The present invention relates to a communication control technique for internet communication, and in particular, to a network control technique.
While the internet is being developed and broadly employed as infrastructure of the society today, there arises quite a serious issue, namely, the serious network attack in which computer viruses and worms as well as malignant users attack servers on the internet.
It is desirable to take a measure against a network attack at a point near the place where the attack traffic actually takes place. This is because the attack traffic is transmitted to a plurality of servers in many cases. In addition, it is required to determine the source of the attack traffic according to actual flow information of the attack traffic. In many cases, Internet Protocol (IP) header information such as a source IP address is misrepresented and hence the actual source of the attack traffic cannot be determined. In general, the flow information of the attack traffic is detected by use of a combination of a flow information extraction technique (port mirror, sflow, NetFlow, etc.) and a flow contents analysis technique (reference is to be made to, for example, (1) IETF RFC3176 “In Mon Corporation's sFlow: A Method for Monitoring Traffic in Switched and Routed Networks” or (2) IETF RFC3954 “Cisco Systems NetFlow Services Export Version 9”).
In consideration of these aspects of the network attack, there exist two measures against the network attack, i.e., Anomaly-based Intrusion Prevention System (IPS) and Traffic Engineering.
Anomaly-based IPS is a technique to check an anomaly or abnormality in the contents of traffic and is implemented by a device capable of measuring and filtering the traffic. In a case in which the traffic in a device is measured and abnormal traffic is detected as a result, it is possible to prevent the abnormal traffic from flowing through the network by filtering the traffic in the device (reference is to be made to “Understanding IPS and IDS”, Ted Holland, 2004/02, URL:
http://www.sans.org/reading_room/whitepapers/detection/1381.php. In this regard, the technique is actually implemented in two types of configurations. In the first type, one device conducts the measurement and the filtering. In the second type, two separate devices conduct the measurement and the filtering, respectively.
Traffic Engineering is a technique to check an abnormality in the rate of flow of traffic and is realized by a device capable of measuring the traffic and capable of controlling the traffic flow. In a case in which the traffic in a device is measured and traffic of an abnormal rate of traffic flow is detected, it is possible to prevent the abnormal traffic from affecting normal traffic by appropriately controlling the flow associated with the abnormal traffic by, for example, MPLS (reference is to be made to JP-A-2002-344492).