In recent years, as networks become larger, the management and operation of networks are getting more complicated. As a result, for example, the management of a network is conducted in such a manner that one of the apparatuses constituting the network undertakes a task of configuring another apparatus and configures that apparatus on behalf of the administrator (for example, see Patent literatures 1 and 2).
Further, the management of a network is conducted in such a manner that instead of using the physical network constituting the network as it is, a virtual network(s) is constructed and used on the physical network for the purpose of the management or for securing the security.
In a system in which a virtual network(s) is formed (network virtualization system), it is possible to construct one or more than one virtual network on one physical network. Further, the constructed virtual networks can be operated without having any effect on each other. Therefore, for example, it is possible to carry out a network experiment by a network researcher and to provide network service by a network service provider on the same physical network without having any effect on each other. The network virtualization system like this is getting attention in various network fields.
FIG. 15 shows a typical overall configuration of a network virtualization system. The implementation of network virtualization systems has been researched and developed by the GENT project (U.S.), the FIRE project (Europe), and so on. FIG. 15 is a block diagram showing an outline of such network virtualization systems. The network virtualization system 91 includes a plurality of physical nodes 92 that provide computing resources, physical links 93 connecting these physical nodes 92 with one another, and a domain management apparatus 94.
In the example shown in FIG. 15, virtual networks 95 are constructed on the network virtualization system 91. Similar to physical networks, each of the virtual networks 95 is composed of network nodes and network links (hereinafter, network nodes and network links on a virtual network are referred to as “virtual nodes 96” and “virtual links 97” respectively).
In FIG. 15, the resources of the physical nodes 92 are allocated to each of the virtual nodes 96 on the virtual networks 95. A plurality of virtual machines operate on the physical nodes 92, and the allocation of resources to the virtual nodes 96 is implemented by assigning these plurality of virtual machines to the respective virtual nodes 96.
Further, though not shown in FIG. 15, physical network resources on the network virtualization system 91 are allocated to the virtual links 97 that connect these virtual nodes 96 with one another. In general, this allocation to the virtual links 97 is implemented by using a VLAN or a tunneling technique such as GRE (Generic Routing Encapsulation), IPSec, and MPLS (Multi Protocol Label Switching).
The domain management apparatus 94 manages the resources of all the physical nodes 92 and the physical links 93 on the network virtualization system 91. When the domain management apparatus 94 receives a request to create a virtual network 95 from a setting terminal 98, the domain management apparatus 94 determines the resource allocation to the physical nodes 92 and the physical links 93 based on the creation request, and instructs each of the physical nodes 92 about the VM (Virtual Machine) assignment to the virtual node and the creation/assignment of the virtual link. Then, when the domain management apparatus 94 confirms the completion of the assignment in each physical node 92, the domain management apparatus 94 notifies the virtual network assignment result to the setting terminal 98.
When a virtual network 95 is to be created, the setting terminal 98 supplies a virtual network definition to the domain management apparatus 94. In the “virtual network definition”, resources that should be secured for the virtual nodes 96 and the virtual links 97 as well as the topology of the virtual network 95 to be constructed are specified. Further, various forms of virtual network definitions have been used. A specific example of a virtual network definition is disclosed in ProtoGENI RSpec of Non-patent literature 1.
FIG. 16 shows an example of a virtual network definition according to Non-patent literature 1. In the virtual network definition 13 shown in FIG. 16, the definitions of virtual nodes 96 (virtual nodes 131 to 133) are indicated by dotted-line boxes, and each definition is a part between “<node>” and “</node>” of the XML. The definition of each virtual node 96 includes a “virtual_id” attribute indicating the identifier of the virtual node, a <node_type> element indicating the type of the virtual node, and a <interface> definition, which is the definition of the network interface(s) of the virtual node (hereinafter, simply referred to as “virtual interface”).
The same number of virtual interface definitions as the number of the virtual interfaces are included. In the example shown in FIG. 16, each of Node-A to Node-C has two virtual interfaces. Therefore, there are two definitions <interface> for virtual interfaces in each of the virtual node definitions. The name of a virtual interface is indicated by using the attribute “virtual_id” of the <interface> element of the XML. In the example shown in FIG. 16, Node-A has two virtual interfaces having names “VIF-A0” and “VIF-A1” respectively.
