JP2012191518A - Address management device, address management method, and address management program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To efficiently give an address with which communication is possible even in the case of connecting to a network having a large number of bases.SOLUTION: In a communication system having a plurality of address management devices managing addresses given to address managed devices configuring networks connected under the communication system, a first address management device stores first given addresses given to the address managed device connected under the own device, and arbitrates so as not to overlap, among addresses of the plurality of address management devices, second given addresses stored in an address management device in a second network connected to a network under the own device, third given addresses stored in a third address management device in a third network connected to the second network, and the first given addresses stored in the own device.

Description

  The present invention relates to a technique for managing addresses in a network.

When a plurality of private networks based on the Internet protocol (IP) are connected in, for example, a VPN (Virtual Private Network) and communicated within the same network segment, addresses (assigned to communication devices within the network segment) ( IP address) must be unique.
Patent Document 1 describes a technique for preventing address conflict by exchanging information of addresses issued at both bases when the address spaces of two connected bases are the same (a). . In addition, when the address space of the two base networks to be connected is different, a technique is described in which multicast packets are manipulated to perform communication based on DLNA (Digital Living Network Alliance (registered trademark)) guidelines between the two base communication devices. (B).

JP 2010-278636 A

  However, when a large number of networks are connected by the above-described technology, it is considered that the communication cost for notifying the address may be excessive or the address may be insufficient. For example, since the technique (a) assigns a unique address to all communication devices in the same network segment, a large number of addresses need to be exchanged when connecting networks of many bases. Communication costs are expected to increase. In the technique (b), for example, if an address space including 256 addresses is secured at each site, the 10.0.0.0/8 address space that is the A class is divided by a 24-bit mask, The number of networks that can be connected is limited to 65536 sites. In this case, it is considered difficult to connect all communication devices connected to a large number of networks connected to the global network. Therefore, it is desirable to efficiently assign addresses that can be communicated even when a large number of base networks are connected.

  The present invention has been made in view of such a situation, and provides an address management device, an address management method, and an address management program that efficiently assign addresses that can be communicated even when a large number of base networks are connected. .

  In order to solve the above-described problem, the present invention provides a first address management device in a communication system including a plurality of address management devices that manage addresses to be assigned to address managed devices that constitute a network connected under the present invention. And an assigned address storage unit that stores a first assigned address to be assigned to an address managed device connected under its own, and a first network under its own among a plurality of address management devices. The second assigned address stored in the assigned address storage unit included in the second address management device in the second network to be connected, and the third address management in the third network connected to the second network The third grant address stored in the grant address storage unit provided in the device and the own grant address storage unit Is in a first grant addresses is characterized by comprising an address arbitration unit for arbitrating so as not to overlap.

  In addition, the present invention includes a VPN connection unit that performs VPN connection between the first network and the second network after arbitration of the assigned address by the address arbitration unit. .

  The present invention further includes a grant address acquisition unit that receives the second grant address and the third grant address from the second address management device and the third address management device, and the address arbitration unit acquires the grant address. The second grant address and the third grant address received by the unit and the first grant address stored in its own grant address storage unit, and if the grant addresses match, the first grant address Is changed to a given address that does not match the second given address and the third given address, and is arbitrated by storing it in the given address storage unit.

  Further, according to the present invention, when the address arbitration unit arbitrates the assigned address, the address arbitration unit transmits an arbitration completion notification to the second address management device, and sends another address management device to the assigned address acquisition unit of the second address management device. It is characterized in that a process for receiving a given address from the server is performed.

  In addition, the present invention includes a priority storage unit that stores high and low priority levels for changing the address, and the address arbitration unit has its own priority when the second grant address matches the first grant address. The priority stored in the degree storage unit is compared with the priority stored in the priority storage unit of the second address management device, and arbitration is performed based on the priority level.

  Further, the present invention manages an address to be given to an address managed device that constitutes a network connected to a subordinate, and stores a first assigned address to be given to an address managed device connected to its own subordinate An address management method for a first address management device in a communication system having a plurality of address management devices having a given address storage unit, and of the plurality of address management devices, a first network under its control is connected. The second assigned address stored in the assigned address storage unit provided in the second address management device in the second network and the assigned address provided in the address management device in the third network connected to the second network The third grant address stored in the storage unit and the own grant address storage unit Characterized in that it comprises the step of the first allocation address arbitrates so as not to overlap.

  Further, the present invention manages an address to be given to an address managed device that constitutes a network connected to a subordinate, and stores a first assigned address to be given to an address managed device connected to its own subordinate The second network to which the first network under its control from among the plurality of address management devices is connected to the computer of the first address management device in the communication system having a plurality of address management devices having a given address storage unit In the second address management device provided in the second address management device, and in the assignment address storage device provided in the address management device in the third network connected to the second network Third assigned address and the first assigned address stored in its own assigned address storage unit. Address and is an address management program for executing the step of arbitrating so as not to overlap.

  As described above, according to the present invention, the first address management device in the communication system including a plurality of address management devices for managing addresses to be assigned to the address managed devices constituting the subordinate network is provided. , Storing a first assigned address to be assigned to an address managed device connected under its own, and storing it in an address management device in a second network to which its subordinate network is connected among a plurality of address management devices The second assigned address, the third assigned address stored in the third address management device in the third network connected to the second network, and the first stored in itself. Arbitration is performed so that it does not overlap with the assigned address of the The less, it is possible to efficiently grant.

It is a figure which shows the outline | summary of the communication system by the 1st Embodiment of this invention. It is a figure which shows the outline | summary of the communication system by the 1st Embodiment of this invention. It is a figure which shows the outline | summary of the communication system by the 1st Embodiment of this invention. It is a figure which shows the outline | summary of the communication system by the 1st Embodiment of this invention. It is a figure which shows the outline | summary of the communication system by the 1st Embodiment of this invention. It is a figure which shows the outline | summary of the communication system by the 1st Embodiment of this invention. It is a figure which shows the outline | summary of the communication system by the 1st Embodiment of this invention. It is a figure which shows the outline | summary of the communication system by the 1st Embodiment of this invention. It is a block diagram which shows the structure of the communication system by the 1st Embodiment of this invention. It is a block diagram which shows the structure of the IP address management apparatus by the 1st Embodiment of this invention. It is a figure which shows the operation example of the communication system by the 1st Embodiment of this invention. It is a figure which shows the operation example of the communication system by the 1st Embodiment of this invention. It is a figure which shows the operation example of the communication system by the 1st Embodiment of this invention. It is a figure which shows the operation example of the communication system by the 1st Embodiment of this invention. It is a figure which shows the operation example of the communication system by the 1st Embodiment of this invention. It is a figure which shows the operation example of the communication system by the 1st Embodiment of this invention. It is a sequence diagram which shows the operation example of the communication system by the 1st Embodiment of this invention. It is a block diagram which shows the structure of the communication system by the 2nd Embodiment of this invention. It is a block diagram which shows the structure of the IP address management apparatus by the 2nd Embodiment of this invention. It is a sequence diagram which shows the operation example of the communication system by the 2nd Embodiment of this invention. It is a block diagram which shows the structure of the IP address management apparatus by the 3rd Embodiment of this invention. It is a figure which shows the operation example of the communication system by the 3rd Embodiment of this invention. It is a figure which shows the operation example of the communication system by the 3rd Embodiment of this invention. It is a figure which shows the operation example of the communication system by the 3rd Embodiment of this invention. It is a figure which shows the operation example of the communication system by the 3rd Embodiment of this invention. It is a figure which shows the operation example of the communication system by the 3rd Embodiment of this invention. It is a figure which shows the operation example of the communication system by the 3rd Embodiment of this invention. It is a figure which shows the operation example of the communication system by the 3rd Embodiment of this invention. It is a sequence diagram which shows the operation example of the communication system by the 3rd Embodiment of this invention.

