JP2011239082A - Communication apparatus and address conversion method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a communication apparatus capable of converting an address without passing through a proxy server and an address conversion apparatus while alleviating workload of an administrator.SOLUTION: In a communication apparatus that configures a network in which packet communication is performed, when address conversion information in which a correspondence relationship among a private address that is set to an equipment, group information that indicates a group in which the private address functions as a unique address, and a gloval address is registered, is received, the address conversion information is transferred to an adjacent communication apparatus in the network, and a source address and a destination address of the received packet are converted based on the address conversion information.

Description

  The present invention relates to a communication apparatus constituting a network for packet communication, and more particularly to a communication apparatus that converts a transmission source address and a transmission destination address of a packet.

  In recent years, as the prices of servers and routers have been reduced, corporate information systems are individually constructed according to applications (for example, each department), and are complicated from the viewpoint of the entire company. As each department of the company constructs a network individually, it has a demerit that it increases the individual management cost of the server and the network and makes it difficult to share information within the company.

  In order to solve this disadvantage, there is a method of integrating networks in distributed enterprises.

  However, when integrating networks, there is a possibility that the IP address system of the client terminal and the server is duplicated among a plurality of information systems, and it is attempted to eliminate the duplication of the IP address system of the client terminal and the server. The cost for changing the IP address of the server that accommodates the client terminal and the IP address of the client terminal becomes enormous.

  Network virtualization technology has been developed as a technology for eliminating duplication of IP address systems. In network integration work using network virtualization technology, networks can be integrated while logically dividing individual networks, and the effects of network integration can be minimized. However, there is a problem that the state where the network is logically divided cannot be solved.

  Here, an address conversion method is known in which a client address can be identified by a server without requiring special processing on the server side (see, for example, Patent Document 1).

JP 2005-26960 A

  In the address conversion method described in Patent Document 1, when the proxy server receives the request packet output from the client terminal, the proxy server converts the source address of the received request packet into the address of the proxy server, and the destination address To the server address. When the address translation device receives the request packet output from the proxy server, it analyzes the source address of the received request packet to obtain the address of the client terminal, and obtains the source address of the received request packet The address is converted to the address of the client terminal and output to the server.

  As described above, the address translation method described in Patent Document 1 can be applied only to communication via the proxy server and the address translation device, and cannot be applied to communication not via the proxy server and the address translation device. In addition, since the correspondence between the proxy server address and the client terminal address must be set by the administrator or the like in the address translation device, the workload of the administrator is not reduced.

  SUMMARY OF THE INVENTION An object of the present invention is to provide a communication device capable of converting an address without going through a proxy server and an address conversion device while reducing the workload of an administrator.

  In a typical example of the present invention, in a communication apparatus constituting a network for packet communication, the network includes a plurality of groups to which devices that communicate via the network belong, The local address set in the transmission source device that is the transmission source of the packet and the local address set in the transmission destination device that is the transmission destination of the packet do not overlap, and the transmission source Addresses are set so that duplication occurs between the local addresses set in the devices and the local addresses set in the destination device, and when the communication device receives the packet, It is connected to the source device of the received packet or connected to the destination device of the received packet If it is determined that it is connected to the source device of the received packet, the source address and destination address of the received packet are determined from the local address to the plurality of groups. A first address conversion process that converts the address into a unique global address, forwards the packet in which the source address and the destination address are converted to an adjacent communication device, and the destination of the received packet by itself If it is determined that it is connected to a device, a second address conversion process is performed to convert the source address and destination address of the received packet from the global address to the local address, and the source Transfer the packet in which the address and the destination address are converted to the destination device of the received packet A correspondence relationship between a local address overlapping between the plurality of groups, group information indicating a group in which the local address functions as a unique address, and the global address corresponding to the local address is registered, and the first address is registered. When the address translation information used for the address translation process and the second address translation process is received, the address translation information is transferred to the adjacent communication device.

  According to the present invention, it is an object to provide a communication device capable of converting an address without going through a proxy server and an address conversion device while reducing the workload of an administrator.

It is explanatory drawing of a structure of the network system of embodiment of this invention. It is a block diagram of a router of an embodiment of the present invention. It is explanatory drawing of the interface table of the 1st router of embodiment of this invention. It is explanatory drawing of the interface table of the 2nd router of embodiment of this invention. It is explanatory drawing of the interface table of the 3rd router of embodiment of this invention. It is explanatory drawing of the address conversion table of embodiment of this invention. It is explanatory drawing of the router address conversion table of the 1st router of embodiment of this invention. It is explanatory drawing of the router address conversion table of the 2nd router of embodiment of this invention. It is explanatory drawing of the router address conversion table of the 3rd router of embodiment of this invention. It is a flowchart of the address conversion table delivery process of embodiment of this invention. It is a flowchart of the router address conversion table generation process of the embodiment of the present invention. It is a flowchart of the address conversion process of embodiment of this invention. It is a flowchart of a network system in case a terminal with an overlapping IP address between terminals in the embodiment of the present invention transmits a packet to a server with an overlapping IP address between servers.

  Hereinafter, embodiments of the present invention will be described with reference to FIGS.

  FIG. 1 is an explanatory diagram of the configuration of the network system according to the embodiment of this invention.

  The network system includes terminals 101 to 103, routers 107 to 109, and servers 104 to 106.

