WO2013140796A1

WO2013140796A1 - Communication system, control device, communication method and program

Info

Publication number: WO2013140796A1
Application number: PCT/JP2013/001883
Authority: WO
Inventors: Toshio Koide
Original assignee: Nec Corporation
Priority date: 2012-03-23
Filing date: 2013-03-19
Publication date: 2013-09-26
Also published as: JP2015511097A

Abstract

A communication system has: a node device configured to forward packets; and a control device configured to control packet forwarding processing by the node device. The control device has a virtual port therein and uses the virtual port to perform forwarding processing with respect to a packet received from the node device and output the received packet to a forwarding destination of the received packet.

Description

COMMUNICATION SYSTEM, CONTROL DEVICE, COMMUNICATION METHOD AND PROGRAM

The present invention relates to a communication system. In particular, the present invention relates to a communication system of a centralized management type in which a control device controls packet forwarding by a network device.

A conventional network device has a problem in that flexible control such as load dispersion, load concentration and the like cannot be externally performed. For this reason, when a scale of a network becomes large, it becomes difficult to recognize and improve a behavior as a system and thus changing a design and a configuration requires immense cost, which is a problem.

As a technique for solving such the problem, a method of separating a packet forwarding function and a route control function of the network device has been proposed. For example, the packet forwarding function is assigned to the network device and the route control function is assigned to a control device that is separated from the network device. In this case, the control device can centrally control the packet forwarding, which makes it possible to establish a flexible network.

(Explanation of CD Separation Type Network)
As an example of the network whose functions are separated, a CD (C: Control plane / D: Data plane) separation type network in which the control device on the control plane side controls a node device on the data plane side has been proposed.

One example of such the CD separation type network is an open flow network that uses an open flow (OpenFlow) technique in which a controller controls a switch to carry out routing control in a network. Details of the open flow technique are described in Patent Literature 1, Non-Patent Literature 1 and Non-Patent Literature 2. It should be noted that the open flow network is merely one example.

(Explanation of Open Flow Network)
In the open flow network, the control device such as an open flow controller (OFC: Open Flow Controller) or the like controls routing control information (flow table) with regard to the routing control in the node device such as an open flow switch (OFS: Open Flow Switch) or the like, and thereby controls behavior of the node device.

The control device and the node device are connected through a control channel (a communication channel for use in control) called "secure channel" that is a communication path protected by SSL (Secure Socket Layer) or a dedicated line or the like. The control device and the node device transmit and receive an open flow message (Open Flow Message) serving as a control message in accordance with (based on) an open flow protocol (Open Flow Protocol) through the control channel.

The node device in the open flow network is an edge switch and a core switch which are arranged in the open flow network and controlled by the control device. A flow of packets from receipt of the packets at an ingress side edge switch (Ingress) to transmission at an egress side edge switch (Egress) in the open flow network is referred to as flow (Flow). In the open flow network, a communication is regarded as an end-to-end flow, and routing control, fault recovery, load dispersion and optimization are carried out with respect to each flow.

A "packet" may be replaced by a "frame". A difference between the packet and the frame lies merely in a difference in a unit of a data treated by the protocol (PDU: Protocol Data Unit). The packet is the PDU of "TCP/IP (Transmission Control Protocol / Internet Protocol)". On the other hand, the frame is the PDU of "Ethernet (registered trademark)".

The routing control information (flow table) is a set of processing rules (flow entries). The processing rule (flow entry) defines a correspondence relationship between a matching condition (rule), statistical information and a processing content (action). The matching condition (rule) is used for specifying packets to be treated as a flow. The statistical information indicates the number of times where the received packet satisfies the matching condition (rule). The processing content (action) indicates processing to be performed with respect to the matched packet.

The matching condition (rule) of the processing rule (flow entry) is defined by various combinations of some or all of the information of respective protocol hierarchies included in a header region (field) of the packet. Moreover, respective matching conditions are distinct from each other. The information of the respective protocol hierarchies is exemplified by a transmission destination address (Destination Address), a transmission source address (Source Address), a transmission destination port (Destination Port), a transmission source port (Source Port) and the like. It should be noted that the above-described address includes a MAC address (Media Access Control Address) and an IP address (Internet Protocol Address). Moreover, in addition to the above, the information of an ingress port (Ingress Port) also can be used as the matching condition (rule) of the processing rule (flow entry). Also, regarding the matching condition (rule) of the processing rule (flow entry), it is also possible to set regular expression or wild card "*" or the like as a part (or all) of the values of the header region of the packet to be treated as the flow.

The processing content (action) of the processing rule (flow entry) indicates an operations such as "outputting to a specified port", "discarding" and "rewriting header". For example, if the processing content (action) of the processing rule (flow entry) indicates identification information of an output port (an output port number and the like), the node device outputs the packet to the output port. If the processing content (action) of the processing rule (flow entry) does not indicate the identification information of an output port, the node device discards the packet. Or, if the processing content (action) of the processing rule (flow entry) indicates the header information, the node device rewrites the header of the packet on the basis of the header information.

The node device in the open flow network performs the processing content (action) of the processing rule (flow entry) with respect to a group of packets (a series of packets) that satisfy the matching condition (rule) of the processing rule (flow entry). More specifically, the node device, when receiving the packet, searches the routing control information (flow table) for a processing rule (flow entry) whose matching condition (rule) matches the header information of the received packet. If a processing rule (flow entry) whose matching condition (rule) matches the header information of the received packet is found as a result of the searching, the node device updates the statistical information of the processing rule (flow entry) and performs the operation specified by the processing content (action) of the processing rule (flow entry) with respect to the received packet. On the other hand, if no processing rule (flow entry) whose matching condition (rule) matches the header information of the received packet is found as a result of the searching, the node device judges the received packet as the "first packet" and then forwards the received packet (or its copy) to the control device in the open flow network through the control channel to request the control device to determine a route of packets based on the transmission source and the transmission destination of the received packet. Then, the node device receives, as a response, a message for setting a new processing rule (flow entry) and updates the routing control information (flow table).

It should be noted that a default processing rule (default entry) whose matching condition (rule) matches the header information of all packets at low priority is registered on the routing control information (flow table). If no other processing rule (flow entry) matching the received packet is found, the received packet matches the default processing rule (default entry). The processing content (action) of the default processing rule (default entry) is "transmitting inquiry information regarding the received packet to the control device.

[Patent Literature 1] International Publication WO 2008/095010

NON-PATENT LITERATURE

[Non-Patent Literature 1] Nick Mckeown et al., "OpenFlow: Enabling Innovation in Campus Networks", [online], [Retrieval on January 23, 2012], Internet (URL:http://www.openflow.org/documents/openflow-wp-latest.pdf)
[Non-Patent Literature 2] "OpenFlow Switch Specification, Version 1.1.0 Implemented", [online], [Retrieval on February 28, 2012], Internet (URL:http://www.openflowswitch.org/documents/openflow-spec-v1.1.0.pdf)

Summary of the Invention

Existing routing protocol and tunneling protocol are not defined in the Open Flow protocol disclosed in Non-Patent Literature 2. Therefore, in order to utilize the existing protocol in the communication system disclosed in Non-Patent Literature 2, it is necessary to separately install the existing protocol in the software that manages and controls the processing rule.

The present invention has been made in view of the above-mentioned problems. An object of the present invention is to enable packet forwarding processing using an existing protocol without separately installing the existing protocol in software in a communication system of a centralized management type.

A communication system according to the present invention has: a node device configured to forward packets; and a control device configured to control packet forwarding processing by the node device. The control device has a virtual port therein and uses the virtual port to perform forwarding processing with respect to a packet received from the node device and output the received packet to a forwarding destination of the received packet.

A control device according to the present invention has: a virtual port; and a control unit configured to control packet forwarding processing by a node device. The control unit uses the virtual port to perform forwarding processing with respect to a packet received from the node device and output the received packet to a forwarding destination of the received packet.

A communication method according to the present invention is executed by a control device. The control device controls packet forwarding processing by a node device and has a virtual port. The communication method includes: using the virtual port to perform forwarding processing with respect to a packet received from the node device; and outputting the received packet to a forwarding destination of the received packet.

A program according to the present invention is recorded on a computer-readable medium and, when executed, causes a control device to perform a communication method. The control device controls packet forwarding processing by a node device and has a virtual port. The communication method includes: using the virtual port to perform forwarding processing with respect to a packet received from the node device; and outputting the received packet to a forwarding destination of the received packet.

In a communication system of a centralized management type, it is possible to achieve packet forwarding processing using an existing protocol without separately installing the existing protocol in software.

Fig. 1 is a diagram showing a configuration example of a communication system according to the present invention. Fig. 2 is a diagram for describing an exemplary embodiment of the present invention. Fig. 3A is a diagram for describing a distribution rule according to a first exemplary embodiment of the present invention. Fig. 3B is a diagram for describing a distribution rule according to a second exemplary embodiment of the present invention. Fig. 3C is a diagram for describing a distribution rule according to a third exemplary embodiment of the present invention. Fig. 3D is a diagram for describing a distribution rule according to a fourth exemplary embodiment of the present invention. Fig. 3E is a diagram for describing a distribution rule according to a fifth exemplary embodiment of the present invention. Fig. 3F is a diagram for describing a distribution rule according to a sixth exemplary embodiment of the present invention. Fig. 3G is a diagram for describing a distribution rule according to a seventh exemplary embodiment of the present invention. Fig. 4 is a diagram showing a configuration example of a communication system according to an eighth exemplary embodiment of the present invention. Fig. 5 is a diagram showing a configuration example of a communication system according to a ninth exemplary embodiment of the present invention.

DESCRIPTION OF EXEMPLARY EMBODIMENTS

Exemplary embodiments of the present invention will be described by using an open flow network being one of networks of a centralized management type as an example. However, actually, the present invention is not limited to the open flow network.

<Exemplary Embodiment>
An exemplary embodiment of the present invention will be described below with reference to the attached drawings.

(System Configuration)
A configuration example of the communication system according to the present invention will be described with reference to Fig. 1.

The communication system according to the present invention has a control device 10 and a node device 20.

The control device 10 is an information processing device for controlling the node device 20.

The node device 20 is a communication device arranged in a network. The node device 20 is connected to the network through a network interface.

The control device 10 and the node device 20 are connected to each other through a control channel 30. The control device 10 and the node device 20 transmit and receive a control message through the control channel 30.

Moreover, the node device 20 is connected to an adjacent node device 20 through a link for data communication such as LAN (Local Area Network) and the like. In a case where the node device 20 itself corresponds to an edge switch, the node device 20 can be connected to a host (a client, a server or the like) or a network device outside a network in which the node device 20 itself is arranged.