Hereinafter, an embodiment of the present invention will be described with reference to the drawings.
<First Embodiment>
First, an outline of the present embodiment will be described. For example, as shown in FIG. 1, a network A, a network B, and a network C to which the same network address is assigned exist, the network A and the network B are VPN-connected, and the network B It is assumed that the network C is VPN-connected and the network A and the network C are not VPN-connected. At this time, even if the network A and the network C are not VPN-connected, the network B is VPN-connected to the network A and the network C, so the same address is given to the communication terminals in the three networks. That is not allowed.

  Here, as shown in FIG. 2, a case is considered in which the network D is further VPN-connected to the network C and the same network address is given. In such a case, in the conventional communication system, it is prohibited to assign the same address to these entire networks. However, at this time, it is not allowed that addresses are duplicated between the network A, the network B, and the network C, but communication is hindered even if the same address is assigned to the network A and the network D. There is no. In other words, if another adjacent network connected by VPN is counted as one hop, if the address does not conflict with the network up to two hops away, communication can be performed even if the address overlaps with the network after the third hop. It can be carried out. The communication system 1 of the present embodiment pays attention to this, and performs address arbitration processing that assigns an address that does not hinder communication while using a duplicate address in a network to which the same network address is assigned. .

  Here, the outline of the address management processing of the present embodiment will be described using an example in which the network A, the network B,..., The network x, the network y, and the network z as shown in FIG. Each circle shown in the figure represents a network, and circles connected by lines are VPN-connected. For example, the network A and the network x are already VPN-connected, the network x and the network y are already VPN-connected, and the network B and the network z are already VPN-connected.

  When the network A and the network B newly make a VPN connection, the network A is assigned to a network that is already connected to the VPN (for example, the network x) as being usable in a network within two hops. An address collection request is transmitted (step SS1). Then, as shown in FIG. 4, the first hop network (for example, network x) that has received the collection request transmitted from the network A is the second hop network (for example, network y) that is already VPN-connected. In response to this, a collection request is transmitted (step SS2). As shown in FIG. 5, the second-hop network (for example, network y) that has received the collection request transmits an address collection response including the address used in its own network in response to the collection request (step SS3). ). As shown in FIG. 6, the first hop network (for example, network x) includes the address used in its own network in the address collection response transmitted from the second hop network. Transmit to the transmission source network (step SS4).

  As shown in FIG. 7, the network A similarly sends an address collection request to the network B (step SS5). As in steps SS1 to SS5, the first hop network (for example, network B) is used in its own network for address collection responses from the second hop network (for example, network z). Including the existing address, as shown in FIG. 8, it is transmitted to the network (network A) of the transmission source of the collection request (step SS6). The network A compares the collected address with the address used in its own network. If the collected address does not include the address used in its own network, the address is not changed. If the collected address includes an address used in its own network, the address used in its own network is changed to an address that does not match (does not overlap) with the collected address. Thereafter, the network A and the network B are VPN-connected, so that it is possible to prevent an address conflict with another adjacent network in each network.

  Next, a configuration example of the communication system 1 that performs such address management processing will be described. FIG. 9 is a block diagram illustrating a configuration example of the communication system 1 according to the present embodiment. The communication system 1 includes a plurality of IP address management devices 100-N (IP address management device 100-1, IP address management device 100-2, IP address management device 100-3, IP address management device) connected via the Internet. 100-4,...) And a plurality of IP address managed devices 200-MN (IP address managed devices 200-1-1, IP) connected to the respective IP address management devices 100-N Address managed device 200-1-2,..., IP address managed device 200-4-3,. Here, since the plurality of IP address management devices 100-N have the same configuration, they will be described as the IP address management device 100 unless otherwise distinguished. Similarly, since the plurality of IP address managed devices 200-MN have the same configuration, they will be described as the IP address managed device 200 unless otherwise distinguished. In this figure, four IP address management devices 100 and three IP address managed devices 200 connected under the control of the IP address management device 100 are shown, but any number may be used.

  Here, a plurality of IP address management devices 100 are connected via the Internet, and the plurality of IP address management devices 100 are described as being assigned global IP addresses in the Internet. The network to be connected is not limited to the Internet. In other words, any network may be used as long as a plurality of IP address management devices 100 communicate in the same address space. For example, a network such as NGN (Next Generation Network) constituting the Internet may be used.

  The IP address management device 100 is a computer device that manages an address to be assigned to the IP address managed device 200 that constitutes a network connected to itself. As a result, a private network including a plurality of IP address managed devices 200 is configured under the IP address management device 100. For example, a programmable gateway device called a home gateway or a service gateway can be applied to the IP address management device 100. Here, it is assumed that “AA” is assigned to the IP address management device 100-1 as a global address on the Internet side. Similarly, as a global address on the Internet side, “BBBB” is assigned to the IP address management device 100-2, and “xxxx” is assigned to the IP address management device 100-3. It is assumed that “yyy” is assigned to the IP address management device 100-4. Also, it is assumed that IP address management apparatus 100-1 and IP address management apparatus 100-3 are VPN-connected, and IP address management apparatus 100-3 and IP address management apparatus 100-4 are VPN-connected. . Here, for the sake of simplicity, description will be given by showing three IP address management devices 100 connected in series with VPN in this way. However, as shown in FIGS. 3 to 8, a plurality of IP address management devices 100 are mesh-shaped. VPN connection may be possible.

Here, the IP address management device 100 will be described as having a function of performing VPN connection with another IP address management device 100, but the function of performing VPN connection itself is a VPN termination device different from the IP address management device 100. 150 may be substituted.
The VPN termination device 150 is a computer device that acts as a proxy for VPN connection of the network managed by the IP address management device 100 when the IP address management device 100 does not have a function as a VPN termination.

