JP2013038611A - Packet communication system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To transfer a packet transmitted from a user terminal to an appropriate service network within an IP network for storing multiple service networks.SOLUTION: A packet communication system for performing packet communication between a user terminal and a service network includes: a correspondence table generation storage device for generating a correspondence table that holds a transmission source ID, a destination ID, and service network position information by association; a contract information storage device for storing information of a service network contracted by a user; and a packet transfer device. The correspondence table generation storage device acquires service network identification information and position information from the contract information storage device and records the transmission source ID, the destination ID, and the position information by association. The packet transfer device acquires the position information of the corresponding service network from the correspondence table generation storage device when receiving a packet including the transmission source ID and the destination ID from the user terminal, and transfers the packet after adding a header with the position information as a destination.

Description

  The present invention relates to a technique for performing flexible and lightweight routing in a carrier IP network.

  The backbone network of the current carrier is composed of an IP (Internet Protocol) network, on which various service networks are accommodated to provide services to users. Therefore, in the carrier's IP network, it is necessary to provide IP connectivity between the user who uses the service and the service network where the service is provided. For example, the IP packet of a user who has contracted with an ISP (Internet Service Provider) is transferred to the ISP, or a user who has contracted a remote access service to a company base (hereinafter referred to as a VPN base) and the user It provides a function to transfer packets to and from the VPN base to which it belongs.

  In order to provide a connection function between a user and a service network, a technique for creating a virtual tunnel between each user and the service network is usually used via the carrier IP network. By using such a tunnel technology, it appears that the carrier's IP network is hidden from the user and is directly connected to the service network by IP. As a protocol for generating a tunnel, there are IPsec, L2TP, PPTP, and the like used when configuring a VPN. However, these protocols require state management for each tunnel of individual users, and there is a problem that they are not scaled in a large-scale network of carriers with tens of millions of users.

  On the other hand, LISP (Locator / ID Separation) has attracted attention as a new technology that can easily realize a carrier IP network (Non-patent Document 1). LISP separates the IP address (ID) assigned to a terminal and the Locator indicating the location (site) where the terminal is located, and sets the corresponding relationship appropriately, thereby seamlessly connecting the terminal and the site. It is a technology that realizes communication. There is a possibility that a carrier IP network can be realized by a network configuration in which a terminal is a user and a site is a service network.

"Locator / ID Separation Protocol (LISP)," IETF draft, draft-ietf-lisp-12 http://datatracker.ietf.org/doc/draft-ietf-lisp/?include_text=1 (Search June 8, 2011 )

  However, the conventionally proposed LISP has the following problems.

  First, in the Internet, the LISP separates the ID indicating the terminal itself and the Locator indicating the site where the terminal exists on the Internet, and realizes routing control in the Internet only by the Locator, thereby reducing the routing table in the Internet. Is a technology aimed at. For this reason, when obtaining a Locator indicating a site where the destination terminal exists from the destination ID, a method of obtaining the Locator using the ID indicating the destination terminal as a key is employed, as in normal IP routing. This method is applicable to the Internet, which is a single IP address space as a whole. However, even if the same private address exists in multiple sites like a VPN base in a remote access service, or even if the destination is an address on the Internet, it is necessary to communicate via an ISP with which the user contracts In a certain carrier IP network, the route changes according to the ISP contracted by the user, and therefore the locator indicating the site (= service network) is not necessarily uniquely determined from the ID of the destination terminal. Therefore, the conventional LISP cannot be applied as it is.

  In addition, since it is only necessary to provide IP reachability to all sites uniformly for all users on the Internet, LISP does not have a function for restricting access to a specific site. On the other hand, in the carrier IP network, the ISP contracted for each user, the VPN base to which the user belongs, etc. are different, and a function for restricting communication to the service network that is not contracted is necessary. Therefore, the conventional LISP is simply applied. I can't.

  The present invention has been made in view of the above points, and enables a packet transmitted from a user terminal to be transferred to an appropriate service network based on the contract information of the user in the carrier IP network. The purpose is to provide technology.

In order to solve the above problems, the present invention provides a packet communication system for performing packet communication between a user terminal of a user and a service network contracted by the user in an IP network accommodating a plurality of service networks. Because
A source ID that is an ID for identifying the user, a destination ID that is an ID of a terminal that is a communication partner of the user terminal, and position information that indicates a position of the service network on the IP network are associated with each other. A correspondence table generation and storage device for generating and storing a correspondence table to be retained;
A contract information storage device that stores information on a service network contracted by the user in association with the user name of the user;
A packet transfer device connected to the user terminal,
In response to receiving the correspondence table generation request including the user name of the user and the transmission source ID, the correspondence table generation storage device identifies the service network corresponding to the user name from the contract information storage device. Information and the location information of the service network are acquired, the source ID, the destination ID in the service network, and the location information of the service network are associated and recorded in the correspondence table,
When the packet transfer apparatus receives a packet including the transmission source ID and the destination ID from the user terminal, the packet transfer apparatus generates and stores the correspondence table location information corresponding to the transmission source ID and the destination ID. The packet communication system is configured to transfer the packet to the IP network by adding a header acquired from the apparatus and having the acquired location information as a destination.

