This invention claims priority rights pertaining to the JP patent Application 2010-246183 filed in Japan on Nov. 2, 2010. The total contents of this JP Patent Application of the senior filing date are to be incorporated by reference in the present Application.
This invention relates to a communication system, a control apparatus, a path controlling method and a program. More particularly, it relates to a communication system including a node and another node that outputs a received packet at a plurality of ports. It also relates to a control apparatus, a path controlling method and a program. The first-stated node forwards the received packet in accordance with processing rules (packet handling operations) correlating the processing applied to the packet with a set of matching rules that identify a packet to which the processing is applied.
A technique termed OpenFlow has been proposed these years, as indicated in Patent Literature 1 and in Non-Patent Literatures 1, 2. The OpenFlow grasps communication as an end-to-end flow and performs routing control, recovery from malfunctions, load balancing and optimization on the flow-by-flow basis. An OpenFlow switch, operating as a relaying device, includes a secure channel for communication with an OpenFlow controller which is comprehended as a control apparatus or controller. The OpenFlow switch is run in operation in accordance with a flow table which is optionally commanded to be amplified or rewritten from the OpenFlow controller. In the flow table, a set of matching rules (header field) to match to a packet header against, flow statistic information (Counters) and an action(s) (Action or Actions) are defined on the flow-by-flow basis. The Action or Actions define processing contents applied to a packet matched to the set of matching rules (header field) (see
On receipt of a packet, the OpenFlow switch retrieves, from the flow table, such entry having matching rules matched to the header information of the received packet (see the header field of
Patent Literature 2 shows a relaying device including a port move detection circuit that detects port move produced when a frame has arrived from a path learned in a MAC address table.
The disclosures of the above mentioned Patent and Non-Patent Literatures are incorporated herein by reference. The following analysis is by the present invention.
It is highly probable that a legacy switch that outputs a received packet via a plurality of ports to carry out packet forwarding should exist in a network represented by an OpenFlow shown in the Patent Literature 1 and the Non-Patent Literatures 1, 2. For example, if there exists in the network a repeater hub, or a switching hub has performed flooding, the packet is forwarded via a plurality of ports with such switch as a starting point (see the HUB of
For example, suppose that there is set a packet forwarding path which forwards a packet from an OpenFlow switch, abbreviated to ‘OFS’ 1, a legacy switch (‘HUB’ in the drawing), an OFS2 and an OFS3, in this order, as shown in
It is an object of the present invention to provide a configuration and a method in which, even in an environment where there co-exist a first node typified by an OpenFlow switch shown in Patent Literature 1 and in Non-Patent Literatures 1 and 2, and a second node typified by the above mentioned legacy switch, it is possible to suppress a situation in which packets whose paths are to be controlled are forwarded off their intended paths one after another.
A communication system according to a first aspect of the present invention includes a plurality of first nodes that, in accordance with processing rules (packet handling operations) prescribing processing contents for a packet belonging to a pre-set flow, process a packet that is received and that matches to the processing rules. The communication system also includes a second node that forwards the received packet via a plurality of ports thereof under pre-set conditions. The communication system also includes a control apparatus that sets, for the first nodes situated on a forwarding path for the packet belonging to the pre-set flow, processing rules to forward the packet belonging to the pre-set flow to each next hop. The control apparatus also sets, for the first node not situated on the forwarding path, processing rules to command dropping the packet that is forwarded from the second node and that has become deviated from the forwarding path.
A control apparatus according to a second aspect is connected to a plurality of first nodes that, in accordance with processing rules (packet handling operations) prescribing processing contents for a packet belonging to a pre-set flow, process a packet that is received and that matches to the processing rules, and to a second node that forwards the received packet via a plurality of ports thereof under pre-set conditions. For the first nodes situated on a path of forwarding a packet belonging to the pre-set flow, the control apparatus sets processing rules to forward the packet belonging to the pre-set flow to each next hop. For the first node not situated on the forwarding path, the control apparatus sets processing rules to drop the packet that is forwarded from the second node and that has become deviated from the forwarding path.
A path control method according to a third aspect is configured to be carried out by a control apparatus connected to a plurality of first nodes that, in accordance with processing rules (packet handling operations) prescribing processing contents for a packet belonging to a pre-set flow, process a packet that is received and that matches to the processing rules, and to a second node that forwards the received packet via a plurality of ports thereof under pre-set conditions. The method includes the steps of setting, for the first nodes situated on a path of forwarding the packet belonging to the pre-set flow, processing rules that implement a forwarding path, and setting, for the first node not situated on the path of forwarding the packet, processing rules that instruct dropping the packet that is off the forwarding path and that has been forwarded from the second node. It is observed that the present invention is bound up with a particular machine which is a computer making up the control apparatus controlling the first nodes.
