By the current development of a information communication technology, a network of a company or an organization is developing more and more. Above all, a LAN (Local Area Network) is widely used as a base of the network to connect a personal computer or a server. One of the representative network apparatuses comprising the LAN is a switch. The switch is a device for connecting networks, and, by the switch, the communication between the terminals in the LAN is enabled. Recently, many switch products comprise a VLAN (Virtual Local Area Network) function, and by such a switch having the VLAN function, more complicated communication control becomes possible. The VLAN is also called a virtual LAN. The VLAN is a function to group terminals connected to a switch. The LAN can be built logically without being restricted to a physical connection of the LAN. The terminals that belong to different VLANs, even which are connected to the same switch, cannot communicate directly. When it makes terminals belonging to the different VLANs communicate, routing using an IP address with a network apparatus having a routing function such as a router or a L3 switch is necessary. A packet can be transferred to only particular terminals in the same network by using the VLAN, and there is a merit such as reduction of unnecessary traffic and security.
On the other hand, in a recent network construction technique, a redundancy of the network becomes the mainstream. The redundancy of the network means that, even if a failure occurs in a part of the network facilities, spare network facilities are incorporated to be able to continue services working on the network. For example, the network facilities refer to a network apparatus or a line. By making a network redundant, there is a merit such as improvement of stability or reliability.
The VLAN technology and the redundancy dramatically improve flexibility and reliability of the communication control. On the other hand, in a large-scale network including a network or a communication carrier where communication paths are complicated, a failure that, for example, a packet is not transferred intentionally due to an unexpected setting mistake of a network administrator or a designer is easy to occur. At the time of failure occurrence, it is difficult for the network administrator or the designer to grasp a logical network constitution of the VLAN, and it is also difficult to confirm quickly whether the VLAN communication state is in a state for which the network administrator or the designer intended. As for the reason, the VLAN on the network made redundant includes different communication paths for every VLAN-ID.
A technique about a communication inspection method of the VLAN in such an environment is described in Patent Document 1, Patent Document 2, Patent Document 3 and Non-Patent Document 1.
This kind of network inspection method and apparatus are used to inspect propriety of packet transferring and the network constitution. An example of the network inspection method and apparatus related to the present invention is described in Patent Document 1. The network inspection method and apparatus described in Patent Document 1 are to reduce load of the packet communication inspection operation of the network administrator and the designer by inspecting, without using the network, the communication propriety of the packet in a connection port of each switch on the network to be inspected.
At that time, config files of each switch are collected, and a network model for inspection is generated. The network model is a table that specifies a connection port of each switch and a forwarding address of a packet sent out from the connection port. Using this network model and an inspection request of the network administrator or the designer, the propriety of packet transferring is checked. The inspection request is a communication state of the packet that the network administrator or the designer wishes for. For example, it is exemplified that “a connection port 1/1 of a switch A and a connection port 1/2 of a switch B are available for packet communication”. The network model and the inspection request are described using a CTL (Computation Tree Logic) that is one of the modal logic, for example. It is inspected whether the network model matches to the inspection request, and a result is outputted. Software to use for this matching inspection includes a SMV (Symbolic Model Verifier). About the modal logic and the SMV, it is described in Non-Patent Document 1.
A method for grasping a net constitution of the virtual LAN in a node network and a program are used to grasp an actual connection state of the virtual LAN in the Ethernet (a registered trademark). The node used herein is synonymous with a switch. An example of a method for grasping the net constitution of the virtual LAN in the node network and a program related to the present invention are described in Patent Document 2. The method for grasping the net constitution of the virtual LAN in the node network and the program described in Patent Document 2 are to send out a packet for inspection to a network to be inspected, and count the range where the packet reaches and the number of times that the packet passes the node, whereby, even if the constitution node of the virtual LAN is unidentified, the propriety of packet communication between the constitution nodes, the communication range and the net constitution of the virtual LAN can be ensured. At that time, reply packets returned to the node that sent out the packet for inspection by other nodes are collected, and information necessary for grasping the connection state of the virtual LAN is extracted. The information includes, for example, an IP address or a connection port number of the node that sent out the reply packet, or the node passage number of times from the packet for inspection. Using this information, the net constitution of the virtual LAN is outputted.
A path finding device related to the present invention is used to detect a communication path between any nodes on the network. The node used herein is synonymous with a switch. An example of the path finding device related to the present invention is described in Patent Document 3. The path finding device described in Patent Document 3 can detect a plurality of communication paths between a initial point of node and a terminal point of node fast by detecting a loop constructed between the initial point of node and the terminal point of node. At this time, node branch connection information including a branch on the network to be inspected and two nodes connected each other by the branch, which are joined together to make a pair, is generated. The loop refers to a network constitution in which a packet sent out from an initial point node returns to the initial point node again using the different communication path. Also, the branch is synonymous with a line that connects two nodes (switches). And, using the node branch connection information and a loop constitution detection algorithm, the loop constitution is detected. A procedure of the loop constitution detection algorithm is as follows.    Procedure 1: All nodes on the network to be inspected are assumed non-checked first.    Procedure 2: An initial point node is accounted checked.    Procedure 3: A certain branch is picked up.    Procedure 4: If the node of the both ends of the branch of procedure 3 is already checked, the branch belongs to a loop: if either is not checked, the node is accounted checked: and if both of them are not checked, it makes them as it is, and the next branch is picked up.    Procedure 5: Processing of procedure 4 is repeated until the number of the nodes that are already checked does not change.
Finally, all paths can be detected by extracting the path to the terminal point node from the initial point node at the time when each branch in the detected loop constitution is interrupted.
Also, a method for checking a communication range is described in Patent Document 4.    Patent Document 1: Japanese Patent Application Laid-Open No. 2005-218038 (FIG. 1, FIG. 2, paragraph 0012-0099)    Patent Document 2: Japanese Patent Application Laid-Open No. 2005-328318 (FIG. 1, FIG. 9, paragraph 0006-0036)    Patent Document 3: Japanese Patent Document 3676713 (FIG. 1, FIG. 7, paragraph 0005-0040)    Patent Document 4: Japanese Patent Application Laid-Open No. 2002-185512 (paragraph 0010)    Non-Patent Document 1: Edmund M. Clarke, Jr., et al. “Model Checking”. MIT Press, U.S.A., 1999, 35-49 pages, 109-120 pages