(19)
(11)EP 3 208 972 B1

(12)EUROPEAN PATENT SPECIFICATION

(45)Mention of the grant of the patent:
18.12.2019 Bulletin 2019/51

(21)Application number: 16155815.0

(22)Date of filing:  16.02.2016
(51)International Patent Classification (IPC): 
H04L 12/26(2006.01)
H04W 24/08(2009.01)
H04L 12/24(2006.01)

(54)

METHOD FOR ENHANCED TRACING AND/OR MONITORING OF THE NETWORK NODES OF A COMMUNICATION NETWORK, COMMUNICATION NETWORK, A PLURALITY OF VIRTUAL MACHINES, VIRTUALIZED NETWORK FUNCTION MANAGER FUNCTIONALITY, PROGRAM AND COMPUTER PROGRAM PRODUCT

VERFAHREN ZUR VERBESSERTEN VERFOLGUNG UND/ODER ÜBERWACHUNG DES NETZKNOTEN EINES KOMMUNIKATIONSNETZWERKS, KOMMUNIKATIONSNETZWERK, MEHRERE VIRTUELLE MASCHINEN, VIRTUALISIERTE NETZWERKFUNKTIONSMANAGERFUNKTIONALITÄT, PROGRAMM UND COMPUTERPROGRAMMPRODUKT

PROCÉDÉ D'AMÉLIORATION DE TRAÇAGE ET/OU DE SURVEILLANCE DE NOEUDS D'UN RÉSEAU DE COMMUNICATION, RÉSEAU DE COMMUNICATION, UNE PLURALITÉ DE MACHINES VIRTUELLES, UNE FONCTIONNALITÉ DE GESTION DE FONCTION DE RÉSEAU VIRTUEL, PROGRAMME INFORMATIQUE ET PRODUIT LOGICIEL


(84)Designated Contracting States:
AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

(43)Date of publication of application:
23.08.2017 Bulletin 2017/34

(73)Proprietor: Deutsche Telekom AG
53113 Bonn (DE)

(72)Inventor:
  • SOBANIA, Alexander
    53757 Sankt Augustin (DE)

(74)Representative: Schwöbel, Thilo K. et al
Kutzenberger Wolff & Partner Waidmarkt 11
50676 Köln
50676 Köln (DE)


(56)References cited: : 
WO-A1-2015/024838
  
  • MESSINA FABRIZIO ET AL: "An Agent Based Architecture for VM Software Tracking in Cloud Federations", 2014 EIGHTH INTERNATIONAL CONFERENCE ON COMPLEX, INTELLIGENT AND SOFTWARE INTENSIVE SYSTEMS, IEEE, 2 July 2014 (2014-07-02), pages 463-468, XP032653619, DOI: 10.1109/CISIS.2014.66 [retrieved on 2014-10-01]
  • SPIRENT COMMUNICATIONS: "Draft - DGS/NFV-REL004 v0.2.0 (GS NFV-REL 004 ) Active Monitoring and Failure Detection in NFV Environments", ETSI DRAFT; NFV(16)000036, EUROPEAN TELECOMMUNICATIONS STANDARDS INSTITUTE (ETSI), 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS ; FRANCE , vol. NFV Network Functions Virtualisation, no. 2 0 15 January 2016 (2016-01-15), pages 1-69, XP014265125, Retrieved from the Internet: URL:docbox.etsi.org\ISG\NFV\05-CONTRIBUTIO NS\2016\NFV(16)000036_Draft_-_DGS_NFV-REL0 04_v0_2_0__GS_NFV-REL_004____Active_Moni.z ip\NFV-REL004v020_marked1.docx [retrieved on 2016-01-15]
  
Note: Within nine months from the publication of the mention of the grant of the European patent, any person may give notice to the European Patent Office of opposition to the European patent granted. Notice of opposition shall be filed in a written reasoned statement. It shall not be deemed to have been filed until the opposition fee has been paid. (Art. 99(1) European Patent Convention).


Description

BACKGROUND



[0001] The present invention relates to a method for enhanced tracing and/or monitoring of the network nodes of a communication network, wherein the communication network comprises a plurality of virtual machines in a network architecture realizing network function virtualization of the communication network, wherein at least one virtual machine of the plurality of virtual machines realizes or is associated with at least one network node functionality of the communication network by means of sending first data packets to and/or receiving second data packets from other virtual machines of the plurality of virtual machines of the communication network or by means of sending first data packets to and/or receiving second data packets from network nodes within or outside of the communication network.

[0002] Furthermore, the present invention relates to a communication network for enhanced tracing and/or monitoring of the network nodes of the communication network, wherein the communication network comprises a plurality of virtual machines in a network architecture realizing network function virtualization of the communication network, wherein the communication network is configured such that at least one virtual machine of the plurality of virtual machines realizes or is associated with at least one network node functionality of the communication network by means of sending first data packets to and/or receiving second data packets from other virtual machines of the plurality of virtual machines of the communication network or by means of sending first data packets to and/or receiving second data packets from network nodes within or outside of the communication network.

[0003] Furthermore, the present invention relates to a plurality of virtual machines for enhanced tracing and/or monitoring of the network nodes of a communication network, wherein the communication network comprises the plurality of virtual machines in a network architecture realizing network function virtualization of the communication network, wherein the communication network is configured such that at least one virtual machine of the plurality of virtual machines realizes or is associated with at least one network node functionality of the communication network by means of sending first data packets to and/or receiving second data packets from other virtual machines of the plurality of virtual machines of the communication network or by means of sending first data packets to and/or receiving second data packets from network nodes within or outside of the communication network.

[0004] Another aspect of the present invention relates to a computer program product and computer-readable storage medium comprising program code for enhanced tracing and/or monitoring of the network nodes of a communication network according to the inventive method, the inventive communication network, the plurality of virtual machines, and the virtualized network function manager functionality.

[0005] Network management is a big challenge in large-scale enterprise and data center environments. The network must operate reliably and provide high-performance connectivity while ensuring organizational policy management. This situation might be further compounded by provisioning high-level guarantees such as network isolation across complex network boundaries and decoupling logical and physical network using network virtualization schemes.

[0006] In traditional communication networks such as telecommunication networks like 2G, 3G and 4G mobile communication networks (i.e. second/third/fourth generation mobile communication networks), it is, hence, essential to trace or capture data packets which are being exchanged on all kinds of interfaces. This is typically not only required for trouble shooting purposes but also for quality and performance monitoring.

[0007] In order to avoid any kind of dependencies and active manipulation of the traffic, a common approach is to mirror all the traffic on the interface to be captured with hardware, especially dedicated hardware. In this manner, network taps are able to copy the traffic between different points (or interfaces) within the communication network, and forward such traffic to hardware probes or other network nodes that eventually do the analysis of the captured traffic.

[0008] The concept based on network taps and probes typically requires a huge invest in hardware and is difficult to maintain since changes in the network generally require adaptation of the physical cabling and additional configuration changes for conducting the tracing. Hence, such a solution is predominantly applicable to a more or less static communication network, and hence, using such a configuration of a communication network, it is difficult to dynamically scale or grow such a communication network.

[0009] Traditionally, vendors of hardware probes are tightly coupling their software to the hardware and in many cases the software is use case specific. This leads to situations where several hardware probes need to be placed on one and the same interface (or physical node) in order to be able to tap or trace different kinds of information or use cases.

[0010] In addition, new concepts like Network Function Virtualization (NFV) and Software Defined Networks (SDN) are changing the way communication networks are built. The main benefits are the decoupling of the telecommunication software from the hardware through virtualization and a high degree of dynamic automation. However, these benefits constitute huge challenges for the traditional network tracing approach since several network points (or network nodes) might be running on one and the same physical hardware (or server entity) and, hence, traffic between such network points (or network nodes) is not leaving the physical hardware (or server entity) anymore. As a consequence, such traffic cannot be traced or mirrored via taps and forwarded to the probes.

[0011] Additionally, also the automation of such software defined networks, especially implementing network function virtualization, i.e. implying dynamic scaling and auto healing if failures of network nodes occur, renders the configuration of traditional probes almost impossible since the (virtualized) network nodes might move from one physical hardware (or server entity) to another one within minutes and even the number of such (virtualized) network nodes might scale according to the load within the communication network, either within the same physical hardware (or server entity) or even to several data centers (typically comprising a plurality of physical computer nodes). As a consequence, it is not possible to follow such a dynamic reconfiguration of the network nodes of the communication network by physically changing the cabling and/or the probe configuration.

SUMMARY



[0012] It is an object of the present invention to provide a method for enhanced tracing and/or monitoring of the network nodes of a communication network comprising a plurality of virtual machines in a network architecture realizing network function virtualization such that it is possible to realize a greater flexibility, a higher reliability and a reduced maintenance regarding tracing, especially regarding a tracing functionality being more dynamic and independent from the infrastructure and the hardware of the communication network.

[0013] The object of the present invention is achieved by a method for enhanced tracing and/or monitoring of the network nodes of a communication network, according to independent Claim 1.

