JPH118648A - Network connection device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a network connector capable of preventing the occurrence of troubles such as duplicate addresses on a global network in a network system such as a LAN where a private address is used. SOLUTION: In this network connector connected to a global network and a LAN and connecting terminal equipment in the LAN to a terminal equipment in the global network for the communication, when a frame addressed to the terminal equipment in the global network is received from the terminal equipment in the LAN, a caller address detection section 14 extracts a caller address of the frame and a caller address filter section 16 discriminates whether or not the caller address is a global address according to address filter data preset in advance by a filter address setting section 15. When the caller address is not the global address, a frame transmission section 17 inhibits transmission of the frame to the global network.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a network connection device which is connected to a global network and a LAN and controls a terminal device in the LAN to connect to and communicate with a terminal device in the global network.
The present invention relates to a network connection device that enables each terminal device in an AN to communicate with a terminal device in a global network without individually having a global address.

[0002]

2. Description of the Related Art A global network called the Internet is spreading. FIG. 10 shows an example of a network configuration including the global network 1, LANs 2a and 2b, network connection devices 3a and 3b, terminal devices 4a, 4b, and 4c. With such a network configuration, for example, communication can be performed between the terminal device 4a in the LAN 2a and the terminal device 4b in the LAN 2b. That is, the terminal device 4a specifies the global address of the terminal device 4b and
a, the network connection device 3a sends the frame to the global network 1, and the global network 1 sends the frame to the network connection device 3b in accordance with the global address and the already obtained routing information. 3b distributes to the terminal device 4b according to the global address. When the terminal device 4b knows the source global address from the received frame and transmits the frame with the address as the destination, the frame is similarly distributed to the terminal device 4a.

FIG. 11 shows a main part of a data structure of a frame called a datagram on the Internet. As shown, each frame includes fields for setting a source global address (referred to as an IP address in the Internet) and a destination global address. The total number of terminal devices on the Internet having such a frame is limited by the number of bits (digits) of the global address field, and with the explosive increase in the number of terminals in recent years, a shortage of global addresses has begun to be feared. In order to cope with such a problem of global address shortage in the Internet, a private address has been used instead of a global address for a terminal device in a local system (for example, LAN). According to this private address, it is possible to freely define and use the address in a local system, that is, within a specific organization, on the assumption that it is not connected to the outside.

[0004]

However, in a terminal device which can use a private address as in the above-mentioned conventional technology, when transmitting to a destination having a global address, a terminal address is often used as a source address. Private address is set. Therefore, when sending a reply at the destination terminal device, the private address set in the frame received at the destination device is used as the destination address, and a trouble such as the address being duplicated with another terminal device occurs. ing. SUMMARY OF THE INVENTION An object of the present invention is to solve the problems of the conventional technology as described above and to prevent a problem such as address duplication on a global network from occurring in a network system in which a private address can be used in a LAN or the like. It can prevent and L
It is an object of the present invention to provide a network connection device that enables each terminal device in an AN to communicate with a terminal device in a global network without individually having a global address.

[0005]

In order to solve the above-mentioned problems, according to the first aspect of the present invention, a terminal device connected to a global network and a LAN is connected to a terminal device in the global network. When a frame addressed to a terminal device in the global network is received from a terminal device in the LAN, if the source address of the frame is not a global address, the network connection device that performs communication control transfers the frame to the global network. Transmission control means for prohibiting transmission is provided. Further, according to the invention described in claim 2, it is connected to a global network and a LAN,
In a network connection device for controlling connection and communication between a terminal device in a LAN and a terminal device in a global network, a registered global address is stored in an LA.
N. The apparatus further comprises address allocating means for dynamically allocating to a private address for communication between terminals in N. When a frame addressed to a terminal device in a global network is received from a terminal device in a LAN, A global address is allocated to the source private address obtained from the storage unit and stored in the storage unit. The source private address in the frame is converted to the global address and transmitted to the global network, and the frame addressed to the global address is globally transferred. Upon receipt from the network, a private address to which the global address is allocated is acquired from the storage means, and the frame is delivered to a terminal device having the private address. Also, in the invention according to claim 3, in the network connection device according to claim 2, the address allocating means sets the source private address to a global address only when the source private address is not allocated to a global address. Added the function to assign.

According to the first aspect of the present invention, the frame connected to the terminal device in the global network is transmitted to the network connection device by the network connection device.
If the source address of the frame is not a global address when received from a terminal device within the group, transmission of the frame to the global network is prohibited. Therefore, it is possible to prevent a problem in which a destination address other than the global address is used at the time of reply and the address is duplicated on the global network. In the invention according to claim 2, when a frame addressed to a terminal device in the global network is received from a terminal device in the LAN, a global address is allocated to a source private address of the frame, and The source address is converted to the global address and sent to the global network. On the other hand, when the frame addressed to the global address is received from the global network, the frame is delivered to the terminal device having the private address to which the global address is assigned. Therefore, even if the number of global addresses to be secured is smaller than the number of terminal devices in the LAN, all terminal devices in the LAN can communicate with terminal devices in the global network. According to the third aspect of the present invention, in the second aspect, the source address is allocated to the global address only when the source private address is not allocated to the global address, so that no time is spent on unnecessary allocation processing. Only needs to be done.

