In the cloud computing, a multi-tenant system is known which shares a server apparatus and hardware devices such as switches and a storage unit among a plurality of users. FIG. 1 is a diagram showing a resource sharing level in the multi-tenant system. According to the resource sharing level, there are use forms such as IaaS (Infrastructure as a Service), PaaS (Platform as a Service) and SaaS (Software as a Service) in the multi-tenant system. In the conventional system (a single tenant system), the hardware, the OS/middleware and the application software are managed by a user. In the IaaS, a system vendor manages the hardware and the user manages the application software and the OS/the middleware. In the PaaS, the system vendor manages the hardware and the OS/middleware and the user manages the application software. In the SaaS, the system vendor manages the hardware, the OS/middleware and the application software.
The multi-tenant system is often realized by using the tunneling protocol such as GRE (Generic Routing Encapsulation). The reason is in that tenant identification data can be added when a packet is encapsulated. Also, when using the tunneling protocol, there is an advantage that the number of tenants allowed to produce is not limited, compared with a case of realizing the multi-tenant system by using VLAN. FIG. 2 is a diagram showing the multi-tenant system which uses the tunneling protocol. In FIG. 2, a tenant A network and a tenant B network are built up in DC (Data Center) 1. In the same way, a tenant A network and a tenant B network are built up in DC 2. The tenant A network of DC 1 and the tenant A network of DC 2 are connected by using the tunneling protocol. The gateway of DC 1 and the gateway of DC 2 carry out the production of an encapsulated packet through addition of header data (hereinafter, to be referred to as “addition data”) and decapsulation of the encapsulated packet by removing the addition data. At this time, the tenant identification data is contained in the addition data of the encapsulated packet in addition to the L3 header.
There are needs to use SAN (Storage Area Network) as a sharing storage of the tenant A network and the tenant B network in the multi-tenant system environment like DC 1 or DC 2 in FIG. 2. However, any equipment whose tenant identification data cannot be recognized (for example, SAN owned by a system vendor and a user as existing property) is not designed to receive the encapsulated packet by the tunneling protocol. For this reason, the equipment whose existing tenant identification data cannot be recognized cannot read the tenant identification data in the encapsulated packet and cannot be used for the multi-tenant system.
On the other hand, the open flow network system is known in which the transfer processing of a packet by switches and the control processing of the switches are separated. The open flow network system includes one or more switches and a controller which instructs the packet transfer control of the switches. The controller sets a flow entry to a flow table of the switch. The switch transfers the packet based on the flow entry. The switch transfers the packet to the controller when the flow entry for the processing of the packet is not in the flow table upon receiving the packet (hereinafter, to be referred to as “Packet-In”). The controller produces the flow entry based on the packet subjected to Packet-In and sets the flow entry to the switch which transfers the packet. The controller replies the packet (hereinafter, to be referred to as Packet-Out) to the switch which has carried out Packet-In after setting the flow entry to the switch that it does a packet.
As Patent Literature 1 which relates to the field of the present invention, JP 2009-152953A is known. The Patent Literature 1 discloses a gateway apparatus and a packet transferring method which can be used when the multi-tenant system is realized, by rewriting an application header.