As a communication system in which a control apparatus centrally controls forwarding nodes, a technology called OpenFlow is known (Patent Literature 1 and Non-Patent Literatures 1 and 2). OpenFlow treats communication as an end-to-end flow and performs path control, failure recovery, load balancing, and optimization for each flow. An OpenFlow switch, specified in Non-Patent Literature 2, comprises a secure channel for communicating with an OpenFlow controller, which can be positioned as a control apparatus, and operates according to a flow table, an addition to or rewriting of which is suitably instructed by the OpenFlow controller. In the flow table, a set of matching rules (Header Field) to be matched against a packet header, flow statistics (Counters), and actions (Actions) defining the processing contents is defined for each flow.
For instance, upon receiving a packet, the OpenFlow switch searches for an entry having a matching rule that matches the header information of the received packet in the flow table. When an entry matching the received packet is found as a result of the search, the OpenFlow switch updates the flow statistics (Counters) and performs the processing contents (packet transmission from a designated port, flooding, discard, etc.) written in the action field of the entry on the received packet. On the other hand, when no entry matching the received packet is found as a result of the search, the OpenFlow switch forwards the received packet to the OpenFlow controller via a secure channel, requests the controller to determine a packet path on the basis of the source and destination of the received packet, receives a flow entry that realizes this, and updates the flow table. As described, the OpenFlow switch forwards a packet using an entry stored in the flow table as control information.
Non-Patent Literature 3 describes a technology that constructs a secure channel in the OpenFlow network in an actual network using a special frame and source routing. Hereinafter, a control channel constructed in an actual network is referred to as “in-band secure channel.”
Patent Literature 1:
    International Publication Number WO/2008/095010Non-Patent Literature 1:    Nick McKeown, et al. “OpenFlow: Enabling Innovation in Campus Networks,” [online], [Searched on Mar. 4, 2013], the Internet <URL: http://www.openflow.org/documents/openflow-wp-latest.pdf>
Non-Patent Literature 2:    “OpenFlow Switch Specification” Version 1.1.0. (Wire Protocol 0x02), [online], [Searched on Mar. 4, 2013], the Internet <URL:http://www.openflow.org/documents/openflow-spec-v1.1.0.pdf>
Non-Patent Literature 3:    Toshio Koide, Hideyuki Shimonishi, “A study on the automatic construction mechanism of control network in OpenFlow-based network,” IEICE Technical Report, The Institute of Electronics, Information and Communication Engineers, NS2009-165 (2010-3), Vol. 109, No. 448, pp. 19-24, March 2010