[0007]

Embodiments of the present invention will be described below in detail with reference to the drawings. FIG. 1 shows a configuration example of a main part of a network system including a network connection device according to the present invention. The configuration of the entire network system is the same as that shown in FIG. In FIG.
The network topology of LAN2 is L shown in FIG.
The bus type is the same as the ANs 2a and 2b. That is, the cables connecting the network connection device 3 and the terminal devices 4 are connected to each other in the network connection device 3. The terminal device 4 shown in FIG. 1 is, for example, a personal computer, a printer, a multifunction device, or the like. FIG. 2 is a configuration block diagram of the network connection device 3 according to the first embodiment of the present invention. As shown in the figure, the network connection device 1 sends a frame to the global network 1, sends a frame to the external connection interface unit 11 that receives a frame from the global network 1, sends a frame to the LAN 2, and sends a frame from the LAN 2. The terminal connection interface unit 12 that receives the data, the frame reception unit 13 that obtains a frame whose destination physical address is the network connection device from the frames received by the terminal connection interface unit 12, and the frame that is obtained by the frame reception unit 13. A source address detector 14 for extracting the source address of the datagram, a filter address setting unit 15 for setting address determination data for determining whether the source address is a global address, and a filter address setting unit 15 The source address filter unit 16 determines whether or not the source address extracted based on the specified address determination data is a global address, and passes only the frame of the global address to the subsequent stage, and is passed from the source address filter unit 16. A frame transmission unit 17 for performing a frame transmission process is provided. In FIG. 2, arrows indicate the direction of data flow.

The operation of this embodiment will be described below with reference to the flowchart shown in FIG. It is assumed that filter address data for determining whether the source address of the datagram is a global address is set in the filter address setting unit 15 of the network connection device 3 in advance. First, a frame is transmitted from any one of the terminal devices 4 in the LAN 2, and the frame is received by the network connection device 3 and another terminal device 4 (S1). As described above, the network connection device 3
Since the cable connecting the terminal and each terminal device 4 is connected in the network connection device 3, the frame is received by the other terminal devices 4. FIG.
The data structure of the main part of the frame is shown below. In FIG. 4, a destination physical address and a source physical address are data link level addresses, that is, addresses assigned to the terminal devices 4 for exchanging frames between terminal devices in the LAN. When sending to
The physical address of the network connection device 3 is set.
The above frame is transmitted to the terminal connection interface unit 12.
, The frame receiving unit 13 extracts the destination physical address of the frame received by the terminal connection interface unit 12 and compares the extracted physical address with the physical address of the network connection device 3 set in the frame receiving unit 13 in advance. By comparison, it is determined whether the destination physical address is the address of the network connection device 3 (S2). If it is determined that the address is the address of the network connection device 3 (Yes in S2), a received frame is acquired (S3).

On the other hand, if it is determined that the address is not the address of the network connection device 3 (No in S2), the above-mentioned frame received by the terminal connection interface unit 12 is ignored, and the operation exits from this operation flow. That is, the frame is discarded. However, the above-mentioned frame is obtained in any one of the other terminal devices 4 having the same terminal connection interface unit as the terminal connection interface unit 12 because the destination physical address is determined to be its own address. . Subsequently, the source address detecting unit 14 extracts the source address set in the source IP address field in the datagram header from the frame acquired by the frame receiving unit 13 (S
4), when the source address filter unit 16 acquires the source address, the source address filter unit 16 refers to the address filter data set therein from the filter address setting unit 15 and
Based on this, it is determined whether or not the source address is a global address (IP address) (S5).
For example, if all private addresses used in the LAN 2 are set to a value smaller than the global address or all set to a larger value, the address is determined to be a global address if the value is equal to or more than a predetermined value or equal to or less than the predetermined value. It is.

If it is determined that the source address is a global address (Yes in S5), the frame transmitting unit 7 transmits the datagram portion of the frame (see FIG. 4) to the global address via the external connection interface unit 11. The data is transmitted to the network 1 (S6). If it is determined that the address is not a global address (No in S5),
The frame is discarded, that is, transmission to the global network is prohibited (S7), a message indicating this is created in the frame configuration shown in FIG. 4, and the frame is transmitted via the terminal connection interface unit 12 to the transmission source. The physical address is sent to the terminal device 4. When the external connection interface unit 11 receives a datagram from the global network 1, the external connection interface unit 11 has a destination physical address obtained from the destination global address (IP address) and an address of the network connection device 3 as a source physical address. A data link header is added, and the frame is transmitted to the terminal device 4 having the above-mentioned source physical address via the terminal connection interface unit 12.

