1. Field of the Invention
The present invention relates to an apparatus and a method for transferring a packet flow in a communication network. A conventional network for use within an enterprise or an Intranet has developed with an emphasis on transferring mails and news over a wide area, sharing resources (e.g., files and printers) and improving business efficiency within a work group.
In such a network, terminals in a group are interconnected via a common transmission path called a xe2x80x9clocal area networkxe2x80x9d (called LAN) including the xe2x80x9cEthernetxe2x80x9d. A typical network system is formed by interconnecting the LANs of respective work groups through a backbone network such as Fiber Distributed Data Interface (called FDDI). The traffic in such a network system consisted mainly of so-called local traffic including data transmitted to/from the shared files and the printers.
In recent years, as the Internet is spreading to wider and wider areas and as multi-media applications are becoming more and more popular with the increasing access to the WWW (World Wide Web) service, the traffic resulting from work-group LANs accessing external resources is increasing rapidly. Further, even middleware is suffering changes as seen in the increase of applications (e.g., voice and animation) requiring high transmission speed and quality and in the development of multi-media handling protocols.
Such changes in recent years are causing performance limits to the conventional information forwarding protocols particularly in a backbone network, i.e., the xe2x80x9chop-by-hop best-effortxe2x80x9d forwarding methods through routers. Accordingly, a new method and apparatus for forwarding information in the backbone network is in great demand.
2. Description of the Related Art
A new technology for transferring packets by using the address of the Network Layer Protocol (e.g., IP address of the TCP/IP protocol) in the communication network, esp. in the NBMA network (typically the ATM network) are currently being studied by international organizations such as the ATM forum (an industrial group for standardizing the ATM LAN). The conventional method for transferring packets are divided roughly into following three types.
FIGS. 1A-1C illustrate the conventional packet transfer method in a communication network. The three methods are explained below, taking as an example in which the ATM network is used for a communication network and the TCP/IP is used for a high-layer protocol.
(1) Subnet-Relay Type
FIG. 1A illustrates a subnet-relay type packet transfer method, where a single ATM network including three logical subnetworks (hereinafter simply called a subnetwork or subnet) is shown. The subnet relay type, which is the most popular in a so-constructed network, connects subnetworks 130 with each other through routers 110 provided therebetween. The known LAN emulation method and the classical IP-over-ATM method are of this type. Here, an end system 111 is a general term for a terminal connected directly to the ATM network and a router located at an entrance/exit (or ingress/egress) to/from the ATM network from a legacy LAN or another type of network.
An IP packet is divided into ATM cells and forwarded directly between end systems 111 which belong to the same subnetwork. However, if the end systems belong to different subnetworks (as shown in FIG. 1A as end systems A and B), the ATM cells are transmitted from a subnetwork to another through router 110 provided therebetween (as shown by a heavy line) even when the end systems are included in a single ATM network in which the packet is transmitted on an ATM cell basis. The ATM cells received by the router are once converted into an IP packet for relay processing and again to the ATM cells to be sent to the ATM network. That is, the relay processing is conducted in the IP layer. It is a problem that this type requires time since the relay processing is executed mostly by software.
(2) Router-cut-through Type
FIG. 1B illustrates a router-cut-through type, which is provided with a router between subnetworks 130 as in the aforesaid subnet-relay type. However, it has an ATM cell switching function in the router. An ATM switch 113, provided in router 112, performs first the relay processing on the packet received through a default route in the IP layer as in the aforesaid subnet-relay type. The default route is previously provided corresponding to destinations, to pass therethrough a packet without a route specified. The default route is shown by a dotted line, which corresponds to that shown by the heavy line in the aforesaid subnet-relay type.
Since the relay processing by software requires time as mentioned above, when detecting such a packet flow as that of the FTP (File Transfer Protocol) and HTTP (Hiper Text Transfer Protocol), for which a short-cut path is useful, router 112 establishes an SVC (Switched Virtual Circuit) between the input and output ports of ATM switch 113. The packets input to router 112 thereafter are routed through the thus-established SVC and are relayed through the heavy line by cutting through ATM switch 113, thus speeding up the packet relaying.
(3) Cut-through-route-setting Type
FIG. 1C illustrates a cut-through-route-setting type, which has a router provided between subnetworks 130 as in the aforesaid relay types (1) and (2). First, a packet is processed in a Next Hop Resolution Server 115 (hereinafter simply called a server), which has the same router function as in the aforesaid relay types (1) and (2), and is forwarded through the default route shown by the dotted line in FIG. 1C.
When recognizing the packet flow as that of the aforesaid FTP and HTTP, an end system 116 (end system A), which is the ingress system for the packet flow, establishes a direct SVC between end system A and other end system 116 (end system B) which is the egress system for the packet flow so as to bypass the router (server). Succeeding IP packets are converted into cells in end system A and, forwarded in the ATM layer through the direct SVC shown by the dotted line in FIG. 1C. However, since ingress system A is not aware of the ATM address of egress system B in this type, system A makes an ATM address resolution request by sending an NHRP Request message including the destination IP address, to a next-hop-resolution-protocol (called NHRP) server 115 (server A here) through the default route.
