A technique called “OPENFLOW” has been proposed in recent years (see NPL 1 and NPL 2). OPENFLOW treats communication as an end-to-end flow and performs path control, failure recovery, load balancing and optimization in unit of flow.
An OPENFLOW switch defined in NPL 2 includes a secure channel for communication with an OPENFLOW controller and operates in accordance with a flow table to which additions or modifications are made as appropriate as instructed by the OPENFLOW controller. In the flow table, a set of match conditions (Match Fields) against which a packet header is matched, flow statistics information (Counters), and instructions defining processing is defined for each of flows (see section“4.1 Flow Table” in NPL 2).
For example, on receipt of a packet, from the flow table for, an OPENFLOW switch searches an entry that contains a match condition that matches the header information of the received packet (see “4.3 Match Fields” in NPL 2). When the entry that matches the received packet is found as a result of the search, the OPENFLOW switch updates flow statistics information (counters). In addition, the OPENFLOW switch performs processing (packet transmission from a specified port, flooding, discarding or the like) described in the instructions field of the entry for the received packet.
On the other hand, when the entry that matches the received packet is not found as a result of the search, the OPENFLOW switch requests the OPENFLOW controller to set an entry through a secure channel. In other words, in this case, the OPENFLOW switch sends a request to send control information (a Packet-In message) for processing the received packet to the OPENFLOW controller.
The OPENFLOW switch receives a flow entry in which processing is specified and updates the flow table. In this way, the OPENFLOW switch performs packet transfer by using an entry stored in the flow table as control information.
FIG. 18 is a diagram illustrating a typical network configuration that uses OPENFLOW. Core nodes 102 depicted in FIG. 18 correspond to OPENFLOW switches and a control apparatus 101 corresponds to an OPENFLOW controller.
The core nodes 102 are mutually interconnected via communication links 104 and edge nodes 105 are connected to some of the nodes. An edge node 105 here is the starting point of communication on the OPENFLOW network and is a communication intermediary device such as a router. Each of the core nodes 102 is connected to the control apparatus 101 through a secure channel 103, and flow settings and Packet-In messages are communicated over the secure channel 103.
Using OPENFLOW in this way enables centralized control over communications on a network by the controller. On the other hand, NPL 3 describes a method for simplifying a complicated communication network including several tens of thousands of nodes by aggregating the communication network in order to control the communication network using OPENFLOW.
FIG. 19 is a diagram illustrating a configuration of a communication network aggregated using OPENFLOW. In the example illustrated in FIG. 19, the core nodes 102 are not directly connected to a controller 201, instead an aggregation apparatus 202 is provided between both devices. The aggregation apparatus 202 converts a flow set by the control apparatus 201 and a Packet-In message notified from the core node 102, so that the control apparatus 201 can behave as if the control apparatus 201 were controlling a communication network made up of a single node.
Note that each of the core nodes 102 in the communication network illustrated in FIG. 19 is connected to the aggregation apparatus 202 through a secure channel 204. The aggregation apparatus 202 is connected to the control apparatus 201 through a secure channel 203.
FIG. 20 is a diagram illustrating a concept of an aggregated communication network. The communication network 301 illustrated in FIG. 20 includes four core nodes each of which is connected with one edge node. Aggregating the four core nodes into one core node 303 allows the aggregated communication network 302 to be considered as including one core node 303 connected to four edge nodes.
As a result of aggregating the communication network in this way, a control apparatus needs to control only one node and therefore flow settings and processing of Packet-In messages can be accomplished using simple logics.
On the other hand, it is common practice to provide redundancy to a communication network that needs to be reliable in order to enhance fault tolerance of the communication network. There are various approaches to providing redundancy for different purposes, such as node multiplexing and link multiplexing. Especially in a communication network that needs to be highly reliable and in which service outages are not allowed, two communication networks, i.e. active-system and standby system networks, are provided and switching them is used in the event of a failure so that communication can be maintained even if the scale of the failure is large.
FIG. 21 is a diagram illustrating a configuration of a communication network including two system of an active system and a standby system for providing redundancy. The communication network illustrated in FIG. 21 includes an active-system network 401 and a standby-system network 402. Each of the networks including core nodes has the same topology. An edge node 404 and an edge node 405 are connected to both of the active-system network 401 and the standby-system network 402.
In normal operation, communication between the edge nodes are performed using only the active-system network 401. In the event of a failure that affects communication in the active-system network 401, such as disconnection of a link, information concerning routing between core nodes is changed and the communication between the edge nodes is switched to the standby-system network 402. This allows communication network services to continue in the event of a failure.
PTL 1 describes a communication system in which nodes are virtualized for transferring packets. In the communication system described in PTL 1, control apparatuses virtualize a plurality of communication nodes to generate virtual nodes and set processing rules for the communication nodes managed by the control apparatuses. Each of the control apparatuses also virtualizes a domain managed by the control apparatus as a domain node included in a higher-level domain. Further, in the communication system described in PTL 1, virtualization management units of the control apparatus control a plurality of lower-level domains as a single higher-level domain node.
PTL 2 describes a communication network including a plurality of communication nodes capable of requesting setting of flows among themselves and a plurality of switches capable of controlling paths by flows. In the communication network described in PTL 2, single optimum network path is selected from a plurality of network paths.
Specifically, in the communication network described in PTL 2, a set of switches through which packets need to pass is defined, and a set of network paths in which packets are forced to pass through the switches is calculated beforehand. Then, a single network path that is optimum in terms of energy efficiency is chosen from the calculated set of network paths.