As described above, according to the first embodiment, when an attempt is made to transmit to a destination having a global address via a global network, a private address is set as a source address of a datagram. In such a case, the transmission of the frame (datagram) to the global network is prohibited. When a reply is sent from the destination terminal device, the private address set in the frame received by the destination is used as the destination address. And as a result,
It is possible to prevent a trouble that an address is duplicated with another terminal device.

FIG. 5 is a block diagram showing the configuration of a network connection device according to a second embodiment of the present invention. As shown in the figure, the network connection device of this embodiment
In addition to the external connection interface unit 11, the terminal connection interface unit 12, the frame reception unit 13, and the source address detection unit 14, the global address registration unit 18 that registers a global address in advance and the source address detection unit 14 extract An address translation table unit 19 for dynamically associating the source private address with the global address obtained from the global address registration unit 18 and storing the table in the table, and converting the source private address into a global address associated with the table. A source address translator 20, a frame receiver 21 for acquiring a frame from the global network received by the external connection interface 11,
A destination address detecting unit 22 for extracting a destination global address from the frame, a destination address converting unit 23 for converting the global address into an associated private address according to a table of an address conversion table unit 19, and a destination address of a datagram being a private address. And a frame transmission unit 24 for adding a data link header to the converted frame and transmitting the frame to the destination terminal device via the terminal connection interface unit 12.

The operation of this embodiment will be described below with reference to the operation flow shown in FIGS. As shown in FIG. 8, the global address assigned to the LAN is registered in the global address registration unit 18. However, in this embodiment, the number of global addresses may be smaller than the number of terminal devices 4 in the LAN. In FIG. 8, the use status indicates whether or not the global address is assigned (associated) to a specific private address. When the global address is assigned, it is indicated by 1, and when it is not assigned, it is indicated by 0. Have been.

The operation flow shown in FIG. 6 shows the operation contents when a terminal device in the LAN sends a frame to the global network 1 via the network connection device 3. Steps S11 to S14 in FIG. 6 are the same as steps 1 to 4 of the first embodiment (FIG. 3), and thus description thereof will be omitted. In step S15,
As shown in FIG. 9, the global address acquired from the global address registration unit 18 is allocated to the extracted source private address (however, when the global address is not allocated to the private address). When acquiring a global address from the global address registration unit 18, the address conversion table unit 19 searches the table (FIG. 8) in the global address registration unit 18 to acquire a global address whose use state is 0, and Set the status to 1. When acquiring the global address, the address conversion table unit 19 does not return the global address until the number of global addresses in the use state 0 of the global address registration unit 18 becomes equal to or less than a predetermined number. If the number is less than the predetermined number, return them in the order of acquisition. However, if the global address to be returned is in communication (described later), the return order returns the next global address. Therefore, the assignment in step S15 is not performed every time, but in this step the communication field shown in FIG.
Is set to The communicating field is set to 1 when the table is communicating, and is set to 0 otherwise.

Subsequently, the source address translation unit 20 refers to the table in the address translation table unit 19, and translates the source private address of the datagram header into a global address assigned to (associated with) the datagram header (corresponding to the address). S16) The frame transmitter 17 sends the datagram (frame) that has undergone such conversion to the global network 1 (S17). When receiving a frame from the global network 1, as shown in FIG. 7, first, the external connection interface unit 11 receives a datagram (frame) (S21).
Then, when this datagram is acquired by the frame receiving unit 21 (S22), the destination address detecting unit 22 extracts the destination address from the datagram and passes it to the destination address converting unit 23.

Subsequently, the destination address translation unit 23 refers to the table in the address translation table unit 19, and determines whether the acquired destination address (global address) is set in the table (S23). At least if the received datagram is a reply to the datagram sent from the network connection device 3, the global address is set in the table. In this case (Yes in S23), the destination address conversion unit 23 Acquires the private address associated with the global address from the table, and rewrites the destination address of the datagram header with the acquired private address (S24). Further, the in-communication field of the table shown in FIG. Such a datagram is transmitted to the frame transmitting unit 2
4, the frame transmission unit 24 adds a data link header in which a destination physical address or the like is set based on the converted destination address (private address) to the datagram (S25). Then, the frame to which the data link header is added is transmitted to the terminal device 4 in the LAN (S26). On the other hand, if it is determined in step S23 that the destination global address is not set in the table (No in S23), the received datagram (frame) is discarded, and the process exits from this operation flow.

