WO2015118811A1 - Communication system, packet-forwarding device, packet-forwarding method, and packet-forwarding program - Google Patents

Communication system, packet-forwarding device, packet-forwarding method, and packet-forwarding program Download PDF

Info

Publication number
WO2015118811A1
WO2015118811A1 PCT/JP2015/000227 JP2015000227W WO2015118811A1 WO 2015118811 A1 WO2015118811 A1 WO 2015118811A1 JP 2015000227 W JP2015000227 W JP 2015000227W WO 2015118811 A1 WO2015118811 A1 WO 2015118811A1
Authority
WO
WIPO (PCT)
Prior art keywords
packet
attribute
internal
packet transfer
ofs
Prior art date
Application number
PCT/JP2015/000227
Other languages
French (fr)
Japanese (ja)
Inventor
亮佑 河合
Original Assignee
日本電気株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電気株式会社 filed Critical 日本電気株式会社
Publication of WO2015118811A1 publication Critical patent/WO2015118811A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/64Routing or path finding of packets in data switching networks using an overlay routing layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/54Organization of routing tables

Definitions

  • the present invention relates to a communication system, a packet transfer device, a packet transfer method, and a packet transfer program, and in particular, a packet transfer device that transfers a packet, and a control device that controls a communication path by controlling packet transfer of the packet transfer device.
  • a route determination process from a packet source to a destination (destination) and a packet transfer process are individually performed by a plurality of switches on the path.
  • each switch on the route is required to have flexibility to determine an appropriate route for the received packet in response to a change in the network configuration.
  • the route determination processing program for each switch cannot be changed from the outside.
  • Non-Patent Document 1 An example of the CU separation type network is an open flow network using an open flow technology. The details of the open flow technique are described in Non-Patent Document 1.
  • OFC OpenFlow Controller
  • OFS OpenFlow Switch
  • FIG. 12 shows a general configuration of a communication system that constructs an OpenFlow network.
  • the communication system illustrated in FIG. 12 includes an OFC 910 that is a control device and OFS 921 to 924 that are packet transfer devices belonging to the OpenFlow network 900.
  • the OFC 910 and OFS 921 to 924 operate according to the OpenFlow protocol. At this time, OFS 921 to 924 constitute an arbitrary network topology. Further, the OFC 910 and each of the OFS 921 to 924 are connected by a secure channel (Secure Channel) connection.
  • a secure channel Secure Channel
  • the OFC 910 sets a flow entry in each flow table of the OFS 921 to 924.
  • the flow entry is information that defines the operation of the OFS according to the packet that is sent.
  • the flow entry may be referred to as a packet transfer rule.
  • a packet group (packet series) that conforms to each packet transfer rule is called a flow or a packet flow.
  • the flow or packet flow may be said to be a packet group (packet series) as a unit for controlling a route.
  • the packet may be read as a frame.
  • the OFC 910 performs communication between communication terminals (communication terminals 931, 932, and 932 in this example) connected to the OpenFlow network 900 by setting flow entries in the flow tables of the OFS 921 to 924. Route determination processing is performed.
  • the OFC 910 includes a network topology management function, a communication terminal location management function, a flow entry generation function, a route calculation function, and an OFS management function.
  • the network topology management function is a function for storing information representing the network topology formed by the OFS group based on information collected from the OFS.
  • the communication terminal location confirmation function is a function for managing which port of which OFS the communication terminal connected to the OpenFlow network constructed by OFS is connected.
  • the flow entry generation function is a function that creates a flow entry.
  • the OFC 910 determines the classification information, action information, and timer value by the flow entry generation function, and creates a flow entry including these pieces of information.
  • the classification information is information for identifying a flow, and is represented as, for example, a requirement for a packet belonging to the flow.
  • the flow to which the packet received by the OFS belongs is determined based on the classification information.
  • the action information is information indicating an OFS operation (for example, forwarding to a specific port, flooding, discarding, etc.) performed on the flow.
  • the timer value is a value for determining the valid period of the flow entry. The timer value may be included in the action information. In that case, the OFC 910 generates a flow entry including classification information and action information for each flow.
  • the route calculation function is a function that calculates the communication route of the flow.
  • the OFS management function is a function for controlling the OFS, specifically, a function for managing a channel for controlling the OFS, setting a flow entry in the OFS, and the like.
  • the OFS 921 to 924 process the received packet based on the flow entry set by the OFC 910.
  • the OFS 921 to 924 determine to which flow the packet belongs according to the set flow entry classification information, and receive the operation indicated by the action information of the flow entry defined for the flow. To the received packet. As a result, the OFS 921 to 924 forwards, floods, or discards the packet to a specific port based on the flow entry action information defined for the flow to which the received packet belongs.
  • Each OFS may have a function of creating statistical information regarding received packets and the like. Statistical information creation granularity includes flow entry units, port units, and the like.
  • the classification information is generally defined by various combinations using any or all of the destination address, source address, destination port, and source port included in the header area of each protocol layer of the packet.
  • the above address includes a MAC address (Media Access Control Address) and an IP address (Internet Protocol Address).
  • IP address Internet Protocol Address
  • Information of an input port is also used.
  • the OFS 921 to 924 if the OFS 921 to 924 does not hold a flow entry that matches the received packet, the OFS 910 notifies the OFC 910 that the first packet is received as the first packet that is the first packet of the new flow. . Specifically, the OFS 921 to 924 sends an inquiry about the received packet, also called an entry request, to the OFC 910. The OFS 921 to 924 may transfer the 1st packet to the OFC 910 as an entry request. Note that the message for transferring the first packet to the OFC is also called Packet_IN.
  • the OFC 910 When receiving an entry request from the OFS 921 to 924 under management, the OFC 910 determines the flow path to which the packet belongs and determines the operation that the OFS on the path performs on the packet to realize the path. To do. Then, the OFC 910 transmits a control message for setting a flow entry including classification information for identifying the flow and action information indicating the determined operation to each OFS on the route.
  • the OFC determines a route of a predetermined flow, and sets a flow entry that realizes the route in a related OFS. This method is referred to as “proactive type”, referring to “advance entry registration” voluntarily performed by the OFC.
  • the reactive type determines a flow path to which the requested packet belongs, and sets a flow entry for realizing the path in the related OFS.
  • This method refers to “real-time entry registration” performed by the OFC in response to a request from the OFS during actual data communication, and is called a reactive type.
  • the flow can be defined before the start of communication, so it is considered possible to avoid problems such as a large flow caused by viruses and unauthorized access due to unknown packets.
  • OFS 921, 923, 924 may be referred to as an “edge switch”.
  • the OFS 922 is sometimes called a “core switch”.
  • the edge switch is a packet transfer device that becomes a start point or an end point in the determined flow path.
  • a packet transfer apparatus serving as a start point of edge switches is referred to as an “Ingress switch”, and a packet transfer apparatus serving as an end point is referred to as an “Egress switch”.
  • the core switch is a packet transfer device that serves as a relay point in the determined flow path. Actually, an edge switch or a core switch is determined for each port.
  • the edge switch and the core switch exist exclusively, but in terms of the unit of the packet transfer device, it becomes an edge switch in one route and a core switch in another route.
  • a packet transfer device that serves as both an edge switch and a core switch. Therefore, it should be said that whether an OFS is an edge switch or a core switch is determined for each port and each flow.
  • a flow in which the OFS serves as an edge switch may be referred to as an edge flow.
  • a flow in which the OFS serves as an Ingress switch may be referred to as an Ingress flow
  • a flow in which the OFS serves as an Egress switch may be referred to as an Egress flow
  • a flow in which the OFS serves as a core switch may be referred to as a Core flow.
  • an entry for an Ingress switch is called an Ingress entry
  • an entry for an Egress switch is called an Egress entry
  • an entry for a core switch is called a Core entry.
  • Patent Document 1 describes an example of a communication system that realizes a proactive open flow network.
  • Patent Document 2 describes a packet transfer method in which a route of each flow can be set in advance in the core switch and the preset route can be easily changed.
  • the edge switch embeds a path identifier for identifying a path (a route not conscious of going and returning) in a field that can be restored by the Egress switch such as a destination MAC address of the packet.
  • Each core switch determines the operation according to the set path identifier using the destination MAC address in which the path identifier is embedded as a matching rule (matching rule) according to the classification information of the entry.
  • Patent Document 3 shows an example of a switching device that functions by mixing different switching methods.
  • the method described in Patent Document 3 uses the beginning of a packet label field (usually a field in which a destination MAC address and a source MAC address are registered) as identification information for identifying a switching method.
  • the switch device recognizes the leading value of the label field of the packet as identification information, and performs switching according to the identification information.
  • SDN Software Defined Networking
  • the first step in realizing this is to make the virtual switch compatible with the OpenFlow protocol, and network traffic for each virtual machine. Can be controlled from the OFC.
  • FIG. 13 is an explanatory diagram showing an example of a server virtualized physical server.
  • FIG. 13 shows an example in which a virtual switch 843 and a virtual machine 842 are built in the physical server 840 using the virtualization technology by the hypervisor 841.
  • the physical server 840 illustrated in FIG. 13 includes an application 844 and a physical NIC (Network Interface Controller) 845.
  • application is used to include an application program and physical means (such as a CPU) that realizes the operating environment.
  • the virtual switch 843 is associated with the physical NIC 845 of the physical server 840. If the packet received from the subordinate virtual machine 842 goes out of the physical server 840, the virtual switch 843 transmits the packet received via the physical NIC 845 to the switch 850. Specifically, the virtual switch 843 performs the above operation by outputting the received packet to the designated port according to the flow entry registered in the flow table.
  • the application 844 of this example is an application that can directly send a packet to the outside via the physical NIC 845 without going through the virtual switch 843.
  • a plurality of processing units such as the application 844 and the virtual switch 843 share one physical NIC 845 to reduce the number of consumed physical NICs and effectively use the performance.
  • FIG. 14 shows a configuration example when such a virtual switch sharing an application and one physical NIC is made compatible with the OpenFlow protocol.
  • FIG. 14 is an explanatory diagram showing a configuration example of a communication system compatible with the OpenFlow protocol, including the server virtualized physical server 840 illustrated in FIG.
  • the communication system shown in FIG. 14 includes an OFC 710 and OFS 721 to 724 as packet transfer apparatuses belonging to the OpenFlow network 700.
  • the OFS 721 is a virtual switch operating on the server virtualized physical server 840 that supports OpenFlow.
  • this OFS 721 may be referred to as a virtual OFS 721.
  • a virtual OFS may be provided.
  • the virtual machine 842 and the application 844 are treated as communication terminals that perform communication via the OpenFlow network 700.
  • the virtual machine 842 is handled as a communication terminal under the virtual OFS 721
  • the application 844 is handled as a communication terminal under the OFS 722.
  • the functions of the OFC 710 and OFS 721 to 724 are the same as those of the OFC 910 and OFS 921 to 924 of the communication system illustrated in FIG.
  • the port of the OFS 722 should be treated as an internal attribute (Internal attribute) when considering a packet received from the virtual OFS 721.
  • an internal attribute Internal attribute
  • the application 844 when considering a packet received from the application 844, it is received directly without passing through another OFS, and therefore should be treated as an external attribute (External attribute).
  • Such port attribute determination is required when the edge switch performs address conversion processing or the core switch performs transfer processing according to the address for the internal network.
  • the OFC is in each OFS. By assigning an internal or external attribute to a port, it was determined what type of flow entry was set.
  • OFC acquires information obtained by exchanging signals between OFS. For example, an arbitrary OFS transmits a special signal to an adjacent OFS. Then, the OFS that has received the notification notifies the OFC of the port that has received the signal. Thereby, OFC can know the port of OFS connected with other OFS. In that way, the network topology is recognized.
  • the OFC port attribute that has not received a signal for a predetermined time or longer is set as an external attribute.
  • Another method is a method in which information indicating whether an arbitrary port of an arbitrary OFS is an internal attribute or an external attribute is set in advance in the OFC itself.
  • the port attribute always has either an internal attribute or an external attribute. Therefore, in the method of setting the port attribute by such a method, it is not possible to correctly determine whether the port connected to the physical NIC 845 of the OFS 722 in the communication system illustrated in FIG. 14 is an internal attribute or an external attribute.
  • a Core entry that is an entry for relay to be applied to a packet from the virtual OFS 721 is set in the OFS 722 in advance.
  • conventional OpenFlow protocols cannot correctly determine whether a received packet is an internal packet or an external packet. In such a situation, the Core entry cannot be set for the corresponding port of the OFS 722 that may receive an external packet.
  • an Ingress entry that is an entry for a start point to be applied to an external packet is set for a corresponding port of the OFS 722 that may receive an internal packet. I can't.
  • VLAN Virtual LAN
  • Patent Documents 1 to 3 considers the problem caused by one port having both internal and external attributes as described above.
  • Patent Document 3 uses a communication terminal (virtual machine 842, application 844, communication in the example of FIG. 14) because the communication terminal gives identification information for identifying a switching method to a packet.
  • the terminal 731 and the communication terminal 732) need to be changed for this purpose, which is not realistic.
  • an object of the present invention is to enable both an entry applied to an internal packet and an entry applied to an external packet to operate correctly on one port without changing an external node.
  • the communication system includes a plurality of packet transfer apparatuses that transfer received packets, and each packet transfer apparatus is a predetermined area included in a header area of a packet, and is set in advance as an area for setting packet attributes.
  • the received packet attribute is either an internal attribute that represents an internal packet transferred from one of the packet transfer devices, or an external attribute that represents an external packet received from an external node.
  • Packet attribute determination means for determining whether or not an external packet is transferred to another packet transfer apparatus via an internal network, and a value indicating the internal attribute is set in the attribute setting area of the packet. The packet attribute determination means, if the value of the attribute setting area of the received packet is a value indicating an internal attribute Determines that the part attribute, and judging that the external attribute if a value other than the value indicating the internal attributes.
  • the packet transfer apparatus refers to a predetermined area included in the header area of the packet and refers to an attribute setting area that is predetermined as an area for setting the attribute of the packet.
  • Packet attribute determination means for determining whether the internal attribute representing an internal packet transferred from any of the packet transfer devices or the external attribute representing an external packet received from an external node, and the external packet
  • a packet attribute setting means for setting a value indicating an internal attribute in the attribute setting area of the packet when transferring to another packet transfer device via the packet attribute determining means, If the value of the attribute indicates an internal attribute, it is determined to be an internal attribute. And judging a.
  • the packet transfer method is a predetermined area included in the header area of the packet when each packet transfer apparatus receives the packet, and an attribute set in advance as an area for setting the attribute of the packet Referring to the setting area, it is determined whether the attribute of the received packet is an internal attribute representing an internal packet transferred from any of the packet transfer apparatuses or an external attribute representing an external packet received from an external node, When each packet transfer device transfers to another packet transfer device via the internal network, a value indicating the internal attribute is set in the attribute setting area of the packet, and each packet transfer device determines the attribute of the packet.
  • the value of the attribute setting area of the received packet is a value indicating an internal attribute, it is determined as an internal attribute, and other than the value indicating an internal attribute And judging that the external attribute if the value.
  • the packet transfer program is a predetermined area included in a header area of a packet in a computer included in the packet transfer apparatus, and includes an attribute setting area that is predetermined as an area for setting a packet attribute.
  • the packet attribute determination process for determining whether the attribute of the received packet is an internal attribute representing an internal packet transferred from any of the packet transfer devices or an external attribute representing an external packet received from an external node
  • the attribute information setting process for setting a value indicating the internal attribute is executed in the attribute setting area of the packet, and the packet attribute determination process If the value of the attribute setting area of the received packet is a value indicating the internal attribute, it is determined to be an internal attribute. Is allowed, characterized in that to determine that the external attribute if a value other than the value indicating the internal attributes.
  • FIG. 2 is a block diagram illustrating a configuration example of an OFC 110.
  • FIG. 3 is a block diagram illustrating a configuration example of an OFS 121.
  • FIG. It is a block diagram which shows the other structural example of OFS121.
  • It is a sequence diagram which shows an example of the flow of the setting of the flow entry in the communication system of 1st Embodiment, and the flow of packet transfer.
  • It is explanatory drawing which shows an example of the flow of the setting of the flow entry in the communication system of 1st Embodiment, and the flow of packet transfer.
  • FIG. 9 is a sequence diagram which shows an example of the flow of the setting of the flow entry in the communication system of 2nd Embodiment, and the flow of packet transfer.
  • FIG. 9 is a sequence diagram continued from FIG. 8. It is explanatory drawing which shows the example of the flow entry registered into the flow table of OFS121 in 2nd Embodiment. It is a block diagram which shows the minimum structural example expressing the characteristic of the communication system by this invention. It is explanatory drawing which shows the general structure of the communication system which builds an OpenFlow network. It is explanatory drawing which shows an example of the physical server virtualized. It is explanatory drawing which shows the structural example of the communication system corresponding to an OpenFlow protocol including the virtual switch in the physical server virtualized.
  • each port has the attribute information (information indicating whether it is external or internal) that has been possessed for each port of the packet transfer device so far, so that one port has the internal attribute and the external attribute.
  • the packet transfer apparatus having both of the attributes is intended to correctly process each packet. Furthermore, it is intended to achieve this without changing external nodes.
  • each packet has attribute information, even if there is a packet transfer device that has both internal and external attributes for one port, the entry to be applied to the internal packet and the entry to be applied to the external packet Can be used for each received packet.
  • an internal packet and an external packet received by one port can be correctly processed through the following three processes.
  • the first process is a packet attribute setting process by the Ingress switch.
  • the received packet has an internal attribute, that is, a flag indicating the internal attribute. Stand up.
  • this flag is referred to as an attribute flag.
  • the attribute flag is not necessarily 1 bit.
  • the second process is a packet attribute determination process by each packet transfer apparatus.
  • all packet transfer apparatuses check the attributes of the received packet. Specifically, it is determined whether or not the value of the attribute flag included in the received packet is a value indicating an internal attribute. If the value of the attribute flag is a value indicating an internal attribute, it is determined that the packet is an internal packet transferred from another packet transfer apparatus in the internal network, and an entry for an internal packet ( The packet is processed according to the Core entry and the Egress entry. On the other hand, if the value of the attribute flag is a value other than the value indicating the internal attribute, it is determined that the packet is an external packet received from an external node, and an entry for an external packet (Ingress entry) set in the flow table. To process the packet.
  • each packet transfer apparatus may transmit an entry request to the control apparatus assuming that the 1st packet has been received. As a result, the control device determines a route for the flow and sets a necessary entry in the related packet transfer device. Thereafter, each packet transfer apparatus can process the received packet according to the set entry. If the value of the attribute flag of the received packet is not a value indicating the internal attribute, the packet is an external packet, and the packet transfer apparatus that has received the packet is an Ingress switch in the flow to which the packet belongs. If there is, when the packet is transferred to another packet transfer apparatus, the attribute flag of the packet to be transferred is set to a value indicating the internal attribute (first process).
  • each entry is registered in a manner in which it can be determined whether the entry is an entry applied to an internal packet or an entry applied to an external packet.
  • the classification information of each entry may have a data structure including information specifying the value of the area in which the value of the attribute flag is set. With such a data structure, each packet transfer apparatus can select an entry corresponding to the attribute of the packet through the determination process corresponding to the classification information without recognizing the attribute flag.
  • an area of a table storing entries may be divided into an entry applied to an internal packet and an entry applied to an external packet.
  • the third process is a packet attribute flag clear process by the Egress switch.
  • the packet transfer apparatus serving as the Egress switch transmits the received packet to the external node, the value of the attribute flag of the packet is restored.
  • the value of the attribute flag is, for example, a value other than a value that is normally set in the corresponding area in the external network (when the external network is not operating uniquely) or a value that is clearly not set in the corresponding area in the external network. Is a value indicating. By doing so, it is possible to correctly perform attribute determination because the value of the corresponding area of the packet received from the external node takes a value other than the value indicating the internal attribute without modifying the external node. it can.
  • FIG. 1 is a block diagram illustrating a configuration example of a communication system according to the first embodiment of this invention.
  • the communication system shown in FIG. 1 includes an OFC 110 and OFS 121 to OFS 123.
  • OFS 121 to OFS 123 constitute an OpenFlow network that is an internal network in the communication system.
  • the OFS 121 is connected to the communication terminal 131, and the OFS 123 is connected to the communication terminal 132.
  • the communication terminal 131 and the communication terminal 132 are nodes belonging to an external network.
  • the OFC 110 may be the same as the OFC 910 or OFC 710 described above.
  • the OFC 110 preferably processes at least a part of the flows or paths in a proactive manner.
  • FIG. 2 is a block diagram illustrating a configuration example of the OFC 110.
  • the OFC 110 may include a route determination unit 1101 and a flow entry setting unit 1102 as illustrated in FIG.
  • the route determination unit 1101 determines a route according to the topology of the OpenFlow network constituted by each OFS (OFS 121 to OFS 123) for an arbitrary packet flow. For example, the route determination unit 1101 may determine a route between each edge switch for an arbitrary flow in advance (before communication is started) in accordance with the position of each OFS constituting the OpenFlow network. In addition, when receiving an entry request, the route determination unit 1101 determines a route between the edge switches for the flow to which the requested packet belongs according to the position of each OFS constituting the OpenFlow network.
  • the flow entry setting unit 1102 generates a flow entry for realizing the route determined by the route determination unit 1101 and sets (transfers) the flow entry to the related OFS.
  • the flow entry setting unit 1102 sets a Core entry for, for example, an OFS (OFS 122 in this example) serving as a relay point on the route determined by the route determining unit 1101.
  • the flow entry setting unit 1102 performs Ingress with respect to OFS (in this example, OFS 121 and OFS 123) connected to a node (external node) other than a node belonging to the open flow network such as a legacy network or a terminal.
  • An entry and an Egress entry are set. In practice, the above-described entry is set for the OFS port.
  • the edge flow is divided into two types depending on the direction.
  • One is an Ingress flow from the outside of the OpenFlow network to the inside of the OpenFlow network.
  • the other edge flow is an Egress flow that goes from the inside of the OpenFlow network to the outside of the OpenFlow network, as opposed to the Ingress float.
  • processing for the Ingress flow is defined.
  • a process for the Ingress flow for example, a process in which a packet header is edited and the edited packet is sent to another OFS in the OpenFlow network.
  • the Egress entry defines a process for the Egress flow.
  • processing for the Egress flow for example, processing for delivering a packet whose destination address of the received packet is the address of the subordinate communication terminal to the subordinate communication terminal can be cited.
  • Examples of packet header editing processing for the Ingress flow include editing of the destination MAC address of the L2 frame and addition of a VLAN tag.
  • the destination MAC address can be edited by setting the bit indicating the local address in the U / L flag (U: universal address / L: local address) and embedding the node ID and station ID information managed by the OFC 110. Good.
  • the node ID is information that uniquely identifies the OFS.
  • the station ID is information for uniquely identifying an external node.
  • the edited destination MAC address is referred to as an aggregate MAC address.
  • the route determination unit 1101 determines the flow route to which the 1st packet belongs. Then, the flow entry setting unit 1102 may create an Ingress entry based on the determined path and set it in the requesting OFS.
  • the Ingress entry includes, for example, classification information designating the identifier and source MAC address of the port that has received the 1st packet, and action information indicating the following processing.
  • the Ingress entry indicates, for example, processing of outputting from a predetermined port after embedding the node ID of the OFS used as the Egress switch in the determined path and the station ID of the communication terminal under the OFS in the destination MAC address of the packet. Contains action information.
  • the flow entry setting unit 1102 may set action information including processing for setting a predetermined value in the attribute flag in the action information of the Ingress entry.
  • the OFS can perform an attribute flag setting process as a process according to the Ingress entry.
  • the flow entry setting unit 1102 may set a Core entry for a predetermined port of the OFS that becomes a core switch in the determined route.
  • the Core entry performs, for example, a process of transferring a packet to the OFS in the next stage when the destination MAC address of the received packet is an aggregate MAC address and the value of the attribute flag is a value indicating an internal attribute. It is a specified entry.
  • the flow entry setting unit 1102 may set an Egress entry for an OFS that becomes an Egress switch in the determined route. For example, when the destination MAC address of the received packet is the aggregate MAC address and the value of the attribute flag is a value indicating the internal attribute, the Egress entry returns the destination MAC address to the original communication. This entry specifies that processing to be output from a predetermined port connected to the terminal is performed.
  • the first MAC packet and subsequent packets have a destination MAC address according to the Egress entry set in the OFS that is an Egress switch.
  • the aggregate MAC address is converted to the MAC address of the external node that is the destination, and then transmitted to the communication terminal that is the subordinate external node.
  • the flow entry setting unit 1102 may set action information including processing for restoring the value of the attribute flag in the action information of the Egress entry. By doing so, OFS can perform attribute flag clear processing as processing according to the Egress entry.
  • the processing other than the processing related to the attribute flag may be processing according to the OpenFlow protocol, and is not particularly limited.
  • the OFS 121 to OFS 123 are general OFS functions (a function for holding a flow entry, a function for processing a received packet according to the held flow entry, a function for creating statistical information, and discarding a flow entry according to a timer value.
  • the following functions are provided. That is, it has a function of executing the first to third processes described above. Note that the function of executing the first to third processes may be implemented as a part of the matching determination process with the entry as described above and a part of the action process performed according to the matched entry.
  • FIG. 3 and 4 are block diagrams showing a configuration example of the OFS 121.
  • FIG. The configuration of other OFS may be the same as that of the OFS 121.
  • FIG. 3 shows a configuration example of an OFS 121A that is an example of the OFS 121.
  • the OFS 121A shown in FIG. 3 includes a packet attribute determination unit 1201A, a packet attribute setting unit 1202A, a packet processing unit 1203A, and a flow table storage unit 1204A.
  • the packet attribute determination unit 1201A refers to the attribute flag included in the packet and determines whether the attribute of the received packet is an internal attribute or an external attribute.
  • the packet attribute determination unit 1201A determines that the attribute flag value included in the received packet is an internal attribute if the value indicates a predetermined internal attribute, and if the value is any other value, the external attribute indicates Judge that there is.
  • the packet attribute setting unit 1202A transfers the external packet to another OFS in the OpenFlow network when the type of the packet specified based on the received packet attribute is an external packet. A value indicating the internal attribute is set in the attribute flag of the packet to be processed. In addition, when transmitting an internal packet to an external node, the packet attribute setting unit 1202A restores the value of the attribute flag of the packet to be transmitted.
  • the flow table storage unit 1204A stores a flow entry. Note that the flow table storage unit 1204A of the present example stores the flow entry applied to the internal packet and the flow entry applied to the external packet in separate areas. This can be realized, for example, by the flow entry setting unit 1102 of the OFC 110 transferring the flow entry together with information indicating which flow entry to each OFS.
  • the packet processing unit 1203A executes processing on the received packet according to the flow table stored in the flow table storage unit 1204A.
  • the packet processing unit 1203A executes processing on the received packet according to the flow entry corresponding to the attribute of the received packet.
  • the packet processing unit 1203A of this example causes the packet attribute setting unit 1202A to pass through when actually transmitting a packet. As a result, the packet attribute setting unit 1202A can change the attribute flag of the transmitted packet as necessary.
  • the packet processing unit 1203A may pass information indicating the attribute of the packet together with the transmission packet to the packet attribute setting unit 1202A. These pieces of information can also be passed through a queue.
  • FIG. 4 shows a configuration example of OFS 121B, which is another example of OFS 121.
  • the OFS 121B shown in FIG. 3 includes a packet processing unit 1203B and a flow table storage unit 1204B.
  • the packet processing unit 1203B includes a rule determination unit 1205B and a rule execution unit 1206B.
  • the rule determination unit 1205B has a packet attribute determination unit 1201B.
  • the rule execution means 1206B has a packet attribute setting means 1202B.
  • the flow table storage unit 1204B stores a flow entry.
  • the flow entry classification information stored in the flow table storage unit 1204B of the present example includes information specifying the value of a predetermined area including the area where the value of the attribute flag is set. Thereby, it can be determined whether each flow entry is an entry applied to an internal packet or an entry applied to an external packet.
  • the rule determination unit 1205B determines which flow entry the received packet matches based on the flow entry classification information stored in the flow entry storage unit 1204B.
  • the rule determining unit 1205B refers to the area where the value is specified in the classification information, and determines whether the value of the area of the received packet matches the value specified in the classification information, thereby receiving the received packet The flow entry that matches is determined.
  • the packet attribute determination unit 1201B of this example is a unit that refers to the value of a predetermined area of the packet (area in which the attribute flag is set) and determines whether the packet attribute matches with the entry. This is performed as part of the above-described conformity determination process by the rule determination unit 1205B.
  • the rule execution means 1206B executes the process indicated by the action information of the flow entry.
  • the action information of this example may include information indicating that the value of the area in which the attribute flag of the packet to be transmitted is set is set to a predetermined value.
  • the packet attribute setting means 1202B of this example is a means for performing processing to set the value of the area in which the attribute flag of the packet is set to a value indicating the internal attribute when transferring the external packet to the internal network. This process is performed as part of the action execution process described above by the rule execution unit 1206B.
  • the route determination unit 1101 and the flow entry setting unit 1102 are realized by, for example, a computer (CPU or the like that operates according to a program) provided in the OFC.
  • the packet attribute determination unit 1201A, the packet attribute setting unit 1202A, the packet processing unit 1203A, the packet processing unit 1203B, the rule determination unit 1205B, and the rule execution unit 1206B are realized by, for example, a computer (such as a CPU that operates according to a program) provided in the OFS. Is done.
  • the flow table storage unit 1204A and the flow table storage unit 1204B are realized by a storage device (memory, database system, or the like) provided in the OFS, for example.
  • FIG. 5 is a sequence diagram showing an example of a flow entry setting flow and a packet transfer flow in the communication system of the present embodiment.
  • FIG. 5 shows an example of the flow entry setting flow and the packet transfer flow in the communication system of the present embodiment, focusing on communication from the communication terminal 131 to the communication terminal 132.
  • the communication handled by this communication system is not limited to the above.
  • the dotted arrow indicates control communication
  • the solid arrow indicates data communication.
  • the communication terminal 131 operates as a transmission terminal. Further, the communication terminal 132 operates as a destination terminal.
  • the OFS 121 operates as an Ingress switch in communication between the communication terminal 131 and the communication terminal 132.
  • the OFS 122 operates as a core switch in communication between the communication terminal 131 and the communication terminal 132.
  • the OFS 123 operates as an Egress switch in communication between the communication terminal 131 and the communication terminal 132.
  • the U / L bit of the source MAC address of the L2 frame is used as the assignment destination of the attribute flag in the packet. This is because the connected external node, encapsulation protocol, etc. It is assumed that there is no machine using a local MAC address. In such a case, a value indicating a local address that is not normally used may be used as a value indicating the internal attribute.
  • the first method is a method of expressing an attribute flag with an arbitrary address block of a MAC address. That is, a vendor-assigned address block or an address block assigned for normal multicast is reserved for use of the attribute flag. In this way, it is ensured that the unique value of the reserved address block is not used by any machine or encapsulation protocol in the external network. Therefore, such an address block area can be determined as the setting destination of the attribute flag. In that case, the secured unique value may be used as the value indicating the internal attribute.
  • the second method uses extension headers such as MPLS (Multi-protocol Label Switching), NVGRE (Network Virtualization Virtualization Using Routing Generic Encapsulation), and VxLAN (Virtual Network eXtensible Network Local Network Network) that IETF (Internet Engineering Task Task Force) is standardizing It is a method to do.
  • MPLS Multi-protocol Label Switching
  • NVGRE Network Virtualization Virtualization Using Routing Generic Encapsulation
  • VxLAN Virtual Network eXtensible Network Local Network Network
  • IETF Internet Engineering Task Task Force
  • the OFC 110 recognizes the topology of the OpenFlow network.
  • the OFC 110 recognizes that the OFS 121 and the OFS 122 are connected and the OFS 122 and the OFS 123 are connected.
  • the OFC 110 is connected to a port used for relaying the OFS 122 serving as a core switch in the communication path between the communication terminal 131 and the communication terminal 132, that is, the OFS 122 connected to the adjacent OFS (OFS 121 and OFS 123).
  • a Core entry for transferring the internal packet is set (transferred) to the port (step S101 in FIG. 5).
  • the classification information of the Core entry includes information specifying, as a packet requirement, that at least the U / L flag of the source MAC address indicates a local address, that is, the attribute flag is a value indicating an internal attribute. included. Furthermore, information specifying that the destination MAC address is a predetermined aggregate MAC address as a requirement of the packet may be included.
  • the OFS 122 that has received the Core entry from the OFC 110 registers the received Core entry in the flow table (step S102 in FIG. 5).
  • the OFC 110 sets an Egress entry assuming an opposite direction together with the Ingress entry for the corresponding port of the OFS 123 at the timing when Packet_In is transmitted for an arbitrary packet received from the communication terminal 132 under the control of the OFS 123, for example.
  • the classification information of the Egress entry includes information specifying, as a packet requirement, that at least the U / L flag of the source MAC address indicates a local address, that is, the attribute flag is a value indicating an internal attribute. included.
  • the classification information specifies that the destination MAC address is an aggregate MAC address in which the node ID of the OFS 123 and the station ID of the communication terminal 132 under the OFS 123 are embedded, as a packet requirement. May be included.
  • the action information of the Egress entry includes information indicating processing for restoring the attribute flag value of the packet, that is, setting the U / L flag of the packet source MAC address to a value indicating a universal address. .
  • the illustration is omitted.
  • the OFS 123 that has received the Egress entry from the OFC 110 registers the received Egress entry in the flow table (step S104 in FIG. 5).
  • the packet 1 which is the first packet addressed to the communication terminal 132 is transmitted from the communication terminal 131 to the OFS 121 (step S105 in FIG. 5).
  • the U / L flag of the source MAC address of the packet 1 is a value indicating a universal address. This means that when the U / L flag is viewed as an attribute flag, a value other than the value indicating the internal attribute is set.
  • the OFS 121 transmits Packet_In to the OFC 110 for the packet 1 (step S106 in FIG. 5).
  • the OFC 110 receives this Packet_In, calculates the route for the flow to which the packet 1 belongs, and transmits the Packet_Out for the packet 1 to the OFS 123 connected to the communication terminal 132 that is the destination terminal (step S107 in FIG. 5).
  • Packet_Out is a message for transmitting the packet from the designated port of the OFS.
  • the OFS 123 that has received Packet_Out transmits the transmitted packet 1 from the designated port (step S108 in FIG. 5). Thereby, the packet 1 which is the first packet of the flow reaches the communication terminal 132.
  • the OFC 110 receives the Packet_In for the packet 1 from the OFS 121 and sets an Ingress entry and an Egress entry assuming a reverse flow for the corresponding port of the OFS 121 (step S109 in FIG. 5).
  • the classification information of the Ingress entry specifies, as a packet requirement, that at least the U / L flag of the source MAC address is a value indicating a universal address, that is, the attribute flag is a value other than a value indicating an internal attribute.
  • the action information of the Ingress entry includes information indicating processing for transferring a packet to the OFS 122 at the next stage after setting the attribute flag to a value indicating the internal attribute. The setting process of the Egress entry at this time is not shown because it is a reverse flow.
  • the OFS 121 that has received the Ingress entry from the OFC 110 registers the received Ingress entry in the flow table (step S110 in FIG. 5).
  • a flow entry for delivering a packet transmitted from the communication terminal 131 to the communication terminal 132 to the communication terminal 132 is set for all OFS on the route of the flow.
  • the communication terminal 131 transmits the packet 2 that is the second packet addressed to the communication terminal 132 to the OFS 121 (step S111 in FIG. 5).
  • the U / L flag of the source MAC address of the packet 2 is a value indicating a universal address (that is, a value other than a value indicating an internal attribute), as with the packet 1.
  • the OFS 121 Since the Ingress entry suitable for the flow is registered in the flow table of the OFS 121 in step S110 described above, the OFS 121 sets the attribute flag of the received packet 2 to a value indicating the internal attribute in accordance with the Ingress entry. Then, the data is transferred to the OFS 122 at the next stage (step S112 in FIG. 5). The OFS 121 also performs processing for converting the destination MAC address into an aggregate MAC address in accordance with the Ingress entry.
  • the packet 2 in which the attribute flag is set to a value indicating the internal attribute and the destination MAC address is converted to the aggregate MAC address is referred to as a packet 2 '.
  • the OFS 122 transfers the received packet 2 ′ to the OFS 123 of the next stage according to the Core entry (FIG. 5 step S113).
  • the OFS 123 Since the Egress entry that matches the packet 2 ′ is registered in the flow table of the OFS 123 by the above-described step S104, the OFS 123 sets the attribute flag and the destination MAC address value of the received packet 2 ′ according to the Egress entry. After returning to the original state, the data is transmitted to the subordinate communication terminal 132 (step S114 in FIG. 5).
  • the first and subsequent packets follow the determined path without going through the OFC, and are finally transmitted to the destination terminal.
  • FIG. 6 is an explanatory diagram expressing the above-described series of flows on a block diagram.
  • the core OFS is the OFS 122.
  • the edge OFS (Ingress) is the OFS 121.
  • the edge OFS (Egress) is OFS123.
  • the transmitting terminal is the communication terminal 131.
  • the destination terminal is the communication terminal 132.
  • the contents of the attribute flag of the packet to be transmitted are indicated by the presence or absence of knitting.
  • the presence of shading indicates a value indicating the internal attribute, that is, the U / L flag is a local address
  • the absence of shading indicates a value other than the value indicating the internal attribute, that is, the U / L flag is a universal address. It shows that there is.
  • the OFS recognizes whether the packet is an internal packet or an external packet from information attached to the received packet instead of the reception port. Therefore, even if both an entry applied to an internal packet and an entry applied to an external packet are set for one port, they can be used properly without being confused. That is, one port can handle both internal packets and external packets. Further, the above effect can be realized without affecting the OpenFlow contract.
  • FIG. FIG. 7 is an explanatory diagram illustrating a configuration example of a communication system according to the second embodiment.
  • the communication system shown in FIG. 7 is different from the communication system shown in FIG. 1 in that an OFS 124 is further provided.
  • the OFS 124 is connected to one port of the OFS 121 via a port common to the communication terminal 131.
  • the OFS 124 is connected to the communication terminal 133 via another port.
  • the communication terminal 133 is a node belonging to an external network.
  • the OFS 124 may be a virtual OFS that operates on a virtualized physical server as exemplified in FIG.
  • the communication terminal 133 is a virtual machine that operates on the same physical server.
  • the communication terminal 131 is an application that operates on the physical server.
  • the configuration and operation of the OFS 124 may be the same as the configuration and operation of each OFS in the first embodiment.
  • one port of the OFS 121 can handle both the Ingress flow and the Egress flow.
  • the OFS 121 when the OFS 121 receives a packet transmitted from the communication terminal 131, the OFS 121 selects an Ingress entry based on the value of the attribute flag of the received packet and operates according to the selected Ingress entry. On the other hand, when receiving a packet transmitted from the communication terminal 133 and transferred by the OFS 124, the OFS 121 selects a Core entry based on the value of the attribute flag of the received packet, and operates according to the selected Core entry.
  • FIGS. 8 and 9 are sequence diagrams showing an example of a flow entry setting flow and a packet transfer flow in the communication system of the present embodiment.
  • the flow entry setting flow in the communication system of the present embodiment focuses on communication from the communication terminal 131 to the communication terminal 132 and communication from the communication terminal 133 to the communication terminal 132.
  • communication handled by the communication system of the present embodiment is not limited to the above.
  • the communication terminal 131 and the communication terminal 133 operate as transmission terminals. Further, the communication terminal 132 operates as a destination terminal.
  • the OFS 124 is an Ingress switch in communication between the communication terminal 133 and the communication terminal 132.
  • the OFS 121 is an Ingress switch in communication between the communication terminal 131 and the communication terminal 132, and is a core switch in communication between the communication terminal 133 and the communication terminal 132.
  • the OFS 123 is an Egress switch in communication between the communication terminal 131 and the communication terminal 132 and communication between the communication terminal 133 and the communication terminal 132.
  • the OFS 122 is a core switch in communication between the communication terminal 131 and the communication terminal 132 and communication between the communication terminal 133 and the communication terminal 132.
  • the OFC 110 recognizes the topology of the OpenFlow network.
  • the OFC 110 recognizes that the OFS 121 and the OFS 122 are connected, the OFS 122 and the OFS 123 are connected, and the OFS 124 and the OFS 121 are connected.
  • the OFC 110 performs communication on the communication path between the communication terminal 133 and the communication terminal 132 or the port used for relaying the OFS 121 and OFS 122 serving as core switches in the communication path between the communication terminal 131 and the communication terminal 132.
  • a Core entry for transferring the internal packet is set (transferred) (steps S101 and S201 in FIG. 8).
  • the classification information of the Core entry includes information specifying, as a packet requirement, that at least the U / L flag of the source MAC address indicates a local address, that is, the attribute flag is a value indicating an internal attribute. included.
  • the Core entry classification information may include information specifying that the destination MAC address is a predetermined aggregate MAC address as a packet requirement.
  • the OFS 121 and OFS 122 that have received the Core entry from the OFC 110 register the received Core entry in the flow table (steps S102 and S202 in FIG. 8).
  • the OFS 121 transmits Packet_In for the packet 1 to the OFC 110 as in the first embodiment (step S106 in FIG. 8).
  • the subsequent processing relating to packet 1 is the same as that in the first embodiment (steps S107 to S110).
  • the processing related to the packet from the communication terminal 131 after the packet 1 is the same as that in the first embodiment (steps S111 to S114).
  • the packet 3 that is the first packet addressed to the communication terminal 132 is transmitted from the communication terminal 133 to the OFS 124 (step S203 in FIG. 9).
  • the U / L flag of the source MAC address of the packet 3 is a value other than a value indicating a universal address, that is, a value indicating an internal attribute.
  • OFS 124 Since no flow entry matching packet 3 is registered in the flow table of OFS 124, OFS 124 transmits Packet_In for packet 3 to OFC 110 (step S204 in FIG. 9).
  • the OFC 110 receives this Packet_In, calculates the route for the flow to which the packet 3 belongs, and transmits the Packet_Out for the packet 3 to the OFS 123 connected to the communication terminal 132 that is the destination terminal (step S205 in FIG. 9). ).
  • the OFS 123 that has received the Packet_Out transmits the designated packet from the designated port (step S206 in FIG. 9). As a result, the packet 3 which is the first packet of the flow reaches the communication terminal 132.
  • the OFC 110 receives Packet_In for the packet 3 from the OFS 124, and sets an Ingress entry and an Egress entry assuming a reverse flow for the corresponding port of the OFS 124 (step S207 in FIG. 9).
  • the classification information of the Ingress entry includes information specifying, as a packet requirement, that at least the U / L flag of the source MAC address is a value indicating a universal address, that is, a value other than a value indicating an internal attribute. included.
  • the action information of the Ingress entry includes information indicating a process for transferring a packet to the OFS 121 at the next stage after setting the U / L flag to a value indicating an internal attribute.
  • the OFS 124 that has received the Ingress entry from the OFC 110 registers the received Ingress entry in the flow table (step S208 in FIG. 9).
  • a flow entry for delivering a packet addressed to the communication terminal 132 transmitted from the communication terminal 133 to the communication terminal 132 is set for all OFS on the flow path.
  • the communication terminal 133 transmits the packet 4 that is the second packet addressed to the communication terminal 132 to the OFS 124 (step S209 in FIG. 9).
  • the OFS 124 Since the Ingress entry suitable for the packet 4 is registered in the flow table of the OFS 124 in step S208, the OFS 124 transfers the received packet 4 to the next-stage OFS 121 in accordance with the Ingress entry (step S210 in FIG. 9). ). At this time, according to the Ingress entry, the OFS 124 sets the attribute flag of the packet 4 to a value indicating an internal attribute, converts the destination MAC address to an aggregate MAC address, and transfers the packet.
  • the packet 4 in which the attribute flag is set to a value indicating the internal attribute and the destination MAC address is converted into the aggregate MAC address is referred to as a packet 4 '.
  • the corresponding port of the OFS 121 receives the packet 4 '.
  • the packet 4 ' has the same source MAC address (except for the U / L flag) and the same destination MAC address as the packet 2 received in step S111.
  • the attribute flag is set to a value indicating the internal attribute in step S211. Due to this difference, in the OFS 121, the packet 4 'matches the Core entry, not the Ingress entry. Therefore, the OFS 121 transfers the received packet 4 ′ to the next-stage OFS 122 according to the matched Core entry (step S ⁇ b> 211 in FIG. 9).
  • the OFS 122 transfers the received packet 4 'to the next-stage OFS 123 according to the registered Core entry (step S212 in FIG. 9).
  • the OFS 123 transmits the received packet 4 ′ to the subordinate communication terminal 132 according to the Egress entry ( Step S213 in FIG. 9). At this time, the OFS 123 transmits the packet 4 'after returning the attribute flag and the destination MAC address of the packet 4' according to the Egress entry.
  • the packet after the 1st packet travels on the determined route without going through the OFC, and is finally transmitted to the destination terminal.
  • FIG. 10 is an explanatory diagram illustrating an example of a flow entry registered in the flow table of the OFS 121 according to the present embodiment.
  • the communication terminal 133 is a virtual machine that operates on a virtualized physical server.
  • the communication terminal 131 is assumed to be an application that operates on the same physical server.
  • the OFS 124 is a virtual switch that operates on the same physical server.
  • the physical server is assumed to be connected to the Port 1 of the OFS 121 via one physical NIC.
  • the OFS 122 is connected to the Port 2 of the OFS 121.
  • a flow entry as shown in FIG. 10 is registered in the flow table of the OFS 121.
  • the flow entry shown in the first record R101 is an example of an Ingress entry applied to a packet received from the communication terminal 131 (in this example, an application on a physical server).
  • the value of the U / L flag is U: as the designation of the source MAC address (indicated as “MAC src” in the figure). Contains information specifying that it is a universal address. This designation agrees with the fact that the value of the attribute flag is designated as a value indicating an external attribute.
  • action information (indicated as “Action Field” in the figure) associated with such classification information
  • the value of the U / L bit of the source MAC address is set to L: a value indicating a local address.
  • An operation indicating the output from Port 2 is specified after rewriting.
  • designation for converting the destination MAC address to the aggregate MAC address in the action information of the Ingress entry is omitted.
  • “Count Field” in the flow table illustrated in FIG. 10 is a timer value.
  • the flow entry indicated in the second record R102 is an example of a Core entry applied to a packet transferred from the OFS 124 (virtual OFS in this example).
  • the Core entry classification information includes information for designating that the value of the U / L flag is L: local address as designation of the source MAC address. This designation agrees with the fact that the attribute flag is designated as a value indicating an internal attribute.
  • the action information associated with such classification information specifies an operation indicating an output from Port2.
  • the attribute flag is embedded in the U / L bit of the source MAC address, it is determined whether the packet attribute is an internal attribute or an external attribute, the U / L of the source MAC address of the received packet. You can judge by looking at the bit.
  • the U / L flag is a value indicating U: universal address.
  • the packet from the virtual OFS (OFS 124) has the U / L flag rewritten to a value indicating L: local address by the packet attribute setting processing according to the present invention.
  • the OFS 121 when a packet is received from the Port 1, if it is a packet from the application (communication terminal 131) on the physical server, it matches the Ingress entry, and if it is a packet from the virtual OFS (OFS 124), The entry corresponding to the attribute of the packet is correctly selected so as to match.
  • OFS recognizes whether the attribute of the packet is an internal attribute or an external attribute from the information attached to the received packet instead of the reception port. To select the correct entry. As a result, both external packets and internal packets can be handled by one port.
  • one port can handle both internal and external packets, the following effects can be expected. That is, in the virtualized server on which the virtual switch operates, the number of necessary physical NICs can be suppressed and the communication band of the high-performance NIC can be effectively used. In addition, the number of used ports of OFS (for example, OFS 121) that is the opposite port of the virtual switch can be reduced. The above effect can be realized without affecting the OpenFlow protocol.
  • OFS for example, OFS 121
  • the present invention has been described using an OpenFlow network that is one of CU separation type networks as an example, but the OpenFlow network is only an example. Therefore, the network targeted by the present invention is not limited to the OpenFlow network. Further, the present invention is not limited to a CU separation type network. That is, the present invention can be applied to a network that is not a CU separation type network and each packet transfer apparatus performs transfer control.
  • FIG. 11 is a block diagram showing a minimum configuration example expressing the features of the communication system according to the present invention.
  • the communication system according to the present invention includes at least a plurality of packet transfer apparatuses (a packet transfer apparatus 501-1 and a packet transfer apparatus 501-2).
  • Each packet transfer apparatus includes a packet attribute determination unit 501 and a packet attribute setting unit 502.
  • the packet attribute determination unit 501 (for example, the packet attribute determination unit 1201A and the packet attribute determination unit 1201B) is a predetermined area included in the header area of the packet, and is an attribute set in advance as an area for setting the packet attribute Referring to the setting area (in the above example, the area to which the attribute flag is assigned), whether the attribute of the received packet is an internal attribute representing an internal packet transferred from one of the packet transfer apparatuses or an external node It is determined whether the external attribute represents an external packet received from.
  • the packet attribute determination unit 501 determines that the attribute setting area value of the received packet is an internal attribute if the value indicates an internal attribute, and determines that the value is an external attribute if the value is a value other than the value indicating the internal attribute. To do.
  • the packet attribute determination unit 502 when transferring an external packet to another packet transfer apparatus via the internal network, Set a value indicating the attribute.
  • the packet attribute determining unit 501 determines that the value of the attribute setting area of the received packet is an internal attribute if the value indicates a predetermined internal attribute, and if the value is a value other than the value indicating the internal attribute. It is determined to be an external attribute.
  • Each packet transfer device is a packet transfer rule that is information that determines the operation of the packet transfer device when a packet is received, and the classification indicates the requirements of packets belonging to the packet flow to which the packet transfer rule is applied.
  • Packet transfer rule storage means for example, flow table storage means 1204A, 1204B for storing packet transfer rules including information and action information indicating processing to be executed, and packet transfer rules stored in the packet transfer rule storage means
  • the packet processing means for example, packet processing means 1203A, 1203B) for executing processing on the received packet, the classification information has information specifying the value of the attribute setting area, and the packet processing means
  • Packets stored in the rule storage means A rule determination unit (for example, rule determination unit 1205B) for determining which of the packet transfer rules stored in the packet transfer rule storage unit matches the received packet based on the classification information of the data transfer rule;
  • a rule execution unit for example, rule execution unit 1206B) that executes processing indicated by the action information of the adapted packet transfer rule with respect to the received packet.
  • the communication system further includes a control device (for example, OFC 110) for controlling the packet communication path of each packet transfer device by controlling the packet processing of each packet transfer device.
  • a route determination unit for example, route determination unit 1101 that determines a route according to the topology of the internal network, which is a network formed by each packet transfer device, and a route that is determined by the route determination unit
  • a packet transfer rule setting unit for generating a packet transfer rule and transferring the packet transfer rule to a related packet transfer device.
  • the packet transfer rule storage unit of each packet transfer device includes: Memorize transferred packet transfer rules and transfer packets
  • the rule setting means includes, for a packet transfer apparatus serving as a relay point in a specific packet flow route, classification information having information specifying that the value of the attribute setting area is a value indicating an internal attribute, A packet transfer rule including action information indicating an output from the port may be transferred before communication of a specific packet flow is started.
  • the communication system includes a virtual packet transfer device (for example, OFS 124 in FIG. 7) operating on a virtualized server as a packet transfer device, and a second packet transfer connected to the virtual packet transfer device.
  • a virtual packet transfer device for example, OFS 124 in FIG. 7
  • one port of the second packet transfer device is one port of the server, and an internal packet transferred from the virtual packet transfer device and a virtual packet transfer It may be connected to one port capable of transmitting both external packets that do not pass through the device.
  • the attribute setting area may be a U / L bit area of the MAC address included in the header information
  • the value indicating the internal attribute may be a value indicating the local address in the U / L bit of the MAC address.
  • the attribute setting area may be an address block area of the MAC address to which a unique value is assigned in advance for the communication system in the protocol used by the external network, and the value indicating the internal attribute may be a unique value.
  • the attribute setting area is an extension header area extended by the header extension technology used in the protocol used by the external network, and one of the packet transfer devices has extended the extension header area with a value indicating the internal attribute. It may be a predetermined value indicating the effect.
  • the present invention can be preferably applied to a use in which communication is performed via a plurality of packet transfer apparatuses, and particularly applicable to a communication system including a virtualized packet transfer apparatus.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A communication system in which individual packet-forwarding devices include: a packet attribute determination means for determining whether the attributes of a received packet are internal attributes indicating an internal packet or external attributes indicating an external packet by referring to an attribute-setting region which is a prescribed region included in the header region of the packet and is pre-set as a region for setting the attributes of the packet; and a packet attribute setting means for setting values indicating internal attributes in the attribute-setting region of the packet when forwarding an external packet to another packet-forwarding device via an internal network. Furthermore, the packet attribute determination means determines the attributes to be internal attributes if the values in the attribute-setting region are values indicating internal attributes, and to be external attributes if the values are values other than values indicating internal attributes.