  The IP address managed device 200 is a computer device that performs IP communication based on the address given from the IP address management device 100, and constitutes a private network under the IP address management device 100. In the present embodiment, the IP address managed device 200 under the IP address management device 100-1 is set to be assigned an address in the range of “10.0.1.0/24”. To do. Similarly, the IP address managed device 200 subordinate to the IP address managing device 100-2 has an IP address managed device 200 subordinate to the IP address managing device 100-3 of “10.0.1.0/24”. Is assigned an address in the range of “10.0.3.0/24” to the IP address managed device 200 subordinate to the IP address management device 100-4. Suppose that it is set to be. As the IP address managed device 200, for example, a PC (Personal Computer), a PC peripheral device, a white home appliance, a black home appliance, or the like can be applied, and an arbitrary number of IP address managed devices 200 can be used as the IP address management device 100. Can be connected. Under the control of the IP address management device 100, there may be devices (non-IP address managed devices) whose addresses are not managed by the IP address managed device 200.

  Next, the IP address management device 100 will be described in more detail. FIG. 10 is a diagram illustrating a specific configuration example of the IP address management device 100. The IP address management device 100 includes a range management unit 101, a VPN connection request reception unit 102, a VPN connection destination management unit 103, an address arbitration control unit 104, an address collection request transmission unit 105, and an address collection request reception unit 106. An address recollection control unit 107, an address collection response transmission unit 108, an address collection response reception unit 109, an address arbitration unit 110, an address change unit 111, and a VPN connection unit 112. However, each function included in the IP address management device 100 is not necessarily provided in a single hardware device, and each function may be distributed and provided in a plurality of hardware devices. For example, as described above, the VPN termination device 150 having the same function as the VPN connection unit 112 may be provided as a device different from the IP address management device 100.

  The range management unit 101 stores an assigned address to be assigned to the IP address managed device 200 connected to the IP address management device 100. Here, it is assumed that the range management unit 101 stores a range (range) of addresses to be given to the subordinate IP address managed device 200, and the address changing unit 111 selects the IP address target from the address range. An address is assigned to the management apparatus 200. For example, a value such as “10.0.1.0/24” is stored in the range management unit 101.

  The VPN connection request receiving unit 102 receives a VPN connection request from an external application, and causes the VPN connection destination management unit 103 to store a VPN connection destination address included in the VPN connection request. Here, the external application may be, for example, an input unit such as a keyboard that accepts an input of a VPN connection destination address, or accepts an input of an ID (identification information) indicating another IP address management device 100 that is a VPN connection destination. A function of acquiring an address corresponding to the input ID via the network may be used, or a VPN connection request transmitted from the IP address managed device 200 may be received.

  Further, the VPN connection request receiving unit 102 transmits an address arbitration request to the address arbitration control unit 104, and when the arbitration process by the address arbitration control unit 104 is successful, the VPN connection request including the VPN connection destination address is transmitted to the VPN connection unit. 112. When the arbitration process by the address arbitration control unit 104 fails, the VPN connection destination address stored in the VPN connection destination management unit 103 is deleted. Further, when receiving the VPN connection release request, the VPN connection request receiving unit 102 deletes the VPN connection destination address stored in the VPN connection destination management unit 103 corresponding to the VPN connection release request, and the VPN connection unit 112 A VPN connection release request is transmitted to.

  The VPN connection destination management unit 103 stores a VPN connection destination address included in the VPN connection request received by the VPN connection request reception unit 102. The VPN connection destination management unit 103 can store a plurality of VPN connection destination addresses. For example, the VPN connection destination management unit 103 stores VPN connection destination addresses such as “20.20.20.20”, “20.30.40.50”, and “30.30.30.30”. .

  The address arbitration control unit 104 includes a range management unit 101 of the IP address management device 100 from another IP address management device 100 adjacent to the IP address management device 100 and another IP address management device 100 adjacent to the IP address management device 100. Receive the range of addresses stored in. Here, the adjacent IP address management device 100 indicates another IP address management device 100 that is directly connected to the VPN. Specifically, the address arbitration control unit 104 transmits an address collection request to the address collection request transmission unit 105 when the VPN connection request reception unit 102 receives the VPN connection request. The address collection request includes the number of hops indicating the number of times address collection is performed recursively from another IP address management device 100. For example, in this embodiment, the address collection request includes information (hop = 2) indicating that the number of hops is 2. The IP address management apparatus 100 that has received the address collection request reads the number of hops included in the received address collection request, and subtracts 1 from the read number of hops. If the subtraction result is 1 or more, the IP address management device 100 transmits an address collection request to another IP address management device 100 that is VPN-connected to itself. If the subtraction result is 0, the address collection request is not transmitted to the other IP address management device 100, and the address collection response is transmitted to the transmission source of the address collection request. Here, when the IP address management device 100 transmits an address collection request, if there are a plurality of other IP address management devices 100 connected to the IP address management device 100 by VPN, the plurality of other IP address managements are performed. An address collection request in which the same number of hops is set is similarly transmitted to the device 100. Thus, the number of hops indicates the depth of address collection search for other networks. When the address arbitration control unit 104 receives an address collection response to the address collection request transmitted to the address collection request transmission unit 105 from the address collection response reception unit 109, the address arbitration control unit 104 receives the address collection response received by the address collection response reception unit 109. The data is transmitted to the address arbitration unit 110 to cause the address arbitration unit 110 to perform arbitration processing. The address arbitration control unit 104 transmits the result of the arbitration process by the address arbitration unit 110 to the VPN connection request reception unit 102.

  The address collection request transmission unit 105 acquires the VPN connection destination address from the VPN connection destination management unit 103 or the address recollection control unit 107, and responds to the address collection request received from the address arbitration control unit 104 or the address recollection control unit 107. The address collection request is transmitted with the IP address management device 100 indicated by the VPN connection destination address as the destination. The address collection request transmission unit 105 sends the address collection response received by the address collection response reception unit 109 in response to the transmitted address collection request, to the address arbitration control unit 104 or the address recollection control unit 107 that is the transmission source of the address collection request. Send to.

The address collection request receiving unit 106 receives the address collection request transmitted from the address collection request transmitting unit 105 of the other IP address management apparatus 100 and transmits it to the address recollection control unit 107.
The address recollection control unit 107 subtracts 1 from the number of hops included in the address collection request received by the address collection request reception unit 106, and if the subtraction result is 0, the address recollection control unit 107 stores the address stored in the range management unit 101. The range is read, and an address collection response is generated that associates the read range with the number of hops as 1. On the other hand, 1 is subtracted from the number of hops included in the address collection request, and if the subtraction result is not 0, an address collection request including the subtracted hop number is transmitted to the address collection request transmission unit 105. In response to this, the VPN connection destination address stored in the VPN connection destination management unit 103 is read by the address collection request transmission unit 105, and another adjacent IP address is set with the read VPN connection destination address as the destination. An address collection request is transmitted to the management apparatus 100. When the address collection response receiving unit 109 receives an address collection response to the address collection request transmitted by the address collection request transmitting unit 105, the address recollection control unit 107 adds 1 to the number of hops included in the address collection response. Then, the range of the address stored in the range management unit 101 is read out, associated with the number of hops as 1, and written in the address collection response as its own response.

