAC address” is the MAC address of the terminal or switch connected to each NW port. In the example shown in FIG. 4, the “MAC address” of the connection information storage unit 110 has “m” at the head of the first digit (the last one digit) of the code attached to the terminal shown in FIG. Or information with “SW” added to the head of the tens digit of the code given to the switch 10 shown in FIG. For example, the connection information storage unit 110 stores “m1” as the “MAC address” of the terminal M11, stores “m2” as the “MAC address” of the terminal M12, and “SW1” as the “MAC address” of the switch 10. Remember.

  “IP address” is the IP address of the terminal connected to each NW port. In the example shown in FIG. 4, “i” is added to the head of the first digit (the last one digit number) of the code attached to the terminal shown in FIG. 1 to the “IP address” of the connection information storage unit 110. Information is stored. For example, the connection information storage unit 110 stores “i1” as the “IP address” of the terminal M11 and stores “i2” as the “IP address” of the terminal M12.

  Among the above items, “switch name”, “NW port”, and “group” are group information registered in advance by a network administrator or the like. Further, “MAC address” and “IP address” are information that the relay control apparatus 100 receives from each switch, and are registered by the registration unit 121 described later.

  Returning to the description of FIG. 3, when the registration unit 121 receives the MAC address or IP address of the terminal or switch connected to the NW port of the switch from each switch, the registration unit 121 receives the received MAC address or IP address. Is registered in the connection information storage unit 110.

  Specifically, when each terminal included in the network system N1 links up with an NW port connected to the own apparatus, the MAC address and IP of the own apparatus (terminal) are linked to the linked up NW port. The Gratuitous ARP (Address Resolution Protocol) including the address is transmitted. Similarly, each switch included in the network system N1 has its own device (switch) MAC address for the linked up NW port when the NW port of another switch connected to the own device is linked up. Send. When each switch in the first embodiment receives a MAC address or an IP address from a terminal or another switch, the port identifier of the NW port that has received the MAC address or the IP address, the MAC address or the IP address, To the relay control device 100. At this time, the registration unit 121 of the relay control apparatus 100 registers the received MAC address or IP address in the MAC address or IP address of the connection information storage unit 110 corresponding to the port identifier received from each switch.

  For example, it is assumed that the NW port 11 of the switch 10 shown in FIG. In such a case, the terminal M11 transmits the Gratuitous ARP including the MAC address “m1” and the IP address “i1” of the terminal M11 to the NW port 11. Then, the switch 10 notifies the relay control device 100 of the MAC address “m1” and the IP address “i1” received from the terminal M11 and the port identifier “1” of the NW port 11 that has received the MAC address and the like. In this case, the registration unit 121 registers “m1” in the MAC address corresponding to the switch name “SW10” indicating the switch 10 and the NW port “1”, as in the example illustrated in FIG. Register “i1” as the IP address. In this way, the connection information storage unit 110 stores various information illustrated in FIG. 4 by registering the MAC address and the IP address by the registration unit 121.

  Returning to the description of FIG. 3, the accepting unit 122 accepts a search request for a communication path between terminals from the switch 10, 20, or 30. Specifically, the accepting unit 122 accepts from the switch 10, 20 or 30 the port identifier of the NW port connected to a predetermined terminal and the IP address of the terminal of the communication partner of the terminal.

  For example, when starting communication with the terminal M16, the terminal M11 illustrated in FIG. 1 sends an ARP request including the IP address “i6” of the terminal M16 to the switch 10 in order to obtain the MAC address of the terminal M16. To the NW port 11 of the network. At this time, the switch 10 according to the first embodiment transmits a search request for a communication path between the terminal M11 and the terminal M16 to the relay control device 100 without transferring the ARP request to each terminal. Specifically, the switch 10 transmits a search request including the port identifier “1” of the NW port 11 that has received the ARP request and the IP address “i6” of the terminal M16 to the relay control device 100. The accepting unit 122 of the relay control device 100 accepts such a search request.

  In the above example, when the switch 10 receives the ARP request and holds the IP address “i6” of the terminal M16, the switch 10 does not transmit the search request to the relay control apparatus 100. This point will be described later.

  When the search request is received by the receiving unit 122, the route search unit 123 uses the various information included in the search request and the various information stored in the connection information storage unit 110 to communicate between the terminals. Search for a route. Specifically, the route search unit 123 searches for a communication route from the NW port indicated by the “port identifier” included in the search request to the terminal indicated by the “IP address of the communication partner terminal” included in the search request. . At this time, the route search unit 123 selects the NW port so that the communication route passes through the NW port belonging to the same group.

