JPH10229401A - Communication system using atm network - Google Patents

Abstract

PROBLEM TO BE SOLVED: To improve the security of communication by preparing a constitution in which a transmitting IP node reports the IP addresses of both transmitting and receiving nodes, the transport layer protocol to be used and the TCP/IP port number and then the transmission is inhibited for the pocket number of the node stored by the transmitting node after the virtual connection has been set. SOLUTION: A network application 10 selects a specific port of TCP ports 14 and UDP ports 15 and sends a packet to it. An IP-processing part 13 processes an IP layer to give a header to it and sends a packet to an ATM VC termination part 16. The part 16 reads the received packet, a TCP/UDP header and an IP reader and retrieves whether or not a VC has been set. If the setting of the VC is confirmed, the part 16 decides the permission or inhibition for transmission of a packet by making a reference to a VC management table 21. Thus, the security of an IP node is enhanced by previously setting a desired filtering rule for an ATM exchange with regards to security.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

The present invention relates to an asynchronous transfer (As
AT: ynchronous Transfer Mode; AT
M) The present invention relates to a communication system using a network, and more particularly to a communication system for ensuring communication security in an Internet configuration using a TCP / IP protocol using an ATM network.

[0002]

2. Description of the Related Art In such a conventional communication system using an ATM network, a TCP / UDP protocol using an IP protocol in a network layer and TCP and UDP protocols in a transport layer is used.
Routers have been used to connect IP networks to each other. The router has a plurality of network interfaces and terminates processing up to the network layer. Also, a part of the processing of the transport layer may be performed.

One of the functions of a router is to secure communication security by filtering packets.
When an IP node outside a network communicates with an IP node inside the network, it passes through a router at the gateway of the network. The router reads the network layer and transport layer headers in the packet and performs the transfer. Therefore, the sending IP node and the receiving IP of the TCP / IP packet which may pass therethrough
By setting the IP address of the node and the TCP / UDP port number and discarding packets that do not correspond to the IP address, IP nodes inside the network can no longer be accessed from the outside, or access to specific transport layer ports can be restricted. Can be banned. These are called network layer level packet filtering and transport layer level packet filtering, respectively, and are useful for improving communication security.

In the OSI hierarchical model, A
Regarding the communication method when the TCP / IP protocol is used for the third and fourth layers, the TM ATM Forum
And IETF (Internet Engineering)
g Task Force) and the ATM
Forum 96-0824r9, draft-i
etf-rolc-nhrp-09. Specifications such as txt have been published. In the NHRP method and MPOA method in these specifications, to speed up the network,
High-speed ATM exchanges have been used instead of routers. In such a network, after a virtual connection (VC) is set between transmission and reception IP nodes by a control procedure called signaling, communication is performed through the VC. The TCP / UDP packet transmitted to the VC is divided into fixed-length short units called cells at the transmitting IP node, sent to the network, and the relay ATM switch is switched as it is as a cell, and the TCP / UDP packet is again transmitted at the receiving IP node. Assembled into UDP packets.

[0005]

In the conventional communication system using the ATM network, the network is delivered in the state of cells. Therefore, unlike the conventional router, the relay ATM exchange differs from the conventional router in that the TCP / TCP in the packet is used. Reading of the UDP header and the IP header is not performed. For this reason, there is a problem that packet filtering at the transport layer level and the network layer level performed by the router cannot be performed, which is a problem in terms of security.

SUMMARY OF THE INVENTION An object of the present invention is to solve the above-mentioned problem even in a network composed of ATM exchanges.
It is to realize the function of packet filtering that the router has performed.

