HK1179781A - Communication system, control apparatus, communication method and program - Google Patents
Communication system, control apparatus, communication method and program Download PDFInfo
- Publication number
- HK1179781A HK1179781A HK13106778.0A HK13106778A HK1179781A HK 1179781 A HK1179781 A HK 1179781A HK 13106778 A HK13106778 A HK 13106778A HK 1179781 A HK1179781 A HK 1179781A
- Authority
- HK
- Hong Kong
- Prior art keywords
- packet
- node
- address
- forwarding path
- port
- Prior art date
Links
Description
Technical Field
[ Cross-reference to related applications ]
The present invention is claimed based on the priority of japanese patent application No. 2010-185429 (application No. 2010, 8/20), and the entire disclosure of this application is incorporated herein by reference.
The invention relates to a communication system, a control device, a communication method, and a program. More particularly, the present invention relates to a communication system including a node that performs packet forwarding by referring to an entry that associates a port of an own node with address information of a node to which packet forwarding can be performed from the port, and a node that forwards a received packet according to a packet processing operation that associates processing to be applied to the packet with a matching rule for identifying the packet to which the processing is to be applied. The invention also relates to a control device, a communication method and a program.
Background
Each of non-patent documents 1 and 2 describes a network architecture called Open Flow (Open Flow). Openflow is a network architecture in which a control device called an openflow controller controls an openflow switch. In the open flow, a packet forwarding function borne by an open flow switch and a packet control function borne by an open flow controller are separated according to a flow control protocol. In this way, the controller uses a unified Application Program Interface (API) to perform control over the openflow switch. In the open flow, packet control is performed for each flow used as control granularity to realize a high-speed data path and reduce control cost.
The above-described openflow switch (hereinafter may be written as "OFS") includes a secure channel for communicating with the openflow controller and a flow table in which appropriate addition or rewriting is instructed from the openflow controller. In this flow table, a set of matching rules (header fields/matching rules) to be matched with reference to a packet header, flow statistical information (counters), and actions (actions) defining processing contents is defined for each flow (see non-patent document 2, page 2, "3. flow table").
Fig. 8 is a schematic diagram showing packet processing operations (flow entries) stored in the flow table. The (exact) value for determining whether there is a match and the wildcard (wildcard) can be set in the corresponding field of the matching rule (header field/matching rule).
Details of the corresponding fields in fig. 8 are described in "table 3" on page 4 of non-patent document 2. Each field in FIG. 8 may be associated with each layer of the hierarchical model, as shown in FIG. 9.
Fig. 10 shows names of actions and contents of the actions defined in non-patent document 2. Output is an action for outputting a packet to a specified port (interface). SET _ VLAN _ VID down to SET _ TP _ DST is an action for modifying the fields of the packet header. For example, when the "SET _ DL _ DST" code is SET in the action field, a process of "updating the MAC DA of (the destination device of) the packet matching the packet processing operation (flow entry)" is performed.
The flow statistics (counters) in fig. 8 include counters that record the number of packets, the number of bytes per flow, the number of packets and the number of bytes for each port, and the period of time elapsed since the packet was last received (session continuation time: duration). The flow statistic information is used to determine whether to delete a packet processing operation (flow entry) (see "table 4" in non-patent document 2).
For example, when the openflow switch receives a first packet (first packet), the openflow switch searches the flow table for a packet processing operation (flow entry) having a matching rule matching header information of the received packet. When a packet processing operation (flow entry) matching the received packet is found as a result of the search, the openflow switch executes the processing contents described in the action field of the entry on the received packet. On the other hand, when a packet processing operation (flow entry) matching the received packet is not found as a result of the search, the openflow switch forwards information on the received packet (or the received packet itself) to the openflow controller via the secure channel, requiring the openflow controller to determine a packet path based on the transmission source and the transmission destination of the received packet, and receive a flow entry implementing the path to update the flow table. Thereafter, when the openflow switch receives a packet matching the added packet processing operation (flow entry), the openflow switch can execute the corresponding processing content without querying the openflow controller.
Messages exchanged between the openflow switch and the openflow controller on the secure channel are described in "4 secure channel" on page 9 of non-patent document 2. The openflow controllers in the above-mentioned patent documents 1 and 2 collect flow statistical information (counters) from the openflow switches operating as described above, and set a path (a flow entry (packet processing operation) implementing the path) for each openflow switch according to a communication policy and a current load state of the network. Thereby, the openflow controller can perform path control, load distribution, and the like according to the communication policy.
Patent documents 1 and 2 and non-patent documents 3 to 5 are documents disclosing techniques for realizing tunneling by encapsulation. Patent documents 3 and 4 are documents in which tunneling is realized by header rewriting without using encapsulation. The relevance of these documents to the present invention will be described below.
Reference list
Patent document
Patent document 1: international publication No. WO2003/043276
Patent document 2: japanese patent publication No. JP2007-267426A
Patent document 3: japanese patent laid-open No. JP2006-42044A
Patent document 4: japanese patent publication No. JP2006-245785A
Non-patent document
Non-patent document 1: nick McKeown and 7 other authors, "OpenFlow: EnablingInnovation in Campus Networks ",[ on-line][ search in 7 months, 26 days, Heisei22(2010)]The Internet<URL:http://www.openflowswitch.org//documents/openflow-wp-latest.pdf>
Non-patent document 2: "OpenFlow Switch Specification" version1.0.0 (WiretProtocol 0x01), [ Online][ search in 7 months, 26 days, Heisei22(2010)]The Internet<URL:http://www.openflowswitch.org/documents/openflow-spec-v1.0.0.pdf>
Non-patent document 3: townsley and five other authors, "Layer twoturning Protocol" L2TP "," Network Working Group, Request for comments: 2661, IETF, 8 months 1999
Non-patent document 4: s. hands and thread other authors, "general routing encapsulation", Network Working Group, Request for Comments: 1701, IETF, month 10 1994
Non-patent document 5: L.Martini, Ed.and thread other authors, "encapsulating methods for Transport of Ethernet over MPLS Networks", Network working group, Request for Comments: 4448, IETF, 2006 month 4
Disclosure of Invention
Technical problem
The disclosure of each of the above-mentioned patent documents and non-patent documents is incorporated herein by reference. The following analysis was made by the inventors of the present invention. Now, let us consider communication between OFSs in the environment shown in fig. 11, in which the OFSs 210 to 230 and the layer 2 switch (L2SW)260 coexist. The layer 2 switch is, for example, a switching hub that forwards packets by referring to a MAC (media access control) address table.
Each of the OFSs 210 to 230 can freely modify the packet header and the like of the packet, and the layer 2 switch (L2SW)260 performs an operation of forwarding the packet by referring to the MAC address table. Thus, by using tunneling techniques, the layer 2 switch (L2SW) may be caused to perform a relay operation. As an example, the relay may be realized using one of ieee802.1ah (in patent document 1) and layer 2TP (in non-patent document 3) of a layer 2 tunneling protocol or one of GRE (in non-patent document 4) and ethernet over MPLS (in non-patent document 5) of a layer 3 tunneling protocol. Relaying may be achieved by encapsulation for adding a header of the tunneling protocol to the payload of the packet when forwarding the packet from the OFS210 to the layer 2 switch (L2SW)110, and decapsulation for removing the header of the tunneling protocol from the payload of the packet when forwarding the packet from the layer 2 switch (L2SW)260 to the OFS 220.