[0014] It is thereby advantageously possible according to the present invention that the tracing of communication flows is independent of the infrastructure and the hardware implementation of the communication network. By means of implementing the communication network such that at least one, but preferably a plurality virtual machines in the communication network comprises (or preferably comprise) a tracing functionality agent that is a virtualized tracing functionality agent which is integrated in the at least one virtual machine (but preferably integrated within each of the plurality of virtual machines), it is advantageously possible according to the present invention to trace or capture data packets being sent by the virtual machine (or the plurality of virtual machines) - first data packets with respect to the considered virtual machine) and/or to trace and capture data packets being received by the virtual machine (or the plurality of virtual machines) - second data packets with respect to the considered virtual machine). Hence, by means of integrating the tracing functionality agent (or even a plurality of tracing functionality agents) within the virtual machine (or within each of the plurality of virtual machines), it is advantageously possible to realize a tracing functionality which is independent from the infrastructure and the hardware hosting the respective virtual machine, i.e. for the tracing functionality agent, it does not matter on which server entity (or physical computer node) the virtual machine is actually running.

[0015] Additionally, it is advantageously possible to limit the implementation of the tracing functionality, e.g., per tenant or per network slice or per (radio access) technology. For example, it is advantageously possible to implement tracing agents only in virtual machines realizing network functionalities of a 2G mobile communication network (i.e. for a second generation mobile network, for example in order to be compliant with security requirements) (and, e.g., not in virtual machines realizing network functionalities of a 3G or 4G mobile communication network (third or fourth generation mobile network)). Of course, an application vice versa is easily possible as well (i.e. the implementation of the tracing functionality agents only for network nodes of, e.g., 3G mobile communication network.

[0016] According to the present invention, it is advantageously possible that no physical interactions are required for the implementation of the tracing functionality, and, hence, the maintenance of the communication network is by far less operation intense compared to hardware tracing agents.

[0017] A further advantage of the present invention refers to the possibility of being able to easily implement tracing (or monitoring of interfaces or points between different network nodes of the communication network) for different purposes or use cases. As vendors of hardware probes (to provide tracing functionality within a communication network) traditionally have the tendency of providing use case specific software, especially coupling their software to their hardware, the tracing of different kinds of information may, in conventional communication networks, require different approaches regarding tracing such different kinds of information (for different tracing use cases) up to using a plurality of hardware probes at one and the same interface for different use cases. In contrast, the present invention advantageously provides the possibility to reduce such efforts for implementing tracing functionality by means of using general purpose tracing functionality agents, i.e. typically software modules providing tracing functionality without specifically being directed to certain (tracing) use case, i.e. such general purpose tracing functionality agents are able to capture whatever traffic occurs at the corresponding interface (or to and/or from the corresponding virtual (or physical) machine), independent of the content of that traffic. According to the present invention, this provides the further advantage that tracing strategies can be easily applied to all points or interfaces within the communication network that are equipped with such general purpose tracing functionality agents, i.e. the tracing functionality can advantageously be provided independently from the specific application running on (or the specific network node functionality being provided by) a specific virtual (or physical) machine, and hence can be applied to the whole telecommunication network for all use cases.

[0018] According to the present invention it is preferred that the communication network comprises a plurality of tracing functionality agents being virtualized tracing functionality agents, each tracing functionality agent of the plurality of tracing functionality agents being integrated in a virtual machine of the plurality of virtual machines such that the plurality of tracing functionality agents, respectively, trace or capture corresponding data packets being sent or received, respectively, by the virtual machines of the plurality of virtual machines,
wherein the plurality of tracing functionality agents, respectively, transmit the corresponding data packets to the monitoring entity or to the data layer of the communication network.

[0019] Thereby, it is advantageously possible that each virtual machine of a plurality of virtual machines comprises a tracing functionality agent, respectively, and that the corresponding tracing functionality agent - i.e. for each virtual machine of the plurality of virtual machines - traces or monitors first data packets that are sent by the virtual machine considered, and second data packets that are received by the virtual machine considered.

[0020] According to the present invention it is preferred that the tracing functionality agent corresponding to the at least one virtual machine is part of the at least one virtual machine, a part of the software package or image of the at least one virtual machine, in the form of a packet sniffer module and/or a copy operation module.

[0021] Thereby, it is advantageously possible to realize the tracing functionality agent in a very easy and reliable manner, especially independent from the location, i.e. the physical computer node that hosts that virtual machine, or the data center that comprises the physical computer node hosting that virtual machine.

[0022] According to the present invention it is preferred that the communication network comprises at least one data center, wherein the at least one data center comprises the plurality of first physical computer nodes, the plurality of first physical computer nodes comprising, respectively, processing means and storage means, wherein the plurality of first physical computer nodes act as host machines for at least a part of the plurality of virtual machines.

[0023] Thereby, it is advantageously possible to host a multitude of different virtual machines on a plurality of physical computer nodes (or first computer nodes), wherein the computer nodes are especially provided as standardized, multipurpose computer nodes, typically being provided with processing means and storage means being dedicated to each one of the computer nodes, and additional storage capacity that might be shared among a plurality of computer nodes.

[0024] According to a further preferred embodiment of the present invention, the communication network comprises, besides the data center, a further data center, wherein the further data center comprises the plurality of second physical computer nodes, the plurality of second physical computer nodes comprising, respectively, further processing means and further storage means, wherein the plurality of first and second physical computer nodes together act as host machines for the plurality of virtual machines.

[0025] Thereby, it is advantageously possible to host a multitude of different virtual machines (realizing the functionalities of the network nodes of the communication network) on a plurality of physical computer nodes such that load can be shared and/or distributed between different data centers, i.e. between the first computer nodes being located at the data center and the second computer nodes being located at the further data center, thereby avoiding the data center to constitute a single point of failure.

[0026] According to the present invention, it is preferred that in case of the virtual machine being instantiated and/or generated by the virtualized network function manager functionality, instantiated on a specific physical computer node of the first or second physical computer nodes, (that might also be called an orchestration node), the corresponding tracing functionality agent, is likewise instantiated and/or generated by the virtualized network function manager functionality, the corresponding tracing functionality agent being instantiated and/or generated on the same specific physical computer node of the first or second physical computer nodes that also hosts the virtual machine.

[0027] Thereby, it is advantageously possible to assure that the tracing functionality agent moves together with the respective virtual machine, i.e. also with the considered network node of the communication network, for which the tracing functionality is implemented.

[0028] According to the present invention in case of the virtual machine being moved and/or transferred, by the virtualized network function manager functionality, from a specific physical computer node of the first physical computer nodes to a further specific physical computer node of the first or second physical computer nodes, the corresponding tracing functionality agent, is likewise moved and/or transferred, by the virtualized network function manager functionality, from the specific physical computer node to the further specific physical computer node.

[0029] According to the present invention it is preferred that the communication network is a mobile communication network, and wherein the plurality of virtual machines realize or are associated with the network node functionality of at least one of the following:

-- one or a plurality of mobility management entity node(s),

-- one or a plurality of serving gateway node(s),

-- one or a plurality of packet gateway node(s)

-- one or a plurality of network layers of the mobile communication network, related to different radio access technologies.



[0030] According to the present invention it is preferred that the communication network comprises - besides the plurality of virtual machines - a plurality of physical machines being distinct from the first and second physical computer nodes, wherein at least one physical machine of the plurality of physical machines realizes or is associated with at least one network node functionality of the communication network by means of sending first data packets to and/or receiving second data packets from other virtual or physical machines of the communication network or by means of sending first data packets to and/or receiving second data packets from network nodes within or outside of the communication network, wherein at least one additional tracing functionality agent - being part of or running on the at least one physical machine - traces or captures the first data packets being sent by the at least one physical machine and/or the second data packets being received by the at least one physical machine,
wherein the additional tracing functionality agent transmits the first data packets and/or the second data packets to the monitoring entity or to the data layer of the communication network.

[0031] It is thereby advantageously possible to implement a hybrid communication network - comprising both virtual machines and physical. The tracing functionality agents corresponding to the physical machines are also part of the physical machines as the tracing functionality agents corresponding to the virtual machines are part of the virtual machines, hence a global tracing concept both for physical machines and virtual machines is advantageously possible to be implemented.

[0032] Furthermore, the present invention relates to a communications network for enhanced tracing and/or monitoring of the network nodes of the communication network, according to independent Claim 9.

[0033] Thereby, it is advantageously possible according to the present invention to provide a communication network with a general purpose tracing functionality such that the tracing of communication flows is independent of the infrastructure and the hardware implementation of the communication network, i.e. for a tracing functionality agent corresponding to a virtual machine, it does not matter on which server entity (or physical computer node) the virtual machine is actually running.

[0034] Furthermore, the present invention relates to a plurality of virtual machines for enhanced tracing and/or monitoring of the network nodes of the communication network according to Claim 9.

[0035] Thereby, it is advantageously possible according to the present invention to provide a plurality of virtual machines such that the tracing of communication flows is independent of the infrastructure and the hardware implementation hosting the virtual machines.

[0036] Additionally, the present invention relates to a computer program product comprising a computer readable program code which, when executed on a computer or on a physical computer node or on a virtual machine of a communication network causes the computer or the physical computer node or the virtual machine of the communication network to perform the method according to the present invention.

[0037] Still additionally, the present invention relates to a computer-readable storage medium comprising program code which, when executed on a computer or on a physical computer node or on a virtual machine of a communication network causes the computer or the physical computer node or the virtual machine of the communication network to perform the method according to the present invention.

