JP2001230811A - Network unit - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a network unit that can increase the number of devices that can be connected to the Internet without increasing the number of bits of each address used on the Internet. SOLUTION: The network unit 14 is provided with an address conversion function block 14a. The address conversion function block 14a rewrites a sender IP address (local address) in a communication packet sent by each terminal 20 into an IP address (global address) actually used on the Internet 10, and also rewrites an IP address (global address) in a communication packet sent from the Internet 10 into a local address of any terminal 20. Thus, a plurality of the terminals 20 can use one global address in common. As a result, more people can utilize the Internet while preventing exhaustion of IP addresses.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a network device used for providing a network service through a constantly connected data communication public network. In particular, the present invention relates to a network device that solves network address exhaustion and enables many terminals to use network services.

[0002]

2. Description of the Related Art In recent years, data communication on networks represented by the Internet has been developed. In this data communication, in addition to an always-on connection type that is always connected to the Internet, a form in which a connection is established only when necessary is widely used. In particular, when connecting to the Internet using a public network, a dial-up connection in which a connection is made only when necessary is generally used because, for example, charging is performed according to the connection time.

[0003] However, since the Internet and the like can show their true value only when they are always connected, there is a strong demand for an environment that can realize constant connection using a public network.

[0004] In response to such demands, an always-connected wide area network data communication service using a public network is planned. The service is being implemented by introducing fiber optics into offices and homes across the country.

[0005] When such services make it possible to always connect to the Internet using a public network, a problem is a shortage of addresses. The IP address currently used on the Internet is a 32-bit address system called IPv4. Since this address system is 32 bits, the number of devices that can connect to the Internet worldwide is, in principle, only 2 32.

[0006] On the other hand, if the constant connection using the optical fiber is widely used, it is expected that the number of people who always want to always connect to the Internet will increase more than ever.

Therefore, even if the above-mentioned service is started without solving the problem of the address, it is considered that the address cannot be allocated to all the persons who want to connect to the Internet because the address to be allocated is insufficient. . As a result, the number of people who cannot receive services that are always connected to the Internet may increase because addresses are not assigned.

To solve such a problem of address shortage, it is conceivable to increase the number of bits of the IP address. For example, a 128-bit address system standard called IPv6 can greatly increase the size of a network.

[0009]

However, this I
Since Pv6 is an address system different from the current IPv4, it is difficult to use the current network equipment as it is. In the case of a device whose operation is described by software, the IP
Although there is a possibility that IPv4 can be migrated from v4 to IPv6, network devices that are all composed of hardware
Migrating from v4 to IPv6 is extremely difficult. Therefore, the transition from IPv4 to IPv6 is expected to be difficult because most of the network devices on the Internet must be replaced.

[0010] Under the circumstances described above, it is desirable to increase the number of devices that can connect to the Internet while keeping the address system to be used as IPv4.

The present invention has been made in view of the above problems, and has as its object to increase the number of devices that can be connected to the Internet without increasing the number of bits of addresses used on the Internet. The realization of the device.

[0012]

In order to solve the above problems, the present invention provides a network device connected between a server for providing a network service on a network and a plurality of terminals receiving the network service. A local address is assigned to each terminal, and the local address of communication data output from each terminal is rewritten to a global address on the network, and a global address in communication data transmitted from the network is rewritten. Address conversion means for rewriting the address to a local address assigned to any of the terminals.

With such a configuration, a plurality of terminals can share a global address. In addition,
The communication data is data to be communicated, and is a concept including a communication packet described in an embodiment described later.

Further, according to the present invention, when the destination address of the communication data output from each terminal is an address to which access is not permitted, the transmission of the communication data is stopped, and the transmission from the network is stopped. If the source address of the received communication data is an address for which access is not permitted, the network device includes filtering means for stopping transmission of the communication data.

With such a configuration, it is possible to prevent data from being received from an undesired partner and prevent so-called unauthorized access from being accessed by an undesired partner and extracting data.

Further, the present invention is a network device including a public network interface means for connecting the terminal to the network device via a public network.

With such a configuration, it is possible to provide a network service to a terminal via a public network.

Further, the present invention is the network device, wherein the public network is an always-connected data communication network.

With such a configuration, it is possible to provide a terminal with a constantly connected network service.

Further, the present invention is the network device, wherein the local address and the global address are IP addresses.

With such a configuration, it is possible to provide the terminal with the network service while preventing the IP address from being depleted.

Also, the present invention provides a method for transmitting and receiving a TCP
A network device comprising terminal interface means for performing communication by / IP.

With such a configuration, address conversion can be performed smoothly by identifying the terminal by the port number of the TCP layer.

[0024]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Preferred embodiments of the present invention will be described below with reference to the drawings.

FIG. 1 is an explanatory diagram showing a state of providing a network service using the network device of the present embodiment. FIG. 2 is a configuration block diagram of the network device of the present embodiment.

