JP2017175522A - Network system, control device, method and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To enable setting a switch, which is located at a boundary of a domain and another domain, without concentrating a load to one controller, in a network environment having a plurality of domains.SOLUTION: A network system includes a plurality of switches 530, a plurality of domain controllers 520 and an integrated controller 510. The integrated controller 510 transmits to each of the domain controllers 520 domain boundary information which includes the information of a boundary port which is a port coming to a boundary with the other domain in the control target domain. Based on the domain boundary information, each domain controller 520 sets an inter-domain processing rule, which is provided for at least a boundary switch among subordinate switches to transfer a packet of inter-domain communication, and in which a port through which the target switch can reach a switch in the other domain is designated.SELECTED DRAWING: Figure 22

Description

  The present invention relates to a network system having a plurality of domains, a control device and a switch included in the network system, a route control method applied to them, a packet transfer method, and a route control program.

  A method of controlling switches, terminals, and the like from an external controller is called a CU (C: control plane / U: user plane) separated architecture. A network having a configuration based on such a CU separation type architecture is referred to as a CU separation type network.

  As an example of the CU separation type network, there is an open flow network using an OpenFlow technology for controlling a switch from a controller and performing network path control.

  In the OpenFlow network, a switch called OFS (OpenFlow Switch) is in charge of packet transfer, and a controller called OFC (OpenFlow Controller) placed outside the OFS is in charge of path control. Thereby, control from the outside becomes easy, and it becomes possible to construct a flexible network.

  More specifically, the OFC controls the behavior of the OFS by manipulating the OFS flow table. Here, the OFS includes virtualized switches such as virtual switches.

  The flow table is a table in which processing rules (entries) that define predetermined processing contents (actions) to be performed on packets that meet predetermined matching conditions (rules) are registered. The packet may be read as a frame. A packet group (packet series) that conforms to the rule is called a flow.

  The rule uses any or all of a destination address (Destination Address), a source address (Source Address), a destination port (Destination Port), and a source port (Source Port) included in the header area of each protocol layer of the packet. Are defined and distinguished by various combinations. Note that the above address includes a MAC address (Media Access Control Address) and an IP address (Internet Protocol Address). In addition to the above, information on an ingress port (Ingress Port) can also be used as a rule.

  Therefore, the flow may be referred to as a packet group identified by information included in the header area of the packet.

  The action is usually packet transfer to a predetermined transfer destination. It is also possible to specify packet discard as an action.

  In an OpenFlow network, normally, when a switch receives a packet that does not have a corresponding entry, the switch transmits an inquiry (entry request) about the packet to the controller. Normally, the switch transfers the packet to the controller as an inquiry about the packet.

  The switch and the controller are connected by a control channel such as a secure channel. When the controller receives an inquiry about a packet from a switch under management, the controller calculates the route of the flow including the packet. For example, in the flow table of the switch, “the flow including the packet is sent to a predetermined transfer destination”. Register an entry that says “Forward”. At this time, the controller transmits a control message (processing rule setting instruction) for registering the entry to the flow table to the switch.

  For example, there are techniques described in Patent Documents 1 and 2 regarding a route control method in an OpenFlow network.

International Publication 2012/096131 Pamphlet JP 2013-522934 A

  In the CU separation type network, the controller centrally controls a plurality of switches. For example, an OpenFlow controller (hereinafter referred to as OFC) centrally controls a plurality of OpenFlow switches (hereinafter referred to as OFS) using the OpenFlow protocol.

  The network system described in Patent Document 1 sets an entry before communication is started for a core switch that becomes a relay switch and an edge switch that can become an output-side edge switch in a route calculated in advance. When communication actually occurs, an entry is set only for the input side edge switch. As a result, the processing frequency of the flow table is reduced, and the performance problem in terms of hardware is solved. Here, the edge switch is a switch that can be connected to a terminal.

  However, Patent Document 1 only describes a method for controlling a network with a single controller. Therefore, the method described in Patent Document 1 cannot be directly applied to a large-scale network including a plurality of domains and controlled by a controller in units of domains. Note that when a single controller manages a network instead of a domain unit, there is a problem that the load is concentrated on the controller in a large-scale network.

  Further, assuming such a large-scale network, consider a case where each controller sets an entry only for a switch existing in a domain managed by the controller. In such a case, a boundary switch that becomes a boundary between domains corresponds to an edge switch in each domain. For this reason, every time a new inter-domain communication is started, an entry is set in a boundary switch corresponding to an input side edge switch with another domain. As a result, the boundary switch may cause a problem due to the processing frequency of the flow table, that is, another problem that a lot of entry resources are consumed and the load becomes high.

  Patent Document 2 discloses a communication system including a plurality of communication subsystems, each of which includes an intermediate control device (lower controller) and a control device (upper controller) that controls the intermediate control device. ) Is shown. In the communication system described in Patent Document 2, a host controller collects information of a plurality of lower controllers and performs path control of a flow that flows between a plurality of communication subsystems. More specifically, the upper controller sets and notifies a communication range in which the lower controller can freely control the path based on the topology information collected from each of the lower controllers. When each of the subordinate controllers receives a notification that a new flow has been detected from the switch, it determines whether or not the flow is communication within the range to which authority has been delegated from the control device. , Control the route itself. On the other hand, if the notified flow is out of the range where the authority is delegated, each of the lower controllers makes a route inquiry to the upper controller and sets the route according to the response.

  However, Patent Document 2 does not describe an example in which a lower-level controller is allowed a communication range beyond the subsystem. Therefore, in the case of communication across subsystems, a route inquiry must be made to the host controller, and there is a problem that the load is concentrated on the host controller. For example, in the route control method described in Patent Document 2, in the case of communication across communication subsystems, the lower-level controller uses the processing rules created by the higher-level controller according to the route determined by the higher-level controller as communication under its jurisdiction. Convert to subsystem and set to each switch. Furthermore, in the route control method described in Patent Document 2, every time inter-domain communication with a different transmission source or destination is newly started, not only the boundary switch but also the core switch in the subsystem has an entry. Setting will be made. Therefore, in the method described in Patent Document 2, in addition to the path setting load in the host controller, there is a possibility that problems such as resource consumption and load increase in all switches on the path including the boundary switch may occur.

  Therefore, the present invention provides a network system, a control device, a route control method, and a packet transfer capable of setting a switch at the boundary between a domain and another domain without concentrating the load on one controller in a network environment having a plurality of domains. It is an object to provide a method and a routing program.

  The network system according to the present invention maintains a plurality of switches that process received packets and the topology of the domain to be controlled in accordance with the processing rules held by itself, and sets a plurality of processing rules for subordinate switches. A domain controller, and an integrated controller that transmits domain boundary information including boundary port information that is a boundary with another domain in the controlled domain to each of the domain controllers, and each domain controller receives from the integrated controller Based on the domain boundary information, a processing rule for transferring an inter-domain communication packet, which is a communication across domains, to a boundary switch having at least a boundary port among subordinate switches, A port that can reach a switch in another domain And sets the domain between processing rules.

  A control device according to the present invention is a control device that operates as one of a plurality of domain controllers provided in a network system having a plurality of domains, and includes a topology management unit that stores topology information of a domain to be controlled, and a subordinate switch A processing rule setting unit for setting a processing rule for processing a received packet, and the processing rule setting unit is received from an integrated controller that manages a network wider than the domain controller. Based on the domain boundary information including boundary port information that is a boundary with other domains, forward inter-domain communication packets that are cross-domain communication to the boundary switch that has at least the boundary port among the subordinate switches Processing rule for the target switch to be Wherein the switch reachable port down to set the inter-specified domain processing rules.

  A plurality of routing control methods according to the present invention are provided in a network system having a plurality of domains, each of which receives a domain controller storing topology information of a domain to be controlled from an integrated controller that manages a network wider than the domain controller. A domain that is a communication across domains for a boundary switch having at least a boundary port among subordinate switches based on domain boundary information including boundary port information that is a boundary with another domain in the controlled domain It is a processing rule for transferring inter-communication packets, and is characterized by setting an inter-domain processing rule in which a target switch is designated as a port that can reach a switch in another domain.

  A plurality of routing control programs according to the present invention are provided in a network system having a plurality of domains, each integrated with a computer included in a domain controller that stores topology information of a controlled domain, to manage a network wider than the domain controller. Based on the domain boundary information received from the controller, including the boundary port information that is the boundary port with other domains in the controlled domain, communication across domains to the boundary switch that has at least the boundary port among the subordinate switches It is a processing rule for transferring inter-domain communication packets, and the target switch realizes processing for setting an inter-domain processing rule in which a port that can reach a switch in another domain is specified. To do.

  The packet transfer method according to the present invention includes a plurality of switches that process received packets in accordance with processing rules held by itself, and a plurality of switches that hold topology information of control target domains and set the processing rules for subordinate switches. A packet transfer method for inter-domain communication that is communication across domains in a network system including a domain controller and an integrated controller that manages a network including the plurality of domains, and includes at least a predetermined inter-domain communication path The domain boundary information received from the integrated controller by the domain controller of its own domain, the boundary switch located at the domain boundary and the intra-domain relay switch that is a relay switch in each domain on the path, Other domains within the controlled domain Interdomain processing rules for forwarding received packets along the route in the own domain for predetermined interdomain communication determined based on domain boundary information including boundary port information that is the boundary between When inter-domain communication is newly started, the input-side edge switch located at the start point of the communication path sends the communication flow to the domain controller of its own domain. As a result of the inquiry, the domain controller rewrites the header area of the received packet in accordance with the inter-domain processing rule set based on the information obtained from the integrated controller, and then switches the next stage on the path in its own domain. In a domain that is a relay switch in each domain on the communication path. The relay switch transmits the received packet from a predetermined port connected to the next-stage switch in the route in the own domain according to the inter-domain processing rule set in advance, so that Forward to the boundary switch located at the boundary, and the output side boundary switch located at the start side among the domain boundaries on the communication path transmits the received packet from the predetermined boundary port according to the preset inter-domain processing rule. The input side boundary switch located on the end point side of the domain boundary on the communication path transmits and receives the received packet in accordance with the preset inter-domain processing rule. The output edge switch located at the end of the communication path is sent from a predetermined port connected to the In accordance with the processing rule or the inter-domain processing rule obtained as a result of inquiring the communication flow to the domain controller, the header area of the received packet is written back and then transmitted from a predetermined port connected to the destination terminal. And

  According to the present invention, in a network environment having a plurality of domains, a switch at the boundary between a domain and another domain can be set without concentrating the load on the integrated controller.

It is a block diagram which shows the example of the network system of 1st Embodiment. 2 is a block diagram illustrating a configuration example of an integrated controller 10. FIG. 3 is a block diagram illustrating a configuration example of a domain controller 20. FIG. It is explanatory drawing which shows the network topology of a 1st example. It is explanatory drawing which shows the outline | summary of the route control method at the time of topology detection. It is explanatory drawing which shows the outline | summary of the route control method at the time of communication start. It is explanatory drawing which shows the example of the packet format in a 1st example. It is explanatory drawing which shows the example of the boundary information in a 1st example. It is explanatory drawing which shows the example of the virtual topology which each OFC manages in a 1st example. It is a sequence diagram which shows the processing flow of the communication between domains of a 1st example. It is a sequence diagram which shows the packet transfer flow of the communication between domains of a 1st example. It is explanatory drawing which shows the network topology of a 2nd example. It is explanatory drawing which shows the example of the boundary information in a 2nd example. It is explanatory drawing which shows the example of the virtual topology which each OFC manages in a 2nd example. It is a sequence diagram which shows the packet transfer flow of the communication between domains in a 2nd example. It is explanatory drawing which shows the example of the packet format in a 2nd example. It is explanatory drawing which shows the example of the packet format in a 3rd example. It is a sequence diagram which shows the packet transfer flow of the communication between domains of the 3rd example. It is a sequence diagram which shows the packet transfer flow of the communication between domains of the 4th example. It is explanatory drawing which shows the example of the packet format in a 4th example. It is explanatory drawing which shows the example of the packet format in a 5th example. It is a block diagram which shows the outline | summary of the network system by this invention. It is a block diagram which shows the outline | summary of the control apparatus by invention.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. The present invention is directed to a CU separation type network. In the following embodiments and examples, an OpenFlow network is used as an example of a CU separation type network, but the network that is the subject of the present invention is not limited to the OpenFlow network.