  For example, as in the above example, it is assumed that a search request including the port identifier “1” of the NW port 11 and the IP address “i6” of the terminal M16 is received by the receiving unit 122. Also, it is assumed that the connection information storage unit 110 stores various types of information illustrated in FIG. In such a case, the route search unit 123 performs a route search from the switch 10 to the switch 30.

  Specifically, the route search unit 123 acquires that the NW port 14 of the switch 10 and the switch 20 are connected based on the record in the fourth row of the connection information storage unit 110 illustrated in FIG. . Further, the route search unit 123 acquires that the NW port 23 of the switch 20 and the switch 10 are connected based on the record in the seventh row of the connection information storage unit 110. That is, the route search unit 123 acquires that the NW port 14 of the switch 10 and the NW port 23 of the switch 20 are connected based on the records in the fourth and seventh rows of the connection information storage unit 110.

  Furthermore, the route search unit 123 acquires that the NW port 24 of the switch 20 and the switch 30 are connected based on the record in the eighth row of the connection information storage unit 110, and 11 of the connection information storage unit 110. Based on the record in the row, it is acquired that the NW port 33 of the switch 30 and the switch 20 are connected. That is, the route search unit 123 acquires that the NW port 24 of the switch 20 and the NW port 33 of the switch 30 are connected based on the records in the 8th and 11th rows of the connection information storage unit 110.

  Accordingly, the route search unit 123 is connected to the switch 20 from the NW ports 12 to 14 included in the switch 10 as a communication route from the NW port 11 to the terminal M16, and is in the group “R” or “U”. The NW port 14 can be selected. Furthermore, the route search unit 123 can select the NW port 23 of the switch 20 that is connected to the NW port 14 and is in the group “R” or “U”. Further, the route search unit 123 can select an NW port 24 that is connected to the switch 30 and is in the group “R” or “U” from the NW ports 21, 22, and 24 included in the switch 20. Furthermore, the route search unit 123 can select the NW port 33 of the switch 30 that is connected to the NW port 24 and is in the group “R” or “U”. Then, the route search unit 123 selects the NW port 31 connected to the terminal M16 having the IP address “i6” and having the group “R” or “U” from the NW ports 31 and 32 of the switch 30. Can do.

  In the above example, the route searching unit 123 is connected to the switch 20 from the NW ports 12 to 14 included in the switch 10 as a communication route from the NW port 11 to the terminal M16, and the group “R” or “U The NW port 14 is selected. Specifically, the route search unit 123 does not have an NW port connected to the terminal M16 in the switch 10 having the NW port 11, so that the other switch ( In order to search the switch 20) for an NW port connected to the terminal M16, the NW port 14 connected to the switch 20 is selected. Furthermore, since there is no NW port connected to the terminal M16 in the switch 20, the route search unit 123 has an NW port connected to the terminal M16 in another switch (switch 30) connected to the switch 20. Is selected, the NW port 24 of the switch 20 connected to the switch 30 is selected. In this manner, the route search unit 123 repeatedly performs a process of searching for other switches until reaching a switch having an NW port connected to the search destination terminal.

  The update unit 124 generates flow table information of each switch based on the communication path searched by the route search unit 123, and updates the flow table of each switch by transmitting the generated flow table information to each switch. To do. Specifically, the update unit 124 sorts each NW port selected by the route search processing by the route search unit 123 for each switch. Then, the route search unit 123 generates a flow table including the sorted ports and the MAC addresses and IP addresses of both terminals that are route search targets. At this time, the route search unit 123 generates a flow table so that the MAC address and IP address of each port and terminal are the transmission source and the destination.

  For example, in the case of the above example, the route searching unit 123 selects the NW ports 11, 14, 23, 24, 33, and 31 as the communication route from the NW port 11 to the terminal M16. In other words, the route searching unit 123 selects the NW ports 11, 14, 23, 24, 33, and 31 as the communication route from the terminal M11 connected to the NW port 11 to the terminal M16. In such a case, the updating unit 124 classifies the NW ports 11 and 14, the NW ports 23 and 24, and the NW ports 33 and 31. Then, the update unit 124 uses the input port “NW port 11”, the source MAC address “m1”, the destination MAC address “m6”, and the source IP address “i1” as the flow table information for the switch 10. , A combination of the destination IP address “i6” and the output port “NW port 14” is generated. This flow table information is displayed when the NW port 11 receives data having a source MAC address “m1”, a destination MAC address “m6”, a source IP address “i1”, and a destination IP address “i6”. 10 means outputting such data to the output port “NW port 14”.

