KR20040012427A - Internet service providing system for many small subscribers through LAN and method for providing internet service, using the system - Google Patents

Abstract

PURPOSE: A system for supplying an Internet connection service for many small-sized subscribers through a LAN and a method for supplying an Internet connection service using the same are provided to improve the Internet connection service of a LAN system. CONSTITUTION: A managing server(10) is mounted in an ISP network center(8) at an exterior of a housing development LAN or at an interior of the housing development LAN. A housing development router(14) is connected to the ISP network center(8) through a high capacity leased-line and the Internet. A main switch(15) is connected to the housing development router(14). A plurality of sub switches(16) are connected to the lower portion of the main switch(15) as a hierarchical star topology. A home gate(17) is mounted in each subscriber, communicated with the managing server(10), receives an IP address from the managing server(10), and allocates IP addresses to user stations(31,32,33,34,35) of the subscribers. A home gate gateway(25) is mounted in each housing development for a communication between the managing server(10) and the home gate(17).

Description

Internet service providing system for many small subscribers through LAN and method for providing internet access service using the same {Internet service providing system for many small subscribers through LAN and method for providing internet service, using the system}

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a system for providing Internet access services to a large number of small subscribers over a LAN, and in particular, to a subscriber LAN with various uses / purposes belonging to a plurality of small subscribers in a large-scale complex. The present invention relates to a system for economically providing various, secure and high quality internet access services by managing and assigning IP addresses to be provided to a plurality of user hosts. Here, a LAN configured in each subscriber's home is referred to as a "subscriber LAN", and a LAN in a complex including a plurality of subscribers is referred to as a "only LAN".

Until now, most homes or businesses have been provided with Internet access service through a DSL method using copper telephone lines or a Data Over Cable Service Interface Specifications (DOCSIS) method using a cable of a cable TV. However, these methods have already reached their limits in terms of cost versus transmission speed. If you pay about 20,000 ~ 30,000 won per month, you will receive 0.3Mbps ~ 2Mbps service.

However, as the transmission technologies such as Metro Ethernet, which transfers Ethernet frames directly on optical fibers and IP packets that are carried on optical fibers, are rapidly developing, the price of high-capacity leased lines has increased. It is falling exponentially. For example, Metro Ethernet-based 10Mbps dedicated line has been supplied to PCBang in Korea since early 2002 for less than KRW 1 million per month, compared to Sonnet T1 (1.544 Mbps) just a year ago. In terms of the price is only about a tenth. This cost-to-rate improvement is expected to be more than 10 times better in the near future. That is, it is expected to be about 100 times better than the transmission rate compared to the cost in 2001.

On the other hand, as is apparent in the "high-speed information and communication building certification system" led by the Ministry of Information and Communication, it is common to simply install a LAN from the beginning when building an apartment or an office building. As a result, inexpensive high-capacity leased lines are introduced to the complexes, and only LANs are connected directly to them, thereby providing Internet access services for a large number of mutually independent small subscribers within the complex at a cost of 20,000 won to 30,000 won per month. It is becoming common.

In the case of the Internet access service through only LAN, it is possible to use the high speed internet service of several tens of Mbps by using only general-purpose Ethernet switch without using expensive communication equipment. Cable is hardly a competitor.

On the other hand, in the recently constructed cyber apartments, there is an increasing number of attempts to remotely control not only computers in the house but also information and communication / home appliances by constructing a LAN (subscriber LAN) in each subscriber's home. have. However, in order to establish a home network including various telecommunication / home appliances, which are hosts in the house, to access the Internet, a public IP address capable of accessing the Internet must be given to each user host.

If you assign a public IP address to each user host, there is a problem that the public IP address is exhausted, and even if solving the problem of exhaustion of the IP address, a network operating cost to maintain a constant quality of service of the network occurs to configure the subscriber LAN This would be an economic burden for each of a number of small subscribers. That is, each subscriber only uses the high-speed content in the complex, and even if the subscriber is not connected to the server installed over the internet network, the subscriber pays the same operating expenses as those given to other hosts on the Internet. That is, the Internet access service provider does not assign the IP address required by each host according to its purpose / purpose, and assigns only public IP addresses collectively so that many small subscribers form a subscriber LAN to access the Internet through the LAN. Receiving service is a significant burden.

On the other hand, LAN is not a communication protocol originally developed for mutually independent small subscriber access to the Internet, but a flat protocol developed to connect a plurality of users in the same organization and the same office. Therefore, there is no method for authenticating, confirming, or real-time management of the subscriber's Internet connection to a service provider that provides Internet access service to a plurality of small subscribers only through a LAN.