It should be noted that the control device 10 and the node device 20 are not limited to a physical machine and may be a virtual machine (VM: Virtual Machine).

The control channel 30 may be wired or wireless.

(Configuration of Control Device)
A configuration example of the control device 10 will be described below.

The control device 10 has a node device control unit 11, a distribution unit 12, a distribution rule storage unit 13 and a virtual port unit 14.

The node device control unit 11 controls the node device 20 through the control channel 30. For example, the node device control unit 11 executes software for operating as an open flow controller (OFC) in the open flow network and operates as the open flow controller (OFC). Here, the node device control unit 11 recognizes and manages an interface unit of each of the node devices 20 through the control channel 30. Moreover, the node device control unit 11 instructs, through the control channel 30, the node device 20 to set the processing rule (flow entry) for the packets which are transmitted and received by the interface unit. An example of the content of the packet processing rule (flow entry) is to output the received packet to an interface unit or the node device control unit 11 that is specified based on characteristics of the received packet at the interface unit. Another example of the content of the packet processing rule (flow entry) is to output, when receiving a packet generated by the node device control unit 11, the received packet to a specified interface unit. Moreover, when receiving a packet from any of the node devices 20, the node device control unit 11 adds information indicating the source node device 20 and its interface unit and then outputs the packet to the distribution unit 12. Furthermore, when a packet is input from the distribution unit 12, the node device control unit 11 reads the information indicating the destination node device and its interface unit that is added to the received packet, and then selects an appropriate control channel for outputting the received packet. Thus, the node device control unit 11 performs control for outputting the packet from a specified interface unit of a specified node device.

When a packet is input from the virtual port unit 14, the distribution unit 12 refers to a distribution rule stored in the distribution rule storage unit 13 to specify a node device and an interface unit appropriate for a packet output destination based on a distribution condition such as "characteristics of the received packet", "the virtual port unit of the input source" and the like. Then, the distribution unit 12 outputs, to the node device control unit 11, a message including the input packet and an instruction to output the packet to the specified node device and interface unit. On the other hand, when a packet is input from the node device control unit 11, the distribution unit 12 refers to the distribution rule stored in the distribution rule storage unit 13 to specify a virtual port unit appropriate for a packet output destination based on a distribution condition such as "characteristics of the received packet", "a node device and an interface unit of the input source" and the like. Then, the distribution unit 12 outputs the input packet to the specified virtual port unit. The distribution unit 12 may be achieved by installing the functions according to the present invention in an existing virtual machine monitor (VMM), a hypervisor and the like.

The distribution rule storage unit 13 retains the distribution rule for packets which are transmitted and received between the virtual port unit of the control device 10 and the interface unit of each node device 20. Here, the distribution rule storage unit 13 retains information required for distributing the packets as the distribution rule. In response to a reference request from the node device control unit 11 and the distribution unit 12, the distribution rule storage unit 13 replies and provides an appropriate distribution rule. For example, the distribution rule is information indicating one-to-one correspondence relationship between the virtual port unit and the interface unit. As another example, the distribution rule is information indicating one-to-one correspondence relationship between the characteristics of packet (e.g. transmission source address, transmission destination address, type and the like), the virtual port unit and the interface unit. The distribution rule storage unit 13 may be achieved by using RDB (Relational Data Base). It should be noted that the correspondence relationship in the distribution rule can be arbitrarily changed by an OS (Operation System), software and the like of a computer operating as the control device 10 in response to a user operation. For example, as an example of QoS control, the correspondence relationship in the distribution rule may be changed as necessary. However, actually, it is not limited to those examples.

The virtual port unit 14 is a virtual network interface inside the control device 10. Since an OS (Operating System) of a computer operating as the control device 10 recognizes (treats) the virtual port unit 14 the same as a physical network interface, the virtual port unit 14 can transmit and receive the packet. For example, the virtual port unit 14 can be achieved by a virtual device such as TUN/TAP and the like which is installed in the OS (Operating System) or software. Each of virtual machines (VMs) operating in the control device 10 may be provided with the OS (Operating System) and the virtual port unit 14. However, actually, it is not limited to those examples.

(Configuration of Node Device)
A configuration example of the node device 20 will be described below.

Each of the node devices 20 has a communication processing unit 21 and an interface unit 22.

The communication processing unit 21 is connected to the control device 10 through the control channel 30 and transmits and receives control messages through the control channel 30. For example, the communication processing unit 21 executes software for operating as an open flow switch (OFS) in the open flow network and operates as the open flow switch (OFS). Moreover, the communication processing unit 21 treats a packet input from the interface unit 22 based on the processing rule (flow entry) and the processing instruction (output instruction and the like) which are instructed from the node device control unit 11 of the control device 10.

The interface unit 22 is a network interface inside the node device 20. The interface unit 22 may be a physical port or a virtual port, as long as it is the network interface inside the node device 20. The interface unit 22 is connected through a data communication link to a connection destination such as an adjacent node device, host or the like. Thus, the interface unit 22 can transmit and receive packets. When receiving a packet from the connection destination such as an adjacent node device, host or the like, the interface unit 22 outputs the received packet to the communication processing unit 21.

The data communication link may be wired or wireless.

<Concrete Example>
A concrete example of the communication system according to the present embodiment will be described below.

(System Configuration)
A configuration example of the communication system according to the present example will be described below with reference to Fig. 2.

The communication system according to the present example has the control device 10 and a plurality of node devices 20.

The configuration examples of the control device 10 and the node device 20 are basically similar to those shown in Fig. 1.

In the present example, the virtual port units 14 include a virtual port unit 14-1, a virtual port unit 14-2, a virtual port unit 14-3, a virtual port unit 14-4, a virtual port unit 14-5 and a virtual port unit 14-6. Each of the virtual port unit 14-1, the virtual port unit 14-2, the virtual port unit 14-3, the virtual port unit 14-4, the virtual port unit 14-5 and the virtual port unit 14-6 is connected to the distribution unit 12.

The virtual port unit 14-1 has a virtual port ID "VP1" as its identification information. The virtual port unit 14-2 has a virtual port ID "VP2" as its identification information. The virtual port unit 14-3 has a virtual port ID "VP3" as its identification information. The virtual port unit 14-4 has a virtual port ID "VP4" as its identification information. The virtual port unit 14-5 has a virtual port ID "VP5" as its identification information. The virtual port unit 14-6 has a virtual port ID "VP6" as its identification information.

In the present example, the node devices 20 include a node device 20-1, a node device 20-2 and a node device 20-3. The node device 20-1 is connected to the control device 10 through a control channel 30-1. The node device 20-2 is connected to the control device 10 through a control channel 30-2. The node device 20-3 is connected to the control device 10 through a control channel 30-3.

The node device 20-1 has a node device ID "DPID1" as its identification information. The node device 20-2 has a node device ID "DPID2" as its identification information. The node device 20-3 has a node device ID "DP1D3" as its identification information.

In the present example, the interface units 22 include an interface unit 22-11, an interface unit 22-21, an interface unit 22-22, an interface unit 22-23, an interface unit 22-31 and an interface unit 22-32. The interface unit 22-11 is installed in the node device 20-1 and connected to a communication processing unit 21-1. The interface unit 22-21, the interface unit 22-22 and the interface unit 22-23 are installed in the node device 20-2 and connected to a communication processing unit 21-2. The interface unit 22-31 and the interface unit 22-32 are installed in the node device 20-3 and connected to a communication processing unit 21-3.

The interface unit 22-11 has an interface ID "IF11" as its identification information. The interface unit 22-21 has an interface ID "IF21" as its identification information. The interface unit 22-22 has an interface ID "IF22" as its identification information. The interface unit 22-23 has an interface ID "IF23" as its identification information. The interface unit 22-31 has an interface ID "IF31" as its identification information. The interface unit 22-32 has as an interface ID "IF32" as its identification information.

<First Exemplary Embodiment>
(Correspondence Relationship between Virtual Port Unit and Interface Unit)
The first exemplary embodiment of the present invention will be described below.

In the present exemplary embodiment, the control device 10 determines the output destination of the packet based on the correspondence relationship between a "virtual port ID" and an "interface ID".

Here, the configuration example of the communication system shown in Figs. 1 and 2 is referred to.

The distribution rule storage unit 13 in the control device 10 retains a correspondence table as the distribution rule in which the virtual port unit 14 and the interface unit 22 are one-to-one related to each other. However, actually, the distribution rule is not limited to such the table format type, as long as the correspondence relationship can be recognized.

(Distribution Rule according to First Exemplary Embodiment)
An example of the distribution rule according to the present exemplary embodiment will be described below with reference to Fig. 3A.

For example, the distribution rule stored in the distribution rule storage unit 13 has a region (field) which indicates a "virtual port ID" and an "interface ID", for each record.

The "virtual port ID" is the region for storing identification information (virtual port ID) of the virtual port unit 14.

The "interface ID" is the region for storing identification information (interface ID) of the interface unit 22.

It should be noted that the interface ID is preferably unique identification information within the communication system (network). However, actually, the interface ID may be unique identification information within the individual node device. If the interface ID is the unique identification information within the individual node device, the interface ID may overlap between the node devices. Therefore, the node device ID may be related, added or stored in the same record.

For example, when the node device ID is related to the interface ID, the distribution rule stored in the distribution rule storage unit 13 has the region that indicates the "virtual port ID", the "interface ID" and the "node device ID", for each record.

The "node device ID" is the region for storing identification information (node device ID) of the node device 20. It should be noted that since the correspondence relationship between the node device 20 and the control channel 30 is one-to-one relation, identification information (control channel ID) of the control channel 30 may be used instead of the identification information (node device ID) of the node device 20.

(Supplement)
In a case where the identification information (virtual port ID) of different virtual port units 14 is respectively stored in the "virtual port ID" and the "interface ID", it is possible to support communication between the different virtual port units 14. Similarly, in a case where the identification information (interface ID) of different interface units 22 is respectively stored in the "virtual port ID" and the "interface ID", it is possible to support communication between the different interface units 22. For example, regions that indicate an "input source ID" and an "output destination ID" may be prepared instead of the regions that indicate the "virtual port ID" and the "interface ID". Then, any of the identification information (virtual port ID) of the virtual port unit 14 and the identification information (interface ID) of the interface unit 22 may be arbitrarily specified in those regions.

(Operation Based on Distribution Rule according to First Exemplary Embodiment)
An example of the operation based on the distribution rule according to the present exemplary embodiment will be described below.