However, in the openflow protocol version1.0.0 of non-patent document 2, the above-described tunneling is not defined as a standard. Therefore, the tunneling function described in each of patent documents 1 and 2 and non-patent documents 3 to 5 becomes dependent on the implementation of each switch. Thus, compatibility is impaired.
Next, a method of implementing tunneling by packet header rewriting described in each of patent documents 3 and 4 is considered. For example, in the method of patent document 3, each of the first and second tunneling devices is physically and logically connected to a plurality of IP networks. In this way, an IP address is assigned from each connected IP network to each of the first and second tunneling devices. When a first communication device connected to a first tunneling device and having an IP address and a second communication device connected to a second tunneling device and having an IP address perform communication via one IP network, tunneling is achieved between the first tunneling device and the second tunneling device only by IP address translation.
More specifically, each of the first tunneling device and the second tunneling device in patent document 3 prepares and holds a conversion table each made up of a set of "its own tunneling device on a default route", "the IP address of a partner tunneling device on a default route", "the IP address of its own tunneling device for forming a tunnel", "the IP address of a partner tunneling device for forming a tunnel", and "the IP address of a communication device".
When the first tunneling device receives an IP packet from the first communication device, the first tunneling device searches in the translation table for a translation table whose "IP address of the communication device" and "IP address of the partner tunneling device on default route" match the transmission source address and destination address of the received IP packet, thereby deriving an associated "IP address of its own tunneling device for forming a tunnel" and an associated "IP address of the partner tunneling device for forming a tunnel". In this way, the first tunneling device converts the transmission source IP address and the destination IP address included in the received IP packet into the derived "IP address of its own tunneling device for forming a tunnel" and "IP address of the partner tunneling device for forming a tunnel", respectively, and then forwards the packet to the IP network.
When the second tunneling device receives an IP packet from the IP network, the second tunneling device searches in the translation table to find a translation table whose "IP address of its own tunneling device for forming a tunnel" and "IP address of a partner tunneling device for forming a tunnel" match the destination IP address and the transmission source IP address included in the received IP packet, thereby deriving an associated "IP address of the partner tunneling device on the default route" and an associated "IP address of the communication device". In this way, the second tunneling device converts the transmission source IP address and the destination IP address included in the received IP packet into the derived "IP address of partner communication device for forming tunnel" and "IP address of communication device", respectively, and then forwards the IP packet to the second communication device.
In the method disclosed in patent document 3 described above, IP address conversion is performed. The method can be adjusted by replacing the first and second tunneling devices with the open flow switch defined in non-patent document 2.
However, in the method disclosed in the above-mentioned patent document 3, a conversion destination IP address is necessary for each communication device, and each layer 2 switch provided between the first and second tunneling devices learns the MAC address of each IP address. Therefore, there are the following problems: the number of communication devices for which tunneling is allowed depends on the number of MAC addresses that the layer 2 switch can learn. The number of entries in the MAC address table is typically 4096 to 98304 entries. The number of MAC addresses obtained by subtracting the number of tunneling devices from the number of entries in the MAC address table is an upper limit.
Typically, in 300 seconds, a timeout occurs for each entry in the MAC address table, and each entry disappears (this phenomenon is also referred to as aging). MAC addresses that have not yet been learned are broadcast throughout the network. Therefore, there are also the following problems: an average of up to 328 broadcast packets per second is generated to maintain the network so that the upper limit of 98304 entries of MAC addresses is not deleted, thereby causing a large load on the network.
Further, in the method described in patent document 4, information on an output port is given to a packet, thereby reducing the load of the transmission destination port analysis processing at the router on the exit side. However, the above problem still exists of restricting the number of communication devices allowed to be tunneled according to the number of IP addresses and the number of entries in the MAC address table.
The present invention has been made in view of the above circumstances. Therefore, an object of the present invention is to provide a configuration that allows tunneling to be achieved in an environment where a forwarding node (first node) such as a switching hub and a node (second node) compatible with the specification in non-patent document 2 coexist, in which the constraint on the number of communication terminals to which tunneling is allowed can be eliminated, and the network load can also be reduced.
Solution to the technical problem
According to a first aspect of the present invention, there is provided a communication system comprising:
a first node forwarding a received packet by referring to an address table associating a port of its own first node with address information of a node to which the received packet can be forwarded from the port;
at least one second node provided on each of an ingress side and an egress side of a packet forwarding path passing through the first node, each of the at least one second node including a packet processing unit that processes a received packet according to a packet processing operation that associates a process to be applied to the packet with a matching rule for identifying the packet to which the process is to be applied; and
a control device that sets a packet processing operation in the second node;
the control apparatus includes:
a path search unit determining a packet forwarding path, one of the at least one second node located at an exit side of the packet forwarding path, and an output port of the second node located at the exit side of the packet forwarding path, based on a request from one of the at least one second node located at the entry side, to transmit a packet belonging to a new flow to a destination address; and
a packet control command generation unit that sets, in one of the at least one second node located upstream of the first node along the packet forwarding path, a packet processing operation for writing flow identification information associated with an output port in a field of a packet header that is not referred to when the first node forwards a packet and rewriting address information in the packet header so that the packet reaches the second node on the exit side and then forwards the packet, and sets, in the second node located on the exit side of the packet forwarding path, a packet processing operation for causing a packet having the flow identification information given thereto to be transmitted from the port associated with the flow identification information.
According to a second aspect of the present invention, there is provided a control apparatus connected to a first node and at least one second node, the first node forwarding a received packet by referring to an address table associating a port of its own first node with address information of a node to which the received packet can be forwarded from the port; the at least one second node is provided on each of an ingress side and an egress side of a packet forwarding path passing through the first node, each of the at least one second node including a packet processing unit that processes a received packet in accordance with a packet processing operation that associates processing to be applied to the packet with a matching rule for identifying the packet to which the processing is to be applied, the control apparatus comprising:
a path search unit that determines a packet forwarding path, one of the at least one second node located on the exit side of the packet forwarding path, and an output port of the second node located on the exit side of the packet forwarding path, based on a request from one of the at least one second node located on the entry side, to transmit a packet belonging to a new flow to a destination address; and
a packet control command generation unit that sets, in one of the at least one second node located upstream of the first node along the packet forwarding path, a packet processing operation for writing flow identification information associated with an output port in a field of a packet header that is not referred to when the first node forwards a packet and rewriting address information in the packet header so that the packet reaches the second node on the exit side and then forwards the packet, and sets, in the second node located on the exit side of the packet forwarding path, a packet processing operation for causing a packet having the flow identification information given thereto to be transmitted from the port associated with the flow identification information.