If you look closely, the medium-to-large subscribers paying more than a few hundred thousand won a month for PC rooms or mid-sized businesses and using the Ethernet Ethernet line, the optical lines produced by Extreme or Riverstone in the United States. Because you use the expensive communication equipment that implements the functions for subscriber identification and network safety while receiving and using the optical fiber directly from the centralized Ethernet switch, and because the user himself has a certain level of network management expertise, While using a macro Ethernet system, it does not pose a serious problem in terms of network security and subscriber identification.

However, such expensive switching equipment cannot be used in apartments or general large officetels, and the composition of subscribers is not a medium-to-large subscriber who pays more than several hundred thousand won per month, but a very large number of mutual payers who pay between two thousand and three thousand won per month. Since it is made up of independent small subscribers, a general purpose Ethernet switch is inevitable. Therefore, the Internet access service for many small subscribers via LAN has a great advantage in terms of transmission rate compared to cost, but it is a service having a very serious weakness in network security and subscriber identification.

In addition, for the security of the network, instead of installing intelligent switches at the floors or premises of the Internet, Internet service providers may install an IP sharing router (called NAT (Network Address Translation)) for each subscriber to access the Internet. It may be. Subscribers assign their own private IP addresses that they do not recognize externally to their hosts, and NAT has one public IP address assigned by an Internet access service provider, which means that private IP addresses of multiple hosts in the house are served by NAT. Is converted to NAT to communicate with the Internet.

However, NAT is a network address translator used to convert private IP addresses to public IP addresses in the network layer, which is the third layer of the OSI model, and therefore requires very expensive computing equipment to access the Internet. Unless it's 10 Mbps, it's hard to hit. Furthermore, many applications in finance, gaming, multimedia communications, and information appliances are designed to prevent network traversal of NAT. That is, when NAT is used, it is difficult to remotely control Internet home appliances such as multimedia communication, information home appliances, etc. through the Internet, and thus, it is practically impossible to construct a subscriber LAN.

Also, in a LAN environment, even when a user does not have an Internet connection, the IP sharing router keeps holding the IP address, so the utilization of the IP address is reduced. From the point of view of the service provider, it is not possible to know how many Ethernet stations are booted and used for Internet access through NAT for each subscriber, thereby simplifying service quality and lowering intelligence.

Thus, it is possible for a number of small subscribers to take the above problems, purchase and use them, but it is not desirable for an Internet access service provider providing public service to provide "NAT" as a basic equipment to "all" subscribers. Furthermore, even with NAT, since internal hosts cannot be accessed from the outside, a true home network that remotely controls VoIP phones, Internet appliances, and the like cannot be constructed as described above. Here, a true home network means not only simultaneous communication between hosts in a house, but also a plurality of hosts in a house can connect to servers or devices in a complex or to the Internet through an external external IP network.

Therefore, the following challenges must be solved in order to significantly enhance the LAN-type Internet access service with enormous potential. First, the IP address provided by the internet access service provider should be extended not only to the public IP address but also to the private IP address area. Second, to manage the type of IP address and its traffic according to the purpose and purpose of the user host. Third, each host constituting a home network or a subscriber LAN must be remotely accessible from each subscriber's premises, such as a VoIP phone or Internet home appliance that receives a private IP address instead of a public IP address. Fourth, ARP typhoon or MAC It should be able to block spoofing in order to strengthen network security, fifthly, to strengthen network security and privacy among subscribers, and sixth, to be unique to LANs such as network basic input output system (NetBIOS) and netBIOS Extended User Interface (NetBEUI). The protocols go out of the pressure of each subscriber It should be blocked, it must fulfill all the tasks one last tactic in the most economical way that does not give financial burden for each subscriber.

Accordingly, it is an object of the present invention to provide a plurality of small-sized subscriber Internet access service providing system and a method for providing an internet access service using a LAN capable of realizing the aforementioned LAN-type internet access service enhancement tasks.

1 is a schematic diagram of a network including a system for providing a plurality of small subscriber internet access services through a LAN according to an embodiment of the present invention.

2 is a diagram illustrating a configuration of a homegate of a plurality of small subscriber Internet access service systems via a LAN according to an embodiment of the present invention.

3 is a diagram illustrating a plurality of network configurations between only a LAN server / device and a plurality of hosts in a subscriber LAN in an Internet access service system according to an embodiment of the present invention.

4A is a diagram illustrating a process of installing a home gateway, a home gate, a management server, and setting a user for an operation of an Internet connection service system through a LAN according to an embodiment of the present invention.

4B is a flowchart illustrating an internet access service providing process including an IP address allocation process using an internet access service system through a LAN according to an embodiment of the present invention.

