JP6369179B2 - Tunnel end point device, DHCP server, interface automatic setting method and program - Google Patents

Description

  The present invention relates to a tunnel endpoint device, a DHCP server, an interface automatic setting method, and a program, and more particularly, to a tunnel endpoint device, a DHCP server, an interface automatic setting method, and a program that constitute an end point of a communication tunnel.

  As a means for realizing a virtual private network (VPN), various tunneling techniques are used for encapsulation of communication packets between tunnel end points. For example, GRE (Generic Routing Encapsulation), IPsec (Security Architecture for Internet Protocol), etc. are known as tunneling protocols used for these tunnel communications.

  When such a technique is used, initial setting of a tunnel interface is required in addition to initial setting for a tunnel using device to connect to a wide area network. As for the former, manual setting and delivery of an IP address by PPPoE (PPP over Ethernet (“Ethernet” is a registered trademark)) are generally used. The initial setting of the latter tunnel interface is often performed manually by the end user.

  In Patent Document 1, the VPN connection source device acquires the key information necessary for the use of IPsec and the IP address of the counterpart device from the VPN connection destination device using the SIP message, so that the user at the time of the VPN connection is obtained. A method for alleviating the trouble is disclosed.

  Patent Document 2 discloses a configuration in which an L3 (Layer 3) tunnel is established between a residential gateway (RGW) and a broadband network gateway (BNG) (see paragraphs 0038-0040). Patent Document 2 discloses that an RGW transmits an RA message (router advertisement) to a 3GPP UE (3rd Generation Partnership Project User Entity) such as a mobile phone in place of BNG. Furthermore, Patent Document 2 proposes to extend DHCP (Dynamic Host Configuration Protocol) so that the home prefix of 3GPP UE can be carried between RGW and BNG. Specifically, a DHCP option called “PMIPv6 home prefix option” is defined in the DHCP offer message (see Table 1 of Patent Document 2).

JP 2009-260847 A Special table 2012-515479 gazette

  The following analysis is given by the present invention. For example, as shown in FIG. 22, consider a case where a GRE tunnel is established on a WAN (Wide Area Network) between a tunnel connection source device and a tunnel connection destination device. In this case, the WAN side interface IP address, subnet mask, default gateway, GRE tunnel source and destination IP address, and GRE tunnel key are set in both the tunnel connection source device and the tunnel connection destination device. Setting for the GRE tunnel is required.

  In particular, when the tunnel connection source device is a home gateway and the tunnel connection destination device is a center-side gateway that terminates connections with these many home gateways, the number of GRE tunnels depends on the number of clients accommodated by the home gateway. Will also increase. As a result, the setting work for the GRE tunnel is enormous. Such an increase in setting work causes a limitation on the number of GRE tunnels accommodated.

  In addition, when an event that changes a set IP address or the like occurs, there is a concern that a large amount of change occurs on the tunnel connection source device side and the tunnel connection destination device side, and the management man-hours also increase.

  The present invention relates to a tunnel endpoint device, a DHCP server, and an interface automatic setting method that can contribute to labor saving of setting work in a tunnel connection source device and a tunnel connection destination device (hereinafter collectively referred to as “tunnel endpoint device”). And to provide a program.

  According to the first aspect, in response to a DHCP (Dynamic Host Configuration Protocol) request message including information for specifying a setting target interface, the setting information of the setting target interface is returned using a DHCP response message. Communication with a DHCP server that performs communication, and requests the DHCP server for setting information of a first interface for communicating with a counter device connected via a wide area network at a predetermined opportunity. Requesting the DHCP server for setting information of a second interface for communicating with the opposite device via a communication tunnel at a predetermined opportunity, Second setting means for setting to establish a communication tunnel , The tunnel end point device having a are provided.

  According to the second aspect, a DHCP (Dynamic Host Configuration Protocol) request message that is accessible from the tunnel endpoint device and includes information for specifying a setting target interface received from the tunnel endpoint device. In response to this, a DHCP server is provided that responds with the setting information of the setting target interface using a DHCP response message.

  According to a third aspect, a communication system including the above-described tunnel endpoint device and a DHCP server is provided.

  According to the fourth aspect, in response to a DHCP (Dynamic Host Configuration Protocol) request message including information for specifying a setting target interface, the setting information of the setting target interface is returned using a DHCP response message. The tunnel endpoint device that can communicate with the DHCP server that requests the DHCP server requests setting information of the first interface for communicating with the opposite device connected via the wide area network to the DHCP server. And setting the communication interface on the wide area network by requesting the DHCP server for the setting information of the second interface for communicating with the opposite device via the communication tunnel. Steps to set up and Automatic setting of an interface comprising is provided. The method is tied to a specific machine, a tunnel endpoint device that provides services using a communication tunnel.

  According to the fifth aspect, a computer program for realizing the function of the tunnel endpoint device is provided. This program can be recorded on a computer-readable (non-transient) storage medium. That is, the present invention can be embodied as a computer program product.

  According to the present invention, it is possible to contribute to labor saving of setting work in a tunnel endpoint device.

It is a figure which shows the structure of one Embodiment of this invention. It is a figure which shows the structure of the communication system of the 1st Embodiment of this invention. It is a figure which shows the internal structure of HGW and center GW of the 1st Embodiment of this invention. It is a figure which shows the information which the DHCP server of the 1st Embodiment of this invention hold | maintains. It is a figure for demonstrating the message which HGW and the center GW of the 1st Embodiment of this invention send and receive with a DHCP server. It is a figure which shows an example of the DHCP Request message used in the 1st Embodiment of this invention. It is a figure which shows an example of the DHCP Ack message used in the 1st Embodiment of this invention. It is a figure which shows the specific example of transmission / reception of the DHCP message used in the 1st Embodiment of this invention. It is another figure which shows the specific example of transmission / reception of the DHCP message used in the 1st Embodiment of this invention. It is a figure which shows the structural example of the home gateway (HGW) of the 1st Embodiment of this invention. It is a figure which shows the structural example of the center gateway (center GW) of the 1st Embodiment of this invention. It is a flowchart for demonstrating the initial operation | movement of the home gateway (HGW) of the 1st Embodiment of this invention. It is a flowchart for demonstrating the operation | movement at the time of the data reception from the terminal of the home gateway (HGW) of the 1st Embodiment of this invention. It is a flowchart for demonstrating the operation | movement at the time of the data reception from the access circuit network side of the home gateway (HGW) of the 1st Embodiment of this invention. It is a sequence diagram for demonstrating the initial setting operation | movement of the 1st Embodiment of this invention. It is a sequence diagram for demonstrating the paying-out operation | movement of the private IP address to the terminal of the 1st Embodiment of this invention. It is a sequence diagram for demonstrating the operation | movement at the time of the data communication between the terminal of the 1st Embodiment of this invention, and a communication destination. It is a figure for demonstrating the NAPT process and GRE encapsulation / decapsulation process applied to the packet destined for the communication destination from the terminal in the first embodiment of the present invention. It is a figure for demonstrating the NAPT process and GRE encapsulation / decapsulation process applied to the response packet from a communication destination to a terminal in the 1st Embodiment of this invention. It is a figure which shows the information which the DHCP server of the 2nd Embodiment of this invention hold | maintains. It is a flowchart for demonstrating the initial operation | movement of the home gateway (HGW) of the 2nd Embodiment of this invention. It is a figure for demonstrating background art.

  First, an outline of an embodiment of the present invention will be described with reference to the drawings. Note that the reference numerals of the drawings attached to this summary are attached to the respective elements for convenience as an example for facilitating understanding, and are not intended to limit the present invention to the illustrated embodiment.

  In one embodiment of the present invention, as shown in FIG. 1, a tunnel endpoint device 10A (10B) that constitutes a tunnel on a wide area network, and DHCP (Dynamic) arranged to be accessible from the tunnel endpoint device. This can be realized by a configuration including a Host Configuration Protocol) server 20.

  More specifically, the DHCP server 20 has a function of responding to the setting information of the setting target interface using a DHCP response message in response to a DHCP request message including information for specifying the setting target interface. I have it.

  The tunnel end point device 10A (10B) sends, to the DHCP server 20, the setting information of the first interface for communicating with the opposite device 10B (10A) connected via the wide area network at a predetermined opportunity. Requesting the first setting means 11 for setting and the DHCP server 20 requesting the setting information of the second interface for performing communication with the opposite apparatus 10B (10A) via the communication tunnel. And a second setting unit 12 configured to set a communication tunnel on the wide area network.

  According to the above configuration, it is possible to save labor for setting up at least two types of interfaces in the tunnel endpoint device. The reason is that a DHCP server having a function of responding to interface setting information is prepared, and necessary interface setting information can be obtained from the tunnel endpoint device 10A.

