JP2021027411A - Path controller, communication system, and path control method - Google Patents

Abstract

To enable a user movable in a facility to use a specific network resource in a local network even when the user is at any location in the facility.SOLUTION: A path controller to be used by a user includes: a first communication unit for connecting with a first network provided for each area; a second communication unit for providing a second network with which a terminal device used by the user can connect; a detection unit for detecting information on the first network with which the first communication unit connects; a determination unit that on the basis of the information on the first network, determines path control information to be applied to the first network with which the first communication unit connects; and a path control unit that performs path control between the first network and the second network according to the path control information.SELECTED DRAWING: Figure 5

Description

The present invention relates to a route control device, a communication system, and a route control method.

In a general intranet environment or the like, in order to use the network resources (for example, printer, server, Internet connection, etc.) included in the intranet environment, it is necessary for the network administrator to manage the user account in advance.

Further, in order to facilitate the setting of making a specific network resource in the local network available to the guest terminal, a technique of using an open flow switch provided in the local network by using a communication control device is known. (See, for example, Patent Document 1).

By the technique disclosed in Patent Document 1, the network resources available to guest users (hereinafter referred to as users) who use the local network can be easily controlled by using the open flow switch provided in the local network. You will be able to do it. However, this method has a problem that the user can use a specific network resource in the local network only in the area where, for example, a wireless access point equipped with an open flow switch is installed.

Therefore, in the conventional technique as shown in Patent Document 1, for example, a specific network resource in a local network can be used anywhere in a facility for a user who can move in a large facility such as a hospital, a school, or a company. It was difficult to make it available.

One embodiment of the present invention has been made in view of the above problems so that a user who can move within the facility can use a specific network resource in the local network anywhere in the facility. Make it easy to do.

In order to solve the above problems, the route control device according to the embodiment of the present invention is a route control device used by a user, and is a first route connected to a first network provided for each area. Detects information on the communication unit, a second communication unit that provides a second network to which the terminal device used by the user can be connected, and the first network to which the first communication unit is connected. A determination unit that determines the route control information applied to the first network to which the first communication unit is connected based on the information of the detection unit and the first network, and the route control information. According to this, it has a route control unit that controls a route between the first network and the second network.

According to one embodiment of the present invention, it becomes easy for a user who can move within the facility to use a specific network resource in the local network anywhere in the facility.

It is a figure (1) which shows the example of the system configuration of the communication system which concerns on one Embodiment. It is a figure (2) which shows the example of the system configuration of the communication system which concerns on one Embodiment. It is a figure which shows the example of the hardware composition of the route control apparatus which concerns on one Embodiment. It is a figure which shows the example of the hardware configuration of the computer which concerns on one Embodiment. It is a figure which shows the example of the functional structure of the route control device which concerns on 1st Embodiment. It is a figure which shows a specific example of the determination part and the route control part which concerns on 1st Embodiment. It is a figure which shows the image of an example of the information managed by the route control device which concerns on 1st Embodiment. It is a figure which shows an example of the setting screen which concerns on 1st Embodiment. It is a flowchart which shows the example of the processing of the route control apparatus which concerns on 1st Embodiment. It is a flowchart which shows the example of the determination process of the flow table which concerns on 1st Embodiment. It is a figure which shows the example of the functional structure of the communication system which concerns on 2nd Embodiment. It is a flowchart which shows the example of the determination process of the flow table which concerns on 2nd Embodiment.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
<System configuration>
FIG. 1 is a diagram (1) showing an example of a system configuration of a communication system according to an embodiment. In the local network provided in each area, the communication system 100 uses, for example, a route control device 101 used by a user 103 who visits from outside the organization to provide a user network 104 that can be used by the user 103. It is a system to provide. In the example of FIG. 1, the local network in the organization includes an in-house network 10 and a conference room network 110 as an explanatory example.

The in-house network 10 is, for example, a local network commonly provided to each base in the company, and in the example of FIG. 1, it is connected to an external network such as the Internet 1 via a relay device 21 such as a firewall. Has been done. Further, in the example of FIG. 1, as an example, an information terminal 31 such as a PC (Personal Computer) used by an employee or the like, various servers 32 or the like are connected to the in-house network 10.

The conference room network 110 is, for example, a local network provided for each base in the company, and in the example of FIG. 1, it is connected to the in-house network 10 via a relay device 21 such as a firewall. Further, in the example of FIG. 1, as an example, electronic devices such as a printer 121 and an electronic blackboard 122, and various servers 131 and the like are connected to the conference room network 110. The electronic blackboard 122 is a whiteboard having an electronic blackboard function capable of mutual communication, and is also called an IWB (Interactive White Board) or the like.

In FIG. 1, the device connected to the local network (in-house network 10 and the conference room network 110) in the organization is an example, and may be various other devices having a network communication function. For example, the device connected to the local network in the organization may be a display device such as a PJ (Projector: projector), an output device such as a digital signage, or a HUD (Head Up Display) device. Further, the device connected to the local network in the organization may be, for example, an industrial machine, an imaging device, a sound collecting device, a medical device, a network home appliance, or the like. Further, the devices connected to the local network in the organization may be notebook PCs, mobile phones, smartphones, tablet terminals, game machines, PDAs (Personal Digital Assistants), digital cameras, wearable PCs, desktop PCs and the like.

The route control device 101 is a portable communication device used by the user 103, and can be connected to the in-house network 10, the conference room network 110, or the like by, for example, a wired / wireless LAN (Local Area Network) or the like. It is assumed that it is preset in.

Further, when the route control device 101 is connected to the conference room network 110, for example, the user 103 provides the user network 104 that can be used by the user 103 using an information terminal such as a smartphone 102a or a notebook PC 102b. For example, the route control device 101 has a function of a wireless LAN access point, and an information terminal such as a smartphone 102a or a notebook PC 102b possessed by the user 103 can connect to a user network 104 by wireless LAN communication. provide.

Further, the route control device 101 manages a resource list of the conference room, which indicates whether or not each network resource connected to the conference room network 110 is available from the user network 104. The route control device 101 controls the route between the conference room network (an example of the first network) 110 and the user network (second network) 104 based on the resource list of the conference room.

As an example, in the resource list of the conference room, for example, a network resource (for example, a printer 121, an electronic blackboard 122, etc.) that is permitted to be used by a user 103 visiting from outside the company is used as a available network resource 120. It is registered. Further, in the resource list of the conference room, for example, a network resource (for example, server 131) whose use is restricted by a user 103 who has visited from outside the company is registered as a network resource 130 whose usage is restricted.

In this case, the route control device 101 controls the route between the conference room network 110 and the user network 104 so that the available network resource 120 can be used from the user network 104. Further, the route control device 101 controls the route between the conference room network 110 and the user network 104 so that the network resource 130 whose use is restricted cannot be used from the user network 104.

The route control device 101 according to the present embodiment is configured to be portable as described above, and can be connected to the in-house network 10 as shown in FIG. 2, for example. Preferably, the route control device 101 is housed in a housing as large as a general mobile router.

FIG. 2 is a diagram (2) showing an example of the system configuration of the communication system according to the embodiment. When the route control device 101 is connected to the in-house network 10, for example, the user 103 provides the user network 104 that can be used by the user 103 using an information terminal such as a smartphone 102a or a notebook PC 102b.

Further, the route control device 101 further manages a common resource list indicating whether or not each network resource connected to the in-house network 10 is available from the user network 104. The route control device 101 controls the route between the in-house network (an example of the first network) 10 and the user network 104 based on this common resource list.

As an example, in the common resource list, for example, a network resource (for example, a connection to the Internet 1) that is permitted to be used by a user 103 visiting from outside the company is registered as a usable network resource 20. ing. Further, in the common resource list, for example, a network resource (for example, an information terminal 31, a server 32, etc.) whose use is to be restricted by a user 103 who has visited from outside the company is registered as a network resource 130 to be restricted. ..

In this case, the route control device 101 controls the route between the in-house network 10 and the user network 104 so that the available network resource 20 can be used from the user network 104. Further, the route control device 101 controls the route between the in-house network 10 and the user network 104 so that the network resource 30 whose use is restricted cannot be used from the user network 104.

With the above configuration, for example, a person in charge of a company lends a route control device 101 to a user 103 who visits from outside the company, so that the user 103 can use a specific network in the local area anywhere in the company. Resources can be made available.

The facilities that can use the route control device 101 are not limited to companies, but are various facilities such as educational facilities such as schools, medical facilities such as hospitals, accommodation facilities such as hotels, nursing care facilities, and leisure facilities. Good.

Further, the in-house network 10 and the conference room network 110 are examples of local networks (first networks) provided for each area in the organization. Further, the local network provided for each area in the facility may be one or more arbitrary number of local networks.

<Hardware configuration>
Subsequently, the hardware configuration of each device included in the communication system 100 will be described.

(Hardware configuration of route control device)
FIG. 3 is a diagram showing an example of the hardware configuration of the route control device according to the embodiment. The route control device 101 has a general computer configuration, for example, a CPU (Central Processing Unit) 301, a memory 302, a storage device 303, a network I / F (Interface) 304, a display device 305, and an input device. It has a 306, a wireless access point (hereinafter referred to as a wireless AP) 307, a bus 309, and the like.

Further, the route control device 101 may have a switch 308 such as an OpenFlow switch configured by hardware.

The CPU 301 is, for example, an arithmetic unit that controls various functions realized by the route control device 101 by executing a program stored in the storage device 303 or the memory 302. The memory 302 includes a RAM (Random Access Memory), which is a volatile memory used as a work area of the CPU 301, a ROM (Read Only Memory), which is a non-volatile memory in which a startup program is stored in advance, and the like. ..

The storage device 303 is a non-volatile large-capacity storage device that stores programs such as an OS (Operating System) and applications, various data, and the like. For example, HDD (Hard Disk Drive) and SSD (Solid State Drive). It is realized by such as.

The network I / F 304 is a wired / wireless LAN interface or the like for connecting the route control device 101 to a local network such as an in-house network 10 or a conference room network 110.

The display device 305 is, for example, a display device such as an LCD (Liquid Crystal Display) or an LED (Light Emitting Diode). The input device 306 is an input device such as an operation button, a keyboard, and a touch panel. The route control device 101 does not have to have the display device 105 or the input device 306.

The wireless AP 307 is, for example, a wireless LAN access point that forms a user network 104 in wireless LAN communication. However, the wireless AP 307 may form the user network 104 by wireless communication other than wireless LAN communication such as wireless PAN (Personal Area Network) communication.

The bus 309 is commonly connected to each of the above components and transmits an address signal, a data signal, various control signals, and the like.

(Computer hardware configuration)
The servers 32, 131, the information terminal 31, the notebook PC 102b, and the like shown in FIG. 1 have, for example, the hardware configuration of the computer 400 as shown in FIG.

FIG. 4 is a diagram showing an example of a computer hardware configuration according to an embodiment. As shown in FIG. 4, for example, the computer 400 includes a CPU 401, a ROM 402, a RAM 403, an HD (Hard Disk) 404, an HDD (Hard Disk Drive) controller 405, a display 406, an external device connection I / F407, and a network I / F408. , Keyboard 409, pointing device 410, DVD-RW (Digital Versatile Disk Rewritable) drive 412, media I / F 414, bus line 415, and the like.

Of these, the CPU 401 controls the operation of the entire computer 400. The ROM 402 stores, for example, a program used for starting the CPU 401 such as an IPL (Initial Program Loader). The RAM 403 is used as a work area for the CPU 401. The HD204 stores various data such as programs. The HDD controller 405 controls reading or writing of various data to the HD404 according to the control of the CPU 401.

The display 406 displays various information such as cursors, menus, windows, characters, or images. The external device connection I / F 407 is an interface for connecting various external devices. The external device in this case includes, for example, a USB (Universal Serial Bus) memory, a printer, and the like. The network I / F408 is an interface for performing data communication using a communication network. The computer 400 may be provided with a plurality of network I / F 408.

The keyboard 409 is a kind of input means including a plurality of keys for inputting characters, numerical values, various instructions, and the like. The pointing device 410 is a kind of input means for selecting and executing various instructions, selecting a processing target, moving a cursor, and the like. The DVD-RW drive 412 controls reading or writing of various data to the DVD-RW411 as an example of the removable recording medium. The DVD-RW411 is not limited to the DVD-RW, and may be a DVD-R or the like. The media I / F414 controls reading or writing (storage) of data to the media 413 such as a flash memory. The bus line 415 includes an address bus, a data bus, various control signals, and the like for electrically connecting each of the above components.

[First Embodiment]
<Functional configuration>
Subsequently, the functional configuration of the route control device 101 according to the first embodiment will be described.

FIG. 5 is a diagram showing an example of the functional configuration of the route control device according to the first embodiment. The route control device 101 manages the first communication unit 501, the second communication unit 502, the detection unit 503, the determination unit 504, the route control unit 505, for example, by executing a predetermined program on the CPU 301 of FIG. A unit 506, a storage unit 507, a setting reception unit 508, and the like are realized. It should be noted that at least a part of each of the above functional configurations may be realized by hardware.

The first communication unit 501 connects the route control device 101 to the first network provided for each area by using, for example, the network I / F 304 of FIG. For example, the first communication unit 501 connects the route control device 101 to a local network (first network) such as the in-house network 10 and the conference room network 110 as shown in FIGS. 1 and 2, and other Communicate with network resources, etc.

The second communication unit 502 uses, for example, the wireless AP307 of FIG. 3 to provide a second network to which the terminal device used by the user 103 can be connected. For example, as shown in FIGS. 1 and 2, the second communication unit 502 connects the user network (second network) 104 to which information terminals such as the smartphone 102a and the notebook PC 102b possessed by the user 103 can be connected. , Provided by wireless LAN communication, etc.

The detection unit 503 executes a detection process for detecting information on the first network to which the first communication unit 501 is connected. For example, the detection unit 503 acquires a packet flowing through the first network to which the first communication unit 501 is connected, and detects, for example, a source IP address (an example of information on the first network).

The determination unit 504 determines the route control information applied to the first network to which the first communication unit 501 is connected, based on the information of the first network detected by the detection unit 503. For example, the determination unit 504 identifies the first network based on the source IP address detected by the detection unit 503, and determines the route control information applied to the first network.

The route control unit 505 is realized by, for example, a program executed by the CPU 301 of FIG. 3, a switch of FIG. 3, or the like. The route control unit 505 connects the first network to which the first communication unit 501 is connected and the second network provided by the second communication unit 502 according to the route control information determined by the determination unit 504. Control the route between them.

The management unit 506 manages a plurality of resource lists that store information on network resources available in the first network for each first network.

For example, the management unit 506 sets up a resource list for each area corresponding to each area in the facility (for example, area A resource list 512a, area B resource list 512b, area C resource list 512c, etc. in FIG. 5). , Stored in the storage unit 507 and managed. In the following description, when showing the resource list of any area among the area A resource list 512a, the area B resource list 512b, the area C resource list 512c, ..., "Resource list 512 for each area" Is used.

Preferably, the management unit 506 displays a common resource list (for example, the common resource list 511 in FIG. 5) in the facility (or in the organization) such as the in-house network 10 in FIGS. 1 and 2 in the storage unit 507. Remember and manage.

FIG. 7A shows an image of an example of the resource list (common resource list 511 and resource list 512 for each area) managed by the management unit 506. In the example of FIG. 7A, the resource list includes information such as "destination IP address", "availability", and "remarks" as items. The information of the "destination IP address" is the IP address of the destination network resource (for example, the printer 121, the electronic blackboard 122, the server 131, etc. in FIG. 1). The "availability" information is information indicating whether or not each network resource is available from the user network 104. The information in "Remarks" is supplementary information (for example, name, label, control number, etc.) for each network resource.

In the example of FIG. 7A, it is shown that the network resource (printer) whose destination IP address is "1.2.3.1" can be used from the user network 104. Further, it is shown that the network resource (server) whose destination IP address is "1.2.3.3" cannot be used from the user network 104.

The storage unit 507 is realized by, for example, a program executed by the CPU 301 of FIG. 3, a storage device 303, a memory 302, etc., and is managed by the management unit 506, such as a common resource list 511, a resource list 512 for each area, and the like. Memorize information.

The setting reception unit 508 receives, for example, settings such as registration and change of the resource list (common resource list 511 and resource list 512 for each area) by the administrator (or user) or the like.

The functional configuration of the route control device 101 shown in FIG. 5 is an example. For example, the management unit 506, the setting reception unit 508, and the like may be provided outside the route control device 101. Further, the function of the detection unit 503 may be included in the determination unit 504.

Further, the management unit 506 stores and manages the route control information applied to each first network in the storage unit 507 in addition to (or instead of) the resource list corresponding to each first network. Is also good. In this case, the determination unit 504 is applied to the first network to which the first communication unit 501 is connected from the route control information stored in the storage unit 507 based on the detection result by the detection unit 503. The route control information to be performed may be determined.

(About the decision unit and the route control unit)
FIG. 6 is a diagram showing a specific example of a determination unit and a route control unit according to the first embodiment. As a preferred example, the determination unit 504 is realized by the OpenFlow controller of OpenFlow®, and the route control unit 505 is realized by the OpenFlow switch.

The OpenFlow switch may be realized by hardware or may be realized by a program executed by CPU 301. On the other hand, the OpenFlow controller is realized by, for example, a program executed by the CPU 301.

OpenFlow is known as one of the technologies for realizing SDN (Software Defined Network) in which the configuration and functions of network devices are changed by software. In OpenFlow, the OpenFlow controller stores the route control information in one or more OpenFlow switches, so that the data transmission in the network device connected to the OpenFlow switches is route-controlled.

In the example of FIG. 6, the determination unit 504, which is an OpenFlow controller, sets the flow table 601, which is the determined route control information, to the route control unit 505, which is an OpenFlow switch. As a result, the route control unit 505, which is an OpenFlow switch, has the first network to which the first communication unit 501 is connected and the second network provided by the second communication unit 502 according to the set flow table 601. Control the route between.

FIG. 7B shows an image of an example of a flow table (route control information) 601 determined by the determination unit 504 and set in the route control unit 505.

The route control unit 505 creates, for example, a flow table 601 as shown in FIG. 7 (B) based on a resource list as shown in FIG. 7 (A). In the example of FIG. 8B, the flow table 601 includes "Match Field", "Instructions" and the like as items.

When the received packet satisfies the processing condition set in "Match Field", the route control unit 505 which is an OpenFlow switch executes the processing content set in "Instructions". For example, in FIG. 7B, “nw_dst = 12.33.4” of “Match Field” indicates that the destination IP address is “1.2.3.4”. In addition, "Output" of "Instructions" indicates that the received packet is output. On the other hand, "Drop" in "Instructions" indicates that the received packet is discarded.

Therefore, the route control unit 505 in which the flow table 601 as shown in FIG. 7B is set receives, for example, a packet having a destination IP address of "1.2.3.1" from the second network. Then, the received packet is transferred to the first network. On the other hand, when the route control unit 505 receives a packet having a destination IP address of "1.2.3.3" from, for example, the second network, the route control unit 505 discards the received packet.

In this way, the route control device 101 routes the packets transferred between the first network and the second network based on, for example, the resource list as shown in FIG. 7A. Can be done.

Preferably, the setting reception unit 508 of the route control device 101 displays the setting screen 800 as shown in FIG. 8 on an information terminal such as a smartphone 102a or a notebook PC 102b connected to the route control device 101. Can accept resource list settings.

FIG. 8 is a diagram showing an example of a setting screen according to the first embodiment. In the example of FIG. 8, on the setting screen 800, the setting field 810 of the current list and the newly added setting field 820 are displayed.

In the setting field 810 of the current resource list, for example, a list of network resources registered in the current resource list is displayed, and the administrator or the like edits the settings such as label 811, IP address 812, and availability 813. can do. In addition, the administrator or the like can delete the selected network resource from the current resource list by selecting the "Delete" button displayed on the delete 814.

The label 811, the IP address 812, and the availability 813 in FIG. 8 correspond to the “remarks”, the “destination IP address”, and the “availability” in FIG. 7 (A), respectively.

In addition, the administrator, etc. enters the settings such as label, IP address, availability, etc. in the newly added setting field 820, and selects the "Add" button displayed in Add 821 to add to the current resource list. , Network resources can be added.

<Processing flow>
Subsequently, the processing flow of the route control method executed by the route control device 101 according to the first embodiment will be described.

(Processing of route control device)
FIG. 9 is a flowchart showing an example of processing of the route control device according to the first embodiment. This process shows an example of the process executed when the route control device 101 is connected to the first network.

In step S901, the detection unit 503 of the route control device 101 acquires the information of the first network to which the first communication unit 501 is connected. For example, when the detection unit 503 connects to the first network, it senses the source address of the packet flowing through the first network for a predetermined time (for example, about 1 minute), and the probability is higher than the others. Get the IP address of the network group.

In step S902, the determination unit 504 of the route control device 101 determines whether or not a new first network has been detected based on the information of the first network acquired by the detection unit 503. For example, the determination unit 504 determines that a new first network has been detected when a new IP address is detected by the detection unit 503.

When a new first network is detected, the route control device 101 shifts the process to step S903. On the other hand, when the new first network is not detected, the route control device 101 executes the processes of steps S901 and S902 again.

When the process proceeds to step S903, the determination unit 504 of the route control device 101 determines the flow table (route information) applied to the newly detected first network. For example, the determination unit 504 determines the flow table (route information) applied to the first network by executing the flow table determination process described later in FIG. 10.

Further, as another example, the route control device 101 stores in advance the IP address of the first network included in the communication system 100 and the flow table corresponding to each IP address in the storage unit 507 or the like. It may be. In this case, the determination unit 504 is applied to the newly detected first network by acquiring the flow table corresponding to the first network IP address newly detected by the detection unit 503 from the storage unit 507. Flow table can be determined.

In step S904, the route control unit 505 of the route control device 101 executes the route control according to the flow table determined by the determination unit 504.

For example, the route control unit 505 executes the processing contents (Instructions) corresponding to the processing conditions for the packets satisfying the processing conditions (Match Field) defined in the flow table 601 determined by the determination unit 504.

(Flow table determination process)
FIG. 10 is a flowchart showing an example of a flow table determination process according to the first embodiment. This process shows, for example, an example of a flow table determination process executed by the determination unit 504 of the route control device 101 in step S903 of FIG.

In step S1001, the determination unit 504 acquires the resource list corresponding to the newly detected first network. For example, the determination unit 504 acquires a resource list corresponding to the IP address detected by the detection unit 503 from the common resource list 511 stored in the storage unit 507 and the resource list 512 for each area.

In step S1002, the determination unit 504 creates a flow table based on the acquired resource list. For example, when the determination unit 504 acquires the resource list as shown in FIG. 7 (A), the determination unit 504 creates the flow table 601 as shown in FIG. 8 (B).

Preferably, the determination unit 504 creates the flow table 601 by applying the common resource list 511 in addition to the resource list 512 for each area acquired in step S1001.

In step S1003, the determination unit 504 sets the created flow table 601 in the route control unit 505.

By each of the above processes, for example, as shown in FIG. 1, the user 103 uses the printer 121, the electronic blackboard 122, and the like of the conference room network 110 simply by connecting the route control device 101 to the conference room network 110. You will be able to do it. Further, when the flow table 601 is created by applying the common resource list 511 in step S1002, the user 103 can further use the available network resource 20 in the in-house network 10. become.

Further, for example, as shown in FIG. 2, the user 103 simply connects the route control device 101 to the in-house network 10, and the user 103 can use the available network resource 20 in the in-house network 10 (for example, a connection to the Internet 1). ) Will be available. In addition, the route control device 101 can limit the use of the available network resource 120 in the conference room network 110 by the user 103.

[Second Embodiment]
In the second embodiment, an example will be described in which the communication system 100 has a common resource list 511 and a management server 1100 that manages a resource list 512 for each area.

<Functional configuration>
FIG. 11 is a diagram showing an example of the functional configuration of the communication system according to the second embodiment. The communication system 100 according to the second embodiment has a management server 1100 capable of communicating with the route control device 101 via the first network 521.

The management server 1100 has, for example, the hardware configuration of the computer 400 as shown in FIG. Further, the management server 1100 realizes at least one of the flow table management unit 1101 and the resource list management unit 1102 by executing a predetermined program on the CPU 401 of FIG. 4, for example.

The resource list management unit 1102 manages the common resource list 511 applied to the communication system 100 and the resource list 512 for each area.

Further, the management unit 506 of the route control device 101 acquires the common resource list 511 and the resource list 512 for each area from the management server 1100 at a predetermined time interval or in response to a predetermined event, and stores the storage unit. Store in 507. The predetermined time interval may be any time interval such as, for example, 1 hour interval, 12 hour interval, 24 hour interval, and the like. Further, the predetermined event includes, for example, a case where a new first network is detected by the detection unit 503, a case where a notification indicating that the resource list has been updated is received from the management server 1100, and the like. obtain.

As a result, the administrator or the like updates the resource list of all the route control devices 101 included in the communication system 100 by simply updating the common resource list 511 managed by the management server 1100 and the resource list 512 for each area. You will be able to do it.

The flow table management unit 1101 stores the flow tables for each area corresponding to each area in the facility (for example, the area A flow table 1110a in FIG. 11, the area B flow table 1110b, ...) In the storage unit 507. And manage it. In the following description, when the flow table of any area is shown among the area A flow table 1110a, the area B flow table 1110b, ..., "Flow table 1110 for each area" is used.

Further, when the determination unit 504 creates the flow table 1110 for each area, the management unit 506 of the route control device 101 notifies the management server 1100 of the flow table 111 for each created area.

Further, the management unit 506 of the route control device 101 acquires the flow table 1110 for each area from the management server 1100 at a predetermined time interval or in response to a predetermined event, and stores it in the storage unit 507.

As a result, when the flow table 1110 for each area corresponding to the first network newly detected by the detection unit 503 is stored in the storage unit 507, the route control device 101 omits the flow table creation process. can do.

The management server 1100 is an example of an external device. The function of the management server 1100 may be, for example, possessed by any route control device 101 in the communication system 100, or may be possessed by a cloud service or the like outside the communication system 100.

<Processing flow>
FIG. 12 is a flowchart showing an example of a flow table determination process according to the second embodiment. This process shows another example of the flow table determination process executed by the determination unit 504 of the route control device 101 in step S903 of FIG.

In step S1201, the determination unit 504 acquires a valid flow table corresponding to the new first network detected by the detection unit 503 from the storage unit 507.

In step S1202, the determination unit 504 determines whether or not a valid flow table corresponding to the new first network detected by the detection unit 503 has been acquired.

If a valid flow table can be obtained, the determination unit 504 shifts the process to step S1203. On the other hand, if a valid flow table cannot be obtained, the determination unit 504 shifts the process to step S1204.

When the process proceeds to step S1203, the determination unit 504 sets the acquired flow table in the route control unit 505.

On the other hand, when the process proceeds from step S1202 to step S1204, the determination unit 504 acquires the resource list corresponding to the newly detected first network in the same manner as in the first embodiment.

In step S1205, the determination unit 504 creates a flow table based on the acquired resource list in the same manner as in the first embodiment.

In step S1206, the determination unit 504 sets the created flow table in the route control unit 505.

Thus, according to the second embodiment, it becomes easier for the user 103 who can move in the facility to use a specific network resource in the local network anywhere in the facility. ..

<Summary>
In the conventional technology, for example, in a large-scale facility such as a company, a hospital, or a school, a user network 104 that can be used by the user 103 in the entire area of the facility is provided to the user 103 who visits from the outside. It was difficult to do. For example, in order to provide a user network 104 that can be used by the user 103 in the entire area of the facility by using the technology disclosed in Patent Document 1, a facility such as a wireless access point equipped with an open flow switch is provided. It is necessary to install it in the entire area.

On the other hand, according to each embodiment of the present invention, for example, by lending the route control device 101 to the user 103 who visited from the outside, the user 103 can be used anywhere in the facility in the local network. Network resources will be available.

Further, according to each embodiment of the present invention, the network resources available to the user 103 can be easily managed according to the first network to which the route control device 101 used by the user 103 is connected. Can be done.

As described above, according to each embodiment of the present invention, it becomes easy for the user 103 who can move in the facility to use a specific network resource in the local network anywhere in the facility.

<Supplement>
Each function of each embodiment described above can be realized by one or more processing circuits. Here, the "processing circuit" in the present specification is a processor programmed to execute each function by software such as a processor implemented by an electronic circuit, or a processor designed to execute each function described above. It shall include devices such as ASIC (Application Specific Integrated Circuit), DSP (digital signal processor), FPGA (field programmable gate array) and conventional circuit modules.

10 Internal network (an example of the first network)
100 Communication system 101 Route control device 104 User network (second network)
110 Conference room network (an example of the first network)
501 1st communication unit 502 2nd communication unit 503 Detection unit 504 Determination unit 505 Route control unit 506 Management unit 507 Storage unit 508 Setting reception unit 511 Common resource list 512a Area A resource list 512b Area B resource list 513c Area C resource List 601 Flow table (Route control information)
800 Setting screen 1100 Management server (example of external device)

JP-A-2018-061217

Claims (10)

A route control device used by users
The first communication unit that connects to the first network provided for each area,
A second communication unit that provides a second network to which the terminal device used by the user can be connected, and
A detection unit that detects information on the first network to which the first communication unit is connected, and a detection unit.
A determination unit that determines route control information applied to the first network to which the first communication unit is connected based on the information of the first network, and a determination unit.
A route control unit that controls a route between the first network and the second network according to the route control information.
A route control device having. Each of the first networks has a management unit that manages a plurality of resource lists that store information on network resources that can be used in the first network.
The route control device according to claim 1, wherein the determination unit determines the route control information by using the detection result by the detection unit and the plurality of resource lists. The decision unit
Based on the detection result by the detection unit, the resource list corresponding to the first network to which the first communication unit is connected is specified from the plurality of resource lists.
The route control information is determined so that the available network resource stored in the specified resource list and the terminal device can communicate with each other.
The route control device according to claim 2. The route control device according to claim 2 or 3, wherein the management unit stores and manages the specified resource list or the determined route control information in an external device. The route control device according to any one of claims 2 to 4, wherein the management unit acquires the plurality of resource lists from an external device that manages the plurality of resource lists. The route control device according to any one of claims 2 to 5, wherein the management unit stores and manages the plurality of resource lists in a storage unit included in the route control device. The detection unit detects the source address of the packet from a plurality of packets acquired from the first network to which the first communication unit is connected.
The determination unit identifies the first network to which the first communication unit is connected based on the source address.
The route control device according to any one of claims 1 to 6. The route control device according to any one of claims 2 to 6, further comprising a setting receiving unit for displaying a setting screen for receiving the setting of the resource list on the terminal device. A communication system including a route control device used by a user.
The first communication unit that connects to the first network provided for each area,
A second communication unit that provides a second network to which the terminal device used by the user can be connected, and
A detection unit that detects information on the first network to which the first communication unit is connected, and a detection unit.
A determination unit that determines route control information applied to the first network to which the first communication unit is connected based on the information of the first network, and a determination unit.
A route control unit that controls a route between the first network and the second network according to the route control information.
A communication system that has. It is a route control method executed by the route control device used by the user.
The route control device
The process of connecting to the first network provided for each area by using the first communication unit included in the route control device, and
A process of providing a second network to which the terminal device used by the user can be connected by using the second communication unit included in the route control device.
A detection process for detecting information on the first network to which the first communication unit is connected, and
A process of determining the route control information applied to the first network to which the first communication unit is connected based on the information of the first network, and
A process of performing route control between the first network and the second network according to the route control information, and
A route control method that executes.

Images