FIG. 5 is a diagram illustrating a data flow between a homegate and a management server of a plurality of small subscriber Internet access service systems through a LAN, a plurality of user hosts in a subscriber LAN, and equipment / servers of a LAN according to an example of the present invention. to be.

In order to achieve the object of the present invention, in the environment where a number of small subscribers exist in the complex including a cyber apartment complex, and a plurality of LAN ports and LAN cables are installed in the individual subscriber household to implement the subscriber LAN In addition, a system for introducing a cheap large-capacity Internet leased line into the complex and providing Internet access services to a plurality of small subscribers independent of each other via the LAN, is required for the internet access of a plurality of hosts connected to the multiple LAN ports. A pool of IP addresses is provided to provide subscribers with purpose / multiple categories of IP addresses (private IP addresses to be assigned to hosts for multiple purposes / uses to establish the subscriber LAN as well as authorized IP addresses). A management server provided at the Internet service provider side; It is installed in individual subscriber's household and communicates with management server to receive multiple purpose / multiple categories of IP addresses from management server according to subscriber's terms and conditions. Obtains a dynamic public IP address from the management server and relays it to the host, and if the IP address required by the subscriber's host is a fixed public IP address or a private IP address, it receives a plurality of purpose / multiple categories of IPs from the management server. A homegate that assigns an IP address to the host in addresses; It includes a home gateway installed in each complex for communication between the home gate and the management server.

In particular, the management server's address pool contains the floating IP address to be allocated to the subscriber host according to the floating gate IP address request, the multiple purpose / multiple categories of IP addresses entrusted to the homegate, and the subscriber-specific information. Information, only the IP address list of the server in the LAN is built into the database.

The homegate receives a floating public IP address and multiple purpose / multiple categories of IP addresses from the management server, and configures an IP address in response to a user host having various purposes / uses based on the subscriber's terms and conditions. An IP address assignment management module; A proxy ARP module that finds its "MAC address" based on the IP address list of only the device / server downloaded from the management server and responds on behalf of the communication device in the complex to the ARP request generated by the subscriber host; A table is obtained from the proxy ARP module that matches only the MAC address of my device / server, and the MAC address of each host of subscribers and the MAC address of the server / device of the complex in the default gateway relationship or IP alias relationship with the host is prepared. A filtering module, comprising: a filtering module for determining whether a frame generated at each host is entitled to pass a home gate based on a table; Host boot monitoring module for periodically monitoring the connection status of the subscriber host to transmit to the management server (10); And from the management server, the band management management instructions written in the management server and the list of IP addresses of only my device / server according to the report of the host boot monitoring module, or in addition to the MAC address of the only device / server from the proxy ARP module. And a bandwidth management module for classifying packets arriving at the home gate into traffic outside the complex and traffic within the complex to manage band whistle for each traffic pack type.

Hereinafter, the present invention will be described in detail with reference to the accompanying drawings.

1 is a schematic diagram of a network including a system for providing a plurality of small subscriber internet access services through a LAN according to an embodiment of the present invention, and FIG. 2 is a more detailed configuration of the homegate of the Internet access service system of FIG. 3 shows a network configuration between only a LAN server / device and a plurality of hosts in a subscriber LAN in an Internet access service system according to the present invention.

Referring to FIG. 1, the system for providing an Internet service through a LAN according to the present invention includes an inexpensive high-capacity dedicated line such as a management server 10 installed at an ISP network center 8 outside a LAN or a complex LAN, a metro Ethernet system, and the Internet. Hierarchical hierarchical structure in the lower part of the main switch 15, the main switch 15 connected to the router 14, the only router 14 connected to the ISP network center 8 through the network 13 a plurality of sub-switches 16 connected in a star topology, and are installed in each subscriber to communicate with the management server 10 to receive an IP address from the management server 10 and to receive the user station 31 of the subscriber. Homegate 17, which is a gateway switch that manages the allocation of IP addresses to 32, 33, 34, and 35, and a home gateway that is installed only for communication between the management server 10 and the homegate 17 ( Poe 25) It is. Only a LAN may vary slightly depending on the environment, but typically a plurality of switches having only a router 14 and a hierarchical star topology beneath it connected to a high-capacity Internet dedicated line. (15, 16) and consisting of subscriber space, a plurality of sub-switch 16 in addition to that shown in Figure 1, another multi-stage can be formed between the sub-switch 16 and the home gate 17 It may include a sub switch.

The home gate 17 is connected to a plurality of user hosts 31-35 having different uses and purposes for configuring a subscriber LAN and requesting different types of IP addresses. For example, a host 31 requiring a public (fixed, floating) IP address for communicating with an out-of-LAN IP network, and a NAT private IP address required for Internet communication via a NAT server 21. Host 32, host 33 requiring a private IP address in the complex to communicate with the content server 22 in the host, hosts 34 requiring a private IP address used for remote control of a VoIP telephone or Internet appliance. 35 is connected to the home gate 17.