[0038] These and other characteristics, features and advantages of the present invention will become apparent from the following detailed description, taken in conjunction with the accompanying drawings, which illustrate, by way of example, the principles of the invention. The description is given for the sake of example only, without limiting the scope of the invention. The reference figures quoted below refer to the attached drawings.

BRIEF DESCRIPTION OF THE DRAWINGS



[0039] 

Figure 1 schematically illustrate a mobile telecommunications network for enhanced tracing and/or monitoring of the network nodes of a communication network, wherein a mobile communication network is used as an example of a communication network according to the present invention and especially according to the inventive method.

Figure 2 schematically illustrates an overview of a plurality of virtual machines being orchestrated by a virtualized network function manager functionality, wherein tracing within the communication network is realized by each one of the virtual machines comprising a tracing functionality agent that provides tracing information to a monitoring entity or to a data layer of the communication network.

Figure 3 schematically illustrates a data center and a further data center, the data center comprising a plurality of first physical computer nodes, the further data center comprising a plurality of second physical computer nodes, wherein the plurality of first and second physical computer nodes act as host machines for at least a part of the plurality of virtual machines of the communication network.


DETAILED DESCRIPTION



[0040] The present invention will be described with respect to particular embodiments and with reference to certain drawings but the invention is not limited thereto but only by the claims. The drawings described are only schematic and are nonlimiting. In the drawings, the size of some of the elements may be exaggerated and not drawn on scale for illustrative purposes.

[0041] Where an indefinite or definite article is used when referring to a singular noun, e.g. "a", "an", "the", this includes a plural of that noun unless something else is specifically stated.

[0042] Furthermore, the terms first, second, third and the like in the description and in the claims are used for distinguishing between similar elements and not necessarily for describing a sequential or chronological order. It is to be understood that the terms so used are interchangeable under appropriate circumstances and that the embodiments of the invention described herein are capable of operation in other sequences than described or illustrated herein.

[0043] In Figure 1, a communication network 100 according to the present invention is schematically illustrated. According to the exemplary embodiment of Figure 1, the communication network 100 is implemented as a mobile telecommunication network comprising a radio access network 110 and a core network 120. The radio access network 110 of the mobile communication network 100 comprises a plurality of radio cells of which a first radio cell 11 and a second radio cell 12 is exemplarily represented. The radio cells 11, 12 correspond to radio coverage areas of base station entities, typically NodeBs or eNodeBs, of which a first base station entity 111 and a second base station entity 112 is schematically represented in Figure 1. The telecommunications network 100 is configured to provide communication services to a plurality of user equipments 20, 21, 22.

[0044] Especially the core network 120 of the telecommunications network 100 (or communication network 100) - but, at least in principle and/or at least in part also the access network 110 of the communication network 100 - comprises a plurality of network nodes or network entities that are not necessarily represented in detail. The different network nodes or network entities are required for providing different network node functionalities such that the communication network 100 is able to provide the communication services to its users; in the case of a mobile communication network such communication services are typically requested by the user equipments 20, 21, 22.

[0045] For a mobile communication network as an example for an inventive communication network 100, the following examples of network node functionalities could apply (especially for the cases of the mobile communication network being an LTE or UMTS network):

-- the network node functionalities of one or a plurality of mobility management entity node(s),

-- the network node functionalities of one or a plurality of serving gateway node(s),

-- the network node functionalities of one or a plurality of packet gateway node(s)

-- the network node functionalities of one or a plurality of home subscriber server node(s)

-- the network node functionalities of one or a plurality of packet data network node(s)

-- the network node functionalities of one or a plurality of mobile switching center node(s)

-- the network node functionalities of one or a plurality of visitor location register node(s)

-- the network node functionalities of one or a plurality of serving GPRS support node(s) (SGSN).



[0046] The present invention relates to any communication network comprising network nodes that can be virtualized. Accordingly, the mobile communication network shown in Figure 1, especially its core network 120, only represents an example of a communication network according to the present invention. Other examples of an inventive communication network comprise a fixed line telecommunications network or another communication network comprising computer nodes.

[0047] In Figure 2, an overview of a plurality of virtual machines being orchestrated by a virtualized network function manager functionality is schematically shown. Tracing within the communication network 100 is realized by each one of the virtual machines comprising a tracing functionality agent that provides tracing information to a monitoring entity 280 or to a data layer 290 of the communication network 100.

[0048] Figure 3 schematically illustrates a data center 250 and a further data center 251, the data center 250 comprising a plurality of first physical computer nodes 260, the further data center 251 comprising a plurality of second physical computer nodes 261, wherein the plurality of first and second physical computer nodes 260, 261 act as host machines for at least a part of the plurality of virtual machines of the communication network 100.

[0049] According to the present invention, the communication network 100 comprises a plurality of virtual machines in a network architecture realizing network function virtualization of the communication network 100.

[0050] In Figure 2, two such virtual machines are schematically indicated: A first virtual machine is indicated by reference sign 241, and a second virtual machine is indicated by reference sign 242. The plurality of virtual machines realized within the communication network 100 (typically comprising a number of virtual machines far exceeding two virtual machines, such as, e.g., 10 virtual machines, or 50 virtual machines, or 100 virtual machines, or 500 virtual machines) is also referred to by reference sign 220 (indicated by means of a dashed box in Figure 2 comprising the first and second virtual machine 221, 222).

[0051] According to the present invention, at least one virtual machine of the plurality of virtual machines (in the following, the at least one virtual machine is often referred to by means of reference sign 221 of the first virtual machine; however, the at least one virtual machine could also be the second virtual machine 222) realizes or is associated with at least one network node functionality of the communication network 100. In order to realize this functionality, the considered virtual machine

-- sends first data packets to other virtual machines of the plurality of virtual machines of the communication network 100 or to network nodes within or outside of the communication network 100, and/or

-- receives second data packets from other virtual machines of the plurality of virtual machines of the communication network 100 or from network nodes within or outside of the communication network 100.

Typically, also the other virtual machines (besides the at least one virtual machine) of the plurality of virtual machines send, respectively, data packets to other virtual machines of the plurality of virtual machines of the communication network 100 or to network nodes within or outside of the communication network 100, and/or receive data packets from other virtual machines of the plurality of virtual machines of the communication network 100 or from network nodes within or outside of the communication network 100.

[0052] By means of at least one tracing functionality agent, it is possible - within the inventive communication network 100 and according to the inventive method - to monitor and trace the traffic to and from the at least one virtual machine 221 (or 222), i.e. to monitor and trace the first data packets and the second data packets of the at least one virtual machine 221 (or 222). According to the present invention, a tracing functionality agent is always associated to a specific virtual machine, hence in Figure 2 the first virtual machine 221 comprises a (first) tracing functionality agent 241, and the second virtual machine 222 comprises a (second) tracing functionality agent 242, i.e. the at least one tracing functionality agent 241, 242 is integrated in the at least one virtual machine 221, 222 of the plurality of virtual machines 220 such that the at least one tracing functionality agent 241, 242 is a tracing functionality agent corresponding to the at least one virtual machine 221, 222. The plurality of tracing functionality agents realized within the communication network 100 (typically comprising at least one tracing functionality agent per virtual machine) is also referred to by reference sign 240 (indicated by means of a dashed box in Figure 2 comprising the first and second tracing functionality agent 241, 242).

[0053] According to the present invention, the tracing functionality agents 241, 242 are virtualized tracing functionality agents, tracing or capturing the (respective) first data packets being sent by the at least one virtual machine 221, 222 and/or the (respective) second data packets being received by the at least one virtual machine 221, 222. This means that the first tracing functionality agent 241 traces or captures the first data packets with respect to the first virtual machine 221 (i.e. the data packets being sent by the first virtual machine 221) and/or the second data packets with respect to the first virtual machine 221 (i.e. the data packets being received by the first virtual machine 221), and that the second tracing functionality agent 242 traces or captures the first data packets with respect to the second virtual machine 222 (i.e. the data packets being sent by the second virtual machine 222) and/or the second data packets with respect to the second virtual machine 222 (i.e. the data packets being received by the second virtual machine 222). The data packets traced or captured by the plurality of tracing functionality agents 240 are transmitted to a monitoring entity 280 or to a data layer 290 of the communication network 100, thereby forwarding the traffic of the respective virtual machines 221, 222 to the destination entity (i.e. a (preferably centralized) monitoring entity 280 or a data layer 290), especially for analysis purposes.

[0054] According to the present invention, a (centralized) monitoring entity 280 could preferably be used for a specific use case (of a tracing or monitoring need), especially with dedicated analysis software. In this case, it is preferred according to the present invention that several virtual machines send their tracing information (i.e. their first and second data packets) to the centralized monitoring server 280 or monitoring entity 280 where the captured data are merged and can be analyzed for the specific use case. Alternatively or cumulatively to using a monitoring entity 280, and especially in case the tracing information can be used for several use cases, the tracing information (i.e. the first and second data packets captured from the respective virtual machines 221, 222) can be fed into a (typically comparably big) data layer 290 where it is able to be correlated with other information and analyzed afterwards by an additional analyzing layer.

