JP6289779B1 - Connection maintenance device, connection maintenance method, and connection maintenance program - Google Patents

Abstract

In the center connection maintaining apparatus (101), the inward table (406) is a table in which combinations of transmission source port numbers and transmission source addresses are registered in association with unique temporary addresses. Assume that an inward packet transmitted after connection establishment by the connection-type protocol is received. If the combination of the transmission source port number and the transmission source address of the received packet is registered in the inward table (406), the header rewriting unit (403) rewrites the transmission source address of the reception packet to the corresponding temporary address. Even if the combination is not registered in the inward table (406), the header rewriting unit (403) does not register a combination with the same source port number but a different source address in the inward table (406). For example, the source address of the received packet is rewritten to the corresponding temporary address. The communication control unit (404) performs transfer processing of the rewritten packet.

Description

  The present invention relates to a connection maintaining device, a connection maintaining method, and a connection maintaining program.

  There is a system in which a plurality of bases are connected to a monitoring center via an IP (Internet Protocol) network, and a terminal in each base transmits information to a center device in the monitoring center. In this system, the terminal always communicates with the center apparatus while maintaining a TCP (Transmission Control Protocol) connection.

  Depending on the network used, the IP address of the terminal may be dynamically changed. The TCP connection is identified by four combinations of a source IP address, a destination IP address, a source port number, and a destination port number included in the packet header. When the IP address of the terminal is changed, the source IP address is changed in the packet from the terminal, and the destination IP address is changed in the packet from the center apparatus. Therefore, the same TCP connection cannot be used. That is, when the IP address of the terminal is changed, it is impossible to maintain the TCP connection between the terminal and the center apparatus. For reconnection by TCP, new packet communication is required between the terminal and the center apparatus. When a pay-per-use network is used, the amount of communication becomes a problem. When a network with a large delay is used, the time lag until reconnection becomes a problem.

  To deal with this problem, Patent Document 1 discloses a method of generating a unique identifier for identifying a TCP connection in a form independent of an IP address, and inserting the generated identifier into all packets. By identifying the TCP connection using this identifier, it is possible to prevent the TCP connection from being disconnected due to the change of the IP address.

JP 2004-343805 A

  In the method of Patent Document 1, it is necessary to add a unique identifier to every packet. Therefore, the packet size increases. As a result, the amount of communication data increases.

  An object of the present invention is to maintain a connection using TCP or another connection type protocol without increasing the amount of communication data.

A connection maintaining device according to one aspect of the present invention includes:
A communication control unit that performs transfer processing of an inward packet transmitted after establishing a connection by a connection-type protocol;
Refers to the inward table in which a combination of an identification port number and a source address that is one of a source port number and a destination port number stored in a memory is registered in association with a unique temporary address, and If the first combination that is a combination of the identification port number of the packet and the source address of the inbound packet is registered in the inbound table, the inbound packet transfer process by the communication control unit Before, the source address of the inbound packet is rewritten to a temporary address corresponding to the first combination, and the first combination is not registered in the inbound table, and the identification port number of the inbound packet And a second combination that is a combination of a source address different from the source address of the inbound packet If it is registered in the inward table, the header rewriting for rewriting the source address of the inbound packet to a temporary address corresponding to the second combination before the inward packet transfer process by the communication control unit A part.

  In the present invention, either one of the source port number and the destination port number included in the packet is used to identify the connection based on the connection-type protocol. Since there is no need to add a unique identifier for identifying the connection, the connection can be maintained without increasing the amount of communication data.

1 is a block diagram illustrating a configuration of a communication system according to Embodiment 1. FIG. FIG. 2 is a block diagram showing a configuration of a site connection maintaining device according to Embodiment 1. 1 is a block diagram showing a configuration of a center connection maintaining apparatus according to Embodiment 1. FIG. 5 is a flowchart showing the operation of the site connection maintaining apparatus according to Embodiment 1. 5 is a flowchart showing the operation of the site connection maintaining apparatus according to Embodiment 1. 5 is a flowchart showing a procedure of site-side update processing of the site connection maintaining apparatus according to Embodiment 1. 5 is a flowchart showing the operation of the site connection maintaining apparatus according to Embodiment 1. 5 is a flowchart showing the operation of the center connection maintaining apparatus according to the first embodiment. 6 is a flowchart showing a procedure of center side registration processing of the center connection maintaining apparatus according to the first embodiment. 5 is a flowchart showing a procedure of center side update processing of the center connection maintaining apparatus according to the first embodiment. 5 is a flowchart showing the operation of the center connection maintaining apparatus according to the first embodiment. 4 is a table showing addresses of devices of the communication system according to the first embodiment. 6 is a table showing a temporary address list of the center connection maintaining apparatus according to the first embodiment. FIG. 3 shows header information of packets transmitted and received in the communication system according to the first embodiment. The table | surface which shows the outward table and the inward table of the site | part connection maintenance apparatus which concern on Embodiment 1. FIG. The table | surface which shows the inward table and outward table of the center connection maintenance apparatus which concern on Embodiment 1. FIG. FIG. 3 shows header information of packets transmitted and received in the communication system according to the first embodiment. 4 is a table showing addresses of devices of the communication system according to the first embodiment. The table | surface which shows the outward table and the inward table of the site | part connection maintenance apparatus which concern on Embodiment 1. FIG. FIG. 3 shows header information of packets transmitted and received in the communication system according to the first embodiment. The table | surface which shows the inward table and outward table of the center connection maintenance apparatus which concern on Embodiment 1. FIG. FIG. 3 shows header information of packets transmitted and received in the communication system according to the first embodiment. The table | surface which shows the outward table and the inward table of the site | part connection maintenance apparatus which concern on Embodiment 1. FIG. The table | surface which shows the inward table and outward table of the center connection maintenance apparatus which concern on Embodiment 1. FIG. FIG. 3 shows header information of packets transmitted and received in the communication system according to the first embodiment. The table | surface which shows the outward table and the inward table of the site | part connection maintenance apparatus which concern on Embodiment 1. FIG. FIG. 6 is a block diagram showing a configuration of a site connection maintaining device according to a modification of the first embodiment. FIG. 6 is a block diagram showing a configuration of a center connection maintaining device according to a modification of the first embodiment.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. In addition, the same code | symbol is attached | subjected to the part which is the same or it corresponds in each figure. In the description of the embodiments, the description of the same or corresponding parts will be omitted or simplified as appropriate.

Embodiment 1 FIG.
*** Explanation of configuration ***
With reference to FIG. 1, the structure of the remote monitoring system 500 which concerns on this Embodiment is demonstrated.

  In the remote monitoring system 500, one monitoring center 100 and a plurality of bases 110a, 110b, 110c are connected via a network 120. The bases 110a, 110b, and 110c may be arbitrary places or buildings, but are factories in the present embodiment. At least one terminal 111a, 111b, 111c is installed at each of the bases 110a, 110b, 110c. In the monitoring center 100, at least one center device 102 is installed. The number of bases is three in the present embodiment, but may be one, two, or four or more.

  The terminal 111a collects information on devices in the base 110a. The terminal 111a maintains a connection with the center apparatus 102 using a connection-type protocol at all times or for a certain period, and transmits device information to the center apparatus 102 using this connection. In the base 110a, normally, various devices such as measuring instruments and sensors are connected to the terminal 111a, but the description of these devices is omitted in FIG.

  A base connection maintenance device 112a is installed between the terminal 111a and the network 120. In the base 110a, one base connection maintaining device 112a is installed for one terminal 111a. A center connection maintaining apparatus 101 is installed between the center apparatus 102 and the network 120. In the monitoring center 100, one center connection maintaining apparatus 101 is installed for one center apparatus 102. All packets transmitted and received between the terminal 111a and the network 120 pass through the site connection maintaining device 112a. Similarly, all packets transmitted / received between the center apparatus 102 and the network 120 pass through the center connection maintaining apparatus 101.