Meanwhile, only the main switch 15 of the LAN has a VoIP gatekeeper 12 provided in the ISP network center 8 for controlling a VoIP phone or a home appliance, and a VoIP gateway 23 for communicating with the home appliance control server 11. ) And the home appliance control gateway 24, and the NAT server 21 and the content server 22 in the complex are connected.

Looking at each configuration, as shown in Figure 2, the management server 10, the IP address, the floating ball to be assigned to the user host according to the IP address request, the floating hole of the home gate 17, the home gate 17 The fixed public and private IP addresses, subscriber-specific information, only LAN information, only LAN-specific private IP address pools, and only IP addresses of servers in a LAN are built into the database 101. A communication module 102 for controlling communication with 17 is included.

The router 14 is located at the boundary between the "only LAN" and the "IP network" and serves to communicate with each other. The router 14 stores the source IP address and the source MAC address of the upstream packet, and then stores the downstream packet. The MAC address of the internal host corresponding to the destination IP address is found using ARP (Address Resolution Protocol), and the packet is forwarded to the main switch 15 and the sub switch 16.

The main switch 15 and the sub-switch 16 serve as a switching function. The main switch 15 and the sub switch 16 store MAC addresses of packets entering and exiting each switch port, and transmit each packet to a corresponding port path.

The home gate 17, which is a gateway switch connected to the sub-switch 16, functions as a switching and at the same time, only the router 14 serves as a "joint" at the boundary between the "IP network" and the "only LAN". As you can see, it acts as a "joint" at the boundary between "subscribing LAN" and other areas within "only LAN".

Specifically, as shown in FIG. 2, the home gate 17 may include a communication module 171, a user setting module 172, an IP address allocation management module 173, a band whistle management module 174, and a filtering module ( 175), proxy ARP module 176, host boot monitoring module 177, and installation article setting module 178.

The communication module 171 communicates with the communication module 102 of the management server 10 of the ISP network center 8 through the home gateway 25 to assign a public IP address or private address to the user host 31-35. It is given an IP address, and only the server and the equipment in the complex, for example, the NAT server 21 shown in FIGS. 1 and 2, the content server 22 in the complex, the VoIP gateway 23, the home appliance control gateway 24, and the like. The IP addresses of the home gateways 25 are transferred.

The installation article setting module 178 provides information necessary for the home gate 17 to communicate with the management server 10 through the home gateway 25 when the home gate 17 is installed in each home. (17) The private IP address for itself, the IP address of the home gateway 25 in the complex, and the physical location where the home gate is installed) are input.

When installation is complete, Homegate communicates with the management server via the home gateway of the complex, and immediately receives a pool of IP addresses of multiple destinations / multiple categories to be assigned to the IP addresses of the servers / devices in the complex and subscriber hosts.

The user setting module 172 allows the user to match the corresponding IP address for each of the plurality of target hosts.

The IP allocation management module 173 receives the multiple categories of fixed public and / or private IP address pools from the communication module 171. Based on this IP address pool and the subscriber's terms and conditions, the IP address assigned to each host is configured to a user host having various purposes / uses.

That is, when the user host 31-35 connected to the home gate 17 boots and requests an IP address, the requesting IP address is a fixed IP address or a private IP address (for example, a fixed public IP address or a NAT private IP address). , Only My Private IP Address, VoIP Private IP Address, Home Appliance Private IP Address), selects the IP address corresponding to the purpose / purpose from the IP address pool entrusted by the management server 10, and selects the host 31-35. If the required IP address is a floating public IP address, the homegate 17 receives the floating public IP address from the management server 10 through the home gateway 25 and hosts 31-35. ) it will be relayed to the.

Conventionally, when a user host requires an IP address, a DHCP (Dynamic Host Configuration Protocol) server is used to assign an IP address. The DHCP server automatically assigns a floating public IP address or IP address belonging to the same subnet regardless of its purpose when the host boots and requests an IP address. However, in the IP assignment management module 173 of the home gate 17 of the present invention, the user searches the category of the IP address preset for the host, and then assigns the IP address corresponding to the purpose. In addition, if the purpose is different, for example, an IP address for different subnets is allocated depending on whether it is a private IP for connection in the complex or a private IP that can use a NAT server.

The proxy ARP module 176 performs ARP based on the "IP address list of the equipment / server in the complex" downloaded from the management server 10 through the communication module 171, and the "appliance of the equipment / server in the complex." MAC address ". And it finds the " MAC address of the device / server only " to the filtering module 175 which will be described later. It also responds on behalf of the equipment / server in the complex in response to the ARP request generated by the subscriber host.

