WO2012093429A1 - Communication control system, control server, forwarding node, communication control method, and communication control program - Google Patents
Communication control system, control server, forwarding node, communication control method, and communication control program Download PDFInfo
- Publication number
- WO2012093429A1 WO2012093429A1 PCT/JP2011/005928 JP2011005928W WO2012093429A1 WO 2012093429 A1 WO2012093429 A1 WO 2012093429A1 JP 2011005928 W JP2011005928 W JP 2011005928W WO 2012093429 A1 WO2012093429 A1 WO 2012093429A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- packet
- communication device
- address
- logical network
- forwarding node
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/54—Organization of routing tables
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
Definitions
- the present invention relates to a communication control system, a control server, a forwarding node, a communication control method, and a communication control program for performing centralized control of packet communication paths.
- OpenFlow is a technology that treats communication as an end-to-end flow, and performs path control and the like on a flow-by-flow basis.
- a network based on OpenFlow (hereafter referred to as an OpenFlow network) includes an OpenFlow controller (hereafter also referred to as an OFC) for performing path control and an OpenFlow switch (hereafter also referred to as an OFS) for forwarding a packet based on a path determined by the OpenFlow controller.
- an OpenFlow controller hereafter also referred to as an OFC
- OFS OpenFlow switch
- path information is represented by a flow entry that includes: a packet matching rule for associating a packet with a flow; and an action for designating an operation to be performed by the OpenFlow switch in the case of receiving the flow.
- the packet matching rule is expressed as a condition corresponding to field values of various headers in the packet. Examples of such field values of various headers include an Ethernet (registered trademark) header, an IP (Internet Protocol) header, a TCP (Transmission Control Protocol) header, and so on.
- the condition designated as the packet matching rule may be a condition of being exactly equal to a specific value, or a condition of satisfying an arbitrary value or a specific condition (e.g. an IP address is included in a specific IP subnet).
- examples of the action include outputting from a designated port, discarding, modifying a specific field in a header, and so on. Note that it is possible to designate a plurality of actions in one flow entry.
- the OpenFlow switch receives the packet.
- the OpenFlow switch searches a flow entry list (flow table) set in the OpenFlow switch, for a flow entry including a packet matching rule that matches the received packet.
- the OpenFlow switch applies an action of the flow entry to the received packet, and ends the process.
- the OpenFlow switch sends the received packet to the OpenFlow controller.
- the OpenFlow controller determines a path and a process for the received packet, and instructs the OpenFlow switch to add the flow entry.
- Patent Literature 1 A packet routing method that employs a VPN (Virtual Private Network) is described in Patent Literature (PTL) 1.
- PTL Patent Literature 1
- the received packet upon receipt of a packet including a VLAN (Virtual Local Area Network) tag that indicates where a terminal belongs to, the received packet is transmitted to a corresponding virtual hub based on the VLAN tag.
- Each virtual hub learns a relation between a source MAC (Media Access Control) address in a user MAC header of a received packet and a terminal-side virtual interface termination through which the packet has passed.
- VLAN Virtual Local Area Network
- a packet forwarding device for collectively handling a plurality of flows is described in PTL 2.
- the packet forwarding device described in PTL 2 outputs a flow bundle identifier common to flows identified based on header information of an input packet, and performs predetermined arithmetic processing on the flow bundle identifier.
- a network management device is described in PTL 3.
- the network management device described in PTL 3 stores link information indicating connection relations between nodes in a physical network and information of a logical network to which the link information belongs.
- a communication device such as a server or a client which connects to and communicates with the OpenFlow switch is not required to have any special function.
- the communication device which connects to the OpenFlow switch can perform communication using a conventional TCP/IP protocol.
- the communication device executes an ARP (Address Resolution Protocol)-based process for address resolution between an IP layer and an Ethernet layer, before sending an IP packet. To do so, the communication device sends an ARP request packet including an IP address subjected to resolution, to a L2 (Layer 2) broadcast address.
- ARP Address Resolution Protocol
- a target communication device assigned the IP address subjected to resolution is required to return an ARP reply packet including a MAC address of the target communication device, upon receiving the ARP request.
- the requesting communication device and the communication device assigned the IP address subjected to resolution tend to belong to the same L2 broadcast domain and be connected to the same Ethernet switch or adjacent Ethernet switches. Accordingly, the destination of the ARP request packet is limited to the L2 broadcast domain.
- a physical network is shared by a plurality of customers. That is, a network (hereafter referred to as a user network) of each customer is serviced using a common physical network.
- a network hereafter referred to as a user network
- IP address space used by each customer is independently managed, and so there is a possibility that a plurality of customers use overlapping IP address spaces.
- the data center it is necessary to multiplex traffic of each user network without depending on the used IP address.
- multiplexing is performed using a VLAN (Virtual Local Area Network).
- VLAN Virtual Local Area Network
- the number of networks that can be identified is limited to 4094.
- OpenFlow network even if different IP address exist on a traffic, it is possible to route each packet having each IP address as it can be recognized each flow corresponding to each network. For example, by identifying a flow using not only an IP address but also a MAC address, it is possible to multiplex a plurality of network services that use overlapping address spaces.
- a condition matching a plurality of values can be designated in a packet matching rule of a flow entry. For example, suppose a group of communication devices belonging to one subnet is connected to the same OpenFlow switch. In such a case, creating a separate flow entry for each communication device causes an increase in the number of flow entries. The number of flow entries, however, can be reduced by aggregating the individual flow entries of the communication devices into one flow entry for the subnet. Thus, the flow entries set in other OpenFlow switches with regard to the group of communication devices can be aggregated.
- the packet routing method described in PTL 1 is based on a premise that, in order to direct a packet received from a terminal to a corresponding virtual hub in a router, identification information such as a VLAN tag is included in the packet beforehand. It is desirable that traffic of each user network can be multiplexed without a need to be aware of such identification information on a communication device side.
- an exemplary object of the present invention is to provide a communication control system, a control server, a forwarding node, a communication control method, and a communication control program that can perform interlayer address resolution efficiently and, in the case of multiplexing a plurality of network services, aggregate flow entries indicating processes for packets.
- a communication control system is a communication control system comprising: a forwarding node for holding a process rule defining a feature of a packet and a process for the packet corresponding to the feature, and processing the packet received from another device based on the process rule; and a control server for controlling the process rule held in the forwarding node, wherein the control server includes: network information storage means for storing a logical network identifier which is an identifier of a logical network defined by setting of the forwarding node, and a correspondence relation between a device connected to the forwarding node and the logical network; and address resolution means for, upon receiving from the forwarding node an address resolution request for a destination communication device which is a destination of the packet or a communication device for forwarding the packet received from a source communication device which is a source of the packet to another device, performing interlayer address resolution for the destination communication device or the communication device, and setting the logical network identifier of the logical network to which the source communication device belongs, in a resolved address which
- a control server is a control server for controlling a process rule that is held in a forwarding node for processing a packet received from another device based on the process rule and that defines a feature of the packet and a process for the packet corresponding to the feature
- the control server comprising: network information storage means for storing a logical network identifier which is an identifier of a logical network defined by setting of the forwarding node, and a correspondence relation between a device connected to the forwarding node and the logical network; and address resolution means for, upon receiving from the forwarding node an address resolution request for a destination communication device which is a destination of the packet or a communication device for forwarding the packet received from a source communication device which is a source of the packet to another device, performing interlayer address resolution for the destination communication device or the communication device, and setting the logical network identifier of the logical network to which the source communication device belongs, in a resolved address which is an address obtained as a result of the address resolution.
- a forwarding node is a forwarding node for holding a process rule defining a feature of a packet and a process for the packet corresponding to the feature, and processing the packet received from another device based on the process rule, the forwarding node comprising: network information storage means for storing a logical network identifier which is an identifier of a logical network defined by setting of the forwarding node, and a correspondence relation between a device connected to the forwarding node and the logical network; and address resolution means for, upon receiving, from a source communication device which is a source of the packet, an address resolution request for a destination communication device which is a destination of the packet or a communication device for forwarding the packet received from the source communication device to another device, performing interlayer address resolution for the destination communication device or the communication device, and setting the logical network identifier of the logical network to which the source communication device belongs, in a resolved address which is an address obtained as a result of the address resolution.
- a communication control method is a communication control method wherein a control server including network information storage means for storing: a logical network identifier which is an identifier of a logical network defined by setting of a forwarding node for processing a packet received from another device based on a process rule defining a feature of the packet and a process for the packet corresponding to the feature; and a correspondence relation between a device connected to the forwarding node and the logical network performs, upon receiving from the forwarding node an address resolution request for a destination communication device which is a destination of the packet or a communication device for forwarding the packet received from a source communication device which is a source of the packet to another device, interlayer address resolution for the destination communication device or the communication device, and wherein the control server sets the logical network identifier of the logical network to which the source communication device belongs, in a resolved address which is an address obtained as a result of the address resolution.
- a communication control program is a communication control program applied to a computer for controlling a process rule that is held in a forwarding node for processing a packet received from another device based on the process rule and that defines a feature of the packet and a process for the packet corresponding to the feature
- the computer including network information storage means for storing a logical network identifier which is an identifier of a logical network defined by setting of the forwarding node, and a correspondence relation between a device connected to the forwarding node and the logical network
- the communication control program causing the computer to execute an address resolution process of, upon receiving from the forwarding node an address resolution request for a destination communication device which is a destination of the packet or a communication device for forwarding the packet received from a source communication device which is a source of the packet to another device, performing interlayer address resolution for the destination communication device or the communication device, and setting the logical network identifier of the logical network to which the source communication device belongs, in a resolved address which is an address obtained as
- Another communication control program is a communication control program applied to a computer for holding a process rule defining a feature of a packet and a process for the packet corresponding to the feature, a logical network identifier which is an identifier of a logical network defined by setting of the computer, and a correspondence relation between a device connected to the computer and the logical network, and processing the packet received from another device based on the process rule, the communication control program causing the computer to execute an address resolution process of, upon receiving, from a source communication device which is a source of the packet, an address resolution request for a destination communication device which is a destination of the packet or a communication device for forwarding the packet received from the source communication device to another device, performing interlayer address resolution for the destination communication device or the communication device, and setting the logical network identifier of the logical network to which the source communication device belongs, in a resolved address which is an address obtained as a result of the address resolution.
- interlayer address resolution can be performed efficiently and, in the case of multiplexing a plurality of network services, flow entries indicating processes for packets can be aggregated.
- Fig. 1 is an explanatory diagram showing an example of a structure of a communication control system according to the present invention.
- Fig. 2 is a block diagram showing an example of a structure of a control server.
- Fig. 3 is an explanatory diagram showing an example of network information.
- Fig. 4 is an explanatory diagram showing an example of topology information.
- Fig. 5 is a block diagram showing an example of a structure of a forwarding node.
- Fig. 6 is a sequence diagram showing an example of an operation of a communication control system in Exemplary Embodiment 1 of the present invention.
- Fig. 7 is a sequence diagram showing an example of an operation of the control server when creating an ARP reply.
- Fig. 1 is an explanatory diagram showing an example of a structure of a communication control system according to the present invention.
- Fig. 2 is a block diagram showing an example of a structure of a control server.
- Fig. 3 is an explanatory diagram showing an example of network
- FIG. 8 is a sequence diagram showing an example of an operation of the control server when creating a flow entry.
- Fig. 9 is an explanatory diagram showing an example of a flow table.
- Fig. 10 is an explanatory diagram showing an example of an ARP cache entry.
- Fig. 11 is a block diagram showing an example of a structure of a forwarding node in a variation of Exemplary Embodiment 1.
- Fig. 12 is an explanatory diagram showing an example of a flow table.
- Fig. 13 is a sequence diagram showing an example of an operation of a control server when creating an ARP reply.
- Fig. 14 is a sequence diagram showing an example of an operation of a communication control system in Exemplary Embodiment 3 of the present invention.
- Fig. 15 is a sequence diagram showing an example of an ARP reply operation of a forwarding node.
- Fig. 16 is a block diagram showing an example of a minimum structure of a communication control system according to the present invention.
- Fig. 17 is a block diagram showing an example of a minimum structure of a control server according to the present invention.
- Fig. 18 is a block diagram showing an example of a minimum structure of a forwarding node according to the present invention.
- Fig. 1 is an explanatory diagram showing an example of a structure of a communication control system according to the present invention.
- the communication control system illustrated in Fig. 1 includes a control server 100, forwarding nodes 200-1 to 200-3, communication devices 300-1 to 300-4, and a control network 400.
- the forwarding nodes 200-1 to 200-3 each connect to and communicate with another forwarding node and a communication device.
- paths of communication performed by the forwarding nodes 200-1 to 200-3 are shown by solid lines.
- the forwarding nodes 200-1 to 200-3 each connect to the control network 400, and perform control communication (control channel) with the control server 100 via the control network 400.
- paths of communication performed between the control server 100 and the forwarding nodes 200-1 to 200-3 are shown by dashed lines. Note that the numbers of devices and their connection relations in Fig. 1 are merely an example, and the communication control system according to the present invention is not limited to the structure illustrated in Fig. 1.
- the forwarding nodes 200-1 to 200-3 each receive a packet from a communication device or another forwarding node connected with the forwarding node, and process the received packet based on a process rule (flow entry) included in a flow table held in the forwarding node.
