JP2001326692A - Interconnection unit and network system using the same - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an interconnection unit that interconnects a plurality of network connection service enterprises which manage a plurality of virtual private networks(VPN) with different systems or identification numbers in the unit of VPNs and to provide a communication network system. SOLUTION: Each service enterprise is provided with an internal network that transmits/receives an internal network use data packet, including the identification number of the VPN and with an interconnection unit 110 that transmits/ receives a data packet which does not include the identification number of the VPN and converts a data packet with an external communication line 130 having a line different for each identification number. The interconnection units are interconnected by other management communication line 140, and the conversion information of each VPN is exchanged.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an interconnecting device and a communication network system using the same.
Between a plurality of network systems, each providing a virtual private network service in a unique manner, data is exchanged between data in a unique format in each network system and data in an external common format for interconnection. The present invention relates to an interconnecting device that performs conversion and thereby enables interconnection of private networks between network systems, and a communication network system using the same.

[0002]

2. Description of the Related Art In recent years, due to the rapid spread of networks and the like, there is an increasing demand for connecting from a business trip destination or a satellite office to a company through a line of a network connection service provider (hereinafter, simply referred to as a service provider). Along with that, it is possible to treat the connection between the business trip destination or the satellite office and the company as if it were a local area network, to facilitate the cooperation between user hosts that are remotely connected to each other, and to connect with other hosts. Virtual private network (hereinafter referred to as "Virtual Private Network")
VPN).

As a method for constructing a VPN between user hosts located at remote locations as described above, the following two methods can be considered. The first method is to construct a reliable virtual connection by encrypting a transmission packet on a transmission path that covers a wide area such as the Internet but has low reliability. is there. The second method is a method in which a single service provider uses its own private network service only in a highly reliable transmission path using its own network. As an example of such a network, for example, NT
A next-generation connectionless network and the like introduced in the TR & D April 1998 issue are known.

[0004] The first method described above is that there is almost no need for the service provider to introduce a mechanism for VPN, and each user host does not need to be connected to a single service provider. This has the advantage that the cost of network connection itself is reduced for both service providers and users. However, this first method involves the necessity of introducing software for VPN construction on the user side, encryption / decryption at the time of communication, and the fact that the communication quality of the Internet is not guaranteed. For the reason, the second method is inferior to the second method in terms of the host management cost and the communication quality on the user side. On the other hand, the second method, on the other hand, is superior to the first method in terms of communication quality and host management cost, but because each user host must connect to a single service provider, The available geographical range is limited.

[0005]

A VPN can be considered as an extension of a local area network to a remote place, and constructs an environment as close to or more convenient than the local area network environment as much as possible. It is desirable to be able to. For this, VPN
It is necessary to bring this environment closer to the local area network environment in terms of both cost and quality, and it is necessary to improve the above-mentioned disadvantages of the prior art.

[0006] As a method of improving the "user-side host management cost" and the "communication quality", which are the disadvantages of the above-mentioned first method of encrypting and transmitting a transmission signal on the Internet, setting of VPN software is performed. It is conceivable to realize simplification, etc., improvement of the communication speed of the Internet itself, and assurance of communication quality.

[0007] Regarding the "restriction of the geographical area that can be connected", which is a drawback of the method using the unique private network service provided by the single service provider in the above-mentioned second method, the VP in its own network is described.
N services are provided, and a plurality of service providers who can trust communication quality can be alleviated to some extent by a method of interconnecting VPNs according to a user's request.

[0008] However, since there is no unified standard for a method of implementing a VPN, the method of interconnecting VPNs by a plurality of operators in the second method described above is as follows.
It is conceivable that the VPN specifications are different on each service provider side, and even when the VPN specifications of both service providers are the same, the network administrator is different for each service provider. Since ID numbers and the like used for identification may be different from each other, there is a problem that they cannot be simply interconnected.

On the other hand, the above-mentioned problem in the case of using the first method has been solved by a technique related to a method of relaying between different VPNs, for example, a technique described in Japanese Patent Application Laid-Open No. 11-41280. However, the technology described in this publication discloses the above-mentioned second technology that one service provider provides a plurality of VPNs on the same network.
Since it is not assumed that the method of the second method is assumed, there is a problem that it is difficult to apply the method as the VPN interconnection device in the second method.

[0010] An object of the present invention is to solve the above-mentioned problems relating to differences in VPN specifications and ID numbers in the second method, and to enable efficient connection between VPNs of different service providers. An object of the present invention is to provide a connection device and a network system using the same.

[0011]

According to the present invention, the above object is achieved by providing a plurality of service providers having a VPN interconnecting device installed on a connection line with a network of a service provider of the other party, and providing a VPN interconnecting device inside the service provider. This is achieved by performing conversion between a packet including a VPN ID number and a packet of a format unified by a service provider to be transmitted / received to / from a partner service provider.

[0012] That is, according to the present invention, the above object is to provide a method for interconnecting networks of a plurality of network connection service providers that provide a virtual dedicated communication path to a specific user. In an interconnecting device installed for each network of an operator, a data packet provided with an identification number used for identifying the specific user is received from a first network interface, and the received data packet is identified by the identification. The data packet is converted to a data packet from which the number has been removed, and the converted data packet is assigned to the second identification number assigned to each of the identification numbers for connection with the other party's network connection carrier.
Means for transmitting to the network interface, receiving the data packet without the identification number from the second network interface, adding the identification number assigned to each second network interface to the received data packet, Means for transmitting to one network interface.

[0013] Further, the object is to provide a communication network system configured by mutually connecting a plurality of communication networks, wherein each of the plurality of communication networks is an identification for identifying a specific user who is performing communication. A communication is performed using numbered data packets, and a plurality of networks that independently manage the identification numbers with each other, the above-described interconnecting device, and a connection between interconnecting devices of other communication networks. Means for performing communication using a data packet without an identification number.

A plurality of lines are drawn physically or logically between the interconnecting devices, and one VPN corresponds to one of the lines. By doing so, information regarding VPN is unnecessary for packets used for transmission / reception with the other service provider. For example, a general IP packet format is adopted as a packet format used for transmission / reception to / from each other. Can be. Further, the corresponding VP
If the user using N is always transmitting and receiving using the packet format of IP, each service provider simply removes the extra information added to realize the VPN, and the packet for mutual transmission and reception of the service provider. It can be converted into an IP packet in a format.

[0015]

BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a block diagram showing an embodiment of an interconnection apparatus and a network system using the same according to the present invention.

