OpenFlow is known as a protocol with which a control device controls a packet transfer switch. OpenFlow is defined in Non-Patent Literature 1.
With OpenFlow, the control device sets a flow entry for the switch. The switch then processes a received packet according to the flow entry. A flow entry is information defining how to process (such as transfer or drop) a packet therein. A flow entry is set per packet flow. If a flow entry corresponding to a flow of a packet is present when the switch receives the packet, the switch processes the packet according to the flow entry. On the other hand, when a flow entry corresponding to a flow of the received packet is not present, the switch notifies the fact to the control device. The control device then determines a flow entry corresponding to the packet flow and sets it for the switch.
There are exemplary messages exchanged between the control device and the switch with OpenFlow, such as “Packet_in,” “Flow_mod,” “Packet_out,” and “Flow_removed.”
“Packet_in” is a message sent from the switch to the control device. “Packet_in” is used for sending a packet of which corresponding flow entry is not present from the switch to the control device.
“Flow_mod” is a message sent from the control device to the switch. “Flow_mod” is a message for adding, changing or deleting a flow entry from the control device to the switch.
“Packet_out” is a message sent from the control device to the switch. “Packet_out” is a message for instructing to output a packet from a port.
“Flow_removed” is a message sent from the switch to the control device. “Flow_removed” is a message for, when a flow entry is not used for a certain period of time and is erased from the switch due to time-out, notifying the fact to the control device. When transmitting “Flow_removed,” the switch transmits statistical information on a flow corresponding to the erased flow entry to the control device.
Further, Patent Literature 1 describes an OpenFlow-applied system therein. It describes that when verifying an unauthorized address faking a transmission source Media Access Control (MAC) address or Internet Protocol (IP) address and detecting falsification, the control device sets a flow entry which is not permitted to transfer a packet for the switch.