[0055] According to the present invention, the plurality of virtual machines 220 are instantiated and/or generated and/or controlled and/or moved and/or removed by a virtualized network function manager functionality 200 of the communication network 100, the virtualized network function manager functionality 200 acting as an orchestrator to the different virtual machines 220, i.e. it is especially used to deploy, scale and heal virtual machines 220 within the communication network, and especially on different data centers. According to the present invention, the virtualized network function manager functionality 200 typically instantiates or generates a virtual machine 221, 222 by means installing a software configuration (or software packages) within a virtual machine or by means of loading (or copying) an image (or images of a virtual machine) of a software configuration (or of software packages) or of a virtual machine to a physical computer node (not represented in Figure 2) acting as a host machine to the virtual machine to be generated or instantiated.

[0056] According to the present invention, also the tracing functionality agent 241, 242 corresponding to that virtual machine is deployed in the respective virtual machine 221, 222, i.e. as part of the software configuration of the respective virtual machine. According to the present invention, this provides the advantage that in cases that the virtual machine is moved or scaled (e.g. moved to another physical computer node, either being located in the same data center or even in another data center), the entity responsible for such a relocation or transfer of a virtual machine, i.e. the orchestration functionality or virtualized network function manager functionality 200, ensures that the tracing functionality agents 241, 242 are redeployed and moved in the same manner as the corresponding virtual machine 221, 222, i.e. the first tracing functionality agent 241 moves (or is transferred or relocated or removed or deleted) with the first virtual machine 221, and the second tracing functionality agent 242 moves (or is transferred or relocated or removed or deleted) with the second virtual machine 222. This inventive approach provides the possibility of avoiding additional hardware invest (for providing hardware probes) and enables a high degree of automation (i.e. reduces maintenance costs), especially in case of a modification of the communication network 100.

[0057] As schematically shown in Figure 3, according to a preferred embodiment of the present invention, the communication network 100 comprises at least one data center 250, comprising a plurality of first physical computer nodes 260. Typically, such first physical computer nodes 260 comprise, respectively, processing means and storage means, and act as host machines for at least a part of the plurality of virtual machines 220. Furthermore, it is preferred according to the present invention that the communication network 100 comprises, besides the data center 250, a further data center 251, comprising a plurality of second physical computer nodes 261. Likewise, the second physical computer nodes 261 comprise, respectively, further processing means and further storage means. Preferably according to the present invention, in case of two data centers 250, 251, the first and second physical computer nodes 260, 261 together act as host machines for the plurality of virtual machines 220 of the communication network 100,
i.e. the virtualized network function manager functionality 200 (not depicted in Figure 3) is able to generate or instantiate a virtual machine (and especially any virtual machine of the plurality of virtual machines 220) such as the first or second virtual machine 221, 222 on any physical computer node (within any data center, i.e. either on a physical computer node of the first physical computer nodes 260 or on a physical computer node of the second physical computer nodes 261), and/or
the virtualized network function manager functionality 200 is able to move or to relocate a virtual machine (and especially any virtual machine of the plurality of virtual machines 220) such as the first or second virtual machine 221, 222 from one physical computer node (e.g. within the data center 250) to another physical computer node (this other physical computer node being either located within also the data center 250 (i.e. a transfer among the first physical computer nodes 260) or being located within the further data center 251 (i.e. a transfer from a physical computer node of the first physical computer nodes 260 to a physical computer node of the second physical computer nodes 261).

[0058] Hence according to the present invention, it is advantageously possible to provide a tracing functionality that is much more dynamic and is applicable for being used with network architectures using network function virtualization and software defined networks.

[0059] Especially by forwarding the captures traffic (of the virtual machines 221, 222) to a centralized data layer 290, it is advantageously possible according to the present invention that the current data silos can be overcome and the data from different areas are used to discover new use cases of, e.g., network optimization.

[0060] It is especially advantageous according to the present invention to use, as tracing functionality agents 241, 242, relatively simple software modules like, for example, "tcpdump", a Linux packet-sniffer, e.g. in combination with a tool to forward the traffic to the centralized monitoring server 280 or big data layer 290, such as "secure copy".

[0061] According to the present invention, it is also preferred that the communication network 100 comprises - besides the plurality of virtual machines 220 - a plurality of physical machines 320, 321 that are distinct from the first and second physical computer nodes 260, 261 (used for hosting the virtual machines 220). It is thereby advantageously possible to use such physical machines 320, 321 to realize one network node functionality or a plurality of network node functionalities of the communication network 100. In a manner analogous to the virtual machines 220, also the physical machines 320, 321 are, respectively, sending first data packets to other virtual or physical machines of the communication network 100 or to network nodes within or outside of the communication network 100 and/or receiving second data packets from other virtual or physical machines of the communication network 100 or from network nodes within or outside of the communication network 100. Again in a manner analogous to the virtual machines 220, also the physical machines 320, 321, respectively, comprise additional tracing functionality agents (not depicted in Figure 3), the additional tracing functionality agents being part of or running on the physical machines 320, 321 and trace or capture the first data packets being sent by the physical machines 320, 321 and/or the second data packets being received by the physical machine 320, 321. Also the additional tracing functionality agents transmit the first data packets and/or the second data packets to the monitoring entity 280 or to the data layer 290 of the communication network 100.


Claims

1. Method for enhanced tracing and/or monitoring of the network nodes of a communication network (100), wherein the communication network (100) comprises a plurality of virtual machines (220) in a network architecture realizing network function virtualization of the communication network (100), wherein at least one virtual machine (221) of the plurality of virtual machines (220) realizes or is associated with at least one network node functionality of the communication network (100) by means of sending first data packets to and/or receiving second data packets from other virtual machines of the plurality of virtual machines (220) of the communication network (100) or by means of sending first data packets to and/or receiving second data packets from network nodes within or outside of the communication network (100),
wherein the virtual machines of the plurality of virtual machines (220) are instantiated and/or generated and/or controlled and/or moved and/or removed by a virtualized network function manager functionality (200) of the communication network (100),
wherein the communication network (100) comprises at least one tracing functionality agent (241), the at least one tracing functionality agent (241) being a virtualized tracing functionality agent and being integrated in the at least one virtual machine (221) of the plurality of virtual machines (220) such that the at least one tracing functionality agent (241) is a tracing functionality agent (241) corresponding to the at least one virtual machine (221), and traces or captures the first data packets being sent by the at least one virtual machine (221) and/or the second data packets being received by the at least one virtual machine (221), wherein the corresponding tracing functionality agent (241) transmits the first data packets and/or the second data packets to a monitoring entity (280) or to a data layer (290) of the communication network (100),
wherein in case of the virtual machine (221) being moved and/or transferred, by the virtualized network function manager functionality (200), from a specific physical computer node of a plurality of first physical computer nodes (260) to a further specific physical computer node of the plurality of first or a plurality of second physical computer nodes (260, 261), the corresponding tracing functionality agent (241), is likewise moved and/or transferred, by the virtualized network function manager functionality (200), from the specific physical computer node to the further specific physical computer node.
 
2. Method according to claim 1, wherein the communication network (100) comprises a plurality of tracing functionality agents (240) being virtualized tracing functionality agents, each tracing functionality agent of the plurality of tracing functionality agents (240) being integrated in a virtual machine of the plurality of virtual machines (220) such that the plurality of tracing functionality agents (240), respectively, trace or capture corresponding data packets being sent or received, respectively, by the virtual machines of the plurality of virtual machines (220), wherein the plurality of tracing functionality agents (240), respectively, transmit the corresponding data packets to the monitoring entity (280) or to the data layer (290) of the communication network (100).
 
3. Method according to one of the preceding claims, wherein the tracing functionality agent (241) corresponding to the at least one virtual machine (221) is part of the at least one virtual machine (221), a part of the software package or image of the at least one virtual machine (221), in the form of a packet sniffer module and/or a copy operation module.
 
4. Method according to one of the preceding claims, wherein the communication network (100) comprises at least one data center (250), wherein the at least one data center (250) comprises the plurality of first physical computer nodes (260), the plurality of first physical computer nodes (260) comprising, respectively, processing means and storage means, wherein the plurality of first physical computer nodes act as host machines for at least a part of the plurality of virtual machines (220).
 
5. Method according to one of the preceding claims, wherein the communication network (100) comprises, besides the data center (250), a further data center (251), wherein the further data center (251) comprises the plurality of second physical computer nodes (261), the plurality of second physical computer nodes (261) comprising, respectively, further processing means and further storage means, wherein the plurality of first and second physical computer nodes (260, 261) together act as host machines for the plurality of virtual machines (220).
 
6. Method according to one of the preceding claims, wherein in case of the virtual machine (221) being instantiated and/or generated by the virtualized network function manager functionality (200), instantiated on a specific physical computer node of the first or second physical computer nodes (260, 261), the corresponding tracing functionality agent (241), is likewise instantiated and/or generated by the virtualized network function manager functionality (200), the corresponding tracing functionality agent (241) being instantiated and/or generated on the same specific physical computer node of the first or second physical computer nodes (260, 261) that also hosts the virtual machine (221).
 
7. Method according to one of the preceding claims, wherein the communication network (100) is a mobile communication network, and wherein the plurality of virtual machines (220) realize or are associated with the network node functionality of at least one of the following:

-- one or a plurality of mobility management entity node(s),

-- one or a plurality of serving gateway node(s),

-- one or a plurality of packet gateway node(s)

-- one or a plurality of network layers of the mobile communication network, related to different radio access technologies.