Overall Configuration of Service Provision First, as shown in FIG.
Is connected to a server 12 of a data communication service provider (hereinafter, simply referred to as “service provider”). An individual or corporation who wants to connect to the Internet 10 contracts with this service provider and connects to the Internet 10 via the server 12.

The terminal 20 owned by an individual or a corporation connects to the service provider's server 12 via the public network 18. The service provider's server 12 is connected to a public network via the network device 14 and the terminating equipment 16 according to the present invention, and the server 12 is connected to a terminal 20 via the public network 18.

A feature of the present embodiment is that the network device 14 includes a so-called address translator. By this address conversion means, the IP address (local address) of each terminal
Is converted into an IP address (global address) actually used on the Internet, so that a plurality of terminals 20 can share one global address. As a result, more people can use the Internet while preventing the exhaustion of IP addresses.

The public network 18 according to the present embodiment is now described.
Is an always-connected public network. Such a public network is
It is planned to be realized by putting optical fiber around homes and offices.

According to the current plan, such a public network will be a net through which both data and telephone voice signals flow. Therefore, the termination device 16
It plays a role in separating data and audio signals flowing through the optical fiber into respective signals. Therefore,
A conventional telephone 30 or the like will also be connected to the terminating device 16. On the other hand, a device that handles data such as the network device 14 is also connected to the terminal device 16.

The configuration of the network device 14 according to the present invention will be described in detail with reference to FIG. As shown in this figure, the network device 14 includes an address translation function block 14
a, filtering function block 14b, customer data amount monitoring block 14c, communication protocol function block 1
4d and each means of the network management block 14e.

Further, the network device 1 of the present embodiment
Reference numeral 4 includes a customer-specific data transfer control block 14f and a transmission path interface 14g.

Address Conversion Function Block The address conversion function block 14a is a means for rewriting an IP address in a communication packet. In this embodiment, dedicated hardware is used in order to secure a communication speed. Of course, in applications where the communication speed may be slow, it is also preferable to realize the function of this block by software.

A feature of this embodiment is that the address conversion function block 14a converts one global address into a plurality of local addresses by performing address conversion. . As a result, a plurality of terminals 20 can share one global address, and more people can use the Internet 10 while preventing the exhaustion of IP addresses.

In the present embodiment, as described above, each terminal 20 is assigned an IP address called a local address. This address is legitimate Internet 1
It is not the address that appears on 0, but the local IP address given to each terminal by the service provider.

The address conversion function block 14a rewrites the local address in the communication packet transmitted from each terminal 20 to the Internet 10 to a proper IP address on the Internet 10. This local address is included in the communication packet as a source address. Now, the rewritten IP address on the Internet is referred to as a global address here to distinguish it from a local address.

The address conversion function block 14a
Rewrites the global address in the communication packet sent from the Internet 10 to the local address given to each terminal. This global address is included in the communication packet as the destination address. Rewriting to a local address uses TC
This is performed using a port number in the TCP layer of the P / IP protocol.

Thus, a plurality of terminals 20 can share one global address. The address translation technology for sharing a single global address by a plurality of terminals is used in, for example, a home ISDN router. However, in the case of a home-use ISDN router, the speed is slow, and therefore, in many cases, the address conversion function is realized by software instead of hardware.

The address conversion function block 14
“a” corresponds to the address conversion means of the present invention.

Filtering Function Block The filtering function block 14b filters communication packets. That is, for each terminal 20, data that intrudes from the Internet is restricted, and a destination that can be transmitted from each terminal is restricted.

The service provider's customers use the Internet for various purposes. For example, an application in which communication is performed only with a certain destination can be considered. In some cases, a customer may want to prevent access to a harmful homepage. In the former case, it is desirable from the viewpoint of security to reject all data from a partner other than a certain partner. In the latter case, it is desirable to reject only data from a specific destination.

The service provider sets the filtering information for each terminal 20 in the filtering function block 14b according to such various requests of the customer. The filtering function block 14b checks the destination address of the communication packet sent from each terminal 20 based on the filtering information, and stops the transmission of the communication packet if the address is not permitted. Then, the communication packet is discarded / deleted. Also, the filtering function block 14b checks the source address of the communication packet sent from the Internet 10 to each terminal 20 based on the filtering information. The transmission of the communication packet is stopped, and the communication packet is discarded or deleted.

The filtering information is information describing information on what kind of communication packet is to be passed. Such information is also used, for example, in a conventional firewall and the like, and a detailed description thereof will be omitted.

As described above, in this embodiment, since communication filtering is performed for each terminal 20, unauthorized access from the outside (the Internet 10) to the customer can be discarded.

In the present embodiment, in order to secure the communication speed, the filtering function block 14 is used.
b is also configured by hardware. However, in applications where the speed may be low, it is also preferable to configure this block with software.

The filtering function block 1
4b corresponds to the filtering means of the present invention.

The data amount monitoring block for each customer The data amount monitoring block for each customer 14c monitors the communication data amount for each terminal 20. This amount of data is billed,
It can be used for traffic control and the like.

