U.S. patent application number 15/057726 was filed with the patent office on 2016-06-23 for network system and network managing method.
This patent application is currently assigned to NEC CORPORATION. The applicant listed for this patent is Tomohiro KASE, Takahisa MASUDA, Masanori TAKASHIMA, Hiroshi UENO, Suhun YUN. Invention is credited to Tomohiro KASE, Takahisa MASUDA, Masanori TAKASHIMA, Hiroshi UENO, Suhun YUN.
Application Number | 20160182307 15/057726 |
Document ID | / |
Family ID | 45810714 |
Filed Date | 2016-06-23 |
United States Patent
Application |
20160182307 |
Kind Code |
A1 |
TAKASHIMA; Masanori ; et
al. |
June 23, 2016 |
NETWORK SYSTEM AND NETWORK MANAGING METHOD
Abstract
A controller completes the setting of a flow entry to a switch
previously before the communication of a virtual machine starts.
Specifically, the controller sets information of the virtual
machine and information of a server on which the virtual machine
operates. The controller detects the information of the server
under the switch through the switch. When the set server
information and the detected server information match to each
other, the controller sets a flow entry for a packet destined to
the virtual machine to the switch based on information of the
virtual machine on the server. After that, the virtual machine
starts communication.
Inventors: |
TAKASHIMA; Masanori; (Tokyo,
JP) ; KASE; Tomohiro; (Tokyo, JP) ; UENO;
Hiroshi; (Tokyo, JP) ; MASUDA; Takahisa;
(Tokyo, JP) ; YUN; Suhun; (Tokyo, JP) |
|
Applicant: |
Name |
City |
State |
Country |
Type |
TAKASHIMA; Masanori
KASE; Tomohiro
UENO; Hiroshi
MASUDA; Takahisa
YUN; Suhun |
Tokyo
Tokyo
Tokyo
Tokyo
Tokyo |
|
JP
JP
JP
JP
JP |
|
|
Assignee: |
NEC CORPORATION
Tokyo
JP
|
Family ID: |
45810714 |
Appl. No.: |
15/057726 |
Filed: |
March 1, 2016 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
13821932 |
Mar 8, 2013 |
9313088 |
|
|
PCT/JP2011/070333 |
Sep 7, 2011 |
|
|
|
15057726 |
|
|
|
|
Current U.S.
Class: |
709/223 |
Current CPC
Class: |
H04L 41/00 20130101;
H04L 41/12 20130101; H04L 61/10 20130101; H04L 41/0806 20130101;
H04L 45/74 20130101; H04L 47/20 20130101; G06F 2009/45595 20130101;
H04L 45/38 20130101; G06F 9/45558 20130101; H04L 49/70 20130101;
H04L 61/103 20130101 |
International
Class: |
H04L 12/24 20060101
H04L012/24; G06F 9/455 20060101 G06F009/455; H04L 12/741 20060101
H04L012/741; H04L 12/931 20060101 H04L012/931 |
Foreign Application Data
Date |
Code |
Application Number |
Sep 9, 2010 |
JP |
2010-202444 |
Claims
1. (canceled)
2. A control apparatus, comprising: a memory storing program
instructions; and a processor configured to execute the program
instructions to: receive virtual machine information from a
management apparatus, wherein the virtual machine information
includes a first location information; receive a second location
information corresponding to a virtual machine from a switch
apparatus; identify, based on the first location information and
the second location information, a packet process instruction to
process a packet addressed to the virtual machine; and send the
packet process instruction to the switch apparatus.
3. The control apparatus according to claim 2, wherein the packet
process instruction includes a packet forwarding instruction for
the switch apparatus to forward the packet.
4. The control apparatus according to claim 2, wherein the
processor is further configured to execute the program instructions
to identify the packet process instruction when the second location
information matches the first location information.
5. The control apparatus according to claim 2, wherein each of the
first location information and the second location information
represents an address of a physical server to which the virtual
machine belongs.
6. The control apparatus according to claim 2, wherein the
processor is further configured to execute the program instructions
to receive a change of the first location information from the
management apparatus.
7. The control apparatus according to claim 6, wherein the
processor is further configured to execute the program instructions
to: receive a third location information from a second switch
apparatus; identify, based on the changed first location
information and the third location information, a second packet
process instruction; and send the second packet process instruction
to the second switch apparatus.