  Furthermore, in order to enable mutual communication between the terminal M11 and the terminal M16, the updating unit 124 includes, as the flow table information for the switch 10, an input port “NW port 14”, a source MAC address “m6”, A combination of the destination MAC address “m1”, the source IP address “i6”, the destination IP address “i1”, and the output port “NW port 11” is generated. Then, the update unit 124 transmits the flow table information generated in this way to the switch 10. Similarly, the update unit 124 generates flow table information for each switch, and transmits the generated flow table information to each switch, thereby updating the flow table held by each switch.

  Here, FIGS. 5 to 7 show examples of flow tables included in the switches 10, 20, and 30 in the first embodiment. 5 illustrates an example of the flow table 10a included in the switch 10, FIG. 6 illustrates an example of the flow table 20a included in the switch 20, and FIG. 7 illustrates an example of the flow table 30a included in the switch 30. In the example illustrated in FIGS. 5 to 7, the update unit 124 generates flow table information corresponding to the communication path between the terminal M11 and the terminal M16 and the communication path between the terminal M13 and the terminal M17. An example is shown.

  “In Port” illustrated in FIGS. 5 to 7 represents an input port and corresponds to the “NW port” illustrated in FIG. “Src MAC” indicates a source MAC address and corresponds to the “MAC address” illustrated in FIG. “Dst MAC” indicates a destination MAC address and corresponds to the “MAC address” illustrated in FIG. “Src IP” indicates a source IP address, and corresponds to the “IP address” illustrated in FIG. “Dst IP” indicates a destination IP address and corresponds to the “IP address” illustrated in FIG. “Out Port” indicates an output port and corresponds to the “NW port” illustrated in FIG.

  For example, the first line of the flow table 10a illustrated in FIG. 5 shows flow table information when relaying data addressed to the terminal M16 from the terminal M11. The second line of the flow table 10a illustrated in FIG. 5 shows flow table information when relaying data addressed to the terminal M11 from the terminal M16, and the third line relays data addressed to the terminal M17 from the terminal M13. The fourth row shows the flow table information for relaying data addressed to the terminal M13 from the terminal M17.

  Similarly, the flow table 20a illustrated in FIG. 6 relays data addressed to the terminal M16 from the terminal M11, data addressed to the terminal M11 from the terminal M16, data addressed to the terminal M17 from the terminal M13, and data addressed to the terminal M13 from the terminal M17. Stores the flow table information at the time. 7 relays data addressed to the terminal M16 from the terminal M11, data addressed to the terminal M11 from the terminal M16, data addressed to the terminal M17 from the terminal M13, and data addressed to the terminal M13 from the terminal M17. Flow table information is stored.

[Switch configuration]
Next, the configuration of the switches 10, 20, and 30 shown in FIG. 1 will be described with reference to FIG. Since the switches 10, 20, and 30 have the same configuration, the configuration of the switch 10 will be described here. FIG. 8 is a block diagram illustrating a configuration example of the switch 10 according to the first embodiment. The switch 10 and the switches 20 and 30 illustrated in FIG. 8 are switches corresponding to, for example, OpenFlow. As illustrated in FIG. 8, the switch 10 includes NW ports 11 to 14, a flow table 10a, an update unit 10b, and a communication unit 10c.

  As illustrated in FIG. 1, the NW ports 11 to 14 transmit and receive data to and from other switches and terminals. In the example illustrated in FIG. 8, the NW ports 11 to 14 transmit data received from other switches and terminals to the communication unit 10c. Further, when the NW ports 11 to 14 receive data from the communication unit 10c, the NW ports 11 to 14 transmit the data to other NW ports of the connection destination.

  The flow table 10a stores an input port, a transmission source MAC address, a destination MAC address, a transmission source IP address, a destination IP address, and an output port in association with each other. For example, the flow table 10a stores various information illustrated in FIG. The flow table 10a includes five pieces of information of an input port, a source MAC address, a destination MAC address, a source IP address, and a destination IP address (hereinafter, these five pieces of information are expressed as “5 tuple”). Various types of information are stored using a combination as a key. The flow table 10a is used when data relay processing is performed by the communication unit 10c described later.

  When receiving the flow table information from the relay control device 100, the update unit 10b updates the received flow table information to the flow table 10a. Specifically, the update unit 10b updates the flow table 10a by adding the flow table information received from the relay control device 100 to the flow table 10a. At this time, if there is a record in the flow table 10a that matches all the 5-tuple information of the flow table information, the update unit 10b updates the record to the flow table information that matches the 5-tuple.

  The communication unit 10c performs transmission / reception processing of various ARP packets and relay processing of various data. Specifically, when any of the NW ports 11 to 14 is linked up, the communication unit 10c receives the Gratuitous ARP from a terminal connected to any of the linked NW ports 11 to 14. In such a case, the communication unit 10c registers the IP address and MAC address in the connection information storage unit 110 of the relay control device 100 by transmitting the IP address and MAC address of the terminal included in the Gratuitous ARP to the relay control device 100. To do.

