WO2004059925A1 - 静的な識別子と動的な住所が関連付けられることによってホスト到達性が得られる網にあって、到達性を確認するための通信モデル、信号、方法および装置 - Google Patents
静的な識別子と動的な住所が関連付けられることによってホスト到達性が得られる網にあって、到達性を確認するための通信モデル、信号、方法および装置 Download PDFInfo
- Publication number
- WO2004059925A1 WO2004059925A1 PCT/JP2003/016538 JP0316538W WO2004059925A1 WO 2004059925 A1 WO2004059925 A1 WO 2004059925A1 JP 0316538 W JP0316538 W JP 0316538W WO 2004059925 A1 WO2004059925 A1 WO 2004059925A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- reachability
- communication node
- communication
- reachable
- address
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5076—Update or notification mechanisms, e.g. DynDNS
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/54—Store-and-forward switching systems
- H04L12/56—Packet switching systems
- H04L12/5601—Transfer mode dependent, e.g. ATM
- H04L2012/5603—Access techniques
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/30—Definitions, standards or architectural aspects of layered protocol stacks
- H04L69/32—Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
- H04L69/322—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
- H04L69/329—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/26—Network addressing or numbering for mobility support
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W80/00—Wireless network protocols or protocol adaptations to wireless operation
- H04W80/04—Network layer protocols, e.g. mobile IP [Internet Protocol]
Definitions
- the present invention relates to a communication model, a signal, a method, and an apparatus for solving a defect in a process of finding a destination terminal in a store-and-forward communication network.
- the source has the wrong reachability to the destination terminal when transforming a static parent into a dynamic address to reduce the reachability to the destination terminal. Shelf with reachability 3 ⁇ 4 ⁇ .
- Patent Document 1 Patent Publication 2001-519607 or W099,18515 (Intel, USA) Method and apparatus for transforming a static fiS! J child into a dynamically allocated network address
- Patent Document 2 JP 2001-135301 (NTT) IP address information notification method and storage medium storing this program in parallel with IP address information notification device
- Patent Document 3 Japanese Patent Application Laid-Open No. 2002-318737 (Index) Management Server
- Patent Document 4 JP-A-2002-281032 (Toshiba) Monitoring image switching program, method and monitoring system
- Patent Document 5 Japanese Patent Laid-Open No. H7-200502 (Omron) Duplexer for Transaction Processing System
- the Internet is composed of a large number of difficulties and networks of difficulties (hereinafter simply referred to as “networks”). These are interconnected on a global scale through communication links using the TCP / IP protocol.
- the interconnected computers exchange information using various Internet services, such as e-mail, Gopher, and the World Wide Web.
- IP addresses are represented as a sequence of fixed-length numbers to make them easy for computers to process, and are meaningless to humans, making it difficult for them to remember and enter each time.
- IP address In the TCP / IP network, at least an IP address is required to specify a host, and a host is specified by an IP address.
- DNS domain name system
- DNS is a database system that specifies a host on the Internet with a sentence U that is more meaningful to humans than a series of numbers such as IP addresses. P The host on the Internet is specified by associating this with the IP address. This is called forward name resolution. Conversely, retrieving a don't name for an IP address is called reverse name resolution.
- DNS glue is a Tf-structured distributed database with the root server at the top. Also, IP addresses are subject to routing restrictions (ie, IP addresses are location information within the IP addressing scheme), but names in DNS can be covered regardless of the host's network location.
- each user organization that is always connected to the Internet and assigned an IP address registers the domain with the domain name registration organization and operates the domain name for its own organization.
- the server power to perform the domain operation is the NS server.
- To register a DNS server specify the IP address and host name for the domain name registration organization and register the DNS server.
- the root server is the first level DNS server
- the first level DNS server is the second level DNS server
- the DNS of each user organization that has been assigned the IP address shown above Delegate the authority of domain operation to the server.
- Figure 17 shows the DNS search order.
- the DNS server of each user organization to which the IP address has been assigned performs the correspondence between the host name in the domain name and the IP address, the specification of the e-mail transmission route, and the actual settings such as! / !.