- the forwarding nodes 200-1 to 200-3 are each a node that performs some kind of process on the received packet or forwards the received packet to another device.
- the forwarding nodes 200-1 to 200-3 each notify the control server 100 of the received packet in the case where the flow entry corresponding to the received packet does not exist in the flow table.
- the forwarding nodes 200-1 to 200-3 are each a device corresponding to an OpenFlow switch in the OpenFlow network.
- the control server 100 receives a packet whose corresponding flow entry (process rule) does not exist from any of the forwarding nodes 200-1 to 200-3, and computes a path of the packet.
- the control server 100 is a server for controlling communication in the communication control system by instructing the forwarding nodes 200-1 to 200-3 to add a flow entry corresponding to a received packet.
- the control server 100 issues an instruction to change, such as add or delete, a process rule in the forwarding nodes 200-1 to 200-3.
- the control server 100 can be regarded as a device for controlling a process rule held in a forwarding node.
- the control server 100 is a device corresponding to an OpenFlow controller in the OpenFlow network.
- the communication devices 300-1 to 300-4 are each a communication device that uses a communication protocol requiring an interlayer address resolution protocol to be executed between a higher layer communication protocol and a lower layer communication protocol, in a process of communicating with another communication device (communication device).
- the communication devices 300-1 to 300-4 each perform address resolution between a higher layer and a lower layer, according to the address resolution protocol.
- the following description takes an example where the communication devices 300-1 to 300-4 use IP as the higher layer protocol, Ethernet as the lower layer protocol, and ARP as the interlayer address resolution protocol.
- the control network 400 is a communication network enabling communication of control messages between the control server 100 and the forwarding nodes 200-1 to 200-3.
- the control network 400 is realized as a network in which an Ethernet switch, an IP router, and the like are connected to each other.
- a network identifier for identifying each user network (logical network) serviced by the forwarding nodes 200-1 to 200-3 is utilized in a physical network formed using the forwarding nodes 200-1 to 200-3.
- a user network mentioned here is a logical network defined by setting of a forwarding node.
- Servicing a user network by a forwarding node means that a process (e.g. a forwarding process or a discarding process) for each packet used in communication in the user network is performed by the forwarding node.
- the following process is performed: returning a network identifier of a user network to which the communication device belongs, to the communication device as an address as a result of resolution (resolved address).
- a network identifier is used for identifying a flow.
- each of the forwarding nodes 200-1 to 200-3 may be simply referred to as the forwarding node.
- FIG. 2 is a block diagram showing an example of a structure of the control server 100.
- the control server 100 illustrated in Fig. 2 includes a control channel processing unit 101, a network information management unit 102, a topology information management unit 103, an address resolution processing unit 104, a flow entry creating unit 105, a network information storage unit 106, and a topology information storage unit 107.
- the control channel processing unit 101 is connected to the control network 400, and performs control communication (control channel) with a control channel processing unit 201 in each of the forwarding nodes 200-1 to 200-3 described later, via the control network 400.
- Examples of communication by the control channel include: notifying a packet from the forwarding node to the control server 100; sending a packet from the control server 100 to the forwarding node; and instructing the forwarding node to add, delete, or modify a flow entry by the control server 100.
- the network information storage unit 106 stores network information (logical network information) about the user networks serviced by the forwarding nodes 200-1 to 200-3.
- network information storage unit 106 stores the network identifier for identifying each user network and correspondence relations between ports in the forwarding nodes 200-1 to 200-3 and the user networks, as the network information.
- the network information may be manually set in the network information storage unit 106. Alternatively, the network information may be automatically set in the network information storage unit 106. For instance, when a communication device connects to a forwarding node, the network information management unit 102 described later executes IEEE 802.1X authentication. The network information management unit 102 specifies a user network to which the connected communication device belongs, based on information obtained at the time of authentication. The network information management unit 102 then stores a correspondence relation between a port of the forwarding node to which the communication device is connected and the user network, in the network information storage unit 106. In this way, the network information can be automatically set in the network information storage unit 106.
- Fig. 3 is an explanatory diagram showing an example of the network information stored in the network information storage unit 106.
- Fig. 3(A) shows an example of a list indicating the network identifier of each user network.
- Fig. 3(B) shows an example of a list indicating which user network a communication device connected to each port of the forwarding nodes 200-1 to 200-3 belongs to.
- the first line of the list illustrated in Fig. 3(B) indicates that a communication device connected to a port of any of port identifiers 10 to 19 in the forwarding node 200-1 belongs to the user network 501.
- the network information management unit 102 manages the network information stored in the network information storage unit 106. In detail, the network information management unit 102 returns the network information stored in the network information storage unit 106, in response to a request from another device. The network information management unit 102 also performs addition, update, deletion, or the like on the network information stored in the network information storage unit 106.
- the topology information storage unit 107 stores network topology information (hereafter simply referred to as topology information). Examples of the topology information stored in the topology information storage unit 107 include: connection relations between forwarding nodes and between forwarding nodes and communication devices; and a higher layer address (IP address) and a lower layer address (MAC address) used by each communication device.
- IP address higher layer address
- MAC address lower layer address
- Fig. 4 is an explanatory diagram showing an example of the topology information stored in the topology information storage unit 107.
- Fig. 4(A) shows an example of a list indicating the connection relations between the forwarding nodes and between the forwarding nodes and the communication devices. For instance, the first line of the list illustrated in Fig. 4(A) indicates that a port of a port identifier 1 of the communication device 300-1 and a port of a port identifier 10 of the forwarding node 200-1 are connected to each other.
- Fig. 4(B) shows an example of a list of the IP address and the MAC address used by each communication device.
- the first line of the list illustrated in Fig. 4(B) indicates that the port of the port identifier 1 of the communication device 300-1 uses an IP address "192.168.100.1" and a MAC address "01:00:00:03:00:01".
- the topology information management unit 103 detects a network topology in the communication control system, and manages the network topology as the topology information. In detail, the topology information management unit 103 stores the detected topology information in the topology information storage unit 107. The topology information management unit 103 may use the control channel, for sending/receiving a packet relating to topology detection to/from an arbitrary port of an arbitrary forwarding node.
- a typical method is used as a method of detecting the topology by the topology information management unit 103.
- Example techniques of topology detection by the topology information management unit 103 include LLDP (Link Layer Discovery Protocol), cooperation with DHCP (Dynamic Host Configuration Protocol) snooping or a DHCP server, cooperation with user authentication (e.g. IEEE 802.1X), detection of a gratuitous ARP packet sent from a communication device, and STP (Spanning Tree Protocol).
- the address resolution processing unit 104 receives an address resolution request (ARP request) sent from a communication device via the control channel processing unit 101, and creates an address resolution reply (ARP reply).
- ARP request an address resolution request
- ARP reply an address resolution reply
- the address resolution processing unit 104 creates the ARP reply that includes a network identifier of a user network to which the communication device sending the ARP request belongs, as a MAC address (resolved address) corresponding to an IP address for which resolution is requested in the ARP request.
- the address resolution processing unit 104 upon receiving an address resolution request (ARP request) for a destination communication device (the communication device 300-2 in this example) from the forwarding node 200-1, the address resolution processing unit 104 performs interlayer address resolution (ARP reply) of the destination communication device. For example, upon receiving an IP address which is a higher layer address from the forwarding node 200-1, the address resolution processing unit 104 resolves a MAC address which is a lower layer address.
- ARP request address resolution request
- ARP reply interlayer address resolution
- the address resolution processing unit 104 sets a logical network identifier of a logical network to which a source communication device of a packet belongs, in the address (resolved address) obtained as a result of address resolution. For instance, the address resolution processing unit 104 sets the logical network identifier of the logical network to which the communication device (the communication device 300-1 in this example) sending the ARP request belongs, in the lower layer address (MAC address in this example) included in the resolved address (ARP reply).
- the flow entry creating unit 105 performs path computation and creates a flow entry, in response to a request from the control channel processing unit 101.
- the flow entry creating unit 105 upon receiving a flow entry creation request from a forwarding node via the control channel processing unit 101, the flow entry creating unit 105 first computes a path of a flow subjected to flow entry creation.
- a typical method is used as a method of computing the path by the flow entry creating unit 105.
- the flow entry creating unit 105 may compute the path by a shortest path method, or compute the path based on STP (Spanning Tree Protocol). After computing the path, the flow entry creating unit 105 creates a flow entry to be added for each forwarding node on the computed path. The flow entry creating unit 105 then notifies the control channel processing unit 101 of the created flow entry. The control channel processing unit 101 sends the notified flow entry to each forwarding node, thereby instructing the forwarding node to add the flow entry as a process rule.
- STP Segming Tree Protocol
- the control channel processing unit 101, the network information management unit 102, the topology information management unit 103, the address resolution processing unit 104, and the flow entry creating unit 105 are realized by a CPU of a computer operating according to a program (communication control program).
- the program may be stored in a storage unit (not shown) in the control server 100, with the CPU reading the program and, according to the program, operating as the control channel processing unit 101, the network information management unit 102, the topology information management unit 103, the address resolution processing unit 104, and the flow entry creating unit 105.
- the control channel processing unit 101, the network information management unit 102, the topology information management unit 103, the address resolution processing unit 104, and the flow entry creating unit 105 may be each realized by dedicated hardware.
- the network information storage unit 106 and the topology information storage unit 107 are realized by a magnetic disk or the like.
- Fig. 5 is a block diagram showing an example of a structure of each of the forwarding nodes 200-1 to 200-3.
- Each of the forwarding nodes 200-1 to 200-3 illustrated in Fig. 5 includes the control channel processing unit 201, a forwarding processing unit 202, and a flow table storage unit 203.
- the control channel processing unit 201 is connected to the control network 400, and performs control communication (control channel) with the control channel processing unit 101 in the control server 100 via the control network 400.
- control channel processing unit 201 When notified of a packet whose corresponding flow entry does not exist from the forwarding processing unit 202, the control channel processing unit 201 notifies the control server 100 of the packet using the control channel.
- control channel processing unit 201 upon receiving an instruction to add, modify, or delete a flow entry from the control server 100 via the control channel, instructs the forwarding processing unit 202 to change the flow table based on the received instruction. Upon receiving an instruction to output a packet from the control server 100 via the control channel, the control channel processing unit 201 instructs the forwarding processing unit 202 to output the packet based on the received instruction.
- the flow table storage unit 203 stores the flow table including a process rule (flow entry).
- the process rule (flow entry) is stored in the flow table storage unit 203 by the forwarding processing unit 202 described later.
- the forwarding processing unit 202 is connected to another device (e.g. a communication device or another forwarding node), and sends/receives a packet to/from the connected device.
- the forwarding processing unit 202 also manages the flow table stored in the flow table storage unit 203.
- the forwarding processing unit 202 Upon receiving a packet from another device, the forwarding processing unit 202 searches the flow table for a flow entry corresponding to the received packet. In the case where the flow entry corresponding to the received packet is found in the flow table, the forwarding processing unit 202 performs a process according to an action of the flow entry. In the case where the flow entry corresponding to the received packet is not found in the flow table, the forwarding processing unit 202 notifies the control channel processing unit 201 that the flow entry corresponding to the received packet does not exist.
- the forwarding processing unit 202 includes a plurality of ports for communicating with another device. Each of the plurality of ports is connected to a different one of ports of other forwarding nodes or communication devices. Each of the plurality of ports is identified by a port identifier.
- Examples of the process performed by the forwarding processing unit 202 according to the action of the flow entry include the following processes. Note that the number of processes performed by the forwarding processing unit 202 is not limited to one, and may be two or more. Besides, the process designated by the action of the flow entry is not limited to the following processes.
- control channel processing unit 201 and the forwarding processing unit 202 are realized by a CPU of a computer operating according to a program. Alternatively, the control channel processing unit 201 and the forwarding processing unit 202 may be each realized by dedicated hardware.
- Fig. 6 is a sequence diagram showing an example of the operation of the communication control system in Exemplary Embodiment 1.
- An operation when a communication device connected to the communication control system according to the present invention sends a packet is described below, with reference to the sequence diagram shown in Fig. 6.
- the communication device 300-1 performs address resolution of an IP address of the communication device 300-2, and sends a packet destined to the communication device 300-2. It is assumed here that, before the operation illustrated in Fig.
- the communication device 300-1 knows the IP address of the communication device 300-2 but does not know a MAC address of the communication device 300-2, a flow entry relating to communication from the communication device 300-1 to the communication device 300-2 is not set in the forwarding nodes 200-1 to 200-3, and the control server 100 has already obtained (computed) the topology information and the network information.
- the communication device 300-1 sends an ARP request in which the IP address (target protocol address) subjected to resolution is the IP address of the communication device 300-2, to the forwarding node 200-1 (step S101).
- the forwarding processing unit 202 in the forwarding node 200-1 searches for a flow entry corresponding to the received ARP request (step S102). In this case, however, the flow entry corresponding to the received ARP request does not exist in the flow table. Accordingly, the control channel processing unit 201 in the forwarding node 200-1 sends the received ARP request to the control server 100 via the control channel (step S103).
- control server 100 When the control server 100 receives the ARP request sent in step S103, the address resolution processing unit 104 in the control server 100 creates an ARP reply to the received ARP request (step S104). A detailed operation of the control server 100 when creating the ARP reply will be described later.
