JP6881846B2 - Media adapter device, distributed communication management method and distributed communication management program - Google Patents

Description

The present invention relates to a media adapter device, a distributed communication management method, and a distributed communication management program. For example, the present invention is used for an in-house network (IPsec-VPN) in a small to medium-sized base using wireless, or for securing a temporary detour route in a wired in-house network use base after a disaster occurs, or in-house. The present invention relates to a media adapter device, a distributed communication management method, and a distributed communication management program that can be suitably applied to widening the bandwidth of a detour route in a network or adding a temporary detour route.

In a network system in which a device connected to a LAN (Local Area Network) is connected to an Internet network via a wireless line, Japanese Patent Application Laid-Open No. 2016-167751 "Communication control system, communication control method and communication control" of Patent Document 1. As described in "Program", a state in which a router device for routing control connected to a LAN and a wireless communication terminal connected to an Internet network can communicate with each other by a media adapter device that performs media conversion processing. It is connected to the. The media adapter device has a function of converting communication media from a LAN signal format to a wireless signal format or from a wireless signal format to a LAN signal format.

The connection configuration of the current media adapter device will be further described with reference to FIG. FIG. 11 is a connection configuration diagram showing a connection configuration of the current media adapter device.

As shown in FIG. 11, the LAN side of the media adapter device 3 is connected to the router device 1 via the LAN cable 2. Further, the main wireless communication terminal 5 is connected to the main line interface 4 (connector) on the WAN (Wide Area Network) side of the media adapter device 3. The case where the main wireless communication terminal 5 is only one is shown, and the media adapter device 3 converts the data transmitted from the router device 1 via the LAN cable 2 into a wireless signal format, and the main line. Output to the main wireless communication terminal 5 via the interface 4.

Then, the main wireless communication terminal 5 transmits the received wireless signal to the center router device 10 connected to the Internet network 8 via the main wireless line 6 and the wireless line operator network 7. Here, the media adapter device 3 can connect a plurality of main wireless communication terminals 5 as active and spare main wireless communication terminals, and depending on the communication state, the wireless signal is transmitted to the spare main wireless communication terminal instead of the active side. It is also possible to output to 5.

However, the current media adapter device 3 has the following problems.

The first problem is that the media adapter device 3 is not treated as a management target because it is seen as an accessory thereof when viewed from the router device 1, and is usually not set for management. .. Therefore, if maintenance and management of the media adapter device 3 is to be performed as a communication device, it is necessary to dispatch personnel to the site when adding or changing the management settings, which requires man-hours and labor.

The second problem is that the router device 1 under the media adapter device 3 is a device that exists at a position physically different from that of the main wireless communication terminal 5. Therefore, for example, the router device 1 cannot recognize the connection state of the main wireless line 6 and the wireless band status with the wireless line operator network 7, so that the buffer overflow in the main wireless communication terminal 5 and the like can be caused. Cannot be detected. Therefore, even if such a communication abnormality occurs, only traffic control such as retransmission in the upper layer can be performed.

The third problem is that, as the current line service of the main wireless communication terminal 5, although there are specifications and pay-as-you-go services that automatically narrow the wireless band according to the usage amount, the router device 1 has as described above. The communication band and traffic status of the main wireless line 6 and the like cannot be detected, and traffic backup on the infrastructure cannot be performed. For this reason, control is performed in the upper layer protocol between ordinary wireless communication terminals, but in such a case, retransmission increases, and duplicate packets and discarded packets increase in the wireless line operator network 7. It ends up. Therefore, a useless increase in line cost and an influence on the signal response to be transmitted and received occur.

Japanese Unexamined Patent Publication No. 2016-167751

As described above, in the network system using the current media adapter device related to the present invention, the communication device under the media adapter device such as a router device that is not directly connected to the wireless line has the band of the wireless line. Cannot be recognized. For this reason, there is a problem that data is transmitted using the latest communication speed and communication state as it is, and a buffer overflow occurs in a media adapter device, a wireless communication terminal, or the like. In particular, in the case of a media adapter device to which a communication device such as a media adapter device or a small router device to which a communication line having a narrow wireless band is connected is connected for connection with the Internet network, a media adapter device, a router device, etc. In the communication equipment of the above, communication abnormalities that cause buffer overflow occur frequently.

Further, in a media adapter device having only a simple media conversion function, one-to-one media conversion is performed with a wireless communication terminal connected to only one as a working terminal used for actual communication. The operation of the media adapter device is limited by the state and communication speed of the wireless communication terminal. Even if a shortage of wireless bandwidth occurs, it cannot be solved within the media adapter device. Therefore, the countermeasures are the functions of communication devices such as router devices connected to the LAN side of the media adapter device and the upper layer. There is no choice but to rely on the delay / retransmission mechanism in the upper layer by the IPsec (Security Architecture for Internet Protocol) protocol, which is the encryption technology of.

Furthermore, in the normal IPsec protocol, when there is a lot of traffic in the interface between end-to-end communication terminals, packet non-delivery occurs and packet retransmission by the upper layer is performed. appear. However, for example, in an environment where a high-speed interface and a low-speed interface coexist, even if an attempt is made to avoid the non-delivery of packets generated on the high-speed interface side, the communication band of the low-speed interface can be effectively utilized. could not.

In recent years, depending on the wireless communication terminal, a large-scale carrier grade NAT (CGN: Carrier Grade NAT (Network Address Translator)) and IPv6 (Internet Protocol Version 6) have come to be used, and each of them has come to be used. It is becoming necessary to adopt the corresponding router device, add functions to the existing router device, or add a new router device for another route and route it for use. ..

(Purpose of this disclosure)
This disclosure has been made in view of the above circumstances, can avoid communication abnormalities due to overload or failure of the wireless line, and is limited to the wireless communication carrier (line operator). It is an object of the present invention to provide a media adapter device, a distributed communication management method, and a distributed communication management program capable of reliably securing a wireless band without any problems.

That is, as with the current media adapter device, a single connection is made from the subordinate router device connected to the LAN side and terminated by the media adapter device, and wireless communication is performed with the media adapter device. By connecting multiple terminals to avoid overloads and failures of wireless communication and to make it possible to distribute wireless communication, ensure that the wireless band is secured when connecting to the Internet network. Is the object of this disclosure.

Furthermore, when using multiple wireless communication terminals connected to the media adapter device, communication of the wireless communication terminal that has reached the communication volume limit without changing individual contracts (settings) with the wireless line operator. It is also an object of the present disclosure to make it possible to automatically add a new wireless communication terminal to perform communication so as to supplement the above.

In order to solve the above-mentioned problems, the media adapter device, the distributed communication management method, and the distributed communication management program according to the present invention mainly adopt the following characteristic configurations.

(1) The media adapter device according to the present invention is
To connect the router device to the Internet network via a wireless line in a network system that connects a router device connected to a LAN (Local Area Network) to a center router device connected to the Internet network via a wireless line. It is a media adapter device that performs media conversion of
As an interface on the WAN (Wide Area Network) side
An interface for the main line that connects the main wireless communication terminal for sending and receiving wireless signals related to data flowing through the main wireless line,
One or more band securing interfaces for connecting one or more band securing wireless communication terminals for securing a wireless line for securing a wireless band, and one or more band securing interfaces.
With
When a data packet addressed to the center router device is received from the router device, the data packet is converted into media, and the round robin method is used for the main line interface and one or more of the band securing interfaces. It is distributed in order to and from the Internet, transmitted to the Internet network via the main wireless communication terminal, one or a plurality of the band securing wireless communication terminals, and distributed to the destination center router device.
It is characterized by that.

(2) The distributed communication management method according to the present invention is
To connect the router device to the Internet network via a wireless line in a network system that connects a router device connected to a LAN (Local Area Network) to a center router device connected to the Internet network via a wireless line. This is a distributed communication management method for media adapter devices that perform media conversion.
The media adapter device is
An interface for the main line that connects the main wireless communication terminal for transmitting and receiving wireless signals related to data flowing through the main wireless line, and one or more wireless communication terminals for securing the wireless band for securing the wireless band. Steps to send and receive data via each of one or more bandwidth securing interfaces that connect each
Have,
When a data packet addressed to the center router device is received from the router device, the data packet is converted into media, and the round robin method is used for the main line interface and one or more of the band securing interfaces. It is distributed in order to and from the Internet, transmitted to the Internet network via the main wireless communication terminal, one or a plurality of the band securing wireless communication terminals, and distributed to the destination center router device.
It is characterized by that.

(3) The distributed communication management program according to the present invention is
To connect the router device to the Internet network via a wireless line in a network system that connects a router device connected to a LAN (Local Area Network) to a center router device connected to the Internet network via a wireless line. A distributed communication management program executed by a computer in a media adapter device that performs media conversion.
The media adapter device is
An interface for the main line that connects the main wireless communication terminal for transmitting and receiving wireless signals related to data flowing through the main wireless line, and one or more wireless communication terminals for securing the wireless band for securing the wireless band. A function to send and receive data via each of one or more bandwidth securing interfaces that connect each.
Have,
When a data packet addressed to the center router device is received from the router device, the data packet is converted into media, and the round robin method is used for the main line interface and one or more of the band securing interfaces. It is distributed in order to and from the Internet, transmitted to the Internet network via the main wireless communication terminal, one or a plurality of the band securing wireless communication terminals, and distributed to the destination center router device.
It is characterized by that.

