JP2000270004A - Router - Google Patents

Abstract

PROBLEM TO BE SOLVED: To allow the router to set a plurality of functions to one interface and to be applicable to data transmission between LANs by converting the address of a packet on the basis of conversion management information for each interface. SOLUTION: Interfaces PP1-PP3 conduct address conversion and channel connection in compliance with the NAT or the IP masquerade. NAT descriptor description information, NAT descriptor application setting information and NAT descriptor management information corresponding to each of the interfaces PP1-PP3 are set to respective areas in a memory of a route 2. Each of the interfaces PP1-PP3 conducts address conversion on the basis of the NAT descriptor management information and port number conversion in the case of the IP masquerade. Four management information can be set to this memory corresponding to each of the interfaces PP1-PP3 and LANs 1, 2.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

[0001] The present invention relates to a router used in various networks such as the Internet.

[0002]

2. Description of the Related Art As is well known, in the Internet, TCP / IP (Transmission in Content) is used.
rol Protocol / Internet Pro
(tocol) protocol.
Here, when transmitting a file (data), the TCP protocol divides the file on the transmitting side into packets, adds information indicating which type of application to pass each packet to the destination, and on the receiving side, the packet of the packet is transmitted. When receiving,
Each packet is checked for defects and recombined into a file. FIG. 17 shows the configuration of the TCP header. The IP protocol adds an IP address indicating the destination of transmission data when transmitting a packet, and determines whether or not the packet is addressed to itself by determining the IP address when receiving the packet. FIG.
4 shows a configuration of a P header. In the TCP / IP protocol, a packet is formed by adding the above-described TCP header and IP header to transmission data, and the packet is transmitted through a network. Note that a UDP protocol is also used in addition to the TCP protocol. This UDP is shown in FIG.
3 shows a configuration of a header. Then, a router is used for controlling transmission of the packet to which the above-described headers are added in the network. This router has a routing table inside, detects the next destination of the packet by comparing the IP address of the packet transmitted from another node with the routing table, and sends the packet to the destination. .

In recent years, 32-bit IP addresses have become scarce, and to compensate for this, NATs have been added to routers.
(Network Address Translat
(ion) function or an IP masquerade function. The NAT function is a LAN (Local A)
The private IP address used in the local area network is converted to a global IP address and the packet is transmitted to the Internet, and the global IP address of the packet arriving from the Internet is converted to a private IP address and the computer in the LAN is converted. Send to The NAT includes a static NAT and a dynamic NAT. A static NAT is one in which a private IP address and a global IP address to be converted are determined (set) in advance.
The AT automatically sets a private IP address of a node that has started communication at the start of communication as a conversion address.

[0004] IP masquerade not only translates IP addresses, but also uses TCP /
The port number of the UDP is also converted, whereby a plurality of computers in the LAN can be connected to the outside using one global IP address. This IP
Masquerade also has static IP masquerade and dynamic IP masquerade (usually simply called IP masquerade)
There is. In the static IP masquerade, the private IP address to be converted, the global IP address, and the port numbers of the private and global IP addresses are predetermined, while the dynamic IP masquerade is the private IP address at the start of communication. , The port number is automatically set.

FIG. 16 is a block diagram showing the configuration of this type of router 100. The router 100 shown in FIG. 1 includes a routing device 101 and the routing device 101.
(ISDN basic user interface) controller 102 for performing physical control of data transmission between the LAN and the ISDN line, and Ethernet controller 103 for performing physical control of data transmission between the routing device 101 and the LAN. ing. The routing device 101 includes a CPU (central processing unit), a ROM (read only memory) storing a program of the CPU, a RAM (random access memory) for temporarily storing data, and the like. Each function to be executed is indicated by a block. Here, reference numeral 104 denotes an I that performs routing of a transmitted packet.
This is a P routing process. Interfaces 105 and 106 perform an address conversion process and a line connection process by NAT or IP masquerade.

[0006]

The above-mentioned conventional router has the following problems. It is intended only for connection to the Internet, and therefore, the interfaces 105 and 106 are provided only on the ISDN line side. Therefore, it cannot be used for data transmission between LANs, for example, when two LANs are formed in the same workplace. Only one function can be set for one interface, so that dynamic NAT and IP masquerading cannot be applied, and there are restrictions on the combination of private IP addresses and global IP addresses by static NAT, and complex NAT translation There were drawbacks such as the inability to perform.
The present invention has been made in consideration of such problems,
An object of the present invention is to provide a router which can set a plurality of functions for one interface and has high flexibility which can be applied to data transmission between LANs.