8. A communication system, comprising: a switch apparatus
processing a packet; and a control apparatus, comprising: a memory
storing program instructions; and a processor configured to execute
the program instructions to: receive virtual machine information
from a management apparatus, wherein the virtual machine
information includes a first location information; receive a second
location information corresponding to a virtual machine from a
switch apparatus; identify, based on the first location information
and the second location information, a packet process instruction
to process a packet addressed to the virtual machine; and send the
packet process instruction to the switch apparatus.
9. The communication system according to claim 8, wherein the
packet process instruction includes a packet forwarding instruction
for the switch apparatus to forward the packet.
10. The communication system according to claim 8, wherein the
processor is further configured to execute the program instructions
to identify the instruction when the second location information
matches the first location information.
11. The communication system according to claim 8, wherein each of
the first location information and the second location information
represents an address of a physical server to which the virtual
machine belongs.
12. The communication system according to claim 8, wherein the
processor is further configured to execute the program instructions
to receive a change of the first location information from the
management apparatus.
13. The communication system according to claim 12, further
comprises a second switch apparatus processing a packet, wherein
the processor is further configured to execute the program
instructions to: receive a third location information from the
second switch apparatus; identify, based on the changed first
location information and the third location information, a second
instruction; and send the second instruction to the second switch
apparatus.
14. A communication method, comprising: receiving virtual machine
information from a management apparatus, wherein the virtual
machine information includes a first location information;
receiving a second location information according to a virtual
machine from a switch apparatus; identifying, based on the first
location information and the second location information, an
instruction to process a packet addressed to the virtual machine;
and sending the instruction to the switch apparatus.
15. The communication method according to claim 14, wherein the
packet process instruction includes a packet forwarding instruction
for the switch apparatus to forward the packet.
16. The communication method according to claim 14, further
comprises identifying the instruction when the second location
information matches the first location information.
17. The communication method according to claim 14, wherein each of
the first location information and the second location information
represents an address of a physical server to which the virtual
machine belongs.
18. The communication method according to claim 14, further
comprises receiving a change of the first location information from
the management apparatus.
19. The communication method according to claim 18, further
comprises: receiving a third location information from a second
switch apparatus; identifying, based on the changed first location
information and the third location information, a second
instruction; and sending the second instruction to the second
switch apparatus.
20. A computer readable medium configured to be executed by a
processor to perform the communication method of claim 14.
Description
CROSS REFERENCE TO RELATED APPLICATIONS
[0001] The present application is a Continuation of U.S. patent
application Ser. No. 13/821,932, filed Mar. 8, 2013, which is a
National Stage Application of PCT/JP2011/070333, filed on Sep. 7,
2011, which claims the benefit of Japanese Patent Application. No.
2010-202444 filed Sep. 9, 2010. The entire disclosures of the prior
applications are hereby incorporated by reference.
TECHNICAL FIELD
[0002] The present invention relates to a network system, and in
particular, to a network system using a CU (C: Control plane/U:
User plane) separate-type network.
BACKGROUND ART
[0003] A system in which a user plane such as a switch and a
terminal is controlled by a control plane such as an external
controller is called as a system of CU (C: Control plane/U: User
plane) separate-type architecture. A network configured on the
basis of the CU separate-type architecture is called as a CU
separate-type network.
[0004] As an example of the CU separate-type network, an OpenFlow
network using an OpenFlow technique is exemplified which controls
switches from a controller to perform a route control of the
network.
[0005] (Explanation of OpenFlow Network)
[0006] In the OpenFlow network, a controller such as an OFC
(OpenFlow Controller) manipulates a flow table of a switch such as
an OFC (OpenFlow Switch) to control the behavior of the switch. The
controller and the switch are connected through a secure
channel--in which the controller controls the switch by using a
control message compliant with an OpenFlow protocol.
[0007] Switches in the OpenFlow network configure an OpenFlow
network and are referred to as edge switches or core switches under
control of the controller. A series of transfer processes of a
packet from reception of the packet at an input side edge switch to
transmission of the packet at an output side edge switch in the
OpenFlow network is referred to as a flow.
[0008] The flow table is a table in which a flow entry is
registered that defines a predetermined processing content (action)
to be performed on the packet (communication data) that matches a
predetermined matching condition (rule).