Description

通信システム、パケット転送装置、パケット転送方法およびパケット転送用プログラムCOMMUNICATION SYSTEM, PACKET TRANSFER DEVICE, PACKET TRANSFER METHOD, AND PACKET TRANSFER PROGRAM
 本発明は、通信システム、パケット転送装置、パケット転送方法およびパケット転送用プログラムに関し、特に、パケットを転送するパケット転送装置と、パケット転送装置のパケット転送を制御することにより通信経路を制御する制御装置とを備える通信システム、その通信システムに適用されるパケット転送装置、パケット転送方法およびパケット転送用プログラムに関する。 The present invention relates to a communication system, a packet transfer device, a packet transfer method, and a packet transfer program, and in particular, a packet transfer device that transfers a packet, and a control device that controls a communication path by controlling packet transfer of the packet transfer device. A packet transfer apparatus, a packet transfer method, and a packet transfer program applied to the communication system.
 従来、パケットの送信元から送信先(宛先)への経路の決定処理と、パケット転送処理とは、経路上の複数のスイッチが各々個別に行っていた。 Conventionally, a route determination process from a packet source to a destination (destination) and a packet transfer process are individually performed by a plurality of switches on the path.
 しかし、データセンタといった大規模ネットワークでは、故障による機器の停止や規模拡大のための機器の新規追加(導入、接続)等によって、ネットワーク構成の変化が常に発生している。そのため、経路上の各スイッチには、ネットワーク構成の変化に即応して、受信したパケットに対して適切な経路を決定するための柔軟性が求められている。しかし、各スイッチの経路決定処理のプログラムは、外部から変更することができなかった。 However, in a large-scale network such as a data center, changes in the network configuration are constantly occurring due to equipment stoppage due to a failure or new equipment addition (introduction, connection) for scale expansion. Therefore, each switch on the route is required to have flexibility to determine an appropriate route for the received packet in response to a change in the network configuration. However, the route determination processing program for each switch cannot be changed from the outside.
 そこで、各スイッチに柔軟性を持たせるため、外部のコントロールプレーンから、ユーザプレーンの経路決定処理を行うCU(C:コントロールプレーン/U:ユーザプレーン)分離型のネットワークシステムが提案されている。 Therefore, in order to give flexibility to each switch, a CU (C: control plane / U: user plane) separation type network system that performs user plane route determination processing from an external control plane has been proposed.
 CU分離型のネットワークの一例として、オープンフロー(OpenFlow)技術を利用したオープンフローネットワークが挙げられる。オープンフロー技術の詳細については、非特許文献1に記載されている。 An example of the CU separation type network is an open flow network using an open flow technology. The details of the open flow technique are described in Non-Patent Document 1.
 オープンフローネットワークでは、OFC(OpenFlow Controller)と呼ばれる制御装置が、OFS(OpenFlow Switch)と呼ばれるパケット転送装置のフローテーブルを操作することにより、各OFSの受信パケットに対する動作を制御する。 In the OpenFlow network, a control device called OFC (OpenFlow Controller) controls the operation of each OFS received packet by operating a flow table of a packet transfer device called OFS (OpenFlow Switch).
 オープンフローネットワークを構築する通信システムの一般的な構成を図12に示す。図12に例示する通信システムは、制御装置であるOFC910と、オープンフローネットワーク900に属するパケット転送装置であるOFS921~924とを備える。 FIG. 12 shows a general configuration of a communication system that constructs an OpenFlow network. The communication system illustrated in FIG. 12 includes an OFC 910 that is a control device and OFS 921 to 924 that are packet transfer devices belonging to the OpenFlow network 900.
 図12に例示する通信システムにおいて、OFC910およびOFS921~924は、オープンフロー(OpenFlow)プロトコルに従って動作する。このとき、OFS921~924は、任意のネットワークトポロジを構成する。また、OFC910とOFS921~924の各々とは、セキュアチャネル(Secure Channel)接続によって接続されている。 In the communication system illustrated in FIG. 12, the OFC 910 and OFS 921 to 924 operate according to the OpenFlow protocol. At this time, OFS 921 to 924 constitute an arbitrary network topology. Further, the OFC 910 and each of the OFS 921 to 924 are connected by a secure channel (Secure Channel) connection.
 OFC910は、OFS921~924の各々のフローテーブルにフローエントリを設定する。フローエントリは、送られてくるパケットに応じたOFSの動作を定めた情報である。フローエントリは、パケット転送ルールと称される場合もある。また、個々のパケット転送ルールに適合するパケット群(パケット系列)はフローまたはパケットフローと呼ばれる。なお、フローまたはパケットフローは、経路を制御する単位となるパケット群(パケット系列)であるといってもよい。なお、パケットをフレームと読み替えてもよい。OFC910は、OFS921~924の各々のフローテーブルにフローエントリを設定することで、オープンフローネットワーク900に接続される通信端末(本例では、通信端末931、932、932)間で通信を行うための経路決定処理を行う。 The OFC 910 sets a flow entry in each flow table of the OFS 921 to 924. The flow entry is information that defines the operation of the OFS according to the packet that is sent. The flow entry may be referred to as a packet transfer rule. A packet group (packet series) that conforms to each packet transfer rule is called a flow or a packet flow. The flow or packet flow may be said to be a packet group (packet series) as a unit for controlling a route. The packet may be read as a frame. The OFC 910 performs communication between communication terminals ( communication terminals 931, 932, and 932 in this example) connected to the OpenFlow network 900 by setting flow entries in the flow tables of the OFS 921 to 924. Route determination processing is performed.
 OFC910は、ネットワークトポロジ管理機能と、通信端末位置管理機能と、フローエントリ生成機能と、経路計算機能と、OFS管理機能とを具備する。 The OFC 910 includes a network topology management function, a communication terminal location management function, a flow entry generation function, a route calculation function, and an OFS management function.
 ネットワークトポロジ管理機能は、OFSから収集した情報を元に、OFS群が形成するネットワークトポロジを表す情報を記憶する機能である。 The network topology management function is a function for storing information representing the network topology formed by the OFS group based on information collected from the OFS.
 通信端末位置確認機能は、OFSによって構築されるオープンフローネットワークに接続される通信端末がどのOFSのどのポートに接続されているのかを管理する機能である。 The communication terminal location confirmation function is a function for managing which port of which OFS the communication terminal connected to the OpenFlow network constructed by OFS is connected.
 フローエントリ生成機能は、フローエントリを作成する機能である。OFC910は、フローエントリ生成機能により、分類情報、アクション情報、およびタイマ値を決定し、これらの情報を含むフローエントリを作成する。分類情報は、フローを識別する情報であり、例えば、フローに属するパケットの要件として表される。OFSが受信したパケットがどのフローに属するのかは分類情報に基づいて判定される。アクション情報は、フローに対して行うOFSの動作(例えば、特定のポートへの転送、フラッディング、廃棄等)を示す情報である。タイマ値は、フローエントリの有効期間を定めるための値である。タイマ値はアクション情報に含まれてもよい。その場合、OFC910は、フロー毎に、分類情報と、アクション情報とを含むフローエントリを生成する。 The flow entry generation function is a function that creates a flow entry. The OFC 910 determines the classification information, action information, and timer value by the flow entry generation function, and creates a flow entry including these pieces of information. The classification information is information for identifying a flow, and is represented as, for example, a requirement for a packet belonging to the flow. The flow to which the packet received by the OFS belongs is determined based on the classification information. The action information is information indicating an OFS operation (for example, forwarding to a specific port, flooding, discarding, etc.) performed on the flow. The timer value is a value for determining the valid period of the flow entry. The timer value may be included in the action information. In that case, the OFC 910 generates a flow entry including classification information and action information for each flow.
 経路計算機能は、フローの通信経路を計算する機能である。 The route calculation function is a function that calculates the communication route of the flow.
 OFS管理機能は、OFSを制御するための機能であって、具体的にはOFS制御用のチャネルの管理やOFSへのフローエントリの設定等を行う機能である。 The OFS management function is a function for controlling the OFS, specifically, a function for managing a channel for controlling the OFS, setting a flow entry in the OFS, and the like.
 OFS921~924は、OFC910によって設定されたフローエントリに基づいて、受信したパケットを処理する。OFS921~924は、パケットを受信すると、設定されたフローエントリの分類情報に従ってそのパケットがどのフローに属するかを判定し、そのフローに対して定められたフローエントリのアクション情報が示す動作を、受信したパケットに対して行う。これにより、OFS921~924は、受信したパケットが属するフローに対して定められているフローエントリのアクション情報に基づき、そのパケットを特定のポートに転送したり、フラッディングしたり、廃棄したりする。なお、各OFSは、受信したパケット等に関する統計情報を作成する機能を有していてもよい。統計情報の作成粒度としてはフローエントリ単位やポート単位等がある。 The OFS 921 to 924 process the received packet based on the flow entry set by the OFC 910. When receiving the packet, the OFS 921 to 924 determine to which flow the packet belongs according to the set flow entry classification information, and receive the operation indicated by the action information of the flow entry defined for the flow. To the received packet. As a result, the OFS 921 to 924 forwards, floods, or discards the packet to a specific port based on the flow entry action information defined for the flow to which the received packet belongs. Each OFS may have a function of creating statistical information regarding received packets and the like. Statistical information creation granularity includes flow entry units, port units, and the like.
 分類情報は、一般に、パケットの各プロトコル階層のヘッダ領域に含まれる宛先アドレス、送信元アドレス、宛先ポート、送信元ポートのいずれか又は全てを用いた様々な組み合わせにより定義される。なお、上記のアドレスには、MACアドレス(Media Access Control Address)と、IPアドレス(internet Protocol Address)とが含まれる。また、上記に加えて、入力ポート(Ingress Port)の情報も用いられる。 The classification information is generally defined by various combinations using any or all of the destination address, source address, destination port, and source port included in the header area of each protocol layer of the packet. Note that the above address includes a MAC address (Media Access Control Address) and an IP address (Internet Protocol Address). In addition to the above, information of an input port (Ingress Port) is also used.
 オープンフローネットワークでは、OFS921~924は、受信したパケットに適合するフローエントリを保持していない場合、当該パケットを新規フローの最初のパケットである1stパケットとして、該1stパケットの受信をOFC910に通知する。具体的には、OFS921~924は、エントリ要求とも呼ばれる、受信したパケットについての問い合わせをOFC910に送信する。OFS921~924は、エントリ要求として、当該1stパケットをOFC910に転送してもよい。なお、OFCに1stパケットを転送するメッセージはPacket_INとも呼ばれる。 In the OpenFlow network, if the OFS 921 to 924 does not hold a flow entry that matches the received packet, the OFS 910 notifies the OFC 910 that the first packet is received as the first packet that is the first packet of the new flow. . Specifically, the OFS 921 to 924 sends an inquiry about the received packet, also called an entry request, to the OFC 910. The OFS 921 to 924 may transfer the 1st packet to the OFC 910 as an entry request. Note that the message for transferring the first packet to the OFC is also called Packet_IN.
 OFC910は、管理下にあるOFS921~924からエントリ要求を受けた場合、そのパケットが属するフローの経路を決定し、その経路を実現するために経路上のOFSが当該パケットに対して行う動作を決定する。そして、OFC910は、経路上の各OFSに対して、当該フローを識別する分類情報と、決定した動作を示すアクション情報とを含むフローエントリを設定するための制御メッセージを送信する。 When receiving an entry request from the OFS 921 to 924 under management, the OFC 910 determines the flow path to which the packet belongs and determines the operation that the OFS on the path performs on the packet to realize the path. To do. Then, the OFC 910 transmits a control message for setting a flow entry including classification information for identifying the flow and action information indicating the determined operation to each OFS on the route.
 オープンフローネットワークにおいて、OFCがOFSに対してフローエントリを設定するタイミングには、大きくプロアクティブ型(Proactive型)と、リアクティブ型(Reactive型)の2つの方式がある。 In the OpenFlow network, there are two main types of timing when an OFC sets a flow entry for an OFS: a proactive type (Proactive type) and a reactive type (Reactive type).
 プロアクティブ型は、データ通信が始まる前に、OFCが所定のフローの経路を決定し、関係するOFSにその経路を実現させるフローエントリを設定する。この方式は、OFCが自発的に行う「事前のエントリ登録」を指して、プロアクティブ型と呼ばれる。 In the proactive type, before data communication starts, the OFC determines a route of a predetermined flow, and sets a flow entry that realizes the route in a related OFS. This method is referred to as “proactive type”, referring to “advance entry registration” voluntarily performed by the OFC.
 一方、リアクティブ型は、OFCがOFSからのエントリ要求を受けた際に、要求されたパケットが属するフローの経路を決定し、関係するOFSにその経路を実現させるフローエントリを設定する。この方式は、実際のデータ通信時にOFCがOFSからの要求に応じて行う「リアルタイムのエントリ登録」を指して、リアクティブ型と呼ばれる。 On the other hand, when the OFC receives an entry request from the OFS, the reactive type determines a flow path to which the requested packet belongs, and sets a flow entry for realizing the path in the related OFS. This method refers to “real-time entry registration” performed by the OFC in response to a request from the OFS during actual data communication, and is called a reactive type.
 これまでのオープンフローネットワークではリアクティブ型が中心であった。しかし、関係するOFSに対するフローエントリの設定処理によるパケット転送遅延の問題や、一度に大量の1stパケットがOFCに到着すると処理しきれなくなるといった問題があり、このような問題を解決するために、近年、プロアクティブ型が有望視されている。 】 Reactive type has been the main focus in the previous OpenFlow network. However, there are problems such as packet transfer delay due to flow entry setting processing for the associated OFS, and problems that cannot be processed once a large number of 1st packets arrive at the OFC. To solve such problems, in recent years, Proactive type is considered promising.
 また、プロアクティブ型を用いれば、通信開始前にフローを定義できるため、ウィルスによる大量フローが発生する問題や不明なパケットによる不正アクセス等も回避可能になると考えられる。 Also, if the proactive type is used, the flow can be defined before the start of communication, so it is considered possible to avoid problems such as a large flow caused by viruses and unauthorized access due to unknown packets.
 ただし、実際には、完全なプロアクティブ型にするとエントリ数が膨大になることが考えられるため、一部のフローや一部の経路をリアクティブ型にすることにより、エントリ数の制約から逃れるといったことも考えられている。 However, in reality, the number of entries can be enormous if the complete proactive type is used, so that some flows and some routes can be made reactive to avoid the restriction on the number of entries. It is also considered.
 図12に例示されるネットワーク構成において、OFS921,923,924は「エッジスイッチ」と呼ばれる場合がある。また、OFS922は「コアスイッチ」と呼ばれる場合がある。 In the network configuration illustrated in FIG. 12, OFS 921, 923, 924 may be referred to as an “edge switch”. The OFS 922 is sometimes called a “core switch”.
 エッジスイッチは、決定されたフローの経路において始点または終点となるパケット転送装置である。また、エッジスイッチのうち始点となるパケット転送装置をIngressスイッチといい、終点となるパケット転送装置をEgressスイッチという場合がある。コアスイッチは、決定されたフローの経路において中継点となるパケット転送装置である。なお、実際にはエッジスイッチかコアスイッチかはポートごとに決定される。 The edge switch is a packet transfer device that becomes a start point or an end point in the determined flow path. In some cases, a packet transfer apparatus serving as a start point of edge switches is referred to as an “Ingress switch”, and a packet transfer apparatus serving as an end point is referred to as an “Egress switch”. The core switch is a packet transfer device that serves as a relay point in the determined flow path. Actually, an edge switch or a core switch is determined for each port.
 ところで、特定の経路で見た場合、エッジスイッチとコアスイッチは排他的に存在するが、パケット転送装置の単位でみると、ある経路ではエッジスイッチとなり、別の経路ではコアスイッチとなるというように、エッジスイッチとコアスイッチの両方の役目を担うパケット転送装置も当然存在しうる。したがって、あるOFSがエッジスイッチかコアスイッチかは、ポートごとおよびフローごとに決定されるというべきである。以下、あるOFSに着目したときに、該OFSがエッジスイッチの役目を担うフローをエッジフローという場合がある。特に、該OFSがIngressスイッチの役目を担うフローをIngressフローといい、該OFSがEgressスイッチの役目を担うフローをEgressフローという場合がある。同様に、該OFSがコアスイッチの役目を担うフローをCoreフローという場合がある。また、Ingressスイッチ用のエントリをIngressエントリ、Egressスイッチ用のエントリをEgressエントリ、コアスイッチ用のエントリをCoreエントリという場合がある。 By the way, when viewed from a specific route, the edge switch and the core switch exist exclusively, but in terms of the unit of the packet transfer device, it becomes an edge switch in one route and a core switch in another route. Of course, there may also be a packet transfer device that serves as both an edge switch and a core switch. Therefore, it should be said that whether an OFS is an edge switch or a core switch is determined for each port and each flow. Hereinafter, when attention is paid to a certain OFS, a flow in which the OFS serves as an edge switch may be referred to as an edge flow. In particular, a flow in which the OFS serves as an Ingress switch may be referred to as an Ingress flow, and a flow in which the OFS serves as an Egress switch may be referred to as an Egress flow. Similarly, a flow in which the OFS serves as a core switch may be referred to as a Core flow. In some cases, an entry for an Ingress switch is called an Ingress entry, an entry for an Egress switch is called an Egress entry, and an entry for a core switch is called a Core entry.
 パケット転送ルールに従ってパケットの転送を行うパケット転送方法に関連する技術として、例えば特許文献1には、プロアクティブ型のオープンフローネットワークを実現した通信システムの例が記載されている。 As a technique related to a packet transfer method for transferring a packet in accordance with a packet transfer rule, for example, Patent Document 1 describes an example of a communication system that realizes a proactive open flow network.
 また、特許文献2には、コアスイッチに各フローの経路を事前に設定できるとともに、事前設定した経路を容易に変更可能なパケット転送方法が記載されている。特許文献2に記載された方法は、エッジスイッチが、パス(行きと帰りを意識しない経路)を識別するためのパス識別子をパケットの宛先MACアドレスなどEgressスイッチで復元可能なフィールドに埋め込む。各コアスイッチは、エントリの分類情報に従い、パス識別子が埋め込まれた宛先MACアドレスをマッチングルール(照合規則)として使用して、設定されたパス識別子に応じた動作を決定する。 Further, Patent Document 2 describes a packet transfer method in which a route of each flow can be set in advance in the core switch and the preset route can be easily changed. In the method described in Patent Document 2, the edge switch embeds a path identifier for identifying a path (a route not conscious of going and returning) in a field that can be restored by the Egress switch such as a destination MAC address of the packet. Each core switch determines the operation according to the set path identifier using the destination MAC address in which the path identifier is embedded as a matching rule (matching rule) according to the classification information of the entry.
 また、特許文献3には、異なるスイッチング方式を混在させて機能するスイッチ装置の例が示されている。特許文献3に記載された方法は、パケットのラベルフィールド(通常、宛先MACアドレスと送信元MACアドレスが登録されるフィールド)の先頭をスイッチング方式を識別するための識別情報として使用する。スイッチ装置は、パケットのラベルフィールドの先頭の値を識別情報として認識し、該識別情報に応じたスイッチングを行う。 Further, Patent Document 3 shows an example of a switching device that functions by mixing different switching methods. The method described in Patent Document 3 uses the beginning of a packet label field (usually a field in which a destination MAC address and a source MAC address are registered) as identification information for identifying a switching method. The switch device recognizes the leading value of the label field of the packet as identification information, and performs switching according to the identification information.
国際公開2012/096131号パンフレットInternational Publication 2012/096131 Pamphlet 特開2013-232905号公報JP 2013-232905 A 特開2013-135397号公報JP2013-135397A
 近年、コスト削減のためにサーバを仮想化する技術が多く研究されている。また、サーバ仮想化に伴い、物理サーバ内の仮想マシンのためのネットワークを、同じ物理サーバ内で動作する仮想スイッチによって制御するアーキテクチャが注目されている。 In recent years, many technologies for virtualizing servers for cost reduction have been studied. Also, with server virtualization, an architecture that controls a network for virtual machines in a physical server by a virtual switch operating in the same physical server has attracted attention.
 一方で、SDN(Software Defined networking)技術を利用したネットワークの仮想化の研究・商用化が進んでおり、今後、サーバ仮想化とネットワーク仮想化の融合が進むと考えられる。上述したオープンフロー技術は、SDN技術の1つでもある。 On the other hand, research and commercialization of network virtualization using SDN (Software Defined Networking) technology is progressing, and it is considered that fusion of server virtualization and network virtualization will progress in the future. The above-described OpenFlow technology is also one of SDN technologies.
 オープンフロー技術を利用して、サーバ仮想化とネットワーク仮想化の融合を行うことを考えた場合、その実現の第一歩として、仮想スイッチをオープンフロープロトコルに対応させて、仮想マシンごとのネットワークトラフィックをOFCから制御できるようにすることが考えられる。 When considering the integration of server virtualization and network virtualization using OpenFlow technology, the first step in realizing this is to make the virtual switch compatible with the OpenFlow protocol, and network traffic for each virtual machine. Can be controlled from the OFC.
 しかし、仮想スイッチを含む通信システムにおいてオープンフローネットワークを実現しようとすると次のような問題があった。 However, there are the following problems when trying to realize an OpenFlow network in a communication system including a virtual switch.
 図13は、サーバ仮想化された物理サーバの一例を示す説明図である。図13には、物理サーバ840内に、ハイパーバイザ841による仮想化技術を用いて、仮想スイッチ843と仮想マシン842とが構築されている例が示されている。また、図13に示す物理サーバ840は、ハイパーバイザ841の他に、アプリケーション844と、物理NIC(Network Interface Controller)845とを備えている。なお、本発明において「アプリケーション」といった場合には、アプリケーションプログラムとその動作環境を実現する物理手段(CPU等)とを含む意味で用いる。 FIG. 13 is an explanatory diagram showing an example of a server virtualized physical server. FIG. 13 shows an example in which a virtual switch 843 and a virtual machine 842 are built in the physical server 840 using the virtualization technology by the hypervisor 841. In addition to the hypervisor 841, the physical server 840 illustrated in FIG. 13 includes an application 844 and a physical NIC (Network Interface Controller) 845. In the present invention, “application” is used to include an application program and physical means (such as a CPU) that realizes the operating environment.
 図13に示す例において、仮想スイッチ843は、物理サーバ840の物理NIC845と紐付けられている。仮想スイッチ843は、配下の仮想マシン842から受信したパケットが物理サーバ840の外に出ていくものである場合には、物理NIC845を介して受信したパケットを、スイッチ850に送信する。なお、仮想スイッチ843は、具体的にはフローテーブルに登録されているフローエントリに従って、受信したパケットを指定ポートに出力することにより、上記動作を行う。 In the example illustrated in FIG. 13, the virtual switch 843 is associated with the physical NIC 845 of the physical server 840. If the packet received from the subordinate virtual machine 842 goes out of the physical server 840, the virtual switch 843 transmits the packet received via the physical NIC 845 to the switch 850. Specifically, the virtual switch 843 performs the above operation by outputting the received packet to the designated port according to the flow entry registered in the flow table.
 また、本例のアプリケーション844は、仮想スイッチ843を介さずに直接物理NIC845を介して外部にパケットを送出できるアプリケーションである。図13に示す例では、アプリケーション844と仮想スイッチ843といった複数の処理単位が1つの物理NIC845を共有することで、物理NICの消費数の削減や性能の有効利用を図っている。 Further, the application 844 of this example is an application that can directly send a packet to the outside via the physical NIC 845 without going through the virtual switch 843. In the example illustrated in FIG. 13, a plurality of processing units such as the application 844 and the virtual switch 843 share one physical NIC 845 to reduce the number of consumed physical NICs and effectively use the performance.
 このような、アプリケーションと1つの物理NICを共有している仮想スイッチをオープンフロープロトコルに対応させた場合の構成例を図14に示す。 FIG. 14 shows a configuration example when such a virtual switch sharing an application and one physical NIC is made compatible with the OpenFlow protocol.
 図14は、図13に例示したサーバ仮想化された物理サーバ840を含む、オープンフロープロトコル対応の通信システムの構成例を示す説明図である。図14に示す通信システムは、OFC710と、オープンフローネットワーク700に属するパケット転送装置として、OFS721~724とを備える。なお、OFS721は、サーバ仮想化された物理サーバ840上で動作する仮想スイッチをオープンフロー対応させたものである。以下、このOFS721を仮想OFS721と呼ぶ場合がある。なお、OFS721以外にも仮想OFSを備えていてもよい。 FIG. 14 is an explanatory diagram showing a configuration example of a communication system compatible with the OpenFlow protocol, including the server virtualized physical server 840 illustrated in FIG. The communication system shown in FIG. 14 includes an OFC 710 and OFS 721 to 724 as packet transfer apparatuses belonging to the OpenFlow network 700. The OFS 721 is a virtual switch operating on the server virtualized physical server 840 that supports OpenFlow. Hereinafter, this OFS 721 may be referred to as a virtual OFS 721. In addition to the OFS 721, a virtual OFS may be provided.
 本例において、仮想マシン842およびアプリケーション844は、オープンフローネットワーク700を介して通信を行う通信端末として扱われる。具体的には、仮想マシン842は仮想OFS721配下の通信端末として扱われ、アプリケーション844はOFS722配下の通信端末として扱われる。 In this example, the virtual machine 842 and the application 844 are treated as communication terminals that perform communication via the OpenFlow network 700. Specifically, the virtual machine 842 is handled as a communication terminal under the virtual OFS 721, and the application 844 is handled as a communication terminal under the OFS 722.
 OFS721が仮想化されていることを除けば、OFC710およびOFS721~724の機能は、図12に例示した通信システムのOFC910およびOFS921~924と同様である。 Except that the OFS 721 is virtualized, the functions of the OFC 710 and OFS 721 to 724 are the same as those of the OFC 910 and OFS 921 to 924 of the communication system illustrated in FIG.
