A conventional network equipment is a black box and flexible control such as load distribution and bias processing cannot be carried out from outside. Therefore, when the scale of the network became large, there is a problem that the improvement and recognizing of conducts of a system become difficult and a design and change of the configuration requires a large cost.
As a technique of solving such a problem, a technique of separating a packet transfer function and a route control function in a network equipment is thought of. For example, the network equipment takes charge of the packet transfer function and a control unit outside the network equipment takes charge of the route control function. Thus, the control becomes easy and a flexible network can be built.
(Explanation of CD Separation Type Network)
As one of networks in which functions are separated, a CD (C: control plane/D: data plane) separation type network is proposed in which a node unit on the control plane side controls a node unit on the data plane side.
As an example of the CD separation type network, the open flow network using the open flow (OpenFlow) technique is known in which a controller controls switches to carry out route control of the network. The details of the open flow technique are described in Non-Patent Literature 1. It should be noted that the open flow network is an example only.
(Explanation of Open Flow Network)
In the open flow network, the operation of open flow switches (OFS) is controlled by operating flow tables related to the route control of open flow switches (OFS) which are equivalent to node units by an open flow controller (OFC) which is equivalent to a control unit.
Hereinafter, for simplification of description, the open flow controller (OFC) is referred to as a “controller” and the open flow switch (OFS) is referred to as a “switch”.
The controller and the switch are connected by a control channel (control communication channel) called “secure channel”, which is a channel protected by a dedicated line and SSL (Secure Socket Layer). The controller and the switch transmit and receive open flow messages (OpenFlow Messages) as control messages which conform to the open flow protocol through the control channel.
The switches in the open flow network are arranged in the open flow network and are edge switches and core switches which are under the control of the controller. A series of processing of a packet from reception of the packet in an input edge switch (ingress switch) in the open flow network to transmission from the output switch (egress switch) is called a flow. In the open flow network, a communication is recognized as a flow of end-to-end (E2E) and a route control, a fault recovery, a load distribution, and an optimization are carried out in a flow unit.
The packet can be read as a frame. A difference between the packet and the frame is a difference in the unit of data handled in a protocol (PDU: Protocol Data Unit) only. The packet is the PDU of “TCP/IP” (Transmission Control Protocol/Internet Protocol), and on the other hand, the frame is the PDU of “Ethernet” (registered trademark).
The flow table is a set of flow entries, each of which defines a condition (rule) to specify a packet to be processed as a flow, statistical data which shows the number of times the packet matches the rule, and a processing content (action) to be carried out to the packet.
The rule of the flow entry is defined based on various combinations of a part or all of data of protocol hierarchy layers which are contained in the header field of the packet and it is possible to identifiable. As an example of the data of each protocol hierarchy layers, a destination address, a source address, a destination port, a source port and so on are exemplified. It should be noted that it is supposed that the above-mentioned address contains MAC address (Media Access Control Address) and IP address (Internet Protocol Address). Also, in addition to the above data, data of entrance port (ingress Port) is usable for the rule of the flow entry. Also, a normal expression of a part (or all) of a value of the header field of the packets to be processed as the flow, an expression using wildcard “*” thereof, and so on can be set for the rule of the flow entry.
The action of the flow entry shows an operation such as an operation of “outputting at the specific port”, an operation of “discarding”, and an operation of “rewriting a header”. For example, if identification data of the output port (such as output port number and so on) is shown in the action of the flow entry, the switch outputs the packet to the port corresponding to this. If the identification data of the output port is not shown, the switch discards the packet. Or, if header data is shown in the action of the flow entry, the switch rewrites the header of the packet based on the header data.
The switch executes the action of the flow entry to a group of packets (a series of packets) matching the rule of the flow entry. Specifically, when receiving the packet, the switch searches the flow entry which has the rule matching the header data of the received packet from the flow table. When the flow entry which has the rule matching the header data of the received packet is found out as a result of the search, the switch carries out an operation of updating statistical data of the flow entry and an operation specified as the action of the flow entry to the received packet. On the other hand, when the flow entry which has the rule matching the header data of the reception packet is not found as a result of the search, the switch determines that the received packet is a first packet. The switch transfers the received packet (or a copy) to the controller in the open flow network through the control channel. Also, the switch requests route calculation for the packet based on a source address, a destination address and so on of the received packet. The switch receives a flow entry setting message as a response and updates the flow table.
It should be noted that the default entry which has the rule matching the header data of all packets at a low priority is registered on the flow table. When the flow entry matching the received packet is not found, the reception packet matches this default entry. The action of the default entry is “the transmission of the inquiry data of the received packet to the controller”.
(Explanation of PCI Express)
Also, in recent years, an interface (I/F) of “PCI express (PCIe)” is widely used instead of a PCI bus (Peripheral Component Interconnect bus). The PCI bus is of a parallel transmission type and the PCI express (PCIe) is of a serial transmission type. Although there is not a physical compatibility between the PCI bus and the PCI express (PCIe), the communications protocol and so on is common to them. In a transmission route (lane) of the minimum configuration which is used in the PCI express (PCIe), the duplex transmission of 2.5 Gbps (Gigabit per second) in mono-directional communication and 5.0 Gbps in bi-directional communication is possible.
(Explanation of Conventional Network System)
FIG. 1, FIG. 2, FIG. 3, FIG. 4, and FIG. 5 show a configuration of a conventional network system. Specifically, the system configuration is a configuration in which hardware-based switch processing is carried out and and an extended network service is executed by the control server.
(Conventional Network System Configuration)
FIG. 1 shows a basic configuration of a conventional network system. The conventional network system contains a switch node 1, terminals 2 (2-i, i=1 to T: T is the number of terminals) and a control server 3.
