Network system and routing method

The invention claimed is: 1. A network system, comprising: a plurality of switches, each configured to execute, on a reception packet that meets a rule of an entry registered in its own a flow table, an operation based on an action defined in the entry; and a controller configured to register the entry, in which an identifier unique to a path calculated based on a physical topology of a network composed of the plurality of switches is set as a rule and an output from a predetermined output port as an action, in each of the plurality of switches before a communication is started among the plurality of switches, to forward the reception packet to a next switch for avoiding an unauthorized access caused by an unknown packet, wherein the controller includes: a non-transitory memory storing a program; and a processor executing the program, wherein the program comprises a code that, when executed, causes the controller to perform: detecting the physical topology of the network and classifying the plurality of switches into edge switches and core switches in a topology detection before the communication is started; assigning an unique identifier to each of the edge switches; and calculating a path between the edge switches and the entry for forwarding the reception packet in response of an inquiry from the edge switches, and wherein the controller is configured to: transmit in advance an entry to the edge switch, the entry to the edge switch including: an identification rule to identify a packet; and an instruction of assigning an identifier, corresponding to a virtual network to which belongs a reception packet identified by the identification rule, to the reception packet; and transmit in advance an entry to a core switch of the core switches, the entry to the core switch including: an instruction for forwarding the reception packet according to the identifier included in the reception packet. 2. The network system according to claim 1 , wherein the program further comprises code that, when executed, causes the controller to further perform: specifying destination information of a transmission source terminal in a station detection before the communication is started; assigning an unique identifier to the transmission source terminal; and registering an output entry in a flow table of an edge switch to which the transmission source terminal is connected, the output entry indicating that, when an identifier of the edge switch and an identifier of the transmission source terminal are described in a field of destination information of a reception packet, destination information of the transmission source terminal is made to be described in a field of destination information of the reception packet and the reception packet is made to be forwarded to the transmission source terminal. 3. The network system according to claim 2 , wherein the program further comprises code that, when executed, causes the controller to further perform: specifying destination information of a destination terminal in the station detection before the communication is started; assigning an identifier as the unique identifier to the destination terminal; and registering an output entry in a flow table of an edge switch to which the destination terminal is connected, the output entry indicating that, when an identifier of the edge switch and an identifier of the destination terminal are described in a field of destination information of a reception packet, destination information of the destination terminal is made to be described in a field of destination information of the reception packet and the reception packet is made to be forwarded to the destination terminal. 4. The network system according to claim 3 , wherein the program further comprises code that, when executed, causes the controller to further perform: confirming whether or not a communication between the transmission source terminal and the destination terminal enables to be performed; and registering, when the communication between the transmission source terminal and the destination terminal is judged to enable to be performed, an input entry in a flow table of an edge switch to which the transmission source terminal is connected, the input entry indicating that, when a packet to the destination terminal is received, an identifier of an edge switch to which the destination terminal is connected and an identifier of the destination terminal are made to be described in at least a part of a field of destination information of the reception packet and the reception packet is made to be forwarded to a next switch. 5. A controller configured to be used for a network system, wherein the network system comprises a plurality of switches and the controller, the controller comprising: a non-transitory memory storing a program; and a processor executing the program, wherein the program comprises code that, when executed, causes the controller to perform: registering an entry, in which an identifier unique to a path calculated based on a physical topology of a network composed of the plurality of switches is set as a rule and an output from a predetermined output port as an action, in each of the plurality of witches before a communication is started among the plurality of switches, to forward the reception packet to a next switch for avoiding an unauthorized access caused by an unknown packet, wherein each of the plurality of switches executes, on a reception packet that meets a rule of the entry registered in a flow table, an operation based on an action defined in the entry, wherein the program further comprises code that, when executed, causes the controller to further perform: detecting the physical topology of the network and classifying the plurality of switches into edge switches and core switches in a topology detection before the communication is started; assigning an unique identifier to each of the edge switches; and calculating a path between the edge switches and the entry for forwarding the reception packet in response of an inquiry from the edge switches, and wherein the controller is further configured to: transmit in advance an entry to the edge switch, the entry to the edge switch including: an identification rule to identify a packet; and an instruction of assigning an identifier, corresponding to a virtual network to which belongs a reception packet identified by the identification rule, to the reception packet; and transmit in advance an entry to a core switch of the core switches, the entry to the core switch including: an instruction for forwarding the reception packet according to the identifier included in the reception packet. 6. A routing method, comprising: each of a plurality of switches executing, on a reception packet that meets a rule of an entry registered in its own a flow table, an operation based on an action defined in the entry; a controller registering the entry, in which an identifier unique to a path calculated based on a physical topology of a network composed of the plurality of switches is set as a rule and an output from a predetermined output port as an action, in each of the plurality of switches before a communication is started among the plurality of switches, to forward the reception packet to a next switch for avoiding an unauthorized access caused by an unknown packet; detecting, by the controller, the physical topology of the network and classifying the plurality of switches into edge switches and core switches in a topology detection before the communication is started; assigning, by the controller, an unique identifier to each of the edge switches; and calculating, by the controller, a path between the edge switches and the entry for forwarding the reception packet in