According to a third aspect of the present invention, there is provided a communication method of a control apparatus connected to a first node and at least one second node, the first node forwarding a received packet by referring to an address table associating a port of its own first node with address information of a node to which the received packet can be forwarded from the port; the at least one second node is provided on each of an ingress side and an egress side of a packet forwarding path passing through the first node, each of the at least one second node includes a packet processing unit that processes a received packet in accordance with a packet processing operation that associates processing to be applied to the packet with a matching rule for identifying the packet to which the processing is to be applied, the communication method is for causing the packet to be forwarded from one of the at least one second node on the ingress side to one of the at least one second node on the egress side via the first node, the communication method including the steps of:
determining a packet forwarding path, a second node located at an exit side of the packet forwarding path, and an output port of the second node located at the exit side of the packet forwarding path based on a request from the second node located at the entry side to transmit a packet belonging to a new flow to a destination address;
setting, in one of the at least one second node located upstream of the first node along the packet forwarding path, a packet processing operation for writing flow identification information associated with the output port in a field in a packet header that is not referred to when the first node forwards the packet, and for rewriting address information in the packet header so that the packet reaches the second node on the exit side and then forwarding the packet; and
setting, in a second node located on an exit side of the packet forwarding path, a packet processing operation for causing a packet having flow identification information given thereto to be transmitted from a port associated with the flow identification information. The method is linked with a specific machine, which is a computer comprising a control device controlling the second node.
According to a fourth aspect of the present invention, there is provided a program for a computer including a control device connected to a first node and at least one second node, the first node forwarding a received packet by referring to an address table associating a port of its own first node with address information of a node to which the received packet can be forwarded from the port; the at least one second node provided on each of an ingress side and an egress side of a packet forwarding path passing through the first node, the at least one second node including a packet processing unit that processes a received packet in accordance with a packet processing operation that associates processing to be applied to the packet with a matching rule for identifying the packet to which the processing is to be applied, the program causing the computer to execute:
determining a packet forwarding path, one of the at least one second node located on an exit side of the packet forwarding path, and an output port of the second node located on the exit side of the packet forwarding path based on a request from one of the at least one second node located on the entry side to transmit a packet belonging to a new flow to a destination address;
setting, in one of the at least one second node located upstream of the first node along the packet forwarding path, a packet processing operation for writing flow identification information associated with the output port in a field in a packet header that is not referred to when the first node forwards the packet, and for rewriting address information in the packet header so that the packet reaches the second node on the exit side and then forwarding the packet; and
setting, in a second node located on an exit side of the packet forwarding path, a packet processing operation for causing a packet having flow identification information given thereto to be transmitted from a port associated with the flow identification information. The program may be recorded in a computer-readable recording medium. That is, the present invention may also be embodied as a computer program product.
Effects of the invention
According to the present invention, in an environment where a first forwarding node and a second node compatible with the specification in non-patent document 2 coexist, the constraint on the number of communication terminals allowed to tunnel can be eliminated, and the network load can also be reduced.
Drawings
Fig. 1 is a schematic diagram for explaining an outline of the present invention.
Fig. 2 shows a schematic diagram of the overall configuration of the first exemplary embodiment of the present invention.
Fig. 3 is a block diagram showing a detailed configuration of a control apparatus in the first exemplary embodiment of the present invention.
Fig. 4 shows a schematic diagram illustrating the operation of the first exemplary embodiment of the present invention.
Fig. 5 shows a flow chart of the operation of the first exemplary embodiment of the present invention.
Fig. 6 shows examples of different packet forwarding paths that can be implemented in the first exemplary embodiment of the present invention.
Fig. 7 shows a schematic diagram of the overall configuration of the second exemplary embodiment of the present invention.
Fig. 8 shows a schematic diagram of the configuration of the flow entry described in non-patent document 2.
Fig. 9 shows a table of correspondence between each field of the flow entry in fig. 8 and a layer.
Fig. 10 shows a table of names of actions and contents of actions described in non-patent document 2.
Fig. 11 shows a schematic diagram of a configuration in which a first node and a second node coexist.
Detailed Description
First, an outline of the present invention will be described with reference to the drawings. As shown in fig. 1, the present invention can be realized by an environment including a first node 260, second nodes (OFSs) 210 and 220, and a control apparatus 100. The first node 260 forwards the received packet by referring to an address table that holds information on the address of the node connected to the port of the own node (first node) 260. Each of the second nodes (OFSs) 210 and 220 includes a packet forwarding unit that processes a received packet according to a packet processing operation that associates processing to be applied to the packet with a matching rule for identifying the packet to which the processing is to be applied. At least one of the second nodes (OFSs) 210 and 220 is provided on each of an entry side and an exit side of the packet forwarding path passing through the first node. The control apparatus 100 sets a packet processing operation in (each of) the second nodes 210 and 220. With respect to the reference numerals attached to the drawings outlined herein, it is attached to each element for the sake of simplicity as an example for aiding in understanding the present disclosure, and is not intended to limit the present invention to the modes shown in the drawings.
The control apparatus 100 includes a path search unit and a packet control command generation unit. Based on a request for forwarding a packet from the second node 210 located on the exit side as viewed from the external node (e.g., the external node 310a) among the second nodes, the path search unit determines a packet forwarding path, the second node located on the exit side of the packet forwarding path, and an output port of the second node to transmit the packet belonging to the new flow to the destination address. The packet control command generation unit sets, in a second node (second node 210 in fig. 1) located upstream of the first node of the packet forwarding path, a packet processing operation for writing flow identification information associated with the output port in a field in the packet header that is not referred to when the first node forwards the packet, and for rewriting address information in the packet header so that the packet reaches the second node on the exit side, and then forwards the packet. The packet control command generation unit sets, in a second node located on an exit side of the packet forwarding path, a packet processing operation for causing a packet having flow identification information given thereto to be transmitted from a port associated with the flow identification information.
For example, it is assumed that when the external node 310a transmits a packet to the external node 320a, the control apparatus 100 determines to forward the packet in the order of the second node (OFS)210, the first node 260, and the second node (OFS)220 by referring to the network topology and the positions of the connections with the external node 310a and the external node 320a, and then causes the packet to be output from the first port of the second node (OFS) 220.
In this case, the control apparatus 100 sets, in the second node (OFS)210 on the ingress side, a packet processing operation for writing flow identification information (e.g., #1) associated with the output port in a field (e.g., IP ToS bit field in fig. 8) of the packet header that is not referred to when the first node 260 forwards the packet, and for rewriting the MAC address of the packet header to the MAC address of the second node on the egress side, and then forwarding the packet.
Further, the control apparatus 100 sets, in the second node (OFS)220 located on the exit side of the packet forwarding path, a packet processing operation that sets an action for causing a packet having flow identification information given thereto to be transmitted from the port associated with the flow identification information.
With the above arrangement, the packet header is rewritten at the second node (OFS)210 on the entry side. Accordingly, the packet transmitted from the external node 310a is forwarded in the order of the first node 260 and the second node (OFS)220 on the exit side, and then output from the first port of the second node 220, thereby reaching the external node 320 a.
In the present example, the contents of the packet header modified and written by the control apparatus 100 are the flow identification information (e.g., #1) and the address information for causing the packet to reach the second node 220 on the exit side. For this reason, the same address information can be used for the same path even if one or both of the external nodes are different. Therefore, there is little constraint on the number of terminals allowed to tunnel (the number of external nodes) based on the upper limit of the number of entries in the MAC address table described at the beginning of the specification. On the other hand, even if the same path is used, each flow can be identified by the flow identification information. Thus, the second node 220 can identify the forwarding destination for each flow.
(first exemplary embodiment)
Next, a first exemplary embodiment of the present invention is described in detail with reference to the drawings. Fig. 2 shows a schematic diagram of the overall configuration of the first exemplary embodiment. Referring to fig. 2, there is shown a configuration including a plurality of first nodes 260, second nodes (OFSs) 210 and 220, and a control apparatus (OFS)100A capable of controlling the second nodes (OFSs) 210 and 220.
