JP2007281905A - Nat management system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To automatically set the updating interval of a NAT table which is optimum for a terminal apparatus even when a communication content is encrypted or an unspecified number of NAT devices exist. <P>SOLUTION: A portable terminal 1 transmits a health check signal to a GW server, by which the GW server 3 confirms a normality at prescribed health check interval in a non-communication time period. When the health check signal interval exceeds the registration address holding time of the NAT table 4 so as to fail the exchange of a communication packet with the portable terminal, the GW server records information which indicates a communication packet time from a health check signal reply time to a communication time, and adds it to the health check signal of a reply when the recording exists when the subsequent health check signal is returned. The portable terminal changes the health check signal interval in response to the content of the reply. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to management of address translation in communication between two networks having different IP address formats.

  When communicating between two networks having different IP address formats, the IP address format IP address of the transmission destination network is assigned to the IP address format IP address of the transmission source network, and both addresses are grouped in the management table. A NAT (Network Address Translation) device that manages and converts IP addresses of network addresses is provided (see, for example, Patent Document 1).

  The NAT device eliminates the need to send out the IP address in the destination format to the IP address in the source format, the registration request for the address set, and the address set in order to convert the IP address described in the application layer. In this case, an application level gateway (ALG) device that requests release of the address set is connected.

  When the ALG device registers an address set for the NAT device, it reads the timer-related information described in the protocol information of each application layer, acquires the lifetime of the address set, and requests the NAT device to register the address set. Include the acquired survival time. In the NAT device, a timer is set for each address set based on the lifetime set by the ALG device, and the address set is released as soon as the timer expires.

  As a result, the address set is not released by the timer value uniformly set by the NAT device, and the ALG device also has an address set registration / release request function during the timer value set by the application protolayer. No need to keep related processes.

Japanese Patent Application Laid-Open No. 2004-166031 (page 2 to page 3, FIG. 1)

  However, in the above-described conventional technology, the content of communication is encrypted in order to read the timer-related information set on the application protocol in the ALG device and automatically set the update interval of the address conversion table. In this case, there is a first problem that the contents of the message cannot be analyzed and the timer-related information cannot be read.

  In addition, there are many unspecified NAT devices between terminals, and when registering address translation information in the NAT device address translation table for communication, the information registration holding time differs for each address translation table. If the address translation table update interval is too long, registration in the address translation table disappears and packet transmission fails. On the other hand, if the address translation table update interval is shorter than necessary, the current consumption due to the address translation table update operation There is a second problem that increases.

  Accordingly, a first object of the present invention is to provide a NAT management system capable of automatically setting an update interval of an address conversion table even when communication contents are encrypted.

  A second object of the present invention is to provide a NAT management system capable of setting an optimum address translation table update interval for a terminal device even when there are a large number of unspecified NAT devices. There is.

  The NAT management system of the present invention is a NAT management system that manages an address translation table used for address translation in communication between two networks having different IP address formats. A terminal device (1 in FIG. 1) in one network is A health check packet for confirming whether the gateway (3 in FIG. 1) is out of order due to a failure at a predetermined health check interval in a non-communication time zone is sent to the address translation device (2 in FIG. 1). And a means for changing the health check interval according to the contents of the health check reply from the gateway via the address translation device to the health check packet (6 in FIG. 1). The interval exceeds the address holding time of the address conversion table (4 in FIG. 1). Means for recording information indicating the communication packet time from when the health check is replied to when communicating (7 in FIG. 1), When there is a record at the time of the next health check reply, there is means (7 in FIG. 1) for adding the record to the reply health check packet, and the address translation device updates the address translation table by the health check packet or the communication packet. .

  When the terminal device (1 in FIG. 1) receives a health check reply from the gateway and information indicating the communication packet time is added, the terminal device (1 in FIG. 1) sends a keep alive packet at an interval shorter than the communication packet time. The address translation device may be transmitted to the gateway via the address translation device, and the address translation device may update the address translation table with a Keep Alive packet.

