1. Field of the Invention
The present invention relates to a cluster system functioning as a router which forwards an IP packet and, more particularly, a cluster system which is capable of conducting failure recovery processing without exchanging session information among cluster members.
2. Description of the Related Art
Routers placed in an IP network include devices which conduct processing while referring to information of a higher layer of IP layers. Among such devices are a firewall device for use in preventing unauthorized access or the like and a VPN gateway device which terminates IPsec tunnel.
These devices need to identify a session of a higher layer to which a passing packet belongs and process the packet according to a state of the identified session. Because every time a packet passes, these devices conduct identification of a session and reference/updating of its state, the volume of calculation required for the processing will be enormous. Therefore, the technique (router cluster) has been developed which decentralizes loads with a plurality of devices provided.
One of router clusters which decentralize loads is, for example, that having a structure as shown in FIG. 20. The router cluster shown in the figure includes a plurality of router devices 101 to 10n each having a session processing unit, and a packet assignment device 110 placed preceding to the router devices. The packet assignment device 110 assigns externally applied packets to any of the routers 100 to 10n according to predetermined load decentralization rules to realize load decentralization.
The router cluster shown in FIG. 20, however, has a problem that load centralizes on the packet assignment device 110 and a problem that a failure developing in the packet assignment device 110 paralyzes the entire system.
Under these circumstances, proposed for solving these problems is such a router cluster as shown in FIG. 21 (see e.g. PCT International Application No. 2003-517221, PCT International Application No. 2003-518338).
The conventional router cluster shown in FIG. 21 includes one master router device 200 and a plurality of router devices (slave router devices) 201 to 20n. Each of the router devices 200 to 20n has a session processing unit and a traffic distribution filter.
IP packets (denoted simply as a packet in some cases) from an neighbor node 210 to the router cluster are received by all the router devices 200 to 20n by multicast by a data link layer protocol. The traffic distribution filter in each of the router devices 200 to 20n passes or abandons an IP packet multicast on a data link 220 according to traffic distribution rules.
Here, traffic distribution rules of the traffic distribution filter provided in each of the router devices 200 to 20n satisfy the following conditions.                The same packet never passes through traffic distribution filters in a plurality of router devices.        Each packet passes through a traffic distribution filter in any of the router devices without fail.        
Traffic distribution rules of the traffic distribution filters in the router devices 201 to 20n are set by the master router device 200, which device recognizes what kinds of traffic distribution rules are set in the traffic distribution filters in other router devices 201 to 20n to set traffic distribution rules such that loads are evenly decentralized to the respective router devices 201 to 20n. The master router device 200 is also internally provided with a traffic distribution filter which processes a packet not meeting the traffic distribution rules. The master router device 200 generates new traffic distribution rules from session information of a processed packet and sets the rules at the traffic distribution filters of other router devices 201 to 20n. When the master router device 200 develops a failure, any one of other router devices 201 to 20n operates as a master router device.
The session processing unit in each of the router devices 200 to 20n, with reference to its internally set session processing rules and its session state, processes a packet passing through the packet distribution filter to abandon or forward the same.
The session processing rules of the session processing unit in each of the router devices 201 to 20n are set by the master router device 200. The respective router devices 200 to 20n including the master router device 200 exchange session information indicative of their own states of sessions with each other. Exchange of the session information is conducted at fixed time intervals and each of the router devices 200 to 20n holds session processing rules of other router devices and an exchanged latest session state of other router device. This accordingly enables, when any of the router devices 201 to 20n develops a failure, the master router device 200 to conduct processing of determining a device which replaces the device having the failure and making the determined device take over processing rules set at the router device having the failure and its session state. When the master router device 200 develops a failure, this also enables other router device to take over the processing of the master router device 200. Thus, the router cluster shown in FIG. 21 enables automatic recovery when any of the router devices 200 to 20n forming the router cluster develops a failure.
The conventional router cluster shown in FIG. 21 has the following shortcomings. That is, because a session state of each of the router devices 201 to 20n is transmitted to the master router device 200 at fixed intervals, there may be a difference between session states of other router devices 201 to 20n recognized by the master router device 200 and a session state held by each of the router devices 201 to 20n in some cases. Even when automatic failover is conducted by a replacement device prepared, this difference might result in processing a packet which can not be originally processed or in failing to process a packet which can be processed. For eliminating the difference, shortening session information exchanging time intervals will increase the volume of communication required for exchanging session information to increase loads on information exchange. An increase in the number of router devices also increases communication loads. As a result, conventional router clusters fail to realize an increase in the number of router devices and reduction in failover time at the same time to have a great disadvantage in scalability.