Various techniques about a computer network are known (for example, refer to Patent Literatures 1 to 4). In Patent Literature 1, a technique of an IP flow table is described in which IP/MAC source address and destination address and an output physical port number are registered. In Patent Literature 2, a technique of a communication unit is described in which a route to another communication unit is determined based on stored routing information and also the routing information is updated according to update information. In Patent Literature 3, a technique of a packet relay unit is described in which a change of route information is received and corresponding information of a route table is registered, deleted and changed. In Patent Literature 4, a technique of a transmission route information addition function is described in which set route information is added to a packet which is transmitted to a relay unit. Also, a technique of the relay unit is described in which the route information is extracted from a received packet and when the packet is not destined to the relay unit, the packet is transferred to another relay unit.
A computer network such as Ethernet (registered trademark) is a distribution type that a switch (or a router) operates independently. For this reason, it is difficult to correctly and quickly grasp a phenomenon which happens in the network, and it takes a long time to specify a fault occurrence portion and recover from the fault. Also, because it is necessary for each switch to have capability enough to operating independently, the function of the switch becomes complicated.
In order to solve such a problem, a new network architecture which is called OpenFlow has been proposed (for example, refer to Non-Patent Literature 1). The OpenFlow realizes visualization of a network in a high level by performing the centralized control on the network as in a telephone network. Also, in the OpenFlow, it is possible to relatively reduce the function to be accomplished by the switch. Therefore, the switch becomes cheaper so that the cost of the whole network can be lowered.
FIG. 1 is a block diagram showing a configuration of a network system which is based on the OpenFlow (hereinafter, to be referred to as an “OpenFlow communication system”). The OpenFlow communication system is provided with an OpenFlow controller 10, OpenFlow switches 11 and links 13 which link them, as main components. FIG. 1 shows the OpenFlow communication system which is provided with a plurality of the OpenFlow switches 11. In the following description, to distinguish the plurality of the OpenFlow switches 11 from each other, a branch number is used, as a first OpenFlow switch 11-1.
The OpenFlow controller 10 is charged with a plurality of roles. The OpenFlow controller 10 performs the recognition of a network topology, the control of the OpenFlow switches 11, the monitoring of a fault in the OpenFlow switches 11 and the link 13, the determination of a communication route for a packet 40, and so on.
The OpenFlow switch 11 relays packets 40 from a neighbor terminal 12 and another OpenFlow switch 11, like an existing Ethernet (registered trademark) switch and an IP router. It should be noted that in the following description, to distinguish the plurality of the terminals 12 from each other, a branch number is used as a first terminal 12-1.
FIG. 2 is a block diagram showing a configuration of the OpenFlow switch 11. The OpenFlow switch 11 is provided with input ports 20, output ports 21, a local managing section 22, a flow table 23 and a packet switch 24, as main components.
The input port 20 receives the packet 40 from another OpenFlow switch 11 or terminal 12. The output port 21 transmits the packet 40 to another OpenFlow switch 11 or terminal 12.
The local managing section 22 communicates with the OpenFlow controller 10 and updates the flow table 23 according to an instruction from the OpenFlow controller 10. Also, the local managing section 22 supplies the packet 40 to the packet switch 24 in response to an instruction from the OpenFlow controller 10. Moreover, the local managing section 22 transmits the packet 40 received through the input port 20 from an external unit to the OpenFlow controller 10 according to necessity.
The packet switch 24 transfers the packet 40 for the output port 21 obtained by referring to the flow table 23 or the output port 21 instructed by the local managing section 22. The flow table 23 stores data used to handle the packet 40 supplied to the OpenFlow switch 11.
FIG. 3 is a block diagram showing the configuration of the flow table 23. The flow table 23 retains a set of flow entries 30. Each flow entry 30 is provided with two fields of a matching condition 31 and an action 32.
Every time the OpenFlow switch 11 receives the packet 40 from the external unit, the OpenFlow switch 11 refers to the flow table 23 to compare the packet 40 and the matching conditions 31. For example, when one of the matching conditions 31 is met, the action 32 corresponding to the matching condition 31 is applied to the packet 40. When the packet 40 does not meet all the matching conditions 31, the OpenFlow switch 11 transmits the packet 40 to the OpenFlow controller 10. Each matching condition 31 includes a protocol number of network layer (IP), source/destination addresses, source/destination port numbers in a transport layer (TCP or UDP), MAC addresses of source/destination in a data link layer (Ethernet (registered trademark)), a type value, a conditional equation of VLAN-ID and so on.
Operations such as “output the packet 40 for a specific output port 21”, “discard the packet 40”, or so on are defined by the action 32.
FIG. 4 is a flow chart showing an operation of the OpenFlow controller 10 and the OpenFlow switch 11. FIG. 4 shows a communication flow from a first terminal 12-1 as a transmission source to a third terminal 12-3 as a destination in the OpenFlow communication system shown in FIG. 1. Also, it is supposed that the flow tables 23 of all the OpenFlow switches 11 are empty (Empty) in the initial state.
The first terminal 12-1 transmits a first packet 40 which belongs to a flow. At step S1, the first OpenFlow switch 11-1 receives the packet 40 at the input port 20. Then, at step S2, the first OpenFlow switch 11-1 checks whether or not the matching condition 31 matching to the packet 40 exists in the flow table 23. Because the flow table 23 is empty at this point, the search of the flow table 23 fails (arrow to No). At step S3, the first OpenFlow switch 11-1 transmits the packet 40 to the OpenFlow controller 10.
At step S11, the OpenFlow controller 10 receives the packet 40 from first OpenFlow switch 11-1. At step S12, the OpenFlow controller 10 extracts an address of the terminal 12 (first terminal 12-1) as a transmission source and an address of the terminal 12 (third terminal 12-3) as a destination and so on from the packet 40, and calculates a route for the packet 40 to be transferred. The OpenFlow controller 10 can select an appropriate route because it grasps the topology of the network. Referring to FIG. 1, the communication route of the packet 40 is determined as a route from the first OpenFlow switch 11-1 to the second the OpenFlow switch 11-2, to the third OpenFlow switch 11-3.
At step S13, the OpenFlow controller 10 issues instructions to all the OpenFlow switches 11 on the route, to update the flow tables 23, after the calculation of the route.
At step S4, each of the first OpenFlow switch 11-1 to the third OpenFlow switch 11-3 adds a new flow entry 30 to the flow table 23 in response to the instruction from the OpenFlow controller 10.
FIG. 5 is a block diagram showing the configuration of the flow table 23 to which the new flow entry 30 is added. The state of the flow table 23 before the addition is shown in (a) of FIG. 5, and (b) of FIG. 5 shows the state of the flow table 23 after the addition, in each of the first OpenFlow switch 11-1 to the third OpenFlow switch 11-3.
Referring to FIG. 4 again, at step S14, the OpenFlow controller 10 transmits back the packet 40 to the first OpenFlow switch 11-1. At this time, the OpenFlow controller 10 instructs to the first OpenFlow switch 11-1 to transmit the packet 40 through the output port 21 connected with second OpenFlow switch 11-2. The reason is in that the second OpenFlow switch 11-2 is located on the second position on the route.
At step S6, the first OpenFlow switch 11-1 transmits the packet 40 returned from the OpenFlow controller 10 for the second OpenFlow switch 11-2 in response to the instruction.
Next, the control flow shifts to the processing of the second OpenFlow switch 11-2. The second OpenFlow switch 11-2 receives the packet from the first OpenFlow switch 11-1 at step S1, checks at step S2 whether or not the matching condition 31 matching to the packet 40 exists in the flow table 23. At this point, the flow table 23 of the second OpenFlow switch 11-2 has been set to the state shown in (b) of FIG. 5. Therefore, the search of the flow table 23 succeeds (arrow to Yes at step S2). The action 32 corresponding to the matching condition 31 is applied to the packet 40 (Step S5).
Referring to FIG. 5, because the action 32 is “output for the third OpenFlow switch 11-3” in this example, the packet 40 is transmitted to the third OpenFlow switch 11-3 through the output port 21 connected with the third OpenFlow switch 11-3. Because the operation of the third OpenFlow switch 11-3 is the same as that of the second OpenFlow switch 11-2, the description is omitted.
As mentioned above, the first packet 40 of the flow is relayed and is finally sent to the third terminal 12-3 as the destination. The subsequent packet 40 which belongs to the same flow is transferred to the destination while passing from the first OpenFlow switch 11-1, to the second OpenFlow switch 11-2, to the third OpenFlow switch 11-3 in order, without going through the OpenFlow controller 10.
Specifically, the matching condition 31 matching to the packet 40 has been registered on the flow tables 23 of these OpenFlow switches 11 at this point. Therefore, the control flow advances to the step S5 of FIG. 4. Then, the action 32 corresponding to the matching condition 31 is applied to the packet 40. Thus, the above-mentioned flow is realized.