Virtual links 97 that connect the virtual nodes 96 with one another on the virtual network 95 are defined by using <link> elements. In the above-mentioned ProtoGENI RSpec, each virtual link 97 is defined in such a manner that the virtual link 97 is defined by specifying the virtual interfaces of virtual nodes 96 connected to the both ends of the virtual link 97. In the virtual network definition 13 shown in FIG. 16, a virtual link Link-AB connects the virtual interface VIF-A0 of Node-A with the virtual interface VIF-B1 of Node-B.
As described above, upon receiving the virtual network definition from the setting terminal 98, the domain management apparatus 94 interprets the received virtual network definition. Then, the domain management apparatus 94 determines, for the virtual nodes 96 and the virtual links 97 that are necessary for the creation of the virtual network 95, the resources of the physical nodes 92 and the physical links 93 that should be allocated to the virtual nodes 96 and the virtual links 97 based on the available resources of the physical nodes 92 and the like as well as the requested quality requirements and the like.
Next, the domain management apparatus 94 instructs each physical node 92 about the resource allocation to the virtual nodes 96. When a physical node 92 receives a request for allocation to the virtual node 96, the physical node 92 assigns an unused virtual machine (VM) on the physical node 92 to the virtual node 96 based on the received virtual node definition, and returns the assignment result to the domain management apparatus 94. With regard to the virtual network definition, the domain management apparatus 94 also instructs physical nodes 92 other than the physical node 92 that is determined as the resource allocating physical nodes about the resource allocation to the virtual nodes 96 in a similar manner, and waits for the reply to the allocation requests.
Further, with regard to the assignment of the virtual links 97, the domain management apparatus 94 also instructs relevant physical nodes 92 about the resource allocation of the physical links 93 in a similar manner, and waits for the reply to the allocation requests.
With regard to the virtual network definition, when all the resources required for the creation of the necessary virtual nodes 96 and the virtual links 97 are secured and then the virtual network 95 is thereby constructed, the domain management apparatus 94 notifies the virtual network assignment result to the setting terminal 98.
The virtual network assignment result can be also expressed in various data formats. FIG. 17 shows an example of the assignment result disclosed in Non-patent literature 2. Note that for the sake of explanation, only the result of one virtual node Node-A is extracted for the illustration in the result shown in FIG. 17 (in FIG. 17, it is represented as virtual node information 140, which is indicated by a dotted-line box).
The virtual node information 140 shown in FIG. 17 represents an assignment result for the virtual node Node-A. A virtual node identifier 141 indicates that the virtual node information 140 is an assignment result corresponding to the virtual node Node-A defined in the virtual network definition. Virtual interface information 142 and 143 are assignment results corresponding to the virtual interfaces of Node-A.
In each of the virtual interfaces (virtual interfaces 142 and 143), the assignment of a virtual NIC of the virtual machine is included in an area between “<component_id>” and “</component_id>”, and the assignment of a virtual interface is included in an area between “<virtual_id>” and “</virtual_id>”. Network Interface Card (NIC) is assigned to each of the virtual interfaces, indicating that NIC “eth1” and NIC “eth0” of the virtual machine correspond to VIF-A0 and VIF-A1, respectively, of the virtual interface.
A program running on a virtual node 96 connected to the virtual network 95 can recognize which of the virtual NICs on the virtual machine corresponds to the virtual interface by referring to the virtual interface information 142 or the virtual interface information 143.
In this manner, in the network virtualization system 91 shown in FIG. 15, upon receiving a request from the setting terminal 98, the domain management apparatus 94 can construct a virtual network(s) 95 by configuring the physical nodes 92.
Note that in the following explanation, a network interface of a virtual node 96 in the virtual network definition is referred to as “virtual interface” and a network interface card (NIC) of a virtual machine assigned to a virtual node 96 is referred to as “virtual NIC”.