阅读说明：本技术 网络架构设备、网络架构方法和程序被存储于其上的非暂态计算机可读介质 (network architecture device, network architecture method, and non-transitory computer-readable medium on which program is stored ) 是由 伊藤达哉 于 2017-12-20 设计创作，主要内容包括：这种网络架构设备(2)包括：收集单元(11),其扫描被连接到网络的节点中的每个节点,并且收集网络的环境数据；设计单元(21),其基于由收集单元(11)收集的环境数据来设计通过将网络虚拟化而被获取的虚拟网络；以及输出单元(31),其输出针对由设计单元(21)设计的虚拟网络的设计数据。(Such a network architecture device (2) comprises: a collection unit (11) that scans each of nodes connected to a network and collects environmental data of the network; a design unit (21) that designs a virtual network obtained by virtualizing the network based on the environmental data collected by the collection unit (11); and an output unit (31) that outputs design data for the virtual network designed by the design unit (21).)

1. A network construction apparatus comprising:

A collection unit configured to scan each node connected to a network and collect environment data of the network;

a designing unit configured to design a virtual network acquired by virtualizing the network based on the environmental data collected by the collecting unit; and

An output unit configured to output design data of the virtual network designed by the design unit.

2. The network construction apparatus according to claim 1, wherein

For each role of the node, a first rule is stored in a first database, the first rule indicating a device type when the node having the role is placed in the virtual network,

The collection unit collects data indicating the role of each node connected to the network at least as environmental data of the network, and

The design unit determines a device type corresponding to the role of each node connected to the network according to the first rule, and

The design unit places each node connected to the network in the virtual network as a device of the determined device type.

3. the network construction apparatus according to claim 2, wherein

For each role of the node, a second rule is stored in a second database, the second rule indicating an installation procedure for an application in the node having the role,

The output unit determines the installation procedure corresponding to the role of each node connected to the network according to the second rule, and

The output unit also outputs information on the installation process in each node connected to the network when it outputs the design data of the virtual network.

4. a network construction apparatus according to any one of claims 1 to 3, wherein

For each virtual network, a third rule is stored in a third database, the third rule indicating a usage status of resources in the virtual network,

The designing unit assigns resources to each of the plurality of the virtual networks in such a manner that the resources of the plurality of the virtual networks do not overlap with each other according to the third rule when designing the plurality of the virtual networks.

5. a network construction method performed by a network construction apparatus, comprising:

A collection step of scanning each node connected to a network and collecting environmental data of the network;

A design step of designing a virtual network acquired by virtualizing the network based on the environmental data collected in the collection step; and

An output step of outputting design data of the virtual network designed in the design step.

6. the network construction method of claim 5, wherein

For each role of the node, a first rule is stored in a first database, the first rule indicating a device type when the node having the role is placed in the virtual network,

In the collecting step, data indicating the role of each node connected to the network is collected at least as the environmental data of the network, and

In the designing, the device type corresponding to the role of each node connected to the network is determined according to the first rule, and

In the designing step, each node connected to the network is placed in the virtual network as a device of the determined device type.

7. the network construction method of claim 6, wherein

For each role of the node, a second rule is stored in a second database, the second rule indicating an installation procedure for an application in the node having the role,

In the outputting step, the installation procedure corresponding to the role of each node connected to the network is determined according to the second rule, and

In the outputting, when the design data of the virtual network is output, information on the installation process in each node connected to the network is also output.

8. The network construction method according to any one of claims 5 to 7, wherein

For each virtual network, a third rule is stored in a third database, the third rule indicating a usage status of resources in the virtual network,

In the designing step, when a plurality of virtual networks are designed, resources are assigned to each of the plurality of virtual networks in accordance with the third rule in such a manner that the resources of the plurality of virtual networks do not overlap with each other.

9. a non-transitory computer-readable medium storing a program that causes a computer to execute:

A collection process for scanning each node connected to a network and collecting environmental data of the network;

A design process for designing a virtual network acquired by virtualizing the network based on the environmental data collected in the collection process; and

An output process for outputting design data of the virtual network designed in the design process.