FIG. 1 is a block diagram showing an example of the configuration of a network system for performing a VPN interconnection between service providers using the interconnection device of the present invention. In FIG.
100-A and 100-B are service provider networks; 110-A and 110-B are interconnecting devices;
A, 120-B are border routers, 130 is a data line,
140 is a management line.

The system shown in FIG. 1A has an interconnection device 110 in which two service provider networks 100-A and 100-B are located in each service provider.
-A and 110-B. These interconnecting devices are connected to boundary routers 120-A and 120-B in each service provider by a line as a first network interface. The configuration shown in FIG. 1A is the most basic configuration of the network system according to the embodiment of the present invention. Interconnection device 110-A, which is a feature of the illustrated system
And 110-B are connected by a second network interface with a plurality of lines that can be individually separated at the physical layer or data link layer level in the OSI reference model. One of those lines is
It is used as a management line 140 for exchanging various setting information between the interconnecting devices, and the remaining lines are used as data lines 130. Border router 120-
A and 120-B are further connected to a router in each service provider network, a network of a user to be served by the service provider, another external network, and the like.

The interconnection devices 110-A, 110-B are:
It manages the VPN to be relayed to the interconnecting device of the other service provider or from the interconnecting device of the other service provider, and the information is exchanged between the network administrator and the other service provider. Transmit to connected device. Also, the interconnecting devices 110-A and 110-B transfer those VPN packets to the border routers 120-A and 120-A.
The network settings between the border routers are transmitted to each border router so that transmission and reception can be performed between the routers 0-B, and invalid packets among the packets sent from the border router and the interconnecting device of the other party are discarded. Relay to the other side.

The interconnecting device identifies the received packet with a VPN-ID (a number for uniquely identifying a VPN) and a V-ID.
The transfer is performed based only on the data line 130 associated with the PN-ID, and the IP address included in the packet is not considered. Therefore, the routing of the packet based on the IP address is performed by the border routers 120-A and 120-A.
B does.

The example shown in FIGS. 1B and 1C is a configuration example in the case where there are two or more service provider networks. As shown in FIG. 1B, the network system when there are two or more service provider networks is configured to include an interconnecting device and a boundary router for each connection partner in each service provider network. Is the basis. Also, as shown in FIG. 1C, a common border router is provided for two or more connection partners, and a separate network interface is used for each connection partner from the boundary router. May be configured to connect to a service provider of the other party through the interconnection device. However, in any case, the border router needs to have a function of appropriately transferring the received data packet only to the network interface directed to the destination IP address. This is because, as will be described later, it is assumed that the interconnection device according to the present invention is concerned only with the VPN identification number at the time of data packet transfer, and does not know the source IP address and destination IP address of the data packet. .

FIG. 2 is a block diagram showing the hardware configuration of the interconnection device according to one embodiment of the present invention, FIG. 3 is a diagram illustrating the software configuration of the interconnection device according to one embodiment of the present invention, and FIG. FIG. 4 is a diagram illustrating a configuration of a conversion table used by the interconnection device according to the embodiment of the present invention. 2 to 4, reference numeral 200 denotes a CPU (Central Pro
213, an operating system (OS), 215 control software, 220
Is an internal network controller, 225 is an external network controller, 230 is a keyboard controller, 235 is a keyboard, 240 is a serial controller, 245 is a mouse, 250 is a display controller, 255 is a display monitor, 260 is a disk controller, 265 is a disk device, 310 , An input / output control unit, 320, a conversion management table, 325, a conversion table, 330, a boundary router connection setting unit, 340, a data relay unit, 350, a management information transmitting / receiving unit, 360, a boundary router communication unit, 370, an external line communication. 380 is an internal network interface, and 390 is an external network interface.

The interconnection device 110 has a hardware configuration as shown in FIG.
Execute the program stored in. Memory 210
Includes an OS 213 for controlling the entire apparatus, and a control program 21 for performing an operation as an interconnecting apparatus.
5 is stored. Internal network controller 2
20 controls transmission and reception performed by the interconnection device with the border router, and the external network controller 225 controls transmission and reception performed by the interconnection device with the interconnection device of the partner service provider. Keyboard controller 2
30 controls key input from the keyboard 235, and the serial controller 240 controls input / output devices such as a mouse 245 connected to the serial port. The display controller 250 controls screen display on the display monitor 255, and
Reference numeral 60 controls input and output to and from the disk device 265.

The embodiment of the present invention is based on the premise that the network administrator operates the interconnection device from a keyboard 235, a mouse 245, and a display monitor 255 directly connected to the interconnection device. It is also possible to perform the operation using a remote input / output device connected via a network.

FIG. 3 shows a software configuration of the interconnecting device configured in the control program 215. FIG.
In, the input / output control unit 310 controls input from the keyboard 235 and output to the display monitor 255. The internal network interface unit 380 transmits a packet received from a network connected to the boundary router to the boundary router communication unit 360, and transmits a packet to the network in response to a request from the boundary router communication unit 360. Perform processing related to transmission and reception between The external network interface unit 390 includes:
The packet received from the network connected to the interconnection device of the partner service provider is transmitted to the external line communication unit 370.
, And transmits / receives a packet passed from the external line communication unit 370 to the network as requested, and performs processing related to transmission / reception with the interconnecting device of the partner.

The border router communication unit 360 interprets the header of the packet received from the internal network interface unit 380 and, based on the result, sends an appropriate processing module out of the border router connection setting unit 330 and the data relay unit 340. Of packet headers according to an internal protocol, such as passing a packet to the internal network interface unit 380 after passing a packet to the internal network interface unit 380 after adding a proper header to the packet passed from these processing modules, and packet distribution processing to each module And do.

The external line communication unit 370 transfers the packet received from the external network interface unit 390 to an appropriate processing module of the management information transmitting / receiving unit 350 and the data relay unit 340 according to the receiving line. A packet distribution process is performed between an external line and each module, such as adding an appropriate transmission line request to a packet passed from these processing modules and passing the request to an external network interface unit.

When a setting to be given to the border router is input by the administrator from the input / output control unit 310 or given from the other interconnecting device through the management information transmitting / receiving unit, the border router connection setting unit 330 Is received through the conversion table management unit 320, and is constructed into a packet based on an appropriate communication procedure for sending the setting information to the border router, and transferred to the border router communication unit 360. However, when the setting means by such communication is not provided in the border router, it can also be dealt with by the administrator manually setting the border router.