 
8. Method according to one of the preceding claims, wherein the communication network (100) comprises, besides the plurality of virtual machines (220), a plurality of physical machines (320, 321) being distinct from the first and second physical computer nodes (260, 261), wherein at least one physical machine of the plurality of physical machines (320, 321) realizes or is associated with at least one network node functionality of the communication network (100) by means of sending first data packets to and/or receiving second data packets from other virtual or physical machines of the communication network (100) or by means of sending first data packets to and/or receiving second data packets from network nodes within or outside of the communication network (100), wherein at least one additional tracing functionality agent, being part of or running on the at least one physical machine, traces or captures the first data packets being sent by the at least one physical machine and/or the second data packets being received by the at least one physical machine,
wherein the additional tracing functionality agent transmits the first data packets and/or the second data packets to the monitoring entity (280) or to the data layer (290) of the communication network (100).
 
9. Communication network (100) for enhanced tracing and/or monitoring of the network nodes of the communication network (100), wherein the communication network (100) comprises a plurality of virtual machines (220) in a network architecture realizing network function virtualization of the communication network (100), wherein the communication network (100) is configured such that at least one virtual machine (221) of the plurality of virtual machines (220) realizes or is associated with at least one network node functionality of the communication network (100) by means of sending first data packets to and/or receiving second data packets from other virtual machines of the plurality of virtual machines (220) of the communication network (100) or by means of sending first data packets to and/or receiving second data packets from network nodes within or outside of the communication network (100),
wherein the communication network (100) is configured such that the virtual machines of the plurality of virtual machines (220) are instantiated and/or generated and/or controlled and/or moved and/or removed by a virtualized network function manager functionality (200) of the communication network (100), wherein the communication network (100) comprises at least one tracing functionality agent (241), the at least one tracing functionality agent (241) being a virtualized tracing functionality agent and being integrated in the at least one virtual machine (221) of the plurality of virtual machines (220) such that the at least one tracing functionality agent (241) is a tracing functionality agent (241) corresponding to the at least one virtual machine (221), and wherein the communication network (100) is configured such that the corresponding tracing functionality agent (241) traces or captures the first data packets being sent by the at least one virtual machine (221) and/or the second data packets being received by the at least one virtual machine (221),
wherein the communication network (100) is further configured such that the corresponding tracing functionality agent (241) transmits the first data packets and/or the second data packets to a monitoring entity (280) or to a data layer (290) of the communication network (100),
wherein the communication network (100) is configured such that in case of the virtual machine (221) being moved and/or transferred, by the virtualized network function manager functionality (200), from a specific physical computer node of a plurality of first physical computer nodes (260) to a further specific physical computer node of the plurality of first or a plurality of second physical computer nodes (260, 261), the corresponding tracing functionality agent (241), is likewise moved and/or transferred, by the virtualized network function manager functionality (200), from the specific physical computer node to the further specific physical computer node.
 
10. The plurality of virtual machines (220) of the communication network (100) according to claim 9, wherein the communication network (100) comprises the plurality of virtual machines (220) in a network architecture realizing network function virtualization of the communication network (100), wherein the communication network (100) is configured such that at least one virtual machine (221) of the plurality of virtual machines (220) realizes or is associated with at least one network node functionality of the communication network (100) by means of sending first data packets to and/or receiving second data packets from other virtual machines of the plurality of virtual machines (220) of the communication network (100) or by means of sending first data packets to and/or receiving second data packets from network nodes within or outside of the communication network (100),
wherein the plurality of virtual machines (220) is configured such that the virtual machines of the plurality of virtual machines (220) are instantiated and/or generated and/or controlled and/or moved and/or removed by a virtualized network function manager functionality (200) of the communication network (100), wherein the communication network (100) comprises at least one tracing functionality agent (241), the at least one tracing functionality agent (241) being a virtualized tracing functionality agent and being integrated in the at least one virtual machine (221) of the plurality of virtual machines (220) such that the at least one tracing functionality agent (241) is a tracing functionality agent (241) corresponding to the at least one virtual machine (221), and wherein the virtual machines (220) are configured such that the corresponding tracing functionality agent (241) traces or captures the first data packets being sent by the at least one virtual machine (221) and/or the second data packets being received by the at least one virtual machine (221),
wherein the virtual machines (220) are further configured such that the corresponding tracing functionality agent (241) transmits the first data packets and/or the second data packets to a monitoring entity (280) or to a data layer (290) of the communication network (100), wherein the plurality of virtual machines (220) is configured such that in case of the virtual machine (221) being moved and/or transferred, by the virtualized network function manager functionality (200), from a specific physical computer node of a plurality of first physical computer nodes (260) to a further specific physical computer node of the plurality of first or a plurality of second physical computer nodes (260, 261), the corresponding tracing functionality agent (241), is likewise moved and/or transferred, by the virtualized network function manager functionality (200), from the specific physical computer node to the further specific physical computer node.
 
11. Computer program product comprising a computer readable program code which, when executed on a computer or on a physical computer node or on a virtual machine of a communication network (100) causes the computer or the physical computer node or the virtual machine of the communication network (100) to perform a method according to all the steps of any one of claims 1 to 8.
 
12. Computer-readable storage medium comprising program code which, when executed on a computer or on a physical computer node or on a virtual machine of a communication network (100) causes the computer or the physical computer node or the virtual machine of the communication network (100) to perform a method according to all the steps of any one of claims 1 to 8.
 


Ansprüche

1. Verfahren zur verbesserten Verfolgung und/oder Überwachung der Netzknoten eines Kommunikationsnetzes (100), wobei das Kommunikationsnetz (100) mehrere virtuelle Maschinen (220) in einer Netzarchitektur umfasst, die eine Virtualisierung von Netzfunktionen des Kommunikationsnetzes (100) realisieren, wobei mindestens eine virtuelle Maschine (221) der mehreren virtuellen Maschinen (220) mindestens eine Netzknotenfunktionalität des Kommunikationsnetzes (100) mittels Senden erster Datenpakete an und/oder Empfangen zweiter Datenpakete von anderen virtuellen Maschinen der mehreren virtuellen Maschinen (220) des Kommunikationsnetzes (100) oder mittels Senden erster Datenpakete an und/oder Empfangen zweiter Datenpakete von Netzknoten innerhalb oder außerhalb des Kommunikationsnetzes (100) realisiert oder ihr zugeordnet ist,
wobei die virtuellen Maschinen der mehreren virtuelle Maschinen (220) durch eine virtualisierte Netzfunktionsmanagerfunktionalität (200) des Kommunikationsnetzes (100) instanziiert und/oder generiert und/oder gesteuert und/oder verschoben und/oder entfernt werden,
wobei das Kommunikationsnetz (100) mindestens einen Verfolgungsfunktionalitätsagenten (241) umfasst, wobei der mindestens eine Verfolgungsfunktionalitätsagent (241) ein virtualisierter Verfolgungsfunktionalitätsagent ist und in die mindestens eine virtuelle Maschine (221) der mehreren virtuelle Maschinen (220) integriert ist, dergestalt, dass der mindestens eine Verfolgungsfunktionalitätsagent (241) ein Verfolgungsfunktionalitätsagent (241) ist, welcher der mindestens einen virtuellen Maschine (221) entspricht, und die ersten Datenpakete, die durch die mindestens eine virtuelle Maschine (221) gesendet werden, und/oder die zweiten Datenpakete, die durch die mindestens eine virtuelle Maschine (221) empfangen werden, verfolgt oder erfasst, wobei der entsprechende Verfolgungsfunktionalitätsagent (241) die ersten Datenpakete und/oder die zweiten Datenpakete an eine Überwachungsentität (280) oder an eine Datenschicht (290) des Kommunikationsnetzes (100) sendet, wobei für den Fall, dass die virtuelle Maschine (221) durch die virtualisierte Netzfunktionsmanagerfunktionalität (200) von einem spezifischen physischen Computerknoten mehrerer erster physischer Computerknoten (260) zu einem weiteren spezifischen physischen Computerknoten der mehreren ersten oder mehrerer zweiter physischer Computerknoten (260, 261) verschoben und/oder übertragen wird, der entsprechende Verfolgungsfunktionalitätsagent (241) gleichermaßen durch die virtualisierte Netzfunktionsmanagerfunktionalität (200) von dem spezifischen physischen Computerknoten zu dem weiteren spezifischen physischen Computerknoten verschoben und/oder übertragen wird.
 
2. Verfahren nach Anspruch 1, wobei das Kommunikationsnetz (100) mehrere Verfolgungsfunktionalitätsagenten (240) umfasst, die virtualisierte Verfolgungsfunktionalitätsagenten sind, wobei jeder Verfolgungsfunktionalitätsagent der mehreren Verfolgungsfunktionalitätsagenten (240) in eine virtuelle Maschine der mehreren virtuelle Maschinen (220) integriert ist, dergestalt, dass die mehreren Verfolgungsfunktionalitätsagenten (240) jeweils entsprechende Datenpakete verfolgen oder erfassen, die durch die virtuellen Maschinen der mehreren virtuelle Maschinen (220) gesendet bzw. empfangen werden, wobei die mehreren Verfolgungsfunktionalitätsagenten (240) jeweils die entsprechenden Datenpakete an die Überwachungsentität (280) oder an die Datenschicht (290) des Kommunikationsnetzes (100) senden.
 