- Dynamic DNS provides a mechanism for automatically updating the record of a DNS server in response to an update request from a client.
- dial-up is mainly used when connecting to the Internet as a dial-up connection.
- cable television and digital subscriber lines, optical fiber and satellite links, etc. have been used as access lines, and diversification of access lines due to flat-rate IP connection services, etc. They don't necessarily need to call.
- These recent Internet connection services which are always connected to the Internet, mean that the system is no longer simply a charging system based on connection time, but the router session abnormal termination (power failure, etc.), line abnormality, center failure or maintenance. If the connection is re-established due to abnormal disconnection of the connection, or the line is disconnected by the connection provider or the non-communication timer of the dial-up host, etc., the IP address may change. Different from connection.
- the IP address may be changed to ⁇ that has moved to a station without wireless communication.
- handover: ⁇ is included in dial-up for the sake of convenience in this specification in that the IP address of the terminal node changes.
- a network is assigned by a network allocating team #PL represented by a conventional dedicated line connection, or a provider is connected to the network.
- a network allocating team #PL represented by a conventional dedicated line connection, or a provider is connected to the network.
- an IP that assumes the temporary use of a provider (some organizations that have been assigned an IP address)
- the connection with receiving the address is referred to as "dial-up connection" (even if it is assigned by DHCP or PPPoE without using a modem and using TO).
- dial-up Performing an operation to receive a temporary IP address assignment is called “dial-up.”
- a problem unique to ⁇ - dynamic DNS in which the temporary assignment of IP addresses itself is called “dial-up”
- FIG. 01. Dial-up (including PPPoE etc.) to management provider ⁇ (hereinafter, referred to as “TJ”) (4100) and to a provider (hereinafter, referred to as “P”) (4000).
- TJ management provider
- P provider
- T (4100) receives a dynamic IP address assignment from P (4000). At this time, assume that the assigned IP address is 172.16.100.100.
- T (4100) makes a DNS update request to the dynamic DNS server (hereinafter referred to as “D”) (1000), In response, D (1000) associates the IP address (172.16.100.100) assigned to T (4100) described in FIG. 02 with the host name of T (4100) and sets it.
- D dynamic DNS server
- Figure 04 T (4100) is one of the Internet! ⁇ ”User (hereinafter“ S-2 ”) (5300)
- the T (4100) force may also fail, such as loss of connection to the (4000).
- Fig. 06 Reconnect 4 (4000) from ⁇ (4100) (including ⁇ ).
- Figure 07 ⁇ (4100) receives ⁇ ⁇ (4000) dynamic IP address allocation.
- An IP address (temporarily 172.16.200.10) different from the IP address (temporarily 172.16.100.100) assigned until the IP address changes.
- T (4100) requests an update to D (1000), and D (1000) is the IP address assigned to T (4100) described in Figure 07 (assuming 172.16.200.10) and T Set the host name of (4100).
- FIG. The DNS referred to in the entire Internet cannot be Level D (1000) here, but is the DNS (4500, 5500, etc.) of the provider directly connected to each user. Therefore, even if D (1000) is updated normally, the DNS (4500, 5500, etc.) of the provider directly connected to each user will be updated to D (1000) within the lifetime of the cache.
- DNS (4500, 5500, etc.) stores the resource record for which the question ⁇ : was made once, locally. This is called a cache.
- DNS (4500, 5500, etc.) resolves names from resolvers (4100, 4200! /, 5300, etc.) by referring to local memory during the lifetime of the cache.
- the cache was conceived to suppress repetition of the name query once performed and to improve efficiency.
- D 1000
- the mechanism of this cache does not conform to the change of the IP address of T (4100). I do.
- Figure 16 shows the S-2 (5300) force How the DNS is searched and reaches the target host T (4100) in order.
