A conventional network equipment is a black box, so that flexible control such as a load distribution and lean control cannot be carried out from the outside. Therefore, when the scale of the network becomes large, it becomes difficult to check the detection and improvement of an operation of a system, and a large volume of cost is required for a change of the design and the structure.
As a technique to solve such a problem, a technique is considered in which a packet transfer function and a route control function of the network equipment is separated. For example, the network equipment performs the packet transfer function and a control unit which is separated from the network equipment performs the route control function, so as to realize easier control and construction of more flexible network.
(Explanation of CD Separation Type Network)
As an example of the networks in which the functions are separated, a CD (C: control plane /D: data plane) separation type network is proposed in which a node unit on the data plane side is controlled by a control unit on the control plane side.
As an example of the CD separation type network, an open flow network (OF-NW) using the open flow (OpenFlow) technique is exemplified in which a controller controls switches to carry out a route control of the network. The details of the open flow technique have been described in Non-Patent Literature 1. It should be noted that the opening flow network (OF-NW) is an example only.
(Explanation of Open Flow Network (OF-NW))
In the open flow network (OF-NW), an open flow controller (OFC), which is equivalent to the control unit, controls the operation of the open flow switches (OFS) by operating flow tables for the route control of the open flow switches (OFS) which are equivalent to node units.
Hereinafter, for the specified simplification, the open flow controller (OFC) is referred to as a “controller” and the open flow switch (OFS) is referred to as a “switch”.
The controller and the switch are connected by a control channel (communication channel for control) called “secure channel” which is a communication path protected by the dedicated line and SSL (SecureSocketLayer). The controller and the switch transmit and receive an open flow message as a control message which conforms to (is based on) open flow protocol through the control channel.
The switches in the open flow network (OF-NW) are arranged in the open flow network (OF-NW) as edge switches or core switches under the control of the controller. A flow of the packets from the reception of packets in the edge switch (ingress switch) on an entrance side in the open flow network (OF-NW) to the transmission from the edge switch (egress witch) of the output side is called a flow. In the open flow network (OF-NW), communication is captured as the flow of end to end (E2E) and a route control, a fault recovery, a load distribution, and an optimization are carried out in flow unit.
A packet may be read as a frame. A difference between the packet and the frame is only a difference in a data unit handled in protocol (PDU). The packet is a PDU of “TCP/IP” (Transmission Control Protocol/Internet Protocol). On the other hand, the frame is a PDU of the “Ethernet (registered trademark)”.
The flow table is a set of flow entries, each of which defines a determination condition (rule) to specify packets as a flow, statistical data of the number of times that the packets matched to the rule, and a processing content (action) to be carried out to the packets.
The rule of the flow entry is defined based on combinations of data in various protocol hierarchal layers which are contained in a header field of the packet and is identifiable. As an example of the data of the various protocol hierarchal layers, a destination address, a source address, a destination port, a source port and so on are exemplified. It should be noted that the above address contains a MAC address (Media Access Control Address) and an IP address (Internet Protocol Address). Also, data of an input port (ingress port) can be used for the rule of the flow entry in addition to the above data. Also, the normal expression of a part or all of a value of the header field of each of the packets as the flow as the rule of the flow entry or the expression of it by using wildcard “*” can be set.
The action of the flow entry shows an operation such as “output to a specific port”, “discard”, and “rewrite a header”. For example, the switch outputs the packet to the specified port if identification data (output port number and so on) of the output port is specified in the action of the flow entry, and the switch discards the packet if the identification data of the output port is not shown. Or, the switch rewrites the header of the packet based on header data if the header data is shown in the action of the flow entry.
The switch carries out the action of the flow entry to the packet group (a flow of packets) which matches the rule of the flow entry. Specifically, when receiving the packet, the switch searches the flow table for the flow entry which has the rule matching to the header data of the received packet. When the matching flow entry as a result of the search is found out, an operation of updating the statistical data of the flow entry and an operation specified as the action of the flow entry to the received packet are carried out. On the other hand,
When the matching flow entry is not found out as the search result, it is determined that the received packet is a first packet. The switch transfers a received packet (or a copy of it) to the controller in the open flow network (OF-NW) through the control channel, requests a route calculation for the received packet based on a source address and a destination address and so on of the received packet. The switch receives a message to set a flow entry as a reply and updates the flow table.
It should be noted that a default entry having a rule which matches the header data of all the packets in a low priority is registered on the flow table. The flow entry matching the received packet matches the others. When not found out, the received packet matches this default entry. The action of the default entry is a “transmission of an inquiry of the received packet to the controller”.
In this way, in the open flow network (OF-NW), the controller controls the flow table of the switch and the switch carries out transfer processing of the flow according to the flow table.
(VLAN Oft Existing Open Flow Network)
VLAN (Virtual Local Area Network) can be built in the open flow network (OF-NW).
It is called VLAN tagging (tagging) that an identification number (VLAN-ID) which is peculiar to a VLAN group to which the packet belongs is given (given VLAN tag) to the packet (MAC frame and so on) which flows through the network in the form of a tag header.
Which VLAN group the packet belongs to can be determined by referring to this VLAN tag data (VLAN-ID), even if a network is configured from a plurality of switches.
It should be noted that a technique of identifying traffic by adding a VLAN tag which is peculiar to a user to the packet from the user is called a tag VLAN. On the other hand, it considers that it uses VLAN tag in the user base and a technique of doubly giving a tag used only in a communication provider network is called an extension tag VLAN. As one of the functions which realize the extension tag VLAN, the “QinQ function” (IEEE802.1q Tunneling) is disclosed in Non-Patent Literature 2.
The “QinQ function” is a function of identifying the packet of the user in a predetermined network. For example, when the QinQ function is installed in the edge switch, the edge switch gives an extension tag to the packet flowing into the network by the QinQ function.
It should be noted that when the VLAN tag is doubly added to the packet, the first tag from the head of the packet is called “outer tag data” and the second tag is called “inner tag data”.
The role/use purpose of the inner tag data and the outer tag data are the same as the VLAN tag.
Here, it is supposed that the extension tag which is given by an equipment (edge switch and so on) which performs the QinQ function on the input side of the open flow network (OF-NW) is the “outer tag data”, and the original VLAN tag before the extension tag is given to the packet is the “inner tag data”.
In the present situation, the switch can recognize only the outer tag data as the first tag from the head of the packet. Therefore, the switch cannot identify the inner tag data of the packet which flows through the open flow network (OF-NW).
Therefore, in the open flow network (OF-NW) having only one VLAN, a plurality of VLANs could not be handled.
It should be noted that as the related technique, Patent Literature 1 (JP 2009-177281A) and Patent Literature 2 (JP 2009-177282A) disclose a network system in which when relaying a packet in a network which is provided with a plurality of VLANs, the packet is transferred by using double tags.
Also, a technique of the VLAN Tunneling protocol is disclosed in Patent Literature 3 (JP 2009-201142A). In this technique, a packet is tunneled through a label switched path (LSP) according to a multi-protocol label switching (MPLS) protocol. In the second switching node from the end of the LSP, a current label value is replaced with a label value reserved for a packet transmitted from a port related to the VLAN. The LSP output switching node receives the packet with the reserved label value, recognizes that VLAN data has been embedded in the packet, and takes out a destination address to transmit the packet to a final destination.