The database 101 of the management server 10 may be constructed so that the "MAC address" of the management server 10 may be downloaded from the management server 10 in addition to the "IP address of the equipment / server within the site". However, since the MAC address is a physical address of the device, the MAC address is changed even if only the NIC (Network Interface Card) of each device is changed, thereby accompanied by a change of the database 101. On the other hand, since IP addresses are logical addresses, even if the number of devices / servers in the complex increases or the devices are replaced, they can still be used as valid values. In other words, by using the proxy ARP module 176, there is an advantage that it is possible to inexpensively and easily maintain the maintenance of the Internet access service system via the LAN according to the present invention even when the subscriber changes or the replacement or expansion of the equipment in the complex only have.

In the filtering module 175, there is a table in which MAC addresses of respective hosts are matched with MAC addresses of servers / devices in the complex which are in a default gateway relationship or an IP alias relationship with the host. This table is secured by the following principle. Based on the IP address of the device / server in the complex, as described above, the proxy ARP module finds the MAC address of the device / server. In addition, according to the user setting described above, an IP having a different purpose and purpose is assigned to each host, which determines which of the devices / servers within the host can be used for each host. Building a filtering table with the MAC address of each host and the MAC address of the device / server in the complex has the same effect as building a filtering table with the IP value of each host and the IP value of the device / server in the complex. The advantage of building a filtering table at the MAC layer is that the layer is "low" compared to the IP layer, allowing for faster and more efficient data processing. Based on the filtering table, the homegate determines, for upstream traffic, whether data frames originating at the host are eligible to pass through the homegate 17. The same principle of filtering can be performed for downstream traffic.

An example of setting a default or IP arith relationship between a host 31-35 and a server / equipment in just me is shown in FIG. The host 31 requesting the public IP address only forms a default gateway with the router 14, and forms an IP aliasing relationship with the content server in the complex. In the same way, the host 32 requesting a NAT private IP address forms a default gateway relationship with the NAT server 21 and forms an IP aliasing relationship with the content server in the complex. The host 33 requesting the private IP address in the complex, the host 34 requesting the VoIP private IP address, the host 35 requesting the home appliance control private IP address, and the home gate 17 are each a content server in the complex. (22), the VoIP gateway 23, the home appliance control gateway 24, and the home gateway 25 form a default gateway relationship.

For example, only the router 14 or the content server 22 within the complex whose source MAC address included in the upstream packet is of the host 31 requesting a public IP address and the destination MAC address is in a default gateway relationship or an IP alias relationship. In the case of a MAC address, the filtering module 175 allows the packet to pass through the home gate 17.

On the other hand, the filtering module 175 may compare the IP address of the host with the IP address of the server / device only in the network, and the pass-through qualification may be performed. In this regard, considering the processing speed and the like, it is preferable to perform packet filtering using a MAC address.

The host boot monitoring module 177 is one of the user hosts 31-35, in particular, hosts having an IP address directly connected to a Quality of Service (QoS), for example, a host 31 requiring a public IP address, a NAT private IP. The connection status of the host 32 requesting the address is periodically monitored and transmitted to the management server 10 of the ISP network center 8 through the communication module 171. That is, the host boot monitoring module 177 of the home gate 17 monitors the link status of the hosts 31-35 connected to the home gate 17, when the link of the host assigned the floating public IP address is released. In addition, the floating public IP address, which was in use, is returned to the management server 10 so that other hosts can use it. In addition, by monitoring the link connection or disconnection of the host 31 to which a fixed IP address is assigned, the status of use of the IP address can be grasped in real time to increase the use efficiency of the IP address, and the band whistle management module 174 to be described later. Through this, communication traffic can be controlled.

The management server 10 writes a management guideline that provides an appropriate amount of bandwidth for each user by classifying traffic of packets in the jar and traffic outside the jar based on information periodically reported by the host boot monitoring module 177. It sends to the band whistle management module 174 through the module 171. The ISP has statistical know-how about how fair it is to give each host or subscriber when the number of hosts on the leased line is x and the number of hosts booted in the complex is y. Have. For example, in a 100Mbps leased line, if 100 households are booting, they usually have a 2.5Mbps bandwidth per household.

When the destination MAC address of the upstream packet arriving at the home gate 17 means "out of the park", that is, only when it is a router or a NAT server, the band whistle management module 174 classifies the "out-of-house" traffic into the "upstream park". On the other hand, if the destination address means "only in", that is, if it is a content server in a complex, then it is put in an "upstream only in my queue." Bandwiss management can be managed by taking advantage of the advantages of a LAN, namely that only intra-communication can generate tens of Mbps per home and only a few Gbps in total. Data will be delivered at the maximum speed allowed by switches 15 and 16, ie, different band conditioning schemes will be applied for traffic in and out of traffic. The.