If server A is not aware of the ATM address of end system B, server A sends the NHRP Request message including the destination IP address, through the default route to the NHRP server 115 (server B here) which is connected to the adjacent subnetwork. When replied with the ATM address of end system B (address resolution reply) by server B, server A replies the end system A""s request with the ATM address. End system A requests the ATM network to set a direct SVC between end systems A and B by using the replied ATM address.
Therefore, a mechanism to resolve the ATM address of the egress system based on the destination IP address is needed in this type.
Comparing the three relay types, types 2 and 3 are similar to type 1 in that packets are forwarded through the default route. However, the former two are superior to the latter in the relaying performance since the relaying route in the backbone-network, which passes through routers (called a hop-by-hop relay), is bypassed by the ATM connection.
Comparing types 2 and 3, they differ from each other in the method of setting the bypass route, as seen in the figures. In type 2, the default route and the bypass route are the same although packets are processed in in different ways. Type 2 has difficulties distributing the traffic to plural routes and designing network reliability, since the default route is fixed by the destination and therefore, the bypass route is fixed by the location of the router in the network. To prevent this, even if the bypass mechanism is realized with a high-speed and high-performance router, a further measure is required in the neighboring ATM network, to avoid a traffic concentration, e.g., to provide a high-performance ATM switch capable of processing the traffic concentration or to provide plural routers having the aforesaid cutthough mechanism between the subnetworks.
To say nothing of providing a high-performance ATM switch, providing plural routers requires complex functions for the routers to continuously collate the data held therein, rendering ATM network facilities costly. The related art is explained below taking type (3) as an example, since type (3) is the most superior of the three types from the above consideration.
As a technology to realize the short-circuit route setting type, the NHRP (Next Hop Resolution Protocol) is being studied by IETF (Internet Engineering Task Force), an international Internet technical committee. Also, the MPOA (Multi Protocol over ATM ) is being studied by the ATM forum (industrial standardization group for the ATM LAN) which is also an international organization. It is also approved by the MPOA to utilize the NHRP as the communication method between subnetworks and therefore, the operational outline and problems of the NHRP are explained below.
FIG. 2 illustrates the conventional packet-relay operation by using the NHRP. The configuration of the NHRP is explained first referring to FIG. 2.
(a) All ATM terminals 119 (hereinafter called NHC: NHRP Client) connected to a subnetwork 131 (called an LIS: Logical IP Subnetwork) can set a default route path through to a default router (router 118 in FIG. 2) which controls communication between the LIS and the other LIS.
(b) Also, all NHCs 119 can set a path to a server 117 which manages the address relationship between the ATM address and the high-layer IP address for the NHCs within LIS 131 (hereinafter the server is called an NHS: NHRP Server). By using the path, NHC 119 registers and updates the address relationship (i.e., ATM address vs. the IP address) thereof in NHS 117. Thus, NHS 117 prepares and manages the address data table (not shown in FIG. 2) including the address relationship of NHCs 119 within the LIS.
(c) If router 118 is also provided with a function of the NHS, the paths mentioned in (a) and (b) can be the same one single path as shown in FIG. 2; otherwise, above-mentioned two separate paths are required for reliability purposes. Further, when plural NHSs are provided in an LIS 131, plural paths interconnecting NHSs 117 are required to be set within LIS 131.
Next, the basic operation of NHRP is explained referring to FIG. 2.
(a) An IP packet is first transmitted from an NHC 119 (NHC-A) through the default route shown by dotted line {circle around (1)}.
(b) When the NHC-A has determined that the packet flow is to be forwarded though the shortcut path by examining the packet transmitted through the default route{circle around (1)}, it sends an NHRP request message (NHRP Req {circle around (2)}) to NHS 117 (NHS-A) to inquire the ATM address of the destination ATM end system (NHC-B).
(c) On receipt of the message, NHS-A examines whether the ATM address concerned is registered in the address data table. If registered, NHS-A replies with an NHRP reply message (NHRP Rep {circle around (5)}); unless registered, it forwards the NHRP request message (NHRP Req {circle around (3)}) to a neighboring NHS 117 (NHS-B).
(d) On receipt of the message, NHS-B conducts the same processing as in (c) above.
(e) When the ATM address of the destination end system (NHC-B) is determined by the NHS through the above operations (c) and (d), the NHRP reply message is returned to source NHC-A requesting an address resolution, as shown e.g., by lines {circle around (4)} and {circle around (5)}.
(f) The source NHC-A requests the ATM network to establish a direct route to NHC-B by using the ATM address obtained by the NHRP reply message and forwards the succeeding packet flow through the established direct route {circle around (6)}.