- P—2—D (5500) first checks the target domain name to determine whether or not it has the ability to know the target domain name, and then knows the IP address of the target host T (4100) immediately. Return to S-2 (5300). At this time, P-2-D (5500) knows the target domain name and reports it. If the target domain name is managed and operated by P-2-D (5500), it is the target host. The IP address for T (4100) is SP-2-D (500) and is cached. FIG. 17 shows that P-2 D (5500) knows the target domain name;
- Fig. 17 shows 2 in Fig. 16, where the P-2-D (5500) power ST (4100) domain is not operated, and when it is cached, it is the first name query ⁇ 3 ⁇ 4 ) Is the DNS search order.
- Root DNS returns the location of JP DNS to ⁇ if the domain name of target host T (4100) is JP domain, for example. (If the domain name of T (4100) is not the JP domain, the location of the name server that manages the ccTLD and gTLD is returned to P-2-D (5500).)
- P—2—D (500) asks the name of the domain of T (4100), which is the target domain name, against the DNS of P domain obtained in 3 ⁇ :
- the DNS of the JP domain indicates the location of the server (here, D (1000)) that operates the domain name of T (4100), which is the target host. (Domains under JP are registered with JPNIC and member servers.) Immediately returns the location of D (1000) to P—2—D (5500) because it is a tree structure and is not divided into DNS for each second level.
- P— 2— D (5500) asks the D (1000) obtained in ⁇ for the name of T (4100) as a key, and names the IP address
- FIG. DNS (4500, 5500, etc.) is typically configured to be cached by the first name query, and then invalidated when the cache expires. At the timing when this cache is invalid (Fig. 17), since the name query ⁇ : is performed for D (1000), the I address of ⁇ (4100) is obtained correctly. However, while the cache was valid ( Figure 16), the IP address of ⁇ (4100) changed, but the cached IP address was returned without the name query of D (1000). The IP address (cached 172.16.100.100) before the update in Fig.
- connection destination of S-2 (5300) is P — 2— D (5500) Force Operate the ST (4100) domain without any cache problems Figure 11. Because of the Internet as a whole, this refers to the cache. At the timing, there is a risk that the T '(4200) force may be mistaken as ST (4100).
- T (4100) is the host on which the function of the mail server ⁇ www server is set
- T '(4200) is the mail server ⁇ www server is set! /, Nare
- T (4100) is in an abnormal state (during failure) It looks like there is.
- FIG. 1 This problem is a problem that the DNS (4500, 5500, etc.) of each provider on the Internet is converged if the cache lifetime is too long and the name query is performed again on D (1000). Therefore, as time passes, the state becomes normal as shown in FIG. Next, as shown in FIGS. 01 to 05 and FIGS. 13 to 14, ⁇ ⁇ (4100) does not reconnect (the line remains disconnected). As in the case of 01 to 12), the explanation will be given.
- FIG. 01 to FIG. 05 are the same as those described above.
- Fig. 06 to Fig. 12 are explanations of the cash problem.
- Table 01 shows the failure patterns related to the state of T (4100) and the assigned IP address in T (4100).
- Pattern 2 failed dynamic update to DNS: ⁇ . It is caused by a program failure in the part related to the dynamic update of T (4100) or a failure of D (1000). In this case, it is assumed that the lines are connected or disconnected or are continued. The operation at this time is
- T (4100) could not be reconnected after the line was disconnected (leave the line disconnected) ⁇ ⁇ ⁇ Similarly to ⁇ , the IP address assigned before the line was disconnected was assigned to T '(4200) ⁇ ⁇ Then, it is misunderstood. If it has not been assigned, access is denied. Also, if the assigned IP address does not change, the communication seems to be normal because there is no problem in communication with S-2 (5300).
- Pattern 3 is: ⁇ which is continued after the line is disconnected. Affected by the cache lifetime, the shaded portion is affected by the cache lifetime, and the rest is not cached. It is.
- S-2 (5300), which accesses T (4100), is a general user of the Internet and therefore spreads widely. At this time, each individual S— 2
- (5300) has a name that has been referred to before, it is cached, and whether or not the force is included in the shaded portion is determined depending on whether or not the name has been referred to for a while.
