JP2016163085A - Communication device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a method that achieves stable transfer processing of packets.SOLUTION: A communication device comprises: a transfer unit that transfers packets to a transfer destination; and a function expansion unit that includes a function execution unit for executing prescribed processing to a packet group, which is a lump of a plurality of packets received from the transfer unit, a transfer processing unit for transferring the packet group having gone through the prescribed processing at the function execution unit to the transfer destination, and a transfer processing control unit for controlling the transfer unit to execute the transfer processing of a packet meeting a prescribed condition among packets belonging to a packet group which is an object to which the function execution unit executes the prescribed processing.SELECTED DRAWING: Figure 1B

Description

  The present invention relates to a communication device.

  In recent years, there has been a demand for providing various services on a network due to the widespread use of computing resources via a network typified by cloud computing and the use of multimedia on a network. Under such circumstances, in addition to the simple packet transfer function of a conventional communication device, a process for controlling a complicated process (for example, a process such as an Internet Protocol (IP) telephone) is performed on a communication device on a network. In addition, it has become common to add a function for performing packet inspection processing, processing according to various protocols, and the like.

  Japanese Patent Laying-Open No. 2006-20034 (Patent Document 1) describes a plurality of network interface modules that transmit and receive packets to and from a network line, a plurality of extension modules that provide a Web cache service, and a mutual connection between these modules. There is disclosed a packet communication node device that has a switching unit to be connected and operates integrally when a network interface module and an extension module as a plurality of transfer function units operate in cooperation.

JP 2006-20034 A

  In the case of a communication device such as a packet communication node device disclosed in Patent Document 1, a functional unit that implements a simple transfer function process (hereinafter referred to as a “transfer unit”) performs packet destination search processing and relaying. It is often realized by dedicated hardware specialized in processing of a transfer function such as processing (for example, Application Specific Integrated Circuit (ASIC)).

  In addition, a function for performing complex processing (hereinafter referred to as “additional function”), which is a function added to the simple packet transfer function of the communication device, may be implemented in a function unit different from the transfer unit. It is common. In addition, a function unit that implements such additional function processing (hereinafter referred to as a “function expansion unit”) implements both a simple transfer function and an additional function in order to reduce development costs. , May be configured to operate independently of the transfer unit. In this case, the communication device having the additional function has a plurality of function units (transfer unit and function expansion unit) that implement the transfer function.

Such a function expansion unit is often realized by a processor specialized for network processing reading an additional function processing program and a packet transfer function processing program stored in a memory.
The transfer unit and the function expansion unit have different characteristics such as the transfer performance of the transfer function executed by each transfer unit and the storage capacity of transfer information for identifying the packet to be transferred due to the difference in configuration and function to be executed.

  Furthermore, in the function expansion unit, the amount of information that identifies a group of packets that are a group of a plurality of packets to be processed by one additional function and that belongs to a series of communications is increasing. In addition, since the function expansion unit executes processing of a plurality of additional functions, more load is applied. For this reason, the transfer performance of the function expansion unit is reduced. For example, when the function expansion unit tries to transfer a large amount of packets, there is a problem that the transfer performance is insufficient and packets are lost, and the transfer processing becomes unstable. .

In order to solve the above-described problem, one of the representative communication apparatuses of the present invention changes the packet transfer process executed by the function expansion unit to be executed by the transfer unit.
The communication device transfers a packet execution group for executing a predetermined process to a packet group that is a group of a plurality of packets received from the transfer unit, and a packet group for which the predetermined process has been executed by the function execution unit to a transfer destination. A transfer processing control unit for controlling the transfer unit to execute a transfer process of a packet under a predetermined condition among packets belonging to a packet group for which the function execution unit executes a predetermined process; A function expansion unit having

  According to the present invention, stable packet transfer processing is realized. Problems, configurations, and effects other than those described above will be clarified by the following description of embodiments.

It is an example of the figure explaining the outline | summary of the operation | movement which changes the operation subject of a transfer process. It is an example of the figure explaining the outline | summary of the operation | movement which changes the operation subject of a transfer process. It is an example of the apparatus block diagram of a communication apparatus. It is an example of a statistics table. It is an example of a dynamic transfer control table. It is an example of a threshold value management table. It is an example of a transfer table. It is an example of a transfer process control table. It is an example of a transfer process table. It is an example of a sequence diagram showing a flow of threshold setting. It is an example of a screen image of a threshold management screen displayed by the management server. It is an example of a screen image of a threshold management screen displayed by the management server. It is an example of the flowchart showing operation | movement of a transfer process control part. It is an example of the flowchart showing operation | movement of a transfer process control part. It is an example of a sequence diagram showing a series of operations of an entry setting request. It is an example of a sequence diagram showing a series of operations of an entry deletion request. It is an example of a transfer process control table. It is an example of the flowchart showing operation | movement of the dynamic transfer control part of a basic control part. It is an example of the flowchart showing the operation | movement at the time of a communication apparatus receiving a packet.

  FIG. 1A and FIG. 1B are examples of diagrams for explaining an outline of an operation for changing an operation subject of packet transfer processing according to the present embodiment. The communication device 1 includes a transfer unit 30 that executes packet transfer processing, processing of a predetermined additional function that is complicated processing in addition to the transfer processing (for example, processing for controlling a session such as an IP phone, inspection of a packet, etc. And a function expansion unit 40 that executes processes according to various protocols) (FIG. 1A). That is, the communication device 1 is a device in which the transfer unit 30 and the function expansion unit 40 transfer a packet on the network, and the function expansion unit 40 executes processing of a predetermined additional function on the packet.

  The transfer unit 30 is a group of a plurality of packets to be subjected to transfer processing, and transmits / receives a packet group for identifying belonging to a specific packet type, such as an IP phone packet or a packet including moving image data, via the network. Transfer Interfaces (I / F) 36 and 37, a transfer engine 31 that is a transfer execution unit that executes a transfer process of a packet group received by the transfer unit 30, and a transfer that is referred to when the transfer engine 31 executes the transfer process Table 32 and transfer control table group 70 are connected to the function expansion unit 40, and the in-device communication I / F 39 that performs control communication for controlling the transfer unit 30 or the function expansion unit 40, and the function expansion unit 40 and the packet group are transmitted and received. A transfer I / F 38.

  The information indicating the packet group includes, for example, a protocol number “6” indicating that the packet belongs to an IP phone that is a specific communication when the received packets are packets related to an IP phone such as including voice data. This protocol number is information indicating the IP telephone packet group. The information indicating the packet group is not limited to the protocol number as long as it is information indicating that each of the plurality of received packets belongs to a specific communication.

  The transfer table 32 is a static area 329 set by an administrator (maintenance person, user) or the like before the operation of the communication apparatus 1 is started, and is dynamically set by a function expansion unit 40 or the like after the operation is started. Packet group identification information for identifying the received packet group (for example, the transmission source of the packet group is used as transfer unit transfer target information for identifying the packet group for which the transfer unit 30 executes the transfer process. Source address to identify, destination address to identify the destination of the packet group, protocol number to identify the protocol that the packet group conforms to, and transfer destination (other communication device or communication device) through which the packet group is transferred 1 is stored in association (stored, recorded, registered) with transfer destination information (for example, next hop, etc.) for identifying the function extension unit 40 in 1.

  When receiving the packet group, the transfer engine 31 searches the packet group identification information in order from the dynamic area 328 to the static area 329 of the transfer table 32, and obtains the packet group identification information that matches the information included in the packet group. The received packet group is transferred to the corresponding transfer destination information.

In FIG. 1A, packet group identification information: “protocol number“ 6 ”” and transfer destination information “function expansion unit” are stored in a static area 329 of the transfer table 32 in advance, while a packet is stored in the dynamic area 328. Group identification information or the like is not stored, and the transfer engine 31 indicates that “if the received packet group protocol number is“ 6 ”, it is transferred to the function expansion unit 40”.
The transfer control table group 70 includes information for specifying a transfer destination for each packet belonging to the packet group, such as a routing table (route information table) and a media access control (MAC) table.

  The function expansion unit 40 includes a user communication I / F 43 that transmits / receives a packet group to / from the transfer unit 30, an additional function execution unit 53 that performs processing of an additional function on the packet group received by the function expansion unit 40, and an additional function Information (hereinafter referred to as “additional function target identification information”) for identifying a packet group (hereinafter referred to as “additional function execution target packet group”) for which the execution unit 53 executes processing of the additional function is stored. A transfer processing control table 56 that performs the transfer processing of packets belonging to the packet group (hereinafter referred to as “additional function executed packet group”) for which the additional function execution unit 53 has executed the processing of the additional function. 50, the transfer processing table 51 that is referred to when the transfer processing unit 50 executes the transfer processing, the transfer processing control table 56, and the transfer processing table 51. A transfer processing control unit 54 to change the transfer function unit for executing, connected to the transfer unit 30, and a device in the communication I / F 44 for controlling communication for controlling the transfer unit 30 or the function expansion unit 40.

  The transfer process control table 56 includes additional function target identification information (for example, a transmission source address, a transmission destination address, a protocol number, and the like) and a transfer in which the additional function execution unit 53 performs a transfer process of packets belonging to the additional function executed packet group. Stored in association with information (hereinafter referred to as “transfer function unit specifying information”) for specifying a function unit (transfer unit 30 or function expansion unit 40). When the function expansion unit 40 receives the additional function execution target packet group, each information is stored in the transfer processing control table 56 by the transfer processing control unit 54.

  The transfer processing table 51 is information (transfer packet group identification information) that identifies a target packet group for which the function expansion unit 40 executes the transfer processing, among the additional function target identification information stored in the transfer processing control table 56 (function Extended portion transfer target information) is stored as packet group identification information corresponding to this information, and the packet group identification information and transfer destination information are stored in association with each other. In the transfer processing table 51, each information is stored by the transfer processing control unit 54 after the transfer processing control table 56 is created.

  In FIG. 1A, after the function expansion unit 40 receives the packet with the protocol number “6” from AA to BB, additional function target information in the transfer processing control table 56: “protocol number“ 6 ”from AA to BB” Information and transfer function part specifying information: “function extension part” is created, and after receiving the packet of “CC to DD protocol number“ 6 ””, additional function target information: “CC to DD protocol number” This is an example in which information indicating “6” and transfer function part specifying information: “function extension part” are created. Further, after the transfer process control table 56 is created, the packet group identification information of the transfer process table 51: information indicating “AA to BB protocol number“ 6 ””, transfer destination information: “EE”, and packet group identification information: This is an example in which “CC to DD protocol number“ 6 ”” and transfer destination information: “FF” are created corresponding to each transfer function part specifying information in the transfer processing control table 56.

  When the function expansion unit 40 receives a packet group that matches the additional function target information after creating the transfer process control table 56, that is, the additional function execution target packet group, it searches the transfer process table 51 and includes it in the packet group. The received packet group is transferred to the transfer destination information corresponding to the packet group identification information that matches the received information, and the transfer processing unit 50 executes the transfer process.

  When the additional function execution unit 53 operates as a session control unit that controls a session such as an IP phone, the reception of a packet that triggers storage in the transfer processing control table 56 is a session establishment request packet that requests session establishment. Is receiving. Here, a session is a connection relationship required for performing a series of communications in call control such as an IP phone. In addition, when the additional function execution unit 53 operates as a deep packet inspection (DPI) processing unit that executes processing for inspecting a packet, reception of a packet that triggers storage in the transfer processing control table 56 is performed in advance by an administrator. For example, a packet belonging to the type of the packet to be inspected set in the function expansion unit 40 is received.

  In the case of reception of a session establishment request packet, the function expansion unit 40 does not transfer the received session establishment request packet to another apparatus, but in the case of reception of a packet belonging to the type of packet to be inspected, The extension unit 40 transfers a packet belonging to the type of the received packet to be inspected to another device.

  In FIG. 1B, the transfer function control unit 54 sets the transfer function part information of the transfer process control table 56 for the additional function object information satisfying a predetermined selection condition among the additional function object information stored in the transfer process control table 56. FIG. 10 is a diagram for explaining the flow of operations for updating and storing the additional function target information in the transfer processing control table 56 in the dynamic area 328 of the transfer table 32 of the transfer unit 30 as packet group identification information of the transfer unit transfer target information. .

  The predetermined selection condition is whether or not the received packet is a packet belonging to the additional function execution target packet group for which information has been stored (registered) in the transfer processing control table 56. Specifically, it is a packet received after receiving a packet requesting to be registered as an additional function execution target packet group or after the function expansion unit 40 has received a predetermined number of packets belonging to the packet group. Or the packet received by the function expansion unit 40 at an arbitrary position among the packets belonging to the packet group, or the additional function target information is already stored in the transfer processing control table 56 and includes the processing load status of the function expansion unit 40 It is a situation, a priority set for each packet group, identification information of a specific packet group (for example, a specific user), a time determined by a scheduler, or the like. The selection conditions are stored in the function expansion unit 40, for example.

  The transfer processing control unit 54 satisfies the predetermined selection condition among the additional function target information stored in the transfer processing control table 56 (for example, the processing load of the function expansion unit 40 exceeds a predetermined threshold value). The transfer function part information of the selected additional function object information is changed from “function expansion part” to “transfer part”, and the packet of the transfer processing table 51 corresponding to the additional function object information whose transfer function part information is changed The group identification information and the transfer destination information are transmitted to the transfer unit 30 via the in-device communication I / F 44.

  The transfer unit 30 that has received the packet group identification information and transfer destination information via the in-device communication I / F 39 transfers the received packet group identification information and transfer destination information to the dynamic area 328 of the transfer table 32. Information is stored as packet group identification information and transfer destination information. After that, when receiving the packet group, the forwarding engine 31 searches the packet group identification information in the order of the dynamic area 328 to the static area 329 in the forwarding table 32, and matches the information included in the received packet group. The received packet group is transferred to the transfer destination information corresponding to the packet group identification information stored in the general area 328.