This method, in which the clients (NHCs) and servers (NHSs) cooperate in resolving the ATM address of the end systems within the ATM network, has the following problems:
(1) In addition to the default route, permanent paths are needed between the NHCs and the NHS, between the NHSs each serving different LISs, and between NHSs all provided in the same LIS and each serving different NHCS. Moreover, now that a technique to automatically select and set such paths is not yet established, a network manager is required to do the work manually, taking the subnetwork configuration into consideration.
(2) The NHCs need previously register the network address data in the NHS database Also, the NHS need periodically update the registered data by communicating with the NHCs to maintain the database. This causes a heavy load to the NHS with the increase in the number of NHCs.
(3) When a trouble to an NHC (e.g., powered off or configured out) occurs, the aforesaid data registered for the NHC need be cleared or changed to maintain the database. This renders the NHS and NHCs complex in construction for the following reasons. The NHS which is in direct control of the troubled NHC, can detect the trouble because the above periodical communication is disabled by the trouble. However, other NHS or NHC which is not in direct control of the troubled NHC, need be informed of the trouble to clear the registered address data. Therefore, the NHS which is in direct control of the troubled NHC need report the trouble to all the NHCs and NHSs that have so far replied thereto or clear the address data of the troubled NHC. This requires the NHS to maintain a history of all the responses and inquiries, causing increasingly serious problems as the network is large-scaled.
(4) To prevent a decrease of the server performance due to solving the above problems (2) and (3), many technical improvements are required such that an NHS which is located halfway in the route, replies with the NHRP reply message (called non-authoritative reply) based on the address data. In FIG. 2, for the NHRP reply message, NHS-B which is an authorative server basically replies to NHC-B with the message, whereas for the non-authoritative reply, NHS-A or any NHS, if located between NHS-A and NHS-B, replies with the NHC-B""s ATM address based on the address data stored therein. According to this method, the NHS operates efficiently since a load is prevented from concentrating on a specific NHS; however, it is a problem that a measure is required against the address data being old.
(5) A trouble in an NHS may extend throughout the LIS; however, no protocol for avoiding the problem has yet been established.
(6) When plural LISs manage the address data within an LIS or when an NHS is configured in a dual or duplex system to avoid the problems raised in above (5), the contents of the LISs"" database need be synchronized, e.g., by using such a sophisticated protocol as SCSP (Server Cache Synchronization Protocol).
(7) Since the ATM address of a destination ATM end system (i.e., an ATM terminal or a router which is an egress from the ATM network) is available independent of the end system, just by inquiring of the NHS which manages the address, some check mechanism to check the inquiry for validity is required for security purpose.
(8) This method has following problems with the handling of various applications and with the aspects of security.
(a) Even with an aforesaid check mechanism, once a connection is established through a normal procedure by using the ATM address, there is no mechanism to check the way the connection is used, even if used in such a way as maliciously transmitting useless data to the end system too long a time, obstructing the communication.
(b) A mechanism is not established to cope with various applications, such as sharing and occupying a VC (Virtual Channel) and establishing a connection for each application (high-layer session).
(c) There is no protocol for disconnecting the path. Generally, a method is used to disconnect the connection when no-communication state is detected on a shortcut path for a predetermined period (e.g., 20 minutes). However, if the period, which is independent of an application-requested communication, is set large enough compared with the request, the efficiency of network use may decrease. On the contrary, when the period is too small, if an application stops communication temporarily, the path may be disconnected. Moreover, if a control, abnormal or malicious traffic is mixed in the communication, the path may not be disconnected for a long time. These cause serious problems to the network in which the communication rate is charged on a payload basis.
As for the subnet-relay type, since the router need once convert ATM cells to an IP packet every time the ATM cells go from a subnetwork to another, a problem is that it requires time in the relay processing. As for the router-cut-through type, in which a packet passes through a short-cut path within a router to speed up the relay processing, a problem is that it has difficulty distributing the traffic and configuring a highly-reliable and economical network, since the shortcut path is fixed by the location of the routers within the network.
As for the cut-through-route-setting type, although it is free from the aforesaid problems and the route can be set independently of the location of the routers, it need set specific paths between a server and clients and between clients themselves in addition to the default route because of its server/client configuration. A problem is that it is complicated and difficult to design and manage the network. Another problem is that it has difficulties handling various applications and achieving security because it cannot share the shortcut path and a protocol for disconnecting a path has not yet been established.
It is an object of the present invention to provide an apparatus and a method which can tranfer packets at high speeds and in high-efficiency.
It is another object of the present invention to provide a packet transferring apparatus and method which are economical and highly reliable, particularly in terms of security.
It is still another object of the present invention to provide a packet transferring apparatus and method which a re easy in designing and managing a communication network.
To achieve the above and other objects, the present invention provides determination, request means and instruction means.
In a communication network in which a packet is transferred from a first device to a second device through a third device, the determination means provided in one of the first and second devices or the third device, determines whether to set a path directly connecting the first device to the second device; the request means providedproveded in the one of the first and second device, in dependence upon the determining by the determination means, requests the other of the first and second devices to set the path; and the instruction means provided in the other of the first and second devices, instructs the communication network to set the path.