[0009] The rule of the flow entry is distinguishable and defined
based on various combinations of any or all of a destination
address, a source address, a destination port, and a source port
included in a header region of the packet in a protocol layer. It
should be noted that the addresses described above are supposed to
include a MAC (Media Access Control) address and an IP (Internet
Protocol) address. Also, in addition to the above, information on
an ingress port can also be used as a part of the rule of the flow
entry.
[0010] The action of the flow entry indicates an action of "output
to a specific port", "discard", or "rewrite of a header". For
example, if identification information of an output port (an output
port number) is indicated for the action of the flow entry, the
switch outputs a packet to a port corresponding to the
identification information, whereas, if the identification
information of the output port is not indicated, the switch
discards the packet. Alternatively, if header information is
indicated for the action of the flow entry, the switch rewrites a
header of the packet on the basis of the header information.
[0011] The switch in the OpenFlow network performs an action
defined in the flow entry on a packet group (a packet sequence)
meeting a rule of the flow entry.
[0012] Details of the OpenFlow technique have been described in
Non-Patent Literatures 1 and 2.
[0013] When a virtual machine (VM) operates on a server under a
switch in a network system using the OpenFlow technique, the
controller is requested to receive an ARP (Address Resolution.
Protocol) request from the generated virtual machine through the
switch, every time the virtual machine is generated on the server
under the switch. Moreover, the controller is requested to identify
identification information and location information (server
information) of the virtual machine, and set a flow entry for a
packet destined to the virtual machine to the switch. For this
reason, such processes are concentrated on the controller and
therefore a large load is imposed on the controller.
[0014] For example, when tens of virtual machines operate on each
of thousands of physical servers connected to a network, tens of
thousands of to hundreds of thousands of virtual machines in total
are in the operation state. A load imposed on the controller is
enormous when the controller receives the APR request from not the
physical servers but each of the virtual machines, identifies the
identification information and location information of the virtual
machine, and sets a flow entry for a packet destined to the virtual
machine to the switch on the basis of such pieces of
information.
CITATION LIST
[0015] [Non-Patent Literature 1] "The OpenFlow Switch
Consortium"<http://www.openflowswitch.org/> [0016]
[Non-Patent Literature 2] "OpenFlow Switch Specification Version
1.0.0 (Wire Protocol 0x01) Dec. 31, 2009"
<http://www.openflowswitch.org/documents/openflow-spec-v1.0.0.pdf>
SUMMARY OF THE INVENTION
[0017] An object of the present invention is to provide a network
system in which a controller manages identification information of
a virtual machine which operates on a server under a switch and
identification information of the server and sets a flow entry to
the switch in parallel to generation of the virtual machine and an
operation of migration.
[0018] The network system according to the present invention
includes a management system configured to manage a network, a
controller configured to retain information of a server in
accordance with to a setting from the management system, and a
switch configuring the network, and configured to register a flow
entry in which a rule and an action are defined, according to a
control from the controller to uniformly control a packet as a
flow, and to execute the action of the flow entry to the packet
which matches the rule of the flow entry. The controller calculates
a communication route to the server based on the set information of
the server, and sets the flow entry for the packet destined the
server to the switch.
[0019] The controller according to the present invention includes a
storage section which retains information of a server which is set
by a management system managing a network, and a processing section
which calculates a communication route to the server based on the
set information of the server, and sets the flow entry for the
packet destined the server to a switch which configures the
network, and transfers a reception packet according to the set flow
entry.
[0020] In a network managing method according to the present
invention, a computer functioning as a controller retains
information of a server set from a management system which manages
a network. Also, the controller calculates a communication route to
the server based on the set information of the server, and sets the
flow entry for a packet destined to the server to a switch which
configures the network and transfers a reception packet according
to the set flow entry.
[0021] A program according to the present invention is a program
which makes a computer execute: retaining information of a server
set from a management system which manages a network, calculating a
communication route to the server based on the set information of
the server, and setting the flow entry for a packet destined to the
server to a switch which configures the network and transfers a
reception packet according to the set flow entry. It should, be
noted that the program according to the present invention can be
stored in a storage unit and a storage medium.
[0022] In this way, in the network system using the OpenFlow
technique, when a virtual machine is generated on a server under a
switch, a load imposed on a controller can be reduced.