[0007]

According to a communication system using an ATM network of the present invention, a transmitting IP node having an ATM network interface activates a signaling procedure, and the transmitting IP node operates as a receiving IP of a communication partner. Set up a virtual connection with the node and use TCP / IP
In a communication method using an ATM network in which a packet is converted into an ATM cell to perform communication, the TCP / IP part in the transmission-side IP node attempts to transmit when the transmission-side IP node activates the signaling procedure. The ICP
Notifying the IP signaling, the transport layer protocol, and the transport layer port number of the IP node on the transmission side and the reception side of the / IP packet to an ATM signaling processing section in the transmission side IP node, The ATM signaling processing unit stores the notified value and, in the signaling procedure to the network, declares the notified content to the network, and after the virtual connection is set once. The transmitting side IP node stores the stored TCP / IP pocket having the IP address of each of the transmitting and receiving IP nodes, the transport layer protocol, and the port number of the transport layer.
Prohibiting transmission through the virtual connection.

The communication system using the ATM network of the present invention is
A transmitting IP node having a TM network interface starts a signaling procedure, the transmitting IP node sets up a virtual connection with a receiving IP node of a communication partner, and transmits a TCP / IP packet to an ATM.
In a communication system using an ATM network for performing communication by making cells, an ATM signaling processing unit in an ATM exchange that has received the signaling procedure for setting up the virtual connection includes the transmission side and the transmission side declared by the transmission side IP node. Read the IP address, transport layer protocol, and transport layer port number of each IP node on the receiving side, and set if the virtual connection setting is allowed based on the virtual connection setting permission rule created in advance. Continue the procedure, and if it is not permitted, cancel the setting of the virtual connection.

The communication method using the ATM network of the present invention is
A transmitting IP node having a TM network interface starts a signaling procedure, the transmitting IP node sets up a virtual connection with a receiving IP node of a communication partner, and transmits a TCP / IP packet to an ATM.
In a communication system using an ATM network which performs communication by making cells, communication between the transmitting side and the receiving side of each
When a virtual connection is set between P nodes and the IP address, transport layer protocol, and transport layer number of each of the transmission and reception of the packet permitted to be transmitted and received through the P node are already specified. In addition to the permitted packets, each of the sending and receiving IP nodes may receive a different sending and receiving IP address, transport layer protocol,
Notifying a network of a request to permit transmission and reception of a packet having a transport layer number through the virtual connection,
The M exchange determines whether to permit the request based on a preset rule, and if so, notifies the IP node of each of the transmission and reception of the transmission and reception of the packet. IP
When a node notifies the node that transmission / reception of the packet is prohibited, and an ATM exchange in the network notifies the IP node of each of the transmission / reception of permission of transmission / reception of the packet based on a preset rule. The IP address, the transport layer protocol, and the transport layer port number of each of the IP nodes of the transmission and reception of one or more other packets permitted to transmit and receive as well as permitting the transmission and reception of the packet. Notify.

[0010]

Next, the present invention will be described with reference to the drawings.

FIG. 1 shows an IP node according to the first embodiment of the present invention. FIG. 2 is a functional configuration diagram relating to a TCP / IP protocol and an ATM communication unit.

In the first embodiment, VCs are unidirectional, and when performing bidirectional communication between IP nodes, two VCs in different directions are set independently. Also, when communicating with the same partner IP node using different TCP / UDP ports within one IP node,
It is configured to use different VCs.

In the first embodiment shown in FIG.
The network application 10 is a program that uses a network using TCP / IP and ATM. The TCP processing unit 11, the UDP processing unit 12, and the IP processing unit 13 are functional units that perform communication processing relating to the TCP protocol, the UDP protocol, and the IP protocol, respectively. The TCP port 14 and the UDP port 15 are used by the network application
This is a communication interface for using the DP protocol, and the network application 10 selects one port. Each port has a unique port number. The ATM VC terminating unit 16 is the IP processing unit 1
3 and an ATM network. At the time of transmission, a packet received from the IP processing unit 13 is converted into an ATM cell and transmitted to the network through VC. In the receiving direction, the ATM cell transmitted through VC is assembled into an IP packet. It passes to the IP processing unit 13. The ATM signaling processing unit 17 controls and processes signaling for setting a VC in response to a command from the ATM VC terminating unit 16 or the arrival of a signaling message from the network. The TCP / UDP filtering table 18 and the ITP filtering table 19 are for controlling packets that can be transmitted to a certain VC and packets that can be received through the VC, based on information stored at the time of setting the VC. The TCP / UDP filtering table 18 performs the above control based on the TCP / UDP port number, and the IP filtering table 19 performs the above control based on the IP addresses of the transmitting and receiving IP nodes. The VC table 20 is
It is used to register and manage the set VC. TC
The P / UDP filtering table 18, the IP filtering table 19, and the VC table 20 together
Called C management table 21. The data link layer 22 other than the ATM is a functional unit that controls input / output packets to / from a network other than the ATM.