- the shaded area indicates that although the operation of ⁇ (4100) is normal when ⁇ (4100) is reconnected after the line disconnection and has been successfully updated to D (1000), Because the DNS (4500, 5500, etc.) caches the IP address of ⁇ (4100), ⁇ (4100) appears to be temporarily in a failed state. As described above, it has been explained that the mechanism of the cache, on the contrary, cannot follow the change of the IP address of ⁇ (4100)!
- T (4100) force T (4100) obtained by referencing (forward lookup) D (1000) with a short interval between updates to D (1000)
- T (4100) obtained by referencing (forward lookup) D (1000) with a short interval between updates to D (1000)
- the IP address is not necessarily correct, but may be.
- T (4100) line disconnection If the interval between IP address updates is too short, S-2 (5300) will always mistake T '(4200) as T (4100). It is hoped that such ⁇ due to line instability will function as a DNS, but as D (1000), it cannot function in this case, and is regarded as a kind of failure.
- Figure 19 shows the program used for actual measurement.
- This program is a UNIX shell script.
- the arrow (1) at the end of the line simply turns over for convenience of display, and indicates that it is actually one line.
- Figures 20 to 21 show the measurement results.
- the first line indicates the bit number of the first line
- the second line indicates the time when the line was sharp
- the third line indicates the dig command of the BIND, which is a standard DNS implementation for Internetworking.
- the result of referencing (1000) is subjected to character string processing and the IP address of T (4100) is extracted (a, c, e), and the force command was cached from the fourth to sixth lines.
- P-D This is the IP address (b, d, f) of T (4100) at the age referred to the DNS server of P, which is the DNS (hereinafter referred to as “P-D”) (4500).
- P-D (4500) is the DNS server that T (4100) normally refers to.
- P-D (4500) was referred because it was tested at T (4100).
- the DNS referred to each terminal is determined by the resolver.
- Line g is also the output accompanying the key ping command.
- the DNS server used in the trial was DynDNS. ORG, which already provides a dynamic DNS service, as D (1000). At ⁇ , the setting for the cache lifetime of this server is 1 minute. The value of one minute is extremely short.
- Patent Literature 3 shows the basis for determining that an error has occurred, despite the fact that it is not an error! /, Nare ,.
- S-2 (5300) or the management server (hereinafter referred to as “S-1”) (2000) stores the previous IP address of T (4100)
- S-1 the management server
- T (4100) corresponding to the distributed server 3 can know the IP address assigned to itself.
- the theme of the present invention is to make it possible to correctly reach T (4100) at S-2 (5300), and to be able to exercise power.
- the distributed server 3 it is more appropriate for the distributed server 3 to send an IP address update request mail to the dynamic DNS server using the change of the IP address assigned to itself as a trigger, instead of performing nslookup.
- ICMP Internet Control Message Protocol
- ICMP seems to be an ICMP echo request. This comes from the command implementation and is usually called ping.
- T (4100) is immediately disconnected from the line and ⁇ (4000) is not V from ⁇ (4100), and a connection request is received, ⁇ (4100) is allocated until immediately before. It is highly likely that an IP address will be assigned. Then, T '(4200) is completed. Then ping indicates that T (4100) is alive.
- the number of rewards shown in Figure 20 is 2.
- c and d in FIG. 20 show different values.
- T (4100) is in the state of FIG. 04 (normal)
- the force of FIG. When another user dials up as shown in Fig. 09, ⁇ , (4200) is completed. This is because the IP address does not change even if you switch to ST '(4200) and change the DNS. Naturally, from T, (4200) ("There is a ping answer.") The answer will be carried over to T '(4200) without interruption.
- the moving object shadowed by the video camera is known to the size, it is the power of a dog, the power of a human child, and the power of a pole is not I® ⁇ .
- Patent Document 3 states that this is abnormal.
- Patent Document 1 Patent Document 2, ENUM, and the like.
- ENUM is an extension of dynamic DNS, which maps the conventional telephone network (PSTN) numbering system onto DNS.
- Patent Document 1 although a user 'location' server is added, it can be considered to be similar to ENUM.
- Patent Document 2 proposes and proposes, instead of using DNS, a static mapping system for specifying a host and a specific mapping advertisement system for a dynamically allocated address.
