JPWO2009066350A1 - Communication control device and communication control method - Google Patents

Abstract

A technique for improving the efficiency of transmitting communication data is provided. The communication control apparatus includes a plurality of class-specific management circuits 420 that manage the timing of transmitting communication data, the communication data to be transmitted, and the band of the communication data to be transmitted. Class information is acquired, and a class management circuit 420 to which communication data is to be supplied is selected from a plurality of class management circuits 420 according to the class information, and communication data is transmitted to the selected class management circuit 420. And a selection circuit 405 for supplying.

Description

  The present invention relates to a communication control technique, and more particularly to a communication control apparatus and a communication control method for controlling transmission of communication data.

  With the development of the Internet infrastructure and the widespread use of communication terminals such as mobile phone terminals, personal computers, and VoIP (Voice over Internet Protocol) telephone terminals, the number of Internet users is increasing explosively. Under such circumstances, security problems such as computer viruses, hacking, and spam mails are becoming obvious, and a technique for appropriately controlling communication is required.

Although it has become possible to easily access a vast amount of information using the Internet, it is also true that harmful information is flooding, and regulations on the source of harmful information cannot be caught up. is there. In order to create an environment in which everyone can use the Internet safely and effectively, technology that appropriately controls access to harmful content is required.
International Publication WO2006-087832 Pamphlet

  As the amount of communication becomes enormous, there is an increasing need for a technique for appropriately managing communication priority while effectively utilizing limited infrastructure.

  The present invention has been made in view of such circumstances, and an object thereof is to provide a technique for improving the efficiency of sending communication data.

  One embodiment of the present invention relates to a communication control apparatus. The communication control device includes a plurality of management circuits that manage the timing of transmitting communication data, the communication data to be transmitted, and the band class to which the communication data is to be transmitted, for each band class to which the communication data is to be transmitted. A selection circuit that selects the management circuit to which the communication data is to be supplied from the plurality of management circuits according to the class information, and supplies the communication data to the selected management circuit; It is characterized by providing.

  The selection circuit may generate a chip select signal for activating a management circuit to which the communication data is to be supplied from the class information, and supply the chip selection signal to the management circuit.

  When the management circuit transmits a packet exceeding the number of transmittable bits assigned to the class in charge at a certain timing, the management circuit calculates the number of bits of the packet exceeding the number of transmittable bits at the next and subsequent timings. A packet with the number of subtracted bits may be transmitted.

  When the packet scheduled to be sent next time exceeds the number of sendable bits assigned to the class to which the management circuit is responsible, the management circuit performs another management responsible for the class in which the packet to be sent next time is less than the number of sendable bits. The circuit may be requested to send out excess packets.

  Another aspect of the present invention relates to a communication control method. The communication control method includes the steps of acquiring communication data to be transmitted, information on a class of a band to which the communication data is to be transmitted, and communication data provided for each band class to which the communication data is to be transmitted. Selecting a management circuit to which the communication data is to be supplied from a plurality of management circuits for managing the transmission timing according to the class information, and supplying the communication data to the selected management circuit. It is characterized by that.

  It should be noted that any combination of the above-described constituent elements and a conversion of the expression of the present invention between a method, an apparatus, a system, a recording medium, a computer program, etc. are also effective as an aspect of the present invention.

  ADVANTAGE OF THE INVENTION According to this invention, the technique which improves the efficiency which sends out communication data can be provided.