[First Embodiment]
Next, a first embodiment of the present invention will be described in detail with reference to the drawings. FIG. 2 is a diagram illustrating the configuration of the communication system according to the first embodiment of this invention. Referring to FIG. 2, a home gateway (hereinafter referred to as “HGW”) 1 that functions as a tunnel endpoint device (connection source device) that constitutes a GRE tunnel on an access line network and accommodates a terminal 9, and one or more A configuration including a center gateway (hereinafter referred to as “center GW”) 2 functioning as a tunnel endpoint device (connection destination device) constituting the HGW 1 and the GRE tunnel, and a DHCP server 3 accessible from the HGW 1 and the center GW is shown. Has been. The terminal 9 is a user terminal such as a personal computer (PC) or a smartphone. The access line network is a network of a communication carrier or the like that accommodates the HGW and the center GW, and the terminal 9 communicates with a communication destination on the core line network via the HGW 1 and the center GW 2.

  FIG. 3 is a diagram showing an internal configuration of the HGW and the center GW and communication paths between elements. A broken line in the figure indicates a route through which the DHCP message is exchanged, and a solid line in the figure indicates an interface setting process based on information extracted from the DHCP message. As shown in FIG. 3, the basic configuration is such that the CPU of the HGW 1 and the center GW 2 exchanges a DHCP message with the DHCP server 3, and settings of each interface are performed based on the DHCP message received from the DHCP server. .

[DHCP server]
FIG. 4 is a diagram illustrating information held by the DHCP server 3 according to the first embodiment of this invention. In the example of FIG. 4, the DHCP server 3 holds setting information for a WAN interface (hereinafter, the interface is referred to as “I / F”) and GRE tunnel setting information. The line ID “1” is set in the setting information for WAN I / F, and the line ID “2” is set in the setting information for GRE tunnel. For example, when the DHCP server 3 receives a request for setting information of line ID = 1 from a client having the MAC address “AA: AA: BB: BB: CC: CC”, the setting for WAN I / F from the HGW 1 The information request is identified, and information necessary for setting the WAN I / F such as an IP address, a subnet, and a default gateway (GW) is returned as a response. Similarly, when the DHCP server 3 receives a request for setting information of the line ID = 2 from a client having the MAC address “DD: DD: EE: EE: FF: FF”, the setting for the GRE tunnel from the center GW2 It identifies that it is a request for information, and responds with information necessary for setting the GRE tunnel I / F such as an IP address, subnet, and GRE key (GRE tunnel key).

  In the present embodiment, it is assumed that the GRE tunnel IP address issued by the DHCP server 3 provides a network address with a subnet mask of 255.255.255.252 (prefix is / 30). Therefore, the DHCP server 3 of the present embodiment has only two IP addresses allocated to the tunnel endpoint device. By doing so, the HGW 1 or the center GW 2 calculates the GRE IP address (the other IP address) of the opposite device from the IP address assigned to the own device and uses it as the destination IP address of the GRE tunnel Is possible.

  FIG. 5 is a diagram for explaining messages exchanged with the DHCP server 3 by the HGW 1 and the center GW 2 according to the first embodiment of this invention. In this embodiment, description will be made assuming that each interface is set using the DHCP Request message and the DHCP Ack message in the lower part of FIG. In this embodiment, since the DHCP I / F is set in advance, the exchange of the DHCP Discover message and the DHCP Offer message in FIG. 5 is omitted.

  FIG. 6 is a diagram showing the configuration of an installation information request message using the DHCP Request message. The example of FIG. 6 is an example using DHCP Option # 82 prepared as a storage area for information (Agent Circuit ID) related to the DHCP relay agent. In the example of FIG. 6, a configuration is shown in which the line ID is stored after setting “Sub-Option = 1” in “Agent information field”. Such information of DHCP Option # 82 is inserted by the DHCP relay processing unit provided in each of HGW1 and center GW2.

  FIG. 7 is a diagram showing the structure of a response message for installation information using the DHCP Ack message. Also in the example of FIG. 7, a configuration in which the line ID is stored after setting “Sub-Option = 1” in “Agent information field” is shown. Further, the DHCP Option # 43 (vendor specific option; Vendor Specific) area in FIG. 7 is used as a GRE key storage area.

  FIG. 8 is a diagram illustrating a specific example of a sequence and a message when the HGW 1 requests the DHCP server 3 for setting information for WAN I / F. For example, the HGW 1 transmits a DHCP Request message in which the line ID = 1 is set as shown in the upper part of FIG. 8 from the DHCP I / F set in advance.

  The DHCP server 3 that has received such a DHCP Request message is a request for setting information for WAN I / F from the HGW 1 from the line ID = 1 set in the Option # 82 and the MAC address that has received the request. Recognize and transmit the DHCP Ack message shown in the lower part of FIG. The HGW 1 that has received such a DHCP Ack message recognizes the setting information for WAN I / F from the line ID = 1 set in Option # 82, and performs setting to the WAN I / F.