Each of the first nodes 260 is a relay apparatus, such as a switching hub, a relay hub, or the like, which is not controlled by the control apparatus (OFC) 100A. The following description assumes that the first node 260 is a layer 2 switch (L2SW) equivalent to a switched hub.
Each of the second nodes (OFSs) 210 and 220 is a relay device equivalent to an openflow switch compatible with the specification in non-patent document 2, and includes a flow table holding packet processing operations (flow entries) and a packet processing unit for processing a received packet in accordance with the packet processing operations (flow entries). The external nodes 310a and 310b are connected to the second node (OFS)210, and the external nodes 320a and 320b are connected to the second node (OFS) 220. In the example of fig. 2, only the second nodes (OFSs) 210 and 220 are shown. The second node (OFS) may be disposed at any position other than the positions at which the second nodes (OFS)210 and 220 are disposed. As an example, the following configuration may also be employed: the second node (OFS) is provided between the first nodes 260 to forward a packet, rewrite a packet header, discard a packet, and the like according to the control of the control apparatus (OFC) 100A.
The external nodes 310a, 310b, 320a, and 320b are user terminals, servers providing services according to requests of the user terminals, VPN (virtual private network) clients connecting to a network according to requests of the user terminals, and the like.
The control apparatus (OFC)100A is an apparatus that controls the second nodes (OFSs) 210 and 220, similar to the open flow controller described in non-patent documents 1 and 2. The difference of the control apparatus (OFC)100A from the open flow controller in non-patent documents 1 and 2 is described below with reference to fig. 3.
In the following description, the second nodes (OFSs) 210 and 220 and the first node (L2SW)260 are collectively referred to as a "domain".
Fig. 3 shows a block diagram of a detailed configuration of the control apparatus (OFC) 100A. Referring to fig. 3, a configuration is shown which includes a node communication unit 101, a setting information acquisition unit 102, a processing target packet information acquisition unit 103, a path search unit 104, an external node position information storage unit 105, a topology information storage unit 106, a packet processing operation generation unit 107, a flow identifier management unit 108, a node information storage unit 109, a packet control command generation unit 110, and an external node layer 2 address storage unit 111. The node communication unit 101 communicates with each of the second nodes (OFSs) 210 and 220 for control. The setting information acquisition unit 102 acquires setting information from the outside. The processing target packet information acquisition unit 103 acquires information on a packet to be processed from the node communication unit 101 and the setting information acquisition unit 102. The path search unit 104 searches a forwarding path for a packet to be processed. The external node position information storage unit 105 stores the correspondence (matching rule) between each layer 3 address, the second nodes (OFSs) 210 and 220 each holding the layer 3 address, and the flow. The topology information storage unit 106 manages the topology including the second nodes (OFSs) 210 and 220 and the first node (L2 SW). The packet processing operation generation unit 107 performs generation of a packet processing operation (flow entry) including assigning a unique ID (hereinafter referred to as "flow identifier") capable of uniquely identifying a flow. The flow identifier management unit 108 manages the flow identifier and the action that can be allocated. The node information storage unit 109 stores each port of the second nodes (OFS)210 and 220 connected to the first node (L2SW)260 and an address (MAC address) used by each of the second nodes (OFS)210 and 220 for communication with the first node (L2SW) 260. The packet control command generation unit 110 causes each of the second nodes (OFSs) 210 and 220 to set the generated packet processing operation (flow entry) and perform the transmission operation of the learning packet. The external node layer 2 address storage unit 111 stores layer 2 addresses of the external nodes 310a to 320 b.
The configuration of the above-described respective processing units (processing means) of the control apparatus (OFC)100A shown in fig. 3 is set forth to explain the present invention explicitly. The configuration may be arbitrarily combined or further subdivided. The respective processing units (processing means) of the control apparatus (OFC)100A can also be realized by a computer program that causes a computer constituting the control apparatus (OFC)100A to execute each processing to be described using hardware of the computer.
The flow (matching rule) herein may be a matching condition (usable as a wildcard) in an arbitrary field in each layer shown in fig. 9. The ingress port of the second node may be designated for the flow.
The configuration of each unit of the control apparatus (OFC)100A is described below using, as an example, the case where a packet addressed to the external node 320b has entered the second node (OFS)210 from the external node 310b in fig. 4.
The node communication unit 101 establishes a control session with each of the second nodes (OFSs) 210 and 220, and performs transmission and reception of a control command. For the control command, the open flow protocol described in non-patent document 2 may be used. Alternatively, communication may be performed using CUI (command line interface) or SNMP (simple network management protocol) via Telnet.
The setting information acquisition unit 103 is a unit for reading setting information from an external file or database.
The processing target packet information acquisition unit 103 acquires the transmission destination layer 3 address of the packet to be processed through the node communication unit 101 and the setting information acquisition unit 102. When the control apparatus 100A receives a (Packet-in) message requesting setting of a Packet processing operation (flow entry) from the second node (OFS)210, the processing target Packet information acquisition unit 103 acquires an IP (internet protocol) address as a layer 3 address from information on a Packet or a Packet header received from the second node (OFS)210 through the node communication unit 101.
The path search unit 104 acquires the position of the external node corresponding to the layer 3 destination address, or the second node (OFS)220 located at the exit of the domain and to be the transmission destination and the flow (matching rule) from the external node position information storage unit 105, and then searches for a path according to the network topology stored in the topology information storage unit 106. In the following description, it is assumed that a path from the second node (OFS)210 as an entry of the domain to the second node (OFS)220 through the plurality of first nodes (L2SW)260 has been calculated for a packet addressed to the external node 320b, the packet being transmitted from the external node 310b in fig. 2.
The packet processing operation generation unit 107 assigns a unique ID (which will be referred to as a "flow identifier" hereinafter) capable of uniquely identifying a flow at the second node (OFS)220 as a transmission destination, specifies an action for causing forwarding processing from a predetermined port or the like to be performed, by referring to the flow identifier management unit 108, thereby generating a packet processing operation (flow entry). The packet processing operation generation unit 107 registers the flow identifier and the action that have been generated in the flow identifier management unit 108.
If the second node (OFS)220 can identify the flow, the flow identifier may be generated by various methods. As an example, the flow identifier may be generated as a unique combination key by merging one or both of the layer 3 transmit source address and the transmit destination layer 3 address. The flow identifier may be assigned to the unique combination key by also incorporating the input port of the second node (OFS)220 as the transmission destination. Alternatively, the flow identifier may be assigned to the unique combination key by combining one or both of the transmission source layer 2 address and the transmission destination layer 2 address for communication through the first node (L2SW) 260.
The actions may include: a command for adding an identifier for multiplexing the network at the egress port, and a command for causing the output of the packet from the designated port to be executed as described above. As the identifier for multiplexing at the egress port, TAG-VLAN ID of ieee802.1q, service VLAN TAG (S-TAG) of ieee802.1ad, service VLAN identifier (S-VID), customer VLAN TAG (C-TAG), and the like in ethernet (registered trademark) can be indicated. Alternatively, the label of MPLS (multi protocol label switching) operating on a layer called layer 2.5 may be used as an identifier for multiplexing at the egress port.
When the openflow protocol in non-patent document 2 is used as a control command, an Action in a Flow Mod message can be used as an Action. The OUTPUT port is specified using the OUTPUT command as an Action in the Flow Mod message. In addition, when the flow identifier is written in the IP ToS bit field, an action for updating the IP ToS bit field to zero may be added. When the TAG-VLAN ID is used as an identifier for multiplexing the network at the egress port, an action for rewriting the TAG-VLAN ID may be added. Of course, actions in Flow Mod messages other than those described above may be included.
The packet control command generating unit 110 generates a control command for causing each of the second nodes (OFSs) 210 and 220 to hold a packet processing operation (flow entry) and execute a specific process, and then transmits the control command to the second nodes (OFSs) 210 and 220 through the node communication unit 101.
Specifically, the packet control command generation unit 110 generates, for the second node (OFS)210, a command for modifying the header of the packet to be processed so that the header of the packet includes the flow identifier, a command for changing the transmission destination layer 2 address of the packet to the layer 2 address of the input port (input port for communication with the first node (L2SW) 260) of the second node (OFS)220 located on the exit side read from the node information storage unit 109, and a command corresponding to the action associated with the flow identifier read from the flow identifier management unit 108.
It is assumed that the flow identifier is included in the packet header. In this way, a field of a layer (a layer higher than layer 2) which is not referred to by the first node (L2SW) when the first node (L2SW) forwards a packet is used. For example, in the case of an IP packet, a service type field, an IP option field, or an ID field may be used. When the first node (L2SW)260 uses an identifier for multiplexing the network, the packet control command generation unit 110 may also generate a command for giving this identifier for multiplexing.
In addition to the transmission destination layer 2 address of the packet, the transmission source layer 2 address of the packet may be changed at the second node (OFS) 210. In this case, the packet control command generating unit 110 generates a command for changing the transmission source layer 2 address of the packet to the layer 2 address read from the node information storage unit 109 to be used by the second node (OFS)210 for communication with the first node (L2SW) 260.
When the open Flow protocol described in non-patent document 2 is used for these control commands, a Flow Mod (packet processing operation (Flow entry) add command) that specifies the sending destination layer 3 address may be used as the matching condition. Specifically, in the action field of the Flow Mod, the SET _ NW _ TOS command may be SET to change the Flow identifier, the SET _ DL _ DST command may be SET to change the destination layer 2 address, and the OUTPUT command may be SET to execute OUTPUT from the OUTPUT port. When the TAG-VLAN ID is used as an identifier for multiplexing the network at the first node 260, a process for setting a SET _ VLAN _ ID command and giving the packet a TAG-VLAN ID is added.
When failing to find a packet processing operation (flow entry) associated with a packet received from the first node (L2SW) as a result of the search of the flow table, the second node (OFS)210 may set the received packet to be discarded. Specifically, when the second node (OFS)210 receives a Packet other than the electrical continuity for checking the path at its port for communication with the first node (L2SW)260, a Packet processing operation (flow entry) for dropping (discarding) this Packet may be set in a lower order position of the flow table, thereby avoiding sending a Packet-in message to the control apparatus (OFC) 100A. Regarding the broadcast Packet, the priority of the broadcast Packet may be set to low and may be set to drop (discard) in advance, thereby avoiding transmission of the Packet-in message to the control apparatus (OFC) 100A. With this setting, the load on the control apparatus (OFC)100A can be reduced.
For the second node (OFS)220, the packet control command generation unit 110 identifies a flow from the flow identifier of the packet received at the input port of the second node (OFS)220, which has been modified at the second node (OFS)210, and then reads the layer 2 address of the external node associated with the transmission destination layer 3 address from the external node layer 2 address storage unit 111. Then, the packet control command generating unit 110 generates a command for changing the transmission destination layer 2 address of the packet to the layer 2 address of the external node. The packet control command generation unit 110 also generates a command for specifying an action (matching rule) associated with the flow. The packet control command generation unit 110 may generate a command for adding an identifier for multiplexing the network to the header of the packet, if necessary.
As the flow identifier, a flow identifier capable of uniquely identifying the flow may be used. One or both of the sending destination layer 3 address and the sending source layer 3 address may be combined to allow identification of the stream and the identifier used to multiplex layer 2. In addition to these methods for generating the flow identifier, another method of incorporating the input port into the flow identifier for use may be employed.
The second node (OFS)220 can change the transmission source layer 2 address of the packet in addition to the transmission destination layer 2 address of the packet. In this case, the packet control command generating unit 110 may read a layer 2 address associated with the transmission source layer 3 address from the external node layer 2 address storage unit 111, and may generate a command for changing the transmission source layer 2 address of the packet.
When the open Flow protocol described in non-patent document 2 is used for these control commands, Flow Mod specifying the IPToS bit field may be used as the matching condition. A Flow Mod specifying one or both of the sending source layer 3 address and the sending destination layer 3 address may be used according to the assigned Flow identifier. Specifically, in the action field of the Flow Mod, the SET _ DL _ DST command may be SET to change the destination layer 2 address, and the OUTPUT command may be SET to execute OUTPUT from the OUTPUT port. In this case, the IP TOS bit field may be updated to zero by the SET _ NW _ TOS command. When the TAG-VLAN ID is used as an identifier for multiplexing the network, an action for giving TAG VLAN ID the packet is added.
When the second node (OFS)220 receives a Packet other than the electrical conduction for checking a path at its port for communication with the first node (L2SW)260, a Packet processing operation (flow entry) for setting the priority of the Packet low and for dropping (discarding) the Packet may be set, thereby avoiding sending a Packet-in message to the control apparatus (OFC) 100A. Regarding the broadcast Packet, the priority of the broadcast Packet may be set to low and may be set to drop (discard) in advance, thereby avoiding transmission of the Packet-in message to the control apparatus (OFC) 100A. With this setting, the load on the control apparatus (OFC)100A can be reduced.
A method for indirectly controlling the first node (L2SW) by the control apparatus (OFC)100A will now be described. When the first node (L2SW)260 includes a function of learning an address table for packet forwarding, like the switching hub, the packet control command generating unit 110 controls the second node (OFS)220 to periodically generate and transmit a learning packet, the transmission source layer 2 address of which is set to the layer 2 address of the port of the second node (OFS)220, to the first node (L2SW) 260. With this setting, the first node (L2SW)260 can update the address table. Instead of sending the learning packet, the following method may also be adopted: the first node (L2SW)260 is caused to rewrite the address table for packet forwarding through the second nodes 210 and 220 so that a packet addressed to the layer 2 address of the second node (OFS)220 arrives at the second node (OFS) 220.
Preferably, the transmission interval of the learning packet or the update interval of the address table is less than the timeout value for each entry in the address table (e.g., less than 300 seconds when the first node (L2SW)260 is a switching hub and the timeout value for the MAC address table is an initial value of 300 seconds).
Next, the operation of the present exemplary embodiment will be described in detail with reference to fig. 4 and 5. As shown in fig. 4, when the external node 310b (whose IP address is 192.168.0.2) transmits a Packet to the external node 320b (whose IP address is 192.168.1.4) (step S001), the second node 210 transmits a (Packet-in) message requesting the setting of the Packet processing operation (flow entry) to the control apparatus (OFC) 100A.
The control apparatus (OFC)100A having received the (Packet-in) message requesting the Packet processing operation (flow entry) setting executes a series of operations shown in fig. 5.
Referring to fig. 5, when the node communication unit 101 obtains information on a Packet to be processed received through a Packet-in message (step a1), the processing target Packet information acquisition unit 103 acquires a transmission destination layer 3 address (IP address: 192.168.1.4) of the Packet to be processed from the node communication unit 101 (step a 2).
Based on the layer 3 destination address (IP address: 192.168.1.4), the path search unit 104 acquires the second node (OFS)220 to be the transmission destination and the flow (matching rule) from the external node position information storage unit 105 to search for a path according to the network topology stored in the topology information storage unit 106 (step a 3).
Next, the packet processing operation generation unit 107 refers to the flow identifier management unit 108, generates a flow identifier and an action to be given to the packet belonging to the flow, and then generates a packet processing operation (flow entry) to be set in each of the second nodes (OFSs) 210 and 220 (step a 4).
Finally, the grouping control command generating unit 110 sends a command for control including setting of the grouping processing operation to each of the second nodes (OFSs) 210 and 220 through the node image unit 101 (step a 5).
As a result, as shown in step S002 in fig. 4, a packet processing operation (flow entry) for rewriting the transmission source layer 2 address and the transmission destination layer 2 address as the layer 2 address (MAC #1-2) of the transmission port of the second node (OFS)210 and the layer 2 address (MAC #2-2) of the second node (OFS)220 on the exit side, respectively, and for giving the flow identifier to the IP ToS bit field is set in the second node (OFS) 210.
Further, as shown in step S003 in fig. 4, a packet processing operation (flow entry) for rewriting the transmission source layer 2 address and the transmission destination layer 2 address into the layer 2 address (VRouter) of the second node (OFS)220 and the layer 2 address (SV #4) of the transmission destination external node 320b, respectively, and then outputting the packet according to the flow identifier given to the IP ToS bit field is set in the second node (OFS) 220.
Further, since the control apparatus (OFC)100A periodically floods the second node (OFS)220 with the learning packet, the first node 260 learns the port information for forwarding the learning packet to the second node (OFS) 220.
With the above arrangement, packet forwarding using the path shown by the thick arrow line at the bottom of the page in fig. 4 is realized. In this case, a packet forwarded using the same path can also be distinguished by a flow identifier given to the packet and a VLAN TAG given as needed.
As described above, according to the present exemplary embodiment, even in a network in which the first node 260 that cannot be directly controlled by the control apparatus (OFC)100A coexists, a desired path can be set without being constrained by the number of external nodes, and different flows having the same layer 3 address can be distinguished.
Further, as described above, in the present exemplary embodiment, an action of giving or changing an identifier (e.g., VLAN TAG) for identifying the multiplexing network is performed. Thereby, the network can be multiplexed at the output port of the second node 220 on the egress side.
Although omitted In the above-described exemplary embodiment, packets other than packets to be processed (e.g., layer 2 packets other than IP packets) may be forwarded using Packet-In messages and Packet-Out messages for the control apparatus (OFC)100A, as shown In fig. 6. With this setting, even if the priority of a packet other than the specified packet is set to be low and a packet other than the specified packet is set to be dropped (discarded) at the second nodes 210 and 220, the layer 2 packet can be forwarded.
Although omitted in the above exemplary embodiment, it is of course possible to regularly check electrical continuity between ports of the first node 260 through unicast.
(second exemplary embodiment)
Next, a second exemplary embodiment of the present invention obtained by modifying the first exemplary embodiment is described. Fig. 7 shows a schematic diagram of the overall configuration of the second exemplary embodiment of the present invention. The second exemplary embodiment differs from the first exemplary embodiment in that: a second node (OFS)230 not connected to any external node is added between the second node (OFS)210 and the first node (L2SW)260, and a second node (OFS)240 connected to the external nodes 330a and 330b is added to the second node (OFS) 220.
Hereinafter, a configuration in which the second nodes are directly connected to each other is referred to as a sub-domain. Referring to fig. 7, the second node (OFS)210 and 230 will be referred to as a sub-domain 1, and the second node (OFS)220 and 240 will be referred to as a sub-domain 2. Thus, the whole including the first node between the sub-domain 1 and the sub-domain 2 and the sub-domain 1 and the sub-domain 2 is referred to as a domain.
The control apparatus 100A in the second exemplary embodiment of the present invention has substantially the same configuration as the control apparatus 100A in the first exemplary embodiment, except that the node communication unit 101 is connected to the second nodes (OFSs) 210 to 240. Therefore, the description will be made focusing on the difference in operation.
The following description assumes that the path search unit 104 of the control apparatus 100A has searched for a path from the second node (OFS)210 to the second node (OFS)240 via the second node (OFS)230, the first node (L2SW)260, and the second node (OFS)220, for a packet addressed from the external node 310b to the external node 330 b.
In this case, the packet processing operation generation unit 107 assigns a unique ID (hereinafter referred to as a flow identifier) capable of uniquely identifying a flow in the sub-domain (sub-domain 2) to which the second node (OFS) (closest to the exit side) in the last stage of the path belongs. The second exemplary embodiment differs from the first exemplary embodiment in this respect.
The packet control command generating unit 110 generates a control command and transmits the control command to the second node (OFS)210, the second node (OFS)230, the second node (OFS)220, and the second node (OFS)240 through the node communication unit 101.
Specifically, the packet control command generation unit 110 generates a command for the second node (OFS)210 to forward a packet to be processed to the second node (OFS) 230. The packet control command generating unit 110 may also generate a command for changing the transmission destination layer 2 address of the packet to be forwarded to an arbitrary ID for identifying the flow, thereby identifying the flow at the second node within the same subzone using the transmission destination layer 2 address.
The packet control command generation unit 110 generates a command for modifying the header of the packet to be processed so that the header includes the flow identifier, for the second node (OFS) 230. The packet control command generation unit 110 obtains the layer 2 address of the input port of the second node (the second node 220 in fig. 7) in the subsequent stage of the first node 260 disposed on the path with respect to the first node 260, and then generates a command for changing the transmission destination layer 2 address of the packet to the obtained layer 2 address. The packet control command generation unit 110 generates a command for specifying a flow (matching rule) at the second node 230.
As in the first exemplary embodiment, a field that is not referred to when the first node 260 forwards a packet is used as a storage field for the flow identifier. For example, in the case of an IP packet, a service type field, an IP option field, or an ID field may be used. When an identifier for multiplexing the network is used at the first node 260, the packet control command generation unit 110 generates a command for giving this identifier for multiplexing.
The packet control command generating unit 110 may read the layer 2 address of the port of the second node 230 connected to the first node 260 from the node information storage unit 109, and then may generate a command for changing the transmission source layer 2 address of the packet to be processed to the layer 2 address of the second node.
The packet control command generation unit 110 generates, for the second node (OFS)220, a command for forwarding a packet (which has been modified at the second node (OFS)230 and has been received from an input port of the first node 260) to the second node (the second node 240 in fig. 7) on the exit side according to the flow identifier in the packet header. The packet control command generating unit 110 may also generate a command for changing the transmission destination layer 2 address of the packet to be forwarded to an arbitrary ID for identifying the flow, thereby identifying the flow at the second node within the same subzone using the transmission destination layer 2 address. In this case, a receiving destination layer 2 address may be used instead of a sending destination layer 2 address. Alternatively, both the receiving destination layer 2 address and the transmitting destination layer 2 address may be used in combination.
For the second node (OFS)240, the packet control command generating unit 110 acquires the layer 2 address of the external node associated with the layer 3 address of the transmission destination from the external node layer 2 address storage unit 111 with respect to the packet which has been modified at the second node (OFS)230 and has been received from the second node (OFS) 220. Then, the packet control command generating unit 110 generates a command for changing the transmission destination layer 2 address of the packet to be processed to the obtained layer 2 address, and generates a command for outputting the packet from the corresponding port of the second node (OFS)240 according to the flow identifier of the packet to be processed. If necessary, a command for adding an identifier for multiplexing the network to the header is generated.
Alternatively, the packet control command generating unit 110 may read a layer 2 address corresponding to the transmission source layer 3 address from the external node layer 2 address storage unit 111, and then may generate a command for changing the transmission source layer 2 address of the packet to be processed to the read layer 2 address.
As described above, the present invention can be implemented even in an environment in which 3 or more second nodes are respectively connected to external nodes to constitute a sub-domain.
In the second exemplary embodiment described above, a unique ID (hereinafter referred to as a flow identifier) capable of uniquely identifying a flow is assigned in the sub-domain (sub-domain 2) to which the second node (OFS) in the last stage (closest to the exit side) of the path belongs. However, the flow identifier may be allocated separately, or the L2 and L3 addresses and the flow identifier may be combined to be allocated at the first node 260.
The packet control command generation unit 110 generates a command for the second node (OFS)220 to forward a packet to be processed to the second node (OFS) 240. The packet control command generating unit 110 may also generate a command for changing the destination layer 2 address of the packet to an arbitrary ID for identifying the flow at the second node (OFS)220, thereby identifying the flow at the second node within the same sub-domain using the destination layer 2 address.
The foregoing description is directed to preferred exemplary embodiments of the invention. However, the present invention is not limited to the above-described exemplary embodiments. Other modifications, substitutions, and adaptations may be added without departing from the basic technical concept of the present invention. For example, in the first exemplary embodiment described above, a description is given showing a configuration including two second nodes, four first nodes, and four external nodes. The respective numbers of the second node, the first node, and the external node are not limited to these values.
In each of the above exemplary embodiments, the description is given assuming that each external node is directly connected to the second node. The present invention can also be applied to the following configurations: a first node or a second node belonging to a different network is interposed between the external node and the second node.
In each of the above-described exemplary embodiments, the description is given assuming that the openflow switch described in non-patent document 2 is used as the second node. A relay device other than the openflow switch can also be used if it can recognize a specific flow from an external command, rewrite an arbitrary header field, and perform packet forwarding processing. The following configuration may also be employed: the relay device can set a path and rewrite a packet by specifying an arbitrary packet matching condition using CLI (command line interface) via Telnet. The exemplary embodiments can be modified and adjusted within the scope of the entire disclosure of the present invention (including claims) and based on the basic technical concept of the present invention. Various combinations and selections of the various disclosed elements may be made within the scope of the claims of the present invention. That is, the present invention certainly encompasses various changes and modifications that may be made by those skilled in the art in light of the overall disclosure including the claims and technical concepts.
Finally, preferred modes of the invention are summarized.
(first mode)
(see the communication system in the first aspect above)
(second exemplary embodiment)
The communication system according to the first mode, wherein,
the control device includes a node information storage unit that stores address information given to each port of at least one second node connected to the first node; and
the control apparatus causes the second node located upstream of the first node to rewrite address information about a destination in a packet header to the address information of the second node by referring to the node information storage unit.
(third mode)
The communication system according to the first or second mode, wherein,
the control device includes an external node address storage unit that stores address information of an external node connected to each of the at least one second node; and
the control apparatus causes the second node located on the exit side to change address information changed by the second node located upstream of the first node to the address information of the external node by referring to the external node address storage unit.
(fourth mode)
The communication system according to any one of the first to third modes, wherein,
the control device causes the second node connected to the first node to transmit a learning packet at predetermined time intervals to update the address table of the first node, the learning packet causing the first node to learn the address information of the first node.
(fifth mode)
The communication system according to the fourth mode, wherein
The control device causes the second node to transmit a learning packet at an interval less than a timeout period for an entry in the address table maintained by the first node.
(sixth mode)
The communication system according to any one of the first to fifth modes, wherein,
the control device causes the second node to assign an identifier for multiplexing a network to one of header fields of the packet to be transmitted.
(seventh mode)
The communication system according to any one of the first to sixth modes, wherein,
the at least one second node is arranged to: discarding the received packet when the packet processing operation associated with the received packet cannot be found as a result of matching the packet received from the first node with reference to the matching rule.
(eighth mode)
The communication system according to any one of the first to seventh modes, wherein,
the address information is a MAC address (media access control address), and the first node is a layer 2 switch that forwards the packet by referring to a MAC address table as the address table.
(ninth mode)
The communication system according to any one of the first to eighth modes, wherein,
the control device gives at least an identifier unique in a sub-domain to which the second node is directly connected, as the flow identification information.
(tenth mode)
(see the control device in the second aspect described above)
(eleventh mode)
(see the communication method in the third aspect described above)
(twelfth mode)
(see procedure in the fourth aspect described above)
List of reference numerals
100, 100A control device (OFC)
101 node communication unit
102 setting information acquiring unit
103 process target packet information acquiring unit
104 path search unit
105 external node position information storage unit
106 topology information storage unit
107 packet processing operation generating unit
108 flow identifier management unit
109 node information storage unit
110 packet control command generating unit
111 external node level 2 address storage unit
210-240 second node (OFS)
260 first node (L2SW)
310a-330b external nodes
Claims (12)
1. A communication system, comprising:
a first node forwarding a received packet by referring to an address table associating a port of its own first node with address information of a node to which the received packet can be forwarded from the port;
at least one second node provided on each of an ingress side and an egress side of a packet forwarding path passing through the first node, each of the at least one second node including a packet processing unit that processes the received packet according to a packet processing operation that associates a process to be applied to the packet with a matching rule for identifying the packet to which the process is to be applied; and
a control device that sets the packet processing operation in the second node;
the control apparatus includes:
a path search unit determining a packet forwarding path, at least one second node located at the exit side of the packet forwarding path, and an output port of the second node located at the exit side of the packet forwarding path based on a request from the at least one second node located at the entry side to transmit the packet belonging to a new flow to a destination address; and
a packet control command generation unit that sets a packet processing operation in one of the at least one second node located upstream of the first node along the packet forwarding path, the packet handling operation is to write flow identification information associated with the output port in a field of a packet header that is not to be consulted when the first node forwards the packet, and for rewriting address information in the packet header so that the packet arrives at the second node on the egress side, and then forwards the packet, the packet control command generation unit sets a packet processing operation in the second node located on the exit side of the packet forwarding path, the packet processing operation is for causing the packet having the flow identification information assigned thereto to be transmitted from the port associated with the flow identification information.
2. The communication system of claim 1,
the control device includes a node information storage unit that stores address information given to each port of the at least one second node connected to the first node; and
the control apparatus causes the second node located upstream of the first node to rewrite the address information about a destination in the packet header to the address information of the second node by referring to the node information storage unit.
3. The communication system of claim 2,
the control device includes an external node address storage unit that stores address information of an external node connected to the at least one second node; and
the control apparatus causes the second node on the exit side to change the address information changed by the second node upstream of the first node to the address information of the external node by referring to the external node address storage unit.
4. The communication system according to any one of claims 1 to 3,
the control device causes the second node connected to the first node to transmit a learning packet at predetermined time intervals to update the address table of the first node, the learning packet causing the first node to learn the address information of the first node.
5. The communication system of claim 4, wherein
The control device causes the second node to transmit the learning packet at a time interval shorter than a timeout period for each entry in the address table held by the first node.
6. The communication system according to any one of claims 1 to 5,
the control device causes the second node to assign an identifier for multiplexing a network to one of header fields of the packet to be transmitted.
7. The communication system according to any one of claims 1 to 6,
each of the at least one second node is arranged to: discarding the received packet when the packet processing operation associated with the received packet cannot be found as a result of matching the packet received from the first node against the matching rule.
8. The communication system according to any one of claims 1 to 7,
the address information is a media access control, MAC, address, and the first node is a layer 2 switch that forwards the packet by referring to a MAC address table as the address table.
9. The communication system according to any one of claims 1 to 8,
the control device gives at least an identifier unique in a sub-domain to which the second node is directly connected, as the flow identification information.
10. A control apparatus connected to a first node and at least one second node, the first node forwarding a received packet by referring to an address table associating a port of its own first node with address information of a node to which the received packet can be forwarded from the port; the at least one second node is provided on each of an entry side and an exit side of a packet forwarding path passing through the first node, each of the at least one second node including a packet processing unit that processes the received packet according to a packet processing operation that associates processing to be applied to the packet with a matching rule for identifying the packet to which the processing is to be applied, the control apparatus comprising:
a path search unit that determines a packet forwarding path, one of the at least one second node located on the exit side of the packet forwarding path, and an output port of the second node located on the exit side of the packet forwarding path, based on a request from one of the at least one second node located on the entry side, to transmit the packet belonging to a new flow to a destination address; and
a packet control command generation unit that sets a packet processing operation in one of the at least one second node located upstream of the first node along the packet forwarding path, the packet handling operation is to write flow identification information associated with the output port in a field of a packet header that is not to be consulted when the first node forwards the packet, and for rewriting address information in the packet header so that the packet arrives at the second node on the egress side, and then forwards the packet, the packet control command generation unit sets a packet processing operation in the second node located on the exit side of the packet forwarding path, the packet processing operation is for causing the packet having the flow identification information assigned thereto to be transmitted from the port associated with the flow identification information.
11. A communication method of a control apparatus connected to a first node and at least one second node, the first node forwarding a received packet by referring to an address table associating a port of its own first node with address information of a node to which the received packet can be forwarded from the port; the at least one second node is provided on each of an entry side and an exit side of a packet forwarding path passing through the first node, each of the at least one second node includes a packet processing unit that processes the received packet in accordance with a packet processing operation that associates processing to be applied to the packet with a matching rule for identifying the packet to which the processing is to be applied, the communication method is for causing the packet to be forwarded from one of the at least one second node located on the entry side to one of the at least one second node located on the exit side via the first node, the communication method includes the steps of:
determining, based on a request from the second node located on the ingress side, a packet forwarding path, the second node located on the egress side of the packet forwarding path, and an output port of the second node located on the egress side of the packet forwarding path to send the packet belonging to a new flow to a destination address;
setting, in one of the at least one second node located upstream of the first node along the packet forwarding path, a packet processing operation for writing flow identification information associated with the output port in a field of a packet header that is not referred to when the first node forwards the packet, and for rewriting address information in the packet header so that the packet reaches the second node on the egress side and then forwarding the packet; and
setting, in the second node located on the exit side of the packet forwarding path, a packet processing operation for causing the packet having the flow identification information given thereto to be transmitted from a port associated with the flow identification information.
12. A program for a computer, the computer comprising a control device connected to a first node and at least one second node, the first node forwarding a received packet by referring to an address table associating a port of its own first node with address information of a node to which the received packet can be forwarded from the port; the at least one second node is provided on each of an ingress side and an egress side of a packet forwarding path passing through the first node, the at least one second node includes a packet processing unit that processes the received packet according to a packet processing operation that associates processing to be applied to the packet with a matching rule for identifying the packet to which the processing is to be applied, the program causes the computer to execute:
determining a packet forwarding path, one of the at least one second node located on the exit side of the packet forwarding path, and an output port of the second node located on the exit side of the packet forwarding path, based on a request from one of the at least one second node located on the entry side, to send the packet belonging to a new flow to a destination address;
setting, in one of the at least one second node located upstream of the first node along the packet forwarding path, a packet processing operation for writing flow identification information associated with the output port in a field of a packet header that is not referred to when the first node forwards the packet, and for rewriting address information in the packet header so that the packet reaches the second node on the egress side and then forwarding the packet; and
setting, in the second node located on the exit side of the packet forwarding path, a packet processing operation for causing the packet having flow identification information given thereto to be transmitted from the port associated with the flow identification information.
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP2010-185429 | 2010-08-20 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| HK1179781A true HK1179781A (en) | 2013-10-04 |
Family
ID=
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103026669B (en) | Communication system, control apparatus, and communication method | |
| KR100612318B1 (en) | Apparatus and method for implementing vlan bridging and a vpn in a distributed architecture router | |
| US9584568B2 (en) | Signal processing apparatus and signal processing method thereof for implementing a broadcast or a multicast communication | |
| CN102792646B (en) | Communication system, control device, communication means | |
| CN102187625B (en) | Transport multiplexer - mechanisms to force Ethernet traffic from one domain to be switched in a different (external) domain | |
| US9215175B2 (en) | Computer system including controller and plurality of switches and communication method in computer system | |
| US8005081B2 (en) | Evolution of ethernet networks | |
| US7486674B2 (en) | Data mirroring in a service | |
| EP2466807A1 (en) | IP Forwarding across a Link State Protocol Controlled Ethernet Network | |
| US20090074413A1 (en) | System and method for providing transparent lan services | |
| US20120163384A1 (en) | Packet Transport Node | |
| KR20070095374A (en) | Connected communication method for connectionless communication traffic | |
| CN101877677B (en) | Tunnel switching method and system for multi-protocol label switching services | |
| CN112671650B (en) | End-to-end SR control method, system and readable storage medium under SD-WAN scene | |
| JP5576959B2 (en) | Data stream filtering apparatus and method | |
| CN101107824A (en) | Connection-oriented communication scheme for connectionless communication traffic | |
| US10587508B2 (en) | Ethernet frame transmission method in software defined networks (SDN) | |
| US7782856B1 (en) | Forwarding data packets having tags conforming to different formats | |
| US20030208525A1 (en) | System and method for providing transparent lan services | |
| CN112737951B (en) | End-to-end SR control method, system and readable storage medium in public and private network mixed scene | |
| HK1179781A (en) | Communication system, control apparatus, communication method and program | |
| JP5853758B2 (en) | Communication apparatus and bandwidth control method | |
| US7801149B1 (en) | Packet forwarding using intermediate policy information | |
| Priano et al. | Technical Comparison of FANS Models: Q-in-Q, VXLAN and MPLS in Shared Networks. | |
| CN106105113A (en) | Communication node, control device, communication system, communication means and program |