Technical Field

The present disclosure relates to a network construction device, a network construction method, and a program.

Background

In order to evaluate the network environment of the client, it is preferable to construct the same network as that of the client. However, when the network is manually constructed, a process for constructing the network becomes complicated and requires a large number of steps, thereby taking a large amount of time.

in order to solve this problem, recently, a technique of constructing a virtual network obtained by virtualizing a network has been proposed to reduce the time and cost involved in constructing the network (see patent document 1).

However, in order to construct a virtual network obtained by virtualizing the network, it is necessary to collect environmental data of such a network. One example of a technique for collecting environmental data of a network is a technique for collecting environmental data of a network by monitoring packets transmitted from nodes connected to the network (see patent document 2).

reference list

Patent document

Patent document 1: european patent application publication No.1455483

Patent document 2: japanese unexamined patent application publication No. H07-287572

Disclosure of Invention

technical problem

Incidentally, in order to construct a virtual network obtained by virtualizing a network, data of an OS (operating system) or the like used by each node connected to such a network will necessarily become environment data of the network as well.

However, as in patent document 2, there is a problem that only limited items of environment data can be collected by monitoring packets transmitted from nodes connected to the network. For example, in patent document 2, the only environmental data collected by monitoring packets is the node number included in the packets.

in view of the above-described problems, an object of the present disclosure is to provide a network construction device, a network construction method, and a program that can easily collect environment data necessary for constructing a virtual network.

solution to the problem

in one example aspect, a network construction apparatus includes:

A collection unit configured to scan each node connected to a network and collect environmental data of the network;

a designing unit configured to design a virtual network acquired by virtualizing the network based on the environment data collected by the collecting unit; and

an output unit configured to output design data of the virtual network designed by the design unit.

in another example aspect, a network construction method performed by a network construction apparatus includes:

A collection step of scanning each node connected to the network and collecting environmental data of the network;

A design step of designing a virtual network acquired by virtualizing the network based on the environmental data collected in the collection step; and

And an output step of outputting the design data of the virtual network designed in the design step.

In another example aspect, a program causes a computer to execute:

A collection process for scanning each node connected to the network and collecting environmental data of the network;

A design process for designing a virtual network acquired by virtualizing the network based on the environmental data collected in the collection process; and

A design data output process for outputting the virtual network designed in the design process.

Advantageous effects of the invention

According to the above exemplary aspect, an effect of easily collecting environmental data necessary for constructing a virtual network can be achieved.

Drawings

fig. 1 is a diagram showing a configuration example of a network construction apparatus according to an embodiment of the present disclosure;

Fig. 2 is a diagram showing an example of environmental data collected by the collection unit shown in fig. 1;

Fig. 3 is a diagram showing an example of a design rule registered in the design rule DB shown in fig. 1;

fig. 4 is a diagram showing an example of constraint rules registered in the constraint rule DB shown in fig. 1;

Fig. 5 is a diagram illustrating an operation example of the design unit shown in fig. 1;

Fig. 6 is a diagram showing an example of configuration rules registered in the configuration rule DB shown in fig. 1;

Fig. 7 is a flowchart showing an example of a processing flow of the network construction apparatus shown in fig. 1; and

Fig. 8 is a diagram showing a configuration example of a network construction apparatus according to the present disclosure.

Detailed Description

Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings.

First, the configuration of the network construction apparatus 1 according to this embodiment will be described with reference to fig. 1. Fig. 1 is a diagram showing a configuration example of a network construction apparatus 1 according to this embodiment. The network construction apparatus 1 is used to construct a virtual network obtained by virtualizing a target network. The network construction apparatus 1 includes a collection unit 10, a design unit 20, an output unit 30, a collection rule DB (i.e., a database to be applied in the following description) 40, a design rule DB 50, a constraint rule DB 60, and a configuration rule DB 70. The collection rule DB 40, the design rule DB 50, the constraint rule DB 60, and the configuration rule DB 70 are not limited to being provided inside the network construction apparatus 1, but may instead be provided outside the network construction apparatus 1.