FIG. 2 is a block diagram showing a transmitting side IP according to the first embodiment.
FIG. 9 is a diagram illustrating a procedure at the time of transmitting a packet in a node.

In the first embodiment, it is assumed that VC is unidirectional. In FIG. 2, when the IP node is a data transmission source, the procedure 101 is performed. In order for the network application 10 to transmit a packet, a specific port among the TCP port 14 or the UDP port 15 is selected and the packet is transmitted. give. Next, in step 102, the TCP processing unit 11 or the UDP processing unit 12 that has received the packet performs the processing of the TCP layer and the UDP layer, respectively, adds the packet header, and passes the packet to the IP processing unit 13. Next, in step 103-1, the IP processing unit 13
Attach header by processing layer, ATM VC termination unit 1
Pass the packet to 6. When the IP node relays the data received from the network other than the ATM to the ATM network, it performs the procedure 103-2, performs the IP processing on the packet received from the data ring layer 22 other than the ATM, and executes the ATM VC.
The packet is passed to the termination unit 16. Subsequent processing is performed in step 10
The same applies when performing 3-1 and when performing procedure 103-2.

Next, in step 104, the ATM VC terminating unit 16 checks the passed packet and the TCP / UDP header,
After reading the IP header, the T
It is searched whether a VC already exists between the CP / UDP ports.

When the VC has not been set, a procedure 105 is performed to activate the signaling procedure, and the ATM signaling processing unit 17 is requested to set the VC. At this time, the I / O of the transmitting / receiving IP node of the packet to be transmitted is
The P address and the TCP / UDP port number are notified to the ATM signaling processing unit. At this time, the type (identifier) of the network application 10 may be notified as an option. Next, the procedure 106 is performed, and the ATM signaling processing unit 17 starts signaling the VC setting request to the receiving IP node to the network. At this time, an IP address and a TCP / UDP port number are notified to the network in addition to the ATM address of the transmitting / receiving IP node. Optionally,
The type (identifier) of the network application 10 may be notified. If the setting of the VC is successful between the receiving IP node and the network, the network notifies the transmitting IP node. Thereafter, the procedure 108 is performed, and the set VC is used as an output of the IP
In the management table 21, the IP address and the TCP / UDP port number of the sending / receiving IP node of the packet permitted to be transmitted, the optional network application 10
Is registered with the type (identifier). And step 109
Then, the packet is transmitted to the receiving IP node using the VC.

FIG. 3 is a diagram showing an example of the contents of the VC management table 21 in the IP node according to the first embodiment.

In FIG. 3, column 31 has VPI = 0, V
The VC of CI = 103 has an IP address of 133.20.
The port of TCP8010 in the IP node of 7.36.112 is set as the transmission side, and the IP address is 133.207.
38. From TCP # 25 to 100 in 123 IP node
Port No. is set as the receiving side. Column 32 is
A VC with VPI = 2 and VCI = 129 is a UDP in an IP node with an IP address of 133.207.38.222.
The port 517 is set as the sender and the IP address is 13
3.207.36.111 and UDP80 in IP node
This indicates that port 80 is set as the receiving side. The network application 1 using the VC
It indicates that the type (identifier) of 0 is the transmitting side 161 and the receiving side 161.

If the VC has already been set in step 104, step 110 is performed, and the ATM VC termination unit 16
Refers to the VC management table 21 and determines whether the packet can be sent to the receiving IP node through the VC.
Optionally, the network application 10
, It is also possible to determine whether packet transmission is permitted or not. When transmission is allowed, A
The TM VC terminating unit 16 performs the procedure 111, and transmits the packet through the VC. If the transmission is not permitted, step 112 is performed and the packet is discarded.

FIG. 4 is a functional block diagram showing an ATM exchange in the network according to the first embodiment.

In FIG. 4, the switch hardware 51
Is a hardware unit for switching ATM cells according to the set VC. Signaling processing unit 5
2 is a part for processing the received signaling message. The switch hardware control unit 53 is a unit that sets a VC in the switch hardware 21 according to a command from the signaling processing unit 52. The exchange filtering table 54 contains the IP addresses of the transmitting and receiving IP nodes,
This is a part for restricting a VC that can be set via the exchange by a transport layer protocol and a TCP / UDP port number. As an option, it is also possible to add a functional unit for limiting the VC setting according to the type of the network application 10.

FIG. 5 shows A in the first embodiment.
FIG. 9 is a diagram showing a processing procedure when the TM exchange receives a VC setting request signal message.

In FIG. 5, in step 201, adjacent A
The signaling processing unit 52 receives a signaling message from the TM exchange or the IP node. Then, in step 202, the signaling processing unit 52 determines an output line from the ATM address of the receiving IP node in the received signaling message. Next, in step 203, the IP address of the transmission / reception IP node and the TCP / UDP port number included in the signaling message are read, and the VC is set on the input side line and the output side line with reference to the exchange filtering table 54. Is determined. As an option, the determination can be made depending on the type of the network application 10.

FIG. 6 is a diagram showing an example of the contents of the exchange filtering table 54 according to the first embodiment.

In FIG. 6, a column 31 has an IP address of 1
It is permitted to set a VC between an arbitrary port of an IP node of 33.207.36.111 and a TCP port 25 to 100 of an IP node having an IP address of 133.207.38.123. Represent. Column 32 is
UDP port 517 of the IP node whose IP address is 133.207.36.222 and IP address 13
UDP 808 of the 3.207.37.111 IP node
This indicates that setting of a VC with port 0 is permitted. Column 33 shows that the IP address is 133.207.3
TCP of all IP nodes in 6.0 network
This indicates that setting a VC for using a network application whose type is 161 between port 20 and port 21 is permitted. The column 34 shows the arbitrary ports of all the IP nodes on the network with the IP address of 133.207.36.0 and the IP address of 1
33. This indicates that setting a VC between any IP node and any port on a network other than 33.207.0.0 is prohibited.

If the result of step 203 is that VC setting is permitted, step 204 is executed to output a VC setting signaling message together with the IP address of the sending / receiving IP node of the packet to be transmitted and the TCP / UDP port number. The data is transmitted to the next stage ATM switch or IP node via the line on the side. At this time, the type of the network application 10 and the IP address, TCP / UDP of other packets permitted to be transmitted through this VC
The port number can be included in the signaling message. If the setting with the VC is not permitted, the procedure 205 is executed, the setting of the VC is interrupted, and the switch or IP node at the preceding stage is notified of the interruption.

FIG. 7 shows the VC according to the first embodiment.
FIG. 9 is a diagram showing a procedure of the IP node when receiving a setting request signal message.

Referring to FIG. 7, in procedure 301, an adjacent AT
The ATM signaling section 17 receives a VC setting request signaling message from the M exchange through the ATM VC terminating section 16. Next, in step 302, the ATM signaling unit 17 performs a signaling process, and
VC is set in the C terminator 16 and the IP processing unit 1 is used as an input.
Connect to 3. Then, in step 303, the ATM signaling processing unit 17 transmits the set VC together with the TCPOUUD port number and IP address of the IP node of the transmission / reception IP node of the packet permitted to transmit / receive through the VC, and the type of the optional network application 10. Register in the management table 21.

FIG. 8 is a diagram showing a procedure in the IP node when data is received from the network according to the first embodiment.

Referring to FIG. 8, in procedure 401, the AT
The MVC termination unit 16 assembles a packet from the received data cells. Next, in step 402, the ATM
The VC terminating unit 16 determines the TCP of the transmission / reception IP node from the IP header and the TCP / UDP header of the assembled packet.
It reads the / UDP port number and the IP address, and refers to the VC management table 21 to determine whether the received packet can be passed to the IP processing unit 13. Optionally, the identifier of the network application is also used as a criterion. If permitted, the procedure proceeds to step 404 where the AT
The MVC termination unit 16 passes the packet to the IP processing unit 13. If the access is not permitted, the procedure proceeds to step 405 where the ATM is used.
The VC termination unit 16 discards the packet.

Next, a second embodiment of the present invention will be described with reference to the drawings.

In the second embodiment, a bidirectional VC is used, and when starting communication, the same VP is set between IP nodes.
A configuration is adopted in which VCs in different directions are set at the same time by the I / VCI. Also, different TCP /
When communicating with the same partner IP node using the UDP port, the same VC is used. IP
The functional configuration diagram relating to the TCP / IP protocol and ATM communication in the node and the functional configuration diagram showing the ATM switch are the same as those in the first embodiment, and are shown in FIGS. 1 and 4, respectively.

FIG. 9 is a block diagram showing a transmitting-side IP according to the second embodiment.
FIG. 9 is a diagram illustrating a procedure at the time of transmitting a packet in a node.

In FIG. 9, procedures 501, 502, 50
3-1, 503-2, and 504 correspond to the procedures 101, 102, 103-1, 103-2, and 104 of the first embodiment.
Is the same as If the result of step 504 is that VC for the receiving IP node has not been set, step 50
5, 506, 507, 508 and 509 are performed. These procedures are the procedures 105, 106, 1 of the first embodiment 1.
Same as 07, 108, 109. If the result of step 504 is that a VC has already been set between the sending and receiving TCP / UDP ports between the sending and receiving IP nodes, step 510 is performed, and then step 511 or 512 is performed. Step 51
0, 511, and 512 correspond to the procedure 11 of the first embodiment.
Same as 0, 111, 112. As a result of step 504,
TCP / TCP to be used for communication in the sending / receiving IP node
If a VC is set other than between the UDP ports, the procedure 513 is performed, and another TCP / TCP is set to the already set VC.
A procedure for passing a packet having an IP attribute is started. In step 513, the ATM VC termination unit 16 notifies the ATM signaling control unit 17 of the IP address of the transmission / reception IP node and the TCP / UDP port number of the transmission / reception IP node, and requests addition of a packet that can be transmitted to the VC.
Next, in step 514, the ATM signaling control unit 17
The ATM address is searched from the IP address of the receiving IP node. Next, in step 515, signaling of a packet addition request that can be transmitted / received to / from the VC to the receiving IP node is started for the network. At this time, in addition to the ATM address of the sending / receiving IP node, an IP address, TCP /
Notify the network of the UDP port number. As an option, the type (identifier) of the network application 10 can be notified. If the request for adding the transmission / reception packet succeeds between the receiving IP node and the network, the network notifies the transmitting IP node. Thereafter, the procedure 516 is performed, and the TC of the newly added transmission / reception IP node is set in the VC management table 21.
The P / UDP port number is additionally registered in the VC.
Then, in step 517, the packet is transmitted to the receiving IP node using the VC.

FIG. 10 shows A in the second embodiment.
FIG. 11 is a diagram showing a processing procedure when the TM exchange receives a signaling message of a request to add a packet that can be transmitted to a VC.

In FIG. 10, in step 601, the signaling processing unit 52 receives a signaling message from an adjacent ATM exchange or IP node. Next, in step 602, the IP address and TCP / UDP port number of the transmission / reception IP node included in the signaling message are read, and it is determined whether the transmission and reception of a new packet may be permitted with reference to the exchange filtering table 54. . As an option, the determination can be made depending on the type of the network application 10.
If the result of step 602 indicates that the packet is permitted, step 603 is executed, and a signaling message requesting permission of transmission / reception of a new packet to the existing VC is sent via the output line to the next-stage ATM switch or IP switch. Send to node. If the access is not permitted, the procedure 604 is executed, the additional processing is interrupted, and the switch or IP node at the preceding stage is notified of this.

FIG. 11 is a diagram showing a procedure of the IP node when the existing VC receives a signaling message requesting permission of transmission / reception of a new packet in the second embodiment.

Referring to FIG. 11, in step 701, an adjacent A
The signaling message of the permission request from the TM exchange is
The ATM signaling unit 17 receives the data through the ATM VC termination unit 16. Next, in step 702, the ATM signaling processing unit 17 additionally registers the TCP / UDP port numbers of the newly added transmission / reception IP nodes in the VC management table 21 in the VC.

[0040]

As described above, according to the present invention, the relay A
Filtering rules are described in the TM exchange according to the information of the transport layer and the network layer similar to the conventional router, and when setting the VC by signaling,
The transmitting IP node reports the IP address of each transmitting and receiving node, the transport layer protocol (TCP or UDP) and the TCP / UDP port number to be used, and checks with a relay ATM switch whether they are prohibited by the filtering rules. After the VC is set, filtering is performed at the time of data transfer by checking whether a packet is transmitted as declared. When the VC is set by signaling, the receiving IP node performs filtering at the time of setting the VC. Stores the IP address of the sending / receiving IP node, the transport layer protocol, and the TCP / UDP port number declared through the network, and discards the packets other than the stored attributes after the VC setting. T by ATM exchange It is not necessary to check the P / UDP header and the IP header, read them in the header at the IP node,
Filtering by IP address and TCP / UDP port number can be realized, and this filtering rule is independent of the individual setting of each IP node and is determined by the rule set in the relay ATM exchange, and If the filtering rule of the relay ATM exchange is set to a desirable setting for security,
The effect is that the security of all IP nodes downstream of the TM exchange is improved.

[Brief description of the drawings]

FIG. 1 is a functional configuration diagram relating to a TCP / IP protocol and an ATM communication unit in an IP node according to a first embodiment of the present invention.

FIG. 2 is a diagram illustrating a procedure at the time of transmitting a packet in a transmitting-side IP node according to the first embodiment;

FIG. 3 is a diagram illustrating a VC in the IP node according to the first embodiment;
FIG. 4 is a diagram showing an example of a management table 21.

FIG. 4 is a functional configuration diagram showing an ATM switch according to the first and the embodiments.

FIG. 5 is a diagram showing a processing procedure when the ATM exchange receives a signaling message in the first embodiment.

FIG. 6 is a diagram showing an example of a filtering table 54 of the ATM exchange according to the first embodiment.

FIG. 7 is a diagram showing a procedure in an IP node when receiving a signaling message of a VC setting request in the first embodiment.

FIG. 8 is a diagram showing a procedure in an IP node when a data cell is received from a network according to the first embodiment.

FIG. 9 is a diagram illustrating a procedure at the time of transmitting a packet in a transmitting-side IP node according to the second embodiment of this invention;

FIG. 10 is a diagram showing a processing procedure when an ATM exchange receives a signaling message in the second embodiment.

FIG. 11 is a diagram illustrating a procedure in an IP node when a signaling message of a VC setting request is received according to the second embodiment.

[Explanation of symbols]

 DESCRIPTION OF SYMBOLS 10 Network application 11 TCP processing part 12 UDP processing part 13 IP processing part 14 TCP port 15 UPP port 16 ATM VC termination part 17 ATM signaling processing part 18 TCTP / UDP filtering table 19 IP filtering table 20 VC table 22 Data ring other than ATM Layer 51 Switch hardware 52 Signaling processing unit 53 Switch hardware control unit 54 Exchange filtering table

Claims (5)

[Claims] 1. A transmitting IP node having an ATM network interface activates a signaling procedure, and the transmitting IP node sets up a virtual connection with a receiving IP node of a communication partner, and executes TCP / IP.
In a communication method using an ATM network in which a packet is converted into an ATM cell to perform communication, a TCP / IP part in the transmission-side IP node attempts to transmit when the transmission-side IP node activates the signaling procedure. The respective IPs of the sending and receiving IP nodes of the ICP / IP packet
The address, the transport layer protocol, and the transport layer port number are stored in the
Notifying the M signaling processing unit, the ATM signaling processing unit stores the notified value,
In the signaling procedure to the network, the notified content is declared to the network, and once the virtual connection is set up, the transmitting IP node stores the stored IP addresses of the transmitting and receiving IPs. A communication method using an ATM network, wherein transmission of a TCP / IP pocket having a node other than the IP address, the transport layer protocol, and the port number of the transport layer through the virtual connection is prohibited. . 2. A transmitting IP node having an ATM network interface activates a signaling procedure, and the transmitting IP node sets up a virtual connection with a receiving IP node of a communication partner, and executes TCP / IP.
In a communication method using an ATM network in which a packet is converted into an ATM cell to perform communication, an ATM signaling processing unit in an ATM exchange, which has received the signaling procedure for setting up the virtual connection, is configured to execute the ATM signaling processing declared by the transmitting side IP node. The IP address, the transport layer protocol, and the transport layer port number of each IP node on the transmitting side and the receiving side are read, and the setting of the virtual connection is permitted based on a virtual connection setting permission rule created in advance. A communication method using an ATM network, characterized in that the setting procedure is continued in the case, and the setting of the virtual connection is stopped if the setting is not permitted. 3. A transmitting IP node having an ATM network interface activates a signaling procedure, and the transmitting IP node sets up a virtual connection with a receiving IP node of a communication partner, and executes TCP / IP.
In a communication method using an ATM network for performing communication by converting a packet into an ATM cell, an ATM signaling processing part in the receiving IP node that has received the signaling procedure for setting up the virtual connection includes: When setting the virtual connection, the IP address, transport layer protocol, and transport layer port number of each of the IP nodes of the transmitting side and the receiving side notified in the signaling procedure are stored, After that, the virtual connection is set once, and then the receiving-side IP node transmits, through the virtual connection, the stored IP address, the transport layer protocol, and the transport layer port of each of the transmitting and receiving IP nodes. number A communication method using an ATM network, characterized in that when a TCP / IP pocket having other than the above is received, it is discarded. 4. A transmitting IP node having an ATM network interface activates a signaling procedure, and the transmitting IP node establishes a virtual connection with a receiving IP node of a communication partner, and executes TCP / IP.
In a communication method using an ATM network in which a packet is converted into an ATM cell to perform communication, a virtual connection is set between each of the IP nodes on the transmission side and the reception side, and transmission and reception through the virtual connection are permitted. When the IP address, the transport layer protocol, and the transport layer number of each of the transmission and reception of the packet are specified, in addition to the already-permitted packet, the transmission and reception of each IP node is performed by another transmission and reception respectively. I
A request to permit transmission / reception of a packet having a P address, a transport layer protocol, and a transport layer number through the virtual connection is notified to a network, and an ATM exchange in the network uses a predetermined rule based on a predetermined rule. It is determined whether or not the request is permitted. If the request is permitted, the transmission / reception permission of the packet is notified to the transmission / reception IP node. If the permission is not permitted, the transmission / reception of the packet is prohibited to the transmission / reception IP node. A communication method using an ATM network. 5. The ATM switch in the network,
When notifying the transmission / reception permission of the packet to each of the transmission / reception IP nodes based on a preset rule,
In addition to permitting the transmission and reception of the requested packet, the I / O of each of the transmitting and receiving IP nodes of one or more other packets that are permitted to transmit and receive
5. A communication system using an ATM network according to claim 4, wherein a P address, said transport layer protocol, and said transport layer port number are notified.