  The packet communication system includes an ID assignment device that assigns the transmission source ID to the user terminal, and the user terminal transmits an ID assignment request to the ID assignment device and receives the ID assignment request. May be configured to assign the transmission source ID to the user terminal and to transmit the correspondence table generation request to the correspondence table generation and storage device.

  The ID assigning device may be a DHCP server, for example, and may assign an IP address to the user terminal as the transmission source ID.

  Further, the packet transfer apparatus holds the position information acquired from the correspondence table generation storage apparatus together with the transmission source ID and the destination ID in a storage unit, and after the reception of the packet, the same transmission as the packet is performed. When a packet having the original ID and the destination ID is received, the transfer may be performed using the position information held in the storage unit.

  Advantageous Effects of Invention According to the present invention, a technique is realized that enables a packet transmitted from a user terminal to be transferred to an appropriate service network based on user contract information in a carrier IP network.

It is a figure which shows the network structure in embodiment of this invention. It is a figure which shows the structure of a map table. It is a figure which shows the structure of the table of a DHCP server. It is a figure which shows the structure of a user contract information table. It is a block diagram of the router used as an edge router and a gateway router. It is a block diagram of a map server. It is a sequence diagram which shows the procedure which produces | generates a map table. It is a sequence diagram which shows the flow of the transfer of a packet.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

(Outline of the embodiment)
As will be described in detail later, in the present embodiment, in the map table that holds the correspondence between the terminal ID and the Locator, in addition to the ID of the destination terminal, some ID for identifying the user is added to the key, so that Even if the IDs (that is, the destination addresses) are the same, if the IDs assigned to the users are different, another Locator can be drawn. As a result, packets can be transferred to different service networks based on the user's contract information and the like. As an ID for identifying a user, for example, a terminal ID (IP address) assigned to a user terminal can be used.

  Moreover, since the setting of the map table is different for each user, there is a possibility that the trouble of generating the map table increases. On the other hand, by associating a DHCP (Dynamic Host Configuration Protocol) server that assigns an address to a user terminal with a user contract information server that holds user contract information and the like, a map table corresponding to the user contract information is linked. It is supposed to be set automatically.

  In this embodiment, a terminal ID assigned to a user terminal (specifically, an IP address used in the carrier network) is used as an ID for identifying a user. It is not limited.

(System configuration)
FIG. 1 shows a network configuration in the present embodiment. As shown in FIG. 1, the network according to the present embodiment includes two ISPs (ISP #A (2A) and ISP #B (2B)) and one VPN site as service networks in the carrier IP network 1. 3 and one CSP (Contents Service Provider) 4 are connected to each other via gateway routers 7 (GW1 to GW4). Each ISP (2A, 2B) is connected to the Internet 5.

  Further, the user terminal 11A of the user A and the user terminal 11B of the user B are connected via the edge router 6 (E1, E2), respectively. In the present embodiment, it is assumed that there are two users, user A and user B. It is assumed that user A is contracted with ISP # A as the Internet connection service and VPN # 1 as the connection destination of the remote access service, and user B is contracted only with ISP # B.

  The edge router 6 (E1, E2) and the gateway router 7 (GW1 to GW4) are connected to each other in the IP network 1 via a normal router 12 (R1 to R3). Further, the IP network 1 includes a map server 8 that creates and manages a correspondence table between IDs and Locators, a DHCP server 9 that assigns IP addresses to user terminals, and a user contract information server 10 that holds contract information for each user. Is connected. The map server 8, the DHCP server 9, and the user contract information server 10 can communicate with each other. The Locator in the present embodiment is, for example, an IP address. Locator is position information indicating the position of the service network on the IP network.

  Note that the map server 8, the DHCP server 9, and the user contract information server 10 may be called a correspondence table generation storage device, an ID assignment device, and a contract information storage device, respectively, because of their functions.

  Next, a configuration example of a table held by the map server 8, the DHCP server 9, and the user contract information server 10 will be described with reference to FIGS.