The address collection response transmission unit 108 transmits the address collection response in which the response from the address recollection control unit 107 is written to the IP address management apparatus 100 that is the transmission source of the address collection request.
The address collection response receiving unit 109 is transmitted from the address collection response receiving unit 109 of the IP address management apparatus 100 that is the transmission destination of the address collection request in response to the address collection request transmitted by the own address collection request transmitting unit 105. The address collection response is received and transmitted to the address collection request transmission unit 105. Here, when the address collection request transmitting unit 105 transmits an address collection request to the plurality of IP address management devices 100, the address collection response receiving unit 109 responds to all of the plurality of address collection requests. Is received, an address collection response including all response results is transmitted to the address collection request transmission unit 105.

  The address arbitration unit 110 is stored in the range management unit 101 included in the IP address management device 100 in another network to which the subordinate network of the plurality of IP address management devices 100 connected to the Internet is VPN-connected. Either the address range or the address range stored in the range management unit 101 included in the IP address management apparatus 100 in another network that is VPN-connected to the network and the range management unit 101 of the address range. Arbitration is performed so that there is no overlap with the existing address range. Here, the address arbitration unit 110 reads the address range stored in its own range management unit 101, and the read address range and the address range included in the address collection response received by the address arbitration control unit 104. And compare. If the address ranges match, the address range stored in its own range management unit 101 is changed to an address range that does not match the address range included in the address collection response. Remember me.

  Here, when the address arbitration units 110 of the plurality of IP address management apparatuses 100 perform the arbitration process in parallel, it is conceivable that the same address range is set in the plurality of IP address management apparatuses 100. For this reason, in the example of the present embodiment, the address arbitration unit 110 performs the arbitration process with a time difference from the other IP address management devices 100, and thus, after the address arbitration process is completed, An arbitration completion notification is transmitted to the address management device 100. After receiving the arbitration completion notification, the adjacent IP address management device 100 operates its own address arbitration control unit 104 to acquire an address range from another adjacent IP address management device 100 and perform the arbitration process. Do.

  Specifically, when the address arbitration control unit 104 receives an address collection response to the address collection request, the address arbitration unit 110 does not include the range of the address read from the range management unit 101 in the received address collection response. In this case, the address range read from the range management unit 101 is returned to the address arbitration control unit 104 as a result. If it exists, a new range that is not included in the address collection response is selected from a predetermined usable range (for example, 10.0.1.0/24 to 10.255.255.0/24). The available range is determined and stored in the range management unit 101, the address change unit 111 is transmitted with a new address range, the address change process is requested, and the address arbitration control unit 104 receives the new address range as a result. return. However, if there is no usable range, a response to the address arbitration control unit 104 is made. In this case, VPN connection is not performed.

  The address changing unit 111 assigns an address to the IP address managed device 200 connected to itself from the address range stored in the range management unit 101. For example, the address changing unit 111 has a function of a DHCP (Dynamic Host Configuration Protocol) server. Here, the address changing unit 111 shortens the lease period of the address, for example, for a short time (for example, for example) so that the changed address is acquired as the address of the IP address managed device 200 quickly when the address range is changed. 30 seconds) or the like. In the present embodiment, an example in which the address changing unit 111 assigns an address by the function of the DHCP server in this way will be described. However, using any other method (for example, NAT (Network Address Translation)), The addresses may be managed in a pseudo manner.

  When the address arbitration processing is performed by the address arbitration unit 110 and the processing is successful, the VPN connection unit 112 sends a VPN connection request to the VPN connection destination address included in the VPN connection request received by the VPN connection request reception unit 102. Send VPN connection. Any general method can be used for the VPN connection. When the VPN connection unit 112 receives a VPN connection release request, the VPN connection unit 112 disconnects the VPN connection corresponding to the VPN connection release request.

Next, an operation example of the IP address management device 100 according to the present embodiment will be described. FIGS. 11 to 17 are diagrams illustrating an example of the operation of the address management process performed by the IP address management device 100.
Here, as a premise, as shown in FIG. 9, the IP address management device 100-1 and the IP address management device 100-3 are already connected by VPN, and the VPN connection destination management of the IP address management device 100-1 is performed. It is assumed that “xx.x.x”, which is a VPN connection destination address, is already stored in the unit 103. Similarly, the IP address management device 100-3 and the IP address management device 100-4 are already connected by VPN, and the VPN connection destination management unit 103 of the IP address management device 100-3 already has a VPN connection destination address. It is assumed that “AAAA” and “yAy” are stored. The IP address management device 100-1 and the IP address management device 100-2 are not VPN-connected, and an example in which the IP address management device 100-1 and the IP address management device 100-2 newly make a VPN connection will be described. To do. However, the IP address management device 100-1 will be described as including the VPN connection unit 112 therein. First, in FIG. 11, the VPN connection request receiving unit 102 of the IP address management device 100-2 receives a VPN connection request whose VPN connection destination address is “AAAA” from an external application that is a request source. Receive (step S1). The VPN connection request reception unit 102 stores the VPN connection destination address included in the received VPN connection request in the VPN connection destination management unit 103 (step S2) and generates an address collection request to the address arbitration control unit 104 Is requested (step S3). When the address arbitration control unit 104 generates an address collection request with a hop count of 2 in response to the address collection request generation request from the VPN connection request reception unit 102 (step S4), the address collection request transmission unit 105 The VPN connection destination address (AAAA) is read from the VPN connection destination management unit 103 (step S5), and an address collection request is transmitted with the read VPN connection destination address as the destination (step S6).

  When the address collection request receiving unit 106 of the IP address management device 100-1 receives the address collection request transmitted from the IP address management device 100-2, the address collection request is transmitted to the address recollection control unit 107 (step S7). ). The address recollection control unit 107 subtracts 1 from the number of hops of the received address collection request and transmits it to the address collection request transmission unit 105 (step S8). The address collection request transmission unit 105 reads out the VPN connection destination address (xx.xx) stored in the VPN connection destination management unit 103 as the destination of the address collection request (step S9).

  12, the address collection request transmission unit 105 of the IP address management apparatus 100-1 transmits an address collection request to the IP address management apparatus 100-3 with the VPN connection destination address read in step S9 as the destination ( Step S10). The address collection request receiving unit 106 of the IP address management device 100-3 receives the address collection request transmitted from the IP address management device 100-1, and the address recollection control unit 107 includes the number of hops included in the address collection request. 1 is subtracted from As a result, since the number of hops becomes 0, it is determined that an address collection request to another IP address management device 100 is unnecessary, and the address recollection control unit 107 determines the range of addresses stored in the range management unit 101 (10 .. 0.2.0 / 24) is read (step S12).

