In order to suppress increase in capital investment and operational management cost associated with increase in traffic, techniques such as software-defined networking (SDN) and network functions virtualization (NFV) have been attracting attention in recent years. SDN is a technique to enable software to make communication settings for general-purpose switches. Meanwhile, NFV is a technique to allow a server for general purpose use to execute software for performing the same processing as that provided by devices such as a firewall and a load balancer. Such techniques may implement various kinds of processing by using general-purpose hardware and software. Thus, cost reduction may be expected, and processing performed in a transfer path may be also made to offer higher functions.
In an NFV system, applications are executed by a server that builds NFV. The applications executed by the server are used to implement virtualized network functions (VNF). Furthermore, the NFV system also includes an NFV orchestrator that controls the NFV system. In the NFV system, virtual machines (VM) started on the server in response to a request from a user may provide network functions requested by the user by executing the applications while being connected to each other.
SDN/NFV use cases include a service chain. In the service chain, when the user performs communication, a carrier builds network security devices such as a firewall, an antivirus, and an intrusion prevention device on a cloud and provides such devices as network services.
FIG. 1 is a diagram illustrating an example of a service chain. A carrier holds a data center 5 in a wide area network 3. Upon receipt of a request from a user, a control apparatus 6 uses physical servers 8 (8a to 8f) in the data center 5 to generate a service chain for establishing a requested communication path. For example, the control apparatus 6 receives, from a company 2a, a request for setting of a path to the Internet 4 through a uniform resource locator (URL) filter, an intrusion prevention device, and a firewall. Then, in response to the request, the control apparatus 6 causes the physical servers 8 in the data center 5 to start a virtual machine, and uses the started virtual machine to generate a service chain (arrow A) having a function requested by the company 2a. Meanwhile, a company 2b requests the control apparatus 6 to generate a path for communication with a base 7 through an antivirus and a firewall. Then, the control apparatus 6 uses a virtual machine started by the physical servers 8 to generate a service chain indicated by arrow B. In such a service, a throughput service level agreement (SLA) is often made for the service chain of the user. Such a throughput SLA desires performance guarantee of the service chain.
As a related technique, a management method has been proposed in which resource usage states and process execution states in distributed agents are acquired and, when the acquired information does not meet the processing target values and constraints on resource specifications, the resources are reallocated (see, for example, Japanese Laid-open Patent Publication No. 2012-074056). There has also been proposed a method in which a coprocessor performs analysis in an application layer on original data packets transmitted by a general-purpose processor, and the general-purpose processor performs processing based on the analysis result obtained by the coprocessor (see, for example, Japanese National Publication of International Patent Application No. 2015-537278).