Conventional network devices are black boxes and cannot be performed from outside controls highly flexible such as load balancing or load offset. Thus, if a size of the network increases, understanding and improving a behavior of the system becomes difficult and an enormous cost involving a modification of configuration or design was problematic.
As a technique for resolving such subject, a method has been considered of separating packet transferring function of a network device and path controlling function. By charging a controlling device outside the network device of the controlling function, the control becomes easier and a highly flexible network becomes able to be constructed.
[Explanation About C/U Separation Type Network]
A C/U (Control plane/User plane) separation type network, which controls a node device (user plane) from an outside controlling device (control plane), is proposed as a network system with separated functions.
As an example of a C/U separation type network, an OpenFlow network using OpenFlow technology, which performs network path control by controlling switches from a controller, can be given. Details of the OpenFlow technology are described in Non-Patent Literature 1. It should be noted that the OpenFlow network is merely an example.
[Explanation About OpenFlow Network]
In an OpenFlow network, a controlling device such as an OpenFlow controller (OFC) operates a flow table related to path control of node devices such as an OpenFlow switches (OFS) to control behavior of the node devices.
Hereinafter, for a simplification of description, an OpenFlow controller (OFC) will be denoted by “controller (OFC)” and an OpenFlow switch (OFS) will be denoted by “switch (OFS)”.
Between a controller (OFC) and a switch (OFS) is connected a “secure channel” which is a private line or a communication path protected by SSL (Secure Socket Layer). The controller (OFC) and the switch (OFS) transmit and receive OpenFlow messages which conform to (are compliant with) OpenFlow protocol, via the secure channel.
Switches (OFS) in an OpenFlow network are edge switches and core switches which constitute the OpenFlow network and are under control of the controller (OFC). A series of flow in an OpenFlow network from a reception of packet by an input side edge switch (Ingress) to a transmission by an output side edge switch (Egress) is called a Flow.
A packet can be read as a frame. The difference between the packet and the frame is merely the Protocol Data Unit (PDU). The packet is the PDU of “TCP/IP” (Transmission Control Protocol/Internet Protocol). On the other hand, the frame is the PDU of Ethernet (registered trademark).
A flow table is a table in which is registered a flow entry in which is defined a specified operation (action) to be performed to a packet (communication data) which matches with a specified matching condition (rule).
A rule of a flow entry is defined and distinguishable by various combinations using any ones or all of a destination address, a source address, a destination port and a source port which are included in a header area (field) of each protocol layer of a packet. It should be noted that the above addresses include a MAC (Media Access Control) address and an IP (Internet Protocol) address. In addition to the above, information of entering port (Ingress Port) can be used as a rule of a flow entry. In addition, as a rule of a flow entry, a portion (or the whole) of a value of the header area of the packet showing a flow can be set by a regular expression or an expression with a wild card such as “*”.
An action of a flow entry shows an operation such as “output to a specified port”, “drop” or “rewrite a header”. For example, the switch (OFS), if identification information of an output port (such as an output port number) is shown in the action of the flow entry, outputs the packet to the corresponding port and if identification information of an output port is not shown, drops the packet. Alternatively, the switch (OFS), if header information is shown in the action of the flow entry, rewrites the header of the packet on a basis of the corresponding header information.
A switch (OFS) in an OpenFlow network performs the action of the flow entry to a group of packets (packet sequence) matching with the rule of the flow entry.
[Problem in Existing OpenFlow Network]
In an OpenFlow network, if the number of flow entries held by a switch (OFS) exceeds a maximal value showing how many the flow entries can be set, no more flow entry can be set. Consequently, a situation occurs in which an appropriate packet process cannot be performed and it occurs a packet missing or a delay due to all the packets pass through the controller (OFC).
As described above, an OpenFlow network treats packets as a flow expressed by a combination of each field of the header (L1 to L4). Each field can be summarized by use of wild cards. The management of the flow is performed by use of a flow table provided in the switch (OFS). The flow table is a set of flow entries. A flow entry is shown as a group of matching information (rule), summary information (statistic information) and instruction information (action). A sufficient capacity is ensured for the flow table, on the assumption of summarizing packets; however, in applications such as load balancing for a web service, packets need to be separated in accordance with source IP address or destination port number; and consequently, managed flow may dissipate and the flow table may overflow.
It should be noted that, in an OpenFlow network, a switch (OFS) deletes a flow entry in accordance with a combination of two time-out periods associated to the flow entry of the switch itself. One period is for a time-out of deleting a flow entry when a specified time has elapsed. The other one period is for a time-out of deleting a flow table if there is no packet matching during a specified time. Thus, if there is no more free space in the flow table, no new flow entry is added until a space is freed at any time-out; in the meantime, a packet without a flow table matching with the flow table will be dropped or ask for instruction from the controller (OFC), in accordance with a rule specified in advance.
A technique for resolving such subject in a router, which is an existing network device utilizable as a switch (OFS), is disclosed in Patent Literature 1 (Japanese Patent Publication 2001-244964). In Patent Literature 1, a network managing apparatus, which manages a plurality of routers, calculates a path for avoiding routers with high memory load or the like and set a path table of each router. However, the path table of a router is constituted of IP addresses of source and destination, that is, L3 corresponding information and thus a packet control with a granularity as high as in an OpenFlow network cannot realized.