  When the terminal device (1 in FIG. 1) receives the health check reply from the gateway, if the information indicating the communication packet time is added, the terminal device (1) transmits the health check at an interval shorter than the communication packet time. You may make it do.

  According to the NAT management method of the present invention, in the above-described NAT management system, the terminal device in one network confirms whether the gateway is out of order due to a failure at a predetermined health check interval in a non-communication time zone. To send the health check packet to the gateway via the address translation device, to return the health check packet as soon as the gateway receives the health check when normal, and to the gateway, the health check interval is the address When the communication packet transmission / reception with the terminal device has failed because the address holding time of the conversion table has been exceeded, the step of recording information indicating the communication packet time from the health check return time to the communication time And the gateway has a record at the next health check reply Adds a record to the reply health check packet, the terminal device changes the health check interval according to the contents of the health check reply, and the address translation device updates the address translation table with the health check packet or communication packet. Having stages.

  The first effect of the present invention is that the communication packet time information is recorded when transmission / reception of the communication packet fails in the gateway, the communication packet time information is added to the next return health check packet, and the return health check is performed. The terminal device that received the packet recognizes the registered address holding time based on the communication packet time information and adjusts the health check interval. Therefore, when adjusting the health check interval, the timer-related information set in the application protocol is displayed. Since there is no need to read, the update interval of the address conversion table can be automatically set even if the communication content is encrypted.

  The second effect of the present invention is that the NAT table update time corresponding to the terminal device is set based on the communication packet time information when communication between the specific terminal device and the gateway fails. In the case where there are a plurality of NAT devices, the result of communication packet transmission / reception via the NAT device is reflected, so that an optimal address translation table update interval is set for the terminal device. Is that you can.

  The NAT table management system of the present invention recognizes the health check interval between terminals and the information registration holding time of the NAT device address translation table, and the health check interval is the information registration holding time of the NAT device address translation table. If it is longer, sending a Keep Alive packet to adjust (shorten) the address translation table update interval of the terminal reduces subsequent packet transmission failures of the terminal, while the health check interval of the NAT device If it is shorter than the address translation table update interval, the keep alive packet for adjusting (shortening) the address translation table update interval of the terminal is not sent, and the shortest of the address translation tables of the unspecified number of NAT devices It eliminates the need to match the default value of the update time to the information registration hold time, and reduces power consumption.Hereinafter, embodiments of the NAT management system of the present invention will be described in detail with reference to the drawings.

[Description of configuration]
FIG. 1 is a block diagram showing the configuration of the NAT management system of the present invention. Referring to FIG. 1, a mobile terminal 1 and a gateway server (hereinafter referred to as “GW server”) 5 are shown. The network to which the mobile terminal 1 belongs is located at the end of the GW server 5 (not shown). There are networks with different address formats. The portable terminal 1 communicates with terminals belonging to this network by exchanging communication packets.

  The mobile terminal 1 sends a health check packet to the GW server 5 at a predetermined time interval (health check interval) during a non-communication time period in order to check whether the GW server 5 is out of order due to a failure. (Hereinafter referred to as “health check”). Upon receiving the health check, the GW server 5 immediately sends a reply health check to the mobile terminal 1. Note that, while the mobile terminal 1 and another terminal are communicating with each other via the GW server 5, a failure can be detected due to the disconnection, and it is not necessary to communicate a health check.

  A NAT device 2 is interposed between the mobile terminal 1 and the GW server 5. When performing communication between two networks having different IP address formats as described above, the NAT device 2 converts the IP address format IP address format of the source network into an IP address format IP address format of the destination network. For this purpose, an address conversion table (NAT table) 4 and NAT means 3 are provided.

  In the NAT table 4, translation information between a source IP address and a destination IP address having different IP address formats is registered as a pair, and held for a predetermined information holding time (registered address holding time). The NAT unit 3 manages and updates the NAT table 4. Further, the NAT table 4 is referred to perform address conversion between the transmission source IP address and the transmission destination IP address, and the address conversion information is registered in the NAT table 4 by the NAT means 3. Therefore, the NAT table 4 is updated within the registered address holding time not only when a communication packet is received but also when a health check or a keep alive packet described later is received. The time interval at which the NAT table 4 is updated is called the NAT table update interval and is not constant.