When a packet is input from the virtual port unit 14, the distribution unit 12 refers to the distribution rule stored in the distribution rule storage unit 13 to specify an interface unit 22 appropriate for the packet output destination based on the "interface ID" related to the "virtual port ID" of the virtual port unit 14. Then, the distribution unit 12 outputs, to the node device control unit 11, a message including the input packet and an instruction to output the packet to the specified interface unit 22.

On the other hand, when a packet is input from the node device control unit 11, the distribution unit 12 refers to the distribution rule stored in the distribution rule storage unit 13 to specify a virtual port unit 14 appropriate for the packet output destination based on the "virtual port ID" related to the "interface ID" of the interface unit 22 of the node device 20 as the packet transmission source. Then, the distribution unit 12 outputs the input packet to the specified virtual port unit 14.

<Second Exemplary Embodiment>
(Correspondence Relationship between Input Packet and Virtual Port Unit)
The second exemplary embodiment of the present invention will be described below.

In the present exemplary embodiment, the control device 10 determines a virtual port unit 14 serving as the output destination of the packet, on the basis of the correspondence relationship between a "packet type" and a "virtual port ID".

The distribution rule storage unit 13 in the control device 10 retains a correspondence table as the distribution rule in which the header information and the like of the packet and the virtual port unit 14 are one-to-one related to each other. However, actually, the distribution rule is not limited to such the table format type, as long as the correspondence relationship can be recognized.

(Distribution Rule according to Second Exemplary Embodiment)
An example of the distribution rule according to the present exemplary embodiment will be described below with reference to Fig. 3B.

For example, the distribution rule stored in the distribution rule storage unit 13 has a region which indicates a "virtual port ID" and a "packet type", for each record.

The "packet type" is the region for storing information (header information and the like) for identifying the packet. At least the information that can be used as the matching condition (rule) of the processing rule (flow entry) in the open flow technique can be used as the information for identifying the packet.

(Operation Based on Distribution Rule according to Second Exemplary Embodiment)
An example of the operation based on the distribution rule according to the present exemplary embodiment will be described below.

When a packet is input from the node device control unit 11, the distribution unit 12 refers to the distribution rule stored in the distribution rule storage unit 13 to specify a virtual port unit 14 appropriate for the packet output destination based on the "virtual port ID" related to the "packet type" of the input packet. Then, the distribution unit 12 outputs the input packet to the specified virtual port unit 14.

That is, the distribution rule in the present exemplary embodiment is the distribution rule for use in the packet input to the virtual port unit 14.

The present exemplary embodiment supports communication between the virtual port units 14 as well.

The present exemplary embodiment is preferably performed in combination with another exemplary embodiment (especially, a third exemplary embodiment).

<Third Exemplary Embodiment>
(Correspondence Relationship between Output Packet and Interface Unit)
The third exemplary embodiment of the present invention will be described below.

In the present exemplary embodiment, the control device 10 determines the interface unit 22 serving as the output destination of the packet, on the basis of the correspondence relationship between a "packet type" and an "interface ID".

The distribution rule storage unit 13 in the control device 10 retains a correspondence table as the distribution rule in which the header information and the like of the packet and the interface unit 22 are one-to-one related to each other. However, actually, the distribution rule is not limited to such the table format type, as long as the correspondence relationship can be recognized.

(Distribution Rule according to Third Exemplary Embodiment)
An example of the distribution rule according to the present exemplary embodiment will be described below with reference to Fig. 3C.

For example, the distribution rule stored in the distribution rule storage unit 13 has a region which indicates a "packet type" and an "interface ID", for each record.

For example, when the node device ID is related to the interface ID, the distribution rule stored in the distribution rule storage unit 13 has the region that indicate the "virtual port ID", the "interface ID" and the "node device ID", for each record.

(Operation Based on Distribution Rule according to Third Exemplary Embodiment)
An example of the operation based on the distribution rule according to the present exemplary embodiment will be described below.

When a packet is input from the virtual port unit 14, the distribution unit 12 refers to the distribution rule stored in the distribution rule storage unit 13 to specify an interface unit 22 appropriate for the packet output destination based on the "interface ID" related to the "packet type" of the input packet. Then, the distribution unit 12 outputs, to the node device control unit 11, a message including the input packet and an instruction to output the packet to the specified interface unit 22.

That is, the distribution rule in the present exemplary embodiment is the distribution rule for use in the packet output to the interface unit 22.

The present exemplary embodiment supports communication between the interface units 22 as well.

<Fourth Exemplary Embodiment>
(Correspondence Relationship between Packet, Virtual Port Unit and Interface Unit)
The fourth exemplary embodiment of the present invention will be described below.

In the present exemplary embodiment, the control device 10 determines the output destination of the packet, on the basis of the correspondence relationship between a "packet type", a "virtual port ID" and an "interface ID".

The distribution rule storage unit 13 in the control device 10 retains a correspondence table as the distribution rule in which the header information of the packet, the virtual port unit 14 and the interface unit 22 are one-to-one related to each other. However, actually, the distribution rule is not limited to such the table format type, as long as the correspondence relationship can be recognized.

(Distribution Rule according to Fourth Exemplary Embodiment)
An example of the distribution rule according to the present exemplary embodiment will be described below with reference to Fig. 3D.

For example, the distribution rule stored in the distribution rule storage unit 13 has a region which indicates a "packet type", a "virtual port ID" and an "interface ID", for each record.

(Operation Based on Distribution Rule according to Fourth Exemplary Embodiment)
An example of an operation based on the distribution rule according to the present exemplary embodiment will be described below.

When a packet is input from the virtual port unit 14, the distribution unit 12 refers to the distribution rule stored in the distribution rule storage unit 13 to specify an interface unit 22 appropriate for the packet output destination based on the "interface ID" related to the "packet type" of the input packet and the "virtual port ID" of the virtual port unit 14. Then, the distribution unit 12 outputs, to the node device control unit 11, a message including the input packet and an instruction to output the packet to the specified interface unit 22.

On the other hand, when a packet is input from the node device control unit 11, the distribution unit 12 refers to the distribution rule stored in the distribution rule storage unit 13 to specify a virtual port unit 14 appropriate for the packet output destination based on the "virtual port ID" related to the "packet type" of the input packet and the "interface ID" of the interface unit 22 of the node device 20 as the packet transmission source. Then, the distribution unit 12 outputs the input packet to the specified virtual port unit 14.

According to the present exemplary embodiment, even if the "packet types" of the input packets are the same, it is possible to output the packets to different virtual port unit 14 if the "interface IDs" of the interface units 22 of the transmission sources are different from each other. Also, even if the "virtual port IDs" of the virtual port units 14 of the input source are the same, it is also possible to output the packets to different interface units 22 if the "packet types" of the input packets are different from each other. Consequently, it is possible to carry out the distribution processing that is more complex and finer as compared with the second exemplary embodiment and the third exemplary embodiment.

<Fifth Exemplary Embodiment>
(Correspondence Relationship between Virtual Port Unit and Node Device)
The fifth exemplary embodiment of the present invention will be described below.

In the present exemplary embodiment, the control device 10 determines the output destination of the packet, on the basis of the correspondence relationship between a "virtual port ID" and a "node device ID".

The distribution rule storage unit 13 in the control device 10 retains a correspondence table as the distribution rule in which the virtual port unit 14 and the node device 20 are one-to-one related to each other. However, actually, the distribution rule is not limited to such the table format type, as long as the correspondence relationship can be recognized.

(Distribution Rule according to Fifth Exemplary Embodiment)
An example of the distribution rule according to the present exemplary embodiment will be described below with reference to Fig. 3E.

For example, the distribution rule stored in the distribution rule storage unit 13 has a region which indicates a "virtual port ID" and a "node device ID", for each record.

(Operation Based on Distribution Rule according to Fifth Exemplary Embodiment)
An example of an operation based on the distribution rule according to the present exemplary embodiment will be described below.

When a packet is input from the virtual port unit 14, the distribution unit 12 refers to the distribution rule stored in the distribution rule storage unit 13 to specify a node device 20 appropriate for the packet output destination based on the "node device ID" related to the "virtual port ID" of the virtual port unit 14. Then, the distribution unit 12 outputs, to the node device control unit 11, a message including the input packet and an instruction to output the packet to the specified node device 20.

On the other hand, when a packet is input from the node device control unit 11, the distribution unit 12 refers to the distribution rule stored in the distribution rule storage unit 13 to specify a virtual port unit 14 appropriate for the packet output destination based on the "virtual port ID" related to the "node device ID" of the node device 20 as the packet transmission source. Then, the distribution unit 12 outputs the input packet to the specified virtual port unit 14.

According to the present exemplary embodiment, the communication processing unit 21 of the node device 20 performs the packet distribution to the interface unit 22 on the basis of the processing rule (flow entry) and the processing instruction (the output instruction and the like), which are instructed by the node device control unit 11 of the control device 10.

The distribution unit 12 pays attention only to "from which node device 20 the packet is input" and then specifies the virtual port unit 14 serving as the output destination. Also, the distribution unit 12 pays attention only to "from which virtual port unit 14 the packet is input" and then specifies the node device 20 serving as the output destination.

<Sixth Exemplary Embodiment>
(Correspondence Relationship between Packet, Virtual Port Unit and Node Device)
The sixth exemplary embodiment of the present invention will be described below.

In the present exemplary embodiment, the control device 10 determines the output destination of the packet, on the basis of the correspondence relationship between a "packet type", a "virtual port ID" and a "node device ID".

The distribution rule storage unit 13 in the control device 10 retains a correspondence table as the distribution rule in which the header information of the packet, the virtual port unit 14 and the node device 20 are one-to-one related to each other. However, actually, the distribution rule is not limited to such the table format type, as long as the correspondence relationship can be recognized.

(Distribution Rule according to Sixth Exemplary Embodiment)
An example of the distribution rule according to the present exemplary embodiment will be described below with reference to Fig. 3F.

For example, the distribution rule stored in the distribution rule storage unit 13 has a region which indicates a "packet type", a "virtual port ID" and a "node device ID", for each record.

(Operation Based on Distribution Rule according to Sixth Exemplary Embodiment)
An example of an operation based on the distribution rule according to the present exemplary embodiment will be described below.

When a packet is input from the virtual port unit 14, the distribution unit 12 refers to the distribution rule stored in the distribution rule storage unit 13 to specify a node device 20 appropriate for the packet output destination based on the "node device ID" related to the "packet type" of the input packet and the "virtual port ID" of the virtual port unit 14. Then, the distribution unit 12 outputs, to the node device control unit 11, a message including the input packet and an instruction to output the packet to the specified node device 20.

