Field of the Invention
The disclosure relates to a data transferring system, a data transferring method, a controller, a controlling method, and a non-transitory computer readable storage medium.
Priority is claimed on Japanese Patent Application No. 2014-173153, filed Aug. 27, 2014, the contents of which are incorporated herein by reference.
Description of Related Art
Generally, a network device configuring a network (for example, a switch) has an access control list (ACL), and the network device performs a data transferring control with reference to the access control list. In the access control list, regardless of a specific configuration of the network, abstract contents (for example, an address of a transmission destination, a port number of software, and so on) can be set. For example, these abstract contents can be set by a command “iptables” of Linux (registered trademark).
Recently, a technology called as Open Flow is used. The Open Flow is a technology which is developed based on a concept of “Software-Defined Network” which means that a network is controlled by programming. The Open Flow is a technology for separating a network device configuring a network into a route controller (OFC: Open Flow Controller) and a data transferring device (OFS: Open Flow Switch), and the route controller performs a transferring control by collectively managing a flow table stored in the data transferring device.
The flow table, which is used in the Open Flow, can be described the access control list. The flow table is a table which stores information related to a condition for performing the transferring control (Match) and a processing which should be performed when the condition is satisfied (Action). In Japanese Unexamined Patent Application Publication No. 2007-74383, an example of a conventional technology, which performs the transfer control with reference to the access control list, is disclosed.
By the way, in an environment called as critical infrastructure such as a plant, so as to ensure security, there is a request to strictly control communications performed via a network. For example, a control based on a white list is requested. In the control based on the white list, all communications are basically rejected, and only a communication of a particular application which is explicitly specified is allowed.
As described above, the network device (hereinafter, “conventional network device”), which performs the transferring control by using the access control list, can set the abstract contents such as an address of transmission destination to the access control list. Therefore, even if a network manager does not understand a specific configuration of the network, the transferring control can be strictly performed by creating the access control list as the white list.
However, in the conventional network device, a setting of the access control list must be performed by using a command which depends on a vendor and a type of the network device. Therefore, in a network where various types of network devices supplied by various vendors are mixed, the access control list must be set by using a command suitable for a network device which is a setting target. For the reason, there is a problem that a complicated management is needed and it is difficult to perform a strict transferring control timely.
On the other hand, a network device, which is in conformity with a specification of the Open Flow described above, can set a flow table by using a uniform protocol. Therefore, because there is no need to use the command which depends on a type of the network device and the management is simplified, even if it is a network where various types of network devices supplied by various vendors are mixed, it is thought that the strict transferring control can be performed timely.
However, the flow table must be described in accordance with a specific configuration of the network. For example, in a case that a processing which should be performed when the condition of the transferring control is satisfied (Action) is a transmission (output) of data, there is a need to describe a physical port of a data transferring device, which outputs the data, in the flow table. Therefore, in a case that the network manager does not preliminarily understand the specific configuration (specific connection state) of the network, there is a problem that the flow table cannot be created.
In addition, in a case that a network device, which is in conformity with the specification of the Open Flow, is installed in the network configured by the conventional network device, it is thought that the conventional network device and the network device which is in conformity with the specification of the Open Flow are mixed. In this situation, because a different management with respect to the each network device is needed, there is a problem that the management is further complicated.