  In FIG. 1B, the transfer processing control unit 54 changes the additional function target information in the transfer processing control table 56: the transfer function unit information of information indicating “CC protocol number“ 6 ”from CC to DD” from “function expansion unit” to “ Changed to “transfer section”, and changed additional function target information: packet group identification information of transfer processing table 51 corresponding to information indicating “CC to DD protocol number“ 6 ””: “CC to DD protocol number” “6” ”and transfer destination information:“ FF ”are transmitted to the transfer unit 30, and the transfer unit 30 stores the packet group identification information of the transfer unit transfer target information:“ CC ”in the dynamic area 328 of the transfer table 32. When the transfer engine 31 receives the packet group of the protocol number “6” from the CC to the DD after storing the protocol number “6” ”and the transfer destination information“ FF ”. Another information: transferring the packets received in the transfer destination information "FF" corresponding to the "protocol ID" 6 "to the DD from CC".

  As a result, the function expansion unit 40 recognizes in the transfer processing control table 56 that the packet group of “CC to DD protocol number“ 6 ”” is the additional function execution target packet group, and the transfer engine. The packet group of “CC to DD protocol number“ 6 ”” transferred to the function expansion unit 40 at 31 is transferred to the transfer destination information “FF” without being transferred to the function expansion unit 40. . That is, the function expansion unit 40 moves the packet group identification information of the transfer processing table 51 to the transfer table 32 of the transfer unit 30 and executes the “CC to DD protocol number“ 6 ”executed by the transfer processing unit 50. Is changed so that the transfer unit 30 executes the transfer process of the packet group.

  Therefore, as a result of changing part of the transfer processing executed by the function expansion unit 40 to be executed by the transfer unit 30, the processing load on the function expansion unit 40 is reduced, and packet loss in the function expansion unit 40 is prevented. The transfer process provided by the communication device 1 is stabilized.

  Further, the function expansion unit 40 deletes the packet group identification information and the transfer destination information moved to the transfer table 32 of the transfer unit 30 from the transfer table 32 and adds them to the transfer processing table 51, so that the function expansion unit 40 again The transfer processing unit 50 is changed so as to execute the transfer process. In other words, the transfer unit 30 deletes the transfer unit transfer target information stored in the dynamic area 328 of the transfer table 32, and again transfers the packet group to the function expansion unit 40 according to the transfer unit transfer target information in the static area 329. Then, the transfer processing unit 50 of the function expansion unit 40 executes the transfer process and transfers it to the transfer destination.

  Specifically, the function expanding unit 40 moves to the transfer table 32 of the transfer unit 30 and performs the transfer process of the packet group “protocol number“ 6 ”from CC to DD” executed by the transfer engine 31. The transfer processing unit 50 is changed to execute.

Hereinafter, the present embodiment will be specifically described.
FIG. 2 is an example of a device configuration diagram of the communication device of this embodiment.
The communication device 1 is connected to the communication terminal 3 and the management server 2, and controls sessions such as the Internet and various servers (servers that provide a video sharing service, an electronic commerce service, a cloud service, and an IP phone) via the communication network 4. Connected to the server.

In the communication device 1, one or a plurality of other devices (such as a switch and a router) may be connected between the management server 2, the communication terminal 3, and the communication network 4. The communication device 1 may be connected to a plurality of communication terminals 3. For example, the communication terminal 3 is disposed in the home of a user who is a subscriber such as an IP phone, and is connected to a computer or a telephone used by the user.
The management server 2 provides a management screen for determining the operation of the transfer processing control unit 54 of the communication device 1 to the administrator of the communication device 1. Further, the communication device 1 may have a function of providing a management screen, and may be configured such that a terminal that operates the management screen is connected instead of the management server 2.

The communication device 1 includes a basic control unit 10, a transfer unit 30, a function expansion unit 40, a core I / F 61, and a subscriber I / F 60.
The core I / F 61 is a network interface that has a port (not shown) connected to the transfer unit 30 and a port (not shown) connected to the communication network 4 and transmits / receives a packet group to / from the communication network 4. The subscriber I / F 60 is a network interface that has a port (not shown) connected to the transfer unit 30 and a port (not shown) connected to the communication terminal 3, and transmits / receives a packet group to / from the communication terminal 3. .

  Note that the basic control unit 10, the transfer unit 30, and the function expansion unit 40 may be arranged in one module card, or each of them is a separate module card (for example, the basic control unit 10 has a basic control module card and a transfer unit). 30 may be a transfer module card, and the function expansion unit 40 may be disposed in a function expansion module card (service module card) as a service module unit.

  Further, the communication apparatus 1 may have a configuration including a basic control module card in which the basic control unit 10 is disposed and a transfer module card in which the transfer unit 30 and the function expansion unit 40 are disposed. Further, the communication device 1 may include a plurality of basic control units 10, a plurality of transfer units 30, and a plurality of function expansion units 40. In addition, one function expansion unit 40 may execute processing of the packet transfer function and a plurality of additional functions. The transfer unit 30 and each I / F (core I / F 61 and / or subscriber I / F 60) may be arranged in one module card. That is, the transfer unit 30 may have a function of each I / F.

  In addition, one function expansion unit 40 executes processing of a packet transfer function and one additional function, and a plurality of function expansion units 40 are mounted on the communication device 1 to execute processing of a plurality of additional functions. Also good. Further, the module card having the basic control unit 10, the transfer unit 30, and the function expansion unit 40 may be configured to be insertable / removable with respect to the communication device 1.

  When the communication device 1 receives a packet via the core I / F 61 or the subscriber I / F 60, the transfer unit 30 reaches the transfer destination (various servers, the communication terminal 3, or the function expansion unit 40, etc.). In addition, the destination address or the like of the header part or the internal header part of the received packet is changed, and the changed packet is transmitted via the I / F (core I / F 61 or subscriber I / F 60) corresponding to the transfer destination. Execute the transfer process. In addition, when the communication device 1 receives a packet from the transfer unit 30 at the function expansion unit 40, the communication device 1 executes processing of the additional function on the received packet so as to reach a transfer destination (such as various servers or the communication terminal 3). Change the destination address of the received packet header or internal header, etc., via the transfer unit 30 and change via the I / F (core I / F 61 or subscriber I / F 60) corresponding to the transfer destination The transfer process for transmitting the packet is executed.

  The basic control unit 10 includes a central processing unit (CPU) 12, a memory 11, a management I / F 13, and an in-device communication I / F 14, which are connected to each other. The basic control unit 10 is connected to the management server 2 via the management I / F 13 and is connected to the transfer unit 30 and the function expansion unit 40 via the in-device communication I / F 14. The management I / F 13 has a port (not shown) connected to the management server 2, and the in-device communication I / F 14 has a port (not shown) connected to the transfer unit 30 and the function expansion unit 40.

  The memory 11 stores (stores) a dynamic transfer control unit 20, a threshold management unit 21, a statistics management unit 22, a dynamic transfer control table 23, a threshold management table 24, and a statistics table 25. Further, the CPU 12 loads and executes (processes) the program stored in the memory 11 to realize each functional unit of the basic control unit 10 such as the dynamic transfer control unit 20.

  The dynamic transfer control unit 20 controls the transfer process executed by the transfer unit 30 and changes the transfer unit 30 to execute a part of the transfer process executed by the function expansion unit 40. The dynamic transfer control unit 20 is also referred to as a transfer unit transfer control unit. The dynamic transfer control unit 20 receives and receives an addition request for requesting that the packet group identification information of the function expansion unit 40 be added to the transfer unit 30 from the function expansion unit 40 via the intra-device communication I / F 14. The added request is transmitted to the transfer unit 30 to request addition of the packet group identification information of the function expansion unit 40.

  Further, the dynamic transfer control unit 20 deletes the packet group identification information of the added function expansion unit 40 executed by the transfer unit 30 from the transfer unit 30 from the function expansion unit 40 via the intra-device communication I / F 14. The request for deletion is received, the received deletion request is transmitted to the transfer unit 30, and a request is made to delete the packet group identification information of the added function expansion unit 40 executed by the transfer unit 30. The detailed operation of the dynamic transfer control unit 20 will be described later with reference to FIG.

  The threshold management unit 21 is used when monitoring the processing load status of the function expansion unit 40 and manages the threshold set in the function expansion unit 40. The threshold management unit 21 stores (writes) the threshold received from the management server 2 in the threshold management table 24. The threshold management unit 21 updates and manages the threshold management table 24. By storing the threshold management unit 21 in the threshold management table 24, the basic control unit 10 manages the threshold for the processing of the additional function performed by the function expansion unit 40. Detailed operation of the threshold management unit 21 will be described later with reference to FIG.

  The statistics management unit 22 manages the statistical information of the packet group transferred by the transfer unit 30. The statistics management unit 22 acquires the statistical information of the packet group transferred by the transfer unit 30 from the transfer unit 30 via the intra-device communication I / F 14. The statistical information includes information such as an entry identifier (entry identification (ID)) for identifying a packet group transferred by the transfer unit 30 and a bandwidth amount (used bandwidth amount) used by the transferred packet group.

  The statistical management unit 22 stores (writes) the statistical information acquired from the transfer unit 30 in the statistical table 25. The statistics management unit 22 updates and manages the statistics table 25. Further, when receiving a statistical acquisition request for requesting statistical information from the function expansion unit 40 via the in-device communication I / F 14, the statistical management unit 22 reads the statistical information with reference to the statistical table 25, and reads the read statistical information Is transmitted to the function expansion unit 40 via the in-device communication I / F 14.

The statistical control unit 22 writes the statistical information of the transfer unit 30 in the statistical table 25 so that the basic control unit 10 manages the statistical information of the packet group transferred by the transfer unit 30.
The statistical table 25 is a table that stores information related to statistical information of the packet group transferred by the transfer unit 30. The statistics management unit 22 manages the statistics table 25. A configuration example of the statistical table 25 will be described later with reference to FIG.

The dynamic transfer control table 23 is a table that is set in the transfer unit 30 and stores information related to a transfer destination of transfer processing executed by the transfer unit 30, and packet group identification information that identifies a packet group transferred by the transfer unit 30 This is a table for storing transfer destination information in association with each other. The dynamic transfer control table 23 indicates the storage status of packet group identification information and transfer destination information, which are information related to transfer destinations stored in the transfer table 32 described later. The dynamic transfer control unit 20 stores each piece of information in the dynamic transfer control table 23 and updates and manages the dynamic transfer control table 23. A configuration example of the dynamic transfer control table 23 will be described later with reference to FIG.
The threshold management table 24 is a table that stores information related to thresholds set in the function expansion unit 40. The threshold management unit 21 manages the threshold management table 24. A configuration example of the threshold management table 24 will be described later with reference to FIG.

The transfer unit 30 includes a transfer engine 31, a transfer table 32, a memory 33, a CPU 35, an in-device communication I / F 39, and transfer I / Fs 36, 37, and 38 connected to the transfer engine 31.
The transfer unit 30 includes a core I / F 61 via the transfer I / F 36, a subscriber I / F 60 via the transfer I / F 37, a function expansion unit 40 via the transfer I / F 38, and an in-device communication I / F. The basic control unit 10 and the function expansion unit 40 are connected via F39. The transfer I / F 36 has a port (not shown) connected to the core I / F 61, and the transfer I / F 37 has a port (not shown) connected to the subscriber I / F 60. F38 has a port (not shown) connected to the function expansion unit 40, and the in-device communication I / F 39 has a port (not shown) connected to the basic control unit 10 and the function expansion unit 40.

  The memory 33 stores (stores) the transfer engine control unit 34. Further, the CPU 35 loads and executes (processes) a program stored in the memory 33, thereby realizing each functional unit of the transfer unit 30 such as the transfer engine control unit 34. The transfer engine 31 is realized by designing with an integrated circuit such as an ASIC or a field-programmable gate array (FPGA), for example. The transfer table 32 is stored (recorded) in a content addressable memory (CAM) or the like. Alternatively, the transfer engine 31 and the transfer table 32 are realized by FPGA.

  The transfer engine control unit 34 controls the operation of the transfer engine 31. The transfer engine control unit 34 stores each information in the transfer table 32 and updates and manages the transfer table 32. The transfer engine control unit 34 receives the addition request from the basic control unit 10 and adds (registers) packet group identification information and transfer destination information included in the received addition request to the transfer table 32. The transfer engine control unit 34 adds the packet group identification information and the transfer destination information to the transfer table 32, so that the transfer unit 30 refers to the transfer table 32, identifies the packet group to be transferred, and transfers the packet. Execute the process.

  In addition, the transfer engine control unit 34 receives a deletion request from the basic control unit 10 and deletes information matching the packet group identification information and the transfer destination information included in the received deletion request from the transfer table 32. The transfer engine control unit 34 deletes the packet group identification information and the transfer destination information from the transfer table 32, so that the transfer of the packet group that matches the packet group identification information of the deleted transfer table 32, which has been executed by the transfer unit 30. Cancel processing.

  The transfer engine 31 receives a packet group from the function expansion unit 40, the core I / F 61, or the subscriber I / F 60 via the transfer I / Fs 36 to 38, and refers to the transfer table 32 for the received packet group. Forward. Each packet belonging to the received packet group includes information such as a transmission source address, a transmission destination address, and a protocol number. A packet belonging to the received packet group may include a transmission source port that identifies a transmission source port of the packet and a transmission destination port that identifies a transmission destination port of the packet. In addition, each piece of information stored in the communication device 1 may correspond to each piece of information included in the received packet.