The collection unit 10 scans each node connected to the target network according to the collection rule registered in the collection rule DB 40 and collects environment data of the network. Specifically, the collection unit 10 collects environment data by performing port scanning on each node. The nodes are client PCs (personal computers), hubs, switches, routers, etc. connected to the target network.

the collection rules define items of environmental data to be collected, for example. Fig. 2 is a diagram showing an example of the environmental data collected by the collection unit 10. Items of the environment data shown in fig. 2 are the role of the node ("role" in the figure), the OS used by the node ("OS" in the figure), the version of the node ("version" in the figure), and the IP (internet protocol) address of the node ("IP address" in the figure). For example, the collection unit 10 scans each node connected to the target network and collects data of items defined in the collection rule as environmental data of the network.

the design unit 20 designs a virtual network acquired by virtualizing a target network based on the environmental data collected by the collection unit 10 according to the design rule registered in the design rule DB 50 and the constraint rule registered in the constraint rule DB 60. The rule DB 50 is an example of a first database, and the design rule is an example of a first rule. The constraint rule DB 60 is an example of a third database, and the constraint rule is an example of a third rule.

The design rules define the order in which the nodes are placed in the virtual network, the type of device, etc. Fig. 3 is a diagram showing an example of the design rule registered in the design rule DB 50. The design rule shown in fig. 3 defines, for each role of a node, the order in which the corresponding node having that role is placed in the virtual network ("order" in the figure) and the device type ("type" in the figure). The design unit 20 determines that the device type of a node having a role of "CISCO" is a virtual switch ("SW") when this node is placed in the virtual network according to the design rule shown in fig. 3, and then places this node in the first bit in the virtual network as the virtual switch.

The constraint rules define usage states of resources in the virtual network, etc. The resources are for example VLANs (virtual local area networks), memories, etc. In this embodiment, multiple virtual networks may be operated simultaneously by using multiple VLANs. Fig. 4 is a diagram showing an example of the constraint rules registered in the constraint rule DB 60. The restriction rule shown in fig. 4 defines the usage state of VLANs in a virtual network (i.e., virtual network # 1). When designing the two virtual networks #1 and #2, the design unit 20 assigns VLANs unused by the virtual network #1 to the virtual network #2 so that the VLANs do not overlap and the two virtual networks #1 and #2 do not overlap with each other according to the constraint rule shown in fig. 4. Note that although the restriction rules shown in fig. 4 define the usage states of VLANs in the virtual network #1, each restriction rule indicates, for each virtual network, the usage state of each type of resource (VLAN or memory) in the corresponding virtual network. For example, when there are two virtual networks #1 and #2 and there are two types of resources to be managed (VLAN and memory), the restriction rule indicates the usage state of the VLAN in the virtual network #1, the usage state of the memory in the virtual network #1, the usage state of the VLAN in the virtual network #2, and the usage state of the memory in the virtual network # 2.

The operation of the design unit 20 according to this embodiment will be described with reference to fig. 5. Fig. 5 is a diagram showing an operation example of the design unit 20. Here, an example of designing two virtual networks #1 and #2 according to the design rule shown in fig. 3 will be described. One type of resource, i.e. VLAN, should be managed.

first, the design unit 20 designs the virtual network # 1. First, according to the design rule shown in fig. 3, with respect to a node whose order is "1" (order "in the figure) and whose role is" CISCO "among nodes connected to a network to be designed as the virtual network #1, the design unit 20 determines that the device type of this node is a virtual switch (" SW ") and connects this node to the virtual server 82 as a virtual switch (#1) 83-1. Next, the design unit 20 connects the node whose order is "2" (order "in the drawing) and whose role is" Win2016-SC "to the virtual switch (#1)83-1 as the Virtual Machine (VM) (#1) 84-1. Next, the design unit 20 connects the node whose order is "3" (order "in the drawing) and whose role is" Win7-PC1 "to the virtual switch (#1)83-1 as another VM (#1) 84-1. In this way, design unit 20 designs virtual network #1 composed of virtual switch (#1)83-1 and a plurality of virtual machines (#1) 84-1. Further, the design unit 20 assigns a VLAN to the virtual network #1, and registers a constraint rule defining the use state of the VLAN in the virtual network #1 in the constraint rule DB 60. It is assumed that the constraint rule registered here is the constraint rule shown in fig. 4, and will be described below.

