U.S. patent application number 16/529245 was filed with the patent office on 2020-01-23 for communication terminal, communication method, and program.
This patent application is currently assigned to NEC Corporation. The applicant listed for this patent is NEC Corporation. Invention is credited to Takahiro IIHOSHI, Shuichi KARINO, Akira TSUJI.
Application Number | 20200028778 16/529245 |
Document ID | / |
Family ID | 47914369 |
Filed Date | 2020-01-23 |
![](/patent/app/20200028778/US20200028778A1-20200123-D00000.png)
![](/patent/app/20200028778/US20200028778A1-20200123-D00001.png)
![](/patent/app/20200028778/US20200028778A1-20200123-D00002.png)
![](/patent/app/20200028778/US20200028778A1-20200123-D00003.png)
![](/patent/app/20200028778/US20200028778A1-20200123-D00004.png)
![](/patent/app/20200028778/US20200028778A1-20200123-D00005.png)
![](/patent/app/20200028778/US20200028778A1-20200123-D00006.png)
![](/patent/app/20200028778/US20200028778A1-20200123-D00007.png)
![](/patent/app/20200028778/US20200028778A1-20200123-D00008.png)
![](/patent/app/20200028778/US20200028778A1-20200123-D00009.png)
![](/patent/app/20200028778/US20200028778A1-20200123-D00010.png)
View All Diagrams
United States Patent
Application |
20200028778 |
Kind Code |
A1 |
IIHOSHI; Takahiro ; et
al. |
January 23, 2020 |
COMMUNICATION TERMINAL, COMMUNICATION METHOD, AND PROGRAM
Abstract
[Problem] A plurality of control devices cannot control a
communication terminal. [Means for solving the problem] The
communication terminal of the present invention, which is
controlled by a control device, includes a first storage means for
associating information identifying a packet with processing of the
packet and storing it as an entry, a searching means for searching
to processing corresponding to a received packet from the first
storage means, and an inquiry means for determining the control
device of which is inquired, based on the entry corresponding to
the received packet, the entry being stored in the first storage
means, if the searched processing is the inquiry to the control
device, and for performing the inquiry addressed to the determined
control device.
Inventors: |
IIHOSHI; Takahiro; (Tokyo,
JP) ; KARINO; Shuichi; (Tokyo, JP) ; TSUJI;
Akira; (Tokyo, JP) |
|
Applicant: |
Name |
City |
State |
Country |
Type |
NEC Corporation |
Tokyo |
|
JP |
|
|
Assignee: |
NEC Corporation
Tokyo
JP
|
Family ID: |
47914369 |
Appl. No.: |
16/529245 |
Filed: |
August 1, 2019 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
14346952 |
Mar 24, 2014 |
10412001 |
|
|
PCT/JP2012/073387 |
Sep 6, 2012 |
|
|
|
16529245 |
|
|
|
|
Current U.S.
Class: |
1/1 |
Current CPC
Class: |
H04W 24/08 20130101;
H04L 45/42 20130101; H04L 45/72 20130101; H04L 45/38 20130101 |
International
Class: |
H04L 12/721 20060101
H04L012/721; H04L 12/717 20060101 H04L012/717; H04W 24/08 20060101
H04W024/08 |
Foreign Application Data
Date |
Code |
Application Number |
Sep 22, 2011 |
JP |
2011-207659 |
Claims
1-40. (canceled)
41. A switch configured to process a packet, comprising: a memory
storing program instructions; and a processor configured to execute
the program instructions to: receive a request for controlling the
switch from one of a plurality of controllers configured to control
the switch; access control information corresponding to the
request, based on authority information corresponding to each of
the plurality of controllers, wherein the authority information
represents an authority to control the switch.
42. The switch according to claim 41, wherein the processor is
further configured to execute the program instructions to identify
whether the one of the plurality of controllers is authorized,
based on the authority information.
43. The switch according to claim 41, wherein the processor is
further configured to execute the program instructions to read the
control information corresponding to the request, based on the
authority information corresponding to each of the plurality of
controllers.
44. The switch according to claim 41, wherein the processor is
further configured to execute the program instructions to modify
the control information corresponding to the request, based on the
authority information corresponding to each of the plurality of
controllers.
45. The switch according to claim 41, wherein the control
information includes a matching rule for identifying a flow of the
packet, and an action for processing the packet.
46. The switch according to claim 41, wherein the plurality of
controllers control the switch with OpenFlow protocol.
47. A communication system comprising: a switch configured to
process a packet; and a plurality of controllers configured to
control the switch, wherein the switch comprises: a memory
configured to store program instructions; and a processor
configured to execute the program instructions to: receive a
request for controlling the switch from one of the plurality of
controllers; and access a control information corresponding to the
request, based on an authority information corresponding to each of
the plurality of controllers, wherein the authority information
represents an authority to control the switch.
48. The communication system according to claim 47, wherein the
processor is further configured to execute the program instructions
to identify whether the one of the plurality of controllers is
authorized, based on the authority information.
49. The communication system according to claim 47, wherein the
processor is further configured to execute the program instructions
to read the control information corresponding to the request, based
on the authority information corresponding to each of the plurality
of controllers.
50. The communication system according to claim 47, wherein the
processor is further configured to execute the program instructions
to modify the control information corresponding to the request,
based on the authority information corresponding to each of the
plurality of controllers.
51. The communication system according to claim 47, wherein the
control information includes a matching rule for identifying a flow
of the packet, and an action for processing the packet.
52. The communication system according to claim 47, wherein the
plurality of controllers control the switch with OpenFlow
protocol.
53. A method for processing a packet, comprising: receiving a
request for controlling a switch from one of a plurality of
controllers configured to control the switch, wherein the switch is
configured to process a packet; accessing control information
corresponding to the request, based on authority information
corresponding to each of the plurality of controllers, wherein the
authority information represents an authority to control the
switch.
54. The method according to claim 53, further comprising:
identifying whether the one of the plurality of controllers is
authorized, based on the authority information.
55. The method according to claim 53, further comprising: reading
the control information corresponding to the request, based on the
authority information corresponding to each of the plurality of
controllers.
56. The method according to claim 53, further comprising: modifying
the control information corresponding to the request, based on the
authority information corresponding to each of the plurality of
controllers.
57. The method according to claim 53, wherein the control
information includes a matching rule for identifying a flow of the
packet, and an action for processing the packet.
58. The method according to claim 53, wherein the plurality of
controllers control the switch with OpenFlow protocol.
Description
TECHNICAL FIELD
[0001] The invention relates to a communication terminal,
communication method, and a program which connects with a
network.
BACKGROUND ART
[0002] In recent years, an OpenFlow technology has been disclosed.
Non Patent Document 1, Non Patent Document 2, Patent Document 1,
and Patent Document 2 describe the OpenFlow. In the OpenFlow, a
communication method between an OpenFlow Switch (hereinafter
referred to as OFS) function and an OpenFlow Controller
(hereinafter referred to as OFC), which is a control device
thereof, is defined. The OFS and the OFC are connected with each
other through a control path which is called a secure channel. The
OFS is controlled by a single OFC.
[0003] The OFS includes a flow table therein. In the flow table, at
least a set of a header field for identifying a packet flow and
processing of the packet is registered as an entry. The header
field for identifying a packet flow is called a matching rule. The
header field is composed of a plurality of tuples, each of which
can designate a wildcard. If the wild card is designated, a range
of the flow can be represented as a group. For example, suppose
that a transmission source IP (Internet Protocol) address of a
header field of a certain entry is designated, and the other tuples
are set to wildcards. At the time, the set entry represents a group
of all flows transmitted from the designated IP address. All
packets transmitted from the designated IP address corresponds to
the set entry regardless of the address.
[0004] The processing of the packet is called an action. The action
includes at least transfer to the designated port, transfer to the
OFC, turnover transfer to an input port, abandonment, and the like.
The transfer to the designated port is used for packet transfer to
the next switch. The transfer to the OFC is mainly used for inquiry
of a processing method of the packet.
[0005] Receiving the packet, the OFS searches the flow table. If an
entry which matches the received packet exists, packet processing
is performed in accordance with the action of the matched entry.
Priority can be set in the entry. If the packet matches a plurality
of entries, the action of the entry with the highest priority is
employed.
[0006] If no entry which matches the received packet exists in the
flow table, the OFS inquires of the OFC how to perform processing
of the received packet. At this time, the OFS transfers a part of
or all of the packets to the OFC through secure channel. The OFC
receiving the inquiry about the processing adds the entry to the
flow table, if necessary, and informs the OFS of the processing
method.
[0007] Patent Document 3 and Patent Document 4 disclose the network
architecture having a control device with a control function and a
switch with a transfer function which is controlled by the control
device.
RELATED ART DOCUMENT
Patent Document
[0008] [Patent Document 1] Tokukai 2011-082834 A [0009] [Patent
Document 2] Tokukai 2011-101245 A [0010] [Patent Document 3]
Tokukai 2006-135971 A [0011] [Patent Document 4] Tokukai
2006-135975 A
Non Patent Document
[0011] [0012] [Non Patent Document] Nick McKeown et. al OpenFlow:
Enabling Innovation in Campus Networks, [Jun. 28, 2011]
Internet<URLhttp://www.openflowswitch.org/documents/openflow-wp-latest-
.pdf> [0013] [Non Patent Document 2] OpenFlow Switch
Specification Version 1.0.0 (Wire Protocol 0.times.01) Dec. 31,
2009, [Aug. 31, 2011 search] Internet<URL:
http://www.openflowswitch.org/documents/openflow-spec-v1.0.0.pdf>
SUMMARY OF INVENTION
Technical Problem
[0014] The OpenFlow disclosed in Non Patent Document 1, Non Patent
Document 2, Patent Document 1, and Patent Document 2, and the
architecture disclosed in Patent Document 3 and Patent Document 4
are network systems which are based on the premise that a switch
operation is finely controlled by a single controller.
[0015] In the Documents above, when a plurality of controllers are
arranged, it is impossible to control the switch by the plurality
of controllers.
[0016] An object of the invention is to provide a communication
terminal, a communication method, and a program, which can solve
the problem described above.
Solution to Problem
[0017] A communication terminal of the invention is a communication
terminal controlled by a control device, and includes a first
storage means for associating information identifying a packet with
processing of the packet and storing it as an entry a searching
means for searching processing corresponding to a received packet
from the first storage means and an inquiry means for determining
the control device of which is inquired, based on the entry
corresponding to the received packet, the entry being stored in the
first storage means, if the searched processing is the inquiry to
the control device, and for performing the inquiry addressed to the
determined control device.
[0018] A communication method of the invention includes the step of
searching processing corresponding to a received packet from a
first storage means for associating information identifying a
packet with processing of the packet and storing it as an entry,
determining the control device of which is inquired, based on the
entry corresponding to the received packet, the entry being stored
in the first storage means, if the searched processing is the
inquiry to the control device controlling a communication terminal,
and performing the inquiry addressed to the determined control
device.
[0019] A program of the invention causes a computer to execute
process comprising searching processing corresponding to a received
packet from a first storage means for associating information
identifying a packet with processing of the packet and storing it
as an entry, determining the control device of which is inquired,
based on the entry corresponding to the received packet, the entry
being stored in the first storage means, if the searched processing
is the processing to be inquired of the control device controlling
a communication terminal; and performing the inquiry addressed to
the determined control device.
Advantageous Effects of Invention
[0020] According to the invention, even though a plurality of
controllers or control devices controlling a switch or a
communication terminal are arranged, the plurality of controllers
or the plurality of control devices can control the switch or the
communication terminal.
BRIEF DESCRIPTION OF DRAWINGS
[0021] FIG. 1 is a diagram illustrating a configuration example of
a communication device of a first exemplary embodiment.
[0022] FIG. 2 is a flow chart illustrating an operation example of
a first exemplary embodiment.
[0023] FIG. 3 is a diagram illustrating a configuration example of
a communication system of a second exemplary embodiment.
[0024] FIG. 4 is a diagram illustrating a configuration example of
a switch of a second exemplary embodiment.
[0025] FIG. 5 is a diagram illustrating a configuration example of
a switch of a second exemplary embodiment.
[0026] FIG. 6 is a diagram illustrating a configuration example of
a flow table of a second exemplary embodiment.
[0027] FIG. 7 is a diagram illustrating an example of an entry edit
command of a second exemplary embodiment.
[0028] FIG. 8 is a diagram illustrating a configuration example of
a switch of a second exemplary embodiment.
[0029] FIG. 9 is a diagram illustrating an example of an entry
addition information of a second exemplary embodiment.
[0030] FIG. 10 is a flow chart illustrating an operation example of
a second exemplary embodiment.
[0031] FIG. 11 is a flow chart illustrating an operation example of
a second exemplary embodiment.
[0032] FIG. 12 is a flow chart illustrating an operation example of
a second exemplary embodiment.
[0033] FIG. 13 is a flow chart illustrating an operation example of
a second exemplary embodiment.
[0034] FIG. 14 is a diagram illustrating a configuration example of
a switch of a third exemplary embodiment.
[0035] FIG. 15 is a diagram illustrating a configuration example of
a flow table of a third exemplary embodiment.
[0036] FIG. 16 is a flow chart illustrating an operation example of
a third exemplary embodiment.
[0037] FIG. 17 is a diagram illustrating a configuration example of
a switch of a fourth exemplary embodiment.
[0038] FIG. 18 is a diagram illustrating a configuration example of
a controller flow table of a fourth exemplary embodiment.
[0039] FIG. 19 is a flow chart illustrating an operation example of
a fourth exemplary embodiment.
[0040] FIG. 20 is a flow chart illustrating an operation example of
a fourth exemplary embodiment.
DESCRIPTION OF EMBODIMENTS
[0041] Exemplary embodiments of the present invention is described
in detail with reference to the drawings.
First Exemplary Embodiment
[Configuration]
[0042] FIG. 1 illustrates a configuration example of a
communication device 1000 of a first exemplary embodiment of the
invention. In FIG. 1, the communication device 1000 includes a
storage means 1001, a searching means 1002, and an inquiry means
1003. The communication device 1000 connects with a control device,
which is not illustrated. The communication device 1000 is
controlled by the control device.
[0043] The storage means 1001 associates information for
identifying a packet with processing of the packet and stores it
therein.
[0044] When receiving the packet, the searching means 1002 searches
the processing corresponding to the received packet in the storage
means 1001.
[0045] If the processing searched by the searching means 1002 is an
inquiry to the control device, the inquiry means 1003 performs the
following operations. The inquiry means 1003 initially determines
the control device to be inquired on the basis of an entry of the
storage means 1001 corresponding to the received packet. Next, the
inquiry means 1003 performs the inquiry addressed to the determined
control device.
[Operation]
[0046] Operations of the first exemplary embodiment are described
below using a flow chart in FIG. 2.
[0047] The searching means 1002 searches the processing
corresponding to the received packet in the storage means 1001
(S1001).
[0048] If the processing searched by the searching means 1002 is
the inquiry to the control device, the inquiry means 1003
determines the control device to be inquired on the basis of the
entry of the storage means 1001 (S1002).
[0049] Next, the inquiry means 1003 performs the inquiry addressed
to the control device determined in S1002 (S1003).
[0050] As described above, in the first exemplary embodiment, the
communication device 1000 includes the storage means 1001, the
searching means 1002, and the inquiry means 1003. However, each of
these means may be included not only in the communication device,
but a communication terminal or other communication apparatus.
Advantageous Effects
[0051] As described above, according to the first exemplary
embodiment, the communication device determines the control device
which is a processing inquiry destination of the received packet
and inquires thereof. As a result, the control device which
receives the inquiry can determine the processing of the received
packet. Therefore, according to the first exemplary embodiment,
since one control device to control the received packet can be
determined even though a plurality of control devices to control
the communication device are arranged, the communication device can
be controlled by the plurality of control devices.
Second Exemplary Embodiment
[Configuration]
[0052] FIG. 3 is a diagram illustrating a configuration example of
a communication system of a second exemplary embodiment. A
communication system 1 includes a plurality of controllers 11
connected with a network, which is not illustrated, and a plurality
of switches 12. In an example of FIG. 3, a controller 11-A, a
controller 11-B, a controller 11-C, and a controller 11-D are
arranged as the controller 11. Hereinafter, the four controllers
are described as the controller 11 if it is to not necessary to be
distinguished.
[0053] The switch 12 is connected with the plurality of controllers
11 through a control path. The controller 11 connects with the
switch 12 to be controlled by the controller 11 and
transmits/receives a control message to/from the switch 12.
[0054] In the example of FIG. 3, two switches 12 are arranged and
one switch connects with the controller 11-A, and the other switch
connects with the controller 11-B. In two sections, a section from
the controller 11-C to the controller 11-A, and a section from the
controller 11-D to the controller 11-B, dashed lines with arrows
are depicted to show connection relations. This means that a
controller may restrict a communication range controlled by the
other controller.
[0055] FIG. 4 illustrates a configuration example of the switch 12.
According to FIG. 4, the switch 12 includes control communication
means 121, flow table management means 122, flow identification
means 123, data processing means 124, and a flow table 125.
[0056] The control communication means 121 connects with the
controller 11, the flow table management means 122, and the flow
identification means 123. When receiving the control message from
the controller 11, the control communication means 121 sends a
control instruction to the flow table management means 122. When
the flow table management means 122 feeds back a control result,
the control communication means 121 sends the control message to
the controller 11, when necessary.
[0057] FIG. 5 is a diagram illustrating a configuration example of
the control communication means 121. According to FIG. 5, the
control communication means 121 includes controller designation
processing inquiry means 1211.
[0058] The controller designation processing inquiry means 1211
receives an inquiry as to contents of processing of a packet and
designation of the controller, and inquires of the controller the
processing.
[0059] The flow table management means 122 manages information
described in the flow table. The flow table management means 122 is
described below in detail.
[0060] The flow identification means 123 identifies a flow
including the packet which reaches the data processing means 124.
The flow identification means 123 connects with the flow table 125.
The flow identification means 123 searches the processing of the
identified flow in the flow table 125.
[0061] The flow table 125 stores contents of flow processing. A
configuration of the flow table 125 is illustrated in FIG. 6, as an
example. Entries of the flow table 125 include at least priority, a
matching rule, and an action. The priority, a, k, n, and m are
natural numbers. The magnitude relation thereof is
k<n<m<a. Therefore, in the example of FIG. 6, the entries
are arranged in descending order of priority. The matching rule
stores tuples, like an IP address, and a MAC (Media Access Control)
address, as described in the background art. A way how to process a
packet suitable to the matching rule is described in the
action.
[0062] In the second exemplary embodiment, an action to inquire as
to processing by designating the controller may be registered to a
packet suitable to the matching rule. For example, with respect to
a packet belonging to the flow A, an inquiry as to processing to
the controller A is performed, and with respect to a packet
belonging to the flow C, an inquiry as to processing to the
controller B is performed. Thereby, for example, since an inquiry
as to processing to the controller A is performed when the switch
12 receives a packet belonging to the flow A, the controller A
obtains the operation authority for the flow A. The processing
described in the background art may be registered as the action.
