JP4635261B2 - Communication system and name server device - Google Patents

Description

  The present invention relates to a communication system and a name server device used on the communication system, and particularly relates to a naming method thereof.

Ubiquitous communication that integrates real space and network, such as real-space information from RF-IDs and sensors can be obtained on the Internet, and home appliances with network connection functions can receive control via the network. Improvement of environment is progressing rapidly.
On the other hand, high-speed and large-capacity wired and wireless networks are rapidly increasing in communication networks, and flat-rate billing services that do not depend on communication time or communication charges have been introduced. With these combinations, it has become possible to remotely operate a home or office device or retrieve necessary information via a network, regardless of where the user is.

In such an environment, the convenience of the user is increased, but the user is required to have advanced knowledge due to the complexity of the system. Danger can also occur at the same time, such as increasing the possibility of allowing unauthorized access.
Therefore, it is desired to realize a system that is easy or unnecessary to set and designed so as not to cause a security problem.

  As a corresponding method, two layers are prepared for the network address, one is a global address space, and the other is a private address space. According to this, since the mutual address space can be converted only through the router, there is an advantage that a device in the private address space cannot be accessed by others.

As a conventional technique for proposing two-layer address space in this way, there is Non-Patent Document 1. In the IST-MAGNET project disclosed in this document, it is proposed to prepare a PN address space and a global IP address space in two layers, a PN layer and an IP layer.
A certain device has only a PN address, and a certain device has an IP address together with the PN address, so that connection from the outside is also possible in the IP layer.

  When a large number of devices are connected to the network, the means for discovering and specifying the service that the user wants to use and the device that the user wants to connect becomes important. For example, when recording a television program to be broadcast tonight, the user needs to perform a reservation operation on the home video deck. At this time, even if the video deck itself is connected to the network, if it is only represented by a numeric string or symbol string such as an IP address, the user can find and operate the video deck from the network. Is difficult to do.

  There are two ways to solve this problem. One is to give each device a name that is easy for the user to understand apart from the address. Nonetheless, since packet transfer is performed depending on the address during actual communication, the user manages the address list by managing the device name / address binding list somewhere and performing appropriate conversions. The need to memorize can be avoided. This mechanism is called naming.

  Non-Patent Document 1 discloses a configuration using two layers of address space, but no naming method is considered. Non-patent document 2 proposes a naming method, but a technique of using two layers such as a PN layer cannot be realized.

  As another solution, each device can register “what can be done” (service) in a specific server in advance. When the user makes a request to the server, for example, “I want to record a TV program”, the server searches for a device that provides a service that matches the request and returns the information, so that the user Can access the device. This mechanism is called service discovery.

In general, it is said that it is difficult to ensure scalability because service discovery technology is more complex than naming technology.
These two technologies are not exclusive and can be used in combination to further improve user convenience. For example, Intentional Naming System (INS) (see Non-Patent Document 3) has features of both of the past proposed technologies.

  In INS, each device has the device location, service type, access characteristics, etc. as name elements, and by configuring the tree structure, the user can easily find the service he wants to exist in the neighborhood have. However, since this namespace is propagated and shared on a hop-by-hop basis, it is difficult to ensure scalability at the Internet level.

In the current Internet, Domain Name System (DNS) (see Non-Patent Document 4) is used as a de facto standard as a naming method.
The DNS has a hierarchical name space, and the name is composed of a combination of a device name and a domain (organization) name. For example, in the name www.nict.go.jp, the first “www” indicates the device name, and the remaining “nict.go.jp” indicates the domain name. The domain name portion has a hierarchical structure (in the above example, jp → go → nict), and the name servers of each organization are configured to have a similar hierarchical structure. As a result, device names can be managed independently within each organization, and even when the number of domains and the number of devices increase, scalability in the Internet size is obtained by distributing and accommodating them in the hierarchical structure.

Although it is considered preferable to continue to use DNS in the next-generation network targeted by the present invention, some functions required for the next-generation network cannot be realized as they are.
First, in the next generation network, it is assumed that the user moves. Especially, devices that exist on the PAN are frequently used as radio access networks (RAN, eg Ethernet (registered trademark), wireless LAN 802.11g, W-CDMA). The access point on the Internet (or IP-based backbone network) is changed while changing the access method (registered trademark). At this time, the new connection point does not necessarily belong to the same domain. In DNS, since the name of a device depends on the connection point, it cannot be said that it essentially follows the mobility of the device.