[0007]

In order to achieve the above object, an invention according to claim 1 is provided in a router having an address translation function for translating between a private address and a global address and set by a user. A first storage unit for storing conversion data, a second storage unit for storing application information corresponding to an interface set by a user, and a storage unit based on data in the first and second storage units. Control means for generating conversion management information for each interface, and conversion means for converting the address of a packet based on the conversion management information are provided.

According to a second aspect of the present invention, in the first aspect of the present invention, the first storage means includes a list indicating a range of a global address, a list indicating a range of a private address, a global address and a private address. And a list indicating the correspondence between addresses is provided. According to a third aspect of the present invention, in the first or second aspect of the invention, the second storage means stores a plurality of pieces of application information corresponding to each interface. According to a fourth aspect of the present invention, in the second aspect of the present invention, the first storage means further includes a list indicating a correspondence between a port number and a global address, and the conversion means includes a packet address and a port address. The number is converted together.

[0009]

Embodiments of the present invention will be described below with reference to the drawings. FIG. 1 is a block diagram showing a configuration of a router 1 according to an embodiment of the present invention. A router 1 shown in FIG. 1 includes a routing device 2, BRI controllers 3 and 4 for physically controlling data transmission between the routing device 2 and an ISDN line, and data transmission between the routing device 2 and a LAN. And Ethernet controllers 5 and 6 for performing physical control of the RP.

The routing device 2 includes a CPU, a ROM in which a program of the CPU is stored, and an R for temporarily storing data.
Each function is executed by a program in the figure, and is shown by blocks. Hereinafter, the function of each block will be described. First, code 1
1 is an IP for routing transmitted packets
(Internet Protocol) routing processing. This process is a conventionally known process, and a detailed description thereof will be omitted. PP1 to PP3 and LA
N1 and LAN2 are interfaces, and details will be described below. 26 is a BRI driver, and 31 and 32 are Ethernet drivers.

Next, the interfaces PP1 to PP3 and the LAN1 and LAN2 will be described in detail. These interfaces are blocks for performing address conversion processing and line connection processing by NAT or IP masquerade. In a memory (not shown) of the routing device 2, NAT descriptor definition information and NA
NAT descriptor management information is set in each area in advance corresponding to each of the T descriptor application setting information and each interface, and each interface performs address conversion processing and IP masquerading based on the NAT descriptor management information. Also performs port number translation. FIG. 2 is a diagram showing a setting state of the above-mentioned management information in the memory. As shown in FIG. 2, each of the interfaces PP1 to PP3 and LAN1, LAN2
, Four pieces of management information can be set. FIG.
Is a diagram showing the configuration of each management information. As shown in this figure, each management information includes a NAT descriptor number ND1, applicable interface information ND2, and a NAT management table N.
D3 and a masquerade management table ND4. A predetermined global address is assigned to the interfaces LAN1 and LAN2.

FIG. 4 is a diagram showing an example of the NAT management table ND3. The NAT management table ND3 includes three items, a global address, a private address, and a life. In this table ND3, the first, second
The line is a setting of a static NAT, and a private address is set in advance. On the other hand, the dynamic NA
This is a column for T, and a private address is written at the start of communication. "Life" is a dynamic NAT
The private address is automatically erased when the time set in the life column elapses after the private address is written after the private address is written.

FIG. 5 shows an example of the masquerade management table ND4.
D4 is used protocol, private address, private port number, destination address, destination port number,
Global address, global port number, lifetime 8
Consists of items. In this table ND4, the first and second rows are the settings of the static IP masquerade, and data based on the user's settings are set in advance at the positions indicated by *. The third and subsequent lines are columns for IP masquerade, and data is written in each item at the start of communication.
"Life" is a timer used in the case of IP masquerade. When the time set in this life column elapses after each data is written, the data is automatically deleted.

Next, a process of creating the above-described NAT descriptor management information will be described. FIG. 6 shows the structure of the NAT descriptor definition information. Each data of the NAT descriptor definition information is set by the user. Here, the symbol TG1 is a NAT descriptor number, and TG2 is a processing type. These processing types include "NAT",
One of “IP masquerade” is set. TG3
Is a global address list, the structure of which is shown in FIG. As shown in this figure, the global address list is set by designating a start point address and an end point address, and a plurality of sets can be set. TG4 is a private address list, and its configuration is shown in FIG. The private address list is also set by specifying the start point address and the end point address, and a plurality of sets can be set. TG5 is a list of static NATs, and a plurality of sets of global addresses and private addresses are set as shown in FIG. TG6 is a list of static masquerades, and as shown in FIG.
The private address, protocol and port number are set. Then, a plurality of sets of the above-described NAT descriptor definition information are set by the user. The global address list in FIG. 7 and the global address in the static NAT list in FIG. 9 include NAT descriptor setting information such that an IPCP address described later is used for a dial-up connection to an Internet access provider. Can be set.