- the control channel processing unit 101 in the control server 100 instructs the forwarding node 200-1 to send the ARP reply created in step S104 to the communication device 300-1, via the control channel (step S105).
- the forwarding processing unit 202 in the forwarding node 200-1 Upon receiving the ARP reply sent in step S105, the forwarding processing unit 202 in the forwarding node 200-1 sends the received ARP reply to the communication device 300-1 (step S106). Upon receiving the ARP reply, the communication device 300-1 creates a corresponding ARP cache entry based on the received ARP reply.
- the communication device 300-1 sends the packet destined to the communication device 300-2, to the forwarding node 200-1 (step S107).
- a MAC address in a sender hardware address field in the ARP reply is set in a destination MAC address of the sent packet
- a MAC address of the communication device 300-1 is set in a source MAC address of the sent packet.
- the IP address of the communication device 300-2 is set in a destination IP address of the sent packet
- an IP address of the communication device 300-1 is set in a source IP address of the sent packet.
- the packet sent from the communication device 300-1 is hereafter referred to as a processing target packet.
- the forwarding processing unit 202 in the forwarding node 200-1 searches the flow table for a flow entry corresponding to the received processing target packet (step S108). In this case, however, the flow entry corresponding to the processing target packet does not exist in the flow table. Accordingly, the control channel processing unit 201 in the forwarding node 200-1 sends the processing target packet to the control server 100 via the control channel (step S109). Here, the forwarding processing unit 202 in the forwarding node 200-1 stores the processing target packet in a queue, for subsequent sending.
- the flow entry creating unit 105 in the control server 100 creates a flow entry corresponding to the processing target packet (step S110). A detailed operation of the control server 100 when creating the flow entry will be described later.
- the control channel processing unit 101 in the control server 100 instructs the forwarding nodes 200-1 and 200-2 to add the flow entry created in step S110 to the flow table, via the control channel (step S111).
- the forwarding processing unit 202 in each of the forwarding nodes 200-1 and 200-2 receiving the instruction adds the flow entry to the flow table.
- the control channel processing unit 101 in the control server 100 also instructs the forwarding node 200-1 to process the processing target packet stored in the queue in the forwarding node 200-1 in step S108, according to the flow table (step S112).
- the forwarding processing unit 202 in the forwarding node 200-1 sends the processing target packet to the forwarding node 200-2, according to the flow entry added in step S111 (step S113).
- the forwarding processing unit 202 in the forwarding node 200-2 searches the flow table for the flow entry corresponding to the received processing target packet (step S114). In this case, the flow entry added in step S111 exists in the flow table, so that the forwarding processing unit 202 in the forwarding node 200-2 can find the flow entry corresponding to the processing target packet. Accordingly, the forwarding processing unit 202 in the forwarding node 200-2 sends the processing target packet to the communication device 300-2, based on the action of the flow entry found in step S114 (step S115).
- Fig. 7 is a sequence diagram showing an example of the operation of the control server 100 when creating the ARP reply.
- control channel processing unit 101 requests the address resolution processing unit 104 to create the ARP reply to the ARP request (hereafter referred to as a processing target ARP request) received from the forwarding node via the control channel (step S121).
- the control channel processing unit 101 notifies the address resolution processing unit 104 of the processing target ARP request and information of the forwarding node and the port receiving the processing target ARP request, as parameters.
- the address resolution processing unit 104 in the control server 100 obtains the network identifier of the user network to which the communication device 300-1 which is the communication device sending the processing target ARP request belongs, with reference to the network information stored in the network information storage unit 106 (step S122).
- the address resolution processing unit 104 in the control server 100 then creates the ARP reply in which the network identifier obtained in step S122 is included in the MAC address as a result of resolution (resolved address), as the reply to the target processing ARP request (step S123).
- the created ARP reply includes a destination MAC address, a source MAC address, and a sender hardware address, a sender protocol address, a target hardware address, and a target protocol address which are information of the ARP reply, as shown below. The following shows an example of the created ARP reply.
- - Destination MAC address the MAC address of the communication device sending the ARP request -
- Source MAC address the network identifier obtained in step S122 -
- ARP opcode reply - ARP sender hardware address: the network identifier obtained in step S122 -
- ARP sender protocol address the target protocol address in the ARP request - ARP target hardware address: the sender hardware address in the ARP request - ARP target protocol address: the sender protocol address in the ARP request
- the address resolution processing unit 104 in the control server 100 may stop the processing for the processing target ARP request.
- the address resolution processing unit 104 in the control server 100 notifies the control channel processing unit 101 in the control server 100 of the ARP reply created in step S123 (step S124).
- Fig. 8 is a sequence diagram showing an example of the operation of the control server 100 when creating the flow entry.
- control channel processing unit 101 requests the flow entry creating unit 105 to create the flow entry corresponding to the processing target packet received from the forwarding node via the control channel (step S131).
- the control channel processing unit 101 notifies the flow entry creating unit 105 of the processing target packet and information of the forwarding node and the port receiving the processing target packet, as parameters.
- the flow entry creating unit 105 in the control server 100 computes the path of the processing target packet (step S132). It is assumed here that the path from the communication device 300-1 to the communication device 300-2 is computed as the communication device 300-1 -> the forwarding node 200-1 -> the forwarding node 200-2 -> the communication device 300-2.
- the flow entry creating unit 105 in the control server 100 obtains the network identifier of the user network to which the communication device sending the processing target packet belongs, with reference to the network information stored in the network information storage unit 106 (step S133).
- the flow entry creating unit 105 in the control server 100 obtains the MAC address (lower address) of the destination communication device of the processing target packet, with reference to the topology information stored in the topology information storage unit 107 (step S134).
- the flow entry creating unit 105 in the control server 100 then creates the flow entry to be added to each forwarding node on the path computed in step S132 (step S135).
- the flow entry creating unit 105 creates a separate flow entry for the last forwarding node on the path.
- the flow entry creating unit 105 creates a flow entry in which a process of changing the destination MAC address of the packet, in which the logical network identifier is set, to the MAC address of the destination communication device (the communication device 300-2 in this example) is defined as an action.
- the last forwarding node on the path can specify the communication device to which the packet is to be sent.
- the flow entry created by the flow entry creating unit 105 includes a matching rule and an action.
- the matching rule includes an input port, a destination MAC address, a source MAC address, a destination IP address, and a source IP address as shown below. The following shows an example of the matching rule created by the flow entry creating unit 105.
- - Input port the port connected to the immediately preceding forwarding node or communication device on the path - Destination MAC address: the network identifier obtained in step S133 - Source MAC address: the MAC address of the communication device sending the processing target packet - Destination IP address: the destination IP address of the processing target packet - Source IP address: the source IP address of the processing target packet
- the flow entry creating unit 105 may set any MAC address in the source MAC address in the matching rule. Likewise, in the case of aggregating flow entries, the flow entry creating unit 105 may set, in the destination IP address, an IP subnet to which the destination IP address of the processing target packet belongs, and set any IP address in the source IP address.
- the flow entry creating unit 105 also sets the process such as "changing a destination MAC address of a packet to a designated value" (this action is set only in the last forwarding node on the path) and "outputting a packet from a designated port", as the action.
- the flow entry creating unit 105 designates the MAC address of the destination communication device obtained in step S134, as the destination MAC address of the packet.
- the flow entry creating unit 105 also designates the port connected to the next forwarding node or communication device on the path, as the output port.
- the flow entry creating unit 105 notifies the control channel processing unit 101 of the flow entry created in step S135 (step S136).
- the flow entry is then added to the flow table in each forwarding node.
- An entry including a network identifier is created in an ARP cache in each communication device, and a packet including the network identifier is sent from the communication device.
- the forwarding processing unit 202 in each forwarding node can perform path control of the packet corresponding to the network identifier based on the added flow entry.
- Fig. 9 is an explanatory diagram showing an example of the flow table stored in the forwarding node.
- the flow table illustrated in Fig. 9 is an example of the flow table stored in each of the forwarding nodes 200-1 to 200-3 after the communication device 300-1 sends a packet to the communication device 300-2 and the communication device 300-3 sends a packet to the communication device 300-4.
- Fig. 9(A) shows an example of the flow table stored in the forwarding node 200-1
- Fig. 9(B) shows an example of the flow table stored in the forwarding node 200-2
- Fig. 9(C) shows an example of the flow table stored in the forwarding node 200-3.
- Fig. 10 is an explanatory diagram showing an example of the ARP cache entry stored in the communication device.
- the ARP cache entry illustrated in Fig. 10 is an example of the ARP cache entry stored in each of the communication devices 300-1 and 300-3 after an ARP reply.
- Fig. 10(A) shows an example of the ARP cache stored in the communication device 300-1
- Fig. 10(B) shows an example of the ARP cache stored in the communication device 300-3.
- each communication device Upon receiving the ARP reply, each communication device stores the combination of the IP address and the MAC address of the destination communication device, in a memory (not shown) or the like.
- the target of IP address resolution by ARP processing is not limited to the communication device 300-2 which is the destination of the packet.
- the target of IP address resolution may be a communication device that forwards the packet received from the communication device 300-1 to another device, such as a default router set in the communication device 300-1.
- ARP processing performed in this case is the same as the above-mentioned processing.
- the address resolution processing unit 104 in the control server 100 in response to the interlayer address resolution request from the communication device 300-1, the address resolution processing unit 104 in the control server 100 returns the interlayer address resolution reply that includes the network identifier of the user network to which the communication device 300-1 belongs. That is, upon receiving the interlayer address resolution request from the forwarding node 200-1, the address resolution processing unit 104 in the control server 100 sets the logical network identifier of the logical network to which the communication device 300-1 belongs, in the resolved address in response to the request. This achieves efficient interlayer address resolution. In detail, according to Exemplary Embodiment 1, interlayer address resolution can be performed efficiently without broadcasting.
- the forwarding processing unit 202 in each of the forwarding nodes 200-1 to 200-3 uses a network identifier for identifying a flow in each user network. This enables multiplexing of a plurality of user network services that use overlapping address spaces. Since the network identifier is common to communication devices belonging to the user network, it is also possible to aggregate flow entries.
- Exemplary Embodiment 1 A variation of Exemplary Embodiment 1 is described below. Though the communication control system in Exemplary Embodiment 1 is described using an example where the control server 100 creates the ARP reply to the ARP request, the present invention is not limited to this.
- the forwarding nodes 200-1 to 200-3 may create the ARP reply to the ARP request. This can be achieved, for example, by including the structure corresponding to the network information management unit 102, the network information storage unit 106, and the address resolution processing unit 104 of the control server 100, in the forwarding nodes 200-1 to 200-3.
- Fig. 11 is a block diagram showing an example of a structure of the forwarding node in the variation of Exemplary Embodiment 1.
- the forwarding node in this variation includes the control channel processing unit 201, the forwarding processing unit 202, a network information management unit 102a, a network information storage unit 106a, and an address resolution processing unit 104a.
- the network information management unit 102a, the network information storage unit 106a, and the address resolution processing unit 104a are respectively the same as the network information management unit 102, the network information storage unit 106, and the address resolution processing unit 104 in Exemplary Embodiment 1.
- the network information stored in the network information storage unit 106a in each of the forwarding nodes 200-1 to 200-3 may be set statically or automatically.
- the network information management unit 102a may store the network information notified from the control server 100, in the network information storage unit 106a.
- any of the forwarding nodes 200-1 to 200-3 receives an ARP request whose corresponding flow entry does not exist from a communication device, the received ARP request is notified to the address resolution processing unit 104a in the forwarding node, instead of being sent to the control server 100 by the control channel processing unit 201.
- An ARP reply created by the address resolution processing unit 104a is then sent to the communication device sending the ARP request.
- Such a structure also enables path control using a network identifier.
- the address resolution processing unit 104a in the forwarding node 200-1 sets the logical network identifier of the logical network to which the communication device 300-1 belongs, in the resolved address in response to the request. According to such a structure, too, interlayer address resolution can be performed efficiently and, in the case of multiplexing a plurality of network services, flow entries indicating processes for packets can be aggregated.
- the control channel processing unit 201, the forwarding processing unit 202, the network information management unit 102a, and the address resolution processing unit 104a are realized by a CPU of a computer operating according to a program (communication control program).
- the control channel processing unit 201, the forwarding processing unit 202, the network information management unit 102a, and the address resolution processing unit 104a may be each realized by dedicated hardware.
- the communication control system in Exemplary Embodiment 1 is described using an example where the number of network identifiers of the user network to which the communication device belongs is one, the present invention is not limited to this.
- the number of network identifiers of the user network to which the communication device belongs may be more than one.
- information associating a plurality of network identifiers corresponding to one user network with a selection criterion for selecting a network identifier is stored in the network information storage unit 106 as the network information.
- the address resolution processing unit 104 selects the network identifier to be used as the resolved address, based on information included in the address resolution request, information indicating the communication device sending the address resolution request, and the selection criterion stored in the network information storage unit 106.
- the address resolution processing unit 104 can obtain an appropriate network identifier.
- the flow entry creating unit 105 may perform path computation in consideration of the network identifier relating to the processing target packet.
- the flow entry creating unit 105 may obtain the network identifier relating to the processing target packet using the network information in the network information storage unit 106, in the same manner as the address resolution processing unit 104.
- the flow entry creating unit 105 may obtain the network identifier relating to the processing target packet, from the destination lower layer address field in the processing target packet.
- the communication control system in Exemplary Embodiment 1 is described using an example where the number of user networks to which the communication device belongs is one, the present invention is not limited to this.
- the communication device may belong to a plurality of user networks.
- information associating a plurality of user networks corresponding to one communication device with a selection criterion for selecting a user network is stored in the network information storage unit 106 as the network information.
- the address resolution processing unit 104 selects the network identifier to be used as the resolved address, based on information included in the address resolution request, information indicating the communication device sending the address resolution request, and the selection criterion stored in the network information storage unit 106.
- the address resolution processing unit 104 can obtain an appropriate network identifier.
- Exemplary Embodiment 2 The following describes a communication control system in Exemplary Embodiment 2 of the present invention.
- a network identifier of a user network to which the communication device belongs is returned instead of an actual lower address indicating a communication device subjected to address resolution.
- an actual lower address of the device in communication is set.
- Exemplary Embodiment 2 describes a communication control system as a result of modifying Exemplary Embodiment 1 so as to allow communication with a communication device equipped with such a communication protocol stack or security software.
- the control server 100 in Exemplary Embodiment 2 has the structure and the function of the control server 100 in Exemplary Embodiment 1, and operates in the same way as the control server 100 in Exemplary Embodiment 1.
- the control server 100 in Exemplary Embodiment 2 differs from the control server 100 in Exemplary Embodiment 1, in the action of the flow entry to be added to the forwarding node connected to the destination communication device of the packet.
- the flow entry creating unit 105 in the control server 100 in Exemplary Embodiment 2 also sets an action of changing the source lower address of the packet to the network identifier of the user network to which the source communication device of the packet belongs, in the flow entry.
- steps S131 to S134 from when the flow entry creation request is received to when the MAC address of the destination communication device is obtained are the same as those in Exemplary Embodiment 1.
- the flow entry creating unit 105 in the control server 100 creates the flow entry based on the request received from the control channel processing unit 101 (step S135), and notifies the control channel processing unit 101 of the created flow entry (step S136).
- the flow entry creating unit 105 creates such a flow entry in which a process of changing the source address of the packet from the address of the source communication device (the communication device 300-1 in this example) to the logical network identifier of the logical network to which the communication device (the communication device 300-1) belongs is defined as an action.
- a mismatch between the lower layer address obtained by interlayer address resolution and the source lower address in the received packet can be eliminated.
- the flow entry created by the flow entry creating unit 105 includes a matching rule and an action, as in Exemplary Embodiment 1.
- the matching rule includes an input port, a destination MAC address, a source MAC address, a destination IP address, and a source IP address as shown below.
- the following shows an example of a matching rule of a flow entry created by the flow entry creating unit 105 as the flow entry to be added to the last forwarding node on the path computed in step S132.
- - Input port the port connected to the immediately preceding forwarding node or communication device on the path - Destination MAC address: the network identifier obtained in step S133 - Source MAC address: the MAC address of the communication device sending the processing target packet - Destination IP address: the destination IP address of the processing target packet - Source IP address: the source IP address of the processing target packet
- the flow entry creating unit 105 may set any MAC address in the source MAC address in the matching rule. Likewise, in the case of aggregating flow entries, the flow entry creating unit 105 may set, in the destination IP address, an IP subnet to which the destination IP address of the processing target packet belongs, and set any IP address in the source IP address.
- the flow entry creating unit 105 also sets the process such as "changing a destination MAC address of a packet to a designated value”, “changing a source MAC address of a packet to a designated value”, and “outputting a packet from a designated port”, as the action.
- the flow entry creating unit 105 designates the MAC address of the destination communication device obtained in step S134, as the destination MAC address of the packet.
- the flow entry creating unit 105 also designates the port connected to the next communication device on the path, as the output port.
- the flow entry creating unit 105 in Exemplary Embodiment 2 designates the network identifier obtained in step S133, as the source MAC address of the packet.
- Fig. 12 is an explanatory diagram showing an example of the flow table stored in the forwarding node.
- the flow table illustrated in Fig. 12 is an example of the flow table stored in each of the forwarding nodes 200-1 to 200-3 after the communication device 300-1 sends a packet to the communication device 300-2 and the communication device 300-3 sends a packet to the communication device 300-4.
- Fig. 12(A) shows an example of the flow table stored in the forwarding node 200-1
- Fig. 12(B) shows an example of the flow table stored in the forwarding node 200-2
- Fig. 12(C) shows an example of the flow table stored in the forwarding node 200-3.
- the flow table stored in the forwarding node 200-1 illustrated in Fig. 12(A) is the same as the flow table illustrated in Fig. 9(A).
- the flow table stored in the forwarding node 200-2 illustrated in Fig. 12(B) and the flow table stored in the forwarding node 200-3 illustrated in Fig. 12(C) differ respectively from the flow tables illustrated in Figs. 9(B) and 9(C), in that an action of changing a source MAC address of a packet is added.
- Exemplary Embodiment 2 of the present invention the same advantageous effects as in Exemplary Embodiment 1 can be attained even with a communication device that outputs a warning log or breaks communication in the case of a mismatch between the lower layer address obtained by interlayer address resolution and the source lower address in the received packet.
- Exemplary Embodiment 3 The following describes a communication control system in Exemplary Embodiment 3 of the present invention. Though an example where the control server 100 creates the reply to the interlayer resolution request is described in Exemplary Embodiment 1 as an example of a communication control system according to the present invention, the present invention is not limited to this.
- the forwarding nodes 200-1 to 200-3 may create the reply to the interlayer resolution request, instead of the control server 100.
- the control server 100 in Exemplary Embodiment 3 upon receiving the ARP request from any of the forwarding nodes 200-1 to 200-3, instructs the forwarding node sending the ARP request to add an action of a flow entry including a process of creating an ARP reply.
- the forwarding nodes 200-1 to 200-3 in Exemplary Embodiment 3 each perform a process of creating an ARP reply as an action of a flow entry.
- the difference of the communication control system in Exemplary Embodiment 3 from the communication control system in Exemplary Embodiment 1 is described below.
- Fig. 13 is a sequence diagram showing an example of an operation of the control server 100 when creating the ARP reply. Steps S121 to S122 from when the control channel processing unit 101 requests the address resolution processing unit 104 to create the ARP reply to when the address resolution processing unit 104 obtains the network identifier are the same as those illustrated in Fig. 7.
- the address resolution processing unit 104 in the control server 100 creates an ARP reply in which the network identifier obtained in step S122 is included in the MAC address as a result of resolution (resolved address), as the reply to the target processing ARP request (step S123).
- the flow entry creating unit 105 creates a flow entry for instructing the forwarding node to create and send an ARP reply in which the network identifier obtained in step S133 is included as the MAC address as a result of resolution (resolved address) (step S123').
- the flow entry created by the flow entry creating unit 105 includes a matching rule and an action, as in Exemplary Embodiment 1.
- the matching rule includes an input port, a destination MAC address, a source MAC address, a protocol type, information indicating an ARP request, and a target protocol address as shown below.
- the following shows an example of the matching rule of the flow entry created by the flow entry creating unit 105.
- ARP - Input port the port connected to the communication device sending the ARP request - Destination MAC address: a broadcast MAC address or any MAC address -
- Source MAC address the MAC address of the communication device sending the ARP request - Protocol type: ARP - ARP opcode: request - Target protocol address: any IP address
- the flow entry creating unit 105 also sets the process such as "creating an ARP reply in which a designated MAC address is included in a source MAC address and a sender hardware address field" and "outputting a packet from a designated port", as the action.
- the flow entry creating unit 105 designates the network identifier obtained in step S122, as the source MAC address and the value of the sender hardware address field.
- the flow entry creating unit 105 also designates the port connected to the communication device sending the ARP request, as the output port.
- the address resolution processing unit 104 notifies the control channel processing unit 101 of the ARP reply created in step S123 (step S124). Moreover, the flow entry creating unit 105 notifies the control channel processing unit 101 of the flow entry created in step S123' (step S124').
- Fig. 14 is a sequence diagram showing an example of the operation of the communication control system in Exemplary Embodiment 3. Steps S101 to S103 from when the communication device 300-1 sends the ARP request to when the forwarding node 200-1 sends the ARP request to the control server 100 are the same as steps S101 to S103 in Fig. 6. In step S104, steps S121 to S124' illustrated in Fig. 13 are performed.
- the control channel processing unit 101 in the control server 100 instructs the forwarding node 200-1 to send the ARP reply created in step S104 to the communication device 300-1, via the control channel (step S105).
- the control channel processing unit 101 in the control server 100 also instructs the forwarding node 200-1 to add the flow entry received in step S124' to the flow table (step S105').
- the forwarding processing unit 202 in the forwarding node 200-1 Upon receiving the ARP reply sent in step S105, the forwarding processing unit 202 in the forwarding node 200-1 sends the received ARP reply to the communication device 300-1 (step S106). The forwarding processing unit 202 in the forwarding node 200-1 also adds the flow entry received in step S124', to the flow table (step S106'). Subsequent steps S107 to S115 from when the communication device 300-1 sends the packet to when the communication device 300-2 receives the packet are the same as steps S107 to S115 in Fig. 6.
- Fig. 15 is a sequence diagram showing an example of the ARP reply operation of the forwarding node. It is assumed here that, before the operation illustrated in Fig. 15 starts, steps S123', S124', S105', and S106' mentioned above have been executed at least once.
- the communication device 300-1 sends an ARP request in which the IP address (target protocol address) subjected to resolution is the IP address of the communication device 300-2, to the forwarding node 200-1 (step S301).
- the forwarding processing unit 202 in the forwarding node 200-1 searches for a flow entry corresponding to the received ARP request (step S302). In this case, the flow entry corresponding to the received ARP request has been added in step S106', and so exists in the flow table.
- the forwarding processing unit 202 in the forwarding node 200-1 creates an ARP reply based on an action of the flow entry found in step S302 (step S303).
- the created ARP reply includes a destination MAC address, a source MAC address, and a sender hardware address, a sender protocol address, a target hardware address, and a target protocol address which are information of the ARP reply, as shown below.
- the following shows an example of the created ARP reply.
- - Destination MAC address the MAC address of the communication device sending the ARP request - Source MAC address: the value designated in the action of the flow entry - ARP opcode: reply - ARP sender hardware address: the value designated in the action of the flow entry - ARP sender protocol address: the target protocol address in the ARP request - ARP target hardware address: the sender hardware address in the ARP request - ARP target protocol address: the sender protocol address in the ARP request
- the network identifier (i.e. the value designated in step S123') of the user network to which the communication device sending the ARP request belongs is set in the source MAC address and the ARP sender hardware address.
- the forwarding processing unit 202 in the forwarding node 200-1 may stop the processing for the ARP request.
- the forwarding processing unit 202 in the forwarding node 200-1 sends the ARP reply created in step S303 to the communication device 300-1, based on the action of the flow entry found in step S302 (step S304).
- an advantageous effect of reducing the number of ARP requests and ARP replies communicated between the control server 100 and the forwarding nodes 200-1 to 200-3 can be attained in addition to the advantageous effects of Exemplary Embodiment 1.
- the communication control system in Exemplary Embodiment 3 is described using an example where the forwarding processing unit 202 in each forwarding node adds the flow entry corresponding to the ARP request to the flow table based on the reception of the ARP request, the present invention is not limited to this.
- the flow entry corresponding to the ARP request may be added to the flow table in each forwarding node beforehand, prior to the reception of the ARP request.
- control server 100 performs steps S122, S123, S123', S124, and S124' when a communication device is newly connected to a forwarding node. By doing so, the flow entry corresponding to the ARP request can be added to the flow table beforehand.
- Fig. 16 is a block diagram showing an example of a minimum structure of a communication control system according to the present invention.
- the communication control system according to the present invention comprises: a forwarding node 80 (e.g. the forwarding nodes 200-1 to 200-3) for holding a process rule (e.g. a flow entry) defining a feature of a packet and a process for the packet corresponding to the feature, and processing the packet received from another device based on the process rule; and a control server 90 (e.g. the control server 100) for controlling the process rule held in the forwarding node 80.
- a forwarding node 80 e.g. the forwarding nodes 200-1 to 200-3
- a process rule e.g. a flow entry
- the control server 90 includes: network information storage means 91 (e.g. the network information storage unit 106) for storing a logical network identifier which is an identifier of a logical network defined by setting of the forwarding node 80, and a correspondence relation between a device connected to the forwarding node 80 and the logical network; and address resolution means 92 (e.g. the address resolution processing unit 104) for, upon receiving from the forwarding node 80 an address resolution request (e.g. an ARP request) for a destination communication device (e.g. the communication device 300-2) which is a destination of the packet or a communication device (e.g. a default router) for forwarding the packet received from a source communication device (e.g.
- network information storage means 91 e.g. the network information storage unit 106
- address resolution means 92 e.g. the address resolution processing unit 104 for, upon receiving from the forwarding node 80 an address resolution request (e.g. an ARP request) for a destination communication device (e.
- the communication device 300-1 which is a source of the packet to another device, performing interlayer address resolution for the destination communication device or the communication device, and setting the logical network identifier of the logical network to which the source communication device belongs, in a resolved address (e.g. a MAC address included in an ARP reply) which is an address obtained as a result of the address resolution.
- a resolved address e.g. a MAC address included in an ARP reply
- interlayer address resolution can be performed efficiently and, in the case of multiplexing a plurality of network services, flow entries indicating processes for packets can be aggregated.
- the forwarding node may include: process rule storage means (e.g. the flow table storage unit 203) for storing the process rule; and packet processing means (e.g. the forwarding processing unit 202) for performing path control of the packet sent from the source communication device, based on the process rule, wherein the process rule storage means stores the logical network identifier, as the feature of the packet in the process rule, and wherein the packet processing means performs the path control of the packet corresponding to the logical network identifier, based on the process rule.
- process rule storage means e.g. the flow table storage unit 203
- packet processing means e.g. the forwarding processing unit 202 for performing path control of the packet sent from the source communication device, based on the process rule
- the process rule storage means stores the logical network identifier, as the feature of the packet in the process rule
- the packet processing means performs the path control of the packet corresponding to the logical network identifier, based on the process rule.
- the process rule storage means may store the process rule (e.g. the flow entry illustrated in Fig. 9) defining, as the process for the packet, a process of changing a destination address of the packet from the logical network identifier to an address of the destination communication device which is the destination of the packet, wherein the packet processing means changes the destination address of the received packet to the address of the destination communication device, based on the process rule.
- the process rule e.g. the flow entry illustrated in Fig. 9
- the process rule storage means may store the process rule (e.g. the flow entry illustrated in Fig. 12) defining, as the process for the packet, a process of changing a source address of the packet from an address of the source communication device to the logical network identifier of the logical network to which the source communication device belongs, wherein the packet processing means changes the source address of the received packet to the logical network identifier, based on the process rule.
- the process rule e.g. the flow entry illustrated in Fig. 12
- the address resolution means 92 may, upon receiving the address resolution request, create a process rule (e.g. the flow entry created in step S123') defining a process of creating an interlayer address resolution reply packet based on the address resolution request in response to the address resolution request and a process of sending the interlayer address resolution reply packet to the source communication device, and instructs the forwarding node 80 to set the created process rule, the interlayer address resolution reply packet being a packet in which the logical network identifier of the logical network to which the source communication device belongs is set in the resolved address.
- a process rule e.g. the flow entry created in step S123'
- Fig. 17 is a block diagram showing an example of a minimum structure of a control server according to the present invention.
- the control server illustrated in Fig. 17 is the same as the control server 90 illustrated in Fig. 16.
- FIG. 18 is a block diagram showing an example of a minimum structure of a forwarding node according to the present invention.
- a forwarding node 70 according to the present invention holds a process rule (e.g. a flow entry) defining a feature of a packet and a process for the packet corresponding to the feature, and processes the packet received from another device based on the process rule.
- a process rule e.g. a flow entry
- the forwarding node 70 comprises: network information storage means 71 (e.g. the network information storage unit 106a) for storing a logical network identifier which is an identifier of a logical network defined by setting of the forwarding node, and a correspondence relation between a device connected to the forwarding node and the logical network; and address resolution means 72 (e.g. the address resolution processing unit 104a) for, upon receiving, from a source communication device (e.g. the communication device 300-1) which is a source of the packet, an address resolution request (e.g. an ARP request) for a destination communication device (e.g. the communication device 300-2) which is a destination of the packet or a communication device (e.g.
- a default router for forwarding the packet received from the source communication device to another device, performing interlayer address resolution for the destination communication device or the communication device, and setting the logical network identifier of the logical network to which the source communication device belongs, in a resolved address which is an address obtained as a result of the address resolution.
- interlayer address resolution can be performed efficiently and, in the case of multiplexing a plurality of network services, flow entries indicating processes for packets can be aggregated.
- the present invention is preferably applied to a communication control system for performing centralized control of packet communication paths.
- control server 101 control channel processing unit 102, 102a network information management unit 103 topology information management unit 104, 104a address resolution processing unit 105 flow entry creating unit 106, 106a network information storage unit 107 topology information storage unit 200-1 to 200-3 forwarding node 201 control channel processing unit 202 forwarding processing unit 203 flow table storage unit 300-1 to 300-4 communication device 400 control network
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
1. The OpenFlow switch receives the packet.
2. The OpenFlow switch searches a flow entry list (flow table) set in the OpenFlow switch, for a flow entry including a packet matching rule that matches the received packet.
3. In the case where the flow entry is found in the flow table, the OpenFlow switch applies an action of the flow entry to the received packet, and ends the process.
4. In the case where the flow entry is not found in the flow table, the OpenFlow switch sends the received packet to the OpenFlow controller.
5. The OpenFlow controller determines a path and a process for the received packet, and instructs the OpenFlow switch to add the flow entry.
The following description is based on an assumption that two user networks 501 and 502 (not shown) using IP are serviced by the forwarding nodes 200-1 to 200-3. That is, the forwarding nodes 200-1 to 200-3 each perform a packet forwarding process and the like, for the two user networks 501 and 502. It is also assumed that the communication devices 300-1 and 300-2 belong to the user network 501 and the communication devices 300-3 and 300-4 belong to the user network 502, where the user networks 501 and 502 both use an IP address space "192.168.0.0/16". Hereafter, in description common to the forwarding nodes 200-1 to 200-3, each of the forwarding nodes 200-1 to 200-3 may be simply referred to as the forwarding node.
Fig. 2 is a block diagram showing an example of a structure of the
- Changing a destination MAC address of a packet to a designated value
- Changing a source MAC address of a packet to a designated value
- Changing a destination IP address of a packet to a designated value
- Changing a source IP address of a packet to a designated value
- Changing a destination port number of a packet to a designated value
- Changing a source port number of a packet to a designated value
- Adding a VLAN tag to a packet
- Deleting a VLAN tag in a packet
- Changing a VLAN tag in a packet
- Source MAC address: the network identifier obtained in step S122
- ARP opcode: reply
- ARP sender hardware address: the network identifier obtained in step S122
- ARP sender protocol address: the target protocol address in the ARP request
- ARP target hardware address: the sender hardware address in the ARP request
- ARP target protocol address: the sender protocol address in the ARP request
- Destination MAC address: the network identifier obtained in step S133
- Source MAC address: the MAC address of the communication device sending the processing target packet
- Destination IP address: the destination IP address of the processing target packet
- Source IP address: the source IP address of the processing target packet
The following describes a communication control system in Exemplary Embodiment 2 of the present invention.
As described above, in the communication control system according to the present invention, in response to an interlayer address resolution request sent from a communication device, a network identifier of a user network to which the communication device belongs is returned instead of an actual lower address indicating a communication device subjected to address resolution. Moreover, in the communication control system in
- Destination MAC address: the network identifier obtained in step S133
- Source MAC address: the MAC address of the communication device sending the processing target packet
- Destination IP address: the destination IP address of the processing target packet
- Source IP address: the source IP address of the processing target packet
The following describes a communication control system in
- Destination MAC address: a broadcast MAC address or any MAC address
- Source MAC address: the MAC address of the communication device sending the ARP request
- Protocol type: ARP
- ARP opcode: request
- Target protocol address: any IP address
- Source MAC address: the value designated in the action of the flow entry
- ARP opcode: reply
- ARP sender hardware address: the value designated in the action of the flow entry
- ARP sender protocol address: the target protocol address in the ARP request
- ARP target hardware address: the sender hardware address in the ARP request
- ARP target protocol address: the sender protocol address in the ARP request
101 control channel processing unit
102, 102a network information management unit
103 topology information management unit
104, 104a address resolution processing unit
105 flow entry creating unit
106, 106a network information storage unit
107 topology information storage unit
200-1 to 200-3 forwarding node
201 control channel processing unit
202 forwarding processing unit
203 flow table storage unit
300-1 to 300-4 communication device
400 control network
Claims (10)
- A communication control system comprising:
a forwarding node for holding a process rule defining a feature of a packet and a process for the packet corresponding to the feature, and processing the packet received from another device based on the process rule; and
a control server for controlling the process rule held in the forwarding node,
wherein the control server includes:
network information storage means for storing a logical network identifier which is an identifier of a logical network defined by setting of the forwarding node, and a correspondence relation between a device connected to the forwarding node and the logical network; and
address resolution means for, upon receiving from the forwarding node an address resolution request for a destination communication device which is a destination of the packet or a communication device for forwarding the packet received from a source communication device which is a source of the packet to another device, performing interlayer address resolution for the destination communication device or the communication device, and setting the logical network identifier of the logical network to which the source communication device belongs, in a resolved address which is an address obtained as a result of the address resolution. - The communication control system according to claim 1, wherein the forwarding node includes:
process rule storage means for storing the process rule; and
packet processing means for performing path control of the packet sent from the source communication device, based on the process rule,
wherein the process rule storage means stores the logical network identifier, as the feature of the packet in the process rule, and
wherein the packet processing means performs the path control of the packet corresponding to the logical network identifier, based on the process rule. - The communication control system according to claim 2, wherein the process rule storage means stores the process rule defining, as the process for the packet, a process of changing a destination address of the packet from the logical network identifier to an address of the destination communication device which is the destination of the packet, and
wherein the packet processing means changes the destination address of the received packet to the address of the destination communication device, based on the process rule. - The communication control system according to claim 2 or 3, wherein the process rule storage means stores the process rule defining, as the process for the packet, a process of changing a source address of the packet from an address of the source communication device to the logical network identifier of the logical network to which the source communication device belongs, and
wherein the packet processing means changes the source address of the received packet to the logical network identifier, based on the process rule. - The communication control system according to any one of claims 1 to 4, wherein upon receiving the address resolution request, the address resolution means creates a process rule defining a process of creating an interlayer address resolution reply packet based on the address resolution request in response to the address resolution request and a process of sending the interlayer address resolution reply packet to the source communication device, and instructs the forwarding node to set the created process rule, the interlayer address resolution reply packet being a packet in which the logical network identifier of the logical network to which the source communication device belongs is set in the resolved address.
- A control server for controlling a process rule that is held in a forwarding node for processing a packet received from another device based on the process rule and that defines a feature of the packet and a process for the packet corresponding to the feature, the control server comprising:
network information storage means for storing a logical network identifier which is an identifier of a logical network defined by setting of the forwarding node, and a correspondence relation between a device connected to the forwarding node and the logical network; and
address resolution means for, upon receiving from the forwarding node an address resolution request for a destination communication device which is a destination of the packet or a communication device for forwarding the packet received from a source communication device which is a source of the packet to another device, performing interlayer address resolution for the destination communication device or the communication device, and setting the logical network identifier of the logical network to which the source communication device belongs, in a resolved address which is an address obtained as a result of the address resolution. - A forwarding node for holding a process rule defining a feature of a packet and a process for the packet corresponding to the feature, and processing the packet received from another device based on the process rule, the forwarding node comprising:
network information storage means for storing a logical network identifier which is an identifier of a logical network defined by setting of the forwarding node, and a correspondence relation between a device connected to the forwarding node and the logical network; and
address resolution means for, upon receiving, from a source communication device which is a source of the packet, an address resolution request for a destination communication device which is a destination of the packet or a communication device for forwarding the packet received from the source communication device to another device, performing interlayer address resolution for the destination communication device or the communication device, and setting the logical network identifier of the logical network to which the source communication device belongs, in a resolved address which is an address obtained as a result of the address resolution. - A communication control method, wherein a control server including network information storage means for storing: a logical network identifier which is an identifier of a logical network defined by setting of a forwarding node for processing a packet received from another device based on a process rule defining a feature of the packet and a process for the packet corresponding to the feature; and a correspondence relation between a device connected to the forwarding node and the logical network performs, upon receiving from the forwarding node an address resolution request for a destination communication device which is a destination of the packet or a communication device for forwarding the packet received from a source communication device which is a source of the packet to another device, interlayer address resolution for the destination communication device or the communication device, and
wherein the control server sets the logical network identifier of the logical network to which the source communication device belongs, in a resolved address which is an address obtained as a result of the address resolution. - A communication control program applied to a computer for controlling a process rule that is held in a forwarding node for processing a packet received from another device based on the process rule and that defines a feature of the packet and a process for the packet corresponding to the feature, the computer including network information storage means for storing a logical network identifier which is an identifier of a logical network defined by setting of the forwarding node, and a correspondence relation between a device connected to the forwarding node and the logical network, the communication control program causing the computer to execute
an address resolution process of, upon receiving from the forwarding node an address resolution request for a destination communication device which is a destination of the packet or a communication device for forwarding the packet received from a source communication device which is a source of the packet to another device, performing interlayer address resolution for the destination communication device or the communication device, and setting the logical network identifier of the logical network to which the source communication device belongs, in a resolved address which is an address obtained as a result of the address resolution. - A communication control program applied to a computer for holding a process rule defining a feature of a packet and a process for the packet corresponding to the feature, a logical network identifier which is an identifier of a logical network defined by setting of the computer, and a correspondence relation between a device connected to the computer and the logical network, and processing the packet received from another device based on the process rule, the communication control program causing the computer to execute
an address resolution process of, upon receiving, from a source communication device which is a source of the packet, an address resolution request for a destination communication device which is a destination of the packet or a communication device for forwarding the packet received from the source communication device to another device, performing interlayer address resolution for the destination communication device or the communication device, and setting the logical network identifier of the logical network to which the source communication device belongs, in a resolved address which is an address obtained as a result of the address resolution.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/990,033 US9379975B2 (en) | 2011-01-05 | 2011-10-24 | Communication control system, control server, forwarding node, communication control method, and communication control program |
JP2013519291A JP5874726B2 (en) | 2011-01-05 | 2011-10-24 | Communication control system, control server, transfer node, communication control method, and communication control program |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2011000738 | 2011-01-05 | ||
JP2011-000738 | 2011-01-05 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2012093429A1 true WO2012093429A1 (en) | 2012-07-12 |
Family
ID=44625365
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2011/005928 WO2012093429A1 (en) | 2011-01-05 | 2011-10-24 | Communication control system, control server, forwarding node, communication control method, and communication control program |
Country Status (3)
Country | Link |
---|---|
US (1) | US9379975B2 (en) |
JP (1) | JP5874726B2 (en) |
WO (1) | WO2012093429A1 (en) |
Cited By (68)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2012175394A (en) * | 2011-02-21 | 2012-09-10 | Nippon Telegr & Teleph Corp <Ntt> | Flow switch, flow control system and flow control method |
JP2014053758A (en) * | 2012-09-07 | 2014-03-20 | Nippon Telegr & Teleph Corp <Ntt> | Network control device and network control method |
CN104092684A (en) * | 2014-07-07 | 2014-10-08 | 杭州华三通信技术有限公司 | Method and device for supporting VPN based on OpenFlow protocol |
WO2015006354A1 (en) * | 2013-07-09 | 2015-01-15 | Nicira, Inc. | Using headerspace analysis to identify flow entry reachability |
JP2015070425A (en) * | 2013-09-27 | 2015-04-13 | Kddi株式会社 | Link quality measurement device and flow entry aggregation method and program therefor |
US9049153B2 (en) | 2010-07-06 | 2015-06-02 | Nicira, Inc. | Logical packet processing pipeline that retains state information to effectuate efficient processing of packets |
US20150172098A1 (en) * | 2012-01-26 | 2015-06-18 | Brocade Communications Systems, Inc. | Link aggregation in software-defined networks |
US9137107B2 (en) | 2011-10-25 | 2015-09-15 | Nicira, Inc. | Physical controllers for converting universal flows |
JP2015529434A (en) * | 2012-09-27 | 2015-10-05 | ヒューレット−パッカード デベロップメント カンパニー エル.ピー.Hewlett‐Packard Development Company, L.P. | Send specific traffic along a blocked link |
US9154433B2 (en) | 2011-10-25 | 2015-10-06 | Nicira, Inc. | Physical controller |
CN104995878A (en) * | 2013-12-31 | 2015-10-21 | 华为技术有限公司 | Message transmission method, apparatus and communication system |
US9203701B2 (en) | 2011-10-25 | 2015-12-01 | Nicira, Inc. | Network virtualization apparatus and method with scheduling capabilities |
CN105144652A (en) * | 2013-01-24 | 2015-12-09 | 惠普发展公司,有限责任合伙企业 | Address resolution in software-defined networks |
US9288104B2 (en) | 2011-10-25 | 2016-03-15 | Nicira, Inc. | Chassis controllers for converting universal flows |
US20160127977A1 (en) * | 2013-03-15 | 2016-05-05 | Facebook, Inc. | Single frequency data network |
EP3073698A4 (en) * | 2013-12-13 | 2016-11-23 | Huawei Tech Co Ltd | Method for processing address resolution protocol message, forwarder and controller |
US9525647B2 (en) | 2010-07-06 | 2016-12-20 | Nicira, Inc. | Network control apparatus and method for creating and modifying logical switching elements |
US9531676B2 (en) | 2013-08-26 | 2016-12-27 | Nicira, Inc. | Proxy methods for suppressing broadcast traffic in a network |
US9575782B2 (en) | 2013-10-13 | 2017-02-21 | Nicira, Inc. | ARP for logical router |
US9680750B2 (en) | 2010-07-06 | 2017-06-13 | Nicira, Inc. | Use of tunnels to hide network addresses |
US9742693B2 (en) | 2012-02-27 | 2017-08-22 | Brocade Communications Systems, Inc. | Dynamic service insertion in a fabric switch |
US9769016B2 (en) | 2010-06-07 | 2017-09-19 | Brocade Communications Systems, Inc. | Advanced link tracking for virtual cluster switching |
US9800471B2 (en) | 2014-05-13 | 2017-10-24 | Brocade Communications Systems, Inc. | Network extension groups of global VLANs in a fabric switch |
US9806949B2 (en) | 2013-09-06 | 2017-10-31 | Brocade Communications Systems, Inc. | Transparent interconnection of Ethernet fabric switches |
US9807007B2 (en) | 2014-08-11 | 2017-10-31 | Brocade Communications Systems, Inc. | Progressive MAC address learning |
US9806906B2 (en) | 2010-06-08 | 2017-10-31 | Brocade Communications Systems, Inc. | Flooding packets on a per-virtual-network basis |
US9807031B2 (en) | 2010-07-16 | 2017-10-31 | Brocade Communications Systems, Inc. | System and method for network configuration |
US9807017B2 (en) | 2013-01-11 | 2017-10-31 | Brocade Communications Systems, Inc. | Multicast traffic load balancing over virtual link aggregation |
US9807005B2 (en) | 2015-03-17 | 2017-10-31 | Brocade Communications Systems, Inc. | Multi-fabric manager |
US9848040B2 (en) | 2010-06-07 | 2017-12-19 | Brocade Communications Systems, Inc. | Name services for virtual cluster switching |
US9871676B2 (en) | 2013-03-15 | 2018-01-16 | Brocade Communications Systems LLC | Scalable gateways for a fabric switch |
US9887916B2 (en) | 2012-03-22 | 2018-02-06 | Brocade Communications Systems LLC | Overlay tunnel in a fabric switch |
US9912612B2 (en) | 2013-10-28 | 2018-03-06 | Brocade Communications Systems LLC | Extended ethernet fabric switches |
US9912614B2 (en) | 2015-12-07 | 2018-03-06 | Brocade Communications Systems LLC | Interconnection of switches based on hierarchical overlay tunneling |
US9942173B2 (en) | 2010-05-28 | 2018-04-10 | Brocade Communications System Llc | Distributed configuration management for virtual cluster switching |
US9942097B2 (en) | 2015-01-05 | 2018-04-10 | Brocade Communications Systems LLC | Power management in a network of interconnected switches |
US9998365B2 (en) | 2012-05-18 | 2018-06-12 | Brocade Communications Systems, LLC | Network feedback in software-defined networks |
US10003552B2 (en) | 2015-01-05 | 2018-06-19 | Brocade Communications Systems, Llc. | Distributed bidirectional forwarding detection protocol (D-BFD) for cluster of interconnected switches |
US10033579B2 (en) | 2012-04-18 | 2018-07-24 | Nicira, Inc. | Using transactions to compute and propagate network forwarding state |
US10038592B2 (en) | 2015-03-17 | 2018-07-31 | Brocade Communications Systems LLC | Identifier assignment to a new switch in a switch group |
US10044676B2 (en) | 2015-04-03 | 2018-08-07 | Nicira, Inc. | Using headerspace analysis to identify unneeded distributed firewall rules |
US10063473B2 (en) | 2014-04-30 | 2018-08-28 | Brocade Communications Systems LLC | Method and system for facilitating switch virtualization in a network of interconnected switches |
US10075394B2 (en) | 2012-11-16 | 2018-09-11 | Brocade Communications Systems LLC | Virtual link aggregations across multiple fabric switches |
US10103939B2 (en) | 2010-07-06 | 2018-10-16 | Nicira, Inc. | Network control apparatus and method for populating logical datapath sets |
US10164883B2 (en) | 2011-11-10 | 2018-12-25 | Avago Technologies International Sales Pte. Limited | System and method for flow management in software-defined networks |
US10171303B2 (en) | 2015-09-16 | 2019-01-01 | Avago Technologies International Sales Pte. Limited | IP-based interconnection of switches with a logical chassis |
US10204122B2 (en) | 2015-09-30 | 2019-02-12 | Nicira, Inc. | Implementing an interface between tuple and message-driven control entities |
US10225184B2 (en) | 2015-06-30 | 2019-03-05 | Nicira, Inc. | Redirecting traffic in a virtual distributed router environment |
US10237090B2 (en) | 2016-10-28 | 2019-03-19 | Avago Technologies International Sales Pte. Limited | Rule-based network identifier mapping |
US10250443B2 (en) | 2014-09-30 | 2019-04-02 | Nicira, Inc. | Using physical location to modify behavior of a distributed virtual network element |
US10277464B2 (en) | 2012-05-22 | 2019-04-30 | Arris Enterprises Llc | Client auto-configuration in a multi-switch link aggregation |
US10355879B2 (en) | 2014-02-10 | 2019-07-16 | Avago Technologies International Sales Pte. Limited | Virtual extensible LAN tunnel keepalives |
US10374827B2 (en) | 2017-11-14 | 2019-08-06 | Nicira, Inc. | Identifier that maps to different networks at different datacenters |
US10439929B2 (en) | 2015-07-31 | 2019-10-08 | Avago Technologies International Sales Pte. Limited | Graceful recovery of a multicast-enabled switch |
US10462049B2 (en) | 2013-03-01 | 2019-10-29 | Avago Technologies International Sales Pte. Limited | Spanning tree in fabric switches |
US10476698B2 (en) | 2014-03-20 | 2019-11-12 | Avago Technologies International Sales Pte. Limited | Redundent virtual link aggregation group |
US10511459B2 (en) | 2017-11-14 | 2019-12-17 | Nicira, Inc. | Selection of managed forwarding element for bridge spanning multiple datacenters |
US10511458B2 (en) | 2014-09-30 | 2019-12-17 | Nicira, Inc. | Virtual distributed bridging |
US10581758B2 (en) | 2014-03-19 | 2020-03-03 | Avago Technologies International Sales Pte. Limited | Distributed hot standby links for vLAG |
US10579406B2 (en) | 2015-04-08 | 2020-03-03 | Avago Technologies International Sales Pte. Limited | Dynamic orchestration of overlay tunnels |
US10587479B2 (en) | 2017-04-02 | 2020-03-10 | Nicira, Inc. | GUI for analysis of logical network modifications |
US10616108B2 (en) | 2014-07-29 | 2020-04-07 | Avago Technologies International Sales Pte. Limited | Scalable MAC address virtualization |
US10673703B2 (en) | 2010-05-03 | 2020-06-02 | Avago Technologies International Sales Pte. Limited | Fabric switching |
US11019167B2 (en) | 2016-04-29 | 2021-05-25 | Nicira, Inc. | Management of update queues for network controller |
US11190443B2 (en) | 2014-03-27 | 2021-11-30 | Nicira, Inc. | Address resolution using multiple designated instances of a logical router |
US11496437B2 (en) | 2020-04-06 | 2022-11-08 | Vmware, Inc. | Selective ARP proxy |
US11805101B2 (en) | 2021-04-06 | 2023-10-31 | Vmware, Inc. | Secured suppression of address discovery messages |
US12081395B2 (en) | 2021-08-24 | 2024-09-03 | VMware LLC | Formal verification of network changes |
Families Citing this family (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP5812108B2 (en) | 2011-04-18 | 2015-11-11 | 日本電気株式会社 | Terminal, control apparatus, communication method, communication system, communication module, program, and information processing apparatus |
US9203748B2 (en) * | 2012-12-24 | 2015-12-01 | Huawei Technologies Co., Ltd. | Software defined network-based data processing method, node, and system |
CN103067277B (en) * | 2013-01-06 | 2016-06-22 | 华为技术有限公司 | Set up and control the method for passage, forwarding unit and control equipment |
WO2015047325A1 (en) * | 2013-09-27 | 2015-04-02 | Hewlett-Packard Development Company, L.P. | Forwarded log lines |
JP6260285B2 (en) * | 2014-01-10 | 2018-01-17 | 富士通株式会社 | Control device and transfer control method |
US20170171050A1 (en) * | 2014-02-16 | 2017-06-15 | B.G. Negev Technologies and Application Ltd., at Ben-Gurion University | A system and method for integrating legacy flow-monitoring systems with sdn networks |
WO2015136585A1 (en) * | 2014-03-14 | 2015-09-17 | 日本電気株式会社 | Control apparatus, control method and control program |
KR102262183B1 (en) * | 2014-04-04 | 2021-06-07 | 뉴라컴 인코포레이티드 | Acknowledgement method and multi user transmission method |
EP3166265B1 (en) | 2014-08-06 | 2019-10-02 | Huawei Technologies Co., Ltd. | Method, apparatus and system for processing data packet in software defined network (sdn) |
US10374833B2 (en) | 2014-12-03 | 2019-08-06 | Hewlett Packard Enterprise Development Lp | Modifying an address to forward a packet to a service function |
US9979645B2 (en) * | 2015-01-14 | 2018-05-22 | Futurewei Technologies, Inc. | Hardware and software methodologies for creating and managing portable service function chains |
KR20160095554A (en) * | 2015-02-03 | 2016-08-11 | 한국전자통신연구원 | Physical address determination apparatus based SDN and method therefor |
US9929968B2 (en) * | 2015-03-19 | 2018-03-27 | Oracle International Corporation | Inter-layer communication of events between TCP layer and higher layers when implemented in different concurrent execution entities |
JP6371321B2 (en) * | 2016-02-26 | 2018-08-08 | 日本電信電話株式会社 | COMMUNICATION SYSTEM AND PACKET TRANSFER METHOD |
US11128566B2 (en) | 2016-04-27 | 2021-09-21 | Nec Corporation | Method for controlling a network |
CN107332812B (en) * | 2016-04-29 | 2020-07-07 | 新华三技术有限公司 | Method and device for realizing network access control |
US10164910B2 (en) * | 2016-07-13 | 2018-12-25 | Futurewei Technologies, Inc. | Method and apparatus for an information-centric MAC layer |
US11362925B2 (en) * | 2017-06-01 | 2022-06-14 | Telefonaktiebolaget Lm Ericsson (Publ) | Optimizing service node monitoring in SDN |
DE102018116339B4 (en) * | 2018-07-05 | 2021-11-11 | Auma Riester Gmbh & Co. Kg | Actuator |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2010103909A1 (en) * | 2009-03-09 | 2010-09-16 | 日本電気株式会社 | OpenFlow COMMUNICATION SYSTEM AND OpenFlow COMMUNICATION METHOD |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1051000B1 (en) * | 1999-03-25 | 2014-05-07 | Canon Kabushiki Kaisha | Method and device for allocating at least one routing identifier to at least one bridge in a network |
JP3679336B2 (en) | 2001-02-22 | 2005-08-03 | 日本電信電話株式会社 | Packet routing method |
US7027582B2 (en) * | 2001-07-06 | 2006-04-11 | Telefonaktiebolaget L M Ericsson (Publ) | Method and apparatus for resolving an entity identifier into an internet address using a domain name system (DNS) server and an entity identifier portability database |
US20060182124A1 (en) * | 2005-02-15 | 2006-08-17 | Sytex, Inc. | Cipher Key Exchange Methodology |
JP4523615B2 (en) | 2007-03-28 | 2010-08-11 | 株式会社日立製作所 | Packet transfer apparatus having flow detection function and flow management method |
JP5157533B2 (en) | 2008-03-05 | 2013-03-06 | 富士通株式会社 | Network management apparatus, network management method, and network management program |
-
2011
- 2011-10-24 US US13/990,033 patent/US9379975B2/en active Active
- 2011-10-24 JP JP2013519291A patent/JP5874726B2/en not_active Expired - Fee Related
- 2011-10-24 WO PCT/JP2011/005928 patent/WO2012093429A1/en active Application Filing
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2010103909A1 (en) * | 2009-03-09 | 2010-09-16 | 日本電気株式会社 | OpenFlow COMMUNICATION SYSTEM AND OpenFlow COMMUNICATION METHOD |
Non-Patent Citations (1)
Title |
---|
HIROSHI UENO ET AL.: "A Study on Deployment of Network Appliance Functionalities in Datacenter Network", IEICE TECHNICAL REPORT, vol. 109, no. 296, 13 November 2009 (2009-11-13), pages 7 - 12 * |
Cited By (142)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10673703B2 (en) | 2010-05-03 | 2020-06-02 | Avago Technologies International Sales Pte. Limited | Fabric switching |
US9942173B2 (en) | 2010-05-28 | 2018-04-10 | Brocade Communications System Llc | Distributed configuration management for virtual cluster switching |
US9769016B2 (en) | 2010-06-07 | 2017-09-19 | Brocade Communications Systems, Inc. | Advanced link tracking for virtual cluster switching |
US10924333B2 (en) | 2010-06-07 | 2021-02-16 | Avago Technologies International Sales Pte. Limited | Advanced link tracking for virtual cluster switching |
US11438219B2 (en) | 2010-06-07 | 2022-09-06 | Avago Technologies International Sales Pte. Limited | Advanced link tracking for virtual cluster switching |
US10419276B2 (en) | 2010-06-07 | 2019-09-17 | Avago Technologies International Sales Pte. Limited | Advanced link tracking for virtual cluster switching |
US11757705B2 (en) | 2010-06-07 | 2023-09-12 | Avago Technologies International Sales Pte. Limited | Advanced link tracking for virtual cluster switching |
US9848040B2 (en) | 2010-06-07 | 2017-12-19 | Brocade Communications Systems, Inc. | Name services for virtual cluster switching |
US9806906B2 (en) | 2010-06-08 | 2017-10-31 | Brocade Communications Systems, Inc. | Flooding packets on a per-virtual-network basis |
US10326660B2 (en) | 2010-07-06 | 2019-06-18 | Nicira, Inc. | Network virtualization apparatus and method |
US9049153B2 (en) | 2010-07-06 | 2015-06-02 | Nicira, Inc. | Logical packet processing pipeline that retains state information to effectuate efficient processing of packets |
US11223531B2 (en) | 2010-07-06 | 2022-01-11 | Nicira, Inc. | Method and apparatus for interacting with a network information base in a distributed network control system with multiple controller instances |
US10686663B2 (en) | 2010-07-06 | 2020-06-16 | Nicira, Inc. | Managed switch architectures: software managed switches, hardware managed switches, and heterogeneous managed switches |
US11509564B2 (en) | 2010-07-06 | 2022-11-22 | Nicira, Inc. | Method and apparatus for replicating network information base in a distributed network control system with multiple controller instances |
US9231891B2 (en) | 2010-07-06 | 2016-01-05 | Nicira, Inc. | Deployment of hierarchical managed switching elements |
US11539591B2 (en) | 2010-07-06 | 2022-12-27 | Nicira, Inc. | Distributed network control system with one master controller per logical datapath set |
US11641321B2 (en) | 2010-07-06 | 2023-05-02 | Nicira, Inc. | Packet processing for logical datapath sets |
US11677588B2 (en) | 2010-07-06 | 2023-06-13 | Nicira, Inc. | Network control apparatus and method for creating and modifying logical switching elements |
US9692655B2 (en) | 2010-07-06 | 2017-06-27 | Nicira, Inc. | Packet processing in a network with hierarchical managed switching elements |
US10320585B2 (en) | 2010-07-06 | 2019-06-11 | Nicira, Inc. | Network control apparatus and method for creating and modifying logical switching elements |
US9300603B2 (en) | 2010-07-06 | 2016-03-29 | Nicira, Inc. | Use of rich context tags in logical data processing |
US11743123B2 (en) | 2010-07-06 | 2023-08-29 | Nicira, Inc. | Managed switch architectures: software managed switches, hardware managed switches, and heterogeneous managed switches |
US9680750B2 (en) | 2010-07-06 | 2017-06-13 | Nicira, Inc. | Use of tunnels to hide network addresses |
US11876679B2 (en) | 2010-07-06 | 2024-01-16 | Nicira, Inc. | Method and apparatus for interacting with a network information base in a distributed network control system with multiple controller instances |
US10103939B2 (en) | 2010-07-06 | 2018-10-16 | Nicira, Inc. | Network control apparatus and method for populating logical datapath sets |
US11979280B2 (en) | 2010-07-06 | 2024-05-07 | Nicira, Inc. | Network control apparatus and method for populating logical datapath sets |
US9391928B2 (en) | 2010-07-06 | 2016-07-12 | Nicira, Inc. | Method and apparatus for interacting with a network information base in a distributed network control system with multiple controller instances |
US9106587B2 (en) | 2010-07-06 | 2015-08-11 | Nicira, Inc. | Distributed network control system with one master controller per managed switching element |
US10038597B2 (en) | 2010-07-06 | 2018-07-31 | Nicira, Inc. | Mesh architectures for managed switching elements |
US10021019B2 (en) | 2010-07-06 | 2018-07-10 | Nicira, Inc. | Packet processing for logical datapath sets |
US12028215B2 (en) | 2010-07-06 | 2024-07-02 | Nicira, Inc. | Distributed network control system with one master controller per logical datapath set |
US9525647B2 (en) | 2010-07-06 | 2016-12-20 | Nicira, Inc. | Network control apparatus and method for creating and modifying logical switching elements |
US9807031B2 (en) | 2010-07-16 | 2017-10-31 | Brocade Communications Systems, Inc. | System and method for network configuration |
US10348643B2 (en) | 2010-07-16 | 2019-07-09 | Avago Technologies International Sales Pte. Limited | System and method for network configuration |
JP2012175394A (en) * | 2011-02-21 | 2012-09-10 | Nippon Telegr & Teleph Corp <Ntt> | Flow switch, flow control system and flow control method |
US9602421B2 (en) | 2011-10-25 | 2017-03-21 | Nicira, Inc. | Nesting transaction updates to minimize communication |
US9319337B2 (en) | 2011-10-25 | 2016-04-19 | Nicira, Inc. | Universal physical control plane |
US9954793B2 (en) | 2011-10-25 | 2018-04-24 | Nicira, Inc. | Chassis controller |
US10505856B2 (en) | 2011-10-25 | 2019-12-10 | Nicira, Inc. | Chassis controller |
US9407566B2 (en) | 2011-10-25 | 2016-08-02 | Nicira, Inc. | Distributed network control system |
US9154433B2 (en) | 2011-10-25 | 2015-10-06 | Nicira, Inc. | Physical controller |
US9319336B2 (en) | 2011-10-25 | 2016-04-19 | Nicira, Inc. | Scheduling distribution of logical control plane data |
US9231882B2 (en) | 2011-10-25 | 2016-01-05 | Nicira, Inc. | Maintaining quality of service in shared forwarding elements managed by a network control system |
US9246833B2 (en) | 2011-10-25 | 2016-01-26 | Nicira, Inc. | Pull-based state dissemination between managed forwarding elements |
US11669488B2 (en) | 2011-10-25 | 2023-06-06 | Nicira, Inc. | Chassis controller |
US9253109B2 (en) | 2011-10-25 | 2016-02-02 | Nicira, Inc. | Communication channel for distributed network control system |
US9288104B2 (en) | 2011-10-25 | 2016-03-15 | Nicira, Inc. | Chassis controllers for converting universal flows |
US9300593B2 (en) | 2011-10-25 | 2016-03-29 | Nicira, Inc. | Scheduling distribution of logical forwarding plane data |
US9306864B2 (en) | 2011-10-25 | 2016-04-05 | Nicira, Inc. | Scheduling distribution of physical control plane data |
US9137107B2 (en) | 2011-10-25 | 2015-09-15 | Nicira, Inc. | Physical controllers for converting universal flows |
US9319338B2 (en) | 2011-10-25 | 2016-04-19 | Nicira, Inc. | Tunnel creation |
US9203701B2 (en) | 2011-10-25 | 2015-12-01 | Nicira, Inc. | Network virtualization apparatus and method with scheduling capabilities |
US10164883B2 (en) | 2011-11-10 | 2018-12-25 | Avago Technologies International Sales Pte. Limited | System and method for flow management in software-defined networks |
US9729387B2 (en) * | 2012-01-26 | 2017-08-08 | Brocade Communications Systems, Inc. | Link aggregation in software-defined networks |
US20150172098A1 (en) * | 2012-01-26 | 2015-06-18 | Brocade Communications Systems, Inc. | Link aggregation in software-defined networks |