The management information transmitting / receiving unit 350 obtains the setting of the interconnecting device from the conversion table managing unit 320, constructs a packet based on a protocol for setting information exchange between the interconnecting devices, and Transfer to 370.
Further, the management information transmitting / receiving unit 350 transmits a packet based on the setting exchange protocol between the interconnecting devices to the external line communication unit 3.
70, interprets the setting information, passes the setting information to the conversion table management unit 320, and in some cases, constructs a reply packet of the received packet to form the external line communication unit 37.
Hand over to 0.

The data relay unit 340 includes a VPN-ID included in the packet received from the border router communication unit 360.
Is passed to the conversion table management unit 320 to check whether or not the packet is registered. If the packet is registered as a relay object, the packet format is converted into an IP packet which is a communication format with an external interconnection device. , And adds the identifier of the interface to be transmitted to the external line communication unit 370. Further, when receiving the IP packet from the external line communication unit 370, the data relay unit 340 passes the identifier of the interface through which the packet has flowed to the conversion table management unit 320 to check whether or not it has been registered. If the packet is registered, the packet format is converted into a packet of a communication format with the border router, the converted VPN-ID number is written in the packet, and the packet is transferred to the border router communication unit 360.

The conversion table management section 320 manages the conversion table 325, and adds information in the conversion table from the input / output control section 310, the border router connection setting section 330, the data relay section 340, and the management information transmitting / receiving section 350. It accepts requests for deletion, search, etc., operates the conversion table based on those requests, and returns replies such as search results to the requesting module.

As shown in FIG. 4, the conversion table 325 stores protocol conversion information of each VPN-ID in a table format. Each conversion information includes VPN-ID4
10, partner VPN-ID 420, connection netmask 43
0, router address 440, partner router address 45
0, an I / F identifier 460, a sequence number 470, and a flag 480.

The VPN-ID 410 is a number for uniquely identifying each VPN within the service provider to which this interconnection device belongs, and the VPN-ID 420 of the other party.
Is the VPN-ID in the service provider of the connection partner
It is. These VPs represented by VPN-ID 410
N and the VPN represented by the other party's VPN-ID 420 are mutually connected. Connection net mask 430
Is a netmask of an IP address allocated to a network between both boundary routers in the VPN-ID, and a router address 440 is an IP address of a boundary router in the network. The partner router address 450 is the IP address of the boundary router on the partner service provider side in the network. I /
The F identifier 460 is an identifier of an interface used when transmitting and receiving the VPN-ID to and from the other interconnecting device. The sequence number 470 is used to temporarily store a sequence number for uniquely identifying a management message exchanged between interconnecting devices. The flag 480 is a state flag used to represent the exchange state of the management message. The state represented by the flag 480 includes “temporary registration response wait”, “registration completion wait”,
There are five types: “waiting for registration approval”, “waiting for deletion approval”, and “valid”. The interconnect device determines the VPN of the received packet.
Only when the ID is registered as "valid" in the conversion table, the packet is transferred.

The contents of the above-described table, in particular, V
Regarding the correspondence between the identification number of the PN-ID and the network interface of the I / F identifier indicating the line connected to the partner interconnecting device, etc., the diagram is operated by the administrator through the input / output device or by the administrator. Communication can be performed with devices that do not need to be added or deleted.
In addition, the administrator checks the information received from the interconnecting device installed in the network of another network connection service provider, and through the input / output device, or
It is possible to communicate with a device (not shown) operated by the administrator and approve the setting.

FIG. 5 shows a registration sequence of the VPN conversion information between the interconnecting devices, which will be described below. The sequence shown in FIG.
Although the registration processing at the request of the network administrator on the 0-A side is shown, the same applies to the request from the interconnection apparatus 110-B side.

(1) Interconnecting device 110-A issuing a request
The network administrator on the side connects the VPN-ID of the interconnecting device 110-A that wants to connect with each other,
It is assumed that the VPN-ID on the B-side and the IP network address that can be used for interconnection between the border routers are known in advance. First, the network administrator issues a VPN-ID to be converted, a partner VPN-ID, a connection netmask, and a border router 120 to the interconnection device 110-A.
-A router address and interconnection device 110-A
Is input (sequence 500).

(2) The interconnecting device 110-A temporarily registers the input information in the conversion table 325 with the flag “waiting for temporary registration reply”. Then, a VPN registration message including the information is transmitted to the interconnecting apparatus B via the management line (sequence 510).

(3) The interconnecting device 110-B that has received this message sets the flag of the transmission-side VPN-ID, the reception-side VPN-ID, the connection netmask, the transmission-side router address, and the flag in its own conversion table. Temporarily register as "waiting for registration approval". Also, the interconnect device 110-B
Derives its own I / F identifier connected to the line from the I / F identifier of the other interconnecting device, and registers it in the I / F identifier field of the temporarily registered conversion information.
Upon completion of the temporary registration processing of the VPN conversion information requested from the interconnecting device 110-A,
An ACK message indicating the completion of temporary registration is transmitted to the interconnection device 110-A through the management line (sequence 520).

(4) Upon receiving this message, the interconnecting device 110-A changes the flag of the target conversion information to “waiting for registration completion”. Then, the interconnect device 110
-B is in a wait state until the registration approval of the temporarily registered conversion information and the input of the additional information are performed by the network administrator of the interconnecting device 110-B. However, the data packet conversion processing and the conversion information registration / deletion processing for other VPNs can be performed in parallel regardless of the input wait (sequence 530).

(5) The interconnection device 110-B receives the registration approval of the VPN conversion information setting and the router address of the boundary router 120-B by the network administrator of the interconnection device 110-B in sequence 530. Then, the processing shifts to the processing after the next sequence. However, when the network managers of the interconnecting devices 110-A and 110-B are the same, the sequence 530 and the input waiting process are omitted, and the router address of the border router 120-B is also changed to the interconnecting device 110-A. May be provided in sequence 500 by the network administrator. When the approval is given by the network administrator in the sequence 530, the interconnecting device 110-B first performs settings necessary for transmitting and receiving data such as address settings and exchanging the routing protocol with the border router B. However, if this setting cannot be automatically performed by the interconnecting device 110-B, the network administrator
These settings may be made for B (sequence 5
40).

(6) When the setting for the border router 120-B in the sequence 540 is completed, the interconnection device 110
-B changes the flag of the corresponding conversion information in the conversion table to "valid", and transmits a registration completion message to the interconnection device 110-A through the management line (sequence 550).