Next, FIG. 11 shows NAT descriptor application setting information, and each data is input by a user. The NAT descriptor application setting information includes the interfaces PP1, PP2,... And LAN1, LA.
This is set in correspondence with N2, and four NAT descriptor numbers can be set for one interface. This NAT descriptor number indicates the NA of FIG.
T descriptor definition information is specified. When the above-described NAT descriptor definition information and NAT descriptor application setting information are set or changed, the input setting is converted into data having a shape that can be easily processed by the router. Then, when the power of the router is turned on or when the definition information or the like is changed, the NAT descriptor management information shown in FIGS. 2 to 6 is generated based on the above-described definition information and application setting information. In this case, NAT
By looking at the descriptor application setting information in order, management information is created one by one from the definition information of the corresponding descriptor number. However, when the application setting information is not described, or when the definition information or the application setting information is inappropriate, the information is not created.

Next, in the interface PP1 of FIG. 1, reference numeral PP1a is a block for performing address conversion of a passing packet based on the above-described NAT descriptor management information (FIG. 2), and the processing procedure is shown in FIG. . In this figure, "1" is set to the count n in step S1. Next, when the process proceeds to step S2,
It is determined whether or not the count n is smaller than the maximum applicable number 4. If the result of the determination is "YES", the operation proceeds to step S3. In step S3, it is determined whether or not the n-th NAT descriptor management information has been created.
That is, in this case, it is determined whether or not the management information indicated by the code K1 in FIG. 2 has been created. If it has been made ("YES"), the process proceeds to step S4. In step S4, based on the information obtained from the packet and the NAT descriptor management information, the address of the same packet is converted (and the port number is converted in the case of IP masquerade).
This conversion process is the same as the conventional one. Then, the process proceeds to step S5. In step S5, a termination condition is determined. If the answer is "YES", the process ends.

The result of the determination in step S3 is "NO".
In the case of, the process proceeds to step S6, "1" is added to the count n, and the determinations in steps S2 and S3 are repeated. When the count n becomes “5”, the result of the determination in step S2 becomes “NO”, and the process ends. The above is the address conversion processing in the block PP1a, and the same applies to the processing in the blocks PP2a and PP3a. The same applies to the processing of the blocks LAN1a and LAN2a in the interfaces LAN1 and LAN2.

Next, in the interface PP1 (FIG. 1), reference numeral PP1b is a block for performing line processing, and performs dialing processing of a preset telephone number. The same applies to the processing of the blocks PP2b and PP3b. Next, the operation of the above-described router will be described. Now, an example will be described in which a computer (computer A) of the network 1 shown in FIG. 1 sends data to another office via an ISDN line. In this case, the interface L
The block LAN1a of the AN1 is set inoperative. In this state, a packet transmitted from the computer A has a private address predetermined for the computer A as a source address.
And this packet is the Ethernet controller 5,
The processing proceeds to the IP routing processing 11 via the Ethernet driver 31, where the routing processing is performed. After this routing process is completed, the packet proceeds to, for example, the address translation process of the block PP1a, where the NAT
The private address of the transmission source is converted into a global address based on the descriptor management information (FIG. 2).

At this time, the line connection processing by the block PP1b is performed. In this process, a dialing process is performed, and then a process shown in FIG. 13 is performed. In this process, in step Sa1, the line connection state of the interface is set to “connected”. FIG. 14 shows a table for setting the line connection state. Next, step Sa2
Then, it is determined whether or not the ipcp address has been notified. Here, the ipcp address is a global address transmitted by an Internet access provider by IPCP (Internet Protocol, Enwar Protocol). The result of this determination is “YE
In the case of "S", the process proceeds to step Sa3, and the same address is recorded in the management information (see FIG. 14). If “NO”, the process of step Sa3 is not performed. When the above-described line connection processing is completed, the packet is sent out to the ISDN line. At the end of the line connection, the table of FIG. 14 is reset as shown in FIG.