3. Verfahren nach einem der vorangehenden Ansprüche, wobei der Verfolgungsfunktionalitätsagent (241), welcher der mindestens einen virtuellen Maschine (221) entspricht, Teil der mindestens einen virtuellen Maschine (221), ein Teil des Softwarepaketes oder ein Image der mindestens einen virtuellen Maschine (221) in Form eines Packet-Sniffer-Moduls und/oder eines Kopieoperationsmoduls ist.
 
4. Verfahren nach einem der vorangehenden Ansprüche, wobei das Kommunikationsnetz (100) mindestens ein Datenzentrum (250) umfasst, wobei das mindestens eine Datenzentrum (250) die mehreren ersten physischen Computerknoten (260) umfasst, wobei die mehreren ersten physischen Computerknoten (260) jeweils Verarbeitungsmittel und Speichermittel umfassen, wobei die mehreren ersten physischen Computerknoten als Hostmaschinen für mindestens einen Teil der mehreren virtuellen Maschinen (220) dienen.
 
5. Verfahren nach einem der vorangehenden Ansprüche, wobei das Kommunikationsnetz (100) neben dem Datenzentrum (250) ein weiteres Datenzentrum (251) umfasst, wobei das weitere Datenzentrum (251) die mehreren zweiten physischen Computerknoten (261) umfasst, wobei die mehreren zweiten physischen Computerknoten (261) jeweils weitere Verarbeitungsmittel und weitere Speichermittel umfassen, wobei die mehreren ersten und zweiten physischen Computerknoten (260, 261) zusammen als Hostmaschinen für die mehreren virtuellen Maschinen (220) dienen.
 
6. Verfahren nach einem der vorangehenden Ansprüche, wobei für den Fall, dass die virtuelle Maschine (221) durch die virtualisierte Netzfunktionsmanagerfunktionalität (200) instanziiert und/oder generiert wird, die auf einem spezifischen physischen Computerknoten der ersten oder zweiten physischen Computerknotens (260, 261) instanziiert wird, der entsprechende Verfolgungsfunktionalitätsagent (241) gleichermaßen durch die virtualisierte Netzfunktionsmanagerfunktionalität (200) instanziiert und/oder generiert wird, wobei der entsprechende Verfolgungsfunktionalitätsagent (241) auf demselben spezifischen physischen Computerknoten des ersten oder zweiten physischen Computerknotens (260, 261) instanziiert und/oder generiert wird, der auch die virtuelle Maschine (221) hostet.
 
7. Verfahren nach einem der vorangehenden Ansprüche, wobei das Kommunikationsnetz (100) ein Mobilkommunikationsnetz ist, und wobei die mehreren virtuellen Maschinen (220) die Netzknotenfunktionalität von mindestens einem von Folgendem realisiert oder ihr zugeordnet ist:

- einem oder mehreren Mobilitätsmanagemententitätsknoten,

- einem oder mehreren bedienenden Gateway-Knoten,

- einem oder mehreren Packet-Gateway-Knoten,

- einer oder mehreren Netzschichten des Mobilkommunikationsnetzes, die zu verschiedenen Funkzugangstechnologien gehören.


 
8. Verfahren nach einem der vorangehenden Ansprüche, wobei das Kommunikationsnetz (100) neben den mehreren virtuellen Maschinen (220) mehrere physische Maschinen (320, 321) umfasst, die sich von den ersten und zweiten physischen Computerknoten (260, 261) unterscheiden, wobei mindestens eine physische Maschine der mehreren physischen Maschinen (320, 321) mindestens eine Netzknotenfunktionalität des Kommunikationsnetzes (100) mittels Senden erster Datenpakete an und/oder Empfangen zweiter Datenpakete von anderen virtuellen oder physischen Maschinen des Kommunikationsnetzes (100) oder mittels Senden erster Datenpakete an und/oder Empfangen zweiter Datenpakete von Netzknoten innerhalb oder außerhalb des Kommunikationsnetzes (100) realisiert oder ihr zugeordnet ist, wobei mindestens ein zusätzlicher Verfolgungsfunktionalitätsagent, der Teil der mindestens einen physischen Maschine ist oder auf ihr läuft, die ersten Datenpakete, die durch die mindestens eine physische Maschine gesendet werden, und/oder die zweiten Datenpakete, die durch die mindestens eine physische Maschine empfangen werden, verfolgt oder erfasst, wobei der zusätzliche Verfolgungsfunktionalitätsagent die ersten Datenpakete und/oder die zweiten Datenpakete an die Überwachungsentität (280) oder an die Datenschicht (290) des Kommunikationsnetzes (100) sendet.
 
9. Kommunikationsnetz (100) zur verbesserten Verfolgung und/oder Überwachung der Netzknoten des Kommunikationsnetzes (100), wobei das Kommunikationsnetz (100) mehrere virtuelle Maschinen (220) in einer Netzarchitektur umfasst, die eine Virtualisierung von Netzfunktionen des Kommunikationsnetzes (100) realisiert, wobei das Kommunikationsnetz (100) so eingerichtet ist, dass mindestens eine virtuelle Maschine (221) der mehreren virtuellen Maschinen (220) mindestens eine Netzknotenfunktionalität des Kommunikationsnetzes (100) mittels Senden erster Datenpakete an und/oder Empfangen zweiter Datenpakete von anderen virtuellen Maschinen der mehreren virtuellen Maschinen (220) des Kommunikationsnetzes (100) oder mittels Senden erster Datenpakete an und/oder Empfangen zweiter Datenpakete von Netzknoten innerhalb oder außerhalb des Kommunikationsnetzes (100) realisiert oder ihr zugeordnet ist,
wobei das Kommunikationsnetz (100) so eingerichtet ist, dass die virtuellen Maschinen der mehreren virtuellen Maschinen (220) durch eine virtualisierte Netzfunktionsmanagerfunktionalität (200) des Kommunikationsnetzes (100) instanziiert und/oder generiert und/oder gesteuert und/oder verschoben und/oder entfernt werden,
wobei das Kommunikationsnetz (100) mindestens einen Verfolgungsfunktionalitätsagenten (241) umfasst, wobei der mindestens eine Verfolgungsfunktionalitätsagent (241) ein virtualisierter Verfolgungsfunktionalitätsagent ist und in die mindestens eine virtuelle Maschine (221) der mehreren virtuelle Maschinen (220) integriert ist, dergestalt, dass der mindestens eine Verfolgungsfunktionalitätsagent (241) ein Verfolgungsfunktionalitätsagent (241) ist, welcher der mindestens einen virtuellen Maschine (221) entspricht, und wobei das Kommunikationsnetz (100) so eingerichtet ist, dass der entsprechende Verfolgungsfunktionalitätsagent (241) die ersten Datenpakete, die durch die mindestens eine virtuelle Maschine (221) gesendet werden, und/oder die zweiten Datenpakete, die durch die mindestens eine virtuelle Maschine (221) empfangen werden, verfolgt oder erfasst, wobei das Kommunikationsnetz (100) des Weiteren so eingerichtet ist, dass der entsprechende Verfolgungsfunktionalitätsagent (241) die ersten Datenpakete und/oder die zweiten Datenpakete an eine Überwachungsentität (280) oder an eine Datenschicht (290) des Kommunikationsnetzes (100) sendet,
wobei das Kommunikationsnetz (100) so eingerichtet ist, dass für den Fall, dass die virtuelle Maschine (221) durch die virtualisierte Netzfunktionsmanagerfunktionalität (200) von einem spezifischen physischen Computerknoten mehrerer erster physischer Computerknoten (260) zu einem weiteren spezifischen physischen Computerknoten der mehreren ersten oder mehrerer zweiter physischer Computerknoten (260, 261) verschoben und/oder übertragen wird, der entsprechende Verfolgungsfunktionalitätsagent (241) gleichermaßen durch die virtualisierte Netzfunktionsmanagerfunktionalität (200) von dem spezifischen physischen Computerknoten zu dem weiteren spezifischen physischen Computerknoten verschoben und/oder übertragen wird.
 