  When the communication unit 10c receives an ARP request from a terminal connected to one of the NW ports 11 to 14, the communication unit 10c determines whether or not the MAC address included in the ARP request is stored in the flow table 10a. To do. Here, when the MAC address is stored in the flow table 10a, the communication unit 10c acquires the IP address corresponding to the MAC address from the flow table 10a, and uses the acquired IP address as the source of the ARP request. Send to a terminal. On the other hand, if the MAC address included in the ARP request is not stored in the flow table 10a, the communication unit 10c does not transfer the ARP request to each terminal, and the port identifier of the NW port that has received the ARP request The search request including the IP address of the terminal included in the ARP request is transmitted to the relay control apparatus 100.

  When the communication unit 10c receives flow table information from the relay control device 100, the communication unit 10c transfers the flow table information to the update unit 10b. Thereby, the flow table 10a is updated by the update part 10b.

  In addition, when the communication unit 10c receives data from another switch or terminal via the NW ports 11 to 14, the communication unit 10c performs relay processing of the data based on various information stored in the flow table 10a. . Specifically, when the communication unit 10c receives data, the communication unit 10c acquires “Out Port” corresponding to the five tuples of the data from the flow table 10a, and the NW port indicated by the acquired “Out Port” , Output the received data.

  For example, it is assumed that the flow table 10a stores various information illustrated in FIG. Further, it is assumed that data in which the source MAC address “m1”, the destination MAC address “m6”, the source IP address “i1”, and the destination IP address “i6” are set is received by the NW port 11. In such a case, the communication unit 10c, from the flow table 10a, reads In Port “1 (port identifier of the NW port 11)”, Src MAC “m1”, Dst MAC “m6”, Src IP “i1”, Out Port “4” corresponding to Dst IP “i6” is acquired. The communication unit 10c then outputs the received data to the NW port 14 indicated by Out Port “4”. In this way, the communication unit 10c performs data relay processing based on the 5-tuple.

[Processing procedure by network system]
Next, the procedure of relay control by the network system N1 according to the first embodiment will be described with reference to FIG. FIG. 9 is a sequence diagram illustrating a relay control procedure by the network system N1 according to the first embodiment. Here, a relay control procedure specialized for communication performed between the terminal M11 and the terminal M16 will be described. Here, it is assumed that the switches 10, 20, and 30 do not hold information in the flow table.

  As illustrated in FIG. 9, when the NW port 11 of the switch 10 is linked up, the terminal M11 connected to the NW port 11 has the Gratuitous ARP including the MAC address “m1” and the IP address “i1” of the terminal M11. Is transmitted to the NW port 11 (step S101).

  Subsequently, the switch 10 transmits the port identifier “1” of the NW port 11 that has received the Gratuitous ARP, the MAC address “m1”, and the IP address “i1” included in the Gratuitous ARP to the relay control device 100 (Step S10). S102). Thereby, the relay control device 100 sets “m1” to the MAC address of the connection information storage unit 110 corresponding to the switch name “SW10” indicating the switch 10 and the NW port “1 (port identifier of the NW port 11)”. At the same time, “i1” is registered in the IP address.

  Similarly, when the NW port 31 of the switch 30 is linked up, the terminal M16 transmits the Gratuitous ARP including the MAC address “m6” and the IP address “i6” of the terminal M16 to the NW port 31 (step S103). Subsequently, the switch 30 transmits the port identifier “1” of the NW port 11 that has received the Gratuitous ARP, the MAC address “m6”, and the IP address “i6” to the relay control device 100 (step S104). As a result, the relay control device 100 registers “m6” as the MAC address and “i6” as the IP address in the connection information storage unit 110.

  Subsequently, in the example illustrated in FIG. 9, the terminal M11 transmits an ARP request including the IP address “i6” of the terminal M16 to the NW port 11 of the switch 10 in order to start communication with the terminal M16. (Step S105). At this stage, since the switch 10 does not hold various information in the flow table 10a, the MAC address corresponding to the IP address “i6” cannot be acquired from the flow table 10a. Therefore, the switch 10 does not transfer the ARP request received from the NW port 11 to the switch 20 or the switch 30, but the port identifier “1” of the NW port that has received the ARP request and the IP address of the terminal included in the ARP request. A search request including “i6” is transmitted to the relay control apparatus 100 (step S106).

