A conventional network equipment had a problem that a flexible control such as load distribution and a biased state could not be carried out from an external unit. For this reason, when a network scale becomes large, the grasp and improvement of the behavior of a system become difficult, so that an expensive cost is required to change a design and a configuration.
As a technique for solving the above problems, a method of separating a packet transfer function and a route control function of the network equipment is considered. For example, a network equipment is responsible for the packet transfer function, and a control apparatus that is separated externally from the network equipment is responsible for the control function. In this way, the control apparatus can manage the transfer of packets, and a flexible network can be built up.
(Explanation of CD Separation Type Network)
As one of the networks of a centralized management type in which functions are separated, a CD (C: Control Plane/D: Data Plane) separation type network is proposed in which a node apparatus on a data plane side is controlled by a control apparatus on a control plane side.
As one example of the CD separation type network, an open flow network is exemplified which uses an open flow (OpenFlow) technique that a controller controls a switch to carry out a route control in a network. The detail of the OpenFlow technique will be described in Non-Patent Literature 1. Note that the OpenFlow network is merely one example.
(Explanation of OpenFlow Network)
In the OpenFlow network, a series of communications, which are determined based on a combination of a MAC address, an IP address, a port number and the like, are defined as a “flow”. A route control, a trouble recovery, a load distribution and an optimization are carried out in units of a flow.
In the OpenFlow network, an open flow controller (OFC: OpenFlow Controller) as a control apparatus operates a flow table with regard to the route control of an open flow switch (OFS: OpenFlow Switch) corresponding to the node apparatus, to control the behavior of the open flow switch.
The controller and the switch are connected to each other through a secure channel that is a communication path protected by a dedicated line or SSL (Secure Socket Layer). The controller and the switch transmit or receive an open flow message (OpenFlow Message) based on an open flow protocol (OpenFlow Protocol) to or from each other, through the secure channel.
The switches in the open flow network includes edge switches and core switches, which form the open flow network and are under the control of the controller. Note that the edge switch is a switch located at a boundary of a network that differs from the open flow network. Also, the core switch is a switch that is used to relay a packet within the open flow network. In the open flow network, the controller can operate the flow table of the switch on a route and control a series of flows from a reception (inflow) of the packets at an input side edge switch (Ingress) to a transmission (outflow) of the packet at an output side edge switch (Egress).
The packet may be also read as a frame. A difference between the packet and the frame is merely a difference of a unit of a data that is handled in a protocol (PDU: Protocol Data Unit). The packet is PDU of “TCP/IP” (Transmission Control Protocol/Internet Protocol). On the other hand, the frame is PDU of “Ethernet (Trademark)”.
The flow table is a set of flow entries, each of which defines a combination of a determination condition (rule) to specify packets which are handled as a flow; statistic information which indicates the number of times that the packets comply (match) with the rule; and a processing content (action) that is performed on the packets.
The rule of the flow entry is defined based on various combinations of one or all of data of respective protocol hierarchies included in a head region (field) of the packet, and the rule can be discriminated. As an example of the data of the respective protocol hierarchies, a transmission destination address (Destination Address), a transmission source address (Source Address), a transmission destination port (Destination Port) and a transmission source port (Source Port) and the like are exemplified. Note that the above addresses are assumed to be an MAC address (Media Access Control) or an IP address (Internet Protocol Address). Also, in addition to the above, data of an ingress port (Ingress Port) can be used as the rule of the flow entry. Also, as the rule of the flow entry, it is possible to set a regular expression or a wild card “*” expression of a part (or all) of values of the header region of the packet handled as the flow.
The action of the flow entry indicates the operation in which “a packet is outputted/transferred to a particular port], “a packet is discarded/disposed (deleted)”, or “a header of a packet is rewritten”. For example, the switch outputs the packet to the port corresponding to an identification data when the action of the flow entry indicates the identification data of an output port (output port number or the like), and the switch discards the packet when the identification data of the output port is not indicated. Or, when the action of the flow entry indicates the header data, the switch rewrites the header of the packet on the basis of the header data.
The switch executes the action of the flow entry for a group of packets (a sequence of packets) that comply with the rule of the flow entry. Specifically, when receiving the packet, the switch searches the flow table for a flow entry, which has the rule complying with the header data of the received packet. As the result of the search, when the flow entry is found that has the rule complying with the header data of the received packet, the switch updates the statistic data of the flow entry and performs an operation, which is specified as the action of the flow entry, on the received packet. On the other hand, as the result of the search, when the flow entry is not found that has the rule complying with the header data of the received packet, the switch determines that the received packet is a first packet, and transfers the received packet (or the copy) through a control channel to the controller in the open flow network, and requests a route calculation of the packet on the basis of the transmission source•transmission destination (address) of the received packet, and receives a message for setting the flow entry as an answer and then updates the flow table.
Note that a default entry, which has the rule complying with the header data of all of the packets in a low priority, has been registered in the flow table. When the flow entry complying with the received packet is not found, the received packet complies with this default entry. The action of the default entry is “the transmission of the inquiry information of the received packet to the controller”.
(Subject of Open Flow Network)
Usually, in the open flow network system, the controller and the switches have a connection relation of “1:N (Multiple)” in many cases.
Thus, since there is a case that the controller receives non-controlled requests from many switches, there is a possibility of exceeding a limit of processing performance.
When the controller receives the requests beyond the processing performance and falls in a processing disabled state, each of the switches lost the control function, and the network was disconnected from the respective switches. Thus, there is a necessity that the switch issues the request in consideration of the limit of the processing performance of the controller.
Also, in addition to the protection of the processing performance of the controller, the processing performance of the switch itself was required to be protected.
Thus, in light of both standpoints of the protection of the processing performance of the controller and the protection of the processing performance of the switch, a band limitation between the controller and the switch was required.
However, the band limitation between the controller and the switch is required to be preferentially performed because the object and importance as the open flow function are different depending on a kind of a message.
In a priority control, there was a subject that the frame of a low priority had to be avoided from falling in a non-transfer state.
(Related Technique)
As the related techniques, Patent Literature 1 (JP 2005-244417A) discloses a band control apparatus, a band control method and a band control program. In this related technique, a band limitation processing section stores a remaining token amount X that remains in a token bucket. A token amount monitoring section compares the stored remaining token amount and a maximum burst token amount. A priority control section assigns a communication line capacity, which is assigned to a band insurance type communication on the basis of a comparison result, to a best effort type communication.
Note that the bucket indicates a pail, and it is a container that is abstracted to collect network traffics to be transferred.