  FIG. 2 shows a map table 100 held by the map server 8. The map table 100 holds a correspondence relationship between a combination of a transmission source ID 101 that is an ID for identifying a user and a destination ID 102 and a locator 103 that indicates a service network through which the destination terminal is reached.

  FIG. 3 shows a DHCP server table 200 held by the DHCP server 9. The DHCP server 9 is a server that assigns an ID to a user terminal connected to the IP network 1. DHCP is a widely used protocol, and the configuration of the DHCP server table 200 shown here is the same as the table held by a general DHCP server. The DHCP server table 200 includes an ID 201 assigned to a user terminal, a user name 202 that is a character string that uniquely identifies a user of the user terminal to which the ID is assigned, and a locator 203 of an edge router to which the user terminal is connected. Hold. Each time an ID is assigned to a user terminal, these pieces of information are added line by line.

  FIG. 4 shows a user contract information table 300 held by the user contract information server 10. It is a table in which information on service networks (ISPs, VPN bases, etc.) contracted for each user is held. The user contract information table 300 includes a user name 301, a service network list 302 that is a list of service networks with which the user has contracted, and a list of Locators of GWs that are connected to the respective service networks with which the user has contracted. It is comprised from the Locator list 303 of GW. The user contract information table 300 is updated when a user adds or deletes a contract with the service network.

  A configuration example of the edge router 6 and the gateway router 7 will be described with reference to FIG. Since the edge router 6 and the gateway router 7 have basically the same configuration, FIG. 5 shows the configuration of the router 400 that can be used for either the edge router 6 or the gateway router 7. The router 400 may be called a packet transfer device.

  The router 400 holds a plurality of interfaces 401 connected to the network and a switch 403 that transfers to a transfer destination interface according to the destination of the packet, like a normal router. The interface 401 holds a forwarding table 402 that is a copy of the routing table. In addition, in the same way as a general router, it also holds a routing table 404 that holds path information obtained through routing protocols such as OSPF (Open Shortest Path First) and BGP (Border Gateway Protocol) with other routers. is there.

  On the other hand, the map cache 405 is held as a configuration unique to the technology according to the present invention. The map cache 405 is a cache table that temporarily holds the correspondence between the ID acquired from the map server 8 and the Locator. As will be described later, when transferring a packet, in order to obtain a Locator corresponding to the ID, it is necessary to inquire to the map server 8 that holds the correspondence between the two. Since it is often forwarded, it is inefficient to inquire the map server 8 every time one packet is forwarded. Since it is desirable to hold what has been inquired locally, a configuration is adopted in which the map cache 405 is held inside the router 400 (that is, the edge router 6 and the gateway router 7). Note that the map cache 405 is for temporarily storing the contents inquired to the map server 8, and therefore the configuration thereof is the same as that of the map table 100. As the contents of the table, the map server 8 holds all correspondences between the IDs and Locators of the entire network, whereas the map cache 405 holds only the contents inquired by the edge router 6 and the gateway router 7. , A subset of the map table 100 held by the map server 8.

  FIG. 6 shows a functional configuration diagram of the map server 8. As shown in FIG. 6, the map server 8 includes a map table storage unit 81, a contract information acquisition unit 82, a map table entry creation unit 83, and a map table search unit 84.

  The map table storage unit 81 is a storage unit such as a memory that stores the map table 100. The contract information acquisition unit 82 acquires the contract information from the user contract information server 10 by transmitting the contract information request to the user contract information server 10 in response to receiving the map generation request from the DHCP server 9. It is. The map table entry creating unit 83 is a functional unit that creates a map table entry using the contract information acquired by the contract information acquiring unit 82. The map table search unit 84 is a functional unit that searches the map table 100 in response to receiving a map resolution request from the edge router 6 or the gateway router 7 and returns a corresponding Locator.

  The map server 8 can be realized by causing a computer including a CPU, a memory, a communication device, and the like to execute a program corresponding to each functional unit. That is, the function of each part of the map server 8 executes a program corresponding to the process executed in each part using hardware resources such as a CPU and a memory built in the computer constituting the map server 8. Can be realized. In addition, the program can be recorded on a computer-readable recording medium and stored or distributed. It is also possible to provide the program through a network such as the Internet or electronic mail.

  The DHCP server 9 has a function of transmitting a map generation request to the map server 8 in addition to the function of a normal DHCP server. The user contract information server 10 receives the contract information request including the user name from the map server 8 and searches the user contract information table by the user name to acquire the contract information of the corresponding user and map the contract information reply. It has a function of returning to the server 8.

(System operation)
Hereinafter, the operation of the system having the above-described configuration will be described.

