In a network provided with switching nodes, such as packet switches used in the internet or the like (below referred to as “switches”), different traffics are transferred by packet multiplexing and various abnormalities might occur due to a contamination of traffics with abnormal behavior.
In such a packet network, a method is proposed to define a Flow as a consolidation of traffics related to similar services, define switches per unity of a flow and perform a detailed control of traffics.
As such a traffic controlling method, the OpenFlow Network System can be mentioned, which uses the OpenFlow technology performing a path control of the network by controlling switches from a controller. The OpenFlow technology is disclosed in details by the non-patent literature 1.
It should be noted that an OpenFlow Network System is merely an example of C/U (Control plane/User plane) discrete type network system in which node devices (user plane) are controlled by external controller device (control plane).
[Description about the OpenFlow Network System]
In an OpenFlow Network System, behavior of switches is controlled by operation of controllers such as OFC (OpenFlow Controller) over a flow table of switches such as OFS (OpenFlow Switch). A controller and a switch are connected by a secure channel with which the controller controls the switch by using a control message conforming to the OpenFlow protocol.
A switch in an OpenFlow Network System means an edge switch or a core switch which constitutes the OpenFlow Network System and is under a control of a controller. A sequence of current in an OpenFlow network from a reception of a packet in an edge switch of an input side to a transmission from an edge switch of an output side is defined and a group of packets which comply with this definition is called a flow.
A packet can be read as a frame. A difference between a packet and a frame is only a difference of PDU (Protocol Data Unit), a unit of data handled by a protocol. A packet is the PDU of TCP/IP (Transmission Control Protocol/Internet Protocol). On the other hand, a frame is the PDU of Ethernet (registered trademark).
A flow table is a table in which is registered a flow entry in which is defined a predetermined action to be performed to a packet (communication data) which complies with a predetermined matching condition (rule).
A rule of a flow entry is defined with and can be distinguished by several combinations using some or all of a destination address, a source address, a destination port and a source port, which are included in a header area of each protocol layer of a packet. It should be noted that the above addresses include a MAC (Media Access Control) address and an IP (Internet Protocol) address. Also, in addition to the above, information of an Ingress Port can be used as a flow entry rule.
An action of a flow entry means “outputting to a specified port”, “abandoning”, “converting a header” or the like. For example, the switch outputs a packet to a corresponding port if identification information (output port number or the like) is shown as a flow entry action or abandons a packet if no identification information of an output port is shown. Or, the switch converts the header of a packet, if header information is shown in a flow entry action, on a basis of the header information.
A switch in an OpenFlow network system executes a flow entry action to a group of packets which complies with a flow entry rule.
A switch in an OpenFlow network system can perform a detailed switching processing per unity of a flow, a traffic control per unity of a flow and a traffic monitoring. However, there is a problem that control targets increase and processing load of the control increase when performing a detailed control to a flow in an architecture in which are logically separated a transfer processing unit, which performs a packet processing such as the OpenFlow, and a control processing unit.
On the other hand, a processing load of the control section can be decreased by increasing a flow granularity (unity of fragmentation); however, a statistic can be taken only per unity of the flow granularity and details of packets set by a switch as a flow and high-speed-transferred can not be monitored.
As an example of a traffic monitoring technique, a packet sampling technique is known. For example, “sFlow”, “NetFlow” and the like are known. The traffic monitoring by the packet sampling performs a monitoring of the total traffic by sampling passing packet with a certain probability, monitoring a flow of the packets and deducing the original traffic quantity in accordance with an occurrence probability.
The packet sampling is suitable for a monitoring of a traffic which occupies a large ratio in traffic quantity because of the probability processing and not suitable for a small traffic monitoring.
As an improved method of the above method, a traffic information providing apparatus, a traffic information acquiring apparatus, a traffic information collecting system, a traffic information providing program, a traffic information acquiring program and a traffic information collecting method are disclosed in a patent literature 1 (JP Laid Open Patent Publication 2009-77136).
In the patent literature 1 is suggests to monitor a desired traffic by combining several monitoring with different sampling rates.
However, a traffic control can not be realized by only collecting traffic information with packet sampling. Therefore, a method of combining with a traffic control by switches is desired.