Various network architectures in which a controller performs centralized management of operations of switches for forwarding packets are known. For example, NPL 1 and NPL 2 each describe a network architecture according to Ethane. Ethane is a network architecture including a controller that determines behaviors of packets transmitted and switches that are under control of the controller and forward packets.
Each switch includes a flow table for determining destinations of packets. Upon receiving a packet whose destination is indicated by an entry in the flow table, the switch transmits the packet based on the entry. Upon receiving a packet having no corresponding entry in the flow table, on the other hand, the switch forwards information of the packet to the controller. The controller has information about a communication network topology, and performs path computation for a packet for which communication is allowed. In detail, upon receiving the information of the packet from the switch, the controller determines whether to allow or not to allow communication of the packet. In the case of determining to allow the communication, the controller computes a path of the packet. The controller then adds a new destination entry to a flow table of each switch on the computed path. The switch subsequently transmits the packet based on the registered destination entry.
NPL 3 describes a network architecture according to OpenFlow (hereafter also referred to as “OF”). Like Ethane, OpenFlow is a network architecture in which a controller controls switches. In OpenFlow, a packet forwarding function and a path control function are separated by a flow control protocol, where the controller controls different types of switches using a uniform API (Application Program Interface). Besides, in OpenFlow, packet control in flow granularity is performed for faster datapath and lower control cost.
Each switch in OF includes a flow table for storing actions for received packets, and a secure channel through which the switch communicates with the controller. The switch and the controller communicate with each other on the secure channel, using an OF protocol.
FIG. 20 is an explanatory diagram showing flow entries stored in a flow table. The flow table stores, for each flow, a rule (Rule) against which a packet header is checked, an action (Action) defining a process for the flow, and flow statistic information (Statistics).
In the rule (Rule), a value (exact) for determining whether or not there is a match and a wildcard (wild card) are used. FIG. 21 is an explanatory diagram showing fields against which the packet header is checked. The following fields are used as search keys against which the packet header is checked.
(1) Input port number (Input Port No) of a Physical (physical) layer
(2) MAC (Media Access Control) DA (MAC destination address), MAC SA (MAC source address), VLAN ID (Virtual LAN (Local Area Network) ID), or VLAN TYPE (priority) of an Ethernet (registered trademark) (Ethernet (registered trademark)) layer
(3) IP SA (IP source address), IP DA (IP destination address), or IP protocol of an IPv4 (version4) layer
(4) Source Port (TCP/UDP source port) and/or Destination Port (TCP/UDP destination port) of a TCP (Transmission Control Protocol)/UDP (User Datagram Protocol) layer
(5) ICMP Type or ICMP Code of an ICMP (Internet. Control Message Protocol) layer
The action (Action) is a process applied to a packet that matches the rule. FIG. 22 is an explanatory diagram showing actions set for a flow. For example, in the case where “OUTPUT” is set in the action, it means that the switch performs “output to designated port” on the packet that matches the rule. Likewise, in the case where “SET_DL_DST” is set in the action, it means that the switch performs “update MAC DA (destination unit)” to which the packet that matches the rule is transmitted.
The flow statistic information includes the number of packets and the number of bytes of packets that match the rule, an elapsed time (session duration) from reception of a last one of the packets, and the like. The flow statistic information is used for determining whether or not to delete the flow entry.
The following describes an operation in OF. Upon receiving a packet, the switch compares a packet header of the received packet with the rule in the flow table. In the case where the received packet does not match the rule, the switch forwards information of the packet to the controller, using a message in the secure channel. The controller computes a transmission path of the packet, based on a communication network topology. The controller then transmits a message for adding a flow entry to the flow table of the switch, to enable the switch to relay the packet along the transmission path. Subsequently, upon receiving a packet corresponding to the added flow entry, the switch performs a corresponding action (forwarding process), without forwarding information of the packet to the controller.
FIG. 23 is an explanatory diagram showing messages used on the secure channel. For example, the switch transmits a message “Packet in” to the controller, in the case of notifying the controller of an input packet. Likewise, the switch transmits a message “Flow Expired” to the controller, in the case of notifying the controller of expiration of a flow (session duration reaching a predetermined time). On the other hand, the controller transmits a message “Packet Out” to the switch, in the case of instructing the switch to output a packet. Likewise, the controller transmits a message “Flow Mod” to the switch, in the case of requesting the switch to register, change, or delete a flow.