  FIG. 1 is a configuration diagram illustrating an example of a network system according to the first embodiment. The network system shown in FIG. 1 includes an integrated controller 10, a plurality of domain controllers 20, a plurality of network devices 30, and a terminal 1 and a terminal 2.

  Each of the network devices 30 is connected to at least one other network device 30 and constitutes a communication network 100 that realizes terminal-to-terminal communication as a whole. Hereinafter, the network device 30 may be simply referred to as a switch.

  Although two domain controllers 20 are shown in FIG. 1, the number of domain controllers 20 is not limited to this. Similarly, FIG. 1 shows two network devices 30 as examples of the network devices 30 connected to each domain controller 20, but the number of network devices 30 is not limited to this. Similarly, FIG. 1 shows two terminals (terminal 1 and terminal 2), but the number of terminals is not limited to this.

  The integrated controller 10 is a controller realized by a server machine or a virtual machine operating on the server machine, and is connected to one or more domain controllers 20 using a control channel (for example, a secure channel). The control channel may be one using a dedicated network or one using a general network. Here, the domain controller 20 connected to the integrated controller 10 is more specifically a domain controller 20 that manages a domain included in the communication network 100 that is a management network of the integrated controller 10. Hereinafter, in the integrated controller 10, the connection destination domain controller 20 may be referred to as a subordinate domain controller 20.

  The integrated controller 10 manages a network including a plurality of domains, and determines a path between domains of each flow of inter-domain communication within the scope of the management network. Further, the integrated controller 10 instructs the subordinate domain controller 20 to set the processing rule for transferring the inter-domain communication packet to the necessary network device 30 according to the determined route. Hereinafter, the processing rule for transferring the flow of inter-domain communication in each network device 30 may be referred to as an inter-domain processing rule.

  In the present embodiment, a unit of network area managed by the domain controller 20 is called a domain. As long as the domain is a management area of the network defined in the communication network 100, the details (connection mode, scale, etc.) are not particularly limited. The communication network 100 of the present embodiment includes a plurality of domains, and one domain controller 20 is associated with each domain. One domain controller 20 can manage a plurality of domains. Even in such a case, the integrated controller 10 may identify the subordinate domain controller 20 in units of domains, and perform topology detection, calculation of paths between domains, setting instructions for inter-domain processing rules, and the like.

  For example, the integrated controller 10 may detect the topology of the management network and calculate a path between domains of predetermined inter-domain communication in advance (before the communication is started). Here, the predetermined inter-domain communication is not limited to the predetermined inter-terminal communication specifying the transmission source terminal and the transmission destination terminal, for example, communication from the predetermined domain to the predetermined domain without specifying the terminal, Communication from any domain to the specified domain without specifying one of the domains, communication from the specified domain to any other domain, or from any other domain specifying only one terminal to the specified terminal Communication or communication from a predetermined terminal to any other domain may be included.

  In this case, the integrated controller 10 may in advance instruct the domain controller 20 that manages the domain to which the switch on the route belongs in accordance with the calculated route to set the inter-domain processing rule for the switch. At this time, the integrated controller 10 transmits the boundary information including the information of the boundary port with the other domain in the setting destination domain and instructs the setting of the inter-domain processing rule.

  The integrated controller 10 may only transmit the boundary information without explicitly issuing an instruction for setting the inter-domain processing rule. Upon receiving the boundary information, the domain controller 20 that has received the boundary information may set an inter-domain processing rule for the subordinate switch at a predetermined timing.

  The domain controller 20 is a controller realized by a server machine or a virtual machine running on the server machine, and is connected to the integrated controller 10 and one or more network devices 30 using control channels. The Here, the network device 30 connected to the domain controller 20 is more specifically the network device 30 constituting the domain managed by the domain controller 20. Hereinafter, in a certain domain controller 20, the connection destination network device 30 may be referred to as a subordinate switch. Hereinafter, in a certain domain controller 20, a terminal connected to a subordinate switch may be referred to as a managed terminal.

  In addition, the domain controller 20 determines a path of each flow of intra-domain communication that is communication closed in the domain for the own domain managed by the domain controller 20, and processes rules for subordinate switches according to the determined path. Set.

  For example, the domain controller 20 may determine a predetermined intra-domain communication path at the timing of detecting the topology of its own domain, and set a processing rule for each switch on the path. Hereinafter, processing rules for transferring intra-domain communication packets may be referred to as intra-domain processing rules. The topology detection process includes detection of a managed terminal.

  At this time, the domain controller 20 assigns a node ID uniquely defined to the subordinate switch, and sets a pair of unique information (switch ID, MAC address, etc.) held by the subordinate switch and the node ID. 1 may correspond. Similarly, the domain controller 20 assigns a user ID uniquely defined to a managed terminal, and has one-to-one correspondence between unique information (such as a MAC address) held by the managed switch and the user ID. You may associate with. Note that the assignment of node IDs and user IDs may be performed by the integrated controller 10 when the domain controller 20 notifies the integrated controller 10 of the topology information of its own domain.

  Further, the domain controller 20 holds the domain ID of its own domain.

  In the present embodiment, the domain ID may be information that can identify the domain in the management network of the integrated controller 10 including at least the domain. The node ID may be information that can identify the switch at least in the domain to which the switch belongs. The user ID may be information that can identify the terminal in at least the domain to which the switch connected to the terminal belongs.

  By using such an ID, switches and terminals can be specified at various levels in the communication network 100. For example, a terminal can be uniquely identified in the communication network 100 by using a combination of a domain ID, a node ID, and a user ID. Further, if a set of domain ID and node ID is used, a switch can be uniquely identified in the communication network 100. Further, if a set of a node ID and a user ID is used, a switch and a subordinate terminal can be uniquely identified in a domain to which the switch to which the terminal is connected belongs.

  Further, the domain controller 20 may set a relay entry for transferring the received packet between the switches in the domain, for example, for the core switch on the determined path at the timing when the path is determined. . Further, the domain controller 20 sets an output entry for transferring the packet received from the switch in the domain to the output side edge switch at the timing when the route is determined, for example. Also good.

  Further, the domain controller 20 determines the relay route of the flow from among the preset relay routes in the own domain, for example, at the timing of receiving the flow inquiry (entry request) from the subordinate switch, An input entry along the relay route may be set for the input edge switch.

  The entries in intra-domain communication are roughly classified into input entries, intra-domain relay entries, output entries, boundary input entries, and boundary output entries.

  Here, the input entry is an entry that is set for a switch that becomes an input edge switch on the path. The entry for input is, for example, “if information indicating a predetermined terminal in inter-terminal communication is described in at least a part of a destination area in which destination information of a packet received from a connection destination terminal is set. The entry may be such that each switch on the route adds necessary information to the received packet and forwards it to the next switch on the route. Such an entry for input includes, for example, as a rule, specification of information by which a setting destination switch can specify the packet of the communication, and as an action, a switch that is a destination in each switch on the route as a received packet Alternatively, it includes a rewriting instruction (designation of rewriting method) for adding information that can identify the terminal and designation of an output destination port.

  The destination area is not particularly limited as long as it is an area included in the header part of the packet and is defined in advance as an area in which information about the destination is set in the system. For example, even if an area is used as an area in which information about the transmission source is set during external communication, the area is not used in the transfer path in the system, and is described in that area at the end point of external communication. Can be used as the destination area. In the following, the packet destination information represents information set or to be set in the packet destination area defined as described above.

  In this embodiment, the node ID of the edge switch that is the destination in the own domain and the user ID of the destination terminal are used as information that can identify the destination switch or terminal in each switch on the route. That is, as an entry for intra-domain communication, for example, “When a predetermined packet is received, its destination information is used as a search key (rule), and at least a part of the destination area of the received packet is a node ID and a user ID. Is used, and an entry “transfer to the next-stage switch” is used. Such an entry for input includes, for example, specification of information indicating a destination terminal in destination information of a received packet as a rule, and packet format from a communication format between terminals to a transfer format between switches in the domain as an action. In order to rewrite the packet, a packet rewriting method designation and an instruction to search for an entry again after the rewriting may be included.

  The relay entry is an entry that is set for a switch that is a core switch on the route. For example, if the node ID of a certain edge switch is described in at least a part of the destination area in which the destination information of the received packet is set, the relay entry is transferred to the edge switch. It may be an entry indicating “Yes”. Such a relay entry includes, for example, specification of the node ID of the output side edge switch as a rule and specification of an output destination port as an action. In the rule, in addition to the node ID, other information described in another area of the received packet may be specified.

  The output entry is an entry set for the output side edge switch. The entry for output is, for example, “if at least part of the destination area of the received packet includes its own node ID and the user ID of the connected terminal, the destination information of the received packet is addressed to the terminal. The entry may be “returning to the above and forwarding the received packet to the terminal of the connection destination”. Such an output entry includes, for example, specification of a user ID of a destination terminal as a rule, and a packet for writing back the packet format from a transfer format between switches in the domain to a transfer format between terminals as an action. Specification of a rewriting method and specification of an output destination port may be included.

  Further, the domain controller 20 notifies the integrated controller 10 of the topology information of its own domain. Further, when the domain controller 20 receives an instruction for setting an inter-domain processing rule from the integrated controller 10, the inter-domain processing according to the instruction content (more specifically, specification of a boundary port that is a path between domains) A rule is set for an appropriate network device 30 in its own domain. Details of the inter-domain processing rule will be described later.

  At this time, the domain controller 20 may freely determine a route in the own domain in inter-domain communication. The domain controller 20 can also use a predetermined intra-domain communication path as the intra-domain path in inter-domain communication. In such a case, the domain controller 20 may transfer an inter-domain communication packet by using a relay entry for intra-domain communication. This means that part of the inter-domain processing rule is substituted by the intra-domain processing rule.

  The network device 30 is a network device such as a switch, and processes a received packet according to an entry set from the domain controller 20. The network device 30 may be a virtual network device that operates on a server machine, such as a virtual switch. The network device 30 can be connected to one or more terminals. Hereinafter, in a certain network device 30, a connection destination terminal may be referred to as a subordinate terminal.

  FIG. 2 is a block diagram illustrating a configuration example of the integrated controller 10. As shown in FIG. 2, the integrated controller 10 includes a controller management unit 11, a topology management unit 12, and an inter-domain route calculation unit 13.

  The controller management unit 11 manages (stores) information of the subordinate domain controller 20 and transmits / receives various information to / from the domain controller 20. Various information that the controller management unit 11 transmits and receives to and from the domain controller 20 includes domain topology information, destination terminal inquiries, responses to them, and setting instructions for inter-domain processing rules.

  The information on the domain controller 20 managed by the controller management unit 11 may be address information for transmitting / receiving information to / from the domain controller 20, for example. The information on the domain controller 20 stored by the controller management unit 11 is not limited to this.

  The topology management unit 12 manages topology information of the management network (communication network 100). The topology management unit 12 may store, as the topology information of the network, for example, the topology information of each domain received from the subordinate domain controller 20 and the information on the connection form between the domains.

  The topology management unit 12 stores, for example, the topology information of each domain acquired from the subordinate domain controller 20 in association with the domain ID, and based on the information, the topology between domains (between each domain) The boundary switch and boundary port information) may be detected and stored. The domain ID may be acquired from an external server device, a subordinate domain controller 20 or the like, may be a preset ID, or may be an ID assigned by itself. Note that the topology information stored in the topology management unit 12 is not limited to this.

  The inter-domain route calculation unit 13 calculates a route between domains in inter-domain communication based on the topology of the management network.

  FIG. 3 is a block diagram illustrating a configuration example of the domain controller 20. As shown in FIG. 2, the domain controller 20 includes a switch management unit 21, a topology management unit 22, an intra-domain route calculation unit 23, a processing rule generation unit 24, and an integrated controller I / F unit 25.