According to the media adapter device, the distributed communication management method, and the distributed communication management program of the present invention, the following effects can be mainly obtained.

By using multiple wireless communication terminals in order in a round-robin fashion, it is not necessary to rely on the service functions provided by the wireless line operator, and the wireless band can be used as it is with the contracted capacity of each wireless communication terminal. Can be secured.

It is a connection structure diagram which shows an example of the connection structure of the media adapter device which concerns on this invention. It is explanatory drawing explaining how the media adapter device of FIG. 1 expands and secures the radio band for communication with a center router device by using the band securing wireless communication terminal. It is explanatory drawing for demonstrating an example of the operation of the media adapter apparatus shown in FIG. 1 and FIG. It is a sequence chart which shows an example of the operation flow from the connection processing in the media adapter apparatus shown in FIG. 1 to the communication processing for securing a band. It is a sequence chart which shows an example of the operation flow from IPsec management communication to data communication by TCP communication in the media adapter apparatus shown in FIG. It is a table which shows an example of the data format about the band securing data to be transferred on each band securing interface of the media adapter apparatus shown in FIG. It is a table which shows an example of the data format about the IPsec management communication data to be transferred on the main line interface of the media adapter apparatus shown in FIG. FIG. 5 is a flowchart showing an example of an operation of monitoring TCP communication of a bandwidth securing interface in the media adapter device shown in FIG. 1. FIG. 5 is a flowchart showing an example of an operation of monitoring and receiving TCP communication via a bandwidth securing interface in the center router device shown in FIG. 1. FIG. 5 is a connection configuration diagram showing an example different from FIGS. 1 and 2 in the connection configuration of the media adapter device according to the present invention. It is a connection block diagram which shows the connection structure of the current media adapter device.

Hereinafter, preferred embodiments of the media adapter device, the distributed communication management method, and the distributed communication management program according to the present invention will be described with reference to the attached drawings. In the following description, the media adapter device and the distributed communication management method according to the present invention will be described, but the distributed communication management method may be implemented as a distributed communication management program that can be executed by a computer. Needless to say, the distributed communication management program may be recorded on a computer-readable recording medium. Further, it is needless to say that the drawing reference reference numerals attached to the following drawings are added to each element for convenience as an example for assisting understanding, and the present invention is not intended to be limited to the illustrated embodiment. No.

(Basic Embodiment of the present invention)
Prior to the description of the embodiments of the present invention, the outline of the basic embodiments of the present invention will be described first. A basic embodiment of the present invention relates to a media adapter device for media conversion for connecting to an Internet network using a wireless line, in order to impart a function of securing a wireless band to the media adapter device. When a router device connected to a plurality of wireless communication terminals and connected under the media adapter device performs IPsec communication, the plurality of wireless communication terminals are sequentially connected in a round robin manner without changing settings. By using it, it is possible to connect to multiple wireless lines and secure the bandwidth of the wireless interface.

Further, regarding the wireless line, regardless of which protocol of the IPv4 / IPv6 protocol is used, it is a main feature that the wireless band in IPsec communication can be secured in the environment of dynamic address acquisition. ..

More specifically, in the basic embodiment of the present invention, a plurality of wireless communication terminals are connected to the media adapter device, one of which is the main wireless communication terminal for the main line, and the remaining wireless communication. The terminal is a band securing wireless communication terminal for securing a wireless band. Then, in accordance with the operation of connecting the main wireless communication terminal to the main wireless line, each of the band securing wireless communication terminals also performs an operation of connecting to the band securing wireless line in advance, and the address used in each wireless communication is set. Get it.

After that, when the data packet transmission operation (IPsec communication) is started from the router device under the media adapter device to the destination center router device via the Internet network via the main line, the media is triggered by that. The adapter device acquires a communication port number specified from the center router device on the other side by performing management communication between the router device and the center router device. Then, the media adapter device connects to the center router device on the other side via each of the plurality of wireless communication terminals using the designated communication port number. As a result, the data packet transmitted to the center router device on the other side can be sequentially distributed to a plurality of wireless lines by the round robin method and used, and the wireless band can be secured.

In addition, the media adapter device also makes it possible to grasp the communication status of each wireless line by monitoring the communication status between a plurality of connected wireless communication terminals and the center router device on the other side. There is. As a result of monitoring, if a communication interruption in the communication path via one of the wireless lines is detected, the corresponding wireless communication terminal can be reset, reconnected, and the wireless line can be restored. become. Therefore, the influence of communication interruption can be minimized, and the securing of the radio band can be automatically maintained.

Further, in the media adapter device, the IPsec communication connection is made on the main line, but as described above, the data packets including the other bandwidth securing lines are sequentially sent to each wireless communication terminal by the round robin method. By allocating, it operates so as to minimize the delay of the transfer process. At that time, in order to authenticate that the line connection for securing other bands is correct, the IP address information exchanged when each wireless communication terminal for securing the band connects to the center router device on the opposite side is mainly used. It is sent as authentication information (that is, communication management information) to the center router device using the line. Also, when the wireless communication terminal is reconnected after the line is disconnected, the updated IP address information and the like are sent to the center router device. By performing such an operation, it is possible to increase the reliability of the connection of the band securing line other than the main line.

That is, in the center router device on the opposite side, in addition to the information related to the establishment of IPsec connection of the main line from the media adapter device, the line information of the connection from another wireless communication terminal for band amplification is acquired, and the main line communication is performed. Performs connection confirmation processing for securing bands other than. Then, the center router device on the opposite side notifies the wireless communication terminal for securing the bandwidth of the connection port number (TCP port number) for TCP communication, and connects by TCP communication using the TCP port number. maintain. Therefore, with respect to the wireless line between the media adapter device and the center router device on the opposite side, a wireless line for securing the band can be used together as a band related to IPsec communication of the main line, and the band is secured. IPsec communication can be performed with.

Here, the media adapter device uses the TCP port number obtained from the center router device for the data packet to be directed to the wireless line for securing the band among the data packets received as IPsec communication from the subordinate router device. A TCP header is created, TCP is encapsulated, and the created TCP packet is sent to the center router device on the opposite side via the corresponding wireless communication terminal for securing the band. Therefore, even if the communication is separated and connected by the round robin method, the opposition of the communication can be ensured.

Further, the center router device confirms the TCP port number and the IP address of the TCP packet sent from the wireless communication terminal for securing the band, and performs the authentication process. Then, when the authentication is obtained, the TCP capsule of the TCP packet is released, and then the data packet is handed over to the processing unit that processes the data packet in the IPsec communication (IPsec connection) of the main line. Then, the center router device confirms the status of the TCP connection for securing the bandwidth from the reception status of the sent TCP packet, and sends a response to the TCP packet to the reply destination. By operating as described above, it is possible to communicate with one connection without connecting a plurality of IPsec communication connections.

Note that the wireless communication terminals connected to the media adapter device may use carrier grade NAT (CGN) depending on the contract details and the wireless line operator. Therefore, it is necessary to confirm whether or not the NAT conversion has been performed when first connecting to the center router device on the opposite side. For example, when used as a bandwidth securing wireless communication terminal, it is necessary to exchange with a unique protocol in which the source / destination IP address is registered at the start of TCP communication with the specified TCP port number. is there. In the TCP communication, data is exchanged by designating a keepalive for maintaining a communication path as a parameter of a band securing management communication and transmitting the TCP communication, and maintaining a NAT-translated address in a cache. Can be done.

In addition, when using an IPv6 address as a contract for a wireless communication terminal, the IPv6 address is also registered in advance in the opposite center router device, and the IPv6 address is also used as a unique protocol for TCP communication at the time of band securing connection. By supporting this, even if the TCP connection of the wireless communication terminal is the IPv6 protocol, TCP encapsulation can be performed. Therefore, for example, even if the IPsec communication of the main line connection is the IPv4 protocol, the communication can be performed regardless.

The router device under the media adapter device does not need to consider the limitation on the number of IPsec communication connections, the route control in multiple connections, etc., and if it is one base as the center router device on the opposite side, it is one opposite. Since the connection is made as, the setting can be simplified and the operation such as failure investigation and setting change can be made more efficient.

(Structure Example of Embodiment of this Invention)
Next, an embodiment of the connection configuration of the media adapter device according to the present invention will be described with reference to FIG. FIG. 1 is a connection configuration diagram showing an example of a connection configuration of the media adapter device according to the present invention.

That is, as shown in FIG. 1, as in the case of FIG. 11 showing the connection configuration of the current media adapter device, the LAN cable of Ethernet (Gigabit / s, 100 Mbit / s, etc.) is on the LAN side of the media adapter device 3. The router device 1 is connected via 2. Further, the main wireless communication terminal 5 is connected to the main line interface 4 (connector) on the WAN side of the media adapter device 3, and the wireless line operator network 7 is connected from the main wireless communication terminal 5 via the main wireless line 6. It is connected to the Internet network 8 via. A center router device 10 which is a destination of the router device 1 is connected to the Internet network 8.

However, in FIG. 1, unlike the case of FIG. 11, the WAN side of the media adapter device 3 is further provided with one or more bandwidth securing interfaces 11 in addition to the main line interface 4. One or a plurality of band securing wireless communication terminals 12 are connected to the one or a plurality of band securing interfaces 11, and via the wireless line operator network 7 via the one or a plurality of band securing wireless lines 13. Is connected to the Internet network 8.