  The relay control apparatus 100 that has received the search request from the switch 10 performs a communication path search process using various information stored in the connection information storage unit 110 (step S107). And the relay control apparatus 100 produces | generates the flow table information for switch 10, the flow table information for switch 20, and the flow table information for switch 30 from the result of a search process. Then, the relay control device 100 sets the flow table information in the flow table 10a of the switch 10 by transmitting the flow table information for the switch 10 to the switch 10 (step S108). Similarly, the relay control apparatus 100 sets the flow table information in the flow table 20a of the switch 20 by transmitting the flow table information for the switch 20 to the switch 20 (step S109), and the flow table information for the switch 30. Is sent to the switch 30 to set the flow table information in the flow table 30a of the switch 30 (step S110). As a result, the switch 10, 20, and 30 are set with flow table information that enables communication between at least the terminal M11 and the terminal M16.

  And the relay control apparatus 100 performs the proxy response (Proxy ARP) which transmits a MAC address instead of the terminal M16 with respect to the ARP request | requirement in step S105 (step S111). Specifically, the relay control device 100 acquires the MAC address “m6” corresponding to the IP address “i6” included in the ARP request from the flow table 10a, and transmits the acquired MAC address “m6” to the terminal M11. To do. Thereby, the terminal M11 can acquire the MAC address of the terminal M16 of the communication partner.

  Thereafter, mutual communication is performed between the terminal M11 and the terminal M16 (step S112). At this time, the switches 10, 20 and 30 determine the data relay destination based on the 5-tuple included in the data transmitted / received between the terminal M11 and the terminal M16.

[Effect of Example 1]
As described above, in the network system N1 according to the first embodiment, each switch has a port identifier of an input port to which data is input from another switch or terminal, and a MAC of a transmission source terminal that is a transmission source of such data. It has a flow table in which an address and an IP address, a MAC address and an IP address of a destination terminal that is a destination of the data, and a port identifier of an output port that outputs the data are registered. Each switch has a port identifier of the predetermined input port and a transmission source terminal of the input data input to the predetermined input port when data is input to the predetermined input port from another switch or terminal. The port identifier of the output port registered in the flow table in association with the MAC address and IP address of the destination terminal of the input data and the output port indicated by the acquired port identifier. Send input data. That is, in the network system N1 according to the first embodiment, each switch performs data relay processing based on five tuples.

  As a result, each switch in the first embodiment can limit data transmitted and received between terminals to a specific route, and as a result, can perform data relay processing within a group that is a virtual network. . In addition, since each switch in the first embodiment does not use a technique such as VLAN, data relay processing within a group is performed with a low load without performing processing for assigning a VLAN tag or encapsulation for grouping. be able to. Further, in a network system to which VLAN is applied, there is a risk that the VLAN-ID will be exhausted because the upper limit of the number of VLAN-IDs is set. However, each switch in the first embodiment does not use VLAN-ID. The number of groups is not limited.

  For example, when a virtual machine (VM) that is a virtual terminal is included in the network system N1, for example, the same MAC address may be set in a plurality of virtual machines. This is because the MAC address of the virtual machine is defined by the virtual LAN card. When a conventional switch receives data in which MAC addresses defined redundantly in a plurality of virtual machines are set, the data may be relayed to a plurality of switches. Data to be used cannot be limited to a specific route. On the other hand, since each switch in the first embodiment performs data relay processing based on five tuples as described above, data transmitted and received between terminals can be limited to a specific route.

  Further, in the network system N1 according to the first embodiment, each switch receives an ARP request for obtaining the MAC address of the communication partner terminal and includes the IP address of the communication partner terminal. In addition, when the MAC address of the communication partner terminal is not held, the relay control apparatus 100 is notified of a search request including the port identifier of the port that has received the ARP request and the IP address included in the ARP request. .

  Thereby, the network system N1 according to the first embodiment can prevent the ARP request from being transmitted to all the terminals in the network system N1 when the ARP request is received from the terminal at the time of the link up of the NW port. Data transmission / reception between terminals that do not belong to the same group can be prevented. That is, the network system N1 can perform data relay processing within the group even when the NW port is linked up.

  In addition, the relay control device 100 according to the first embodiment has, for each port identifier of a port included in each switch, a group identifier of a group to which the port belongs and a MAC address and an IP address of a terminal connected to the port, or A connection information storage unit 110 that stores MAC addresses of other switches connected to the port is held. When the relay control apparatus 100 receives a request for searching for a communication path between terminals from a predetermined switch, the relay control apparatus 100 belongs to a group to which the port to which both terminals are connected belongs, and the communication path between the terminals. The connection information storage unit 110 is searched for the port identifier of the port to be. Then, the relay control device 100 transmits the route information including the port identifier and the MAC address and the IP address of both terminals to the switch having the port indicated by the searched port identifier, so that the flow table of the switch Update.

