Development of cloud infrastructure for providing users with machines, networks, etc. as virtual resources (which is also referred to as Infrastructure as a Service (IaaS) has been in progress. A virtual local area network (VLAN) in NPL 1 is generally used to realize a virtual network in cloud infrastructure.
In such VLAN, a network can be used as a plurality of virtual networks by adding a virtual network identifier to each packet. NPL 1 defines that each virtual network identifier is encoded in a 12-bit field and takes a value in the range 1 through 4094 in which reserved 0x0 and 0xfff are not included.
In cloud infrastructure, by using such VLAN, a virtual network can be configured as follows. First, when a user defines a virtual network, the user allocates a VLAN ID unique in the whole system. Next, a switch or a hypervisor sets a port to which a virtual machine (VM) is connected so that the VM belongs to the allocated VLAN when the VM is started.
After a packet outputted from the VM is provided with the VLAN ID at the port, the packet is forwarded to a port that belongs to the same virtual network. The VLAN ID is deleted at an exit node, and the packet is forwarded to a destination. Since such VLAN ID unique in the whole system is allocated, the maximum number of virtual networks that can be used is 4094.
NPL 2 is an administration manual for cloud infrastructure software referred to as “Open Stack.” Pages 151 to 154 in NPL 2 describe a VLAN mode in cloud infrastructure. More specifically, section “Configuring VLAN Networking” on page 151 describes that each subnet (a virtual network) has a different VLAN tag (VLAN ID). The middle part on page 152 illustrates an example of a command for generating a subnet (a virtual network) specifying 169 as a VLAN ID. In addition, the last paragraph on page 152 describes that, instead of manually specifying a VLAN ID, bridge, and project ID, a user can select automatic allocation by using a command.
In addition, in recent years, a technique referred to as OpenFlow has been proposed (see PTL 1 and NPLs 3 and 4). OpenFlow recognizes communications as end-to-end flows and performs path control, failure recovery, load balancing, and optimization on a per-flow basis. Each OpenFlow switch according to NPLs 3 and 4 has a secure channel for communication with an OpenFlow controller and operates according to a flow table suitably added or rewritten by the OpenFlow controller. In the flow table, a set of the following three is defined for each flow: match conditions (Match Fields) against which a packet header is matched; flow statistical information (Counters); and instructions that define at least one processing content (see section 4.1 “Flow Table” in NPL 4).
For example, when an OpenFlow switch receives a packet, the OpenFlow switch searches the flow table for an entry having a match condition (see 4.3 “Match Fields” in NPL 4) that matches header information of the received packet. If, as a result of the search, the OpenFlow switch finds an entry that matches the received packet, the OpenFlow switch updates the flow statistical information (Counters) and processes the received packet on the basis of a processing content(s) (packet transmission from a specified port, flooding, dropping, etc.) written in the Instructions field of the entry. If, as a result of the search, the OpenFlow switch does not find an entry that matches the received packet, the OpenFlow switch transmits an entry setting request to the OpenFlow controller via the secure channel. Namely, the OpenFlow switch requests the OpenFlow controller to transmit control information for processing the received packet (Packet-In message). The OpenFlow switch receives a flow entry that defines a processing content(s) and updates the flow table. In this way, by using an entry stored in the flow table as control information, the OpenFlow switch performs packet forwarding.
Example 2 in NPL 3 describes that virtual networks can be established by combining the above Open Flow switches and Open Flow controller and using VLAN IDs as in VLANs.