The present invention relates to supporting the management of the connection relationship of each communication device in a local area network (LAN).
In a company, for example, a communication system for the whole company is generally built by connecting the LAN provided in each base such as a branch office or the like to a communication network such as the Internet via a router. This type of LAN includes a terminal device such as a personal computer that is used by an employee or the like of the company, a printer device that is shared by a number of employees, etc., and a relay device such as a switching hub, a wireless access point device, a router, etc. for connecting the terminal device to the LAN, as components. Hereinafter, the terminal device and the relay device are collectively referred to as a “communication device” in some cases. In general, these communication devices are set as an asset management target of the company. For this reason, in the company, in preparation for accounting or like, detailed information such as the name and the installation location of the communication device is generally registered and managed in a ledger (or handwritten ledger) created by a spreadsheet software, a database, etc., for each communication device.
In the company, in many cases, a communication device is added, or the installation location of a communication device is changed in accordance with department creation or department reorganization. In this way, in a situation where an addition of a communication device or a change in the installation location of a communication device occurs frequently, a work load of the registration to the ledger or the update of the registered information becomes great, and a delay is likely to occur in the registration of the detailed information to the ledger or the update of the registered detailed information. Moreover, there may be a case where the registration to the ledger or the update of the registered information is forgotten. When the registration of the detailed information to the ledger or the update of the registered detailed information is forgotten, a discrepancy between the contents registered in the ledger and the connection relationship of each communication device in the LAN (also referred to as a network topology) occurs. In order to correct the discrepancy, effort is required such as in a reinvestigation of the installation location or the connection relationship of each communication device, etc. In addition, in the management using the ledger, when the installation location of a communication device is changed without permission, or also when a communication device that is not permitted is connected to the LAN, a discrepancy between the contents registered in the ledger and the actual connection relationship of each communication device in the LAN occurs. That is, in the management using the ledger, even though the ledger is referred to, it is not always possible to recognize the actual network topology of the LAN, and especially, in a case where the network topology can be changed, there is a problem that it is difficult to follow the changes.
The present invention has been made in consideration of the above-described problem, and an object thereof is to provide a technique capable of easily recognizing the network topology of a LAN that is connected to a communication network via a relay device, and quickly recognizing a changed portion in the network topology when a change in the network topology occurs.
In order to solve the above-described problem, the present invention provides a relay device including: network topology data acquisition means for acquiring network topology data representing a network topology that includes a connection relationship of each relay device and a connection relationship of a terminal device connected to each relay device in a local area network (LAN); and display control means for displaying, on a display device, an image of a tree structure in which each relay device included in the LAN corresponds to a node, as an image of the network topology represented by the network topology data acquired by the network topology data acquisition means, in which the display control means displays, on the display device, the image of the tree structure in which a node corresponding to a relay device designated in advance among the relay devices included in the LAN and nodes of up to directly below the designated node are set as a drawing target. Here, as a response to being given an expansion instruction for a certain node included in the drawing target, the nodes of up to directly below the node to which the expansion instruction is given may be set as a new drawing target, and the display contents of the display device may be updated. The expansion instruction for a certain node included in the drawing target is performed, for example, by an operation on the image corresponding to the node. As another aspect of the present invention, an aspect that provides a program causing a general computer such as a central processing unit (CPU) or the like to function as the network topology data acquisition means and the display control means is also considered. Still another aspect of the present invention, an aspect that provides a display control method of the relay device performing the steps corresponding to the network topology data acquisition means and the display control means is also considered.
As an example of the network topology data acquisition means, various aspects may be considered. For example, in a case where the relay device including the network topology data acquisition means is a router that connects the LAN to a communication network such as the Internet or the like, an aspect in which the network topology data acquisition means is configured by combining collecting means for collecting data representing a MAC address table and a MAC address from another relay device included in the LAN (a router, a switching hub, a wireless access point device, or the like) and network topology data generation means for generating the network topology data by analyzing the data collected by the collecting means, may be considered. In addition, an aspect in which the collecting means and the network topology data generation means are further included, in which a communication with a device that generates the network topology data is performed by the operation of each of these means, and in which means for receiving the network topology data from the device is used as network topology data acquisition means, may be also considered. When connecting the LAN to the communication network such as the Internet or the like, the router is an essential element, and the router is caused to perform the network topology display control. Thus, it is possible to achieve energy savings and cost savings, compared to an aspect in which a dedicated device for the display control is separately provided.
As a specific aspect of acquisition of the network topology data by the network topology data acquisition means, an aspect in which the network topology data is acquired according to a user instruction, an aspect in which the network topology data is periodically acquired, an aspect in which the network topology data is acquired as a response to being detected connection or disconnection of another relay device or another terminal device to a certain relay device, or the like, are included. According to the relay device, it is possible to easily recognize the network topology of the devices below the relay device designated in advance in the LAN, from the image of the tree structure displayed on the display device. Moreover, the display contents of the display device are updated, at any timing instructed by the user, periodically, or as a response to being detected the connection or the disconnection of another relay device or another terminal device to a certain relay device. Thus, the user such as a network administrator, a person in charge of accounting, or the like can quickly and easily recognize a change and a changed portion in the network topology, by viewing a change in the image of the tree structure displayed on the display device using his/her eyes. In a case where a simple network management protocol (SNMP) is used, there is a problem that only the connection relationship of equipment that supports the SNMP is recognized, or a problem that a computer which operates as an SNMP manager is newly required. Thus, the technique is different from the present invention that does not have these problems.