It is a figure which shows the structure of the communication control system which concerns on a premise technique. It is a figure which shows the structure of the conventional communication control apparatus. It is a figure which shows the structure of the communication control apparatus which concerns on a premise technique. It is a figure which shows the internal structure of a packet processing circuit. It is a figure which shows the internal structure of a position detection circuit. It is a figure which shows the example of the internal data of a 1st database. It is a figure which shows another example of the internal data of a 1st database. It is a figure which shows another example of the internal data of a 1st database. It is a figure which shows the structure of the comparison circuit contained in a binary search circuit. It is a figure which shows the example of the internal data of a 2nd database. It is a figure which shows another example of the internal data of a 2nd database. It is a figure which shows another structural example of the communication control apparatus which concerns on a premise technique. It is a figure which shows the structure of the communication control apparatus which concerns on embodiment. It is a figure which shows the example of the internal data of a management table.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 10 Communication control apparatus, 12 Communication control unit, 14 Switching control part, 20 Packet processing circuit, 30 Search circuit, 32 Position detection circuit, 33 Comparison circuit, 34 Index circuit, 35 Comparison circuit, 36 Binary search circuit, 40 Process execution circuit , 50 First database, 57 User database, 60 Second database, 100 Communication control system, 110 Operation monitoring server, 111 Management table, 120 Connection management server, 130 Message output server, 140 Log management server, 150 Database server, 160 URL Database, 161 Virus / phishing site list, 162 White list, 163 Black list, 164 Common category list, 170 Billing server, 180 Registration reception server, 210 Site management User terminal, 220 virus / phishing site list providing server, 230 user terminal, 300 search site, 310 communication unit, 320 search request reception unit, 330 search unit, 340 search result presentation unit, 400 bandwidth control circuit, 405 selection circuit, 410 Registration unit, 420 class-specific management circuit, 430 management table, 440 communication data registration RAM, 450 data extraction circuit.

(Prerequisite technology)
First, an outline of the configuration and operation of a communication control device and its peripheral devices will be described as a prerequisite technology.

  FIG. 1 shows a configuration of a communication control system according to the base technology. The communication control system 100 includes a communication control device 10 and various peripheral devices provided to support the operation of the communication control device 10. The communication control apparatus 10 of the base technology realizes a URL filtering function provided by an Internet service provider or the like. The communication control device 10 provided in the network path acquires an access request for content, analyzes the content, and determines whether to permit access to the content. If access to the content is permitted, the communication control apparatus 10 sends the access request to the server that holds the content. If access to the content is prohibited, the communication control apparatus 10 discards the access request and returns a warning message or the like to the request source. In the base technology, the communication control apparatus 10 receives an access request such as a “GET” request message of HTTP (HyperText Transfer Protocol), and the URL of the content of the access destination is a list of reference data for determining whether access is permitted or not. To determine whether or not access to the content is permitted.

  The peripheral devices include an operation monitoring server 110, a connection management server 120, a message output server 130, a log management server 140, and a database server 150. The connection management server 120 manages the connection to the communication control device 10. For example, when the communication control device 10 processes a packet transmitted from a mobile phone terminal, the connection management server 120 uses the information that uniquely identifies the mobile phone terminal included in the packet, and the user of the communication control device 10 Authenticate that Once authenticated, a packet sent from the IP address temporarily attached to the mobile phone terminal is sent to the communication control device 10 without being authenticated by the connection management server 120 for a certain period of time and processed. . The message output server 130 outputs a message to the access request destination or request source according to the access permission / rejection result determined by the communication control apparatus 10. The log management server 140 manages the operation history of the communication control apparatus 10. The database server 150 acquires the latest database from the URL database 160 and inputs it to the communication control apparatus 10. In order to update the database without stopping the operation of the communication control apparatus 10, the communication control apparatus 10 may have a backup database. The operation monitoring server 110 monitors the operation status of peripheral devices such as the communication control device 10, the connection management server 120, the message output server 130, the log management server 140, and the database server 150. The operation monitoring server 110 has the highest priority in the communication control system 100, and performs monitoring control of the communication control device 10 and all peripheral devices. As will be described later, the communication control device 10 is configured by a dedicated hardware circuit. However, the operation monitoring server 110 uses a boundary scan circuit by using a technique such as Japanese Patent No. 3041340 by the present applicant. By inputting / outputting monitoring data to / from the communication control device 10 or the like, the operation status can be monitored even during operation of the communication control device 10.

  As will be described below, the communication control system 100 of the base technology controls the communication control device 10 configured by a dedicated hardware circuit for speeding up by a server group having various functions connected to the periphery. With this configuration, various functions can be realized with the same configuration by appropriately replacing the software of the server group. According to the base technology, such a highly flexible communication control system can be provided.