  The GW server 5 includes transmission failure detection / notification means 7. If the transmission failure is detected when the GW server 5 transmits a communication packet to the mobile terminal 1, the transmission failure detection / notification means 7 from the transmission time of the health check (reply) immediately before transmission of the communication packet to the communication packet transmission time. Information (communication packet time information) indicating time (communication packet interval) is recorded. Next, when the GW server 5 receives a health check from the mobile terminal 1, if there is a record of communication packet time information, it is added to the returned health check. Instead of the transmission failure detection / notification means 7, a reception failure detection / notification means for detecting a reception failure of the communication packet from the portable terminal 1 may be used.

  The portable terminal 1 has a NAT table update interval adjustment means 6. When receiving a health check with communication packet time information, the NAT table update interval adjusting means 6 transmits a Keep Alive packet to the GW server 5 at a predetermined time interval (Keep Alive transmission interval). The Keep Alive transmission interval is determined to be less than the communication packet time indicated by the communication packet time information.

  When the keep alive packet is received by the NAT device 2, the NAT unit 3 updates the NAT table 4. Since the transmission packet interval is shorter than the health check interval, the update interval of the NAT table 4 is shortened by updating the NAT table 4 by receiving the keep alive packet. As a result, transmission failure in the GW server 5 can be avoided. The Keep Alive packet is used only for updating the NAT table 4 and is discarded when received by the GW server 5.

  In the above description, to simplify the explanation, only one portable terminal is used. However, since there are actually a plurality of portable terminals, address translation information for each portable terminal is registered in the NAT table. Is done. Also, for the same reason, the GW server and the NAT device are also paired. However, when a specific mobile terminal can be connected to multiple GW servers, the specific mobile terminal is connected to multiple NAT devices and each NAT is connected. Different address conversion information for a specific mobile terminal 1 is registered in the table.

  2 is a flowchart showing processing in the transmission failure detection / notification means 7 of the GW server 5, FIG. 2 (1) is processing when packet transmission failure is detected, and FIG. 2 (2) is processing when communication packet time information is added. Respectively. Also here, in order to simplify the explanation, a portable terminal, a NAT device, and a GW server are set as one set.

  In FIG. 2 (1), when the GW server 5 has transmitted a communication packet, the packet transmission failure detection / notification means 7 (Y in step A1 in FIG. 2) returns a reply from the portable terminal 1 within a predetermined time. If it is confirmed that there is no (N in step A2), it is determined that packet transmission has failed, and communication packet time information is recorded (step A3). When there is no transmission of a communication packet (N in step A1) and when there is a reply from the portable terminal 1 and it is not determined that the packet transmission has failed (Y in step A2), the idle state is kept until the next communication packet transmission.

  In FIG. 2 (2), when the GW server 5 receives a health check from the portable terminal 1, the packet transmission failure detection / notification means 7 determines (Y in step B1) and communication is performed when a communication packet transmission failure is detected. When packet time information is recorded (step A3) (Y in B2), the communication packet time information is added to the health check reply information and the communication packet time information record is deleted (step B3).

  When no health check is received (N in step B1) and when communication packet time information is not recorded (N in step B2), the idle state is kept until the next health check is received.

  FIG. 3 is a flowchart showing processing in the NAT table update interval adjusting means 6 of the portable terminal 1. When the mobile terminal 1 receives the packet, the NAT table update interval adjusting means 6 determines whether the packet is a health check (step C1 in FIG. 3). If the health check is received (Y in step C1), the presence / absence of communication packet time information is further confirmed during the health check (Y in step C2).

  If the presence of the communication packet time information can be confirmed, a keep alive packet transmission interval is set to be less than the communication packet time indicated by the communication packet time information (step C3), and transmission of the keep alive packet is started at this keep alive packet transmission interval. (Step C4). The NAT means 3 updates the NAT table 4 when receiving the Keep Alive packet. Thereby, the NAT table 4 can be expected to avoid the loss of the registered address.