  When receiving the packet group, the transfer engine 31 refers to the transfer table 32 and compares the information included in each packet belonging to the received packet group with the packet group identification information of the transfer table 32. As a result of the comparison, the transfer engine 31 specifies the transfer destination from the transfer destination information corresponding to the matching packet group identification information. The transfer engine 31 transfers, for example, a change of the destination address of the packet header part or the internal header part to the packet belonging to the received packet group so that the received packet group reaches the specified transfer destination. The processing necessary for processing is performed, and the group of packets subjected to the necessary processing is transmitted to the function expansion unit 40, the core I / F 61, or the subscriber I / F 60 via the transfer I / F 36 to 38 and received. Transfer packets.

  In addition, the transfer engine 31 records the statistical information of the transferred packet group in a statistical information storage unit (not shown) in the transfer unit 30. As described above, the transfer engine 31 appropriately rewrites information included in each of the packets belonging to the received packet group, transmits the rewritten packet group to the destination indicated by the rewritten information, and transfers the packet group.

  The transfer table 32 stores transfer unit transfer target information (packet group identification information and transfer destination information) that is information related to transfer of the packet group received by the transfer unit 30 and is referred to when the transfer engine 31 transfers the packet group. It is a table to do. The transfer table 32 may store not only information related to transfer but also information on processing other than transfer processing such as discard processing. A configuration example of the transfer table 32 will be described later with reference to FIG.

  In addition, the transfer unit 30 includes a transfer control table group 70 that stores (has) information for controlling transfer processing of a packet received for each packet. As a result of searching the transfer table 32, the transfer engine 31 specifies a transfer destination of a packet that does not match the transfer table 32 with reference to the transfer control table group, and transfers the packet to the specified transfer destination.

The function expansion unit 40 includes a memory 41, a network processor 42, a user communication I / F 43, and an in-device communication I / F 44, which are connected to each other. The network processor 42 is a system-on-a-chip (SoC) integrated circuit specialized for network processing, but may be a general-purpose CPU.
The function expansion unit 40 is connected to the transfer unit 30 via the user communication I / F 43 and is connected to the basic control unit 10 and the transfer unit 30 via the in-device communication I / F 44. The user communication I / F 43 has a port (not shown) connected to the transfer unit 30, and the in-device communication I / F 44 has a port (not shown) connected to the basic control unit 10 and the transfer unit 30. .

  The memory 41 stores (stores) a transfer processing unit 50, an additional function execution unit 53, a transfer processing control unit 54, a dynamic transfer control setting unit 55, a transfer processing table 51, a total table 52, and a transfer processing control table 56. Further, the network processor 42 loads and executes (processes) a program stored in the memory 41, whereby each function (transfer processing unit 50, additional function execution unit 53, transfer processing control unit) of the function expansion unit 40. 54, dynamic transfer control setting unit 55, etc.).

  The additional function execution unit 53 executes processing of the additional function for the packet group transferred by the communication device 1. The additional function execution unit 53 refers to the transfer process control table 56 and identifies a packet group to be subjected to processing of the additional function. Moreover, the additional function execution part 53 may be provided in the function expansion part 40 for every function to add. For example, when the additional function provided by the function expansion unit 40 is an IP telephone function, the additional function execution unit 53 controls a process for controlling a session such as an IP telephone (hereinafter referred to as “session control process”). A session control unit to be executed.

  When the additional function provided by the function expansion unit 40 is a function of DPI (Deep Packet Inspection) processing for inspecting a packet, the additional function execution unit 53 performs processing for inspecting the packet (hereinafter referred to as “inspection processing”). .) To execute the DPI processing unit. In this embodiment, the additional function execution unit 53 executes processing of two additional functions, that is, a session control process as a session control unit and a DPI process as a DPI processing unit. Further, the additional function execution unit 53 transmits a registration request for requesting registration of the additional function execution target packet group to the transfer processing control unit 54, and transmits a deletion request for requesting deletion of the registered packet group.

  The transfer processing unit 50 is a packet group received by the function expansion unit 40, and executes transfer processing of packets belonging to the additional function executed packet group with reference to the transfer processing table 51. The transfer processing unit 50 refers to the transfer processing table 51 and compares information included in each packet belonging to the additional function executed packet group with the packet group identification information of the transfer processing table 51. As a result of the comparison, the transfer processing unit 50 specifies a transfer destination corresponding to the matching packet group identification information. The transfer processing unit 50 performs processing necessary for the transfer process on the packet group that has been subjected to the additional function so that the packet group reaches the specified transfer destination, and transmits the packet to the transfer unit 30 via the user communication I / F 43. The additional function executed packet group is transferred.

  Further, the transfer processing unit 50 stores (records) the statistical information of the transferred packet group in the statistical table 52. The transfer processing unit 50 updates and manages the statistics table 52. As described above, the transfer processing unit 50 appropriately rewrites the information included in the packet belonging to the additional function executed packet group, and transmits the rewritten packet group to the destination indicated by the rewritten information. Transfer the flock.

  The transfer process control unit 54 updates and manages the transfer process table 51 and the transfer process control table 56. The transfer process control unit 54 stores the additional function target information and the transfer function unit specifying information in the transfer process control table 56, and then stores the packet group identification information and the transfer destination information in the transfer process table 51 corresponding to the transfer function unit specifying information. Is stored. Specifically, the transfer processing control unit 54 stores the additional function target information included in the registration request received from the additional function executing unit 53 in the transfer processing control table 56 and performs transfer processing on the transfer function unit specifying information. Stores information for identifying a functional unit.

  Further, the transfer process control unit 54 refers to the information for identifying the transfer function unit stored in the transfer function unit specifying information of the transfer process control table 56, and after the additional function execution unit 53 executes the process of the additional function, The transfer function unit (transfer unit 30 or function expansion unit 40) for transferring the packet group of the first packet is specified.

  The transfer processing control unit 54 stores the additional function target information as packet group identification information in the transfer processing table 51 when the information indicating the “function expansion unit” is stored in the transfer function unit identification information, and packet group identification Stores transfer destination information corresponding to the information. Further, the transfer processing control unit 54 deletes the packet group identification information and the transfer destination information from the transfer processing table 51 according to the deletion request received from the additional function executing unit 53, and transfers the additional function target information and the transfer from the transfer processing control table 56. Delete the functional unit identification information.

  Further, control is performed to change the information stored in the transfer function unit specifying information and change the transfer function unit that transfers a packet group that matches the stored additional function target information. That is, the transfer processing control unit 54 determines a transfer function unit that transfers a packet belonging to the packet group received by the function expansion unit 40 and belongs to the additional function executed packet group, and changes (switches) the transfer function unit. Take control.

  The transfer processing control unit 54 transmits an addition request to the dynamic transfer control setting unit 55 to request that the transfer engine 31 of the transfer unit 30 execute the transfer process executed by the transfer processing unit 50. It should be noted that changing the transfer process executed by the transfer processing unit 50 to be executed by the transfer engine 31 of the transfer unit 30 means that “the transfer process executed by the function expansion unit 40 (transfer processing unit 50) is executed by the function expansion unit 40”. To the transfer unit 30 (consignment, move) ". In addition, the transfer processing control unit 54 transmits a deletion request to the dynamic transfer control setting unit 55, and stops the transfer processing added (changed) from the function expansion unit 40 executed by the transfer unit 30. Request that.

  The additional function executed packet group is a packet group that matches each information stored in the additional function target information of the transfer processing control table 56. For packets belonging to the additional function executed packet group, after the transfer processing executed by the function expansion unit 40 is changed to be executed by the transfer unit 30, the transfer unit 30 does not pass through the function expansion unit 40. Contains packets that are forwarded to

  Further, the transfer processing control unit 54 receives a threshold value to be set in the function expansion unit 40 from the basic control unit 10 via the in-device communication I / F 44, and the received threshold value is stored in the threshold storage unit (see FIG. (Not shown) is stored (held). The flow until the transfer processing control unit 54 holds the threshold value by setting the threshold value from the administrator will be described with reference to FIG.

  The dynamic transfer control setting unit 55 requests the basic control unit 10 to change the operation of the transfer unit 30 (the transfer unit 30 executes and cancels the transfer process executed by the function expansion unit 40). . When the dynamic transfer control setting unit 55 receives the addition request from the transfer processing control unit 54, the dynamic transfer control setting unit 55 transmits the received addition request to the basic control unit 10. When the dynamic transfer control setting unit 55 receives a deletion request from the transfer processing control unit 54, the dynamic transfer control setting unit 55 transmits the received deletion request to the basic control unit 10. Note that the function of the dynamic transfer control setting unit 55 may be included in the transfer processing control unit 54.

  The transfer process control table 56 stores the additional function target information, the transfer function unit specifying information, the information about the threshold value, and the time when the additional function target information is stored. A configuration example of the transfer processing control table 56 will be described later with reference to FIG.

  The transfer processing table 51 stores information (packet group identification information and transfer destination information) related to the transfer of the packet group received by the function expansion unit 40, and is referred to when the transfer processing unit 50 transfers the packet group. . A configuration example of the transfer processing table 51 will be described later with reference to FIG.

  The statistical table 52 is a table having the same configuration as the statistical table 25 included in the basic control unit 10, and an entry ID for identifying a packet group transferred by the function expansion unit 40 and a packet group identified by this entry ID are used. It is a table having each element of the used bandwidth amount, which is information on the bandwidth amount (packet group amount that has passed through the function expansion unit 40). The entry ID of the statistical table 52 is information for identifying a packet group transferred by the function expansion unit 40, and stores the same value as the entry ID 511 of the transfer processing table 51 of FIG.

  FIG. 3 is an example of the statistics table 25 of the basic control unit 10. The statistics table 25 is information on the bandwidth used by the packet group identified by the entry ID 251 and the entry ID 251 (the amount of the packet group that has passed through the transfer unit 30) that is information identifying the packet group transferred by the transfer unit 30. It is a table that includes each element of a certain bandwidth usage 252 and includes a record identified by an entry ID 251. Each piece of information in the statistics table 25 is stored by the statistics management unit 22.

FIG. 4 is an example of the dynamic transfer control table 23 of the basic control unit 10. The dynamic transfer control table 23 includes an entry ID 231 that is information for identifying a packet group transferred by the transfer unit 30, a transmission source address 232, a transmission destination address 233, a protocol number 234, and transfer destination information that are packet group identification information. It is a table that includes each element of a certain next hop 237 and includes a record identified by an entry ID 231. The entry ID 231 stores the same value as the entry ID 251 of the statistical table 25 in FIG.
When a plurality of transfer units 30 are connected to the basic control unit 10 via the in-device communication I / F 14, the dynamic transfer control table 23 is created for each of the plurality of transfer units 30.

  FIG. 5 is an example of the threshold management table 24 of the basic control unit 10. The threshold management table 24 is a table having elements of a processing type 241, a threshold type 242, a threshold unit 243, and a threshold 244. The process type 241 is information for identifying the process type of the additional function executed by the function expansion unit 40 on the packet group. The threshold type 242 is information for identifying a threshold type corresponding to the processing type 241. The threshold unit 243 is a threshold unit corresponding to the threshold type 242. The threshold value 244 is a threshold value set in the function expansion unit 40. Each information of the threshold management table 24 is stored by the threshold management unit 21.

  In the example of FIG. 5, the threshold value 244 is assigned to each processing type 241, but the threshold value 244 can be assigned more flexibly. For example, according to the transmission source address of the received packet group, information that further identifies the processing type 241 may be included, and a different threshold value 244 may be assigned even within the same processing type 241. Note that the processing type 241, threshold type 242, threshold unit 243, and threshold value 244 shown in FIG. 5 are examples, and if the processing status of the function expansion unit 40 is monitored, other processing types, threshold types, It may be a threshold unit or a threshold.

  FIG. 6 is an example of the transfer table 32 of the transfer unit 30. The transfer table 32 includes a dynamic area 328 and a static area 329 for storing transfer unit transfer target information, and an entry ID 321 that is information for identifying a packet group transferred by the transfer unit 30, and packet group identification information A source address 322, a destination address 323, a protocol number 234, and a next hop 327 that is transfer destination information, and includes a record identified by an entry ID 321. The entry ID 321 of the dynamic area 328 stores the same value as the entry ID 251 of the statistical table 25 of FIG.

  In the static region 329, additional function target identification information is included as packet transfer unit identification information (source address 322, destination address 323, protocol number 234) as transfer unit transfer target information (packet group identification information and transfer destination information). The transfer destination “function expansion unit” of the packet group identified by the additional function target identification information is stored in the transfer destination information (next hop 327). Each piece of information in the static area 329 is set by an administrator of the communication apparatus 1 before the operation of the communication apparatus 1 is started. Further, the function expansion unit 40 may transmit the additional function target identification information, and the additional function target identification information received by the transfer unit 30 may be set in the static area 329.

  In the example of FIG. 6, additional function target identification information that is information for identifying a packet group of an IP telephone to be processed as the session control unit by the additional function execution unit 53 is used as transfer unit transfer target information in the static area 329. The protocol number “6” is stored in the protocol number 324 of the packet group identification information, and the entry ID 321 “99” in which “function expansion unit” is stored in the next hop 327 is set in advance as the transfer destination.

  Further, the source address “203.133.100.112” of the additional function target identification information, which is information for identifying a packet group to be processed by the DPI processing executed by the additional function execution unit 53 as the DPI processing unit, is a packet. An entry ID 321 “100”, which is stored in the transmission source address 322 of the group identification information and the “function expansion unit” is set in the next hop 327 as the transfer destination, is set in advance.

  The transfer processing table 51 that is dynamically transmitted from the function expansion unit 40 to the transfer unit transfer target information (packet group identification information and transfer destination information) in the dynamic area 328 by dynamic control by the basic control unit 10. Packet group identification information and forwarding destination information are stored. That is, each information of the dynamic transfer control table 23 of FIG. 4 is set in the dynamic area 328.

  Immediately after the operation of the communication apparatus 1 is started, each piece of information is stored in the static area 329, but no piece of information is stored in the dynamic area 328. Since each information is stored in the dynamic area 328 according to the processing status of the communication apparatus 1 after the operation is started, information that is desired to be controlled during the operation is stored as needed, rather than the static area 329. Therefore, the transfer unit transfer target information stored in the dynamic area 328 is set to have a higher priority of the search order when the transfer engine 31 searches the transfer table 32 than that of the static area 329. .

  Specifically, when the transfer engine 31 receives a packet, the information included in the received packet (hereinafter referred to as “received packet information”) and the packet in the dynamic area 328 having a high priority in the transfer table 32. The group identification information is compared, and the matched packet is transferred to the transfer destination stored in the next hop 327 corresponding to the matched packet group identification information.

  When the packet group identification information that matches the received packet information does not exist in the dynamic area 328, the transfer engine 31 compares the received packet information with the packet group identification information in the static area 329 and matches (hits) the packet information. The packet is transferred to the transfer destination stored in the next hop 327 corresponding to the matched packet group identification information.

  If the received packet information does not match the packet group identification information in the static area 329, the transfer engine 31 searches the transfer control table group 70 and transfers this packet to the transfer destination. Note that the method is not limited as long as the search order of the transfer unit transfer target information stored in the dynamic area 328 has a higher priority than that of the static area 329.

In the example of FIG. 6, an entry is added to the dynamic area 328 of the transfer table 32 under the control of the basic control unit 10, and among the packet groups received by the transfer engine 31, the static area 329 is hit and the function expansion unit The packet group of the IP telephone having the protocol number “6” transferred to 40 hits the dynamic area 328 and is transferred to the next hop 327 of the hit entry. That is, the IP telephone packet group transferred to the transfer destination via the function expansion unit 40 is transferred to the transfer destination without passing through the function expansion unit 40.
As described above, the forwarding table 32 plays a role of a filter function or a Quality of Service (QoS) function with respect to the forwarding process of the received packet group.

FIG. 7 is an example of the transfer processing control table 56-A of the function expansion unit 40. The transfer process control table 56 -A is created corresponding to the session control unit 53.
The transfer processing control table 56-A includes an entry ID 561 that is information for identifying a packet group processed by the session control unit 53, a transmission source address 562, a transmission destination address 563, a protocol number 564, which are additional function target identification information, The table includes a session duration 567, a transfer function part 568 as transfer function part specifying information, and an entry registration time 569, and includes a record identified by an entry ID 561.

  The session duration 567 is information regarding a threshold set in the function expansion unit 40. As for the session duration time 567, a threshold stored in the transfer process control unit 54 is stored by the transfer process control unit 54.

  The transfer function unit 568 is information that designates a transfer function unit (transfer unit 30 or function expansion unit 40) that transfers the additional function executed packet group processed by the session control unit 53. The transfer function unit 568 is stored by the transfer processing control unit 54. When the transfer processing control unit 54 receives a registration request packet, “function expansion unit” or “transfer unit” is stored in the transfer function unit 568 according to the setting of a predetermined selection condition by the administrator. . For example, when the selection condition is “whether a packet requesting registration as an additional function execution target packet group is received”, the transfer function unit 568 stores “transfer unit”.

  When the selection condition is “whether the processing load of the function expansion unit 40 exceeds a predetermined threshold”, the transfer function unit 568 stores “function expansion unit”. In addition, the transfer processing control unit 54 changes the value “transfer unit” (“function expansion unit”) of the transfer function unit 568 to “function expansion unit” (transfer unit), and transfers the transfer unit 30 (function expansion unit 40). Is controlled so that the transfer unit 30 (function expansion unit) executes the transfer process executed by.

  The entry registration time 569 is information related to the time when the additional function target identification information is stored. The entry registration time 569 acquires and stores the time in the communication device 1 managed by the time management unit (not shown) of the communication device 1 when the transfer processing control unit 54 stores the additional function target identification information. .

FIG. 8 is an example of the transfer processing table 51 of the function expansion unit 40.
The transfer processing table 51 includes an entry ID 511 that is information for identifying a packet group transferred by the transfer processing unit 50, a transmission source address 512, a transmission destination address 513, a protocol number 514, and transfer destination information that are packet group identification information. It is a table that includes each element of a certain next hop 517 and includes a record identified by an entry ID 511.
Each piece of information in the transfer processing table 51 is stored by the transfer processing control unit 54.

Here, the relationship between the transfer table 32 in FIG. 6, the transfer process table 51 in FIG. 8, and the transfer process control table 56-A in FIG. 7 will be described.
Each entry of the transfer processing control table 56-A is registered (stored) in the transfer table 32 or the transfer processing table 51 of the transfer function unit (transfer unit 30 or function expansion unit 40) designated by the transfer function unit 568, respectively. The

  That is, in the examples of FIGS. 6, 8, and 7, the transfer processing units 13178 with the entry IDs 561 of “1” and “4” in FIG. 7 are both “function expansion units”. Each information (source address 562 to protocol number 564) is registered in entry ID 511 “1” in FIG. 8, and each entry ID 561 in “4” is registered in entry ID 511 “4” in FIG. .

  Further, since both the transfer processing units 13178 with the entry IDs 561 of “2” and “3” in FIG. 7 are “transfer units”, each piece of information with the entry ID 561 of “2” is “2” of the entry ID 321 of FIG. In addition, each piece of information whose entry ID 561 is “3” is registered in “3” of the entry ID 321 in FIG. In addition, what is necessary is just to store the information acquired by the known means as the information of the next hop 327 of FIG. 6, and the next hop 517 of FIG. A series of this registration flow will be described with reference to FIG.

  FIG. 16 is an example of a flowchart showing an operation when the communication device 1 receives a packet. An example will be described in which an IP telephone session is registered in the communication device 1, the function expansion unit 40 executes a process of transferring a packet belonging to the session, and the session is deleted from the communication device 1.

  Outline of operation for changing so that transfer function executed by function expansion unit 40 and transfer process executed by function expansion unit 40 is executed by function expansion unit 40 for a packet group on the network received by communication device 1 Will be explained.

  When the communication device 1 receives a packet from the communication network 4 or the communication terminal 3 (S400), the transfer engine 31 refers to the high priority dynamic area 328 of the transfer table 32 and is included in the received packet. Compares the information (source address, destination address, protocol number, etc.) with each entry in the dynamic area 328 with high priority in the forwarding table 32, and whether there is an entry that matches the information contained in the received packet Determination is made (S401).

  If there is a matching entry (YES in S401), the transfer engine 31 specifies the next hop 327 of the entry and transfers the received packet to the transfer destination without passing through the function expansion unit 40 (S402). If there is no matching entry (NO in S401), the transfer engine 31 refers to the static area 329 and determines whether there is an entry that matches the information included in the received packet (S403).

  If there is a matching entry (YES in S403), the transfer engine 31 specifies the next hop 327 of the entry and transfers the received packet to the function expansion unit 40 that is the transfer destination (S404).

When the received packet is a packet related to an IP phone, since the packet is related to session control processed in the session control process executed by the function expansion unit 40, the transfer engine 31 transfers the received packet related to the IP phone to the function expansion unit 40. Forward to.
Packets relating to IP telephones include packets relating to session control and packets including voice data.

  If there is no matching entry (NO in S403), the transfer engine 31 refers to the transfer control table group, searches for an entry that matches information contained in each packet belonging to the received packet group, and matches the received packet. The entry is transferred to the transfer destination (S405). Thereafter, the process returns to S400.

  The received packet is a call request packet for requesting a call from the telephone connected to the communication terminal 3 to the destination telephone or the like, or a call from the active telephone to the destination telephone. If the packet is a disconnection request packet that requests disconnection, the outgoing request packet or the disconnection request packet is addressed to a session control server (not shown) that is a server that controls the establishment and disconnection of a session such as an IP phone. No transfer destination is stored in the transfer table 32 because it is not a packet belonging to the additional function execution target packet group. Therefore, the transfer engine 31 searches the transfer control table group and transfers the received call request packet or disconnection request packet to the session control server that is the transfer destination (S405).

  Upon receiving the packet, the function expansion unit 40 receives a packet (target registration request packet) that the session control unit 53 requests to register as an additional function execution target packet group, that is, a session control process session from the session control server. It is determined whether the packet is a session establishment request packet that requests establishment control (S406). The session establishment request includes information such as a transmission source address, a transmission destination address, and a protocol number that specify a session that requests establishment.

  If the received packet is a target registration request packet (session establishment request packet) (YES in S406), the session control unit 53 controls (controls) the packet requested by the target registration request packet (session establishment request packet). A registration request (session registration request) for requesting registration of information for identifying a session (session information as additional function target identification information) is transmitted to the transfer processing control unit 54 (S407).

  Upon receiving the registration request, the transfer processing control unit 54 stores the information requested for registration (session information) in the transfer processing control table 56-A according to the registration request, and stores “function expansion unit” in the transfer function unit 568. (S408). Further, the transfer process control unit 54 corresponds to the session information stored in the transfer process control table 56-A, and transfers information (transfer packet group identification information) for identifying the packet group transferred by the transfer process unit 50 to the transfer process table 51. (S412). Thereafter, the process returns to step S400.

By step S408, the session control unit 53 can identify the additional function execution target packet group and execute the processing of the additional function. For this reason, the fact that the transfer process control unit 54 stores the additional function target information, which is information requested to be registered, in the transfer process control table 56 is also expressed as “additional function execution unit 53 has executed the process of the additional function”. To do.
In step S412, a packet group to be subjected to transfer processing executed by the transfer processing unit 50 is identified, and the transfer processing is executed.

  If the received packet is not a target registration request packet (NO in S406), the session control unit 53 requests that the received packet delete information registered as an additional function execution target packet group (target deletion request packet). That is, it is determined whether the packet is a session disconnection request packet requesting session disconnection control related to the session control processing from the session control server (S409). The session disconnection request includes information such as a transmission source address, a transmission destination address, and a protocol number that specify a session that requests disconnection.

  When the received packet is a target deletion request packet (session disconnection request packet) (YES in S409), the session control unit 53 controls (controls) the packet requested by the target deletion request packet (session disconnection request packet). A deletion request (session deletion request) requesting deletion of the session information (session information) is transmitted to the transfer processing control unit 54 (S410).

  The transfer processing control unit 54 that has received the deletion request deletes the transfer packet group identification information corresponding to the information (session information) requested to be deleted from the transfer processing table 51 in accordance with the deletion request (S413). The session information is deleted from 56-A (S411). Thereafter, the process returns to step S400.

  In step S413, the transfer processing in the transfer processing unit 50 for the packet group that matches the information deleted from the transfer processing table 51 is stopped. Further, in step S411, the processing of the additional function in the session control unit 53 for the packet group matching the information deleted from the transfer processing control table 56-A is stopped.

  When the received packet is not a target deletion request packet (NO in S409), the session control unit 53 transmits the received packet to the transfer processing unit 50, and the transfer processing unit 50 that has received the packet stores the transfer processing table 51 in the transfer processing table 51. By referring to the packet, the packet is transferred to the transfer destination via the transfer unit 30 (S414). Thereafter, the process returns to step S400.

  When the received packet is a packet including voice data of the IP phone, the transfer processing unit 50 refers to the transfer processing table 51 and transfers the packet to the transfer destination via the transfer unit 30 (S414). The communication device 1 executes the packet group transfer process by repeatedly executing Steps S400 to S414.

  In this way, a session such as an IP phone to be processed in the session control process executed by the communication apparatus 1 is registered, a packet transfer path is set, and a packet transfer process is performed. The packet transfer path to be set may be a logical path.

  The session establishment request packet and the session disconnection request packet are collectively referred to as a session control request packet that requests control related to the session, and session establishment control and session disconnection control are collectively referred to as session control. This is called session control.

  Next, an operation of changing the transfer process executed by the function expansion unit 40 so that the transfer unit 30 executes the transfer process will be described using the example described with reference to FIG.

  The function expansion unit 40 changes the transfer unit 30 to execute the IP telephone packet group transfer process executed by the function expansion unit 40 according to the selection condition. Specifically, for the IP phone packet group that is the additional function execution target packet group executed by the session control unit 53 of the function expansion unit 40, the static area 329 of the transfer table 32 of the transfer unit 30 includes the IP phone. The information for identifying the packet group and the transfer destination “function expansion unit” are stored. However, the communication apparatus 1 does not execute session control until the session establishment request packet is received from the session control server and the session information is stored in the transfer processing control table 56-A by the transfer processing control unit 54. The transfer packet group identification information is not stored in the transfer processing table 51 of the function expansion unit 40.

  When the transfer process control unit 54 stores the session information in the transfer process control table 56-A, the IP telephone packet group that matches the stored session information is recognized as a packet group controlled by the session control unit 53. Then, the transfer processing control unit 54 stores transfer packet group identification information corresponding to the session information in the transfer processing table 51, and the transfer processing unit 50 of the function expansion unit 40 executes the transfer processing of the IP telephone packet group. The transfer processing of packets belonging to the IP telephone packet group recognized by the session control unit 53 is changed from the function expansion unit 40 to the transfer unit 30 according to the selection condition.