  Proceeding to FIG. 13, the address recollection control unit 107 of the IP address management device 100-3 generates an address collection response in which the address range read from the range management unit 101 is associated with the number of hops (= 1) ( hop = 1 10.0.2.0/24), and transmits it to the address collection response transmission unit 108 (step S13). The address collection response transmission unit 108 transmits the address collection response received from the address recollection control unit 107 to the IP address management device 100-1 (step S14). When the address collection response receiving unit 109 of the IP address management device 100-1 receives the address collection response transmitted from the IP address management device 100-3, the address collection response receiving unit 109 performs address recollection control on the address collection response. It transmits to the part 107 (step S15). The address recollection control unit 107 reads the address range (10.0.1.0/24) stored in the range management unit 101 (step S16), writes it in the address collection response, and the address collection response transmission unit 108. (Step S17). Here, 1 is added to the number of hops in the address range of the IP address management device 100-3 included in the address collection response, and the range of its own address is associated as the number of hops 1 (hop = 2 10.0. 2.0 / 24 hop = 1 10.0.1.0/24), write to address collection response.

  14, the address collection response transmission unit 108 of the IP address management device 100-1 transmits an address collection response to the IP address management device 100-2 (step S18). When the address collection response receiving unit 109 of the IP address management device 100-2 receives the address collection response transmitted from the IP address management device 100-1, the address collection response receiving unit 109 sends the address collection response to the address arbitration control unit 104. A response is transmitted (step S19). The address arbitration control unit 104 transmits an address collection response to the address arbitration unit 110 (step S20). The address arbitration unit 110 includes a range of addresses included in the address collection response received from the address arbitration control unit 104 (hop = 2 10.0.2.0/24, hop = 1 10.0.1.0/24). And the address range (10.0.1.0/24) stored in the range management unit 101 are compared. Here, the range of “10.0.1.0/24” matches.

  The address arbitration unit 110 determines that the address range stored in the range management unit 101 matches the address range of the IP address management device 100-1 included in the address collection response. The address arbitration unit 110 determines an address range (for example, 10.0.3.0/24) that is not included in the address collection response, and stores it in the range management unit 101 as a range of its own address (step S21). . Further, the changed address range is transmitted to the address changing unit 111 (step S22). The address changing unit 111 assigns an address to the IP address managed device 200 connected to the subordinate based on the changed address range. When the address arbitration unit 110 transmits a result indicating that the arbitration process has been successful to the address arbitration control unit 104 (step S23), the address arbitration control unit 104 indicates a result indicating that the arbitration process has been successful as a VPN connection request. It transmits to the receiving part 102 (step S24). Upon receiving the result of the arbitration process, the VPN connection request receiving unit 102 transmits an address arbitration process completion notification with the connection destination addressed to the VPN connection destination address (AAAA) to the VPN connection unit 112. (Step S25). In addition, the fact that the address arbitration with the VPN connection destination network is completed is transmitted to the requester of the VPN connection request (step S26). Thereafter, the VPN connection unit 112 performs VPN connection with the new VPN connection destination address ((AAAA)) as the destination.

  In this way, when the arbitration process by the IP address management device 100-2 at one end that performs VPN connection is completed, the IP address management device 100-2 notifies the completion to the IP address management device 100-1 at the other end that performs VPN connection. Send. Then, the IP address management device 100-1 similarly performs arbitration processing. Here, as shown in FIG. 15, the VPN connection request receiving unit 102 of the IP address management device 100-1 receives a VPN connection request with the VPN connection destination address “BBBB” (steps). S27), the VPN connection destination address included in the VPN connection request is stored in the VPN connection destination management unit 103 (step S28), and the address arbitration control unit 104 is requested to generate an address collection request (step S29). . When the address arbitration control unit 104 generates an address collection request with a hop count of 2 (step S30), the address collection request transmission unit 105 receives the VPN connection destination address (xx.x.x.) from the VPN connection destination management unit 103. x, BBBBB) is read (step S31), and an address collection request is transmitted with the read VPN connection destination address as the destination (steps S32 and 33).

  When the address collection request receiving unit 106 of the IP address management device 100-2 receives the address collection request transmitted from the IP address management device 100-1, the same processing as that described in steps S11 to S13 is performed. The generated address collection response is transmitted to the IP address management device 100-1 (step S34). Similarly, when the address collection request receiving unit 106 of the IP address management device 100-3 receives the address collection request transmitted from the IP address management device 100-1, processing similar to the processing described in steps S7 to S13 is performed. Then, the generated address collection response is transmitted to the IP address management device 100-1 (step S35). The address collection response receiving unit 109 of the IP address management device 100-1 receives the address collection response transmitted from the IP address management device 100-2 and the IP address management device 100-3, and transmits it to the address arbitration control unit 104. (Step S36). The address arbitration control unit 104 transmits an address collection response to the address arbitration unit 110 (step S37). The address arbitration unit 110 includes a range of addresses included in the address collection response received from the address arbitration control unit 104 (hop = 2 10.0.3.0/24, hop = 1 10.0.2.0/24, hop = 1 10.0.3.0/24) and the address range (10.0.1.0/24) stored in the range management unit 101 are compared. Here, the ranges do not match.

  The address arbitration unit 110 determines that the address range stored in the range management unit 101 does not match the address range of the IP address management device 100-1 included in the address collection response, and the arbitration is successful. Is transmitted to the address arbitration control unit 104 (step S38). The address arbitration control unit 104 transmits a result indicating that the arbitration process has been successful to the VPN connection request receiving unit 102 (step S39). When receiving the result of the arbitration process, the VPN connection request receiving unit 102 transmits a VPN connection request addressed to the VPN connection destination address (BBBB) to the VPN connection unit 112 (step S40). Further, a result indicating that the VPN connection is made is transmitted to the requester of the VPN connection request (step S41).

  FIG. 17 is a sequence diagram showing processing between the IP address management devices 100 in the arbitration processing described above. When there is a VPN connection request between the IP address management device 100-1 and the IP address management device 100-2, the IP address management device 100-2 makes an address collection request to the IP address management device 100-1 in step S6. Send. When receiving the address collection request transmitted from the IP address management apparatus 100-2, the IP address management apparatus 100-1 transmits an address collection request to the IP address management apparatus 100-3 in step S10. In step S14, the IP address management device 100-3 transmits an address collection response to the IP address management device 100-1, and the IP address management device 100-1 sends an address collection response to the IP address management device 100-2 in step S18. Send to. When the address arbitration process in the IP address management apparatus 100-2 is completed, the IP address management apparatus 100-1 similarly performs an arbitration process by transmitting an address collection request (steps S32 to S35). When the address arbitration processing in both the IP address management apparatus 100-2 and the IP address management apparatus 100-1 is completed and the arbitration is successful, the IP address management apparatus 100-2 and the IP address management apparatus 100-1 Connect.

<Second Embodiment>
Next, a second embodiment of the present invention will be described. In the first embodiment, an example in which an address collection request is directly transmitted / received between a plurality of IP address management devices 100 has been described. However, information is directly transmitted / received between IP address management devices 100 from the viewpoint of security or the like. If this is not desirable, information transmission / reception between the IP address management devices 100 may be performed via the center server 300. FIG. 18 is a diagram showing a configuration of the communication system 1 when the center server 300 transmits an address collection request. The center server 300 is connected to a plurality of IP address management devices 100 via the Internet.

  FIG. 19 is a diagram illustrating a configuration of the center server 300. The center server 300 is a computer device that relays and substitutes information communication between a plurality of IP address management devices 100. Specifically, for example, transmission / reception of address collection requests and transmission / reception of address collection responses are relayed. The center server 300 includes an address collection request reception unit 301, an address collection request transmission unit 302, an address collection response reception unit 303, and an address collection response transmission unit 304.

The address collection request reception unit 301 receives the address collection request transmitted from the address collection request transmission unit 105 of the IP address management apparatus 100 and transmits the address collection request to the address collection request transmission unit 302. Here, when an address collection request is transmitted from the IP address management apparatus 100, a list of VPN connection destination addresses of the IP address management apparatus 100 is transmitted.
The address collection request transmission unit 302 receives the address collection request transmitted from the address collection request reception unit 301, sets the number of hops, and transmits the address collection request to the destination of the address collection request.

The address collection response receiving unit 303 receives an address collection response to the address collection request transmitted by the address collection request transmission unit 302, and after receiving all the address collection responses, the collected address collection response is sent to the address collection response transmission unit 304. Send to.
The address collection response transmission unit 304 transmits the address collection response received by the address collection response reception unit 303 to the IP address management apparatus 100 that is the transmission source of the address collection request.
FIG. 20 is a diagram illustrating an operation example of the communication system 1 according to such an embodiment. The operation is the same as that described in the first embodiment, except that the address collection request and the address collection response are sent and received via the center server 300.

<Third Embodiment>
Next, a third embodiment of the present invention will be described. The communication system 1 according to the present embodiment is the same as the communication system 1 according to the first embodiment, but reduces the number of communication between the IP address management devices 100. Here, by notifying the address collected by itself between the IP address management apparatuses 100 that newly perform the VPN connection, the address collection request is not made to the connection destination that newly performs the VPN connection. Reduce the number of communications.

  Further, in the first embodiment, in order to prevent conflicting ranges of addresses changed by a plurality of IP address management devices 100, the IP address management devices 100 that newly perform VPN connection are not parallel to each other with a time difference. An example of address collection request and mediation processing was shown. On the other hand, in this embodiment, after performing address collection requests in parallel, the candidate values of the address range are notified and arbitrated. Also, in this embodiment, when the address range is changed, the change of the communication filtering or the like is rewritten according to the new address range by notifying the change to the VPN connection destination already connected by VPN. Make it possible. Further, when changing the address range, the user is asked to confirm whether or not to change the address range. If the user approves the change of the address range, the address range is changed, but if the user does not enter the approval of the address range change, the address range is not changed. VPN connection is not performed.

  FIG. 21 is a diagram illustrating a configuration example of the IP address management device 100 of the present embodiment. The IP address management device 100 includes a priority management unit 113, an address arbitration candidate notification unit 114, an address arbitration candidate reception unit 115, and an address change notification unit in addition to the units included in the communication system 1 according to the first embodiment. 116, an address change receiving unit 117, an address collection result notifying unit 118, and an address collection result receiving unit 119.

  The VPN connection request receiving unit 102 according to the present embodiment receives the VPN connection request, requests the address arbitration control unit 104 for address arbitration, and if the address arbitration is successful, the VPN connection destination address included in the VPN connection request is displayed. The information is stored in the VPN connection destination management unit 103. That is, the timing at which the VPN connection destination management unit 103 stores the VPN connection destination address is not after execution of arbitration but after execution of arbitration.

  In response to the arbitration request from the VPN connection request receiving unit 102, the address arbitration control unit 104 transmits an address collection request with a hop count of 2 to the address collection request transmission unit 105. Upon receiving an address collection response corresponding to the address collection request from the address collection response receiving unit 109, the address arbitration control unit 104 transmits the address collection response to the address collection result notification unit 118. Further, the address arbitration control unit 104 merges the response result of the address collection request transmitted from the address collection request transmission unit 105 with the address collection response from the address collection result notification unit 118, and merges the address into the address arbitration unit 110. Send a collection response. The address arbitration control unit 104 receives the arbitration processing result from the address arbitration unit 110, and transmits the changed address range to the address change notification unit 116 when the address range is changed. Further, the address range is transmitted to the VPN connection request receiving unit 102 regardless of whether or not the address range is changed.

  When the address arbitration control unit 104 receives the address collection response of the address collection request, the address arbitration unit 110 does not include the address range read from the range management unit 101 in the received address collection request. The address range read from the range management unit 101 is determined as an address arbitration candidate. If present, it is not included in the address collection response of the address collection request from a predetermined usable range (for example, 10.0.1.0/24 to 10.255.255.0/24). A new range is set and determined as an address arbitration candidate. Here, the address arbitration unit 110 compares the priority stored in its own priority management unit 113 with the priority stored in the priority management unit 113 of the IP address management device 100 that newly performs VPN connection. Then, the arbitration process is performed based on the priority level. The address arbitration unit 110 stores the determined address arbitration candidate in the range management unit 101, transmits the address arbitration candidate to the address change unit 111, requests address change processing, and sends the address arbitration candidate to the address arbitration control unit 104 as a result. Return as. However, if there is no usable range, a response to the address arbitration control unit 104 is made.

  Specifically, the address mediation unit 110 transmits the determined address mediation candidate and the priority read from the priority management unit 113 to the address mediation candidate notification unit 114. When the address arbitration candidate received by the address arbitration candidate receiving unit 115 according to the address arbitration candidate notified to the other IP address management device 100 by the address arbitration candidate notifying unit 114 is different from the address arbitration candidate determined by itself Uses the address arbitration candidate determined by itself as an address arbitration result. If they match, the received priority is compared with the priority transmitted by itself. If the priority is low, a new address arbitration candidate other than the address collection result and the address arbitration candidate is determined. If the priorities are the same, an at-random priority is generated, and the address arbitration candidate notification unit 114 is requested again for processing.

  The priority management unit 113 stores priority levels for changing addresses. The priority is a numerical value indicating a degree of avoiding an address change when only the address range of any network that performs VPN connection is changed by address arbitration. The priority is assumed to be numerical information, for example, and in the present embodiment, it is assumed that the priority is higher as the numerical value is smaller. The priority level may be determined and stored in advance, or dynamically depending on the number of VPNs that are already connected to the VPN, the number of IP address managed devices 200 in the network, the number of years of contract for this service, and the like. You may make it change to.

When the address arbitration candidate and the priority are transmitted from the address arbitration unit 110, the address arbitration candidate notification unit 114 transmits an address arbitration candidate notification to the IP address management apparatus 100 that is a connection destination of a new VPN.
In response to the address arbitration candidate notification transmitted by the address arbitration candidate notifying unit 114, the address arbitration candidate receiving unit 115 sends an address collection response transmitted from the IP address management device 100 to which a new VPN is connected as an address arbitration unit 110.