On the other hand, when a packet is input from the node device control unit 11, the distribution unit 12 refers to the distribution rule stored in the distribution rule storage unit 13 to specify a virtual port unit 14 appropriate for the packet output destination based on the "virtual port ID" related to the "packet type" of the input packet and the "node device ID" of the node device 20 as the packet transmission source. Then, the distribution unit 12 outputs the input packet to the specified virtual port unit 14.

The distribution unit 12 pays attention to "what kind of packet is input from which node device 20" and then specifies the virtual port unit 14 serving as the output destination. Also, the distribution unit 12 pays attention to "what kind of packet is input from which virtual port unit 14" and then specifies the node device 20 serving as the output destination.

According to the present exemplary embodiment, even if the "packet types" of the input packets are the same, it is possible to output the packets to different virtual port unit 14 if the "node device IDs" of the node devices 20 of the transmission sources are different from each other. Also, even if the "virtual port IDs" of the virtual port units 14 of the input source are the same, it is also possible to output the packets to different node devices 20 if the "packet types" of the input packets are different from each other. Consequently, it is possible to carry out the distribution processing that is more complex and finer as compared with the fourth exemplary embodiment.

<Seventh Exemplary Embodiment>
(Correspondence Relationship between Virtual Port Unit and Processing Rule of Packet)
The seventh exemplary embodiment of the present invention will be described below.

In the present exemplary embodiment, the control device 10 determines the virtual port unit 14 serving as the output destination of the packet, on the basis of the correspondence relationship between a "virtual port ID" and a "processing rule ID".

The distribution rule storage unit 13 in the control device 10 retains a correspondence table as the distribution rule in which the virtual port unit 14 and the processing rule (flow entry) for the packet are one-to-one related to each other. However, actually, the distribution rule is not limited to such the table format type, as long as the correspondence relationship can be recognized.

(Distribution Rule according to Seventh Exemplary Embodiment)
An example of the distribution rule according to the present exemplary embodiment will be described with reference to Fig. 3G.

For example, the distribution rule stored in the distribution rule storage unit 13 has a region which indicates a "virtual port ID" and a "processing rule ID", for each record.

The "processing rule ID" is the region for storing identification information of the processing rule (flow entry) that is referred to when the packet is forwarded from the node device 20 to the control device 10.

For example, there is a Cookie region for temporally storing data such as assignment information and the like in a part of the packet. The node device 20 can store "64 bits identification information" as the processing rule ID for specifying the processing rule (flow entry), in this cookie region. The control device 10 can recognize and obtain the processing rule ID by referring to the Cookie region in the packet.

It should be noted that the processing rule ID is preferably unique identification information within the communication system (network). However, actually, the processing rule ID may be unique identification information within the individual node device. If the processing rule ID is the unique identification information within the individual node device, the processing rule ID may overlap between the node devices. Therefore, the node device ID may be related, added or stored in the same record.

For example, when the node device ID is related to the processing rule ID, the distribution rule stored in the distribution rule storage unit 13 has the region that indicates the "virtual port ID", the "processing rule ID" and the "node device ID", for each record.

(Operation Based on Distribution Rule according to Seventh Exemplary Embodiment)
An example of the operation based on the distribution rule according to the present exemplary embodiment will be described below.

When a packet is input from the node device control unit 11, the distribution unit 12 refers to the distribution rule stored in the distribution rule storage unit 13 to specify a virtual port unit 14 appropriate for the packet output destination based on the "virtual port ID" related to the "processing rule ID" stored in the input packet. Then, the distribution unit 12 outputs the input packet to the specified virtual port unit 14.

The present exemplary embodiment is preferably performed in combination with another exemplary embodiment (especially, the third exemplary embodiment).

<Eighth Exemplary Embodiment>
The eighth exemplary embodiment of the present invention will be described below.

According to the present exemplary embodiment, the control device carries out Layer 2 (L2) forwarding processing and Layer 3 (L3) forwarding processing. At this time, the control device distributes the received packets to the L2 forwarding processing and the L3 forwarding processing.

(Configuration of Communication System according to Eighth Exemplary Embodiment)
A configuration example of the communication system according to the present exemplary embodiment will be described below with reference to Fig. 4.

The communication system according to the present exemplary embodiment has the control device 10 and the node device 20.

(Configuration of Control Device according to Eighth Exemplary Embodiment)
A configuration example of the control device 10 according to the present exemplary embodiment will be described below.

The control device 10 according to the present exemplary embodiment has the node device control unit 11, the distribution unit 12, the distribution rule storage unit 13, the virtual port unit 14, a bridge unit 15 and a router unit 16.

The node device control unit 11, the distribution unit 12, the distribution rule storage unit 13 and the virtual port unit 14 are basically the same as those described above.

The bridge unit 15 performs the Layer 2 routing processing (L2 forwarding processing) in a second layer (data link layer, Layer 2) of seven layers in an OSI reference model. The bridge unit 15 can be achieved by an L2 forwarding function installed in software or OS (Operating System) of a computer or the like operating as the control device 10. However, actually, the bridge unit 15 is not limited to those examples.

The router unit 16 performs the Layer 3 routing processing (L3 forwarding processing) in a third layer (network layer, Layer 3) of the seven layers in the OSI reference model. The router unit 16 can be achieved by an L3 forwarding function installed in software or OS (Operating System) of a computer or the like operating as the control device 10. However, actually, the router unit 16 is not limited to those examples.

It should be noted that each of the bridge unit 15 and the router unit 16 may not exist in the same device as the node device control unit 11, the distribution unit 12, the distribution rule storage unit 13 and the virtual port unit 14. For example, each of the bridge unit 15 and the router unit 16 may be connected to the control device 10 through a network and the like.

(Connection Example of Virtual Port Unit according to Eighth Exemplary Embodiment)
Here, each of the virtual port unit 14-1, the virtual port unit 14-2 and the virtual port unit 14-3 is provided between the distribution unit 12 and the bridge unit 15 and inputs and outputs packets between the distribution unit 12 and the bridge unit 15. Also, each of the virtual port unit 14-4, the virtual port unit 14-5 and the virtual port unit 14-6 is provided between the distribution unit 12 and the router unit 16 and inputs and outputs packets between the distribution unit 12 and the router unit 16.

(Configuration of Node Device according to Eighth Exemplary Embodiment)
A configuration example of the node device 20 according to the present exemplary embodiment will be described below.

Each of the node devices 20 according to the present exemplary embodiment has the communication processing unit 21 and the interface unit 22.

The communication processing unit 21 and the interface unit 22 are basically the same as those described above.

(Operation in L2 Forwarding Processing)
The operation in the L2 forwarding processing will be described below.

The node device control unit 11 refers to the distribution rule stored in the distribution rule storage unit 13. In accordance with the content of the distribution rule, the node device control unit 11 instructs, through the control channel 30, the communication processing unit 21 of each of the node devices 20 to output (forward) the packet received by the interface unit 22 to the node device control unit 11.

When receiving the packet, the interface unit 22-11 of the node device 20-1 outputs the packet to the communication processing unit 21-1 of the node device 20-1.

When the packet is input from the interface unit 22-11, the communication processing unit 21-1 performs in accordance with the processing rule (flow entry) instructed by the node device control unit 11 of the control device 10. Mores specifically, the communication processing unit 21-1 outputs (forwards) a packet input message (Packet-In Message) which includes "the packet" and "information indicating the interface unit receiving the packet" to the node device control unit 11 of the control device 10 through the control channel 30-1.

When receiving the packet from the communication processing unit 21-1 of the node device 20-1, the node device control unit 11 of the control device 10 recognizes the control channel 30-1 used on the receipt of the packet, and specifies the node device and the interface unit of the packet transmission source. Then, the node device control unit 11 outputs, to the distribution unit 12, a message that includes "the packet" and "information indicating the specified node device and interface unit".

When the packet is input from the node device control unit 11, the distribution unit 12 refers to the distribution rule stored in the distribution rule storage unit 13 to specify the virtual port unit 14-1 as the packet output destination based on the content of the distribution rule. Then, the distribution unit 12 outputs the input packet to the specified virtual port unit 14-1.

When the packet is input from the distribution unit 12, the virtual port unit 14-1 outputs the packet to the bridge unit 15 connected thereto.

When the packet is input from the virtual port unit 14-1, the bridge unit 15 performs the L2 forwarding of the packet. As a result, the bridge unit 15 outputs the packet to the other virtual port units 14-2 and 14-3 that are connected to the bridge unit 15.

When the packet is input from the bridge unit 15, the virtual port unit 14-2 and the virtual port unit 14-3 output the packet to the distribution unit 12.

When the packet is input from the virtual port unit 14-2, the distribution unit 12 refers to the distribution rule stored in the distribution rule storage unit 13 to specify the interface unit 22-21 of the node device 20-2 as the output destination of the packet input from the virtual port unit 14-2, in accordance with the content of the distribution rule. Then, the distribution unit 12 outputs, to the node device control unit 11, a message including the input packet itself and an instruction to output the packet to the specified interface unit 22-21 of the node device 20-2.

When the above-mentioned message is input from the distribution unit 12, the node device control unit 11 transmits a packet output message (Packet-Out Message), which includes the packet itself and an instruction to output the packet to the interface unit 22-21, to the node device 20-2 through the control channel 30-2.

When receiving the above-mentioned packet output message (Packet-Out Message) from the node device control unit 11 of the control device 10, the communication processing unit 21-2 of the node device 20-2 outputs the packet included in the packet output message (Packet-Out Message) to the interface unit 22-21.

When the packet is input from the communication processing unit 21-2, the interface unit 22-21 outputs the packet to the connection destination through the data communication link.

Similarly, when the packet is input from the virtual port unit 14-3, the distribution unit 12 refers to the distribution rule stored in the distribution rule storage unit 13 to specify the interface unit 22-22 of the node device 20-2 as the output destination of the packet input from the virtual port unit 14-3, in accordance with the content of the distribution rule. Then, the distribution unit 12 outputs, to the node device control unit 11, a message including the input packet itself and an instruction to output the packet to the specified interface unit 22-22 of the node device 20-2.

When the above-mentioned message is input from the distribution unit 12, the node device control unit 11 transmits a packet output message (Packet-Out Message), which includes the packet itself and an instruction to output the packet to the interface unit 22-22, to the node device 20-2 through the control channel 30-2.