  The transfer process control unit 54 stores the session information in the transfer process control table 56-A, stores the “function expansion unit” in the transfer function unit 568, and then enters the entry in the transfer process control table 56-A identified by the entry ID 561. Among them, an entry to be added to the transfer table 32 of the transfer unit 30 is selected according to a selection condition set by the administrator. The communication apparatus 1 adds a part of the entry of the transfer process control table 56-A of the function expansion unit 40 to the transfer table 32 of the transfer unit 30 to thereby execute a part of the transfer process executed by the function expansion unit 40. Is changed to be executed by the transfer unit 30.

  The function expansion unit 40 receives a packet group having a high priority in a packet group transfer process executed by the function expansion unit 40, which is a selection condition, a packet group that matches the identification information, or at a specific time. The packet group transfer process is changed to the transfer unit 30. In the present embodiment, a case of a processing situation including a processing load situation of the function expansion unit 40 will be described as a selection condition.

  The transfer processing control unit 54 changes the transfer function unit 568 of the entry selected according to the selection condition (for example, an entry with a large processing load of the function expansion unit 40) from “function expansion unit” to “transfer unit”, and performs dynamic transfer. An entry setting request that is an addition request for requesting the control setting unit 55 to add the selected entry to the transfer unit 30 is transmitted to the basic control unit 10.

  In the basic control unit 10 that has received the entry setting request, the dynamic transfer control unit 20 requests the entry setting request to the dynamic area 328 of the transfer table 32 of the transfer unit 30 with reference to the dynamic transfer control table 23. Determine whether information to be added can be added. If it can be added, the dynamic transfer control unit 20 transmits an entry setting request to the transfer unit 30 to control the operation of the transfer unit 30.

  In the transfer unit 30 that has received the entry setting request, the transfer engine control unit 34 adds the entry setting request information to the entry in the dynamic area 328 of the transfer table 32. When the next packet group is received after the addition, the forwarding engine control unit 34 searches the forwarding table 32, and selects a packet group that matches the entry added to the dynamic area 328 as the next hop that is the forwarding destination of the forwarding table 32. Transfer according to H.327.

  As a result, the function expansion unit 40 controls the session information of the IP phone, but changes the transfer processing of the packets belonging to the IP phone packet group to be controlled by the transfer unit 30. For example, since the function expansion unit 40 controls session information of a certain user A, the function expansion unit 40 recognizes that the user A is using an IP phone. The transfer process is executed by the transfer unit 30 and is not executed by the function expansion unit 40. Therefore, the packet group of the IP phone of user A, which has been transferred via the function expansion unit 40, is not transferred from the transfer unit 30 to the function expansion unit 40, but is transferred to the IP phone packet group by the transfer unit 30. It is transferred to the user B who is a call destination.

  Therefore, a part of the session information stored in the transfer processing control table 56-A and controlled by the function expansion unit 40 is selected as a packet group to be changed, and the operation of the transfer table 32 of the transfer unit 30 is selected. By adding to the specific area 328, the transfer unit 30 is changed so that a part of the transfer process executed by the function expansion unit 40 is executed.

  Then, the processing load of the function expansion unit 40 is reduced, packet loss at the function expansion unit 40 is prevented, and the transfer processing provided by the communication device 1 is stabilized. For example, in the case of an IP phone, the communication apparatus 1 provides a high-quality voice to the call destination because the transfer process is stable, making it difficult to hang up the phone.

  The function expansion unit 40 is a deletion request that requests the basic control unit 10 to delete the entry added to the dynamic area 328 of the transfer table 32 of the transfer unit 30 according to the processing status of the function expansion unit 40. An entry deletion request is sent to stop execution of the changed transfer process. In other words, the communication device 1 adds an entry for identifying a packet group to be subjected to the transfer process executed by the function expansion unit 40 added to the dynamic area 328 of the transfer table 32 of the transfer unit 30 in the transfer table 32. By deleting from the dynamic area 328, the transfer processing of the deleted entry in the transfer unit 30 is stopped.

  In this way, the communication device 1 distributes the transfer processing executed by the function expansion unit 40 to the transfer unit 30 according to a predetermined selection condition, and solves the shortage of transfer performance of the function expansion unit 40 to perform stable transfer processing. Realize.

  FIG. 9 is an example of a sequence diagram showing a flow of threshold setting.

The management server 2 receives a setting start operation for setting a threshold value for the communication device 1 from the administrator (S1301).
The management server 2 that has received the setting start operation transmits a screen display request for requesting display of a screen for setting a threshold value to the threshold value management unit 21 of the basic control unit 10 of the communication device 1 via the management I / F 13. (S1302).

  The threshold management unit 21 that has received the screen display request refers to the process type 241, threshold type 242, and threshold unit 243 of the threshold management table 24, acquires the process type, threshold type, and threshold unit, and acquires the acquired process type and threshold. The type and the threshold unit are transmitted to the management server 2 via the management I / F 13 (S1303).

  In the example of FIG. 5, the threshold management unit 21 of the basic control unit 10 sets “session control” and “DPI processing” as processing types, “session connection time” and “bandwidth” as threshold types, and “threshold units” as “threshold units”. Seconds "and" bps "are transmitted. However, the present embodiment is not limited to these.

The management server 2 that has received the process type, threshold type, and threshold unit displays a threshold management screen based on the received process type, threshold type, and threshold unit (S1304).
The management server 2 receives a threshold value input operation for receiving a selection of a processing type for setting a threshold value via the processing type selection unit 82 and an input of a threshold value via the threshold value input unit 84 from the administrator (S1305). The management server 2 that has received the threshold value input operation transmits the selected processing type and the input threshold value to the threshold value management unit 21 of the communication device 1 (S1306).

  The threshold value management unit 21 that has received the process type and the threshold value refers to the threshold value management table 24, searches for an entry that matches the received process type and the process type 241 in the threshold value management table 24, and receives it in the threshold value 244 of the matching entry. The threshold value thus written is written (S1307). Thereafter, the threshold management unit 21 transmits the received threshold value to the transfer processing control unit 54 of the function expansion unit 40 via the intra-device communication I / F 14 and the intra-device communication I / F 44 (S1308). The transfer processing control unit 54 that has received the threshold holds the received threshold (S1309).

10A and 10B are examples of screen images of the threshold management screen 80 displayed by the management server 2.
The threshold management screen 80 is a screen that receives a setting (input) of a new threshold from the administrator and manages the threshold set in the communication device 1, and is a screen displayed in, for example, step S1304 in FIG. .

  The administrator sets the threshold value of the communication device 1 via the threshold value management screen 80. The management server 2 displays a process type selection display section (process type selection display object) 82 that is a process type selection box for accepting selection of a process type for which the administrator wants to set a threshold value from the process types received from the communication device 1. It is displayed on the threshold value management screen 80 together with a process type display section (process type display object) 81 for displaying “process type”.

  The process type selection unit 82 is configured as a pull-down menu (pull-down list), and the administrator selects one process type from a plurality of process types. The administrator selects the process type that the management server 2 has received from the pull-down button (selection display object) of the process type selection display unit 82 and wants to set a threshold value.

  The management server 2 displays a threshold type and a threshold unit corresponding to the processing type selected by the administrator in the processing type selection display unit 82 from the threshold type and threshold unit received from the communication device 1. Unit (threshold type display object) 83 and threshold unit display unit (threshold unit display object) 85 are displayed on the threshold management screen 80, and threshold values set by the administrator between the threshold type display unit 83 and the threshold unit display unit 85 are displayed. A threshold value input display unit (threshold value input display object) 84 that receives input is displayed.

In FIG. 10A, “session control” is selected from the process type selection display unit 82 as the process type for which the administrator wants to set a threshold, and “session control” displayed on the threshold type display unit 83 and the threshold unit display unit 85 respectively. In this example, “180” is input to the threshold value input display unit 84 as the value of “session duration” that is the threshold type corresponding to the processing type and “second” that is the threshold unit.
That is, this is a screen image of the threshold management screen 80 in which “180 seconds” is set as the threshold for the duration of the session in the communication device 1. “Session control” refers to controlling a session, which is a series of communications.

  In FIG. 10B, “DPI processing” is selected from the processing type selection display unit 82 as a processing type for which the administrator wants to set a threshold, and “DPI processing” displayed on the threshold type display unit 83 and the threshold unit display unit 85 respectively. This is an example in which “300 k” is input to the threshold value input display unit 84 as a value of “limited bandwidth amount” that is a threshold type corresponding to the processing type and “bps” that is a threshold unit.

That is, it is a screen image of the threshold management screen 80 in which “300 kbps” is set as a threshold for limiting the bandwidth amount for DPI processing in the communication device 1. Note that “bandwidth” refers to the amount of packets subjected to DPI processing, and “bps” refers to “bits per second”.
The management server 2 displays the threshold currently set for the communication device 1 on the threshold management screen 80 by receiving the threshold from the communication device 1 in addition to the processing type, the threshold type, and the threshold unit. Good.

FIG. 15 is an example of a flowchart showing the operation of the dynamic transfer control unit 20 of the basic control unit 10.
When the basic control unit 10 is activated, the dynamic transfer control unit 20 is loaded from the memory 11 to the CPU 12 and starts operating (S300). Note that steps S301 to S319 are repeatedly executed (for example, periodically).

The dynamic transfer control unit 20 sends an entry setting request, which is an addition request for adding (setting) an entry of the packet transfer processing performed by the function expanding unit 40 to the transferring unit 30 from the function expanding unit 40. It is confirmed whether or not to receive (S301).
The entry setting request includes information for specifying an entry requesting setting, and is, for example, a transmission source address, a transmission destination address, a protocol number, and a next hop.

  When the dynamic transfer control unit 20 receives an entry setting request (YES in S301), each piece of information of the entry setting request is registered (recorded) in the dynamic transfer control table 23. It is determined whether or not the maximum number of entries is exceeded (S302). That is, it is determined whether or not each information of the entry setting request can be registered (stored) in the dynamic transfer control table 23 as an entry. Step S302 is executed by, for example, comparing the current number of entries registered in the dynamic transfer control table 23 with the maximum number of entries that can be registered in the dynamic transfer control table 23.

  The maximum number of entries in the dynamic transfer control table 23 is a predetermined number that is equal to or less than the maximum number of entries in the transfer table 32 of the transfer unit 30 described later, and takes the maximum number of entries in the transfer table 32 into consideration. Thus, it is preset (held) in the dynamic transfer control unit 20. Further, the maximum number of entries in the dynamic transfer control table 23 may be set in a functional unit other than the dynamic transfer control unit 20 or may be set in the communication device 1 by the administrator via the management server 2. Good.

  As a result of the determination in step S302, if the maximum number of entries in the dynamic transfer control table 23 is not exceeded (NO in S302), the dynamic transfer control unit 20 sends the transfer unit 30 to the transfer unit 30 via the intra-device communication I / F 14. An entry setting request, which is a storage request for requesting registration of an entry for packet transfer processing performed by the function expansion unit 40, is issued (transmitted) (S303).

  The dynamic transfer control unit 20 confirms whether or not a response indicating success is received as a response to the entry setting request (S304). When the success response is received (YES in S304), the dynamic transfer control unit 20 Each entry setting request information received from the function expansion unit 40 is registered as an entry in the dynamic transfer control table 23 (S305). Then, it returns to step S301 again.

  When the dynamic transfer control unit 20 registers an entry in the dynamic transfer control table 23, the basic control unit 10 controls that the packet transfer process performed by the function expansion unit 40 is changed to be executed by the transfer unit 30. To do.

  As a result of the determination in step S302, if the maximum number of entries exceeds (YES in S302), the dynamic transfer control unit 20 transmits a response indicating that the maximum number of entries exceeds the function expansion unit 40 (S312). ), A response (failure response) indicating that the entry setting request has failed is returned (sent) (S306). Then, it returns to step S301 again.

  When the dynamic transfer control unit 20 receives a response indicating failure (failure response) as a response to the entry setting request (NO in S304), it executes Step S306 and returns to Step S301 again.

When the dynamic transfer control unit 20 does not receive the entry setting request (NO in S301), the dynamic transfer control unit 20 has been moved from the function expansion unit 40 from the function expansion unit 40. It is confirmed whether or not an entry deletion request, which is a deletion request for deleting an entry for packet transfer processing from the transfer unit 30 and returning to the function expansion unit 40, is received (S307).
The entry deletion request includes information for specifying an entry requesting deletion, and includes a transmission source address, a transmission destination address, a protocol number, a next hop, and the like.

  When the dynamic transfer control unit 20 receives the entry deletion request (YES in S307), the dynamic transfer control table 23 is referred to and an entry that matches each piece of information of the entry deletion request is stored in the dynamic transfer control table 23. It is confirmed whether it exists (S308). When an entry that matches each piece of information of the entry deletion request exists in the dynamic transfer control table 23 (YES in S308), the dynamic transfer control unit 20 makes the transfer unit 30 perform the function expansion unit 40 performed by the transfer unit 30. Issue (send) an entry deletion request, which is an information deletion request for deleting the entry of the packet transfer process moved from (S309).

  The dynamic transfer control unit 20 confirms whether or not a response indicating success is received as a response to the entry deletion request (S310), and if a successful response is received (YES in S310), the dynamic transfer control unit 20 The entry that matches the information of the entry deletion request received from the function expansion unit 40 is deleted from the dynamic transfer control table 23 (S311). Then, it returns to step S301 again.

  When the dynamic transfer control unit 20 does not receive the entry deletion request (NO in S307), the process returns to step S301 again. When there is no entry matching the information of the entry deletion request in the dynamic transfer control table 23 (NO in S308), the dynamic transfer control unit 20 indicates a failure as a response to the entry deletion request (failure response). Is received (NO in S310), the dynamic transfer control unit 20 transmits a response (failure response) indicating that the entry deletion request has failed to the function expansion unit 40 (S313). Then, it returns to step S301 again.