According to the present invention, since the band whistle management function is performed by the home gate 17 installed for each subscriber, the router, the floor switch or the same switch in the complex uses the conventional method of managing the band whistle. In addition, by managing the outside of the complex and the inside of the complex, there is an advantage of maximizing the efficiency of using the network and dynamically adjusting the management amount according to the boot state of the user host.

Referring now to Figures 4A-4 and 5, multiple by interaction with the host (31-35), home gate 17, home gateway 25, management server 10 of multiple purposes / applications This chapter describes the process of assigning, filtering, and managing band IP addresses.

In order to receive the Internet access service according to the present invention, as shown in FIG. 4A, the management server 10 must have a database 101 composed of various data for satisfying the subscriber's service needs (step) S1). The database 101 includes a pool of public (floating and fixed) IP addresses, a unique LAN-specific private IP address pool within a complex, subscriber information, a list of IP addresses of equipment / servers within the complex, the location of the complex to which the subscriber belongs, and the like. Includes physical information, band whis management instructions, the management server 10 manages the home gate 17 for each subscriber based on the database 101.

By the way, the home gateway 25 is installed so that the home gate with the private IP can communicate with the management server (step S2). The home gateway 25 allows the home gateway 17 and the home gate 17 to form a default gateway relationship so that the home gateway 17 communicates using a private IP address constituting the same network. An example of network configuration via a default gateway or IP iris relationship is shown in the table below.

User host Default gateway IP Iris Relationship Subnet 1 Public IP (212,25.26.31) Only router (212.25.27.254) Content Server in Complex Subnet 2 NAT Private IP (172.16.X.X) NAT server (172.16.1.1) Content Server in Complex Subnet 3 Private IP (172.17.X.X) Content server in the complex (172.17.1.1) Subnet 4 VoIP private IP (172.18.X.X) VoIP gateway (172.18.1.1) Subnet 5 Home appliance control private IP (172.19.X.X) Appliance Gateway (172.19.1.1) Subnet 6 Homegate Private IP (172.20.X.X) Home Gateway (172.20.1.1)

In the table above, 172.16.x.x to 172.31.x.x are one of the private IP intervals set by the Internet Address Committee (Internic).

As shown in the above table corresponds to the network configuration of FIG. 3, for example, a default gateway of a host requesting a public IP address becomes only a router and also forms a network with a content server in the complex. In addition, the default gateway of a host requiring a NAT private IP address is a NAT server and also forms a network with a content server in the complex. In other words, only IP contents are set in my content server.

Hosts requesting private IP addresses in the complex are content servers in the complex, hosts requesting VoIP private IP addresses are VoIP gateways, hosts requesting private appliance control private IP addresses are home appliance control gateways, homegates are home gateways and defaults. Form a gateway relationship.

The home gateway 25 has both a private IP address and a public IP address. Since the private IP address is unique within the complex and may overlap between the complex and the complex, the IP address value of the default gateway at the time of product shipment of the home gate 17 may be set to a constant value. In the example above, it can be set to 172.20.1.1. The management server 10 is assigned a public IP address to the home gateway so that the public server can communicate using the public IP address.

Next, a request is made to install the home gate 17, which is a gateway switch of each subscriber (step S3). When the worker dispatched from the ISP network center 8 installs the home gate 17 in each home, the installer setting module 178 inputs the private IP for the home gate 17 itself, and only the information to which the home gate belongs. And a physical location of the home gate 17 and the like, and remotely transmits it to the management server 10. That is, the homegate 17 inputs necessary information so that the homegate 17 can communicate with the management server 10 through the homegateway 25 (step S3).

After the DB construction of the management server 10 and installation of the home gate 17 and input of necessary information are completed, the home gate 17 is booted (step S4). Then, when the home gate 17 communicates with the home gateway 25 and communicates with the management server by using a Real-Specific IP (RSIP) scheme, the home gate 17 allocates a public IP address and a port number to be used by the home gate 17. Receive. The home gate 17 communicates with the management server 10 by using the IP address and the port number to provide information appropriate to the address, for example, the type of IP address to be entrusted and the number of each type (IP address pool) and The value and the IP address list of the server / equipment in the complex are downloaded (step S5). The pool of private or public IP addresses to be entrusted to management is passed to the IP address allocation management module 173, and only the IP address list of the server / equipment within the proxy is passed to the proxy ARP (Address Resolution Protocol) module 176. On the other hand, the proxy ARP module 176 only receives the list of IP addresses of the servers / devices in the network and performs ARP to find their MAC addresses (step S6). Then, the IP address and the user host are matched by the user (step S7), and the preliminary work for using the Internet access system according to the present invention is completed (step S8).

Next, as shown in FIG. 4B, when a plurality of hosts 31-35 connected to the home gate 17 boots and requests an IP address (step S9), the subscriber is used for various purposes of the host and the purpose. It will work to match the IP address. Hosts booted using UPNP (Universal Plug and Play) or IP-based Home Network (IPHN) are displayed and displayed to the user, and the user performs the matching of IP addresses while visually checking the display information. . If the IP address allocation management module 173 is determined that the IP address required by the booted host is a floating public IP address (steps S10, S11, S14), it communicates with the management server 10 to receive the floating public IP address and relay. In the case of a fixed public IP address or a private IP address, the IP address is allocated from the management server 10 to the host in the IP address pool owned by the IP address allocation management module 173 (steps S10 and S12). , S14).

On the other hand, when a plurality of hosts 31-35 are booted, the host boot monitoring module 177 of the home gate 17 periodically monitors which categories of IP addresses are booted and manages the results. When reporting to the server 10 (step S13), and each host is given an IP address and then only has data communication with the server / device or the outside server / device (step S14), the filtering module 175 is a proxy. Upon receiving the MAC address of the device / server only from the ARP module 176, it is checked whether upstream or downstream packets are eligible to pass through the home gate 17 (step S15), and the band whistle management module 174 Only the inner traffic and the outer traffic are separated to manage their band whistle (step S16).

As described above, the management server 10 is provided with a private IP address pool as well as a public IP address pool, the home gate 17 under the control of the management server 10 and acts as a gateway switch of the subscriber is a subscriber The available IP addresses are delegated and managed according to the terms of use. Therefore, the IP address range provided by the management server 10 of the ISP network 8 is extended from the public IP address to the private IP address, thereby resolving the shortage of IP addresses, and the subscribers having various purposes / uses The foundation for establishing a subscriber LAN with multiple hosts has been laid.

And, since a plurality of categories of private IP addresses given to the subscriber's host are not given and managed by the subscriber, but are given by the management server 10 of the ISP network 8 which provides the public service, the " in subscriber LAN " 'S private service area could be extended to the public service area.

Furthermore, hosts such as Internet appliances, VoIP phones, which are originally given by the management server 10, are given a unique private IP address within the complex, and communicate with the hosts through the private IP address within the complex and are authorized public IP. The home appliance control gateway and VoIP gateway to communicate with the management server 10 through the address can be remotely controlled to the Internet home appliances having a private IP address.

And, the home gate 17 is provided with a proxy ARP module 176, so that their MAC address can be known only by the IP address of the device / server, so from the standpoint of the ISP network center 8 It is not necessary to build a new database 101 every time the replacement or expansion, it is possible to prevent the service provided from being disturbed.

Even if a malicious user tries to attack the network using ARP typhoon or MAC spoofing, even if these ARP typhoons are triggered, the ARP message 176 blocks the ARP message from going out of the house, and MAC spoofing is also prevented from going out of the house. . The only way to send an ARP message out of the house is to remove the homegate 17 and connect the attacking system directly with the data incoming line. In this case, the management server 10 does not operate the home gateway 17 of any subscriber. The identity of the malicious user is revealed. In addition, as the size of LAN increases, netBIOS, netBEUI, etc., which are increasing out of the subscriber's home, is blocked at the source, thereby strengthening security and privacy among subscribers.

In addition, since the use of the IP address of the subscriber host is always monitored and reported to the management server 10, the IP address can be used more efficiently, and thus the bandwidth management at the time of data transmission can be more efficiently performed. The foundation was laid.

Claims (5)

In an environment where a large number of small subscribers exist in a complex including a cyber apartment complex, and individual subscriber households are provided with a plurality of LAN ports and LAN cables for implementing a subscriber LAN, inexpensive high-capacity Internet leased lines may be used. A system for providing Internet access services to a number of small subscribers entering into and independent of each other via a LAN, An Internet service provider side having an IP address pool for providing subscribers with multiple purpose / multiple categories of IP addresses required for internet access of multiple hosts of subscribers connected to the multiple LAN ports. The management server provided in, The multiple purpose / multiple categories of IP addresses include a private IP address to be assigned to a host of multiple purposes / uses for establishing the subscriber LAN as well as a public IP address, Installed in the individual subscriber household, in communication with the management server to receive the multiple purpose / multiple categories of IP addresses from the management server according to the subscriber's terms and conditions, and the IP address required by the subscriber's host is a floating public IP. In case of an address, a floating public IP address is allocated from the management server and relayed to the host. When the IP address requested by the host of the subscriber is a fixed public IP address or a private IP address, the management server receives the floating public IP address from the management server. A homegate that assigns an IP address to a host in multiple destination / multiple categories of IP addresses, and An Internet access service system via a LAN for substantially establishing a subscriber LAN including a home gateway installed in each complex for communication between the home gate and a management server. The IP address of the management server according to claim 1, wherein the management server has an IP address which is a floating hole to be allocated to a subscriber host according to an IP address request that is a floating hole of the home gate, and the multiple purpose / multiple categories of IPs that are managed by being entrusted to the home gate. An Internet access service system via a LAN, wherein addresses, subscriber-specific information, only LAN information, and a list of IP addresses of servers in a LAN are constructed in a database. 3. The homegate of claim 2, wherein the homegate receives the floating IP address, the multiple purpose / multiple categories of IP addresses from the management server, and provides a user host having various purposes / uses based on a subscriber's terms and conditions. An IP address assignment management module for configuring an IP address correspondingly; Proxy ARP module that finds its "MAC address" based on the IP address list of the device / server of the complex downloaded from the management server and responds on behalf of the communication equipment in the complex in response to the ARP request generated by the subscriber host; The MAC address of the device / server in the complex is received from the proxy ARP module, and the MAC address of each host of the subscriber and the MAC address of the server / device in the complex in the default gateway relationship or IP arithme relation with the host are matched. A filtering module configured to determine whether a frame generated at each host is entitled to pass through the home gate based on the table; Host boot monitoring module for periodically monitoring the connection status of the subscriber host and transmits to the management server 10, and Receive the bandwiss management guideline and IP address list of the only equipment / server of the management server prepared by the management server according to the report of the host boot monitoring module from the management server, or in addition to the MAC of the equipment / server of the equipment / server from the proxy ARP module. And a band-wiss management module configured to receive an address and classify the packet arriving at the homegate into traffic outside the complex and traffic within the complex to manage band whistle for each traffic pack type. In an environment where a large number of small subscribers exist in a complex including a cyber apartment complex, and individual subscriber households are provided with a plurality of LAN ports and LAN cables for implementing a subscriber LAN, inexpensive high-capacity Internet leased lines may be used. A method of providing Internet access services to a number of small subscribers entering into and independent of each other via a LAN, (a) constructing a database of public IP address pools, unique LAN-specific private IP address pools, subscriber information, and location information of a complex to which a subscriber belongs, in a management server provided in the Internet access service provider; (b) installing a home gateway in each complex to communicate with the management server through a public IP address and to communicate with a plurality of hosts of the subscriber through a private IP address, (c) communicate with a management server through the home gateway to receive multiple purpose / multiple categories of public or private IP addresses from the management server in accordance with the subscriber's terms of use, and the IP address required by the subscriber's host to flow; In the case of a public IP address, a floating public IP address is allocated from the management server and relayed to a corresponding host. When the IP address required by the host of the subscriber is a fixed public IP address or a private IP address, the management server receives a floating public IP address from the management server. A homegate that assigns an IP address to a host from the multiple purpose / multiple categories of IP addresses that it has is installed at the gateway of each subscriber's "in-house" and "out-house" boundaries within the LAN. Steps, (d) the homegate communicates with the management server through the home gateway, and from the management server to the IP address allocation management module of the homegate, a fixed public IP address according to subscriber terms and a private IP address to be given to the host. Receiving information including the IP address of the server / device in the complex, (e) In response to an IP address request generated at the same time as booting of the host connected to the homegate, assign an IP address according to the subscriber's terms, and if the requested IP address is a floating public IP address, the homegate communicates with the management server. Receiving and assigning a floating public IP address to the corresponding host; if the requested IP address is a public fixed IP address or a private IP address, the homegate selects and assigns from the IP addresses entrusted by the management server. Internet access service providing method comprising a. 5. The method of claim 4, wherein in step (d), the proxy ARP module of the homegate receives a list of IP addresses of only servers / devices from the management server, performs ARP, finds their MAC addresses, and sends them to the homegate. Send to the filtering module, In step (e), the booting of the host is detected by the host boot monitoring module and reported to the management server, and a band whistle management guideline is written from the management server and transmitted to the band whistle management module provided at the home gate. The management module also receives only the MAC address of my server / device from the proxy ARP module, After the step (e), during the data communication process, the BW management module compares the source MAC address or the destination MAC address of the packet arriving at the home gate with the MAC address of the only server / device and compares only the outside traffic and the inside traffic. To manage bandwiss, The filtering module is configured based on the MAC address of the server / device in the complex received from the proxy ARP module and the default gateway or IP iris relationship setting table between the host and the server / device in the complex set by the subscriber. And determining whether to pass the packet arriving at the home gate.