- ⁇ D (1000) keeps announcing the last updated resource record even after T (4100) loses connection '' listed in 1 of the summary of problems specific to dynamic DNS, causing misunderstanding Because of the cause, specific methods for solving the problems are disclosed and described in Patent Documents 1 and 2.
- the terminal sends a keep-alive signal to the DNS to notify that it is alive.
- Patent Document 2 does not use DNS! / However, a health check is performed from the DNS equivalent side toward the T ⁇ target side, and it is detected that the T equivalent is not connected.
- T (4100) is determined to be a host having correct reachability, so that a host whose IP address changes which could not be managed until now can be managed.
- More advanced management eg, monitoring CPU load and traffic.
- T (4100) has been reached and reach the communication partner that is woven and relayed correctly, confirm and confirm it by the following method.
- S-1 (2000) determines whether or not T (4100) is a correct and reachable host. I do.
- the means to solve the problem is implemented by the following two stages of external host-to-host communication.
- the first stage is the address
- the second stage is the sign 'and' counter sign.
- FIG. 23 shows the operation of performing the reachability ⁇ of the S-1 (2000) force 3 ⁇ 4 ⁇ (4100) by the first stage and the second stage.
- Address 13 ⁇ 4 forms one of the parameters for reachability confirmation in the first stage (see the communication model described later).
- the S-1 (2000) force also performs a name query ⁇ : (forward lookup) on D (1000) to avoid the problem of cache lifetime.
- service failure application-level failure
- the S-1 (2000) power also sends the IP address of 3 ⁇ 43 ⁇ 4 (4100) obtained from the results of S202 and S204 to the IP address of ⁇ (4100) using a method agreed in advance (this is called “sign”). Do it.
- T (4100) has the correct reachability, which is consistent with the answer to be answered in the communication in the method agreed in advance.
- the reachable stone crane result is represented as true or false.
- the result is true age if it is correct and reachable. It may be expressed as an authentic host or the like.
- the result is false: is correct, not reachable: ⁇ . So what if T (4100) is assigned a fixed IP address? 8
- the name of the host means the name of the host via a communication program called a service (hereinafter, this communication program is called "Daemon").
- this communication program is called "Daemon"
- the communication partner who heard the reply here could not take any special action based on it.
- the special action is, for example, to judge whether connection is permitted or rejected.
- T (4100) which is the fungus of the present invention, is the host of the dial-up.
- the present invention does not assume that there is an account on the destination server (or host). Therefore, it is a separate matter for the authentication of the existence of the account as tflS.
- Daemon is a resident process that opens a communication port and waits for a connection, but gives itself a host name, program name, version name, and so on.
- T (4100) is the fixed address: which was of course at the start of the communication (however, it is necessary to judge whether the communication is powerful based on this). Conventionally, it has been, it is,).
- the name given by Daemon for access to the host name merely indicates its own U information.
- the host name that should be dynamically updated for the IP address is not returned to 3 ⁇ 4 ⁇ after performing reverse name resolution.
- ISP Internet service provider with an Internet connection.
- ISP is a form of P (4000)).
- 192.168.0.0.99 is the IP address to which T (4100) is assigned at that time, ppp000099. otemachi. provider, com is the hostname obtained by reverse lookup against the disgusting IP address, with the ISP's name.
- the source is the destination host name because of the characteristics of the network that can obtain host reachability by associating a static identifier with a dynamic address. Cannot be specified. Disguise
- the host name included in the GET instruction is extracted and the program that returns the form is implemented on the host that may be misidentified, the answer to be answered and the counter sign that carries this will be provided. Can be disguised. This is a passive attack. Disguised shadow siege
- the countersign has no relation to the password used for updating.
- misperception S must occur. If it is not the misidentified host T '(4200), it cannot be spoofed.
- the impersonated host T '(4200) impersonates by receiving a signature and returning a countersign carrying a "reply to answer" giving T.
- T '(4200) is assigned a P (4000) IP address similar to T (4100). And the IP address of T, (4200) can change in the same way as ⁇ (4100). From this, the following can be said.