 このような構成において、オープンフローネットワーク700上で仮想OFS721と接続されるOFS722のポートの属性について考える。OFS722の当該ポートは、仮想OFS721から受信するパケットを考えると、内部属性(Internal属性)として扱われるべきである。その一方で、アプリケーション844から受信するパケットを考えると、他のOFSを介さず直接受信していることから、外部属性(External属性)として扱われるべきである。 Considering the attribute of the port of the OFS 722 connected to the virtual OFS 721 on the OpenFlow network 700 in such a configuration. The port of the OFS 722 should be treated as an internal attribute (Internal attribute) when considering a packet received from the virtual OFS 721. On the other hand, when considering a packet received from the application 844, it is received directly without passing through another OFS, and therefore should be treated as an external attribute (External attribute).
 このようなポートの属性の判定は、エッジスイッチに、アドレス変換処理を行わせたり、コアスイッチに、内部ネットワーク用のアドレスに応じた転送処理を行わせる場合等に必要となる。 Such port attribute determination is required when the edge switch performs address conversion processing or the core switch performs transfer processing according to the address for the internal network.
 これまでのオープンフロープロトコルでは、パケットに当該パケットが内部ネットワークのノードから転送された内部パケットか外部ネットワークのノードから直接送信された外部パケットかの情報が含まれていないため、OFCが各OFSのポートに対して内部か外部かの属性を与えることで、どのようなフローエントリを設定するかを判別していた。 In the OpenFlow protocol so far, since the packet does not include information on whether the packet is an internal packet transferred from a node of the internal network or an external packet directly transmitted from a node of the external network, the OFC is in each OFS. By assigning an internal or external attribute to a port, it was determined what type of flow entry was set.
 なお、各OFSのポート属性を判定する方法としては、以下の2種類の方法があった。一つは、OFS間で信号をやりとりし、それによって得た情報をOFCが取得する方法である。例えば、任意のOFSが隣り合うOFSに対して特殊な信号を送信する。そして、それを受信したOFSがOFCに対して信号を受信したポートを通知する。これにより、OFCは、他のOFSと接続しているOFSのポートを知ることができる。そのようにして、ネットワークトポロジを認識する。なお、この方法では、OFCは一定時間以上信号を受信しなかったOFSのポートの属性を外部属性とする。 There were the following two methods for determining the port attribute of each OFS. One is a method in which OFC acquires information obtained by exchanging signals between OFS. For example, an arbitrary OFS transmits a special signal to an adjacent OFS. Then, the OFS that has received the notification notifies the OFC of the port that has received the signal. Thereby, OFC can know the port of OFS connected with other OFS. In that way, the network topology is recognized. In this method, the OFC port attribute that has not received a signal for a predetermined time or longer is set as an external attribute.
 もう一つの方法は、OFC自体に、任意のOFSの任意のポートが内部属性なのか外部属性なのかを示す情報を予め設定しておく方法である。 Another method is a method in which information indicating whether an arbitrary port of an arbitrary OFS is an internal attribute or an external attribute is set in advance in the OFC itself.
 しかし、上記2つの方法では、ポート属性は必ず内部属性か外部属性のどちらか一方の属性を持つこととなる。したがって、そのような方法によりポート属性を設定する方法では、図14に例示した通信システムにおけるOFS722の、物理NIC845と接続しているポートが、内部属性か外部属性かを正しく判別することができない。 However, in the above two methods, the port attribute always has either an internal attribute or an external attribute. Therefore, in the method of setting the port attribute by such a method, it is not possible to correctly determine whether the port connected to the physical NIC 845 of the OFS 722 in the communication system illustrated in FIG. 14 is an internal attribute or an external attribute.
 プロアクティブ型のオープンフローネットワークの利点を活かすことを考えた場合、OFS722には、事前に、仮想OFS721からのパケットに対して適用させる中継用のエントリであるCoreエントリが設定されていることが好ましい。しかし、これまでのオープンフロープロトコルでは、受信したパケットが内部パケットか外部パケットかを正しく判別できない。このような状況では、外部パケットを受信する可能性があるOFS722の該当ポートに対して、Coreエントリを設定することができない。同様の理由から、内部パケットを受信する可能性のあるOFS722の該当ポートに対して、外部パケット(例えば、アプリケーション844から送信されたパケット)に適用させる始点用のエントリであるIngressエントリを設定することもできない。 In consideration of taking advantage of the proactive OpenFlow network, it is preferable that a Core entry that is an entry for relay to be applied to a packet from the virtual OFS 721 is set in the OFS 722 in advance. . However, conventional OpenFlow protocols cannot correctly determine whether a received packet is an internal packet or an external packet. In such a situation, the Core entry cannot be set for the corresponding port of the OFS 722 that may receive an external packet. For the same reason, an Ingress entry that is an entry for a start point to be applied to an external packet (for example, a packet transmitted from the application 844) is set for a corresponding port of the OFS 722 that may receive an internal packet. I can't.
 なお、パケットにVLAN(Virtual LAN)タグを付加することで、そのVLANタグから内部属性か外部属性かを判定する方法も考えられるが、アプリケーション844からのパケットにもVLANタグの付加を要求する必要がある点と、どのVLANが外部属性でどのVLANが内部属性かを事前に決めておく必要がある点とから、柔軟性に乏しい。また、物理サーバ840内で、VLAN情報が、仮想ネットワークの識別情報など別の用途で既に使用されていることも考えられ、そのような場合に整合を取るのが難しいという問題もある。 Although it is possible to determine whether the VLAN tag is an internal attribute or an external attribute by adding a VLAN (Virtual LAN) tag to the packet, it is necessary to request that the packet from the application 844 also add a VLAN tag. There is a lack of flexibility because it is necessary to determine in advance which VLAN is an external attribute and which VLAN is an internal attribute. Further, it is conceivable that the VLAN information is already used for another purpose such as the identification information of the virtual network in the physical server 840, and there is a problem that it is difficult to achieve matching in such a case.
 このような問題を解決する方法として、上述したような構成の場合には次のような対策が行われていた。すなわち、物理サーバ840にもう1枚物理NICを追加して、仮想OFS721を経由するパケットとそうでないパケットの出口を分ける、または、仮想OFS721を経由するパケットとそうでないパケットとで宛先ポートを異ならせる設定にして、受け手側のOFS722における受信ポートを分けるといったことが行われていた。しかし、このような対策は、オープンフローネットワークのメリットの1つであるネットワーク運用コストの削減を少なからず打ち消してしまう。 As a method for solving such a problem, the following measures have been taken in the case of the configuration as described above. In other words, another physical NIC is added to the physical server 840 to separate the exit of the packet that passes through the virtual OFS 721 and the packet that does not, or the destination port differs between the packet that passes through the virtual OFS 721 and the packet that does not. For example, the receiving port in the OFS 722 on the receiver side is divided by setting. However, such a measure negates the reduction in network operation cost, which is one of the advantages of the OpenFlow network.
 なお、特許文献1~3のいずれも上述したような、1つのポートが内部属性と外部属性の両方を持つことによる問題については考慮されていない。 It should be noted that none of Patent Documents 1 to 3 considers the problem caused by one port having both internal and external attributes as described above.
 例えば、特許文献2に記載された方法において、パケットにパス識別子を付与するためには、エッジスイッチが受信したパケットが外部パケットであることが認識できることを前提としている。しかし、OFS722は、受信したパケットが外部パケットであるか否かを判別できない。したがって、特許文献2に記載された方法を図14に例示した構成を適用しても、正しく動作させることはできない。 For example, in the method described in Patent Document 2, in order to assign a path identifier to a packet, it is assumed that the packet received by the edge switch can be recognized as an external packet. However, the OFS 722 cannot determine whether the received packet is an external packet. Therefore, even if the configuration illustrated in FIG. 14 is applied to the method described in Patent Document 2, it cannot be operated correctly.
 また、特許文献3に記載されている方法は、通信端末が、パケットにスイッチング方式を識別するための識別情報を付与するため、通信端末(図14の例でいう仮想マシン842、アプリケーション844、通信端末731、通信端末732)にそのための変更が必要であり、現実的でない。 In addition, the method described in Patent Document 3 uses a communication terminal (virtual machine 842, application 844, communication in the example of FIG. 14) because the communication terminal gives identification information for identifying a switching method to a packet. The terminal 731 and the communication terminal 732) need to be changed for this purpose, which is not realistic.
 そこで、本発明では、外部のノードを変更することなく、1つのポートで、内部パケットに適用させるエントリと外部パケットに適用させるエントリの両方を正しく動作させることができるようにすることを目的とする。 Therefore, an object of the present invention is to enable both an entry applied to an internal packet and an entry applied to an external packet to operate correctly on one port without changing an external node. .
 本発明による通信システムは、受信したパケットを転送する複数のパケット転送装置を備え、各パケット転送装置は、パケットのヘッダ領域に含まれる所定の領域であって、パケットの属性を設定する領域として予め定められている属性設定領域を参照して、受信したパケットの属性が、各パケット転送装置のいずれかから転送された内部パケットを表す内部属性か、外部のノードから受信した外部パケットを表す外部属性かを判定するパケット属性判定手段と、外部パケットを、内部ネットワークを介して他のパケット転送装置に転送する場合に、当該パケットの属性設定領域に、内部属性を示す値を設定するパケット属性設定手段とを含み、パケット属性判定手段は、受信したパケットの属性設定領域の値が内部属性を示す値であれば内部属性であると判定し、内部属性を示す値以外の値であれば外部属性であると判定することを特徴とする。 The communication system according to the present invention includes a plurality of packet transfer apparatuses that transfer received packets, and each packet transfer apparatus is a predetermined area included in a header area of a packet, and is set in advance as an area for setting packet attributes. Referring to the defined attribute setting area, the received packet attribute is either an internal attribute that represents an internal packet transferred from one of the packet transfer devices, or an external attribute that represents an external packet received from an external node. Packet attribute determination means for determining whether or not an external packet is transferred to another packet transfer apparatus via an internal network, and a value indicating the internal attribute is set in the attribute setting area of the packet The packet attribute determination means, if the value of the attribute setting area of the received packet is a value indicating an internal attribute Determines that the part attribute, and judging that the external attribute if a value other than the value indicating the internal attributes.
 また、本発明によるパケット転送装置は、パケットのヘッダ領域に含まれる所定の領域であって、パケットの属性を設定する領域として予め定められている属性設定領域を参照して、受信したパケットの属性が、各パケット転送装置のいずれかから転送された内部パケットを表す内部属性か、外部のノードから受信した外部パケットを表す外部属性かを判定するパケット属性判定手段と、外部パケットを、内部ネットワークを介して他のパケット転送装置に転送する場合に、当該パケットの属性設定領域に、内部属性を示す値を設定するパケット属性設定手段とを備え、パケット属性判定手段は、受信したパケットの属性設定領域の値が内部属性を示す値であれば内部属性であると判定し、内部属性を示す値以外の値であれば外部属性であると判定することを特徴とする。 Further, the packet transfer apparatus according to the present invention refers to a predetermined area included in the header area of the packet and refers to an attribute setting area that is predetermined as an area for setting the attribute of the packet. Packet attribute determination means for determining whether the internal attribute representing an internal packet transferred from any of the packet transfer devices or the external attribute representing an external packet received from an external node, and the external packet A packet attribute setting means for setting a value indicating an internal attribute in the attribute setting area of the packet when transferring to another packet transfer device via the packet attribute determining means, If the value of the attribute indicates an internal attribute, it is determined to be an internal attribute. And judging a.
 また、本発明によるパケット転送方法は、各パケット転送装置が、パケットを受信した際に、パケットのヘッダ領域に含まれる所定の領域であってパケットの属性を設定する領域として予め定められている属性設定領域を参照して、受信したパケットの属性が、各パケット転送装置のいずれかから転送された内部パケットを表す内部属性か、外部のノードから受信した外部パケットを表す外部属性かを判定し、各パケット転送装置が、内部ネットワークを介して他のパケット転送装置に転送する場合に、当該パケットの属性設定領域に、内部属性を示す値を設定し、各パケット転送装置が、パケットの属性を判定する際に、受信したパケットの属性設定領域の値が内部属性を示す値であれば内部属性であると判定し、内部属性を示す値以外の値であれば外部属性であると判定することを特徴とする。 In addition, the packet transfer method according to the present invention is a predetermined area included in the header area of the packet when each packet transfer apparatus receives the packet, and an attribute set in advance as an area for setting the attribute of the packet Referring to the setting area, it is determined whether the attribute of the received packet is an internal attribute representing an internal packet transferred from any of the packet transfer apparatuses or an external attribute representing an external packet received from an external node, When each packet transfer device transfers to another packet transfer device via the internal network, a value indicating the internal attribute is set in the attribute setting area of the packet, and each packet transfer device determines the attribute of the packet. When the value of the attribute setting area of the received packet is a value indicating an internal attribute, it is determined as an internal attribute, and other than the value indicating an internal attribute And judging that the external attribute if the value.
 また、本発明によるパケット転送用プログラムは、パケット転送装置が備えるコンピュータに、パケットのヘッダ領域に含まれる所定の領域であって、パケットの属性を設定する領域として予め定められている属性設定領域を参照して、受信したパケットの属性が、各パケット転送装置のいずれかから転送された内部パケットを表す内部属性か、外部のノードから受信した外部パケットを表す外部属性かを判定するパケット属性判定処理、および外部パケットを、内部ネットワークを介して他のパケット転送装置に転送する場合に、当該パケットの属性設定領域に、内部属性を示す値を設定する属性情報設定処理を実行させ、パケット属性判定処理で、受信したパケットの属性設定領域の値が内部属性を示す値であれば内部属性であると判定させ、内部属性を示す値以外の値であれば外部属性であると判定させることを特徴とする。 The packet transfer program according to the present invention is a predetermined area included in a header area of a packet in a computer included in the packet transfer apparatus, and includes an attribute setting area that is predetermined as an area for setting a packet attribute. Referring to the packet attribute determination process for determining whether the attribute of the received packet is an internal attribute representing an internal packet transferred from any of the packet transfer devices or an external attribute representing an external packet received from an external node When an external packet is transferred to another packet transfer apparatus via the internal network, the attribute information setting process for setting a value indicating the internal attribute is executed in the attribute setting area of the packet, and the packet attribute determination process If the value of the attribute setting area of the received packet is a value indicating the internal attribute, it is determined to be an internal attribute. Is allowed, characterized in that to determine that the external attribute if a value other than the value indicating the internal attributes.
 本発明によれば、外部のノードを変更することなく、1つのポートにおいて、内部パケットに適用されるエントリと外部パケットに適用されるエントリの両方を正しく動作させることができる。 According to the present invention, it is possible to correctly operate both the entry applied to the internal packet and the entry applied to the external packet at one port without changing the external node.
第1の実施形態の通信システムの構成例を示すブロック図である。It is a block diagram which shows the structural example of the communication system of 1st Embodiment. OFC110の構成例を示すブロック図である。2 is a block diagram illustrating a configuration example of an OFC 110. FIG. OFS121の構成例を示すブロック図である。3 is a block diagram illustrating a configuration example of an OFS 121. FIG. OFS121の他の構成例を示すブロック図である。It is a block diagram which shows the other structural example of OFS121. 第1の実施形態の通信システムにおけるフローエントリの設定の流れおよびパケット転送の流れの一例を示すシーケンス図である。It is a sequence diagram which shows an example of the flow of the setting of the flow entry in the communication system of 1st Embodiment, and the flow of packet transfer. 第1の実施形態の通信システムにおけるフローエントリの設定の流れおよびパケット転送の流れの一例を示す説明図である。It is explanatory drawing which shows an example of the flow of the setting of the flow entry in the communication system of 1st Embodiment, and the flow of packet transfer. 第2の実施形態の通信システムの構成例を示す説明図である。It is explanatory drawing which shows the structural example of the communication system of 2nd Embodiment. 第2の実施形態の通信システムにおけるフローエントリの設定の流れおよびパケット転送の流れの一例を示すシーケンス図である。It is a sequence diagram which shows an example of the flow of the setting of the flow entry in the communication system of 2nd Embodiment, and the flow of packet transfer. 図8のつづきのシーケンス図である。FIG. 9 is a sequence diagram continued from FIG. 8. 第2の実施形態におけるOFS121のフローテーブルに登録されるフローエントリの例を示す説明図である。It is explanatory drawing which shows the example of the flow entry registered into the flow table of OFS121 in 2nd Embodiment. 本発明による通信システムの特徴を表現する最小の構成例を示すブロック図である。It is a block diagram which shows the minimum structural example expressing the characteristic of the communication system by this invention. オープンフローネットワークを構築する通信システムの一般的な構成を示す説明図である。It is explanatory drawing which shows the general structure of the communication system which builds an OpenFlow network. サーバ仮想化された物理サーバの一例を示す説明図である。It is explanatory drawing which shows an example of the physical server virtualized. サーバ仮想化された物理サーバ内の仮想スイッチを含む、オープンフロープロトコル対応の通信システムの構成例を示す説明図である。It is explanatory drawing which shows the structural example of the communication system corresponding to an OpenFlow protocol including the virtual switch in the physical server virtualized.
 まず、本発明の技術コンセプトを簡単に説明する。本発明の技術コンセプトは、これまでパケット転送装置のポートごとに持っていた属性の情報(外部か内部かを示す情報)を個々のパケットに持たせることによって、1つのポートが内部属性と外部属性の両方の属性を持つパケット転送装置が、各々のパケットを正しく処理できるようにしようというものである。さらに、それを外部のノードを変更することなしに実現しようというものである。 First, the technical concept of the present invention will be briefly described. The technical concept of the present invention is that each port has the attribute information (information indicating whether it is external or internal) that has been possessed for each port of the packet transfer device so far, so that one port has the internal attribute and the external attribute. The packet transfer apparatus having both of the attributes is intended to correctly process each packet. Furthermore, it is intended to achieve this without changing external nodes.
 個々のパケットが属性の情報を持つことによって、1つのポートが内部属性と外部属性の両方の属性を持つパケット転送装置があったとしても、内部パケットに適用させるエントリと、外部パケットに適用させるエントリとを受信したパケットごとに使い分けることができる。 Because each packet has attribute information, even if there is a packet transfer device that has both internal and external attributes for one port, the entry to be applied to the internal packet and the entry to be applied to the external packet Can be used for each received packet.
 本発明では、大きく分けて以下の3つの処理を通して、1つのポートで受信される内部パケットと外部パケットとを各々正しく処理できるようにしている。 In the present invention, an internal packet and an external packet received by one port can be correctly processed through the following three processes.
 第1の処理は、Ingressスイッチによるパケットの属性の設定処理である。第1の処理では、Ingressスイッチとなるパケット転送装置が、他のパケット転送装置に外部パケットを転送する場合に、受信パケットに対して、当該パケットが内部属性を持つこと、すなわち内部属性を示すフラグを立てる。以下、このフラグを属性フラグという。なお、属性フラグは1ビットとは限らない。 The first process is a packet attribute setting process by the Ingress switch. In the first process, when a packet transfer device serving as an Ingress switch transfers an external packet to another packet transfer device, the received packet has an internal attribute, that is, a flag indicating the internal attribute. Stand up. Hereinafter, this flag is referred to as an attribute flag. The attribute flag is not necessarily 1 bit.
 第2の処理は、各パケット転送装置によるパケットの属性の判定処理である。第2の処理では、全てのパケット転送装置が、受信したパケットの属性をチェックする。具体的には、受信パケットに含まれる属性フラグの値が内部属性を示す値であるか否かを判定する。そして、属性フラグの値が内部属性を示す値であれば、当該パケットは内部ネットワークの他のパケット転送装置から転送された内部パケットであるとして、フローテーブルに設定されている内部パケット用のエントリ(CoreエントリやEgressエントリ)に従って、パケットを処理する。一方、属性フラグの値が内部属性を示す値以外の値であれば、当該パケットは外部のノードから受信した外部パケットであるとして、フローテーブルに設定されている外部パケット用のエントリ(Ingressエントリ)に従って、パケットを処理する。 The second process is a packet attribute determination process by each packet transfer apparatus. In the second process, all packet transfer apparatuses check the attributes of the received packet. Specifically, it is determined whether or not the value of the attribute flag included in the received packet is a value indicating an internal attribute. If the value of the attribute flag is a value indicating an internal attribute, it is determined that the packet is an internal packet transferred from another packet transfer apparatus in the internal network, and an entry for an internal packet ( The packet is processed according to the Core entry and the Egress entry. On the other hand, if the value of the attribute flag is a value other than the value indicating the internal attribute, it is determined that the packet is an external packet received from an external node, and an entry for an external packet (Ingress entry) set in the flow table. To process the packet.
 なお、各パケット転送装置は保持しているエントリの中に適合するエントリが設定されていない場合は、1stパケットを受信したとして制御装置にエントリ要求を送信してもよい。これにより、制御装置が、当該フローに対して経路を決定して、関係するパケット転送装置に必要なエントリを設定する。その後、各パケット転送装置は、設定されたエントリに従って、受信したパケットを処理できる。なお、受信したパケットの属性フラグの値が内部属性を示す値でなかった場合、当該パケットは外部パケットであり、また当該パケットを受信したパケット転送装置は自身が当該パケットが属するフローにおけるIngressスイッチであるとして、他のパケット転送装置に当該パケットを転送する場合に、転送するパケットの属性フラグを内部属性を示す値に設定する(第1の処理)。 Note that if no matching entry is set in the stored entries, each packet transfer apparatus may transmit an entry request to the control apparatus assuming that the 1st packet has been received. As a result, the control device determines a route for the flow and sets a necessary entry in the related packet transfer device. Thereafter, each packet transfer apparatus can process the received packet according to the set entry. If the value of the attribute flag of the received packet is not a value indicating the internal attribute, the packet is an external packet, and the packet transfer apparatus that has received the packet is an Ingress switch in the flow to which the packet belongs. If there is, when the packet is transferred to another packet transfer apparatus, the attribute flag of the packet to be transferred is set to a value indicating the internal attribute (first process).
 ここで、各パケット転送装置のエントリを記憶するテーブルには、各エントリが、内部パケットに適用されるエントリであるか外部パケットに適用されるエントリであるかが判別可能な態様で登録されているものとする。例えば、各エントリの分類情報が、属性フラグの値が設定される領域の値を指定する情報を含むデータ構造であってもよい。そのようなデータ構成であれば、各パケット転送装置は、属性フラグを認識していなくても、分類情報に応じた判定処理を通じてパケットの属性に応じたエントリを選択できる。また、例えば、エントリを記憶するテーブルの領域が、内部パケットに適用されるエントリと、外部パケットに適用されるエントリとに分けられていてもよい。 Here, in the table that stores the entries of the respective packet transfer apparatuses, each entry is registered in a manner in which it can be determined whether the entry is an entry applied to an internal packet or an entry applied to an external packet. Shall. For example, the classification information of each entry may have a data structure including information specifying the value of the area in which the value of the attribute flag is set. With such a data structure, each packet transfer apparatus can select an entry corresponding to the attribute of the packet through the determination process corresponding to the classification information without recognizing the attribute flag. Further, for example, an area of a table storing entries may be divided into an entry applied to an internal packet and an entry applied to an external packet.
 注意点としては、分類情報において属性フラグが設定される領域の値を指定する方法を用いる場合、該当領域をワイルドカードを用いてマスクしてはいけない点である。これは、属性フラグとして使用する領域がワイルドカードマスクされることによって、外部属性を持つパケット(外部パケット)が、内部パケット用のエントリに適合する状況が発生するためである。 Note that when using the method of specifying the value of an area for which an attribute flag is set in the classification information, the corresponding area must not be masked using a wild card. This is because a situation in which a packet having an external attribute (external packet) conforms to an entry for an internal packet occurs due to the wildcard masking of the area used as the attribute flag.
 第3の処理は、Egressスイッチによるパケットの属性フラグのクリア処理である。第3の処理では、Egressスイッチとなるパケット転送装置が、受信パケットを外部ノードに送信する際に、該パケットの属性フラグの値を元に戻す。 The third process is a packet attribute flag clear process by the Egress switch. In the third process, when the packet transfer apparatus serving as the Egress switch transmits the received packet to the external node, the value of the attribute flag of the packet is restored.
 このような第1~第3の処理が複合的に行われることにより、外部のノードを変更することなしに、個々のパケットに属性の情報を持たせることができ、その結果、1つのポートで内部パケットと外部パケットとを正しく処理できるようになる。 By performing the first to third processes in a composite manner, it is possible to give attribute information to individual packets without changing external nodes, and as a result, at one port. Internal packets and external packets can be processed correctly.
 属性フラグの値は、例えば、外部ネットワークにおいて当該領域に通常(外部ネットワーク独自の動作中でない場合)設定される値以外の値または外部ネットワークにおいて該当領域に設定されないことが明らかな値を、内部属性を示す値とする。そのようにすれば、外部のノードに手を加えなくても、外部のノードから受信するパケットの該当領域の値が内部属性を示す値以外の値をとるために、属性判定を正しく行うことができる。 The value of the attribute flag is, for example, a value other than a value that is normally set in the corresponding area in the external network (when the external network is not operating uniquely) or a value that is clearly not set in the corresponding area in the external network. Is a value indicating. By doing so, it is possible to correctly perform attribute determination because the value of the corresponding area of the packet received from the external node takes a value other than the value indicating the internal attribute without modifying the external node. it can.
実施形態1.
 以下、本発明の実施形態を図面を参照して説明する。図1は、本発明の第1の実施形態の通信システムの構成例を示すブロック図である。 Embodiment 1. FIG.
Hereinafter, embodiments of the present invention will be described with reference to the drawings. FIG. 1 is a block diagram illustrating a configuration example of a communication system according to the first embodiment of this invention.
 図1に示す通信システムは、OFC110と、OFS121~OFS123とを備える。図1に示されるように、本実施形態の通信システムでは、OFS121~OFS123によって当該通信システムにおける内部ネットワークであるオープンフローネットワークが構成されている。また、OFS121は通信端末131と接続されており、OFS123は通信端末132と接続されている。なお、通信端末131および通信端末132は、外部ネットワークに属するノードである。 The communication system shown in FIG. 1 includes an OFC 110 and OFS 121 to OFS 123. As shown in FIG. 1, in the communication system of this embodiment, OFS 121 to OFS 123 constitute an OpenFlow network that is an internal network in the communication system. The OFS 121 is connected to the communication terminal 131, and the OFS 123 is connected to the communication terminal 132. Note that the communication terminal 131 and the communication terminal 132 are nodes belonging to an external network.
 OFC110は、上述したOFC910やOFC710と同様でよい。なお、OFC110は、少なくとも一部のフローまたは経路を、プロアクティブ型で処理することが好ましい。 The OFC 110 may be the same as the OFC 910 or OFC 710 described above. The OFC 110 preferably processes at least a part of the flows or paths in a proactive manner.
 図2は、OFC110の構成例を示すブロック図である。例えば、OFC110は、図2に示されるような経路決定手段1101と、フローエントリ設定手段1102とを含んでいてもよい。 FIG. 2 is a block diagram illustrating a configuration example of the OFC 110. For example, the OFC 110 may include a route determination unit 1101 and a flow entry setting unit 1102 as illustrated in FIG.
 経路決定手段1101は、任意のパケットフローに対して、各OFS(OFS121~OFS123)によって構成されるオープンフローネットワークのトポロジに応じた経路を決定する。経路決定手段1101は、例えば、予め(通信が開始される前)オープンフローネットワークを構成する各OFSの位置に応じて、任意のフローに対して各エッジスイッチ間の経路を決定してもよい。また、経路決定手段1101は、エントリ要求を受け付けた際に、オープンフローネットワークを構成する各OFSの位置に応じて、要求されたパケットが属するフローに対して各エッジスイッチ間の経路を決定する。 The route determination unit 1101 determines a route according to the topology of the OpenFlow network constituted by each OFS (OFS 121 to OFS 123) for an arbitrary packet flow. For example, the route determination unit 1101 may determine a route between each edge switch for an arbitrary flow in advance (before communication is started) in accordance with the position of each OFS constituting the OpenFlow network. In addition, when receiving an entry request, the route determination unit 1101 determines a route between the edge switches for the flow to which the requested packet belongs according to the position of each OFS constituting the OpenFlow network.
 フローエントリ設定手段1102は、経路決定手段1101が決定した経路を実現するためのフローエントリを生成して、関係するOFSに設定(転送)する。 The flow entry setting unit 1102 generates a flow entry for realizing the route determined by the route determination unit 1101 and sets (transfers) the flow entry to the related OFS.
 フローエントリ設定手段1102は、例えば、経路決定手段1101が決定した経路における中継点となるOFS(本例では、OFS122)に対して、Coreエントリを設定する。また、フローエントリ設定手段1102は、例えば、レガシネットワークや端末などオープンフローネットワークに属するノード以外のノード(外部のノード)と接続されているOFS(本例では、OFS121,OFS123)に対して、IngressエントリとEgressエントリとを設定する。なお、実際には、OFSのポートに対して、上述したエントリが設定される。 The flow entry setting unit 1102 sets a Core entry for, for example, an OFS (OFS 122 in this example) serving as a relay point on the route determined by the route determining unit 1101. In addition, the flow entry setting unit 1102 performs Ingress with respect to OFS (in this example, OFS 121 and OFS 123) connected to a node (external node) other than a node belonging to the open flow network such as a legacy network or a terminal. An entry and an Egress entry are set. In practice, the above-described entry is set for the OFS port.
 本発明においても、エッジフローはその向きにより2種類に分けられる。1つは、オープンフローネットワークの外部からオープンフローネットワーク内部に向かうIngressフローである。もう1つのエッジフローは、Ingressフロートは逆に、オープンフローネットワーク内部からオープンフローネットワークの外部に向かうEgressフローである。 Also in the present invention, the edge flow is divided into two types depending on the direction. One is an Ingress flow from the outside of the OpenFlow network to the inside of the OpenFlow network. The other edge flow is an Egress flow that goes from the inside of the OpenFlow network to the outside of the OpenFlow network, as opposed to the Ingress float.
 Ingressエントリには、Ingressフローに対する処理が規定される。Ingressフローに対する処理としては、例えば、パケットヘッダを編集して、オープンフローネットワーク内の他のOFSに編集したパケットを送り込む処理が挙げられる。また、Egressエントリには、Egressフローに対する処理が規定される。Egressフローに対する処理としては、例えば、受信したパケットの宛先アドレスが配下の通信端末のアドレスであるパケットを、配下の通信端末に届ける処理が挙げられる。 In the Ingress entry, processing for the Ingress flow is defined. As a process for the Ingress flow, for example, a process in which a packet header is edited and the edited packet is sent to another OFS in the OpenFlow network. The Egress entry defines a process for the Egress flow. As processing for the Egress flow, for example, processing for delivering a packet whose destination address of the received packet is the address of the subordinate communication terminal to the subordinate communication terminal can be cited.
 Ingressフローに対するパケットヘッダの編集処理の一例として、L2フレームの宛先MACアドレスの編集と、VLANタグの付加とが挙げられる。宛先MACアドレスの編集は、例えば、U/Lフラグ(U:ユニバーサルアドレス/L:ローカルアドレス)にローカルアドレスを示すビットを設定した上で、OFC110が管理するノードIDとステーションIDの情報を埋め込んでもよい。ノードIDはOFSを一意に識別する情報である。また、ステーションIDは外部のノードを一意に識別する情報である。以下、編集された宛先MACアドレスを、集約MACアドレスと呼ぶ。 Examples of packet header editing processing for the Ingress flow include editing of the destination MAC address of the L2 frame and addition of a VLAN tag. For example, the destination MAC address can be edited by setting the bit indicating the local address in the U / L flag (U: universal address / L: local address) and embedding the node ID and station ID information managed by the OFC 110. Good. The node ID is information that uniquely identifies the OFS. The station ID is information for uniquely identifying an external node. Hereinafter, the edited destination MAC address is referred to as an aggregate MAC address.
 経路決定手段1101は、例えば、管理対象のOFS121~OFS123のいずれかから、エントリ要求として1stパケットを受け取ると、該1stパケットが属するフローの経路を決定する。そして、フローエントリ設定手段1102が、決定された経路に基づいて、Ingressエントリを作成し、要求元のOFSに設定してもよい。Ingressエントリは、例えば、該1stパケットを受信したポートの識別子および送信元MACアドレスを指定する分類情報と、次のような処理を示すアクション情報とを含む。Ingressエントリは、例えば、パケットの宛先MACアドレスに、決定した経路においてEgressスイッチとされるOFSのノードIDおよび該OFS配下の通信端末のステーションIDを埋め込んだ後、所定のポートから出力する処理を示すアクション情報を含む。 For example, when the 1st packet is received as an entry request from any of the OFSs 121 to OFS 123 to be managed, the route determination unit 1101 determines the flow route to which the 1st packet belongs. Then, the flow entry setting unit 1102 may create an Ingress entry based on the determined path and set it in the requesting OFS. The Ingress entry includes, for example, classification information designating the identifier and source MAC address of the port that has received the 1st packet, and action information indicating the following processing. The Ingress entry indicates, for example, processing of outputting from a predetermined port after embedding the node ID of the OFS used as the Egress switch in the determined path and the station ID of the communication terminal under the OFS in the destination MAC address of the packet. Contains action information.
 このようなIngressエントリがエントリ要求の送信元であるIngresスイッチに設定されることにより、以後に受信する同フローに属するパケットに対して、設定されたIngressエントリに従って、次段のOFSに転送する処理が行われる。 When such an Ingress entry is set in the Ingress switch which is the entry request transmission source, a packet belonging to the same flow to be subsequently received is transferred to the next-stage OFS according to the set Ingress entry. Is done.
 なお、フローエントリ設定手段1102は、Ingressエントリのアクション情報に、属性フラグに所定の値を設定する処理を含むアクション情報を設定してもよい。そのようにすれば、OFSは、Ingressエントリに従った処理として、属性フラグの設定処理を行うことができる。 Note that the flow entry setting unit 1102 may set action information including processing for setting a predetermined value in the attribute flag in the action information of the Ingress entry. By doing so, the OFS can perform an attribute flag setting process as a process according to the Ingress entry.
 また、フローエントリ設定手段1102は、決定された経路においてコアスイッチとなるOFSの所定のポートに対して、Coreエントリを設定してもよい。該Coreエントリは、例えば、受信したパケットの宛先MACアドレスが集約MACアドレスであって属性フラグの値が内部属性を示す値である場合に、次段のOFSにパケットを転送する処理を行うことを規定したエントリである。 Further, the flow entry setting unit 1102 may set a Core entry for a predetermined port of the OFS that becomes a core switch in the determined route. The Core entry performs, for example, a process of transferring a packet to the OFS in the next stage when the destination MAC address of the received packet is an aggregate MAC address and the value of the attribute flag is a value indicating an internal attribute. It is a specified entry.
 このようなCoreエントリが経路上の中継点とされるOFS(コアスイッチ)に設定されることにより、1stパケット以降にIngressスイッチから転送されるパケットは、中継点とされるOFSに設定されたCoreエントリに従って、最終的にEgressスイッチに転送される。 By setting such a Core entry in an OFS (core switch) that is a relay point on the route, packets transferred from the Ingress switch after the 1st packet are set in the Core set in the OFS that is the relay point. According to the entry, it is finally transferred to the Egress switch.
 また、フローエントリ設定手段1102は、決定された経路においてEgressスイッチとなるOFSに対して、Egressエントリを設定してもよい。該Egressエントリは、例えば、受信したパケットの宛先MACアドレスが上記の集約MACアドレスであって属性フラグの値が内部属性を示す値である場合に、宛先MACアドレスを元に戻して、配下の通信端末と接続されている所定のポートから出力する処理を行うことを規定したエントリである。 Further, the flow entry setting unit 1102 may set an Egress entry for an OFS that becomes an Egress switch in the determined route. For example, when the destination MAC address of the received packet is the aggregate MAC address and the value of the attribute flag is a value indicating the internal attribute, the Egress entry returns the destination MAC address to the original communication. This entry specifies that processing to be output from a predetermined port connected to the terminal is performed.
 このようなEgressエントリが経路上の終点とされるOFS(Egressスイッチ)に設定されることにより、1stパケット以降のパケットは、EgressスイッチとされるOFSに設定されたEgressエントリに従って、宛先MACアドレスが集約MACアドレスから宛先である外部ノードのMACアドレスに変換された上で、配下の外部ノードである通信端末に送信される。 By setting such an Egress entry in an OFS (Egress switch) that is an end point on the route, the first MAC packet and subsequent packets have a destination MAC address according to the Egress entry set in the OFS that is an Egress switch. The aggregate MAC address is converted to the MAC address of the external node that is the destination, and then transmitted to the communication terminal that is the subordinate external node.
 なお、フローエントリ設定手段1102は、Egressエントリのアクション情報に、属性フラグの値を元に戻す処理を含むアクション情報を設定してもよい。そのようにすれば、OFSは、Egressエントリに従った処理として、属性フラグのクリア処理を行うことができる。 Note that the flow entry setting unit 1102 may set action information including processing for restoring the value of the attribute flag in the action information of the Egress entry. By doing so, OFS can perform attribute flag clear processing as processing according to the Egress entry.
 本実施形態において、属性フラグに関する処理以外の処理は、オープンフロープロトコルに従った処理であればよく、特に限定されない。 In the present embodiment, the processing other than the processing related to the attribute flag may be processing according to the OpenFlow protocol, and is not particularly limited.
 OFS121~OFS123は、一般的なOFSの機能(フローエントリを保持する機能、保持しているフローエントリに従って受信パケットを処理する機能、統計情報を作成する機能、タイマ値に応じてフローエントリを破棄する機能等)に加えて、以下の機能を有する。すなわち、上述した第1~第3の処理を実行する機能を有する。なお、第1~第3の処理を実行する機能は、上述したようにエントリとの適合判定処理の一部、および適合したエントリに従って行うアクション処理の一部として実施されてもよい。 The OFS 121 to OFS 123 are general OFS functions (a function for holding a flow entry, a function for processing a received packet according to the held flow entry, a function for creating statistical information, and discarding a flow entry according to a timer value. In addition to functions, the following functions are provided. That is, it has a function of executing the first to third processes described above. Note that the function of executing the first to third processes may be implemented as a part of the matching determination process with the entry as described above and a part of the action process performed according to the matched entry.
 図3および図4は、OFS121の構成例を示すブロック図である。なお、他のOFSの構成もOFS121と同様でよい。 3 and 4 are block diagrams showing a configuration example of the OFS 121. FIG. The configuration of other OFS may be the same as that of the OFS 121.
 図3には、OFS121の一例であるOFS121Aの構成例が示されている。図3に示すOFS121Aは、パケット属性判定手段1201Aと、パケット属性設定手段1202Aと、パケット処理手段1203Aと、フローテーブル記憶手段1204Aとを備える。 FIG. 3 shows a configuration example of an OFS 121A that is an example of the OFS 121. The OFS 121A shown in FIG. 3 includes a packet attribute determination unit 1201A, a packet attribute setting unit 1202A, a packet processing unit 1203A, and a flow table storage unit 1204A.
 パケット属性判定手段1201Aは、パケットに含まれる属性フラグを参照して、受信したパケットの属性が、内部属性か外部属性かを判定する。パケット属性判定手段1201Aは、受信したパケットに含まれる属性フラグの値が、予め定められている内部属性を示す値であれば内部属性であると判定し、それ以外の値であれば外部属性であると判定する。 The packet attribute determination unit 1201A refers to the attribute flag included in the packet and determines whether the attribute of the received packet is an internal attribute or an external attribute. The packet attribute determination unit 1201A determines that the attribute flag value included in the received packet is an internal attribute if the value indicates a predetermined internal attribute, and if the value is any other value, the external attribute indicates Judge that there is.
 パケット属性設定手段1202Aは、受信したパケットの属性に基づき特定される当該パケットの種別が外部パケットであった場合に、当該外部パケットを、オープンフローネットワーク内の他のOFSに転送する場合に、転送するパケットの属性フラグに、内部属性を示す値を設定する。また、パケット属性設定手段1202Aは、内部パケットを、外部のノードに送信する場合には、送信するパケットの属性フラグの値を元に戻す。 The packet attribute setting unit 1202A transfers the external packet to another OFS in the OpenFlow network when the type of the packet specified based on the received packet attribute is an external packet. A value indicating the internal attribute is set in the attribute flag of the packet to be processed. In addition, when transmitting an internal packet to an external node, the packet attribute setting unit 1202A restores the value of the attribute flag of the packet to be transmitted.
 フローテーブル記憶手段1204Aは、フローエントリを記憶する。なお、本例のフローテーブル記憶手段1204Aは、内部パケットに適用されるフローエントリと、外部パケットに適用されるフローエントリとを、各々領域を分けて記憶する。これは、例えばOFC110のフローエントリ設定手段1102が、各OFSに、どちらのフローエントリかを示す情報と併せてフローエントリを転送することにより実現できる。 The flow table storage unit 1204A stores a flow entry. Note that the flow table storage unit 1204A of the present example stores the flow entry applied to the internal packet and the flow entry applied to the external packet in separate areas. This can be realized, for example, by the flow entry setting unit 1102 of the OFC 110 transferring the flow entry together with information indicating which flow entry to each OFS.
 パケット処理手段1203Aは、フローテーブル記憶手段1204Aに記憶されているフローテーブルに従って、受信したパケットに対する処理を実行する。なお、パケット処理手段1203Aは、受信したパケットの属性に応じたフローエントリに従って、受信したパケットに対する処理を実行する。 The packet processing unit 1203A executes processing on the received packet according to the flow table stored in the flow table storage unit 1204A. The packet processing unit 1203A executes processing on the received packet according to the flow entry corresponding to the attribute of the received packet.
 また、本例のパケット処理手段1203Aは、実際にパケットを送信する際に、パケット属性設定手段1202Aを経由させる。これにより、パケット属性設定手段1202Aが、送信されるパケットの属性フラグを必要に応じて変更可能にする。パケット処理手段1203Aは、送信パケットとともにパケットの属性を示す情報を、パケット属性設定手段1202Aに渡してもよい。なお、これらの情報はキューを介して渡すことも可能である。 Further, the packet processing unit 1203A of this example causes the packet attribute setting unit 1202A to pass through when actually transmitting a packet. As a result, the packet attribute setting unit 1202A can change the attribute flag of the transmitted packet as necessary. The packet processing unit 1203A may pass information indicating the attribute of the packet together with the transmission packet to the packet attribute setting unit 1202A. These pieces of information can also be passed through a queue.
 また、図4には、OFS121の他の例であるOFS121Bの構成例が示されている。図3に示すOFS121Bは、パケット処理手段1203Bと、フローテーブル記憶手段1204Bとを備える。また、パケット処理手段1203Bは、ルール判定手段1205Bと、ルール実行手段1206Bとを含む。 FIG. 4 shows a configuration example of OFS 121B, which is another example of OFS 121. The OFS 121B shown in FIG. 3 includes a packet processing unit 1203B and a flow table storage unit 1204B. The packet processing unit 1203B includes a rule determination unit 1205B and a rule execution unit 1206B.
 また、ルール判定手段1205Bは、パケット属性判定手段1201Bを有する。また、ルール実行手段1206Bは、パケット属性設定手段1202Bを有する。 Also, the rule determination unit 1205B has a packet attribute determination unit 1201B. Further, the rule execution means 1206B has a packet attribute setting means 1202B.
 フローテーブル記憶手段1204Bは、フローエントリを記憶する。本例のフローテーブル記憶手段1204Bが記憶するフローエントリの分類情報には、属性フラグの値が設定される領域を含む所定の領域の値を指定する情報が含まれる。これにより、各フローエントリが、内部パケットに対して適用されるエントリなのか、外部パケットに対して適用されるエントリなのかが判別できる。 The flow table storage unit 1204B stores a flow entry. The flow entry classification information stored in the flow table storage unit 1204B of the present example includes information specifying the value of a predetermined area including the area where the value of the attribute flag is set. Thereby, it can be determined whether each flow entry is an entry applied to an internal packet or an entry applied to an external packet.
 ルール判定手段1205Bは、フローエントリ記憶手段1204Bに記憶されているフローエントリの分類情報に基づいて、受信したパケットがいずれのフローエントリに適合するかを判定する。ルール判定手段1205Bは、分類情報において値が指定されている領域を参照して、受信パケットの当該領域の値が分類情報において指定された値と合致するか否かを判定することにより、受信パケットが適合するフローエントリを判定する。本例のパケット属性判定手段1201Bは、パケットの所定の領域(属性フラグが設定される領域)の値を参照してパケットの属性に関してエントリとの適合判定を行う手段であるが、当該処理は、ルール判定手段1205Bによる上述した適合判定処理の一部として実施される。 The rule determination unit 1205B determines which flow entry the received packet matches based on the flow entry classification information stored in the flow entry storage unit 1204B. The rule determining unit 1205B refers to the area where the value is specified in the classification information, and determines whether the value of the area of the received packet matches the value specified in the classification information, thereby receiving the received packet The flow entry that matches is determined. The packet attribute determination unit 1201B of this example is a unit that refers to the value of a predetermined area of the packet (area in which the attribute flag is set) and determines whether the packet attribute matches with the entry. This is performed as part of the above-described conformity determination process by the rule determination unit 1205B.
 ルール実行手段1206Bは、受信したパケットに適合するフローエントリがあれば、該フローエントリのアクション情報に示される処理を実行する。なお、本例のアクション情報には、送信するパケットの属性フラグが設定される領域の値を所定の値に設定する旨を示す情報が含まれうる。本例のパケット属性設定手段1202Bは、外部パケットを内部ネットワークに転送する際に、該パケットの属性フラグが設定される領域の値を内部属性を示す値に設定する処理を行う手段であるが、当該処理は、ルール実行手段1206Bによる上述したアクション実行処理の一部として実施される。 If there is a flow entry that matches the received packet, the rule execution means 1206B executes the process indicated by the action information of the flow entry. Note that the action information of this example may include information indicating that the value of the area in which the attribute flag of the packet to be transmitted is set is set to a predetermined value. The packet attribute setting means 1202B of this example is a means for performing processing to set the value of the area in which the attribute flag of the packet is set to a value indicating the internal attribute when transferring the external packet to the internal network. This process is performed as part of the action execution process described above by the rule execution unit 1206B.
 なお、経路決定手段1101およびフローエントリ設定手段1102は、例えばOFCが備えるコンピュータ(プログラムに従って動作するCPU等)によって実現される。また、パケット属性判定手段1201A、パケット属性設定手段1202A、パケット処理手段1203A、パケット処理手段1203B、ルール判定手段1205B、ルール実行手段1206Bは、例えばOFSが備えるコンピュータ(プログラムに従って動作するCPU等)によって実現される。また、フローテーブル記憶手段1204A、フローテーブル記憶手段1204Bは、例えばOFSが備える記憶装置(メモリやデータベースシステム等)によって実現される。 The route determination unit 1101 and the flow entry setting unit 1102 are realized by, for example, a computer (CPU or the like that operates according to a program) provided in the OFC. The packet attribute determination unit 1201A, the packet attribute setting unit 1202A, the packet processing unit 1203A, the packet processing unit 1203B, the rule determination unit 1205B, and the rule execution unit 1206B are realized by, for example, a computer (such as a CPU that operates according to a program) provided in the OFS. Is done. Moreover, the flow table storage unit 1204A and the flow table storage unit 1204B are realized by a storage device (memory, database system, or the like) provided in the OFS, for example.
 次に、図5を参照して、本実施形態の通信システムにおけるフローエントリの設定の流れおよびパケットの転送の流れの一例を説明する。図5は、本実施形態の通信システムにおけるフローエントリの設定の流れおよびパケット転送の流れの一例を示すシーケンス図である。なお、図5では、通信端末131から通信端末132への通信に着目して、本実施形態の通信システムにおけるフローエントリの設定の流れおよびパケット転送の流れの一例を示しているが、本実施形態の通信システムが扱う通信は上記だけに限らない。また、図5において、点線の矢印は制御用通信を示し、実線の矢印はデータ用通信を示している。 Next, an example of a flow entry setting flow and a packet transfer flow in the communication system of this embodiment will be described with reference to FIG. FIG. 5 is a sequence diagram showing an example of a flow entry setting flow and a packet transfer flow in the communication system of the present embodiment. FIG. 5 shows an example of the flow entry setting flow and the packet transfer flow in the communication system of the present embodiment, focusing on communication from the communication terminal 131 to the communication terminal 132. The communication handled by this communication system is not limited to the above. In FIG. 5, the dotted arrow indicates control communication, and the solid arrow indicates data communication.
 図5に示す例において、通信端末131は送信端末として動作する。また、通信端末132は宛先端末として動作する。また、OFS121は、通信端末131-通信端末132間の通信においてIngressスイッチとして動作する。また、OFS122は、通信端末131-通信端末132間の通信においてコアスイッチとして動作する。また、OFS123は、通信端末131-通信端末132間の通信においてEgressスイッチとして動作する。 In the example shown in FIG. 5, the communication terminal 131 operates as a transmission terminal. Further, the communication terminal 132 operates as a destination terminal. The OFS 121 operates as an Ingress switch in communication between the communication terminal 131 and the communication terminal 132. The OFS 122 operates as a core switch in communication between the communication terminal 131 and the communication terminal 132. The OFS 123 operates as an Egress switch in communication between the communication terminal 131 and the communication terminal 132.
 また、以下では、パケット内の属性フラグの割り当て先として、L2フレームの送信元MACアドレスのU/Lビットを用いた例を示すが、これは、接続している外部のノードやカプセル化プロトコル等にローカルMACアドレスを使っているマシンが1つもない場合を前提としている。このような場合、内部属性を示す値として、通常使用されないローカルアドレスを示す値を用いればよい。 Also, in the following, an example is shown in which the U / L bit of the source MAC address of the L2 frame is used as the assignment destination of the attribute flag in the packet. This is because the connected external node, encapsulation protocol, etc. It is assumed that there is no machine using a local MAC address. In such a case, a value indicating a local address that is not normally used may be used as a value indicating the internal attribute.
