(1) Field of the Invention
The present invention relates to a packet transfer apparatus for connecting a plurality of networks and a flow management method and, more particularly, to a packet transfer apparatus with the function of recognizing a flow of input packets and performing QoS (Quality of Service) control or accumulation of statistical information and a flow management method.
(2) Description of the Related Art
A router as a component of the IP (Internet Protocol) network has to be provided with a flow detecting function of detecting a flow to which an input packet belongs from header information of the packet. In the specification, a series of packets specified by a combination of header information of a plurality of items included in each packet header will be called a flow. The router executes QoS control, accumulation of statistical information, filtering, policy-based routing, and the like for each packet flow.
In recent years, to address sharp increase in IP traffic, flow detection at higher speed is being studied. For example, in “A flow identification method using content addressable memory” by Uga et al., proceedings of the 2000 IEICE (The Institute of Electronics, Information and Communication Engineers) General Conference, SB-4-2, there is proposed a flow identifying method using a CAM (Contents Addressable Memory) in which a plurality of flow entries describing flow identifying conditions are stored and a searched result holding table in which a plurality of searched result entries each describing a process to be performed on an input packet are stored in correspondence with each flow entry.
In the conventional technique, a flow is detected by extracting, as search key information, all of header items (fields) necessary to identify the flow from header information of an input packet and searching the CAM for a flow entry matching the search key information. The input packet is processed in accordance with the contents described in the searched result entry, which is corresponding to the flow entry and read out from the searched result holding table. As the CAM can retrieve flow entries matching the search key information at high speed irrespective of the number of flow entries registered, the flow can be identified at high speed.
A router has to be provided with, as the functions of QoS control, not only the function of bandwidth monitor for each flow but also the function of bandwidth monitor for a bundle of a plurality of flows. The router also needs the function of statistical information accumulation capable of counting the number of input packets and output packets, an accumulation value of byte lengths, and the like for each flow bundle.
For example, FIG. 2 shows a network in which sites A1, A2, and A3 belonging to a company A are connected to each other via the Internet (public IP network) 200.
The site A1 includes a gateway router 211 and terminals 212 and 213, the site A2 includes a gateway router 221 and terminals 222 and 223, and the site A3 includes a gateway router 231 and a terminal 232. The Internet 200 has an edge router 202 connected to the gateway routers 211 and 221, an edge router 203 connected to the gateway router 231, and a backbone router 201 for connecting the edge routers. Reference numeral 90 denotes a management terminal connected to the edge router 202.
A packet flow from the site A1 toward the site A3 via a communication line 206 between the gateway router 211 and the edge router 202 is defined as flow 1, and a packet flow from the site A2 toward the site A3 via a communication line 207 between the gateway router 221 and the edge router 202 is defined as flow 2.
Assuming now that the manager of the Internet 200 has a contract with the company A, of assuring the bandwidth of 10 Mbits/sec for both the flow 1 and flow 2 with respect to flows of packets transmitted from the sites A1 and A2 to the site A3, when the edge router 202 detects these two flows entering from the lines 206 and 207 and the total of the bandwidth used by the flow 1 and flow 2 exceeds the contracted bandwidth (policing rate) of 10 Mbits/sec, the edge router 202 has to execute a control such as discarding of packets or rewriting of header information to lower the transfer priority of bandwidth violation packets.
However, the flow identifying conditions of the flow 1 and flow 2 are different from each other. Consequently, in the case of employing the flow identifying method using the CAM, a first flow entry describing the identifying condition of the flow 1 and a second flow entry describing the identifying condition of the flow 2 have to be separately prepared in the CAM. In this case, since the entry address of the first flow entry and that of the second flow entry are different from each other in the CAM, a searched result entry read out from the searched result holding table in the case where the flow 1 is detected and that in the case where the flow 2 is detected are different from each other.