The disclosed subject matter relates to a management server and management method for automatically generating tenant topology information constructed by using a plurality of virtualization techniques.
A multi-tenant system has been becoming widespread as an effective means of a cost reduction for computer networking. The multi-tenant means a system for virtualizing and aggregating a plurality of tenants (information systems) in a single physical infrastructure (physical device group). As the plurality of tenants actually share physical devices and also use various network virtualization techniques, it is possible to have the individual tenants recognize as if they are using a dedicated device group.
The tenants can now take a flexible and complicated network configuration because of the development of the network virtualization techniques in recent years. The network virtualization techniques include virtualization techniques for an L2 (Layer 2) layer and virtualization techniques for an L3 (Layer 3) layer. The L2 layer virtualization techniques include virtual LAN (Local Area Network) techniques such as a VLAN (IEEE802.1Q Virtual Local Area Network); and the L3 layer virtualization techniques include virtual router techniques such as VRF (Virtual Routing and Forwarding) and VR (Virtual Router). Furthermore, virtual interface techniques such as VLAN interfaces and sub-interfaces are also included as techniques for linking the L2 techniques and the L3 techniques. A tenant network is constructed by combining such virtualization techniques.
A virtual network of tenants having various configurations can now be constructed in a single physical infrastructure in, for example, a datacenter network by making full use of the virtualization techniques like those described above. The configurations of tenants include a configuration constituted from a single L2 network segment and a configuration in which a plurality of L2 networks are mutually coupled at an L3 level by using a virtual router, a firewall, and a load balancer.
In a sense, each virtual network for a tenant is a different subset of the entire (or overall) virtual network. Virtual networks for tenants are terminated by, for example, a router serving as a gateway to an external network and provide various services to the external network. As another example, virtual networks for tenants are terminated by a VPN (Virtual Private Network) device, are connected to clients outside the datacenter via the VPN, and are used for internal usage such as scientific calculation.
On the other hand, since many tenants having various configurations have come to coexist in a single physical infrastructure, it has become difficult to understand logical configurations (tenant topologies) of the tenants and an operation cost has been increasing. To understand the individual tenant topologies is a basic work in operation management services and is necessary, for example, when adding a new tenant, changing, deleting, designing, verifying, or monitoring the configuration of the existing tenant(s), or dealing with a failure(s).
Conventional methods used to understand tenant topologies and their problems are as follows. A first method is to manually manage and understand tenant topology diagrams by using documents and the like. The problem of this method is that information described in the documents does not necessarily match the content that is actually set to devices. Also, another problem is that management of each tenant by drawing a topology diagram for each tenant one by one itself is complicated work and human errors tend to easily occur.
A second method is to interpret the information of device settings by means of manual work and understand logical tenant topologies. However, since a large number of items are set to the devices on a complicated virtual network as explained earlier, the problems of this method are that: there is a high possibility that the configuration cannot be accurately acquired due to human errors; and it takes an enormous amount of time to acquire the tenant topologies.
In order to solve the problems of the conventional methods, it is an object to automatically analyze setting information (config) of the devices and automatically generate one or more pieces of tenant topology information. If the setting information of the devices can be analyzed, the tenant topologies can be acquired; and human errors can be reduced and work time can also be reduced by automating this analysis.
In relation to this object, there is a conventional technique that automatically generates logical topology information in a virtual network. For example, according to Japanese Patent Application Laid-Open (Kokai) Publication No. 2009-194675, VLAN topology information (VLAN is an L2 virtualization technique) is automatically generated. This technique generates logical connection relationship information of physical devices in a network composed of a plurality of VLANs by using setting information about VLAN interfaces from config information that is set to the devices in a network environment composed of switches and routers.
According to U.S. Pat. No. 7,593,352, an information exchange relationship between virtual routers is automatically generated as an example of the L3 virtualization techniques. This technique is used for VPN services of an MPLS (Multi Protocol Label Switching) network in a carrier network. If this technique is used, a path exchange relationship between virtual routers at each of client sites can be acquired based on setting information of the VRF of the MPLS router.