  The switch management unit 21 manages information on the switches under the switch and transmits / receives various information to / from the network device 30. Various information that the switch management unit 21 transmits and receives to and from the network device 30 includes control messages such as entry requests and responses. For example, the switch management unit 21 acquires (receives) information related to the topology of its own domain (information on network devices belonging to the domain, information on their connection form, information on terminals under their control, etc.) from the subordinate switch. . Further, the switch management unit 21 transmits, for example, the processing rule generated by the processing rule generation unit 24 described later to the subordinate switch.

  The information on the network device 30 managed by the switch management unit 21 may be address information for transmitting / receiving information to / from a subordinate switch, for example. The information on the network device 30 stored by the switch management unit 21 is not limited to this. Further, the switch management unit 21 may refer to information managed by the topology management unit 22 without managing the information itself.

  The topology management unit 22 manages the topology information of its own domain. For example, the topology management unit 22 uses information on the network device 30 constituting the topology (specific identification information such as a MAC address, node ID, port information, etc.) as a topology information of its own domain, and a connection form thereof. Information (such as connection destination information for each port) and terminal information (specific identification information such as a MAC address, user ID) may be stored. The domain topology information stored in the topology management unit 22 is not limited to this.

  The intra-domain route calculation unit 23 calculates the intra-domain communication route based on the topology of the own domain. In addition, the intra-domain route calculation unit 23, when the inter-domain route in the inter-domain communication is designated by the integrated controller 10, follows the designated contents, that is, passes the designated inter-domain route. Calculate routes within a domain.

  The processing rule generation unit 24 generates a processing rule to be set in the subordinate switch according to the route calculated by the intra-domain route calculation unit 23. The processing rules generated by the processing rule generation unit 24 include intra-domain processing rules and inter-domain processing rules.

  The integrated controller I / F unit 25 transmits and receives various types of information to and from the integrated controller 10. For example, the integrated controller I / F unit 25 transmits and receives various types of information to and from the controller management unit 11 of the integrated controller 10.

[Example 1]
Hereinafter, the operation of this embodiment will be described using a specific example.

  As a first example, the operation of this embodiment will be described using the topology shown in FIG. FIG. 4 is an explanatory diagram showing a network topology in the first example. As shown in FIG. 4, the network system of this example includes one integrated controller 10, OFCs 20-1 to 20-2 as domain controllers 20, OFS 30-1 to OFS 30-4 as network devices 30, and terminals. 1 and a terminal 2.

  In this example, OFS 30-1 and OFS 30-2 belong to domain d1 managed by OFC 20-1. The OFS 30-3 and OFS 30-4 belong to the domain d2 managed by the OFC 20-2.

  The OFS 30-1 has at least two ports, is connected to the OFS 30-2 via the port p1, and is connected to the terminal 1 via the port p2.

  The OFS 30-2 has at least two ports, is connected to the OFS 30-3 via the port p1, and is connected to the OFS 30-1 via the port p2.

  The OFS 30-3 has at least two ports, is connected to the OFS 30-4 via the port p1, and is connected to the OFS 30-2 via the port p2.

  The OFS 30-4 has at least two ports, is connected to the terminal 2 via the port p1, and is connected to the OFS 30-3 via the port p2.

  In this example, an example in which the method described in Patent Document 1 is used as a route control method for intra-domain communication will be described. That is, in the intra-domain communication route control, a “Proactive type” in which entries are set in advance for at least some of the OFSs is realized. In the following, an example in which an entry is set in advance for an OFS other than the input side edge switch will be described.

  Further, in this example, the Proactive type is realized also in the path control of the inter-domain communication. In the following, an example in which entries are set in advance for an OFS other than the input-side edge switch in inter-domain communication will be described.

  In addition, in this example, the intra-domain communication path control is used as the intra-domain communication path control in the inter-domain communication.

  First, the route control method described in Patent Document 1 will be briefly described.

  In the path control method described in Patent Literature 1, when the OFC detects the topology of its own domain, which is a management network, it assigns a node ID to the subordinate OFS. Then, the OFC sets a relay entry for the core switch in the subordinate OFS. For entry setting, the entry to be set from the OFC may be transmitted and stored in the target OFS. The relay entry includes designation of a node ID in the packet destination area and an instruction to transmit the received packet from a predetermined port. Each core switch transmits a received packet from a port connected to the next-stage OFS on the path following the preset destination terminal in accordance with the relay entry.

  When the OFC detects a terminal connected to the subordinate OFS, the OFC assigns a user ID to the detected terminal. Then, the OFC sets an output entry for the OFS where the subordinate terminal is detected as an output edge switch. The entry for output includes designation of the node ID of the packet destination area and the user ID of the subordinate terminal, and an instruction to transmit from the predetermined port after rewriting the packet destination area to the original information. Including. In accordance with such an output entry, the output-side edge switch rewrites the packet addressed to the subordinate terminal that has reached itself into the inter-terminal communication format, and transmits it from the port connected to the subordinate terminal.

  Further, when a new communication is started, the OFC sets an entry for input to the input side edge switch that is the start point of the communication. For the entry for input, specify the destination terminal in the destination area of the packet in the inter-terminal communication format of the communication and re-search the entry after rewriting the destination area of the packet to the destination information in the transfer format between OFS Instructions to do so. Here, as designation of rewriting destination information, it is designated that the node ID of the output edge switch and the user ID of the destination terminal are described in the destination area of the packet. The input side edge switch re-searches the entry after rewriting the destination information of the packet in accordance with such an entry for input. Thereby, the input side edge switch finds the relay entry of the flow, and in accordance with the found relay entry, the received packet is sent to the next-stage OFS on the path to the preset output side edge switch. Send from connected port.

  5 and 6 are diagrams showing an outline of the route control method for inter-domain communication in this example. FIG. 5 is an explanatory diagram showing a control example at the time of topology detection in this example. FIG. 6 is an explanatory diagram showing a control example at the start of communication in this example. Hereinafter, each control indicated by numbers in parentheses in the drawing will be briefly described.

  First, with reference to FIG. 5, the path control at the time of topology detection will be briefly described.

  (1) The integrated controller 10 acquires, from the OFC 20-1 and the OFC 20-2, topology information including information of OFS (subordinate OFS) constituting the domain and information of terminals connected to the domain. Detect boundary port between.

  (2) The integrated controller 10 transmits to the OFC 20-1 and the OFC 20-2 an instruction for setting an inter-domain processing rule including information on the detected boundary port.

  (3) The OFC 20-1 and the OFC 20-2 generate an inter-domain processing rule based on the information received from the integrated controller 10 and set it in the subordinate OFS. In this example, the OFC 20-1 and the OFC 20-2 generate necessary entries other than the input entry among the inter-domain processing rules, and set them in advance in the corresponding OFS.

  The entries in inter-domain communication are roughly classified into input entries, intra-domain relay entries, output entries, boundary input entries, and boundary output entries. In this example, the output entry, boundary input entry, and boundary output entry are generated and set in the corresponding OFS. The intra-domain relay entry uses the intra-domain communication relay entry as it is, assuming that the boundary switch is the output edge switch.

  An entry for input in inter-domain communication is an entry set for a switch serving as an input edge switch on a route. An entry for input is, for example, in the local switch that becomes the first boundary switch on the route after adding the information necessary for each switch on the route to the packet received from the subordinate terminal to the setting destination switch. In this case, an entry for outputting from a port that can reach a boundary switch having a boundary port with the destination domain may be used. More specifically, the entry for input includes specification of information for specifying the packet of the communication, information for specifying the destination domain in each boundary switch located on the path in the received packet, and destination in the destination domain. The entry may include a rewrite instruction (specification of rewrite method) for adding information that can identify a terminal and designation of an output destination port.

  As described above, in this example, as one of the methods for reaching the boundary switch of the own domain having the boundary port with the destination domain, the relay entry for intra-domain communication in which the boundary switch is regarded as the output side edge switch. Is used. In order to share the intra-domain relay entry for inter-domain communication and intra-domain communication, the format of the transfer packet of intra-domain communication is also applied to intra-domain communication of inter-domain communication.

  Therefore, as an input entry in inter-domain communication, a packet received from a subordinate terminal is sent to a setting destination switch, information on the destination domain, information that can identify the destination terminal in the destination domain, and a domain being transferred Entry that is output from the port connected to the next-stage OFS on the path that can reach the boundary switch, including information that can identify the switch or terminal or output destination port that is the destination .

  Further, the intra-domain relay entry in the inter-domain communication is an entry set for a switch serving as a core switch in each domain on the route. The intra-domain relay entry is, for example, an entry for causing the setting destination switch to output the received packet as it is from a predetermined port that can reach the boundary switch with the destination domain or the output side edge switch in its own domain. If it is. More specifically, the intra-domain relay entry may be an entry including designation of information specifying the communication packet and designation of an output destination port. Each OFC may substitute the intra-domain relay entry with the intra-domain communication relay entry.

  In addition, the output entry in the inter-domain communication is an entry set for a switch to be an output side edge switch on the path. For example, the output entry can reach the subordinate terminal after the packet received from the other switch in the domain is written back to the setting destination switch in the same manner as the output entry of intra-domain communication. Any entry may be used for outputting from a predetermined port. More specifically, the output entry includes designation of information for identifying the communication packet, rewrite instruction for rewriting the received packet to the original inter-terminal communication format, and designation of the output destination port. It may be an entry. Each OFC may substitute an output entry for intra-domain communication for an output entry for inter-domain communication. However, this does not apply when the packet write-back method differs between inter-domain communication and intra-domain communication.

  In addition, in order to be able to substitute the output entry for intra-domain communication with the output side edge switch, start the transfer process in the domain in the packet format for inter-domain communication on the border switch in front (destination domain boundary switch) For example, a packet of information that is regarded as a difference may be written back. In that case, an entry for boundary input including such a rewrite instruction is set for the input side boundary switch.

  Further, the boundary output entry in inter-domain communication is an entry set for the output side boundary switch located at the start point of the inter-domain path among the entire paths. Boundary output entries include, for example, the addition of information necessary for each switch located on the path to the packet received from the forwarding port in the domain, the deletion of unnecessary information, etc. And an entry for outputting from a port (boundary port) that can reach the boundary switch of another domain that is the partner of the inter-domain route. More specifically, the boundary output entry may be an entry including designation of information for specifying the communication packet, rewriting instruction as described above, and designation of an output destination port if necessary. .

  In this example, rewriting of the packet at the output side boundary switch is not performed.

  In addition, the boundary input entry in the inter-domain communication is an entry set for the input side boundary switch located at the end point of the inter-domain path in the entire path. For example, the entry for boundary input is rewritten to the setting destination switch including addition of necessary information and deletion of unnecessary information for each switch located on the path with respect to the packet received from the boundary port. It is only necessary that the entry be output from a port that can reach a switch (a boundary switch with another domain or an output side edge switch) that is a destination in the own domain. More specifically, the entry for boundary input may be an entry including designation of information for specifying the communication packet, rewriting instruction as described above, and designation of an output destination port, if necessary. .

  In this example, when the input side boundary switch is a boundary switch of the destination domain, the boundary input entry includes information that can specify the destination domain and a switch or terminal or output destination that is the destination in the domain being transferred. The information that can identify the port is deleted, and the rewriting instruction to include only the information that can identify the destination terminal in the own domain is included for the destination.

  It should be noted that such information deletion can be performed by the output side boundary switch that specifies that the destination domain is the destination domain.

  Also, in this example, each OFC follows all the detected topologies (for example, a path from the switch n1 to the switches n2, n3,..., A switch n2 to the switches n1, n3,...). Assuming that a relay entry for intra-domain communication for forwarding packets along the route is set for the core switch that relays on the determined route. Yes. Then, each OFC receives the setting instruction of the inter-domain processing rule including the information of the boundary port with the other domain from the integrated controller 10 and sets the inter-domain processing rule as described above in advance.

  At this time, the boundary port information transmitted from the integrated controller 10 may indicate all patterns of inter-domain routes that can be set in advance.

  Next, with reference to FIG. 6, route control at the start of communication will be briefly described.

  (4) The terminal 1 transmits a packet destined for the terminal 2.

  (5) The OFS 30-1 makes an entry request to the OFC 20-1 because the received packet does not match the entry conditions held by the OFS 30-1.

