Today, information processing devices can be connected to a network. Information processing devices connected to a network as nodes are terminal devices, host computers (referred to as “hosts” hereinafter) that provide services, processing capacity or the like to terminal devices or the like, or are devices etc. that perform a process such as information collection etc. Herein, the meaning of “host” includes a server that provides services to terminal devices. Also, the “information processing device” hereinafter refers to an information processing device that serves as a transmission source (transmission side) of a packet or a transmission destination (reception side) of a packet unless otherwise noted. Many of nodes other than information processing devices are network devices such as a hub, a switch, etc. Thus, nodes other than information processing devices will be referred to as “network devices”.
There is a trend that an increasing number of information processing devices are connected to a network. Today, it has become common that many information processing devices are connected to one network. There is also a trend that an increasing amount of data is transmitted and received between information processing devices. This also has created a trend that the amount of communication traffic is increasing in a network.
Packets transmitted from respective information processing devices are transferred through routes in accordance with the configuration of the network and the positions of the information processing devices in the network that transmit and receive the packets. Links having a relatively great number of transfer routes tend to be subjected to concentration of communication traffic more than other links, leading to a high possibility of becoming a performance bottle neck of information processing devices.
Such concentration of communication traffic in networks may deteriorate the processing capacity of information processing devices connected to a network. Therefore, it is desirable to prevent concentration of communication traffic in networks from occurring.
Occurrence of concentration of communication traffic in network can be suppressed by controlling transfer routes of packets. As a conventional method for controlling transfer routes, there is, among other methods, a first method in which network devices are managed so as to control transfer routes and a second method in which VLAN (Virtual Local Area Network) technology is used so as to control transfer routes.
A network device refers to the header of a received packet so as to determine a port used for transmitting the received packet. For the determination of a packet port used for transmitting a packet, a packet forwarding table, which holds relationships between MAC (Media Access Control) addresses or IP (Internet Protocol) addresses and ports for transmitting the packets, is usually used. The transfer route of a packet can be changed by changing the contents of the packet forwarding table of the packet via the network management system. However, the controlling of the transfer route of a packet via a network management system is based on an assumption that a network device that can update a packet forwarding table through direct control from an external environment is provided and that a network management system exists that can control an arbitrary network device. However, such an assumption is not true for all networks (facilities such as data centers etc. in which networks are constructed). Construction of a management system and replacement to a network device that can be controlled directly by such a management system results in immense cost. Therefore, the application of the first method involves many undesirable aspects. It can be said that assuming the existence of a network device that can be controlled directly from an external environment is not desirable in view of reducing cost more reliably.
The VLAN technology that logically divides a network into a plurality of broadcast domains (VLANs) is widely used today partially because a very large number of information processing devices have started to be connected to a network.
The dividing into VLANs changes transfer routes of packets. The second method utilizes this phenomenon. In the second method, a VLAN is set in advance for each of a plurality of routes and switching between VLANs to be used is performed so that a link that has actually become a bottleneck is not used. By switching between VLANs to be used, it is possible to avoid packet transfer through a link that has become a bottleneck. However, such avoidance requires setting of many VLANs in advance.
A VLAN-ID (IDentifier) is assigned to each VLAN as identification information. VLAN-IDs that can be assigned are finite resources, and today it is becoming a situation in which there are not a sufficient number of assignable VLAN-IDs because of the scales of networks. Because of this situation, the second method is not always applicable. This means that the degree of limitation of resources is a matter that is to be emphasized.
From the above, it is believed to be desirable to respond to the existence or occurrence of a link for which packet transfer is to be suppressed (or avoided here) due to a reason such as a bottleneck etc., by using resources with lower limitation and without controlling network devices.
Patent Document 1 describes a countermeasure device that can communicate with a plurality of computers, the device including a first and second computers, the countermeasure device including a communication address changing unit that changes the communication address of the second computer recorded in the first computer to the communication address of the countermeasure device and changes the communication address of the first computer recorded in the second computer to the communication address of the countermeasure device, a first packet obtaining unit that obtains a packet transmitted from the first computer to the second computer, a second packet obtaining unit that obtains a packet transmitted from the second computer to the first computer and a first determination unit that determines whether or not to transmit the packet obtained by the first packet obtaining unit to the second computer, and thereby limits communication services conducted by the first and second computers.
Patent Document 2 describes a packet transfer device including an address storage unit that stores the IP address and MAC address of the device and IP addresses of a plurality of monitoring target terminal devices, a proxy ARP process unit that transmits and receives ARP request messages and ARP response messages with respect to the plurality of terminal devices by using the IP addresses of the plurality of terminal devices stored in the address storage unit so as to rewrite an ARP table that describes pairs of IP addresses and MAC addresses stored in the plurality of terminal devices, a packet reception unit that receives a packet transmitted from one of the plurality of terminal devices, a filtering unit that analyzes a packet received by the packet reception unit and performs a prescribed filtering process on a packet when a prescribed condition is met and a packet transfer unit that transfers a packet processed by the filtering unit to a different terminal device.
Patent Document 1: Japanese Laid-open Patent Publication No. 2006-74705
Patent Document 2: Japanese Laid-open Patent Publication No. 2008-109357