BRIEF DESCRIPTION OF THE DRAWINGS
[0023] FIG. 1 is a conceptual diagram illustrating a configuration
example of a network system according to the present invention;
[0024] FIG. 2 is a diagram showing a process of checking preset
information and actually detected information in the present
invention;
[0025] FIG. 3 is a flowchart illustrating a registering process of
setting information in the present invention;
[0026] FIG. 4 is a flowchart illustrating a changing process of the
setting information in the present invention; and
[0027] FIG. 5 is a functional block diagram illustrating a
configuration example of a controller according to the present
invention.
DESCRIPTION OF EXEMPLARY EMBODIMENTS
[0028] The present invention relates to a CU separate-type network.
Here, the OpenFlow network, which is one of the CU separate-type
networks, will be described as an example. It should be noted that
the present invention is not limited to the OpenFlow network.
First Exemplary Embodiment
[0029] A first exemplary embodiment of the present invention will
be described with reference to the attached drawings.
(System Configuration)
[0030] As illustrated in FIG. 1, a network system according to the
present invention includes a management system 10, a controller
(OFC: OpenFlow controller) 20, a switch 30, servers 40, a virtual
machine (VMs) 50, and a router 60.
[0031] There may be a plurality of management systems 10, a
plurality of controller 20, a plurality of switches 30, a plurality
of servers 40, a plurality virtual Machines 50, and a plurality of
routers 60. That is, at least one management system 10, one
controller 20, one switch 30, one server 40, one virtual machine
50, and one router 60 are supposed to be present.
[0032] The management system 10 manages nodes or services in the CU
separate-type network. The management system 10 manages the
switches, the routers, and the servers. For example, the management
system 10 manages the network by using hardware and software
configurations for realizing an NMS (Network Management System) or
an EMS (Element Management System). Also, the management system 10
sets a virtual MAC address and a virtual IP address of each of the
virtual machines, and a physical MAC address of a server on which
the virtual machines operate, to the controller 20 as virtual
machine information (VM information). Here, the virtual machine
information is supposed to be set in the management system 10 in
advance.
[0033] It should be noted that the virtual MAC address, the virtual
IP address, the physical MAC address are only an example of
location information on the network. Actually, the location
information is not limited to the MAC address or IP address, but is
enough if it is information for identifying the virtual machine or
the server.
[0034] The controller 20 controls the CU separate-type network. The
controller 20 performs a route control of the switches 30 according
to setting by the management system 10. Here, it is supposed that
the controller 20 is a controller compliant with the OpenFlow
technique, and a flow entry for a packet destined to the server is
set to the switch on the basis of the physical MAC address of the
server notified from any of the switches 30.
[0035] Also, as the virtual machine information, the controller 20
retains a table in which the virtual MAC address and the virtual IP
address of each of the virtual machines and the physical MAC
address of the server on which the virtual machines operate are
related to each other, according to the settings by the management
system 10. As illustrated in FIG. 2, the controller 20 checks the
physical MAC address of the server set by the management system 10
and the physical MAC address of the server notified from the switch
30, and, if the physical MAC addresses match with each other,
relates both of them to each other. Also, the controller 20 sets a
flow entry for the packet destined to the virtual machine to the
switches 30 on the basis of the virtual MAC address and virtual IP
address of the virtual machine on the server.
[0036] Referring to FIG. 2, the controller 20 checks the physical
MAC address ("SV1 MAC" of "VM information") of the server set by
the management system 10 and the physical MAC address ("SV1 MAC" of
"Server Information") of the server notified from the switch 30.
Here, the physical MAC addresses match with each other, and
therefore the controller 20 relates the physical MAC addresses to
each other, and sets the flow entry for the packet destined to the
virtual machine to the switches 30 on the basis of the virtual MAC
address and virtual IP address ("VM1 MAC" and "VM1 IP" of "VM
information") of the virtual machine on the server.
[0037] Also, when a change of the physical MAC address of the
server on which the virtual machine operates is notified through
the setting by the management system 10, the controller 20 sets the
change of the flow entry for the packet destined to the virtual
machine to the switch 30. For example, when the switches 30 on the
current route are changed due to the change of the physical MAC
address of the server, the controller 20 deletes the flow entry,
which has been set to the switches 30 on the current route, for the
packet destined to the virtual machine, and sets the flow entry for
the packet destined to the virtual machine to switches 30
corresponding to a server after he change.
[0038] Further, when an ARP (Address Resolution Protocol) request
is sent from the virtual machine after the flow entry for the
packet destined to the virtual machine is set to the switches 30,
the controller receives the ARP request from the virtual machine
through the switches 30, and refers to the virtual MAC address and
virtual IP address of the virtual machine, which are retained as
the virtual machine information. Thus, the controller 20 sends an
ARP response to the virtual machine on the basis of relevant
information.
