In recent years, attention has been paid to PaaS (Platform as a Service), which makes plural virtual machines operate on a server computer in order to provide a user with platform using the virtual machine.
PaaS is implemented by, for example, setting a plurality (from several to tens of thousands) of servers in a data center to provide external server resources through a network. In this configuration, server resources are provided as virtual servers, and users use virtual servers in a data center through the Internet, intranets, dedicated lines, or the like. According to this configuration, a physical server is shared by plural users, and thus physical resources (e.g., processors and storage) are used efficiently.
As described above, according to PaaS, a physical server is shared by plural users. Accordingly, PaaS environments need to have functions to enhance security.
As a method for ensuring security in networks, virtual local area network (referred to as “virtual LAN” or “VLAN”, hereinafter) technology has been put into practical use. A virtual LAN is realized by, for example, virtually dividing physical lines in order to set a plurality of virtual paths that are independent from other paths, and assigning respective virtual paths to corresponding users. Thereby, each data communication between users is isolated from other data communications so that security is ensured.
As methods for dividing lines, a method in which lines are divided on the IP packet layer (L3), a method in which lines are divided on the MAC layer (L2), and other methods are proposed. Today, a method in which virtual LAN techniques for the L2 layer, standardized by IEEE802.1Q, are used is employed the most widely.
According to IEEE802.1Q, each virtual LAN is identified by a VLAN-ID of 12 bits. Using 12-bit VLAN-IDs, 4096 virtual LANs can be identified. However, in general, a VLAN-ID having “0” in all the bits or having “1” in all the bits is not used. Thus, according to this scheme, a maximum of 4094 virtual LANs may be set up.
However, according to PaaS, a plurality of virtual machines are set on each physical server as described above. Further, one or more virtual LANs are assigned to each virtual machine. Consequently, in PaaS environments or the like in a large-scale data center provided with a plurality of physical servers, the substantive number of machines (i.e., the total number of virtual machines) is enormous, and more than 4094 virtual LANs are expected to be needed.
This problem is solved by a configuration of, for example, connecting a plurality of L2 networks via IP routers, or the like. In such a case, 4094 virtual LANs can be set up on each L2 network.
However, this configuration requires the addition of IP routers and also the preparation of ports to connect such IP routers to. In other words, there is a possibility of an increase in the cost of the devices used to set up a network. Also, there is a possibility that a bottleneck in communication performance (i.e., the reduction of throughput) will occur in IP routers (or the L3 network) if the IP routers do not have sufficient capabilities. Further, network administrators have to understand IP routing that is more complex than that of the L2 protocol, leading to a possibility of an increase in operation costs.
Note that the above-described problems are not caused only in PaaS environments. In other words, such problems may be caused in environments that need many virtual LANs.
As a related art, a packet routing method as below is proposed. According to that method, in a virtual hub, the relationship between the transmission source MAC address in the user MAC header of a received packet and the virtual interface on the side of a terminal that this packet has passed through is learned, and the learned information is stored. The packet is transferred according to the stored information. To the network side, the packet to which a VPN number has been added is transmitted after being encapsulated into an IP packet (Japanese Laid-open Patent Publication No. 2002-247089, for example).
As another related art, a configuration in which a micro segment that is common to a plurality of switching hubs can be set for respective ports is proposed. The switching hub has a plurality of ports, and a device such as a terminal or the like is connected to each of the ports. A segment management unit has a segment management table. The segment management table stores information representing which of plural micro segments each port belongs to, and the table is managed by the segment management unit. Packets are transmitted and received for respective micro segments without referring to the network addresses of devices connected to the ports. In other words, arbitrary combinations of micro segments common to a plurality of switching hubs can be set and shared for respective ports (Japanese Laid-open Patent Publication No. 10-224391, for example).
As yet another related art, a path control method used for a network including an optical path of optical division multiplexing is proposed. This method includes a VLAN identifier derivation step of deriving a VLAN identifier from a received packet, a wavelength identifier derivation step of deriving a wavelength identifier related to the wavelength of the carrier wave for the received packet, and a transfer route determination step of using at least both the VLAN identifier and the wavelength identifier (Japanese Laid-open Patent Publication No. 2004-140780, for example).
As yet another related art, a packet communications method as below is proposed. According to that method, a VLAN tag is substituted with a duplicated VLAN tag (shared tag) by using a tag table at a first duplicated VLAN tag assignment device located on a path for a packet transferred from a first duplicated VLAN tag assignment device to a first backbone node. Thereafter, the duplicated VLAN tag is changed back to the original VLAN tag by using a tag table at a duplicated VLAN tag assignment device that the packet passes through before it reaches the device in the user's house in the target network (Japanese Laid-open Patent Publication No. 2008-227695, for example).
As has been described above, the number of virtual LANs that can be set up on a network is limited by standards or the like. Or, setting up a lot of virtual LANs increases the cost because of the addition of network devices, etc.