  (6) The OFC 20-1 receives the request from the OFS 30-1, and searches for information on the destination terminal from the topology information of its own domain. However, since the information on the terminal 2 is not found, the OFC 20-1 Make an inquiry.

  (7) Upon receiving an inquiry about the destination terminal from the OFC 20-1, the integrated controller 10 searches for information on the destination terminal from the topology information of the management network, and transmits a response based on the searched information. In this example, the integrated controller 10 a) the user ID of the terminal 2, the node ID of the OFS 30-4 that is the output side edge switch, b) the domain ID of the destination domain that is the domain to which the output side edge switch belongs, c) A destination response including information on the boundary switch and the boundary port with the destination domain in the source domain is transmitted. Here, a) above is an example of information for specifying the destination terminal in the destination domain. The above b) is an example of information for specifying the destination domain in the boundary switch. The above c) is an example of information for specifying a switch, a terminal, or an output destination port that is a destination in the domain being transferred.

  (8) The OFC 20-1 receives the destination response, generates an inter-domain processing rule for the subordinate OFS to transfer the packet received this time to the destination terminal according to the information obtained from the integrated controller 10, and Set to OFS. In this example, the OFC 20-1 sets an entry for inter-domain communication input in the OFS 30-1 corresponding to the input-side edge switch in the current communication in the inter-domain processing rule.

  (9) The OFS 30-1 to OFS 30-3 transfer the communication packet according to the entry set for each.

  Specifically, (9a) the OFS 30-1 that is the input side edge switch converts the packet format of the received packet according to the input entry, and then the next stage on the path to the OFS 30-2 that is the boundary switch. Transfer to switch. In this example, OFS 30-2, which is the next-stage switch, is a boundary switch that is the destination in the own domain. For this reason, the OFS 30-1 transfers directly to the OFS 30-2, but when there is another OFS at the next stage, the OFS 30-1 transfers it to the OFS at the next stage. In that case, the received packet is transferred to the OFS 30-2, which is the boundary switch, by repeating the process of transferring the next stage OFS to the next OFS in the route to the boundary switch according to the intra-domain relay entry. To do.

  (9b) When the OFS 30-2 receives a packet addressed to its own switch from the OFS in its own domain, the OFS 30-2, which is a boundary switch of another domain (domain d2) as the other side, in accordance with the boundary output entry, Forward to 3.

  (9c) When the OFS 30-3 receives a packet from the OFS 30-2 that is a boundary switch of another domain, the OFS 30-3 that is an output-side edge switch in its own domain is converted according to the boundary input entry. To the next switch on the route up to -4. Here, an example is also shown in which the next-stage switch and the destination switch in the own domain are the same. However, when there is another next-stage switch, the point of forwarding to the next-stage switch is OFS 30-1. It is the same.

  (10) When the OFS 30-4 receives a packet addressed to its own switch from the OFS in its own domain, the OFS 30-4 converts the packet format of the received packet in accordance with the output entry and transmits the packet to the terminal 2 that is a subordinate terminal.

  In this example, when performing communication across domains, the integrated controller 10 issues a processing rule setting instruction to the OFC in advance, and the inter-domain relay entry for inter-domain communication (to the boundary switch between domains) Boundary output entry and boundary input entry) are set. The relay entry between domains does not need to be set for each flow because the domain ID is used as information for specifying communication.

  For example, when each OFC performs setting of a closed entry in the domain, the same processing as that of the OFS 30-1 is required in the OFS 30-3. On the other hand, according to the above method, the OFS 30-3 only needs to set an entry for boundary input in advance, so the load on the boundary switch is reduced.

  Further, in this example, when performing communication across domains, communication closed in the domain is not controlled by the integrated controller but is controlled by the OFC that manages the domain. As a result, it is possible to prevent the load applied to the route calculation and processing rule setting in each domain from being concentrated on the integrated controller.

  Next, the route control method shown in FIGS. 5 and 6 will be described in more detail with reference to the drawings.

  FIG. 7 is an explanatory diagram showing an example of a packet format in this example. FIG. 7 shows an example of a packet format used at the time of communication between terminal 1 and terminal 2 in the configuration of the network system shown in FIG. FIG. 7A shows an example of a packet format input from the terminal 1 to the OFS 30-1 that is the input side edge switch. FIG. 7B shows an example of a packet format transmitted from the input side edge switch OFS 30-1 to the next OFS 30-2. FIG. 7C shows an example of a packet format transmitted from the OFS 30-3, which is the input side boundary switch of the destination domain, to the next-stage OFS 30-4.

  In the inter-domain communication of this embodiment, at least the domain ID of the destination domain is added to the destination area of the packet (see FIG. 7B). 7B is an example in which a new header is added to the packet shown in FIG. 7A and a destination domain ID is added (set) to the added header. Note that the information related to the destination terminal in the header of the packet is rewritten with the user ID and node ID that are the destination as in the intra-domain communication.

  FIG. 7 shows an example in which the domain ID of the destination domain is set in the area (SrcMAC in the figure) where the source MAC address of the newly added Ethernet header is described. The method is not limited to this, and other fields may be used. Similarly, FIG. 7 shows an example in which the node ID and user ID as the destination information are set in an area (DstMAC in the figure) where the destination MAC address of the packet is described. The node ID and user ID setting method is not limited to this, and other fields such as an IP address may be used. Ethernet is a registered trademark.

  As shown in FIG. 5, in the network system of this example, the integrated controller 10 (more specifically, the controller management unit 11) receives each of its own domains as topology information from the OFC 20-1 and the OFC 20-2. The information of the OFS that constitutes the topology and the information of the terminals under the respective OFS are received.

  The topology management unit 12 holds the topology information received by the controller management unit 11. At this time, the topology management unit 12 may assign a domain ID to the topology managed by each of the OFC 20-1 and the OFC 20-2. Here, the domain ID managed by the OFC 20-1 is d1, and the domain ID managed by the OFC 20-2 is d2.

  Furthermore, the topology management unit 12 detects boundary ports that connect domains. The topology management unit 12 of this example detects a boundary port that connects the domain d1 and the domain d2. The boundary port may be detected by the integrated controller 10 using LLDP (Link Layer Discovery Protocol) or manually.

  FIG. 8 is an explanatory diagram showing an example of boundary information in this example. FIG. 8 shows the domain ID, the port ID of the boundary port, the first domain that is one of the two domains connected to each other, and the second domain that is the other domain. An example of boundary information having a node ID of an OFS having a boundary port is shown. In the boundary information shown in FIG. 8, a boundary ID is assigned for each connection between domains. As can be seen from FIG. 8, the boundary ports connecting the domain d1 and the domain d2 are the port p1 of the OFS 30-2 and the port p2 of the OFS 30-3. More specifically, it can be seen that the boundary port between the domain d1 and the domain d2 is the port p1 of the OFS 30-2, and the boundary port between the domain d2 and the domain d1 is the port p2 of the OFS 30-3.

  For example, the controller management unit 11 transmits boundary information as illustrated in FIG. 8 to the OFC 20-1 and the OFC 20-2. In addition, when there are a plurality of inter-domain routes (a set of boundary ports) at one domain boundary, the boundary information indicating the route may be transmitted after specifying the inter-domain route as one, Boundary information including all the information on the inter-domain route to be set in advance may be returned. In that case, the integrated controller 10 designates which route is actually used at the start of communication.

  The OFC 20-1 receives the boundary information from the integrated controller 10, rewrites the topology information of its own domain to show the connection relationship as shown in FIG. 8, and sets the inter-domain processing rule in the subordinate OFS To do. In this example, transmission of boundary information from the integrated controller 10 also serves as an instruction for setting inter-domain communication rules.

  FIG. 9 is an explanatory diagram illustrating an example of a virtual topology managed by each OFC in this example. In this example, the topology management unit 22 of the OFC 20-1 includes, for example, information indicating that the virtual terminal v1 that is a virtual terminal is connected to the port p1 of the OFS 30-2 that is a boundary port of the own domain. Generate. At this time, the topology management unit 22 assigns a user ID to the virtual terminal v1. The integrated controller 10 may specify a user ID assigned to the virtual terminal. In such a case, the user ID may be included in the boundary information. Alternatively, the topology management unit 22 may use the port ID of the boundary port as the user ID of the virtual terminal.

  Next, the switch management unit 21 of the OFC 20-1 sets the following entry for the boundary switch OFS 30-2 having a boundary port with the domain d2. In this example, the switch management unit 21 of the OFC 20-1 sets the following entry for the OFS 30-2 that is a boundary switch. In this example, for the OFS 30-2, the switch management unit 21 of the OFC 20-1 has the node ID described in the destination area of the packet received from the port p2 as the ID of the own switch, and is described in the destination area. If the current user ID is the ID of the virtual terminal v1, an entry for boundary output indicating that transmission is performed as it is from the port p1, which is a boundary port, is set.

  For example, the switch management unit 21 of the OFC 20-1 requests the processing rule generation unit 24 to generate a processing rule for transferring a packet received from within the domain to the subordinate virtual terminal v1 in the boundary switch, The processing rule generation unit 24 may generate the entry as described above. In such a case, the switch management unit 21 transmits the entry generated by the processing rule generation unit 24 to the OFS 30-2 for registration.

  Further, the switch management unit 21 of the OFC 20-1 may simultaneously set an entry for the reverse inter-domain route. That is, the switch management unit 21 of the OFC 20-1 deletes the outer header for the OFS 30-2 when the domain ID described in the destination area of the packet received from the port p1 is the ID of its own domain. After that, an entry for boundary input is set to search again for the entry for intra-domain communication.

  Next, the operation of the OFC 20-2 that has received the boundary information will be described.

  The OFC 20-2 also receives boundary information from the integrated controller 10 in the same manner as the OFC 20-1, and rewrites the topology information of its own domain so as to show the connection relationship shown in FIG. Set inter-domain processing rules in.

  In this example, the topology management unit 22 of the OFC 20-2 includes, for example, information indicating that the virtual terminal v2 that is a virtual terminal is connected to the port p2 of the OFS 30-3 that is the boundary port of the own domain. Generate. At this time, the topology management unit 22 assigns a user ID to the virtual terminal v2.

  The switch management unit 21 of the OFC 20-2 sets the following entry for the OFS 30-3 having a boundary port. In this example, when the domain ID described in the destination area of the packet received from the port p2 is the ID of the own domain, the switch management unit 21 of the OFC 20-2 outputs the outer header to the OFS 30-3. Is deleted, and an entry for boundary input is set to search again for an entry for intra-domain communication.

  Further, the switch management unit 21 of the OFC 20-2 may simultaneously set an entry for a reverse inter-domain route. That is, for the OFS 30-3, the switch management unit 21 of the OFC 20-2 uses the node ID and the user ID described in the destination area of the packet received from the port p1 as the ID of the own switch and the ID of the virtual terminal v2. In some cases, a boundary output entry indicating that transmission is performed from the port p2, which is a boundary port, is set.

  This is the pre-setting process for the inter-domain processing rule in this example. Note that the controller management unit 11 may transmit, to each OFC 20, a control rule that instructs path control based on the path between the specified domains based on the detection result of the boundary port, instead of transmitting the boundary information. For example, the controller management unit 11 may transmit a control rule indicating that a packet addressed to the domain d2 is transmitted from the port p1 of the OFS 30-2 to the OFC 20-1. Similarly, the controller management unit 11 may transmit a control rule for transmitting a packet addressed to the domain d1 from the port p2 of the OFS 30-3 to the OFC 20-2. In this case, the transmission of the control rule corresponds to an instruction for setting an inter-domain communication rule including boundary information.

  Further, the controller management unit 11 may transmit, to each OFC 20, an instruction for setting an inter-domain processing rule including processing rules to be set in the subordinate OFS and setting destination information, instead of transmitting boundary information.

  Next, an actual communication flow using the processing rules set in advance in this way will be described with reference to FIGS. 10 and 11. FIG. 10 and FIG. 11 are sequence diagrams illustrating an example of operations during inter-domain communication in this example. FIG. 10 shows a processing flow relating to setting of processing rules at the start of inter-domain communication, and FIG. 11 shows a packet transfer flow between OFS in inter-domain communication.