Here, when a connection request 301 by PPPoE (Point-to-Point Protocol over Ethernet) is transmitted from the router device 1 connected to the LAN side of the media adapter device 3, the media adapter device 3 is used as an interface for the main line. By transmitting the proxy connection request 304 via the main wireless communication terminal 5 connected to 4, the wireless line operator network 7 accesses the Internet network 8 to acquire the IP address 303 for connection, and the connection request is made. It is handed over to the router device 1 as a response 300 to 301. The router device 1 can perform IPsec communication 302 with the Internet network 8 by using the IP address 303 acquired by receiving the response 300.

Further, the media adapter device 3 transmits the proxy connection request 306 via one or a plurality of band securing wireless communication terminals 12 connected to the band securing interface 11 on the WAN side at the same time as the media adapter device 3 is activated. By doing so, the access point of the wireless line operator network 7 accesses the Internet network 8 to acquire the IP address 307 (or IPv6 address) for connection. The media adapter device 3 saves the acquired IP address 307 (or IPv6 address) and waits for the IPsec communication connection process from the subordinate router device 1.

Next, the router device 1 starts the IPsec communication 305 using the acquired IP address as the IPsec communication connection process, and makes a VPN (Virtual Private Network) connection with the center router device 10 of the opposite destination. At that time, the media adapter device 3 relays the communication of the port number '500' of UDP (User Datagram Protocol) in order to establish the SA (Security Association) of the IPsec communication. On the other hand, for bandwidth securing management, TCP port number '500' is used to exchange information on the bandwidth securing interface with the opposite center router device 10 by TCP communication 314 of the original data format. After acquiring the information of the band securing interface, the center router device 10 at the opposite destination is used for securing a band different from the Peer destination and the TCP port number of the own center router device 10 used in the TCP communication 314. The Peer destination and the TCP port number are acquired and notified to the media adapter device 3 by TCP communication 314 of the original data format.

Next, a state in which the media adapter device 3 shown in FIG. 1 uses the band securing wireless communication terminal 12 to expand and secure the wireless band will be described with reference to FIG. FIG. 2 is an explanatory diagram illustrating how the media adapter device 3 of FIG. 1 uses the band securing wireless communication terminal 12 to expand and secure a wireless band for communication with the center router device 10.

In the explanatory diagram of FIG. 2, the media adapter device 3 acquires a data communication port number as the band securing interface 11, and then passes through the band securing wireless communication terminal 12 connected to the acquired port number. , The center router device 10 is periodically subjected to data communication at predetermined time intervals as a keepalive for line maintenance to the TCP port number acquired earlier in the description of FIG. , The state in which the band securing communication route via the band securing wireless communication terminal 12 is valid is maintained.

At that time, information is exchanged between the source and the destination, and the media adapter device 3 registers the information between the exchanged source and the destination in the management parameter 17. As a result, the media adapter device 3 uses the TCP of TCP communication 313 (in other words, communication in which the ESP packet of IPsec communication is encapsulated in TCP) to be performed with the center router device 10 via the wireless communication terminal 12 for securing the band. You can complete the connection. Further, when the management parameter 17 regarding the TCP communication 313 is changed, the media adapter device 3 transfers the update information of the management parameter 17 to the center router device 10 via the main wireless communication terminal 5. , The TCP connection with the center router device 10 can be maintained.

That is, when there is a change in the information regarding the TCP communication 313 stored in the management parameter 17, the media adapter device 3 also instructs the center router device 10 to update the management parameter, so that the center router device 10 also has a change. The information stored in the management parameter 16 is updated. When the information stored in the management parameter 16 is updated, the center router device 10 returns a response for confirming the information update of the management parameter 16 to the media adapter device 3. As a result, the TCP connection with respect to the TCP communication 313 with the center router device 10 can be maintained.

When the media adapter device 3 receives the data of IPsec communication 316 from the subordinate router device 1 after receiving the response for confirming the update of information from the center router device 10, the data is encapsulated in ESP (Encapsulating Security Payload). Security payload) Check if it is a packet. As a result of the confirmation, when it is confirmed that the data received from the subordinate router device 1 is an ESP packet, the ESP packet is sequentially distributed to a plurality of communication routes by the round robin method, and the center router device 10 is used. Send to. That is, in addition to transmitting to the center router device 10 via the main wireless communication terminal 5 for the main line in order, TCP communication 313 for securing a band with the center router device 10 is also used. Then, it is TCP-encapsulated with the designated TCP port number and transmitted to the center router device 10 via the band securing wireless communication terminal 12.

In the transmission destination center router device 10, the IPsec data packet transmitted from the main wireless communication terminal 5 is transferred as it is to the higher-level IPsec communication data processing unit. On the other hand, regarding the data transmitted from the band securing wireless communication terminal 12, the IPsec data packet (that is, TCP encapsulation) from the permitted media adapter device 3 is referred to by referring to the TCP port number registered in the management parameter 16. Check if it is an IPsec data packet).

Then, when the center router device 10 confirms that it is an IPsec data packet from the permitted media adapter device 3, it releases the TCP capsule applied to the transferred IPsec data packet and releases the original IP header. Restore to an ESP packet (IPsec data packet) having. After that, the center router device 10 processes the data of the relevant IPsec communication in order to process the IPsec communication 305 established as the main wireless line 6 via the main wireless communication terminal 5 for the restored ESP packet. Hand over to the department.

Further, for communication from the center router device 10, the destination of the band securing wireless communication terminal 12 and the destination of the main wireless communication terminal 5 of the designated TCP port number stored in the management parameter 16 are sequentially used in a round robin system. By transmitting data to the media adapter device 3, not only the band of the wireless line with the main wireless communication terminal 5 but also the band of the wireless line of the wireless communication terminal 12 for securing the band is secured. maintain.

Further, regarding the band securing interface 11 of the media adapter device 3, the media adapter device 3 periodically transmits a keepalive to the center router device 10 in order to confirm that the communication session is continued. ing. However, when the media adapter device 3 detects that the response to the keepalive is not returned from the center router device 10, the band securing wireless communication terminal to which the corresponding band securing wireless line is connected is connected. By resetting 12 once and reconnecting, the operation of recovering the corresponding wireless line for securing the band is performed. At this time, the media adapter device 3 notifies that the reconnection is in progress by performing management communication from the main line interface 4 to the center router device 10.

Further, when the keep-alive from the band securing interface 11 of the media adapter device 3 does not reach the opposite center router device 10, or when a notification indicating that the connection is being made is received from the main line interface 4, the center router device 10 is reconnected. The data transmission operation of the TCP communication 313 regarding the corresponding wireless line for securing the band is skipped, and the data is transmitted via another TCP connection in the next order. After that, when the keepalive via the corresponding band securing wireless communication terminal 12 arrives, or when the reconnection completion notification (connection notification) arrives, the corresponding band securing wireless line is related. The data transmission operation via TCP communication 313 is restarted.

As described above, the media adapter device 3 transmits the data packet of IPsec communication from the subordinate router device 1 to a plurality of wireless communication terminals (main wireless communication terminal 5 and one or a plurality of band securing wireless communication terminals 12). By using the round robin method to transmit through the main line interface 4 and one or more band securing interfaces 11 in order, it is possible to expand the radio band with one connection and secure the radio band. The function of doing is realized.

As described above, the media adapter device 3 can be connected to the wireless line operator network by periodically transmitting a keepalive for maintaining the communication path effectively from each band securing interface 11. The state of the communication path for securing the band of No. 7 is monitored. Then, the media adapter device 3 determines whether or not data can be transmitted via each band securing interface 11 from the monitor result, and skips data transmission using the band securing interface 11 corresponding to non-transmission. , It is possible to reduce the data retransmission processing in the upper layer.

Further, the media adapter device 3 uses the communication management information related to the communication via each of the one or a plurality of band securing interfaces 11 as the IPsec management communication via the main line interface 4, and is the center router device 10 on the opposite side. Is transmitted to and registered in the management parameter 16 in the center router device 10.

Therefore, in the center router device 10 on the opposite side, the confirmation information of the TCP communication of the bandwidth securing interface 11 is acquired by using the IPsec management communication from the media adapter device 3 via the main wireless communication terminal 5. It is registered in the management parameter 16 and realizes a function of performing TCP connection processing and bandwidth securing with the bandwidth securing interface 11. Then, the center router device 10 selects the data transmission operation by receiving the status notification from the media adapter device 3 by keep-alive or management communication, reduces the data retransmission process in the upper layer, and can secure the wireless band. I have to.

(Explanation of operation of embodiment)
Next, the operation of the media adapter device 3 shown in FIGS. 1 and 2 as an embodiment of the present invention will be described in detail with reference to FIG. FIG. 3 is an explanatory diagram for explaining an example of the operation of the media adapter device 3 shown in FIGS. 1 and 2, and is a transfer of a data packet between the router device 1 under the control and the center router device 10 facing the router. An example of the operation is shown. Regarding the codes assigned to the signals transmitted and received between the devices, the same signals as those in FIGS. 1 and 2 are indicated by the same reference numerals.