[0039] Each of the switches 30 performs a packet transfer in the CU
separate-type network. Here, each of the switches 30 is a switch
compliant with the OpenFlow technique, and supposed to retain a
flow table. When any of the switches 30 is connected with the
server 40 under the control of it, the switch 30 detects the
physical MAC address of the server 40 at the time of receiving the
ARP request from the server 40, and notifies the physical MAC
address of the server 40 to the controller 20. Alternatively, the
switch 30 may notify the physical MAC address of the server to the
controller 20, by receiving the ARP request inquiring the physical
MAC address of the server 40 from the controller 20, transferring
the ARP request to the server 40, and transferring the ARP response
from the server 40 to the controller 20. This is because it is
considered that the number of physical servers is small as compared
with the number of virtual servers, so that a load imposed on the
controller is only relatively small, if a process of inquiring
identification information of the physical server is only
performed. At this time, the switch 30 notifies a port number of
the switch 30 connected to the server to the controller 20 in
addition to the physical MAC address of the server, as the server
information. Thus, the controller 20 can recognize that the server
40 is under control of the switch 30.
[0040] Each of the servers 40 is a physical server under the
control of a corresponding switch 30, and provides service in the
CU separate-type network. Here, each of the servers 40 manages
corresponding virtual machines (VM) 50. The virtual machine (VM) 50
can operate on the server 40. For example, the server 40 generates
the virtual machine 50 by a virtual machine monitor (VMM) such as a
hypervisor to make the virtual machines 50 operate. It should be
noted that a role and application of the server 40 are not limited
to those in the above example.
[0041] Each of the virtual machines 50 is a virtual machine (VM)
operating on a corresponding server 40. A set of a virtual. MAC
address and a virtual IP address for each of the virtual machines
50 is one of sets of virtual MAC addresses and virtual IP addresses
of the virtual machines retained by the management system 10.
(Supplement)
[0042] In this case, the management system 10 may manage operating
statuses of all of the virtual machines, and simultaneously issue
instructions for generating the virtual machines 50 to the servers
40 and notify virtual machine information to the controller 20.
[0043] Also, when any of the servers 40 generates a virtual machine
50 to make it operate, the server 40 may directly or indirectly
notify the management system 10 of a virtual MAC address and
virtual IP address of the virtual machine 50, and a physical MAC
address thereof.
[0044] The router 60 is a relay unit that connects the switches 30
and an external network (such as the Internet). In FIG. 1, as the
router 60, an access router and a center router are illustrated.
The access router is a relay unit that connects the switches 30 and
the center router. The center router is a relay unit that connects
the access routers and the external network.
(Exemplification of Hardware)
[0045] Specific hardware examples for realizing the network system
according to the present invention will be described below.
[0046] As an example of each of the management system 10, the
controller 20, and the servers 40, a computer such as a PC
(personal computer), appliance, workstation, mainframe, and
supercomputer is exemplified. As another example of each of the
servers 40, a mobile phone, a smart phone, a smart book, a car
navigation system, a portable game machine, a home-use game
machine, a gadget (electronic device), a bidirectional television,
a digital tuner, a digital recorder, an information home appliance,
a POS (Point of Sale) terminal, an OA (Office Automation) device,
an intelligent copier, a digital signage, or the like is
exemplified. Also, each of the management system 10, controller 20,
and servers 40 may be an extension board mounted in a computer or
the like, or a virtual machine (VM) constructed on a physical
machine. The management system 10, controller 20, and servers 40
may be mounted in a moving object such as a vehicle, ship, or
airplane.
[0047] As an example of each of the switches 30, a network switch
or the like is exemplified. Also, as an example of each of the
routers 60, a general router or the like is exemplified. As another
example of each of the switches 30 and routers 60, a proxy, a
gateway, a firewall, a load balancer, a bandwidth
controller/security monitoring controller (gatekeeper), a base
station, an access point (AP), a communication satellite (CS), or a
computer having a plurality of communication ports is
exemplified.