  FIG. 2 shows a configuration of a conventional communication control device 1. The conventional communication control device 1 includes a communication control unit 2 on the reception side, a packet processing unit 3, and a communication control unit 4 on the transmission side. The communication control units 2 and 4 include PHY processing units 5a and 5b that perform processing on the physical layer of the packet, and MAC processing units 6a and 6b that perform processing on the MAC layer of the packet, respectively. The packet processing unit 3 includes a protocol processing unit that performs processing according to a protocol, such as an IP processing unit 7 that performs IP (Internet Protocol) protocol processing and a TCP processing unit 8 that performs TCP (Transport Control Protocol) protocol processing. And an AP processing unit 9 that performs application layer processing. The AP processing unit 9 performs processing such as filtering according to the data included in the packet.

  In the conventional communication control apparatus 1, the packet processing unit 3 is realized by software using a CPU that is a general-purpose processor and an OS that runs on the CPU. However, with such a configuration, the performance of the communication control device 1 depends on the performance of the CPU, and there is a limit to the implementation of a communication control device that can process a large-capacity packet at high speed. For example, in the case of a 64-bit CPU, the maximum amount of data that can be processed simultaneously at a time is 64 bits, and there has been no communication control device having higher performance. Further, since it is assumed that there is an OS having a general-purpose function, there is no possibility that a security hole exists, and maintenance work such as OS version upgrade is required.

  FIG. 3 shows the configuration of the communication control apparatus of the base technology. The communication control device 10 is configured by dedicated hardware using a wired logic circuit in place of the packet processing unit 3 realized by software including a CPU and an OS in the conventional communication control device 1 shown in FIG. A packet processing circuit 20 is provided. Rather than processing communication data with an OS and software that run on a CPU that is a general-purpose processing circuit, a dedicated hardware circuit for processing communication data is provided, thereby limiting the performance limit caused by the CPU, OS, etc. It is possible to overcome and realize a communication control device with high processing capability.

  For example, when searching for whether or not the data included in the packet includes reference data that is a criterion for filtering in order to perform packet filtering or the like, the communication data and the reference data are compared using the CPU. However, only 64 bits can be compared at a time, and even if it is attempted to improve the processing speed, there is a problem that the performance of the CPU reaches a peak. In the CPU, it is necessary to repeat the process of reading 64 bits from the communication data into the memory, comparing with the reference data, and then reading the next 64 bits into the memory. Time is rate limiting and processing speed is limited.

  On the other hand, in the base technology, a dedicated hardware circuit configured by a wired logic circuit is provided to compare communication data and reference data. This circuit includes a plurality of comparators provided in parallel to enable comparison of data lengths longer than 64 bits, for example, a data length of 1024 bits. In this way, by providing dedicated hardware, a large number of bit matching operations can be executed in parallel at the same time. The communication control apparatus 1 using a conventional CPU can process 1024 bits at a time, which can process only 64 bits at a time, and can dramatically improve the processing speed. If the number of comparators is increased, the processing capability is improved, but the cost and size also increase. Therefore, an optimum hardware circuit may be designed in consideration of desired processing performance, cost, size, and the like. The dedicated hardware circuit may be realized using an FPGA (Field Programmable Gate Array) or the like.

  Further, the communication control apparatus 10 of the base technology is configured by dedicated hardware using a wired logic circuit, and therefore does not require an OS (Operating System). For this reason, there is no need for OS installation, bug handling, version upgrade, and the like, and costs and man-hours for management and maintenance can be reduced. Unlike CPUs that require general-purpose functions, unnecessary functions are not included, so unnecessary resources are not used, and cost reduction, circuit area reduction, and processing speed improvement can be expected. . Furthermore, unlike conventional communication control devices that use an OS, it does not have an extra function, so it is unlikely that security holes will occur, and is resistant to attacks from malicious third parties via the network. Is excellent.

  The conventional communication control apparatus 1 processes a packet by software premised on a CPU and an OS, receives all data of the packet, performs protocol processing, and passes the data to the application. On the other hand, in the communication control device 10 of the base technology, since processing is performed by a dedicated hardware circuit, it is not necessary to start processing after receiving all data of the packet, and receive data necessary for processing. Then, the process can be started at an arbitrary time without waiting for the reception of subsequent data. For example, position detection processing in a position detection circuit described later can be started when position specifying data for specifying the position of comparison target data is received. As described above, since various processes can be executed in a floating manner without waiting for reception of all data, the time required to process packet data can be shortened.