A program according to a fourth aspect is executed by a computer making up a control apparatus connected to a plurality of first nodes that, in accordance with processing rules prescribing processing contents for a packet belonging to a pre-set flow, process a packet received which matches to the processing rules, and to a second node that forwards the received packet via a plurality of ports thereof under pre-set conditions. The program allows execution of the processing of setting, for the first nodes situated on a path of forwarding the packet belonging to the pre-set flow, processing rules that implement the forwarding path, and the processing of setting, for the first node not situated on the path of forwarding the packet belonging to the pre-set flow, processing rules that instruct dropping the packet that is off the forwarding path and that has been forwarded from the second node. It is observed that the program may be recorded on a computer-readable recording medium. That is, the present invention may be implemented as a computer program product.
The meritorious effects of the present invention are summarized as follows.
According to the present disclosure, it is possible to suppress a situation in which packets, a path for which is to be controlled, are off their intended path and forwarded in this state one after another.
Initially, the gist of an exemplary embodiment of the present invention will be explained. In the exemplary embodiment of the present invention, a communication system is provided which includes first nodes 210 to 240, a second node 400 and a controller 100, as shown in
In the first node 240, not situated on the packet forwarding path, there are set processing rules instructing that the packet that are off the packet forwarding path is to be dropped, as described above. This suppresses that any superfluous packet, forwarded from the second node 400, is forwarded to an unintended node, or that a request to set processing rules for such packet, that is, a new flow detection notification message (Packet-In), is sent to the controller.
The first node in which to set the processing rules to drop the packet deviated from the packet forwarding path may optionally be selected from among the first nodes situated downstream of the second node 400. However, from the perspective of reducing the number of unneeded traffic to as small a value as possible, the processing rules to instruct dropping the packet deviated from the forwarding path are preferably set in the first node 240 that directly receives packets from the second node 400, as shown in
In the example shown in
An exemplary embodiment 1 of the present invention will now be described in detail with reference to the drawings.
Each of the first nodes 210 to 240 is a switch including a packet processor that processes a received packet in accordance with the processing rules that correlate the processing applied to a packet with the matching rules that specify the packet the processing is applied to. For example, each of the first nodes may be a switch that is able to operate as an OpenFlow switch of Non-Patent Literature 2.
The second node 400 may, for example, be a repeater hub that outputs a received packet via the total of ports except the port that received the packet, or a Layer 2 switch that outputs a received packet via multiple ports during flooding similarly to the repeater hub. In the explanation to follow, it is assumed that the second node 400 forwards the packet, received from a given port, such as port #1, via a port(s) other than the port where the packet has been received, such as #2 or #3.
A controller 100 is such a device that sets processing rules in the first nodes, out of the first nodes 210 to 240, situated on a separately calculated packet forwarding path. The processing rules implement packet forwarding along the packet forwarding path. In the following explanation of the outstanding exemplary embodiment, it is assumed that the controller 100 is an OpenFlow controller of Non-Patent Literature 2 capable of setting processing rules (flow entries) in the first nodes 210 to 240 via a secure channel indicated by broken lines in
In the following explanation of the exemplary embodiments, it is assumed that the MAC address of the communication terminal A is ‘A’ and that of the communication terminal B is ‘B’.
The topology management unit 103 constructs and manages the network topology information, based on the relationship of interconnection of the first nodes 210 to 240 as collected by the node communication unit 107.
Based on the network topology information, constructed by the topology management unit 103, the path/action calculating unit 104 finds the packet forwarding path, an action(s) to be executed by the first nodes on the forwarding path and a timer value(s) as the term of validity of the processing rules. The path/action calculating unit 104 allows the flow entry management unit 105 to prepare the processing rules including an action to have the first node other than those on the packet forwarding path drop the packets, and a proper timer value(s).
Based on the information received from the first nodes 210 to 240, the flow entry management unit 105 prepares matching rules (matching key), while registering the results calculated by the path/action calculating unit 104 in the flow entry DB 101 as the processing rules (flow entries) and setting the processing rules (flow entries) in response to a request to amplify or update the processing rules (flow entries) from the first nodes 210 to 240. Moreover, based on a command from the path/action calculating unit 104, the flow entry management unit 105 prepares and sets, in the first node other than those on the packet forwarding path, processing rules including an action(s) to drop a packet as well as proper timer value(s).