[0048] As an example of the network connecting the management
system 10, the controller 20, the switches 30, the servers 40, and
the routers 60 to one another, a. LAN (Local Area Network) is
exemplified. As another example, the Internet, a wireless LAN, a
WAN (Wide Area Network), a backbone, a cable television (CATV)
line, a fixed phone network, a mobile phone network, the WiMAX
(IEEE 802.16a), the 3G (3rd Generation), a leased line, the IrDA
(Infrared Data Association), the Bluetooth (registered trademark),
a serial communication line, data bus, or the like is also
exemplified.
[0049] Although not illustrated, each of the management system 10,
the controller 20, the switches 30, the servers 40, and the routers
60 is realized by a processor that operates on the basis of a
program for executing a predetermined process, a memory that stores
the program and various types of data, and a communication
interface (I/F).
[0050] As an example of the above processor, a CPU (Central
Processing Unit), a microprocessor, a network processor (NP), a
microcontroller, a semiconductor integrated circuit (IC) having a
dedicated function, or the like is exemplified.
[0051] As an example of the above memory, a semiconductor storage
device such as a RAM (Random Access Memory), a ROM (Read Only
Memory), an EEPROM
[0052] (Electrically Erasable and Programmable Read Only Memory),
or a flash memory, an auxiliary storage device such as an HDD (Hard
Disk Drive) or an SSD (Solid State Drive), a removable disk such as
a. DVD (Digital Versatile Disk), a storage medium such as an SD
(Secure Digital) memory card or the like is exemplified. Further, a
buffer or a register is also exemplified. Alternatively, a storage
device using a DAS (Direct Attached. Storage), an FC-SAN (Fiber
Channel-Storage Area Network), a NAS (Network Attached Storage), an
IP-SAN (IP-Storage Area Network), or the like is also
exemplified.
[0053] As an example of the above communication interface, a
semiconductor integrated circuit such as a board (mother board or
I/O board) corresponding to network communication, a network
adaptor such as an NIC (Network Interface Card) or a similar
expansion card, a communication device such as an antenna, a
communication port such as a connecting port (connector), or the
like is exemplified.
[0054] It should be noted that an internal configuration that
realizes processing by each of the management system 10, the
controller 20, the switches 30, the servers 40, and the routers 60
may be a module, a component, or a dedicated device, or
alternatively an activating (invoking) program therefor.
[0055] It should be noted that, in practice, the present invention
is not limited to any of such examples.
(Registering Process of Setting Information)
[0056] Referring to FIG. 3, details of a registering process of
setting information in the present exemplary embodiment will be
described.
(1) Step S101
[0057] The management system 10 sets to the controller 20 as
virtual machine (VM) information, the virtual MAC address and
virtual IP address of the virtual machine 50 and the physical MAC
address of the server 40 on which the virtual machine 50
operates.
(2) Step S102
[0058] The controller 20 retains as the virtual machine
information, the virtual MAC address and virtual IP address of the
virtual machine 50 and the physical MAC address of the server 40 on
which the virtual machine 50 operates, on the basis of the settings
by the management system 10.
(3) Step S103
[0059] When any of the switches 30 is in a connection state with
the server 40 under the switch and receives the ARP request from
the server 40, the switch 30 detects the physical MAC address of
the server 40, and notifies the physical MAC address of the server
40 to the controller 20. At this time, the controller 20 sets a
flow entry for a packet destined to the server 40 to the switch 30
on the basis of the physical MAC address of the server 40 by using
the OpenFlow technique.
(4) Step S104
[0060] The controller 20 checks the retained physical MAC address
of the server and the physical MAC address of the server notified
from the switch 30, and relates the physical MAC addresses to each
other if the physical MAC addresses match to each other. Then, the
controller 20 sets to the switch 30, the flow entry for the packet
destined to the virtual machine 50 on the basis of the virtual MAC
address and virtual. IP address of the virtual machine 50 on the
server.
(5) Step S105
[0061] The server 40 generates the virtual machine 50 by a virtual
machine monitor (VMM) such as a hypervisor and makes it
operate.
(6) Step S106
[0062] After the flow entry for the packet destined to the virtual
machine 50 is set, the switch 30 receives the ARP request from the
virtual machine 50. Here, the switch 30 transfers the ARP request
from the virtual machine 50 to the controller 20.
(7) Step S107
[0063] The controller 20 receives the ARP request from the virtual
machine 50 through the switch 30, and refers to the virtual machine
information to send the ARP response back to the virtual machine
50.
(Changing Process of Setting Information)
[0064] Referring to FIG. 4, details of a changing process of
setting information in the present exemplary embodiment will be
described.