  If the received packet is not a health check (N in step C1), or if communication packet time information is not added during the health check (N in step C2), the idle state is kept until the next packet is received.

[Description of operation]
The operation of the NAT management system configured as described above will be described with reference to FIGS. Also here, in order to simplify the explanation, a portable terminal, a NAT device, and a GW server are set as one set. The local address of the mobile terminal 1 is 192.168.0.2, the global address is 200.10.10.5, and the global address of the GW server 5 is 200.0.10.0. Furthermore, it is assumed that the GW server 5 is normal and returns a health check when a health check is received.

  The mobile terminal 1 can communicate with a terminal connected to the end of the GW server 5 by exchanging communication packets. However, the mobile terminal 1 communicates with the GW server 5 at a health check interval during a non-communication time period. The health check is transmitted to confirm whether the GW server 5 is out of order due to a failure.

  First, the delivery of the health check when the health check interval is less than the registered address holding time will be described with reference to FIG. When the health check HC1 is transmitted from the portable terminal 1 and received by the NAT device 2 (A in FIG. 4), the NAT means 3 converts the local address (192.168.0.2) of the transmission source to the global address (200.10.10.5). At the same time, the address translation information (192.168.0.2⇔200.10.10.5) is registered in the NAT table 4 (B in FIG. 4) and held for the registered address holding time. As a result, the NAT table 4 is updated. The NAT device 2 transmits the health check HC1 obtained by converting the source address to the GW server 5 (C in FIG. 4).

  Upon receiving the health check HC1 (D in FIG. 4), the GW server 5 immediately returns the health check HC2 to the NAT device 2 (E in FIG. 4). When the health check HC2 is received by the NAT device 2 (F in FIG. 4), the NAT means 3 converts the destination global address (200.10.10.5) into the local address (192.168.0.2) and updates the NAT table 4 ( (192.168.0.2⇔200.10.10.5) (G in Fig. 4) Hold for the registration address holding time. The NAT device 2 transmits the health check HC2 with the destination address converted to the portable terminal 1 (H in FIG. 4).

  In this case, since the health check interval is less than the registered address holding time, the NAT table 4 does not lose the registered address, and when the GW server 5 transmits a communication packet, the transmission does not fail (FIG. 2 (1)). Y in step A2). Further, the NAT table 4 is updated by transmission of the communication packet of the GW server 5. Therefore, since the transmission failure detection / notification means 7 confirms that the communication packet time information is not recorded (N in step B2 in FIG. 2 (2)), the return health check HC2 for the next received health check HC1 The communication packet time information is not added to.

  Since the NAT table update interval adjusting means 6 of the portable terminal 1 confirms that there is no communication packet time information in the received health check HC2 (N in step C2 in FIG. 3), transmission of the Keep Alive packet KA (in FIG. 3) Step C4) does not start. The NAT means 3 repeats the update of the NAT table 4 at the same NAT table update interval as before. Since it was confirmed that the GW server 5 was not out of order, the mobile terminal 1 can communicate without any problem.

  FIG. 5 clearly shows the time relationship when the above-described health check interval is less than the registered address holding time. Referring to FIG. 5, it can be seen that the health check interval HCT is between the health check HC1 and the health check HC1, and the return health check HC2 to the health check HC1 is immediately transmitted. Also, it is not shown that the health check interval HCT is shorter than the registered address holding time AHT, the transmission packet interval HTT is shorter than the registered address holding time AHT, and the keep alive packet KA is being transmitted.

  Now, a case where the health check interval is longer than the registered address holding time will be described. After the health check HC1 is transmitted from the mobile terminal 1 (A in FIG. 4), the health check HC2 in which the destination address is converted is returned to the mobile terminal 1 (H in FIG. 4). There is no difference from the case where the interval is less than the registered address holding time (FIG. 4). The subsequent health check delivery is shown in FIG.