(7) Upon receiving the registration completion message, the interconnecting device 110-A performs settings necessary for data transmission / reception such as address setting and exchange of routing protocol with the border router 120-A. However, when this setting cannot be automatically performed by the interconnecting device 110-A,
The network administrator may make these settings directly to the border router 120-A (sequence 560).

(8) When the setting of the border router 120-A in the sequence 560 is completed, the interconnecting device 110-A changes the flag of the corresponding conversion information in the conversion table to "valid", and An ACK message indicating registration completion is transmitted to 110-B through the management line (sequence 570).

FIG. 6 shows a sequence of deleting the VPN conversion information between the interconnecting devices, which will be described below. The sequence shown in FIG.
Although the deletion process at the request of the network administrator on the 0-A side is shown, the same applies to the request from the interconnection device 110-B side.

(1) Interconnecting device 110-A issuing a request
The network administrator on the side first checks the interconnection device 110
-A, VPN-I to be deleted from the conversion table
Enter D. The interconnecting device 110-A searches the conversion table for conversion information that matches the input VPN-ID, and based on the found conversion information, the border router 120-A.
-Make settings necessary for A to cancel data transmission / reception such as address deletion and routing protocol exchange. However, when this setting cannot be automatically performed by the interconnecting device 110-A, the network administrator may directly perform these settings on the border router 120-A (sequences 600 and 610).

(2) After the processing of the sequence 610, the interconnecting device 110-A transmits a corresponding VPN-ID deletion message to the interconnecting device 110-B through the management line, and transmits the corresponding conversion information. It is deleted from the conversion table (sequence 620).

(3) Upon receiving the message according to sequence 620, interconnecting apparatus 110-B searches its own conversion table for the received VPN-ID, and sets the flag of the found conversion information to "waiting for deletion approval". By doing so, the conversion information is temporarily deleted, and an ACK message indicating completion of the temporary deletion is transmitted to the interconnecting device 110-A via the management line (sequence 630).

(4) Thereafter, the interconnection device 110-B
Indicates that the interconnection device B
It waits for input until it is done by the network administrator on the side. However, data packet conversion processing and other V
The registration processing and the deletion processing of the conversion information relating to the PN can be performed in parallel regardless of the input wait (sequence 640).

(5) When the approval of deletion is input by the sequence 640, the interconnecting apparatus 110-B proceeds to the processing of the next sequence. However, if the network administrators of the interconnecting devices 110-A and 110-B are the same,
Sequence 640 and its input waiting process can be omitted. When the approval from the network administrator is given in the sequence 640, the interconnecting device 110-B performs settings necessary for the transmission and reception of data such as address deletion and the suspension of the exchange of the routing protocol to the border router 120-B. However, when this setting cannot be automatically performed by the interconnecting device 110-B, the network administrator may directly perform these settings on the border router B. When the setting for the border router 120-B is completed,
The interconnecting device 110-B completely deletes the corresponding conversion information from the conversion table (sequence 650).

FIG. 7 shows a data packet transmission / reception sequence between the interconnection devices, which will be described below. Although the sequence illustrated in FIG. 7 illustrates the transmission process of the data packet from the interconnecting device 110-A, the same applies to the transmission from the interconnecting device 110-B.

(1) When the interconnection device 110-A receives a packet to be transmitted from the border router 120-A,
The VPN-ID included in the header is searched from the conversion table. As a result, if the corresponding conversion information exists in the conversion table and its flag is “valid”,
A header (including a VPN-ID) attached for transmission / reception within the service provider from the data packet
, And the VPN is connected to the interconnect device 110-B.
-Transmission is performed using the data line corresponding to the ID (sequences 700 and 710).

(2) Upon receiving the data packet from the interconnecting device 110-A, the interconnecting device 110-B searches the conversion table for the I / F identifier of the received data line. As a result, if the corresponding conversion information exists and its flag is “valid”, the VP of the conversion information
The service provider internal header including the N-ID is added to the packet, and the packet is transferred to the border router 120-B (sequence 720).

FIG. 8 is a diagram showing a format of a registration message transmitted by the interconnecting device on the service provider side to register the VPN conversion information to the other interconnecting device.
Is a message transmitted in the sequence 510 described above.

As shown in FIG. 8, a registration message 800
Is a message header including a message length and the like, and various information 810 to 870 described below.
It consists of. The sequence number 810 is a number for uniquely distinguishing each message flowing on the management line, and a value that is as different as possible from the sequence number of the message that has flowed so far is used. The transmission-side external I / F identifier 820 is an interface identifier corresponding to the corresponding VPN-ID in the interconnecting device that transmits this message. The transmitting-side internal VPN-ID 830 is a VP within the service provider that transmits this message.
N-ID. The receiving-side internal VPN-ID 840 is a VPN-ID in the service provider receiving the message. Finally, this sender internal VPN
-VPN represented by ID830 and internal VPN-I on the receiving side
VPNs represented by D840 are connected to each other. The router connection IP netmask 850 is an IP netmask of a network between border routers. The sending router IP address 860 is an IP address assigned to the sending border router in the connection between the border routers. The receiving-side router IP address 870 is used to assign an IP address to the receiving-side border router in the connection between the border routers.
P address. However, when the receiving-side network administrator determines an IP address to be assigned to the receiving-side border router, the field of the receiving-side router IP address may be empty.

FIG. 9 is a diagram showing a format of a registration completion message which is returned from the interconnecting device which has received the registration message to the interconnecting device which has transmitted the registration message.
Is a message transmitted in the sequence 550 described in FIG.

As shown in FIG. 9, a registration completion message 9
00 is a header 905 which is a message header including a message length and the like, and various information 910 to 9 described below.
70.

The sequence number 910 is a number for uniquely distinguishing each message flowing on the management line, and a value as different as possible from the sequence number of the message flowing so far is used. The temporary setting sequence number 920 is
This message is the sequence number of the registration message to be answered. Transmission side internal VPN-ID 93
0 is the VPN-ID in the service provider that transmits this message. Internal VPN-ID on the receiving side
940 is a VPN-ID in the service provider receiving this message. This sender internal VP
The VPN represented by the N-ID 930 and the internal VPN on the receiving side
This means that the VPNs represented by the ID 940 are connected to each other. The router connection IP netmask 950 is an IP netmask of a network between border routers.
The sending router IP address 960 is an IP address assigned to the sending border router in the connection between the border routers. The receiving router IP address 970 is an IP address assigned to the receiving border router in the connection between the border routers.