  Further, as a problem of applying DNS to the next generation network, information on all devices may be basically disclosed. When every device is connected to the network, it is an advantage of DNS that the user can access each device with a simple name. However, since the name registered in DNS can be referred to by other users, if a general name or a name that is easy to imagine is given to the device, it may unnecessarily attract access from others. Absent. Although it should not be a problem if the access control is set appropriately, it is preferable in terms of management that the information that is desired for personal use is not disclosed to others.

As related prior art, Patent Document 5 discloses a system and method for searching for devices on a local area network.
In the system, an address server for associating an IP address of a device on the network with a group name, and a discoverable device located in the first subnet of the network having an IP address associated with the group name. A list of known discoverable devices and a second subnet of the network, forming a list of known subnets and known devices on the network, querying a name server for a list of IP addresses associated with group names, Discovery that contacts each discoverable device's return address associated with the group name for the IP subnet information of the discoverable device, determines the subnet of the discoverable device, and adds the discoverable device and its subnet to the list It is disclosed to include an apparatus.

IST-MAGNET Consortium web page http://www.ist-magnet.org/ H.Murakami, R.L.Olsen, H.Schwefel, R.Prasad, User-centric Name Services for personal networks, Proc. Of WPMC 04, vol.3, pp.58-62, September 2004 W. Adjie-Winoto, et al., ‘The design and implementation of an intentional naming system,’ Proc. Of ACM SOSP’99, pp. 186-201, December 1999 P. Mockapetris, ‘DOMAIN NAMES-CONCEPTS AND FACILITIES,’ IETF RFC 1034, November 1987 Japanese Patent Laid-Open No. 2003-258832

  The present invention was created in view of the above-described problems of the prior art, and provides a communication system and a name that realize a name naming method that ensures the mobility of a device and does not unnecessarily disclose addresses to others. An object is to provide a server device.

In order to solve the above-described problems, the present invention provides the following communication system.
The communication system according to claim 1 is used in a first area on a communication network for a device, and a name on a first name system layer that associates a device with a network address is more limited. The name on the second name system layer used in the second area is assigned, and the first and second name system layers are used.

  The communication system includes a name server device that functions in both name system layers, and the name server device is provided for each cluster defined as a set of devices for each location in the second name system layer, Acquire device registration information including at least a network address from one or more devices in the cluster, store a correspondence list of devices and network addresses in the cluster, and other clusters in the second name system layer A name server device and a link for exchanging the association list are provided, and a device / network address conversion function based on the association list is provided only to users belonging to the second area.

  The communication system according to claim 2 includes an edge server device serving as a router of each cluster in the communication system when the name server device exchanges the association list with the name server device of another cluster. The edge server device notifies the device of the network address in the first area assigned to the edge server device based on the device registration information acquired by the name server device.

  The communication system according to claim 3 is characterized in that the edge server devices are connected using a VPN (Virtual Private Network).

  The communication system according to claim 4, wherein in the communication system described above, a network address in a first area assigned to the edge server device of each cluster is set to at least one of the device, the name server device, and the edge server device. And an agent server device that enables network addresses to be exchanged between the edge server devices by obtaining from the server and notifying at least the edge server device of another cluster.

  The communication system according to claim 5 is a configuration in which a part of the name of each device in the second name system layer includes a cluster name of the cluster, and each name server device is a name server device of another cluster. The cluster name is advertised toward the user.

The present invention can provide the following name server device.
That is, the invention according to claim 6 is used in the first area on the communication network for the device, and the name on the first name system layer that associates the device with the network address; It is a name server device used in a communication system using the first and second name system layers by assigning names on the second name system layer used in a more limited second area.

  The name server apparatus functions in both name system layers. In the second name system layer, the name server apparatus is provided for each cluster defined as a set of devices for each location, and at least a network from one or more devices in the cluster. Acquires device registration information including an address, stores a correspondence list of devices and network addresses in the cluster, and exchanges the correspondence list with name server devices of other clusters in the second name system layer And providing a function for converting a device and a network address according to the association list only to users belonging to the second area.

  According to a seventh aspect of the present invention, in the configuration in which a part of the name of each device in the second name system layer includes the cluster name of the cluster, each name server device is a name server device of another cluster The cluster name is advertised toward.

The present invention has the following effects by providing the above configuration.
In other words, according to the first aspect of the present invention, by using two name system layers in the first area and the second area, a user in the second area can be transferred from a user who belongs to the second area. Can be prevented and contributes to security improvement.
At the same time, the user belonging to the second area can freely access the device even in a cluster at a different location, and convenience during movement is improved.

According to the second aspect of the present invention, since the name server device is not directly connected to the communication network by providing the edge server device separately, it contributes to the improvement of security.
The invention according to claim 3 realizes highly reliable connection between edge server devices by VPN connection.

  According to the fourth aspect of the present invention, it is not necessary to perform network address exchange between the edge server devices from the edge server device by using the agent server device. Each edge server device can be managed collectively.

  According to the fifth aspect of the present invention, the name server device advertises the cluster name, so that access to devices in other clusters can be easily realized.

  According to invention of Claim 6 and 7, the name server apparatus used with said communication system can be provided.

Hereinafter, embodiments of the present invention will be described based on examples shown in the drawings. The embodiment is not limited to the following.
First, the definition of a personal network (PN), a cluster, and a P-PAN (Private Personal Area Network) in the present invention will be described with reference to FIG.
A normal PAN is a (wireless) link level network formed by a group of devices existing in the vicinity of a user, such as Bluetooth or wireless LAN. On the other hand, in the present invention, in consideration of the information of the owner of the device, the PAN that is the second area formed only by the device group of a single user is called P-PAN (1).
While this P-PAN is trusted, data can be sent and received and accessed freely, while communication with devices outside the P-PAN is restricted.

Similarly, in a place where a user stays for a long time, such as at home, at a company, or in a car, similarly, a small network is formed only by devices owned by a single user.
This local collection of devices is called cluster (2) (3) (4). Similar to P-PAN (1), the inside of this cluster can be freely communicated as being secure, but communication outside the cluster is limited.

The P-PAN and each cluster are connected by an interconnection network (5) which is a first area such as the Internet, UMTS (Universal Mobile Telecommunications System), wireless LAN, and adhoc communication.
At that time, users can access all devices and data they own without worrying about the location by dynamically connecting with a secure method using, for example, VPN (Virtual Private Network) according to the user's needs. It becomes possible to do.

  When viewed from the user, the devices existing in the clusters (2), (3), and (4) can be easily handled as if they exist at hand, that is, in the P-PAN. A virtual network composed of the P-PAN and the cluster is called a personal network (PN) (6).

Next, the configuration of the name system that is a feature of the present invention will be described.
As described above, the device names registered in the DNS server are made public to all users, and it is not preferable to register the names of all devices from the viewpoint of security.
Therefore, the DNS name space is divided into two name system layers, one of which is accessible only to itself (second name system layer), and the other device is registered only with devices that can be accessed by others. Separate as a name space (first name system layer). The former layer is called a PN layer, and the latter layer is called an IP layer. FIG. 2 shows an overall view thereof.

That is, the IP layer (10) is the current DNS architecture itself. The names of devices that accept access from others are recorded in a hierarchical name space and are globally valid.
On the other hand, the PN layer (20) constitutes a name space accessible only from itself. That is, there is only one IP layer (10) globally, but there is one PN layer (20) for each user.

  The fact that the PN layer (20) forms a name space for each user has advantages other than security. Since each user's name space is independent, there is no problem even if the same device name is used for each user. For example, names such as “tv”, “pc”, and “printer” are easy to understand intuitively and can be used by many users. Since the name spaces of user A and user B are independent, it does not matter if both users assign a device name “pc” to their personal computers, and different PC addresses can be bound to each other.

However, this is for the PN layer (20), and the IP layer (10) needs to be independent at the level of FQDN (Fully Qualified Domain Name).
That is, when user A and user B belong to the same domain and each of their personal computers is opened to accept access from others, it is necessary to give unique names to the personal computers.

In FIG. 2, PNS (Personal Name Server) arranged in each cluster is the name server of the present invention. All devices in the cluster have an inter-device communication unit with a subset program as will be described later. Among them, devices with relatively rich resources (for example, personal computers and mobile phone terminals) are defined and function as servers. Let
Operate as a client on other devices. In particular, a device that operates as the server is a PNS. The PNS (21) of the home cluster is, for example, a personal computer in the home, and is a device in which various devices such as a home communication terminal, a TV, and an air conditioner are clients.

On the other hand, in the IP layer (10), the PNS is connected to a function-added name server. The function-added name server is configured by a combination of a basic part having an original DNS function and an extended part in which an additional function is implemented. If the extension part is not used, the same behavior as an existing DNS server can be performed.
Since it is practically impossible to replace all DNS servers on the Internet with function-added name servers at a time, this configuration is also effective when considering phased migration.

  This function-added name server is called an NNS (New Naming Scheme) server. NNS servers are arranged hierarchically in the same way as current DNS servers. A large number of NNS servers are arranged on the Internet (11). In FIG. 2, an HNS (Home Name Server) (12) is an NNS server in a domain that a user normally uses.

An FNS (Foreign Name Server) (13) is an NNS server in a domain connected when a user's P-PAN connects to the Internet (11), and manages name information of the device of the Internet provider, for example. ing.
Therefore, when the user is in the office cluster (14), the FNS (13) of the company domain is used, and when the user is in the home cluster (15), the FNS (16) of the home Internet provider is used.

  The NNS server refers to a general name server having the functions of the present invention, and the HNS and FNS are described with different names for the purpose of distinguishing them in relation to users, and the configuration is the same. It is. Further, the above-described functions of the PNS inter-device communication unit are a subset of the functions of the NNS server.

Next, FIG. 3 is a block diagram showing the configuration of each server device in the present invention. FIG. 4 shows the relationship between PNS and devices in one cluster. FIG. 5 is a message flow between the PNS and the device.
The PNS (30) functions as a so-called master node in the P-PAN / cluster (31). The PNS (30) periodically broadcasts (50) an advertisement packet (advertisement) from its inter-device communication unit (31) into its own P-PAN / cluster, and informs the other device (40) of its existence. .
The advertisement packet includes a cluster name (cluster_name) as ID information unique to the P-PAN / cluster. This cluster_name is preferably set manually (for example, a user such as “home” or “office” that is easy to understand).

On the other hand, a device that has not become a PNS registers its information in the PNS by the client function of the inter-device communication unit (41). The client knows in which P-PAN / cluster it is present from the cluster_name broadcast by the PNS.
When it is not registered in any PNS yet, such as immediately after power-on, or when it is detected that the device has moved to a new P-PAN / cluster, the inter-device communication unit (41) registers with the PNS (30). (registration) packet is transmitted (51).

  This registration packet must include at least an IP address. In addition, the device type (device_type), device public flag (public_flag) when the user wants to make the device public to others, and many devices are connected to the network, so the device name is automatically assigned Is preferable from the viewpoint of convenience, but if the user wants to assign an arbitrary name, the device name (device_name) may be clearly indicated.

With such a procedure, the PNS (30) obtains information on all devices (40) in the P-PAN / cluster and stores them in the device database (32).
Among the obtained information, automatic name generation (52) can be performed for a device for which an arbitrary name is not set. Using the collected device type information and cluster_name, a name in the format device_type [serial_number] .cluster_name may be generated. Specifically, names such as “tv01.livingroom” and “printer03.office” are generated.
Includes device type and location information, giving users a name that is easy to understand.

  The serial number is for avoiding duplication of names when devices of the same type exist in the P-PAN / cluster, and is not essential when there is no duplication of names. When duplication is avoided by serial numbers such as “tv01” and “tv02”, it is difficult to recognize which of the two TVs “tv01” indicates. It is preferable to obtain more detailed device information in cooperation with a service discovery function, context management technology, etc., and to incorporate a part that differs between the two devices, such as the manufacturer name and display size, into the name.

Note that a client that has once registered in the PNS periodically sends an alive signal (53) to the PNS at a low frequency as long as there is no change or movement.
The device name and address binding list obtained in the above process is stored by the PNS for a certain period. When the alive signal that should be sent periodically from the device is not received within this fixed period, the PNS determines that the device has moved or is no longer active (for example, the battery has run out), and the list (device DB ).

The device information collected in the PNS (30) in this way is shared among the PNSs in the PN layer for use by the user. FIG. 6 shows a configuration diagram for explaining communication between the PNS, and FIG. 7 shows a message flow when information is shared.
Since the name space formed by the PN layer and the PN layer has a flat configuration, each PNS has an equal relationship. Therefore, the PN layer naming scheme can be paraphrased as how to share device information held by each PNS.

  The present invention employs a proactive method in which information owned by each PNS is exchanged in advance with another PNS. Each PNS periodically broadcasts (70) an advertisement packet (hello packet) to the entire PN in order to search for another PNS by the inter-PNS communication unit (33). At this time, this advertisement packet is transmitted with its own cluster_name added.

The advertisement of the cluster name is performed between the PNS via the edge server by establishing in advance a VPN connection (62) between the edge servers (60) and (61) acting as routers between each cluster and the Internet. This realizes secure communication.
In implementing the present invention, the edge name server is not necessarily used, and the PNS may directly connect to the Internet to advertise the cluster name.
To do.

The inter-PNS communication unit (33 ′) of the other PNS that has received this broadcast confirms whether the received cluster_name is known or unknown. If it is unknown, it means that the device information of the P-PAN / cluster is not yet known, so device information is exchanged with each other.
Therefore, the PNS (30 ′) that has received the broadcast transmits (71) a response packet (acknowledgement) to the transmitting side PNS (30). At this time, the cluster_name on the receiving side is added to the response packet.

  After exchanging both cluster_names in this way, the information of the devices existing in the P-PAN / cluster of each other's PNS is exchanged. That is, when the PNS (30) transmits (72) the cluster_name and the device-address association list all_bindings in the cluster, the response and the same contents on the receiving side are returned (73).

By performing such a procedure between all PNSs, each PNS can have complete name space information. That is, each PNS can resolve itself for all queries, and there is no need to transfer the query to another PNS.
When device information is updated after a namespace exchange is completed, such as when a new device is connected to a P-PAN / cluster, the PNS of that P-PAN / cluster The change difference is sent immediately by unicast (or multicast if possible), and each PNS is always kept up-to-date.

  In each PNS, cluster_name and timer information are added to the exchanged device information and stored in the device DB. Since each PNS broadcasts a hello packet periodically as described above, if this broadcast cannot be received within a certain time (set value of the timer), it exists in the corresponding P-PAN / cluster ( Device information) is discarded.

  Although the proactive method is used in this embodiment, the reactive method may improve communication efficiency in an environment where the number of queries is small. In this case, the reactive method refers to a method in which device information is not exchanged even if a partner is known by a hello packet, but when a query comes, it is transferred to another PNS for resolving. When performing automatic generation of the above name, for example, when a query for the device name “tv01.livingroom” comes, it is clear that this query can be resolved by querying the “livingroom” cluster, which is high. Communication efficiency can be expected.

Since the PN layer according to the present invention has nothing to do with the name space of the IP layer, the exchange of the association list in the PN layer has no relation to the hierarchy in the IP layer, while the user belongs to which cluster. You can use shared device information even if you move.
Furthermore, the present invention includes a mechanism for tracking and using a device that can be accessed in the IP layer even if the P-PAN changes. The IP layer is described below.

The name space of the IP layer has a hierarchical structure similar to the name space formed by the existing DNS. All devices belong to a specific domain to enable distributed management, and the name itself includes a hierarchical structure, so that it is possible to reach the name server of the domain to which the device belongs by iterative query. Have.
At present, most of the devices on the Internet registered in the DNS are fixed and hardly change. A mechanism that can dynamically update DNS registration (non-patent document 6) has also been proposed and implemented for users whose assigned IP addresses change dynamically, such as dial-up users. The frequency of updates is not so high.

P. Vixie, et al., ‘Dynamic Updates in the Domain Name System (DNS UPDATE),’ IETF RFC 2136, April 1997

  On the other hand, next-generation networks must also accommodate high mobility devices such as mobile phone services. When moving at high speed while changing the connection point to the network, the IP address of the device will be updated frequently, and the name server will also be updated frequently. There is a need for a naming scheme that can withstand such frequent binding updates.

  Since all users can refer to devices registered in the NNS IP layer, only the minimum necessary devices, that is, devices that allow access from others should be registered. For this reason, only devices whose “device disclosure flag” transmitted from the inter-device communication unit (41) of the device (40) is set to on are registered.

A device whose public flag is on must have a unique name set by the user (for example, “pc01”). Together with the domain name of the user's so-called home network (for example, “nict.go.jp”), a device-specific FQDN (“pc01.nict.go.jp” in this example) is obtained.
In other words, when someone tries to access “pc01.nict.go.jp”, the user resolves from the information recorded in the name server of the nict.go.jp domain.

As described above, the NNS that manages the domain of the user's home network is the HNS. FIG. 8 shows the configuration of the name server and name space of the IP layer.
When the IP address of a device is changed, the PNS basically updates the binding recorded in the HNS by sending the latest address information (association list) to the HNS.

  However, if the HNS and PNS are distant from each other in the network, or if the communication speed of the line connecting the P-PAN and the Internet is slow, frequently updating the binding will occupy the band to be used for data transfer. It can also be a thing, and ingenuity is necessary.

Therefore, an NNS server (referred to as FNS as described above) of the network (attaching network) to which the P-PAN / cluster is connected operates.
Instead of updating the binding between the original PNS and the HNS, the binding is updated between the PNS and the FNS.

  In addition, cooperation between HNS and FNS is also required. The FNS notifies the HNS of its own address and the device name in the P-PAN / cluster that it is receiving updates on behalf of.

8 and 9, a device in the P-PAN connected to the Internet via the comm.univ.jp domain is accommodated in the name server 81 of the domain, and the user's home network Even in the provider.jp domain, information indicating connectivity is not accommodated in the name server (82) of the domain.
In the present invention, the PNS (81) periodically sends a device name / address association list (binding) to the HNS (82) in provider.jp, and the HNS (82) Holds binding information.

  Further, when the connection destination domain provides the NNS server function, the NNS server is set to FNS (80). The PNS (81) transmits binding information to the FNS (80) instead of the HNS (82) to be held and updated, and the FNS (81) only transmits its own address and the device name managed by proxy to the HNS (82). ) (93) is effective in reducing management traffic flowing on the network.

  FIG. 10 is a diagram illustrating the configuration of each server. The information of the device DB created as described above is transmitted from the IP layer communication unit (100) of the PNS (81) to the PN communication unit (101) of the FNS. The unit stores the received information in the binding database (102). The IP communication unit (103) notifies the IP address of the FNS and the device name to the IP communication unit (104) of the HNS (82) via the Internet, and the IP communication unit (104) transmits the information to the binding database (105). Store it.

  As a result, as shown in FIG. 9, the first query (91) transmitted by the user (corresponding node) (90) who wants to access the public device first can reach the HNS (82). In order to deliver this query (91) to the FNS (80), the HNS notifies the correspondent node (90) of the second query (92) by notifying the IP address of the FNS as the name server to be referred next. Wake me up.

  That is, in order to access a device called hom-pan.provider.jp, the responding node reaches the name server (82) of provider.jp, which is an HNS. Instead of returning the device address, the HNS (82) prompts to access the name server of the comm.univ.jp domain to which the current P-PAN, which is the FNS (80), is connected. This FNS resolves the actual hom-pan.provider.jp address.

As shown in FIG. 8, there is no problem with the name server configuration of the IP layer even if conventional DNS servers are mixed. At least, if there is a home network HNS (82) and a PNS (81) in the P-PAN / cluster, it can be operated alone, and the FNS only needs to be a function-added server even if the FNS intervenes.
The corresponding node need not support the system of the present invention. This is because, when viewed from the responding node, the query sent to the HNS and FNS and the response received are completely the same as the inquiry process for the DNS server. The only difference between the DNS and the NNS IP layer is the update mechanism between the HNS-FNS-PNS and the addition of another query from the HNS to the FNS when the FNS is interposed.

As another embodiment of the present invention, a configuration in which an agent server for managing a cluster is provided in a communication system will be described below.
FIG. 11 is an overall configuration diagram of a communication system including an agent server (110). The agent server (110) performs communication in the IP layer, and an inter-PNS communication unit (via the edge servers (60) and (61)). 33) A communication unit (111) capable of communicating also with (33 '), a cluster management unit (112) that transmits a cluster record and other cluster information to the PNS, and a cluster database (113) that stores cluster information Is provided.

FIG. 12 is a message flow in registering the device (40) when the agent server (110) is used in the present invention.
As described above, the devices (40) to PNS (30) and the edge server (60) are provided in one cluster (2), (3), and (4), and between the edge server (60) and the agent server (110). Are connected via the Internet etc. (5).

First, as in FIG. 5, when the PNS (30) advertises the cluster name (50), the device responds with its own address (51), and at least transmits the address.
Next, a device name in the PN layer is generated (52).

  When the device name is registered in the device database (32) of the PNS (30) in this way, the PNS notifies the edge server (60) of the device name, or the edge server (60) periodically transmits the device database (32). ) To detect the registration of the device, and the IP address assigned to the edge server is advertised (120) to each device.

  The network address of the edge server means a cluster address, and each device can be specified as a device in the cluster of the address indicated by the IP layer. However, since it belongs only to the PN layer unless it is open to the public, access from the outside can only be performed by a user who can access the PN layer, as described above.

On the other hand, before or after the above processes (50) to (120), the IP address of the edge server (60) is assigned or updated (121) from the DNS server or the function addition server.
The PNS (30) that has detected that the IP address is assigned / updated to the edge server by the inter-PNS communication unit (33), the user name, cluster name, and IP address of the edge server are sent via the edge server (60). The agent server (110) is notified (122).

The communication unit (111) of the agent server receives this, and the cluster management unit (112) registers the received information in the cluster database (113) as a database.
Then, the cluster management unit (113) sends a user to each edge server (60) (61) described in the cluster database (113) at a predetermined opportunity, for example, when the cluster database (113) is updated or at a predetermined interval. Name, cluster name, IP address of other edge server, etc. are sent to the communication unit (111).

  With the above configuration, the edge servers (60) and (61) can establish a VPN connection with each other. By providing the agent server (110) in this way, the edge server (60) can be collectively managed, and there is no need to advertise its own address or the like between the edge servers.

  As described above, the present invention proposes a naming system having two layers, thereby providing a suitable network environment for moving users and others accessing devices while ensuring security. To do.

1 is an overall view of a communication system according to the present invention. It is a block diagram which shows the relationship between the IP layer of this invention, and a PN layer. It is a block diagram which shows the structure of PNS and a device which concern on a PN layer. It is explanatory drawing which shows the relationship between the PNS in a cluster, and a device. It is a message flow between PNS and a device in a cluster. It is explanatory drawing which shows the relationship between PNS in a PN layer. It is a message flow between PNS in a PN layer. It is a general view which shows the structure of the server of IP layer, and a name space. It is explanatory drawing which shows the relationship between the servers in an IP layer. It is a block diagram which shows the structure of the server which concerns on an IP layer. It is a block diagram of the communication system using the agent server concerning this invention. It is a message flow in the structure using the agent server concerning this invention.

Explanation of symbols

10 IP layer 11 Internet 12 HNS
13 FNS
14 Office cluster 15 Home cluster 16 FNS
20 PN layer 21 PNS

Claims (7)

Used for the device in the first area on the communication network, the name on the first name system layer that associates the device with the network address, and used in the more specific second area In the communication system using the first and second name system layers, each of which is assigned a name on the second name system layer,
A name server device functioning in both name system layers, the name server device comprising:
The second name system layer is provided for each cluster defined as a set of devices for each location, acquires device registration information including at least a network address from one or more devices in the cluster, Stores a list of associations with network addresses,
A device and a network address according to the association list for only a user belonging to the second area having a link for exchanging the association list with a name server device of another cluster in the second name system layer A communication system characterized by providing a conversion function. When the name server device exchanges a correspondence list with name server devices of other clusters,
The communication system includes an edge server device serving as a router of each cluster,
In each cluster,
The device according to claim 1, wherein the edge server device notifies the device of a network address in a first area assigned to the edge server device based on device registration information acquired by the name server device. Communication system. In the communication system,
The communication system according to claim 2, wherein the edge server devices are connected using a VPN (Virtual Private Network). In the communication system,
The network address in the first area assigned to the edge server device of each cluster is acquired from at least one of the device, the name server device, and the edge server device, and notified to at least the edge server device of another cluster. The communication system according to claim 2 or 3, further comprising an agent server device that enables exchange of network addresses between edge server devices. In the configuration including the cluster name of the cluster as a part of the name of each device in the second name system layer,
5. The communication system according to claim 1, wherein each name server device advertises the cluster name toward a name server device of another cluster. Used for the device in the first area on the communication network, the name on the first name system layer that associates the device with the network address, and used in the more specific second area A name server device for use in a communication system using the first and second name system layers, respectively,
The name server device functions at both name system layers,
The second name system layer is provided for each cluster defined as a set of devices for each location, acquires device registration information including at least a network address from one or more devices in the cluster, Stores a list of associations with network addresses,
A device and a network address according to the association list for only a user belonging to the second area having a link for exchanging the association list with a name server device of another cluster in the second name system layer A name server device characterized by providing a conversion function. In the configuration including the cluster name of the cluster as a part of the name of each device in the second name system layer,
The name server device according to claim 6, wherein each name server device advertises the cluster name toward a name server device of another cluster.

Images