US9742693B2 (en) | 2012-02-27 | 2017-08-22 | Brocade Communications Systems, Inc. | Dynamic service insertion in a fabric switch |
US9887916B2 (en) | 2012-03-22 | 2018-02-06 | Brocade Communications Systems LLC | Overlay tunnel in a fabric switch |
US10135676B2 (en) | 2012-04-18 | 2018-11-20 | Nicira, Inc. | Using transactions to minimize churn in a distributed network control system |
US10033579B2 (en) | 2012-04-18 | 2018-07-24 | Nicira, Inc. | Using transactions to compute and propagate network forwarding state |
US9998365B2 (en) | 2012-05-18 | 2018-06-12 | Brocade Communications Systems, LLC | Network feedback in software-defined networks |
US10277464B2 (en) | 2012-05-22 | 2019-04-30 | Arris Enterprises Llc | Client auto-configuration in a multi-switch link aggregation |
JP2014053758A (en) * | 2012-09-07 | 2014-03-20 | Nippon Telegr & Teleph Corp <Ntt> | Network control device and network control method |
JP2015529434A (en) * | 2012-09-27 | 2015-10-05 | ヒューレット−パッカード デベロップメント カンパニー エル.ピー.Hewlett‐Packard Development Company, L.P. | Send specific traffic along a blocked link |
US11102077B2 (en) | 2012-09-27 | 2021-08-24 | Hewlett Packard Enterprise Development Lp | Transmit specific along blocked link |
US10075394B2 (en) | 2012-11-16 | 2018-09-11 | Brocade Communications Systems LLC | Virtual link aggregations across multiple fabric switches |
US9807017B2 (en) | 2013-01-11 | 2017-10-31 | Brocade Communications Systems, Inc. | Multicast traffic load balancing over virtual link aggregation |
CN105144652A (en) * | 2013-01-24 | 2015-12-09 | 惠普发展公司,有限责任合伙企业 | Address resolution in software-defined networks |
EP2949093A4 (en) * | 2013-01-24 | 2016-08-10 | Hewlett Packard Entpr Dev Lp | Address resolution in software-defined networks |
US10462049B2 (en) | 2013-03-01 | 2019-10-29 | Avago Technologies International Sales Pte. Limited | Spanning tree in fabric switches |
US20160127977A1 (en) * | 2013-03-15 | 2016-05-05 | Facebook, Inc. | Single frequency data network |
US9787372B2 (en) * | 2013-03-15 | 2017-10-10 | Facebook, Inc. | Single frequency data network |
US9871676B2 (en) | 2013-03-15 | 2018-01-16 | Brocade Communications Systems LLC | Scalable gateways for a fabric switch |
US10027386B2 (en) | 2013-03-15 | 2018-07-17 | Facebook, Inc. | Fine and coarse parameter beam forming |
US9948361B2 (en) | 2013-03-15 | 2018-04-17 | Facebook, Inc. | Micro-route selection beam forming |
US10237172B2 (en) | 2013-07-09 | 2019-03-19 | Nicira, Inc. | Using headerspace analysis to identify flow entry reachability |
US9755963B2 (en) | 2013-07-09 | 2017-09-05 | Nicira, Inc. | Using headerspace analysis to identify flow entry reachability |
US9742666B2 (en) | 2013-07-09 | 2017-08-22 | Nicira, Inc. | Using headerspace analysis to identify classes of packets |
WO2015006354A1 (en) * | 2013-07-09 | 2015-01-15 | Nicira, Inc. | Using headerspace analysis to identify flow entry reachability |
US10680961B2 (en) | 2013-07-09 | 2020-06-09 | Nicira, Inc. | Using headerspace analysis to identify flow entry reachability |
US9531676B2 (en) | 2013-08-26 | 2016-12-27 | Nicira, Inc. | Proxy methods for suppressing broadcast traffic in a network |
US9548965B2 (en) | 2013-08-26 | 2017-01-17 | Nicira, Inc. | Proxy methods for suppressing broadcast traffic in a network |
US9806949B2 (en) | 2013-09-06 | 2017-10-31 | Brocade Communications Systems, Inc. | Transparent interconnection of Ethernet fabric switches |
JP2015070425A (en) * | 2013-09-27 | 2015-04-13 | Kddi株式会社 | Link quality measurement device and flow entry aggregation method and program therefor |
US11029982B2 (en) | 2013-10-13 | 2021-06-08 | Nicira, Inc. | Configuration of logical router |
US9575782B2 (en) | 2013-10-13 | 2017-02-21 | Nicira, Inc. | ARP for logical router |
US10528373B2 (en) | 2013-10-13 | 2020-01-07 | Nicira, Inc. | Configuration of logical router |
US12073240B2 (en) | 2013-10-13 | 2024-08-27 | Nicira, Inc. | Configuration of logical router |
US9912612B2 (en) | 2013-10-28 | 2018-03-06 | Brocade Communications Systems LLC | Extended ethernet fabric switches |
EP3073698A4 (en) * | 2013-12-13 | 2016-11-23 | Huawei Tech Co Ltd | Method for processing address resolution protocol message, forwarder and controller |
JP2017503405A (en) * | 2013-12-13 | 2017-01-26 | 華為技術有限公司Huawei Technologies Co.,Ltd. | Method, switch and controller for processing address resolution protocol messages |
RU2652440C2 (en) * | 2013-12-31 | 2018-04-26 | Хуавей Текнолоджиз Ко., Лтд. | Packages transmission method, device and communication system |
US10187846B2 (en) | 2013-12-31 | 2019-01-22 | Huawei Technologies Co., Ltd. | Packet transmission method, device, and communications system |
CN104995878A (en) * | 2013-12-31 | 2015-10-21 | 华为技术有限公司 | Message transmission method, apparatus and communication system |
US10681619B2 (en) | 2013-12-31 | 2020-06-09 | Huawei Technologies Co., Ltd. | Packet transmission method, device, and communications system |
EP3598703A1 (en) * | 2013-12-31 | 2020-01-22 | Huawei Technologies Co., Ltd. | Packet transmission method, device, and communications system |
EP3082305A4 (en) * | 2013-12-31 | 2016-11-30 | Huawei Tech Co Ltd | Message transmission method, apparatus and communication system |
CN104995878B (en) * | 2013-12-31 | 2019-02-05 | 华为技术有限公司 | A kind of message transmitting method, equipment and communication system |
US10355879B2 (en) | 2014-02-10 | 2019-07-16 | Avago Technologies International Sales Pte. Limited | Virtual extensible LAN tunnel keepalives |
US10581758B2 (en) | 2014-03-19 | 2020-03-03 | Avago Technologies International Sales Pte. Limited | Distributed hot standby links for vLAG |
US10476698B2 (en) | 2014-03-20 | 2019-11-12 | Avago Technologies International Sales Pte. Limited | Redundent virtual link aggregation group |
US11736394B2 (en) | 2014-03-27 | 2023-08-22 | Nicira, Inc. | Address resolution using multiple designated instances of a logical router |
US11190443B2 (en) | 2014-03-27 | 2021-11-30 | Nicira, Inc. | Address resolution using multiple designated instances of a logical router |
US10063473B2 (en) | 2014-04-30 | 2018-08-28 | Brocade Communications Systems LLC | Method and system for facilitating switch virtualization in a network of interconnected switches |
US10044568B2 (en) | 2014-05-13 | 2018-08-07 | Brocade Communications Systems LLC | Network extension groups of global VLANs in a fabric switch |
US9800471B2 (en) | 2014-05-13 | 2017-10-24 | Brocade Communications Systems, Inc. | Network extension groups of global VLANs in a fabric switch |
CN104092684A (en) * | 2014-07-07 | 2014-10-08 | 杭州华三通信技术有限公司 | Method and device for supporting VPN based on OpenFlow protocol |
CN104092684B (en) * | 2014-07-07 | 2017-10-03 | 新华三技术有限公司 | A kind of OpenFlow agreements support VPN method and apparatus |
US10616108B2 (en) | 2014-07-29 | 2020-04-07 | Avago Technologies International Sales Pte. Limited | Scalable MAC address virtualization |
US9807007B2 (en) | 2014-08-11 | 2017-10-31 | Brocade Communications Systems, Inc. | Progressive MAC address learning |
US10284469B2 (en) | 2014-08-11 | 2019-05-07 | Avago Technologies International Sales Pte. Limited | Progressive MAC address learning |
US10250443B2 (en) | 2014-09-30 | 2019-04-02 | Nicira, Inc. | Using physical location to modify behavior of a distributed virtual network element |
US11252037B2 (en) | 2014-09-30 | 2022-02-15 | Nicira, Inc. | Using physical location to modify behavior of a distributed virtual network element |
US11483175B2 (en) | 2014-09-30 | 2022-10-25 | Nicira, Inc. | Virtual distributed bridging |
US10511458B2 (en) | 2014-09-30 | 2019-12-17 | Nicira, Inc. | Virtual distributed bridging |
US10003552B2 (en) | 2015-01-05 | 2018-06-19 | Brocade Communications Systems, Llc. | Distributed bidirectional forwarding detection protocol (D-BFD) for cluster of interconnected switches |
US9942097B2 (en) | 2015-01-05 | 2018-04-10 | Brocade Communications Systems LLC | Power management in a network of interconnected switches |
US10038592B2 (en) | 2015-03-17 | 2018-07-31 | Brocade Communications Systems LLC | Identifier assignment to a new switch in a switch group |
US9807005B2 (en) | 2015-03-17 | 2017-10-31 | Brocade Communications Systems, Inc. | Multi-fabric manager |
US10708231B2 (en) | 2015-04-03 | 2020-07-07 | Nicira, Inc. | Using headerspace analysis to identify unneeded distributed firewall rules |
US10044676B2 (en) | 2015-04-03 | 2018-08-07 | Nicira, Inc. | Using headerspace analysis to identify unneeded distributed firewall rules |
US10579406B2 (en) | 2015-04-08 | 2020-03-03 | Avago Technologies International Sales Pte. Limited | Dynamic orchestration of overlay tunnels |
US10225184B2 (en) | 2015-06-30 | 2019-03-05 | Nicira, Inc. | Redirecting traffic in a virtual distributed router environment |
US10693783B2 (en) | 2015-06-30 | 2020-06-23 | Nicira, Inc. | Intermediate logical interfaces in a virtual distributed router environment |
US11799775B2 (en) | 2015-06-30 | 2023-10-24 | Nicira, Inc. | Intermediate logical interfaces in a virtual distributed router environment |
US11050666B2 (en) | 2015-06-30 | 2021-06-29 | Nicira, Inc. | Intermediate logical interfaces in a virtual distributed router environment |
US10348625B2 (en) | 2015-06-30 | 2019-07-09 | Nicira, Inc. | Sharing common L2 segment in a virtual distributed router environment |
US10361952B2 (en) | 2015-06-30 | 2019-07-23 | Nicira, Inc. | Intermediate logical interfaces in a virtual distributed router environment |
US10439929B2 (en) | 2015-07-31 | 2019-10-08 | Avago Technologies International Sales Pte. Limited | Graceful recovery of a multicast-enabled switch |
US10171303B2 (en) | 2015-09-16 | 2019-01-01 | Avago Technologies International Sales Pte. Limited | IP-based interconnection of switches with a logical chassis |
US11288249B2 (en) | 2015-09-30 | 2022-03-29 | Nicira, Inc. | Implementing an interface between tuple and message-driven control entities |
US10204122B2 (en) | 2015-09-30 | 2019-02-12 | Nicira, Inc. | Implementing an interface between tuple and message-driven control entities |
US9912614B2 (en) | 2015-12-07 | 2018-03-06 | Brocade Communications Systems LLC | Interconnection of switches based on hierarchical overlay tunneling |
US11601521B2 (en) | 2016-04-29 | 2023-03-07 | Nicira, Inc. | Management of update queues for network controller |
US11019167B2 (en) | 2016-04-29 | 2021-05-25 | Nicira, Inc. | Management of update queues for network controller |
US10237090B2 (en) | 2016-10-28 | 2019-03-19 | Avago Technologies International Sales Pte. Limited | Rule-based network identifier mapping |
US10587479B2 (en) | 2017-04-02 | 2020-03-10 | Nicira, Inc. | GUI for analysis of logical network modifications |
US10374827B2 (en) | 2017-11-14 | 2019-08-06 | Nicira, Inc. | Identifier that maps to different networks at different datacenters |
US10511459B2 (en) | 2017-11-14 | 2019-12-17 | Nicira, Inc. | Selection of managed forwarding element for bridge spanning multiple datacenters |
US11336486B2 (en) | 2017-11-14 | 2022-05-17 | Nicira, Inc. | Selection of managed forwarding element for bridge spanning multiple datacenters |
US11496437B2 (en) | 2020-04-06 | 2022-11-08 | Vmware, Inc. | Selective ARP proxy |
US11805101B2 (en) | 2021-04-06 | 2023-10-31 | Vmware, Inc. | Secured suppression of address discovery messages |
US12081395B2 (en) | 2021-08-24 | 2024-09-03 | VMware LLC | Formal verification of network changes |
Also Published As
Publication number | Publication date |
---|---|
JP5874726B2 (en) | 2016-03-02 |
US20130250958A1 (en) | 2013-09-26 |
JP2014505379A (en) | 2014-02-27 |
US9379975B2 (en) | 2016-06-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2012093429A1 (en) | Communication control system, control server, forwarding node, communication control method, and communication control program | |
US10791066B2 (en) | Virtual network | |
EP3210345B1 (en) | Transparent network service header path proxies | |
US9215175B2 (en) | Computer system including controller and plurality of switches and communication method in computer system | |
US9225641B2 (en) | Communication between hetrogenous networks | |
US9397934B2 (en) | Methods for packet forwarding though a communication link of a distributed link aggregation group using mesh tagging | |
CN102857416B (en) | A kind of realize the method for virtual network, controller and virtual network | |
US9407503B2 (en) | Control apparatus, communication system, communication method, and program | |
US9843496B2 (en) | Communication system, control apparatus, and network topology management method | |
KR102018395B1 (en) | Packet broadcast mechanism in a split architecture network | |
US20140019639A1 (en) | Computer system and communication method | |
EP2744159B1 (en) | Openflow packet forwarding system, control apparatus, packet forwarding method and program | |
EP2922250B1 (en) | Control apparatus, communication system, control information creating method and program | |
US9832114B2 (en) | Packet forwarding system, control apparatus, packet forwarding method, and program | |
US20160294673A1 (en) | Communication system, communication method, network information combination apparatus, and network information combination program | |
US20150381775A1 (en) | Communication system, communication method, control apparatus, control apparatus control method, and program | |
US10044671B2 (en) | Control apparatus, communication system, communication method, and program | |
US20170078193A1 (en) | Communication system, control apparatus, communication apparatus, and communication method | |
US20230216785A1 (en) | Source routing apparatus and method in icn | |
US20150372900A1 (en) | Communication system, control apparatus, communication control method, and program | |
US20170317921A1 (en) | Control apparatus, communication system, and relay apparatus control method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 11854810 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2013519291 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 13990033 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 11854810 Country of ref document: EP Kind code of ref document: A1 |