JP4417993B2 - Network virtualization system, relay device, and program - Google Patents

Description

  The present invention relates to a network virtualization system for constructing an overlay network such as virtual Ethernet (registered trademark) on an underlay network such as TCP / IP, a relay device provided in the system, and a relay device thereof Relates to the program applied to.

  For example, a virtual network constructed by software on an existing physical network (hereinafter referred to as “underlay network”) such as a TCP / IP network is referred to as an overlay network.

  As a main overlay network (hereinafter also referred to as “virtual network”), there is a virtual local area network (hereinafter referred to as “virtual LAN”).

  A typical virtual LAN includes SoftEther (Packetix) (for example, Non-Patent Documents 1 and 2) manufactured by SoftEther Corporation. SoftEther (Packetix) is a software group that constructs a virtual Ethernet, which is an example of a virtual network. For example, a virtual Ethernet construction method using SoftEther (PacketiX) or similar software is as follows.

    Software that emulates an Ethernet switching hub (hereinafter referred to as “virtual hub”) is operated on a certain computer (hereinafter, the computer that operates the virtual hub is referred to as “server”).

    A computer that wishes to participate in virtual Ethernet connects to a virtual hub via a virtual network interface (hereinafter referred to as a “virtual network interface”) constructed by software (hereinafter, the virtual network interface is operated). The computer to be called “client”).

    An underlay network (TCP / IP network or the like) is used for communication between the virtual network interface and the virtual hub, that is, between the client and the server.

  A general configuration of such a virtual Ethernet is shown in FIG.

  For example, the underlay network 150 that is a TCP / IP network is a physical network that serves as a basis for constructing the virtual Ethernet 154 that is an overlay network. The underlay network 150 includes a firewall 156, a router 157, and a link layer communication device (a hub or a switching hub in the case of Ethernet). The router 157 is a network layer device constituting the TCP / IP network, and is a general device, and therefore, detailed description thereof is omitted here. The firewall 156 is a security device installed at the boundary between the internal network 160 and the external network 161, and since it is a general device, its detailed description is omitted here.

  The client 153 is a computer that is connected to the virtual hub 151 that constitutes the virtual Ethernet 154, and is connected to the virtual hub 151 via the virtual network interface 152. In this way, the virtual hub 151 functions as a relay node that holds connections with a plurality of clients 153. The server 155 is a network virtualization apparatus in which such a virtual hub 151 is arranged. In this specification, the server 155 that is such a network virtualization apparatus and the client 153 that is a terminal controlled by the network virtualization apparatus are collectively referred to as a network virtualization system. The virtual Ethernet 154 is constructed by connecting a plurality of clients 153 each having a virtual network interface 152 to one or a plurality of virtual hubs 151.

  In addition to virtual Ethernet, in Ethernet, capture of Ethernet frames that flow on the network is widely performed in network management (configuration management, performance management, failure analysis, etc.) or system development scenes. A typical method is as follows.

    • Set Ethernet frames that should or should not be captured as “filters” to the network interface driver of the computer connected to the Ethernet switching hub (or virtual hub).

    Items to be set in the filter include a source / destination MAC address, an Ethernet type, a source / destination IP address, a port number, an upper protocol type, and the like.

The network interface driver determines whether it is necessary to capture the Ethernet frame that arrives at its own station according to the contents of the set filter, and displays what is to be captured on the display device after converting the contents to a display format. Or, save the captured contents as they are in a file on the file system.
ASCII Corporation, Official SoftEther Usage Guide http: // www. softther. com, SoftEther Corporation website http: // www. freebit. com / el / index. html, Freebit Corporation website

  Here, in the conventional technique for capture, the filter setting for specifying the Ethernet frame to be captured and the filtering process are performed on the client side. Therefore, Ethernet frames other than those finally captured will also flow into the client, especially in a virtual Ethernet environment, where the location of the virtual hub and client on the underlay network is remote In addition, when there are a large number of Ethernet frames flowing from the virtual hub to the client, a heavy load is applied to the underlay network.

  The present invention has been made in view of the above circumstances, and in a virtual network environment, network virtualization that prevents a non-captured frame from flowing into a client from a virtual hub and reduces unnecessary load on the underlay network. It is an object to provide a system, a relay device, and a program.

  According to one aspect of the present invention, in a network virtualization system comprising: a relay device that forms a virtual hub by software; and a plurality of client terminals that perform virtual network communication via the virtual hub, The client terminal includes a first capture processing unit that performs data capture processing. The first capture processing unit includes a unit that outputs a result of the capture processing to a display device, and without performing the capture processing. Means for enabling setting of a mode for outputting capture data stored in the storage area of the client terminal to a display device, and the virtual data without acquiring the capture data stored in the storage area of the client terminal; Module for acquiring capture data stored in the storage area of the hub The client terminal comprises processing request means for making a request for data capture processing to the virtual hub, the processing request means on the virtual hub, Means for enabling setting of a mode for mirroring traffic between all ports other than the port accommodating the client terminal or a part of the ports to a port accommodating the client terminal; Means for enabling filter setting for a frame at a port accommodating a client terminal and setting of a mode for performing filtering based on the setting; and capture data at the port accommodating the client terminal on the virtual hub. The data is saved in the storage area of the virtual hub without sending it to the terminal. Means for enabling setting of a mode for performing the capture, and capture data that has already been captured and stored in the storage area of the virtual hub without performing a capture process at the port accommodating the client terminal on the virtual hub The virtual hub includes a second capture processing unit that performs a capture process in response to a request from an arbitrary client terminal. The second capture processing means includes means for mirroring traffic between all other ports or a part of ports to a port accommodating the requesting client terminal, and a port accommodating the requesting client terminal. The frame before being sent to the requesting client terminal or the storage area of the virtual hub. A means for performing filter setting for a previous frame and filtering based on the setting, a means for sending capture data to a requesting client terminal at a port accommodating the requesting client terminal, and a requesting client terminal Means for performing a redirect to save the captured data in the storage area of the virtual hub without sending capture data to the requesting client terminal, and traffic flowing into the virtual hub from the port accommodating the requesting client terminal For the above, except when performing a redirect to save the capture data in the storage area of the virtual hub, the means for excluding the capture process and the requesting client terminal have already captured the virtual hub. Capture data saved in the storage area And means for transmitting to the requesting client terminal a unicast frame, broadcast frame, or multicast frame addressed to the requesting client terminal regardless of the filtering or redirection setting requested by the requesting client terminal A network virtualization system is provided.

  According to another aspect of the present invention, a capture process corresponding to a request from an arbitrary client terminal among a plurality of client terminals that forms a virtual hub by software and performs virtual network communication via the virtual hub. In the relay device that performs the request, the means for mirroring the traffic between all other ports or between some ports to the port accommodating the requesting client terminal and the port accommodating the requesting client terminal A filter setting for a frame before being sent to the original client terminal or a frame before being saved in the storage area of the virtual hub, and means for performing filtering based on the setting, and a port accommodating the requesting client terminal, A means for sending capture data to the requesting client terminal, and a request Means for redirecting the captured data to the storage area of the virtual hub without sending the capture data to the requesting client terminal, and the port accommodating the requesting client terminal. For traffic that flows into the hub, unless the redirect is to save the capture data in the storage area of the virtual hub, capture is already performed on the requesting client terminal and the means that is not subject to capture processing. Means for transmitting the capture data stored in the storage area of the virtual hub, and transmitting the unicast frame, broadcast frame, and multicast frame addressed to the requesting client terminal to the requesting client terminal. Filtering requested by Regardless redirection settings, the relay device is provided which is characterized by comprising: means for transmitting.

  According to still another aspect of the present invention, a virtual hub is formed by software, and a request from an arbitrary client terminal among a plurality of client terminals performing virtual network communication via the virtual hub is met. A program that is applied to a relay device that performs capture processing, a function that mirrors traffic between all other ports or some ports to the port that accommodates the requesting client terminal, and the request source A function for performing filter setting and filtering based on the frame before sending to the requesting client terminal or the frame before saving in the storage area of the virtual hub at the port accommodating the client terminal; The port that accommodates the client terminal of the client A function for sending to the terminal, a port for accommodating the requesting client terminal, a function for performing a redirect to save the capture data in the storage area of the virtual hub without sending the capture data to the requesting client terminal, For traffic flowing into the virtual hub from the port accommodating the client terminal, except for performing a redirect to save the capture data in the storage area of the virtual hub, A function for transmitting capture data that has already been captured and stored in the storage area of the virtual hub to the requesting client terminal, and to the requesting client terminal, a unicast frame, a broadcast frame addressed to the requesting client terminal, Requests the multicast frame to the requesting client terminal Regardless required to filter or redirection settings, the program for causing and a function of transmitting to the computer is provided.

  According to the present invention, in a virtual network environment, it is possible to prevent a frame that is not a capture target from flowing from a virtual hub to a client, and to reduce an unnecessary load on the underlay network.

  Embodiments of the present invention will be described below with reference to the drawings.

<Common items in each embodiment>
In the following, three embodiments will be shown, but an implementation policy common to all the embodiments will be described below.

  1. The user (operator) can use an existing capture program as it is or with only a slight change in usage.

    This is to realize the user without any special procedure as much as possible.

  2. Other applications on the client terminal (hereinafter referred to as “client”) or OS (operating system) that captures data can transmit and receive Ethernet frames as usual, regardless of whether or not capture processing is performed. I can do it.

    This is because it does not affect the behavior of other applications or the OS. Of course, this is not the case when the corresponding client is operated as a capture-dedicated machine.

  3. Capture and filter all Ethernet frames (hereinafter also referred to as “traffic”) flowing on a virtual hub (relay node) formed by a server device (hereinafter referred to as “server”) as a relay device. can do.

    Since an ordinary Ethernet switching hub does not have a so-called “bus” structure, only a part of an Ethernet frame flowing on the Ethernet switching hub can be observed at a certain port. Specifically, only broadcast frames, multicast frames, and unicast frames whose transmission source or destination is a client connected to the port can be observed.

    During normal operation, the virtual hub also operates as an Ethernet switching hub, that is, as described above, but the virtual port to which the client is connected (virtual hub is the client by a special instruction from the client attempting to capture). A special mode is prepared for mirroring (or mirroring) all or specified Ethernet frames flowing on the virtual hub. Here, “mirror (or mirroring)” refers to a process of generating a copy of a frame transferred from a place to a place in real time and sending it to a target port or the like.

    As described later, not all the mirrored Ethernet frames flow into the client. When filtering processing is performed, there are some that do not flow to the client.

<First Embodiment>
Here, a method for realizing the proposed function in the form of a wrapper to an existing capture program on the client 1 side will be described. The processing on the virtual hub side is common to all the embodiments, but will be described in detail in the present embodiment in the order of description.

  FIG. 1 is a diagram illustrating a configuration example of a client 1 configuring the network virtualization system according to the present embodiment. FIG. 2 is a diagram illustrating a configuration example of a virtual hub 50 formed by a server device (relay device) configuring the network virtualization system according to the present embodiment. Note that the configuration of the virtual hub 50 shown in FIG. 2 is not unique to the present embodiment, but is common to all the embodiments.

  The client 1 shown in FIG. 1 includes a kernel 10 and a user land 20. The kernel 10 includes a physical network interface 11, a network interface driver 12, an Ethernet layer 13, a TCP / IP 14, a virtual network interface kernel unit (tunnel interface) 15, and a packet capture module 16. On the other hand, the user land 20 includes a virtual network interface user program unit 21, a wrapper program 23, an application program group 29, and the like. The virtual network interface user program unit 21 includes a control module 22 and the like. The wrapper program 23 includes a mode setting module 24, a filter setting module 25, a capture file acquisition module 26, a capture program 27, a capture end module 28, and the like.

  The virtual hub 50 illustrated in FIG. 2 includes a virtual port 51, an Ethernet switching module 52, a filter module 53, a control module 54, a capture data storage unit 55, a capture file providing module 56, and the like corresponding to each client. The virtual hub 50 also forms a virtual Ethernet connection 60 that is a virtual Ethernet cable connected to the virtual network interface of the client 1 (and 2, 3, 4). 2 have the same function as the client 1 shown in FIG.

[Component Overview]
Hereinafter, an outline of each functional element will be described with reference to FIGS. 1 and 2.

1. Client 1 (and 2, 3, 4)
The client 1 is a computer that virtually connects to the virtual hub 50 using an underlay network. In this embodiment, a virtual network interface is implemented by using a tunnel interface mechanism implemented in an OS such as UNIX (registered trademark). FIG. 1 shows a typical protocol stack and module configuration of the client 1.

-Physical network interface 11
The physical network interface 11 is a so-called network interface.

-Network interface driver 12
The network interface driver 12 is software in the OS for operating the network interface.

-Ethernet layer 13
The Ethernet layer 13 is a layer that performs communication using an Ethernet protocol.

-TCP / IP14
The TCP / IP 14 is a layer that performs communication using a transport layer protocol such as IP and TCP or UDP.

-Virtual network interface kernel part (tunnel interface) 15
A virtual network interface kernel unit (tunnel interface) 15 is a tunnel interface implemented in various OSs, and configures a virtual network interface in cooperation with a virtual network interface user program unit 21 described later.

      From the viewpoint of the OS and userland program group, the identification name of the virtual network interface kernel unit (tunnel interface) 15 is the identification name of the virtual network interface.

      That is, in a situation where it is necessary to specify a network interface name, the identification name of the virtual network interface kernel unit (tunnel interface) 15 is used.

-Packet capture module 16
The packet capture module 16 is a packet capture module in the kernel installed in various OSs, and performs Ethernet frame filtering and capture processing according to settings from a capture program 27 described later.

      Normally, the packet capture module 16 filters and captures Ethernet frames at the network interface driver 12 and the Ethernet layer 13 in the kernel.

-Virtual network interface user program unit 21
The virtual network interface user program unit 21 is a userland program that forms a virtual network interface in cooperation with the virtual network interface kernel unit (tunnel interface) 15, an Ethernet processing module (not shown) that processes Ethernet frames, and The control module 22 is configured to exchange control information with the virtual hub 50.

-Trumpet program 23
The wrapper program 23 internally calls a mode setting module 24, a filter setting module 25, a capture file acquisition module 26, a capture program 27, and a capture end module 28, which will be described later, thereby performing filtering and capture processing that are the central part of the present proposal. (It is originally performed by the packet capture module 16 on the client 1) that can be processed on the virtual hub 50 side, and the operator uses this program instead of using the capture program 27 directly. .

      In the wrapper program 23, various designations can be made with parameters regarding the following "virtual network interface", "mirror mode", "filter setting", and "redirect mode".

* Virtual network interface (parameter specification is required)
Specifies the virtual network interface that performs Ethernet frame capture.

* Mirror mode (parameter specification can be omitted)
The mode of the Ethernet switching module 52 of the virtual hub 50 is designated. There are the following three modes (details will be described later).

i. Normal mode (when parameter specification of mirror mode is omitted)
The virtual hub 50 operates as a normal Ethernet switching hub. That is, only broadcast frames, multicast frames, and unicast frames whose destination is a client accommodated in a virtual port to be captured are captured.

ii. Full mirror mode
All traffic of the virtual hub 50 is to be captured.

iii. Partial mirror mode
Traffic between some virtual ports of the virtual hub 50 is set as a capture target.

* Filter setting (parameter specification can be omitted)
Used for filtering to determine the Ethernet frame to be captured.

* Redirect mode (parameter specification can be omitted)
Specify the output destination of capture data. The following modes are available.

i. Normal mode (when parameter specification for redirect mode is omitted)
The output destination of the captured Ethernet frame is the display device.

ii. File save mode
The output destination of the captured Ethernet frame is a file.

iii. File read mode
Actually, the capture process is not performed, and the file stored in the file storage mode is read and output to the display device.

      The operation of each module used by the wrapper program 23 will be described below.

* Mode setting module 24
The mode setting module 24 is called from the wrapper program 23 and sets various modes (mirror mode, redirect mode) of the Ethernet switching module 52 and the virtual port of the virtual hub 50.

* Filter setting module 25
The filter setting module 25 is called from the wrapper program 23 and issues a filter setting instruction on the virtual hub 50.

* Capture file acquisition module 26
The capture file acquisition module 26 is called from the wrapper program 23, acquires (inputs) capture data stored in the capture data storage unit 55 as a file on the file system of the virtual hub 50, and stores it in the local file system F. To do.

        Note that the capture file acquisition module 26 and the capture file provision module 56 of the virtual hub 50 are assumed to be clients and servers of a general file transfer protocol (FTP, SCP, etc.).

* Capture program 27
The capture program 27 is a userland program that is called from the wrapper program 23 and issues a filter setting and capture execution instruction to the packet capture module 16, and is often installed as a standard in various OSs.

* Capture end module 28
The capture end module 28 is called from the wrapper program 23 and issues a cleanup processing instruction to the virtual hub 50.

2. Virtual Hub The virtual hub 50 is software that emulates an Ethernet switching hub. It consists of the following virtual ports and various modules.

-Virtual port 51
This is the end point of the virtual Ethernet connection 60 of the client 1, and corresponds to a port in a normal Ethernet switching hub.

      The virtual port 51 that accommodates a client that executes Ethernet frame capture is particularly referred to as a mirror port.

      The virtual port 51, which is a mirror port, has the following modes.

a) Normal capture mode An Ethernet frame flowing from the Ethernet switching module 52 is sent to the virtual Ethernet connection 60 with the client 1.

b) Redirect mode The Ethernet frame flowing in from the Ethernet switching module 52 and the Ethernet frame from the client are sent to the capture data storage unit 55 (stored in a file).

        If the filter is set by the control module 54, the filtering process is performed via the filter module 53 before sending the Ethernet frame to the virtual Ethernet connection 60 with the client 1 or the capture data storage unit 55. Do.

        However, in order to enable the application program group on the client and the OS to normally receive the Ethernet frame addressed to itself regardless of whether or not the Ethernet frame is captured, the broadcast frame, the multicast frame, and the capture process are performed. The unicast frame for the client being executed is always sent to the client regardless of the filtering and redirection settings according to the request from the client.

-Ethernet switching module 52
This module switches Ethernet frames. Has the following modes:

a) Normal mode Performs the same switching process as a so-called Ethernet switching hub.

b) All mirror mode In response to an instruction from the control module 54, the Ethernet frames transmitted and received by all the virtual ports 51 are copied to the mirror port.

c) Partial mirror mode In response to an instruction from the control module 54, an Ethernet frame transmitted / received at a specific virtual port 51 is copied to a mirror port.

-Filter module 53
Based on the contents of the filter setting by the control module 54, filtering is performed on the Ethernet frame flowing into the corresponding virtual port 51.

-Control module 54
This module exchanges control information with the virtual network interface user program unit 21 of the client using control messages, and controls the behavior of the Ethernet switching module 52, virtual port 51, and filter module 53 based on the contents of the control information. .

-Capture data storage unit 55
This is a storage area for holding capture data filtered by the filter module 53. Generally, an HDD or a flash memory is used, and capture data is stored as a file.

-Capture file provision module 56
In accordance with an instruction from the capture file acquisition module 26 of the client, the designated file is read from the capture data storage unit 55 and transmitted to the client 1.

  As described above, the capture file providing module 56 and the capture file acquisition module 26 of the client 1 are assumed to be a server and a client of a general file transfer protocol (FTP, SCP, etc.).

  Although not shown in the figure, the virtual hub 50 has a network protocol stack (such as TCP / IP) or a physical network that forms the virtual Ethernet connection 60 with the client 1 using an underlay network. It also has a network interface 11.

3. Virtual Ethernet connection 60
It can be considered as a virtual Ethernet cable that connects the virtual hub 50 and the virtual network interface of the client 1 (and 2, 3, 4) through an underlay network.

  The virtual Ethernet connection 60 includes a user data link that carries an Ethernet frame that is user data, and a control link for exchanging control information between the virtual network interface user program unit 21 of the virtual network interface and the virtual hub 50.

  3A and 3B show the format of the request message and the response message used in this embodiment, respectively. The details will be described in the following “[Details of processing]”.

[Process Details]
The details of the processing sequence of each element will be described below with reference to FIGS.

  Here, an example of processing performed between the client 1 and the virtual hub 50 is given.

  While focusing on Ethernet frame filtering and setting related to capture, the client connection method to the virtual hub 50, user data (Ethernet frame) / control data transmission / reception processing, Ethernet frame switching processing, filtering processing, etc. A detailed explanation of what is not the subject of this proposal will be omitted.

  Further, various communication means between the wrapper program 23 and the virtual network interface user program unit 21 in the client are assumed including inter-process communication. However, since this is not the gist of the present proposal, the details are omitted.

1. Start of capture processing by operator The wrapper program 23 is activated on the client 1 by the operation of the operator (step S10 in FIG. 4).

  The virtual network interface, filter setting, redirect mode, and mirror mode can be specified as parameters.

2. Check whether or not file read mode is specified in redirect mode The wrapper program 23 checks whether or not a file read mode is specified in the redirect mode (step S11).

  If not specified, the process proceeds to step S102. If specified, the process proceeds to the following process.

(A) Check for existence of file name The wrapper program 23 checks whether or not a file name is specified (S12 in FIG. 4), and if no file name is specified (No in step S12), processing is performed. Is finished (step S116).

(B) Activation of Capture File Acquisition Module 26 The wrapper program 23 activates the capture file acquisition module 26 using the file name as a parameter (step S13, step S400 in FIG. 7), and waits for its end.

(C) File acquisition by the capture file acquisition module 26 / capture file provision module 56 The capture file acquisition module 26 instructs the capture file provision module 56 of the virtual hub 50 to acquire the file specified from the wrapper program 23 (FIG. 7). Step S401) When the file is acquired, the acquired file is stored in the local file system F (Steps S402 to S403), and the process is terminated (Step S404). On the other hand, the capture file providing module 56 receives a file acquisition request from the capture file acquisition module 26 (steps S700 to S701 in FIG. 7), and if there is a designated file (step S702), captures the file. The file is transferred to the file acquisition module 26 (step S703), and the process is terminated (step S704).

    If the file name is invalid (such as the file does not exist in the capture data storage unit 55 of the virtual hub 50), the capture file acquisition module 26 ends abnormally (NG in step S14, S116 in the figure).

    Note that the capture file acquisition module 26 and the capture file providing module 56 of the virtual hub 50 are assumed to be a general file transfer protocol (FTP, SCP, etc.) client and server, and therefore detailed description thereof is omitted here. To do.

(D) Execution Result Check of Capture File Acquisition Module 26 The wrapper program 23 checks the processing result of the capture file acquisition module 26 and performs the following processing.

When the capture file acquisition module 26 is normally terminated If the filter parameter is specified as the parameter of the file program and the wrapper program 23 (OK in step S14), the capture is performed as a parameter. The program 27 is activated (step S113).

When the capture file acquisition module 26 ends abnormally When the capture file acquisition module 26 ends abnormally (NG in step S14), the process ends (step S116).

3. Checking virtual network interface parameters The wrapper program 23 checks virtual network interface parameters specified by the operator (steps S102 and S103).

When the virtual network interface parameter specification is omitted When the virtual network interface parameter specification is omitted (No in step S102), the process ends (step S116).

When Invalid Virtual Network Interface is Specified If the designated virtual network interface does not exist on the client 1 or is not active (No in S103), the process is terminated (step S116).

When a valid virtual network interface is specified When the specified virtual network interface exists and is active (Yes in S103), this parameter is stored in an internal variable to be passed when the capture program 27 is started, Proceed to step S104.

4. Filter setting (a) Filter parameter check The wrapper program 23 checks the filter parameter specified by the operator (step S104).

When the filter parameter is not specified When the filter parameter is not specified (No in step S104), the process proceeds to step S107.

When the filter parameter is specified When the filter parameter is specified (Yes in step S104), the process proceeds to step S105.

(B) Activation of the filter setting module 25 The wrapper program 23 activates the filter setting module 25 using the filter parameter specified by the operator as a parameter (step S105 in FIG. 4 and step S200 in FIG. 5), and terminates it. wait.

(C) Transmission of filter setting request by the filter setting module 25
i. Filter Check The filter setting module 25 of the client 1 checks the filter parameters passed from the wrapper program 23 (step S201 in FIG. 5). If abnormal (No in step S201), the wrapper program 23 is regarded as an error. Control is returned to and the process is terminated (step 205).

ii. Transmission of filter setting request On the other hand, if normal, a filter setting request is transmitted to the control module 54 of the virtual hub 50 via the control module 22 of the virtual network interface user program unit 21 (step S202). It waits for a filter setting response from the control module 54 (step S203).

        The format of the filter setting request is as shown in FIG. 3A, and the filter setting designated by the wrapper program 23 is set in the filter data portion.

        The filter condition designation method is assumed to be the same as that of a general capture program 27, such as a source / destination MAC address, Ethernet type, source / destination IP address, source / destination port number, upper protocol number, etc. However, the specific contents are not the main point of this proposal, so the details are omitted.

        If a timeout has occurred (Yes in step S203), control is returned to the wrapper program 23 as an error, and the process is terminated (step S205).

(D) Transmission of filter setting and filter setting response by control module 54 of virtual hub 50 When control module 54 of virtual hub 50 receives a filter setting request from control module 22 of client 1 (S600 in FIG. “Filter setting” in S602), the filter data is extracted from the filter setting request, the filter description format is converted as necessary, and then the virtual port 51 accommodating the virtual Ethernet connection 60 with the client 1; That is, the filter is set in the filter module 53 of the mirror port (step S612).

  If the filter setting ends normally, a filter setting response indicating that the processing result is normal is transmitted to the control module 22 of the client 1 (step S613), and the processing ends (step S614). On the other hand, if the filter setting ends abnormally, a filter setting response indicating that the processing result is abnormal is transmitted to the control module 22 of the client 1, and the processing ends.

(E) Reception of filter setting response by filter setting module 25 The filter setting module 25 of the client 1 receives the filter setting response from the control module 54 of the virtual hub 50 via the control module 22 of the virtual network interface user program unit 21. Then (step S204 in FIG. 5), using the processing result as a return value, the control is returned to the wrapper program 23 (step S205), and the processing is terminated.

(F) Execution Result Check of Filter Setting Module 25 The wrapper program 23 checks the return value of the filter setting module 25 (step S106 in FIG. 5) and performs the following processing.

When the filter setting module 25 ends normally When the filter setting module 25 ends normally (OK in step S106), the contents of the specified filter parameter are stored in an internal variable to be passed when the capture program 27 is started, and step S107 is executed. Proceed to

When the filter setting module 25 ends abnormally When the filter setting module 25 ends abnormally (NG in step S106), the process ends (step S116).

5. Virtual Hub Operation Mode Setting The wrapper program 23 checks the mirror mode parameter and the redirect mode parameter (step S107), and performs the following processing.

(A) When the mirror mode parameter (full mirror mode / partial mirror mode) and the redirect mode parameter (file storage mode) are specified (Yes in step S107)
i. Activation of Mode Setting Module 24 The wrapper program 23 activates the mode setting module 24 using the mode setting contents (mirror mode parameters (full mirror mode / partial mirror mode), redirect mode parameters (file storage mode)) as parameters. (Step S108, Step S300 in FIG. 6) and wait for the end.

      In the case of the partial mirror mode, a list of virtual ports 51 for specifying which virtual port 51 is to be mirrored is also required, but if there is no list, it is considered that the full mirror mode has been specified.

ii. Transmission of Mode Setting Request by Mode Setting Module 24 The mode setting module 24 of the client 1 transmits a mode setting request to the control module 54 of the virtual hub 50 via the control module 22 of the virtual network interface user program unit 21. (Step S301 in FIG. 6). The format of the mode setting request is as shown in FIG. 3B, and designates one of the mirror mode types or the file storage mode of the redirect mode. In the partial mirror mode, a list of virtual ports 51 is set, and in the file storage mode, a file name is also set.

      If timed out (Yes in step S302), control is returned to the wrapper program 23 as an error, and the process is terminated (step S304).

iii. Setting of Virtual Hub Mode and Transmission of Mode Setting Response by Control Module 54 of Virtual Hub 50 Upon receiving a mode setting request from control module 22 of client 1 (step in FIG. 9), control module 54 of virtual hub 50 “Mode setting” in S600 to S602), mode information designated from the mode setting request is taken out, and the following processing is performed according to the content.

When All Mirror Mode is Specified When All Mirror Mode is specified (“All Mirrors” in step S603), the Ethernet switching module 52 is set to all mirror mode (steps S605 to S606).

When the partial mirror mode is specified When the partial mirror mode is specified (“partial mirror” in step S603), the Ethernet switching module 52 is set to the partial mirror mode based on the information of the specified virtual port 51. Set. If there is a list of virtual ports 51 ("Yes" in step S604), the corresponding virtual port 51 is set to be mirrored accordingly (step S606), and if there is no list of virtual ports 51 (" None ”), all virtual ports 51 are set to be mirrored (equivalent to all mirror mode) (step S605).

When the file storage mode is specified When the file storage mode is specified (“Yes” in step S608), the virtual port 51 is set to the redirect mode based on the specified file name (step S609). .

  After the above process is completed, a mode setting response is transmitted to the control module 22 of the client 1 (step S610), and the process is terminated (step S614).

iv. Reception of Mode Setting Response by Mode Setting Module 24 When the mode setting module 24 of the client 1 receives the mode setting response from the control module 54 of the virtual hub 50 (step S303 in FIG. 6), the processing result is used as a return value. Control is returned to the wrapper program 23, and the process is terminated (step S304).

v. Execution Result Check of Mode Setting Module 24 The wrapper program 23 checks the return value of the mode setting module 24 (step S109 in FIG. 4) and performs the following processing.

When the mode setting module 24 is normally terminated When the file storage mode is not designated (No in step S110), the process proceeds to step S113. On the other hand, when the file storage mode is designated (Yes in step S110), the process waits for an end instruction from the operator (steps S111 and S112). Thereafter, when there is an end instruction from the operator (Yes in step S112), the process proceeds to step S115.

When Mode Setting Module 24 Ends Abnormally When Mode Setting Module 24 Ends Abnormally (NG in Step S109), the process proceeds to Step S115.

(B) When none of the above is designated When none of the above is designated (No in step S110), the process proceeds to step S113.

6. Activation of Capture Program 27 The wrapper program 23 activates the capture program 27 (step S113).

(A) When the file read mode is designated When the file read mode is designated when starting the capture program 27, the stored filter parameters, the file read mode and the file name are stored. Is used as a parameter to start the capture program 27 (step S113). When the capture program 27 is terminated by the operator (Yes in step S20) or when the file contents are displayed on the display device and terminated, the file reading mode is designated (Yes in S114 in FIG. 4). The wrapper program 23 also ends the process (step S116).

(B) When the file read mode is not specified When the capture program 27 is started, when the file read mode is not specified, the capture program 27 is started using the stored filter parameter as a parameter. (Step S113). When the capture program 27 is terminated by an end instruction from the operator (Yes in step S20) or the like, the file reading mode is not specified (No in S114 in FIG. 4), and the process proceeds to step S115.

7. End Process (a) Activation of Capture End Module 28 The wrapper program 23 starts the capture end module 28 (step S115, step S500 in FIG. 8).

(B) Transmission of capture end request The capture end module 28 transmits a capture end request to the control module 54 of the virtual hub 50 via the control module 22 of the virtual network interface user program unit 21 (step S501 in FIG. 8). ), The control is returned to the wrapper program 23, and the process is terminated (step S502).

(C) Virtual Hub Cleanup Processing When the control module 54 of the virtual hub 50 receives a capture end request from the control module 22 of the client 1 (“capture end” in steps S600 to S602 in FIG. 9), Ethernet switching The module 52 and the virtual port 51 are set to “normal mode”. That is, the settings related to the capture process are cleared (step S611).

(D) End of processing When the capture end module 28 ends, the wrapper program 23 ends its own processing (step S116).

[Concrete example]
Subsequently, details of a specific processing sequence will be described with reference to FIGS. 1, 2, and 4 to 10.

  As shown in FIG. 2, it is assumed that the client 1, the client 2, the client 3, and the client 4 are connected to the virtual hub 50. Of these, it is assumed that an operator using the client 1 wants to capture traffic on the virtual hub 50.

  At this stage, the Ethernet switching module 52 and the virtual port 51 (mirror port) of the virtual hub 50 are operating in the “normal mode”, and the virtual hub 50 performs Ethernet frame switching equivalent to a general Ethernet switching hub. It is assumed that processing is being performed.

  Hereinafter, the operation when various parameters are designated in the wrapper program 23 will be described in detail.

(Specific example 1)
It is assumed that the operator executes the wrapper program 23 with the following parameters specified.

Virtual network interface parameters:
Specifies the virtual network interface of client 1. • Redirect mode parameter:
Omit specification-Filter parameter:
Omitted ・ Mirror mode parameter:
Specification is omitted The operations 1 to 4 when parameters are specified in this way are shown below.

1. Capture setting, start capture ・ Redirect mode (file read mode) setting Not performed.

• Filter setting Not performed.

・ Redirect mode (file save mode, mirror mode) is not set.

Start of the capture program 27 The wrapper program 23 specifies the virtual network interface parameters and starts the capture program 27.

2. Processing by Virtual Hub (a) Switching processing by Ethernet switching module 52 Since the mirror mode is not set, the Ethernet switching module 52 performs normal switching processing. That is, only the broadcast frame, the multicast frame, and the unicast frame for the client 1 are transmitted to the virtual port 51 that accommodates the client 1.

(B) Transmission of Ethernet Frame by Virtual Port 51 Since the filter setting and the redirection mode (file storage mode) are not set, all the Ethernet frames received from the Ethernet switching module 52 are transmitted to the client 1.

3. Processing by Client 1 (a) Processing by Virtual Network Interface The virtual network interface delivers the received Ethernet frame to the application program group and OS according to normal network protocol processing.

(B) Processing by the packet capture module 16 Since the capture program 27 is activated, the packet capture module 16 captures and captures all Ethernet frames received by the virtual network interface user program unit 21 (or virtual network interface kernel unit). Delivered to program 27. All the Ethernet frames transmitted by the client 1 are also captured and delivered to the capture program 27.

(C) Processing by Capture Program 27 When capture data is received from the packet capture module 16, they are converted into a format that can be displayed on the display device and displayed on the display device.

  That is, a broadcast frame, a multicast frame, and a unicast frame for the client 11 are displayed.

  Note that various settings relating to the display format are generally possible, but details are omitted here.

4. Capture end When there is an end instruction (for example, signal transmission to the wrapper program 23) by the operator, the capture end module 28 is called, and the control module 22 of the virtual network interface user program unit 21 and the control module 54 of the virtual hub 50 are set. Then, the Ethernet switching module 52 and the virtual port 51 of the virtual hub 50 are returned to the normal mode.

  Thereafter, the capture program 27 ends the capture process by the packet capture module 16 and ends itself. Finally, the wrapper program 23 is also terminated.

(Specific example 2)
It is assumed that the operator executes the wrapper program 23 with the following parameters specified.

Virtual network interface parameters:
Virtual network interface of client 1 • Redirect mode parameters:
Omit specification-Filter parameter:
Source IP address: IP address of client 3 Destination IP address: IP address of client 4 Captures Ethernet frame that matches the conditions ・ Mirror mode parameter: All mirror mode Operation 1 to 4 when parameters are specified in this way It is shown below.

1. Capture setting, start capture ・ Redirect mode (file read mode) setting Not performed.

Filter setting When the wrapper program 23 calls the filter setting module 25, the filter module 53 of the virtual port 51 of the virtual hub 50 via the control module 22 of the virtual network interface user program unit 21 and the control module 54 of the virtual hub 50. The above filter is set in

Redirection mode (file storage mode, mirror mode) setting When the wrapper program 23 calls the mode setting module 24, the virtual hub is controlled via the control module 22 of the virtual network interface user program unit 21 and the control module 54 of the virtual hub 50. 50 Ethernet switching modules 52 are set to the full mirror mode.

Activation of capture program 27 The wrapper program 23 activates the capture program 27 by specifying the virtual network interface parameters and the filter parameters.

2. Processing by Virtual Hub (a) Switching processing by the Ethernet switching module 52 The Ethernet switching module 52 accommodates all Ethernet frames including the broadcast frame, multicast frame, and unicast frame for the client 1 in the client 1. Send to the virtual port 51.

(B) Transmission of Ethernet Frame by Virtual Port 51 According to the filter setting, an Ethernet frame having the IP address of client 3 as the source IP address and the IP address of client 4 as the destination IP address is transmitted to client 1.

  In addition, since broadcast frames, multicast frames, and unicast frames for the client 1 are not subject to filtering, they are transmitted to the client 1 regardless of the filter settings.

3. Processing by Client 1 (a) Processing by Virtual Network Interface The virtual network interface delivers the received Ethernet frame to the application program group and OS according to normal network protocol processing.

(B) Processing by the packet capture module 16 Since the capture program 27 is activated, the packet capture module 16 captures an Ethernet frame received by the virtual network interface user program unit 21 (or virtual network interface kernel unit) and sets a filter. Accordingly, the Ethernet frame having the IP address of the client 3 as the source IP address and the IP address of the client 4 as the destination IP address is delivered to the capture program 27.

  On the other hand, Ethernet frames other than the above are not delivered to the capture program 27 because they do not match the filter settings, including the Ethernet frames transmitted by the client 1.

(C) Processing by Capture Program 27 When capture data is received from the packet capture module 16, they are converted into a format that can be displayed on the display device and displayed on the display device.

  That is, an Ethernet frame having the IP address of the client 3 as the source IP address and the IP address of the client 4 as the destination IP address is displayed.

4. End of capture Since it is the same as the case of the above (specific example 1), the description is omitted.

(Specific example 3)
It is assumed that the operator executes the wrapper program 23 with the following parameters specified.

Virtual network interface parameters:
Virtual network interface of client 1 • Redirect mode parameters:
Omit specification-Filter parameter:
TCP port number: 20, 21
Capture Ethernet frames that match the conditions ・ Mirror mode parameters:
Partial Mirror Mode The target virtual port is a virtual port that accommodates the client 3 and the client 4. Operations 1 to 4 when parameters are specified in this way are shown below.

1. Capture setting, start capture ・ Redirect mode (file read mode) setting Not performed.

-Filter setting Since it becomes the same as that of the above-mentioned (specific example 2), description is abbreviate | omitted.

Redirection mode (file storage mode, mirror mode) setting When the wrapper program 23 calls the mode setting module 24, the virtual hub is controlled via the control module 22 of the virtual network interface user program unit 21 and the control module 54 of the virtual hub 50. 50 Ethernet switching modules 52 are set to the partial mirror mode for the clients 3 and 4.

Activation of capture program 27 The wrapper program 23 activates the capture program 27 by specifying the virtual network interface parameters and the filter parameters.

2. Processing by Virtual Hub (a) Switching processing by Ethernet switching module 52 The Ethernet switching module 52 is a virtual port that accommodates broadcast frames, multicast frames, unicast frames for the client 1, and clients 3 and 4. The Ethernet frame transmitted / received between 51 is sent to the virtual port 51 accommodating the client 1.

(B) Transmission of Ethernet Frame by Virtual Port 51 According to the filter setting, an Ethernet frame having a TCP port number of 20 or 21 is transmitted to the client 1.

  In addition, since broadcast frames, multicast frames, and unicast frames for the client 1 are not subject to filtering, they are transmitted to the client 1 regardless of the filter settings.

3. Processing by Client 1 (a) Processing by Virtual Network Interface The virtual network interface delivers the received Ethernet frame to the application program group and OS according to normal network protocol processing.

(B) Processing by the packet capture module 16 Since the capture program 27 is activated, the packet capture module 16 captures an Ethernet frame received by the virtual network interface user program unit 21 (or virtual network interface kernel unit) and sets a filter. Accordingly, the Ethernet frame whose TCP port number is 20 or 21 is delivered to the capture program 27.

  On the other hand, Ethernet frames other than the above are not delivered to the capture program 27 because they do not match the filter settings, including Ethernet frames whose IP addresses are the clients 3 and 4 and Ethernet frames transmitted by the client 1.

(C) Processing by Capture Program 27 When capture data is received from the packet capture module 16, they are converted into a format that can be displayed on the display device and displayed on the display device.

  That is, an Ethernet frame having a TCP port number of 20 or 21 is displayed.

4. End of capture Since it is the same as the case of the above (specific example 1), the description is omitted.

(Specific example 4)
It is assumed that the operator executes the wrapper program 23 with the following parameters specified.

Virtual network interface parameters:
Virtual network interface of client 1 • Redirect mode parameters:
File save mode File name: capturehttp.dat
-Filter parameters:
TCP port number: 80
Capture Ethernet frames that match the conditions ・ Mirror mode parameters:
All Mirror Modes Target virtual port is all virtual ports Operations 1 to 4 when parameters are specified in this way are shown below.

1. Capture setting, capture start ・ Redirect mode (file read mode) setting Not performed.

-Filter setting Since it becomes the same as that of the above-mentioned (specific example 2), description is abbreviate | omitted.

Redirect mode (file storage mode, mirror mode) setting When the wrapper program 23 calls the mode setting module 24, the virtual hub is controlled via the control module 22 of the virtual network interface user program unit 21 and the control module 54 of the virtual hub 50. The 50 Ethernet switching modules 52 are set to the full mirror mode, and the virtual port 51 is set to the file storage mode (file name capturehttp.dat).

Activation of capture program 27 The wrapper program 23 activates the capture program 27 by designating the virtual network interface parameters, the filter parameters, and the file storage mode.

2. Processing by Virtual Hub (a) Switching processing by Ethernet switching module 52 The Ethernet switching module 52 accommodates all the Ethernet frames including the broadcast frame, the multicast frame, and the unicast frame for the client 1 in the client 1. Send to the virtual port 51.

(B) Transmission of Ethernet frame by virtual port 51 According to the filter setting, an Ethernet frame having a TCP port number of 80 is transmitted to the capture data storage unit 55 (stored in the file capturehttp.dat).

  In addition, the broadcast frame, the multicast frame, and the unicast frame for the client 1 are transmitted to the client 1 regardless of the filter setting and the file storage mode setting.

3. Processing by Client 1 (a) Processing by Virtual Network Interface The virtual network interface delivers the received Ethernet frame to the application program group and OS according to normal network protocol processing.

(B) Processing by the packet capture module 16 Since the capture program 27 is not activated, no capture processing is performed.

4. Capture end When there is an end instruction (for example, signal transmission to the wrapper program 23) by the operator, the capture end module 28 is called, and the control module 22 of the virtual network interface user program unit 21 and the control module 54 of the virtual hub 50 are set. Then, the Ethernet switching module 52 and the virtual port 51 of the virtual hub 50 are returned to the normal mode.

  Thereafter, the wrapper program 23 is also terminated.

(Specific example 5)
It is assumed that the operator executes the wrapper program 23 with the following parameters specified.

Virtual network interface parameters:
Virtual network interface of client 1 • Redirect mode parameters:
File read mode File name: capturehttp.dat
-Filter parameters:
Omitted ・ Mirror mode parameter:
Specification is omitted The operations 1 to 4 when parameters are specified in this way are shown below.

1. Capture setting, capture start ・ Redirect mode (file read mode) setting When the wrapper program 23 calls the capture file acquisition module 26, the file capturehttp.dat is acquired via the capture file providing module 56 of the virtual hub 50. To the local file system F.

• Filter setting Not performed.

・ Redirect mode (file save mode, mirror mode) is not set.

Start of the capture program 27 The wrapper program 23 starts the capture program 27 by specifying the virtual network interface parameters, the file read mode, and the file name.

2. Processing by Virtual Hub (a) Processing by Capture File Providing Module 56 As described above, the file capturehttp.dat is transferred from the virtual hub 50 to the client 1 in cooperation with the capture file acquisition module 26 of the client 1.

3. Processing by Client 1 (a) Processing by Virtual Network Interface The virtual network interface delivers the received Ethernet frame to the application program group and OS according to normal network protocol processing.

(B) Processing by the packet capture module 16 Since the capture program 27 is activated in the file read mode, capture processing is not performed.

(C) Processing by the capture program 27 When the capture data is read from the file capturehttp.dat, it is converted into a format that can be displayed on the display device and displayed on the display device.

4. End of capture When the operator gives an end instruction (for example, signal transmission to the wrapper program 23), the wrapper program 23 ends.

  As described above, according to the first embodiment, filtering processing for frames is performed in advance on the virtual hub side, so that inflow of frames that are not to be captured from the virtual hub to the client is prevented, and the frame is transferred to the underlay network. Unnecessary load can be reduced.

<Second Embodiment>
Next, a second embodiment of the present invention will be described.

Here, on the client 1 side, the following function modules are called by the wrapper program 23 shown in the first embodiment.
-Mode setting module 24
-Filter setting module 25
Capture file acquisition module 26
Capture end module 28
A method for realizing the proposed function by calling the virtual network interface user program unit 21 or the capture program 27 will be described.

  Since the basic functions are the same as those in the first embodiment, only different parts of this embodiment and the first embodiment will be described here (the processing on the virtual hub 50 side is exactly the same).

  Hereinafter, with reference to FIG. 11, portions of the respective functional elements that are different from the first embodiment will be described. In addition, the same code | symbol is attached | subjected to the element which is common in 1st Embodiment. In FIG. 11, a line indicating information exchange with the virtual hub 50 is omitted. Here, a part of the description that overlaps with the first embodiment, in particular, a request between modules, a response, and the like is partially omitted.

·client
-Capture program 27
In addition to the normal functions described in the first embodiment, a redirect mode (file storage mode, file read mode) and mirror mode (full mirror mode, partial mirror mode) can be specified as parameters.

    When the redirect mode (file read mode) is specified, the capture program 27 acquires the file on the virtual hub 50 by calling the capture file acquisition module 26, saves the file in the local file system F, and then the file is stored. To process its own file reading mode.

    When the redirect mode (file save mode) or mirror mode (full mirror mode, partial mirror mode) is specified, the packet capture module is notified by means similar to the filter setting instruction (system call or command such as ioctl). 16 is instructed.

    Further, when the redirect mode (file storage mode) is designated, the own file storage processing is not performed.

-Packet capture module 16
In addition to the functions shown in the first embodiment, from the capture program 27
* Redirect mode (file save mode)
* Mirror mode (full mirror mode, partial mirror mode)
When receiving the filter setting instruction, the process waiting for the virtual network interface kernel unit, in this case, the virtual network interface user program unit 21 is woken up using these instructions as parameters.

    Further, when receiving an end instruction (signal or the like) from the operator, the capture program 27 ends. At the time of the end process of the packet capture module 16 associated therewith, the virtual network interface user program unit 21 is activated using the capture process end instruction as a parameter ( wakeup).

-Virtual network interface user program unit 21 (control module 22)
When the virtual network interface kernel unit sleeps and is activated, the mode setting module 24 and the filter setting module are based on the above instruction notified from the capture program 27 via the packet capture module 16. 25. Call (start) the capture end module 28. The process in this case corresponds to steps S104 to S110 and S114 to S115 in FIG.

  As described above, according to the second embodiment, functions equivalent to those in the first embodiment can be realized without using the wrapper program 23.

<Third Embodiment>
Next, a third embodiment of the present invention will be described.

  In the first embodiment and the second embodiment, the processing in the case where the virtual network interface is implemented using the mechanism of the tunnel interface implemented in the OS such as UNIX has been described. This third embodiment Now, processing when a virtual network interface is implemented using an IP tunneling mechanism in the OS as shown in FIG. 12 will be described. In addition, the same code | symbol is attached | subjected to the element which is common in 1st Embodiment and 2nd Embodiment. In FIG. 12, a line indicating information exchange with the virtual hub 50 is not shown. Here, the description overlapping with the first embodiment and the second embodiment, in particular, the description of requests and responses between modules is partially omitted.

  On the kernel 10 side, a physical network interface 11, a driver 12, an Ethernet layer 13A, an Ethernet layer 13B, an IP (inner IP) 14A, an IP (outer IP) 14B, a TCP / UDP 14C, and a pseudo network interface 30 are formed. In order to help conceptual understanding, the Ethernet layer 13A and the Ethernet layer 13B, or the IP (inner IP) 14A and the IP (outer IP) 14B are illustrated as separate function modules. A single Ethernet layer and an IP layer are implemented inside, and these are used twice depending on the protocol stack settings and the contents of the transmitted and received frames. It will be considered in the stack.

  When IP tunneling is used, most of the processing is performed in the OS (kernel). In this case, by performing the following, it is equivalent to the first embodiment and the second embodiment. This function can be realized.

  The mode setting module 24, the filter setting module 25, and the capture end module 28 are mounted as kernel threads (a process not having a user mode). On the other hand, the capture file acquisition module 26 is mounted on the user land and is directly called by the capture program 27 as in the second embodiment.

  The packet capture module 16 that has received an instruction from the capture program 27 issues various instructions to the pseudo network interface 30 in the kernel.

  The pseudo network interface 30 in the kernel calls (starts) the kernel thread (mode setting module 24, filter setting module 25, capture end module 28) in accordance with an instruction from the packet capture module 16 (capture program 27).

  As described above, according to the third embodiment, functions equivalent to those in the first embodiment and the second embodiment can be realized by using the mechanism of IP tunneling.

  The client 1 (and 2, 3, 4) and the virtual hub 50 described in each embodiment can be widely applied to the management of the corporate network, the remote maintenance of the customer network, the efficiency of the work at the system development site, and the like. is there.

  Various processing procedures according to the present invention described in the above-described embodiments are stored in a storage medium (for example, a magnetic disk, an optical disk, or a semiconductor memory) that can be read by a computer (information processing apparatus) as a computer program. In response to this, it may be read and executed by the processor. Such a computer program can also be distributed by transmitting from one computer to another computer via a communication medium.

  The present invention is not limited to the above-described embodiments as they are, and can be embodied by modifying the constituent elements without departing from the scope of the invention in the implementation stage. In addition, various inventions can be formed by appropriately combining a plurality of constituent elements disclosed in the embodiment. For example, some components may be deleted from all the components shown in the embodiment. Furthermore, constituent elements over different embodiments may be appropriately combined.

The figure which shows the structural example of the client 1 which comprises the network virtualization system which concerns on the 1st Embodiment of this invention. The figure which shows the structural example of the virtual hub 50 formed by the server apparatus (relay apparatus) which comprises the network virtualization system which concerns on the embodiment. The figure which shows the request / response message format which concerns on the same embodiment. The figure which shows the process sequence of the wrapper program 23 which concerns on the same embodiment. The figure which shows the process sequence of the filter setting module 25 which concerns on the same embodiment. The figure which shows the process sequence of the mode setting module 24 which concerns on the embodiment. 4 is a diagram showing a processing sequence of a capture file acquisition module 26 according to the embodiment. FIG. The figure which shows the process sequence of the capture end module 28 which concerns on the same embodiment. The figure which shows the process sequence of the control module 54 of the virtual hub 50 concerning the embodiment. The figure which shows the process sequence of the capture file provision module 56 which concerns on the embodiment. The figure which shows the structure of the client 1 which concerns on the 2nd Embodiment of this invention. The figure which shows the structure of the client 1 which concerns on the 3rd Embodiment of this invention. The figure which shows the general structure of virtual Ethernet.

Explanation of symbols

  1, 2, 3, 4 ... client, 10 ... kernel, 11 ... physical network interface, 12 ... network interface driver, 13 ... Ethernet layer, 14 ... TCP / IP, 15 ... virtual network interface kernel section (tunnel interface), 16 ... Packet capture module, 20 ... User land, 21 ... Virtual network interface user program section, 22 ... Control module, 23 ... Wrapper program, 24 ... Mode setting module, 25 ... Filter setting module, 26 ... Capture file acquisition module, 27 ... Capture program 28 ... Capture end module 29 ... Application program group 30 ... Pseudo network interface 50 ... Virtual hub 51 ... Virtual port 2 ... Ethernet switching module, 53 ... Filter module, 54 ... Control module, 55 ... Capture data storage unit, 56 ... Capture file providing module, 60 ... Virtual Ethernet connection, 150 ... Underlay network, 151 ... Virtual hub, 152 ... Virtual Network interface 153 ... Client, 154 ... Virtual Ethernet, 155 ... Server, 155 ... Network virtualization device, 156 ... Firewall, 157 ... Router, 160 ... Internal network, 161 ... External network.

Claims (6)

In a network virtualization system comprising a relay device that forms a virtual hub by software, and a plurality of client terminals that perform virtual network communication via the virtual hub,
At least one client terminal includes first capture processing means for performing data capture processing, and the first capture processing means includes:
Means for outputting the result of the capture process to a display device;
Means for enabling setting of a mode for outputting capture data stored in a storage area of the client terminal to a display device without performing the capture process;
Means for enabling setting of a mode for acquiring capture data stored in the storage area of the virtual hub without acquiring capture data stored in the storage area of the client terminal;
The client terminal includes processing request means for making a request for data capture processing to the virtual hub, and the processing request means includes:
Means for enabling setting of a mode for mirroring traffic between all ports other than the port accommodating the client terminal or a part of the ports on the virtual hub to a port accommodating the client terminal;
Means for enabling setting of a filter setting for a frame and filtering based on the setting at a port accommodating the client terminal on the virtual hub;
Means for enabling setting of a mode for performing redirection to be stored in the storage area of the virtual hub without sending capture data to the client terminal at a port accommodating the client terminal on the virtual hub;
It is possible to set a mode in which capture data that has already been captured and stored in the storage area of the virtual hub is transmitted to the client terminal without performing capture processing at the port that accommodates the client terminal on the virtual hub. And means for
The virtual hub includes a second capture processing unit that performs a capture process in response to a request from an arbitrary client terminal, and the second capture processing unit includes:
Means for mirroring traffic between all other ports or between some ports to the port containing the requesting client terminal;
Means for performing a filter setting on a frame before sending to the requesting client terminal at a port accommodating the requesting client terminal or a frame before saving in the storage area of the virtual hub, and filtering based on the setting; ,
Means for sending capture data to the requesting client terminal at the port accommodating the requesting client terminal;
Means for performing a redirect to store in the storage area of the virtual hub without sending capture data to the requesting client terminal at a port accommodating the requesting client terminal;
For traffic that flows into the virtual hub from the port that accommodates the requesting client terminal, it is excluded from capture processing unless it is redirected to save the capture data in the storage area of the virtual hub. Means,
Means for transmitting captured data already captured and stored in the storage area of the virtual hub to the requesting client terminal;
Means for transmitting, to the requesting client terminal, unicast frames, broadcast frames, and multicast frames addressed to the requesting client terminal regardless of the filtering or redirection setting requested by the requesting client terminal. A network virtualization system characterized by The network virtualization system according to claim 1,
A virtual network interface for performing the virtual network communication is realized by a tunnel interface provided in a kernel of the client terminal and a virtual network interface user program unit provided in a user land of the client terminal,
By the program group provided in the user land of the client terminal, the filtering, the mirroring, the redirect settings and the cancellation requests for the virtual hub are stored in the storage area of the virtual hub. Capture data acquisition is realized,
The program group is called by a wrapper program provided in the userland,
The wrapper program is
Start up the program group, determine whether to end the process according to the result of the operation of the program group, and whether to start a capture program for setting and instructing capture processing in the client terminal Means for making a judgment of
Means for starting the capture program using a parameter obtained as a result of the filter setting or a parameter designated by an operator when starting the capture program;
Means for activating a predetermined end program for canceling each setting on the virtual hub, canceling the setting on the virtual hub, and ending the capture program when there is an end instruction from an operator; A network virtualization system comprising: The network virtualization system according to claim 1,
A virtual network interface for performing the virtual network communication is realized by a tunnel interface provided in a kernel of the client terminal and a virtual network interface user program unit provided in a user land of the client terminal,
By the program group provided in the user land of the client terminal, the filtering, the mirroring, the redirect settings and the cancellation requests for the virtual hub are stored in the storage area of the virtual hub. Capture data acquisition is realized,
The userland is provided with a capture program for setting and instructing capture processing at the client terminal, and a virtual network interface user program unit constituting the virtual network interface, and the kernel is provided with the client terminal. A packet capture module that performs the capture process of
The capture program is
Means for enabling specification of a parameter for performing the mirroring setting or the redirect setting on the virtual hub at startup;
When a parameter for performing the mirroring setting or the redirect setting is designated, means for transmitting the parameter to the packet capture module;
Means for acquiring capture data stored in a storage area of the virtual hub through a predetermined program provided in the userland;
When redirection to be stored in the storage area of the virtual hub is set, the storage unit of the client terminal to suppress storage processing,
The packet capture module
When receiving the mirroring setting, the redirect setting, or the filter setting from the capture program, the virtual network interface user program unit waiting for the tunnel interface is notified of the transmitted parameter. Means to start using,
Means for starting the virtual network interface user program unit waiting for the tunnel interface, using the parameter as a parameter when the capture program is terminated,
The virtual network interface user program unit is:
A network virtualization system comprising: means for activating the program group based on parameters passed from the packet capture module when the tunnel interface is activated after waiting. The network virtualization system according to claim 1,
A virtual network interface for performing the virtual network communication is realized by a pseudo network interface provided in a kernel of the client terminal and an IP tunneling mechanism,
By the kernel thread of the client terminal, the filtering, the mirroring, the redirection settings and the cancellation of the settings for the virtual hub are realized. On the other hand, by the program group provided in the user land of the client terminal, Acquisition of capture data stored in the storage area of the virtual hub is realized,
The userland includes a capture program for setting and instructing capture processing at the client terminal, and the kernel includes a packet capture module that executes capture processing at the client terminal and the virtual network communication. And a pseudo network interface that realizes a virtual network interface for performing,
The capture program is
Means for enabling specification of a parameter for performing the mirroring setting or the redirect setting on the virtual hub at startup;
When a parameter for performing the mirroring setting or the redirect setting is designated, means for transmitting the parameter to the packet capture module;
Means for acquiring capture data stored in a storage area of the virtual hub through a predetermined program provided in the userland;
When redirection to be stored in the storage area of the virtual hub is set, the storage unit of the client terminal to suppress storage processing,
The packet capture module
Means for transmitting the mirroring setting, the redirect setting, or the filter setting from the capture program to the pseudo network interface;
When the packet capture module is completed, means for notifying the pseudo network interface to that effect,
The pseudo network interface is:
A network virtualization system comprising: means for starting the kernel thread when receiving the mirroring setting, the redirect setting, or the completion of the filter setting from the capture program. In a relay device that forms a virtual hub by software and performs a capture process in response to a request from any client terminal among a plurality of client terminals that perform virtual network communication via the virtual hub,
Means for mirroring traffic between all other ports or between some ports to the port containing the requesting client terminal;
Means for performing filter setting on a frame before sending to the requesting client terminal or a frame before saving in the storage area of the virtual hub and filtering based on the setting at the port accommodating the requesting client terminal; ,
Means for sending capture data to the requesting client terminal at the port accommodating the requesting client terminal;
Means for performing a redirect to store in the storage area of the virtual hub without sending capture data to the requesting client terminal at a port accommodating the requesting client terminal;
For traffic that flows into the virtual hub from the port that accommodates the requesting client terminal, it is not subject to capture processing unless it is redirected to save the capture data in the storage area of the virtual hub. Means,
Means for transmitting captured data already captured and stored in the storage area of the virtual hub to the requesting client terminal;
Means for transmitting to the requesting client terminal a unicast frame, broadcast frame, or multicast frame addressed to the requesting client terminal, regardless of the filtering or redirection setting requested by the requesting client terminal. A relay device characterized by A program applied to a relay device that forms a virtual hub by software and performs a capture process in response to a request from an arbitrary client terminal among a plurality of client terminals that perform virtual network communication via the virtual hub. And
A function that mirrors traffic between all other ports or between some ports to the port that houses the requesting client terminal;
A function for performing filter setting and filtering based on the frame before sending to the requesting client terminal or the frame before saving in the storage area of the virtual hub at the port accommodating the requesting client terminal; ,
A function for sending capture data to the requesting client terminal at the port that accommodates the requesting client terminal;
A function for performing a redirect to save the captured data in the storage area of the virtual hub without sending the capture data to the requesting client terminal at a port accommodating the requesting client terminal;
For traffic that flows into the virtual hub from the port that accommodates the requesting client terminal, it is not subject to capture processing unless it is redirected to save the capture data in the storage area of the virtual hub. Function and
A function of transmitting captured data already captured and stored in the storage area of the virtual hub to the requesting client terminal;
A computer that can send unicast frames, broadcast frames, and multicast frames addressed to the requesting client terminal to the requesting client terminal regardless of the filtering or redirection settings requested by the requesting client terminal. A program characterized by letting

Images