  When the dynamic transfer control unit 20 deletes the entry from the dynamic transfer control table 23, the basic control unit 10 controls the cancellation of the packet transfer process changed from the function expansion unit 40 that the transfer unit 30 has executed. To do.

  The transfer unit 30 has higher performance of packet transfer processing than the function expansion unit 40, but the number of entries registered in the transfer table 32 referred to when performing packet transfer processing is small. For this reason, if the transfer unit 30 tries to transfer a large amount of packets, the number of entries to be registered in the transfer table 32 may exceed the registerable capacity. In order to solve this problem, the dynamic transfer control unit 20 confirms the number of entries in the dynamic transfer control table 23, and the number of entries set in the transfer unit 30 can be transferred by the transfer unit 30. Control not to exceed the number.

  In addition, regarding the operation for controlling whether or not the packet group passes through the function expansion unit 40 by the addition request and the deletion request, if the configuration is to switch whether or not the packet group passes through the function expansion unit 40 by a plurality of requests, You may implement | achieve with another means irrespective of the said means.

The operation of the transfer processing control unit 54 of the function expansion unit 40 will be described with reference to FIG.
FIG. 11A and FIG. 11B are examples of flowcharts showing the operation of the transfer processing control unit 54. Note that the transfer processing control unit 54 is assumed to hold the threshold shown in FIG. 10A. The case where the additional function execution unit 53 operates as a session control unit that controls a session such as an IP phone will be described.
When the function expansion unit 40 is activated, the transfer processing control unit 54 is loaded from the memory 41 to the network processor 42 to start operation (S100), and proceeds to step S101. Note that steps S101 to S119 are repeatedly executed (for example, periodically).

  The transfer processing control unit 54 checks whether or not a registration request for requesting registration of additional function target identification information is received from the additional function execution unit 53 (S101). That is, the transfer processing control unit 54 checks whether or not a session registration request is received from the session control unit 53 (S101). If the transfer processing control unit 54 receives a session registration request (YES in S101), step S102 is performed. If the transfer process control unit 54 does not receive a session registration request (NO in S101), the process proceeds to step S104. The session registration request includes information such as a transmission source address, a transmission destination address, and a protocol number that specify a session for which registration is requested.

  When the transfer process control unit 54 receives a session registration request (YES in S101), the transfer process control unit 54 extracts session information to be registered from the received session registration request and extracts it to the transfer process control table 56-A. The registered session information is registered (recorded) as session information identified by the entry ID 561 (S102). That is, each piece of information included in the session registration request is registered as the session information processed by the function expansion unit 40 in the transmission source address 562, the transmission destination address 563, and the protocol number 564 of the transfer processing control table 56-A. In addition, the transfer processing control unit 54 acquires the current time in the communication device 1 and registers it at the entry registration time 569, registers the stored threshold value in the session duration 567, and sends a “function extension” to the transfer function unit 568. Part ". Thereafter, the process proceeds to step S103.

  As described above, the transfer process control unit 54 registers the session information in the transfer process control table 56-A, so that the session control unit 53 of the function expansion unit 40 identifies a target packet group for executing the function for controlling the session. The transfer processing control table 56-A in FIG. 7 is created. That is, the session control unit 53 of the function expansion unit 40 refers to the transfer processing control table 56-A and executes session control processing for a packet group that matches the session information.

  In the case of IP phone session control, the packet transferred to the outside by the communication apparatus 1 as an IP phone packet is a packet including voice data received after receiving a session control packet from the session control server. The initial value of the transfer function unit 568 may be set to “transfer unit” when an entry is registered in the transfer process control table 56-A by setting a predetermined selection condition by the administrator.

  The transfer process control unit 54 registers (records) each information registered in the transfer process control table 56-A in the transfer process table 51 as a transfer process entry identified by the entry ID 511 (S103). That is, a transfer process entry that is an entry of transfer packet group identification information for identifying a packet group transferred by the function expansion unit 40 is registered in the transfer process table 51. As a result, the transfer processing table 51 of FIG. 8 to be referred to when the transfer processing unit 50 of the function expanding unit 40 transfers the packet group after executing the function of controlling the session is created.

  That is, the entry ID 511, the transmission source address 512, the transmission destination address 513, and the protocol number 514 of the transfer processing table 51 are recorded (stored). Further, the next hop 517 is acquired and recorded (stored) by a known means. Then, it returns to step S101 again.

  When the transfer process control unit 54 does not receive the session registration request (NO in S101), the transfer process control unit 54 confirms whether or not to receive a deletion request for requesting deletion of the additional function target identification information from the additional function execution unit 53. (S104). That is, the transfer process control unit 54 checks whether or not a session deletion request for requesting deletion of session information recorded in the transfer process control table 56-A is received from the session control unit 53 (S104). If 54 receives a session deletion request (YES in S104), the process proceeds to step S105. If the transfer process control unit 54 does not receive a session deletion request (NO in S104), the process proceeds to step S111. The session deletion request includes information such as a transmission source address, a transmission destination address, and a protocol number that specify a session for which deletion is requested.

  When the transfer process control unit 54 receives the session deletion request (YES in S104), in step S105, the transfer process control unit 54 deletes the session information stored in the transfer process control table 56-A. Specifically, the transfer processing control unit 54 refers to the transfer processing control table 56-A and searches for an entry that matches the session specified by the session deletion request. Thereafter, the process proceeds to step S106.

In step S106, it is confirmed whether or not the transfer function part 568 of the entry searched in step S105 is “transfer part”. If it is “transfer part” (YES in S106), the process proceeds to step S107. (NO in S106) The process proceeds to step S109.
When the transfer function unit 568 is “transfer unit” (YES in S106), the transfer processing control unit 54 requests the dynamic transfer control setting unit 55 to delete the entry searched in step S105. Is transmitted (S107). Thereafter, the process proceeds to step S108.

  The transfer process control unit 54 deletes the entry searched in step S105 from the transfer process control table 56-A (S108). Then, it returns to step S101 again. As a result, the transfer unit 30 performs packet transfer processing, and the session processed by the function expansion unit 40 registered in the transfer processing control table 56-A is deleted.

When the transfer function unit 568 is not the “transfer unit” (NO in S106), the transfer processing control unit 54 deletes the entry that matches the entry searched in Step S105 from the transfer processing table 51 (S109). Then, it progresses to step S110.
The transfer process control unit 54 deletes the entry searched in step S105 from the transfer process control table 56-A (S110). Then, it returns to step S101 again. As a result, the function expansion unit 40 performs packet transfer processing, and the session processed by the function expansion unit 40 registered in the transfer processing control table 56-A is deleted.

  As described above, when the transfer process control unit 54 deletes the session information from the transfer process control table 56-A, the session control process in the session control unit 53 of the function expansion unit 40 for the packet group that matches the deleted information. Cancels execution of (additional function processing).

  If the transfer processing control unit 54 does not receive the session deletion request in step S104 (NO in S104), the transfer processing control unit 54 checks the processing load status of the function expansion unit 40. Specifically, the transfer processing control unit 54 refers to the transfer processing control table 56-A, compares the information of the entry whose transfer function unit 568 is “function expansion unit” with the threshold value, and exceeds the threshold value. The entry is searched (S111).

  In other words, the transfer processing control unit 54 sets the session duration 567, which is a threshold value for the elapsed time from the time stored at the entry registration time 569 to the current time among the entries whose transfer function unit 568 is the “function expansion unit”. An entry exceeding the limit is searched (S111). As a result of the search, when there is no entry whose elapsed time exceeds the threshold value (not found or not hit) (NO in S111), the process returns to step S101 again. As a result of the search, if there is an entry whose elapsed time exceeds the threshold value (found or hit) (YES in S111), the process proceeds to step S112.

  Here, an entry whose elapsed time exceeds the threshold is an entry in which the load of the packet transfer processing in the function expansion unit 40 is high and the load in the function expansion unit 40 exceeds a predetermined threshold, and the elapsed time However, an entry that does not exceed the threshold is an entry that has a low load of packet transfer processing in the function expansion unit 40 and the load in the function expansion unit 40 does not exceed a predetermined threshold.

  If there is an entry whose elapsed time exceeds the threshold (YES in S111), the transfer processing control unit 54 sets the entry found by searching in step S111 to the dynamic transfer control setting unit 55. The requested entry setting request is transmitted (S112). The transfer processing control unit 54 transmits an entry setting request to the basic control unit 10 via the dynamic transfer control setting unit 55, thereby performing packet transfer processing performed by the function expansion unit 40 on the transfer engine 31 of the transfer unit 30. Request to do it. After receiving a response to the entry setting request, the process proceeds to step S113.

  The transfer processing control unit 54 checks whether or not a response exceeding the maximum number of entries that can be stored in the dynamic transfer control table 23 of the basic control unit 10 has been received from the response to the entry setting request in step S112 (S113). . If the transfer process control unit 54 has not received a response that exceeds the maximum number of entries (NO in S113), the process proceeds to step S114, and if the transfer process control unit 54 has received a response that exceeds the maximum number of entries (S113). YES) and goes to step S116.

  When the transfer processing control unit 54 has not received a response indicating that the maximum number of entries has been exceeded (NO in S113), the transfer processing control unit 54 sets the transfer function unit 568 of the entry found by searching in step S111 to “function expansion”. The data is written (updated) in the transfer process control table 56-A so as to be changed from “copy” to “transfer” (S114). Thereafter, the process proceeds to step S115.

  The transfer processing control unit 54 deletes an entry that matches the entry found by searching in step S111 from the transfer processing table 51 (S115). Then, it returns to step S101 again. As a result, the function expansion unit 40 is a packet transfer process that matches the entry found by searching in step S111, that is, the function expansion unit 40 that matches the entry whose elapsed time exceeds the threshold and the load of the packet transfer process is high. The packet transfer process being executed is transferred (moved) from the transfer processing unit 50 of the function expansion unit 40 to the transfer engine 31 of the transfer unit 30.

  As a result, the processing load on the function expansion unit 40 is reduced, packet loss in the function expansion unit 40 is prevented, and packet transfer processing executed by the communication device 1 is stabilized. The communication device 1 provides a high-quality voice to the callee because it becomes difficult to hang up the call (stable call) due to the stability of packet transfer processing.

  When the transfer processing control unit 54 receives a response indicating that the maximum number of entries has been exceeded (YES in S113), the transfer processing control unit 54 refers to the transfer processing control table 56-A, and the transfer function unit 568 sets the “transfer unit”. Are searched for entries with a low processing load (S116). That is, the transfer processing control unit 54 searches for an entry having the shortest elapsed time from the time stored at the entry registration time 131709 to the current time (S116). Thereafter, the process proceeds to step S117.

  The reason for searching for the shortest entry is to search for an entry having a small transfer processing load. Of the entries of the packet transfer process transferred to the transfer engine 31 of the transfer unit 30, an entry in which the session registration time is registered in the function expansion unit 40 is short, that is, an entry with a short call relay time is transferred. The processing load is small.

  Therefore, of the packet transfer processes transferred to the transfer unit 30, the entry with a small load of the packet transfer process is deleted from the transfer unit 30 and returned to the transfer processing unit 50 of the function expansion unit 40. This is because the transfer processing capability of the function expansion unit 40 is lower than the transfer processing capability of the transfer unit 30, so that the one with a small packet transfer processing load is preferentially returned to the transfer processing unit 50 of the function expansion unit 40. is there.

As long as an entry with a small load of packet transfer processing is transferred (returned) from the transfer unit 30 to the function expansion unit 40, the entry is not limited to the “shortest entry”, and may be an entry within a predetermined standard. Which entry is to be searched may be determined in advance by the administrator as a policy.
The transfer process control unit 54 writes (updates) in the transfer process control table 56-A so as to change the transfer function unit of the entry searched in step S116 from “transfer unit” to “function expansion unit” (S117). . Thereafter, the process proceeds to step S118.

The transfer process control unit 54 registers (records) the entry searched in step S116 in the transfer process table 51 (S118). Thereafter, the process proceeds to step S119. The transfer processing control unit 54 transmits an entry deletion request for the entry searched in step S116 to the dynamic transfer control setting unit 55 (S119). Then, it returns to step S101 again.
As a result, the function expansion unit 40 performs the packet transfer process that matches the entry found by searching in step S116, that is, the packet transfer process that is being executed by the transfer unit 30 that matches the entry with a low load of the packet transfer process. The entry with a low load of packet transfer processing is returned from the transfer engine 31 of the transfer unit 30 to the transfer processing unit 50 of the function expansion unit 40, and the function expansion unit 40 executes a packet transfer process with a low load.

As a result, the number of entries moving to the transfer unit 30 decreases, the number of entries set in the transfer unit 30 does not exceed the number that can be transferred by the transfer unit 30, and the packet transfer of the transfer unit 30 Quality is maintained. By performing packet transfer processing in consideration of functional differences and performance differences between the transfer unit 30 and the function expansion unit 40, stable packet transfer processing is realized.
Note that steps S101, S102, and S103 in FIG. 11A are the same processes as steps S407, S408, and S412 in FIG.

FIG. 12 is an example of a sequence diagram showing a series of operations for entry setting requests.
The transfer processing control unit 54 of the function expansion unit 40 changes the dynamic transfer control setting unit 55 so that the transfer unit 30 executes the transfer process performed by the function expansion unit 40, that is, the function An entry setting request for requesting that the entry of the transfer process being executed by the extension unit 40 be added to the transfer unit 30 is transmitted (S1401). The entry setting request is transmitted according to a predetermined selection condition, for example, when the load of packet transfer processing in the function expansion unit 40 is higher than a predetermined threshold.

  The dynamic transfer control setting unit 55 that has received the entry setting request transmits the entry setting request to the dynamic transfer control unit 20 of the basic control unit 10 (S1402). The dynamic transfer control unit 20 that has received the entry setting request refers to the dynamic transfer control table 23 and checks whether the maximum number of entries has been exceeded (S1403). If the maximum number of entries is not exceeded as a result of the check, the dynamic transfer control unit 20 transmits an entry setting request to the transfer engine control unit 34 of the transfer unit 30 (S1404). As a result of the check, if the maximum number of entries is exceeded, the dynamic transfer control unit 20 transmits a response indicating that the maximum number of entries has been exceeded to the function expansion unit 40.

  The transfer engine control unit 34 that has received the entry setting request refers to the transfer table 32 to check whether there is an entry that duplicates each piece of information in the entry setting request. If there is no duplicate entry, the transfer engine control unit 34 sets the entry setting request as a new entry. Each information is written (recorded) in the transfer table 32 (S1405), and a response indicating successful setting is returned (transmitted) to the dynamic transfer control unit 20 (S1406).

  The dynamic transfer control unit 20 that has received the setting success response writes (records) each entry setting request information received in step S1403 as an entry in the dynamic transfer control table 23 (S1407), and the function expansion unit 40 A response indicating that the setting was successful is returned (transmitted) to the dynamic transfer control setting unit 55 (S1408). The dynamic transfer control setting unit 55 that has received the setting success response returns (sends) a setting success response to the transfer processing control unit 54 (S1409).

FIG. 13 is an example of a sequence diagram showing a series of operations for an entry deletion request.
The transfer process control unit 54 changes the transfer process executed by the transfer unit 30 to the dynamic transfer control setting unit 55 so that the function expansion unit 40 executes, that is, the transfer unit 30 executes the transfer process. An entry deletion request is sent to request deletion of the transfer processing entry from the transfer unit 30 (S1501). The entry deletion request is, for example, when the number of packet transfer processing entries registered in the transfer unit 30 exceeds the maximum number, or when the load of packet transfer processing in the function expansion unit 40 is lower than a predetermined threshold. Sent to.

  The dynamic transfer control setting unit 55 that has received the entry deletion request transmits an entry deletion request to the dynamic transfer control unit 20 (S1502). The dynamic transfer control unit 20 that has received the entry deletion request refers to the dynamic transfer control table 23 and checks whether there is an entry that matches each piece of information of the entry deletion request (S1503). As a result of the check, if there is an entry that matches the entry deletion request, the dynamic transfer control unit 20 transmits the entry deletion request to the transfer engine control unit 34 (S1504).

  Upon receiving the entry deletion request, the transfer engine control unit 34 refers to the transfer table 32 to search for an entry that matches each piece of information of the entry deletion request, deletes the found entry from the transfer table 32 (S1505), and dynamically A deletion success response is returned (transmitted) to the transfer control unit 20 (S1506).

The dynamic transfer control unit 20 that has received the deletion success response deletes the entry that matches the information of the entry deletion request from the dynamic transfer control table 23 (S1507), and the dynamic transfer control setting unit 55 indicates that the deletion was successful. A response is returned (sent) (S1508). The dynamic transfer control setting unit 55 that has received the deletion success response returns (sends) a deletion success response to the transfer processing control unit 54 (S1509).
In step S <b> 1505, the communication device 1 stops the transfer process of the transfer unit 30 for the packet group that matches the information deleted from the transfer table 32.

  With the above operation, in this embodiment, in the communication apparatus having a plurality of transfer function units, the transfer function unit that performs the transfer process is changed for each session according to the characteristics of each transfer function unit and the processing status of the transfer process. can do. In addition, according to the present embodiment, transfer processing is efficiently distributed among different types of functional units according to the characteristics and processing status of different types of functional units (transfer units and function expansion units) that implement transfer functions, and stable. Realize the transfer process. In addition, the present embodiment realizes an improvement in the quality of transferred packets.

  Specifically, the predetermined selection condition is used in the transfer engine 31 having a high transfer processing performance but a small number of registerable entries and the transfer processing unit 50 having a low transfer processing performance but a large number of registerable entries. Based on the duration of the session, a transfer function unit that performs a transfer process while a session of a call is continuing, that is, while the process of the additional function in the function extension unit 40 is executed, is transferred to the transfer processing unit of the function extension unit 40 The transfer engine 31 of the transfer unit 30 is changed from 50 to perform efficient processing distribution of transfer processing between the transfer unit 30 and the function expansion unit 40 to realize stable transfer processing.

  In the present embodiment, the packet transfer processing performed by the function expansion unit 40 is transferred from the function expansion unit 40 to the transfer unit 30, and the transferred packet transfer process is returned from the transfer unit 30 to the function expansion unit 40. A packet (for example, received via the core I / F 61) that is transferred without the function expansion unit 40 originally executing the processing of the additional function, that is, without passing through the function expansion unit 40, is transferred by the transfer engine 31. Transfer processing of packets such as moving image data transferred and transmitted via the subscriber I / F 60 is continued.

  When a plurality of transfer units 30 and function expansion units 40 are installed in the communication device 1, for example, the dynamic transfer control unit 20 of the basic control unit 10 controls the transfer table 32 for each transfer unit 30. The entry setting request and the entry deletion request are identified for each function expansion unit 40, and the operation is performed according to the identified request.

  In this embodiment, the transfer engine 31 is arranged in the transfer unit 30, and the transfer processing unit 50 and the transfer processing control unit 54 are arranged in the function expansion unit 40. If there is a transfer engine and a transfer processing unit as functional units of the transfer processing unit, and a transfer processing control unit as a functional unit that performs control for selecting a transfer engine or transfer processing unit that is a functional unit that performs packet transfer, these are arranged. The functional unit (module card) to be used is not particularly limited.

Next, the case where the communication apparatus 1 executes the DPI process as an additional function process will be described. That is, the additional function execution unit 53 operates as a DPI processing unit.
The DPI processing unit 53 executes a DPI processing function that is an additional function for the packet transferred by the communication device 1. The DPI processing unit 53 identifies the received packet group based on each piece of information included in the packet belonging to the packet group received from the transfer unit 30. Based on the specified packet group, a flow registration request for requesting registration of a flow, which is a registration request for identifying a packet group processed by the DPI processing unit 53, is transmitted to the transfer processing control unit. The flow registration request includes information for specifying a flow of a packet group for which registration is requested, for example, information such as a transmission source address, a transmission destination address, and a protocol number. A trigger for specifying the received packet group is set in advance by the administrator.

  In addition, when canceling the inspection process to be executed, the DPI processing unit 53 transmits to the transfer processing control unit 54 a flow deletion request that requests deletion of the flow that has requested registration. The flow deletion request includes information specifying a flow of a packet group that requests deletion, and is information such as a transmission source address, a transmission destination address, and a protocol number, for example.

  When the DPI processing unit 53 receives a packet from the transfer unit 30, the DPI processing unit 53 specifies a packet group to which the received packet belongs based on each piece of information included in the received packet. Based on the identified packet group, a flow registration request is transmitted to the transfer processing control unit 54.

  When the transfer processing control unit 54 receives a flow registration request from the DPI processing unit 53, the transfer processing control unit 54 is flow information that is information for identifying a flow of a packet group that the DPI processing unit 53 processes each piece of information of the flow registration request for which registration is requested. Is stored in the transfer processing control table 56-B and the flow information is registered. In addition, the transfer processing control unit 54 changes (switches) a transfer function unit that transfers a packet group that matches the flow information stored in the transfer processing control table 56-B. That is, the transfer processing control unit 54 determines a transfer function unit that transfers the packet group after the function expansion unit 40 receives and the DPI processing unit 53 executes the DPI processing that is the processing of the additional function, Change the functional part.

  The transfer processing control unit 54 performs transfer processing as a transfer processing entry that is an entry of transfer packet group identification information that identifies each packet information registered in the transfer processing control table 56-B. Store in the table 51 and register the transfer processing entry.

  When the transfer processing control unit 54 registers the flow information in the transfer processing control table 56, the DPI processing unit 53 refers to the transfer processing control table 56-B and identifies a packet group that performs DPI processing from the flow information. Then, DPI processing is executed on the identified packet group. That is, the entry of the transfer process control table 56-B is an entry including flow information for identifying a packet group for which the DPI processing unit 53 performs DPI processing that is processing of an additional function.

  In addition, the transfer processing control unit 54 registers the transfer processing entry in the transfer processing table 51, so that the transfer processing unit 50 refers to the transfer processing table 51 and executes the DPI processing for performing the transfer processing. And the transfer process is executed for the identified packet group. In other words, the entry in the transfer processing table 51 is an entry for identifying a packet group after the DPI process is performed and identifying a packet group for which the transfer processing unit 50 performs the transfer process.

  The transfer processing control table 56-B includes flow information, information about threshold values, a bandwidth amount used by the packet group identified by the flow information (used bandwidth amount), and the DPI processing unit 53 after executing the DPI processing. Information for specifying a transfer function unit (transfer engine 31 of the transfer unit 30 or transfer processing unit 50 of the function expansion unit 40) that performs transfer processing of the packet group is stored. That is, the flow processed by the function expansion unit 40 is registered in the transfer processing control table 56-B.

FIG. 14 is an example of the transfer processing control table 56-B of the function expansion unit 40. The transfer process control table 56 -B is created corresponding to the DPI processing unit 53.
The transfer process control table 56-B is different from the transfer process control table 56-A in the limited bandwidth amount 580 and the used bandwidth amount 581.

  The entry ID 561, the transmission source address 562, the transmission destination address 563, and the protocol number 564 of the transfer processing control table 56-B are flow information that is each information of the flow registration request received from the DPI processing unit 53 by the transfer processing control unit 54. And stored by the transfer processing control unit 54. In addition, the transfer function unit 568 stores a transfer function unit that transfers the packet group after the DPI process is executed, which is determined by the transfer process control unit 54.

  The limited bandwidth amount 580 is information regarding a threshold set in the function expansion unit 40, and is information on a bandwidth amount (packet amount) that limits a packet group transferred by the transfer function unit. As for the limited bandwidth amount 580, the threshold stored in the transfer processing control unit 54 is stored by the transfer processing control unit 54. The used bandwidth amount 581 is information indicating the amount of bandwidth used by the packet group identified by the flow information, that is, the amount of transfer of the packet group identified by the flow information by the transfer unit 30 or the function expansion unit 40. As for the used bandwidth amount 581, statistical information acquired by the transfer processing control unit 54 from the statistical management unit 22 and the statistical table 52 is stored by the transfer processing control unit 54.

  The DPI processing unit 53 refers to the flow information stored in the transfer processing control table 56-B and identifies a packet group to be subjected to DPI processing. Further, the transfer process control unit 54 refers to the transfer function unit 568 stored in the transfer process control table 56-B and transfers the packet after executing the DPI process (the transfer unit 30 or the function extension). Part 40).

  The transfer processing control unit 54 repeatedly issues, for example, a statistical acquisition request that requests the statistical management unit 22 of the basic control unit 10 to acquire statistical information of packets transferred by the transfer unit 30 managed by the statistical management unit 22 periodically. Transmit and receive statistical information from the statistical management unit 22. The transfer processing control unit 54 writes (stores) the used bandwidth amount of the received statistical information in the used bandwidth amount 581 of the entry ID 561 of the transfer processing control table 56-B corresponding to the entry ID of the received statistical information.

  In addition, the transfer processing control unit 54 repeatedly reads, for example, statistical information from the statistical table 25 periodically, and uses a bandwidth 581 of the entry ID 23171 of the transfer processing control table 56-B corresponding to the entry ID of the read statistical information. Is written (stored) in the used bandwidth amount of the read statistical information.

  The operation of the transfer processing control unit 54 will be described with reference to FIG. Note that portions different from the operation of FIG. 11 when the additional function execution unit 53 is a session control unit will be described. That is, Step S101, Step S104, Step S111, and Step S116 in the case of the session control unit 53 will be described as Step S201, Step S204, Step S211, and Step S216 in the case of the DPI processing unit 53, respectively. In other steps, “session” or the like is appropriately read as “flow” or the like. Further, the transfer processing control unit 54 will be described as holding the threshold shown in FIG. 10B.

  In step S201, the transfer processing control unit 54 checks whether or not a registration request is received from the additional function execution unit 53 (S201). In other words, the transfer processing control unit 54 checks whether or not a flow registration request for requesting registration of flow information is received from the DPI processing unit 53 (S201).

  In step S204, the transfer processing control unit 54 checks whether or not a deletion request is received from the additional function execution unit 53 (S204). That is, the transfer processing control unit 54 checks whether or not a flow deletion request for requesting deletion of the flow information recorded in the transfer processing control table 56-B is received from the DPI processing unit 53 (S204).

  In step S211, the transfer processing control unit 54 refers to the transfer processing control table 56-B, compares the information of the entry in which the transfer function unit 568 is a “function expansion unit” with a threshold value, and enters an entry that exceeds the threshold value. Is searched (S211). In other words, the transfer processing control unit 54 restricts the use bandwidth amount stored in the use bandwidth amount 581 among the entries whose transfer function unit 568 is the “function expansion unit” as a threshold held by the transfer processing control unit 54. An entry exceeding the bandwidth amount 580 is searched (S211).

  Here, an entry in which the amount of bandwidth used exceeds the threshold held by the transfer processing control unit 54 has a high transfer processing load in the function expansion unit 40, and the load in the function expansion unit 40 exceeds a predetermined threshold. Entries whose bandwidth usage does not exceed the threshold held by the transfer processing control unit 54 has a low transfer processing load at the function expansion unit 40 and the load at the function expansion unit 40 is a predetermined value. The entry does not exceed the threshold.

  In step S216, the transfer processing control unit 54 refers to the transfer processing control table 56-B, and searches for an entry with a low processing load among entries whose transfer function unit 568 is “transfer unit” (S216). In other words, the transfer processing control unit 54 searches for an entry with the minimum used bandwidth amount stored in the used bandwidth amount 581 (S216).

  The reason for searching for the minimum entry is to search for an entry with a small load of packet transfer processing. Of the transfer processing entries transferred to the transfer engine 31 of the transfer unit 30, the amount of bandwidth used by the flow of packets for which DPI processing or the like is executed is small, that is, the amount of packets for which DPI processing or the like is executed is small. With a small number of entries, the load of transfer processing is small.

  Therefore, among the transfer processes transferred to the transfer unit 30, the entry with a small load on the transfer process is returned to the transfer processing unit 50 of the function expansion unit 40. This is because the transfer processing capability of the function expansion unit 40 is lower than the transfer processing capability of the transfer unit 30, so that the one with a small transfer processing load is preferentially returned to the transfer processing unit 50 of the function expansion unit 40. .

  As long as an entry with a small transfer processing load is transferred from the transfer unit 30 to the function expansion unit 40, the entry is not limited to the “minimum entry”, and may be an entry within a predetermined standard. Which entry is to be searched may be determined in advance by the administrator as a policy.

  With the above operation, in a communication apparatus having a plurality of transfer function units, the transfer function unit that performs the transfer process can be moved for each flow according to the characteristics of each transfer function unit and the processing status of the transfer process. In addition, according to the present embodiment, transfer processing is efficiently distributed among different types of functional units according to the characteristics and processing status of different types of functional units (transfer units and function expansion units) that implement transfer functions, and stable. Realize the transfer process. In addition, the present embodiment realizes an improvement in the quality of transferred packets.

  Specifically, the flow is used in the transfer engine 31 of the transfer unit 30 having high performance but a small number of entries that can be registered, and the transfer processing unit 50 of the function expansion unit 40 having a low performance but a large number of entries that can be registered. Based on the amount of bandwidth, while the DPI processing of a flow is continued, that is, while the processing of the additional function in the function expansion unit 40 is executed, the transfer function unit that performs the transfer processing is changed to the transfer processing unit 50 of the function expansion unit 40. Is changed to the transfer engine 31 of the transfer unit 30 to perform efficient processing distribution of the transfer process between the transfer unit 30 and the function expansion unit 40 to realize stable transfer processing.

  In addition, this invention is not limited to an above-described Example, Various modifications are included. For example, the above-described embodiments have been described in detail for easy understanding of the present invention, and are not necessarily limited to those having all the configurations described. Further, a part of the configuration of one embodiment can be replaced with the configuration of another embodiment, and the configuration of another embodiment can be added to the configuration of one embodiment.

  Further, it is possible to add, delete, and replace other configurations for a part of the configuration of each embodiment. Each of the above-described configurations, functions, processing units, processing means, and the like may be realized by hardware by designing a part or all of them with, for example, an integrated circuit such as an FPGA. Each of the above-described configurations, functions, and the like may be realized by software by interpreting and executing a program that realizes each function by the processor. Information such as programs, tables, and files for realizing each function may be placed in a recording device such as a memory, a hard disk, an SSD (Solid State Drive), or a recording medium such as an IC (Integrated Circuit) card, an SD card, or a DVD. it can.

  Moreover, although various information was demonstrated by the expression of "aaa table", various information may be expressed by data structures other than a table. In order to show that it does not depend on the data structure, the “aaa table” can be called “aaa information”. Further, the description has been given of recording each information in various tables in the expression “store”, but it may be expressed as “register” or “set”.

  Further, the control lines and information lines indicate what is considered necessary for the explanation, and not all the control lines and information lines on the product are necessarily shown. Actually, it may be considered that almost all the components are connected to each other.

DESCRIPTION OF SYMBOLS 1 Communication apparatus 10 Basic control part 20 Dynamic transfer control part 21 Threshold management part 23 Dynamic transfer control table 30 Transfer part 31 Transfer engine 32 Transfer table 40 Function expansion part 50 Transfer process part 51 Transfer process table 53 Additional function execution part 54 Transfer processing control unit 55 Dynamic transfer control setting unit 56 Transfer processing control table

Claims (12)

A communication device including a transfer unit that transfers a packet to a transfer destination,
A function execution unit that executes predetermined processing on a packet group that is a group of a plurality of packets received from the transfer unit;
A transfer processing unit that executes a transfer process of transferring the packet group, on which the predetermined process has been executed by the function execution unit, to a transfer destination;
Transfer processing control for controlling the transfer unit to execute transfer processing of a packet having a predetermined condition among packets belonging to a processing target packet group that is a packet group to be subjected to the predetermined processing by the function execution unit. And
A communication device comprising a function expansion unit having The communication device according to claim 1,
The packet of the predetermined condition is
A packet that belongs to a packet group in which the predetermined process is executed by the function execution unit, and that the function execution unit receives from the transfer unit after executing the predetermined process;
The transfer processing control unit
Communication that maintains execution of the predetermined processing by the function execution unit and controls the transfer unit to execute transfer processing of packets belonging to the processing target packet group that the transfer processing unit executes apparatus. The communication device according to claim 2,
The transfer processing control unit
A communication apparatus that monitors a load state of a transfer process of the transfer processing unit and controls to change the transfer process from the transfer processing unit to the transfer unit according to the load state. The communication device according to claim 3,
The function expansion unit is
Transfer processing for associating and storing processing target identification information for identifying the processing target packet group and transfer function unit information for identifying a transfer function unit for executing transfer processing of the packet group identified by the processing target identification information Control information, transfer processing information for identifying a transfer destination of the packet group transferred by the transfer processing unit, and
A storage unit for storing
The transfer processing control unit
When the packet group is received from the transfer unit, predetermined information included in an arbitrary packet belonging to the received packet group is stored in the processing target identification information, and the function as the transfer function unit is stored in the transfer function unit information. Storing information indicating an extension unit, storing the predetermined information stored in the processing target identification information in the transfer processing information,
The transfer processing unit
A communication apparatus that transfers the packet group to a transfer destination with reference to the transfer processing information. The communication device according to claim 4,
The predetermined process is:
A connection control process that controls the connection relationship of a series of communications.
The processing target identification information is
A connection relation information for identifying a processing target packet group of the connection control process and identifying the connection relation;
The transfer processing control information is
Storing the storage time information indicating the time when the connection relation information is stored, the threshold related to the storage time information, the processing target identification information, and the transfer function unit information in association with each other;
The transfer processing control unit
When receiving the packet group from the transfer unit, information on the connection relationship requesting establishment included in the establishment request packet for requesting establishment of the connection relationship received from the outside of the packets belonging to the packet group, After storing as the connection relation information of the transfer process control information, the value of the transfer function section information corresponding to the connection relation information whose elapsed time from the time indicated by the storage time information to the current time exceeds the threshold value is the transfer function section. And changing to the information indicating the transfer unit, and controlling to change the transfer process in the transfer processing unit to the transfer unit. The communication device according to claim 5,
The transfer unit
Transfer information for storing the identification information for identifying the packet group received from outside and the transfer destination of the packet group identified by the identification information in association with each other,
The transfer information is
Among the identification information, information indicating the function expansion unit as a transfer destination corresponding to the identification information for identifying the processing target packet group of the connection control processing is stored in advance,
The transfer unit
When a packet group identified by the identification information that identifies the processing target packet group of the connection control process is received from the outside, the packet group identified by the identification information is referred to at the transfer destination with reference to the transfer information. Execute transfer processing to transfer to the function extension unit,
The transfer processing control unit
When the value of the transfer function unit information is changed to information indicating the transfer unit as the transfer function unit, the information on the connection relationship stored in the connection relationship information is transmitted to the transfer unit,
The transfer unit
After storing the received information related to the connection relationship as the identification information, when receiving a packet group identified by the stored identification information from the outside, the packet group transferred to the function expansion unit is transferred to an external transfer destination A communication device characterized by transferring to a communication device. The communication device according to claim 3,
The transfer unit
Transfer information for storing the identification information for identifying the packet group received from outside and the transfer destination of the packet group identified by the identification information in association with each other,
When receiving a packet group from the outside, execute a transfer process of transferring the packet group identified by the identification information to the transfer destination with reference to the transfer information,
The function expansion unit is
Transfer processing for associating and storing processing target identification information for identifying the processing target packet group and transfer function unit information for identifying a transfer function unit for executing transfer processing of the packet group identified by the processing target identification information Control information, transfer processing information for identifying a transfer destination of the packet group transferred by the transfer processing unit, and
A storage unit for storing
The transfer processing control unit
When the packet group is received from the transfer unit, predetermined information included in an arbitrary packet belonging to the received packet group is stored in the processing target identification information, and the transfer function unit information is transferred as the transfer function unit. Storing information indicating a section, transmitting the predetermined information stored in the processing target identification information to the transfer section,
The transfer unit
After the received predetermined information is stored as the identification information, when the packet group identified by the stored identification information is received from the outside, the received packet group is transferred to an external transfer destination according to the transfer information A communication device. The communication device according to claim 7,
The predetermined process is:
A connection control process that controls the connection relationship of a series of communications.
The processing target identification information is
A connection relation information for identifying a processing target packet group of the connection control process and identifying the connection relation;
The transfer information is
Among the identification information, information indicating the function expansion unit as a transfer destination corresponding to the identification information for identifying the processing target packet group of the connection control processing is stored in advance,
The transfer processing control unit
When receiving the packet group from the transfer unit, information on the connection relationship requesting establishment included in the establishment request packet for requesting establishment of the connection relationship received from the outside of the packets belonging to the packet group, Storing the connection relation information in the transfer process control information, and storing the information indicating the transfer section in the transfer function section information, transmitting the connection relation information stored in the connection relation information to the transfer section;
The transfer unit
After storing the received information relating to the connection relationship as the identification information, when receiving a packet group identified by the stored identification information from the outside, the received packet group is transferred to an external transfer destination according to the transfer information And
The transfer processing control unit
When the value of the transfer function unit information is changed to information indicating the function extension unit, a deletion request for requesting that the information related to the connection relationship transmitted by the transfer processing control unit stored by the transfer unit is deleted from the transfer unit To transfer to the transfer unit and change the transfer process in the transfer unit to the transfer processing unit,
The transfer unit
In accordance with the received deletion request, a packet group identified by the identification information in which information indicating the function expansion unit is stored in advance as the transfer destination after deleting information on the requested connection relationship from the transfer information Is received from the outside, the received packet group is transferred to the function expansion unit as a transfer destination according to the transfer information. The communication device according to claim 4,
The predetermined process is:
An inspection process for inspecting received packets.
The processing target identification information is
A flow information for identifying a processing target packet group of the inspection processing and identifying a flow of the processing target packet group;
The transfer processing control information is
Use bandwidth information that is the bandwidth of the packet group used by the transfer function unit, a threshold related to the bandwidth, the processing target identification information, and the transfer function unit information in association with each other.
The transfer processing control unit
When receiving the processing target packet group from the transfer unit, after storing the predetermined information included in the arbitrary packet belonging to the received processing target packet group as the flow information of the transfer processing control information, The value of the transfer function unit information corresponding to the flow information whose bandwidth amount exceeds the threshold value is changed to information indicating the transfer unit, and the transfer processing in the transfer processing unit is changed to the transfer unit. A communication device that is controlled to change. A communication device including a transfer unit that transfers a packet to a transfer destination,
A function execution unit that executes predetermined processing on a packet group that is a group of a plurality of packets received from the transfer unit;
A transfer processing unit that executes a transfer process of transferring the packet group, on which the predetermined process has been executed by the function execution unit, to a transfer destination;
After the function execution unit executes the predetermined process, the transfer is controlled so that either the transfer unit or the transfer processing unit executes a transfer process of a packet belonging to the packet group for which the predetermined process has been executed. A processing control unit;
Function expansion unit with
With
A communication device. The communication device according to claim 10,
The transfer processing control unit
The transfer processing unit monitors the load status of the transfer processing, and the transfer unit executes the transfer processing of the packet group in which the predetermined processing executed by the transfer processing unit is executed according to the load status. A communication device characterized by controlling the communication. The communication device according to claim 11,
The transfer unit
Transfer information for storing the identification information for identifying the packet group received from outside and the transfer destination of the packet group identified by the identification information in association with each other,
The function expansion unit is
Processing target identification information for identifying a processing target packet group that is a target packet group on which the function execution unit executes the predetermined processing, and a transfer function for executing a transfer process for the packet group identified by the processing target identification information Transfer processing control information for storing the transfer function unit information for identifying the unit in association with each other, transfer processing information for identifying the transfer destination of the packet group transferred by the transfer processing unit,
A storage unit for storing
The transfer processing control unit
When the packet group is received from the transfer unit, predetermined information included in an arbitrary packet belonging to the received packet group is stored in the processing target identification information, and the function as the transfer function unit is stored in the transfer function unit information. When the information indicating the extension unit or the transfer unit is stored and the information indicating the function extension unit is stored in the transfer function unit information, the predetermined information stored in the processing target identification information is stored in the transfer processing information When the information indicating the transfer unit is stored in the transfer function unit information, the predetermined information stored in the processing target identification information is transmitted to the transfer unit,
The transfer processing unit
Performing the transfer process with reference to the transfer process information;
The transfer unit
A communication apparatus that stores the predetermined information received from the function expansion unit as the identification information, and then executes the transfer process with reference to the transfer information.

Images