  FIG. 4 shows the internal configuration of the packet processing circuit. The packet processing circuit 20 includes a first database 50 that stores reference data serving as a reference for determining the content of processing to be performed on communication data, and whether the received communication data includes reference data. Whether or not the search circuit 30 for searching by comparing the communication data with the reference data, and the second database 60 for storing the search result by the search circuit 30 and the contents of the processing to be executed on the communication data in association with each other. And a processing execution circuit 40 that processes communication data based on the search result by the search circuit 30 and the conditions stored in the second database 60.

  When the search circuit 30 divides the reference data stored in the first database 50 into three or more ranges, the position detection circuit 32 detects the position of the comparison target data to be compared with the reference data from the communication data. An index circuit 34 that is an example of a determination circuit that determines to which of the ranges the comparison target data belongs; a binary search circuit 36 that searches for reference data that matches the comparison target data in the determined range; including. Although any search technique can be used as a method for searching the comparison target data from the reference data, the binary search method is used in the base technique.

  FIG. 5 shows the internal configuration of the position detection circuit. The position detection circuit 32 includes a plurality of comparison circuits 33a to 33f for comparing the position specifying data for specifying the position of the comparison target data with the communication data. Here, six comparison circuits 33a to 33f are provided, but the number of comparison circuits may be arbitrary as will be described later. Communication data is input to each of the comparison circuits 33a to 33f with a predetermined data length, for example, shifted by 1 byte. In the plurality of comparison circuits 33a to 33f, the position specifying data to be detected and the communication data are compared in parallel at the same time.

  In the base technology, as an example for explaining the operation of the communication control apparatus 10, the character string “No. ##” included in the communication data is detected, and the number “##” included in the character string is detected. A case where a process of discarding a packet is performed when “#” is compared with the reference data and when the packet matches the reference data is permitted.

  In the example of FIG. 5, in order to detect the position specifying data “No.” for specifying the position of the number “####” from the communication data, the communication data “01No. 361. Each character is shifted and input to the comparison circuits 33a to 33f. That is, the comparison circuit 33a has "01N", the comparison circuit 33b has "1No", the comparison circuit 33c has "No.", the comparison circuit 33d has "o." . 3 ”and“ 36 ”are input to the comparison circuit 33f. Here, the comparison circuits 33a to 33f simultaneously perform comparison with the position specifying data “No.”. Thereby, the comparison circuit 33c matches, and it is detected that the character string “No.” exists in the third character from the head of the communication data. In this way, it is detected that numerical data that is comparison target data exists after the position specifying data “No.” detected by the position detection circuit 32.

  If similar processing is performed by the CPU, first, the character string “01N” is compared with “No.”, and then the character string “1No” is compared with “No.”. Since it is necessary to execute comparison processing one by one, improvement in detection speed cannot be expected. On the other hand, in the communication control apparatus 10 of the base technology, by providing the plurality of comparison circuits 33a to 33f in parallel, simultaneous parallel comparison processing that cannot be performed by the CPU becomes possible, and the processing speed is remarkably improved. be able to. As the number of comparison circuits increases, the number of positions that can be compared simultaneously increases, so the detection speed also improves.However, considering the cost, size, etc., a sufficient number of comparison circuits are required to obtain the desired detection speed. What is necessary is just to provide.

  The position detection circuit 32 may be used not only for detecting position specifying data but also for detecting a character string for general use. Further, not only the character string but also the position specifying data may be detected in bit units.

  FIG. 6 shows an example of internal data of the first database. In the first database 50, reference data serving as a reference for determining processing contents such as packet filtering, routing, switching, and replacement is sorted and stored according to some sort condition. In the example of FIG. 6, 1000 pieces of reference data are stored.