10. Mehrere virtuelle Maschinen (220) des Kommunikationsnetzes (100) nach Anspruch 9, wobei das Kommunikationsnetz (100) die mehreren virtuellen Maschinen (220) in einer Netzarchitektur umfasst, die eine Virtualisierung von Netzfunktionen des Kommunikationsnetzes (100) realisiert, wobei das Kommunikationsnetz (100) so eingerichtet ist, dass mindestens eine virtuelle Maschine (221) der mehreren virtuellen Maschinen (220) mindestens eine Netzknotenfunktionalität des Kommunikationsnetzes (100) mittels Senden erster Datenpakete an und/oder Empfangen zweiter Datenpakete von anderen virtuellen Maschinen der mehreren virtuellen Maschinen (220) des Kommunikationsnetzes (100) oder mittels Senden erster Datenpakete an und/oder Empfangen zweiter Datenpakete von Netzknoten innerhalb oder außerhalb des Kommunikationsnetzes (100) realisiert oder ihr zugeordnet ist, wobei die mehreren virtuellen Maschinen (220) so eingerichtet sind, dass die virtuellen Maschinen der mehreren virtuellen Maschinen (220) durch eine virtualisierte Netzfunktionsmanagerfunktionalität (200) des Kommunikationsnetzes (100) instanziiert und/oder generiert und/oder gesteuert und/oder verschoben und/oder entfernt werden, wobei das Kommunikationsnetz (100) mindestens einen Verfolgungsfunktionalitätsagenten (241) umfasst, wobei der mindestens eine Verfolgungsfunktionalitätsagent (241) ein virtualisierter Verfolgungsfunktionalitätsagent ist und in die mindestens eine virtuelle Maschine (221) der mehreren virtuelle Maschinen (220) integriert ist, dergestalt, dass der mindestens eine Verfolgungsfunktionalitätsagent (241) ein Verfolgungsfunktionalitätsagent (241) ist, welcher der mindestens einen virtuellen Maschine (221) entspricht, und wobei die virtuellen Maschinen (220) so eingerichtet sind, dass der entsprechende Verfolgungsfunktionalitätsagent (241) die ersten Datenpakete, die durch die mindestens eine virtuelle Maschine (221) gesendet werden, und/oder die zweiten Datenpakete, die durch die mindestens eine virtuelle Maschine (221) empfangen werden, verfolgt oder erfasst, wobei die virtuellen Maschinen (220) des Weiteren so eingerichtet sind, dass der entsprechende Verfolgungsfunktionalitätsagent (241) die ersten Datenpakete und/oder die zweiten Datenpakete an eine Überwachungsentität (280) oder an eine Datenschicht (290) des Kommunikationsnetzes (100) sendet, wobei die mehreren virtuellen Maschinen (220) so eingerichtet sind, dass für den Fall, dass die virtuelle Maschine (221) durch die virtualisierte Netzfunktionsmanagerfunktionalität (200) von einem spezifischen physischen Computerknoten mehrerer erster physischer Computerknoten (260) zu einem weiteren spezifischen physischen Computerknoten der mehreren ersten oder mehrerer zweiter physischer Computerknoten (260, 261) verschoben und/oder übertragen wird, der entsprechende Verfolgungsfunktionalitätsagent (241) gleichermaßen durch die virtualisierte Netzfunktionsmanagerfunktionalität (200) von dem spezifischen physischen Computerknoten zu dem weiteren spezifischen physischen Computerknoten verschoben und/oder übertragen wird.
 
11. Computerprogrammprodukt, das einen computerlesbaren Programmcode umfasst, der, wenn er auf einem Computer oder auf einem physischen Computerknoten oder auf einer virtuelle Maschine eines Kommunikationsnetzes (100) ausgeführt wird, den Computer oder den physischen Computerknoten oder die virtuelle Maschine des Kommunikationsnetzes (100) veranlasst, ein Verfahren gemäß allen Schritten nach einem der Ansprüche 1 bis 8 auszuführen.
 
12. Computerlesbares Speichermedium, das Programmcode umfasst, der, wenn er auf einem Computer oder auf einem physischen Computerknoten oder auf einer virtuelle Maschine eines Kommunikationsnetzes (100) ausgeführt wird, den Computer oder den physischen Computerknoten oder die virtuelle Maschine des Kommunikationsnetzes (100) veranlasst, ein Verfahren gemäß allen Schritten nach einem der Ansprüche 1 bis 8 auszuführen.
 


Revendications

1. Procédé de traçage et/ou de surveillance renforcés des nœuds de réseau d'un réseau de communication (100), dans lequel le réseau de communication (100) comprend une pluralité de machines virtuelles (220) dans une architecture de réseau réalisant la virtualisation de fonctions de réseau du réseau de communication (100), dans lequel au moins une machine virtuelle (221) de la pluralité de machines virtuelles (220) réalise ou est associée à au moins une fonctionnalité de nœud de réseau du réseau de communication (100) au moyen de l'envoi de premiers paquets de données vers et/ou de la réception de seconds paquets de données à partir d'autres machines virtuelles de la pluralité de machines virtuelles (220) du réseau de communication (100) ou au moyen de l'envoi de premiers paquets de données vers et/ou de la réception de seconds paquets de données à partir de nœuds de réseau à l'intérieur ou à l'extérieur du réseau de communication (100),
dans lequel les machines virtuelles de la pluralité de machines virtuelles (220) sont instanciées et/ou générées et/ou commandées et/ou déplacées et/ou supprimées par une fonctionnalité de gestionnaire de fonctions de réseau virtualisées (200) du réseau de communication (100),
dans lequel le réseau de communication (100) comprend au moins un agent de fonctionnalité de traçage (241), le au moins un agent de fonctionnalité de traçage (241) étant un agent de fonctionnalité de traçage virtualisé et étant intégré dans la au moins une machine virtuelle (221) de la pluralité de machines virtuelles (220) de telle sorte que le au moins un agent de fonctionnalité de traçage (241) est un agent de fonctionnalité de traçage (241) correspondant à la au moins une machine virtuelle (221), et trace ou capture les premiers paquets de données qui sont envoyés par la au moins une machine virtuelle (221) et/ou les seconds paquets de données qui sont reçus par la au moins une machine virtuelle (221), dans lequel l'agent de fonctionnalité de traçage correspondant (241) transmet les premiers paquets de données et/ou les seconds paquets de données à une entité de surveillance (280) ou à une couche de données (290) du réseau de communication (100),
dans lequel, dans le cas où la machine virtuelle (221) est déplacée et/ou transférée par la fonctionnalité de gestionnaire de fonctions de réseau virtualisées (200), à partir d'un nœud d'ordinateur physique spécifique d'une pluralité de premiers nœuds d'ordinateurs physiques (260) vers un autre nœud d'ordinateur physique spécifique de la pluralité de premiers ou d'une pluralité de seconds nœuds d'ordinateurs physiques (260, 261), l'agent de fonctionnalité de traçage correspondant (241) est également déplacé et/ou transféré, par la fonctionnalité de gestionnaire de fonctions de réseau virtualisées (200), à partir du nœud d'ordinateur physique spécifique vers l'autre nœud d'ordinateur physique spécifique.
 
2. Procédé selon la revendication 1, dans lequel le réseau de communication (100) comprend une pluralité d'agents de fonctionnalité de traçage (240) qui sont des agents de fonctionnalité de traçage virtualisés, chaque agent de fonctionnalité de traçage de la pluralité d'agents de fonctionnalité de traçage (240) étant intégré dans une machine virtuelle de la pluralité de machines virtuelles (220) de telle sorte que la pluralité d'agents de fonctionnalité de traçage (240), respectivement, tracent ou capturent des paquets de données correspondant qui sont envoyés ou reçus, respectivement, par les machines virtuelles de la pluralité de machines virtuelles (220), dans lequel la pluralité d'agents de fonctionnalité de traçage (240), respectivement, transmettent les paquets de données correspondant à l'entité de surveillance (280) ou à la couche de données (290) du réseau de communication (100).
 
3. Procédé selon l'une quelconque des revendications précédentes, dans lequel l'agent de fonctionnalité de traçage (241) correspondant à la au moins une machine virtuelle (221) fait partie de la au moins une machine virtuelle (221), est une partie du logiciel ou d'une image de la au moins une machine virtuelle (221), sous la forme d'un module renifleur de paquets et/ou d'un module d'opération de copie.
 
4. Procédé selon l'une quelconque des revendications précédentes, dans lequel le réseau de communication (100) comprend au moins un centre de données (250), dans lequel le au moins un centre de données (250) comprend la pluralité de premiers nœuds d'ordinateurs physiques (260), la pluralité des premiers nœuds d'ordinateurs physiques (260) comprenant, respectivement, des moyens de traitement et des moyens de stockage, dans lequel la pluralité de premiers nœuds d'ordinateurs physiques agissent en tant que machines hôtes pour au moins une partie de la pluralité de machines virtuelles (220).
 
5. Procédé selon l'une quelconque des revendications précédentes, dans lequel le réseau de communication (100) comprend, en plus du centre de données (250), un centre de données supplémentaire (251), dans lequel le centre de données supplémentaire (251) comprend la pluralité de seconds nœuds d'ordinateurs physiques (261), la pluralité de seconds nœuds d'ordinateurs physiques (261) comprenant, respectivement, d'autres moyens de traitement et d'autres moyens de stockage, dans lequel la pluralité de premiers et seconds nœuds d'ordinateurs physiques (260, 261) agissent ensemble en tant que machines hôtes pour la pluralité de machines virtuelles (220).
 
6. Procédé selon l'une quelconque des revendications précédentes, dans lequel, dans le cas où la machine virtuelle (221) est instanciée et/ou générée par la fonctionnalité de gestionnaire de fonctions de réseau virtualisées (200), instanciée sur un nœud d'ordinateur physique spécifique des premiers ou seconds nœuds d'ordinateurs physiques (260, 261), l'agent de fonctionnalité de traçage correspondant (241) est également instancié et/ou généré par la fonctionnalité de gestionnaire de fonctions de réseau virtualisées (200), l'agent de fonctionnalité de traçage correspondant (241) étant instancié et/ou généré sur le même nœud d'ordinateur physique spécifique des premiers ou seconds nœuds d'ordinateurs physiques (260, 261) qui accueille également la machine virtuelle (221).
 