  Terminals 101 to 103 are connected to the router 107. The router 107 is connected to the router 108. Servers 104 to 106 are connected to a router 109. The router 108 is located between the router 107 and the router 109 and is connected to the router 107 and the router 109.

  In the network system shown in FIG. 1, three terminals, three routers, and three servers are disclosed. However, the number is an example, and the number is not limited to the number shown in FIG.

  Here, there are three groups in the network shown in FIG.

  The terminal 102 and the server 105 belong to the first group, the terminal 103 and the server 106 belong to the second group, and the terminal 101 and the server 104 belong to the third group.

  Terminals and servers can be assigned private addresses that are unique within each group.

  Here, the network shown in FIG. 1 shows a state in which private addresses overlap between the first group and the second group. Specifically, the private address of the terminal 102 and the private address of the terminal 103 overlap, and the private address of the server 105 and the private address of the server 106 overlap.

  It should be noted that the terminals 101 and the servers 104 belonging to the third group are assigned unique addresses (global addresses) whose addresses do not overlap between the first group and the second group.

  In the network of this embodiment, packets can be transmitted and received between terminals and servers between the same group, and packets cannot be transmitted between terminals and servers in different groups.

  FIG. 2 is a block diagram illustrating a configuration of the router 107 according to the embodiment of this invention.

  The router 107 includes interfaces A201 to D204, a network control unit 205, a routing processing unit 206, an address conversion information processing unit 207, an address conversion unit 208, a routing table 209, a router address conversion table 210, a router address conversion table generation unit 211, an interface. A table 212 and an address conversion table 213 are provided.

  Interfaces A201 to D204 are interfaces connected to other devices (for example, terminals 101 to 103, other routers, and servers 104 to 106).

  Interface A 201 of router 107 is connected to router 108, interface B 202 is connected to terminal 101, interface C 203 is connected to terminal 102, and interface D 204 is connected to terminal 103.

  The network control unit 205 controls packet transmission / reception. The routing processing unit 206 refers to the routing table 209 to determine a device that is the next transfer destination of the packet received by the network control unit 205.

  The routing table 209 is stored in a storage device (not shown) provided in the router, and registers the destination address of the received packet and the address of the router that is the next destination corresponding to the destination address.

  The address translation information processing unit 207 refers to the router address translation table 210 and determines the destination address and the source address translation address of the received packet.

  The address conversion unit 208 converts the transmission destination address and the transmission source address of the packet received by the network control unit 205 into the conversion address determined by the address conversion unit.

  The router address conversion table 210 is stored in a storage device (not shown) provided in the router, and is generated by the router address conversion table generation unit 211 when the router receives the address conversion table 213. The router address conversion table 210 is a table in which correspondence relationships between overlapping private addresses, global addresses unique within a network in which groups corresponding to the private addresses are integrated, and interfaces A201 to D204 are registered. Details will be described with reference to FIG.

  When receiving the address conversion table 213, the router address conversion table generation unit 211 refers to the interface table 212 and generates the router address conversion table 210 from the received address conversion table 213.

  The interface table 212 is a table for managing the correspondence between the interfaces A201 to D204 provided in the router and the addresses of the devices connected to the interfaces A201 to D201, and details will be described with reference to FIG.

  The address conversion table 213 is a table that manages the correspondence between each overlapping private address and the global address corresponding to each private address. The address conversion table 213 is distributed to routers on the network when duplicate private addresses and global addresses corresponding to the private addresses are input by an administrator via a management server (not shown). Details of the address conversion table 213 will be described with reference to FIG.

  Note that the configuration of the routers 108 and 109 is the same as that of the router 107, and thus the description thereof is omitted.

  The devices connected to the interfaces A201 to D204 provided in the routers 108 and 109 are different from the devices connected to the interfaces A201 to D204 provided in the router 107, and will be described below.

  The interface A201 of the router 108 is connected to the router 107, the interface B202 is connected to the router 108, and nothing is connected to the interfaces C203 and D204.

  The interface A201 of the router 109 is connected to the router 108, the interface B202 is connected to the server 104, the interface C203 is connected to the server 105, and the interface D204 is connected to the server 106.

  3A is an explanatory diagram of the interface table 212A of the router 107 according to the embodiment of this invention, FIG. 3B is an explanatory diagram of the interface table 212B of the router 108 according to the embodiment of this invention, and FIG. It is explanatory drawing of the interface table 212C of the router 109 of embodiment.

  The interface table 212 includes an interface number 301, an accommodation IP address 302, and an address translation group number 303.

  In the interface number 301, unique identifiers of the interfaces A201 to D204 provided in the router are registered. Interface A201 is registered as interface number “1”, interface B202 is registered as interface number “2”, interface C203 is registered as interface number “3”, and interface D204 is registered as interface number “4”.

  3A to 3C, four interface identifiers are registered, but identifiers of all interfaces provided in the router are registered.

  In the accommodated IP address 302, an IP address set for a device connected to each of the interfaces A201 to D204 is registered. In the address translation group number 303, an address translation group number indicating a group to which a device specified by the IP address registered in the accommodated IP belongs is registered.

  Even if the IP addresses registered in the accommodated IP address 302 are duplicated, the duplicate private addresses belong to different groups, so that the device can be uniquely identified by the duplicate private address and the address translation group number.

  The interface table 212A held by the router 107 will be described with reference to FIG. 3A.

  Since the router 108 is connected to the interface A201 provided in the router 107, the IP address “10.30.0.1/24” of the router 108 is registered in the accommodation IP address 302 of the entry whose interface number 301 is “1”. Since the IP address is a global address, nothing is registered in the address translation group number 303.

  Since the terminal 101 is connected to the interface B 202 provided in the router 107, the IP address “10.20.0.100/24” of the terminal 101 is registered in the accommodation IP address 302 of the entry whose interface number 301 is “2”. Since the IP address is a global address, nothing is registered in the address translation group number 303.

  Since the terminal 102 is connected to the interface C203 provided in the router 107, the IP address “192.168.0.100/24” of the terminal 102 is registered in the accommodation IP address 302 of the entry whose interface number 301 is “3”. Since the IP address is a private address, “1” indicating the first group to which the terminal 102 belongs is registered.

  Since the terminal 103 is connected to the interface D204 provided in the router 107, the IP address “192.168.0.100/24” of the terminal 103 is registered in the accommodation IP address 302 of the entry whose interface number 301 is “4”. Since the IP address is a private address, “2” indicating the second group to which the terminal 103 belongs is registered.

  The IP addresses “192.168.0.100/24” of the terminal 102 and the terminal 103 are duplicated, but the terminal 102 and the terminal 103 can be distinguished by the group number registered in the address translation group number 303.

  Next, the interface table 212B held by the router 108 will be described with reference to FIG. 3B.

  Since the router 107 is connected to the interface A201 provided in the router 108, the IP address “10.30.0.2/24” of the router 107 is registered in the accommodation IP address 302 of the entry whose interface number 301 is “1”. Nothing is registered in the address translation group number 303.

  Since the router 109 is connected to the interface B 202 provided in the router 108, “10.40.0.1/24” that is the IP address of the router 109 is registered in the accommodation IP address 302 of the entry whose interface number 301 is “2”. Nothing is registered in the address translation group number 303.

  Since nothing is connected to the interfaces B 202 and C 203 provided in the router 108, nothing is registered in the accommodation IP address 302 and the address translation group number 303 of the entries whose interface numbers 301 are “3” and “4”.

  Next, the interface table 212C held by the router 109 will be described with reference to FIG. 3C.

  Since the router 108 is connected to the interface A201 provided in the router 109, the IP address “10.30.0.1/24” of the router 108 is registered in the accommodation IP address 302 of the entry whose interface number 301 is “1”. Nothing is registered in the address translation group number 303.

  Since the server 104 is connected to the interface B 202 provided in the router 109, the IP address “10.20.1.200/24” of the server 104 is registered in the accommodation IP address 302 of the entry whose interface number 301 is “2”. Since the IP address is a global address, nothing is registered in the address translation group number 303.

  Since the server 105 is connected to the interface C203 provided in the router 109, the IP address “192.168.1.200/24” of the server 105 is registered in the accommodation IP address 302 of the entry whose interface number 301 is “3”. Since the IP address is a private address, “1” indicating the first group to which the server 105 belongs is registered in the address translation group number 303.

  The IP address “192.168.1.200/24” of the server 105 overlaps with the IP address of the server 106, but the IP address of the server 105 and the IP address of the terminal 106 are determined by the group number registered in the address translation group number 303. The address can be distinguished.

  Since the server 106 is connected to the interface D204 provided in the router 109, the IP address “192.168.1.200/24” of the server 106 is registered in the accommodation IP address 302 of the entry whose interface number 301 is “4”. Since the IP address is a private address, “2” indicating the second group to which the server 106 belongs is registered in the address translation group number 303.

  Although the IP addresses “192.168.1.200/24” of the server 105 and the server 106 overlap, the server 105 and the server 106 can be distinguished by the group number registered in the address translation group number 303.

  FIG. 4 is an explanatory diagram of the address conversion table 213 according to the embodiment of this invention.

  The address translation table 213 includes a general IP address 401, an address translation IP address 402, and an address translation group number 403.

  In the general IP address 401, a global address corresponding to each overlapping IP address (private address) is registered. Registered in the address translation IP address 402 is a duplicate address and a private address set in the server. In the address translation group number 403, an address translation group number indicating a group to which the private address belongs is registered.

  In the address conversion table 213 shown in FIG. 4, the global addresses of the terminals 102 and 103 with overlapping private addresses and the global addresses of the servers 105 and 106 with overlapping private addresses are registered as general IP addresses.

  The IP address “192.168.0.100/24” of the terminal 102 is registered in the address translation IP address 402 of the first entry of the address translation table 213, and the address translation group number “1” of the terminal 102 is registered in the address translation group number 403. Is registered. “10.0.0.100/24” is registered in the general IP address 401 of the entry.

  The IP address “192.168.1.200/24” of the server 105 is registered in the address translation IP address 402 of the second entry of the address translation table 213, and the address translation group number “ 1 "is registered. “10.0.1.200/24” is registered in the general IP address 401 of the entry.

  In addition, the IP address “192.168.0.100/24” of the terminal 103 is registered in the address translation IP address 402 of the third entry of the address translation table 213, and the address translation group number “ 2 "is registered. “10.10.0.100/24” is registered in the general IP address 401 of the entry.

  Further, the IP address “192.168.1.200/24” of the server 106 is registered in the address translation IP address 402 of the fourth entry in the address translation table 213, and the address translation group number “ 2 "is registered. “10.10.1.200/24” is registered in the general IP address 401 of the entry.

  5A to 5C are explanatory diagrams of the router address conversion table 210 according to the embodiment of this invention.

  5A is an explanatory diagram of the router address translation table 210A stored in the router 107, FIG. 5B is an explanatory diagram of the router address translation table 210B stored in the router 108, and FIG. It is explanatory drawing of the router address conversion table 210C performed.

  The router address conversion table 210 is generated by the router address conversion table generation unit 211 when the router receives the address conversion table 213. The generation processing of the router address conversion table 210 by the router address conversion table generation unit 211 will be described in detail with reference to FIG.

  The router address translation table 210 includes a general IP address 501, an address translation IP address 502, an address translation group number 503, and a corresponding interface 504.

  The general IP address 501, address translation IP address 502, and address translation group number 503 are the same as the general IP address 401, address translation IP address 402, and address translation group number 403 in the address translation table 213, and thus description thereof is omitted. To do.

  Among the entries registered in the interface table 212, the IP address registered in the address translation IP address 502 matches the IP address registered in the accommodated IP address 302 among the entries registered in the interface table 212, and the address translation group number The interface number of the entry in which the address translation group number registered in the address translation group number 303 matches the address translation group number registered in the address translation group number 303 is registered.

  The router address conversion table 210A held by the router 107 will be described with reference to FIG. 5A.

  In the router address conversion table 210A, the interface number “3” indicating the interface C203 connected to the terminal 102 is registered in the corresponding interface 504 of the first entry indicating the IP address of the terminal 102. Further, the interface number “4” indicating the interface D 204 connected to the terminal 103 is registered in the corresponding interface 504 of the third entry indicating the IP address of the terminal 103.

  Next, the router address conversion table 210B held by the router 108 will be described with reference to FIG. 5B.

  In the router address conversion table 210 </ b> B, since the router 108 is not connected to the terminals 102 and 103 and the servers 105 and 106 that require address conversion, nothing is registered in the corresponding interface 504.

  The router address conversion table 210C held by the router 109 will be described with reference to FIG. 5B.

  In the router address conversion table 210C, the interface number “3” indicating the interface C203 connected to the server 105 is registered in the corresponding interface 504 of the second entry indicating the IP address of the server 105. In addition, the interface number “4” indicating the interface D 204 connected to the server 106 is registered in the corresponding interface 504 of the fourth entry indicating the IP address of the server 106.

  FIG. 6 is a flowchart of address conversion table distribution processing according to the embodiment of this invention.

  The address translation table distribution process is a process executed by a processor (not shown) of the routers 107 to 109 (hereinafter, the routers 107 to 109 are collectively referred to as routers), and the received address translation table 213 to the router address translation table 210. Is generated, and the address translation table 213 is distributed to the next router.

  First, the router determines whether or not it has received the address translation table 213 (601). The address conversion table 213 is set by the administrator via a management server (not shown) when there are duplicate private addresses in the network in which the group is integrated, and is transmitted from the management server to one router.

  If it is determined in step 601 that the address translation table 213 has been received, the router refers to the interface table 212 and the address translation table 213 to generate the router address translation table 210. The process is executed (602). Details of the router address conversion table generation processing will be described with reference to FIG.

  Next, the router transmits the received address translation table to the next hop (adjacent) router (603), and ends the address translation table distribution process.

  If it is determined in step 601 that the address conversion table 213 has not been received, the address conversion table distribution process ends.

  FIG. 7 is a flowchart of router address conversion table generation processing according to the embodiment of this invention.

  First, the router adds the corresponding interface 504 to the received address translation table 213 to generate the router address translation table 210 (701).

  Next, the router determines whether or not it is connected to a device for which a duplicate private address is set in the network (702).

  Specifically, the router specifies the IP address registered in the address translation IP address 402 of the address translation table 213 and the address translation group number registered in the address translation group number 403.

  Then, the router matches the IP address registered in the accommodated IP address 302 among the entries registered in the interface table 212 and the address translation group number registered in the address translation group number 303. If there is an entry (duplicate private address entry) that matches the acquired address translation group number, it is determined that the device is connected to a device that has a duplicate private address in the network. It is determined that the device is not connected to a device that has a duplicate private address.

  If it is determined in step 702 that the router is connected to a device for which a duplicate private address is set in the network, the router selects a duplicate private address entry from the entries registered in the interface table 212. (703). Then, the router acquires the interface number registered in the interface number 301 of the entry (duplicate private address entry) selected in step 703 (704).

  Next, the router steps to the corresponding interface 504 of the entry corresponding to the entry that requires the address translation selected in step 703 among the entries registered in the router address translation table 210 generated in step 701. The interface number acquired in the processing of 704 is registered (705), and the router address conversion table generation processing is terminated.

  The processing in step 705 will be specifically described. The router accommodates the IP address of the duplicate private address entry in which the IP address registered in the address translation IP address 502 is selected in the processing in step 703 from the entries registered in the router address translation table 701 generated in the processing in step 701. The IP address registered in the address 302 matches the IP address registered in the address translation group number 503, and the address translation group number registered in the address translation group number 503 is registered in the address translation group number 303 of the entry requiring the address translation selected in step 703. The entry that matches the address translation group number thus selected is selected as the entry corresponding to the entry that requires address translation.

  On the other hand, if it is determined in step 702 that the device is not connected to a device with a duplicate private address set in the network, the corresponding interface 504 in the router address conversion table 210 generated in step 701 is processed. Because it is not necessary to add an interface number to the router address, the router address translation table generation process is terminated.

  As a result, the address translation table 213 is distributed to all the routers constituting the network, and the router address translation table 210 is generated in each router. Therefore, the administrator needs to set the router address translation table 210 in all routers. Since only one address conversion table 213 needs to be set, the workload of the administrator can be reduced.

  FIG. 8 is a flowchart of address conversion processing according to the embodiment of this invention.

  The address conversion process is a process executed by a processor (not shown) of the router, and is executed when the router receives a packet and converts a source address and a destination address included in the received packet.

  First, the router determines whether a packet has been received (801).

  If it is determined in step 801 that the packet has not been received, it is not necessary to execute the address conversion process, so the router ends the address conversion process.

  On the other hand, if it is determined that the packet has been received in the process of step 801, the router transmits the process in steps 802 to 807 when it is a router (source edge router) connected to the terminal or server that is the source of the packet. Steps 809 to 814 are executed when the source address and the destination address are converted from the private address to the global address, and when the packet is a router (destination edge router) connected to the terminal or server that is the destination of the packet. In this process, the source address and destination address are converted from the global address to the private address.

  Hereinafter, the processing of steps 802 to 807 will be described.

  First, the router determines whether or not there is an entry in the router address conversion table 210 where the interface number registered in the corresponding interface 504 of the router address conversion table 210 matches the interface number indicating the interface that received the packet ( 802).

  If it is determined in step 802 that the interface number registered in the interface 504 of the router address translation table 210 does not match the interface number indicating the interface that received the packet, the router Since there is a possibility that it is not the edge router but the destination edge router, the process proceeds to step 809.

  Specifically, an interface number indicating an interface connected to a terminal or server having a duplicate private address is registered in the corresponding interface 504 of the router address conversion table 210. In other words, a router whose interface number is registered in the corresponding interface 504 is a source edge router or a destination edge router.

  If the interface number indicating the interface that received the packet is registered in the corresponding interface 504, the router that received the packet is the source edge router, and the private address of the terminal or server that is the source is duplicated. It is necessary to convert the source address and destination address included in the packet into a global address that is unique within the network.

  On the other hand, if the interface number indicating the interface that received the packet is not registered in the corresponding interface 504, the router that received the packet is not the source edge router, but the router is the destination edge router or the intermediate router. Either. Therefore, if it is determined in step 802 that there is no entry whose interface number registered in the interface 504 of the router address conversion table 210 matches the interface number indicating the interface that received the packet, the packet is Since there is a possibility that the received router is a destination edge router, the source address and destination address must be converted from a global address to a private address.

  If it is determined in step 802 that the interface number registered in the interface 504 of the router address translation table 210 matches the interface number indicating the interface that received the packet, the router that received the packet Since it is a source edge router, the router shifts the processing to step 803 to convert the source address and destination address from private addresses to global addresses.

  First, the router selects an entry whose interface number registered in the corresponding interface 504 of the router address translation table 210 matches the interface number indicating the interface that received the packet, and registers it in the address translation IP address 502 of the selected entry. It is determined whether or not the received IP address matches the source address included in the received packet (803).

  If it is determined in step 803 that the two do not match, the router determines that the source address of the packet is abnormal, discards the packet (808), and ends the address conversion process.

  On the other hand, if it is determined in step 803 that both match, the router converts the source address included in the received packet to the IP address registered in the general IP address 501 of the entry selected in step 803. (804). In step 804, the source address that was a private address is converted to a global address.

  Next, the router selects an entry in which the same address translation group number as the address translation group number registered in the address translation group number 503 of the entry is selected, and is registered in the address translation IP address 502 of the selected entry. An IP address is acquired (805).

  Then, the router determines whether or not the IP address acquired in step 805 matches the transmission destination address included in the received packet (806).

  If it is determined in step 806 that the two do not match, the router determines that the destination address of the packet is abnormal, discards the packet (808), and ends the address conversion process.

  On the other hand, if it is determined in step 806 that the two match, the router registers the destination address included in the received packet in the general IP address 501 of the entry selected in step 805. The IP address is converted (807), and the address conversion process ends. In step 807, the destination address that was a private address is converted to a global address.

  Next, processing in steps 809 to 814 will be described.

  First, the router determines whether the entry registered in the router address conversion table 210 has an entry that matches the destination address included in the received packet with the IP address registered in the general IP address 501. (809).

  If it is determined in step 809 that there is no entry registered in the router address translation table 210 that matches the destination address included in the received packet with the IP address registered in the general IP address 501 The router determines that a packet that does not require address translation has been received, and ends the address translation process.

  On the other hand, in step 809, it is determined that there is an entry that matches the destination address included in the received packet in the IP address registered in the general IP address 501 among the entries registered in the router address conversion table 210. If it is, the router selects the entry and determines whether an interface number is registered in the corresponding interface 504 of the selected entry (810).

  If it is determined in step 810 that the interface number is not registered in the corresponding interface 504 of the selected entry, since the router is an intermediate router, it is not necessary to execute the address conversion process. The process ends.

  On the other hand, if it is determined in step 810 that the interface number is registered in the corresponding interface 504 of the selected entry, the router is a destination edge router, and therefore the destination included in the received packet. The address is converted into an IP address registered in the address conversion IP address 502 of the selected entry (811). In step 811, the destination address that was a private address is converted to a global address.

  Next, the router selects an entry in which the same address translation group number as the address translation group number registered in the address translation group number 503 of the entry selected in step 810 is selected, and converts the address of the selected entry. The IP address registered in the IP address 502 is acquired (812).

  Then, the router determines whether or not the IP address acquired in step 812 matches the source address included in the received packet (813).

  If it is determined in step 813 that the IP address acquired in step 812 does not match the source address included in the received packet, the router determines that the packet source address is abnormal. Determination is made, the packet is discarded (808), and the address conversion process is terminated.

  On the other hand, if it is determined in step 813 that the IP address acquired in step 812 matches the destination address included in the received packet, the router sends the source address included in the received packet. Is converted into the IP address registered in the address translation IP address 502 of the entry selected in the process of step 812 (814), and the address translation process is terminated. In step 814, the source address that was a global address is converted into a private address.

  As described above, in the address conversion process, it is determined whether the router that received the packet is a source router or a destination router. If the router is a source router, the source address of the received packet and Since the transmission destination address is a private address, the transmission source address and the transmission destination address are converted from a private address to a global address. If the transmission destination address is a transmission destination router, the transmission source address and the transmission destination address of the received packet are global. Since this is an address, the source address and destination address are converted from a global address to a private address.

  As a result, communication can be performed between a transmission source and a transmission destination even if private addresses overlap in a network in which a plurality of groups (ranges in which packets can be transmitted by broadcast) are integrated. Also, since the source address and destination address are converted from the global address to the private address by the router immediately before the packet is sent to the destination, the destination is processed as if the packet arrived from the source global address. Can be executed. Therefore, even when a plurality of networks are integrated, the source and destination addresses need not be changed to global addresses.

  Further, since the router discards the packet if the source address or destination address included in the received packet is inappropriate, the network throughput can be reduced.

  FIG. 9 is a flowchart of the network system in the case where the terminal 102 whose IP address is duplicated between terminals according to the embodiment of the present invention transmits a packet to the server 105 whose IP address is duplicated between servers.

  First, the terminal 102 transmits a packet to the server 105 (901). The source address of the packet transmitted in the process of step 901 is “192.168.0.100/24” which is the private address of the terminal 102, and the destination address is “192.168.1.200/24” which is the private address of the server 105. is there.

  When the router 107 receives the packet transmitted from the terminal 102 (902), the router 107 executes the address conversion process shown in FIG. 8 (903).

  The processing in step 903 will be described with reference to FIGS. 5A and 8.

  Since the router 107 receives the packet via the interface C203 connected to the terminal 102, the interface number indicating the interface that has received the packet is “3”. In the process of step 802, since the interface number “3” is registered in the corresponding interface 504 of the router address conversion table 210A shown in FIG. 5A, the router 107 proceeds to the process of step 803.

  In the processing of step 803, the IP address “192.168.0.100/24” registered in the address translation IP address 502 of the entry in which “3” is registered in the corresponding interface 504 of the router address translation table 210A shown in FIG. 5A is transmitted. Since it matches the original address “192.168.0.100/24”, the router 107 proceeds to the processing of Step 804.

  In the processing of step 804, the router 107 registers the source address “192.168.0.100/24” in the general IP address 501 of the entry in which “3” is registered in the corresponding interface 504 of the router address conversion table 210A. 10. "0.0.100 / 24" and the process proceeds to step 805.

  In the processing of step 805, the router 107 has the address translation IP address 502 of the entry having the same address translation group number as the address translation group number “1” of the entry in which “3” is registered in the corresponding interface 504 of the router address translation table 210A. The IP address “192.168.1.200/24” registered in is acquired, and the process proceeds to step 806.

  In step 806, the router 107 proceeds to step 807 because the IP address “192.168.1.200/24” acquired in step 805 matches the destination address “192.168.1.200/24”.

  In the processing of step 807, the router 107 has the destination address “192.168.1.200/24”, the address translation IP address 502 is “192.168.1.200/24”, and the address translation group number 503 is “1”. The IP address “10.0.1.200/24” registered in the general IP address 501 is converted into the address conversion process.

  As described above, the router 107 converts the source address of the received packet from “192.168.0.100/24” to “10.0.0.100/24” and the destination address “192.168.1.200” in step 903. / 24 "to" 10.0.1.200/24 ".

  Next, the router 107 refers to the routing table and transfers the received packet to the router 108 that becomes the next hop (904).

  When the router 108 receives the packet transferred from the router 107 in step 904 (905), the router 108 executes the address conversion process shown in FIG. 8 (906).

  The processing in step 906 will be described with reference to FIGS. 5B and 8.

  Since the router 108 receives a packet via the interface A201 connected to the router 107, the interface number indicating the interface that has received the packet is “1”. In the process of step 802, since the interface number “1” is not registered in the corresponding interface 504 of the router address conversion table 210B shown in FIG. 5B, the router 108 proceeds to the process of step 809.

  In the process of step 809, since the destination address “10.0.1.200/24” is registered in the general IP address 501 of the router address conversion table 210B, the router 108 proceeds to the process of step 810.

  In step 810, the router 108 has no interface number registered in the corresponding interface 504 of the entry whose general IP address 501 is “10.0.1.200/24”, so the source address and destination of the received packet are not registered. The address conversion process is terminated without converting the address.

  Then, the router 108 refers to the routing table and forwards the received packet to the router 109 that becomes the next hop (907).

  When the router 109 receives the packet transferred from the router 108 in step 907 (908), the router 109 executes the address conversion process shown in FIG. 8 (909).

  The processing in step 909 will be described with reference to FIGS. 5C and 8.

  Since the router 109 receives a packet through the interface A201 connected to the router 108, the interface number indicating the interface that has received the packet is “1”. In the process of step 802, since the interface number “1” is not registered in the corresponding interface 504 of the router address conversion table 210C shown in FIG. 5C, the router 108 proceeds to the process of step 809.

  In the process of step 809, since the destination address “10.0.1.200/24” is registered in the general IP address 501 of the router address conversion table 210C, the router 109 proceeds to the process of step 810.

  In the process of step 810, since the interface number “3” is registered in the corresponding interface 504 of the entry whose general IP address 501 is “10.0.1.200/24”, the router 109 proceeds to the process of step 811. .

  In the process of step 811, the router 109 sets the destination address “10.0.1.200/24” and the IP address “registered in the address translation IP address 502 of the entry whose general IP address 501 is“ 10.0.1.200/24 ”. "192.168.1.200/24" and the process proceeds to step 812.

  In the process of step 812, the router 109 is registered in the general IP address 501 of the entry having the same address translation group number as the address translation group number “1” of the entry whose general IP address 501 is “10.0.1.200/24”. The IP address “10.0.0.100/24” is acquired, and the process proceeds to Step 813.

  In the process of step 813, since the IP address “10.0.0.100/24” acquired in the process of step 812 matches the source address “10.0.0.100/24”, the router 109 proceeds to the process of step 814. .

  In the process of step 814, the router 109 registers the source address “10.0.0.100/24” in the address translation IP address 502 of the entry having the IP address “10.0.0.100/24” registered in the general IP address 501. After converting to “192.168.1.200/24”, the address conversion process is completed.

  As described above, the router 109 converts the source address of the received packet from “10.0.0.100/24” to “192.168.0.100/24” and the destination address is “10.0.1.200” in the process of step 909. / 24 "to" 192.168.1.200/24 ".

  Next, the router 109 refers to the routing table and transmits the received packet to the server 105 (910).

  The server 105 receives the packet transmitted from the router 109 (911) and ends the process.

  As described above, a packet can be transmitted from the terminal 102 whose private address overlaps with the terminal 103 in the network to the server 105 whose private address overlaps with the server 106 in the network.

  Although the packet transmission from the terminal to the server has been described with reference to FIG. 9, since the router executes the process shown in FIG. 8, the packet transmission from the server is also possible.

  As described above, in this embodiment, the address conversion table 213 is distributed to the routers configuring the network, and the router generates a router address conversion table suitable for itself. It is not necessary to set the router address conversion table 210 in the router, and it is only necessary to set the address conversion table 213 in any one of the routers, so that the workload on the administrator can be reduced.

  In addition, the router refers to the router address conversion table 210 to determine whether it is a source edge router or a destination edge router. If it is a source edge router, the router receives it. If the packet source address and destination address are converted from a duplicate private address to a global address, and if it is the destination edge router, then the packet source address and destination address received from the duplicate global address Since the address is converted into a private address, the administrator need only set the address conversion table 213 without any special setting for any communication path.

  The present invention can be applied to a communication apparatus for controlling layer 3 of a network OSI reference model such as an L3 switch in addition to a router.

101-103 terminal 104-106 server 107-109 router 210 router address conversion table 212 interface table 213 address conversion table

Claims (8)

In a communication device constituting a network for packet communication,
The network includes a plurality of groups to which devices communicating via the network belong,
Within one group, the local address set in the source device that is the source of the packet and the local address set in the destination device that is the destination of the packet do not overlap,
Between the plurality of groups, the addresses are set so that duplication occurs between the local addresses set in the transmission source device and between the local addresses set in the transmission destination device,
The communication device
When receiving the packet, determine whether it is connected to the source device of the received packet or to the destination device of the received packet;
If it is determined that it is connected to the source device of the received packet, the source address and destination address of the received packet are global addresses that are unique among the plurality of groups from the local address. A first address conversion process is performed to convert the source address and the destination address to the adjacent communication device,
Second address conversion for converting the source address and the destination address of the received packet from the global address to the local address when it is determined that it is connected to the destination device of the received packet Execute the process, transfer the packet in which the source address and the destination address are converted to the destination device of the received packet,
Correspondence between a local address overlapping between the plurality of groups, group information indicating a group in which the local address functions as a unique address, and the global address corresponding to the local address is registered, and the first address When the address conversion information used for the conversion process and the second address conversion process is received, the address conversion information is transferred to the adjacent communication apparatus. The communication device
It has an interface to connect other devices,
Correspondence between an interface identifier capable of identifying the interface, the local address of the device connected to the interface, and group information indicating a group in which the local address of the device connected to the interface functions as a unique address Remember the interface information where the relationship was registered,
When the address conversion information is received, the interface identifier of the interface to which the device specified by the local address and the group information is connected is referred to the interface information, and the received address conversion information Generating communication device address conversion information associated with the global address corresponding to the local address;
When the packet is received, referring to the generated communication device address translation information, it is connected to the transmission source device of the received packet or the device itself is connected to the transmission destination device of the received packet. Determine if it is connected,
When it is determined that it is connected to the transmission source device of the received packet, referring to the generated communication device address conversion information, the first address conversion process is performed,
When it is determined that it is connected to a destination device of the received packet, the second address conversion process is executed with reference to the generated communication device address conversion information. The communication device according to claim 1. The communication device
When the interface identifier of the interface that has received the packet is registered in the communication device address translation information, and the interface identifier is associated with the local address of the source address of the packet in the communication device address translation information Determines that it is connected to the source device of the received packet,
In the communication device address conversion information, when the global address of the transmission destination address of the received packet is associated with the interface specifying information, it is connected to the transmission destination device of the received packet. The communication device according to claim 2, wherein the communication device is determined. The communication device
If it is determined that it is connected to the source device of the received packet,
The source address of the received packet is converted to the global address associated with the interface identifier of the interface that received the packet,
The destination address of the received packet is converted to the global address associated with a local address that matches the destination address of the received packet in the same group as the group of the global address to which the source address is converted. And
If it is determined that it is connected to the destination device of the received packet,
Converting the destination address of the received packet to the local address associated with the global address that matches the destination address of the received packet;
The source address of the received packet is associated with the global address that matches the source address of the received packet in the same group as the group of the global address that matches the destination address of the received packet. 4. The communication apparatus according to claim 3, wherein the communication apparatus converts the address into a local address. A transmission source address and a transmission destination address of the packet in a network system comprising: a communication device that forms a network for packet communication; a transmission source device that is a transmission source of the packet; and a transmission destination device that is a transmission destination of the packet In the address conversion method for converting
The network includes a plurality of groups to which devices communicating via the network belong,
Within one group, the local address set for the source device and the local address set for the destination device do not overlap,
Between the plurality of groups, the addresses are set so that duplication occurs between the local addresses set in the source device and the local addresses set in the destination device,
The address conversion method is:
When receiving the packet, a first step of determining whether the packet is connected to a source device of the received packet or a destination device of the received packet;
If it is determined that it is connected to the source device of the received packet, the source address and destination address of the received packet are global addresses that are unique among the plurality of groups from the local address. A first step of performing a first address conversion process for converting the packet into a communication device adjacent to the transmission source address and the transmission destination address;
Second address conversion for converting the source address and the destination address of the received packet from the global address to the local address when it is determined that it is connected to the destination device of the received packet A third step of executing processing and transferring the packet in which the transmission source address and the transmission destination address are converted to the transmission destination device of the received packet;
Correspondence between a local address overlapping between the plurality of groups, group information indicating a group in which the local address functions as a unique address, and the global address corresponding to the local address is registered, and the first address And a fourth step of transferring the address conversion information to the adjacent communication device when the address conversion information used for the conversion process and the second address conversion process is received. Method. The communication device
It has an interface to connect other devices,
Correspondence between an interface identifier capable of identifying the interface, the local address of the device connected to the interface, and group information indicating a group in which the local address of the device connected to the interface functions as a unique address Remember the interface information where the relationship was registered,
The address conversion method is:
When the address conversion information is received, the interface identifier of the interface to which the device specified by the local address and the group information is connected is referred to the interface information, and the received address conversion information A fifth step of generating communication device address conversion information associated with the global address corresponding to the local address;
In the first step, when the packet is received, referring to the generated communication device address translation information, whether or not the packet is received by the transmission source device of the received packet To determine if it is connected to the destination device
In the second step, referring to the generated communication device address conversion information, the first address conversion processing is executed,
6. The address conversion method according to claim 5, wherein in the third step, the second address conversion process is executed with reference to the generated communication device address conversion information. In the first step,
When the interface identifier of the interface that has received the packet is registered in the communication device address translation information, and the interface identifier is associated with the local address of the source address of the packet in the communication device address translation information Determines that it is connected to the source device of the received packet,
In the communication device address conversion information, when the global address of the transmission destination address of the received packet is associated with the interface specifying information, it is connected to the transmission destination device of the received packet. The address conversion method according to claim 6, wherein the address conversion method is determined. In the second step,
The source address of the received packet is converted to the global address associated with the interface identifier of the interface that received the packet,
The destination address of the received packet is converted to the global address associated with a local address that matches the destination address of the received packet in the same group as the group of the global address to which the source address is converted. And
In the third step,
Converting the destination address of the received packet to the local address associated with the global address that matches the destination address of the received packet;
The source address of the received packet is associated with the global address that matches the source address of the received packet in the same group as the group of the global address that matches the destination address of the received packet. 8. The address conversion method according to claim 7, wherein the address is converted into a local address.

Images