In recent years, software defined networking (SDN) has attracted attention in the field of networks. In SDN, the entire network is centrally controlled and managed by a device which executes software called a controller. Hereinafter, the device which executes the software is also referred to as a controller. Using SDN, programmability of the network may be improved and automatic control may be realized.
OpenFlow is one technique to realize SDN. A main characteristic of OpenFlow is that a function of controlling a network path and a function of transferring data are separated, while the both functions are implemented on an existing network device.
OpenFlow includes an “OpenFlow controller” (hereinafter referred to as “controller” or “OFC”) which performs path control and an “OpenFlow switch” (hereinafter referred to as “switch” or “OFS”) which is provided with a data transfer function. Communication between the controller and the switch is performed using an “OpenFlow protocol”.
In an OpenFlow network where OpenFlow is applied, control of the entire network is centrally performed by a controller. As a part of control of the entire network, the controller controls respective operations of a plurality of switches with which the controller has established sessions respectively. Thus, management and control of the network is effectively performed.
Related techniques are disclosed in, for example, Japanese Laid-open Patent Publication No. 2007-122749 and Japanese Laid-open Patent Publication No. 2008-211464.
As described above, in an OpenFlow network, a controller centrally performs management and control. For this reason, there is a possibility for a terminal of an unauthorized user (attacker) such as a cracker to come under control of the controller by imitating a switch and to perform a denial-of-service attack (DoS attack) with respect to the controller. When the controller stops operation thereof due to the attack, there is a risk that influence thereof spans the entire network.
In an existing OpenFlow network, it is not possible to determine whether the communication partner under control of the controller is a switch or an attacker.