  In the example illustrated in FIG. 10, first, the terminal 1 transmits a user packet addressed to the terminal 2 to the connection destination OFS (step S101). The packet is received at the port p2 of the OFS 30-1.

  The OFS 30-1 that has received the user packet searches for an entry that matches the received packet (step S102). Here, since there is no entry that matches the received packet, the OFS 30-1 transmits a PACKET_IN message to the OFC 20-1 to request an entry (step S103).

  When the OFC 20-1 receives the entry request from the OFS 30-1, the topology management unit 22 searches for information on the destination terminal from the topology information of its own domain (step S104). Here, since the destination terminal is not connected to its own domain, the information of the terminal 2 that is the destination terminal is not searched. Therefore, the OFC 20-1 transmits to the integrated controller 10 a destination terminal information request message for inquiring about destination terminal information (step S105).

  When the integrated controller 10 receives the inquiry about the destination terminal from the OFC 20-1, the topology management unit 12 searches the information on the destination terminal from the topology information of the management network. As a result, it can be seen that the destination terminal 2 is connected to the OFS 30-4 of the domain d2. Then, the inter-domain route calculation unit 13 calculates an inter-domain route from the domain d1 as the transmission source domain to the domain d2 as the destination domain (step S106). Then, the integrated controller 10 obtains information on boundary ports in the inter-domain route on the route to the destination terminal.

  Then, the integrated controller 10 uses the user ID of the terminal 2, the node ID of the OFS 30-4 of the output side edge switch, the ID of the domain d2 as the destination domain ID, and the domain to which the input side edge switch belongs as the destination terminal information. The destination terminal information including the information on the port p1 of the OFS 30-2 that is the boundary port in the domain d1 and corresponding to the destination information in the source domain is transmitted to the OFC 20-1 (step S107).

  The OFC 20-1 that has received the destination terminal information generates an input entry for inter-domain communication based on the obtained information and sets it in the OFS 30-1 that is the current input edge switch (step S108, step S109). ). Here, when the DstMAC of the received packet is the MAC address of the terminal 2, the OFC 20-1 searches for an entry for intra-domain communication after rewriting the format in the input side edge switch as shown below. Create an entry to that effect. The rewriting of the format here corresponds to rewriting from the format shown in FIG. 7A to the format shown in FIG.

<Rewriting the format on the input edge switch>
-Add a header to the packet-In the destination area (DstMAC in this example) of the inner header (original header), the node ID of the output edge switch (OFS30-4 in this example), the user ID of the terminal 2 and Set the node ID of the OFS 30-2 that is the destination of the own domain and the user ID of the virtual terminal v1 in the destination area of the outer header (DstMAC in this example). In this example, the domain ID of the domain d2 which is the destination domain is set in (SrcMAC)

  Then, the OFC 20-1 transmits the generated entry to the OFS 30-1 using the FLOW_MOD message (Step S109).

  The OFS 30-1 registers the received entry in the flow table managed by itself (step S110).

  Further, the OFC 20-1 returns the received packet (user packet from the terminal 1) to the OFS 30-1 using the PACKET_OUT message from the OFS 30-1 (Step S111).

  The OFS 30-1 processes a packet (user packet from the terminal 1) received from the OFC 20-1 according to an entry registered in the flow table managed by the OFS 30-1. In this example, since the input entry registered in step S110 is searched, the received packet is rewritten in accordance with the entry (step S112), and then transferred to the OFS 30-2 which is the next-stage OFS (step S113). ). Note that the example shown in FIG. 7B is a format example of a packet after rewriting by the OFS 30-1.

  Next, a packet transfer flow between OFSs will be described with reference to FIG. In FIG. 11, the process from when the OFS 30-1 as the input side edge switch receives the user packet from the terminal 1 until the packet is transferred to the next OFS 30-2 (steps S101 to S113 in FIG. 11). Since is the same as FIG. 10, a part of the description is omitted.

  When receiving the packet from the OFS 30-1, the OFS 30-2 transfers the received packet as it is to the boundary switch OFS 30-3 of another domain corresponding to the virtual terminal v1 in accordance with the boundary output entry set in advance (step S114). ). Here, the OFS 30-2 outputs from the port p1 of the boundary port, which is an action indicated by the entry searched based on the user ID and the node ID described in the destination area of the header outside the received packet.

  The OFS 30-3 receives the packet transferred from the OFS 30-2 from the port p2, which is a boundary port. The OFS 30-3 re-searches the entry for intra-domain communication after rewriting the format in the input side boundary switch of the destination domain shown below in accordance with the boundary input entry set in advance (step S115). To do.

<Rewriting the format at the input side boundary switch of the destination domain>
Remove outer header

  Then, since the outer header is deleted, the OSF 30-3 performs relay for intra-domain communication based on the node ID of the output edge switch and the user ID of the destination terminal described in the original header. The entry is searched. The OFS 30-3 transmits the received packet to the next-stage OFS 30-4 according to the retrieved entry (step S116). Note that the example shown in FIG. 7C is a format example of a packet after rewriting by the OFS 30-3.

  The OFS 30-4 receives the above-mentioned packet transferred from the OFS 30-3 from the port p2, which is a port for intra-domain communication. The OFS 30-4 rewrites the destination area of the received packet to the state of the user packet transmitted by the terminal 1 according to the preset output entry for intra-domain communication, and transmits it to the terminal 2 ( Step S117, Step S118). In this example, the OFS 30-4 rewrites the DstMAC of the received packet with the MAC address of the terminal 2 and then transmits from the port p1.

  Thereafter, when the terminal 1 transmits the second packet addressed to the terminal 2, since a suitable entry is already registered in the OFS 30-1, it is possible to proceed to step S112 immediately after step S102.

[Example 2]
Next, as a second example, the operation of this embodiment will be described using the topology example shown in FIG. FIG. 12 is an explanatory diagram showing the topology in the second example. This example is an example when there are three domains. As shown in FIG. 12, the network system of this example includes one integrated controller 10, OFCs 20-1 to OFC 20-3 as domain controllers 20, OFS 30-1 to OFS 30-6 as network devices 30, and terminals. 1 and a terminal 2.

  In this example, OFS 30-1 and OFS 30-2 belong to domain d1 managed by OFC 20-1. The OFS 30-3 and OFS 30-4 belong to the domain d2 managed by the OFC 20-2. The OFS 30-5 and OFS 30-6 belong to the domain d3 managed by the OFC 20-3.

  The OFS 30-1 has at least two ports, has a port p1 and a port p2, is connected to the OFS 30-2 via the port p1, and is connected to the terminal 1 via the port p2.

  The OFS 30-2 has at least two ports, has a port p1 and a port p2, is connected to the OFS 30-3 via the port p1, and is connected to the OFS 30-1 via the port p2.

  The OFS 30-3 has at least two ports, has a port p1 and a port p2, is connected to the OFS 30-4 via the port p1, and is connected to the OFS 30-2 via the port p2.

  The OFS 30-4 has at least two ports, has a port p1 and a port p2, is connected to the OFS 30-5 via the port p1, and is connected to the OFS 30-3 via the port p2.

  The OFS 30-5 has at least two ports, has a port p1 and a port p2, is connected to the OFS 30-6 via the port p1, and is connected to the OFS 30-4 via the port p2.

  The OFS 30-6 has at least two ports, has a port p1 and a port p2, is connected to the terminal 2 via the port p1, and is connected to the OFS 30-5 via the port p2.

  Below, a different part from a 1st example is mainly demonstrated.

  The OFC 20-3 in this example holds the topology information in the own domain d3 and the information of the subordinate terminal (terminal 2), similar to the OFC 20-1 and OFC 20-2.

  The integrated controller 10 (more specifically, the controller management unit 11) receives domain topology information from the OFC 20-1, the OFC 20-2, and the OFC 20-3, and stores the domain topology information in the topology management unit 12.

  The topology management unit 12 detects boundary ports that connect domains. The topology management unit 12 in this example detects a set of boundary ports that connect the domains d1 and d2, and a set of boundary ports that connects the domains d2 and d3.

  FIG. 13 is an explanatory diagram illustrating an example of boundary information in this example. It can be seen from FIG. 13 that the boundary ports connecting the domain d1 and the domain d2 are the port p1 of the OFS 30-2 and the port p2 of the OFS 30-3. It can also be seen that the boundary ports connecting the domain d2 and the domain d3 are the port p1 of the OFS 30-4 and the port p2 of the OFS 30-5.

  For example, the controller management unit 11 transmits boundary information as illustrated in FIG. 13 to the OFC 20-1, the OFC 20-2, and the OFC 20-3.

  FIG. 14 is an explanatory diagram showing an example of a virtual topology managed by each OFC of this example. In this example, the topology management unit 22 of the OFC 20-1 includes, for example, information indicating that the virtual terminal v1 that is a virtual terminal is connected to the port p1 of the OFS 30-2 that is a boundary port of the own domain. Generate. Similarly, the topology management unit 22 of the OFC 20-2, for example, connects the virtual terminal v2 that is a virtual terminal to the subordinate of the port p2 of the OFS 30-3 that is the boundary port of the own domain, and the OFS 30-4. Information indicating that the virtual terminal v3, which is a virtual terminal, is connected to the port p1. Similarly, the topology management unit 22 of the OFC 20-3 generates, for example, information indicating that the virtual terminal v4 that is a virtual terminal is connected to the port p2 of the OFS 30-5 that is the boundary port of the own domain. To do.

  The switch management unit 21 of the OFC 20-1 in this example receives the boundary information from the integrated controller 10 and sets the boundary output entry and the boundary input entry in the OFS 30-2, as in the first example. .

  Next, the operation of the OFC 20-2 will be described.

  The switch management unit 21 of the OFC 20-2 receives the boundary information from the integrated controller 10, and sets the boundary output entry and the boundary input entry in the OFS 30-3, as in the first example. The OFC 20-2 is a relay domain that receives packets addressed to other domains from other domains in inter-domain communication. Therefore, the switch management unit 21 of the OFC 20-2 receives not only the boundary input entry to be applied to the OFS 30-3 when receiving a packet addressed to its own domain from the boundary port, but also a packet addressed to the other domain from the boundary port. The second boundary input entry to be applied when receiving is set. Hereinafter, in order to distinguish from the second boundary input entry, the boundary input entry applied to the packet addressed to the own domain may be referred to as a first boundary input entry.

  Specifically, when the destination domain ID of the packet received from the port p2 is the domain d3, the switch management unit 21 of the OFC 20-2 uses the packet as the (outside) destination information of the packet. The node ID and the user ID are rewritten to the node ID of OFS 30-4 that is a boundary switch with the domain d3 and the user ID of the virtual terminal v3 under control, and then transmitted from the port p1 that is a transfer port in the domain. A second boundary input entry is further set. Here, the second boundary input entry is an entry for outputting a packet addressed to another domain received from another domain from a port that can reach a boundary switch with the destination domain in the own domain.

  In addition, the switch management unit 21 of the OFC 20-2 in this example sets the same boundary output entry, first boundary input entry, and second boundary input entry with the reverse path for the OFS 30-4. To do.

  Next, the operation of the OFC 20-3 will be described.

  The setting of the inter-domain processing rule in the OFC 20-3 is basically the same as that in the OFC 20-1. That is, the switch management unit 21 of the OFC 20-3 receives the boundary information from the integrated controller 10 and sets the boundary output entry and the first boundary input entry in the OFS 30-5.

  Note that the controller management unit 11 may transmit, to each OFC, a control rule that instructs path control based on the path between the specified domains based on the detection result of the boundary port, instead of transmitting the boundary information. This is the same as the first example. Note that the controller management unit 11 may transmit, to each OFC, an instruction for setting an inter-domain processing rule including a processing rule to be set in a subordinate OFS and setting destination information, instead of transmitting boundary information.

  Next, an actual communication flow using the processing rules set in advance in this way will be described with reference to FIGS. 15 and 16. FIG. 15 is a sequence diagram showing a packet transfer flow of inter-domain communication in this example. FIG. 16 is an explanatory diagram showing an example of a packet format in this example.

  First, the terminal 1 transmits a first user packet addressed to the terminal 2 (step S201). The example shown in FIG. 16A is a format example of a packet received by the OFS 30-1 at this time. The packet is received at the port p2 of the OFS 30-1.

  The OFS 30-1 searches for an entry that matches the received packet. However, since there is no entry that matches the packet, a PACKET_IN message is transmitted to the OFC 20-1, as in the first example. Note that the flow from transmission of the PACKET_IN message to reception of the PACKET_OUT message is the same as in the first example.

  When receiving the inquiry about the destination terminal from the OFC 20-1, the integrated controller 10 of this example searches the management network topology information and confirms that the terminal 2 is connected to the OFS 30-6 in the domain d3. Identify. Then, the integrated controller 10 calculates an inter-domain route from the domain d1 to the domain d3, and obtains information on boundary ports in the inter-domain route on the route to the destination terminal.

  Then, the integrated controller 10 uses the user ID of the terminal 2, the node ID of the OFS 30-6 of the output side edge switch, the ID of the domain d3 as the destination domain ID, and the destination information in the source domain as the destination terminal information. Corresponding destination terminal information including information on the port p1 of the OFS 30-2 that is a boundary port in the domain d1 is transmitted to the OFC 20-1.

  The OFC 20-1 generates an entry for inter-domain communication input based on the obtained destination terminal information, and sets it in the OFS 30-1, which is the current input side edge switch. Here, when the DstMAC of the received packet is the MAC address of the terminal 2, the OFC 20-1 rewrites the format in the input side edge switch and then enters an entry for intra-domain communication as in the first example. An entry for searching is set in the OFS 30-1. The rewriting of the format here corresponds to rewriting from the format shown in FIG. 16A to the format shown in FIG. In this example, the node ID of OFS 30-6 is set in the destination area of the inner header, and the domain ID of the domain d3 that is the destination domain is set in the destination area of the outer header. Is the same as in the first example.

  When the input entry is set in this way, the OFS 30-1 rewrites the packet received from the OFC 20-1 according to the input entry registered in the flow table managed by the OFS 30-1. It is transferred to the OFS 30-2, which is the next stage and the boundary switch that is the destination (steps S202 and S203 in FIG. 15). Note that the example shown in FIG. 16B is a format example of a packet after rewriting by the OFS 30-1.

  Since the user ID described in the destination area of the received packet is the ID of the virtual terminal v1, the OFS 30-2 sends the packet from the port p1, which is the boundary port, according to the boundary output entry set in advance. Transmit (step S204). The packet transmitted from the port p1 of the OFS 30-2 is received at the port p2 of the OFS 30-3 in the domain d2.

  Since the destination domain ID of the packet received from the port p2 which is the boundary port is the domain d3, the OFS 30-3 rewrites the format in accordance with the second boundary input entry set in advance (step S205). . Here, the OFS 30-3 rewrites the destination area of the packet to a set of the node ID of the OFS 30-4 that is a boundary switch with the domain d3 that is the destination in its own domain and the user ID of the subordinate virtual terminal v3. Then, the OFS 30-3 transmits the received packet to the OFS 30-4 at the next stage according to the found relay entry as a result of the re-search according to the second boundary input entry (step S206). The example shown in FIG. 16C is a format example of a packet after rewriting by the OFS 30-3.

  The OFS 30-4 receives the above-mentioned packet transferred from the OFS 30-3 from the port p2, which is a port for intra-domain communication. Since the user ID described in the destination area of the received packet is the ID of the virtual terminal v3, the OFS 30-4 sends the packet from the port p1, which is a boundary port, according to the boundary output entry set in advance. Transmit (step S207). The packet transmitted from the port p1 of the OFS 30-4 is received at the port p2 of the OFS 30-5 of the domain d3.

  Since the destination domain ID of the packet received from the port p2 which is the boundary port is the domain d3 of the own domain, the OFS 30-5 deletes the outer header according to the first boundary input entry set in advance ( Step S208).

  Then, the OFS 30-5 re-searches the entry for intra-domain communication, and transmits the received packet to the OFS 30-6 that is the next-stage OFS according to the re-searched entry for relay (step S209). The example shown in FIG. 16D is a format example of a packet transmitted from the OFS 30-5 at this time.

  Note that the processing in the OFS 30-6 is the same as that of the OFS 30-4 in the first example. That is, the OFS 30-6 rewrites the destination area of the packet to the original information destined for the terminal 2 according to the output entry set in advance, and then transmits it to the terminal 2 (step S210, step S211). ).

  Thereafter, when the terminal 1 transmits the second packet addressed to the terminal 2, since a suitable entry has already been registered in the OFS 30-1, the process can proceed to step S202 immediately after step S201.

  As described above, in the present embodiment, in a network constituted by a plurality of domains, a controller that manages each domain sets a processing rule for intra-domain communication, and an integrated controller sets a processing rule for inter-domain communication. To do. With such a configuration, an OFS serving as a boundary between domains can be easily set even in a network including a plurality of domains. Further, as described above, if it is set in advance, it is possible to reduce the resource consumption and the load in the OFS that is the boundary between domains.

  In the above example, when inter-domain communication is performed, the input edge switch adds a new header to give a domain ID. However, packets are transferred between domains without adding a header. It is also possible to do.

[Example 3]
Next, as a third example, a method for transferring a packet between domains without adding a header will be described with reference to FIG. FIG. 17 is an explanatory diagram showing an example of a packet format in this example. The network topology in this example is the same as that shown in FIG.

  Further, detection of boundary ports and transmission of boundary information to each OFC 20 in the integrated controller 10 of the present example are the same as in the second example, and thus description thereof is omitted.

  The OFC 20-1 in this example receives the boundary information from the integrated controller 10 and receives all the OFSs in the domain d1 except for the OFS 30-2 which is a boundary switch on the route to the domain d2 and the domain d3. When the destination domain ID of the packet is the domain d2 or the domain d3, an intra-domain relay entry for transferring the packet to the OFS 30-2 is set. In this example, the destination domain ID setting destination is an area where the VLAN tag of the packet is set. That is, a specific VLAN tag is used as a domain ID. The intra-domain relay entry of this example includes, for example, designation of a destination domain ID as a rule, and designation of an output destination port in each switch on the route to the OFS 30-2 as an action.

  Further, the OFC 20-1 sets a boundary output entry for transmitting from the port p1, which is a boundary port, when the destination domain ID of the received packet is the domain d2 or the domain d3 in the OFS 30-2.

  Further, when the domain d1 is set as the destination domain ID of the packet received from the boundary port p1 for the OFS 30-2, the OFC 20-1 searches for an entry for intra-domain communication again. Set the entry for boundary input.

  Next, the operation of the OFC 20-2 will be described.

  The OFC 20-2 of this example receives the boundary information from the integrated controller 10, and with respect to all the OFSs 30 in the domain d2 except for the OFS 30-4 that is a boundary switch on the route to the domain d3, A similar intra-domain relay entry is set. However, here, the ID of the domain d3 is designated as the destination domain ID, and the output port on the route to the OFS 30-4 is designated as the output destination port. Also, intra-domain relay entries similar to those of OFS 20-1 are set for all OFS 30 in domain d2 except for OFS 30-3 which is a boundary switch on the route to domain d1. However, here, the ID of the domain d1 is designated as the destination domain ID, and the output port on the path to the OFS 30-3 is designated as the output destination port.

  Further, the OFC 20-2 sets a boundary output entry indicating that transmission is performed from the port p2, which is a boundary port, in the OFS 30-3, when the destination domain ID of the packet is the domain d1. Similarly, the OFC 20-2 sets a boundary output entry indicating that transmission is performed from the port p1, which is a boundary port, in the OFS 30-4 when the destination domain ID of the packet is the domain d3.

  The OFC 20-2 searches the OFS 30-3 again for the intra-domain communication entry when the domain d2 or the domain d3 is set in the destination domain ID of the packet received from the boundary port p2. Set the entry for boundary input to do so. In this example, since the contents of the first boundary input entry and the second boundary input entry are the same, they are combined into one. Similarly, when the domain d2 or the domain d1 is set as the destination domain ID of the packet received from the port p1, which is the boundary port, for the OFS 30-4, the entry for intra-domain communication is searched again. Set the entry for boundary input.

  Next, the operation of the OFC 20-3 will be described. The operation of the OFC 20-3 is basically the same as the operation of the OFC 20-1.

  That is, the OFC 20-3 of this example receives all the instructions for setting the inter-domain processing rule from the integrated controller 10 and receives all instructions in the domain d3 except for the OFS 30-5 that is a boundary switch on the route to the domains d1 and d2. When the destination domain ID of the received packet is the domain d1 or the domain d2, an intra-domain relay entry for transferring the packet to the OFS 30-5 is set.

  Further, the OFC 20-3 sets, for the OFS 30-5, a boundary output entry indicating that transmission is performed from the port p2, which is a boundary port, when the destination domain ID of the received packet is the domain d1 or the domain d2.

  Further, the OFC 20-3 searches for the entry for intra-domain communication again when the domain d3 is set as the destination domain ID of the packet received from the port p2, which is the boundary port, for the OFS 30-5. Set the entry for boundary input.

  Next, an actual communication flow using the processing rules set in advance in this way will be described with reference to FIG. FIG. 18 is a sequence diagram showing a packet transfer flow of inter-domain communication in this example.

  First, the terminal 1 transmits the first user packet addressed to the terminal 2 (step S301). The example shown in FIG. 17A is a format example of a packet received by the OFS 30-1 at this time. The packet is received at the port p2 of the OFS 30-1.

  The OFS 30-1 searches for an entry that matches the received packet. However, since there is no entry that matches the packet, a PACKET_IN message is transmitted to the OFC 20-1, as in the second example. Note that the flow from the transmission of the PACKET_IN message to the OFC 20-1 until the reception of the PACKET_OUT message is the same as in the second example, and thus the description thereof is omitted.

  The OFS 30-1 of this example receives the FLOW_MOD from the OFC 20-1, and registers an input entry in the flow table managed by the OFS 30-1. When the DstMAC of the received packet is the MAC address of the terminal 2, the input entry registered by the OFS 30-1 includes the node ID of the OFS 30-6 connected to the destination area of the packet, the user ID of the terminal 2, and And the domain ID of the domain d3 that is the destination domain is set in the VLAN tag and then transferred to the OFS 30-2.

  Then, the OFS 30-1 rewrites the packet received by the PACKET_OUT message from the OFC 20-1 according to the entry for input, and then forwards the packet to the next OFS 30-2 according to the re-searched intra-domain relay entry (step S302). Step S303). The example shown in FIG. 17B is a format example of a packet transmitted from the OFS 30-1 at this time.

  Since the destination domain ID of the received packet is the domain d3, the OFS 30-2 transmits the packet from the port p1, which is a boundary port, according to the boundary output entry set in advance (step S304). The packet transmitted from the port p1 of the OFS 30-2 is received at the port p2 of the OFS 30-3 in the domain d2.

  Since the destination domain ID of the packet received from the port p2, which is the boundary port, is the domain d3, the OFS 30-3 transmits the packet according to the boundary input entry and intra-domain relay entry set in advance. The data is transmitted from the port p1, which is the transfer port (step S305). A packet transmitted from the port p1 of the OFS 30-3 is received at the port p2 of the OFS 30-4.

  Since the domain ID of the packet received from the port p2, which is the transfer port in the domain, is the domain d3, the OFS 30-4 sets the packet as a boundary port in accordance with the intra-domain relay entry set in advance. Transmission is performed from the port p1 (step S306). The packet transmitted from the port p1 of the OFS 30-4 is received at the port p2 of the OFS 30-5 of the domain d3.

  Since the destination domain ID of the packet received from the port p2 which is the boundary port is the domain d3, the OFS 30-5 transmits the packet according to the boundary input entry and the intra-domain relay entry set in advance. From the port p1, which is the transfer port (step S307). The packet transmitted from the port p1 of the OFS 30-5 is received at the port p2 of the OFS 30-6.

  Since the destination user ID of the packet received at the port p2 is the terminal 2, the OFS 30-6 writes the packet reception area back to the original terminal 2 information according to the output entry, and then transmits from the port p1. (Step S308, Step S309).

  In this example, as described above, only the input side edge switch and the output side edge switch need to rewrite the packet.

  Thereafter, when the terminal 1 transmits the second packet addressed to the terminal 2, since a suitable entry has already been registered in the OFS 30-1, it is possible to proceed to step S302 immediately after step S301.

[Example 4]
Next, as a fourth example, a method for adding a domain ID to a packet using IEEE 802.1q tunneling (QinQ) will be described. In the third example, the VLAN tag area of the packet is set as the domain ID setting destination. However, in this example, a new VLAN tag area is added using QinQ, and the domain ID is assigned to the added VLAN tag area. Set. Since the setting destination area is different, the core switch uses the domain ID to identify the corresponding communication, as in the third example. That is, this example may be the same as the third example except that the packet rewriting method in the input edge switch and the packet writing back method in the input-side boundary switch of the destination domain are different. Also in this example, the network topology shown in FIG. 12 is assumed.

  In this example, the OFC 20-1 determines the first VLAN tag when the destination domain ID (first VLAN tag) of the packet received from the port p1 that is the boundary port is the domain d1 with respect to the OFS 30-2. Is deleted, and a first boundary input entry for searching again for an entry for intra-domain communication is set.

  Further, the OFC 20-2 of this example deletes the first-stage VLAN tag when receiving a packet addressed to the domain d2 from the boundary port to the OFS 30-3 and the OFS 30-4, and then performs communication for intra-domain communication. The first boundary entry for searching again is set.

  In addition, when the OFC 20-3 receives a packet addressed to the domain d3 from the boundary port, the OFC 20-3 deletes the first-stage VLAN tag and re-enters the entry for intra-domain communication. A first boundary input entry for searching is set.

  Next, an actual communication flow using the processing rules set in advance in this way will be described with reference to FIGS. 19 and 20. FIG. 19 is a sequence diagram showing a packet transfer flow of inter-domain communication in this example. The packet transfer method of this example is basically the same as the method in the third example shown in FIG. 18, except that the packet conversion is also performed at the boundary switch of the destination domain. FIG. 20 is an explanatory diagram showing an example of a packet format in this example.

  Also in this example, the terminal 1 transmits the first packet addressed to the terminal 2 (step S401 in FIG. 19). The example shown in FIG. 20A is a format example of a packet that the OFS 30-1 receives from the terminal 1 at this time.

  Further, as in the third example, the OFS 30-1 in this example registers an input entry in the flow table managed by the OFS 30-1 as a result of requesting an entry from the OFC 20-1. In the entry for input, when the DstMAC of the received packet is the MAC address of the terminal 2, the DstMAC of the packet is rewritten with the node ID of the OFS 30-6 and the user ID of the terminal 2, and the domain ID of the domain d3 that is the destination domain is changed. This is an entry indicating that the set VLAN tag area is added and transferred to the OFS 30-2. It is different from the third example in that a VLAN tag area is newly added and a domain ID is described in the LAN tag.

  Thereafter, the OFS 30-1 to OFS 30-4 finally outputs the received packet by outputting to the next-stage OFS or the partner boundary switch in accordance with the entry selected based on the newly added VLAN tag. Is transferred to the OFS 30-5 (steps S403 to S406). Note that the example illustrated in FIG. 20B is a format example of the packet transmitted from the OFS 30-1 in step S403.

  When the OFS 30-5 receives a packet from the port p2, which is a boundary port, the destination domain ID of the received packet is the domain d3. Therefore, according to the first boundary input entry, the OFS 30-5 deletes the VLAN tag area added in step S402. (Step S407). Then, the OFS 30-5 re-searches the entry for intra-domain communication, and processes the packet according to the found relay entry for intra-domain communication. Here, since the node ID of the output side edge switch and the user ID of the terminal 2 are set in the destination area of the received packet, the OFS 30-5 transmits the received packet from the port p1, which is a transfer port in the domain. (Step S408). FIG. 20C shows an example of a packet format transmitted from the OFS 30-5 at this time. The packet transmitted from the port p1 of the OFS 30-5 is received at the port p2 of the OFS 30-6.

  Since the destination user ID set in the packet received at the port p2 is the terminal 2, the OFS 30-6 writes the destination area of the packet back to the original information of the terminal 2, and then transmits from the port p1 ( Step S409, Step S410).

  In this example, as described above, packet format conversion is performed in the OFS serving as the input-side edge switch and the OFS serving as the boundary switch of the destination domain. Packet rewriting is performed in the OFS that is the starting point and the end point of the route.

  Note that when the terminal 1 transmits the second packet addressed to the terminal 2, since a suitable entry is already registered in the OFS 30-1, it is possible to proceed to step S402 immediately after step S401.

[Example 5]
Next, as a fifth example, a method for adding a domain ID to a packet using MPLS (Multi-Protocol Label Switching) will be described. In the fourth example, a VLAN tag is added to the packet and a domain ID is set to the added VLAN tag. However, in this example, an area for an MPLS label is added and a domain ID is set in the added area. Therefore, in the domain ID comparison entry set in each OFS, an MPLS label is designated as a match condition.

  The only difference from the fourth example is that the domain ID setting area is changed from the VLAN tag area to the MPLS label area. FIG. 21 is an explanatory diagram showing an example of a packet format in this example.

  For example, when the OFS 30-1 of this example receives a packet addressed to the terminal 2 from the terminal 1, as a result of requesting an entry from the OFC 20-1, the entry is registered in the flow table managed by itself. At this time, when the DstMAC of the received packet is the MAC address of the terminal 2, the entry registered by the OFS 30-1 includes the node ID of the OFS 30-6 connected to the destination area of the packet and the user ID of the terminal 2 And an MPLS label in which the domain ID of the domain d3 that is the destination domain is set, and then transferred to the OFS 30-2. The example shown in FIG. 21A is a format example of a packet that the OFS 30-1 receives from the terminal 1 at this time.

  The OFS 30-1 then adds the MPLS tag and rewrites the destination information to the packet received by the PACKET_OUT message from the OFC 20-1 according to the entry, and then forwards the packet to the next OFS 30-2 (see FIG. 19 step S402, step S403). Note that the example shown in FIG. 21B is a format example of a packet transmitted from the OFS 30-1 at this time.

  Further, since the destination domain ID of the packet received from the port p2 which is the boundary port is the domain d3 of the own domain, the OFS 30-5 in this example deletes the MPLS label according to the entry set in advance. Then, the entry for intra-domain communication is searched again (step S407 in FIG. 19). FIG. 21C shows an example of a packet format transmitted from the OFS 30-5 at this time.

  In this example, as described above, only the input-side edge switch, the input-side boundary switch of the destination domain, and the output-side edge switch need to rewrite the packet.

  Next, the outline of the network system of the present invention will be described. FIG. 22 is a block diagram showing an outline of a network system according to the present invention. The network system illustrated in FIG. 22 includes at least one integrated controller 510, a plurality of domain controllers 520, and a plurality of switches 530.

  The integrated controller 510 transmits, to each of the domain controllers 520, domain boundary information including information on boundary ports that are boundaries with other domains in the control target domain (the domain of the domain controller).

  Each of the switches 530 processes a received packet according to a processing rule held by itself.

  Each domain controller 520 holds the topology information of the control target domain, and sets processing rules for the subordinate switches. At that time, each of the domain controllers 520, based on the domain boundary information received from the integrated controller 510, transmits inter-domain communication packets that are cross-domain communication to a boundary switch having at least a boundary port among subordinate switches. The inter-domain processing rule in which the target switch is designated as a port through which the target switch can reach a switch in another domain is set.

  Here, “setting a processing rule” means, more specifically, transmitting a processing rule to a target switch for storage. In addition, “the port where the target switch can reach the switch of another domain” includes not only the port directly connected to the switch of the other domain but also the port of the target switch. It also includes ports that will be connected to switches in other domains via one or more other switches. In the latter case, a port directly connected to another switch on the next stage located on a route to a switch in another domain among the ports of the target switch is designated.

With such a configuration, in a network environment having a plurality of domains, switches (boundary switches) that serve as boundaries between domains can be easily set without concentrating the load on one controller (integrated controller 510).

  Further, each of the domain controllers may set an inter-domain processing rule for the boundary switch before the inter-domain communication is started.

  In this case, it is possible to reduce the resource consumption and load in the switch (boundary switch) that is the boundary between domains.

  In addition, the inter-domain processing rule set for the boundary switch includes designation of destination domain identification information described in a predetermined area of the received packet as information for specifying a predetermined inter-domain communication packet. Also good.

  Here, the “communication between predetermined domains” may be communication addressed to any other domain, communication addressed to a predetermined domain, or communication addressed to a predetermined terminal (belonging to another domain).

  Further, each of the domain controllers determines a route in the controlled domain in the predetermined inter-domain communication based on the domain boundary information and the topology information of the controlled domain, and the predetermined inter-domain communication is started. Before, for the intra-domain relay switch that is a relay switch in the path among the subordinate switches, information for identifying the packet of the communication and the target switch as an output destination port is a boundary switch in its own domain An inter-domain processing rule including designation of a port that can be reached may be set.

  In addition, a transfer packet that flows between switches in inter-domain communication has a header area in which a domain identifier, a switch identifier, and a terminal identifier are described. Each domain controller has a predetermined trigger under its control. An inter-domain processing rule in which assignment or deletion of the domain identifier, the switch identifier, and the terminal identifier is specified for the received packet may be set for the switch.

  Here, in “addition of information to a received packet”, a new region is added to the received packet and the information is described in a region added or a part of the region, or an existing region of the received packet is added. Rewriting the content of the information can be included. Further, in “deletion of information for received packet”, an area in which the information is described or an area including the area is deleted from the received packet, or a predetermined area in which the information of the received packet is described It may include writing back to the information before the information was written.

  A transfer packet that flows between switches in a domain other than the destination domain in inter-domain communication includes a first header area in which first destination identification information that identifies a switch and a terminal that are destinations in the destination domain is described. A second header area provided outside the first header area, wherein second destination identification information for identifying a switch and a terminal which are destinations in each domain being transferred is described. Each of the domain controllers is configured to add or delete the first destination identification information from the received packet to the predetermined subordinate switch or the second destination according to a predetermined trigger. Inter-domain processing rules in which identification information is assigned or deleted may be set.

  Here, the first destination identification information may include identification information of the destination terminal and identification information of the output edge switch that is a switch to which the destination terminal is connected. The second destination identification information includes identification information of a destination domain that is a domain to which the output edge switch belongs, identification information of a boundary switch in the domain being transferred, and a virtual terminal assigned as a connection destination of the boundary port The identification information may be included.

  Further, “addition of first destination identification information” may be to add the new header area to the received packet and then describe the first destination information in the original header area. In such a case, the “deletion of the first destination identification information” is performed by deleting the new header area added to the received packet and replacing the original header area with the information before the first destination identification information is described. It may be to write back.

  “Adding second destination identification information” adds a new header area in which the second destination information is described in the received packet, or adds an area in which the second destination information is described in the header area of the received packet. Alternatively, a part of the header area of the received packet may be rewritten with the contents of the second destination information. In such a case, “deletion of second destination identification information” is an area in which the header area newly added to the received packet is deleted or the second destination identification information added in the header area of the received packet is described. May be deleted, or the area in which the information of the received packet is written may be written back to the information before the information is written.

  Further, each domain controller receives the domain boundary information from the integrated controller, and after assigning virtual terminal information as a terminal connected to the boundary port to the topology information of the controlled domain, Information for identifying a packet for a predetermined terminal as a destination terminal in intra-domain communication, which is communication closed within the controlled domain, as information for identifying a packet for predetermined inter-domain communication for the intra-domain relay switch An inter-domain processing rule may be set that includes information in the same format and includes information that sets the destination terminal as a virtual terminal that is a connection destination of the boundary port with the destination domain.

  FIG. 23 is a block diagram showing an outline of the control device according to the invention. A control device 600 illustrated in FIG. 23 is a control device that operates as one of a plurality of domain controllers provided in a network system having a plurality of domains, and includes a topology management unit 601 and a processing rule setting unit 602.

  The topology management unit 601 (for example, the topology management unit 22) stores information on the topology of the control target domain.

  The processing rule setting unit 602 (for example, the switch management unit 21) sets a processing rule for processing the received packet for the subordinate switch. At this time, the processing rule setting unit 602 is an upper controller, and includes information on boundary ports that are received from an integrated controller that manages a network wider than the domain controller and that is a boundary with another domain in the control target domain. Based on the domain boundary information, it is a processing rule for transferring inter-domain communication packets that are cross-domain communication to a boundary switch having at least a boundary port among subordinate switches. Configure inter-domain processing rules that specify the ports that can reach the domain switch.

  By providing a network system having a plurality of domains with a control device having such a configuration, the resources of the switch (boundary switch) serving as a boundary between domains can be reduced without concentrating the load on one controller (integrated controller). Reduce consumption and load.

  The processing rule setting unit 602 may set an inter-domain processing rule for the boundary switch before inter-domain communication is started.

  In addition, said embodiment and an Example can be described also as the following additional remarks.

(Supplementary Note 1) A control target provided in a network system having a plurality of domains, each of which is received from an integrated controller that manages a network wider than the domain controller, wherein each domain controller stores topology information of the control target domain Based on domain boundary information including boundary port information that is a boundary with other domains in the domain, inter-domain communication that is communication across domains is performed for a boundary switch having at least the boundary port among subordinate switches. A routing control method, characterized in that a processing rule for forwarding a packet is set, wherein an inter-domain processing rule is specified in which a port that allows a target switch to reach a switch in another domain is designated.

  (Supplementary note 2) The path control method according to supplementary note 1, wherein each of the domain controllers sets an inter-domain processing rule for the boundary switch before inter-domain communication is started.

(Supplementary Note 3) A computer provided in a network controller having a plurality of domains, each provided with a domain controller that stores topology information of a controlled domain,
Based on the domain boundary information received from the integrated controller that manages a network wider than the domain controller and including boundary port information that becomes a boundary with another domain in the controlled domain, at least the boundary port of the subordinate switches This is a processing rule for transferring inter-domain communication packets that are cross-domain communication to a boundary switch that has an inter-domain process in which a port that can be reached by the target switch to a switch in another domain is specified. A route control program for realizing the process of setting rules.

  (Supplementary note 4) The route control program according to supplementary note 3, which causes a boundary switch to set an inter-domain processing rule before inter-domain communication is started in a process for setting an inter-domain processing rule in a computer.

(Supplementary Note 5) A plurality of switches that process received packets according to processing rules held by itself, a plurality of domain controllers that hold topology information of controlled domains and set the processing rules for subordinate switches, A packet transfer method for inter-domain communication that is communication across domains in a network system including an integrated controller that manages a network including the plurality of domains,
At least a boundary switch located at a domain boundary in a predetermined inter-domain communication path and an intra-domain relay switch that is a relay switch in each domain on the path, the domain controller of the own domain is from the integrated controller Received domain boundary information along a route in the domain of the specified domain that is determined based on domain boundary information including boundary port information that is a boundary with other domains in the controlled domain. Inter-domain processing rules for forwarding packets are set before the corresponding inter-domain communication starts,
When inter-domain communication is newly started, the input side edge switch located at the start point of the communication path inquires the domain controller of the own domain about the flow of the communication. As a result, the domain controller obtains from the integrated controller. After rewriting the header area of the received packet in accordance with the inter-domain processing rules set based on the received information, transmit from a predetermined port connected to the next-stage switch on the route in the own domain,
The intra-domain relay switch, which is a relay switch in each domain on the communication path, connects the received packet to the next-stage switch in the path within the own domain in accordance with a pre-domain processing rule. Forwarded to a boundary switch located at the boundary of its own domain in the communication path,
The output side boundary switch located on the start point side of the domain boundary on the communication path transmits a received packet from a predetermined boundary port according to a preset inter-domain processing rule,
The input side boundary switch located on the end point side of the domain boundary on the communication path connects the received packet to the next-stage switch on the path in the own domain in accordance with a predetermined inter-domain processing rule. Send from a given port,
The output side edge switch located at the end point of the communication path uses a preset inter-domain processing rule or an inter-domain processing rule obtained as a result of inquiring the communication flow to the domain controller. A packet transfer method, wherein the packet is transmitted from a predetermined port connected to the destination terminal after writing back.

  Here, “in advance” may be before the corresponding inter-domain communication is started. The same applies hereinafter.

(Appendix 6) The integrated controller transmits domain boundary information including information on boundary ports that are boundaries with other domains in the control target domain in advance to each domain controller,
The packet transfer method according to claim 5, wherein each of the domain controllers determines a route in a control target domain between predetermined domains based on domain boundary information received from the integrated controller.

(Supplementary note 7) The input-side edge switch describes the domain identifier, the switch identifier, and the terminal identifier as information about the destination in the header area of the received packet in accordance with the set inter-domain processing rule. Sent from the port
The intra-domain relay switch of each domain is an inter-domain processing rule set in advance, and is selected based on the switch identifier and the terminal identifier described in the header area of the received packet. To send the received packet from the specified port,
The output-side boundary switch or the input-side boundary switch is an inter-domain processing rule that is set in advance, and according to the inter-domain processing rule selected based at least on the domain identifier described in the header area of the received packet. After rewriting the header area of the received packet, send it from the specified port,
The output-side edge switch has a predetermined inter-domain processing rule, and the received packet in accordance with the inter-domain processing rule selected based on the switch identifier and the terminal identifier described in the header area of the received packet. The packet transfer method according to appendix 5 or appendix 6, wherein the header area is written back and transmitted from a predetermined port connected to the destination terminal.

  While the present invention has been described with reference to the present embodiment and examples, the present invention is not limited to the above embodiment and examples. Various changes that can be understood by those skilled in the art can be made to the configuration and details of the present invention within the scope of the present invention.

  The present invention can be applied to a network system having a network environment including a plurality of domains.

DESCRIPTION OF SYMBOLS 1, 2 Terminal 10 Integrated controller 11 Controller management part 12 Topology management part 13 Interdomain path | route calculation part 20 Domain controller 21 Switch management part 22 Topology management part 23 Intradomain path | route calculation part 24 Processing rule production | generation part 25 Integrated controller I / F part 30 Network equipment 20-1 to 20-3 OFC
30-1 to 30-6 OFS
DESCRIPTION OF SYMBOLS 100 Communication network 510 Integrated controller 520 Domain controller 600 Control apparatus 521,601 Topology management part 522,602 Processing rule setting part 530 Switch

Claims (10)

A plurality of switches that process received packets according to processing rules held by itself,
A plurality of domain controllers that hold the topology information of the domain to be controlled and set the processing rules for subordinate switches;
Each of the domain controllers includes an integrated controller that transmits domain boundary information including information on boundary ports that are boundaries with other domains in the controlled domain,
Each of the domain controllers, based on the domain boundary information received from the integrated controller, transmits a packet of inter-domain communication that is communication across domains to a boundary switch having at least the boundary port among subordinate switches. An inter-domain processing rule in which a processing rule for forwarding, in which a port in which a target switch can reach a switch in another domain is specified, is set. The network system according to claim 1, wherein each of the domain controllers sets an inter-domain processing rule for the boundary switch before inter-domain communication is started. The inter-domain processing rule set for the boundary switch includes designation of destination domain identification information described in a predetermined area of a received packet as information for specifying a predetermined inter-domain communication packet. Or the network system of Claim 2. Each of the domain controllers determines a route in the controlled domain in the predetermined inter-domain communication based on the domain boundary information and the topology information of the controlled domain, and before the predetermined inter-domain communication is started. In addition, for the intra-domain relay switch that is a relay switch in the route among the subordinate switches, information for specifying the communication packet, and the target switch as an output destination port is a boundary switch in the own domain. The network system according to any one of claims 1 to 3, wherein an inter-domain processing rule including designation of a port that can be reached is set. A transfer packet that flows between switches in inter-domain communication has a header area in which a domain identifier, a switch identifier, and a terminal identifier are described,
Each domain controller sets an inter-domain processing rule in which given domain identifiers, switch identifiers, and terminal identifiers are assigned to or deleted from received packets to predetermined subordinate switches at predetermined triggers. The network system according to any one of claims 1 to 4. A transfer packet that flows between switches in a domain other than the destination domain in inter-domain communication includes a first header area in which first destination identification information that identifies a switch and a terminal that are destinations in the destination domain is described; A second header area provided outside the first header area, the destination domain identification information, and the second destination identification information for identifying the switch and terminal that are the destination in each domain being transferred And a second header area described in
Each of the domain controllers is designated to give or delete the first destination identification information or to give or delete the second destination identification information to a received packet to a predetermined switch under a predetermined trigger. The network system according to claim 1, wherein an inter-domain processing rule is set. A control device that operates as one of a plurality of domain controllers provided in a network system having a plurality of domains,
A topology management unit that stores topology information of the controlled domain;
A processing rule setting unit for setting a processing rule for processing a received packet for a subordinate switch;
The processing rule setting unit is subordinate based on domain boundary information received from an integrated controller that manages a network wider than the domain controller and including boundary port information that is a boundary with another domain in the controlled domain. A processing rule for transferring inter-domain communication packets that are cross-domain communication to a boundary switch having at least the boundary port among the switches, and a port that allows the target switch to reach a switch in another domain Sets a processing rule between domains designated by. A plurality of domain controllers, each of which is provided in a network system having a plurality of domains, each storing topology information of a controlled domain are received from an integrated controller that manages a network wider than the domain controller. Based on the domain boundary information including boundary port information that is a boundary with the domain, a packet of inter-domain communication that is communication across domains is forwarded to a boundary switch having at least the boundary port among subordinate switches. A routing control method comprising: setting an inter-domain processing rule in which a port that allows a target switch to reach a switch in another domain is designated. A plurality of computers provided in a network system having a plurality of domains, each of which includes a computer included in a domain controller that stores topology information of a controlled domain,
Based on the domain boundary information received from the integrated controller that manages a network wider than the domain controller and including boundary port information that becomes a boundary with another domain in the controlled domain, at least the boundary port of the subordinate switches This is a processing rule for transferring inter-domain communication packets that are cross-domain communication to a boundary switch that has an inter-domain process in which a port that can be reached by the target switch to a switch in another domain is specified. A route control program for realizing the process of setting rules. A plurality of switches that process received packets in accordance with processing rules held by itself, a plurality of domain controllers that hold topology information of controlled domains, and set the processing rules for subordinate switches, and the plurality of domains A packet transfer method for inter-domain communication, which is communication across domains, in a network system including an integrated controller for managing a network including:
At least a boundary switch located at a domain boundary in a predetermined inter-domain communication path and an intra-domain relay switch that is a relay switch in each domain on the path, the domain controller of the own domain is from the integrated controller Received domain boundary information along a route in the domain of the specified domain that is determined based on domain boundary information including boundary port information that is a boundary with other domains in the controlled domain. Inter-domain processing rules for forwarding packets are set before the corresponding inter-domain communication starts,
When inter-domain communication is newly started, the input side edge switch located at the start point of the communication path inquires the domain controller of the own domain about the flow of the communication. As a result, the domain controller obtains from the integrated controller. After rewriting the header area of the received packet in accordance with the inter-domain processing rules set based on the received information, transmit from a predetermined port connected to the next-stage switch on the route in the own domain,
The intra-domain relay switch, which is a relay switch in each domain on the communication path, connects the received packet to the next-stage switch in the path within the own domain in accordance with a pre-domain processing rule. Forwarded to a boundary switch located at the boundary of its own domain in the communication path,
The output side boundary switch located on the start point side of the domain boundary on the communication path transmits a received packet from a predetermined boundary port according to a preset inter-domain processing rule,
The input side boundary switch located on the end point side of the domain boundary on the communication path connects the received packet to the next-stage switch on the path in the own domain in accordance with a predetermined inter-domain processing rule. Send from a given port,
The output side edge switch located at the end point of the communication path uses a preset inter-domain processing rule or an inter-domain processing rule obtained as a result of inquiring the communication flow to the domain controller. A packet transfer method, wherein the packet is transmitted from a predetermined port connected to the destination terminal after writing back.

Images