- T '(4200) belongs to the address range under P (4000), like T (4100). That is, the range that can be mistaken is limited by the P (4000) IP address range. However, this limit determines the potential of the network and is not an artificial limit.
- T '(4200) like T (4100), cannot continue to use the IP address where the P (4000) force is the temporarily assigned address. Therefore, even if it is impersonated, the impersonated host T '(4200) cannot continue impersonating V! / ,.
- a caller When a caller tries to start communication, it associates a static i 3 ⁇ 4 i ⁇ child with a dynamic address to refer to, so that the caller can reach the destination terminal.
- T be the destination: A terminal that gives ⁇ , the correctness of 3 ⁇ 4's reachability to ⁇ .
- ®i3 ⁇ 4 From a corporate perspective, it is the net itself that contains ⁇ . (3 ⁇ 4 ⁇ In the example of a company,
- DCE is considered to be the clock generator, and DTE is the clock receiver. That is, the clock is received from the network itself.
- ISPs related to Internet connection ⁇ are assigned to IP addresses by network 'access' servers (such as Livingston Portmaster or Ascend MA) or RA DIUS servers. It is considered that the network itself allocates)
- T B is an identifier that makes T public. And A is the address temporarily assigned by P.
- B alone does not have network reachability from S, which is a third party as seen from T. With only A, it is a net-like reach [although there is a living, A is an address that T temporarily borrows from P and uses it, and because it is used by other than T, From the three, T and A cannot be linked.
- B is information originally advertised to point to T, and at this point, A is exactly the address assigned to T. With this fact, T has the substance of the set A: B (hereinafter referred to as “real image”). Mapping of thread 1A: B
- the mapping notification system D is notified by T that MA: B is associated with it, memorizes it, responds to a question from the third party S, and associates yarn JA: B with it. Notify those who do the question ⁇ : Specifically, when an inquiry is received for either A or B, the respondent will be the one who did not receive the question B or A, or the difference ⁇ . Another point of view is that it can be regarded as a system that outputs the remaining yarn IA: B at the age when either A or B is input. What is characteristic here is that T cannot be published, so it will be published instead of D-power ST.
- the set consisting of A and B is individually correct, the wrong force, the wrong one, the one that cannot be obtained, and the one consisting of A and B, and Only after reflecting the actual situation can S reach T.
- T which has a real image of thread IA: B
- D which advertises the mapping of thread A: B
- the two are a mapping of information on T stored in D, a real image of information consisting of B in which T is contained and A in which T is a condition to be accessed at the time given by P, That is, a real image and a map of the yarn 1A: B.
- Steps (1) to (5) are an ordered process.
- thread 1A ⁇ is mapped to T3 ⁇ 4D.
- the yarn 1 ⁇ : ⁇ between the DSs is inspected.
- the yarn 1A between the TSs is subjected to a strong S inspection.
- ⁇ maps the real image only to D, and ⁇ is not referenced from S, a third party.
- ⁇ is the destination looking at the third party's S power, so it first refers to D to find ⁇ , so ⁇ cannot be referenced when ⁇ cannot be found! / ,.
- the yarn JA: B (ie, the mapping of the entity of ⁇ : ⁇ ) between the inspected DS and
- (1) is the process in which ⁇ maps the real image of ⁇ : ⁇ to D.
- the result is the mapping of the set ⁇ : ⁇ in D.
- it is usually necessary to have an SB! Between TDs so that an appropriate third party cannot map a false ⁇ : ⁇ against an appropriate ⁇ .
- the real image of IRA: B is a set including not only T alone but also a device integrated with T described in Example 8: ⁇ .
- the subject of mapping is P, such as DHCP server or ISP (or operator ENUM).
- S becomes the mapping of the yarn IA: B obtained in the process of (2) and (3), and the real image of the yarn JA: B obtained in the process of (4) and (5). Compare whether or not they match.
- the operation of (1) copying the real Tsuru-Para map is an operation that is unknown to S, and its timing cannot be known.
- the process of obtaining the mapping of EA: B in (2) and (3) is an active behavior for S, and can be performed at any timing.
- the process of querying the substance of the thread 1A: B in (4) and (5) is arbitrary. This may be the timing that S wanted, or it may be based on S's internal timer. And the operations of (4) and (5) need not necessarily be immediately after (2) and (3).
- Steps (2) and (3), and steps (4) and (5), are in a request-response relationship.
- (5) is an operation and (5) is a carrier of B, which is in a relationship between a bucket and water.
- ⁇ means that the comparison between the mappings within the redundant group is not possible. Ray that was noted because it was enough. In other words, this: ⁇ means (2) and (3) only twice ⁇ , and then compares them ⁇ , and nothing else, this is essentially not a comparison! / ,.
- mapping T forces S separately to mapping advertise systems that are inherently unrelated. That is, there are two or more different D systems that are not redundant and have the D system equivalent to D. ⁇ . However, with such conditions, there are many Ts that can be handled! Therefore, consider another method.
- every sentence ⁇ is an extension of B and is derived from B.
- every string also contains B.
- ⁇ is an alternative to B, and only ⁇ , which is important for B itself or an alternative to B, whether it is a deviation or not, is described as B itself, an alternative to B And In addition, in the alternative of B, it is not necessary to perform the substitution and transformation of # ⁇ , so it is simply written that there is a substitute for B.
- the above is the communication model for implementing the present invention.
- the following is a specific device for actually controlling the functions.
- which device is a specific device, there may be a plurality of devices depending on the state of the network, positional relationship, and the like.
- the specific devices that accomplish these specific functions are interchangeable and form a specific set within that range.
- D inherently constitutes a redundant server group; since there are many mouths, there is an alternative relationship within this group.
- D discloses dynamic DNS, ENUM DNS, and the mapping between B and A disclosed in Patent Documents 1 and 2.
- T is in the LAN and communicates with D and S via the public storage-switching network after the gateway. 3 ⁇ 41 There is an alternative relationship between those integrated with the edge node as seen from P. The actual role assignment at this time will be described in detail in Difficulty Example 8.
- S Yuan terminal There are S-2: ⁇ and S-1 ages.
- S is either ⁇ S-1 or S-2.
- X must be considered separately.
- S-1 and S-2 must be considered separately:
- ⁇ is a client-server type (S-2 when operating as a client-server type does not have the function to reach I-viable bacteria)
- a client-server model is adopted, and S-1 inquires S-1 and S-1 replaces S-2 to reach the destination.
- ⁇ Do: ⁇ is from S-1.
- P: T is assigned a temporary address ⁇ .
- T is on a LAN and P is a DHCP server, it is usually a DHCP server.
- D and S In order to communicate with D and S, if you have to go through a public network, you should set the network such as ISP to P. Conversely, P does not assign A to T, which is a temporary address, but simply assigns A to the edge node (ie, not to T: ⁇ There is).
- T of this age is a node that is referenced together with the edge node as a gateway. This is also described in detail in Example 8.
- the specific device of the location or the difference should be selected from alternatives, depending on these positional relationships and the specific P and T. is there. The following gives a name for the operation.
- This process maps S ⁇ ⁇ : B from T. This is a conventional technology. In the case of DNS, it corresponds to an "update" operation.
- T responds according to the access method.
- T does not reply B or any sentence agreed with S ⁇ ⁇ .
- T (4100) is not given or gives an unrelated name by default.
- the expression of an unrelated name means, for example, that the personal computer has an appropriate name in advance (here, the appropriate name is at least T (4100) including the domain name and dynamic Updating host name power S setting is very deliberately impossible, as long as it is impossible to do so), so give it a name! /
- T (4100) must give the name to use as the answer to be answered.
- the name used as the answer to be answered is the host name that is dynamically updated in D (1000). From 1, this means an explicit configuration change.
- S—1 (2000) manages the domain of T (4100) by referring to D (1000)
- the force that obtains the IP address of T (4100) is S. This is because the key name is the host name, and the T (4100) power should be turned back.