  FIG. 9 is a diagram illustrating a specific example of a sequence and a message when the HGW 1 requests the DHCP server 3 for setting information for GRE tunnel I / F. For example, the HGW 1 transmits a DHCP Request message in which the line ID = 2 as shown in the upper part of FIG. 9 is transmitted from the DHCP I / F set in advance.

  The DHCP server 3 that has received such a DHCP Request message is a request for setting information for GRE tunnel I / F from the HGW 1 from the line ID = 2 set in the Option # 82 and the MAC address that has received the request. And a DHCP Ack message shown in the lower part of FIG. 9 is transmitted. The HGW 1 that has received such a DHCP Ack message recognizes that it is the GRE tunnel I / F setting information from the line ID = 1 set in the Option # 82, and performs setting to the GRE I / F. Further, the GRE key “1111” necessary for setting to the GRE I / F can be obtained from Option # 43 of the DHCP Ack message.

[HGW]
Next, the configuration of the HGW 1 will be described in detail. FIG. 10 is a diagram illustrating a configuration of the HGW 1 according to the first embodiment of this invention. Referring to FIG. 10, a CPU (Central Processing Unit) 101 for controlling the apparatus and setting an interface, a GRE tunnel processing unit 102, a DHCP relay processing unit 103, a NAPT processing unit 104, a DHCP server function unit 105, A configuration including a DHCP I / F 111, a GRE I / F 112, a WAN I / F 113, and a LAN I / F 114 is shown.

  The LAN I / F 114 has a function of connecting an end user terminal (UE) in a wired or wireless manner.

  The DHCP server function unit 105 has a function of distributing a private IP address in response to a request from an end user terminal connected via the LAN I / F 114 (see FIG. 16). The DHCP server function unit 105 manages the end user terminal MAC address and lease time of the distributed private IP address.

  The DHCP relay processing unit 103 has a function of relaying a DHCP request / response (payout process). Specifically, the DHCP relay processing unit 103 adds Option # 82 to the DHCP request message generated by the CPU 101 for setting the WAN I / F 113 and the GRE I / F 112, and passes through the DHCP I / F 111. To the DHCP server 3. Further, the DHCP relay processing unit 103 transfers the DHCP response message returned from the DHCP server 3 to the CPU 101. Accordingly, the DHCP relay processing unit 103 and the CPU 101 correspond to the first and second means described above.

  The DHCP I / F 111 is an interface for connecting to the DHCP server 3. In the present embodiment, the DHCP I / F 111 will be described on the assumption that the DHCP I / F 111 is preset with a fixed value such as an IP address so that communication with the outside is possible when the HGW is activated.

  A network address port translation (NAPT) processing unit 104 has a function of rewriting the IP address and port number of a packet received from the end user terminal via the LAN I / F 114 to the IP address and port number side of the WAN I / F 113.

  The WAN I / F 113 is an interface for connecting and communicating with the WAN side (access line network). In the WAN I / F 113, an IP address, a subnet mask, and a gateway address are set using setting information.

  The GRE I / F 112 is a termination interface for GRE tunneling. In the GRE I / F 112, a GRE transmission source IP address, a GRE transmission destination IP address, and a GRE tunnel key (GRE key) are set using setting information.

  The GRE tunnel processing unit 102 has a function of encapsulating / decapsulating an Ethernet frame or an IP packet using L2 (Ethernet frame) or L3 (IP packet). The GRE tunnel processing unit 102 cooperates with the GRE I / F 112 to terminate the GRE tunnel with the connection destination device and perform transmission / reception of packets between the external terminal and the core circuit network.

  More specifically, the GRE tunnel processing unit 102 performs encapsulation by GRE at the time of data transfer in the direction of the opposite device, and decapsulates packets received from the opposite device. At the time of reception, there is a function of confirming that the destination is addressed to the IP address of the GRE I / F 112 of the own device, and receiving when the GRE tunnel key is the same as that of the own device, and discarding if not matching.

[Center GW]
Next, the configuration of the center GW2 will be described in detail. FIG. 11 is a diagram illustrating a configuration of the center GW2 according to the first embodiment of this invention. Referring to FIG. 11, a CPU 201 for controlling the apparatus and setting an interface, a GRE tunnel processing unit 202, a DHCP relay processing unit 203, a routing processing unit 204, a DHCP I / F 211, a GRE I / F 212, A configuration including a WAN I / F (A) 213 on the access line network side and a WAN I / F (C) 214 on the core line network side is shown.

