KR20020035226A - internet connecting method and apparatus using masquerading technique - Google Patents

Abstract

PURPOSE: An internet accessing method using a masquerading and an apparatus are provided to receive an internet service by using a private IP address given in an official IP address of a damaged line when one line is damaged. CONSTITUTION: Each of a plurality of terminal ports(10) is connected to a subscriber terminal and has a private IP address. A plurality of path ports(40) are connected to the plurality of terminal ports(10) and are paths which communicate with an ISP. Each of the plurality of path ports(40) has an official IP address. A path discriminator analyzes a subscriber signal from the plurality of terminal ports(10) and discriminates a path. A path checking section checks whether damaged ports are included in the plurality of path ports(40). A path determining section determines a path change with respect to a transmitting data path of the subscriber side according to a path discriminating result of the path discriminator. A path connector transmits an official IP address information of a determined path port to an official address when transmitting data to an ISP.

Description

Internet connection method and apparatus using mask rading {internet connecting method and apparatus using masquerading technique}

The present invention relates to network communication equipment, and more particularly to a statically rounded Linux based router.

In the recent information age, many people have paid attention to information processing and information sharing methods, and accordingly, the field of communication has been remarkably developed.

Communication or Correspondence is the act of transferring information to an opponent through an intermediate medium between two geographically remote devices. Code information such as military code, text information such as fax, and telephone Refers to an activity of transmitting and receiving voice information and video information such as broadcasting by voice, wireless, optical or other electronic methods, and devices and devices required to perform such activities.

For example, exchanging information between communication systems such as telephone networks, leased lines, satellites, broadcasts, and antennas between geographically separated computer systems can all be examples of communications. A communication structure that is connected based on a common purpose of data communication, that is, a communication network that transmits data between elements connected to each other, is called a network. In particular, a computer network using a computer is a personal computer that has recently been spread. It is becoming popular with the general public at a rapid pace due to the times of dissemination.

In order to configure such a network system, not only a computer system but also a transmission device and a switching device, etc., various electronic communication lines described above are required, and they are connected to each other to form a network as described above to enable data communication.

As the structure of the network increases, the demand for information transmission using the network is diversified, and in a recent environment in which software and hardware equipment continue to increase, a type of protocol is required for efficient information transfer. The promises of each other, such as what, how, and when to communicate, are required, and accordingly, it is necessary to define the promises required to exchange data smoothly and reliably without errors when communicating between computers or between computers and terminals. Protocol.

Protocols are divided into several layers corresponding to the level of protocol functions to facilitate the expansion of communication functions and the introduction of new communication technologies. Independent protocols are set up for each layer.

The hierarchical structure of the protocol consists of a layer that shares the conversation control in the communication between processes, a layer that shares the regulations of information formats such as encryption and data compression, and a layer that shares the communication regulations on the business content. A layer for transparent and transparent data transmission on a network, which shares an interface, a layer that shares data transmission between adjacent nodes, and a layer that shares direction and transmission path control in a communication line (network). The lower layer is divided into the lower layer, and the lower layer has a structure for serving the upper layer.

In this case, a router is needed as a device for connecting a separate network having the same protocol. When the user wants to communicate with the Internet or data, the router establishes an optimal path for accessing these services. This network connection equipment is made up of hardware that helps to communicate from one network to another, and software including a routing table for storing a route to a specific destination on the network.

Such a router may have a plurality of circuits, each of which has a path connected with one or more other circuits, and checks each path at a predetermined time, and if one of the paths has a problem, sends out data through the other path. Then, when the damaged path is restored, it may also play a role of using this path again.

1 illustrates a network environment including a router (R) having a plurality of paths from an Internet service provider (ISP) to a subscriber (CP). It will be described in detail through.

Router (R) is capable of connecting a plurality of lines (a, b), each line is given a public IP address (A0, B0), a plurality of subscribers connected to each of the lines (a, b) By dividing the private IP addresses (A, B) assigned to the public IP addresses (A0, B0) of the line, Internet service can be obtained from the ISP.

That is, at the request of subscribers, one line (a) is established in the installed router (R), and the private IP address (A) of a range given to the public IP address (A0) of the line (a) The group of subscribers who are divided receives Internet service from the ISP through the path of the circuit a.

After that, if the number of subscribers increases and becomes larger than the number of private IP addresses A in a range, the new public line B0 and another public IP address B0 are expanded. The group of can also be provided with Internet service from the ISP by dividing the range of private IP addresses (B) given to the newly expanded line (b) by addresses.

At this time, the packet having the data information sent to the ISP through each line (a, b), the path to the ISP through the sent line (a, b), and the public IP address (A0, B0) is connected to the router of the ISP side, and the router of the ISP detects this data packet and confirms each path and public IP address.

Then, when the ISP provides the return service to the subscribers, the router of the ISP side analyzes the data packet connected from the subscribers, and provides the return service according to the information contained in the router table.

In this case, in particular, in the case of B & A (Building and Apartment) using Ethernet as one of the high-speed Internet services, the router installed at the subscriber side does not operate the dynamic routing protocol but performs static routing. Routers return services according to data packets of subscribers connected through each path, and the data packets are sent out on the path again.

That is, since the data packets of subscribers connected to the ISP side with the public IP of A0 owned by the router are connected to the ISP through the path of a, when the ISP provides the subscriber with the return service requested by these data packets, the path of a is returned. The return service of the data packet which is provided to subscribers via B, and connected to the ISP side through the path of b with the public IP of B0, is again provided to the subscriber through the path of b.

However, in a network environment using this type of static routing method, if one of the plurality of circuits connecting the subscriber side router and the ISP fails, a plurality of subscriber groups connected to the failed circuit have different bypass paths. Nevertheless, cases of failure cannot be effectively dealt with.

That is, as shown in Fig. 2, in the network environment having the above-described structure, if one line (a) fails and the line cannot be used, measures such as manually adjusting the router (R) on the subscriber side Then, the group of subscribers having the private IP (A) assigned to the public IP address (A0) of the faulty line (a) can be connected to the ISP through the line (b) of the other public IP (B).

However, as described above, when the failure of the failure line (a) does not occur in the data packet transmitted through the path of the other line (b) other than the path of the line (a) that matches the public IP address (A0) The router on the ISP side receiving these data packets has a public IP address (B) because it has a route sent to the ISP through the path of the fault line (a) and the IP address (A0) of the fault line (a). Since the path capable of providing the return service to the subscribers having A0) only knows the use of the failure line (a), the return service is provided through the path of the failure line (a) and thus the failure line ( Subscribers using the private IP address (A) assigned to the public IP (A0) of a) will not be able to receive the desired service.

That is, because the router installed in the ISP knows that there is only a path to reach A, even if the router R of the subscriber forwards the packet so that the packet from A to the ISP bypasses the line b, The ISP side router does not know that the path could be b, so the user belonging to A is disconnected.

This situation has a problem in that subscribers using static routing cannot receive desired Internet services and thus cannot provide a stable network environment.

The present invention has been made to solve the above problems, in the subscriber router having a plurality of circuits of different paths, even if one circuit is damaged, a private IP assigned to the public IP address of the damaged circuit The present invention provides an internet access method and a device for allowing subscribers having an address to normally receive an Internet service.

1 is a diagram illustrating a network environment including a router having a plurality of paths from an ISP to a subscriber.

2 illustrates a network environment including a router having a damaged path among a plurality of paths from an ISP to a subscriber;

3 is a block diagram schematically showing the structure of a statically set Linux-based router according to the present invention.

4 is a flowchart illustrating the operation and function of a statically set Linux-based router according to the present invention.

FIG. 5 illustrates a network environment including a statically set Linux-based router in accordance with the present invention having a compromised one of a plurality of paths from an ISP to a subscriber.

<Explanation of symbols for the main parts of the drawings>

10: terminal port 40: route port

The present invention provides a plurality of terminal ports connected to the subscriber terminal and having a private IP address to achieve the above object; A plurality of route ports connected to a plurality of terminal ports having a private IP address, each having a public IP address, and a route for communicating with an ISP; Path determination means for determining a path by analyzing signals of subscribers received from the plurality of input ports; Path checking means for discriminating whether the plurality of path ports are damaged; If it is determined that the path determined by the path determining means is a damaged path, the transmission data path of the subscriber side is changed to an undamaged path, and if it is not a damaged path, the path decision is not made. Means; And route connection means for IP masking the transmission data to the ISP through the route port determined by the route determining means as a public IP address, and to be transmitted to the public IP address information of the determined route port. It provides a Linux based router.

In addition, the present invention is a communication method between a statically set Linux-based router and ISP having a plurality of terminal ports each having a private IP address, and a plurality of route ports having a public IP address linked with the plurality of private IP addresses, Discriminating whether the plurality of path ports are damaged; Determining one of the path ports to transmit data entered into the terminal port; Determining whether the determined path is a damaged path in the discriminating step, and if the damaged path is a damaged path; Switching to the other route to communicate with the ISP at the public IP address of the changed route; Returning return information from the ISP to the changed path; And converting the return information returned by the changed path into a private IP of the terminal.

Best Mode for Carrying Out the Invention A preferred embodiment of the present invention will now be described in detail with reference to the drawings.

The present invention is applicable to a network environment including a router (R) according to the present invention for connecting an Internet service provider (ISP) and a subscriber (Customer Premises: CP) through a plurality of paths. An internal block diagram of a router according to the invention is shown in FIG. 3.

The router (R) according to the present invention is connected to a plurality of terminal ports (10) having a private IP address and connected to a terminal of a subscriber (CP), and a plurality of terminal ports (10) having a plurality of private IP addresses. A plurality of route ports 40 each having a public IP address connected to an ISP, and a route discrimination means for determining a route and a public IP address by analyzing data packets of subscribers received from the plurality of terminal ports 10; Path checking means for discriminating whether any of the plurality of path ports are damaged, and if it is determined that the path determined by the path checking means is a damaged path by the path checking means, the path of the transmission data packet of the subscriber side is determined. A path determining means for changing to an undamaged path and not changing the path if the path is not damaged, and a path port 40 determined by the path determining means. And a path connection means for IP masking the IP address of the data packet to the public IP address of the determined route port 40 when transmitting the transmission data packet to the ISP.

In particular, the router according to the present invention is a router used in the case of B & A (Building and Apartment) using Ethernet as one of high-speed Internet services, and is characterized by static routing without operating a dynamic routing protocol. .

The function and operation of the router according to the present invention having such a configuration will be described in more detail through the flowchart of FIG. 4.

First, the transmission data for requesting service from the ISP through the plurality of terminal ports, the private IP address of the subscriber, the route information for the route port predetermined by the subscriber terminal and the static routing, and the ISP side. A packet having an IP address or the like enters the router according to the present invention. (S1)

According to the route information and the private IP address in the packet entered through the terminal port, the route discrimination means determines the route port to which the packet is to be transmitted and the corresponding public IP (S2).

On the other hand, the route checking means periodically detects whether the route port is damaged, and always transmits route inspection information having information on whether the route port is abnormal to the route determining means (S3).

At this time, the route checking information transmitted by the route checking means to the route determining means is information for identifying the abnormality of a specific route port through communication with each route port and an ISP or another router in between.

The route determining means requests the terminal on the subscriber's side based on the route checking information to determine whether the route determined by the route discriminating means is a damaged route (S4). If the path determined by the path determining means is a path that is not damaged by the path check information, the path of the data packet transmitted from the subscriber's terminal is not changed (S4). Confirm the information.

That is, as shown in FIG. 5, when a path of any one circuit a is damaged, it is changed to a path of another undamaged circuit b.

The path determined by the routing means is connected to the ISP by determining the output port, that is, the path, by the path connecting means (S6).

In this case, in particular, the path connection means of the router according to the present invention uses an IP mask rading technique.

IP Masking is a networking feature of Linux that is similar to the Network Address Analysis (NAT) commonly found in network routers. With this Linux IP Masquerade, computers inside a Linux box (PPP, Ethernet, etc.) It is a function that enables internet connection without an assigned IP address.

That is, the IP mask rading technique according to the present invention will be described in detail.

As described above, based on the route checking information, the route determining means determines the path determined by the route discriminating means based on the route information of the data packet requested by the terminal on the subscriber's side. In the case of the path), the path is changed to the path of the undamaged line (b), wherein the public IP address (A0) determined by the path discriminating means and the public IP (B0) of the path port through which the data packet is transmitted. Since it is different from each other, the path connecting means performs IP mask rading.

That is, when subscribers having a private IP of A transmit data packets to the terminal port of the router according to the present invention, these data packets have a path through the public IP address of A0 and the circuit a by the path determining means. In this case, since the path of the circuit a has a failure, such a data packet has a path of the b line by the path determining means, which means that the data packet has a path of the b line with the public IP of A0. It is necessary to mask the public IP address of A0 owned by the packet to the public IP of B0, and the route connection means of the router according to the present invention plays this role.

As described above, when the route change and the IP mask rading method by the route connection means according to the present invention are used, the data packet transmitted to the ISP by the subscriber group having the private IP A includes information about the route of the circuit b; Since the mask is framed with the public IP address of B0, the router of the ISP provides a return service using the path of circuit b and the public IP of B0 as the destination through these data packets.

In this case, since the return service transmitted from the ISP should be delivered to the subscriber having the private IP address of A, the router according to the present invention needs one internal table, and this internal table has the private IP address of A. It is remembered that the path of the data packet transmitted from the mobile terminal is changed to b, and the IP address is mask raided to B0. Then, the data packet information of the return service sent from the ISP is returned to A's private IP. give.

On the other hand, when the route check means sends the route check information indicating that the damaged route is normally operated to the route change means, it is natural that the route is not changed but connected to the route.

When the network environment is established by using the router according to the present invention to the subscriber side, even if a failure situation occurs in one or more circuits among the plurality of circuits of the router, it is possible to effectively prevent the failure situation through the remaining circuits. Improved communication network can be applied when two or more leased lines are used to provide service from two or more ISPs, and when one or more leased lines fail and bypass the other ISPs. Can provide an environment.

Claims (2)

A plurality of terminal ports connected with subscriber terminals and having a private IP address; A plurality of route ports connected to a plurality of terminal ports having a private IP address, each having a public IP address, and a route for communicating with an ISP; Path determination means for determining a path by analyzing signals of subscribers received from the plurality of terminal ports; Path checking means for discriminating whether the plurality of path ports are damaged; If it is determined that the path determined by the path determining means is a damaged path, the transmission data path of the subscriber is changed to an undamaged path, and if it is not a damaged path, the path decision is not made. Means; Route connection means for IP masking the transmission data to the ISP through the route port determined by the route determining means to be transmitted to the public IP address information of the determined route port. Linux-based router, including A communication method with a statically set Linux-based router and ISP having a plurality of terminal ports each having a private IP address, and a plurality of route ports having a public IP address linked with the plurality of private IP addresses, Discriminating whether the plurality of path ports are damaged; Determining one of the path ports to transmit data entered into the terminal port; Determining whether the determined path is a damaged path in the discriminating step, and if the damaged path is a damaged path; Switching to the other route to communicate with the ISP at the public IP address of the changed route; Returning return information from the ISP to the changed path; Converting return information returned by the changed path into a private IP of the terminal; Communication method including