  In this case, since the health check interval is equal to or longer than the registered address holding time, when the GW server 5 transmits a communication packet after the registered address holding time elapses, the information in the NAT table 4 is deleted by the address conversion work at this time. Therefore, the communication packet is discarded without knowing the transfer destination. The transmission failure detection / notification means 7 determines that the transmission has failed because the reply from the portable terminal 1 is not received within a predetermined time with respect to the transmission of the communication packet (N in step A2 in FIG. 2 (1)). The communication packet time information is recorded (step A3 in FIG. 2 (1)).

  In such a state, it is assumed that a health check HC3 following the health check HC1 is transmitted from the mobile terminal 1 (I in FIG. 6). When the health check HC3 is received by the NAT device 2, as in the case of the health check HC1, the NAT means 3 converts the local address (192.168.0.2) of the transmission source to the global address (200.10.10.5) and the NAT table. Address translation information (192.168.0.2⇔200.10.10.5) is registered in 4 (J in FIG. 6) and held for the registered address holding time. As a result, the NAT table 4 is updated. The NAT device 2 transmits the health check HC3 obtained by converting the source address to the GW server 5 (K in FIG. 6).

  When the GW server 5 receives the health check HC3 (L in FIG. 6), in this case, there is a record of communication packet time information (step A3 in FIG. 2 (1)). The communication packet time information is added (step B3 in FIG. 2 (2)), and the health check HC4 is returned (M in FIG. 6).

  When the health check HC4 is received by the NAT device 2 (N in FIG. 6), the NAT means 3 converts the source global address (200.10.10.5) to the local address (192.168.0.2) and addresses to the NAT table 4 The conversion information (192.168.0.2⇔200.10.10.5) is registered (O in FIG. 6) and held for the registration address holding time. As a result, the NAT table 4 is updated. The NAT device 2 transmits the health check HC4 obtained by converting the source address to the mobile terminal 1 (P in FIG. 6).

  Since the NAT table update interval adjusting means 6 of the portable terminal 1 confirms that there is communication packet time information in the received health check HC4 (Y in step C2 in FIG. 3), transmission of the Keep Alive packet KA is started ( Step C4 in FIG. 3, Q in FIG. As described above, the keep alive packet transmission interval is determined to be less than the communication packet time indicated by the communication packet time information. Therefore, the NAT means 3 updates the NAT table 4 at an interval obtained by shortening the conventional NAT table update interval. (R in FIG. 6). Thereby, it can be expected that the transmission failure of the communication packet in the GW server 5 (N in step A2 in FIG. 2 (1)) will be solved.

  Note that if the transmission failure of the communication packet is not resolved even by updating the NAT table 4 by the keep alive packet KA (R in FIG. 5), the NAT table update interval adjusting means 6 further shortens the keep alive packet transmission interval. Continue. The Keep Alive packet KA is transmitted from the NAT device 2 to the GW server 5 (S in FIG. 6) and discarded there (T in FIG. 6).

  FIG. 7 clearly shows the time relationship when the above-described health check interval is equal to or longer than the registered address holding time. Referring to FIG. 7, the health check interval HCT is between the health check HC1 and the health check HC3, and the health check HC2 for the reply to the health check HC1 and the health check HC4 for the reply to the health check HC3 are immediately transmitted. I understand.

  In addition, the health check interval HCT is longer than the registered address holding time AHT, the transmission packet interval HTT is longer than the registered address holding time AHT, the keep alive packet interval KAT is shorter than the registered address holding time AHT, and the keep alive packet KA is healthy. It is shown that the data is transmitted twice between the check HC4 and the second-stage health check HC1.

  After the second health check HC1, the processing of the first step (the first health check HC1 to the second keep alive packet KA) is repeated. Since the record of the communication packet time information at the first level has been deleted, the Keep Alive packet interval KAT at the second level is determined by the communication packet time information at the second level.

  In the above description, in order to simplify the description, one NAT device is connected to a specific mobile terminal, but one mobile terminal may be connected to a plurality of NAT devices. In such a case, since the registered address retention time in the NAT device is usually different, if the health check interval is fixed according to the registered address retention time in any NAT device, the health check interval for other NAT devices will be excessive or insufficient. Arise. As a result, if the health check interval is too long, transmission and reception of communication packets may fail because the NAT table cannot be updated in time. On the other hand, if the health check interval is too short, address conversion is performed more than necessary, thereby increasing power consumption.

