HK1180495A - Network system and network managing method - Google Patents

Description

Network system and network management method

Technical Field

The present invention relates to a network system, and more particularly, to a network system using a CU (C: control plane/U: user plane) split type network.

Background

A system in which a user plane (such as a switch and a terminal) is controlled by a control plane (such as an external controller) is called a system of a CU (C: control plane/U: user plane) split type architecture. A network configured based on the CU separation type architecture is referred to as a CU separation type network.

An OpenFlow network using an OpenFlow technique that controls switches from a controller to perform routing control of a network is taken as an example of the CU separation type network.

(description of OpenFlow network)

In an OpenFlow network, a controller such as an OFC (OpenFlow controller) manipulates a flow table of a switch such as an OFC (OpenFlow switch) to control the behavior of the switch. The controller and the switch are connected by a secure channel in which the controller controls the switch using a control message conforming to the OpenFlow protocol.

A switch in an OpenFlow network configures the OpenFlow network and is referred to as an edge switch or a core switch under control of a controller. In the OpenFlow network, a series of packet transfer processes from receiving a packet at an input-side edge switch to transmitting the packet at an output-side edge switch is called a flow.

The flow table (flow table) is a table in which a flow table entry (flow table entry) defining predetermined processing contents (action) to be executed on a packet (communication data) matching a predetermined matching condition (rule) is registered.

The rules of the flow entry may be distinguished and defined based on various combinations of any or all of the destination address, source address, destination port, and source port included in the header region of the packet in the protocol layer. It should be noted that the above-mentioned addresses are assumed to include a MAC (media access control) address and an IP (internet protocol) address. Furthermore, in addition to the above, information about the ingress port may be used as part of the rules of the flow entry.

The action of the flow entry indicates an action of "output to a particular port", "discard", or "rewrite the header". For example, if identification information (output port number) of an output port is indicated for the action of the flow entry, the switch outputs the packet to the port corresponding to the identification information, whereas if the identification information of the output port is not indicated, the switch discards the packet. Alternatively, if header information is indicated for the action on the flow entry, the switch rewrites the header of the packet based on the header information.

A switch in the OpenFlow network performs an action defined in a flow entry on a packet group (packet sequence) that satisfies a rule of the flow entry.

Details of the OpenFlow technique have been described in non-patent documents 1 and 2.

When a Virtual Machine (VM) operates on a server under a switch in a network system using the OpenFlow technique, a request controller receives an ARP (address resolution protocol) request from the generated virtual machine through the switch whenever the virtual machine is generated on the server under the switch. Further, the request controller identifies identification information and location information (server information) of the virtual machine, and sets a flow entry for a packet destined to the virtual machine to the switch. Therefore, such a process is concentrated on the controller, and thus a large load is imposed on the controller.

For example, when tens of virtual machines operate on each of thousands of physical servers connected to a network, a total of tens to hundreds of thousands of virtual machines are in an operating state. When the controller receives an APR request from each virtual machine not from the physical server, identifies identification information and location information of the virtual machine, and sets a flow entry for a packet destined to the virtual machine to the switch based on these information, the load applied to the controller is enormous.

List of cited documents

[ non-patent document 1] "The OpenFlow Switch Consortium" < http:// www.openflowswitch.org/>)

[ non-patent document 2] "OpenFlow Switch Specification version1.0.0(Wire Protocol0x01) Decumber 31, 2009" < http:// www.openflowswitch.org/documents/OpenFlow-spec-v1.0.0.pdf >

Disclosure of Invention

An object of the present invention is to provide a network system in which a controller manages identification information of a virtual machine operating on a server under a switch and identification information of the server, and sets a flow entry to the switch in parallel with generation of the virtual machine and migration operation.

The network system according to the present invention includes: a management system configured to manage a network; a controller configured to maintain information of a server according to a setting from the management system; and a switch that configures the network and is configured to: registering a flow entry in accordance with control from the controller, rules and actions being defined in the flow entry to uniformly control packets as a flow; and performing the action of the flow entry on a packet matching the rule of the flow entry. The controller calculates a communication route to the server based on the set information of the server, and sets a flow entry for a packet destined to the server to the switch.