FIG. 10 is a diagram showing a format of a delete message transmitted by the interconnecting device on the service provider side to delete the VPN conversion information to the other interconnecting device, which is transmitted in the sequence 620 described with reference to FIG. Message.

As shown in FIG.
Reference numeral 00 denotes a header 1005 which is a message header including a message length and the like, and a number for uniquely distinguishing each message flowing on the management line. A value different from the sequence number of the message flowing so far is used as much as possible. And a receiving-side internal VPN-ID 1020 which is a VPN-ID in the service provider receiving the message. Then, the conversion information specified by the VPN-ID is deleted from the conversion tables of the interconnecting devices on both sides.

FIG. 11 is a diagram showing the format of an acknowledgment (ACK) message which is received by the interconnecting device which has received the message shown in FIGS.

The ACK message 1100 includes a header 1105 which is a message header including a message length and the like,
Reply target sequence number 11 which is the sequence number of the message to which this ACK message is to be replied
10 and the internal VPN-ID of the receiving side which is the VPN-ID within the service provider receiving the message
1120. The ACK message has only the sequence number of the message to be replied,
It does not have a sequence number for the message itself. And
The receiving-side internal VPN-ID 1120 is associated with the VPN-ID specified by the message to be replied.

FIG. 12 is a diagram showing the format of an error notification (NOTIFY) message transmitted to the other interconnecting device when an error occurs when the interconnecting device receives the message.

The NOTIFY message 1200 is a header 120 which is a message header including a message length and the like.
5, a sequence number 1210 for uniquely identifying each message flowing through the management line, and a sequence number 1210 using a value as different as possible from the sequence number of the message that has flowed so far; Internal VPN on the receiving side, which is a VPN-ID within the service provider
An ID 1220, an error code 1230 indicating the type of error transmitted by the NOTIFY message to the other interconnecting device, and an error parameter 1240 as an additional parameter for indicating the content of the error. The above-mentioned internal VPN-ID 1220 of the receiving side indicates that the NOTIFY message has a VPN-ID that is an error target.
It is made to correspond to ID.

FIG. 13 is a flowchart for explaining the processing operation of the temporary registration of the conversion information in the interconnecting device of the service provider who tried to register the VPN conversion information. This will be described below. In this processing, the interconnecting device 110-A, which has received the registration request of the network administrator in the sequence 500 of FIG. 5 described above, sets the flag to “temporary registration reply wait” and converts the input information into the conversion table 32.
5 corresponds to a process from temporary registration to transmission of a registration message in sequence 510.

(1) The interconnection device, to which a request for new registration of VPN conversion information has been input from the network administrator,
The conversion table that matches the PN-ID is searched from the conversion table, and as a result of the search, it is checked whether the requested VPN-ID is already registered in the conversion table of the own device (steps 1305 and 1310).

(2) If there is a VPN-ID requested in the conversion table in the check in step 1310, an error is output to the display monitor used by the network administrator, and the processing here is terminated ( Step 13
25).

(3) If it is determined in step 1310 that there is no VPN-ID requested in the conversion table, the conversion target VPN-ID of the own service provider input by the network administrator, VP
The N-ID, the IP netmask of the connection between the border routers, the IP address of the border router on the own service provider side, and the I / F identifier of the interconnection device on the own service provider side are registered as new conversion information in the conversion table. I do. Further, the sequence number of the registration message to be transmitted in the subsequent step 1320 is registered in the sequence number of the conversion information, and the flag value indicating “waiting for temporary registration reply” is registered in the flag (step 1315).

(4) Step 1 is performed for each field.
The registration message having the same value as that registered in 315 (however, if the router IP address of the partner service provider is specified by the network administrator, this field is further included), the interconnection of the partner service provider is included. The data is transmitted to the device via the management line, and the processing here ends (step 1320).

FIG. 14 is a flowchart for explaining the processing operation of the conversion information deletion in the interconnecting device on the service provider side which tried to delete the VPN conversion information.
This will be described. In this process, in FIG. 6, the interconnecting device 110 -A that has received the deletion request of the network administrator in sequence 600 transmits a deletion message in sequence 620 and deletes the information requested to be deleted from the conversion table 325. This corresponds to the processing up to.

(1) The interconnection device that has received a request for deleting the VPN conversion information from the network administrator enters its own VPN.
-Search conversion information having a matching ID from the conversion table,
As a result of the search, it is checked whether the requested VPN-ID is already registered in the conversion table (steps 1405 and 1410).

(2) If it is determined in step 1410 that there is no VPN-ID requested in the conversion table,
An error is output to the display monitor used by the network administrator, and the processing here ends (step 1).
430).

(3) If it is determined in the step 1410 that the VPN-ID requested in the conversion table is present, various information included in the conversion information (the own service provider side) is sent to the border router of the own service provider side. And the IP address of the border router on the partner service provider side, and the I of the connection between border routers
(P netmask) and other requests for canceling settings for exchanging routing information. However, if the border router of the own service provider cannot respond to the setting change by sending the setting from the interconnecting device, this setting must be made directly to the border router by other means before the network administrator inputs the deletion request. Release may be performed (step 1415).

(4) Next, the destination VPN-ID registered in the target conversion information is stored in the receiving-side internal VPN-ID.
The deletion message having the ID is transmitted to the interconnection device on the partner service provider side via the management line, the conversion information of interest is completely deleted, and the processing here ends (steps 1420 and 1425). ).

FIG. 15 is a flow chart for explaining the processing operation of the conversion information provisional registration in the interconnecting device which has received the registration message, which will be described below. This process corresponds to, for example, the process from the reception of the registration message in sequence 510 to the transmission of an ACK message in sequence 520 in FIG. 5 described above.

(1) The interconnecting device that has received the registration message from the interconnecting device on the partner service provider side searches the conversion table for conversion information that matches the receiving-side VPN-ID included in the message, and performs the search. As a result, it is checked whether or not the requested receiving-side VPN-ID is already registered in the conversion table of its own device (step 150).
5, 1510).

(2) If it is determined in step 1510 that there is a requested VPN-ID in the conversion table, a NOTIFY message indicating an error is transmitted to the interconnecting device on the partner service provider side. Is completed (step 1525).

(3) If there is no requested VPN-ID in the conversion table in the check in step 1510, the conversion target VPN included in the registration message is transmitted.
-ID, VPN-ID of receiving side, I of connection between border routers
The P netmask and the IP address of the border router on the transmitting side are registered as new conversion information in the conversion table. Further, the I / F identifier of the receiving interconnecting device derived from the transmitting external I / F identifier included in the message is registered in the I / F identifier of the conversion information, and the sequence number of the registration message is registered in the sequence number. Is registered, and a flag value indicating “waiting for registration approval” is registered in the flag (step 1515).

(4) Then, an ACK message indicating the completion of the temporary registration is transmitted to the interconnection device on the partner service provider side via the management line, and the processing here is terminated (step 1520).

FIG. 16 is a flow chart for explaining the processing operation of the temporary deletion of the conversion information in the interconnecting device which has received the deletion message, which will be described below. In FIG. 6, the interconnect device 110-B
This corresponds to the processing from reception of the delete message in sequence 620 to transmission of the ACK message in sequence 630.

(1) The interconnecting device that has received the delete message from the interconnecting device on the partner service provider side searches whether or not the receiving-side VPN-ID included in the message is already registered in the conversion table. It is checked whether or not the search result VPN-ID to be deleted is already registered in the conversion table (step 1).
605, 1610).

(2) If it is determined in step 1610 that there is no VPN-ID on the receiving side in the conversion table, a NOTIFY message indicating an unregistered error is output to the interconnecting device on the partner service provider side, and processing here is performed. Is ended (step 1625).

(3) If it is determined in step 1610 that there is a VPN-ID on the receiving side in the conversion table, the flag of the conversion information found by the search is changed to “waiting for deletion approval”, and ACK indicating completion of temporary deletion is completed. The message is transmitted to the interconnection device on the partner service provider side via the management line, and the processing is terminated (steps 1615, 1
620).

FIG. 17 is a flowchart for explaining the processing operation of the completion of the conversion information registration in the interconnecting apparatus that has been approved by the administrator for registration. This will be described below.
This processing corresponds to, for example, the processing from when the interconnecting device 110-B receives the registration approval of the administrator in the sequence 530 to when it transmits the registration completion message in the sequence 550 in FIG.

(1) Upon receiving the registration approval by the network administrator, the interconnecting apparatus searches whether or not the own service provider's VPN-ID included in the input is already registered in the conversion table, and searches. As a result, it is checked whether or not the own service provider side VPN-ID is already registered in the conversion table (steps 1705 and 17).
10).

(2) If it is determined in step 1710 that there is no VPN-ID on the service provider side in the conversion table, an error is output to the display monitor used by the network administrator, and the processing here ends. (Step 1740).

(3) If it is determined in step 1710 that the conversion table has its own service provider's VPN-ID, it is checked whether or not the flag of the found conversion information is “waiting for registration approval”. If the flag is not "waiting for registration approval", an error is output to the display monitor used by the network administrator, and the processing here ends (steps 1715 and 1740).

(4) If it is determined in step 1715 that the flag of the found conversion information is “waiting for registration approval”, the IP address of the boundary router of the own service provider input at the time of registration approval of the found conversion information. And the I / F identifier of the own service provider side interconnecting device is registered in the conversion information. However, as for the IP address of the boundary router on the own service provider side, if there is no particular change at the time of input by the administrator, the value sent from the interconnecting device on the partner service provider side is used as it is. The interconnecting device may automatically determine appropriate values for the IP address and I / F identifier of the border router (step 1720).

(5) Next, with respect to the border router of the own service provider side, the IP address of the border router between the own service provider side and the partner service provider side, the IP netmask of the connection between the border routers, and the like. Send the settings for routing information exchange. However, if the border router of the own service provider cannot respond to the setting change by sending the setting from the interconnecting device, this setting must be made directly to the border router by other means before the network administrator inputs the registration approval. May be performed (step 1725).

(6) Then, the flag of the target conversion information is changed to “valid”, and a registration completion message is transmitted to the interconnection device on the partner service provider side. For each field of the registration completion message, the value of each field of the target conversion information is used (step 17).
30, 1735).

FIG. 18 is a flowchart for explaining the processing operation of the completion of the conversion information deletion in the interconnecting apparatus which has been approved by the administrator for deletion. This will be described below.
This processing is performed, for example, in FIG.
0-B corresponds to the processing from receiving the deletion approval of the administrator in the sequence 640 to deleting the information requested to be deleted from the conversion table 325.

(1) The interconnection apparatus to which the deletion approval is input by the network administrator searches whether or not the own service provider side VPN-ID included in the input is already registered in the conversion table. As a result, it is checked whether or not the own service provider side VPN-ID is already registered in the conversion table (steps 1805 and 18).
10).

(2) If it is determined in step 1810 that there is no VPN-ID on the service provider side in the conversion table, an error is output to the display monitor used by the network administrator, and the processing here ends. (Step 1830).

(3) If it is determined in step 1810 that the service provider's VPN-ID exists in the conversion table, it is checked whether the flag of the found conversion information is "waiting for deletion approval" and the flag is set to " If it is not "waiting for deletion approval", an error is output to the display monitor used by the network administrator, and the processing here ends (steps 1815 and 1830).

(4) If it is determined in step 1815 that the flag is “waiting for deletion approval”, various information included in the conversion information (between the own service provider and the other party) is transmitted to the border router of the own service provider. A request for canceling the settings for the exchange of routing information and the IP address of the border router on the service provider side, the IP netmask of the connection between border routers, and the like are transmitted. However, if the border router of the own service provider cannot respond to the setting change by sending the setting from the interconnecting device, this setting must be made directly to the border router by other means before the network administrator inputs the deletion approval. Release may be performed (step 1820).

(5) Then, the interconnecting device to which the deletion approval has been input by the network administrator completely deletes the target conversion information and ends the processing (step 1825).

FIG. 19 is a flow chart for explaining the processing operation of the conversion information registration completion in the interconnecting device which has received the registration completion message, which will be described below. This processing corresponds to, for example, the processing from the reception of the registration completion message in sequence 550 to the transmission of the ACK message in sequence 570 in FIG. 5 described above.

(1) The interconnection device that has received the registration completion message from the interconnection device on the partner service provider side:
A search is performed to determine whether or not the own service provider VPN-ID included in the input is already registered in the conversion table.
As a result of the search, it is checked whether or not the own service provider's VPN-ID has already been registered in the conversion table (steps 1905 and 1910).

(2) If it is determined in step 1910 that the conversion table does not include the VPN-ID of the own service provider, an error of “No corresponding conversion completion waiting conversion information” is sent to the interconnecting device of the other service provider. NOT for
An IFY message is output, and the process here ends (step 1945).