<Map table generation procedure>
First, the procedure until the map table 100 is generated in the map server 8 will be described with reference to FIG. Here, assuming that the user terminal 11A of the user A has connected to the IP network 1, a procedure for generating an entry in the map table of the user A will be described.

  First, when connecting to the IP network 1, the user terminal 11A transmits a DHCP request in order to request the IP network 1 to assign an ID (step S11). The DHCP request is transferred to the DHCP server 9 via the edge router E1. Here, it is assumed that the user name “user A” is included in the DHCP request.

  The DHCP server 9 assigns a as the ID for the user terminal 11A, assigns ID = a to the user A in the table 200 of the DHCP server 9, and records that the user terminal 11A is accommodated in the edge router E1. To do. In FIG. 3, the entry on the first line corresponds to this. Thereafter, the DHCP server 9 returns a DHCP reply to the user terminal 11A (step S12). Thus, a is assigned to the user terminal 11A as an ID.

  Next, the DHCP server 9 notifies the map server 8 that ID = a has been assigned to the user A (user terminal 11A), and transmits a map generation request for requesting generation of a map table (step S13). ). Upon receiving the map generation request, the map server 8 transmits a contract information request for requesting the user contract information server 10 to transmit a list of service networks with which the user A contracts (step S14).

  When the user contract information server 10 receives the contract information request, the user contract information server 10 refers to the user contract information table 300, and as a list of service networks (list of service network identification information) with which the user A is contracted (ISP # 1, VPN) (# 1) is acquired as a Locator list of gateways to which those service networks are connected (GW1, GW3) and returned as a contract information reply to the map server 8 (step S15).

  When the map server 8 receives the contract information reply, the map table entry creating unit 83 creates an entry in the map table 100 because information necessary for creating the map table 100 is obtained (step S16). Specifically, first, as an entry for realizing communication with ISP #A with which user A is contracted, transmission source ID = a, destination ID = any, Locator = GW1 are set (first line in FIG. 2). entry). Here, the destination ID = any means matching with any ID. In communication to the contracted ISP, communication is made to all destinations on the Internet in addition to the destination in the ISP. Therefore, in the map table, all communication having the same source ID and no entry corresponding to the destination ID is designated as the ISP. Need to be transferred to. Therefore, the destination ID = any is set in communication with the ISP.

  Next, transmission source ID = a, destination ID = d, and Locator = GW3 are set as entries for realizing communication with VPN # 1 with which user A contracts (entry on the second line in FIG. 2). Here, destination ID = d indicates a set of IDs used in VPN # 1. Generally, since a private address is used in the VPN base, d is set to a value indicating a private address space (for example, 10.0.0.0/8 indicates a private space in an IPv4 address). However, even if an ID other than the private address space is used, any ID can be set as long as the map server 8 holds the correspondence between the VPN base and the ID used in the VPN base in advance. Is possible.

  It is assumed that information indicating what destination ID is set for each service network is held in advance in the map server 8.

  Further, the map server 8 generates an entry of transmission source ID = any, destination ID = a, and Locator = E1 in order to transfer a packet addressed to the user terminal 11A from another gateway router 7 or edge router 6 ( Entry on the third line in FIG. 2).

<Packet transmission procedure>
Next, a procedure for transmitting a packet to a terminal whose destination ID (DID in FIG. 8) is on the Internet 5 by the user terminal 11A will be described with reference to FIG.

  First, the user terminal 11A sets its own ID a in the source address (SID in FIG. 8) of the IP header and x in the destination address (DID) as in the case of normal IP packet transfer. A packet is transmitted (step S21).

  The edge router E1 that has received the packet searches whether its locator address corresponding to the transmission source ID = a and the destination ID = x is stored in its map cache 405 (step S22). Here, the map server 8 is inquired on the assumption that the corresponding Locator in the cache is not stored. That is, the edge router E1 transmits a map resolution request including the transmission source ID = a and the destination ID = x to the map server 8 (step S23), and sets the Locator corresponding to the transmission source ID = a and the destination ID = x. Inquire.

  The map server 8 that has received the map resolution request searches the map table 100 with the transmission source ID = a and the destination ID = x by the map table search unit 84 (step S24). Here, there is no completely matching entry, but since the entry with the transmission source ID = a and the destination ID = any (the entry on the first line in FIG. 2) corresponds, GW1 is mapped as the corresponding Locator. As a reply, it is returned to the edge router E1 (step S25). If there is a corresponding entry other than the destination ID = any, the entry is given priority. For example, when the entry on the second line in FIG. 2 corresponds, GW3 is returned as the Locator.

  Since the corresponding Locator has been obtained, the edge router E1 records the correspondence relationship with the ID in the map cache 405. Here, transmission source ID = a, destination ID = any, and Locator = GW1 are recorded. After that, to the packet transmitted from the user terminal 11A, a header in which GW1 is set as the destination locator (DLloc in FIG. 8) and the locator of the edge router E1 itself is set as the source locator (SLoc in FIG. 8), Transmit (step S26).

  In the IP network 1, IP packets are transferred with reference to only the outer header given by the edge router E1. Here, transfer according to normal IP routing is performed. For example, the normal router 12 that is neither the edge router 6 nor the gateway router 7 is not aware of the ID of the user terminal, and performs the transfer process by referring only to the Locator described in the header given by the edge router 6. In addition, reachability to each Locator (GW1 etc.) in the IP network 1 shall be acquired through a normal routing protocol. These are held in a routing table held by the edge router 6, the gateway router 7, and the normal router 12.

  When the gateway router GW1 receives the transferred packet, the gateway router GW1 refers to the DLoc in the header of the packet and checks whether the packet is addressed to itself. Then, if it is a packet addressed to itself, the outer header is removed, and the packet is transmitted to the service network (in this case, ISP # 1) (step S27).

  Transfer of packets addressed to the user terminal 11A from the Internet (via ISP # 1) or VPN # 1 is performed in the same manner. When each gateway router 7 queries the map server 8 for the Locator addressed to the destination ID = a, the entry in the third row in FIG. 2 corresponds, and the locator = E1 is returned, so that the gateway router 7 sends an edge. The packet is transferred to the router E1. Further, the communication of the user terminal 11B in FIG. 1 is the same as the communication of the user terminal 11A.

(Effect of embodiment)
In a normal LISP, a Locator is acquired only from a destination ID. As described above, in this embodiment, an ID for identifying a user (in this embodiment, an ID assigned to a user terminal) is also used as a key. The packet transfer to the service network according to the user's contract status is realized.

  This makes it possible to transfer a packet to an appropriate service network within the carrier's IP network based on the user's contract information, which could not be realized by the conventional LISP. In addition, since the user's contract information is stored in the server, the map server entry is automatically generated when the user connects to the IP network, so the map table is generated manually. Saves time and effort.

  The present invention is not limited to the above-described embodiments, and various modifications and applications are possible within the scope of the claims.

1 IP network 2A, 2B ISP
3 VPN
4 CSP
5 Internet 6 Edge router 7 Gateway router 8 Map server 81 Map table storage unit 82 Contract information acquisition unit 83 Map table entry creation unit 84 Map table search unit 9 DHCP server 10 User contract information server 100 Map table 200 DHCP server table 300 User contract Information table 400 Router 401 Interface 402 Forwarding table 403 Switch 404 Routing table 405 Map cache

Claims (4)

A packet communication system for performing packet communication between a user terminal of a certain user and a service network contracted by the user in an IP network accommodating a plurality of service networks,
A source ID that is an ID for identifying the user, a destination ID that is an ID of a terminal that is a communication partner of the user terminal, and position information that indicates a position of the service network on the IP network are associated with each other. A correspondence table generation and storage device for generating and storing a correspondence table to be retained;
A contract information storage device that stores information on a service network contracted by the user in association with the user name of the user;
A packet transfer device connected to the user terminal,
In response to receiving the correspondence table generation request including the user name of the user and the transmission source ID, the correspondence table generation storage device identifies the service network corresponding to the user name from the contract information storage device. Information and the location information of the service network are acquired, the source ID, the destination ID in the service network, and the location information of the service network are associated and recorded in the correspondence table,
When the packet transfer apparatus receives a packet including the transmission source ID and the destination ID from the user terminal, the packet transfer apparatus generates and stores the correspondence table location information corresponding to the transmission source ID and the destination ID. A packet communication system, wherein the packet is transferred to the IP network by adding a header acquired from the device and having the acquired location information as a destination. The packet communication system includes an ID assigning device that assigns the transmission source ID to the user terminal,
The user terminal transmits an ID allocation request to the ID allocation device, and the ID allocation device that has received the ID allocation request allocates the transmission source ID to the user terminal and generates the correspondence table The packet communication system according to claim 1, wherein the correspondence table generation request is transmitted to a storage device.   The packet communication system according to claim 1 or 2, wherein the ID assignment device is a DHCP server, and assigns an IP address to the user terminal as the transmission source ID. The packet transfer device holds the location information acquired from the correspondence table generation storage device together with the transmission source ID and the destination ID in a storage unit, and after receiving the packet, the same transmission source ID as the packet 4. The packet communication system according to claim 1, wherein, when a packet having a destination ID is received, transfer is performed using the position information held in the storage unit. 5.

Images