OFSs (Open Flow Switches), which may be said to be at the forefront of a programmable network architecture is currently under study for experimentation and practical utilization in university campuses, enterprise networks, or the like, for example. First, an OFS will be outlined. The switch includes a flow table for packet lookup and forwarding, and a secure channel for communication with a controller. The controller communicates with the switch over the secure channel using the OpenFlow protocol, and controls a flow at an API (Application Program Interface) level, for example. To take an example, when a first packet (first packet) arrives at the switch, the switch searches the flow table using header information of the packet. If no match (which is a mis-hit) is found, the switch forwards (forwards) the packet to the controller over the secure channel. The controller determines a path for the packet using network topology information managed by the controller, based on information on a destination and a source of the packet. Based on the determined path, the controller sets a flow table for each switch on the path. Second and subsequent packets hit the flow tables of the switches, and are not forwarded to the controller. Each the second and subsequent packets is directly forwarded to the subsequent switch defined by flow table entries. About details of the OFS including the following overview of the OFS, Non-patent Documents 1, 2, and the like may be referred to, for example.
As shown in FIG. 19, for example, the flow table of the switch includes for each flow a rule (Rule) to be matched against a packet header, an action (Action) that defines processing to be performed on each flow, and flow statistics (Statistics) information. Exact (exact) values and wildcards (wildcards) are used for the rule (Rule) to be matched against the packet header. The action (Action) is the one to be applied to a packet that matches with the rule. The flow statistics information is also referred to as an activity counter, and includes the number of active entries, the number of times of packet lookups, and the number of packet matches. The flow statistics information also includes, for each flow, the number of received packets, the number of received bytes, and an active period of the flow. The flow statistics information also includes, for each port, the number of received packets, the number of transmitted packets, the number of received bytes, the number of transmitted bytes, the number of reception drops, the number of transmission drops, the number of reception errors, the number of transmission errors, the number of received frame alignment errors, the number of reception overrun errors, the number of reception CRC (Cyclic Redundancy Check) errors, and the number of collisions. The packet received by the switch is matched (matched) against the rule of the flow table. When an entry that matches with the rule is found, the action of the matching entry is applied to the packet. When no matching entry is found, the packet is forwarded to the controller over the secure channel. The controller transmits to the switch a flow entry on which a path for the packet has been determined. The switch adds, changes, and deletes the flow entry of the switch.
A preset field of the packet header is used for matching (matching) against the rule of the flow table of the switch. The information used for the match includes MAC (Media Access Control), DA (MAC Destination Address), MAC SA (MAC Source Address), Ethernet type (TPID), VLAN ID (Virtual LAN(Local Area Network) ID), VLAN TYPE (priority level), IP SA (IP Source Address), IP DA (IP Destination Address, IP protocol, Source Port (TCP (Transmission Control Protocol)/UDP (User Datagram Protocol) source port or ICMP (Internet Control Message Protocol) Type), and Destination port (TCP/UDP destination port or ICMP Code) (refer to FIG. 20).
FIG. 21 shows examples of action names and contents of actions. OUTPUT means outputting to a specified port (interface). SET_VLAN_VID down to SEG_TP_DST mean actions for correcting the fields of the packet header. The switch forwards (Forwards) a packet to a physical port and to the following virtual ports. FIG. 22 illustrates the virtual ports. IN_PORT means outputting of the packet to an input port. NORMAL means processing the packet using a pre-existing forwarding path supported by the switch. FLOOD means forwarding the packet to all ports in the communication enabled state (Forwarding state) except the port from which the packet was delivered. ALL means forwarding the packet to the ports except the port from which the packet was delivered. CONTROLLER means encapsulating of the packet and sending the encapsulated packet to the controller over the secure channel. LOCAL means sending of the packet to the local network stack of the switch itself. The packet that matches with the flow entry where no action has been specified is dropped (discarded). In this specification, the flow information composed of the rule and the action as well as the flow statistics information of the flow entry is referred to as a “flow entity”. In this specification, the flow statistics information is not treated as the subject matter of the invention. Hence, the flow statistics information is omitted from the flow entity, so that the rule and the action are shown as the flow entry. A table that stores the flow entity is referred to as a flow entity table.
Patent Document 1 discloses an IP flow multi-stage hash apparatus in which fine flow control is performed, and an increase in the number of flow tables is prevented. The apparatus has a flow table constituted from a table composed of destination IP addresses alone and a table composed of a combination of the destination IP addresses and source IP addresses. In this apparatus, the two tables is switched for use according to content of a flow, and a source IP address and the number of an L4 port are added and registered in stages. With this arrangement, the fine low control is performed, and the increase in the number of flow tables is thereby prevented. This apparatus, however, does not delete or change a flow.
[Patent Document 1]
    JP Patent Kokai Publication No. JP2004-56340A[Non-patent Document 1]    Nick McKeown et al., “OpenFlow: Enabling Innovation in Campus Networks”, Mar. 14, 2008 <Internet URL: http://www.openflowswitch.org//documents/openflow-wp-latest.pdf >[Non-patent Document 2]    “OpenFlow Switch Specification” Version 0.9.0. (Wire Protocol 0x98) Jul. 20, 2009 <Internet URL: http://www.openflowswitch.org/documents/openflow-spec-v0.9.0.pdf>