  The GRE tunnel processing unit 202, the DHCP relay processing unit 203, the DHCP I / F 211, the GRE I / F 212, the WAN I / F (A) 213, and the WAN I / F (C) 214 are equivalent to the unit of the same name of the HGW 1 The description is omitted here.

  The routing function unit 204 searches the output physical port from the network address of the transfer destination according to the routing table managed in the function unit, and performs the process of transferring the data.

  In addition, each part (processing means) of the above-described HGW1, center GW2, and DHCP server 3 may be realized by a computer program that causes a computer constituting these apparatuses to execute the above-described processes by using the hardware thereof. it can.

  Next, the operation of this embodiment will be described in detail with reference to the drawings. FIG. 12 is a flowchart for explaining an initial operation of the HGW 1 according to the first embodiment of this invention. Referring to FIG. 12, upon power-on or network connection, the HGW 1 checks whether the setting of the IP address / subnet mask / default gateway of the WAN I / F 113 has been completed (step S001). When the IP address or the like is not set (No in step S001), the HGW 1 generates a DHCP Request message by the CPU 101, and notifies the DHCP relay unit 103 together with information on the interface for which setting is requested.

  Upon receiving the notification, the DHCP relay processing unit 103 sends the source IP address and the destination IP address of the received DHCP Request message to the DHCP I / F 111 based on the IP address of the DHCP server 3 set in advance. The assigned IP address is rewritten to the IP address of the DHCP server 3. Further, the DHCP relay processing unit 103 inserts the DHCP Option # 82 as described with reference to FIGS. 6 and 8, and transmits the DHCP option # 82 to the DHCP server 3 via the DHCP I / F 111 (step S002). Here, in order to obtain the setting information of the WAN I / F 113, line ID = 1 is set in Option # 82 (line ID = 2 for GRE tunnel).

  The DHCP server 3 searches the entry corresponding to the client MAC address and the line ID of the received DHCP Request message from the setting information shown in FIG. If a corresponding entry is found as a result of the search, the DHCP server 3 stores the IP address, subnet, and default GW address of the entry in Option # 82 of the DHCP Ack message as described in FIGS. And responds to HGW1.

  The DHCP relay processing unit 103 that has received the response refers to the Option # 82 field of the DHCP Ack message, identifies the target interface from the line ID, and further cooperates with the CPU 101 to interface with the WAN I / F 113. Information is set (step S003).

  Next, the HGW 1 checks whether or not the setting of the IP address / subnet mask / GRE tunnel key that is the GRE tunnel transmission source of the GRE I / F 112 has been completed (step S004). When these IP addresses and the like are not set (No in step S004), the HGW 1 generates a DHCP Request message in the CPU 101 and notifies the DHCP relay unit 103 together with information on an interface for which setting is requested.

  Upon receiving the notification, the DHCP relay processing unit 103 sends the source IP address and the destination IP address of the received DHCP Request message to the DHCP I / F 111 based on the IP address of the DHCP server 3 set in advance. The assigned IP address is rewritten to the IP address of the DHCP server 3. Further, the DHCP relay processing unit 103 inserts the DHCP Option # 82 as described with reference to FIGS. 6 and 9, and transmits the DHCP option # 82 to the DHCP server 3 via the DHCP I / F 111 (step S005). Here, in order to obtain the setting information of the GRE I / F 112, line ID = 2 is set in Option # 82.

  The DHCP server 3 searches the entry corresponding to the client MAC address and the line ID of the received DHCP Request message from the setting information shown in FIG. As a result of the search, when the corresponding entry is found, the DHCP server 3 sends the IP address that becomes the GRE tunnel source of the entry to the Option # 43 and 82 of the DHCP Ack message as described in FIGS. Store / subnet mask / GRE tunnel key and respond to HGW1.

  Upon receiving the response, the DHCP relay processing unit 103 refers to the # 82 field of the DHCP Ack message, identifies the target interface from the line ID, further extracts the GRE tunnel key from Option # 43, and cooperates with the CPU 101. Then, the transmission source IP address, the subnet mask, and the tunnel key are set in the GRE I / F 112 (step S006).

  The destination IP address of the GRE tunnel can be set as follows. IP address that exists in the same network of 1.1.1.0/30 from IP address and subnet mask (1.1.1.1/255.255.255.252) set in GRE I / F112 Is 1.1.1.1 or 1.1.1.2. Based on these pieces of information, the CPU 101 identifies that the GRE tunnel connection destination IP address is 1.1.1.2, and sets the GRE I / F 112 as the destination IP address of the GRE tunnel. Of course, a configuration in which the DHCP server 3 explicitly notifies the destination IP address of the GRE tunnel using a DHCP Ack message or the like may be employed (see the second embodiment).

  Thus, the initial setting of the HGW 1 is completed (see S508 to S514 in FIG. 15). In addition, when it determines with having set in step S001, S004, these processes can be abbreviate | omitted (No of step S001, S004). Further, the interface can be automatically set on the center GW 2 side in the same procedure (see S501 to S507 in FIG. 15).

  Next, processing in the HGW 1 at the time of data transmission and reception from the terminal under the HGW 1 (connection source device) to the center GW 2 (connection destination device) will be described. FIG. 13 is a flowchart for explaining the operation at the time of data reception from the terminal of the HGW 1 according to the first embodiment of this invention. Referring to FIG. 13, when receiving a packet from the terminal via the LAN I / F 114, the HGW 1 determines the source IP address by the NAPT processing unit 104 from the private IP address / port number assigned to the terminal. The IP address / port number of the WAN I / F 113 is converted (step S101).

  Thereafter, the GRE tunnel processing unit 102 performs encapsulation by GRE (step S102). Specifically, the GRE tunnel processing unit 102 uses the information set in the GRE I / F 112 to perform encapsulation using a destination IP address, a source IP address, and a GRE tunnel key of the GRE tunnel. The destination MAC address is the MAC address of the adjacent router in the access line network, and the source MAC address is the HGW address.

  Also, in the encapsulated internal Ethernet frame, the destination MAC address is the MAC address of the center GW2, and the MAC address of the HGW is set as the source MAC address. The destination IP address does not change from the address sent from the terminal (UE), and only the source IP address is converted by NAPT.

  The HGW 1 sends out the NAPT converted / encapsulated packet from the WAN I / F 113 as described above. FIG. 18A shows a packet transmitted from the terminal, and FIG. 18B shows a packet after the NAPT process and the GRE encapsulation process.

  Next, the operation at the time of data reception from the WAN I / F side in the HGW 1 will be described. FIG. 14 is a flowchart for explaining the operation at the time of data reception from the access line network side of the HGW 1 according to the first embodiment of this invention. Referring to FIG. 14, the response packet from the communication destination received via the WAN I / F 113 is transferred to the GRE tunnel processing unit 102 via the GRE I / F 112. The GRE tunnel processing unit 102 checks whether or not the destination IP address and GRE tunnel key of the received packet match the IP address and GRE tunnel key of the GRE I / F 112 (steps S201 and S202).

  If the GRE destination IP address and the GRE tunnel key of the received packet match as a result of the check, the GRE tunnel processing unit 102 decapsulates the GRE packet (step S203). The decapsulated packet is input to the NAPT processing unit 104.

  Further, the NAPT processing unit 104 of the HGW 1 converts the destination IP address of the packet after decapsulation into the IP address of the terminal (UE) (step S204). The converted packet is transferred from the LAN I / F 114 to the terminal. FIG. 19E shows a response packet received from the access line network, and FIG. 18F shows a packet after the GRE decapsulation process and the NAPT process.

  If it is determined in the check in steps S201 and S202 that the destination IP address and GRE tunnel key of the received packet do not match the IP address and GRE tunnel key of the GRE I / F 112, the HGW 1 discards the received packet. (Step S205).

  Here, the overall flow of the present embodiment will be described after being organized again. FIG. 15 shows a sequence when the initial setting (steps S508 to S514) of the HGW 1 is performed after the initial setting (steps S501 to S507) in the center GW. Each procedure is the same as the procedure described with reference to FIG.

  FIG. 16 shows a sequence from when the HGW 1 issues a private IP address to the DHCP server function unit 105 inside the HGW 1 in response to a request from the terminal and the setting is completed. Note that the DHCP message exchanged here is for issuing a private IP address, and is different from the DHCP message for sending / receiving the setting information.

  FIG. 17 is a diagram showing a sequence in a case where the terminal for which the setting of the private IP address is completed transfers data to the communication destination. Each procedure is the same as the procedure described with reference to FIGS.

  As described above, according to the present embodiment, the GRE tunnel I / F can be automatically set by the DHCP protocol. That is, it means that the configuration setting of the tunnel endpoint device can be simplified, and this makes it easy to generate a large-scale tunnel interface in which many HGWs are connected to one center GW.

  Further, according to the present embodiment, since the above-described setting information can be centrally managed in the DHCP server, efficient management is possible. The assigned IP address can be easily changed, and the effect of preventing setting mistakes and setting omissions is expected.

  In this embodiment, since a general DHCP protocol is used, introduction and construction are facilitated without changing the network configuration on the communication path. For example, in comparison with the method shown in Patent Document 1, there is an advantage that it is not necessary to introduce the SIP function.

[Second Embodiment]
Next, a second embodiment in which the above-described first embodiment is modified will be described. Since the basic configuration and operation of the second embodiment are the same as those of the first embodiment, the differences will be mainly described below. In the present embodiment, when the DHCP server 3 receives a setting information request message from the HGW 1 or the center GW 2, all the information of the WAN I / F 113 and the GRE I / F 112 is issued and set based on the MAC address. It is what I did.

  FIG. 20 is a diagram illustrating information held by the DHCP server according to the second embodiment of this invention. The difference from the first embodiment shown in FIG. 4 is that the setting information for WAN I / F 113 and the setting information for GRE I / F 112 are stored in the same entry, and the MAC of the request source (client) The search is possible by address.

  When receiving a request for setting information such as the IP address of the WAN I / F 113 from the HGW 1, the DHCP server 3 searches for setting information for the WAN I / F 113 and the GRE I / F 112 corresponding to the MAC address of the HGW 1. Then, the DHCP server 3 responds to the HGW 1 with these setting information in a lump.

  The DHCP relay processing unit 103 of the HGW 1 cooperates with the CPU 101 to set the IP address / subnet mask / default GW for the WAN I / F 113 based on the received setting information, and to the GRE I / F 112, the GRE tunnel Set the source / destination IP address and GRE tunnel key.

  As described above, the present invention can also be implemented in a mode in which the WAN I / F 113 and the GRE I / F 112 are set by a single DHCP request. In this case, compared with the first embodiment, it is possible to shorten the time until connection and simplify the processing.

  Although the embodiments of the present invention have been described above, the present invention is not limited to the above-described embodiments, and further modifications, substitutions, and adjustments are possible without departing from the basic technical idea of the present invention. Can be added. For example, the network configuration, the configuration of each element, and the expression form of a message shown in each drawing are examples for helping understanding of the present invention, and are not limited to the configuration shown in these drawings.

Finally, a preferred form of the invention is summarized.
[First embodiment]
(Refer to the tunnel endpoint device from the first viewpoint above)
[Second form]
In the tunnel endpoint device of the first form,
In response to a DHCP request message from either the first setting means or the second setting means, the DHCP server responds collectively with setting information of the first and second interfaces,
The first and second setting means is a tunnel endpoint device that executes setting of the first and second interfaces by using setting information of the first and second interfaces.
[Third embodiment]
In the tunnel endpoint device of the first or second form,
Further, a DHCP relay processing unit is provided for creating a request message for setting information of the first and second interfaces by including ID information for specifying the setting target interface in an option area of the DHCP request message. ,
A tunnel endpoint that receives the setting information of the first and second interfaces from the DHCP response message in which ID information for specifying the setting target interface is included in the option area of the DHCP response message. apparatus.
[Fourth form]
In the tunnel endpoint device according to any one of the first to third aspects,
The opposing device is a center gateway that houses a plurality of tunnel endpoint devices,
A tunnel endpoint device that functions as a home gateway connected to the center gateway in a one-to-many relationship with other tunnel endpoint devices.
[Fifth embodiment]
In the tunnel endpoint device according to any one of the first to third aspects,
The opposite device is a home gateway having a function of distributing a private IP address to a terminal,
A tunnel endpoint device that functions as a center-side gateway that houses a plurality of home gateways, including the home gateway.
[Sixth embodiment]
A tunnel endpoint device that accesses the DHCP server using an address set in advance in the DHCP interface.
[Seventh form]
(Refer to the DHCP server from the second viewpoint above)
[Eighth form]
(Refer to the communication system according to the third viewpoint)
[Ninth Embodiment]
(Refer to the interface automatic setting method from the fourth viewpoint above.)
[Tenth embodiment]
(Refer to the program from the fifth viewpoint above)
In addition, the said 7th-10th form can be expand | deployed to the 2nd-6th form similarly to the 1st form.

  It should be noted that the disclosures of the above patent documents are incorporated herein by reference. Within the scope of the entire disclosure (including claims) of the present invention, the embodiments and examples can be changed and adjusted based on the basic technical concept. Various combinations or selections of various disclosed elements (including each element of each claim, each element of each embodiment or example, each element of each drawing, etc.) are possible within the scope of the disclosure of the present invention. It is. That is, the present invention of course includes various variations and modifications that could be made by those skilled in the art according to the entire disclosure including the claims and the technical idea. In particular, with respect to the numerical ranges described in this document, any numerical value or small range included in the range should be construed as being specifically described even if there is no specific description.