The address change notification unit 116 receives the changed address range from the address arbitration control unit 104, and notifies the changed address range with the VPN connection destination address already connected by VPN as the destination.
The address change receiving unit 117 receives the notification of the changed address range transmitted from the address change notifying unit 116 of the IP address management apparatus 100 already connected by VPN, and transmits the notification to the address arbitration control unit 104.

The address collection result notifying unit 118 adds 1 to the number of hops included in the address collection response to the address collection request received by the address arbitration control unit 104, and newly connects the result of the number of hops less than 2 to the VPN. It transmits to the address collection result receiving unit 119 of the scheduled IP address management device 100. At this time, the address collection result notification unit 118 does not add its own address range to the address collection response.
The address collection result receiving unit 119 receives an address collection response to the address collection request from the address collection result notifying unit 118 of the IP address management apparatus 100 newly connected to the VPN.

Next, an operation example of the IP address management device 100 according to the present embodiment will be described. 22 to 29 are diagrams illustrating an example of the operation of the address management process performed by the IP address management apparatus 100 according to the present embodiment. As in the first embodiment, as a premise, as shown in FIG. 9, the IP address management device 100-1 and the IP address management device 100-3 are already VPN-connected, and the IP address management device 100- It is assumed that the VPN connection destination management unit 103 of “1” already stores “xx.x.x”, which is the VPN connection destination address. Similarly, the IP address management device 100-3 and the IP address management device 100-4 are already connected by VPN, and the VPN connection destination management unit 103 of the IP address management device 100-3 already has a VPN connection destination address. It is assumed that “AAAA” and “yAy” are stored. The IP address management device 100-1 and the IP address management device 100-2 are not VPN-connected, and an example in which the IP address management device 100-1 and the IP address management device 100-2 newly make a VPN connection will be described. To do.
First, in FIG. 22, the VPN connection request receiving unit 102 of the IP address management device 100-2 receives a VPN connection request with the VPN connection destination address “AAAA” (step SB1). The VPN connection request receiving unit 102 requests the address arbitration control unit 104 to generate an address collection request (step SB2). When the address arbitration control unit 104 generates an address collection request with 2 hops (step SB3), the address collection request transmission unit 105 reads the VPN connection destination address from the VPN connection destination management unit 103 (step SB4). However, since the VPN connection destination address is not stored in the VPN connection destination management unit 103 here, the address collection request transmission unit 105 does not transmit the address collection request.

  On the other hand, the VPN connection request receiving unit 102 of the IP address management device 100-1 receives a VPN connection request with the VPN connection destination address “BBBB” (step SA1). The VPN connection request receiving unit 102 requests the address arbitration control unit 104 to generate an address collection request (step SA2). When the address arbitration control unit 104 generates an address collection request with a hop count of 2 (step SA3), the address collection request transmission unit 105 receives the VPN connection destination address (xx.x.x.) from the VPN connection destination management unit 103. x) is read (step SA4). The address collection request transmission unit 105 transmits an address collection request with the read VPN connection destination address as a destination (step SA5). The IP address management device 100-3 that has received the address collection request transmitted from the IP address management device 100-1 performs the same processing as in steps S7 to S10 described in the first embodiment, and the number of hops. Is calculated to obtain the destination address of the address collection request, and the address collection request is transmitted to the IP address management device 100-4 (step SA6). When the address collection request receiving unit 106 of the IP address management apparatus 100-4 receives the address collection request transmitted from the IP address management apparatus 100-3, the process proceeds from step S11 to step S14 described in the first embodiment. The address collection response is generated by performing the same process as described above and transmitted to the IP address management device 100-3 (step SA7). The IP address management device 100-3 performs processing similar to that in steps S15 to S18 described in the first embodiment, and transmits the same together with its own response to the IP address management device 100-1 (step SA8).

  Proceeding to FIG. 23, the address collection request transmission unit 105 of the IP address management device 100-2 transmits a result indicating that there is no connection destination already connected to the VPN to the address arbitration control unit 104 (step SB5). The address arbitration control unit 104 transmits the result transmitted from the address collection request transmission unit 105 to the address collection result notification unit 118 (step SB6). On the other hand, the address collection response receiving unit 109 of the IP address management device 100-1 receives the address collection response transmitted from the IP address management device 100-4 and transmits it to the address collection request transmission unit 105 (step SA9). . The address collection request transmission unit 105 transmits an address collection response to the address arbitration control unit 104 (step SA10), and the address arbitration control unit 104 transmits to the address collection result notification unit 118 (step SA11).

  Proceeding to FIG. 24, the address collection result notifying unit 118 of the IP address management apparatus 100-2 transmits a result indicating that there is no data in the address collection response of the address collection request to the IP address management apparatus 100-1. (Step SB7). Further, upon receiving the notification of the address collection result transmitted from the IP address management device 100-1, the address collection result receiving unit 119 transmits it to the address arbitration control unit 104 (step SB8). The address arbitration control unit 104 transmits the address collection result notification transmitted from the address collection result receiving unit 119 to the address arbitration unit 110 (step SB9).

  On the other hand, the address collection result notifying unit 118 of the IP address management device 100-1 transmits the result of address collection to the IP address management device 100-2 (step SA12). The address collection result receiving unit 119 receives the address collection result transmitted from the IP address management device 100-2 and transmits it to the address arbitration control unit 104 (step SA13). The address arbitration control unit 104 merges the address collection response collected by itself and the address collection response received by the address collection result receiving unit 119, and transmits the merged address to the address arbitration unit 110 (step SA14).

Proceeding to FIG. 25, the address arbitration unit 110 of the IP address management device 100-2 transmits the address arbitration candidate and the priority stored in the priority management unit 113 to the address arbitration candidate notification unit 114 (step SB10). . The address arbitration candidate notification unit 114 transmits the address arbitration candidate and its own priority to the IP address management device 100-1 (step SB11).
Similarly, the address mediation unit 110 of the IP address management device 100-1 transmits the address mediation candidate and the priority stored in the priority management unit 113 to the address mediation candidate notification unit 114 (step SA15). The address arbitration candidate notification unit 114 transmits the address arbitration candidate and its own priority to the IP address management device 100-2 (step SA16).

  Referring to FIG. 26, when the address arbitration candidate receiving unit 115 of the IP address management device 100-2 transmits the address arbitration candidate and the priority transmitted from the IP address management device 100-1 to the address arbitration unit 110 (step SB12). The address arbitration unit 110 compares address arbitration candidates and priorities. Since the address arbitration candidates match, the priorities are compared. Here, since the priority of the IP address management device 100-2 is high, the address arbitration unit 110 determines not to change the address range, and transmits the arbitration result to the address arbitration control unit 104 (steps SB13 and SB14).

On the other hand, when the address arbitration candidate receiving unit 115 of the IP address management device 100-1 transmits the address arbitration candidate and the priority transmitted from the IP address management device 100-2 to the address arbitration unit 110 (step SA17), the address The arbitration unit 110 compares address arbitration candidates and priorities. Since the address arbitration candidates match, the priorities are compared. Here, since the priority of the IP address management device 100-1 is low, the address arbitration unit 110 determines to change the address range, and sets a non-overlapping address range (for example, 10.0.4.4.0 / 24). The address change unit 111, the priority management unit 113, and the address arbitration control unit 104 are notified (steps SA18, 19, and 20).
Referring to FIG. 27, the address arbitration control unit 104 transmits an address range change notification to the address change notification unit 116 (step SA21). The address change notification unit 116 transmits the received change notification to the IP address management device 100-3 (step SA22).

Referring to FIG. 28, when the address arbitration control unit 104 of the IP address management device 100-2 notifies the VPN connection request receiving unit 102 of its own address range (step SB15), the VPN connection request receiving unit 102 receives the VPN connection. The destination address is stored in the VPN connection destination management unit 103 (step SB16). Further, the VPN connection request receiving unit 102 transmits a VPN connection request to the VPN connection unit 112 (step SB17).
On the other hand, when the address arbitration control unit 104 of the IP address management device 100-1 notifies the VPN connection request receiving unit 102 of the changed address range (step SA23), the VPN connection request receiving unit 102 receives the VPN connection. The destination address is stored in the VPN connection destination management unit 103 (step SA24). In addition, the VPN connection request receiving unit 102 transmits a VPN connection request to the VPN connection unit 112 (step SA25).
FIG. 29 is a sequence diagram illustrating processing between the IP address management devices 100 in the arbitration processing of the present embodiment. The details of each process are as described above, and it can be seen that the number of communications is reduced as compared with the sequence diagram of the first embodiment.

  As described above, in the communication system 1 according to the present embodiment, an available address is found not for the entire network but for a part of the network. That is, in an arbitrarily complex interconnected IP network, when the number of terminals that can communicate from a terminal or a set thereof is limited, the same IP address space can be reused by focusing on the network portion rather than the entire network. By utilizing the existence of partial decomposition, an IP address that can be set for a terminal or a set thereof is obtained when connected to a network. As a result, for example, when providing a VPN service for general users, an overlapping address space can be allocated in order to determine a newly usable address space from the VPN connection topology and the already allocated address space. There is no upper limit to the number of address spaces that can be allocated.

  In addition, the program for realizing the function of the processing unit in the present invention is recorded on a computer-readable recording medium, and the program recorded on the recording medium is read into the computer system and executed, thereby executing address arbitration processing. May be performed. Here, the “computer system” includes an OS and hardware such as peripheral devices. The “computer system” includes a WWW system having a homepage providing environment (or display environment). The “computer-readable recording medium” refers to a storage device such as a flexible medium, a magneto-optical disk, a portable medium such as a ROM and a CD-ROM, and a hard disk incorporated in a computer system. Further, the “computer-readable recording medium” refers to a volatile memory (RAM) in a computer system that becomes a server or a client when a program is transmitted via a network such as the Internet or a communication line such as a telephone line. In addition, those holding programs for a certain period of time are also included.

  The program may be transmitted from a computer system storing the program in a storage device or the like to another computer system via a transmission medium or by a transmission wave in the transmission medium. Here, the “transmission medium” for transmitting the program refers to a medium having a function of transmitting information, such as a network (communication network) such as the Internet or a communication line (communication line) such as a telephone line. The program may be for realizing a part of the functions described above. Furthermore, what can implement | achieve the function mentioned above in combination with the program already recorded on the computer system, and what is called a difference file (difference program) may be sufficient.

DESCRIPTION OF SYMBOLS 1 Communication system 100 IP address management apparatus 101 Range management part 102 VPN connection request reception part 103 VPN connection destination management part 104 Address arbitration control part 105 Address collection request transmission part 106 Address collection request reception part 107 Address recollection control part 108 Address collection Response transmission unit 109 Address collection response reception unit 110 Address arbitration unit 111 Address change unit 112 VPN connection unit 113 Priority management unit 114 Address arbitration candidate notification unit 115 Address arbitration candidate reception unit 116 Address change notification unit 117 Address change reception unit 118 Address Collection result notification unit 119 Address collection result reception unit 150 VPN termination device 200 IP address managed device 300 Center server 301 Address collection request reception unit 302 Address collection request transmission unit 3 03 Address collection response receiver 304 Address collection response transmitter

Claims (7)

The first address management device in a communication system including a plurality of address management devices for managing addresses to be assigned to address managed devices constituting a network connected under control,
A grant address storage unit that stores a first grant address to be given to the address managed device connected under its control;
A second assigned address stored in the assigned address storage unit included in the second address management device in a second network connected to the first network under its control among the plurality of address management devices; The third assigned address stored in the assigned address storage unit included in the third address management device in the third network connected to the second network and the own assigned address storage unit An address arbitration unit that performs arbitration so as not to overlap the stored first assigned address;
An address management device comprising: A VPN connection unit that performs a VPN connection between the first network and the second network after the address arbitration unit performs arbitration of the assigned address;
The address management apparatus according to claim 1, further comprising: A grant address acquisition unit for receiving the second grant address and the third grant address from the second address management device and the third address management device;
The address arbitration unit compares the second grant address and the third grant address received by the grant address acquisition unit with the first grant address stored in the grant address storage unit of itself. If the given addresses match, the arbitration is performed by changing the first given address to a given address that does not match the second given address and the third given address and storing it in the given address storage unit. The address management device according to claim 1 or 2, wherein: When the address arbitration unit arbitrates the assigned address, the address arbitration unit transmits an arbitration completion notification to the second address management device, and sends the other address management device to the assigned address acquisition unit of the second address management device. The address management apparatus according to claim 3, wherein a process for receiving an assigned address is performed. A priority storage unit that stores high and low priority to change the address,
The address arbitration unit, when the second grant address and the first grant address match, the priority stored in the priority storage unit of the address arbitration unit and the priority of the second address management device The address management device according to claim 3, wherein the address management device compares the priority stored in the degree storage unit and arbitrates based on the level of the priority. An address management unit that manages an address to be assigned to an address managed device that configures a network connected to a subordinate and stores a first grant address to be given to the address managed device connected to the subordinate; An address management method of the first address management device in a communication system comprising a plurality of address management devices comprising:
A second assigned address stored in the assigned address storage unit included in the second address management device in a second network connected to the first network under its control among the plurality of address management devices; A third assigned address stored in the assigned address storage unit included in the address management device in the third network connected to the second network, and stored in the assigned address storage unit of itself. An address management method comprising: arbitrating so that the first assigned address does not overlap. An address management unit that manages an address to be assigned to an address managed device that configures a network connected to a subordinate and stores a first grant address to be given to the address managed device connected to the subordinate; A computer of the first address management device in a communication system comprising a plurality of address management devices,
A second assigned address stored in the assigned address storage unit included in the second address management device in a second network connected to the first network under its control among the plurality of address management devices; A third assigned address stored in the assigned address storage unit included in the address management device in the third network connected to the second network, and stored in the assigned address storage unit of itself. An address management program that executes a step of arbitrating so that the first assigned address does not overlap.

Images