When receiving the above-mentioned packet output message (Packet-Out Message) from the node device control unit 11 of the control device 10, the communication processing unit 21-2 of the node device 20-2 outputs the packet included in the packet output message (Packet-Out Message) to the interface unit 22-22.

When the packet is input from the communication processing unit 21-2, the interface unit 22-22 outputs the packet to the connection destination through the data communication link.

According to the processing described above, even if the node device control unit 11 itself does not has the L2 forwarding function, it is possible to achieve the L2 forwarding function between the interface unit 22-11, the interface unit 22-21 and the interface unit 22-22, by using the bridge unit 15 that has the L2 forwarding function installed in the software or OS (Operating System) of the computer or the like operating as the control device 10.

(Operation in L3 Forwarding Processing)
The operation in the L3 forwarding processing will be described below.

When receiving the packet, the interface unit 22-23 of the node device 20-2 outputs the packet to the communication processing unit 21-2 of the node device 20-2.

When the packet is input from the interface unit 22-23, the communication processing unit 21-2 performs in accordance with the processing rule (flow entry) instructed by the node device control unit 11 of the control device 10. Mores specifically, the communication processing unit 21-2 outputs (forwards) a packet input message (Packet-In Message) which includes "the packet" and "information indicating the interface unit receiving the packet" to the node device control unit 11 of the control device 10 through the control channel 30-2.

When receiving the packet from the communication processing unit 21-2 of the node device 20-2, the node device control unit 11 of the control device 10 recognizes the control channel 30-2 used on the receipt of the packet, and specifies the node device and the interface unit of the packet transmission source. Then, the node device control unit 11 outputs, to the distribution unit 12, a message that includes "the packet" and "information indicating the specified node device and interface unit".

When the packet is input from the node device control unit 11, the distribution unit 12 refers to the distribution rule stored in the distribution rule storage unit 13 to specify the virtual port unit 14-4 as the packet output destination based on the content of the distribution rule. Then, the distribution unit 12 outputs the input packet to the specified virtual port unit 14-4.

When the packet is input from the distribution unit 12, the virtual port unit 14-4 outputs the packet to the router unit 16 connected thereto.

When the packet is input from the virtual port unit 14-4, the router unit 16 performs the L3 forwarding of the packet. As a result, the router unit 16 outputs the packet to the other virtual port units 14-5 and 14-6 that are connected to the router unit 16.

When the packet is input from the router unit 16, the virtual port unit 14-5 and the virtual port unit 14-6 output the packet to the distribution unit 12.

When the packet is input from the virtual port unit 14-5, the distribution unit 12 refers to the distribution rule stored in the distribution rule storage unit 13 to specify the interface unit 22-31 of the node device 20-3 as the output destination of the packet input from the virtual port unit 14-5, in accordance with the content of the distribution rule. Then, the distribution unit 12 outputs, to the node device control unit 11, a message including the input packet itself and an instruction to output the packet to the specified interface unit 22-31 of the node device 20-3.

When the above-mentioned message is input from the distribution unit 12, the node device control unit 11 transmits a packet output message (Packet-Out Message), which includes the packet itself and an instruction to output the packet to the interface unit 22-31, to the node device 20-3 through the control channel 30-3.

When receiving the above-mentioned packet output message (Packet-Out Message) from the node device control unit 11 of the control device 10, the communication processing unit 21-3 of the node device 20-3 outputs the packet included in the packet output message (Packet-Out Message) to the interface unit 22-31.

When the packet is input from the communication processing unit 21-3, the interface unit 22-31 outputs the packet to the connection destination through the data communication link.

Similarly, when the packet is input from the virtual port unit 14-6, the distribution unit 12 refers to the distribution rule stored in the distribution rule storage unit 13 to specify the interface unit 22-32 of the node device 20-3 as the output destination of the packet input from the virtual port unit 14-6, in accordance with the content of the distribution rule. Then, the distribution unit 12 outputs, to the node device control unit 11, a message including the input packet itself and an instruction to output the packet to the specified interface unit 22-32 of the node device 20-3.

When the above-mentioned message is input from the distribution unit 12, the node device control unit 11 transmits a packet output message (Packet-Out Message), which includes the packet itself and an instruction to output the packet to the interface unit 22-32, to the node device 20-3 through the control channel 30-3.

When receiving the above-mentioned packet output message (Packet-Out Message) from the node device control unit 11 of the control device 10, the communication processing unit 21-3 of the node device 20-3 outputs the packet included in the packet output message (Packet-Out Message) to the interface unit 22-32.

When the packet is input from the communication processing unit 21-3, the interface unit 22-32 outputs the packet to the connection destination through the data communication link.

According to the processing described above, even if the node device control unit 11 itself does not has the L3 forwarding function, it is possible to achieve the L3 forwarding function between the interface unit 22-23, the interface unit 22-31 and the interface unit 22-32, by using the router unit 16 that has the L3 forwarding function installed in the software or OS (Operating System) of the computer or the like operating as the control device 10.

<Ninth Exemplary Embodiment>
The ninth exemplary embodiment of the present invention will be described below.

As in the case of the L2 forwarding processing and the L3 forwarding processing in the above-described eighth exemplary embodiment, a tunneling function and an encrypting function such as GRE (Generic Routing Encapsulation) and IPSec (Security Architecture for Internet Protocol) that are installed in software or OS (Operating System) of the computer or the like operating as the control device 10 can be utilized to achieve those functions in any interface unit of the communication system. For example, let us consider a case where a "tunneling unit" and an "encryption unit" are provided instead of the "bridge unit" and the "router unit" in the above eighth exemplary embodiment.

(Configuration of Communication System according to Ninth Exemplary Embodiment)
A configuration example of the communication system according to the present exemplary embodiment will be described with reference to Fig. 5.

(Configuration of Control Device according to Ninth Exemplary Embodiment)
A configuration example of the control device 10 according to the present exemplary embodiment will be described below.

The control device 10 according to the present exemplary embodiment has the node device control unit 11, the distribution unit 12, the distribution rule storage unit 13, the virtual port unit 14, a tunneling unit 17 and an encryption unit 18.

The tunneling unit 17 performs processing (tunneling) with regard to encapsulation and decapsulation of packets. The tunneling unit 17 can be achieved by a tunneling function that is installed in software or OS (Operating System) of a computer or the like operating as the control device 10. However, actually, the tunneling unit 17 is not limited to those examples.

The encryption unit 18 performs processing (encryption processing) with regard to encryption and decryption of packets. The encryption unit 18 can be achieved by an encrypting function that is installed in software or OS (Operating System) of a computer or the like operating as the control device 10. However, actually, the encryption unit 18 is not limited to those examples.

It should be noted that each of the tunneling unit 17 and the encryption unit 18 may not exist in the same device as the node device control unit 11, the distribution unit 12, the distribution rule storage unit 13 and the virtual port unit 14. For example, each of the tunneling unit 17 and the encryption unit 18 may be connected to the control device 10 through a network and the like.

The tunneling unit 17 and the encryption unit 18 may be integrated. For example, there may be a case where the encryption function is included in the tunneling function.

(Connection Example of Virtual Port Unit according to Ninth Exemplary Embodiment)
Here, each of the virtual port unit 14-1, the virtual port unit 14-2 and the virtual port unit 14-3 is provided between the distribution unit 12 and the tunneling unit 17 and inputs and outputs packets between the distribution unit 12 and the tunneling unit 17. Also, each of the virtual port unit 14-4, the virtual port unit 14-5 and the virtual port unit 14-6 is provided between the distribution unit 12 and the encryption unit 18 and inputs and outputs packets between the distribution unit 12 and the encryption unit 18.

(Configuration of Node Device according to Ninth Exemplary Embodiment)
A configuration example of the node device 20 according to the present exemplary embodiment will be described below.

(Operation in Tunneling Processing)
An operation in the tunneling processing will be described below.

At this time, the distribution unit 12 may output the packet to any of the virtual port units 14-4 to 14-6 connected to the encryption unit 18 before outputting the packet to the specified virtual port unit 14-1. In this case, the distribution unit 12 receives an encrypted packet as a response and then outputs the encrypted packet to the specified virtual port unit 14-1. That is, the packet to be encapsulated can be encrypted in advance.

When the packet is input from the distribution unit 12, the virtual port unit 14-1 outputs the packet to the tunneling unit 17 connected thereto.

When the packet is input from the virtual port unit 14-1, the tunneling unit 17 encapsulates the input packet. Then, the tunneling unit 17 outputs the encapsulated packet to the other virtual port units 14-2 and 14-3 that are connected to the tunneling unit 17.

When the packet is input from the tunneling unit 17, the virtual port unit 14-2 and the virtual port unit 14-3 output the packet to the distribution unit 12.

At this time, the distribution unit 12 may output the packet to any of the virtual port units 14-4 to 14-6 connected to the encryption unit 18 before generating the message to be output to the node device control unit 11. In this case, the distribution unit 12 receives an encrypted packet as a response and then stores the encrypted packet in the message mentioned above. That is, it is possible to encapsulate the encrypted packet.

According to the processing described above, even if the node device control unit 11 itself does not has the tunneling function, it is possible to achieve the tunneling function between the interface unit 22-11, the interface unit 22-21 and the interface unit 22-22, by using the tunneling unit 17 that has the tunneling function installed in the software or OS (Operating System) of the computer or the like operating as the control device 10.

(Operation in Encryption Processing)
The operation in the encryption processing will be described below.

At this time, the distribution unit 12 may output the packet to any of the virtual port units 14-1 to 14-3 connected to the tunneling unit 17 before outputting the packet to the specified virtual port unit 14-4. In this case, the distribution unit 12 receives an encapsulated packet as a response and then outputs the encapsulated packet to the specified virtual port unit 14-4. That is, the packet to be encrypted can be encapsulated in advance.

When the packet is input from the distribution unit 12, the virtual port unit 14-4 outputs the packet to the encryption unit 18 connected thereto.

When the packet is input from the virtual port unit 14-4, the encryption unit 18 performs the encryption of the packet. Then, the encryption unit 18 outputs the encrypted packet to the other virtual port units 14-5 and 14-6 that are connected to the encryption unit 18.

When the packet is input from the encryption unit 18, the virtual port unit 14-5 and the virtual port unit 14-6 output the packet to the distribution unit 12.

At this time, the distribution unit 12 may output the packet to any of the virtual port units 14-1 to 14-3 connected to the tunneling unit 17 before generating the message to be output to the node device control unit 11. In this case, the distribution unit 12 receives an encapsulated packet as a response and then stores the encapsulated packet in the message mentioned above. That is, it is possible to encrypt the encapsulated packet.