Next, the design unit 20 designs a virtual network #2 composed of a virtual switch (#2)83-2 and a plurality of virtual machines (#2)84-2 in a manner similar to the virtual network # 1. At this time, the design unit 20 assigns VLANs that are not used in the virtual network #1 (VLANs whose "VLAN IDs" are "101", "102", and "105") to the virtual network #2 according to the constraint rule shown in fig. 4 so that the VLANs of the two virtual networks #1 and #2 do not overlap with each other. Further, the design unit 20 registers, in the constraint rule DB 60, a constraint rule defining the use state of the VLAN in the virtual network # 2.

Although not shown in fig. 5, the design unit 20 connects the virtual switch (#1)83-1 and the virtual switch (#2)83-2 to the physical switch/OpenFlow switch 81.

The output unit 30 outputs design data of the virtual network designed by the design unit 20 to a specific output destination. The output destination of the design data is an evaluation environment in an evaluation device (not shown) that evaluates a network designed as a virtual network.

Further, when outputting the design data of the virtual network, the output unit 30 also outputs information on the installation process of the application in each node connected to the network designed as the virtual network according to the configuration rule registered in the configuration rule DB 70. The configuration rule DB 70 is an example of the second database, and the configuration rule is an example of the second rule.

the configuration rules define the installation process of the application. Fig. 6 is a diagram showing an example of configuration rules registered in the configuration rule DB 70. Each configuration rule shown in fig. 6 defines, for each role of a node ("role" in the figure), an installation command for installing an application in the node having the corresponding role ("installation command" in the figure), an OS used by the node having the corresponding role ("OS" in the figure), and a version of the node having the corresponding role ("version" in the figure). Although the installation command is defined as information on the installation procedure of the application in fig. 6, the present disclosure is not limited thereto, and the configuration rule may be different types of information as long as the installation procedure can be acquired. With respect to a node whose role is, for example, "Apache", the output unit 30 determines that the install command is "apt-get install Apache 2" according to the configuration rule shown in fig. 6, and outputs the install command "apt-get install Apache 2" to the evaluation device. When the install command "apt-get install Apache 2" is output, information indicating that the node is associated with a virtual machine corresponding to the node having the role "Apache" is preferably also output.

by doing so, the evaluation device (or an evaluator operating the evaluation device) can install the application in the virtual machine without researching the application to be installed in the virtual machine constituting the virtual network and the installation process of the application.

Next, a process flow of the network construction apparatus 1 according to this embodiment will be described with reference to fig. 7. Fig. 7 is a flowchart showing an example of the processing flow of the network construction apparatus 1 according to this embodiment.

First, the collection unit 10 scans each node connected to the target network and collects environment data of the network according to the collection rule registered in the collection rule DB 40 (step S1).

Next, the design unit 20 designs a virtual network acquired by virtualizing the target network based on the environmental data collected by the collection unit 10, according to the design rule registered in the design rule DB 50 and the constraint rule registered in the constraint rule DB 60 (step S2).

After that, the output unit 30 outputs design data of the virtual network designed by the design unit 20 according to the configuration rule registered in the configuration rule DB 70, and outputs information indicating an installation procedure of an application in each node connected to the network designed as the virtual network (step S3).

as described above, in the network construction apparatus 1 according to this embodiment, the collection unit 10 scans each node connected to the target network to collect the environmental data of the network. This makes it possible to easily collect environment data necessary for constructing a virtual network, such as the role of each node, data of an OS, and the like.