In FIG. 3, as shown in FIG. 1, the LAN side of the media adapter device 3 is connected to the router device 1 via a LAN cable 2 of Ethernet (Gigabit / s, 100 Mbit / s, etc.) used in LAN communication. ing. Further, on the WAN side of the media adapter device 3, the main wireless communication terminal 5 is connected to the main line interface 4, and in addition, one or a plurality of band securing wireless communications are connected to each of the one or a plurality of band securing interfaces 11. The terminal 12 is connected.

Then, when the connection request 301 by PPPoE is transmitted from the router device 1 based on the communication setting information set in the router setting parameter 18, the media adapter device 3 connects to the main line interface 4 for main wireless communication. By transmitting the proxy connection request 304 via the terminal 5 and the main wireless line 6, the access point of the wireless line operator network 7 accesses the Internet network 8 and acquires the IP address 303.

Then, the media adapter device 3 returns the acquired IP address as a response 300 to the connection request 301 to the router device 1 that is the source of the connection request 301. As a result, the router device 1 can access the Internet network 8 via the media adapter device 3, the main wireless communication terminal 5, and the wireless line operator network 7, and has IPsec communication 302 with the Internet network 8. You will be ready to do.

In the description of FIG. 3, it is assumed that the media adapter device 3 is provided with four band securing interfaces 11 and can connect four band securing wireless communication terminals 12. Then, at the same time as the media adapter device 3 is activated, the media adapter device 3 makes a proxy connection request 306 via each of the four band securing wireless communication terminals 12 connected to the band securing interface 11 on the WAN side. The IP address 307 (or IPv6 address) is acquired by transmitting to the access point of the wireless line operator network 7 and accessing the Internet network 8. The media adapter device 3 registers the acquired IP address 307 (or IPv6 address) in the management parameter 17, and waits for the IPsec communication connection process from the subordinate router device 1.

After that, the router device 1 makes a VPN connection with the opposite center router device 10 by the IPsec communication 305 using the previously acquired IP address as the IPsec communication connection process. At that time, the media adapter device 3 relays the communication of the UDP (User Datagram Protocol) port number '500' used for establishing the SA (Security Association), but in addition to the communication of establishing the SA, the band securing management is further performed. The TCP port number '500' is used as the communication for, and the TCP communication 314 of the original data format (that is, the data format using the dedicated protocol for the upper layer) is used with the center router device 10 of the opposite destination. , Exchange information about the band securing interface 11.

In the present embodiment, as the original data format used for the TCP communication 314, the information regarding the bandwidth securing interface 11 (that is, the information such as the IP address (or IPv6 address) and the bandwidth securing host name (hostname)) is 8 It is possible to mount up to the number of pieces.

When the media adapter device 3 acquires the information about the band securing interface 11 by TCP communication 314, the media adapter device 3 registers and saves the information about the band securing interface 11 in the management parameter 17 and creates a packet storing the acquired information about the band securing interface 11. By the TCP communication 314 using the original data format, the information is sent to the opposite center router device 10 as temporary information of the band securing interface.

The center router device 10 at the opposite destination registers and stores the information regarding the band securing interface 11 sent as temporary information of the band securing interface from the media adapter device 3 in the management parameter 16. After that, the center router device 10 acquires the Peer destination for securing the bandwidth of the own center router device 10 and the TCP port number. That is, a Peer destination different from the Peer destination of the own center router device 10 designated as the destination from the media adapter device 3 in the TCP communication 314 (may be a Peer destination composed of, for example, an IPv6 address of a different protocol) and a bandwidth. Acquires the TCP port number used for data communication via the securing interface 11.

Then, the center router device 10 notifies the media adapter device 3 of the acquired Peer destination for securing the band of the own center router device 10 and the TCP port number by TCP communication 314 of the original data format. When the media adapter device 3 receives the Peer destination for securing the band of the center router device 10 and the TCP port number notified from the center router device 10, the media adapter device 3 registers and saves it in the management parameter 17.

Then, when the media adapter device 3 transmits data to the center router device 10, if the communication paths of the band securing interface 11 are in order by the round robin method, the media adapter device 3 starts from the center router device 10. A data packet addressed to the corresponding TCP port number is created from the acquired TCP port numbers, and the TCP communication 313 (in other words, paraphrased) addressed to the TCP port number of the center router device 10 via the band securing interface 11. And IPsec communication ESP packet is TCP-encapsulated communication).

Further, the media adapter device 3 uses a dedicated protocol as a keepalive between the center router device 10 and the TCP communication 313 including the IP address of the source and the destination or the IPv6 address. By regularly exchanging information with each other and confirming that the communication route for securing the band is effective, the connection for data communication for securing the band is maintained. At this time, when NAT conversion is performed from the center router device 10 by a route such as carrier grade NAT (CGN), information including the IP address or IPv6 address between the source and the destination after NAT conversion is exchanged. ..

Further, when the media adapter device 3 changes the management parameter 17 related to the TCP communication 313 addressed to the corresponding TCP port number of the center router device 10 via the band securing interface 11, the changed management parameter 17 Information is notified to the center router device 10 by TCP communication 314 via the main line interface 4. When the center router device 10 receives the changed management parameter 17 information from the media adapter device 3, the center router device 10 updates the information stored in the management parameter 16. Then, when the information stored in the management parameter 16 is updated, the center router device 10 returns a response for confirming the information update of the management parameter 16 to the media adapter device 3.

When the media adapter device 3 receives the data of IPsec communication 316 from the subordinate router device 1 after receiving the response for confirming the information update from the center router device 10, the data is ESP (Encapsulating Security Payload: encapsulation). Security payload) Check if it is a packet. As a result of the confirmation, when it is confirmed that the data received from the subordinate router device 1 is an ESP packet, the ESP packet is used as an IPsec data packet in a round robin manner, sequentially from the main line interface 4 to the main radio. IPsec communication 312 or TCP to the center router device 10 via the communication terminal 5 or via each of the one or more band securing wireless communication terminals 12 from the one or more band securing interfaces 11. It is transmitted by communication 413.

That is, when the ESP packet is transmitted via the main line interface 4 and the main wireless communication terminal 5, the ESP packet is transmitted to the center router device 10 by IPsec communication 312 as an IPsec data packet. On the other hand, when the ESP packet is transmitted via the band securing interface 11 and the band securing wireless communication terminal 12, it is designated as the band securing TCP communication 313 with the center router device 10 before transmission. After TCP encapsulating with the TCP port number, it is sequentially transmitted to the center router device 10 by TCP communication 313.

The transmission destination center router device 10 performs different processing for the IPsec data packet transmitted from the main wireless communication terminal 5 and the TCP encapsulated IPsec data packet transmitted from the band securing wireless communication terminal 12. That is, the IPsec data packet transmitted from the main wireless communication terminal 5 is directly transferred to the data processing unit of the upper layer IPsec communication. On the other hand, regarding the TCP-encapsulated IPsec data packet transmitted from the band securing wireless communication terminal 12, first, the TCP-encapsulated IPsec from the permitted media adapter device 3 is referred to by referring to the management parameter 16 and the TCP port number. Check if it is a data packet.

Then, when the center router device 10 confirms that the TCP-encapsulated IPsec data packet is from the permitted media adapter device 3, the center router device 10 releases the TCP capsule applied to the transmitted TCP-encapsulated IPsec data packet. Then, it is restored to an IPsec data packet (ESP packet) having the original IP header. After that, the center router device 10 processes the restored IPsec data packet (ESP packet) in the same manner as the processing of the IPsec data packet received by the IPsec communication 305 via the main line interface 4 and the main wireless communication terminal 5. In order to do so, it is handed over to the data processing unit of the corresponding IPsec communication in the upper layer.

On the other hand, regarding the communication for transmitting data from the center router device 10 to the router device 1, the destination of the router device 1 via the main wireless communication terminal 5 and the TCP port number stored in the management parameter 16 for securing the bandwidth. The wireless band is secured by sequentially transmitting data to the destination of the band securing wireless communication terminal 12 by the round robin method. Here, regarding the band securing line, as described above, the media adapter device 3 transmits communication management information related to communication via each of the one or a plurality of band securing interfaces 11 via the main line interface 4. , It is transmitted to the center router device 10 on the opposite side and registered as the management parameter 16 in the center router device 10.

Therefore, when transmitting a data packet addressed to, for example, the router device 1 from the center router device 10, the center router device 10 refers to the management parameter 16 and sends the data packet addressed to the router device 1 to the main router device 1 in a round robin manner. The wireless band can be secured by sequentially dividing the data for the wireless communication terminal 5 and for one or a plurality of band securing wireless communication terminals 12 and transmitting the data in a distributed manner. As a result, when the media adapter device 3 detects data packets sequentially transmitted via the main line interface 4 and one or a plurality of band securing interfaces 11, respectively, the media adapter device 3 is used for securing one or a plurality of bands. The data packet transmitted via each of the wireless communication terminal 12 and the band securing interface 11 is associated with the data packet transmitted via the main wireless communication terminal 5 and the main line interface 4, and is associated with the destination. It can be delivered to the router device 1.

Regarding IPsec management communication such as Rekey, which periodically updates the encryption key, and Keepalive, which confirms the existence of the band securing interface 11, the media adapter device 3 and the center router device. Communication with 10 is performed by IPsec communication 312 via the main line interface 4, and communication is performed between the media adapter device 3 and the subordinate router device 1 by IPsec communication 316.

Next, the above operation will be further described with reference to the sequence chart of FIG. FIG. 4 is a sequence chart showing an example of an operation flow from the connection process in the media adapter device 3 shown in FIG. 1 to the communication process for securing the band, and is a sequence chart showing the router device 1 and the media under the media adapter device 3. An example of the operation flow in each of the adapter device 3, the main wireless communication terminal 5, the band securing wireless communication terminal 12, the wireless line operator network 7, and the center router device 10 is shown.

First, the subordinate router device 1 performs an authentication IP address registration operation by PPPoE, starts a connection operation with the Internet network 8, and causes a parameter (that is, a parameter for requesting a connection with the Internet network 8) to the media adapter device 3. (Sequence Seq51), the media adapter device 3 acts on behalf of the connection request with the Internet network 8 (Sequence Seq52), and sends the IP address acquisition request to the main wireless communication terminal 5 (Sequence Seq53).

When the main wireless communication terminal 5 receives the IP address acquisition request, it makes a wireless connection with the wireless line operator network 7 and transfers the IP address acquisition request (sequence Seq54). Upon receiving the IP address acquisition request, the wireless line operator network 7 connects to the Internet network 8 and acquires the IP address. The acquired IP address is sequentially returned from the wireless line operator network 7 to the main wireless communication terminal 5 and the media adapter device 3, and finally returned from the media adapter device 3 to the router device 1.

After registering the returned IP address, the router device 1 makes an IPsec connection with the Internet network 8 using the IP address, thereby performing IPsec communication (UDP / ESP) from the router device 1. And the IPsec communication connection process such as the key process is started (sequence Seq55).

On the other hand, when the connection IP address of the Internet network 8 is returned from the main wireless communication terminal 5, the media adapter device 3 registers the IP address as a management parameter 17 (sequence Seq59) and IPsec in the router device 1. At a timing earlier than the start of the communication connection process, the band securing interface 11 transmits a band securing wireless connection authentication request to the band securing wireless communication terminal 12. Upon receiving the wireless connection authentication request, the band securing wireless communication terminal 12 performs a process of transferring the wireless connection authentication request to the wireless line operator network 7 (sequence Seq60). Upon receiving the wireless connection authentication request, the wireless line operator network 7 performs wireless connection authentication, accesses the Internet network 8, and acquires a connection IP address. Then, the wireless line operator network 7 notifies the media adapter device 3 of the connection IP address acquired from the Internet network 8 via the band securing wireless communication terminal 12 (sequence Seq61). The media adapter device 3 registers the notified connection IP address in the management parameter 17 as communication management data for the band securing interface 11.

As a result, the connection between the band securing interface 11 of the media adapter device 3 and the Internet network 8 is completed, so that the media adapter device 3 is in a state of waiting for the start of the IPsec communication connection process from the subordinate router device 1.

When the subordinate router device 1 starts IPsec communication connection processing for IPsec management communication such as IPsec communication (UDP / ESP) and Rekey processing (sequence Seq55), the media adapter device 3 receives the received IPsec communication. A process of transferring the processing content (that is, the content of the IPsec communication connection processing) to the main wireless communication terminal 5 is performed (sequence Seq56). The main wireless communication terminal 5 further performs a process of transferring the received IPsec communication processing content to the center router device 10 on the opposite side via the wireless line operator network 7 and the Internet network 8 (sequence Seq57). .. The center router device 10 on the opposite side is used for IPsec management communication such as IPsec communication (UDP / ESP) and Rekey processing according to the transferred IPsec communication processing content (that is, the content of IPsec communication connection processing). (Sequence Seq58).

Further, at the same time, the media adapter device 3 performs TCP communication with, for example, TCP port number '500' to the main wireless communication terminal 5 as a band securing management communication with the center router device 10 on the opposite side, and obtains a band. Notification of the host name including the securing wireless communication interface, the wireless communication terminal, the IP address, and the like is performed (sequence Seq62). The main wireless communication terminal 5 performs a process of transferring the received TCP communication content to the center router device 10 on the opposite side via the wireless line operator network 7 and the Internet network 8 (sequence Seq63). The center router device 10 on the opposite side reads the contents of the transferred TCP communication and performs a process of registering the host name including the wireless communication interface for securing the band, the wireless communication terminal, the IP address, and the like in the management parameter 16. (Sequence Seq64).

Further, the center router device 10 has a TCP port number designated for securing the band and an IP address (IPv4 address or IPv6) for IPsec communication reserved in advance as the management communication for securing the band for the media adapter device 3 on the opposite side. (Address), a peer address different from the IPsec communication connection packet is returned to the media adapter device 3 via the Internet network 8, the wireless line operator network 7, and the main wireless communication terminal 5. Here, as the peer address, if the IPsec communication connection packet is IPv4, the IPv6 address is used, and if the IPsec communication connection packet is IPv6, the IPv4 address is used. The media adapter device 3 acquires the TCP port number and peer address for securing the bandwidth returned from the center router device 10 and registers them in the management parameter 17 (sequence Seq62).

When the media adapter device 3 acquires the TCP port number and peer address of the TCP communication for band securing from the center router device 10, the contract for each band securing wireless communication terminal 12 is performed via each band securing interface 11. TCP communication is performed using a designated port number that specifies the IPv4 address or the peer address of the IPv6 address as the destination, and the acquired IPv4 address or IPv6 address and host are performed for each band securing wireless communication terminal 12. Notify the first name again (sequence Seq65). Each band securing wireless communication terminal 12 performs a process of transferring the received TCP communication content to the center router device 10 on the opposite side via the wireless line operator network 7 and the Internet network 8 (Sequence Seq66). .. The center router device 10 on the opposite side acquires the contents of the transferred TCP communication, and performs a process of registering the IPv4 address or the IPv6 address and the host name in the management parameter 16 according to the contents of the acquired TCP communication. (Sequence Seq67).

Further, when the center router device 10 confirms that the communication of the band securing wireless communication terminal 12 has been NAT-converted from the acquired TCP communication content, the center router device 10 acquires the IP address after the NAT conversion. Then, the acquired IP address after NAT conversion is notified back to the media adapter device 3 as TCP communication via the Internet network 8, the wireless line operator network 7, and the band securing wireless communication terminal 12.

When the media adapter device 3 receives the notification by TCP communication of the designated port number, it confirms whether or not the NAT-converted IP address is attached to the notification. If the NAT-translated IP address is attached, the information of the IP address after NAT translation is registered in the management parameter 17, and TCP communication via the main line interface 4 and the main wireless communication terminal 5 is performed again. Is performed, and a confirmation notification indicating that the IP address after NAT translation has been received is sent to the center router device 10 (sequence Seq62).

When the center router device 10 receives the confirmation notification from the media adapter device 3 by TCP communication, the center router device 10 notifies the media adapter device 3 again that the information for the change has been acquired (sequence Seq64). Upon receiving the notification again, the media adapter device 3 considers that the center router device 10 has permitted TCP communication on the designated port for NAT translation.

After receiving permission for TCP communication on the designated port for NAT translation, when the media adapter device 3 confirms that an ESP packet has been transmitted as IPsec communication from the router device 1 under its control (sequence Seq68), it is round robin. When the order of the method is delivery for the band securing interface 11, the ESP packet is TCP-encapsulated for TCP communication of the designated port number (sequence Seq69). Then, the media adapter device 3 distributes each TCP-encapsulated packet to each band securing interface 11 and sends it to the center router device 10 via each band securing wireless communication terminal 12 (sequence Seq70).

When the center router device 10 confirms that the port number and IP address of the received packet are registered, it releases the TCP capsule, restores the original ESP packet, and is the main line that should correspond to the ESP packet. It is transferred to the peer address of the IPsec communication received via the main wireless communication terminal 5 as the address of (Sequence Seq71). As a result, the same processing as the ESP packet for IPsec communication via the main line is performed (sequence Seq72).

Next, the operation of data communication after IPsec communication by IPsec management communication shown in FIG. 4 will be described in more detail with reference to the sequence chart of FIG. FIG. 5 is a sequence chart showing an example of an operation flow from IPsec management communication to data communication by TCP communication in the media adapter device 3 shown in FIG. 1, and is a sequence chart showing an example of the operation flow from the IPsec management communication to the data communication by TCP communication. An example of the operation flow in each of the subordinate router device 1, the media adapter device 3, the main wireless communication terminal 5, the band securing wireless communication terminal 12, the wireless line operator network 7, and the center router device 10 is shown.

In the sequence chart of FIG. 5, the communication from the router device 1 under the media adapter device 3 is defined as “uplink” communication, and is above the IPsec management communication shown in the sequence Seq55 to sequence Seq58 of FIG. Shows the operation related to "uplink" communication, and shows the operation related to "downlink" communication below the management communication of IPsec. Further, in order to make the explanation easy to understand, the sequence number in FIG. 5 uses the same number as the sequence number attached to FIG. 4 for the part performing the same communication processing as the corresponding part in FIG. ..

That is, IPsec management communication of the sequence Seq55 of the router device 1, transfer processing of the sequence Seq56 of the media adapter device 3, TCP encapsulation processing of the sequence Seq69, transfer processing of the sequence Seq57 of the main wireless communication terminal 5, and a wireless communication terminal for securing a band. Regarding the transfer processing of the sequence Seq70 of 12, the IPsec management communication processing of the sequence Seq58 of the center router device 10, the TCP decapsulation processing of the sequence Seq71, and the IPsec communication of the ESP packet of the sequence Seq72, FIG. The same processing as in the case is performed.

In the sequence chart of FIG. 5, first, when the router device 1 performs processing such as SA establishment, rekey, and keepalive as IPsec management communication (sequence Seq55), the same as in the case of FIG. IPsec communication (UDP / ESP) and rekey processing in the opposite center router device 10 via the media adapter device 3, the main line interface 4 and the main wireless communication terminal 5 (sequence Seq56, sequence Seq57). Process for IPsec management communication such as (Sequence Seq58). Here, processing for IPsec management communication related to the band securing wireless communication terminal 12 is also performed.

After that, when the router device 1 transmits an ESP packet, which is data communication for "uplink" IPsec communication, to the media adapter device 3 (sequence Seq68), in the media adapter device 3, the ESP packet is used as an interface for the main line. 4 and a plurality of packets (4 in the case of the present embodiment) are distributed to a plurality of (5 in the case of the present embodiment) packets directed to each of the band securing interfaces 11 by a round robin method (sequence Seq82). .. That is, the peer destination of IPsec SA connected from the main line interface 4 via the main wireless communication terminal 5 and the plurality of band securing interfaces 11 are designated as connection destinations of the band securing wireless communication terminal 12. TCP communication by port number is distributed to a plurality of established destinations.

Packets distributed to the main line interface 4 and addressed to the IPsec SA peer are transferred from the main line interface 4 to the main wireless communication terminal 5 (sequence Seq56) and via the main wireless communication terminal 5. (Sequence Seq57) is delivered to the center router device 10. In the center router device 10, the received packet is delivered to the IPsec communication process of the upper layer IPsec communication (sequence Seq72).

On the other hand, the packets distributed to the band securing interface 11 are TCP-encapsulated in the media adapter device 3 and then transferred from the band securing interface 11 to the band securing wireless communication terminal 12 (sequence Seq69). It is delivered to the center router device 10 via the band securing wireless communication terminal 12 (sequence Seq70). In the center router device 10, the received packet is released from the TCP capsule, restored to the original ESP packet for IPsec communication, and then the IPsec communication process addressed to the same IPsec SA peer as the main line interface 4. (Sequence Seq71).

Further, in the case of "downlink" communication from the center router device 10, when the ESP packet for the router device 1 is transmitted from the center router device 10 to the peer of IPsec SA (sequence Seq77), the center router device 10 is used. By referring to the information for IPsec management communication registered in the management parameter 16, the number of ESP packets addressed to the router device 1 is the same as that of the packet addressed to the peer of IPsec SA (this), as in the case of "uplink" communication. In the embodiment, it is distributed to a plurality of packets with a packet for a TCP connection having a designated port number (4) by a round robin method (sequence Seq83).

Packets distributed to the peer of IPsec SA are transferred to the main wireless communication terminal 5 (sequence Seq78), and are addressed to the peer from the main wireless communication terminal 5 via the media adapter device 3 (sequence Seq76, sequenceSeq75). It is delivered to the router device 1 (sequence Seq74).

On the other hand, the packet distributed for the TCP connection of the designated port number is encapsulated in TCP in the center router device 10 and then transferred from the designated port number to the wireless communication terminal 12 for band securing (sequence Seq81), and the band is banded. It is delivered to the media adapter device 3 via the securing wireless communication terminal 12 (sequence Seq80). The media adapter device 3 releases the TCP capsule of the received packet, restores it to the original ESP packet for IPsec communication (sequence Seq79), and then uses the same IPsec SA as the packet received from the main wireless communication terminal 5. Transfer to router device 1 addressed to peer (sequence Seq75).

Next, a data format related to the dedicated protocol peculiar to the present embodiment will be described. That is, an example of data formats relating to each of the bandwidth securing protocol transferred on each band securing interface 11 and the IPsec management communication protocol transferred on the main line interface 4 in the sequences of FIGS. 4 and 5. explain. FIG. 6 is a table showing an example of a data format relating to the band securing data to be transferred on each band securing interface 11 of the media adapter device 3 shown in FIG. 1, and FIG. 7 is a table showing an example of the data format related to the band securing data shown in FIG. It is a table which shows an example of the data format about the IPsec management communication data to be transferred on the main line interface 4 of the apparatus 3. Note that, in FIGS. 6 and 7, as the band securing interface 11, the case where four interfaces exist as described above is illustrated.

First, the data format related to the band securing data of FIG. 6 will be described. Note that FIG. 6 shows an example of the bandwidth securing protocol header following the TCP header.

The first line 200 of the bandwidth securing protocol header includes a version, data length, line information, keep-alive designation (k), and spare. Here, the line information is 4 bits, and IPv4 / IPv6 information indicating which of IPv4 / IPv6 is the acquired IP address of the main line interface 4 and the main line interface in order from the upper bit side. NAT conversion presence / absence information indicating the presence / absence of NAT conversion regarding the acquired IP address of 4, IPv4 / IPv6 information indicating whether the acquired IP address of the band securing interface 11 is IPv4 / IPv6, and the band securing interface 11 Indicates information with / without NAT conversion indicating the presence / absence of NAT conversion regarding the acquired IP address of. For example, when the acquired IP address of the main line interface 4 is an IPv4 address and there is no NAT translation, and the acquired IP address of the band securing interface 11 is an IPv4 address and there is NAT translation. The line information is set to '0001'.

In addition, the second line sets the port number 201 indicating the TCP port number for securing the bandwidth and the bandwidth securing hostname 202 indicating the host name for securing the bandwidth.

Further, the third and subsequent lines are address sections in which the acquired IP addresses of the main line interface 4 and the band securing interface 11 are set. That is, the acquisition IP address of the main line interface 4 is set in the first third line 203a, and the acquisition IP address of the band securing interface 11 is set in the fourth line 203b. The fifth line 203c and the sixth line 203d are lines added when the IP address of either or both of the main line interface 4 and the band securing interface 11 is NAT-translated. The IP address of the main line interface 4 after NAT translation is set in the fifth line 203c, and the IP address of the band securing interface 11 after NAT translation is set in the sixth line 203d. In addition, in the 5th line 203c and the 6th line 203d, "0" is set when NAT conversion is not performed. Normally, the IP address after NAT translation is a notification from the center router device 10.

Next, the data format related to the IPsec management communication data of FIG. 7 will be described. The IPsec management communication protocol header in FIG. 7 shows a case where it has four bandwidth securing interfaces 11 as described above.

The first line 205 of the IPsec management communication protocol header includes a type (TYPE), data length, line information, and a spare. Here, the type (TYPE) is information indicating the type of the protocol header for IPsec management communication. For example, at the time of management communication for which the first notification is performed, it is set to all '0' and the notification is re-notified by NAT conversion or the like. If you want to do it, set '1'. Further, the line information is assigned bit by bit as information for classifying which of the IPv4 and IPv6 addresses the acquired IP address of each of the four band securing interfaces 11 is, and further classifies with / without NAT conversion. Bits are assigned as information to be used. Then, the bandwidth securing interfaces 11 are arranged in ascending order. For example, the first band securing interface 11 has an IPv4 address with NAT translation, the second IPv6 band securing interface 11 has an IPv6 address without NAT translation, and the remaining two. If all of the band securing interfaces 11 are IPv4 addresses without NAT translation, the line information is set to '01100,000'.

In the second line of the IPsec management communication protocol header, the port number 206 indicating the TCP port number for securing the bandwidth and the bandwidth indicating the host name for securing the bandwidth are shown in the second line, as in the case of the protocol header for securing the bandwidth in FIG. Set the secure header 207.

Further, the third and subsequent lines are address sections in which the acquired IP addresses (IPv4 address or IPv6 address) of each of the main line interface 4 and the bandwidth securing interface 11 are set. That is, the acquired IP address of the main line interface 4 is set in the first third line 208a, and the acquired IP address (IPv4 address) of the first band securing interface 11 is set in the fourth line 203b. Is set. Further, in the four lines 209 from the fifth line to the eighth line, assuming that the acquired IP address of the second band securing interface 11 is an IPv6 address, the second line covers four lines. The acquisition IP address of the second band securing interface 11 is set. Further, acquired IP addresses (IPv4 addresses) of the third band securing interface 11 and the fourth band securing interface 11 are set in the ninth line 208c and the tenth line 208d, respectively.

Further, the eleventh line 210 is a line added when the IP address acquired by the main line interface 4 and the band securing interface 11 has been NAT-translated, and unlike the case of FIG. 6, NAT-converted. Only the lines that have been set are set in order from the first line. Whether or not the line is NAT-converted can be determined by referring to the line information in the first line 205. In the above-mentioned example, since only the first band securing interface 11 is a NAT-translated IP address (IPv4 address), the eleventh line 210 shows the first band securing interface. The IP address after NAT conversion of 11 is set.