According to the processing described above, even if the node device control unit 11 itself does not has the encryption function, it is possible to achieve the encryption function between the interface unit 22-23, the interface unit 22-31 and the interface unit 22-32, by using the encryption unit 18 that has the encryption function installed in the software or OS (Operating System) of the computer or the like operating as the control device 10.

<Supplement>
The "L2 forwarding processing" and the "L3 forwarding processing" are described in the above eighth exemplary embodiment, and the "tunneling processing" and the "encryption processing" are described in the above ninth exemplary embodiment. However, of course, it is possible to provide various network services other than them. At least, it is possible to use all protocols that are installed on the OS (Operating System) of the computer or the like operating as the control device. Even a protocol which is not installed in the OS (Operating System) of the computer or the like operating as the control device can be used by connecting the virtual port unit of the control device to a computer in which the said protocol is installed. Consequently, even as for the protocol that is not installed in the node device itself, the node device can utilize the protocol through the control device.

It should be noted that the node device control unit 11 can be achieved by using software obtained by modifying an arbitrary open flow controller (OFC). Specifically, the software is designed such that the setting of the processing rule (flow entry) in an arbitrary node device and the packet transmission/reception to/from an arbitrary interface unit can be externally controlled by the distribution unit 12.

As described above, it is possible as a whole system to permit, in the interface unit in the node device, coexistence and simultaneous usage of the control application based on the typical open flow and the conventional protocol installed in the software or OS (Operating System) of the computer or the like operating as the control device.

<Relation between Respective Exemplary Embodiments>
It should be noted that some of the above-described exemplary embodiments can be combined with each other as long as no contradiction occurs.

<Exemplification of Hardware>
An example of a specific hardware in order to attain the communication system according to the present invention will be described below.

As the examples of the control devices, a computer such as PC (Personal Computer), an appliance, a thin client server, a workstation, a main frame, a super computer and the like is assumed. It should be noted that the control device is not limited to the terminal or the server, and may be a relaying device or a peripheral device. Also, the control device may be an expansion board installed in a computer or the like, or a virtual machine (VM) established on a physical machine.

As the examples of the node devices, a computer is considered which has a network switch, a router, a proxy, a gateway, a firewall, a load balancer (load dispersion device), a band control device (packet shaper), a security monitoring control device (SCADA: Supervisory Control And Data Acquisition), a gatekeeper, a base station, an access point (AP), a communication satellite (CS), or a plurality of communication ports. Also, a virtual switch that is achieved by the virtual machine (VM) established on the physical machine may be used.

Each of the control device and the node device may be installed in a moving body such as a car, a ship, an airplane and the like.

Although not shown, each of the control device and the control device is achieved by using: a processor that is driven on the basis of a program and carrying out predetermined processes; a memory for storing the program and various data; and an interface used to communicate with the network.

As the examples of the above processor, CPU (Central Processing Unit), a network processor (NP), a microprocessor, a microcontroller, or a large scale integrated circuit (LSI) having a dedicated function and the like are considered.

As the examples of the above memory, a semiconductor storage device such as RAM (Random Access Memory), ROM (Read Only Memory), EEPROM (Electrically Erasable and Programmable Read Only Memory), a flash memory and the like, an auxiliary storage device such as HDD (Hard Disk Drive), SSD (Solid State Drive) and the like, a removable disk such as DVD (Digital Versatile Disk) and the like, a storage medium such as an SD memory card (Secure Digital memory card) and the like are considered. Also, a buffer, a register and the like may be used. Or, a storage device that uses DAS (Direct Attached Storage), FC-SAN (Fibre Channel - Storage Area Network), NAS (Network Attached Storage), IP - SAN (IP - Storage Area Network) and the like may be used.

It should be noted that the above processor and the above memory may be integrated. For example, in recent years, the structure of one chip such as a microcomputer is progressed. Thus, an example in which one chip microcomputer installed in an electronic equipment or the like has the above process and the above memory is also considered.

Also, as the examples of the above interface, a semiconductor integrated circuit such as a board (a mother board, an I/O board) and a chip that correspond to a network communication, a network adaptor such as NIC (Network Interface Card) and the like, a similar expansion card, a communication device such as an antenna and the like, a communication port such as a connection port (connector) and the like are considered.

Also, as the examples of the network, the Internet, LAN (Local Area Network), a wireless LAN, WAN (Wide Area Network), a backbone, a cable television (CATV) line, a fixed telephone network, a mobile telephone network, WiMAX (IEEE 802.16a), 3G (3rd Generation), a dedicated line (lease line), IrDA (Infrared Data Association), Bluetooth (Registered Trademark), a serial communication line, a data bus and the like are considered.

It should be noted that the configuration elements inside each of the control device and the control device may be modules and components, or dedicated devices, or a starting (calling) program for them.

However, actually, they are not limited to those examples.

<Feature of Present Invention>
As mentioned above, in the present invention, in the network that is established by using the open flow technique, it is possible to again use the routing protocol, the tunneling protocol and the like, which are installed on the OS (Operating System) of the computer or the like operating as the control device.

Also, between the plurality of control devices, it is possible to carry out the communication in which the conventional communication method such as TCP/IP and the like is used.

Specifically, the communication system according to the present invention includes the control device and the plurality of node devices controlled by the control device through the control channel.

The node device includes one or more interface units, which are connected to the terminal device and the different node device and transmit and receive the packet, and the communication processing unit for carrying out the process of the packet to be transmitted/received.

The control device includes: one or more virtual port units that enable the OS (Operating System) of the computer or the like operating as the control device to transmit and receive the packet; the node device control unit for controlling the respective node devices; the distribution rule storage unit for holding the correspondence relationship between the virtual port unit and the interface unit; and the distribution unit for carrying out the distribution judgment and control of the packet between the virtual port unit and the interface unit.

The virtual port unit, when receiving the packet from the OS (Operating System), outputs the packet to the distribution unit.

The distribution unit, when the packet is input, refers to the distribution rule storage unit and judges the interface unit from which the packet is transmitted, and then outputs the judgment result and the packet to the node device control unit.

The node device control unit selects the suitable control channel on the basis of the judgment and transmits the message of outputting the packet to the interface unit, through the control channel.

The communication processing unit in the node device, when receiving the above message, transmits the packet from the specified interface unit.

On the contrary, the interface unit in the node device, when receiving the packet, outputs the packet to the communication processing unit.

The communication processing unit outputs the packet to the node device control unit through the control channel, on the basis of the processing rule (flow entry) specified by the node device control unit in advance.

The node device control unit, if the packet received from the communication processing unit through the control channel is the packet to be output to the virtual port unit, outputs the packet to the distribution unit.

The distribution unit, when the packet is input, refers to the distribution rule storage unit, selects the virtual port unit of the suitable output destination and outputs the packet to the selected virtual port unit.

The virtual port unit, when the packet is input, outputs the packet to the OS (Operating System).

The OS (Operating System) processes the packet.

(First Effect)
The first effect lies in the fact that it is possible to again use the routing protocol, the tunneling protocol and the like, which are installed on the OS (Operating System) of the computer or the like operating as the control device.

Its reason is such that, since the packet that is transmitted/received to/from the interface unit is forwarded to the virtual port unit, the OS (Operating System) can recognize as if the interface unit in the node device serves as the network interface in the control device.

(Second Effect)
The second effect lies in the fact that between the plurality of control devices, it is possible to carry out the communication in which the conventional communication method such as TCP/IP and the like is used.

Its reason is such that, since the packet that is transmitted/received to/from the interface unit is forwarded to the virtual port unit, it is possible to attain a situation in which the virtual port unit in a certain control device is directly connected to the virtual port unit in a different control device, when the interface unit in the node device controlled by each control device is connected through a communication line to the interface unit in the node device controlled by the different control device.

<Supplementary Note>
A part or all of the above-mentioned exemplary embodiments can be described as indicated in the following Supplementary Notes. However, actually, they are not limited to the following description examples.

(Supplementary Note 1)
A communication system in which a control device performs a centralized control on one or more node devices arranged in a network through a control channel,
wherein the control device has one or more virtual port units each of which transmits and receives a packet, a distribution rule storage unit for holding a distribution rule of the packet, a distribution unit for specifying a distribution destination of the packet, and a node device control unit for controlling the node device,
the node device has one or more interface units each of which transmits and receives the packet,
the distribution rule storage unit holds one or more distribution rules of the packet and retrieves and replies the distribution rules in response to a reference request,
the distribution unit specifies a forwarding destination of the packet, which is transmitted/received between the interface unit and the virtual port unit, in accordance with the distribution rule that is gotten by referring to the distribution rule storage unit, and
the node device control unit individually sets the control channel between the respective node devices, and manages a correspondence relationship between the control channel and the node device and information of the interface unit contained by the node device, and when the control of the arbitrary node device and the control of the arbitrary interface unit are requested, specifies the control channel that can control the requested node device, and this is used to carry out the requested control, or when a notification from the control channel is received, specifies the node device or interface unit that carries out the notification.

(Supplementary Note 2)
(the virtual port unit --> the interface unit, the virtual port unit and the interface unit are one-to-one related to each other)
The communication system described in the Supplementary Note 1 wherein the node device has a node device identifier that enables this to be identified inside the communication system,
the interface unit has a physical port identifier that enables this to be identified inside at least the node device,
the virtual port unit has a virtual port identifier that enables this to be identified inside at least the control device,
the distribution rule storage unit holds one or more arbitrary classes of the virtual port identifier, the node device identifier and the physical port identifier, as the distribution rule,
the virtual port unit, when receiving the packet, outputs a first message, which includes the packet and the virtual port identifier of the virtual port unit, to the distribution unit,
the distribution unit, when the first message is input, refers to the distribution rule storage unit and specifies the class of the node device identifier corresponding to the virtual port identifier included in the first message and the physical port identifier, and outputs a second message, which includes the packet included in the first message and a class of the specified node device identifier and physical port identifier, to the node device control unit,
the node device control unit, when the second packet is input, specifies the control channel that can control the node device corresponding to the node device identifier included in the second message, and outputs a third message, which includes the physical port identifier included in the second message and the packet, to the specified control channel, and
the node device, when the third message is input through the control channel, transmits the packet included in the third message, from the interface unit corresponding to the physical port identifier included in the third message.

(Supplementary Note 3) (the virtual port unit --> the interface unit, the virtual port unit has no relation, and a header and the interface unit are one-to-one related to each other)
The communication system described in the Supplementary Note 1 wherein the node device has a node device identifier that enables this to be identified inside the communication system,
the interface unit has a physical port identifier that enables this to be identified inside at least the node device,
the distribution rule storage unit holds one or more arbitrary classes of a packet header condition, the node device identifier and the physical port identifier, as the distribution rule,
the virtual port unit, when receiving the packet, outputs a first message, which includes the packet, to the distribution unit,
the distribution unit, when the first message is input, refers to the distribution rule storage unit and specifies a class of the node device identifier corresponding to the header of the packet included in the first message and the physical port identifier, and outputs a second message, which includes the packet included in the first message and the class of the specified node device identifier and physical port identifier, to the node device control unit,
the node device control unit, when the second packet is input, specifies the control channel that can control the node device corresponding to the node device identifier included in the second message, and outputs a third message, which includes the physical port identifier and the packet that are included in the second message, to the specified control channel, and
the node device, when the third message is input through the control channel, transmits the packet included in the third message, from the interface unit corresponding to the physical port identifier included in the third message.

(Supplementary Note 4)
(the virtual port unit --> he interface unit, the virtual port unit & header and the interface unit are one-to-one related to each other)
The communication system described in the Supplementary Note 3 wherein the virtual port unit has the virtual port identifier that enables this to be identified inside at least the control device,
the distribution rule storage unit holds one or more arbitrary classes of the virtual port identifier, the packet header condition, the node device identifier and the physical port identifier, as the distribution rule,
the virtual port unit, when receiving the packet, outputs a first message, which includes the packet and the virtual port identifier of the virtual port unit, to the distribution unit, and
the distribution unit refers to the distribution rule storage unit and specifies a class of the header of the packet and the node device identifier and the physical port identifier that correspond to the virtual port identifier, which are included in the first message.

(Supplementary Note 5)
(the virtual port unit --> the interface unit, the virtual port unit has no relation and the node device also has no relation, and a simultaneous output, a judgment is entrusted to the node device)
The communication system described in the Supplementary Note 1, wherein the node device has a node device identifier that enables this to be identified inside the communication system and has a communication processing unit for forwarding the packet,
the distribution rule storage unit holds one or more of the arbitrary node device identifiers as the distribution rule,
the virtual port unit, when receiving the packet, transmits a first message, which includes the packet, to the distribution unit,
the distribution unit, when the first message is input, refers to the distribution rule storage unit, and specifies one or more of the node device identifiers, and outputs a second message, which includes the packet included in the first message and a class of the specified one or more node device identifiers, to the node device control unit,
the node device control unit, when the second packet is input, specifies the control channels that can control the node devices corresponding to the one or more node device identifiers, respectively, which are included in the second message, and outputs a third message, which includes the packet included in the second message, to the specified respective control channels,
the node device, when the third message is input through the control channel, outputs the packet included in the third message, to the communication processing unit, and
the communication processing unit, when the packet is input, processes the packet in accordance with a pre-specified arbitrary processing rule.

(Supplementary Note 6)
(the interface unit --> the virtual port unit, the node device & interface unit and the virtual port unit are one-to-one related to each other)
The communication system described in the Supplementary Note 1 wherein the node device has a node device identifier that enables this to be identified inside the communication system,
the interface unit has a physical port identifier that enables this to be identified inside at least the node device,
the virtual port unit has a virtual port identifier that enables this to be identified inside at least the control device,
the distribution rule storage unit holds one or more arbitrary classes of the virtual port identifier, the node device identifier and the physical port identifier, as the distribution rule,
the interface unit, when receiving the packet, outputs a fourth message, which includes the packet and the physical port identifier representing the interface unit, to the control channel,
the node device control unit, when the fourth message is input through the control channel, specifies the node device correlated to the control channel, and outputs a fifth message, which includes the packet and the physical port identifier that are included in the fourth message, and the node device identifier representing the specified node device, to the distribution unit,
the distribution unit, when the fifth message is input, refers to the distribution rule storage unit and specifies the virtual port identifier, which corresponds to the physical port identifier and the node device identifier that are included in the fifth message, and outputs a sixth message, which includes the packet included in the fifth message, to the virtual port unit corresponding to the specified virtual port identifier, and
the virtual port unit, when the sixth message is input, transmits the packet included in the sixth message.

(Supplementary Note 7) (the interface unit --> the virtual port unit, the node device and the interface unit have no relation, a processing rule number and the virtual port unit are one-to-one related to each other)
The communication system described in the Supplementary Note 1 wherein the node device has a node device identifier that enables this to be identified inside the communication system, and has a communication processing unit for forwarding the packet,
the interface unit has a physical port identifier that enables this to be identified inside at least the node device,
the virtual port unit has a virtual port identifier that enables this to be identified inside at least the control device,
the distribution rule storage unit holds one or more arbitrary classes of the virtual port identifier and a processing rule number, as the distribution rule,
the interface unit, when receiving the packet, outputs a seventh message, which includes the packet and the physical port identifier representing the interface unit, to the communication processing unit,
the communication processing unit, when the seventh message is input, carries out a process for the seventh message in accordance with a pre-specified arbitrary processing rule, and if the coincident processing rule involves the output to the control channel, outputs a fourth message, which includes the corresponding processing rule number and the packet included in the seventh message, to the control channel,
the node device control unit, when the fourth message is input through the control channel, outputs a fifth message, which includes the packet and the processing rule number that are included in the fourth message, to the distribution unit,
the distribution unit, when the fifth message is input, refers to the distribution rule storage unit and specifies the virtual port identifier corresponding to the processing rule number included in the fifth message, and outputs a sixth message, which includes the packet included in the fifth message, to the virtual port unit corresponding to the specified virtual port identifier, and
the virtual port unit, when the sixth message is input, transmits the packet included in the sixth message.

(Supplementary Note 8) (the interface unit --> the virtual port unit, the interface unit has no relation, the node device & processing rule number and the virtual port unit are one-to-one related to each other)
The communication system described in the Supplementary Note 7, wherein the distribution rule storage unit holds one or more arbitrary classes of the virtual port identifier, the processing rule number and the node device identifier, as the distribution rule,
the node device control unit, when the fourth message is input through the control channel, specifies the node device correlated to the control channel, and outputs a fifth message, which further includes the node device identifier representing the specified node device, to the distribution unit, and
the distribution unit refers to the distribution rule storage unit and specifies the virtual port identifier that corresponds to a class of the processing rule number and the node device identifier, which are included in the fifth message.

(Supplementary Note 9) (the interface unit --> the virtual port unit, the node device & interface unit & processing rule number and the virtual port unit are one-to-one related to each other)
The communication system described in the Supplementary Note 8, wherein the distribution rule storage unit holds one or more arbitrary classes of the virtual port identifier, the processing rule number, the node device identifier and the physical port identifier, as the distribution rule,
the communication processing unit outputs a fourth message, which further includes the physical port identifier included in the seventh message, to the control channel,
the node device control unit outputs a fifth message, which further includes the physical port identifier included in the fourth message, to the distribution unit, and
the distribution unit refers to the distribution rule storage unit and specifies the virtual port identifier corresponding to a class of the processing rule number, the node device identifier and the physical port identifier, which are included in the fifth message.

(Supplementary Note 10)
(the interface unit --> the virtual port unit, the interface unit has no relation, the header and the virtual port unit are one-to-one related to each other)
The communication system described in the Supplementary Note 1, wherein the virtual port unit has a virtual port identifier that enables this to be identified inside at least the control device,
the distribution rule storage unit has one or more arbitrary classes of a packet header condition and the virtual port identifier, as the distribution rule,
the interface unit, when receiving the packet, outputs a fourth message, which includes the packet, to the control device,
the node device control unit, when the fourth message is input through the control channel, outputs a fifth message, which includes the packet included in the fourth message, to the distribution unit,
the distribution unit, when the fifth message is input, refers to the distribution rule storage unit and specifies the virtual port identifier corresponding to the header of the packet included in the fifth message, and outputs a sixth message, which includes the packet included in the fifth message, to the virtual port unit corresponding to the specified virtual port identifier, and
the virtual port unit, when the sixth message is input, transmits the packet included in the sixth message.

(Supplementary Note 11)
(the interface unit --> the virtual port unit, the interface unit & header and the virtual port unit are one-to-one related to each other)
The communication system described in the Supplementary Note 10, wherein the interface unit has a physical port identifier that enables this to be identified inside at least the node device,
the distribution rule storage unit has one or more arbitrary classes of the packet header condition, the physical port identifier and the virtual port identifier, as the distribution rule,
the interface unit, when receiving the packet, outputs a fourth message, which includes the packet and the physical port identifier representing the interface unit, to the control device,
the node device control unit outputs a fifth message, which further includes the physical port identifier included in the fourth message, to the distribution unit, and
the distribution unit refers to the distribution rule storage unit and specifies the virtual port identifier that corresponds to a class of the header of the packet and the physical port identifier, which are included in the fifth message.

(Supplementary Note 12) (the interface unit --> the virtual port unit, the node device & interface unit & header and the virtual port unit are one-to-one related to each other)
The communication system described in the Supplementary Note 11, wherein the node device has a node device identifier that enables this to be identified inside the communication system,
the distribution rule storage unit has one or more arbitrary classes of the packet header condition, the node device identifier, the physical port identifier and the virtual port identifier, as the distribution rule,
the node device control unit, when the fourth message is input through the control channel, specifies the node device correlated to the control channel, and outputs a fifth message, which further includes the node device identifier representing the specified node device, to the distribution unit, and
the distribution unit refers to the distribution rule storage unit and specifies the virtual port identifier that corresponds to a class of the header of the packet, the node device identifier and the physical port identifier, which are included in the fifth message.

(Supplementary Note 13) (Layer 3 Routing)
The communication system described in any of the Supplementary Notes 1 to 12, wherein the control device has one or more router units each of which carries out the layer 3 routing, and
the router unit is connected to the two or more virtual port units.

(Supplementary Note 14) (Layer 2 Routing)
The communication system described in any of the Supplementary Notes 1 to 12, wherein the control device has one or more switching units each of which carries out the layer 2 routing, and
the switching unit is connected to the two or more virtual port units.

(Supplementary Note 15) (Tunneling)
The communication system described in any of the Supplementary Notes 1 to 12, wherein the control device has one or more tunneling units each of which carries out a tunneling operation, and
the tunneling unit is connected to the two or more virtual port units.

(Supplementary Note 16) (Service inside Common Device)
The communication system described in any of the Supplementary Notes 1 to 12, wherein the control device has one or more service units each of which carries out a service, and
the service unit is connected to the one or more virtual port units.