7. Procédé selon l'une quelconque des revendications précédentes, dans lequel le réseau de communication (100) est un réseau de communication mobile, et dans lequel la pluralité de machines virtuelles (220) réalisent ou sont associées à la fonctionnalité de nœud de réseau d'au moins l'un parmi :

- un ou une pluralité de nœuds d'entité de gestion de la mobilité,

- un ou une pluralité de nœuds de passerelle de desserte,

- un ou une pluralité de nœuds de passerelle de paquets,

- une ou une pluralité de couches de réseau du réseau de communication mobile, en relation avec différentes technologies d'accès radio.


 
8. Procédé selon l'une quelconque des revendications précédentes, dans lequel le réseau de communication (100) comprend, en plus de la pluralité de machines virtuelles (220), une pluralité de machines physiques (320, 321) qui sont distinctes des premiers et seconds nœuds d'ordinateurs physiques (260, 261), dans lequel au moins une machine physique de la pluralité de machines physiques (320, 321) réalise ou est associée à au moins une fonctionnalité de nœud de réseau du réseau de communication (100) au moyen de l'envoi de premiers paquets de données vers et/ou de la réception de seconds paquets de données à partir d'autres machines virtuelles ou physiques du réseau de communication (100) ou au moyen de l'envoi de premiers paquets de données vers et/ou de la réception de seconds paquets de données à partir de nœuds de réseau à l'intérieur ou à l'extérieur du réseau de communication (100), dans lequel au moins un agent de fonctionnalité de traçage supplémentaire, faisant partie de ou s'exécutant sur la au moins une machine physique, trace ou capture les premiers paquets de données qui sont envoyés par ladite au moins une machine physique et/ou les seconds paquets de données qui sont reçus par la au moins une machine physique,
dans lequel l'agent de fonctionnalité de traçage supplémentaire transmet les premiers paquets de données et/ou les seconds paquets de données à l'entité de surveillance (280) ou à la couche de données (290) du réseau de communication (100).
 
9. Réseau de communication (100) pour le traçage et/ou la surveillance renforcés des nœuds de réseau du réseau de communication (100), dans lequel le réseau de communication (100) comprend une pluralité de machines virtuelles (220) dans une architecture de réseau réalisant la virtualisation de fonctions de réseau du réseau de communication (100), dans lequel le réseau de communication (100) est configuré de telle sorte qu'au moins une machine virtuelle (221) de la pluralité de machines virtuelles (220) réalise ou est associée à au moins une fonctionnalité de nœud de réseau du réseau de communication (100) au moyen de l'envoi de premiers paquets de données vers et/ou de la réception de seconds paquets de données à partir d'autres machines virtuelles de la pluralité de machines virtuelles (220) du réseau de communication (100) ou au moyen de l'envoi de premiers paquets de données vers et/ou de la réception de seconds paquets de données à partir de nœuds de réseau à l'intérieur ou à l'extérieur du réseau de communication (100),
dans lequel le réseau de communication (100) est configuré de telle sorte que les machines virtuelles de la pluralité de machines virtuelles (220) sont instanciées et/ou générées et/ou commandées et/ou déplacées et/ou supprimées par une fonctionnalité de gestionnaire de fonctions de réseau virtualisées (200) du réseau de communication (100), dans lequel le réseau de communication (100) comprend au moins un agent de fonctionnalité de traçage (241), le au moins un agent de fonctionnalité de traçage (241) étant un agent de fonctionnalité de traçage virtualisé et étant intégré dans la au moins une machine virtuelle (221) de la pluralité de machines virtuelles (220) de telle sorte que le au moins un agent de fonctionnalité de traçage (241) est un agent de fonctionnalité de traçage (241) correspondant à la au moins une machine virtuelle (221), et dans lequel le réseau de communication (100) est configuré de telle sorte que l'agent de fonctionnalité de traçage correspondant (241) trace ou capture les premiers paquets de données qui sont envoyés par la au moins une machine virtuelle (221) et/ou les seconds paquets de données qui sont reçus par la au moins une machine virtuelle (221),
dans lequel le réseau de communication (100) est en outre configuré de telle sorte que l'agent de fonctionnalité de traçage correspondant (241) transmet les premiers paquets de données et/ou les seconds paquets de données à une entité de surveillance (280) ou à une couche de données (290) du réseau de communication (100),
dans lequel le réseau de communication (100) est configuré de telle sorte que, dans le cas où la machine virtuelle (221) est déplacée et/ou transférée par la fonctionnalité de gestionnaire de fonctions de réseau virtualisées (200), à partir d'un nœud d'ordinateur physique spécifique d'une pluralité de premiers nœuds d'ordinateurs physiques (260) vers un autre nœud d'ordinateur physique spécifique de la pluralité de premiers ou d'une pluralité de seconds nœuds d'ordinateurs physiques (260, 261), l'agent de fonctionnalité de traçage correspondant (241) est également déplacé et/ou transféré, par la fonctionnalité de gestionnaire de fonctions de réseau virtualisées (200), à partir du nœud d'ordinateur physique spécifique vers l'autre nœud d'ordinateur physique spécifique.
 
10. La pluralité de machines virtuelles (220) du réseau de communication (100) selon la revendication 9, dans laquelle le réseau de communication (100) comprend la pluralité de machines virtuelles (220) dans une architecture de réseau réalisant la virtualisation de fonctions de réseau du réseau de communication (100), dans laquelle le réseau de communication (100) est configuré de telle sorte qu'au moins une machine virtuelle (221) de la pluralité de machines virtuelles (220) réalise ou est associée à au moins une fonctionnalité de nœud de réseau du réseau de communication (100) au moyen de l'envoi de premiers paquets de données vers et/ou de la réception de seconds paquets de données à partir d'autres machines virtuelles de la pluralité de machines virtuelles (220) du réseau de communication (100) ou au moyen de l'envoi de premiers paquets de données vers et/ou de la réception de seconds paquets de données à partir de nœuds de réseau à l'intérieur ou à l'extérieur du réseau de communication (100),
dans laquelle la pluralité de machines virtuelles (220) sont configurées de telle sorte que les machines virtuelles de la pluralité de machines virtuelles (220) sont instanciées et/ou générées et/ou commandées et/ou déplacées et/ou supprimées par une fonctionnalité de gestionnaire de fonctions de réseau virtualisées (200) du réseau de communication (100), dans laquelle le réseau de communication (100) comprend au moins un agent de fonctionnalité de traçage (241), le au moins un agent de fonctionnalité de traçage (241) étant un agent de fonctionnalité de traçage virtualisé et étant intégré dans la au moins une machine virtuelle (221) de la pluralité de machines virtuelles (220) de telle sorte que le au moins un agent de fonctionnalité de traçage (241) est un agent de fonctionnalité de traçage (241) correspondant à la au moins une machine virtuelle (221), et dans laquelle le réseau de communication (100) est configuré de telle sorte que l'agent de fonctionnalité de traçage correspondant (241) trace ou capture les premiers paquets de données qui sont envoyés par la au moins une machine virtuelle (221) et/ou les seconds paquets de données qui sont reçus par la au moins une machine virtuelle (221),
dans laquelle les machines virtuelles (220) sont en outre configurées de telle sorte que l'agent de fonctionnalité de traçage correspondant (241) transmet les premiers paquets de données et/ou les seconds paquets de données à une entité de surveillance (280) ou à une couche de données (290) du réseau de communication (100), dans laquelle la pluralité de machines virtuelles (220) sont configurées de telle sorte que dans le cas où la machine virtuelle (221) est déplacée et/ou transférée par la fonctionnalité de gestionnaire de fonctions de réseau virtualisées (200), à partir d'un nœud d'ordinateur physique spécifique d'une pluralité de premiers nœuds d'ordinateurs physiques (260) vers un autre nœud d'ordinateur physique spécifique de la pluralité de premiers ou d'une pluralité de seconds nœuds d'ordinateurs physiques (260, 261), l'agent de fonctionnalité de traçage correspondant (241) est également déplacé et/ou transféré, par la fonctionnalité de gestionnaire de fonctions de réseau virtualisées (200), à partir du nœud d'ordinateur physique spécifique vers l'autre nœud d'ordinateur physique spécifique.
 
11. Produit de programme informatique comprenant un code de programme lisible par ordinateur qui, lorsqu'il est exécuté sur un ordinateur ou sur un nœud d'ordinateur physique ou sur une machine virtuelle d'un réseau de communication (100), amène l'ordinateur ou le nœud d'ordinateur physique ou la machine virtuelle du réseau de communication (100) à exécuter un procédé selon toutes les étapes de l'une quelconque des revendications 1 à 8.
 
12. Support de stockage lisible par ordinateur comprenant un code de programme qui, lorsqu'il est exécuté sur un ordinateur ou sur un nœud d'ordinateur physique ou sur une machine virtuelle d'un réseau de communication (100), amène l'ordinateur ou le nœud d'ordinateur physique ou la machine virtuelle du réseau de communication (100) à exécuter un procédé selon toutes les étapes de l'une quelconque des revendications 1 à 8.
 




Drawing