The control message processor 106 analyzes a control message received from the first nodes 210 to 240 to deliver the control message information to relevant processing means in the control apparatus (controller) 100. For example, if a new flow detection notification message (Packet-In) is received from the first nodes 210 to 240, the control message processor 106 inquires at the flow entry management unit 105 whether or not the processing rules (flow entries) to be applied to the new flow of interest are already registered in the flow entry DB 101. If the processing rules (flow entries) are not registered, the control message processor 106 asks the path/action calculating unit 104 to prepare new processing rules (flow entries).
The respective components (processing means) of the control apparatus (controller) 100, shown in
The operation of the subject exemplary embodiment will now be explained in detail with reference to the drawings.
In the explanation to follow, it is presupposed that, as indicated by a thick solid line in
If the packet addressed from the communication terminal A to the communication terminal B is output via the port #2 of the first node 210, the second node 400 outputs the packet, received via its port #1, at its ports #2 and #3. In the subject exemplary embodiment, the control apparatus (controller) 100 sets processing rules performing an action that, should the first node 240 have received a packet not conforming to the processing rules applied to the specified flow as set by the control apparatus (controller) 100, viz., an unknown packet not belonging to any of flows, the packet is to be dropped.
This renders it possible to suppress a situation in which the first node 240 forwards the packet it has received to a non-pertinent node(s).
In connection with the example of
An exemplary embodiment 2 of the present invention will now be described in detail with reference to the drawings. In the exemplary embodiment 1, described above, control is exercised so that the first node other than those situated on the packet forwarding path will drop an unknown packet not belonging to any flows.
However, if a further communication terminal is connected to the first node (see a communication terminal shown in
The exemplary embodiment 2, configured to avoid such inconvenience, will now be explained. It is observed that the exemplary embodiments 2 to 5, explained subsequently, may be implemented by the configuration similar to the above described exemplary embodiment 1. Thus, in the following explanation, the points of difference from the exemplary embodiment 1, in particular the processing rules set in the first nodes, will be set out in detail.
The controller 100 of the subject exemplary embodiment sets, in the first node 240 deviated from the packet forwarding path, not only the processing rules to drop the unknown packet, but also the processing rules that cause the node to request the controller 100 to set processing rules (viz., to send out to the controller a new flow detection notification message or Packet-In) for a packet received via specified port (port #3). The second stated processing rules are of the order of priority higher than that of the first stated processing rules. See a legend for the first node 240 of
It is thus possible to have the first node 240 ask the controller 100 to exercise path control for a packet received from the communication terminal C as well as to cause unknown packets other than the packet received from the communication terminal C to be dropped, as shown in
An exemplary embodiment 3 of the present invention will now be described in detail with reference to the drawings. In the above described exemplary embodiment 2, it is known from the outset that the communication terminal C is connected to the specified port of the first node 240. Hence, the processing rules are set in which the port has been specified. However, such a case may arise in which the processing rules may not be set as the position of the communication terminal is included in the matching rules, such as when the communication terminal C is mobile.
Thus, in the subject exemplary embodiment, not the port of the first node 240 is identified and, as shown in
As regards the timing to set the processing rules, reception from the communication terminal C of an authentication requesting packet in an authentication server, not shown, or a position registration requesting packet in a position registration requesting server, also not shown, may be used as incentive. As regards the first node in which to set the above mentioned processing rules, it is sufficient that reference is made to the network topology to select the first node in the vicinity of the communication terminal C.
Thus, even if the position of the communication terminal is not known, a first node situated in the vicinity of the communication terminal may request the controller to set devoted processing rules for packets received from the communication terminal, that is, may send to the controller a new flow detection notification message (Packet-In), and may also cause the other unknown packet(s) to be dropped, with the reception of an authentication requesting packet or an position registration requesting packet as an incentive.
As an alternative to setting the above mentioned processing rules, control shown in
Such control shown in
An exemplary embodiment 4 of the present invention will now be described in detail with reference to the drawings. There may be such a case where, to manage sophisticated control or take the statistic information, such processing rules to the effect that, each time a packet is received, a packet received is forwarded after rewriting its header, are set in the first nodes 210 to 230, as shown in
If, in such case, the processing rules having the same matching rules as those of the processing rules set in the first node 210 are set in the first node 240, such a situation may arise in which a packet that is sent from the second node 400, and that has its header already rewritten, is unable to be dropped.