 なお、外部のノードから送信されるパケットにおけるアドレスの使用状況に何の仮定もおけない場合、すなわちローカルMACアドレスを使っているマシンが存在するかどうか分からない場合には、次のような方法をとってもよい。 If no assumptions can be made about the usage status of addresses in packets sent from external nodes, that is, if there is a machine using a local MAC address, the following method is used. It may be taken.
 第1の方法は、MACアドレスの任意のアドレスブロックで属性フラグを表現する方法である。すなわち、ベンダ割り当てアドレスブロックもしくは通常マルチキャスト用にアサインされているアドレスブロックを属性フラグの使用のために確保する。そうすれば、確保したアドレスブロックの固有値は外部ネットワークのどのマシンやカプセル化プロトコル等でも使用されないことが保証される。したがって、そのようなアドレスブロックの領域を、属性フラグの設定先として定めることができる。その場合、内部属性を示す値として、確保した固有値を用いればよい。 The first method is a method of expressing an attribute flag with an arbitrary address block of a MAC address. That is, a vendor-assigned address block or an address block assigned for normal multicast is reserved for use of the attribute flag. In this way, it is ensured that the unique value of the reserved address block is not used by any machine or encapsulation protocol in the external network. Therefore, such an address block area can be determined as the setting destination of the attribute flag. In that case, the secured unique value may be used as the value indicating the internal attribute.
 第2の方法は、IETF(Internet Engineering Task Force)が標準化を進めるMPLS(Multi-protocol Label Switching)やNVGRE(Network Virtualization using Generic Routing Encapsulation)やVxLAN(Virtual eXtensible Local Area Network)などの拡張ヘッダを利用する方法である。すなわち、OFSにおいて上記技術によってヘッダが拡張されたパケットを内部属性として判断する方法である。そのような場合には、拡張されたヘッダ領域(拡張ヘッダ領域)を、属性フラグの設定先として定めてもよい。その場合、内部属性を示す値として、OFSのいずれかが拡張ヘッダ領域を拡張した旨を示す所定の値を用いることができる。 The second method uses extension headers such as MPLS (Multi-protocol Label Switching), NVGRE (Network Virtualization Virtualization Using Routing Generic Encapsulation), and VxLAN (Virtual Network eXtensible Network Local Network Network) that IETF (Internet Engineering Task Task Force) is standardizing It is a method to do. In other words, in the OFS, a packet whose header is extended by the above technique is determined as an internal attribute. In such a case, an extended header area (extended header area) may be determined as a setting destination of the attribute flag. In that case, as the value indicating the internal attribute, a predetermined value indicating that one of the OFS has expanded the extension header area can be used.
 図5に示される例では、最初に、OFC110が、オープンフローネットワークのトポロジを認識する。ここで、OFC110は、OFS121とOFS122とが接続され、またOFS122とOFS123とが接続されていることなどを認識する。OFC110は、トポロジを認識した結果、通信端末131-通信端末132間の通信経路においてコアスイッチとなるOFS122の中継に用いられるポート、すなわち当該OFS122が隣接するOFS(OFS121およびOFS123)に接続しているポートに対して、内部パケットを転送するためのCoreエントリを設定(転送)する(図5のステップS101)。このとき、当該Coreエントリの分類情報には、少なくとも送信元MACアドレスのU/Lフラグがローカルアドレスを示す値、すなわち属性フラグが内部属性を示す値であることをパケットの要件として指定する情報が含まれる。さらに、宛先MACアドレスが所定の集約MACアドレスであることをパケットの要件として指定する情報が含まれていてもよい。 In the example shown in FIG. 5, first, the OFC 110 recognizes the topology of the OpenFlow network. Here, the OFC 110 recognizes that the OFS 121 and the OFS 122 are connected and the OFS 122 and the OFS 123 are connected. As a result of recognizing the topology, the OFC 110 is connected to a port used for relaying the OFS 122 serving as a core switch in the communication path between the communication terminal 131 and the communication terminal 132, that is, the OFS 122 connected to the adjacent OFS (OFS 121 and OFS 123). A Core entry for transferring the internal packet is set (transferred) to the port (step S101 in FIG. 5). At this time, the classification information of the Core entry includes information specifying, as a packet requirement, that at least the U / L flag of the source MAC address indicates a local address, that is, the attribute flag is a value indicating an internal attribute. included. Furthermore, information specifying that the destination MAC address is a predetermined aggregate MAC address as a requirement of the packet may be included.
 OFC110からCoreエントリを受信したOFS122は、受信したCoreエントリをフローテーブルに登録する(図5のステップS102)。 The OFS 122 that has received the Core entry from the OFC 110 registers the received Core entry in the flow table (step S102 in FIG. 5).
 また、OFC110は、例えばOFS123が配下の通信端末132から受信した任意のパケットについてPacket_Inが送信されたタイミングで、OFS123の該当ポートに対して、Ingressエントリとともに、逆方向を仮定してEgressエントリを設定する(図5のステップS103)。このとき、当該Egressエントリの分類情報には、少なくとも送信元MACアドレスのU/Lフラグがローカルアドレスを示す値、すなわち属性フラグが内部属性を示す値であることをパケットの要件として指定する情報が含まれる。なお、分類情報には、この他にも、送信先MACアドレスが当該OFS123のノードIDとOFS123配下の通信端末132のステーションIDの情報が埋め込まれた集約MACアドレスであることをパケットの要件として指定する情報が含まれていてもよい。また、当該Egressエントリのアクション情報には、パケットの属性フラグの値を元に戻す、すなわちパケットの送信元MACアドレスのU/Lフラグをユニバーサルアドレスを示す値に設定する処理を示す情報が含まれる。なお、このときのIngressエントリの設定処理は逆向きのフローであるため図示省略している。 Further, the OFC 110 sets an Egress entry assuming an opposite direction together with the Ingress entry for the corresponding port of the OFS 123 at the timing when Packet_In is transmitted for an arbitrary packet received from the communication terminal 132 under the control of the OFS 123, for example. (Step S103 in FIG. 5). At this time, the classification information of the Egress entry includes information specifying, as a packet requirement, that at least the U / L flag of the source MAC address indicates a local address, that is, the attribute flag is a value indicating an internal attribute. included. In addition to this, the classification information specifies that the destination MAC address is an aggregate MAC address in which the node ID of the OFS 123 and the station ID of the communication terminal 132 under the OFS 123 are embedded, as a packet requirement. May be included. In addition, the action information of the Egress entry includes information indicating processing for restoring the attribute flag value of the packet, that is, setting the U / L flag of the packet source MAC address to a value indicating a universal address. . In addition, since the setting process of the Ingress entry at this time is a reverse flow, the illustration is omitted.
 OFC110からEgressエントリを受信したOFS123は、受信したEgressエントリをフローテーブルに登録する(図5のステップS104)。 The OFS 123 that has received the Egress entry from the OFC 110 registers the received Egress entry in the flow table (step S104 in FIG. 5).
 このような状態において、通信端末131から通信端末132宛ての1stパケットであるパケット1が、OFS121に送信されたとする(図5のステップS105)。このとき、パケット1の送信元MACアドレスのU/Lフラグはユニバーサルアドレスを示す値である。これは、U/Lフラグを属性フラグとしてみると、内部属性を示す値以外の値が設定されていることを意味する。 In such a state, it is assumed that the packet 1 which is the first packet addressed to the communication terminal 132 is transmitted from the communication terminal 131 to the OFS 121 (step S105 in FIG. 5). At this time, the U / L flag of the source MAC address of the packet 1 is a value indicating a universal address. This means that when the U / L flag is viewed as an attribute flag, a value other than the value indicating the internal attribute is set.
 OFS121は、フローテーブルにパケット1に適合するフローエントリが登録されていないので、当該パケット1についてOFC110にPacket_Inを送信する(図5のステップS106)。 Since the flow entry that matches the packet 1 is not registered in the flow table, the OFS 121 transmits Packet_In to the OFC 110 for the packet 1 (step S106 in FIG. 5).
 OFC110は、このPacket_Inを受けて、パケット1が属するフローに対する経路を計算し、宛先端末である通信端末132と接続しているOFS123に、当該パケット1についてのPacket_Outを送信する(図5のステップS107)。ここで、Packet_Outは、OFSの指定ポートから当該パケットを送信させるためのメッセージである。 The OFC 110 receives this Packet_In, calculates the route for the flow to which the packet 1 belongs, and transmits the Packet_Out for the packet 1 to the OFS 123 connected to the communication terminal 132 that is the destination terminal (step S107 in FIG. 5). ). Here, Packet_Out is a message for transmitting the packet from the designated port of the OFS.
 Packet_Outを受信したOFS123は、送られてきたパケット1を指定されたポートから送信する(図5のステップS108)。これにより、当該フローの1stパケットであるパケット1は通信端末132に到達する。 The OFS 123 that has received Packet_Out transmits the transmitted packet 1 from the designated port (step S108 in FIG. 5). Thereby, the packet 1 which is the first packet of the flow reaches the communication terminal 132.
 また、OFC110は、OFS121からのパケット1についてのPacket_Inを受けて、OFS121の該当ポートに対して、Ingressエントリと、逆方向のフローを仮定したEgressエントリとを設定する(図5のステップS109)。このとき、当該Ingressエントリの分類情報には、少なくとも送信元MACアドレスのU/Lフラグがユニバーサルアドレスを示す値、すなわち属性フラグが内部属性を示す値以外の値であることをパケットの要件として指定する情報が含まれる。また、当該Ingressエントリのアクション情報には、属性フラグを内部属性を示す値に設定した上で、次段のOFS122にパケットを転送する処理を示す情報が含まれる。なお、このときのEgressエントリの設定処理は逆向きのフローであるため図示省略している。 Further, the OFC 110 receives the Packet_In for the packet 1 from the OFS 121 and sets an Ingress entry and an Egress entry assuming a reverse flow for the corresponding port of the OFS 121 (step S109 in FIG. 5). At this time, the classification information of the Ingress entry specifies, as a packet requirement, that at least the U / L flag of the source MAC address is a value indicating a universal address, that is, the attribute flag is a value other than a value indicating an internal attribute. Information to be included. In addition, the action information of the Ingress entry includes information indicating processing for transferring a packet to the OFS 122 at the next stage after setting the attribute flag to a value indicating the internal attribute. The setting process of the Egress entry at this time is not shown because it is a reverse flow.
 OFC110からIngressエントリを受信したOFS121は、受信したIngressエントリをフローテーブルに登録する(図5のステップS110)。 The OFS 121 that has received the Ingress entry from the OFC 110 registers the received Ingress entry in the flow table (step S110 in FIG. 5).
 このようにして当該フローの経路上の全てのOFSに対して、通信端末131から通信端末132宛てに送信されるパケットを、通信端末132に届けるためのフローエントリが設定される。 In this way, a flow entry for delivering a packet transmitted from the communication terminal 131 to the communication terminal 132 to the communication terminal 132 is set for all OFS on the route of the flow.
 このような状態で、例えば、通信端末131が通信端末132宛ての第2のパケットであるパケット2をOFS121に送信したとする(図5のステップS111)。なお、パケット2の送信元MACアドレスのU/Lフラグは、パケット1と同様、ユニバーサルアドレスを示す値(すなわち、内部属性を示す値以外の値)である。 In this state, for example, it is assumed that the communication terminal 131 transmits the packet 2 that is the second packet addressed to the communication terminal 132 to the OFS 121 (step S111 in FIG. 5). Note that the U / L flag of the source MAC address of the packet 2 is a value indicating a universal address (that is, a value other than a value indicating an internal attribute), as with the packet 1.
 上述したステップS110によってOFS121のフローテーブルには当該フローに適合するIngressエントリが登録されているので、OFS121は、該Ingressエントリに従って、受信したパケット2の属性フラグを内部属性を示す値に設定した上で、次段のOFS122に転送する(図5のステップS112)。なお、OFS121は、Ingressエントリに従って、宛先MACアドレスを集約MACアドレスに変換する処理も行う。以下、属性フラグが内部属性を示す値に設定され、かつ宛先MACアドレスが集約MACアドレスに変換されたパケット2をパケット2’という。 Since the Ingress entry suitable for the flow is registered in the flow table of the OFS 121 in step S110 described above, the OFS 121 sets the attribute flag of the received packet 2 to a value indicating the internal attribute in accordance with the Ingress entry. Then, the data is transferred to the OFS 122 at the next stage (step S112 in FIG. 5). The OFS 121 also performs processing for converting the destination MAC address into an aggregate MAC address in accordance with the Ingress entry. Hereinafter, the packet 2 in which the attribute flag is set to a value indicating the internal attribute and the destination MAC address is converted to the aggregate MAC address is referred to as a packet 2 '.
 上述したステップS102によってOFS122のフローテーブルには当該パケット2’に適合するCoreエントリが登録されているので、OFS122は、該Coreエントリに従って、受信したパケット2’を次段のOFS123に転送する(図5のステップS113)。 Since the Core entry matching the packet 2 ′ is registered in the flow table of the OFS 122 by the above-described step S102, the OFS 122 transfers the received packet 2 ′ to the OFS 123 of the next stage according to the Core entry (FIG. 5 step S113).
 上述したステップS104によってOFS123のフローテーブルには当該パケット2’に適合するEgressエントリが登録されているので、OFS123は、該Egressエントリに従って、受信したパケット2’の属性フラグおよび宛先MACアドレスの値を元に戻した上で、配下の通信端末132に送信する(図5のステップS114)。 Since the Egress entry that matches the packet 2 ′ is registered in the flow table of the OFS 123 by the above-described step S104, the OFS 123 sets the attribute flag and the destination MAC address value of the received packet 2 ′ according to the Egress entry. After returning to the original state, the data is transmitted to the subordinate communication terminal 132 (step S114 in FIG. 5).
 このようにして、1stパケット以降のパケットは、OFCを経由せずに決定された経路を進み、最終的に宛先端末に送信される。 In this way, the first and subsequent packets follow the determined path without going through the OFC, and are finally transmitted to the destination terminal.
 なお、図6は、上述した一連の流れをブロック図上で表現した説明図である。図6において、コアOFSはOFS122である。また、エッジOFS(Ingress)はOFS121である。また、エッジOFS(Egress)はOFS123である。また、送信端末は通信端末131である。また、宛先端末は通信端末132である。また、図6には、送信されるパケットの属性フラグの内容が編みかけの有無により示されている。図6において、網掛け有りが内部属性を示す値、すなわちU/Lフラグがローカルアドレスであることを示し、網掛け無しが内部属性を示す値以外の値、すなわちU/Lフラグがユニバーサルアドレスであることを示している。 FIG. 6 is an explanatory diagram expressing the above-described series of flows on a block diagram. In FIG. 6, the core OFS is the OFS 122. The edge OFS (Ingress) is the OFS 121. The edge OFS (Egress) is OFS123. The transmitting terminal is the communication terminal 131. The destination terminal is the communication terminal 132. In FIG. 6, the contents of the attribute flag of the packet to be transmitted are indicated by the presence or absence of knitting. In FIG. 6, the presence of shading indicates a value indicating the internal attribute, that is, the U / L flag is a local address, and the absence of shading indicates a value other than the value indicating the internal attribute, that is, the U / L flag is a universal address. It shows that there is.
 以上のように、本実施形態によれば、OFSが受信ポートではなく受信したパケットに付随される情報から、当該パケットが内部パケットか外部パケットかを認識する。これにより、1つのポートに対して内部パケットに適用させるエントリと、外部パケットに適用させるエントリの両方を設定しても、混同せずに使い分けることができる。すなわち、1つのポートで、内部パケットと外部パケットの両方を扱えるようになる。また、上記効果は、オープンフロー規約に影響を与えることなく実現が可能である。 As described above, according to the present embodiment, the OFS recognizes whether the packet is an internal packet or an external packet from information attached to the received packet instead of the reception port. Thereby, even if both an entry applied to an internal packet and an entry applied to an external packet are set for one port, they can be used properly without being confused. That is, one port can handle both internal packets and external packets. Further, the above effect can be realized without affecting the OpenFlow contract.
実施形態2.
 図7は、第2の実施形態の通信システムの構成例を示す説明図である。図7に示す通信システムは、図1に示す通信システムに比べて、さらにOFS124を備える点が異なる。OFS124は、通信端末131と共通のポートを介してOFS121の1つのポートと接続されている。また、OFS124は、他のポートを介して通信端末133と接続されている。なお、通信端末133は、外部ネットワークに属するノードである。 Embodiment 2. FIG.
FIG. 7 is an explanatory diagram illustrating a configuration example of a communication system according to the second embodiment. The communication system shown in FIG. 7 is different from the communication system shown in FIG. 1 in that an OFS 124 is further provided. The OFS 124 is connected to one port of the OFS 121 via a port common to the communication terminal 131. The OFS 124 is connected to the communication terminal 133 via another port. The communication terminal 133 is a node belonging to an external network.
 OFS124は、例えば図14に例示したような仮想化された物理サーバ上で動作する仮想OFSであってもよい。その場合、通信端末133は、同物理サーバ上で動作する仮想マシンである。また、通信端末131は、同物理サーバ上で動作するアプリケーションである。 The OFS 124 may be a virtual OFS that operates on a virtualized physical server as exemplified in FIG. In this case, the communication terminal 133 is a virtual machine that operates on the same physical server. The communication terminal 131 is an application that operates on the physical server.
 OFS124の構成および動作は、第1の実施形態の各OFSの構成および動作と同様でよい。 The configuration and operation of the OFS 124 may be the same as the configuration and operation of each OFS in the first embodiment.
 本実施形態の通信システムでは、図7に示されるように、OFS121の1つのポートにおいて、IngressフローとEgressフローの両方を扱えるようにしている。 In the communication system according to the present embodiment, as shown in FIG. 7, one port of the OFS 121 can handle both the Ingress flow and the Egress flow.
 すなわち、OFS121は、通信端末131から送信されたパケットを受信した場合には、受信したパケットの属性フラグの値に基づいてIngressエントリを選択し、選択されたIngressエントリに従って動作する。一方、OFS121は、通信端末133から送信されOFS124によって転送されたパケットを受信した場合には、受信したパケットの属性フラグの値に基づいてCoreエントリを選択し、選択したCoreエントリに従って動作する。 That is, when the OFS 121 receives a packet transmitted from the communication terminal 131, the OFS 121 selects an Ingress entry based on the value of the attribute flag of the received packet and operates according to the selected Ingress entry. On the other hand, when receiving a packet transmitted from the communication terminal 133 and transferred by the OFS 124, the OFS 121 selects a Core entry based on the value of the attribute flag of the received packet, and operates according to the selected Core entry.
 図8および図9は、本実施形態の通信システムにおけるフローエントリの設定の流れおよびパケット転送の流れの一例を示すシーケンス図である。なお、図8および図9では、通信端末131から通信端末132への通信と、通信端末133から通信端末132への通信とに着目して、本実施形態の通信システムにおけるフローエントリの設定の流れおよびパケット転送の流れの一例を示しているが、本実施形態の通信システムが扱う通信は上記だけに限らない。 8 and 9 are sequence diagrams showing an example of a flow entry setting flow and a packet transfer flow in the communication system of the present embodiment. 8 and 9, the flow entry setting flow in the communication system of the present embodiment focuses on communication from the communication terminal 131 to the communication terminal 132 and communication from the communication terminal 133 to the communication terminal 132. Although an example of the flow of packet transfer is shown, communication handled by the communication system of the present embodiment is not limited to the above.
 図8および図9に示す例において、通信端末131および通信端末133は送信端末として動作する。また、通信端末132は宛先端末として動作する。また、OFS124は、通信端末133-通信端末132間の通信においてIngressスイッチとされる。また、OFS121は、通信端末131-通信端末132間の通信においてIngressスイッチとされ、通信端末133-通信端末132間の通信においてコアスイッチとされる。また、OFS123は、通信端末131-通信端末132間の通信および通信端末133-通信端末132間の通信においてEgressスイッチとされる。また、OFS122は、通信端末131-通信端末132間の通信および通信端末133-通信端末132間の通信においてコアスイッチとされる。 8 and 9, the communication terminal 131 and the communication terminal 133 operate as transmission terminals. Further, the communication terminal 132 operates as a destination terminal. The OFS 124 is an Ingress switch in communication between the communication terminal 133 and the communication terminal 132. The OFS 121 is an Ingress switch in communication between the communication terminal 131 and the communication terminal 132, and is a core switch in communication between the communication terminal 133 and the communication terminal 132. The OFS 123 is an Egress switch in communication between the communication terminal 131 and the communication terminal 132 and communication between the communication terminal 133 and the communication terminal 132. The OFS 122 is a core switch in communication between the communication terminal 131 and the communication terminal 132 and communication between the communication terminal 133 and the communication terminal 132.
 また、以下でも、パケット内の属性フラグの割り当て先として、L2フレームの送信元MACアドレスのU/Lビットを用いた例を示す。また、以下では、図5に示した第1の実施形態と同様のステップについては同じ符号を付し、説明を省略する。 In the following, an example in which the U / L bit of the source MAC address of the L2 frame is used as the assignment destination of the attribute flag in the packet will be shown. In the following description, the same steps as those in the first embodiment shown in FIG.
 図8および図9に示される例では、最初に、OFC110が、オープンフローネットワークのトポロジを認識する。ここで、OFC110は、OFS121とOFS122とが接続され、またOFS122とOFS123とが接続され、またOFS124とOFS121とが接続されていることを認識するなどを認識する。 8 and 9, first, the OFC 110 recognizes the topology of the OpenFlow network. Here, the OFC 110 recognizes that the OFS 121 and the OFS 122 are connected, the OFS 122 and the OFS 123 are connected, and the OFS 124 and the OFS 121 are connected.
 OFC110は、トポロジを認識した結果、通信端末133-通信端末132間の通信経路または通信端末131-通信端末132間の通信経路においてコアスイッチとなるOFS121およびOFS122の中継に用いられるポートに対して、内部パケットを転送するためのCoreエントリを設定(転送)する(図8のステップS101,ステップS201)。このとき、当該Coreエントリの分類情報には、少なくとも送信元MACアドレスのU/Lフラグがローカルアドレスを示す値、すなわち属性フラグが内部属性を示す値であることをパケットの要件として指定する情報が含まれる。さらに、当該Coreエントリの分類情報には、宛先MACアドレスが所定の集約MACアドレスであることをパケットの要件として指定する情報が含まれていてもよい。 As a result of recognizing the topology, the OFC 110 performs communication on the communication path between the communication terminal 133 and the communication terminal 132 or the port used for relaying the OFS 121 and OFS 122 serving as core switches in the communication path between the communication terminal 131 and the communication terminal 132. A Core entry for transferring the internal packet is set (transferred) (steps S101 and S201 in FIG. 8). At this time, the classification information of the Core entry includes information specifying, as a packet requirement, that at least the U / L flag of the source MAC address indicates a local address, that is, the attribute flag is a value indicating an internal attribute. included. Furthermore, the Core entry classification information may include information specifying that the destination MAC address is a predetermined aggregate MAC address as a packet requirement.
 OFC110からCoreエントリを受信したOFS121およびOFS122は、受信したCoreエントリをフローテーブルに登録する(図8のステップS102,ステップS202)。 The OFS 121 and OFS 122 that have received the Core entry from the OFC 110 register the received Core entry in the flow table (steps S102 and S202 in FIG. 8).
 本例の場合、ステップS105で通信端末131から通信端末132宛ての1stパケットであるパケット1がOFS121に送信されたとき、OFS121のフローテーブルにはステップS202によりCoreエントリが登録されている。しかし、OFS121が受信した該パケット1の属性フラグ用に割り当てられた領域の値、すなわちU/Lフラグの値は、登録されているCoreエントリのパケット要件には適合しない。このため、OFS121は、第1の実施形態と同様に、OFC110に、当該パケット1についてのPacket_Inを送信する(図8のステップS106)。以降のパケット1に関する処理は、第1の実施形態と同様である(ステップS107~ステップS110)。また、パケット1以降の通信端末131からのパケットに関する処理も、第1の実施形態と同様である(ステップS111~ステップS114)。 In the case of this example, when the packet 1 which is the first packet addressed to the communication terminal 132 is transmitted from the communication terminal 131 to the OFS 121 in step S105, the Core entry is registered in the flow table of the OFS 121 in step S202. However, the value of the area allocated for the attribute flag of the packet 1 received by the OFS 121, that is, the value of the U / L flag does not conform to the packet requirement of the registered Core entry. Therefore, the OFS 121 transmits Packet_In for the packet 1 to the OFC 110 as in the first embodiment (step S106 in FIG. 8). The subsequent processing relating to packet 1 is the same as that in the first embodiment (steps S107 to S110). Further, the processing related to the packet from the communication terminal 131 after the packet 1 is the same as that in the first embodiment (steps S111 to S114).
 その一方で、通信端末133から通信端末132宛ての1stパケットであるパケット3が、OFS124に送信されたとする(図9のステップS203)。このとき、パケット3の送信元MACアドレスのU/Lフラグはユニバーサルアドレスを示す値、すなわち内部属性を示す値以外の値である。 On the other hand, it is assumed that the packet 3 that is the first packet addressed to the communication terminal 132 is transmitted from the communication terminal 133 to the OFS 124 (step S203 in FIG. 9). At this time, the U / L flag of the source MAC address of the packet 3 is a value other than a value indicating a universal address, that is, a value indicating an internal attribute.
 OFS124のフローテーブルにはパケット3に適合するフローエントリは登録されていないので、OFS124は、OFC110に、当該パケット3についてのPacket_Inを送信する(図9のステップS204)。 Since no flow entry matching packet 3 is registered in the flow table of OFS 124, OFS 124 transmits Packet_In for packet 3 to OFC 110 (step S204 in FIG. 9).
 OFC110は、このPacket_Inを受けて、パケット3が属するフローに対する経路を計算し、宛先端末である通信端末132と接続しているOFS123に、当該パケット3についてのPacket_Outを送信する(図9のステップS205)。 The OFC 110 receives this Packet_In, calculates the route for the flow to which the packet 3 belongs, and transmits the Packet_Out for the packet 3 to the OFS 123 connected to the communication terminal 132 that is the destination terminal (step S205 in FIG. 9). ).