(3) If it is determined in step 1910 that the conversion table contains the VPN-ID of the own service provider, it is checked whether the flag of the found conversion information is “waiting for registration completion”. If not "registration completion wait", a NOTIFY message is output in the same manner as described above, and the processing here ends (steps 1915 and 19).
45).

(4) If it is determined in step 1915 that the flag is “waiting for registration completion”, it is determined whether the sequence number of the found conversion information matches the provisionally set sequence number in the received registration completion message. Is checked, and if they do not match, a NOTIFY message is output in the same manner as described above, and the processing here ends (step 19).
20, 1945).

(5) If the sequence number of the found conversion information matches the provisionally set sequence number in the received registration completion message in the check in step 1920,
That is, if the corresponding conversion information is found by the checks in steps 1910, 1915, and 1920, the IP address of the transmitting-side border router included in the received registration completion message and the other service provider-side boundary router of the corresponding conversion information Is compared with the IP address. As a result, if the values are different, or if these fields on the conversion information side are unregistered, these values in the message are copied to the conversion information side, and the IP address of the border router on the other side is registered. Is changed to "valid" (steps 1925 and 1930).

(6) Next, the IP address of the border router between the own service provider side and the partner service provider side, and the IP netmask for connecting the border routers to the border router of the own service provider side , And other settings for routing information exchange. However, if the border router of the own service provider cannot cope with the setting change by transmitting the setting from the interconnecting device, the network administrator will
Before performing the registration request input performed before the temporary registration processing, this setting may be directly performed on the border router by other means (step 1935).

(7) Finally, an ACK message indicating the completion of the registration is transmitted to the interconnection device on the partner service provider side via the management line, and the process is terminated (step 194).
0).

FIG. 20 is a flowchart for explaining various processing operations in the interconnecting device which has received the ACK message, which will be described below. This process is a process of the interconnecting device that has received the ACK message transmitted in the sequence 520 and 570 of FIG. 5 or the sequence 630 of FIG.

(1) The interconnecting device that has received the ACK message from the interconnecting device on the partner service provider side checks whether the VPN-ID included in the received ACK message is already registered in the conversion table. Search for or not, and as a result of the search, your service provider's VPN
Check whether the ID is already registered in the conversion table (steps 2005 and 2010).

(2) If it is determined in step 2010 that there is no VPN-ID of the service provider side in the conversion table, a NOTIFY indicating an error of “no corresponding conversion information” is sent to the interconnecting apparatus of the partner service provider side. A message is output and the processing here ends. (Step 2
025).

(3) If it is determined in step 2010 that the own service provider side VPN-ID exists in the conversion table, the sequence number of the conversion information indicates the received AC.
It is checked whether or not it matches the reply target sequence number in the K message.
A TIFY message is output and the processing here ends (steps 2015 and 2025).

(4) If it is determined in step 2015 that the sequence number of the conversion information matches the response target sequence number in the received ACK message, it is checked whether the flag of the conversion information is “waiting for temporary registration reply”. If the flag is not "waiting for a temporary registration reply", the process is terminated without performing anything (step 2020).

(5) If it is determined in step 2020 that the flag is “waiting for temporary registration reply”, the flag is changed to “waiting for registration completion” and the process is terminated (step 20).
30).

FIG. 21 is a flowchart for explaining the operation of an external transmission process in which the interconnecting device which has received a data packet from the service provider transmits the packet to the outside. This will be described below. This process is a process in which the interconnecting device 110-A that has received the data packet from the border router 120-A described in the sequence 700 and 710 illustrated in FIG. 7 transmits the packet to the interconnecting device 110-B.

(1) Upon receiving the data packet from the border router, the interconnecting apparatus looks at the communication service header at the head of the data packet within its own service provider and finds that the VPN-ID included in the header is It is searched whether or not the VPN-ID has already been registered in the conversion table, and as a result of the search, it is checked whether or not the VPN-ID has already been registered in the conversion table (steps 2105 and 2110).

(2) If it is determined in step 2110 that there is no corresponding VPN-ID in the conversion table, the packet is discarded and the process is terminated (step 2).
130).

(3) If there is a corresponding VPN-ID in the conversion table in the check in step 2110, it is checked whether the flag of the conversion information is “valid”. If the flag is not “valid”, In the same manner as described above, the packet is discarded, and the processing here ends (steps 2115 and 213).
0).

(4) If it is determined in step 2115 that the flag of the conversion information is valid, the header for communication within the own service provider is removed from the packet to extract an IP packet, and the conversion packet found by the search is retrieved. By outputting the packet to the data line interface represented by the I / F identifier included in the information, the packet is transmitted to the interconnecting device on the partner service provider side, and the process is terminated (steps 2120 and 2125).

FIG. 22 is a flowchart for explaining the internal transmission processing operation in the interconnecting device which has received the data packet from the partner service provider side, which will be described below. In this process, the interconnecting device 110-B which has received the data packet from the interconnecting device 110-A described in the sequence 710, 720 shown in FIG. 7 transmits the packet to the border router 120-B. Processing.

(1) The interconnecting device that has received the IP data packet from the interconnecting device on the partner service provider side through the data line, the I / F identifier of the data line that has received the data packet is already in the conversion table. A search is performed to determine whether or not the I / F identifier is already registered. As a result of the search, it is checked whether or not the I / F identifier is already registered in the conversion table (steps 2205 and 2210).

(2) If there is no corresponding I / F identifier in the conversion table as a result of the check in step 2210, the packet is discarded, and the processing here ends (step 210).
230).

(3) If there is a corresponding I / F identifier in the conversion table in the check in step 2210, it is checked whether the flag of the conversion information is "valid" and the flag must be "valid". In this case, the packet is discarded in the same manner as described above, and the processing here ends (steps 2215,
230).

(4) If it is determined in step 2215 that the flag of the conversion information is valid, the IP having received the communication header within the own service provider including the own service provider's VPN-ID included in the conversion information is received. Attached to the packet,
The packet is transmitted to the line on the border router side (steps 2220 and 2225).

[0119]

As described above, according to the embodiment of the present invention, a plurality of VPNs are interconnected between two service providers using different VPN schemes using an interconnection device. can do. In the interconnecting device according to the embodiment of the present invention, since the setting of the VPN to be transferred by exchanging the management information is performed, the trouble of the network administrator can be reduced. In addition, since normal IP packets flow through the lines between the interconnecting devices at the time of interconnecting, if one service provider does not provide internal multiple VPN operation, the normal IP network By connecting equipment, a specific V
IP packets can be transmitted and received only for PN-ID. As a result, according to the embodiment of the present invention, a plurality of service providers can efficiently interconnect their VPNs.