  The base connection maintaining device 112a and the center connection maintaining device 101 are both connection maintaining devices having a NAPT (Network Address Port Translation) function. These connection maintaining apparatuses conceal the real address of the terminal 111a that is dynamically changed from the terminal 111a and the center apparatus 102 by address conversion. Specifically, the site connection maintaining apparatus 112a uses the NAPT table to obtain a local address assigned to the terminal 111a and a global address assigned to the site connection maintaining apparatus 112a and corresponding to the real address of the terminal 111a. Perform conversion. The center connection maintaining device 101 uses the NAPT table to convert the global address and the local address assigned to the center device 102. Address change is handled by each connection maintaining device dynamically updating the NAPT table. Specifically, the site connection maintaining device 112a updates the NAPT table in the site connection maintaining device 112a when detecting a change in the address assigned to the site connection maintaining device 112a. When the center connection maintaining apparatus 101 receives a packet converted using the NAPT table in the site connection maintaining apparatus 112a, the center connection maintaining apparatus 101 automatically updates the NAPT table in the center connection maintaining apparatus 101.

  The connection based on the connection-type protocol between the terminal 111a and the center apparatus 102 is identified by four combinations of a source address, a destination address, a source port number, and a destination port number included in the packet header. In the present embodiment, even if the real address of the terminal 111a is changed, the address is hidden from the terminal 111a and the center apparatus 102, and it is not necessary to change the addresses assigned to the terminal 111a and the center apparatus 102. . Therefore, the same TCP connection can be used continuously. That is, even if the real address of the terminal 111a is changed, the connection between the terminal 111a and the center apparatus 102 can be maintained.

  The network 120 may be any packet switched network, but is an IP network in the present embodiment. The packet passing through the site connection maintaining device 112a and the center connection maintaining device 101 may be any communication data as long as the source address, destination address, source port number and destination port number are included in the header. In the embodiment, it is an IP packet. The source address and the destination address may be any system addresses, but are IP addresses in the present embodiment, specifically, IPv4 addresses. The protocol used for connection between the terminal 111a and the center apparatus 102 may be any connection type protocol, but is TCP in this embodiment.

  Since the terminals 111b and 111c have the same function as the terminal 111a, the description of the terminals 111b and 111c is omitted.

  Base connection maintenance devices 112b and 112c are also installed in the bases 110b and 110c. Since the site connection maintaining devices 112b and 112c have the same function as the site connection maintaining device 112a, description of the site connection maintaining devices 112b and 112c is omitted.

  With reference to FIG. 2, the configuration of the site connection maintaining device 112a will be described.

  The site connection maintaining device 112a is a computer. The site connection maintaining apparatus 112a includes hardware such as a processor 201, a memory 202, and a network interface 203. The processor 201 is connected to other hardware via a signal line, and controls these other hardware.

  The site connection maintaining apparatus 112a includes an address acquisition unit 301, a table update unit 302, a header rewrite unit 303, and a communication control unit 304 as functional elements. Each function of the address acquisition unit 301, the table updating unit 302, and the header rewriting unit 303 (hereinafter, “function” of the base connection maintaining device 112a) is realized by software. The function of the communication control unit 304 is realized by the network interface 203.

  The processor 201 is an integrated circuit (IC) that performs processing. Specifically, the processor 201 is a CPU (Central Processing Unit).

  The memory 202 stores an outward table 305 and an inward table 306. Specifically, the memory 202 is a flash memory or a RAM (Random Access Memory).

  The network interface 203 is connected to the network 120. The network interface 203 includes a receiver that receives the packet via the network 120 and a transmitter that transmits the packet via the network 120. Specifically, the network interface 203 is a communication chip or a NIC (Network Interface Card).

  The memory 202 stores a program that realizes the function of the “unit” of the site connection maintaining device 112a. This program is read into the processor 201 and executed by the processor 201. The memory 202 also stores an OS (Operating System). The processor 201 executes a program that realizes the function of the “unit” of the site connection maintaining device 112a while executing the OS. A part or all of the program that realizes the function of the “unit” of the site connection maintaining device 112a may be incorporated in the OS.

  The program and OS that realize the function of the “unit” of the site connection maintaining device 112a may be stored in the auxiliary storage device. Specifically, the auxiliary storage device is a flash memory or an HDD (Hard Disk Drive). The program and OS stored in the auxiliary storage device are loaded into the memory 202 and executed by the processor 201.

  The site connection maintaining apparatus 112a may include only one processor 201 or may include a plurality of processors 201. The plurality of processors 201 may execute a program that realizes the function of the “unit” of the site connection maintaining device 112a in cooperation with each other.

  Information, data, signal values, and variable values indicating the processing results of the “unit” of the site connection maintaining device 112a are stored in the memory 202, the auxiliary storage device, or a register or cache memory in the processor 201.

  The program that realizes the function of the “unit” of the site connection maintaining device 112a may be stored in a portable recording medium such as a magnetic disk or an optical disk. The program that realizes the function of the “unit” of the site connection maintaining device 112a corresponds to the connection maintaining program according to the present embodiment.

  The configurations of the site connection maintaining device 112b and the site connection maintaining device 112c are the same as the configuration of the site connection maintaining device 112a, and thus the description thereof is omitted.

  The configuration of the center connection maintaining apparatus 101 will be described with reference to FIG.

  The center connection maintaining device 101 is a computer. The center connection maintaining apparatus 101 includes hardware such as a processor 211, a memory 212, and a network interface 213, like the base connection maintaining apparatus 112a. Hereinafter, differences in the configuration of the center connection maintaining apparatus 101 from the configuration of the base connection maintaining apparatus 112a will be mainly described.

  The center connection maintaining apparatus 101 includes a table updating unit 402, a header rewriting unit 403, and a communication control unit 404 as functional elements. Each function of the table updating unit 402 and the header rewriting unit 403 (hereinafter referred to as “function” of the center connection maintaining apparatus 101) is realized by software. The function of the communication control unit 404 is realized by the network interface 213.

  The memory 212 stores a temporary address list 401, an outward table 405, and an inward table 406. The memory 212 stores a program that realizes the function of the “unit” of the center connection maintaining apparatus 101. This program is read by the processor 211 and executed by the processor 211.

  The program that realizes the function of “unit” of the center connection maintaining apparatus 101 may be stored in a portable recording medium such as a magnetic disk or an optical disk. The program that realizes the function of the “unit” of the center connection maintaining apparatus 101 also corresponds to the connection maintaining program according to the present embodiment.

*** Explanation of operation ***
The operation of the site connection maintaining device 112a will be described with reference to FIG. The operation of the site connection maintaining device 112a corresponds to the connection maintaining method according to the present embodiment.

  The communication control unit 304 performs inward packet transfer processing and outward packet transfer processing. That is, the communication control unit 304 processes packet transmission / reception with the outside of the site connection maintaining apparatus 112a.

  The inward table 306 is a table in which combinations of identification port numbers and corresponding port numbers are registered in association with arbitrary real port numbers. The identification port number may be any one of the transmission source port number and the destination port number, but is the transmission source port number in the present embodiment. Since the corresponding port number is the other of the source port number and the destination port number, it is the destination port number in the present embodiment. The outward table 305 is a table registered in association with the same actual port number as the inward table 306 as a combination of the identification port number and the corresponding port number registered in the inward table 306 in the opposite combination.

  In this embodiment, the inward table 306 is a NAPT table that describes rules for converting the source address, destination address, source port number, and destination port number of a packet received from the network 120 by the communication control unit 304. is there. The outward table 305 is a NAPT table that describes rules for converting the source address, destination address, source port number, and destination port number of a packet received from the terminal 111a by the communication control unit 304. Each NAPT table rule consists of a set of “condition” for specifying a packet to be converted and “value after conversion”.

  The header rewriting unit 303 refers to the inward table 306 when an inward packet is received, and refers to the outward table 305 when an outward packet is received.

  As one example, it is assumed that the first packet P11 that is an inward packet transmitted for establishing a TCP connection is received. If the first combination C11 is registered in the inward table 306, the header rewriting unit 303 sets the identification port number of the first packet P11 to the first combination before the transfer control of the first packet P11 by the communication control unit 304. Rewrite the actual port number corresponding to C11. This operation corresponds to an operation when the process proceeds from step S21 to step S24 described later. The first combination C11 is a combination of the identification port number of the first packet P11 and the corresponding port number of the first packet P11. If the first combination C11 is not registered in the inward table 306 and the second combination C12 is registered in the inward table 306, the header rewriting unit 303 transfers the first packet P11 by the communication control unit 304. Before the identification port number of the first packet P11 is rewritten to an actual port number corresponding to the second combination C12. This operation corresponds to an operation when the process proceeds from step S21 described later to step S24 through step S22 and step S26. The second combination C12 is a combination of an identification port number different from the identification port number of the first packet P11 and the corresponding port number of the first packet P11.

  As another example, it is assumed that the second packet P12 that is an outward packet is received. If the third combination C13 is registered in the outward table 305, the header rewriting unit 303 sets the identification port number of the second packet P12 to the third combination before the transfer processing of the second packet P12 by the communication control unit 304. Rewrite the actual port number corresponding to C13. This operation corresponds to an operation when the process proceeds from step S11 described later to step S14. The third combination C13 is a combination of the corresponding port number of the second packet P12 and the identification port number of the second packet P12.

  As described above, in this embodiment, the header rewriting unit 303 rewrites the packet header according to the rules of the NAPT table.

  In the example in which the first packet P11 is received, the table updating unit 302 determines that if the first combination C11 is not registered in the inward table 306 and the second combination C12 is registered in the inward table 306, The second combination C12 in the direction table 306 is updated to the first combination C11. In that case, the table updating unit 302 further updates the second combination C12 registered as the reverse combination in the outward table 305 to the same combination as the first combination C11. These operations correspond to the operations when the process proceeds from step S31 described later to step S32.

  Thus, in the present embodiment, the table update unit 302 updates the rules of the NAPT table.

  The address acquisition unit 301 receives an address from the network 120.

  The operations of the site connection maintaining device 112b and the site connection maintaining device 112c are the same as the operations of the site connection maintaining device 112a, and thus the description thereof is omitted.

  The operation of the center connection maintaining apparatus 101 will be described with reference to FIG. The operation of the center connection maintaining apparatus 101 also corresponds to the connection maintaining method according to the present embodiment.

  The communication control unit 404 performs inward packet transfer processing and outward packet transfer processing. That is, the communication control unit 404 processes packet transmission / reception with the outside of the center connection maintaining apparatus 101.

  The inward table 406 is a table in which a combination of an identification port number and a transmission source address is registered in association with a unique temporary address. As described above, the identification port number may be any one of the transmission source port number and the destination port number, but is the transmission source port number in the present embodiment. In the outward table 405, the combination of the identification port number and the transmission source address registered in the inward table 406 is registered in association with the same temporary address as the inward table 406 as a combination of the identification port number and the destination address. It is a table.

  In this embodiment, the inward table 406 is a NAPT table that describes rules for converting the source address, destination address, source port number, and destination port number of packets received from the network 120 by the communication control unit 404. is there. The outward table 405 is a NAPT table in which rules for converting a transmission source address, a destination address, a transmission source port number, and a destination port number of a packet received from the center apparatus 102 by the communication control unit 404 are described. Each NAPT table rule consists of a set of “condition” for specifying a packet to be converted and “value after conversion”.

  The header rewriting unit 403 refers to the inward table 406 when an inward packet is received, and refers to the outward table 405 when an outward packet is received.

  As an example, it is assumed that the first packet P21 that is an inward packet transmitted after the establishment of the TCP connection is received. If the first combination C21 is registered in the inward table 406, the header rewriting unit 403 sets the transmission source address of the first packet P21 to the first combination before the transfer control of the first packet P21 by the communication control unit 404. Rewrite the temporary address corresponding to C21. This operation corresponds to an operation when the process proceeds from step S51 to step S55 described later. The first combination C21 is a combination of the identification port number of the first packet P21 and the transmission source address of the first packet P21. If the first combination C21 is not registered in the inward table 406 and the second combination C22 is registered in the inward table 406, the header rewriting unit 403 transfers the first packet P21 by the communication control unit 404. Is rewritten with the temporary address corresponding to the second combination C22. This operation corresponds to an operation when the process proceeds from step S51 described later to step S55 through step S52 and step S58. The second combination C22 is a combination of the identification port number of the first packet P21 and a transmission source address different from the transmission source address of the first packet P21.

  As another example, it is assumed that a second packet P22 that is an inward packet transmitted for establishing a TCP connection is received. The header rewriting unit 403 changes the identification port number of the second packet P22 to the identification port number newly registered by the table updating unit 402 as described later before the transfer processing of the second packet P22 by the communication control unit 404. rewrite. This operation corresponds to an operation when the process proceeds from step S51 described later to step S55 through step S52 and step S57.

  As yet another example, it is assumed that the third packet P23, which is an outward packet, is received. If the third combination C23 is registered in the outward table 405, the header rewriting unit 403 sets the destination address of the third packet P23 to the third combination C23 before the transfer control of the third packet P23 by the communication control unit 404. Rewrite the temporary address corresponding to. This operation corresponds to an operation when the process proceeds from step S81 to step S82 described later. The third combination C23 is a combination of the identification port number of the third packet P23 and the destination address of the third packet P23.

  As described above, in this embodiment, the header rewriting unit 403 rewrites the packet header according to the rules of the NAPT table.

  In the example in which the first packet P21 is received, the table updating unit 402 determines that the first combination C21 is not registered in the inward table 406 and the second combination C22 is registered in the inward table 406. The second combination C22 in the direction table 406 is updated to the first combination C21. In that case, the table updating unit 402 further updates the second combination C22 registered as a combination of the identification port number and the destination address in the outward table 405 to the same combination as the first combination C21. These operations correspond to operations when the process proceeds from step S71 to step S72 described later.

  In the example in which the second packet P22 is received, the table updating unit 402 registers the same identification port number as the identification port number of the second packet P22 in the inward table 406. A combination of the unidentified identification port number and the transmission source address of the second packet P22 is newly registered in the inward table 406 in association with a temporary address not registered in the inward table 406. This operation corresponds to an operation when the process proceeds from step S61 described later to step S64 through step S62 and step S63.

  Thus, in the present embodiment, the table update unit 402 updates the rules of the NAPT table.

  The temporary address list 401 is a list for managing temporary addresses of terminals at each base. In the temporary address list 401, “usage status” is recorded for each temporary address. The temporary address is an address set in advance by the system administrator. The system administrator sets the number of temporary addresses equal to or more than the number of terminals existing in the remote monitoring system 500 under conditions that do not overlap with the address of the center apparatus 102.

  Below, the detail of operation | movement of the site | part connection maintenance apparatus 112a is demonstrated. Specifically, when the site connection maintaining apparatus 112a receives a packet from the terminal 111a, when the site connection maintaining apparatus 112a receives a packet from the network 120, and when an address assigned from the network 120 is changed. The three operations will be described.

  With reference to FIG. 4, the operation when the site connection maintaining apparatus 112a receives a packet from the terminal 111a will be described.

  In step S11, when the communication control unit 304 receives a packet from the terminal 111a, the header rewriting unit 303 converts the four combinations of the transmission source address, destination address, transmission source port number, and destination port number of the received packet into the outward table 305. Check if it is registered as “Condition”. If registered, the process of step S14 is performed, and if not registered, the process of step S12 is performed.

  In step S14, the header rewriting unit 303 rewrites the address and port number of the received packet according to the corresponding “value after conversion”. In step S15, the communication control unit 304 transmits the rewritten packet.

  In step S12, the table update unit 302 confirms the SYN flag and the ACK flag of the received packet. If the SYN flag is “1” and the ACK flag is “0”, the process of step S16 is performed. Otherwise, the process of step S13 is performed.

  In step S <b> 16, the table update unit 302 registers a rule for converting the transmission source address in the outward table 305. Specifically, the table updating unit 302 registers the transmission source address, destination address, transmission source port number, and destination port number of the received packet as “condition”, and sets only the transmission source address as the address of the site connection maintaining device 112a. The converted data is registered as “value after conversion”. By doing so, it becomes possible to convert the private address of the terminal 111a to the global address of the site connection maintaining device 112a and perform communication within the network 120.

  Next, in step S <b> 17, the table update unit 302 registers in the inward table 306 a rule for reversely converting the response packet to the received packet converted by the rule registered in the outward table 305, that is, the reverse conversion rule. Specifically, the table updating unit 302 reverses the transmission source address and destination address, the transmission source port number, and the destination port number of the rule registered in step S16, and further sets “condition” and “value after conversion”. Register the reverse of. Then, the process of step S14 and step S15 is performed. That is, the header rewriting unit 303 rewrites the transmission source address of the received packet according to the rule added to the outward table 305. Then, the communication control unit 304 transmits the rewritten packet.

  In step S13, the table update unit 302 discards the received packet.

  With reference to FIG. 5, the operation when the site connection maintaining apparatus 112 a receives a packet from the network 120 will be described.

  In step S <b> 21, when the communication control unit 304 receives a packet from the network 120, the header rewriting unit 303 determines that the four combinations of the source address, the destination address, the source port number, and the destination port number of the received packet Check if it is registered as “Condition”. If registered, the process of step S24 is performed, and if not registered, the process of step S22 is performed.

  In step S24, the header rewriting unit 303 rewrites the address and port number of the received packet according to the corresponding “value after conversion”. In step S25, the communication control unit 304 transmits the rewritten packet.

  In step S22, the table updating unit 302 checks the SYN flag and ACK flag of the received packet. When the SYN flag is “1” and the ACK flag is “1”, the base side update process of step S26 is performed, and otherwise, the process of step S23 is performed.

  After the site side update process of step S26, the processes of step S24 and step S25 are performed.

  In step S23, the table update unit 302 discards the received packet.

  With reference to FIG. 6, the base side update process of step S26 is demonstrated.

  In step S <b> 31, the table update unit 302 confirms whether the transmission source port number of the received packet is registered as the transmission port number of “condition” in the inward table 306. Only the source port number is confirmed here, and there is no problem even if other items are different. If registered, the process of step S32 is performed, and if not registered, the process of step S33 is performed.

  In step S32, the table updating unit 302 changes the destination port number of the “condition” of the corresponding rule to the destination port number of the received packet. The table updating unit 302 further changes the transmission source port number of the “value after conversion” of the reverse conversion rule corresponding to the corresponding rule to the destination port number of the received packet.

  In step S33, the table update unit 302 discards the received packet.

  In step S31, the table updating unit 302 may confirm registration for only two combinations of the transmission source port number and the destination port number, which correspond to the second combination C12.

  With reference to FIG. 7, the operation when the address assigned from the network 120 is changed will be described.

  The address acquisition unit 301 receives an address assignment from the network 120 and stores the assigned address in the memory 212. When the stored address is different from the newly assigned address from the network 120, the following processing is executed using the stored address as the old address and the newly assigned address as the new address.

  In step S41, the table update unit 302 confirms whether there is a rule including the old address in the outward table 305. If there is a corresponding rule, the process of step S42 is performed, and if there is no corresponding rule, the process of step S43 is performed.

  In step S42, the table updating unit 302 changes all the parts where the old address is described to the new address.

  In step S43, the table update unit 302 checks whether there is a rule including the old address in the inward table 306. If there is a corresponding rule, the process of step S44 is performed.

  In step S44, the table updating unit 302 changes all the parts where the old address is described to the new address.

  Details of the operation of the center connection maintaining apparatus 101 will be described below. Specifically, two operations will be described when the center connection maintaining apparatus 101 receives a packet from the network 120 and when the center connection maintaining apparatus 101 receives a packet from the center apparatus 102.

  The operation when the center connection maintaining apparatus 101 receives a packet from the network 120 will be described with reference to FIG.

  In step S <b> 51, when the communication control unit 404 receives a packet from the network 120, the header rewriting unit 403 converts the four combinations of the transmission source address, destination address, transmission source port number, and destination port number of the received packet into the inward table 406. Check if it is registered as “Condition”. If registered, the process of step S55 is performed, and if not registered, the process of step S52 is performed.

  In step S55, the header rewriting unit 403 rewrites the address and port number of the received packet according to the corresponding “value after conversion”. In step S56, the communication control unit 404 transmits the rewritten packet.

  In step S52, the table update unit 402 confirms the SYN flag and the ACK flag of the received packet. When the SYN flag is “1” and the ACK flag is “0”, the center side registration process of step S57 is performed, and when the SYN flag is “0”, the center side update process of step S58 is performed. In that case, the process of step S54 is performed.

  After the center side registration process of step S57, the processes of step S55 and step S56 are performed.

  After the center side update process of step S58, the processes of step S55 and step S56 are performed.

  In step S54, the table update unit 402 discards the received packet.

  With reference to FIG. 9, the center side registration process of step S57 is demonstrated.

  In step S <b> 61, the table updating unit 402 confirms whether the transmission source port number of the received packet is registered as the transmission port number of “condition” in the inward table 406. Only the source port number is confirmed here, and there is no problem even if other items are different. If registered, the process of step S62 is performed, and if not registered, the process of step S63 is performed.

  In step S 62, the header rewriting unit 403 changes the source port number of the received packet to a source port number that is not registered in the inward table 406. Thereafter, the process of step S63 is performed.

  In step S <b> 63, the table update unit 402 selects one unused temporary address from the temporary address list 401. In step S <b> 64, the table update unit 402 registers a rule for converting the transmission source address in the inward table 406. Specifically, the table updating unit 402 registers the source address, destination address, source port number, and destination port number of the received packet as “condition”, and sets the source address to the temporary address selected in step S63. The destination address converted into the address of the center apparatus 102 is registered as “value after conversion”. If the process in step S62 has been performed, the transmission source port number registered in the inward table 406 is the number after the change.

  Next, in step S <b> 65, the table update unit 402 registers the reverse conversion rule of the rule registered in the inward table 406 in the outward table 405. Specifically, the table updating unit 402 reverses the transmission source address and destination address, the transmission source port number, and the destination port number of the rule registered in step S64, and further sets “condition” and “value after conversion”. Register the reverse of.

  With reference to FIG. 10, the center side update process of step S58 is demonstrated.

  In step S <b> 71, the table updating unit 402 confirms whether the transmission source port number of the received packet is registered as the transmission port number of “condition” in the inward table 406. Only the source port number is confirmed here, and there is no problem even if other items are different. If registered, the process of step S72 is performed, and if not registered, the process of step S73 is performed.

  In step S72, the table updating unit 402 changes the transmission source address of the “condition” of the corresponding rule to the transmission source address of the received packet. The table updating unit 402 further changes the destination address of “the value after conversion” of the reverse conversion rule corresponding to the corresponding rule to the transmission source address of the received packet.

  In step S73, the table update unit 402 discards the received packet.

  With reference to FIG. 11, the operation when the center connection maintaining apparatus 101 receives a packet from the center apparatus 102 will be described.

  In step S81, when the communication control unit 404 receives a packet from the center apparatus 102, the header rewriting unit 403 stores the four combinations of the transmission source address, destination address, transmission source port number, and destination port number of the received packet in the outward table. It is confirmed whether or not “condition” is registered in 405. If registered, the process of step S82 is performed, and if not registered, the process of step S84 is performed.

  In step S82, the header rewriting unit 403 rewrites the address and port number of the received packet according to the corresponding “value after conversion”. In step S83, the communication control unit 404 transmits the rewritten packet.

  In step S84, the table update unit 402 discards the received packet.

  Based on these operations, a specific packet exchange will be described.

  As an example, the system configuration is as shown in FIG. Assume that each device is assigned the IP address shown in FIG. In FIG. 12, the IP addresses of the site connection maintaining apparatuses 112a, 112b, and 112c are dynamically assigned, and other IP addresses are fixed. The IP addresses assigned to the center apparatus 102 and the terminals 111a, 111b, and 111c are private IP addresses. The global IP address actually used for connection from the network 120 is held by the center connection maintenance device 101 and the site connection maintenance devices 112a, 112b, and 112c. Assume that the temporary address list 401 of the center connection maintaining apparatus 101 stores the values shown in FIG. Assume that the outward table 305 and the inward table 306 of the site connection maintaining devices 112a, 112b, and 112c and the outward table 405 and the inward table 406 of the center connection maintaining device 101 are empty.

  In this state, it is assumed that a TCP connection is requested from the terminal 111a of the base 110a toward the center apparatus 102. FIG. 14 shows header information of the packet 501 transmitted at that time. The IP address “192.168.0.1” of the terminal 111a is set as the transmission source address, and the IP address “192.0.2.1” of the center connection maintaining apparatus 101 is set as the destination address. The TCP SYN flag means a TCP connection request, and is always “1” in the first transmitted packet. The TCP ACK flag means a response to a packet transmitted from the other party, and is always “0” in the packet transmitted first. The source port number and the destination port number are values determined by the application, and are “123” and “456”, respectively.

  The packet 501 transmitted by the terminal 111a reaches the base connection maintaining device 112a. The site connection maintaining device 112a performs the operation shown in FIG.

  Since the outward table 305 of the site connection maintaining device 112a is empty in the initial state, the determination process in step S12 is performed after the determination process in step S11. In the packet 501 of FIG. 14, the SYN flag is “1” and the ACK flag is “0”, so the processing of step S16 and step S17 is performed. In step S16 and step S17, the table update unit 302 registers the rules in the outward table 305 and the inward table 306, respectively. Each table after registration is shown in FIG. Then, the process of step S14 and step S15 is performed. In step S14, the header rewriting unit 303 rewrites the packet 501 in FIG. 14 using the outward table 305 in FIG. The header information of the rewritten packet 502 is shown in FIG. The source address is rewritten from the IP address “192.168.0.1” of the terminal 111a to the IP address “203.0.113.10” of the site connection maintaining device 112a. In step S15, the communication control unit 304 transmits the rewritten packet 502.

  The packet 502 transmitted by the site connection maintaining apparatus 112a reaches the center connection maintaining apparatus 101 via the network 120. The center connection maintaining apparatus 101 performs the operation shown in FIG.

  Since the inward table 406 of the center connection maintaining apparatus 101 is empty in the initial state, the determination process in step S52 is performed after the determination process in step S51. Since the SYN flag is “1” and the ACK flag is “0” in the packet 502 in FIG. 14, the center side registration process in step S57 shown in FIG. 9 is performed. Since the inward table 406 of the center connection maintaining apparatus 101 is empty at this time, the process of step S63 is performed after the determination process of step S61. Here, it is assumed that the table updating unit 402 selects an unused temporary address “10.0.0.1” from the temporary address list 401 of FIG. 13 in step S63. Next, the process of step S64 and step S65 is performed. In step S64 and step S65, the table update unit 402 registers the rules in the inward table 406 and the outward table 405, respectively. Each table after registration is shown in FIG. Then, the process of step S55 and step S56 is performed. In step S55, the header rewriting unit 403 rewrites the packet 502 in FIG. 14 using the inward table 406 in FIG. The header information of the rewritten packet 503 is shown in FIG. The transmission source address is rewritten from the IP address “203.0.113.10” of the site connection maintaining device 112a to the temporary address “10.0.0.1”. The destination address has been rewritten from the IP address “192.0.2.1” of the center connection maintaining apparatus 101 to the IP address “172.16.0.1” of the center apparatus 102. In step S56, the communication control unit 404 transmits the rewritten packet 503.

  The packet 503 transmitted by the center connection maintaining apparatus 101 reaches the center apparatus 102. The center apparatus 102 that has received the packet 503 in FIG. 14 recognizes that the IP address of the communication partner is the temporary address “10.0.0.1”. In the packet 503 of FIG. 14, the SYN flag indicating a TCP connection request is “1”, so the center apparatus 102 responds to the TCP connection request. FIG. 17 shows header information of the packet 511 transmitted at that time. The IP address “172.16.0.1” of the center apparatus 102 is set as the transmission source address, and the temporary address “10.0.0.1” is set as the destination address. The TCP SYN flag is “1”. The TCP ACK flag is also “1”. The transmission source port number and the destination port number are values opposite to those of the received packet 503, and are “456” and “123”, respectively.

  The packet 511 transmitted by the center apparatus 102 reaches the center connection maintaining apparatus 101. The center connection maintaining apparatus 101 performs the operation shown in FIG.

  The outward table 405 of the center connection maintaining apparatus 101 is in the state shown in FIG. Since the source address, destination address, source port number, and destination port number of the packet 511 in FIG. 17 are registered as “conditions” in the outward table 405, step S82 and step S82 are performed after the determination processing in step S81. The process of S83 is performed. In step S82, the header rewriting unit 403 rewrites the packet 511 in FIG. 17 using the outward table 405 in FIG. FIG. 17 shows header information of the packet 512 after rewriting. The transmission source address is rewritten from the IP address “172.16.0.1” of the center apparatus 102 to the IP address “192.0.2.1” of the center connection maintaining apparatus 101. The destination address is rewritten from the temporary address “10.0.0.1” to the IP address “203.0.113.10” of the site connection maintaining device 112a. In step S83, the communication control unit 404 transmits the rewritten packet 512.

  The packet 512 transmitted by the center connection maintaining apparatus 101 reaches the base connection maintaining apparatus 112a via the network 120. The site connection maintaining device 112a performs the operation shown in FIG.

  The inward table 306 of the site connection maintaining device 112a is in the state shown in FIG. Since the transmission source address, destination address, transmission source port number, and destination port number of the packet 512 in FIG. 17 are registered as “conditions” in the inward table 306, step S24 and step S24 are performed after the determination processing in step S21. The process of S25 is performed. In step S24, the header rewriting unit 303 rewrites the packet 512 in FIG. 17 using the inward table 306 in FIG. The header information of the rewritten packet 513 is shown in FIG. The destination address has been rewritten from the IP address “203.0.113.10” of the site connection maintaining device 112a to the IP address “192.168.0.1” of the terminal 111a. In step S25, the communication control unit 304 transmits the rewritten packet 513.

  The packet 513 transmitted by the site connection maintaining device 112a reaches the terminal 111a. The terminal 111a that has received the packet 513 in FIG. 17 recognizes that the TCP connection has been established, and notifies the center apparatus 102 of the start of communication. Thereafter, communication using the TCP connection is possible between the terminal 111a and the center apparatus 102. However, here, after the TCP connection is established and before the start of communication is notified, as shown in FIG. 18, the IP address assigned to the site connection maintaining device 112a is “203.0.113. 11 ”. It will be described that the TCP connection between the terminal 111a and the center apparatus 102 is maintained even in this case.

  The site connection maintaining device 112a detects the change of the IP address and performs the operation shown in FIG. As a result, the outward table 305 and the inward table 306 are updated. Each table after the update is shown in FIG.

  In this state, it is assumed that the start of communication is notified from the terminal 111a toward the center apparatus 102. FIG. 20 shows header information of the packet 521 transmitted at that time. The source address, destination address, source port number, and destination port number are the same as the packet 501 in FIG. The TCP SYN flag is “0”. The TCP ACK flag is “1”.

  The packet 521 transmitted from the terminal 111a reaches the base connection maintaining device 112a. The site connection maintaining device 112a performs the operation shown in FIG.

  The outward table 305 of the site connection maintaining device 112a is in the state shown in FIG. Since the transmission source address, the destination address, the transmission source port number, and the destination port number of the packet 521 in FIG. 20 are registered as “conditions” in the outward table 305, step S14 and step S14 are performed after the determination processing in step S11. The process of S15 is performed. In step S14, the header rewriting unit 303 rewrites the packet 521 in FIG. 20 using the outward table 305 in FIG. FIG. 20 shows the header information of the rewritten packet 522. The transmission source address is rewritten from the IP address “192.168.0.1” of the terminal 111a to the new IP address “203.0.11311” of the site connection maintaining device 112a. In step S25, the communication control unit 304 transmits the rewritten packet 522.

  The packet 522 transmitted by the site connection maintaining device 112 a reaches the center connection maintaining device 101 via the network 120. The center connection maintaining apparatus 101 performs the operation shown in FIG.

  The inward table 406 of the center connection maintaining apparatus 101 is in the state shown in FIG. Since the source address, destination address, source port number, and destination port number of the packet 522 in FIG. 20 are not registered as “conditions” in the inward table 406, the determination in step S52 is performed after the determination process in step S51. Processing is performed. Since the SYN flag in the packet 522 in FIG. 20 is “0”, the center side update processing in step S58 shown in FIG. 10 is performed. Since the inward table 406 has a rule having the same source port number “123” of the packet 522 of FIG. 20 as the source port number of “condition”, the processing of step S72 after the determination processing of step S71 Is done. In step S <b> 72, the table updating unit 402 changes the transmission source address of “condition” of the corresponding rule and the destination address of “value after conversion” of the reverse conversion rule corresponding to the corresponding rule. Each table after the change is shown in FIG. Then, the process of step S55 and step S56 is performed. In step S55, the header rewriting unit 403 rewrites the packet 522 in FIG. 20 using the inward table 406 in FIG. The header information of the rewritten packet 523 is shown in FIG. The transmission source address is rewritten from the new IP address “203.0.113.11” of the site connection maintaining apparatus 112a to the temporary address “10.0.0.1”. The destination address has been rewritten from the IP address “192.0.2.1” of the center connection maintaining apparatus 101 to the IP address “172.16.0.1” of the center apparatus 102. In step S56, the communication control unit 404 transmits the rewritten packet 523.

  The packet 523 transmitted from the center connection maintaining apparatus 101 reaches the center apparatus 102. The IP address and port number of the packet 523 in FIG. 20 are the same as those before the IP address assigned to the site connection maintaining apparatus 112a is changed. Therefore, the TCP connection between the terminal 111a and the center apparatus 102 can be maintained.

  Finally, a case where a TCP connection is requested from the terminal 111b of the base 110b toward the center apparatus 102 in this state will be described.

  The header information of the packet 531 transmitted at this time is shown in FIG. The IP address “192.168.0.1” of the terminal 111b is set as the transmission source address, and the IP address “192.0.2.1” of the center connection maintaining apparatus 101 is set as the destination address. The TCP SYN flag is “1”. The TCP ACK flag is “0”. The source port number and the destination port number are “123” and “456”, respectively.

  The packet 531 transmitted by the terminal 111b reaches the base connection maintaining device 112b. The site connection maintaining device 112b performs the operation shown in FIG.

  Since the outward table 305 of the site connection maintaining device 112b is empty in the initial state, the determination process of step S12 is performed after the determination process of step S11. In the packet 531 of FIG. 22, the SYN flag is “1” and the ACK flag is “0”, so the processing of step S16 and step S17 is performed. In step S16 and step S17, the table update unit 302 registers the rules in the outward table 305 and the inward table 306, respectively. Each table after registration is shown in FIG. Then, the process of step S14 and step S15 is performed. In step S14, the header rewriting unit 303 rewrites the packet 531 in FIG. 22 using the outward table 305 in FIG. The header information of the rewritten packet 532 is shown in FIG. The transmission source address is rewritten from the IP address “192.168.0.1” of the terminal 111b to the IP address “203.0.113.20” of the site connection maintaining device 112b. In step S15, the communication control unit 304 transmits the rewritten packet 532.

  The packet 532 transmitted by the site connection maintaining apparatus 112b reaches the center connection maintaining apparatus 101 via the network 120. The center connection maintaining apparatus 101 performs the operation shown in FIG.

  The inward table 406 of the center connection maintaining apparatus 101 is in the state shown in FIG. Since the source address, destination address, source port number, and destination port number of the packet 532 in FIG. 22 are not registered as “conditions” in the inward table 406, the determination in step S52 is performed after the determination process in step S51. Processing is performed. Since the SYN flag is “1” and the ACK flag is “0” in the packet 532 in FIG. 22, the center side registration process in step S57 shown in FIG. 9 is performed. Since there is a rule in the inward table 406 that has the same source port number “123” as the source port number “123” of the packet 532 in FIG. 22 as the source port number of “condition”, step S 62 and step The process of S63 is performed. Here, it is assumed that the header rewriting unit 403 selects a number “124” that does not overlap with other rules and changes the source port number of the packet 532 in step S62. In step S63, the table updating unit 402 selects an unused temporary address “10.0.0.2” from the temporary address list 401 of FIG. Next, the process of step S64 and step S65 is performed. In step S64 and step S65, the table update unit 402 registers the rules in the inward table 406 and the outward table 405, respectively. Each table after registration is shown in FIG. Then, the process of step S55 and step S56 is performed. In step S55, the header rewriting unit 403 rewrites the packet 532 in FIG. 22 using the inward table 406 in FIG. The header information of the rewritten packet 533 is shown in FIG. The transmission source address is rewritten from the IP address “203.0.113.20” of the site connection maintaining apparatus 112b to the temporary address “10.0.0.2”. The destination address has been rewritten from the IP address “192.0.2.1” of the center connection maintaining apparatus 101 to the IP address “172.16.0.1” of the center apparatus 102. In step S56, the communication control unit 404 transmits the rewritten packet 533.

  The packet 533 transmitted by the center connection maintaining apparatus 101 reaches the center apparatus 102. The center apparatus 102 that has received the packet 533 in FIG. 22 recognizes that the IP address of the communication partner is the temporary address “10.0.0.2”. In the packet 533 of FIG. 22, the SYN flag indicating a TCP connection request is “1”, and therefore the center apparatus 102 responds to the TCP connection request. FIG. 25 shows header information of the packet 541 transmitted at that time. The IP address “172.16.0.1” of the center apparatus 102 is set as the transmission source address, and the temporary address “10.0.0.2” is set as the destination address. The TCP SYN flag is “1”. The TCP ACK flag is also “1”. The source port number and the destination port number are “456” and “124”, respectively.

  The packet 541 transmitted by the center apparatus 102 reaches the center connection maintaining apparatus 101. The center connection maintaining apparatus 101 performs the operation shown in FIG.

  The outward table 405 of the center connection maintaining apparatus 101 is in the state shown in FIG. Since the transmission source address, destination address, transmission source port number, and destination port number of the packet 541 in FIG. 25 are registered as “conditions” in the outward table 405, step S82 and step S82 are performed after the determination processing in step S81. The process of S83 is performed. In step S82, the header rewriting unit 403 rewrites the packet 541 in FIG. 25 using the outward table 405 in FIG. The header information of the rewritten packet 542 is shown in FIG. The transmission source address is rewritten from the IP address “172.16.0.1” of the center apparatus 102 to the IP address “192.0.2.1” of the center connection maintaining apparatus 101. The destination address is rewritten from the temporary address “10.0.0.2” to the IP address “203.0.113.20” of the site connection maintaining device 112b. In step S83, the communication control unit 404 transmits the rewritten packet 542.

  The packet 542 transmitted by the center connection maintaining apparatus 101 reaches the base connection maintaining apparatus 112b via the network 120. The site connection maintaining device 112b performs the operation shown in FIG.

  The inward table 306 of the site connection maintaining device 112b is in the state shown in FIG. Since the source address, destination address, source port number, and destination port number of the packet 542 in FIG. 25 are not registered as “conditions” in the inward table 306, the determination in step S22 is performed after the determination process in step S21. Processing is performed. Since the SYN flag is “1” and the ACK flag is “1” in the packet 542 in FIG. 25, the site-side update process in step S26 shown in FIG. 6 is performed. Since there is a rule in the inward table 306 that has the same source port number “456” as the source port number of “condition” in the packet 542 in FIG. 25, the processing in step S32 after the determination processing in step S31 Is done. In step S32, the table updating unit 302 changes the destination port number of “condition” of the corresponding rule and the transmission source port number of “value after conversion” of the reverse conversion rule corresponding to the corresponding rule. Each table after the change is shown in FIG. Then, the process of step S24 and step S25 is performed. In step S24, the header rewriting unit 303 rewrites the packet 542 in FIG. 25 using the inward table 306 in FIG. The header information of the rewritten packet 543 is shown in FIG. The destination address is rewritten from the IP address “203.0.113.20” of the site connection maintaining apparatus 112b to the IP address “192.168.0.1” of the terminal 111b. The destination port number has been rewritten from “124” to “123”. In step S25, the communication control unit 304 transmits the rewritten packet 543.

  The packet 543 transmitted by the site connection maintaining device 112b reaches the terminal 111b. The terminal 111b that has received the packet 543 in FIG. 25 recognizes that the TCP connection has been established, and notifies the center apparatus 102 of the start of communication. Thereafter, communication using the TCP connection is possible between the terminal 111b and the center apparatus 102.

*** Explanation of the effect of the embodiment ***
In the present embodiment, either the source port number or the destination port number included in the packet from the beginning is used to identify the TCP connection. Since it is not necessary to add a unique identifier for identifying the TCP connection, the TCP connection can be maintained without increasing the communication data amount.

  In the present embodiment, the site connection maintaining apparatus 112a includes a header rewriting function, a NAPT table, a NAPT table addition function, and a first NAPT table update function. The header rewriting function is a function of transferring a packet by converting any or all of the source address, destination address, source port number, and destination port number of the received packet. The NAPT table is a table in which a list of rules for converting received packets is recorded. The rule includes a “condition” that identifies a packet to be rewritten using at least one of a source address, a destination address, a source port number, and a destination port number, and a source address of a packet that matches the “condition” And at least one “translated value” among the destination address, the source port number, and the destination port number. The NAPT table addition function is a function for dynamically adding a rule to the NAPT table according to the contents of the received packet. The first NAPT table update function is a function for detecting a change in the IP address assigned to the site connection maintaining apparatus 112a and updating the NAPT table.

  In the present embodiment, the site connection maintaining device 112a further includes a second NAPT table update function. The second NAPT table update function is a function for updating the NAPT table when a packet that only partially corresponds to the “condition” included in the NAPT table is received. The NAPT table always includes the transmission source port number as the “condition”, and may include at least one of the transmission source address, the destination address, and the destination port number. The second NAPT table update function is a function for updating the NAPT table when a packet whose only part matches the “condition” including the transmission source port number is received. Note that the NAPT table always includes the destination port number as the “condition”, and may include at least one of the source address, the destination address, and the source port number in addition to that. In this case, the second NAPT table update function is a function for updating the NAPT table when a packet whose “condition” includes only a part including the destination port number is received.

  In the present embodiment, by adopting the function and NAPT table as described above, the IP address of the terminal 111a is moved without adding a new area to the normal packet or generating a new packet. The TCP connection between the terminal 111a and the center apparatus 102 can be maintained in an environment that is changed dynamically.

*** Other configurations ***
In the present embodiment, the function of the “part” of the site connection maintaining apparatus 112a is realized by software. However, as a modification, the function of the “unit” of the site connection maintaining apparatus 112a may be realized by hardware. Similarly, in the present embodiment, the “part” function of the center connection maintaining apparatus 101 is realized by software, but as a modification, the “part” function of the center connection maintaining apparatus 101 is realized by hardware. May be. About these modifications, the difference with this Embodiment is mainly demonstrated.

  With reference to FIG. 27, the structure of the site | part connection maintenance apparatus 112a which concerns on the modification of this Embodiment is demonstrated.

  The site connection maintaining device 112a includes hardware such as a processing circuit 209 and a network interface 203.

  The processing circuit 209 is a dedicated electronic circuit that realizes the function of the “unit” of the site connection maintaining device 112a. Specifically, the processing circuit 209 is a single circuit, a composite circuit, a programmed processor, a parallel programmed processor, a logic IC, a GA (Gate Array), or an FPGA (Field-Programmable Gate Array). Alternatively, the processing circuit 209 is specifically an ASIC (Application Specific Integrated Circuit).

  The function of the “unit” of the site connection maintaining apparatus 112a may be realized by one processing circuit 209 or may be realized by being distributed to a plurality of processing circuits 209.

  As another modification, the function of the “unit” of the site connection maintaining device 112a may be realized by a combination of software and hardware. That is, a part of the functions of the “unit” of the site connection maintaining apparatus 112a may be realized by a dedicated electronic circuit, and the remaining functions may be realized by software.

  The processor 201, the memory 202, and the processing circuit 209 are collectively referred to as a “processing circuit”. That is, regardless of the configuration of the site connection maintaining device 112a shown in FIG. 2 or FIG. 27, the function of the “part” of the site connection maintaining device 112a is realized by the processing circuitry.

  With reference to FIG. 28, a configuration of center connection maintaining apparatus 101 according to a modification of the present embodiment will be described.

  The center connection maintaining apparatus 101 includes hardware such as a processing circuit 219 and a network interface 213, similarly to the base connection maintaining apparatus 112a according to the modified example. Below, the difference of the structure of the center connection maintenance apparatus 101 which concerns on this modification mainly with the structure of the base connection maintenance apparatus 112a which concerns on the said modification is demonstrated.

  The processing circuit 219 is a dedicated electronic circuit that realizes the function of the “unit” of the center connection maintaining apparatus 101.

  As another modification, the function of “unit” of the center connection maintaining apparatus 101 may be realized by a combination of software and hardware. That is, some functions of the “unit” of the center connection maintaining apparatus 101 may be realized by a dedicated electronic circuit, and the remaining functions may be realized by software.

  The processor 211, the memory 212, and the processing circuit 219 are also collectively referred to as “processing circuitry”. That is, regardless of the configuration of the center connection maintaining apparatus 101 shown in FIGS. 3 and 28, the function of the “unit” of the center connection maintaining apparatus 101 is realized by the processing circuitry.

  The “part” of the base connection maintenance device 112a or the “part” of the center connection maintenance device 101 may be read as “process”, “procedure”, or “processing”.

  As mentioned above, although embodiment of this invention was described, you may implement this embodiment partially. Specifically, only some of the functional elements of the base connection maintaining apparatus 112a according to this embodiment may be employed. Of the functional elements of the center connection maintaining apparatus 101 according to this embodiment, only some functional elements may be employed. In addition, this invention is not limited to this embodiment, A various change is possible as needed.

  100 monitoring center, 101 center connection maintaining device, 102 center device, 110a, 110b, 110c base, 111a, 111b, 111c terminal, 112a, 112b, 112c base connection maintaining device, 120 network, 201 processor, 202 memory, 203 network interface 209 processing circuit 211 processor 212 memory 213 network interface 219 processing circuit 301 address acquisition unit 302 table update unit 303 header rewrite unit 304 communication control unit 305 outward table 306 inward table 401 Temporary address list, 402 table update unit, 403 header rewrite unit, 404 communication control unit, 405 outward table, 406 inward table, 500隔監 vision system, 501,502,503,511,512,513,521,522,523,531,532,533,541,542,543 packet.

Claims (13)

A communication control unit that performs transfer processing of an inward packet transmitted after establishing a connection by a connection-type protocol;
Refers to the inward table in which a combination of an identification port number and a source address that is one of a source port number and a destination port number stored in a memory is registered in association with a unique temporary address, and If the first combination that is a combination of the identification port number of the packet and the source address of the inbound packet is registered in the inbound table, the inbound packet transfer process by the communication control unit Before, the source address of the inbound packet is rewritten to a temporary address corresponding to the first combination, and the first combination is not registered in the inbound table, and the identification port number of the inbound packet And a second combination that is a combination of a source address different from the source address of the inbound packet If it is registered in the inward table, the header rewriting for rewriting the source address of the inbound packet to a temporary address corresponding to the second combination before the inward packet transfer process by the communication control unit And a connection maintaining device. A table that updates the second combination in the inward table to the first combination if the first combination is not registered in the inward table and the second combination is registered in the inward table. The connection maintaining apparatus according to claim 1, further comprising an update unit. The communication control unit performs transfer processing of the second packet that is an inward packet transmitted for establishing the connection, in addition to the transfer processing of the first packet that is the inward packet,
If the same identification port number as the identification port number of the second packet is registered in the inward table, the table update unit transmits the identification port number not registered in the inward table and the transmission of the second packet. A combination with the original address is newly registered in the inward table in association with a temporary address that is not registered in the inward table,
The header rewriting unit rewrites the identification port number of the second packet to the identification port number newly registered by the table updating unit before the transfer process of the second packet by the communication control unit. The connection maintenance device as described. The communication control unit performs an outward packet transfer process in addition to the inward packet transfer process,
In the memory, in addition to the inward table, the combination of the identification port number and the source address registered in the inward table is the same temporary as the inward table as the combination of the identification port number and the destination address. An outward table, which is a table registered in association with addresses, is stored,
The header rewriting unit refers to the outward table, and a third combination that is a combination of an identification port number of the outward packet and a destination address of the outward packet is registered in the outward table. The connection maintaining apparatus according to claim 1, wherein the destination address of the outgoing packet is rewritten to a temporary address corresponding to the third combination before the outgoing control process of the outgoing packet by the communication control unit. If the first combination is not registered in the inward table and the second combination is registered in the inward table, the second combination in the inward table is updated to the first combination. The connection maintenance device according to claim 4, further comprising a table updating unit that updates the second combination registered in the outward table as a combination of an identification port number and a destination address to the same combination as the first combination. . A communication control unit that performs transfer processing of an inward packet transmitted for establishing a connection by a connection type protocol;
Refers to the inward table in which the combination of the identification port number that is one of the source port number and destination port number and the corresponding port number that is the other stored in the memory is registered in association with any real port number. If the first combination which is a combination of the identification port number of the inbound packet and the corresponding port number of the inbound packet is registered in the inbound table, the inbound packet by the communication control unit Before the forwarding process, the identification port number of the inbound packet is rewritten to a real port number corresponding to the first combination, and the first combination is not registered in the inward table, A second combination of an identification port number different from the packet identification port number and the corresponding port number of the inbound packet; If matching is registered in the inward table, the inbound packet identification port number is assigned to the real port corresponding to the second combination before the inward packet transfer processing by the communication control unit. A connection maintenance device comprising a header rewriting unit for rewriting to a number. A table that updates the second combination in the inward table to the first combination if the first combination is not registered in the inward table and the second combination is registered in the inward table. The connection maintenance device according to claim 6, further comprising an update unit. The communication control unit performs an outward packet transfer process in addition to the inward packet transfer process,
In the memory, in addition to the inward table, the combination of the identification port number and the corresponding port number registered in the inward table is associated with the same real port number as the inward table as a reverse combination. Stores the outward table, which is a registered table,
The header rewriting unit refers to the outward table, and a third combination that is a combination of the corresponding port number of the outward packet and the identification port number of the outward packet is registered in the outward table. The connection maintenance according to claim 6, wherein the outgoing port identification port number is rewritten to an actual port number corresponding to the third combination before the outgoing packet transfer process by the communication control unit. apparatus. If the first combination is not registered in the inward table and the second combination is registered in the inward table, the second combination in the inward table is updated to the first combination. The connection maintaining apparatus according to claim 8, further comprising a table updating unit that updates the second combination registered in the outward table as a reverse combination to the same combination as the first combination.   An identification port number and a source address that are stored in the memory and are either the source port number or the destination port number, stored in the memory by the connection maintenance device that performs transfer processing of inbound packets transmitted after the connection is established by the connection type protocol A first combination that is a combination of the identification port number of the inbound packet and the source address of the inbound packet is referred to the inbound table registered in association with a unique temporary address. If registered in the inbound table, the source address of the inbound packet is rewritten to a temporary address corresponding to the first combination before performing the forwarding process of the inbound packet, and the first combination Is not registered in the inward table, the identification port number of the inward packet and the inward packet If a second combination that is a combination of a source address different from the source address of the inbound packet is registered in the inbound table, before performing the inbound packet transfer process, the inbound packet A connection maintaining method for rewriting a transmission source address to a temporary address corresponding to the second combination.   A connection maintenance device that performs transfer processing of an inward packet transmitted for establishing a connection using a connection-type protocol has an identification port number stored in a memory and one of a source port number and a destination port number and the other The combination of the corresponding port number is a reference to the inward table registered in association with any real port number, and the combination of the identification port number of the inward packet and the corresponding port number of the inward packet If the first combination is registered in the inward table, the inbound packet identification port number is assigned to the real port number corresponding to the first combination before performing the inward packet transfer process. And the first combination is not registered in the inward table, and the identification port number of the inward packet and If a second combination that is a combination of another identification port number and a corresponding port number of the inward packet is registered in the inward table, before performing the inward packet transfer process, A connection maintaining method for rewriting the identification port number of the packet in the direction to the actual port number corresponding to the second combination. On the computer,
Forwarding of inbound packets sent after connection establishment with connection-oriented protocol;
Refers to the inward table in which a combination of an identification port number and a source address that is one of a source port number and a destination port number stored in a memory is registered in association with a unique temporary address, and If the first combination that is a combination of the identification port number of the packet and the source address of the inbound packet is registered in the inbound table, the internal packet is transferred before the inbound packet transfer process. The source address of the inbound packet is rewritten to a temporary address corresponding to the first combination, the first combination is not registered in the inward table, and the identification port number of the inbound packet and the inward packet A second combination that is a combination of a source address different from the source address of the packet is registered in the inward table. If it is, prior to the transfer processing of the packet in the inward connection maintenance program for executing a process of rewriting the source address of the packet in the inward to the temporary address corresponding to the second combination. On the computer,
Forwarding inbound packets sent to establish a connection using a connection-oriented protocol;
Refers to the inward table in which the combination of the identification port number that is one of the source port number and destination port number and the corresponding port number that is the other stored in the memory is registered in association with any real port number. If the first combination that is a combination of the identification port number of the inward packet and the corresponding port number of the inward packet is registered in the inward table, before the forwarding process of the inward packet The identification port number of the inbound packet is rewritten to the real port number corresponding to the first combination, and the identification port number of the inbound packet is not registered in the inward table. A second combination that is a combination of a different identification port number and a corresponding port number of the inbound packet is the inward If registered in the table, a connection maintenance program for executing a process of rewriting the identification port number of the inbound packet to a real port number corresponding to the second combination before the inbound packet transfer process .

Images