 Packet_Outを受信したOFS123は、指定されたパケットを指定されたポートから送信する(図9のステップS206)。これにより、当該フローの1stパケットであるパケット3は通信端末132に到達する。 The OFS 123 that has received the Packet_Out transmits the designated packet from the designated port (step S206 in FIG. 9). As a result, the packet 3 which is the first packet of the flow reaches the communication terminal 132.
 また、OFC110は、OFS124からのパケット3についてのPacket_Inを受けて、OFS124の該当ポートに対して、Ingressエントリと、逆方向のフローを仮定したEgressエントリとを設定する(図9のステップS207)。このとき、当該Ingressエントリの分類情報には、少なくとも送信元MACアドレスのU/Lフラグがユニバーサルアドレスを示す値、すなわち内部属性を示す値以外の値であることをパケットの要件として指定する情報が含まれる。また、当該Ingressエントリのアクション情報には、U/Lフラグを内部属性を示す値に設定した上で、次段のOFS121にパケットを転送する処理を示す情報が含まれる。 Further, the OFC 110 receives Packet_In for the packet 3 from the OFS 124, and sets an Ingress entry and an Egress entry assuming a reverse flow for the corresponding port of the OFS 124 (step S207 in FIG. 9). At this time, the classification information of the Ingress entry includes information specifying, as a packet requirement, that at least the U / L flag of the source MAC address is a value indicating a universal address, that is, a value other than a value indicating an internal attribute. included. In addition, the action information of the Ingress entry includes information indicating a process for transferring a packet to the OFS 121 at the next stage after setting the U / L flag to a value indicating an internal attribute.
 OFC110からIngressエントリを受信したOFS124は、受信したIngressエントリをフローテーブルに登録する(図9のステップS208)。 The OFS 124 that has received the Ingress entry from the OFC 110 registers the received Ingress entry in the flow table (step S208 in FIG. 9).
 このようにして当該フローの経路上の全てのOFSに対して、通信端末133から送信される通信端末132宛てのパケットを通信端末132に届けるためのフローエントリが設定される。 In this way, a flow entry for delivering a packet addressed to the communication terminal 132 transmitted from the communication terminal 133 to the communication terminal 132 is set for all OFS on the flow path.
 このような状態で、例えば、通信端末133が通信端末132宛ての第2のパケットであるパケット4をOFS124に送信したとする(図9のステップS209)。 In this state, for example, it is assumed that the communication terminal 133 transmits the packet 4 that is the second packet addressed to the communication terminal 132 to the OFS 124 (step S209 in FIG. 9).
 ステップS208によってOFS124のフローテーブルには当該パケット4に適合するIngressエントリが登録されているので、OFS124は、該Ingressエントリに従って、受信したパケット4を次段のOFS121に転送する(図9のステップS210)。このとき、OFS124は、該Ingressエントリに従って、パケット4の属性フラグを内部属性を示す値に設定し、かつ宛先MACアドレスを集約MACアドレスに変換した上で転送する。以下、属性フラグが内部属性を示す値に設定され、かつ宛先MACアドレスが集約MACアドレスに変換されたパケット4を、パケット4’という。 Since the Ingress entry suitable for the packet 4 is registered in the flow table of the OFS 124 in step S208, the OFS 124 transfers the received packet 4 to the next-stage OFS 121 in accordance with the Ingress entry (step S210 in FIG. 9). ). At this time, according to the Ingress entry, the OFS 124 sets the attribute flag of the packet 4 to a value indicating an internal attribute, converts the destination MAC address to an aggregate MAC address, and transfers the packet. Hereinafter, the packet 4 in which the attribute flag is set to a value indicating the internal attribute and the destination MAC address is converted into the aggregate MAC address is referred to as a packet 4 '.
 OFS121の該当ポートは、パケット4’を受信する。なお、パケット4’は、ステップS111で受信したパケット2と同一の送信元MACアドレス(ただし、U/Lフラグは除く)および同一の送信先MACアドレスである。しかし、パケット4’には、ステップS211により属性フラグが内部属性を示す値に設定されている。この違いにより、OFS121において、当該パケット4’はIngressエントリではなくCoreエントリと適合する。したがって、OFS121は、適合したCoreエントリに従って、受信したパケット4’を次段のOFS122に転送する(図9のステップS211)。 The corresponding port of the OFS 121 receives the packet 4 '. The packet 4 'has the same source MAC address (except for the U / L flag) and the same destination MAC address as the packet 2 received in step S111. However, in the packet 4 ', the attribute flag is set to a value indicating the internal attribute in step S211. Due to this difference, in the OFS 121, the packet 4 'matches the Core entry, not the Ingress entry. Therefore, the OFS 121 transfers the received packet 4 ′ to the next-stage OFS 122 according to the matched Core entry (step S <b> 211 in FIG. 9).
 OFS122は、登録されているCoreエントリに従って、受信したパケット4’を次段のOFS123に転送する(図9のステップS212)。 The OFS 122 transfers the received packet 4 'to the next-stage OFS 123 according to the registered Core entry (step S212 in FIG. 9).
 また、ステップS104によってOFS123のフローテーブルにも当該パケット4’に適合するEgressエントリが登録されているので、OFS123は、該Egressエントリに従って、受信したパケット4’を配下の通信端末132に送信する(図9のステップS213)。このとき、OFS123は、該Egressエントリに従って、パケット4’の属性フラグおよび宛先MACアドレスを元に戻した上で送信する。 In addition, since an Egress entry that matches the packet 4 ′ is registered in the flow table of the OFS 123 in step S104, the OFS 123 transmits the received packet 4 ′ to the subordinate communication terminal 132 according to the Egress entry ( Step S213 in FIG. 9). At this time, the OFS 123 transmits the packet 4 'after returning the attribute flag and the destination MAC address of the packet 4' according to the Egress entry.
 このようにして、通信端末133-通信端末132間の通信においても、1stパケット以降のパケットは、OFCを経由せずに決定された経路を進み、最終的に宛先端末に送信される。 In this way, also in the communication between the communication terminal 133 and the communication terminal 132, the packet after the 1st packet travels on the determined route without going through the OFC, and is finally transmitted to the destination terminal.
 図10は、本実施形態のOFS121のフローテーブルに登録されるフローエントリの例を示す説明図である。ここで、通信端末133は、仮想化された物理サーバ上で動作する仮想マシンであるとする。また、通信端末131は、同じ物理サーバ上で動作するアプリケーションであるとする。また、OFS124は、同じ物理サーバ上で動作する仮想スイッチであるとする。そして、この物理サーバは、1つの物理NICを介してOFS121のPort1に接続されているとする。一方、OFS122は、OFS121のPort2に接続されているものとする。 FIG. 10 is an explanatory diagram illustrating an example of a flow entry registered in the flow table of the OFS 121 according to the present embodiment. Here, it is assumed that the communication terminal 133 is a virtual machine that operates on a virtualized physical server. The communication terminal 131 is assumed to be an application that operates on the same physical server. The OFS 124 is a virtual switch that operates on the same physical server. The physical server is assumed to be connected to the Port 1 of the OFS 121 via one physical NIC. On the other hand, the OFS 122 is connected to the Port 2 of the OFS 121.
 そのような場合、例えば、OFS121のフローテーブルには、図10に示されるようなフローエントリが登録される。ここで、第1レコードR101に示されるフローエントリは、通信端末131(本例では物理サーバ上のアプリケーション)から受信するパケットに対して適用されるIngressエントリの例である。このIngressエントリの分類情報(図中では、「Match Field」と表記)には、送信元MACアドレス(図中では、「MAC src」と表記)の指定として、U/Lフラグの値がU:ユニバーサルアドレスであることを指定する情報が含まれている。この指定は、属性フラグの値が外部属性を示す値であることが指定されていることと同意である。また、そのような分類情報と対応づけられているアクション情報(図中では、「Action Field」と表記)には、送信元MACアドレスのU/Lビットの値をL:ローカルアドレスを示す値に書き換えた上でPort2からの出力を示す動作が指定されている。なお、図10において、Ingressエントリのアクション情報における宛先MACアドレスを集約MACアドレスに変換する旨の指定は図示省略されている。また、図10に例示したフローテーブルにおける「Count Field」はタイマ値である。 In such a case, for example, a flow entry as shown in FIG. 10 is registered in the flow table of the OFS 121. Here, the flow entry shown in the first record R101 is an example of an Ingress entry applied to a packet received from the communication terminal 131 (in this example, an application on a physical server). In the classification information of the Ingress entry (indicated as “Match Field” in the figure), the value of the U / L flag is U: as the designation of the source MAC address (indicated as “MAC src” in the figure). Contains information specifying that it is a universal address. This designation agrees with the fact that the value of the attribute flag is designated as a value indicating an external attribute. In addition, in action information (indicated as “Action Field” in the figure) associated with such classification information, the value of the U / L bit of the source MAC address is set to L: a value indicating a local address. An operation indicating the output from Port 2 is specified after rewriting. In FIG. 10, designation for converting the destination MAC address to the aggregate MAC address in the action information of the Ingress entry is omitted. Further, “Count Field” in the flow table illustrated in FIG. 10 is a timer value.
 また、第2レコードR102に示されるフローエントリは、OFS124(本例では仮想OFS)から転送されるパケットに対して適用されるCoreエントリの例である。このCoreエントリの分類情報には、送信元MACアドレスの指定として、U/Lフラグの値がL:ローカルアドレスであることを指定する情報が含まれている。この指定は、属性フラグが内部属性を示す値であることが指定されていることと同意である。また、そのような分類情報と対応づけられているアクション情報には、Port2からの出力を示す動作が指定されている。 The flow entry indicated in the second record R102 is an example of a Core entry applied to a packet transferred from the OFS 124 (virtual OFS in this example). The Core entry classification information includes information for designating that the value of the U / L flag is L: local address as designation of the source MAC address. This designation agrees with the fact that the attribute flag is designated as a value indicating an internal attribute. In addition, the action information associated with such classification information specifies an operation indicating an output from Port2.
 本例では、送信元MACアドレスのU/Lビットに属性フラグを埋め込んでいるため、パケットの属性が内部属性であるか外部属性であるかを、受信したパケットの送信元MACアドレスのU/Lビットを見て判定できる。通常、物理サーバ上のアプリケーション(通信端末131)からのパケットはU/LフラグがU:ユニバーサルアドレスを示す値である。これに対して、仮想OFS(OFS124)からのパケットは、本発明によるパケット属性の設定処理により、U/LフラグがL:ローカルアドレスを示す値に書き換えられている。このため、OFS121では、Port1からパケットを受信したとき、物理サーバ上のアプリケーション(通信端末131)からのパケットであればIngressエントリと適合し、仮想OFS(OFS124)からのパケットであればCoreエントリと適合するというように、パケットの属性に応じたエントリが正しく選択される。 In this example, since the attribute flag is embedded in the U / L bit of the source MAC address, it is determined whether the packet attribute is an internal attribute or an external attribute, the U / L of the source MAC address of the received packet. You can judge by looking at the bit. Usually, in the packet from the application (communication terminal 131) on the physical server, the U / L flag is a value indicating U: universal address. On the other hand, the packet from the virtual OFS (OFS 124) has the U / L flag rewritten to a value indicating L: local address by the packet attribute setting processing according to the present invention. Therefore, in the OFS 121, when a packet is received from the Port 1, if it is a packet from the application (communication terminal 131) on the physical server, it matches the Ingress entry, and if it is a packet from the virtual OFS (OFS 124), The entry corresponding to the attribute of the packet is correctly selected so as to match.
 以上のように、本実施形態においても、第1の実施形態と同様に、OFSは、受信ポートではなく受信したパケットに付随される情報から、当該パケットの属性が内部属性か外部属性かを認識して正しいエントリを選択できる。これにより、1つのポートで外部パケットと内部パケットの両方を取り扱えるようになる。 As described above, in this embodiment as well, as in the first embodiment, OFS recognizes whether the attribute of the packet is an internal attribute or an external attribute from the information attached to the received packet instead of the reception port. To select the correct entry. As a result, both external packets and internal packets can be handled by one port.
 また、1つのポートで内部パケットと外部パケットの両方を扱えるようになることから、次のような効果も期待できる。すなわち、仮想スイッチが動作する仮想化されたサーバにおいて、必要な物理NICの枚数を抑制できるとともに、高性能NICの通信帯域を有効利用できる。また、仮想スイッチの対向ポートとなるOFS(例えば、OFS121)の使用ポート数も削減できる。なお、上記効果は、オープンフロー規約に影響を与えることなく実現が可能である。 In addition, since one port can handle both internal and external packets, the following effects can be expected. That is, in the virtualized server on which the virtual switch operates, the number of necessary physical NICs can be suppressed and the communication band of the high-performance NIC can be effectively used. In addition, the number of used ports of OFS (for example, OFS 121) that is the opposite port of the virtual switch can be reduced. The above effect can be realized without affecting the OpenFlow protocol.
 なお、上記各実施形態では、CU分離型ネットワークの1つであるオープンフローネットワークを例に用いて本発明を説明したが、オープンフローネットワークは一例に過ぎない。したがって、本発明が対象とするネットワークはオープンフローネットワークに限定されない。また、本発明は、CU分離型のネットワークにも限定されない。すなわち、本発明は、CU分離型のネットワークではない、各パケット転送装置が各々転送制御を行うネットワークに対しても適用可能である。 In each of the above embodiments, the present invention has been described using an OpenFlow network that is one of CU separation type networks as an example, but the OpenFlow network is only an example. Therefore, the network targeted by the present invention is not limited to the OpenFlow network. Further, the present invention is not limited to a CU separation type network. That is, the present invention can be applied to a network that is not a CU separation type network and each packet transfer apparatus performs transfer control.
 次に、本発明による通信システムの最小構成について説明する。図11は、本発明による通信システムの特徴を表現する最小の構成例を示すブロック図である。図11に示すように、本発明による通信システムは、少なくとも複数のパケット転送装置(パケット転送装置501-1およびパケット転送装置501-2)を備える。 Next, the minimum configuration of the communication system according to the present invention will be described. FIG. 11 is a block diagram showing a minimum configuration example expressing the features of the communication system according to the present invention. As shown in FIG. 11, the communication system according to the present invention includes at least a plurality of packet transfer apparatuses (a packet transfer apparatus 501-1 and a packet transfer apparatus 501-2).
 また、各パケット転送装置は、パケット属性判定手段501と、パケット属性設定手段502とを含む。 Each packet transfer apparatus includes a packet attribute determination unit 501 and a packet attribute setting unit 502.
 パケット属性判定手段501(例えば、パケット属性判定手段1201A,パケット属性判定手段1201B)は、パケットのヘッダ領域に含まれる所定の領域であって、パケットの属性を設定する領域として予め定められている属性設定領域(上述した例では、属性フラグが割り当てられた領域)を参照して、受信したパケットの属性が、各パケット転送装置のいずれかから転送された内部パケットを表す内部属性か、外部のノードから受信した外部パケットを表す外部属性かを判定する。 The packet attribute determination unit 501 (for example, the packet attribute determination unit 1201A and the packet attribute determination unit 1201B) is a predetermined area included in the header area of the packet, and is an attribute set in advance as an area for setting the packet attribute Referring to the setting area (in the above example, the area to which the attribute flag is assigned), whether the attribute of the received packet is an internal attribute representing an internal packet transferred from one of the packet transfer apparatuses or an external node It is determined whether the external attribute represents an external packet received from.
 パケット属性判定手段501は、受信したパケットの属性設定領域の値が内部属性を示す値であれば内部属性であると判定し、内部属性を示す値以外の値であれば外部属性であると判定する。 The packet attribute determination unit 501 determines that the attribute setting area value of the received packet is an internal attribute if the value indicates an internal attribute, and determines that the value is an external attribute if the value is a value other than the value indicating the internal attribute. To do.
 パケット属性判定手段502(例えば、パケット属性設定手段1202A,パケット属性設定手段1202B)は、外部パケットを、内部ネットワークを介して他のパケット転送装置に転送する場合に、当該パケットの属性設定領域に内部属性を示す値を設定する。 The packet attribute determination unit 502 (for example, the packet attribute setting unit 1202A and the packet attribute setting unit 1202B), when transferring an external packet to another packet transfer apparatus via the internal network, Set a value indicating the attribute.
 また、パケット属性判定手段501は、受信したパケットの属性設定領域の値が予め定めておいた内部属性を示す値であれば内部属性であると判定し、内部属性を示す値以外の値であれば外部属性であると判定する。 The packet attribute determining unit 501 determines that the value of the attribute setting area of the received packet is an internal attribute if the value indicates a predetermined internal attribute, and if the value is a value other than the value indicating the internal attribute. It is determined to be an external attribute.
 また、各パケット転送装置は、パケットを受信したときの当該パケット転送装置の動作を定める情報であるパケット転送ルールであって、当該パケット転送ルールが適用されるパケットフローに属するパケットの要件を示す分類情報と、実行する処理を示すアクション情報とを含むパケット転送ルールを記憶するパケット転送ルール記憶手段(例えば、フローテーブル記憶手段1204A、1204B)と、パケット転送ルール記憶手段に記憶されているパケット転送ルールに従って、受信したパケットに対する処理を実行するパケット処理手段(例えば、パケット処理手段1203A、1203B)とを含み、分類情報は属性設定領域の値を指定する情報を有し、パケット処理手段は、パケット転送ルール記憶手段に記憶されているパケット転送ルールの分類情報に基づいて、受信したパケットがパケット転送ルール記憶手段に記憶されているパケット転送ルールのいずれに適合するかを判定するルール判定手段(例えば、ルール判定手段1205B)と、受信したパケットに対して、適合したパケット転送ルールのアクション情報が示す処理を実行するルール実行手段(例えば、ルール実行手段1206B)とを有し、パケット属性判定手段はルール判定手段に含まれ、パケット属性設定手段はルール実行手段に含まれていてもよい。 Each packet transfer device is a packet transfer rule that is information that determines the operation of the packet transfer device when a packet is received, and the classification indicates the requirements of packets belonging to the packet flow to which the packet transfer rule is applied. Packet transfer rule storage means (for example, flow table storage means 1204A, 1204B) for storing packet transfer rules including information and action information indicating processing to be executed, and packet transfer rules stored in the packet transfer rule storage means And the packet processing means (for example, packet processing means 1203A, 1203B) for executing processing on the received packet, the classification information has information specifying the value of the attribute setting area, and the packet processing means Packets stored in the rule storage means A rule determination unit (for example, rule determination unit 1205B) for determining which of the packet transfer rules stored in the packet transfer rule storage unit matches the received packet based on the classification information of the data transfer rule; A rule execution unit (for example, rule execution unit 1206B) that executes processing indicated by the action information of the adapted packet transfer rule with respect to the received packet. The packet attribute determination unit is included in the rule determination unit. The setting means may be included in the rule execution means.
 また、本発明による通信システムは、各パケット転送装置のパケット処理を制御することにより、当該パケットの通信経路を制御する制御装置(例えば、OFC110)をさらに備え、制御装置は、任意のパケットフローに対して、各パケット転送装置によって形成されるネットワークである内部ネットワークのトポロジに応じた経路を決定する経路決定手段(例えば、経路決定手段1101)と、経路決定手段が決定した経路を実現するためのパケット転送ルールを生成して、関係するパケット転送装置に転送するパケット転送ルール設定手段(フローエントリ設定手段1102)とを含み、各パケット転送装置のパケット転送ルール記憶手段は、パケット転送ルール設定手段から転送されたパケット転送ルールを記憶し、パケット転送ルール設定手段は、特定のパケットフローの経路において中継点となるパケット転送装置に対して、属性設定領域の値が内部属性を示す値であることを指定する情報を有する分類情報と、所定のポートからの出力を示すアクション情報とを含むパケット転送ルールを、特定のパケットフローの通信が開始される前に転送してもよい。 The communication system according to the present invention further includes a control device (for example, OFC 110) for controlling the packet communication path of each packet transfer device by controlling the packet processing of each packet transfer device. On the other hand, a route determination unit (for example, route determination unit 1101) that determines a route according to the topology of the internal network, which is a network formed by each packet transfer device, and a route that is determined by the route determination unit A packet transfer rule setting unit (flow entry setting unit 1102) for generating a packet transfer rule and transferring the packet transfer rule to a related packet transfer device. The packet transfer rule storage unit of each packet transfer device includes: Memorize transferred packet transfer rules and transfer packets The rule setting means includes, for a packet transfer apparatus serving as a relay point in a specific packet flow route, classification information having information specifying that the value of the attribute setting area is a value indicating an internal attribute, A packet transfer rule including action information indicating an output from the port may be transferred before communication of a specific packet flow is started.
 また、本発明による通信システムは、パケット転送装置として、仮想化されたサーバ上で動作する仮想パケット転送装置(例えば、図7におけるOFS124)と、仮想パケット転送装置と接続される第2のパケット転送装置(例えば、図7におけるOFS121)とを少なくとも備え、第2のパケット転送装置の1つのポートが、サーバの1つのポートであって、仮想パケット転送装置から転送される内部パケットと、仮想パケット転送装置を経由しない外部パケットの両方を送信可能な1つのポートに接続されていてもよい。 In addition, the communication system according to the present invention includes a virtual packet transfer device (for example, OFS 124 in FIG. 7) operating on a virtualized server as a packet transfer device, and a second packet transfer connected to the virtual packet transfer device. Device (for example, OFS 121 in FIG. 7), and one port of the second packet transfer device is one port of the server, and an internal packet transferred from the virtual packet transfer device and a virtual packet transfer It may be connected to one port capable of transmitting both external packets that do not pass through the device.
 また、属性設定領域が、ヘッダ情報に含まれるMACアドレスのU/Lビットの領域であり、内部属性を示す値が、MACアドレスのU/Lビットにおいてローカルアドレスを示す値であってもよい。 Also, the attribute setting area may be a U / L bit area of the MAC address included in the header information, and the value indicating the internal attribute may be a value indicating the local address in the U / L bit of the MAC address.
 また、属性設定領域が、予め外部ネットワークが用いるプロトコルにおいて当該通信システム用に固有値が割り当てられている、MACアドレスのアドレスブロックの領域であり、内部属性を示す値が、固有値であってもよい。 Further, the attribute setting area may be an address block area of the MAC address to which a unique value is assigned in advance for the communication system in the protocol used by the external network, and the value indicating the internal attribute may be a unique value.
 また、属性設定領域が、外部ネットワークが用いるプロトコルにおいて用いられているヘッダ拡張技術によって拡張された拡張ヘッダ領域であり、内部属性を示す値が、パケット転送装置のいずれかが拡張ヘッダ領域を拡張した旨を示す所定の値であってもよい。 In addition, the attribute setting area is an extension header area extended by the header extension technology used in the protocol used by the external network, and one of the packet transfer devices has extended the extension header area with a value indicating the internal attribute. It may be a predetermined value indicating the effect.
 以上、実施形態及び実施例を参照して本願発明を説明したが、本願発明は上記実施形態および実施例に限定されるものではない。本願発明の構成や詳細には、本願発明のスコープ内で当業者が理解し得る様々な変更をすることができる。 As mentioned above, although this invention was demonstrated with reference to embodiment and an Example, this invention is not limited to the said embodiment and Example. Various changes that can be understood by those skilled in the art can be made to the configuration and details of the present invention within the scope of the present invention.
 この出願は、2014年2月10日に出願された日本特許出願2014-023091を基礎とする優先権を主張し、その開示の全てをここに取り込む。 This application claims priority based on Japanese Patent Application No. 2014-023091, filed on February 10, 2014, the entire disclosure of which is incorporated herein.
 本発明は、複数のパケット転送装置を介して通信を行う用途に好適に適用可能であり、特に、仮想化されたパケット転送装置が含まれる通信システムに好適に適用可能である。 The present invention can be preferably applied to a use in which communication is performed via a plurality of packet transfer apparatuses, and particularly applicable to a communication system including a virtualized packet transfer apparatus.
 110 OFC
 1101 経路決定手段
 1102 フローエントリ設定手段
 121、122、123、124、121A、121B OFS
 1201A、1201B パケット属性判定手段
 1202A、1202B パケット属性設定手段
 1203A、1203B パケット処理手段
 1204A、1204B フローテーブル記憶手段
 1205B ルール判定手段
 1206B ルール実行手段
 131、132、133 通信端末
 500-1、500-2 パケット転送装置
 501 パケット属性判定手段
 502 パケット属性設定手段
 700、900 オープンフローネットワーク
 710、910 OFC
 721 OFS(仮想OFS)
 722~724、921~924 OFS
 731、732、931、932、933 通信端末
 840 物理サーバ
 841 ハイパーバイザ
 842 仮想マシン
 843 仮想スイッチ
 844 アプリケーション
 845 物理NIC
 850 スイッチ 110 OFC
1101 Route determining means 1102 Flow entry setting means 121, 122, 123, 124, 121A, 121B OFS
1201A, 1201B Packet attribute determination means 1202A, 1202B Packet attribute setting means 1203A, 1203B Packet processing means 1204A, 1204B Flow table storage means 1205B Rule determination means 1206B Rule execution means 131, 132, 133 Communication terminal 500-1, 500-2 Packet Forwarding device 501 Packet attribute determination means 502 Packet attribute setting means 700, 900 Open flow network 710, 910 OFC
721 OFS (virtual OFS)
722 to 724, 921 to 924 OFS
731, 732, 931, 932, 933 Communication terminal 840 Physical server 841 Hypervisor 842 Virtual machine 843 Virtual switch 844 Application 845 Physical NIC
850 switch

Claims (10)

  1.  受信したパケットを転送する複数のパケット転送装置を備え、
     前記各パケット転送装置は、
     パケットのヘッダ領域に含まれる所定の領域であって、パケットの属性を設定する領域として予め定められている属性設定領域を参照して、受信したパケットの属性が、前記各パケット転送装置のいずれかから転送された内部パケットを表す内部属性か、外部のノードから受信した外部パケットを表す外部属性かを判定するパケット属性判定手段と、
     外部パケットを、内部ネットワークを介して他のパケット転送装置に転送する場合に、当該パケットの前記属性設定領域に内部属性を示す値を設定するパケット属性設定手段とを含み、
     前記パケット属性判定手段は、受信したパケットの前記属性設定領域の値が内部属性を示す値であれば内部属性であると判定し、内部属性を示す値以外の値であれば外部属性であると判定する
     ことを特徴とする通信システム。     It has a plurality of packet transfer devices that transfer received packets,
    Each of the packet transfer devices is
    A predetermined area included in the header area of the packet, and an attribute setting area that is predetermined as an area for setting the attribute of the packet is referred to. Packet attribute determination means for determining whether the internal attribute representing the internal packet transferred from the external attribute or the external attribute representing the external packet received from an external node;
    Packet attribute setting means for setting a value indicating an internal attribute in the attribute setting area of the packet when the external packet is transferred to another packet transfer device via the internal network;
    The packet attribute determining means determines that the value of the attribute setting area of the received packet is an internal attribute if the value indicates an internal attribute, and if the value is a value other than the value indicating an internal attribute, A communication system characterized by determining.
  2.  各パケット転送装置は、
     パケットを受信したときの当該パケット転送装置の動作を定める情報であるパケット転送ルールであって、当該パケット転送ルールが適用されるパケットフローに属するパケットの要件を示す分類情報と、実行する処理を示すアクション情報とを含むパケット転送ルールを記憶するパケット転送ルール記憶手段と、
     前記パケット転送ルール記憶手段に記憶されているパケット転送ルールに従って、受信したパケットに対する処理を実行するパケット処理手段とを含み、
     前記分類情報は、属性設定領域の値を指定する情報を有し、
     前記パケット処理手段は、
     前記パケット転送ルール記憶手段に記憶されているパケット転送ルールの分類情報に基づいて、受信したパケットが前記パケット転送ルール記憶手段に記憶されているパケット転送ルールのいずれに適合するかを判定するルール判定手段と、
     受信したパケットに対して、適合したパケット転送ルールのアクション情報が示す処理を実行するルール実行手段とを有し、
     パケット属性判定手段は、前記ルール判定手段に含まれ、
     パケット属性設定手段は、前記ルール実行手段に含まれる
     請求項1に記載の通信システム。     Each packet forwarding device
    A packet transfer rule, which is information that determines the operation of the packet transfer device when a packet is received, indicating classification information indicating requirements of packets belonging to the packet flow to which the packet transfer rule is applied, and processing to be executed Packet transfer rule storage means for storing packet transfer rules including action information;
    Packet processing means for executing processing on the received packet in accordance with the packet transfer rule stored in the packet transfer rule storage means,
    The classification information includes information for specifying a value of the attribute setting area,
    The packet processing means includes
    Rule determination for determining which of the packet transfer rules stored in the packet transfer rule storage means matches the received packet based on the packet transfer rule classification information stored in the packet transfer rule storage means Means,
    Rule execution means for executing processing indicated by action information of the adapted packet transfer rule for the received packet;
    Packet attribute determining means is included in the rule determining means,
    The communication system according to claim 1, wherein packet attribute setting means is included in the rule execution means.
  3.  各パケット転送装置のパケット処理を制御することにより、パケットの通信経路を制御する制御装置を備え、
     前記制御装置は、
     任意のパケットフローに対して、内部ネットワークのトポロジに応じた経路を決定する経路決定手段と、
     前記経路決定手段が決定した経路を実現するためのパケット転送ルールを生成して、関係するパケット転送装置に転送するパケット転送ルール設定手段とを含み、
     前記パケット転送ルール設定手段は、特定のパケットフローの経路において中継点となるパケット転送装置に対して、属性設定領域の値が内部属性を示す値であることを指定する情報を有する分類情報と、所定のポートからの出力を示すアクション情報とを含むパケット転送ルールを、当該パケットフローの通信が開始される前に転送し、
     各パケット転送装置のパケット転送ルール記憶手段は、前記パケット転送ルール設定手段から転送されたパケット転送ルールを記憶する
     請求項1または請求項2に記載の通信システム。     By controlling the packet processing of each packet transfer device, a control device for controlling the packet communication path is provided,
    The controller is
    Route determination means for determining a route according to the topology of the internal network for an arbitrary packet flow;
    A packet transfer rule setting unit for generating a packet transfer rule for realizing the route determined by the route determination unit and transferring the packet transfer rule to a related packet transfer device;
    The packet transfer rule setting means includes classification information having information for designating that a value of an attribute setting area is a value indicating an internal attribute for a packet transfer device serving as a relay point in a route of a specific packet flow; A packet transfer rule including action information indicating an output from a predetermined port is transferred before communication of the packet flow is started,
    The communication system according to claim 1 or 2, wherein the packet transfer rule storage unit of each packet transfer device stores the packet transfer rule transferred from the packet transfer rule setting unit.
  4.  パケット転送装置として、仮想化されたサーバ上で動作する仮想パケット転送装置と、前記仮想パケット転送装置と接続される第2のパケット転送装置とを少なくとも備え、
     前記第2のパケット転送装置の1つのポートが、前記仮想パケット転送装置から転送される内部パケットと、前記仮想パケット転送装置を経由しない外部パケットの両方を送信可能な1つのポートに接続されている
     請求項1から請求項3のうちのいずれか1項に記載の通信システム。     As a packet transfer device, at least a virtual packet transfer device that operates on a virtualized server, and a second packet transfer device connected to the virtual packet transfer device,
    One port of the second packet transfer apparatus is connected to one port capable of transmitting both an internal packet transferred from the virtual packet transfer apparatus and an external packet that does not pass through the virtual packet transfer apparatus. The communication system according to any one of claims 1 to 3.
  5.  属性設定領域が、ヘッダ情報に含まれるMACアドレスのU/Lビットの領域であり、
     内部属性を示す値が、MACアドレスのU/Lビットにおいてローカルアドレスを示す値である
     請求項1から請求項4のうちのいずれか1項に記載の通信システム。     The attribute setting area is a U / L bit area of the MAC address included in the header information,
    The communication system according to any one of claims 1 to 4, wherein the value indicating the internal attribute is a value indicating a local address in the U / L bit of the MAC address.
  6.  属性設定領域が、予め外部ネットワークが用いるプロトコルにおいて当該通信システム用に固有値が割り当てられている、MACアドレスのアドレスブロックの領域であり、
     内部属性を示す値が、前記固有値である
     請求項1から請求項4のうちのいずれか1項に記載の通信システム。     The attribute setting area is an address block area of the MAC address in which a unique value is assigned in advance for the communication system in the protocol used by the external network.
    The communication system according to any one of claims 1 to 4, wherein a value indicating an internal attribute is the eigenvalue.
  7.  属性設定領域が、外部ネットワークが用いるプロトコルにおいて用いられているヘッダ拡張技術によって拡張された拡張ヘッダ領域であり、
     内部属性を示す値が、パケット転送装置のいずれかが前記拡張ヘッダ領域を拡張した旨を示す所定の値である
     請求項1から請求項4のうちのいずれか1項に記載の通信システム。     The attribute setting area is an extension header area extended by the header extension technology used in the protocol used by the external network,
    The communication system according to any one of claims 1 to 4, wherein the value indicating the internal attribute is a predetermined value indicating that any of the packet transfer apparatuses has expanded the extension header area.
  8.  パケットのヘッダ領域に含まれる所定の領域であって、パケットの属性を設定する領域として予め定められている属性設定領域を参照して、受信したパケットの属性が、内部ネットワークに属するパケット転送装置のいずれかから転送された内部パケットを表す内部属性か、外部のノードから受信した外部パケットを表す外部属性かを判定するパケット属性判定手段と、
     外部パケットを、内部ネットワークを介して他のパケット転送装置に転送する場合に、当該パケットの前記属性設定領域に、内部属性を示す値を設定するパケット属性設定手段とを備え、
     パケット属性判定手段は、受信したパケットの前記属性設定領域の値が内部属性を示す値であれば内部属性であると判定し、内部属性を示す値以外の値であれば外部属性であると判定する
     ことを特徴とするパケット転送装置。     A predetermined area included in the header area of the packet, the attribute setting area that is predetermined as an area for setting the attribute of the packet is referred to, and the received packet attribute of the packet transfer device belonging to the internal network A packet attribute determination means for determining whether an internal attribute representing an internal packet transferred from any one or an external attribute representing an external packet received from an external node;
    A packet attribute setting unit that sets a value indicating an internal attribute in the attribute setting area of the packet when the external packet is transferred to another packet transfer device via the internal network;
    The packet attribute determining means determines that the attribute setting area value of the received packet is an internal attribute if the value indicates an internal attribute, and determines that the value is an external attribute if the value is other than the value indicating the internal attribute. A packet transfer apparatus characterized by:
  9.  各パケット転送装置が、パケットを受信した際に、前記パケットのヘッダ領域に含まれる所定の領域であってパケットの属性を設定する領域として予め定められている属性設定領域を参照して、受信したパケットの属性が、前記各パケット転送装置のいずれかから転送された内部パケットを表す内部属性か、外部のノードから受信した外部パケットを表す外部属性かを判定し、
     各パケット転送装置が、内部ネットワークを介して他のパケット転送装置に転送する場合に、当該パケットの属性設定領域に、内部属性を示す値を設定し、
     各パケット転送装置が、パケットの属性を判定する際に、受信したパケットの前記属性設定領域の値が内部属性を示す値であれば内部属性であると判定し、内部属性を示す値以外の値であれば外部属性であると判定する
     ことを特徴とするパケット転送方法。     When each packet transfer device receives the packet, it is received with reference to an attribute setting area that is a predetermined area included in the header area of the packet and is set as an area for setting the attribute of the packet. Determining whether the attribute of the packet is an internal attribute representing an internal packet transferred from any of the packet transfer devices or an external attribute representing an external packet received from an external node;
    When each packet transfer device transfers to another packet transfer device via the internal network, a value indicating the internal attribute is set in the attribute setting area of the packet,
    When each packet transfer device determines the attribute of the packet, if the value of the attribute setting area of the received packet is a value indicating an internal attribute, the packet transfer device determines that the value is an internal attribute, and a value other than the value indicating the internal attribute If so, it is determined that the attribute is an external attribute.
  10.  パケット転送装置が備えるコンピュータに、
     パケットのヘッダ領域に含まれる所定の領域であって、パケットの属性を設定する領域として予め定められている属性設定領域を参照して、受信したパケットの属性が、内部ネットワークに属するパケット転送装置のいずれかから転送された内部パケットを表す内部属性か、外部のノードから受信した外部パケットを表す外部属性かを判定するパケット属性判定処理、および
     外部パケットを、内部ネットワークを介して他のパケット転送装置に転送する場合に、当該パケットの前記属性設定領域に、内部属性を示す値を設定する属性情報設定処理を実行させ、
     前記パケット属性判定処理で、受信したパケットの前記属性設定領域の値が内部属性を示す値であれば内部属性であると判定させ、内部属性を示す値以外の値であれば外部属性であると判定させる
     ためのパケット転送用プログラム。     In the computer provided in the packet transfer device,
    A predetermined area included in the header area of the packet, the attribute setting area that is predetermined as an area for setting the attribute of the packet is referred to, and the received packet attribute of the packet transfer device belonging to the internal network Packet attribute determination processing for determining whether an internal attribute representing an internal packet transferred from any one or an external attribute representing an external packet received from an external node, and another packet transfer device that transmits an external packet via an internal network In the attribute setting area of the packet, the attribute information setting process for setting a value indicating an internal attribute is executed,
    In the packet attribute determination process, if the value of the attribute setting area of the received packet is a value indicating an internal attribute, it is determined to be an internal attribute, and if it is a value other than a value indicating an internal attribute, it is an external attribute A packet transfer program to make a decision.
PCT/JP2015/000227 2014-02-10 2015-01-20 Communication system, packet-forwarding device, packet-forwarding method, and packet-forwarding program WO2015118811A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2014023091 2014-02-10
JP2014-023091 2014-02-10