  In the first record of the first database 50, an offset 51 indicating the position of the comparison target data in the communication data is stored. For example, in a TCP packet, since the data configuration in the packet is determined in units of bits, if a position such as flag information for determining the processing content of the packet is set as the offset 51, only necessary bits are set. Since the processing contents can be determined by comparing the two, the processing efficiency can be improved. Even if the data structure of the packet is changed, it can be dealt with by changing the offset 51. The first database 50 may store the data length of the comparison target data. As a result, the comparison can be performed by operating only the necessary comparators, so that the search efficiency can be improved.

  When the reference data stored in the first database 50 is divided into three or more ranges 52a to 52d, the index circuit 34 determines to which of the ranges the comparison target data belongs. In the example of FIG. 6, 1000 pieces of reference data are divided into four ranges 52a to 52d, 250 pieces each. The index circuit 34 includes a plurality of comparison circuits 35a to 35c that compare the reference data at the boundary of the range with the comparison target data. By comparing the comparison target data with the boundary reference data simultaneously in parallel by the comparison circuits 35a to 35c, it is possible to determine in which range the comparison target data belongs by one comparison process.

  The boundary reference data input to the comparison circuits 35 a to 35 c of the index circuit 34 may be set by a device provided outside the communication control device 10, or the reference data at a predetermined position in the first database 50 is previously stored. You may make it input automatically. In the latter case, even if the first database 50 is updated, the reference data at a predetermined position in the first database 50 is automatically input to the comparison circuits 35a to 35c. Processing can be executed.

  As described above, when the binary search is executed by the CPU, a plurality of comparisons cannot be executed simultaneously. However, in the communication control device 10 of the base technology, by providing a plurality of comparison circuits 35a to 35c in parallel, Simultaneous parallel processing can be performed, and the search speed can be remarkably improved.

  When the range is determined by the index circuit 34, the binary search circuit 36 executes a search by the binary search method. The binary search circuit 36 further divides the range determined by the index circuit 34 into two, and compares the reference data at the boundary position with the comparison target data to determine which range it belongs to. The binary search circuit 36 includes a plurality of comparison circuits for comparing the reference data and the comparison target data in bit units, for example, 1024 in the base technology, and simultaneously executes 1024-bit bit matching. When it is determined which of the two divided ranges, the reference data at the boundary position is read by dividing the range into two and compared with the comparison target data. Thereafter, this process is repeated to further limit the range, and finally, reference data that matches the comparison target data is searched.

  The operation will be described in more detail using the example described above. In the communication data shown in FIG. 5, the comparison target data following the position specifying data “No.” is the number “361”. Since there is a space for one character between the position specifying data “No.” and the comparison target data “361”, the offset 51 is set to “8” bits in order to remove this space from the comparison target data. Is set. The binary search circuit 36 skips “8” bits, that is, one byte, from the communication data following the position specifying data “No.”, and reads “361” as the comparison target data.

  “361” is input as comparison target data to the comparison circuits 35a to 35c of the index circuit 34, and reference data “378” at the boundary between the ranges 52a and 52b is input to the comparison circuit 35a as reference data. The reference data “704” at the boundary between the ranges 52b and 52c is input to 35b, and the reference data “937” at the boundary between the ranges 52c and 52d is input to the comparison circuit 35c. The comparison circuits 35a to 35c perform comparison at the same time, and it is determined that the comparison target data “361” belongs to the range 52a. Thereafter, the binary search circuit 36 searches whether or not the comparison target data “361” exists in the reference data.

  FIG. 7 shows another example of internal data of the first database. In the example shown in FIG. 7, the number of reference data is less than the number of data that can be held in the first database 50, here 1000. At this time, the first database 50 stores the reference data in descending order from the last data position. Then, 0 is stored in the remaining data. As a database loading method, data is placed from the back of the loading area without placing data from the beginning, and if there is a space at the beginning of the loading area, all the space is zero-suppressed, so the database is always full. The maximum time for binary search can be made constant. Further, when “0” is read as the reference data during the search, the binary search circuit 36 can determine the range without performing the comparison and can proceed to the next comparison because the comparison result is self-explanatory. Thereby, the search speed can be improved.

