Network system and network flow tracing method

US 9,313,128 B2
Filed: 12/08/2011
Issued: 04/12/2016
Est. Priority Date: 02/17/2011
Status: Active Grant

First Claim

Patent Images

1. A network system, comprising:

a switch having a function to process a reception packet based on a set entry of a flow table;

a controller having a function to receive an inquiry of the packet from said switch, and to set the entry defining a rule and an operation to uniformly control packets to said flow table of said switch;

an encapsulating module having a function to receive the packet from at least one of said switch and said controller and to encapsulate the packet by using a same header as a header of the packet; and

a header translating unit having a function to receive a packet from said switch, to translate a first header data of a head of the received packet into a second header data thereof, and to transfer to another switch,wherein said encapsulating module has a function to receive a packet to which the first header data before translation and the second header data after the translation are given, when the encapsulated packet is transferred through said header translating unit, and to notify a set of the first header data before the translation and the second header data after the translation to said controller.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a flow-based network such as an open flow network system, even when a network appliance such as NAT and NAPT for translating a packet header is passed through, a correspondence relation of two flows before and after the passing can be grasped to make it possible to trace the flow in end-to-end. Specifically, a packet is encapsulated in a switch (or in a controller requested from the switch). By encapsulating by using the same header as a current header, two kinds of headers before the translation and after the translation are attached to the packet after the packet phases through the network appliance.

17 Citations

View as Search Results

18 Claims

1. A network system, comprising:
- a switch having a function to process a reception packet based on a set entry of a flow table;
  
  a controller having a function to receive an inquiry of the packet from said switch, and to set the entry defining a rule and an operation to uniformly control packets to said flow table of said switch;
  
  an encapsulating module having a function to receive the packet from at least one of said switch and said controller and to encapsulate the packet by using a same header as a header of the packet; and
  
  a header translating unit having a function to receive a packet from said switch, to translate a first header data of a head of the received packet into a second header data thereof, and to transfer to another switch,wherein said encapsulating module has a function to receive a packet to which the first header data before translation and the second header data after the translation are given, when the encapsulated packet is transferred through said header translating unit, and to notify a set of the first header data before the translation and the second header data after the translation to said controller.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The network system according to claim 1, wherein said encapsulating module further has:
    - a function to check whether or not a packet received by said switch is an encapsulated packet;
      
      a function to duplicate header data of the packet, to give the duplicated header data to the reception packet to encapsulate and to hand to said switch, and to notify a set of header data at a head of the encapsulated packet and header data of an original packet to said controller as header translation data, in case of being the encapsulated packet; and
      
      a function to translate the encapsulated packet to a packet to which only the header data at the head is given, and to hand to said switch.
  - 3. The network system according to claim 1, wherein the controller controls communication to said switch by a flow.
  - 4. The network system according to claim 1, wherein the encapsulating module encapsulates the packet such that a target flow is unchanged.
  - 5. The network system according to claim 1, wherein the encapsulating module encapsulates the packet such that when the packet passes through a network appliance for changing the header of the packet, a corresponding relation of a flow before and after passing through the network appliance is determined.
  - 6. The network system according to claim 1, wherein the controller comprises a C/U (control plane/user plane) separation type network system in which a node unit is controlled from an external control unit.
  - 7. The network system according to claim 1, wherein only the header of the packet given by the encapsulation is translated and translation data is acquired by comparing with the header of the packet before the translation.

8. A computer which has a function as an encapsulating module, the computer comprising:
- means for receiving a packet from at least one of a switch which has a function to process a reception packet based on a set entry of a flow table, and a controller which has a function to receive an inquiry of the packet from said switch, and to set the entry defining a rule and an operation to uniformly control packets to said flow table of said switch;
  
  means for encapsulating the packet by using a same header as a header of the packet; and
  
  means for receiving a packet to which first header data before translation and second header data after the translation are given, when the encapsulated packet is transferred through header translating means, and for notifying a set of the first header data before the translation and the second header data after the translation.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The computer according to claim 8, wherein said computer further comprises:
    - means for checking whether or not the reception packet is an encapsulated packet;
      
      means for duplicating header data of the packet, for giving the duplicated header data to the reception packet to encapsulate and to hand to said switch, and for notifying a set of header data at a head of the encapsulated packet and header data of an original packet to said controller as header translation data, in case of being the encapsulated packet; and
      
      means for translating the encapsulated packet to a packet to which only the header data at the head is given.
  - 10. The computer according to claim 9, wherein the controller controls communication to said switch by a flow.
  - 11. The computer according to claim 8, wherein the controller controls communication to said switch by a flow.
  - 12. The computer according to claim 8, wherein the means for encapsulating encapsulates the packet such that when the packet passes through a network appliance for changing the header of the packet, a corresponding relation of a flow before and after passing through the network appliance is determined.
  - 13. The computer according to claim 8, wherein the means for encapsulating encapsulates the packet such that a target flow is unchanged.

14. A network flow tracing method, comprising:
- processing a reception packet based on a set entry of a flow table in a switch;
  
  receiving an inquiry of the packet from said switch, and setting the entry defining a rule and an operation to uniformly control packets to said flow table of said switch, in a controller;
  
  receiving the packet from at least one of said switch and said controller and encapsulating the packet by using a same header as a header of the packet, in an encapsulating module; and
  
  receiving a packet from said switch, to translate a first header data of a head of the received packet into a second header data thereof, and to transfer to another switch,wherein said encapsulating module has a function to receive a packet to which the first header data before translation and the second header data after the translation are given, when the encapsulated packet is transferred, and to notify a set of the first header data before the translation and the second header data after the translation to said controller.
- View Dependent Claims (15, 16)
- - 15. The method according to claim 14, wherein the controller controls communication to said switch by a flow.
  - 16. The method according to claim 14, wherein the controller comprises a C/U (control plane/user plane) separation type network system in which a node unit is controlled from an external control unit.

17. A non-transitory storage medium which stores a program for making a computer which has a function as an encapsulating module, executing:
- receiving a packet from at least one of a switch which has a function to process a reception packet based on a set entry of a flow table, and a controller which has a function to receive an inquiry of the packet from said switch, and to set the entry defining a rule and an operation to uniformly control packets to said flow table of said switch;
  
  encapsulating the packet by using a same header as a header of the packet, in an encapsulating module; and
  
  receiving a packet from said switch, to translate a first header data of a head of the received packet into a second header data thereof, and to transfer to another switch,wherein said encapsulating module has a function to receive a packet to which the first header data before translation and the second header data after the translation are given, when the encapsulated packet is transferred, and to notify a set of the first header data before the translation and the second header data after the translation to said controller.
- View Dependent Claims (18)
- - 18. The non-transitory storage medium according to claim 17, wherein the controller controls communication to said switch by a flow, andwherein the controller comprises a C/U (control plane/user plane) separation type network system in which a node unit is controlled from an external control unit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
IP Wave Pte. Ltd.
Original Assignee
NEC Corporation
Inventors
Morimoto, Masaharu
Primary Examiner(s)
Rinehart, Mark
Assistant Examiner(s)
Onamuti, Gbemileke

Application Number

US13/983,001
Publication Number

US 20130315248A1
Time in Patent Office

1,587 Days
Field of Search

370/382, 370/389, 370/466
US Class Current

1/1
CPC Class Codes

H04L 12/413   with random access, e.g. ca...

H04L 12/4633   Interconnection of networks...

H04L 43/026   using flow identification

H04L 43/20   the monitoring system or th...

H04L 45/745   Address table lookup; Addre...

H04L 49/3009   Header conversion, routing ...

H04L 69/22   Parsing or analysis of headers

Network system and network flow tracing method

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

17 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Network system and network flow tracing method

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links