Publications (1)

Publication Number Publication Date
WO2015118811A1 true WO2015118811A1 (en) 2015-08-13

Family

ID=53777626

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2015/000227 WO2015118811A1 (en) 2014-02-10 2015-01-20 Communication system, packet-forwarding device, packet-forwarding method, and packet-forwarding program

Country Status (1)

Country Link
WO (1) WO2015118811A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012033117A1 (en) * 2010-09-09 2012-03-15 日本電気株式会社 Network system and network management method
WO2012096131A1 (en) * 2011-01-13 2012-07-19 日本電気株式会社 Network system and method of controlling path

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012033117A1 (en) * 2010-09-09 2012-03-15 日本電気株式会社 Network system and network management method
WO2012096131A1 (en) * 2011-01-13 2012-07-19 日本電気株式会社 Network system and method of controlling path

Similar Documents

Publication Publication Date Title
EP2544417B1 (en) Communication system, path control apparatus, packet forwarding apparatus and path control method
JP5991424B2 (en) Packet rewriting device, control device, communication system, packet transmission method and program
KR101478475B1 (en) Computer system and communication method in computer system
JP5862769B2 (en) COMMUNICATION SYSTEM, CONTROL DEVICE, COMMUNICATION METHOD, AND PROGRAM
WO2012133060A1 (en) Network system and method for acquiring vlan tag information
US20160301603A1 (en) Integrated routing method based on software-defined network and system thereof
US20130250958A1 (en) Communication control system, control server, forwarding node, communication control method, and communication control program
CN107204867A (en) A kind of information transferring method, device and system
JP6544401B2 (en) PACKET TRANSFER DEVICE, CONTROL DEVICE, COMMUNICATION SYSTEM, COMMUNICATION METHOD, AND PROGRAM
JP6323547B2 (en) COMMUNICATION SYSTEM, CONTROL DEVICE, COMMUNICATION CONTROL METHOD, AND PROGRAM
JP5993817B2 (en) Routing system and method in carrier network
JP5858141B2 (en) Control device, communication device, communication system, communication method, and program
CN105516025A (en) End-to-end path control and data transmission method, OpenFlow controller and a switch
JP5534033B2 (en) Communication system, node, packet transfer method and program
WO2015079615A1 (en) Communication system, communication method, network information combination apparatus, processing rule conversion method, and processing rule conversion program
US20160294673A1 (en) Communication system, communication method, network information combination apparatus, and network information combination program
JPWO2015151442A1 (en) COMMUNICATION SYSTEM, COMMUNICATION METHOD, AND CONTROL DEVICE
JPWO2014126094A1 (en) COMMUNICATION SYSTEM, COMMUNICATION METHOD, CONTROL DEVICE, CONTROL DEVICE CONTROL METHOD, AND PROGRAM
WO2015118811A1 (en) Communication system, packet-forwarding device, packet-forwarding method, and packet-forwarding program
JP2017175522A (en) Network system, control device, method and program
JP5854488B2 (en) Communication system, control device, processing rule setting method and program
JP5359357B2 (en) Packet processing apparatus, packet processing order control method and packet processing order control program used in the processing apparatus
JP6344005B2 (en) Control device, communication system, communication method, and program
RU2574350C2 (en) Computer system and method for communication in computer system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15745751

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15745751

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: JP