1. Field of the Invention
The present invention relates to a network fault detection apparatus and network fault detection method for detecting faults occurring in a network, and in particular relates to a network fault detection apparatus and network fault detection method for detection of L2 (layer 2) loops by a L3 (layer 3) bridge connection.
2. Description of the Related Art
A relay device called a layer 2 (L2) switch, which is used to configure a LAN or other network, is one type of network relay device, and has functions to judge the destination of a packet using the data of the data link layer (second layer) in the OSI Reference Model and route the packet. The data link layer protocol includes MAC (Media Access Control) addressing in Ethernet (a registered trademark) and other networks; an Ethernet (a registered trademark) relay device which examines the MAC address and determines the data destination is called a switching hub. Because the IP, TCP, HTTP and other protocols are positioned in the network layer (third layer) and above, a layer 2 switch is capable of packet routing even when the third layer (layer 3) or higher protocols are different.
In a network in which a plurality of terminals are connected by a layer 2 switch, a fault called a layer 2 loop may occur over the entire network as a result of erroneous cable connection, a layer 2 switch malfunction, or for other reasons. Occurrence of a layer 2 loop may result in a high load state for terminals throughout the network, and may culminate in network communication failure.
A bridge connection is a function for causing a terminal to operate as a relay device (repeater) by means of a bridge connection in the terminal between two or more interfaces (IFs). In Windows XP (a registered trademark), a bridge connection normally performs bridge operations at the L2 level; but when the NIC (Network Interface Card) does not support promiscuous mode (random detection mode), the connections operates as an L3 (layer 3) bridge. In general, a wireless IF does not support promiscuous mode, and so a bridge connection which includes a wireless IF operates as an L3 bridge. In packet routing through an L3 bridge connection, when passing through the bridge there is temporary termination at the L2 level, and so the packet is routed with the packet source physical address reassigned. In Windows (registered trademark) operating systems, bridge connection functions are provided in XP and later versions.
There are cases in which an L2 loop occurs due to such an L3 bridge connection. An L2 loop caused by an L3 bridge connection indicates the existence of an L3 bridge connection terminal in the L2 loop. An L2 loop caused by an L3 bridge connection is explained below.
FIGS. 1A and 1B explains the mode of occurrence of an L2 loop due to an L3 bridge connection. As shown in FIG. 1A, terminals (notebook PCs) placed on either side of a wire IF and wireless IF normally use only one of the IFs for communication. Here, if for example the bridge connection function of Windows XP (a registered trademark) is used as a bridge connection between the two IFs, an L2 loop fault (L2 loop fault due to an L3 bridge connection) occurs, as in FIG. 1B, and the range of influence of the fault is the entire subnet; moreover, an extremely serious situation results in which communication between terminals within the subnet is impossible.
An L2 loop due to an L3 bridge connection similarly occurs not only for a wire IF and a wireless IF, but also when a packet routing path in a loop shape occurs due to a bridge connection between a plurality of wireless IFs.
Of late, notebook PCs have typically been provided with both wire IFs and with wireless IFs; and hereafter it is anticipated that there will be an increasing proportion of L2 loop faults caused by such L3 bridge connections.
FIG. 2 explains the cause of an L2 loop due to an L3 bridge connection. In FIG. 2, terminal C is an L3 bridge connection terminal which communicates with the switch SW via a wire IF and communicates with the wireless access point (AP) via a wireless IF. The switch SW is connected to terminals A and B via a wire IF. Consider a case in which terminal A transmits an ARP (Address Resolution Protocol) request in order to acquire the MAC address of terminal B. Here, as indicated in the figure, the MAC addresses of terminals A and B are respectively a and b, the wire IF MAC address of terminal C is p, and the wireless IF MAC address is q.
An ARP request is transmitted from terminal A to the broadcast address (BC). The ARP request is sent via the switch SW to terminal B, terminal C, and the wireless AP. Terminal C is an L3 bridge connection terminal, and so transmits the received ARP request to the wireless AP via the wireless IF. At this time, terminal C reassigns the ARP request source MAC address. The initial source address of the ARP request is the MAC address a of terminal A, but when passing through terminal C and output from the wireless IF, the source address is reassigned to the wireless IF MAC address q of terminal C. The ARP request with source address q passes through the wireless IF, reaches switch SW, and is transmitted to terminal B as a broadcast transmission from switch SW, and is also transmitted again to terminal C, forming an L2 loop. Hence a large number of ARP requests with source MAC address q are transmitted to terminal B.
On the other hand, the ARP request from terminal A is also transmitted to the wireless AP as a broadcast transmission from switch SW, and terminal C receives the ARP request originated by terminal A from the wireless AP as well. In this case terminal C, as an L3 bridge connection terminal, transmits the received ARP request to switch SW via the wire IF. At this time, similarly to the operation described above, terminal C reassigns the source MAC address of the ARP request. However, in this case the route over which the ARP request flows is the opposite direction; the ARP request was output from the wire IF, and so the source address of the ARP request (which initially is “a”) is reassigned to the wire IF MAC address p. The ARP request with source address p reaches the switch SW, and as a broadcast transmission from switch SW is transmitted to terminal B, and is also transmitted to the wireless AP once again, so that here too an L2 loop is formed. Hence a state ensues in which a large quantity of ARP requests with source MAC address p are sent to terminal B.
As explained above, terminal B receives ARP requests, with the source addresses a, q and p, and responds to these with ARP responses via unicast transmission. The path (1) shown is an ARP response to an ARP request with source address a; the correct ARP response, having the MAC address of terminal B, is transmitted to terminal A.
The path (2) shown in the figure is an ARP response to an ARP request with source address p. Because the ARP response is sent from terminal B to the MAC address p of terminal C (b→p), it is received by the wire IF of terminal C. Then, because of the L3 bridge function in terminal C, a MAC address reassignment takes place, and the ARP response is sent from the wireless IF of terminal C to terminal A (q→a). However, because in terminal C the MAC address for terminal B in the ARP response is reassigned from the correct address b to address p, the ARP response with an erroneous MAC address arrives at terminal A.
The path (3) shown in the figure is an ARP response to an ARP request with source address q. Because the ARP response is transmitted from terminal B via the wireless AP to the MAC address q of terminal C (b→q), it is received by the wireless IF of terminal C. Then, the L3 bridge connection in terminal C causes a MAC address reassignment to occur, and the ARP response is transmitted to terminal A from the wire IF of terminal C (p→a). However, because in terminal C the MAC address for terminal B in the ARP response is reassigned from the correct address b to address q, The ARP response with an erroneous MAC address arrives at terminal A.
In the ARP table of terminal A, the MAC address of the ARP response last received is registered; hence either the wire IF MAC address “p” or the wireless IF MAC address “q” for terminal C is registered in the ARP table as the MAC address of terminal B for communication. Hence terminal A enters a state in which communication with terminal B is not possible.
Thus when the cause of communication failure is an L2 loop caused by an L3 bridge connection, the loop occurs when the physical address of the packet source is reassigned in the bridge connection terminal (terminal C), so that at both end nodes performing communication, the physical address of the bridge connection terminal is registered in the ARP table as the physical address of the other-party terminal. Specifically, whereas the MAC address of the other-party terminal should be registered in the ARP table at each of the end nodes attempting communication, in fact it is the MAC address of the bridge connection terminal that is registered (the ARP table is a table which manages MAC addresses corresponding to IP addresses).
As technology to detect layer 2 loops which cause network faults, for example, a method is disclosed in Japanese Patent Laid-open No. 2001-197114 in which an L2 loop is detected by judging that a received frame is in an infinite loop through analysis of the frame. However, detection of an L2 loop due to an L3 bridge connection is not possible.
In the prior art, in order to identify the location of occurrence of an L2 loop caused by an L3 bridge connection, cables were disconnected and reconnected, and the equipment at wireless access points and similar was turned on and off repeatedly, in order to narrow down the location. Hence considerable time and labor is required before the location of the cause can be discovered. Further, because an L2 loop due to an L3 bridge connection is not a loop in the cable layout, it is difficult to ascertain the cause and location of the loop. Moreover, whereas an L2 loop resulting from an erroneous cable connection causes high loads on terminals and the network, an L2 loop caused by an L3 bridge connection results in low loads on terminals and the network itself, so that often more time is required to determine the cause and location.
Hence an object of this invention is to provide a network fault detection apparatus and network fault detection method capable of detecting L2 loops caused by L3 bridge connections and of rapidly identifying the location, without modifying existing relay devices.