further, the configuration rule DB 70 registers, for each role of a node, a configuration rule indicating an installation procedure of an application in the node having the role. When outputting the design data of the virtual network, the output unit 30 also outputs information on the installation process of the application in each node connected to the network designed as the virtual network according to the configuration rule registered in the configuration rule DB 70. By doing so, the evaluation device of the output destination (or an evaluator operating the evaluation device) can install the application in the virtual machine without studying the application to be installed in the virtual machine constituting the virtual network and the installation process of the application.

hereinafter, an outline of a network construction apparatus according to the present disclosure will be described with reference to fig. 8. Fig. 8 is a diagram showing a configuration example of the network construction apparatus 2 according to the present disclosure. The network construction apparatus 2 includes a collection unit 11, a design unit 21, and an output unit 31.

The collection unit 11 scans each node connected to the target network to collect environmental data of the network. The collecting unit 11 corresponds to the collecting unit 10.

The design unit 21 designs a virtual network acquired by virtualizing the target network based on the environmental data collected by the collection unit 11. The design unit 21 corresponds to the design unit 20.

The output unit 31 outputs design data of the virtual network designed by the design unit 20. The output unit 31 corresponds to the output unit 30.

as described above, in the network construction apparatus 2 according to the present disclosure, the collection unit 11 scans each node connected to the target network to collect the environmental data of the network. This makes it possible to easily collect environmental data necessary for constructing a virtual network.

Although the present disclosure has been described in various aspects with reference to the embodiments, the present disclosure is not limited to the above. Various modifications in the configuration and details as would be understood by those skilled in the art within the scope of the present disclosure may be made in each aspect of the present disclosure.

for example, in the above-described embodiment, each of the functional blocks (the collection unit, the design unit, and the output unit) is provided in the same apparatus, but the present disclosure is not limited thereto. These functional blocks may be provided in separate devices and connected to each other by wire or wirelessly.

each functional block in the above-described embodiments may be configured by hardware or software or both hardware and software, may be configured by one piece of hardware or software, or may be configured by a plurality of pieces of hardware or software. The function (process) of each device may be realized by a computer including a CPU (central processing unit), a memory, and the like. For example, the function (process) of each device may be realized by storing a program for executing the network construction method according to the embodiment in a memory and causing a CPU to execute the program stored in the memory.

the above-described program may be stored and provided to a computer using any type of non-transitory computer-readable medium. Non-transitory computer readable media include any type of tangible storage media. Examples of non-transitory computer readable media include magnetic storage media (such as floppy disks, magnetic tapes, hard disk drives, etc.), optical magnetic storage media, CD-ROMs (compact disc read only memories), CD-rs (compact disc recordable), CD-rs/ws (rewritable optical discs), and semiconductor memories (such as mask ROMs, PROMs (programmable ROMs), EPROMs (erasable PROMs), flash ROMs, RAMs (random access memories), etc.). The program may be provided to a computer using any type of transitory computer readable medium. Examples of transitory computer readable media include electrical signals, optical signals, and electromagnetic waves.

the transitory computer readable medium may provide the program to the computer via a wired communication line (e.g., an electric wire and an optical fiber) or a wireless communication line.

for example, all or some of the embodiments disclosed above may be described as, but not limited to, the following supplementary notes.

(supplementary notes 1)

a network construction apparatus comprising:

a collection unit configured to scan each node connected to a network and collect environment data of the network;

a designing unit configured to design a virtual network acquired by virtualizing the network based on the environmental data collected by the collecting unit; and an output unit configured to output design data of the virtual network designed by the design unit.

(supplementary notes 2)

the network construction apparatus according to supplementary note 1, wherein

for each role of the node, a first rule is stored in a first database, the first rule indicating a device type when the node having the role is placed in the virtual network,

the collection unit collects data indicating a role of each node connected to the network at least as environmental data of the network, and

The design unit determines a device type corresponding to the role of each node connected to the network according to the first rule, and

The design unit places each node connected to the network in the virtual network as a device of the determined device type.