Next, regarding TCP communication in the band securing interface 11, examples of the operation of monitoring the communication path via the band securing interface 11 in each of the media adapter device 3 and the center router device 10 are shown in FIGS. 8 and 9. This will be described using a flowchart. FIG. 8 is a flowchart showing an example of the operation of monitoring the TCP communication of the band securing interface 11 in the media adapter device 3 shown in FIG. 1, and the TCP communication is started in the sequence Seq69 of the sequence chart of FIG. An example of the monitor operation at the time is shown. Further, FIG. 9 is a flowchart showing an example of an operation of monitoring and receiving TCP communication via the band securing interface 11 in the center router device 10 shown in FIG. 1, and is shown in the sequence Seq71 of the sequence chart of FIG. , An example of the monitor reception operation when the reception operation of TCP communication is started is shown. The monitor operation and the monitor reception operation of the TCP communication are operated to maintain the connection of the TCP communication for securing the bandwidth and to hold the NAT table at the time of the NAT conversion communication.

First, the monitor operation in the media adapter device 3 will be described with reference to the flowchart of FIG. When the TCP communication connection at the designated port of the band securing interface 11 is completed, the flowchart of FIG. 8 is activated, and the media adapter device 3 periodically bands the keepalive at predetermined time intervals. Transmission is performed from the designated port of the securing interface 11 to the opposite center router device 10 (step S1). After that, it is monitored that the response from the center router device 10 to the transmitted keepalive arrives via the designated port of the bandwidth securing interface 11 (step S2).

When the response arrives via the designated port of the bandwidth securing interface 11 (“Yes” in step S2), the designated port of the bandwidth securing interface 11 is in a normal state in which the TCP connection is maintained. It is determined that there is, the process returns to step S1, and the operation of periodically transmitting the next keepalive is repeated.

On the other hand, if the response from the opposite center router device 10 is delayed and the response does not arrive even if the predetermined number of times is exceeded (“None” in step S2), the terminal is connected to the designated port. A reset instruction is transmitted to the band securing wireless communication terminal 12, and the band securing wireless communication terminal 12 is reset (step S3). After that, it is confirmed whether or not the band securing wireless communication terminal 12 is activated (step S4). If the band securing wireless communication terminal 12 has not been activated (NG in step S4), the process returns to step S3, and the operation of resetting the band securing wireless communication terminal 12 is repeated again.

When it is confirmed that the band securing wireless communication terminal 12 has been activated (OK in step S4), the IP address or IPv6 address obtained by accessing the Internet network 8 again from the band securing wireless communication terminal 12 is confirmed. Is returned (step S5), and if the acquired IP address or IPv6 address is not returned (NG in step S5), the process returns to step S3 to secure the bandwidth again. The operation of resetting the wireless communication terminal 12 is repeated.

On the other hand, when the acquired IP address or IPv6 address is returned (OK in step S5), it is considered that the state has returned to the state where normal TCP communication is possible, and the bandwidth securing interface 11 is designated. It shifts to the state of waiting for TCP connection processing to perform TCP communication on the port. Then, when the TCP communication is connected at the designated port of the band securing interface 11 (step S6), the process returns to step S1 and the next keepalive is performed from the designated port of the band securing interface 11. ) Is sent periodically.

As the keep-alive data format, for example, the data length of the first line 200 of the bandwidth securing protocol header shown in FIG. 6 and the appropriate data corresponding to the line information are set, and the 20th bit is set. Set '1' in the keep alive designation (k), set the information corresponding to each of the port number 201 and the bandwidth reservation hostname202 in the second line, and delete the address setting fields in the third and subsequent lines. Use the data format of the above format.

Next, the monitor reception operation in the center router device 10 opposite to the media adapter device 3 will be described with reference to the flowchart of FIG. In the present embodiment, the center router device 10 opposite to the media adapter device 3 performs only the reception operation of the keep-alive for the monitor and the transmission operation in order to reduce the processing load of the center router device 10. Explains the case where is not performed. However, the present invention is not limited to this case, and it goes without saying that the center router device 10 may also perform an operation of transmitting a keepalive to the media adapter device 3.

When the keepalive is received from the band securing interface 11 of the media adapter device 3 (step S11), the number of received keepalives is counted up, and whether or not the keepalives received for the specified number of times within the specified time specified in advance are received. (Step S12). When the keepalives for the specified number of times are received within the specified time (“Yes” in step S12), the media adapter device 3 that is the source of the keepalives is accessed via the corresponding band securing interface 11. Then, a response indicating that the keepalive has been received is returned, the process returns to step S11, and the operation of receiving the next keepalive is repeated.

On the other hand, if the keepalive for the specified number of times is not received within the specified time (“None” in step S12), the TCP communication of the corresponding band securing interface 11 is temporarily disconnected (step S13). After that, when the TCP communication of the port number '500' from the main wireless communication terminal 5 connected to the main line interface 4 confirms the reconnection of the TCP communication of the band securing interface 11 (step S14). ), Return to step S11, and resume the operation of receiving the next keepalive.

(Explanation of the effect of this embodiment)
As described in detail above, in the present embodiment, the effects described below can be obtained.

The first effect is that even if the wireless communication terminal has a narrow band, by using a plurality of wireless communication terminals in order in a round robin system, it is not necessary to depend on the service function provided by the wireless line operator. It is possible to secure a wireless band while using the contracted capacity of each wireless communication terminal as it is. Further, since the wireless communication terminal to be used can be used even if it is a different wireless line operator or a different wireless communication protocol, it is possible to reduce the risk at the time of failure.

The second effect is that by bundling wireless lines using a plurality of wireless communication terminals, it is possible to secure a wireless band equal to or greater than the band for one wireless line without being aware of it.

The third effect is that it can support the NAT traversal of IPsec and the new protocol of IPv6, which have been increasingly used in the IPv4 protocol in recent years. In the future, it is predicted that the infrastructure using IPv6 addresses with a large number of bits of host addresses will increase due to the spread of IOT (Internet Of Things), etc., but even if such a situation occurs, it will be updated to a new network system. It is possible to use it as it is without doing it.

(Other Embodiments of this Embodiment)
In the above-described embodiment, as shown in FIGS. 1 and 2, the description has been made on the premise that the IPv4 protocol is used in the main line using the main wireless communication terminal 5, but the present invention describes the present invention. It is not limited to such a case. For example, the IPv6 protocol may be used for the main line that uses the main wireless communication terminal 5. FIG. 10 is a connection configuration diagram showing an example different from FIGS. 1 and 2 in the connection configuration of the media adapter device according to the present invention, and shows a case where the IPv6 protocol is used in the main line.

Note that FIG. 10 is different from the configuration example shown in FIG. 2 of the above-described embodiment in that the IPv6 protocol is used for the main line passing through the main wireless communication terminal 5, and the devices are different from each other. Although the communication contents to be exchanged are different in form, the actual communication contents are almost the same. Therefore, the 100 series of the three-digit code attached to each communication in FIG. 10 is shown in FIG. It is attached by changing from '3' to '4'.

In FIG. 10, when the IPv6 protocol RS (Router Solicitation) 401 is transmitted from the router device 1 connected to the LAN side of the media adapter device 3, the media adapter device 3 is connected to the main line interface 4. By transmitting the IPv6 address proxy connection request 404 from the connected main wireless communication terminal 5, the wireless line operator network 7 is accessed and the IPv6 address 403 is acquired from the Internet network 8. Then, the media adapter device 3 takes out the acquired IPv6 address prefix (Prefix) and returns it to the router device 1 as RA (Router Advertisement) 400 which is a response to RS401.

The router device 1 generates an IPv6 address by receiving the prefix of the IPv6 address as RA400. When receiving the IPsec communication of the IPv6 address generated by the router device 1, the media adapter device 3 communicates with the Internet network 8 by NAT-converting to the previously acquired IPv6 address via the main line interface 4. You will be able to.

Further, the media adapter device 3 also accesses the wireless line operator network 7 from the band securing wireless communication terminal 12 to acquire address information. Further, when the media adapter device 3 starts the IPsec communication 405 as the IPsec communication connection process from the router device 1, the media adapter device 3 establishes the SA when making a VPN connection with the opposite center router device 10. That is, SA is established by NAT-converting to the IPv6 address previously received from the main wireless communication terminal 5 and communicating with the center router device 10 of the opposite destination via the Internet network 8.

At the same time, the media adapter device 3 exchanges information about the band securing interface 11 with the opposite center router device 10 by TCP communication 414 with the management communication port number '500', and the center router device 3 is used. Notify 10 of the IP address (IPv4 address / IPv6 address). Further, the media adapter device 3 acquires the designated TCP port number and, in the case of IPv4, the peer address from the opposite center router device 10. When the media adapter device 3 acquires the TCP port number and the peer address as information about the band securing interface 11, the media adapter device 3 and the center router device 10 perform TCP communication of the specified TCP port number from the band securing interface 11. TCP communication 413 can be performed.

Further, when the contract of the band securing wireless communication terminal 12 is a terminal of the IPv4 protocol, the media adapter device 3 acquires the IPv4 in the IPsec management communication of the TCP communication 414 and registers it in the management parameter 17. It is possible to read the peer address of the above and perform TCP communication to the peer address to maintain the TCP connection of the band securing wireless communication terminal 12. The media adapter device 3 registers the communication management information acquired at the start of TCP communication in the management parameter 17, but when the registered information is changed, the changed information is updated to the management parameter 17. At the same time as registering, the information is confirmed by transmitting the information to the center router device 10 by TCP communication of the port number '500' using the interface 4 for the main line.

When the media adapter device 3 receives the ESP packet by IPsec communication 416 from the router device 1 after the registration information of the management parameter 17 is confirmed with the center router device 10, the ESP packet is received. Is distributed as an IPsec data packet via the main wireless communication terminal 5 and the band securing wireless communication terminal 12, and the operation of sequentially transferring the packet by the round robin method is started. That is, when the media adapter device 3 goes through the main wireless communication terminal 5, the IPsec data packet is transmitted as it is to the center router device 10 by the IPsec communication 412 according to the IPsec protocol, but the band securing wireless communication terminal 12 is used. When passing through, the IPsec data packet is TCP-encapsulated and then transmitted to the center router device 10 by TCP communication 413.

As described above, in the connection configuration shown in FIG. 10, when the contract of the main wireless communication terminal 5 is the IPv6 protocol, the IPv6 address prefix (Prefix) acquired by the transmission of RS401 in the router device 1 Upon receiving the data using the IPv6 address generated based on the above, the media adapter device 3 can access the Internet network 8 by NAT-converting the IPv6 address acquired via the main wireless communication terminal 5 into NAT. it can. Therefore, the router device 1 can communicate with the Internet network 8 by acquiring the prefix (Prefix) of the IPoE (Internet Protocol over Ethernet) method, and also for IPsec communication, the peer address of the destination IPv6 address. It can be implemented by setting.

The configuration of a preferred embodiment of the present invention has been described above. However, it should be noted that such embodiments are merely exemplary of the invention and do not limit the invention in any way. Those skilled in the art can easily understand that various modifications can be made according to a specific application without departing from the gist of the present invention.

1 Router device 2 LAN cable 3 Media adapter device 4 Main line interface 5 Main wireless communication terminal 6 Main wireless line 7 Wireless line operator network 8 Internet network 10 Center router device 11 Band securing interface 12 Band securing wireless communication terminal 13 Wireless line for securing band 16 Management parameter 17 Management parameter 18 Router setting parameter 200 1st line (Protocol header for securing band)
201 port number 202 Bandwidth secured hostname
203a 3rd line (protocol header for securing bandwidth)
203b 4th line (protocol header for securing bandwidth)
203c 5th line (protocol header for securing bandwidth)
203d 6th line (protocol header for securing bandwidth)
205 1st line (Protocol header for IPsec management communication)
206 port number 207 Bandwidth secured hostname
208a 3rd line (protocol header for IPsec management communication)
208b 4th line (protocol header for IPsec management communication)
208c 9th line (protocol header for IPsec management communication)
208d 10th line (protocol header for IPsec management communication)
209 Lines 5 to 8 for 4 lines (protocol header for IPsec management communication)
210 11th line (protocol header for IPsec management communication)
300 Response 301 Connection request 302 IPsec communication 303 IP address 304 Proxy connection request 305 IPsec communication 306 Proxy connection request 307 IP address 312 IPsec communication 313 TCP communication (encapsulated IPsec communication)
314 TCP communication 316 IPsec communication 400 RA
401 RS
403 IPv6 address 404 IPv6 address proxy connection request 405 IPsec communication 412 IPsec communication 413 TCP communication 414 TCP communication 416 IPsec communication

Claims (10)

The connected router to the LAN (Local Area Network), a network system connected through a radio line to the center router device connected to the Internet network, connecting the router device through a radio line to the Internet network It is a media adapter device that performs media conversion for
As an interface on the WAN (Wide Area Network) side
An interface for the main line that connects the main wireless communication terminal for sending and receiving wireless signals related to data flowing through the main wireless line,
One or more band securing interfaces for connecting one or more band securing wireless communication terminals for securing a wireless line for securing a wireless band, and one or more band securing interfaces.
With
Information on the IP addresses of one or more of the band securing wireless communication terminals is transmitted as authentication information from the main line interface to the center router device via the main wireless communication terminal.
When a data packet addressed to the center router device is received from the router device, the data packet is converted into media, and the round robin method is used for the main line interface and one or more of the band securing interfaces. It is distributed in order to and from the Internet, transmitted to the Internet network via the main wireless communication terminal, one or a plurality of the band securing wireless communication terminals, and distributed to the destination center router device.
A media adapter device characterized by that. Communication management information related to communication via each of the one or a plurality of the band securing interfaces is transmitted to the center router device on the opposite side via the main line interface and managed in the center router device. Equipped with a means to register as a parameter
From the center router device, referring to the management parameter, data packets addressed to the router device are sent to the main wireless communication terminal and one or more of the band securing wireless communication terminals by a round robin method. When it is sorted in order and each of them detects that it has been sent,
The router device of the destination by associating the data packet transmitted via each of the one or a plurality of the band securing wireless communication terminals with the data packet transmitted via the main wireless communication terminal. Deliver to
The media adapter device according to claim 1. The data packet transmitted / received between the router device and the center router device is an IPsec data packet conforming to the IPsec (Security Architecture for Internet Protocol) protocol.
When transmitted / received via the main line interface, the IPsec data packet is transmitted / received as it is as IPsec communication.
When transmitted / received via the band securing interface, the IPsec data packet is TCP-encapsulated and transmitted / received as TCP communication.
The media adapter device according to claim 1 or 2. In order to maintain the communication path via the band securing interface, it is periodically kept with the center router device via one or a plurality of the band securing interfaces at predetermined time intervals. Send alive,
The media adapter device according to any one of claims 1 to 3. The connected router to the LAN (Local Area Network), a network system connected through a radio line to the center router device connected to the Internet network, connecting the router device through a radio line to the Internet network It is a distributed communication management method in a media adapter device that performs media conversion for the purpose of performing media conversion.
The media adapter device is
An interface for the main line that connects the main wireless communication terminal for transmitting and receiving wireless signals related to data flowing through the main wireless line, and one or more wireless communication terminals for securing the wireless band for securing the wireless band. Steps to send and receive data via each of one or more bandwidth securing interfaces that connect each
Have,
Information on the IP addresses of one or more of the band securing wireless communication terminals is transmitted as authentication information from the main line interface to the center router device via the main wireless communication terminal.
When a data packet addressed to the center router device is received from the router device, the data packet is converted into media, and the round robin method is used for the main line interface and one or more of the band securing interfaces. It is distributed in order to and from the Internet, transmitted to the Internet network via the main wireless communication terminal, one or a plurality of the band securing wireless communication terminals, and distributed to the destination center router device.
A distributed communication management method characterized by the fact that. The media adapter device is
Communication management information related to communication via each of the one or a plurality of the band securing interfaces is transmitted to the center router device on the opposite side via the main line interface and managed in the center router device. Has a step to register as a parameter
From the center router device, referring to the management parameter, data packets addressed to the router device are sent to the main wireless communication terminal and one or more of the band securing wireless communication terminals by a round robin method. When it is sorted in order and it is detected that each has been sent in order,
The router device of the destination by associating the data packet transmitted via each of the one or a plurality of the band securing wireless communication terminals with the data packet transmitted via the main wireless communication terminal. Deliver to
The distributed communication management method according to claim 5. The data packet transmitted / received between the router device and the center router device is an IPsec data packet conforming to the IPsec (Security Architecture for Internet Protocol) protocol.
When transmitted / received via the main line interface, the IPsec data packet is transmitted / received as it is as IPsec communication.
When transmitted / received via the band securing interface, the IPsec data packet is TCP-encapsulated and transmitted / received as TCP communication.
The distributed communication management method according to claim 5 or 6. In order to maintain the communication path via the band securing interface, it is periodically kept with the center router device via one or a plurality of the band securing interfaces at predetermined time intervals. Send alive,
The distributed communication management method according to any one of claims 5 to 7, wherein the distributed communication management method is characterized. The connected router to the LAN (Local Area Network), a network system connected through a radio line to the center router device connected to the Internet network, connecting the router device through a radio line to the Internet network A distributed communication management program executed by a computer in a media adapter device that performs media conversion for the purpose of performing media conversion.
The media adapter device is
An interface for the main line that connects the main wireless communication terminal for transmitting and receiving wireless signals related to data flowing through the main wireless line, and one or more wireless communication terminals for securing the wireless band for securing the wireless band. A function to send and receive data via each of one or more bandwidth securing interfaces that connect each.
Have,
Information on the IP addresses of one or more of the band securing wireless communication terminals is transmitted as authentication information from the main line interface to the center router device via the main wireless communication terminal.
When a data packet addressed to the center router device is received from the router device, the data packet is converted into media, and the round robin method is used for the main line interface and one or more of the band securing interfaces. It is distributed in order to and from the Internet, transmitted to the Internet network via the main wireless communication terminal, one or a plurality of the band securing wireless communication terminals, and distributed to the destination center router device.
A distributed communication management program characterized by this. The media adapter device is
Communication management information related to communication via each of the one or a plurality of the band securing interfaces is transmitted to the center router device on the opposite side via the main line interface and managed in the center router device. It has a function to register as a parameter,
From the center router device, referring to the management parameter, data packets addressed to the router device are sent to the main wireless communication terminal and one or more of the band securing wireless communication terminals by a round robin method. When it is detected that the data has been sorted in order and sent in order,
The router device of the destination by associating the data packet transmitted via each of the one or a plurality of the band securing wireless communication terminals with the data packet transmitted via the main wireless communication terminal. Deliver to
The distributed communication management program according to claim 9.

Images