[0120]

As described above, according to the present invention, it is possible to provide an interconnecting device capable of efficiently connecting VPNs of different service providers and a network system using the same. .

[Brief description of the drawings]

FIG. 1 is a block diagram illustrating a configuration example of a network system for performing a VPN interconnection between service providers using an interconnection device of the present invention.

FIG. 2 is a block diagram illustrating a hardware configuration of an interconnect device according to an embodiment of the present invention.

FIG. 3 is a diagram illustrating a software configuration of an interconnect device according to an embodiment of the present invention.

FIG. 4 is a diagram illustrating a configuration of a conversion table used by the interconnection device according to the embodiment of the present invention.

FIG. 5 is a diagram showing a registration sequence of VPN conversion information between interconnection devices.

FIG. 6 is a diagram showing a deletion sequence of VPN conversion information between interconnecting devices.

FIG. 7 is a diagram showing a transmission / reception sequence of a data packet between interconnection devices.

FIG. 8 is a diagram showing a format of a registration message transmitted by an interconnecting device of a service provider to register VPN conversion information to another interconnecting device.

FIG. 9 is a diagram illustrating a format of a registration completion message returned from the interconnecting device that has received the registration message to the interconnecting device that has transmitted the registration message.

FIG. 10 is a diagram illustrating a format of a delete message transmitted from an interconnecting device on the service provider side to delete VPN conversion information to the other interconnecting device.

FIG. 11 is a diagram showing a format of an acknowledgment (ACK) message in which the interconnecting device that has received the message replies to the other interconnecting device.

FIG. 12 is a diagram illustrating an error notification (NOT) transmitted to a partner interconnecting device when an error occurs during message reception.
FIG. 5 is a diagram showing a format of an IFY) message.

FIG. 13 is a flowchart illustrating a processing operation of temporary registration of conversion information in an interconnecting device on the service provider side that attempts to register VPN conversion information.

FIG. 14 is a flowchart illustrating a conversion information deletion processing operation in an interconnecting device on the service provider side that attempts to delete VPN conversion information.

FIG. 15 is a flowchart illustrating a processing operation of temporary registration of conversion information in the interconnecting device that has received the registration message.

FIG. 16 is a flowchart illustrating a processing operation of temporarily deleting conversion information in the interconnecting device that has received the deletion message.

FIG. 17 is a flowchart illustrating a processing operation of completion of registration of conversion information in an interconnecting apparatus that has received registration approval of an administrator;

FIG. 18 is a flowchart illustrating a processing operation of completion of conversion information deletion in the interconnecting apparatus that has been approved by the administrator for deletion.

FIG. 19 is a flowchart illustrating a processing operation of conversion information registration completion in the interconnecting device that has received the registration completion message.

FIG. 20 is a flowchart illustrating various processing operations in the interconnecting device that has received the ACK message.

FIG. 21 is a flowchart illustrating an operation of an external transmission process in which an interconnecting device that has received a data packet from its own service provider transmits the packet to the outside.

FIG. 22 is a flowchart illustrating an internal transmission processing operation in an interconnecting device that has received a data packet from a partner service provider.

[Explanation of symbols]

 100-A, 100-B Service provider network 110-A, 110-B Interconnection device 120-A, 120-B Boundary router 130 Data line 140 Management line 200 CPU (Central Processing Unit) 210 Memory 213 Operating system (OS) 215 control software 220 internal network controller 225 external network controller 230 keyboard controller 235 keyboard 240 serial controller 245 mouse 250 display controller 255 display monitor 260 disk controller 265 disk device 310 input / output control unit 320 conversion management table 325 conversion table 330 boundary Router connection setting unit 340 Data relay unit 350 Management information transmission / reception unit 360 Border router Shin portion 370 outside line communication unit 380 an internal network interface unit 390 external network interface unit

Claims (6)

[Claims] 1. A network is provided for each network of a plurality of network connection service providers to interconnect networks of a plurality of network connection service providers that provide a virtual dedicated communication path to a specific user. An interconnecting device receives a data packet provided with an identification number used to identify the specific user from a first network interface, and converts the received data packet into a data packet with the identification number removed. Means for transmitting the converted data packet to a second network interface assigned to each of the identification numbers for making a connection with the other party's network connection carrier; and transmitting the data packet without the identification number to the second network interface. Received from the second network interface Means for adding the identification number assigned to each face to the received data packet and transmitting the data packet to a first network interface; deriving a corresponding second network interface from the identification number; Means for maintaining a correspondence relationship between the identification number and a second network interface for deriving the identification number to be obtained;
Means for communicating with an interconnecting device installed on a network of another network connection service provider to exchange a correspondence between the identification number and a second interface. Connection device. 2. A means for an administrator to communicate through an input / output device or with a device operated by the administrator to add or delete a correspondence between the identification number and a second network interface. The interconnect device of claim 1, further comprising: 3. The system according to claim 1, wherein the manager communicates through an input / output device or with a device operated by the manager, and receives the communication from an interconnecting device installed in a network of another network connection service provider. 3. The interconnecting device according to claim 2, further comprising means for confirming information on the correspondence between the identification number and the second network interface and approving the setting. 4. A device connected to a first network interface for transmitting and receiving the data packet with the identification number, comprising means for notifying information necessary for communication corresponding to the identification number. Claim 1,
4. The interconnection device according to 2 or 3. 5. A communication network system comprising a plurality of communication networks connected to each other, wherein each of the plurality of communication networks includes data with an identification number for identifying a specific user performing communication. 2. A plurality of networks that perform communication using packets and independently manage the identification numbers with each other.
Communication comprising a means for connecting between the interconnecting device according to any one of (1) to (4) and an interconnecting device of another communication network and performing communication using a data packet without an identification number. Network system. 6. A communication network system comprising a plurality of communication networks connected to each other, wherein each of the plurality of communication networks includes data with an identification number for identifying a specific user who is performing communication. Communication using a packet, a plurality of networks that independently manage the identification number with each other, perform communication with an interconnect device of another communication network using a data packet without the identification number, The interconnection device according to any one of claims 1 to 4, wherein a network that performs communication using the data packet with the identification number and another communication network that uses the data packet without the identification number are interconnected. A communication network system comprising: