In recent years, an OpenFlow technology has been disclosed. Non Patent Document 1, Non Patent Document 2, Patent Document 1, and Patent Document 2 describe the OpenFlow. In the OpenFlow, a communication method between an OpenFlow Switch (hereinafter referred to as OFS) function and an OpenFlow Controller (hereinafter referred to as OFC), which is a control device thereof, is defined. The OFS and the OFC are connected with each other through a control path which is called a secure channel. The OFS is controlled by a single OFC.
The OFS includes a flow table therein. In the flow table, at least a set of a header field for identifying a packet flow and processing of the packet is registered as an entry. The header field for identifying a packet flow is called a matching rule. The header field is composed of a plurality of tuples, each of which can designate a wildcard. If the wild card is designated, a range of the flow can be represented as a group. For example, suppose that a transmission source IP (Internet Protocol) address of a header field of a certain entry is designated, and the other tuples are set to wildcards. At the time, the set entry represents a group of all flows transmitted from the designated IP address. All packets transmitted from the designated IP address corresponds to the set entry regardless of the address.
The processing of the packet is called an action. The action includes at least transfer to the designated port, transfer to the OFC, turnover transfer to an input port, abandonment, and the like. The transfer to the designated port is used for packet transfer to the next switch. The transfer to the OFC is mainly used for inquiry of a processing method of the packet.
Receiving the packet, the OFS searches the flow table. If an entry which matches the received packet exists, packet processing is performed in accordance with the action of the matched entry. Priority can be set in the entry. If the packet matches a plurality of entries, the action of the entry with the highest priority is employed.
If no entry which matches the received packet exists in the flow table, the OFS inquires of the OFC how to perform processing of the received packet. At this time, the OFS transfers a part of or all of the packets to the OFC through secure channel. The OFC receiving the inquiry about the processing adds the entry to the flow table, if necessary, and informs the OFS of the processing method.
Patent Document 3 and Patent Document 4 disclose the network architecture having a control device with a control function and a switch with a transfer function which is controlled by the control device.