In addition, according to the present invention, the display control means sets the node corresponding to the relay device that is designated in advance among the relay devices included in the LAN and the nodes of up to directly below the node as a drawing target, and displays the tree structure on the display device. As a response to being given an expansion instruction for a certain node, the display control means sets the nodes of up to directly below the node to which the expansion instruction is given as a drawing target, and updates the display contents of the display device. Therefore, the following effects are exhibited. That is, as the LAN becomes large, when the whole network topology of the LAN is collectively displayed, there is a concern that the display contents of the display device will become complicated and hard to see. However, according to the present invention, a portion a user wants to recognize in detail can be designated by the user, and thus avoidance of complication of the display contents of the display device and recognition of the details of the network topology can be made compatible.
In yet another aspect of the disclosure, the relay device includes detailed information acquisition means for acquiring detailed information of each relay device in the LAN and the terminal device connected to each relay device. The display control means displays, on the display device, the image of the tree structure corresponding to the drawing target and a list image of the detailed information on the relay device and the terminal device that are directly below the designated node among the nodes included in the tree structure, side by side, and as a response to being given an expansion instruction, the display control means updates the list image of the detailed information to the list image of the detailed information on the relay device and the terminal device that are directly below the node to which the expansion instruction is given. The detailed information may include information representing at least makers of the relay device and the terminal device. According to the aspect, display of the network topology of the portion user wants to recognize in detail, and display of the detailed information of each communication device can be made compatible, while avoiding complication of the display contents of the display device. For example, when the terminal device is a server device, information indicating the operation status of the server device (for example, information representing the load of the server device such as CPU utilization efficiency, communication amount per unit time, or the like) is included in the detailed information, and thus it is possible to monitor the operation status of the server device. When the server device is crashed, the information related to the server device is not displayed, and thus it is also possible to immediately detect the server device being crashed. In addition, the communication amount per unit of terminal (or communication amount per unit time) is included in the detailed information, and thus it is possible to monitor the traffic of each terminal device. Moreover, it is possible to detect a terminal device that performs a fraud behavior such as allowing a large amount of traffic to pass (a terminal device suspected of virus infection), and thus it is also possible to block the communication of this terminal device. In addition, information indicating whether or not anti-virus software is installed (in a case where anti-virus software is installed, information indicating the version of a virus scanning definition file) is included in the detailed information. Thus, it is possible to monitor the presence or absence of the connection of a terminal device that does not satisfy a security policy related to virus checking, and it is also possible to block the communication of this terminal device.
In a case where the relay device according to the present invention includes service providing means for providing a certain service to the terminal device in the LAN according to a known communication protocol (that is, in a case where the relay device according to the present invention also functions as a server for providing the service), the detailed information acquisition means may be caused to acquire the detailed information from the terminal device by using a communication sequence according to the well-known communication protocol. According to the aspect, the relay device can acquire the detailed information of each terminal device without increasing the traffic of the communication that is performed between the relay device according to the present invention and each terminal device.
In another aspect, the relay device includes: memory means for storing one or more pieces of reference topology data as a reference for the LAN; comparison means for comparing the network topology represented by the network topology data acquired by the network topology data acquisition means, and the network topology represented by the reference topology data designated by a user among the one or more pieces of reference topology data; and notification means for notifying a difference in the network topologies, in a case where a comparison result indicating that there is a difference in the network topology represented by the network topology data acquired by the network topology data acquisition means and the network topology represented by the reference topology data is obtained by the comparison means. For example, an aspect in which the node or the leaf corresponding to the difference between the network topology represented by the reference topology data and the network topology represented by the network topology data acquired by the network topology data acquisition means is displayed on the image of the tree structure or the list image, in a different display form from other nodes or other leaves (changing of the display color or blinking), or an aspect in which a network administrator is notified by E-mail (or use of both), may be considered. According to the aspect, the user such as a network administrator or the like can quickly recognize a change from the network topology represented by the reference topology data. Here, with regard to how to generate the reference topology data, various aspects may be considered. For example, snapshot means for writing the network topology data acquired by the network topology data acquisition means in the memory means, as the reference topology data, according to a user instruction, may be further provided.
In still another aspect of the disclosure, the comparison means compares the network topology represented by the network topology data acquired by the network topology data acquisition means with the network topology represented by the reference topology data, except for a terminal device designated in advance among the terminal devices included in the LAN. According to the aspect, the terminal device such as a wireless terminal device in which connection/disconnection is supposed to occur frequently is excluded from a comparison target by the comparison means, and thus it is possible to avoid performing of an unnecessary notification.
Other objects, advantages and novel features of the present invention will become apparent from the following detailed description of one or more preferred embodiments when considered in conjunction with the accompanying drawings.