  However, according to the present invention, since the communication packet time information is added to the return health check when the transmission / reception of the communication packet fails, the mobile terminal can recognize the registered address holding time in the NAT device. Since the Keep Alive packet that can shorten the NAT table update time until is transmitted to the NAT device, an appropriate health check interval can be set even when connecting to a plurality of NAT devices.

[Other Embodiments of the Invention]
Next, as another embodiment of the present invention, the basic configuration is the same as the above embodiment, but when the mobile terminal 1 receives a health check with communication packet time information, a keep alive packet KA is transmitted. Instead of doing this, the health check interval may be shortened straight. That is, the NAT table update interval adjusting means 6 performs the process shown in FIG. 8 instead of the process shown in FIG. FIG. 9 clearly shows the time relationship when the health check interval is longer than the registered address holding time in this embodiment. Due to the transmission failure of the communication packet, the original health check interval HCT1 is shortened to the health check interval HCT2.

The block diagram which shows the structure of the NAT management system of this invention The flowchart which shows the process in the transmission failure detection / notification means 7 of GW server 5 The flowchart which shows the example of the process in the NAT table update space | interval adjustment means 6 of the portable terminal 1 Sequence diagram showing an example of health check delivery when the health check interval is less than the registered address retention time The figure which clarifies the time relation in the sequence of FIG. Sequence diagram showing an example of health check delivery when the health check interval is equal to or longer than the registered address retention time The figure which clarifies the time relation in the sequence of FIG. The flowchart which shows the other example of the process in the NAT table update space | interval adjustment means 6 of the portable terminal 1. Sequence diagram showing another example of health check delivery when the health check interval is less than the registered address retention time

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Mobile terminal 2 NAT apparatus 3 NAT means 4 NAT table 5 GW server 6 NAT table update interval adjustment means 7 Transmission failure detection / notification means
HC health check
KA KeepAlive packet
HCT health check interval
AHT address retention time
KAT KeepAlive packet transmission interval
HTT communication packet interval

Claims (4)

In a NAT management system that manages an address translation table used for address translation in communication between two networks with different IP address formats,
The terminal device in one network is
Means for transmitting a health check packet for confirming whether the gateway is out of order due to a failure at a predetermined health check interval in a time zone during which communication is not performed, to the gateway via the address translation device;
Means for changing the health check interval according to the content of the health check reply from the gateway via the address translation device to the health check packet;
The gateway is
If the transmission / reception of the communication packet with the terminal device has failed because the health check interval exceeds the address holding time of the address conversion table, the time from the health check reply to the communication time Means for recording information indicating a communication packet time;
Means for adding the record to the return health check packet if the record is present at the next health check reply;
The NAT management system in which the address translation device updates the address translation table with the health check packet or the communication packet. When the terminal device receives a health check reply from the gateway and information indicating the communication packet time is added, the terminal device transmits the keep alive packet at an interval shorter than the communication packet time. To the gateway via
2. The NAT management system according to claim 1, wherein the address translation device updates the address translation table with the keep alive packet.   When the terminal device receives a health check reply from the gateway and information indicating the communication packet time is added, the terminal device transmits the health check at an interval shorter than the communication packet time. The NAT management system according to claim 1, wherein: In the NAT management method in the NAT management system according to claim 1,
The terminal device in one network sends a health check packet for confirming whether the gateway is out of order due to a failure at a predetermined health check interval during a non-communication period to the gateway via the address translation device. Sending, and
The gateway returns a health check packet immediately upon receiving the health check when it is normal; and
When the gateway has failed in transmission / reception of a communication packet with the terminal device because the health check interval exceeds the address holding time of the address conversion table, the gateway starts from the time of the health check reply. Recording information indicating communication packet time until communication; and
The gateway adds the record to a return health check packet if the record exists at the next health check reply;
The terminal device changes the health check interval according to the content of the health check reply;
The NAT management method, wherein the address translation device includes a step of updating the address translation table with the health check packet or the communication packet.

Images