The controller according to the present invention comprises: a storage unit that holds information of a server set by a management system that manages a network; and a processing section that calculates a communication route to the server based on the set information of the server, and sets a flow entry for a packet destined to the server to a switch that configures the network and transmits a reception packet according to the set flow entry.

In the network management method according to the present invention, a computer serving as a controller holds information of a server set from a management system that manages a network. Further, the controller calculates a communication route to the server based on the set information of the server, and sets a flow entry for a packet destined to the server to a switch that configures the network and transmits a reception packet according to the set flow entry.

A program according to the present invention is a program for causing a computer to execute the steps of: information of a server set from a management system that manages a network is held, a communication route to the server is calculated based on the set information of the server, and a flow entry for a packet destined to the server is set to a switch that configures the network and transmits a reception packet according to the set flow entry. It should be noted that the program according to the present invention may be stored in a storage unit and a storage medium.

In this way, in the network system using the OpenFlow technique, when a virtual machine is generated on a server under a switch, the load imposed on the controller can be reduced.

Drawings

Fig. 1 is a conceptual diagram showing a configuration example of a network system according to the present invention;

fig. 2 is a diagram showing a process of checking preset information and actually detected information in the present invention;

fig. 3 is a flowchart showing a registration process of setting information in the present invention;

fig. 4 is a flowchart showing a change process of setting information in the present invention;

fig. 5 is a functional block diagram showing a configuration example of a controller according to the present invention.

Detailed Description

The present invention relates to a CU separation type network. Here, as an example, an OpenFlow network which is one of CU separation type networks will be described. It should be noted that the present invention is not limited to OpenFlow networks.

[ first example embodiment ]

A first exemplary embodiment of the present invention will be described with reference to the accompanying drawings.

(System configuration)

As shown in fig. 1, the network system according to the present invention includes a management system 10, a controller (OFC: OpenFlow controller) 20, a switch 30, a server 40, a Virtual Machine (VM)50, and a router 60.

There may be multiple management systems 10, multiple controllers 20, multiple switches 30, multiple servers 40, multiple virtual machines 50, and multiple routers 60. That is, it is assumed that there are at least one management system 10, one controller 20, one switch 30, one server 40, one virtual machine 50, and one router 60.

The management system 10 manages nodes or services in the CU separation type network. The management system 10 manages switches, routers, and servers. For example, the management system 10 manages a network by using hardware and software configurations for implementing NMS (network management system) or EMS (element management system). Further, the management system 10 sets, as virtual machine information (VM information), a virtual MAC address and a virtual IP address of each virtual machine and a physical MAC address of a server on which the virtual machine operates to the controller 20. Here, it is assumed that the virtual machine information is set in the management system 10 in advance.

It should be noted that virtual MAC addresses, virtual IP addresses, physical MAC addresses are only examples of location information on the network. In fact, the location information is not limited to the MAC address or the IP address, as long as it is information for identifying the virtual machine or the server.

The controller 20 controls the CU separate type network. The controller 20 performs routing control of the switch 30 according to the setting of the management system 10. Here, it is assumed that the controller 20 is a controller compliant with the 0penFlow technology, and sets a flow entry for a packet destined to a server to a switch based on a physical MAC address of the server notified from any switch 30.

Further, according to the setting of the management system 10, the controller 20 holds, as virtual machine information, a table in which the virtual MAC address and the virtual IP address of each virtual machine and the physical MAC address of the server on which the virtual machine operates are associated with each other. As shown in fig. 2, the controller 20 checks the physical MAC address of the server set by the management system 10 and the physical MAC address of the server notified from the switch 30, and associates the two with each other if the physical MAC addresses match each other. Further, the controller 20 sets a flow entry for a packet destined to the virtual machine to the switch 30 based on the virtual MAC address and the virtual IP address of the virtual machine on the server.

Referring to fig. 2, the controller 20 checks the physical MAC address of the server ("SV 1 MAC" of VM information ") set by the management system 10 and the physical MAC address of the server (" SV1 MAC "of server information") notified from the switch 30. Here, the above physical MAC addresses match each other, and therefore the controller 20 associates the above physical MAC addresses with each other, and sets flow entries for packets destined to the virtual machines to the switch 30 based on the virtual MAC addresses and the virtual IP addresses ("VM 1 MAC" and "VM 1 IP" of the "VM information") of the virtual machines on the servers.

Further, when a change in the physical MAC address of the server on which the virtual machine operates is notified by the setting of the management system 10, the controller 20 sets a change in the flow entry for the packet destined to the virtual machine to the switch 30. For example, when the switch 30 on the current route is changed due to a change in the physical MAC address of the server, the controller 20 deletes the flow entry that has been set to the switch 30 on the current route for the packet destined to the virtual machine, and sets the flow entry for the packet destined to the virtual machine to the switch 30 corresponding to the changed server.

Further, when an ARP (address resolution protocol) request is transmitted from the virtual machine after setting a flow entry for a packet destined to the virtual machine to the switch 30, the controller receives the ARP request from the virtual machine through the switch 30, and refers to the virtual MAC address and the virtual IP address of the virtual machine held as the virtual machine information. Accordingly, the controller 20 transmits an ARP response to the virtual machine based on the relevant information.

Each switch 30 performs packet transmission in the CU separation type network. Here, each switch 30 is a switch compliant with the OpenFlow technology, and is assumed to hold a flow table. When any one of the switches 30 is connected to the server 40 under its control, the switch 30 detects the physical MAC address of the server 40 upon receiving an ARP request from the server 40, and notifies the controller 20 of the physical MAC address of the server 40. Alternatively, the switch 30 may notify the controller 20 of the physical MAC address of the server by receiving an ARP request from the controller 20 inquiring about the physical MAC address of the server 40, transmitting the ARP request to the server 40, and transmitting an ARP response from the server 40 to the controller 20. This is due to: considering that the number of physical servers is smaller than the number of virtual servers, the load imposed only on the controller is relatively small if only the process of inquiring the identification information of the physical servers is performed. At this time, the switch 30 notifies the controller 20 of the port number of the switch 30 connected to the server as the server information in addition to the physical MAC address of the server. Accordingly, the controller 20 can recognize that the server 40 is controlled by the switch 30.

Each server 40 is a physical server under the control of the corresponding switch 30, and provides services in the CU separate type network. Here, each server 40 manages a corresponding Virtual Machine (VM) 50. Virtual Machine (VM)50 is capable of operating on server 40. For example, the server 40 generates the virtual machine 50 through a Virtual Machine Monitor (VMM), such as a hypervisor (hypervisor), to cause the virtual machine 50 to operate. It should be noted that the roles and applications of the server 40 are not limited to those in the above examples.

Each virtual machine 50 is a Virtual Machine (VM) operating on a respective server 40. The set of virtual MAC addresses and virtual IP addresses for each virtual machine 50 is one of the sets of virtual MAC addresses and virtual IP addresses for the virtual machines maintained by the management system 10.

(supplement)

In this case, the management system 10 may manage the operation states of all the virtual machines while issuing an instruction to generate the virtual machine 50 to the server 40 and notifying the controller 20 of the virtual machine information.

Further, when any of the servers 40 spawns the virtual machine 50 to operate, the server 40 may directly or indirectly notify the management system 10 of the virtual MAC address and the virtual IP address of the virtual machine 50 and the physical MAC address of the server 40.

The router 60 is a relay unit that connects the switch 30 and an external network (such as the internet). In fig. 1, as the router 60, an access router and a central router are shown. The access router is a relay unit connecting the switch 30 and the central router. The central router is a relay unit connecting the access router and the external network.

(examples of hardware)

A specific hardware example for implementing the network system according to the present invention will be described below.

A computer such as a PC (personal computer), an appliance, a workstation, a mainframe, and a supercomputer is taken as an example of each of the management system 10, the controller 20, and the server 40. As another example of each server 40, a mobile phone, a smart book, a car navigation system, a portable game machine, a home game machine, a small appliance (electronic device), a two-way television, a digital tuner, a digital recorder, an information appliance, a POS (point of sale) terminal, an OA (office automation) device, a smart copier, a digital signage, or the like is given. Further, each of the management system 10, the controller 20, and the server 40 may be an expansion board installed on a computer or the like, or a Virtual Machine (VM) constructed on a physical machine. The management system 10, the controller 20, and the server 40 may be installed in a moving object such as a motor vehicle, a ship, or an airplane.

A network switch or the like is taken as an example of each switch 30. Further, a general-purpose router or the like is exemplified as each router 60. As another example of each of the switch 30 and the router 60, a proxy, a gateway, a firewall, a load balancer, a bandwidth controller/security monitoring controller (gatekeeper), a base station, an Access Point (AP), a Communication Satellite (CS), or a computer having a plurality of communication ports is taken.

A LAN (local area network) is taken as an example of a network connecting the management system 10, the controller 20, the switch 30, the server 40, and the router 60 to each other. The internet, a wireless LAN, a WAN (wide area network), a trunk line, a cable television (CATV) line, a fixed telephone network, a mobile telephone network, WiMAX (ieee802.16a), 3G (third generation), a leased line, IrDA (infrared data association), bluetooth (registered trademark), a serial communication line, a data bus, and the like are also taken as another example.

Although not shown, each of the management system 10, the controller 20, the switch 30, the server 40, and the router 60 is implemented by a processor operating based on a program that executes a predetermined procedure, a memory that stores the program and various types of data, and a communication interface (I/F).

As examples of the processor, a CPU (central processing unit), a microprocessor, a Network Processor (NP), a microcontroller, a semiconductor Integrated Circuit (IC) having a dedicated function, and the like are given.

As examples of the above-described memory, a semiconductor memory device such as a RAM (random access memory), a ROM (read only memory), an EEPROM (electrically erasable programmable read only memory), or a flash memory, an auxiliary memory device such as an HDD (hard disk drive), an SSD (solid state drive), a removable disk such as a DVD (digital versatile disk), a storage medium such as an SD (secure digital) memory card, and the like are given. In addition, a buffer or a register is also taken as an example. Alternatively, storage devices using DAS (direct attached storage), FC-SAN (fibre channel-storage area network), NAS (network attached storage), IP-SAN (IP-storage area network), and the like are also exemplified.

As examples of the above-described communication interface, a semiconductor integrated circuit such as a board (motherboard or I/O board) corresponding to network communication, a network adapter such as an NIC (network interface card) or similar expansion card, a communication device such as an antenna, a communication port such as a connection port (connector), and the like are given.

It should be noted that the internal configuration implementing the processing of the management system 10, the controller 20, the switch 30, the server 40, and the router 60 may be a module, a component, or a dedicated device or alternatively an activation (invocation) program thereof.

It should be noted that in practice, the invention is not limited to any one such example.

(registration procedure of setting information)

Referring to fig. 3, details of the registration process of the setting information in the present exemplary embodiment will be described.

(1) Step S101

The management system 10 sets, as Virtual Machine (VM) information, a virtual MAC address and a virtual IP address of the virtual machine 50 and a physical MAC address of the server 40 on which the virtual machine 50 operates to the controller 20.

(2) Step S102

The controller 20 holds, as virtual machine information, the virtual MAC address and the virtual IP address of the virtual machine 50 and the physical MAC address of the server 40 on which the virtual machine 50 operates, based on the settings of the management system 10.

(3) Step S103

When any one of the switches 30 is in a connected state with the server 40 under the switch and receives an ARP request from the server 40, the switch 30 detects the physical MAC address of the server 40 and notifies the controller 20 of the physical MAC address of the server 40. At this time, the controller 20 sets a flow entry for a packet destined to the server 40 to the switch 30 based on the physical MAC address of the server 40 by using the OpenFlow technique.

(4) Step S104

The controller 20 checks the physical MAC address of the held server and the physical MAC address of the server notified from the switch 30, and associates the physical MAC addresses with each other if the physical MAC addresses match each other. Next, the controller 20 sets a flow entry for a packet destined to the virtual machine 50 to the switch 30 based on the virtual MAC address and the virtual IP address of the virtual machine 50 on the server.

(5) Step S105

The server 40 generates and operates the virtual machine 50 through a Virtual Machine Monitor (VMM) such as a hypervisor.

(6) Step S106

After setting the flow entry for the packet destined to the virtual machine 50, the switch 30 receives the ARP request from the virtual machine 50. Here, the switch 30 transmits an ARP request from the virtual machine 50 to the controller 20.

(7) Step S107

The controller 20 receives an ARP request from the virtual machine 50 through the switch 30 and sends back an ARP response to the virtual machine 50 with reference to the virtual machine information.

(Change Process of setting information)

Referring to fig. 4, details of the changing process of the setting information in the present exemplary embodiment will be described.

(1) Step S201

When the physical MAC address of the server on which the virtual machine 50 operates is changed, the management system 10 sets the virtual MAC address and the virtual IP address of the virtual machine and the physical MAC address of the changed server again as Virtual Machine (VM) information. At this time, the management system 10 may reset only the physical MAC address of the server to the controller 20 based on the changed contents.

(2) Step S202

When the change of the physical MAC address of the server 40 on which the virtual machine 50 operates is notified based on the setting of the management system 10, the controller 20 sets the change of the flow entry for the packet destined to the virtual machine 50 to the switch 30.

(3) Step S203

Virtual machine 50 is migrated from server 40 through a Virtual Machine Monitor (VMM) (e.g., a hypervisor).

(4) Step S204

After setting the flow entry for the packet destined to the virtual machine 50, the switch 30 corresponding to the server 40 as the migration destination of the virtual machine 50 receives the ARP request from the virtual machine 50 after migration. Here, the switch 30 transmits an ARP request from the virtual machine 50 to the controller 20.

(5) Step S205

The controller 20 receives an ARP request from the virtual machine 50 through the switch 30 and sends back an ARP response to the virtual machine 50 with reference to the virtual machine information.

(configuration example of controller)

The configuration of the controller according to the present invention is represented as a functional block based on the above.

As shown in fig. 5, the controller 20 according to the present invention has a storage section 21, a detection section 22, and a setting section 23.

The storage section 21 stores virtual machine information set by the management system 10, that is, the virtual MAC address and the virtual IP address of the virtual machine and the physical MAC address of the server on which the virtual machine operates. In this case, the storage unit 21 also stores the virtual MAC address and the virtual IP address of the virtual machine 50 and the physical MAC address of the server 40 on which the virtual machine 50 operates.

The detection unit 22 detects the physical MAC address of the server 40 under the switch 30 via the switch 30. Here, the detection section 22 detects the physical MAC address of the server 40 by receiving a packet including the physical MAC address of the server 40 in the source address area of the header information via the switch 30. Further, the detection section 22 may store the detected information in the storage section 21.

The setting section 23 checks the physical MAC address of the server set by the management system 10 and the physical MAC address of the server 40 detected by the switch 30, and if the physical MAC addresses match each other, associates the physical MAC addresses, and sets a flow entry for a packet destined to the virtual machine 50 to the switch 30 based on the virtual MAC address and the virtual IP address of the virtual machine 50 on the server 40.

The storage section 21, the detection section 22, and the setting section 23 are realized by a processor driven based on a program that executes a predetermined procedure, a memory that stores the program and various types of data, and a communication interface (I/F).

[ second example embodiment ]

Hereinafter, a second exemplary embodiment of the present invention will be described.

In the first exemplary embodiment of the present invention, the switch 30 detects the identification information of the server 40 under its control and notifies the controller 20 of the identification information of the server 40. If the identification information of the server 40 set by the management system 10 and the identification information of the server 40 notified from the switch 30 match each other, the controller 20 calculates a route for communicating with the server 40, and sets a flow entry for a packet destined to the server 40 to the switch 30.

However, when it is known in advance which server exists under which switch and the identification information of the server 40 under the switch 30 is set from the management system 10 to the controller 20 as the identification information of the server 40, the controller 20 does not need to check the identification information of the server 40 set by the management system 10 and the identification information of the server 40 notified from the switch 30. In this case, the controller 20 can calculate a route for communication with the server 40 based only on the identification information of the server 40 set by the management system 10 without notifying the identification information of the server 40 under the switch 30 from the switch 30, and can set a flow entry for a packet destined to the server 40 to the switch 30.

< relationships between example embodiments >

It should be noted that the above respective exemplary embodiments may be implemented in combination. For example, when it is known in advance about a part of switches which server exists under which switch, consider: the method in the second exemplary embodiment is applied to any switch that knows the server therebelow in advance, and the method in the first exemplary embodiment is applied to a switch that does not know the server therebelow in advance.

< supplementary notes >

Some or all of the above exemplary embodiments can also be described by the following supplementary notes. However, in practice, the present invention is not limited to any of the following supplementary notes.

(supplementary notes 1)

A network system, comprising:

a controller in which identification information of a virtual machine and identification information of a server on which the virtual machine operates are set; and

a switch configured to detect identification information of a server under the switch and notify the controller of the identification information of the server under the switch,

wherein the controller sets a flow entry for a packet destined to the virtual machine to the switch based on the identification information of the virtual machine on the server when the set identification information of the server and the identification information of the server under the switch notified from the switch match each other.

(supplementary notes 2)

The network system according to supplementary note 1, further comprising: a management system configured to set, to the controller, identification information of the virtual machine and identification information of a server on which the virtual machine operates,

wherein when a change in identification information of a server on which the virtual machine operates is notified from the management system during operation of the virtual machine, the controller sets a changed flow entry for a packet destined to the virtual machine to the switch.

(supplementary notes 3)

A controller, comprising:

a storage unit that holds identification information of the virtual machine and identification information of a server that operates the virtual machine;

a detection section that detects identification information of a server under a switch by transmitting the switch that receives a packet according to the set flow entry; and

a setting section that sets, when the detected identification information of the server and the held identification information of the server match each other, a flow entry for a packet destined to the virtual machine in the switch based on the identification information of the virtual machine on the server.

(supplementary notes 4)

A network management method, comprising:

setting identification information of a virtual machine and identification information of a server on which the virtual machine operates to a controller;

detecting, by a controller, identification information of a server under a switch through the switch; and

when the set identification information of the server and the detected identification information of the server match each other, a flow entry for a packet destined to the virtual machine is set to the switch based on the detected identification information of the virtual machine on the server.

(supplementary notes 5)

The network management method according to supplementary note 4, further comprising:

setting, by the management system, identification information of the virtual machine and identification information of a server on which the virtual machine operates to the controller; and

when a change in identification information of a server on which a virtual machine operates is notified from a management system to a controller during operation of the virtual machine, a changed flow entry for a packet destined to the virtual machine is set to a switch.

(supplementary notes 6)

A storage medium storing a program that causes a computer to execute:

maintaining identification information of the virtual machine and identification information of a server on which the virtual machine operates;

detecting, by a switch, identification information of a server under the switch, the switch transmitting a reception packet based on the set flow entry; and

when the detected identification information of the server and the held identification information of the server match each other, a flow entry for a packet destined to the virtual machine on the server is set to the switch based on the identification information of the virtual machine on the server.

< features of the present invention >

As described above, the present invention targets CU separation type networks (such as OpenFlow networks). It should be noted that OpenFlow networks are only examples. Actually, the present invention may also target a network in which route control other than "flow control using OpenFlow technology" is performed.

In the present invention, flow table entries are set to the switch in parallel with the generation and migration of virtual machines. That is, setting the flow entry to the switch is completed before the virtual machine communication starts.

In the present invention, identification information of a virtual machine and identification information of a server on which the virtual machine operates are set to a controller by an external management system. The controller may grasp, through the switch, identification information of a virtual machine operating on the server by detecting identification information of the server under the switch and checking the detected information with the set identification information of the server. Therefore, the controller does not have to inquire of the identification information of the virtual machine each time the virtual machine is generated. Accordingly, the load of the controller is greatly reduced as compared with the case where the present invention is not applied.

In the above, exemplary embodiments of the present invention are described in detail. However, in practice, the present invention is not limited to any of the above-described exemplary embodiments, and any modification that does not depart from the scope of the present invention is also included in the present invention.

It should be noted that the present application claims priority based on japanese patent application No. jp 2010-202444. The disclosure of which is incorporated herein by reference.

Claims (10)

1. A network system, comprising:

a management system configured to manage a network;

a controller configured to maintain information of a server based on a setting of the management system; and

a switch that configures the network and is configured to: registering a flow entry in which rules and actions are defined to uniformly control a packet as a flow, based on control of the controller; and performing the action of the flow entry on a packet matching the rule of the flow entry,

wherein the controller calculates a communication route to the server based on the information of the server, and sets a flow entry for a packet destined to the server to the switch.

2. The network system according to claim 1, wherein the switch detects server information of the server under the switch and notifies the controller of the detected server information,

wherein the controller associates and holds information of a virtual machine and the server information of the server on which the virtual machine operates based on a setting of the management system, sets a flow entry for a packet destined to the virtual machine to the switch based on the virtual machine information of the virtual machine on the server when the set server information and the server information notified from the switch match each other, and sets a flow entry for a packet destined to the virtual machine to the switch, and

wherein the server spawns the virtual machine operating on the server.

3. The network system according to claim 2, wherein when a change in the server information of the server on which the virtual machine operates is notified from the management system at the time of the operation of the virtual machine, the controller sets a changed flow entry for a packet destined to the virtual machine to the switch.

4. A controller, comprising:

means for storing information of a server set by a management system that manages a network; and

means for calculating a communication route to the server based on the set server information of the server and setting a flow entry for a packet destined to the server to a switch that configures the network and transmits a reception packet based on the set flow entry.

5. The controller of claim 4, further comprising:

means for associating and maintaining information of a virtual machine and the information of the server on which the virtual machine operates based on settings of the management system;

means for detecting, by the switch, the server information of the server under the switch; and

means for setting, to the switch, a flow entry for a packet destined to the virtual machine based on the virtual machine information of the virtual machine on the server when the detected server information of the server and the held server information of the server match each other.

6. The controller of claim 5, further comprising: means for setting, to the switch, a changed flow entry for a packet destined to the virtual machine when the change of the information of the server on which the virtual machine operates is notified from the management system at the time of the virtual machine operation.

7. A network management method executed by a computer, the network management method comprising:

maintaining information of a server set by a management system that manages a network;

calculating a communication route to the server based on the set server information of the server; and

setting a flow entry for a packet destined to the server to a switch that configures the network and transmits a reception packet based on the set flow entry.

8. The network management method of claim 7, further comprising:

associating and maintaining information of a virtual machine and the information of the server on which the virtual machine operates, based on settings from the management system;

detecting, by the switch, the information of the server under the switch;

setting, to the switch, a flow entry for a packet destined to the virtual machine based on the information of the virtual machine on the server when the detected information of the server and the held information of the server match each other.

9. The network management method of claim 8, further comprising:

setting, to the switch, a changed flow entry for a packet destined to the virtual machine when a change in the information of the server on which the virtual machine operates is notified from the management system at the time of the virtual machine operation.

10. A storage medium storing a program that causes a computer to execute:

holding information of a server set from a management system that manages a network;

calculating a communication route to the server based on the set information of the server; and

setting a flow entry for a packet destined to the server to a switch that configures the network and transmits a reception packet based on the set flow entry.