1. Field of the Invention
The present invention relates to a switching apparatus for securing a certain degree of fairness in opportunity to use resources between a plurality of user groups under an environment where the user groups share a communication network.
2. Description of the Related Art
A mode of sharing a network between a plurality of user groups is provided as in a case where a network service provider constructs a packet communication network and provides virtual private network service, for example. The user groups in this example refer to individual subscribers to the network service. In such a packet communication network, a plurality of switching apparatus are installed. Each switching apparatus performs routing according to a destination of a packet, whereby the packet is delivered to a destination terminal. In order to prevent unnecessary packet transmission and suppress increase in traffic, a switching apparatus learns a relation between a port for a received packet and a source address set in the packet in an address learning table. When a destination address of the received packet is learned in the address learning table, the switching apparatus delivers the packet only to a corresponding port. When the destination address of the received packet is not learned in the address learning table, on the other hand, the switching apparatus performs flooding with the packet so as to broadcast the packet to the whole of a virtual network constructed by a user group corresponding to the destination address of the packet. However, the switching apparatus does not distribute the packet to virtual networks of other user groups than the corresponding user group in order to prevent increase in traffic of the other virtual networks due to distribution of the packet and prevent interception of the packet.
Conventional switching apparatus manage only a total number of learned addresses and do not manage a number of learned addresses for each user group. The conventional switching apparatus learn addresses as long as there is a space in the address learning table without discriminating user groups. Patent Literature 1 as a conventional technique discloses a LAN switch controlling a learning table and thereby controlling traffic volume. Patent Literature 1 discloses monitoring of a number of received frames per unit time of a physical port unit and when the number of received frames exceeds a set threshold value, discarding of only a relevant frame by assigning a receiving port of the frame as a destination port of the frame in an address learning table. Further, Patent Literature 2 as a conventional technique discloses an inter-LAN connection apparatus for reducing a load of software processing in routing processing of a CPU. Patent Literature 2 discloses storing of an output port number and a physical address as a next transmission target for each IP address in a simple routing table, reading of an output port number and an IP address as a next transmission target corresponding to a transmitting IP address from the simple routing table, determining of a physical address of the IP address as the next transmission target by a CPU, and setting the physical address in the packet header.
(Patent Literature 1)
Japanese Patent Laid-open No. Hei 11-341039
(Patent Literature 2)
Japanese Patent Laid-open No. Hei 7-254912
However, the conventional switching apparatus have the following problems. In an example where a network service provider provides virtual private network service to a plurality of subscribers, especially in a case where the service is provided as commercial service, the network service provider needs to secure certain opportunities to use network resources and a certain level of transfer performance for each of the subscribers. When these switching apparatus forming the packet communication network learn addresses as destination determining means, limitation on opportunities to use an address learning table leads to limitation on opportunities to use the network resources and on the transfer performance.
The conventional switching apparatus do not have a mechanism for controlling an upper limit on a number of learned addresses for each user group and is therefore unable to provide fairness in table use between user groups. This causes a serious problem when table space is exhausted. If a further new address arrives when the table space of the switching apparatus is exhausted, unnecessary copies of the packet (flooding) occur within a virtual network, and consequently degradation in packet performance occurs within a domain where the copies are delivered (broadcast domain) and a part of a network sharing resources for packet delivery performance with the delivery domain. This performance degradation becomes noticeable to a user group to which the new address arriving after the exhaustion of the table belongs. The performance degradation occurs indiscriminately not only to a user group occupying a large space within the table and thus greatly contributing to a table exhausting factor but also to all user groups trying to start new communication after the exhaustion of the table. Furthermore, when an attack is made by a malicious user to exhaust the table (MAC scan attack as one type of Dos attack), effects of degradation in network performance are also produced on other user groups than the user group attacking the network. As a mechanism for preventing such indiscriminate occurrence of performance degradation in a public network, it is an important problem to be solved to provide adequate fairness by identifying user groups and setting a limit to the number of learned addresses in the process of address learning.
Patent Literature 1 limits an amount of frames flowing into a network and only changes a destination port number of a packet received from a receiving port where the number of received frames exceeds a threshold value to a receiving port number in a learning table. The destination address remains stored in the learning table, and an area, which is used for the destination address, of the learning table cannot be used for another destination address. Therefore Patent Literature 1 cannot provide fairness in the learning table and thus cannot solve the above problem.
In Patent Literature 2, a configuration of a routing table is devised to speed up protocol processing. However, Patent Literature 2 does not disclose anything about fairness in a learning table and thus cannot solve the above problem.