The switch node 1 is equivalent to a switch in the open flow network. The control server 3 is equivalent to a controller in the open flow network. The terminal 2 (2-i, i=1 to T) and the control server 3 are connected with the switch node 1.
The switch node 1 is provided with a CPU (Central Processing Unit) 10, a memory 20, a transfer table 30 and a network switch forwarding engine 40.
The CPU 10 is connected with the memory 20. Also, the CPU 10 and the transfer table 30 are connected with the network switch forwarding engine 40.
In the conventional network system, the network switch forwarding engine 40 which carries out the hardware-based packet processing exists on the switch node 1. The forwarding engine 40 receives packets which is outputted from the terminal 2 (2-i, i=1 to T), manages a destination of s flow by using the transfer table 30, carries out table search in case of the packet reception, and carries out packet switch processing among the terminals. Because the transfer table 30 is possible to carry out high-speed processing to withstand the switch processing among the terminals, but the memory 20 capacity is limited, the transfer table 30 which manages a great deal of flows cannot be configured.
(Internal Configuration of Network Switch Forwarding Engine)
FIG. 2 shows the internal configuration of the network switch forwarding engine 40.
The network switch forwarding engine 40 is provided with a PCI express endpoint (PCIe EP) 41, LAN (Local Area Network) interfaces (1G MAC) 42, a switch transfer processing section 43, a table search result register 44, a CPU destined packet queue 45, a CPU transmission packet queue 46, a switch fabric sharing packet buffer 47 and a DMA (Direct Memory Access) controller 48.
The PCI express endpoint (PCIe EP) 41 is connected with the CPU 10, the CPU destined packet queue 45 and the CPU transmission packet queue 46.
The LAN interfaces (1G MAC) 42 are connected with the terminals 2 (2-i, i=1 to T) and the control server 3.
The switch transfer processing section 43 is connected with the transfer table 30, the LAN interfaces (1G MAC) 42, the table search result register 44, the CPU transmission packet queue 46, and the switch fabric sharing packet buffer 47.
The switch transfer processing section 43 is provided with a table searching section 431, a packet analyzing section 432 and a switching section 433.
The table searching section 431 searches the transfer table 30 based on a search key.
The packet analyzing section 432 extracts the header section of the packet, generates the search key by using optional data in the header section, and notifies the search key to the table searching section 431.
The switching section 433 transfers the packet according to the action of the entry of the transfer table 30 matching the search key.
The table search result register 44 is connected with the CPU destined packet queue 45.
The table searching section 431 in the switch transfer processing section 43 transmits a search request (search key) to the transfer table 30 to carry out table search. The memory 20 is used as a storage location of the transfer table 30 according to the processing capability of the switch transfer processing section 43. Because a high-speed processing is requested, the capacity of the memory 20 decreases in inverse proportion to the processing capability and and the number of transfer tables which can be managed is limited.
(Configuration of Transfer Table)
FIG. 3 shows the configuration of the transfer table 30.
The transfer table 30 is equivalent to the flow table in the open flow network. The transfer table 30 can manage 64000 entries.
It should be noted that “MAC DA” shows a destination MAC address, “MAC SA” shows a source MAC address, “IP DA” shows a destination IP address, and “IP SA” shows a source IP address.
(Configuration of CPU)
FIG. 4 shows a configuration diagram of software which is executed in the CPU 10.
The CPU 10 is provided with a PCI express root complex (PCIe RC) 11, a forwarding engine driver 12, an extended network service setting section 13, a service inquiring section 14, a packet buffering section 15, a packet receiving section 16 and an encrypting section 17.
The forwarding engine driver 12, the extended network service setting section 13, the service inquiring section 14, the packet buffering section 15, the packet receiving section 16 and the encrypting section 17 are realized by the CPU 10 executing software.
The CPU 10 in the conventional network system is connected with the control server 3 and is used only to execute the extended network service.
(Configuration of Control Server)
FIG. 5 shows a configuration diagram of the control server 3.
The control server 3 is provided with a packet transmitting and receiving section 31, an encrypting section 32 and an extended network service processing section 33.
The control server 3 carries out the extended network service processing such as the destination determination to the inquiry packet, the change processing of the packet or the control of the switch node in response to a processing inquiry from the switch node 1. Also, the control server 3 carries out the transmission and reception of the packets by carrying out the encryption processing for the secure communication with the switch node 1.
As mentioned above, because the hardware-based switch node carrying out the packet processing by using the memory 20 which retains one high-speed transfer table, the memory 20 capacity of the transfer table is limited so that it is difficult to configure a large-capacity transfer table.
Also, because the hardware-based forwarding engine is provided with an exclusive-use LSI (Large Scale Integration), there is a demerit that the degree of general purpose is low, the cost becomes high, and there is no degree of freedom of change of a processing method.
It should be noted that as the techniques related to the present invention, a technique is disclosed in Patent Literature 1 (JP 2007-195166A) in which a method of generating and managing a routing table of the PCI bus address base by a built-in DID, a computer program and an apparatus.
In this related technique, a distribution computing system which includes a plurality of root nodes, a PCI adapter and one or more PCI switches, one of which includes a PCI configuration manager (PCM), routes a PCI transaction packet between a host and the adapter through the switch.
At this time, when a table is generated in one specified switch and a specific host is connected with the specified switch, a destination identifier which has a bit set specified by operating the PCM is supplied to the table. The destination identifier is added as an address to the PCI packet sent out from the specific host to one of the adapters through the specified switch. The PCI packet sent out through the specified switch from one of the adapters by using the destination identifier is determined to be for the specific host.