In conventional network apparatuses, there is a problem that a flexible control such as a load distribution, a slant and the like could not be performed from the outside. For this reason, when the scale of a network becomes large, there are the problems that it becomes difficult to recognize and improve behaviors as a system and that an enormous cost is required for design and configuration change.
As a technique for solving such problems, a means of separating the packet transfer function and the route control function of the network apparatuses from each other has been considered. For example, by dividing the packet transfer function to a network apparatus, and the control function to a control device which is separated to the outside from the network apparatus, the control device can intensively manage the transfer of packets, so that it is possible to construct a network with high flexibility.
[Explanation of CD Separation Type Network]
As one of the intensive management type networks in which the functions are separated, a CD (C: Control Plane/D: Data Plane) separation type network in which a node device on a data plane side is controlled from the control device on a control plane side is proposed.
As one example of the CD separation type networks, there is the OpenFlow network that uses the OpenFlow technique in which a controller controls switches to perform the route control of the network. The detail of the OpenFlow technique is described in the non-patent literature 1. Note that, the OpenFlow network is merely one example.
[Explanation of the OpenFlow Network]
In the OpenFlow network, an OpenFlow Controller (OFC), which corresponds to the control device, controls the behavior of the OpenFlow Switch (OFS) by operating a Flow table with regard to the route control of an OpenFlow Switch (OFS), which correspond to the node device.
Hereafter, for the simplification of the descriptions, the OpenFlow Controller (OFC) is referred to as the “controller”, and the OpenFlow Switch (OFS) is referred to as the “switch”.
The controller and the switch are connected to each other through a dedicated line or a control channel (a communication channel for control) referred to as the “Secure Channel” serving as a communication path protected with the SSL (SecureSocketLayer) and the like. The controller and the switch transmits and receives an OpenFlow Message, which is a control message in accordance with (based on) the OpenFlow Protocol, to and from each other, through the control channel.
The switches in the OpenFlow network indicate an edge switch and a core switch, which are arranged in the OpenFlow network and controlled by the controller. In the OpenFlow network, a series of flow of a packet from the reception of the packet at an input side edge switch (Ingress) to the transmission at an output side edge switch (Egress) is referred to as the Flow. In the OpenFlow network, a communication is treated as the flow of end-to-end (E2E: End to End). Then, a route control, a trouble recovery, a load distribution and an optimization are performed by the flow unit.
The packet may be also referred to as the frame. The difference between the packet and the frame is merely the difference in the unit of the data treated in the protocol (PDU: Protocol Data Unit). The packet is the PDU of “TCP/IP” (Transmission Control Protocol/Internet Protocol). On the other hand, the frame is the PDU of “Ethernet (Registered Trademark)”.
The Flow table indicates a set of Flow entries. Each Flow entry defines a combination of: a determination condition (rule) to specify the packet which is treated as a flow; statistic information indicating the number of the cases where a packet matches with the rule; and a processing content (action) to be performed to a packet.
The rule of the Flow entry is defined based on various combinations in which some or all of information of respective protocol hierarchies included in the header region (field) of the packet are used and can be discriminated. As an example of the information of the respective protocol hierarchies, a transmission destination address (Destination Address), a transmission source address (Source Address), a transmission destination port (Destination Port), a transmission source port (Source Port) and the like are considered. Further, in the above addresses, the MAC address (Media Access Control Address) and the IP address (Internet Protocol Address) may be included. Also, in addition to the above, the information of an input port (Ingress Port) can also be used for the rule of the Flow entry. Also, as the rule of the Flow entry, it is also possible to set a representation in which a part (or all) of the values of the header region in the packet treated as a flow is represented by using a regular expression, a wild card “*” or the like.
The action of the Flow entry indicates an operation such as “outputting to a specific port”, “discarding” or “rewriting of header”. For example, if identification information of an output port (the output port number and the like) is represented in the action of the Flow entry, the switch outputs the packet to the port corresponding to the identification information, and discards the packet if the identification information of the output port is not represented. Or, if the header information is represented in the action of the Flow entry, the switch rewrites the header of the packet on the basis of the header information.
The switch performs the action of the Flow entry on the packet group (packet series) that matches with the rule of the Flow entry. Concretely, the switch, when receiving the packet, retrieves the Flow entry, which has the rule matching with the header information of the received packet, from the Flow table. As the result of the retrieval, if the Flow entry which has the rule matching with the header information of the received packet is found, the switch updates the statistic information of the Flow entry and performs the operation, which is specified in the action of the Flow entry, on the received packet. On the other hand, as the result of the retrieval, if a Flow entry which has the rule matching with the header information of the header information is not found, the switch determines that the received packet is the first packet and transfers the received packet (or its copy) to the controller of the OpenFlow network through the control channel and requests the route calculation of the packet on the basis of the transmission source and transmission destination (destination address) of the received packet and the like and then receives the message for setting the Flow entry as a response and consequently updates the Flow table.
Note that, in the Flow table, a default entry which has a rule matching with the header information of all packets is registered at a low priority. If a Flow entry matching with a received packet is not found from other entries, the received packet matches with this default entry. The action of the default entry is “transmission of inquiry information regarding the received packet to the controller”.
[Exemplification of Conventional OpenFlow Network]
With reference to FIG. 1, a conventional OpenFlow network is described. Here, a case in which the number of internal switches is 4 is explained as an example.
As shown in FIG. 1, the conventional OpenFlow network includes internal switches 1 to 4, a controller 5, an external switch 6, a terminal 7 and a server 8.
The internal switch means the edge switch and the core switch, which is arranged in the OpenFlow network and controlled by the controller. The external switch means the switch, which is located outside the OpenFlow network (in the network except the OpenFlow network) and is not controlled by the controller.
Each of the internal switches 1 to 4 is connected to the controller 5 through a Secure Channel through which a control message based on the OpenFlow protocol is transmitted and received. The internal switch 1 is connected to the external switch 6. The internal switch 2 is connected to the external switch 6 as a redundant route (a spare route or a detouring route) of the internal switch 1. The internal switch 3 is connected to the internal switch 1 and the server 8 and the like. The internal switch 4 is connected to the internal switch 2 and the server 8 and the like. The controller 5 controls the routes of the internal switches 1 to 4 and sets the optimal route. The external switch 6 is connected to the terminal 7. The terminal 7 communicates with the server 8 through the external switch 6 and the internal switches 1 to 4. Both of the external switch 6 and the terminal 7 correspond to external communication devices that exist outside the OpenFlow network.
[Problem of Conventional OpenFlow Network]
The conventional OpenFlow network has the following problems.
The first problem is as follows. When the communication between the controller and the internal switch 1 becomes impossible, the internal switch 1 continues the communication based on the route information before the communication is cut off. Thus, the actual communication becomes not matched with the control by the controller, so that the communication control becomes impossible.
The second problem is as follows. When the communication between the internal switch 1 and the controller cannot be performed, a new route setting cannot be established in the internal switch and the external switch.
That is, in the CD separation type network such as the OpenFlow network, when a communication trouble between an internal switch and a controller occurs, the controller removes the internal switch, which cannot communicate with the controller, from the target of the route control and then switches to perform a route selection by using a different internal switch. However, an external switch could not detect and cope with the communication trouble.
Namely, for a traffic from the external switch connected to the internal switch at which a trouble occurs, the route control is performed in accordance with the route information prior to the trouble occurrence. Thus, the optimal route control cannot be performed until the communication with the controller recovers. Here, the traffic means digital data (packet) transferring on the network.