(supplementary notes 3)

the network construction apparatus according to supplementary note 2, wherein

For each role of the node, a second rule is stored in a second database, the second rule indicating an installation procedure for an application in the node having the role, the output unit determines the installation procedure corresponding to the role of each node connected to the network according to the second rule, and

the output unit also outputs information on the installation process in each node connected to the network when it outputs the design data of the virtual network.

(supplementary notes 4)

The network construction apparatus according to any one of supplementary notes 1 to 3, wherein

For each virtual network, a third rule is stored in a third database, the third rule indicating a usage status of resources in the virtual network,

The designing unit assigns resources to each of the plurality of the virtual networks in such a manner that the resources of the plurality of the virtual networks do not overlap with each other according to the third rule when designing the plurality of the virtual networks.

(supplementary notes 5)

a network construction method performed by a network construction apparatus, comprising:

A collection step of scanning each node connected to a network and collecting environmental data of the network;

A design step of designing a virtual network acquired by virtualizing the network based on the environmental data collected in the collection step; and

an output step of outputting design data of the virtual network designed in the design step.

(supplementary notes 6)

the network construction method according to supplementary note 5, wherein

For each role of the node, a first rule is stored in a first database, the first rule indicating a device type when the node having the role is placed in the virtual network,

in the collecting step, data indicating the role of each node connected to the network is collected at least as the environmental data of the network, and

in the designing, the device type corresponding to the role of each node connected to the network is determined according to the first rule, and

in the designing step, each node connected to the network is placed in the virtual network as a device of the determined device type.

(supplementary notes 7)

The network construction method according to supplementary note 6, wherein

For each role of the node, a second rule is stored in a second database, the second rule indicating an installation procedure for an application in the node having the role, in the outputting step, the installation procedure corresponding to the role of each node connected to the network is determined according to the second rule, and

In the outputting, when the design data of the virtual network is output, information on the installation process in each node connected to the network is also output.

(supplementary notes 8)

the network construction method according to any one of supplementary notes 5 to 7, wherein

For each virtual network, a third rule is stored in a third database, the third rule indicating a usage status of resources in the virtual network,

in the designing step, when a plurality of virtual networks are designed, resources are assigned to each of the plurality of virtual networks in accordance with the third rule in such a manner that the resources of the plurality of virtual networks do not overlap with each other.

(supplementary notes 9)

A program that causes a computer to execute:

a collection process for scanning each node connected to a network and collecting environmental data of the network;

A design process for designing a virtual network acquired by virtualizing the network based on the environmental data collected in the collection process; and

A design data output process for outputting the virtual network designed in the design process.

(supplementary notes 10)

the process according to supplementary note 9, wherein

for each role of the node, a first rule is stored in a first database, the first rule indicating a device type when the node having the role is placed in the virtual network,

In the collecting process, data indicating the role of each node connected to the network is collected at least as the environmental data of the network, and

in the designing, the device type corresponding to the role of each node connected to the network is determined according to the first rule, and

in the design process, each node connected to the network is placed in the virtual network as a device of the determined device type.

(supplementary notes 11)

the process according to supplementary note 10, wherein

For each role of the node, a second rule is stored in a second database, the second rule indicating an installation procedure for an application in the node having the role, in the output procedure the installation procedure corresponding to the role of each node connected to the network is determined according to the second rule, and

In the outputting, when the design data of the virtual network is output, information on the installation process in each node connected to the network is also output.

(supplementary notes 12)

The program according to any one of supplementary notes 9 to 11, wherein

For each virtual network, a third rule is stored in a third database, the third rule indicating a usage status of resources in the virtual network,

In the designing, when a plurality of the virtual networks are designed, resources are assigned to each of the plurality of virtual networks in accordance with the third rule in such a manner that the resources of the plurality of virtual networks do not overlap with each other.

The present application is based on and claims priority from japanese patent application No.2017-070503, filed on 31/3/2017, the entire contents of which are incorporated herein by reference.

List of reference numerals

1: network construction device

10: collection unit

20: design unit

30: output unit

40: collection rule DB

50: design rule DB

60: constraint rule DB

70: configuration rule DB

2: network construction device

11: collection unit

21: design unit

31: output unit