(1) Step S201
[0065] When the physical MAC address of the server on which the
virtual machine 50 operates is changed, the management system 10
again sets the virtual MAC address and virtual IP address of the
virtual machine and the physical MAC address of the server after
the change, to the controller 20 as virtual machine (VM)
information. At this time, the management system 10 may reset only
the physical MAC address of the server to the controller 20 on the
basis of content after the change.
(2) Step S202
[0066] When the change of the physical MAC address of the server 40
on which the virtual machine 50 operates, is notified on the basis
of the settings by the management system 10, the controller 20 sets
the change of the flow entry for the packet destined to the virtual
machine 50 to the switch 30.
(3) Step S203
[0067] The virtual machine 50 migrates from the server 40 by a
virtual machine (VMM) monitor such as a hypervisor.
(4) Step S204
[0068] The switch 30 corresponding to the server 40 as a migration
destination of the virtual machine 50 receives the ARP request from
the migrated virtual machine 50 after the flow entry for the packet
destined to the virtual machine 50 is set. Here, the switch 30
transfers the ARP request from the virtual machine 50 to the
controller 20.
(5) Step c'205
[0069] The controller 20 receives the ARP request from the virtual
machine 50 through the switch 30, and refers to the virtual machine
information to send the ARP response back to the virtual machine
50.
(Configuration Example of Controller)
[0070] A configuration of the controller according to the present
invention is represented as functional blocks on the basis of the
above content.
[0071] As illustrated in FIG. 5, the controller 20 according to the
present invention is provided with a storage section 21, a
detecting section 22, and a setting section 23.
[0072] The storage section 21 stores virtual machine information
set by the management system 10, i.e., the virtual MAC address and
virtual IP address of the virtual machine, and the physical MAC
address of the server with the virtual machine operating thereon.
In this case, the storage section 21 also stores the virtual MAC
address and virtual IP address of the virtual machine 50, and the
physical MAC address of the server 40 with the virtual machine 50
operating thereon.
[0073] The detecting section 22 detects the physical MAC address of
the server 40 under the switch 30, through the switch 30. Here, the
detecting section 22 detects the physical MAC address of the server
40 by receiving through the switch 30, a packet that includes the
physical MAC address of the server 40 in a source address region of
header information. In addition, the detecting section 22 may store
the detected information in the storage section 21.
[0074] The setting section 23 checks the physical MAC address of
the server set by the management system 10 and the physical MAC
address of the server 40 detected through the switch 30, and
relates the physical MAC addresses to each other, if the physical
MAC addresses match to each other, and sets to the switch 30 a flow
entry for a packet destined to the virtual machine 50 on the basis
of the virtual MAC address and virtual IP address of the virtual
machine 50 on the server 40.
[0075] The storage section 21, the detecting section 22, and the
setting section 23 are realized by a processor driven on the basis
of a program to execute a predetermined process, a memory that
stores the program and various types of data, and a communication
interface (I/F).
Second Exemplary Embodiment
[0076] In the following, a second exemplary embodiment of the
present invention will be described.
[0077] In the first exemplary embodiment of the present invention,
the switch 30 detects identification information of the server 40
under its control, and notifies the identification information of
the server 40 to the controller 20. If the identification
information of the server 40 set by the management system 10 and
the identification information of the server 40 notified from the
switch 30 match to each other, the controller 20 calculates a route
for communication with the server 40, and sets a flow entry for a
packet destined to the server 40, to the switch 30.
[0078] However, when it is previously known which server is present
under which switch, and the identification information of the
server 40 under the switch 30 is set from the management system 10
to the controller 20 as identification information of the server
40, it is not necessary for the controller 20 to check the
identification information of the server 40 set by the management
system 10 and the identification information of the server 40
notified from the switch 30. In this case, the controller 20 can
calculate the route for communication with the server 40 on the
basis of only the identification information of the server 40 set
by the management system 10 without the notification of the
identification information of the server 40 under the switch 30
from the switch 30, and can set the flow entry for the packet
destined to the server 40 to the switch 30.
<Relationship Between Exemplary Embodiments>
[0079] It should be noted that the above respective exemplary
embodiments may be carried out in combination. For example, when it
is previously known which server is present under a switch
regarding only a part of the switches, it is considered that any of
the switches under which the server is previously known is applied
with the method in the second exemplary embodiment, and a switch
under which the server is not previously known is applied with the
method in the first exemplary embodiment.