  In the software processing by the CPU, when the reference data is stored in the first database 50, the reference data is stored in ascending order from the first data position. For example, the maximum value is stored in the remaining data. In this case, the comparison process as described above cannot be omitted in the binary search. The comparison technique described above is realized by configuring the search circuit 30 with a dedicated hardware circuit.

  FIG. 8 shows still another example of the internal data of the first database. In the example shown in FIG. 8, the reference data is not equally divided into three or more ranges, but the number of reference data belonging to the range is uneven, such as 500 for the range 52a and 100 for the range 52b. It has become. These ranges may be set according to the distribution of the appearance frequency of the reference data in the communication data. That is, the ranges may be set so that the sum of the appearance frequencies of the reference data belonging to the respective ranges is substantially the same. Thereby, search efficiency can be improved. The reference data input to the comparison circuits 35a to 35c of the index circuit 34 may be changeable from the outside. Thereby, a range can be set dynamically and search efficiency can be optimized.

  FIG. 9 shows a configuration of a comparison circuit included in the binary search circuit. As described above, the binary search circuit 36 includes 1024 comparison circuits 36a, 36b,. Each of the comparison circuits 36a, 36b,... Receives the reference data 54 and the comparison target data 56 one bit at a time, and compares them. The internal configurations of the comparison circuits 35a to 35c of the index circuit 34 are the same. In this way, by executing the comparison process with a dedicated hardware circuit, a large number of comparison circuits can be operated in parallel and a large number of bits can be compared simultaneously, so that the comparison process can be speeded up. .

  FIG. 10 shows an example of internal data of the second database. The second database 60 includes a search result column 62 for storing a search result by the search circuit 30 and a processing content column 64 for storing the content of processing to be executed on communication data, and corresponds the search result to the processing content. Hold it. In the example of FIG. 10, a condition is set such that when the reference data is included in the communication data, passage of the packet is permitted, and when the reference data is not included, the packet is discarded. The process execution circuit 40 searches the second database 60 for process contents based on the search result, and executes the process on the communication data. The processing execution circuit 40 may also be realized by a wired logic circuit.

  FIG. 11 shows another example of internal data of the second database. In the example of FIG. 11, the processing content is set for each reference data. When packet replacement is performed, replacement destination data may be stored in the second database 60. When packet routing or switching is performed, information on the route may be stored in the second database 60. The process execution circuit 40 executes processes such as filtering, routing, switching, and replacement stored in the second database 60 according to the search result by the search circuit 30. As shown in FIG. 11, when setting the processing content for each reference data, the first database 50 and the second database 60 may be integrated.

  The first database and the second database are rewritable from the outside. By exchanging these databases, various data processing and communication control can be realized using the same communication control device 10. In addition, two or more databases storing reference data to be searched may be provided to perform multi-stage search processing. At this time, two or more databases that store search results and processing contents in association with each other may be provided to realize more complicated conditional branching. As described above, when a plurality of databases are provided to perform multi-stage search, a plurality of position detection circuits 32, index circuits 34, binary search circuits 36, etc. may be provided.

  The data used for the comparison described above may be compressed by the same compression logic. In comparison, if the comparison source data and the comparison destination data are compressed by the same method, the same comparison as usual is possible. As a result, the amount of data loaded at the time of comparison can be reduced. If the amount of data to be loaded is reduced, the time required to read data from the memory is reduced, so that the overall processing time can also be reduced. Further, since the amount of the comparator can be reduced, it is possible to contribute to downsizing, weight reduction, and cost reduction of the apparatus. The data used for the comparison may be stored in a compressed form, or may be compressed after being read from the memory and before the comparison.

  FIG. 12 shows another configuration example of the communication control apparatus of the base technology. The communication control apparatus 10 shown in this figure has two communication control units 12 having the same configuration as the communication control apparatus 10 shown in FIG. Moreover, the switching control part 14 which controls operation | movement of each communication control unit 12 is provided. Each communication control unit 12 has two input / output interfaces 16 and is connected to two networks on the upstream side and the downstream side via the input / output interfaces 16. The communication control unit 12 inputs communication data from one of the networks and outputs the processed data to the other network. The switching control unit 14 switches the direction of communication data flow in the communication control unit 12 by switching input / output of the input / output interface 16 provided in each communication control unit 12. Thereby, not only one direction but two-way communication control becomes possible.

  The switching control unit 14 may perform control so that one of the communication control units 12 processes an inbound packet and the other processes an outbound packet, or may control both to process an inbound packet. May handle outbound packets. Thereby, for example, the direction of communication to be controlled can be made variable in accordance with the traffic status and purpose.

  The switching control unit 14 may acquire the operation status of each communication control unit 12 and switch the communication control direction according to the operation status. For example, when one communication control unit 12 is in a standby state and the other communication control unit 12 is operating, when it is detected that the communication control unit 12 has stopped due to a failure or the like, The communication control unit 12 may be operated. Thereby, the fault tolerance of the communication control apparatus 10 can be improved. Further, when maintenance such as database update is performed on one communication control unit 12, the other communication control unit 12 may be operated as an alternative. Thereby, maintenance can be performed appropriately without stopping the operation of the communication control apparatus 10.

  Three or more communication control units 12 may be provided in the communication control device 10. For example, the switching control unit 14 acquires the traffic status, and controls the communication direction of each communication control unit 12 so that more communication control units 12 are allocated to the communication control process in the direction with a large amount of communication. May be. Thereby, even if the communication amount in a certain direction increases, it is possible to minimize a decrease in communication speed.

  A part of the communication control unit 2 or 4 may be shared between the plurality of communication control units 12. A part of the packet processing circuit 20 may be shared.

(Embodiment)
Next, a technique for realizing bandwidth control in the communication control apparatus 10 described above will be described.

  FIG. 13 shows a configuration of a communication control apparatus according to the embodiment. The communication control apparatus 10 according to the present embodiment further includes a band control circuit 400 in addition to the configuration of the communication control apparatus 10 of the base technology shown in FIG. Other configurations and operations are the same as those of the communication control apparatus 10 shown in FIG.

  The bandwidth control circuit 400 includes a selection circuit 405, a registration unit 410, a class management circuit 420, a management table 430, a communication data registration RAM 440, and a data extraction circuit 450. The communication data output from the packet processing circuit 20 is attached with class information indicating a class of a band for transmitting the communication data. The class information is determined by the packet processing circuit 20 according to the protocol number, port number, transmission source IP address, transmission destination IP address, etc. of the communication data.

  The class-specific management circuit 420 is provided for each class of a band for transmitting communication data, and controls the timing for transmitting the communication data. The management circuit by class 420 acquires communication data belonging to the class that it is in charge of from the communication data output from the packet processing circuit 20 and packetizes it. The class-specific management circuit 420 registers the data length of the packet to be transmitted and the start and end points of the memory area in the communication data registration RAM 440 according to the basic information registered in the management table 430. The class management circuit 420 registers information related to the control performed in the management table 430. The registration unit 410 registers basic information in the management table 430.

  FIG. 14 shows an example of internal data of the management table. The management table 430 includes a class column 431, a sendable bit number column 432, a registered packet number column 433, and an excess bit number column 434. The class column 431 stores a band class. The sendable bit number column 432 stores the number of bits that can be sent per unit time assigned for each class. The registered packet number column 433 stores the amount of packets of communication data registered in the communication data registration RAM 440 as communication data to be transmitted next time by the class management circuit 420. In the example of FIG. 14, the amount of registered packets is stored in the number of bits. The excess bit number column 434 is used when the bit number of communication data registered in the communication data registration RAM 440 by the class management circuit 420 exceeds the number of bits that can be transmitted per unit time registered in the transmittable bit number column 432. The excess number of bits is stored in.

  The class-specific management circuit 420 is defined in the sendable bit number column 432 of the management table 430 when a large amount of communication data belonging to the class in charge of the class is generated or a large-capacity file is to be sent. Packets exceeding the number of bits may be registered in the communication data registration RAM 440. However, the class-specific management circuit 420 registers the excess number of bits in the excess bit number column 434 of the management table 430, and communicates a packet with the number of bits obtained by subtracting the excess bit number from the number of transmittable bits after the next time. It is registered in the data registration RAM 440 and the excess is adjusted. Accordingly, it is possible to flexibly adjust the transmission amount of communication data in units of packets while performing appropriate bandwidth control for each class.

  The class-specific management circuit 420 refers to the management table 430 to extract a class whose registered packet number is less than the transmittable bit number when a packet scheduled to be transmitted next exceeds the transmittable bit number, May be requested to send the excess communication data to the class-specific management circuit 420 in charge of. The requested class-specific management circuit 420 accepts transmission of additional communication data within a range that does not exceed the number of bits that can be transmitted, packetizes the communication data, registers it in the communication data registration RAM 440, and registers the number of registered packets in the management table 430. Update column 433. Thereby, even if the class of communication data is biased, it is possible to transmit using the available band, so that the entire band can be used effectively.

  The data extraction circuit 450 extracts a packet registered in the communication data registration RAM 440 at a predetermined timing and transmits it to the network.

  The selection circuit 405 distributes the communication data to the class-specific management circuits 420a to 420d according to the class information of the communication data acquired from the packet processing circuit 20. The selection circuit 405 generates a chip select signal for activating the class management circuit 420 to which communication data should be distributed from the class information notified from the packet processing circuit 20 and supplies the chip select signal to the class management circuit 420. As a result, the class-specific management circuit 420 that should process the communication data can be activated and the communication data can be processed with a simple configuration.

  The communication control apparatus 10 according to the present embodiment is a completely transparent communication device that does not have an IP address, and executes the above function without physically receiving communication data. That is, the communication control apparatus 10 captures communication data passing through the network, omits processing required for physical incoming calls such as protocol processing, performs the above-described processing, and retransmits the communication data to the network according to a predetermined condition. Put out. The conventional communication device receives and controls the communication data addressed to its own device, but the communication control device 10 according to the present embodiment captures the communication data that is not transmitted to the own device. To control. Therefore, the source and destination devices and the other communication devices provided in the communication path do not require any change in settings or the like due to the provision of the communication control device 10, and the presence of the communication control device 10 exists. It is possible to communicate without being conscious of Therefore, according to the technique of the present embodiment, it is possible to perform the band control as described above without greatly modifying the communication system. Moreover, since the communication control apparatus 10 of this Embodiment does not have an IP address, it is not attacked by a malicious hacker etc., and is excellent in security.

  The present invention has been described based on the embodiments. This embodiment is an exemplification, and it will be understood by those skilled in the art that various modifications can be made to combinations of the respective constituent elements and processing processes, and such modifications are also within the scope of the present invention. is there.

  The present invention can be applied to a communication control apparatus that controls communication.

Claims (5)

A plurality of management circuits for managing the timing of sending communication data for each class of bandwidth to which the communication data should be sent;
The communication circuit to be transmitted and the information on the class of the band to which the communication data is to be transmitted are acquired, and the management circuit to which the communication data is to be supplied from the plurality of management circuits according to the class information. A selection circuit for selecting and supplying the communication data to the selected management circuit;
A communication control apparatus comprising:   2. The communication control according to claim 1, wherein the selection circuit generates a chip select signal for activating the management circuit to which the communication data is to be supplied from the class information, and supplies the chip selection signal to the management circuit. apparatus.   When the management circuit sends a packet that exceeds the number of transmittable bits assigned to the class that it is responsible for at a certain timing, the management circuit calculates the number of packets that exceeded the transmittable bit number at the next and subsequent timings. The communication control apparatus according to claim 1 or 2, wherein a packet with the number of subtracted bits is transmitted.   When the packet scheduled to be sent next time exceeds the number of sendable bits assigned to the class to which the management circuit itself is assigned, the management circuit performs another management responsible for a class in which the packet to be sent next time is less than the number of sendable bits. The communication control apparatus according to claim 1, wherein the circuit is requested to send an excess packet. Obtaining communication data to be sent and information of a class of a band to which the communication data is to be sent;
A management circuit to which the communication data is to be supplied is selected from a plurality of management circuits that are provided for each class of the band to which the communication data is to be transmitted and that manages the timing at which the communication data is transmitted. And supplying the communication data to the selected management circuit;
A communication control method comprising:

Images