Since the data communication fee for each customer can be ascertained, a billing method based on the data amount can be adopted. Also, when using it for traffic control,
Communication protocol function block communication protocol function block 14d to be described in detail in the customer each data transfer control block 14f after is a so-called protocol stack configured by software.

Network Management Block The network management block 14e is a means for mainly processing a network trouble and a means for monitoring network traffic.

The customer each data transfer control block customer each data transfer control block 14f is a unit that performs reconfiguration of the communication packet to each terminal 20 each. As described above, the address conversion function block 14a rewrites an address. Therefore, the CRC in the communication packet
Etc. need to be recalculated. The customer-specific data transfer control block 14f performs such recalculation of the CRC and reconstructs the packet.

The customer data transfer block 14f
Performs shaping on the basis of the communication volume for each customer terminal 20. Shaping is performed by a certain terminal 20.
This is a technique for securing the minimum communication band for each customer terminal 20 in order to prevent only the communication band from occupying the communication band. In the present embodiment, the customer data transfer block 14f has the function. As a result, traffic control can be performed at the communication application service level, and communication quality can be improved.

The communication amount of each terminal 20 is monitored by the customer data amount monitoring block 14c.

Transmission Line Interface The transmission line interface 14g is a connection interface with an external device. That is, the transmission line interface 14g is an interface between the network device 14 and the terminal device 16. Note that this interface always connects to the terminal 20 via the terminating device 16 and the public network 18, and thus corresponds to the public network interface means of the present invention. The transmission line interface 14g is an interface between the network device 14 and the server 12.

In the present embodiment, as described above, when translating from a global address to a local address, T
The port number of the TCP layer in CP / IP is used. Therefore, between the network device 14 and the terminal 20, the transmission line interface 14g
Data communication by TCP / IP is performed. Therefore, the transmission line interface 14g corresponds to the terminal interface means of the present invention.

Conclusion As described above, according to the present embodiment, a plurality of terminals 20 can access the Internet 10 by sharing one IP address. Therefore, more people can use the Internet while preventing the exhaustion of IP addresses.

Although one IP address is shared in the present embodiment, a plurality of IP addresses may be shared.

As a result, the current shortage of IPv4 addresses is resolved, and the communication service provider can easily increase the number of customers.

Further, the network device 1 of the present embodiment
4 can be adjusted to the data transfer capability and data transfer protocol currently used by the service provider. This makes it possible to easily cope with various data communication service infrastructures.

Further, the network device 14 of the present embodiment is basically equipment provided on the service provider side, and is desirably managed by the service provider. Therefore, each customer does not need to perform management and setting, and the customer can enjoy various services from the data communication service provider.

[0060]

As described above, according to the present invention, a local address and a global address are mutually converted,
Since the global address can be shared by a plurality of terminals, it is possible to prevent the exhaustion of the global address and to provide a network service to more terminals.

Further, according to the present invention, so-called unauthorized access can be prevented, so that the security of the customer terminal can be secured.

Further, according to the present invention, it is possible to provide an always-on network service using a public network.

Further, according to the present invention, it is possible to provide a network device capable of preventing the depletion of the IP address and performing the address conversion smoothly using TCP / IP.

[Brief description of the drawings]

FIG. 1 is an explanatory diagram showing a state of service provision according to a preferred embodiment of the present invention.

FIG. 2 is a configuration block diagram illustrating a configuration of a network device according to the present embodiment.

[Explanation of symbols]

 DESCRIPTION OF SYMBOLS 10 Internet 12 Server 14 Network device 14a Address conversion function block 14b Filtering function block 14c Data amount monitoring block for each customer 14d Communication protocol function block 14e Network management block 14f Data transfer control block for each customer 14g Transmission path interface 16 Terminating equipment 18 Public network 20 Terminal 30 telephone

 ──────────────────────────────────────────────────続 き Continuing on the front page F-term (reference)

Claims (6)

[Claims] 1. A network device connected between a server that provides a network service on a network and a plurality of terminals that receive the network service, wherein each terminal has a local address, and each terminal has An address for rewriting the local address of the communication data output from the network to a global address on the network, and rewriting a global address in the communication data transmitted from the network to a local address assigned to any of the terminals. A network device, comprising: conversion means. 2. The network device according to claim 1, wherein, when the destination address of the communication data output from each terminal is an address for which access is not permitted, transmission of the communication data is stopped. If the source address of the communication data transmitted from the network is an address for which access is not permitted, filtering means for stopping the transmission of the communication data. 3. The network device according to claim 1, further comprising public network interface means for connecting said terminal to said network device via a public network. 4. The network device according to claim 3, wherein said public network is an always-connected data communication network. 5. The network device according to claim 1, wherein the local address and the global address are IP addresses.
A network device, which is an address. 6. The network device according to claim 1, further comprising terminal interface means for performing TCP / IP communication with said terminal.