JP3500087B2 - Packet communication method - Google Patents

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a communication for limiting a transmitting terminal and a receiving terminal, for example, a packet communication method applicable to multicast communication.

[0002]

2. Description of the Related Art In multicast communication, a receiving terminal requests a network to receive a packet addressed to a multicast address, a transmitting terminal sends a packet addressed to a multicast address to the network, and the network is transmitted. This is a communication method in which packets are duplicated for the number of receiving terminals that have made a reception request, and the duplicated packets are transferred to the receiving terminals.

In multicast communication, a plurality of receiving terminals can make a reception request to one multicast address, and a plurality of transmitting terminals can send packets to one multicast address. Therefore, it has the feature that it can communicate with many terminals at the same time. Further, when multicast communication is used, the transmitting terminal can transmit a packet to a plurality of receiving terminals by only transmitting one packet, so that the transmitting terminal does not need to duplicate the number of receiving terminals.
It has a feature that can reduce the load on the terminal.

[0004] Therefore, the multicast communication is a technology that can realize broadcasting, data delivery, and a conference system at low cost. However, in multicast communication,
Since a sending terminal can send a packet to a large number of terminals at the same time by sending a single packet addressed to a multicast address, a malicious terminal sends a large number of packets to the multicast address, which causes a large number of packets on the network. It is possible to cause the packet to exist and cause congestion, and in order to prevent this, it is necessary to limit the terminals that can send the packet addressed to the multicast address.

Further, since the receiving terminal receives a multicast packet transfer from the network by making a reception request for a multicast address, a malicious terminal requests reception of a large number of multicast addresses.
It is possible to cause a network to copy a large number of packets and cause congestion, and in order to prevent this, it is necessary to limit the terminals that can receive packets destined for a multicast address.

In the conventional multicast communication, a forwarding node existing on the network controls the route of the multicast communication. That is, the receiving terminal makes a reception request to the forwarding node for the multicast address, and the forwarding node notifies other forwarding nodes in the network that the receiving terminal exists under its own forwarding node, and the forwarding is notified. The node creates a list of forwarding nodes that have a multicast address and a receiving terminal, and the forwarding node that receives the multicast packet refers to the list and forwards the multicast packet to the forwarding node that has the receiving terminal.

In the conventional multicast communication, the following two methods are conceivable as methods for limiting the transmitting terminal and the receiving terminal.

The first method is to set a list (permit list) of addresses of receivable terminals and addresses of receivable terminals for each multicast address communicated on the network in each forwarding node, and set the forwarding node to the forwarding node. Of the transmitted multicast packets, the forwarding node forwards only the multicast packet that confirmed that the destination address and the source address match the allow list, or the request address in the reception request from the receiving terminal to the forwarding node. Is a method in which the forwarding node accepts only a reception request that confirms that the request source terminal address matches the permission list.

Since the forwarding node may be involved in all multicast communication on the network, this method requires setting all permission lists in all forwarding nodes. Therefore, there is a problem that the load of the permission list setting process on the forwarding node is heavy, and the storage capacity required for holding the permission list of the forwarding node is large. For this reason, the first method can be applied only to a small network having a small number of permission lists and forwarding nodes.

A second method is to install a server holding an allow list (allow list server) on the network, and when a forwarding node receives a multicast packet or when it receives a request for receiving a multicast packet. Is analyzed, the inquiry is made to the allow list server, and only the packet matching the inquiry result is transferred, or the matching reception request is accepted.

According to this method, each transfer node does not need to hold the permission list, and the storage area of the transfer node is reduced. However, since the inquiry is made to the allow list server after the arrival of the multicast packet or the reception request, it takes time to process, the transfer delay of the multicast packet, and the frequent exchange of messages between the allow list server and the node. This increases the processing load on the forwarding node. Therefore, the second method can be applied only to a small-scale network with a small number of forwarding nodes.

[0012]

When the above-mentioned method is used, the transfer node requires a large storage capacity, or the communication processing load between the allow list server and the transfer node is high, so that it cannot be applied to a large-scale network. There was a problem.

According to the present invention, a server (communication control server) that grasps which terminal a transfer node accommodates and sets a packet transfer path between the transfer nodes concentrates on the declaration acceptance of the transceivable terminals. By doing so, the purpose is to eliminate the need for setting to all forwarding nodes. Further, the communication control server sets only the allowance list regarding the transmittable terminals that the transfer node accommodates in the transfer node, thereby reducing the storage area required for the transfer node and reducing the messages between the communication control server and the transfer node. The purpose is to do.

[0014]

In order to solve the above-mentioned problems, the present invention is such that, when a receiving terminal is restricted, a communication control client sends a transmission destination address (DA) to a communication control server. And a receiving terminal identifier that permits reception of a packet to which the terminal address is assigned as DA is declared. When this declaration is made, the communication control server creates and manages a set (reception permission list) of a terminal address to be DA and a reception terminal identifier permitted to receive a packet with the terminal address assigned as DA.

When the receiving terminal transmits to the communication control server a reception request composed of a combination of a DA requesting reception and its own terminal identifier, the reception request in the reception request received by the communication control server is requested. The combination of the DA and the requested terminal identifier matches with the combination of the terminal address of the DA included in the reception permission list and the reception terminal identifier that is permitted to receive the packet to which the terminal address is assigned as the DA. Only when the confirmation is confirmed, the communication control server sets the transfer route of the packet whose DA is the terminal address from the source node to the destination node.

On the other hand, if the combination of the terminal address to be the DA and the receiving terminal identifier permitted to receive the packet to which the terminal address is assigned as the DA included in the reception permission list does not match, or the communication control server If the reception permission list does not exist, the communication control server does not accept the reception request, and the transfer route from the source node to the destination node is not set, so that only the reception terminal that the communication control client has declared to the communication control server. , Enables reception of a packet to which a DA requesting reception is added. Here, the setting of the transfer route between the transfer nodes means, for example, setting the information of the transferable destination node in the transfer table managed by the transfer node for packet transfer.

In addition, when restricting the transmission terminal, the communication control client gives the communication control server a terminal address to be DA and a transmission terminal address to permit transmission of a packet with the terminal address assigned as DA. Declare the group. When this declaration is made, the communication control server creates a set (transmission permission list) of a terminal address to be DA and a transmission terminal address permitted to transmit a packet with the terminal address assigned as DA, and permits transmission. The transmission permission list is set in the source node accommodating the selected transmission terminal.

The sending terminal is a terminal address for which DA is permitted to the originating node, and the sending source address (SA: Source A
ddress) transmits a packet whose own terminal address is transmitted, and the originating node sends the DA of the received packet that matches the DA of the received packet and the SA of the packet containing the DA of the DA of the transmission allowed list. The packet is forwarded to the destination node only when it is confirmed that it matches the permitted terminal address, while the DA and SA of the received packet are transmitted.
If the pair of does not match the pair of the DA included in the transmission permission list and the terminal address permitted to transmit, or if the transmission permission list does not exist in the source node, the source node transmits the packet transmitted by the transmission terminal. By discarding, only the transmitting terminal permitted to transmit the packet to the terminal address declared by the communication control server to the communication control server can transmit the packet with the receiving terminal address assigned as DA to the receiving terminal.

The operation of the present invention is as follows. According to the present invention, by declaring a terminal capable of transmitting and receiving to an address to the communication control server, the communication control server accepts only a reception request from an authorized terminal, sets a route between the originating node and the destination node, and By setting the allow list in the source node that accommodates the permitted transmission terminals and transferring only the packets transmitted by the permitted transmission terminals by the source node, communication can be performed only between the permitted transmission and reception terminals. .

Further, in the present invention as described above, since the communication control server centrally manages the allowance list, each transfer node does not need to accept the reception approval, and the processing load of the transfer node can be reduced. You can

Further, since the communication control server, which keeps track of the terminals accommodated by the forwarding nodes, distributes only the permission list regarding the transmission terminals only to the forwarding nodes accommodating the transmission-permitted terminals, the permission regarding all the transmission terminals is granted. Compared to the method of distributing the list, the amount of allow list that the forwarding node needs to hold can be reduced, and the processing load required for the allow list transfer can be reduced and the storage capacity required by the transfer node can be reduced. be able to.

[0022]

BEST MODE FOR CARRYING OUT THE INVENTION First Embodiment FIG. 1 is a diagram for explaining the first embodiment of the present invention, in which a terminal is connected to a network in which a communication control server 140 exists, It shows a situation in which multicast communication is being performed. In the figure, 120 to 121 are transmitting terminals, of which 120 are the transmitting terminals that have been declared as transmissible terminals, 1
Reference numeral 21 is a transmission terminal that has not been declared. 130-1
Reference numeral 31 is a receiving terminal, of which 130 is a receiving terminal that has been declared as a receivable terminal, and 131 is a receiving terminal that has not been declared. Transfer nodes 101 to 104 are transfer nodes, of which transfer nodes 101 to 102 are source nodes that accommodate transmitting terminals, and transfer nodes 103 to 104 are destination nodes that accommodate receiving terminals. 110 is a communication control client. Reference numeral 140 is a communication control server, 141 is a transmission / reception permission report acceptance unit, which is an internal mechanism of the communication control server 140, and 142 is a reception request acceptance unit. Reference numeral 200 represents a notification of a terminal capable of transmitting and receiving from the communication control client 110 to the communication control server 140. Reference numeral 210 indicates registration of the allowance list to the originating node. Reference numeral 211 indicates setting information of a packet transfer route to the transfer node. 220 and 221 represent reception requests from the receiving terminals 130 and 131, respectively. 23
0, 231 represents a multicast packet.

The operation until the receiving terminal receives a packet will be described below as the first embodiment of the present invention with reference to FIGS. 1, 2 and 3. In FIG. 1, the communication control client 110 declares to the communication control server 140 a set of a multicast address and a receiving terminal identifier that permits reception of a packet with the multicast address assigned as DA. FIG. 2A shows a specific example of information to be declared. The communication control client 110 reports to the communication control server 140 one or more reception-permitted terminal identifiers for the multicast address. The communication control server 140 creates a list of reception terminal identifiers (reception permission list) that are permitted to receive a multicast address and a packet assigned with the multicast address as DA based on the declared information.

The operation up to this point is shown in the flow chart of FIG. In step S1, a declaration of a set of (reception terminal identifier capable of receiving a packet having address 1 and address 1 as DA) is accepted, and in response to this declaration, (packet having address 1 and address 1 as DA is received in step S2. (Reception terminal identifier capable of receiving) is created.

In this example, the receiving terminal 130 listed in the receiving permission list sends the receiving request 220 to the receiving request receiving unit 14
I'm going to 2. FIG. 2B shows a specific example of the reception request. Reception request reception unit 14 of communication control server 140
2 receives the reception request 220 from the reception terminal 130, analyzes the reception request 220, and the reception request multicast address and the reception request terminal identifier are the multicast address in the reception permission list and the packet to which the multicast address is added as DA. Since it matches the set of receiving terminal identifiers permitted to receive
0 is accepted, and transfer path setting information 2 to the receiving terminal 130 is received.
11 is set so that the receiving terminal 130 can receive the multicast packet 230.

On the other hand, the receiving terminal 131 not included in the receiving permission list sends the receiving request 221 to the receiving request receiving section 142.
Then, the reception request reception unit 142 analyzes the reception request 221, and the reception request multicast address and the reception terminal identifier do not match the reception permission list.
Is not accepted and the setting by the transfer route setting information 211 is not performed. Therefore, the multicast packet 232 is
It does not reach the receiving terminal 131.

The operation up to this point is shown in the flowchart of FIG. First, in step S10, a reception request is received. In step S11, it is checked whether or not the reception permission list exists. If not, the process proceeds to step S15 and the reception request is rejected. If there is a reception permit list, step S
12, it is checked whether the combination of (reception request address, reception request source terminal identifier) matches the reception permission list. If they do not match, the process proceeds to step S15 and the reception request is rejected. If they match, the reception request is accepted in step S13, and a transfer path is set between the originating and terminating transfer nodes in step S14. Then, it returns to step S10 and waits for another reception request.

As described above, according to the present embodiment, since the above-described operation is performed, only the declared specific terminal can receive the multicast packet. Further, since the present embodiment is configured as described above, the effect is to reduce the processing load required for setting the allow list, reducing the processing load required for transferring the allow list, as compared with the conventional method. It is possible to reduce the storage capacity required for the forwarding node, and it is possible to provide communication that limits the number of receiving terminals and that has scalability with respect to the network scale and communication scale.

[Second Embodiment] Next, a second embodiment of the present invention will be described with reference to the same FIG. Figure 1
A terminal is connected to the network in which the communication control server 140 is present, and a situation is shown in which multicast communication is performed. The description of the constituent elements in the figure is the same as in the first embodiment.

Hereinafter, with reference to FIGS. 1, 4, and 5, as a second embodiment of the present invention, an operation from a transmitting terminal transmitting a packet to a receiving terminal receiving the packet will be described. In FIG. 1, the communication control client 110 declares to the communication control server 140 a set of a multicast address and a transmission terminal address that permits transmission of a packet to which the multicast address is assigned as DA.

FIG. 4A shows a concrete example of information to be declared. The communication control client 110 reports to the communication control server 140 one or more transmission-permitted terminal addresses for the multicast address. Based on the declared information, the communication control server 140 creates a list (transmission permission list) of a set of a multicast address and a transmission terminal address that is permitted to transmit a packet to which the multicast address is assigned as DA, and transmits it. The transmission permission list is registered 210 in the transfer node 101, which is the source node that accommodates the transmission terminal 120 listed in the permission list.

The operation up to this point is shown in the flow chart of FIG. In step S20, the declaration of (address of transmission terminal capable of transmitting packet with address 1 and DA as address 1) is accepted. On the other hand, step S2
In step 1, a transmission permission list of (address 1, transmission terminal address capable of transmitting packet having DA as address 1) is created, and in step S22, the transmission permission list is registered in the transfer node accommodating the transmission terminal.

The transmission terminal 12 listed in the transmission permission list
0 transmits the multicast packet 230 to the forwarding node (source node) 101. FIG. 4B is a specific example of the multicast packet transmitted by the transmitting terminal. When the forwarding node 101 receives the multicast packet 230 from the sending terminal 120, the forwarding node 101 analyzes the multicast packet 230, and DA and SA check the multicast address of the transmission allowance list and the packet assigned with the multicast address as DA. Since it matches the combination with the transmission terminal address that permits transmission, the multicast packet 230 is transferred to the forwarding node (destination node) 1
Transfer to 03.

On the other hand, when the transmitting terminal 121 not listed in the transmission permission list transmits the multicast packet 231 to the forwarding node (source node) 102, the forwarding node 102
Discards the multicast packet 231 if the transmission permission list is not set, and analyzes the multicast packet 231 if the transmission permission list is set. Here, since the DA and SA do not match the set of the multicast address in the transmission permission list and the transmission terminal address that permits the transmission of the packet with the multicast address assigned as the DA, the forwarding node 102
Discards the multicast packet 231.

The operation up to this point is shown in the flow chart of FIG. In step S30, the transmission of the multicast packet is detected, and in step S31, it is checked whether or not there is a transmission permission list. If there is no transmission permission list, the process proceeds to step S34, and the multicast packet is discarded. If there is a transmission permission list, it is checked in step S32 whether the set of (destination address, source address) matches the transmission permission list, and if they do not match,
The process proceeds to step S34, and the multicast packet is discarded. Only when they match, the multicast packet is transferred in step S33.

As described above, according to this embodiment, since the above-described operation is performed, only the declared specific terminal can transmit the multicast packet to the receiving terminal. Further, since the present embodiment is configured as described above, the effect is to reduce the processing load required for setting the allow list, reducing the processing load required for transferring the allow list, as compared with the conventional method. It is possible to reduce the storage capacity required for the forwarding node, and it is possible to provide communication that is scalable to the network scale and communication scale and that limits the sending terminals.

[Third Embodiment] The third embodiment simultaneously realizes the above-described first embodiment and second embodiment. FIG. 1 shows a third embodiment of the present invention.
FIG. 3 is a diagram for explaining the embodiment of FIG.
The figure shows a situation in which a terminal is connected to a network in which 40 exists and multicast communication is being performed. The description of the constituent elements in the figure is the same as in the first embodiment.

By the operations of the first and second embodiments, it is possible to provide the multicast service in which only the declared receivable / transmittable terminals perform the multicast communication and the other terminals cannot perform the multicast communication. . Further, since the present embodiment has the above-mentioned configuration, its effect is that compared to the conventional method,
It is possible to reduce the processing load required for setting the allow list, reduce the processing load required for transferring the allow list, and reduce the storage capacity required for the transfer node, and it has scalability with respect to the network scale and communication scale. There is an effect that it is possible to provide communication that limits the communication.

[0039]

As described above, according to the present invention,
Since it is possible to provide a multicast communication environment in which only specific terminals can use multicast communication,
It is possible to provide essential functions for commercial use of multicast communication, such as elimination of transmission interference from unauthorized users, prevention of inflow of multicast packets due to reception of unauthorized users, and limitation of senders and receivers for multicast addresses in pay broadcasting. effective.

In particular, the present invention is applicable not only to the multicast communication but also to the communication in which it is necessary to limit the transmitting and receiving terminals.
Applicable.

Further, compared with other communication methods that limit the terminals that can send and receive, (1) the communication control server centrally manages the allow list, so that each forwarding node does not need to hold the allow list The storage area required to hold the list can be reduced. (2) Since the communication control server centrally receives the declarations of the terminals that can send and receive data, the number of declarations made by the communication control client can be reduced compared to the method of registering the permission list in all forwarding nodes on the network. (3) Since the communication control server recognizes the terminals accommodated by the forwarding nodes and distributes the permission list for the sending terminals only to the forwarding nodes where the sending terminals exist, the permission list for all the sending terminals is distributed, and the forwarding nodes Compared with the method that holds them, it is possible to reduce the setting operation to the forwarding node and to reduce the amount of permission list that the forwarding node needs to hold, thus reducing the processing load necessary for forwarding the permission list. , And the storage capacity required for the transfer node can be reduced. Due to the above advantages, the present invention has an effect that it is possible to provide communication that has scalability with respect to the network scale and the communication scale and that limits the transmission / reception terminals.

[Brief description of drawings]

FIG. 1 is a diagram illustrating an embodiment of the present invention.

FIG. 2 is a diagram showing a specific example of a receivable terminal declaration and a specific example of a reception request.

FIG. 3 is a flowchart showing a receivable terminal reporting process and a reception request receiving process.

FIG. 4 is a diagram showing a specific example of a transmittable terminal declaration and a specific example of a multicast packet transmitted by a transmitting terminal.

FIG. 5 is a flow chart showing a reporting process and a transmission packet process of a transmittable terminal.

[Explanation of symbols]

101-104 forwarding nodes 110 Communication control client 120,121 Sending terminal 130,131 Receiving terminal 140 Communication control server 141 Transmission / Reception Permission Report Reception Unit 142 Reception request reception unit 220,221 Receive request 230-232 multicast packets

─────────────────────────────────────────────────── ─── Continuation of the front page (72) Inventor Hiroyuki Ichikawa 3-19-2 Nishishinjuku, Shinjuku-ku, Tokyo Nihon Telegraph and Telephone Corporation (72) Inventor Nobuaki Tanaka 223 Yamashita-machi, Naka-ku, Yokohama-shi, Kanagawa No. 1 NTT Software Co., Ltd. (72) Inventor Keigo Niwa 223 Yamashita-cho, Naka-ku, Yokohama-shi, Kanagawa No. 1 NTT Software Co., Ltd. (56) References 10-247917 (JP, A) JP-A-11-46192 (JP, A) JP-A-9-214540 (JP, A) JP-A-11-55321 (JP, A) (58) Fields investigated (Int. Cl. ⁷ , DB name) H04L 12/54 H04L 12/56 H04L 12/58

Claims (3)

(57) [Claims] 1. A packet communication method for transferring a packet between outgoing and incoming transfer nodes only when a communication control server sets a forwarding path from an outgoing and forward node housing a sending terminal to a destination forwarding node housing a receiving terminal. The communication control server receives in advance a declaration of a set of a terminal address which is a transmission destination address and a reception terminal identifier which permits reception of a packet in which the terminal address is given as a transmission destination address, and based on the declaration , A receiving permission list made up of a combination of a terminal address which is a transmission destination address and a receiving terminal identifier which is permitted to receive a packet to which the terminal address is given as a transmission destination address, Reception consisting of a combination of a transmission destination address requesting reception to the communication control server and its own terminal identifier When the communication control server that has transmitted the request and received the reception request confirms that the combination of the transmission destination address requested to be received in the reception request and the terminal identifier that made the request is included in the reception permission list. Only, the transfer route from the source transfer node to the destination transfer node of the packet whose destination address is the terminal address is set. On the other hand, if there is no reception permission list in the communication control server or the reception request is received. If the combination of the requested transmission destination address and the requested terminal identifier is not included in the reception permission list, the reception request is not accepted and the transfer route from the source transfer node to the destination transfer node is not set. A packet communication method characterized by: 2. A packet communication method for transferring a packet between an outgoing and incoming transfer node only when a communication control server sets a transfer route from an outgoing and forward node containing a sending terminal to a destination transfer node containing a receiving terminal. The communication control server accepts in advance a declaration of a set of a terminal address that is a transmission destination address and a transmission terminal address that permits transmission of a packet with the terminal address assigned as the transmission destination address, and based on the declaration , Create a transmission allowance list consisting of a terminal address that is the transmission destination address and a transmission terminal address that is permitted to transmit packets with that terminal address assigned as the transmission destination address, and send the created transmission permission list. It is set in the originating and forwarding node that accommodates the permitted sending terminal, and the originating and forwarding node is sent by the sending terminal. When the received packet is received, it is checked whether the combination of the transmission destination address of the received packet and the transmission source address is included in the transmission permission list, and only if it is included, the packet is transferred to the destination transfer node. On the other hand, when there is no transmission permission list in the source forwarding node or when the combination of the transmission destination address and the source address of the received packet is not included in the transmission permission list, the packet transmitted by the transmitting terminal is transferred. A packet communication method characterized by not transferring to a node. 3. A packet communication method for transferring a packet between an outgoing and incoming transfer node only when a communication control server sets a transfer route from an outgoing and forward node containing a sending terminal to a called transfer node containing a receiving terminal. The communication control server receives in advance a declaration of a set of a terminal address which is a transmission destination address and a reception terminal identifier which permits reception of a packet in which the terminal address is given as a transmission destination address, and based on the declaration , A receiving permission list made up of a combination of a terminal address which is a transmission destination address and a receiving terminal identifier which is permitted to receive a packet to which the terminal address is given as a transmission destination address, Reception consisting of a combination of a transmission destination address requesting reception to the communication control server and its own terminal identifier When the communication control server that has transmitted the request and received the reception request confirms that the combination of the transmission destination address requested to be received in the reception request and the terminal identifier that made the request is included in the reception permission list. Only, the transfer route from the source transfer node to the destination transfer node of the packet whose destination address is the terminal address is set. On the other hand, if there is no reception permission list in the communication control server or the reception request is received. When the combination of the requested transmission destination address and the requested terminal identifier is not included in the reception permission list, the reception request is not accepted and the transfer route from the source transfer node to the destination transfer node is not set. And the communication control server assigns a terminal address as a transmission destination address and a packet to which the terminal address is added as the transmission destination address. A transmission terminal that accepts in advance a declaration of a combination with a transmission terminal address that permits transmission, and is permitted to transmit a packet that has a terminal address to be the transmission destination address and the terminal address assigned as the transmission destination address based on the declaration. A transmission allowance list composed of a combination with an address is created, and the created transmission allowance list is set to the originating / forwarding node accommodating the sending terminal permitted to send. Upon reception, it is checked whether the combination of the transmission destination address of the received packet and its source address is included in the transmission permission list, and if it is included, the packet is transferred to the destination transfer node, while the source packet is transmitted. When the transmission allowance list does not exist in the forwarding node or the combination of the destination address and source address of the received packet If you said not included in the transmission permission list,
A packet communication method characterized in that a packet transmitted by a transmitting terminal is not transferred to a destination transfer node.