1. Field of the Invention
The present invention relates to a network system and a control method thereof. More particularly, the present invention relates to a technique for sharing a resource of a network appliance in a network system.
2. Description of the Related Art
In recent years, the demand for data centers has been steadily increasing. In general, a data center accommodates a plurality of tenants. The “tenant” refers to a unit to identify a user who uses a service and a function provided by the provider, as well as a unit to identify an application provided by the provider. Here, the provider refers to an entity that operates and manages the servers.
Typically a physical system including a server and a network appliance is constructed for each tenant in a data centers. The network appliance is a network device for executing a specific process for the network traffic, such as firewalls and load balancers. When a virtualization technique is used, on the other hand, one physical system can be shared by a plurality of tenants. In this case, it would be advantageous for the data center provider that a plurality of tenants can be accommodated efficiently without suffering from physical restrictions.
For example, use of a virtualization technique disclosed in a non-patent document entitled, “Cisco Application Control Engine: a Technical Overview of Virtual Partitioning” allows distributing resources of one network appliance, and assigns the distributed resources to the respective tenants. Here, the “resource” means to include the traffic transfer performance, the connection process performance and the number of simultaneous connections or the like. For example, when one network appliance has a traffic transfer performance of 1 Gbps, it is possible to preliminarily assign 600 Mbps to a tenant A and 400 Mbps to another tenant B. In this case, costs spent for constructing and administering the system can be reduced, compared to a case in which network appliances are prepared for respective tenants.
It should be noted that Japanese Patent Application Publication No. P2002-16599 A and Japanese Translation of PCT application No. P2002-543721 A are known as other techniques related to the network system.
Japanese Patent Application Publication No. P2002-16599A discloses a network measurement control system. A meter measures network traffic and the measurement data are transferred to a control server. The control server holds a policy for controlling assurance of communication service quality or the like. The control server analyzes the measurement data collected from the meter and transmits control instructions according to the policy to a router. The router provides a control in accordance with the control instructions. This enables ensuring a fine communication service quality adapted to the network circumstance.
Japanese Translation of PCT application No. P2002-543721A discloses a device which measures a usage of system resources in a communication network. The device includes means for measuring which radio resources are used by a transmission in a system, means for measuring which data service units are used for the transmission in the system, and means for measuring which transmission characteristics are used by the transmission in the system. All of these determination means are adapted for a respective collective measurement.