Next, a case where a computer on the network 2 (computer B) shown in FIG. 1 sends data to the computer A on the network 1 will be described. In this case, the packet transmitted from the computer B is provided with the global address of the network 1 as a destination address, and as a source address.
The private address of computer B is assigned.
This packet is sent to the processing of the block LAN 2 a of the interface LAN 2 via the Ethernet controller 6 and the Ethernet driver 32. This block L
In the processing of the AN 2a, the source address is converted to a global address based on the NAT descriptor management information. Next, the process proceeds to the IP routing process 11, where the routing process is performed. As a result of this routing processing, it is detected that the packet is destined for the network 1, and the packet is transmitted to the interface LAN.
The process proceeds to the address conversion processing of the first block LAN1a. Then, in the processing of the LAN 1a, the destination global address is converted into the private address of the computer A based on the NAT descriptor management information (FIG. 2) and transmitted to the computer A.

Thus, in the router described above,
The address translation process and the line connection process are separated, and the address translation process is generalized using a NAT descriptor so that the user can freely set the NAT descriptor. In the above example, the processing by the NAT that performs only the address translation has been described. However, in the case of the IP masquerade, not only the address translation but also the port number translation is performed. That is, in the present embodiment, at the time of transmission, a private address as a source IP address is converted into a global address, and a private port number as a source port number is converted into an available global port number. Send. On the other hand, when the return packet is received, the destination global address (same as the source global address converted at the time of transmission) added to the transmitted packet and its port number (the same number as the destination port number) Into a corresponding private address and its private port number. That is, the conversion of the port number in the IP masquerade is managed based on the correspondence between the private port number written in the masquerade management table of FIG. 5 and the destination port number.

[0022]

As described above, according to the present invention, a plurality of functions can be set for one interface, and the address conversion processing can be set on the LAN side. It is possible to provide a highly flexible router applicable to data transmission between LANs.

[Brief description of the drawings]

FIG. 1 is a block diagram showing a configuration of an embodiment of the present invention.

FIG. 2 shows an interface PP in the embodiment.
1, PP2,... And a setting state of NAT descriptor management information used in LAN1, LAN2.

FIG. 3 is a diagram showing a configuration of each NAT descriptor management information.

4 is a diagram showing a configuration example of a NAT management table in the NAT descriptor management information of FIG.

FIG. 5 is a diagram showing a configuration of a masquerade management table in the NAT descriptor management information of FIG. 3;

FIG. 6 is a diagram showing a configuration of NAT descriptor definition information.

7 is a diagram showing a configuration of a global address list in the NAT descriptor definition information shown in FIG.

8 is a diagram showing a configuration of a private address list in the NAT descriptor definition information shown in FIG.

9 is a diagram showing a configuration of a static NAT list in the NAT descriptor definition information shown in FIG.

FIG. 10 is a diagram showing a configuration of a static masquerade list in the NAT descriptor definition information shown in FIG.

FIG. 11 is a diagram showing a configuration of NAT descriptor application setting information.

FIG. 12 shows N of interface PP1 in FIG. 1;
It is a flowchart which shows AT processing.

FIG. 13 is a flowchart showing processing at the time of starting line connection of an interface PP1 in FIG. 1;

FIG. 14 is a diagram showing a table in which a line connection state is written.

FIG. 15 is a flowchart showing a process when the line connection of the interface PP1 in FIG. 1 is completed.

FIG. 16 is a block diagram showing a configuration of a conventional router.

FIG. 17 is a diagram showing a configuration of a TCP header.

FIG. 18 is a diagram showing a configuration of an IP header.

FIG. 19 is a diagram showing a configuration of a UDP header.

[Explanation of symbols]

DESCRIPTION OF SYMBOLS 1 ... Router, 2 ... Routing apparatus, 11 ... IP routing processing, PP1, PP2, PP3 ... Interface, LAN1, LAN2 ... Interface, PP1
a, PP2a, PP3a, LAN1a, LAN2a... Address conversion processing (NAT), PP1b, PP2b, PP
3b Line processing.

Claims (4)

[Claims] 1. A router having an address translation function for translating between a private address and a global address, wherein: first storage means for storing translation data set by a user; and an interface set by the user. Second storage means for storing corresponding application information; control means for generating conversion management information for each interface based on data in the first and second storage means; and And a translation unit for translating an address in the packet. 2. The first storage means includes: a list indicating a range of the global address; a list indicating a range of the private address; and a list indicating a correspondence between the global address and the private address. The router according to claim 1, wherein 3. The router according to claim 1, wherein a plurality of pieces of application information are stored in the second storage unit corresponding to each interface. 4. The apparatus according to claim 1, wherein said first storage means further includes a list indicating a correspondence between a port number and a global address, and said conversion means converts a packet address and a port number. 2. The router according to 2.