1 Home gateway (HGW)
2 Center gateway (Center GW)
3, 20 DHCP (Dynamic Host Configuration Protocol) server 9 Terminal 10A, 10B Tunnel endpoint device 11 First setting means 12 Second setting means 101, 201 CPU (Central Processing Unit)
102, 202 GRE tunnel processing unit 103, 203 DHCP relay processing unit 104 NAPT processing unit 105 DHCP server function unit 111, 211 DHCP I / F
112, 212 GRE I / F
113 WAN I / F
114 LAN I / F
204 Routing processor 213 WAN I / F (A)
214 WAN I / F (C)

Claims (10)

It is possible to communicate with a DHCP server that responds to the setting information of the setting target interface using a DHCP response message in response to a DHCP (Dynamic Host Configuration Protocol) request message including information for specifying the setting target interface. ,
A first setting means for requesting the DHCP server for setting information of a first interface for communicating with a counter device connected via a wide area network at a predetermined opportunity;
In response to a request from the DHCP server for setting information of a second interface for communicating with the opposite device via a communication tunnel, to establish a communication tunnel on the wide area network. A second setting means for setting;
Tunnel endpoint device with In response to a DHCP request message from either the first setting means or the second setting means, the DHCP server responds collectively with setting information of the first and second interfaces,
The tunnel endpoint device according to claim 1, wherein the first and second setting means execute setting of the first and second interfaces using setting information of the first and second interfaces. Further, a DHCP relay processing unit is provided for creating a request message for setting information of the first and second interfaces by including ID information for specifying the setting target interface in an option area of the DHCP request message. ,
The configuration information of the first and second interfaces is received from a DHCP response message in which ID information for specifying the setting target interface is included in the option area of the DHCP response message. Or 2 tunnel endpoint devices. The opposing device is a center gateway that houses a plurality of tunnel endpoint devices,
The tunnel endpoint device according to any one of claims 1 to 3, wherein the tunnel endpoint device functions as a home gateway connected to the center gateway together with other tunnel endpoint devices in a one-to-many relationship. The opposite device is a home gateway having a function of distributing a private IP address to a terminal,
4. The tunnel endpoint device according to claim 1, wherein the tunnel endpoint device functions as a center-side gateway that accommodates a plurality of home gateways including the home gateway.   The tunnel endpoint device according to any one of claims 1 to 5, wherein the DHCP server is accessed using an address set in advance in a DHCP interface. A request is made to the DHCP server for the setting information of the first interface for communicating with the opposite device connected via the wide area network, and the first setting means for performing the setting, and the DHCP server, Second setting means for requesting setting information of a second interface for performing communication with the opposite apparatus via the communication tunnel and performing setting for establishing a communication tunnel on the wide area network, Accessible from the tunnel endpoint device,
In response to a DHCP (Dynamic Host Configuration Protocol) request message including information for specifying the interface to be set received from the tunnel endpoint device, the setting information of the interface to be set is returned using a DHCP response message. DHCP server to do. A DHCP server that responds to the setting information of the setting target interface using a DHCP response message in response to a DHCP (Dynamic Host Configuration Protocol) request message including information for specifying the setting target interface;
A first setting means for requesting the DHCP server for setting information of a first interface for communicating with a counter device connected via a wide area network at a predetermined opportunity; Triggering the DHCP server to request the second interface setting information for communicating with the opposite device via the communication tunnel, and setting for establishing a communication tunnel on the wide area network And a second communication unit including a tunnel endpoint device. A tunnel capable of communicating with a DHCP server that responds to the setting information of the setting target interface using a DHCP response message in response to a DHCP (Dynamic Host Configuration Protocol) request message including information for specifying the setting target interface. The endpoint device is
Requesting the DHCP server for setting information of a first interface for communicating with a counter device connected via a wide area network;
Requesting the DHCP server to set information for establishing a communication tunnel on the wide area network by requesting setting information of a second interface for communicating with the opposite device via a communication tunnel; ,
Method for automatic configuration of interfaces including A tunnel capable of communicating with a DHCP server that responds to the setting information of the setting target interface using a DHCP response message in response to a DHCP (Dynamic Host Configuration Protocol) request message including information for specifying the setting target interface. In the computer that configures the endpoint device,
A process of requesting the DHCP server for setting information of a first interface for communicating with an opposite apparatus connected via a wide area network, and performing setting;
Processing for requesting the DHCP server for setting information of a second interface for communicating with the opposite device via a communication tunnel, and setting for establishing a communication tunnel on the wide area network; ,
A program that executes

Images