(Supplementary Note 17) (Open Flow)
The communication system described in any of the Supplementary Notes 1 to 12, wherein the node device control unit is achieved by the software of an open flow controller,
the node device is achieved by an open flow switch, and
the control channel is achieved by an open flow protocol.

(Supplementary Note 18) (Open Flow Protocol)
The communication system described in the Supplementary Note 17, wherein the communication device identifier is a data path ID of the open flow protocol,
the third message is a packet output message (Packet - Out Message) of the open flow protocol,
the fourth message is a packet input message (Packet - In Message) of the open flow protocol, and
the processing rule number is a cookie of the open flow protocol.

(Supplementary Note 19) (Virtual Network Device)
The communication system described in any of the Supplementary Notes 1 to 12, wherein the virtual port unit is the virtual network device.

(Supplementary Note 20) (Packet)
The communication system described in any of the Supplementary Notes 1 to 12, wherein the packet includes the Ethernet (Registered Trademark) frame or IP (Internet protocol) packet, and
the header includes the Ethernet (Registered Trademark) header, an IP header, a TCP and UDP (User Datagram Protocol) header.

<Remark>
As mentioned above, the exemplary embodiments of the present invention have been described in detail. However, actually, they are not limited to the above-mentioned exemplary embodiments. Even the modification in a range without departing from the spirit and scope of the present invention is included in the present invention.

This application is based upon and claims the benefit of priority from Japanese patent application No. 2012-068285, filed on March 23, 2012, the disclosure of which is incorporated herein in its entirety by reference.

Claims

A communication system comprising:
a node device configured to forward packets; and
a control device configured to control packet forwarding processing by said node device,
wherein said control device comprises a virtual port therein and uses said virtual port to perform forwarding processing with respect to a packet received from said node device and output said received packet to a forwarding destination of said received packet.
The communication system according to claim 1,
wherein said node device is connected to a network through an interface,
said control device and said node device are connected to each other through a control channel, and
said control device performs communication between said virtual port and said interface through said control channel.
The communication system according to claim 2,
wherein said control device relates said virtual port to said interface, specifies said virtual port as an output destination of a packet input from said interface, and specifies said interface as an output destination of a packet input from said virtual port.
The communication system according to claim 2,
wherein said control device relates a first packet to said virtual port, and specifies, when said first packet is input thereto, said virtual port as an output destination of said input first packet.
The communication system according to claim 2,
wherein said control device relates a second packet to said interface, and specifies, when said second packet is input thereto, said interface as an output destination of said input second packet.
The communication system according to claim 2,
wherein said control device relates a third packet to said virtual port and said interface, specifies said virtual port as an output destination of said third packet input from said interface, and specifies said interface as an output destination of said third packet input from said virtual port.
The communication system according to claim 2,
wherein said control device relates said virtual port to said node device, specifies said virtual port as an output destination of a packet input from said node device, and specifies said node device as an output destination of a packet input from said virtual port.
The communication system according to claim 2,
wherein said control device relates a fourth packet to said virtual port and said node device, specifies said virtual port as an output destination of said fourth packet input from said node device, and specifies said node device as an output destination of said fourth packet input from said virtual port.
The communication system according to claim 2,
wherein said node device is notified of a processing rule for handling packets from said control device,
wherein when forwarding a packet to said control device in accordance with said notified processing rule, said node device adds information indicating said processing rule to the forwarding packet, and
wherein said control device relates said virtual port to said processing rule, and specifies, when a packet having said information indicating said processing rule is input thereto, said virtual port as an output destination of said input packet.
The communication system according to claim 2,
wherein said virtual port is connected to a processing unit performing Layer-2 forwarding, and
said node device performs Layer-2 forwarding at said interface through said virtual port.
The communication system according to claim 2,
wherein said virtual port is connected to a processing unit performing Layer-3 forwarding, and
said node device performs Layer-3 forwarding at said interface through said virtual port.
The communication system according to claim 2,
wherein said virtual port is connected to a processing unit performing tunneling, and
said node device performs tunneling at said interface through said virtual port.
The communication system according to claim 2,
wherein said virtual port is connected to a processing unit performing packet encryption, and
said node device performs packet encryption at said interface through said virtual port.
The communication system according to claim 2,
wherein said virtual port is connected to a processing unit performing protocol processing that is not installed in said node device, and
said node device performs said protocol processing at said interface through said virtual port.
The communication system according to claim 2,
wherein said virtual port is connected to a processing unit providing a network service, and
said node device utilizes said network service through said virtual port.
A control device comprising:
a virtual port; and
a control unit configured to control packet forwarding processing by a node device,
wherein said control unit uses said virtual port to perform forwarding processing with respect to a packet received from said node device and output said received packet to a forwarding destination of said received packet.
The control device according to claim 16,
wherein said node device is connected to a network through an interface,
said control unit and said node device are connected to each other through a control channel, and
said control unit performs communication between said virtual port and said interface through said control channel.
The control device according to claim 17,
wherein said control unit relates said virtual port to said interface, specifies said virtual port as an output destination of a packet input from said interface, and specifies said interface as an output destination of a packet input from said virtual port.
The control device according to claim 17,
wherein said control unit relates a first packet to said virtual port, and specifies, when said first packet is input thereto, said virtual port as an output destination of said input first packet.
The control device according to claim 17,
wherein said control unit relates a second packet to said interface, and specifies, when said second packet is input thereto, said interface as an output destination of said input second packet.
The control device according to claim 17,
wherein said control unit relates a third packet to said virtual port and said interface, specifies said virtual port as an output destination of said third packet input from said interface, and specifies said interface as an output destination of said third packet input from said virtual port.
The control device according to claim 17,
wherein said control unit relates said virtual port to said node device, specifies said virtual port as an output destination of a packet input from said node device, and specifies said node device as an output destination of a packet input from said virtual port.
The control device according to claim 17,
wherein said control unit relates a fourth packet to said virtual port and said node device, specifies said virtual port as an output destination of said fourth packet input from said node device, and specifies said node device as an output destination of said fourth packet input from said virtual port.
The control device according to claim 17,
wherein said node device is notified of a processing rule for handling packets from said control device,
wherein when forwarding a packet to said control device in accordance with said notified processing rule, said node device adds information indicating said processing rule to the forwarding packet, and
wherein said control unit relates said virtual port to said processing rule, and specifies, when a packet having said information indicating said processing rule is input thereto, said virtual port as an output destination of said input packet.
A communication method executed by a control device,
wherein said control device controls packet forwarding processing by a node device and comprises a virtual port,
wherein the communication method comprises:
using said virtual port to perform forwarding processing with respect to a packet received from said node device; and
outputting said received packet to a forwarding destination of said received packet.
The communication method according to claim 25,
wherein said node device is connected to a network through an interface, and
said control device and said node device are connected to each other through a control channel,
wherein the communication method further comprises:
performing communication between said virtual port and said interface through said control channel.
The communication method according to claim 26, further comprising:
relating said virtual port to said interface;
specifying said virtual port as an output destination of a packet input from said interface; and
specifying said interface as an output destination of a packet input from said virtual port.
The communication method according to claim 26, further comprising:
relating a first packet to said virtual port; and
specifying, when said first packet is input, said virtual port as an output destination of said input first packet.
The communication method according to claim 26, further comprising:
relating a second packet to said interface; and
specifying, when said second packet is input, said interface as an output destination of said input second packet.
The communication method according to claim 26, further comprising:
relating a third packet to said virtual port and said interface;
specifying said virtual port as an output destination of said third packet input from said interface; and
specifying said interface as an output destination of said third packet input from said virtual port.
The communication method according to claim 26, further comprising:
relating said virtual port to said node device;
specifying said virtual port as an output destination of a packet input from said node device; and
specifying said node device as an output destination of a packet input from said virtual port.
The communication method according to claim 26, further comprising:
relating a fourth packet to said virtual port and said node device;
specifying said virtual port as an output destination of said fourth packet input from said node device; and
specifying said node device as an output destination of said fourth packet input from said virtual port.
The communication method according to claim 26,
wherein said node device is notified of a processing rule for handling packets from said control device,
wherein when forwarding a packet to said control device in accordance with said notified processing rule, said node device adds information indicating said processing rule to the forwarding packet, and
wherein the communication method further comprises:
relating said virtual port to said processing rule; and
specifying, when a packet having said information indicating said processing rule is input, said virtual port as an output destination of said input packet.
A program recorded on a computer-readable medium that, when executed, causes a control device to perform a communication method,
wherein said control device controls packet forwarding processing by a node device and comprises a virtual port,
wherein the communication method comprises:
using said virtual port to perform forwarding processing with respect to a packet received from said node device; and
outputting said received packet to a forwarding destination of said received packet.
The program according to claim 34,
wherein said node device is connected to a network through an interface, and
said control device and said node device are connected to each other through a control channel,
wherein the communication method further comprises:
performing communication between said virtual port and said interface through said control channel.
The program according to claim 35,
wherein the communication method further comprises:
relating said virtual port to said interface;
specifying said virtual port as an output destination of a packet input from said interface; and
specifying said interface as an output destination of a packet input from said virtual port.
The program according to claim 35,
wherein the communication method further comprises:
relating a first packet to said virtual port; and
specifying, when said first packet is input, said virtual port as an output destination of said input first packet.
The program according to claim 35,
wherein the communication method further comprises:
relating a second packet to said interface; and
specifying, when said second packet is input, said interface as an output destination of said input second packet.
The program according to claim 35,
wherein the communication method further comprises:
relating a third packet to said virtual port and said interface;
specifying said virtual port as an output destination of said third packet input from said interface; and
specifying said interface as an output destination of said third packet input from said virtual port.
The program according to claim 35,
wherein the communication method further comprises:
relating said virtual port to said node device;
specifying said virtual port as an output destination of a packet input from said node device; and
specifying said node device as an output destination of a packet input from said virtual port.
The program according to claim 35,
wherein the communication method further comprises:
relating a fourth packet to said virtual port and said node device;
specifying said virtual port as an output destination of said fourth packet input from said node device; and
specifying said node device as an output destination of said fourth packet input from said virtual port.
The program according to claim 35,
wherein said node device is notified of a processing rule for handling packets from said control device,
wherein when forwarding a packet to said control device in accordance with said notified processing rule, said node device adds information indicating said processing rule to the forwarding packet, and
wherein the communication method further comprises:
relating said virtual port to said processing rule; and
specifying, when a packet having said information indicating said processing rule is input, said virtual port as an output destination of said input packet.