For example, with respect to a packet belonging to the flow B,
processing of transferring to the designated port is performed.
[0063] The data processing means 124 receives a packet from other
switch connected with the switch 12. When receiving the packet, the
data processing means 124 transmits a part of the packet, the whole
packet, or a copy of the packet to the flow identification means
123. The flow identification means 123 performs matching with the
entry of the flow table 125 to identify the flow, and outputs the
action. The data processing means 124 receives the action and
performs packet processing.
[0064] A method of setting the operation authority in the entry of
the flow table 125 in the switch 12 by the controller 11 is
described below. The controller 11 describes operation authority
information as addition information of the control message for
instructing the switch 12 to operate the entry of the flow table
125. Besides the control message, the controller 11 may transmit a
special message designating the operation authority to the switch
12.
[0065] FIG. 7 illustrates an example of an entry edit command
transmitted from the controller 11 to the switch 12. The entry of
FIG. 7 defines inquiring of the controller A processing as an
action with respect to the packet with the priority of a and the
matching rule of the flow A. The controller 11 transmits the entry
of FIG. 7 to the switch 12 and sets the entry of FIG. 7 in the flow
table 125 of the switch 12.
[0066] The item "Others: ReadOnly" shows the operation authority of
the entry of FIG. 7. The target of the operation authority may be
discretely designated by the controller A, the controller B, or the
like, or may be designated by a group of the controllers. By a
macro using the relation between the controller designating the
authority and the other controller, it may be designated. In the
example of FIG. 7, it is designated that a controller other than
the controller designating the authority is allowed to only read.
The entry edit command in FIG. 7 gives the controller A the
authority thereof. "Others: ReadOnly" shows that a controller other
than the controller A is allowed to only read.
[0067] Next, the flow table management means 122 is described. As
illustrated in FIG. 8, the flow table management means 122 includes
authority management/determination means 1221, entry addition
information storage means 1222, and flow table operation means
1223.
[0068] The authority management/determination means 1221 includes
entry operation authority management/determination means 12211 and
flow range determination means 12212. The entry operation authority
management/determination means 12211 connects with the control
communication means 121, the entry operation authority
management/determination means 12211, the entry addition
information storage means 1222 and the flow table operation means
1223. The flow range determination means 12212 connects with the
flow table operation means 1223. The entry addition information
storage means 1222 connects with the flow table operation means
1223. The flow table operation means 1223 connects with the flow
table 125.
[0069] The authority management/determination means 1221 determines
the authority in response to a request for the operation of the
entry from the controller 11 as shown in FIG. 7, and performs
processing according to the determination result.
[0070] The entry addition information storage means 1222 stores
authority information corresponding to the entry of the flow table
125. The authority information includes permission which is
uniquely decided for each controller, and owner information.
[0071] The entry operation authority management/determination means
12211 manages the operation authority of the entry and determines
whether or not to operate in response to the request for the
operation of the entry from the controller 11. When the operation
authority is set from entry operation authority instruction means
112 to the entry of the flow table 125 through the control
communication means 121, the entry operation authority
management/determination means 12211 stores information of the
operation authority in the entry addition information storage means
1222. When the controller 11 refers to and edits the entry through
the control communication means 121, the entry operation authority
management/determination means 12211 refers to the operation
authority information of the entry addition information storage
means 1222. Furthermore, the entry operation authority
management/determination means 12211 inquires of the flow range
determination means 12212 if the edit of the entry includes change
of the matching rule, and determines whether or not to allow the
operation in view of the returned determination result.
[0072] When the controller 11 registers the entry, the flow range
determination means 12212 determines whether or not to perform the
control by the controller 11. Specifically, it is determined
whether or not the range in which the controller 11 requests the
control falls within the flow range in which the control is
allowed. The flow range to be allowed may be, for example, a union
of the matching rules of the entry with the action for inquiring of
the controller. The invalidated flow range may be the matching
rule, having the action for inquiring of the other controller,
which has higher priority than that of the entry which is grounds
for the allowed range.
[0073] FIG. 9 illustrates an example of the entry addition
information stored corresponding to the entry of the flow table 125
and the entry addition information storage means 1222. An example
of determination which is performed in the flow range determination
means 12212 is explained using FIG. 9. In the flow table, the first
column shows priority, the second column shows the matching rules,
and the third column shows the actions. In the entry addition
information, the first column shows operation authorities of the
corresponding entry in the flow table 125, and the second column
shows owners of the corresponding entry. In the example in FIG. 9,
the entries are arranged in descending order of priority, like FIG.
6. In the example in FIG. 9, the controller A limits the range of
the flow where the controller B controls. "Controller: A" in the
column of the actions means that when receiving a packet which
matches the flow A, the switch 12 inquires of the controller A
about processing. In this case, there are two conditions that the
controller B can register the entry with the matching rule which is
the flow B. One of the conditions is that the range of the flow
shown by the flow B is included in the range of the flow shown by
the flow C which is the matching rule of the entry of the
controller A having the action for inquiring of the controller B.
The other is that the magnitude relationship of priority of the
entry is a-n<a-k<a.
[Operation]
[0074] FIGS. 10 to 13 are flowcharts illustrating an operation of
the communication system 1 of the second exemplary embodiment. The
operation of the second exemplary embodiment is described using the
flowcharts.
[0075] FIG. 10 is the flowchart illustrating the operation which is
performed when the switch 12 receives a packet in the second
exemplary embodiment.
[0076] The data processing means 124 receives a packet from
different communication device in a network which is not shown
(S11). Next, the flow identification means 123 determines whether
or not the received packet matches the matching rule of the entry
of the flow table 125 (S12).
[0077] If the entry of the flow table 125 which matches the
received packet exists, the flow identification means 123
determines whether or not the action of the matched entry is an
inquiry as to processing designating a controller (S13).
[0078] If it is determined the action of the matched entry is the
inquiry as to the processing designating the controller, the
controller designation processing inquiry means 1211 performs the
inquiry as to processing to the designated controller (S14).
[0079] If it is determined the action of the matched entry is not
the inquiry as to the processing designating the controller, the
data processing means 124 performs packet processing according to
the action of the matched entry (step S16). The data processing
means 124, for example, transfers the received packet to other
communication device, or abandons the received packet.
[0080] If it is determined that the packet does not match the
matching rule of the entry of the flow table in S12, the control
communication means 121 inquires of the controller which is set as
default about the processing (S15).
[0081] FIG. 11 and FIG. 12 are flowcharts illustrating operations
which are performed when the switch 12 receives the entry edit
command from the controller 11.
[0082] Initially, the control communication means 121 receives the
entry edit command from the controller 11 (S21).
[0083] Next, the flow table management means 122 determines whether
or not the received command is the command for adding the entry to
the flow table 125 (S22).
[0084] If it is determined that the received command is not the
command for adding the entry to the flow table in S22, an operation
of S23 is performed. The entry operation authority
management/determination means 12211 refers to the authority
information stored in the entry addition information storage means
1222 (S23). After that, the entry operation authority
management/determination means 12211 determines whether or not the
controller which sends the command is allowed to perform a request
operation for the entry which is the edit target (S24).
[0085] If it is determined that the entry edit command is the
command for adding the entry to the flow table in S22, processing
of S26 is performed. The processing of S26 is described below.
[0086] If it is determined that the request operation for the entry
which is the edit target is allowed in S24, the authority
management/determination means 1221 performs processing of S25. The
authority management/determination means 1221 determines whether or
not the entry edit command is the command which changes priority of
the entry or the matching rule (S25).
[0087] If the controller which sends the entry edit command is not
allowed to perform the request operation for the entry which is the
edit target in S24, an operation command is rejected (step
S30).
[0088] If it is determined that the entry edit command is the
command which changes priority of the entry or the matching rule in
S25, the flow range determination means 12212 performs processing
of S26. The flow range determination means 12212 determines whether
or not the priority of the entry or the matching rule after change
which is requested by the entry edit command falls within the range
which is allowable for the request source controller (S26).
[0089] If it is determined that the priority of the entry or the
matching rule after change which is requested by the entry edit
command falls within the range which is allowed for the controller
in S26, the entry operation authority management/determination
means 12211 performs processing of S27. The entry operation
authority management/determination means 12211 determines whether
or not new addition is included in entry operation authority
designation, or whether or not change is included therein and
whether neither new addition nor change is included (S27).
[0090] If it is determined that new addition or change is included
in entry operation authority designation in S27, the entry
operation authority management/determination means 12211 performs
processing of S28. In the entry operation authority
management/determination means 12211, the entry operation authority
of the entry addition information storage means 1222 is edited
(step S28). After that, the flow table operation means 1223
performs the operation command (step S29). If it is determined that
neither new addition nor change is included in entry operation
authority designation in S27, processing of S28 is skipped and
processing of S29 is performed.
[0091] The controller 11 may transmit a command for referring to
the flow table to the switch 12 in order to manage the switch 12.
Hereinafter, the command is called a flow table reference command.
FIG. 13 is a flowchart illustrating an operation which is performed
when the switch 12 receives the flow table reference command from
the controller 11.
[0092] First, the switch 12 receives the flow table reference
command from the controller 11 through the control communication
means 121 (S31).
[0093] Next, the entry operation authority management/determination
means 12211 refers to the authority information stored in the entry
addition information storage means 1222 (S32).
[0094] After S32, the entry operation authority
management/determination means 12211 extracts the entry, whose
reference authority is owned by the controller which is the command
transmission source (S33).
[0095] The flow table operation means 1223 obtains, from the flow
table 125, the entry extracted in S33 (S34).
[0096] In the entry operation authority management/determination
means 12211, the entry addition information corresponding to the
entry extracted in step S32 is obtained from the entry addition
information storage means 1222 (S35).
[0097] Next, the entry operation authority management/determination
means 12211 duplicates the entry addition information obtained in
S35 (S36).
[0098] In addition, the entry operation authority
management/determination means 12211 converts the authority
information in the entry addition information duplicated in S36
into authority which the controller requesting reference has
(S37).
[0099] Finally, the control communication means 121 transmits the
entry obtained in S34 and the entry addition information converted
in S37 to the controller 11 requesting reference (S38).
Advantageous Effects
[0100] As described above, the communication system of the second
exemplary embodiment uses the action designating any one of the
controllers 11 as the action for the entry of the flow table 125.
Thereby, it becomes possible to separate the controllers of which
the processing of the packet is inquired, for each flow range. As a
result, for example, the control, in which one controller is
determined for a specific flow, is possible.
[0101] The switch 12 holds the authority information of the
controller 11 for each entry and restricts the operation for the
entry of the flow table 125. Thereby the flow range which the
controller 11 can control is restricted. Therefore, it is possible
to prevent a different controller from unintentionally overwriting
a control policy.
[0102] On the basis of the above operations, it becomes possible to
directly control the switch 12 by a plurality of controllers 11
while determining a control range and an authority range.
Consequently, according to the second exemplary embodiment, even
though a plurality of controllers 11 to control the switch 12 are
arranged, one controller 11 to control the received packet can be
determined. It is therefore possible to control the switch 12 by
the plurality of controllers 11.
Third Exemplary Embodiment
[Configuration]
[0103] A third exemplary embodiment of the invention is described
below. In the third exemplary embodiment, the flow table management
means 122 of the switch 12 and a flow table 225 are different from
those of the second exemplary embodiment. Items which are different
from the flow table management means 122 are focused and described
below. Descriptions of the configuration and the operation similar
to those of the second exemplary embodiment are omitted.
[0104] FIG. 14 is a block diagram illustrating flow table
management means 222 of the third exemplary embodiment. In FIG. 14,
the flow table management means 222 includes authority
management/determination means 2221 and the flow table operation
means 1223. The authority management/determination means 2221
includes entry operation authority management/determination means
22211 and flow range determination means 22212. The entry operation
authority management/determination means 22211 connects with the
control communication means 121, the flow range determination means
22212 and the flow table operation means 1223.
[0105] The entry addition information storage means 1222 is not
included compared with the flow table management means 122 of the
second exemplary embodiment. In the third exemplary embodiment, the
flow table 225 stores information which the entry addition
information storage means 1222 of the second exemplary embodiment
stores. FIG. 15 illustrates an example of the flow table 225 of the
third exemplary embodiment. In FIG. 15, the flow table 225 stores
the authority information in addition to the information which the
flow table 125 of the second exemplary embodiment stores.
[Operation]
[0106] In the switch 12 of the third exemplary embodiment, when it
is necessary to refer to or edit the entry addition information in
the operation which is performed when the entry edit command is
received from the controller 11, the flow table 225 is referred to
or edited.
[0107] FIG. 16 is a flowchart illustrating operations which are
performed when the switch 12 of the third exemplary embodiment
receives the flow table reference command. The operation
illustrated in FIG. 16 differs in the operations at and after S34
from the operation of the second exemplary embodiment. The other
operations similar to those of the second exemplary embodiment have
the same reference numerals as those of FIG. 13, and detailed
descriptions thereon are omitted.
[0108] The entry operation authority management/determination means
22211 duplicates the entry obtained in S33 and S34 (S236).
[0109] Next, the entry operation authority management/determination
means 22211 converts the authority information, which the entry
duplicated in S236 includes, into the authority which the
controller requesting the reference includes (S237).
[0110] Finally, the control communication means 121 informs the
controller 11 requesting the reference, of the entry converted in
S237 (S238).
Advantageous Effects
[0111] The communication system 1 of the third exemplary embodiment
has the same effect as the second exemplary embodiment. That is,
the action designating any one of the controllers 11 is used as the
action for the entry of the flow table 225 of the third exemplary
embodiment. Thereby, it becomes possible to separate the
controllers of which the processing of the packet is inquired, for
each flow range. As a result, for example, the control, in which
one controller which controls for a specific flow is determined, is
possible.
[0112] The switch 12 holds the authority information of the
controller 11 for each entry and restricts the operation for the
entry of the flow table 225. Thereby the flow range which the
controller 11 can control is to restricted. Therefore, it is
possible to prevent a different controller from unintentionally
overwriting the control policy.
[0113] On the basis of the above operations, it becomes possible to
directly control the switch 12 by a plurality of controllers 11
while determining a control range and an authority range.
Consequently, according to the third exemplary embodiment, even
though a plurality of controllers 11 to control the switch 12
exist, one controller 11 to control the received packet can be
determined. It is, therefore, possible to control the switch 12 by
the plurality of controllers 11.
Fourth Exemplary Embodiment
[Configuration]
[0114] FIG. 17 illustrates a switch 32 of a fourth exemplary
embodiment of the invention. As shown in FIG. 17, the switch 32 of
the fourth exemplary embodiment differs from that of the second
exemplary embodiment in control communication means 321, flow table
management means 322 and a flow table 325. The other elements are
similar to those of the second and third exemplary embodiments. The
other elements similar to those of the second exemplary embodiment
have the same reference numerals as FIGS. 4, 5, and 8, and detailed
descriptions thereon are omitted.
[0115] In the fourth exemplary embodiment, an inquiry as to
processing designating the controller may not be registered in the
flow table 325 as the action. The case, in which that an inquiry as
to processing designating the controller is not registered in the
action of the flow table 325, is described below.
[0116] In the fourth exemplary embodiment, the control
communication means 321 includes the controller designation
processing inquiry means 1211, processing inquiry destination
allocation means 3212, and a controller flow table 3213. In the
fourth exemplary embodiment, processing inquiry destination
management means 3224 is added to the flow table management means
322 of the second exemplary embodiment.
[0117] The newly added elements in the fourth exemplary embodiment
are described. First, the processing inquiry destination allocation
means 3212 chooses a controller to be inquired, in response to the
inquiry to the controller 11 as to contents of processing of the
packet. The processing inquiry destination allocation means 3212
converts a processing inquiry instruction without designating the
controller into a processing inquiry instruction designating the
controller.
[0118] FIG. 18 illustrates an example of the controller flow table
3213. In FIG. 18, the controller flow table 3213 includes, as the
entry, at least the priority, the matching rule and an identifier
of the destination controller. The identifier of the controller may
be any one which is uniquely decided for the controller.
[0119] The processing inquiry destination management means 3224
manages an allocation standard of a processing inquiry destination,
and converts an action part of the entry.
[Operation]
[0120] FIG. 19 and FIG. 20 are flowcharts illustrating operations
of the switch 32 of the fourth exemplary embodiment of the
invention. The operations similar to that of the second exemplary
embodiment have the same reference numerals as FIG. 10 and
descriptions thereof are omitted.
[0121] FIG. 19 is the flowchart illustrating operations which are
performed when the switch 32 receives a packet. First, the switch
32 receives a packet and determines whether or not the packet
matches the matching rule of the entry in the flow table (S11,
S12).
[0122] In S12, if it is determined that the received packet matches
the matching rule of the entry in the flow table, the flow
identification means 123 determines whether or not the action of
the entry in the matched matching rule is an inquiry as to
processing to a controller (S13).
[0123] In S13, if it is determined that the action of the matched
entry is to the inquiry as to processing to the controller, the
processing of S317 is performed. The processing inquiry destination
allocation means 3212 searches the controller of which processing
of the received packet is inquired, with reference to the
controller flow table 3213 (S317). Specifically, the processing
inquiry destination allocation means 3212 searches the entry having
the matching rule of the controller flow table 3213 corresponding
to the matching rule which the received packet matches. The
processing inquiry destination allocation means 3212 obtains the
destination controller of the searched entry as the inquiry
destination.
[0124] Next, the processing inquiry destination allocation means
3212 converts a processing inquiry to the controller without
designating a destination into a processing inquiry addressed to
the searched controller (S318).
[0125] After that, the controller designation processing inquiry
means 1211 inquires of the designated controller about the
processing (S14).
[0126] FIG. 20 is a flowchart illustrating operations which are
performed when the controller 11 instructs the switch 32 to
register the entry designating the processing inquiry destination.
In the second and the third exemplary embodiments, if the
instruction to register the entry is received, it is directly
registered in the flow table. In the fourth exemplary embodiment,
the registration in the controller flow table 3213 is further
required.
[0127] The control communication means 321 receives the instruction
to register the entry designating the processing inquiry
destination, from the controller 11 (S341).
[0128] Next, the authority management/determination means 1221
performs authority determination of the entry, like the second
exemplary embodiment (S342).
[0129] Next, the processing inquiry destination management means
3224 registers the entry which takes the matching rule as key and
takes the identifier of the controller as value on controller flow
table 3213, and gives priority to the entry (S343).
[0130] The processing inquiry destination management means 3224
replaces the action for instructing the entry registration into the
processing inquiry without designating a controller (S344).
[0131] Finally, the flow table operation means 1223 registers the
entry in the flow table 325 (S345).
Advantageous Effects
[0132] The communication system 1 in the fourth exemplary
embodiment includes the same effect as the communication system 1
of the second and the third exemplary embodiment. That is, with
respect to the action of the processing inquiry to the controller
in the entry of the flow table 325 of the fourth exemplary
embodiment, the switch 32 stores the controller to be the inquiry
destination, in the controller flow table 3213. Thereby the
controllers of which the packet processing is inquired can be
separated for each flow range. As a result, for example, the
control, in which one controller which controls for a specific flow
is determined, is possible.
[0133] The switch 32 holds the authority information of the
controller 11 for each entry, and restricts operations with respect
to the entry in the flow table 325. Thereby, the controller 11
restricts the controllable flow range. Therefore, it is possible to
prevent a different controller from unintentionally overwriting the
control policy.
[0134] On the basis of the above operations, it becomes possible to
directly control the switch 32 by a plurality of controllers 11
while determining the control range and the authority range.
Consequently, according to the third exemplary embodiment, even
though a plurality of controllers 11 to control the switch 32 are
arranged, one controller 11 to control the received packet can be
determined. It is therefore possible to control the switch 32 by
the plurality of controllers 11.
[0135] While the invention has been particularly shown and
described with reference to exemplary embodiments thereof, the
invention is not limited to these embodiments. It will be
understood by those of ordinary skill in the art that various
changes in form and details may be made therein without departing
from the spirit and scope of the present invention as defined by
the claims.
[0136] The switch of each exemplary embodiment is optionally
applicable to a communication terminal, other communication
apparatus, and the like, and not limited to the switch.
[0137] In the exemplary embodiments, the network to which the
OpenFlow is applied is explained, but the present embodiment is not
limited thereto. The present embodiment is applicable to the
network in which a control server centrally controls the switch,
other than the OpenFlow.
[0138] The functions of the switches of the exemplary embodiments,
the communication terminal having the same function as the switch,
and other communication apparatus can be achieved by hardware. The
switch of the exemplary embodiment, the communication terminal
having the same function as the switch, and other communication
apparatus can be achieved using a computer and a program causing
the computer to execute. The program is provided by being stored in
a recording medium, like a magnetic disc, semiconductor memory, and
the like, and is read by the computer at the time of booting the
computer. The program controls the computer operations, and works
the computer as the switch of the exemplary embodiments, the
communication terminal and the communication apparatus which have
the same function as the switch and causes them to execute
processing described above.
[0139] The whole or part of the exemplary embodiments disclosed
above can be described as, but not limited to, the following
supplementary notes.
Supplementary Note 1
[0140] A communication terminal controlled by a control device,
comprising:
[0141] a first storage means for associating information
identifying a packet with processing of the packet and storing it
as an entry;
[0142] a searching means for searching processing corresponding to
a received packet from the first storage means; and
[0143] an inquiry means for determining the control device of which
is inquired, based on the entry corresponding to the received
packet, the entry being stored in the first storage means, if the
searched processing is the inquiry to the control device, and for
performing the inquiry addressed to the determined control
device.
Supplementary Note 2
[0144] The communication terminal of Supplementary note 1, wherein
the processing of the packet stored in the first storage means
includes performing the inquiry as to the processing of the packet
by designating any one of the control devices.
Supplementary Note 3
[0145] The communication terminal of Supplementary note 1, further
comprising a second storage means for storing the control device
corresponding to the entry stored in the first storage means,
wherein when determining the control device of which is inquired,
the inquiry means refers to the second storage means.
Supplementary Note 4
[0146] The communication terminal of any one of Supplementary note
1 to Supplementary note 3, further comprising a third storage means
for storing authority for the entry.
Supplementary Note 5
[0147] The communication terminal of any one of Supplementary note
1 to Supplementary note 3, wherein the first storage means
associates the authority for the entry with the entry and
stores.
Supplementary Note 6
[0148] The communication terminal of Supplementary note 4 or
Supplementary note 5, further comprising an authority determination
means for determining whether or not to edit the entry by the
control device with reference to the authority for the entry when a
request for edit of the entry is received from the control
device.
Supplementary Note 7
[0149] The communication terminal of Supplementary note 6, wherein
the authority determination means determines whether or not to edit
the entry by the control device on the basis of at least one of
priority of the entry and the information identifying a packet.
Supplementary Note 8
[0150] The communication terminal of Supplementary note 6 or
Supplementary note 7, wherein the authority determination means
determines whether or not to refer to the entry by the control
device with reference to the authority for the entry when a request
for referring to the entry is received from the control device.
Supplementary Note 9
[0151] A communication method, comprising the steps of:
[0152] searching processing corresponding to a received packet from
a first storage means for associating information identifying a
packet with processing of the packet and storing it as an
entry;
[0153] determining the control device of which is inquired, based
on the entry corresponding to the received packet, the entry being
stored in the first storage means, if the searched processing is
the inquiry to the control device controlling a communication
terminal; and
[0154] performing the inquiry addressed to the determined control
device.
Supplementary Note 10
[0155] The communication method of Supplementary note 9, wherein
the processing of the packet stored in the first storage means
includes performing the inquiry as to the processing of the packet
by designating any one of the control devices.
Supplementary Note 11
[0156] The communication method of Supplementary note 9, wherein a
second storage means for storing the control device corresponding
to the entry stored in the first storage means is referred to, when
the control device of which is inquired is determined.
Supplementary Note 12
[0157] The communication method of any one of Supplementary note 9
to Supplementary note 11, wherein authority for the entry is
stored.
Supplementary Note 13
[0158] The communication method of any one of Supplementary note 9
to Supplementary note 11, wherein the first storage means
associates the authority for the entry with the entry and stores
it.
Supplementary Note 14
[0159] The communication method of Supplementary note 12 or
Supplementary note 13, further comprising determining whether or
not to edit the entry by the control device with reference to the
authority for the entry when a request for edit of the entry is
received from the control device.
Supplementary Note 15
[0160] The communication method of Supplementary note 14, wherein
it is determined whether or not to edit the entry by the control
device on the basis of at least one of priority of the entry and
the information identifying a packet.
Supplementary Note 16
[0161] The communication method of Supplementary note 14 or
Supplementary note 15, further comprising determining whether or
not to refer to the entry by the control device with reference to
the authority for the entry when a request for referring to the
entry is received from the control device.
Supplementary Note 17
[0162] A program for causing a computer to execute processes
comprising:
[0163] searching processing corresponding to a received packet from
a first storage means for associating information identifying a
packet with processing of the packet and storing it as an
entry;
[0164] determining the control device of which is inquired, based
on the entry corresponding to the received packet, the entry being
stored in the first storage means, if the searched processing is
the processing to be inquired of the control device controlling a
communication terminal; and
[0165] performing the inquiry addressed to the determined control
device.
Supplementary Note 18
[0166] The program of Supplementary note 17, wherein the processing
of the packet stored in the first storage means includes performing
the inquiry as to the processing of the packet by designating any
one of the control devices.
Supplementary Note 19
[0167] The program of Supplementary note 18, wherein a second
storage means for storing the control device corresponding to the
entry stored in the first storage means is referred to, when the
control device to be inquired is determined.
Supplementary Note 20
[0168] The program of any one of Supplementary note 17 to
Supplementary note 19, wherein authority for the entry is
stored.
Supplementary Note 21
[0169] The program of any one of Supplementary note 17 to
Supplementary note 19, wherein the first storage means associates
the authority for the entry with the entry and stores it.
Supplementary Note 22
[0170] The program of Supplementary note 20 or Supplementary note
21, the processes further comprising determining whether or not to
edit the entry by the control device with reference to the
authority for the entry when a request for edit of the entry is
received from the control device.
Supplementary Note 23
[0171] The program of Supplementary note 22, wherein it is
determined whether or not to edit the entry by the control device
on the basis of at least one of priority of the entry and the
information identifying a packet.
Supplementary Note 24
[0172] The program of Supplementary note 22 or Supplementary note
23, the processes further comprising determining whether or not to
refer to the entry by the control device with reference to the
authority for the entry when a request for referring to the entry
is received from the control device.
Supplementary Note 25
[0173] A switch controlled by a control device, comprising
[0174] a first storage means for associating information
identifying a packet with processing of the packet and storing it
as an entry;
[0175] a searching means for searching processing corresponding to
a received packet from the first storage means; and
[0176] an inquiry means for determining the control device to be
inquired, based on the entry corresponding to the received packet,
the entry being stored in the first storage means, if the searched
processing is the inquiry to the control device, and for performing
the inquiry addressed to the determined control device.
Supplementary Note 26
[0177] The switch of Supplementary note 25, wherein the processing
of the packet stored in the first storage means includes performing
the inquiry as to the processing of the packet by designating any
one of the control devices.
Supplementary Note 27
[0178] The switch of Supplementary note 25, further comprising a
second storage means for storing the control device corresponding
to the entry stored in the first storage means, wherein when
determining the control device of which is inquired, the inquiry
means refers to the second storage means.
Supplementary Note 28
[0179] The switch of any one of Supplementary note 25 to
Supplementary note 27, further comprising a third storage means for
storing authority for the entry.
Supplementary Note 29
[0180] The switch of any one of Supplementary note 25 to
Supplementary note 28, wherein the first storage means associates
the authority for the entry with the entry and stores it.
Supplementary Note 30
[0181] The switch of Supplementary note 28 or Supplementary note
29, further comprising an authority determination means for
determining whether or not to edit the entry by the control device
with reference to the authority for the entry when a request for
edit of the entry is received from the control device.
Supplementary Note 31
[0182] The switch of Supplementary note 30, wherein the authority
determination means determines whether or not to edit the entry by
the control device on the basis of at least one of priority of the
entry and the information identifying a packet.
Supplementary Note 32
[0183] The switch of Supplementary note 30 or Supplementary note
31, wherein the authority determination means further determines
whether or to not to refer to the entry by the control device with
reference to the authority for the entry when a request for
referring to the entry is received from the control device.
Supplementary Note 33
[0184] A communication system, comprising:
[0185] a control device; and
[0186] a communication terminal controlled by the control device,
wherein the communication terminal comprises:
[0187] a first storage means for associating information
identifying a packet with processing of the packet and storing as
an entry;
[0188] a searching means for searching processing corresponding to
a received packet from the first storage means; and
[0189] an inquiry means for determining the control device of which
is inquired, based on the entry corresponding to the received
packet, the entry being stored in the first storage means, if the
searched processing is the inquiry to the control device, and for
performing the inquiry addressed to the determined control
device.
Supplementary Note 34
[0190] The communication system of Supplementary note 33, wherein
the processing of the packet stored in the first storage means
includes performing the inquiry as to the processing of the packet
by designating any one of the control device.
Supplementary Note 35
[0191] The communication system of Supplementary note 33, wherein
the communication terminal further comprises a second storage means
for storing the control device corresponding to the entry stored in
the first storage means, wherein the inquiry means refers to the
second storage means when the control device of which is inquired
is determined.
Supplementary Note 36
[0192] The communication system of any one of Supplementary note 33
to Supplementary note 35, wherein the communication terminal
further comprises a third storage means for storing authority for
the entry.
Supplementary Note 37
[0193] The communication system of any one of Supplementary note 33
to Supplementary note 36, wherein the first storage means
associates the authority for the entry with the entry and
stores.
Supplementary Note 38
[0194] The communication system of Supplementary note 36 or
Supplementary note 37, wherein the communication terminal further
comprises an authority determination means for determining whether
or not to edit the entry by the control device with reference to
the authority for the entry when a request for referring to the
entry is received from the control device.
Supplementary Note 39
[0195] The communication system of Supplementary note 38, wherein
the authority determination means determines whether or not to edit
the entry by the control device on the basis of at least one of
priority of the entry and the information identifying a packet.
Supplementary Note 40
[0196] The communication system of Supplementary note 38 or
Supplementary note 39, wherein the authority determination means
further determines whether or not to refer to the entry by the
control device with reference to the authority for the entry when a
request for referring to the entry is received from the control
device.
[0197] While the invention has been particularly shown and
described with reference to exemplary embodiments thereof, the
invention is not limited to these embodiments. It will be
understood by those of ordinary skill in the art that various
changes in form and details may be made therein without departing
from the spirit and scope of the present invention as defined by
the claims.
[0198] This application is based upon and claims the benefit of
priority from Japanese patent application No. 2011-207659, filed on
Sep. 22, 2011, the disclosure of which is incorporated herein in
its entirety by reference.
REFERENCE SIGNS LIST
[0199] 1 Communication System [0200] 11 Controller [0201] 12, 32
Switch [0202] 121, 321 Control Communication Means [0203] 122, 222,
322 Flow Table Management Means [0204] 123 Flow Identification
Means [0205] 124 Data Processing Means [0206] 125, 225, 325 Flow
Table [0207] 1211 Controller Designation Processing Inquiry Means
[0208] 1221, 2221 Authority Management/Determination Means [0209]
1222 Entry Addition Information Storage Means [0210] 1223 Flow
Table Operation Means [0211] 3212 Processing Inquiry Destination
Allocation Means [0212] 3213 Controller Flow Table [0213] 3224
Processing Inquiry Destination Management Means [0214] 12211, 22211
Entry Operation Authority Management/Determination Means [0215]
12212, 22212 Flow Range Determination Means
* * * * *
References