Thus, in the subject exemplary embodiment, the controller 100 sets, in the first node 240 situated downstream of the second node 400, such processing rules which will cause the first node to drop the packet the header of which has been rewritten in the first node 210.
It should be noted that, in the subject exemplary embodiment, the packets captured by the processing rules, set in the first node 240, are restrictively the packets rewritten by the first node 210. Thus, on reception of an unknown packet from the communication terminal C, it is possible for the node to request the controller 100 to set processing rules for such packet, viz., send a new flow detection notification message (Packet-In) to the controller, without the necessity to set particular processing rules (see a broken line in
An exemplary embodiment 5 of the present invention will now be explained in detail with reference to the drawings. In the subject exemplary embodiment, as in the exemplary embodiment 1, it is presupposed that a packet addressed from the communication terminal A to the communication terminal B is forwarded through the first node 210, second node 400, first node 220 and the second node 230, in this order.
The second node 400 may be a Layer 2 switch forwarding a packet using a MAC address table, as shown in
In such case, the destination learning packet may be dropped by setting processing rules to drop the packet in the first nodes 210 and 240.
It may occur that, in the second node 400, the flooding conditions hold good or entries learned on the MAC address table are erased by timeout. In such case, it is probable that the second node 400 transmits the packet from the communication terminal A to the communication terminal B to both the first node 220 and the first node 230.
Thus, in the subject exemplary embodiment, processing rules for dropping a packet addressed from the communication terminal A to the communication terminal B, viz., a packet belonging to the flow A, and those for dropping the destination learning address, are set in the first node 240 deviated from the packet forwarding path. Since there may be cases where the normal data packet flows in the same direction as that of the destination learning packet, it is preferred to set a rank of priority for dropping the destination learning packet in the processing rules so as to be lower than that for forwarding commonplace data.
It is thus possible to drop not only the packet addressed from the communication terminal A to the communication terminal B, viz., a packet belonging to the flow A, but also the other packet, herein a destination learning packet.
Although the description has been made of preferred exemplary embodiments of the present invention, such exemplary embodiments are not intended to limit the scope of the present invention, such that further modifications, substitutions or adjustments may be made without departing from the basic technical concept of the present invention. For example, simple numbers of the first and second nodes and the communication terminals, as well as the network configuration, shown in the above described exemplary embodiments, are intended to assist in the understanding of the present invention, such that it is also possible to use any of a variety of different configurations.
The particular exemplary embodiments or examples may be modified or adjusted within the gamut of the entire disclosure of the present invention, inclusive of claims, based on the fundamental technical concept of the invention. Moreover, a variety of combinations or selection of elements disclosed herein may be made within the framework of the claims. The present invention may cover a wide variety of modifications or corrections that may occur to those skilled in the art in accordance with the entire disclosure of the present invention, inclusive of claims and the technical concept of the present invention.
Preferred modes of the present invention may be summarized as follows:
[Mode 1]
(See the communication system according to the above mentioned first aspect)
[Mode 2]
The communication system according to mode 1, wherein,
the control apparatus sets for the first node processing rules instructing dropping a packet not belonging to any flow.
[Mode 3]
The communication system according to mode 1 or 2, wherein,
on reception of a packet not belonging to any flows but satisfying pre-set conditions, processing rules are set for the first node that instruct the first node to notify the control apparatus of detection of a new flow.
[Mode 4]
The communication system according to any one of modes 1 to 3, wherein,
the pre-set conditions include the header information innate to a packet transmitted from a communication terminal coupled to the first node.
[Mode 5]
The communication system according to any one of modes 1 to 4, wherein,
the control apparatus sets, for the first nodes situated on the forwarding path, processing rules to rewrite the header from one link to another;
the control apparatus setting, for the first node downstream of the second node, which is situated on the forwarding path, processing rules instructing dropping of a packet whose header has been rewritten in the first node situated upstream of the second node.
[Mode 6]
The communication system according to any one of modes 1 to 5, wherein,
at least one of the second nodes is a Layer 2 switch;
the control apparatus causing the Layer 2 switch to receive an address learning packet flowing in a direction from the first nodes situated on the forwarding path downstream of the Layer 2 switch towards the Layer 2 switch; the address learning packet having a downstream side node as transmission source;
the control apparatus setting, for the first node receiving the address learning packet from the Layer 2 switch, processing rules instructing dropping the address learning packet.
[Mode 7]
(See the control apparatus according to the above mentioned second aspect)
[Mode 8]
The control apparatus according to mode 7, wherein,
the control apparatus sets, for the first node, processing rules instructing the first node to drop a packet not belonging to any flows.
[Mode 9]
The control apparatus according to mode 7 or 8, wherein,
on reception of a packet not belonging to any flows but satisfying pre-set conditions, processing rules are set for the first node that instruct the first node to notify the control apparatus of detection of a new flow.
[Mode 10]
The control apparatus according to any one of modes 7 to 9, wherein,
the pre-set conditions include the header information innate to a packet transmitted from a communication terminal coupled to the first node.
[Mode 11]
The control apparatus according to any one of modes 7 to 10, wherein,
processing rules are set for the first nodes situated on the forwarding path instructing the first nodes to rewrite the header from one link to another;
the control apparatus setting, for the first node lying downstream of the second node situated on the forwarding path, processing rules instructing dropping of a packet whose header has been rewritten in the first node situated upstream of the second node.
[Mode 12]
The control apparatus according to any one of modes 7 to 11, wherein,
a Layer 2 switch is provided as the second node on the forwarding path;
the control apparatus causing the Layer 2 switch to receive an address learning packet, having a downstream side node as transmission source, from the first nodes situated on the forwarding path downstream of the Layer 2 switch towards the Layer 2 switch;
the control apparatus setting, for the first node receiving the address learning packet from the Layer 2 switch, processing rules instructing dropping of the address learning packet.
[Mode 13]
(See the path controlling method according to the above mentioned third aspect) [Mode 14]
(See the program according to the above mentioned fourth aspect)
Number | Date | Country | Kind |
---|---|---|---|
2010-246183 | Nov 2010 | JP | national |
Filing Document | Filing Date | Country | Kind | 371c Date |
---|---|---|---|---|
PCT/JP2011/075275 | 11/2/2011 | WO | 00 | 5/1/2013 |
Publishing Document | Publishing Date | Country | Kind |
---|---|---|---|
WO2012/060403 | 5/10/2012 | WO | A |
Number | Name | Date | Kind |
---|---|---|---|
7519048 | Kobayashi | Apr 2009 | B2 |
7593319 | Sivasankaran et al. | Sep 2009 | B1 |
7746862 | Zuk et al. | Jun 2010 | B1 |
7843812 | Kobatake | Nov 2010 | B2 |
20040076154 | Mizutani et al. | Apr 2004 | A1 |
20040148374 | Bush et al. | Jul 2004 | A1 |
20060221960 | Borgione | Oct 2006 | A1 |
20060251065 | Hamamoto et al. | Nov 2006 | A1 |
20070091871 | Taha | Apr 2007 | A1 |
20070091890 | Radhakrishnan et al. | Apr 2007 | A1 |
20080037546 | Ishikawa et al. | Feb 2008 | A1 |
20080159137 | Konuma et al. | Jul 2008 | A1 |
20080189769 | Casado et al. | Aug 2008 | A1 |
20080298371 | Kobatake | Dec 2008 | A1 |
20110261825 | Ichino | Oct 2011 | A1 |
20110271009 | Doshi et al. | Nov 2011 | A1 |
20120230343 | Schrum, Jr. | Sep 2012 | A1 |
20130315248 | Morimoto | Nov 2013 | A1 |
20140064104 | Nataraja et al. | Mar 2014 | A1 |
20150003291 | Oikawa | Jan 2015 | A1 |
Number | Date | Country |
---|---|---|
2008-301003 | Dec 2008 | JP |
WO2008095010 | Aug 2008 | WO |
WO 2008095010 | Aug 2008 | WO |
WO2010103909 | Sep 2010 | WO |
Entry |
---|
Shimonishi et al., “Building Hierarchial Switch Network Using OpenFlow”, 2009 International Conference on Intelligent Networking and Collaborative Systems, IEEE Computer Society, pp. 391-394, (http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=5369326). |
International Search Report in PCT/JP2011/075275 dated Nov. 29, 2011(English Translation Thereof). |
Nick McKeown and seven others: “Open Flow: Enabling Innovation in Campus Networks”, [online], [retrieved on Oct. 6, 2010 H22, Internet <URL:http://www.openflowswitch.org/documents/openflow-wp-latest.pdf>. |
“OpenFlow Switch Specification” Version 1.0.0. (Wire Protocol 0×01), [retrieved on Nov. 22, 2010, Internet <URL: http://www.openflowswitch.org/documents/openflow-spec-v1.0.0.pdf>. |
Number | Date | Country | |
---|---|---|---|
20130223452 A1 | Aug 2013 | US |