The present invention relates to a management technology for a user network connected to a virtual private network (VPN).
In recent years, when an enterprise connects Local Area Networks (LANs) of its business sites such as headquarters and branch offices to one another, instead of private lines provided by a telecommunication carrier and a Wide Area Network (WAN) using frame relays, Virtual Private Network (VPN) services using the Internet have been utilized.
The most widespread protocol for managing the networks for use in these services is the Simple Network Management Protocol (SNMP) defined by Request For Comment (RFC) 1157 managed by the Internet Engineering Task Force (IETF). The SNMP is composed of SNMP agents which reside in network instruments to be managed and an SNMP manager which manages the networks.
Each SNMP agent manages information of the network instrument as a Management Information Base (MIB). The MIB is an aggregate of variables which indicate a state of the instrument constituting each network or variables which manage such an instrument. As the MIB, there are a standard MIB defined by the RFC and an original MIB different depending on each vendor. The SNMP manager acquires this MIB from each SNMP agent, or is notified of a Trap which is failure information from the SNMP agent, and thus determines current states of the instruments to be managed, thereby managing the networks. Note that, in order to notify the SNMP manger of the Trap, the SNMP provides a function to enable a network administrator to make a program such that specific information is transmitted when a certain event occurs.
In FIG. 1, a typical configuration example of a conventional Internet Protocol-Virtual Private Network (IP-VPN) environment is shown. In a certain site 101, there are a plurality of user networks 13A, 13B, and 13C, for which communication services of VPN-A, VPN-B, and VPN-C are provided in order to be connected to user networks in other sites. In order to connect the networks to one another through the VPNs, there are a Provider Edge (PE) router 11 which maintains VPN routing information, and Customer Edge (CE) routers (12A, 12B, 12C, and the like) which are connected to the PE router 11 for each of the user networks (13A, 13B, 13C, and the like) and exchange the routing information therewith.
In FIG. 1, in order that the telecommunication carrier who provides the VPN services performs a network management according to the SNMP, an operation management server 10 installed in an IP-VPN network 70 manages the PE router 11 in the network. Specifically, an SNMP agent 21 in the PE router 11 manages configuration information of interfaces/paths and failure information as an MIB 40, and an SNMP manager which functions as a network management manger 200 of the operation management server collects the MIB 40, or receives a Trap from the PE router 11.
Here, in FIG. 1, it is assumed that a failure is detected in the SNMP agent 21 of the PE router 11. When some failure occurs in the PE router 11, the Trap is notified from the SNMP agent 21 of the PE router 11, and thus the SNMP manger of the operation management server 10 can grasp that the failure has occurred in the VPN. However, when a spot causing the failure occurrence is in the CE router 12A and the like of the user networks, in general, there is no unit for acquiring detailed information such as which of the CE routers 12A to 12C a problem is present in or which of the VPNs relating to the user networks 13A to 13C the failure is occurring in. This is because an MIB which associates the VPN and the user network 13A and the like with each other is not defined in the RFC standard MIB.
Hence, in order to acquire such detailed information, it is necessary for the SNMP manger to collect the MIBs original to the CE routers 12A to 12C. Therefore, when using the CE routers 12A to 12C of vendors different for each of the user networks 13A to 13C, unless the SNMP manger is ready for the MIB or Trap original to each router vendor, the SNMP manager cannot manage the user networks 13A to 13C. Moreover, because of such circumstances, there is a problem in that it is difficult to collectively manage all of the user networks by use of the operation management server 10.
As technologies proposed as solutions for such problems, those described in the following documents are known.
[Patent document 1] In a technology described in this document, in order to perform a collective management from one integrated management system by use of the standard MIB, a conversion table for converting an expansion MIB present for each of the vendors into the standard MIB is provided in the SNMP manager. Therefore, when the conversion table is created, it is necessary for the SNMP manger to be ready for the expansion MIB of each of the vendors.
[Patent document 2] In a technology described in this document, in order to manage a plurality of LANs coupled to one another by a WAN, a sub manager is placed between the agent and the manager, and MIB information acquired from the agent located at a lower hierarchy is reconstructed in the sub manager, and provided to the manager. However, in this document, there is no disclosure regarding the problem, that is, regarding how the MIBs which associate the VPN and the user networks with each other is to be handled.
[Patent document 3] In this document, a technology regarding enhanced security in the user networks is proposed. However, in this technology, information collection from each of the user networks is performed in the operation management server. Therefore, it is necessary for the management server to be ready for the expansion MIB of each of the vendors.
Moreover, as technologies regarding the network management, which solve the relating problems, there are the following ones.
[Patent document 4] In a technology described in this document, an MLPS-VPN monitoring system logs in the PE router, and confirms only activation states of the CE routers connected to the PE router. However, in this technology, the standard MIBs of the CE routers, which are the detailed information regarding the user networks, cannot be collected.
[Patent document 5] In a technology described in this document, for the purpose of quality control, information such as a flow rate of packets in the IP-VPN network are collected from the PE router, and a flow rate thereof in the future and the like are predicted. Information collection for the MIBs regarding the user networks from the CE routers is not considered, and accordingly, the user networks cannot be managed.
[Patent document 6] In a technology described in this document, in order to prevent a wrong recognition of a failure due to packet loss during communication, management agents exchange information with each other, and the manager collects the information from the plurality of agents. It is necessary to collect the MIBs from the plurality of agents, and a general SNMP manager cannot be used. Moreover, when this technology is applied to the IP-VPN network, it is not considered that this technology should be ready for each VPN, and accordingly, when the vendors of the CE routers are different from one another, it becomes necessary for the SNMP manager to be ready for each of the VPNs.
[Patent document 1]
Japanese Laid-open Patent No. Hei 9-51347
[Patent document 2]
Japanese Laid-open Patent No. 2002-140240
[Patent document 3]
Japanese Laid-open Patent No. 2002-252631
[Patent document 4]
Japanese Laid-open Patent No. 2002-281084
[Patent document 5]
Japanese Laid-open Patent No. 2003-69644
[Patent document 6]
Japanese Laid-open Patent No. 2003-244144