  Thereby, the relay control apparatus 100 according to the first embodiment can generate a flow table for realizing relay processing based on a 5-tuple by each switch. That is, in the network system N1 according to the first embodiment, the network administrator simply registers the group information regarding the group to which each NW port of each switch belongs in the relay control device 100, and then creates a desired group in the network system N1. Can be formed.

  By the way, this invention may be implemented with a various different form other than the Example mentioned above. Therefore, in the second embodiment, another embodiment of the present invention will be described.

[System configuration]
Of the processes described in the above embodiment, all or part of the processes described as being automatically performed can be performed manually, or all or all of the processes described as being performed manually can be performed. A part can be automatically performed by a known method. In addition, the processing procedures, specific names, and information including various data and parameters shown in the document and drawings can be arbitrarily changed unless otherwise specified. For example, the various information illustrated in FIGS. 4 to 7 and the like is merely an example and can be changed to arbitrary information.

  Further, each component of each illustrated apparatus is functionally conceptual, and does not necessarily need to be physically configured as illustrated. In other words, the specific form of distribution / integration of each device is not limited to that shown in the figure, and all or a part thereof may be functionally or physically distributed or arbitrarily distributed in arbitrary units according to various loads or usage conditions. Can be integrated and configured. For example, in the communication unit 10c illustrated in FIG. 8, data is input to the NW port 11 from a notification unit that notifies the relay control device 100 of a route search request when an ARP request is received from the terminal, and from a terminal or another switch. The acquisition unit acquires the port identifier of the output port corresponding to the 5-tuple set in the input data from the flow table 10a, and transmits the input data from the output port indicated by the port identifier acquired by the acquisition unit May be distributed to the transmitting unit.

[program]
It is also possible to create a program in which the processing executed by the relay control device 100 described in the above embodiment is described in a language that can be executed by a computer. For example, it is possible to create a relay control program in which processing executed by the relay control apparatus 100 according to the first embodiment is described in a language that can be executed by a computer. In this case, when the computer executes the relay control program, the same effect as in the above embodiment can be obtained. Further, the relay control program is recorded on a computer-readable recording medium, and the relay control program recorded on the recording medium is read by the computer and executed, so that the same processing as in the above embodiment can be realized. Good. Hereinafter, an example of a computer that executes a relay control program that realizes the same function as that of the relay control apparatus 100 illustrated in FIG. 3 will be described.

  FIG. 10 is a diagram illustrating a computer 1000 that executes a relay control program. As illustrated in FIG. 10, the computer 1000 includes, for example, a memory 1010, a CPU 1020, a hard disk drive interface 1030, a disk drive interface 1040, a serial port interface 1050, a video adapter 1060, and a network interface 1070. These units are connected by a bus 1080.

  As illustrated in FIG. 10, the memory 1010 includes a ROM (Read Only Memory) 1011 and a RAM (Random Access Memory) 1012. The ROM 1011 stores a boot program such as BIOS (Basic Input Output System). The hard disk drive interface 1030 is connected to the hard disk drive 1031 as illustrated in FIG. The disk drive interface 1040 is connected to the disk drive 1041 as illustrated in FIG. For example, a removable storage medium such as a magnetic disk or an optical disk is inserted into the disk drive. The serial port interface 1050 is connected to, for example, a mouse 1051 and a keyboard 1052 as illustrated in FIG. The video adapter 1060 is connected to a display 1061, for example, as illustrated in FIG.

  Here, as illustrated in FIG. 10, the hard disk drive 1031 stores, for example, an OS 1091, an application program 1092, a program module 1093, and program data 1094. That is, the relay control program is stored in, for example, the hard disk drive 1031 as a program module in which a command executed by the computer 1000 is described. For example, a registration procedure for executing information processing similar to that of the registration unit 121 illustrated in FIG. 3, a reception procedure for executing information processing similar to that of the reception unit 122 illustrated in FIG. 3, and a route search unit illustrated in FIG. The hard disk drive 1031 stores a program module 1093 in which a route search procedure for executing the same information processing as 123 and an update procedure for executing the same information processing as the updating unit 124 illustrated in FIG.

  Various data held by the relay control device 100 described in the above embodiment is stored as program data in, for example, the memory 1010 or the hard disk drive 1031. Then, the CPU 1020 reads the program module 1093 and the program data 1094 stored in the memory 1010 and the hard disk drive 1031 to the RAM 1012 as necessary, and executes a registration procedure, a reception procedure, a route search procedure, and an update procedure.

  Note that the program module 1093 and the program data 1094 related to the relay control program are not limited to being stored in the hard disk drive 1031, but are stored in, for example, a removable storage medium and read out by the CPU 1020 via the disk drive or the like. Also good. Alternatively, the program module 1093 and the program data 1094 related to the relay control program are stored in another computer connected via a network (LAN (Local Area Network), WAN (Wide Area Network), etc.), and the network interface 1070 is stored. Via the CPU 1020.

N1 network system 10, 20, 30 switch 10a flow table 10b update unit 10c communication unit 11-14, 21-24, 31-33 NW port 100 relay control device 110 connection information storage unit 121 registration unit 122 reception unit 123 route search unit 124 Update unit

Claims (5)

A network system including a plurality of switches that relay data, and a relay control device that controls the plurality of switches ,
The switch is
A plurality of ports connected to other switches or terminals;
A port identifier for identifying an input port that is a port to which data is input from another switch or terminal, a MAC address and an IP address of a transmission source terminal that is the transmission source of the data, and a destination that is a destination of the data A flow table in which a MAC address and an IP address of a terminal and a port identifier of an output port which is a port for outputting the data are registered;
When data is input to a predetermined input port from another switch or terminal, the port identifier of the predetermined input port, and the MAC address and IP address of the transmission source terminal of the input data input to the predetermined input port An acquisition unit that acquires the port identifier of the output port registered in the flow table in association with the MAC address and IP address of the destination terminal of the input data;
A transmission unit that transmits the input data from the output port indicated by the port identifier acquired by the acquisition unit ;
An acquisition request for acquiring a MAC address of a communication partner terminal that is a communication partner of a predetermined terminal, when an acquisition request including the IP address of the communication partner terminal is received from the predetermined terminal, The relay control device is notified of the port identifier of the port that has received the acquisition request and the IP address included in the acquisition request, and is included in the route information transmitted from the relay control device as a response to the acquisition request. A notification unit for transmitting the MAC address of the communication partner terminal to the predetermined terminal;
With
The relay control device
For each port identifier for identifying a port of the plurality of switches, a group identifier for identifying a virtual network to which the port belongs, and a MAC address and an IP address of a terminal connected to the port, or the port A connection information storage unit for storing MAC addresses of other switches connected to
A reception unit that receives the port identifier and the IP address of the communication partner terminal notified by the notification unit;
Using the port identifier received by the receiving unit and the IP address of the communication partner terminal, belonging to the virtual network to which the port to which the predetermined terminal is connected and the port to which the communication partner terminal is connected; A route search unit that searches the connection information storage unit for a port identifier of a port that becomes a route when the predetermined terminal and the communication partner terminal communicate with each other;
By transmitting route information including the port identifier and the MAC address and IP address of the terminal and the communication partner terminal to the switch having the port indicated by the port identifier searched by the route search unit, A network system comprising: an updating unit that updates a flow table of a switch . A relay control device that controls a plurality of switches that relay data,
The switch is
A plurality of ports connected to other switches or terminals;
A port identifier for identifying an input port that is a port to which data is input from another switch or terminal, a MAC address and an IP address of a transmission source terminal that is the transmission source of the data, and a destination that is a destination of the data A flow table in which a MAC address and an IP address of a terminal and a port identifier of an output port which is a port for outputting the data are registered;
When data is input to a predetermined input port from another switch or terminal, the port identifier of the predetermined input port, and the MAC address and IP address of the transmission source terminal of the input data input to the predetermined input port An acquisition unit that acquires the port identifier of the output port registered in the flow table in association with the MAC address and IP address of the destination terminal of the input data;
A transmission unit that transmits the input data from the output port indicated by the port identifier acquired by the acquisition unit ;
An acquisition request for acquiring a MAC address of a communication partner terminal that is a communication partner of a predetermined terminal, when an acquisition request including the IP address of the communication partner terminal is received from the predetermined terminal, The relay control device is notified of the port identifier of the port that has received the acquisition request and the IP address included in the acquisition request, and is included in the route information transmitted from the relay control device as a response to the acquisition request. A notification unit that transmits the MAC address of the communication partner terminal to the predetermined terminal ;
The relay control device
For each port identifier for identifying a port of the plurality of switches, a group identifier for identifying a virtual network to which the port belongs, and a MAC address and an IP address of a terminal connected to the port, or the port A connection information storage unit for storing MAC addresses of other switches connected to
A receiving unit that receives, from a predetermined switch, a port identifier indicating a port of the predetermined switch connected to the terminal, and an IP address of a communication partner terminal of the terminal;
Using the port identifier received by the receiving unit and the IP address of the communication partner terminal, belonging to the virtual network to which the port connected to the terminal and the port connected to the communication partner terminal belong, and A route search unit that searches the connection information storage unit for a port identifier of a port that becomes a route when the terminal and the communication partner terminal communicate with each other;
By transmitting route information including the port identifier and the MAC address and IP address of the terminal and the communication partner terminal to the switch having the port indicated by the port identifier searched by the route search unit, A relay control device comprising: an update unit that updates a flow table of a switch. A relay control method executed in a network system including a plurality of switches that relay data and a relay control device that controls the plurality of switches ,
The switch is
A plurality of ports connected to other switches or terminals;
A port identifier for identifying an input port that is a port to which data is input from another switch or terminal, a MAC address and an IP address of a transmission source terminal that is the transmission source of the data, and a destination that is a destination of the data A flow table in which a MAC address and an IP address of a terminal and a port identifier of an output port which is a port for outputting the data are registered;
When data is input to a predetermined input port from another switch or terminal, the port identifier of the predetermined input port, and the MAC address and IP address of the transmission source terminal of the input data input to the predetermined input port An acquisition step of acquiring a port identifier of an output port registered in the flow table in association with a MAC address and an IP address of a destination terminal of the input data;
A transmission step of transmitting the input data from an output port indicated by the port identifier acquired by the acquisition step ;
An acquisition request for acquiring a MAC address of a communication partner terminal that is a communication partner of a predetermined terminal, when an acquisition request including the IP address of the communication partner terminal is received from the predetermined terminal, The relay control device is notified of the port identifier of the port that has received the acquisition request and the IP address included in the acquisition request, and is included in the route information transmitted from the relay control device as a response to the acquisition request. A notification step of transmitting the MAC address of the communication partner terminal to the predetermined terminal;
Including
The relay control device
For each port identifier for identifying a port of the plurality of switches, a group identifier for identifying a virtual network to which the port belongs, and a MAC address and an IP address of a terminal connected to the port, or the port And a connection information section for storing MAC addresses of other switches connected to the
Accepting the port identifier notified by the notification step and the IP address of the communication partner terminal;
Belongs to the virtual network to which the port to which the predetermined terminal is connected and the port to which the communication partner terminal is connected, using the port identifier received by the receiving step and the IP address of the communication partner terminal; and A route search step of searching the connection information storage unit for a port identifier of a port that becomes a route when the predetermined terminal and the communication partner terminal perform communication;
By transmitting route information including the port identifier and the MAC address and IP address of the terminal and the communication partner terminal to the switch having the port indicated by the port identifier searched by the route search step, A relay control method comprising: an update step of updating a flow table of the switch . A relay control method executed by a relay control device that controls a plurality of switches that relay data,
The switch is
A plurality of ports connected to other switches or terminals;
A port identifier for identifying an input port that is a port to which data is input from another switch or terminal, a MAC address and an IP address of a transmission source terminal that is the transmission source of the data, and a destination that is a destination of the data A flow table in which a MAC address and an IP address of a terminal and a port identifier of an output port which is a port for outputting the data are registered;
When data is input to a predetermined input port from another switch or terminal, the port identifier of the predetermined input port, and the MAC address and IP address of the transmission source terminal of the input data input to the predetermined input port An acquisition unit that acquires the port identifier of the output port registered in the flow table in association with the MAC address and IP address of the destination terminal of the input data ;
A transmission unit that transmits the input data from the output port indicated by the port identifier acquired by the acquisition unit;
An acquisition request for acquiring a MAC address of a communication partner terminal that is a communication partner of a predetermined terminal, when an acquisition request including the IP address of the communication partner terminal is received from the predetermined terminal, The relay control device is notified of the port identifier of the port that has received the acquisition request and the IP address included in the acquisition request, and is included in the route information transmitted from the relay control device as a response to the acquisition request. A notification unit that transmits the MAC address of the communication partner terminal to the predetermined terminal ;
The relay control device
For each port identifier for identifying a port of the plurality of switches, a group identifier for identifying a virtual network to which the port belongs, and a MAC address and an IP address of a terminal connected to the port, or the port A connection information storage unit for storing the MAC address of other switches connected to
A receiving step of receiving a port identifier indicating a port of the predetermined switch connected to the terminal and an IP address of a communication partner terminal of the terminal from a predetermined switch;
Using the port identifier received by the receiving step and the IP address of the communication partner terminal, the port to which the terminal is connected and the virtual network to which the port to which the communication partner terminal is connected belong, and A route search step of searching from the connection information storage unit for a port identifier of a port to be a route when communication is performed between the terminal and the communication partner terminal;
By transmitting route information including the port identifier and the MAC address and IP address of the terminal and the communication partner terminal to the switch having the port indicated by the port identifier searched by the route search step, An update process for updating a flow table of a switch. A relay control program for causing a computer to function as the relay control device according to claim 2 .

Images