Recently, a technology referred to as OpenFlow (OpenFlow) is proposed (refer to Patent Literature 1 and Non Patent Literatures 1 and 2). In the OpenFlow, communication is regarded as an end-to-end flow, and path control, fault recovery, load distribution, and optimization are performed for each flow. An OpenFlow switch specified in Non Patent Literature 2 includes a secure channel for communication with an OpenFlow controller, and operates according to a flow table in which addition or rewriting is instructed by an OpenFlow controller, as appropriate. In the flow table, a set of match fields (Match Fields) defining contents to be matched against a packet header, flow statistical information (Counters), and instructions (Instructions) defining processing content is defined for each flow (refer to FIG. 18).
When receiving a packet, the OpenFlow switch searches from the flow table an entry with match fields (refer to FIG. 18) matching header information on the received packet. When the entry matching the received packet is found as a result of the search, the OpenFlow switch updates the flow statistical information (Counters) and executes the processing content (packet transmission from a specified port, flooding, discarding, or the like) described in the field of the instructions of the entry. On the other hand, when the entry matching the received packet is not found as the result of the search, the OpenFlow switch transmits a request for setting an entry or a request for determining processing content of the received packet to the OpenFlow controller over the secure channel. The OpenFlow switch receives the entry of a flow associated with the request and then updates the flow table. As described above, the OpenFlow switch performs packet forwarding using the entry stored in the flow table as a processing rule (packet handling operation).
Paragraph [0052] of Patent Literature 1 describes that the OpenFlow controller refers to a policy file when a new flow is generated to perform permission check, and then calculates a path, thereby performing access control.
Patent Literature 2 discloses a network monitor and control system including a network monitor and control apparatus for monitoring and controlling a plurality of terminal apparatuses and a central terminal apparatus. The network monitor and control system stores information on monitoring of the terminal apparatuses and the central terminal apparatus in a memory unit of the network monitor and control apparatus. The network monitor and control system includes a remote monitor and control apparatus connected to one of the terminal apparatuses. The remote monitor and control apparatus includes a man-machine interface unit that is accessible to the memory unit of the network monitor and control apparatus through one of the terminal apparatuses and displays and outputs the information on monitoring stored in the memory unit. In the network monitor and control system, the terminal apparatuses and the central terminal apparatus are monitored and controlled, based on the information on monitoring stored in the memory unit. By providing the remote monitor and control apparatus as described above for the network monitor and control system in Patent Literature 2, the central terminal apparatus and each terminal apparatus are monitored and controlled from a remote location having no network monitor and control apparatus.