When a terminal device in the global network sends an e-mail or the like that is not a reply to the terminal device 4 in the LAN, the originating side sets a mail server in the LAN 2 in the destination address field of the datagram, for example. No) global address is set and sent. This global address is always set in the table of the address conversion table section 19, and the name of the user of each terminal device 4 in the LAN is registered in the mail server in association with the physical address of the terminal device 4. In addition, the mail sender specifies the name of the user as the destination. Then, in accordance with the e-mail protocol as an application level protocol, the name is acquired by the mail server together with the e-mail, and the mail server associates the name with the registered name and performs mail distribution.

As described above, according to the second embodiment, when a frame addressed to the terminal device 4 in the global network is received from the terminal device 4 in the LAN, the global private address of the frame is added to the source private address of the frame. Is assigned, the source address in the frame is converted to the global address and sent to the global network, and when a frame addressed to the global address is received from the global network, the private address of the assigned global address is Since the frame is delivered to the terminal device 4, even if the number of global addresses to be reserved is smaller than the number of terminal devices 4 in the LAN, all the terminal devices 4 in the LAN communicate with the terminal devices 4 in the global network. It becomes possible to do.

[0019]

As described above, according to the present invention, the following excellent effects can be exhibited. According to the first aspect of the present invention, when a frame addressed to a terminal device in a global network is received from a terminal device in a LAN in a network connection device, if a source address of the frame is not a global address, the frame is Is prohibited from being sent to the global network.
It is possible to prevent a trouble caused by using a destination address other than the global address when replying. According to the second aspect of the present invention, when a frame addressed to a terminal device in the global network is received from a terminal device in the LAN, a global address is allocated to a source private address of the frame, and Is converted to the global address and sent to the global network, and when a frame addressed to the global address is received from the global network, the frame is delivered to the terminal device having the private address to which the global address is assigned. Therefore, even if the number of global addresses to be reserved is smaller than the number of terminal devices in the LAN, all terminal devices in the LAN can communicate with terminal devices in the global network. According to the third aspect of the invention, in addition to the effect of the second aspect, the source address is allocated to the global address only when the source private address is not allocated to the global address. Saves time in the allocation process.

[Brief description of the drawings]

FIG. 1 is a system configuration diagram showing a configuration example of a main part of a network system including a network connection device according to the present invention.

FIG. 2 is a configuration block diagram of a network connection device according to the first embodiment of the present invention.

FIG. 3 is an operation flowchart of the network connection device according to the first embodiment of the present invention.

FIG. 4 is a data configuration diagram of a main part of a frame related to the network connection device according to the first embodiment of this invention.

FIG. 5 is a configuration block diagram of a network connection device according to a second embodiment of the present invention.

FIG. 6 is an operation flowchart of the network connection device according to the second embodiment of the present invention.

FIG. 7 is another operation flowchart of the network connection device according to the second embodiment of the present invention.

FIG. 8 is a data configuration diagram of a main part of a network connection device according to a second embodiment of the present invention.

FIG. 9 is another data configuration diagram of a main part of the network connection device according to the second embodiment of the present invention.

FIG. 10 is a system configuration diagram showing an example of a system including a network connection device according to a conventional technique.

FIG. 11 is a data configuration diagram of a main part of a frame relating to a conventional technology and a network connection device of the present invention.

[Explanation of symbols]

1 global network, 2 LAN, 3 network connection device, 4 terminal device, 11 external connection interface unit, 12 terminal connection interface unit, 14
Source address detection unit, 15 filter address setting unit, 16 source address filter unit, 18 global address registration unit, 19 address conversion table unit,
20 source address converter, 22 destination address detector, 23 destination address converter.

Claims (3)

[Claims] 1. A network connection device connected to a global network and a LAN for controlling a terminal device in the LAN to connect to and communicate with a terminal device in the global network, wherein a frame addressed to the terminal device in the global network is transmitted to the LAN. If the source address of the frame is not a global address when received from the terminal device in
A network connection device comprising transmission control means for prohibiting transmission of the frame to a global network. 2. A network connection device which is connected to a global network and a LAN and controls a terminal device in the LAN to connect to and communicate with a terminal device in the global network. An address allocating means for dynamically allocating to a private address for communication is provided, and when a frame addressed to a terminal device in a global network is received from a terminal device in a LAN, a source private address acquired from the frame by the address allocating means is provided. A global address is allocated to the address and stored in the storage means, and the source private address in the frame is converted to the global address and transmitted to the global network, and the frame addressed to the global address is grouped. When receiving from over Val network, network connection device, characterized in that acquires the private address of the global address is allocated from the storage means, and to deliver the frame to the private address of the terminal device. 3. The network connection device according to claim 2, wherein said address allocating means is configured to allocate said source private address to a global address only when said source private address is not allocated to a global address. A network connection device, characterized in that: