This invention generally relates to a communication apparatus and particularly relates to a communication apparatus for providing communication services.
In cloud computing (hereinafter, abbreviated as cloud), a server in a data center is accessed from remote sites; accordingly, a network among the sites and the data center is requisite. In many cases, the network used in the cloud for consumers is the Internet and the network used in the cloud for businesses is a virtual network system including VPNs (Virtual Private Networks) in view of security and network performance.
For a plurality of virtual networks to coexist in a single physical network, a system ensuring independencies of the virtual networks is necessary.
Network operators use wide area Ethernet employing a technology called extended VLAN tagging (VLAN stands for Virtual Local Area Network) or provider bridging (802.1Q-in-802.1Q, Q-in-Q, double tagging) standardized by IEEE 802.1ad to achieve the independencies of virtual networks. As to the extended VLAN tagging, refer to The Evolution of Carrier Ethernet Services—Requirements and Deployment Case Studies, Luyuan Fang et al., IEEE Communications Magazine, March, 2008, pp. 69-76.
The extended VLAN tagging is a technology that adds another VLAN tag to a VLAN tagged Ethernet Frame to make communications.
The VLAN tag of an Ethernet Frame which is added on the outer side of the Ethernet Frame is called STAG (Service TAG). The network apparatuses for extended VLAN tagged communication identify virtual networks for individual companies (tenants) by S-VLANs identified by STAGs to distribute Ethernet Frames to the individual virtual networks.
The VLAN tag of an Ethernet Frame which is added on the inner side than the STAG (on the payload-side of the Ethernet Frame) is called CTAG (Customer TAG). The network apparatuses for extended VLAN tagged communication identify individual networks in a company (tenant) by C-VLANs identified by CTAGs to distribute Ethernet Frames to individual office networks.
As described above, the extended VLAN tagged communication can be assured of independencies of networks among tenants and in each tenant by the STAG and the CTAG.
In the meanwhile, a network operator uses a system called appliance (network appliance) specialized for a specific function to provide the tenants with a cloud communication service. Examples of the appliance include a WOC (Wide Area Network Optimization Controller) or a WAN accelerator for improving the communication speed between data centers or sites, an IDS/IPS (Intrusion Detection System/Intrusion Protection System) or a FW (FireWall) for detecting or blocking an abnormal communication, and a session load balancer. The functions of these systems can improve the communication function and communication performance of the cloud. Accordingly, in the following description, cloud communication services having these functions are generally called communication services for convenience.
The appliances for providing communication services include quite a number of appliances which do not support network virtualization. For this reason, it is common to install such appliances in a site of a company or a data center logically configured to be private within a company.
However, for a network operator to provide a plurality of companies (tenants) with a communication service as one of the cloud functions, it is expected that appliances be installed in a shared apparatus having a function of a gateway in a switching office or a data center of the network operator. The network operator is required to configure the appliances for different virtual networks of individual companies (tenants).
Since the appliances are usually expensive, the installation cost and the operation cost are significantly elevated if the network operator installs as many appliances as the virtual networks. Accordingly, it is not practical to install appliances as many as virtual networks.
In view of the situation, sharing appliances among a plurality of virtual networks has been demanded and proposed for a network system accommodating a plurality of virtual networks (for example, refer to JP 2011-211502 A).
JP 2011-211502 A provides a solution: A network system includes an appliance, a switch and an administrative computer. The administrative computer includes a conversion policy table and each conversion entry indicates a correspondence relationship between pre-conversion packet identification information and post-conversion packet identification information. The pre-conversion packet identification information includes an identifier of a virtual network to which a packet belongs. The post-conversion packet identification information is set so as not to overlap between different virtual networks. The appliance includes a processing rule table. The switch includes a transfer table. The administrative computer sets the transfer table of the switch in such a way that packet identification information of a reception packet matching pre-conversion packet identification information is rewritten into post-conversion packet identification information. Furthermore, the administrative computer sets a match condition for the processing rule table of the appliance to the post-conversion packet identification information.
In the meanwhile, there have been proposed techniques to apply server virtualization technology to a network, or techniques to provide a communication service as one virtual machine using virtualization software (for example, refer to US 2010/0146074 A).
US 2010/0146074 A provides a means for providing a WAN optimization service, which is a kind of communication service, using virtualization software: In one example embodiment, an apparatus may include a first virtual machine provided on a first local device of a plurality of local devices, wherein a portion of resources of the first local device are allocated to the first virtual machine. A virtualization software switch may be provided on the first local device, configured to forward or redirect at least some traffic from the first local device to a WAN (Wide Area Network) optimization virtual appliance, the WAN optimization virtual appliance including at least the first virtual machine, a second virtual machine on a second local device of the plurality of local devices, and a distributed WAN optimization application running at least on the first and second virtual machines.