<Supplemental Notes>
[0080] Part or all of the above-described exemplary embodiments can
also be described in the following supplemental notes. However, in
practice, the present invention is not limited to any of the
following supplemental notes.
(Supplemental Note 1)
[0081] A network system includes:
[0082] a controller in which identification information of a
virtual machine, and identification information of a server on
which the virtual machine operates are set; and
[0083] a switch configured to detect identification information of
a server under the switch, and notify the identification
information of the server under the switch to the controller,
[0084] wherein, when the set identification information of the
server and the identification information of the server under the
switch notified from the switch match to each other, the controller
sets a flow entry for a packet destined to the virtual machine to
the switch based on the identification information of the virtual
machine on the server.
(Supplemental Note 2)
[0085] The network system according to Supplemental note 1, further
includes a management system configured to set the identification
information of the virtual machine and the identification
information of the server on which the virtual machine operates, to
the controller,
[0086] wherein the controller sets a changed flow entry for the
packet destined to the virtual machine to the switch, when a change
of the identification information of the server on which the
virtual machine operates, is notified from the management system
during operation of the virtual, machine.
(Supplemental Note 3)
[0087] A controller includes:
[0088] a storage part that retains identification information on a
virtual machine, and identification information on a server that
operates the virtual machine;
[0089] a detection part that, through a switch that transfers a
received packet according to a set flow entry, detects
identification information on a server under the switch; and
[0090] a setting part that, upon the detected identification
information on the server and the retained identification
information on the server matching with each other, on a basis of
the identification information on the virtual machine on the
server, sets in the switch a flow entry for a packet destined to
the virtual machine.
(Supplemental Note 4)
[0091] A network management method includes:
[0092] setting identification information of a virtual machine and
identification information of a server which the virtual machine
operates, to a controller;
[0093] detecting identification information of a server under a
switch by the controller through the switch; and
[0094] setting a flow entry for a packet destined to the virtual
machine to the switch based on the detected identification
information of the virtual machine on the server, when the set
identification information on the server and the detected
identification information of the server match to each other.
(Supplemental Note 5)
[0095] The network management method according to Supplemental note
4, further includes:
[0096] setting the identification information of the virtual
machine and the identification information of the server on which
the virtual machine operates, to the controller by a management
system; and
[0097] setting a changed flow entry for the packet destined to the
virtual machine to the switch when a change of the identification
information of the server on which the virtual machine operates, is
notified from the management system to the controller during
operation of the virtual machine.
(Supplemental Note 6)
[0098] A storage medium that stores a program which makes a
computer to execute:
[0099] retaining identification information of a virtual machine,
and identification information of a server on which the virtual
machine operates;
[0100] detecting identification information of a server under the
switch through a switch that transfers a reception packet based on
a set flow entry; and
[0101] setting a flow entry for a packet destined to the virtual
machine on the server to the switch based on the identification
information of the virtual machine on the server, when the detected
identification information of the server and the retained
identification information of the server match to each other.
<Features of the Present Invention>
[0102] As described above, the present invention targets the CU
separate-type network such as the OpenFlow network. It should be
noted that the OpenFlow network is only an example. Actually, the
present invention can also target a network in which a route
control other than "flow control using the OpenFlow technique" is
performed.
[0103] In the present invention, in parallel to the generation and
migration of a virtual machine, a flow entry is set to a switch.
That is, the setting of the flow entry to the switch is completed
prior to the start of communication of the virtual machine.
[0104] In the present invention, the identification information of
a virtual machine and the identification information of a server on
which the virtual machine operates, are set to the controller by an
external management system. The controller can grasp the
identification information of the virtual machine operating on the
server through a switch, by detecting the identification
information of the server under the switch, and by checking the
detected information with the set identification information of the
server. For this reason, it is not necessary for the controller to
inquire the identification information of the virtual machine every
time a virtual machine is generated. Accordingly, a load of the
controller is greatly reduced, as compared with a case where the
present invention is not applied.
[0105] In the above, the exemplary embodiments of the present
invention have been described in detail. However, in practice, the
present invention is not limited to any of the above-described
exemplary embodiments, and any modification without departing from
the scope of the present invention is also included in the present
invention.
[0106] It should be noted that this application claims a priority
based on Japanese Patent Application No. JP 2010-202444. The
disclosure thereof is incorporated herein by reference.
* * * * *
References