- the reachability wister is established by comparing the real image and the mapping of the thread IA: B. For this! & ⁇ : We need to get 4 elements (values) for the real image and the map of the color. Of these, only the value indicating B in the real image was the only force that could not be obtained by conventional methods. Therefore, he proposed a career called "Counter Sign".
- the carrier is clearly a four-signal signal, meaning information is ⁇ ⁇ ⁇ mono.
- the "answer to be answered” is information carried by the "counter sign”.
- a summary of B itself or an alternative to B is a type of this information.
- the “counter sign” is a bucket and the “answer to answer” is water.
- the “reply to be answered” is information stored in S and associated with the “reply to be answered”.
- S In the process of (5)! / T received "reply to be answered” carried by "counter one sign”, and compared with "reply to be answered” internally memorized in S. It is to judge whether reachability is correct! Those who are responsible for the process (5) described diversion.
- the communication schemes described in the first to seventh embodiments are conventional techniques. However, a new value of reachability can be created by using communication methods differently than before.
- the communication method is simply what communication port is used. Whether it is new or diverted, it must be within the range of the LT II communication port. Therefore, it is originally desirable that the port be a new port, but in this regard, it is necessary to wait for an indication by a different procedure from the patent.
- the reason for diversion is simple, and it is clear that it can be implemented without depending on the communication port.
- T (4100) needs to be explicitly set to give the host name to be updated to D (1000).
- this is a typical example of a sign-and-countersign, which satisfies the return condition with an explicit setting change to give the host name used by T (4100) as the answer to be answered » ⁇
- the setting of the answer to be answered in S-1 (2000) is optional, since it simply requires a form return.
- the algorithm will be described in Embodiment 1 and the setting contents will be described in Embodiment 1 and Table 02. In other words, while the content that is queried from S to D (1000) in the process of (2) is B, of the replies to be answered in (5) through the processes of (3) and (4) 3 ⁇ 43 ⁇ 4 ⁇ Is ⁇ .
- mapping notification system is not DNS
- ⁇ # ⁇ is not an FQDN but a static identifier itself.
- FQDN may be replaced with a handle name for: ⁇ in Patent Document 2.
- URIs Uniform Rsource Identifiers, RFC2396
- RFC2396 Uniform Rsource Identifiers, RFC2396
- UI is treated as a reminder that it is located on the extension of the host name or on the extension of the host name in that the host name is used.
- the reachability port waiting at T (4100) may be an ernoun port.
- a service port, reachability confirmation, and a dedicated port are prepared separately as a hellnow port.
- Yore The international public telecommunications number (hereinafter referred to as the ⁇ panban '') defined in the ITU-T E.164 recommendation is reversed.
- the dynamic DNS is transformed into el64.arpa and! / ⁇ ⁇ host name (FQDN). It is known as ENUM to connect to the existing ⁇ ! Tongue network by using it as input to (RFC3263). At this time, the «!
- ⁇ using the URI format can include not only ⁇ (4100) but also ⁇ ⁇ ⁇ (4100) users (humans). If this is the case, it can be easily conceived, but it is only necessary to multiply the sentence processing part in the algorithm disclosed in the first embodiment.
- the reply to be answered can include additional information.
- one T (4100) can make a plurality of services and a plurality of aliases reachability.
- the URI scheme is on the border between ⁇ , which is ⁇ itself, and an alternative to ⁇ : 3 ⁇ 4 ⁇ .
- URI ⁇ scheme contains ⁇ itself power S :! Since ⁇ extracts the answer that T (4100) should answer from among the redundant answers as shown in ⁇ of 1 host name, it is the same as: ⁇ of 1 and can be regarded as B itself. However, if B itself is not included in the URI scheme, or if the entire URI scheme is agreed upon instead of B itself, then it should be considered B's advocacy.
- reply host name is insufficient 1 / ,: ® ⁇ .
- the domain name is dedicated to the customer, it may be treated the same as the FQDN. If the domain name is not dedicated to the customer, it is a dictionary that has a uniqueness (a level that is sufficient as its own U information). In the case of a host name only in a narrow sense, including a subdomain name, domain name, or (unqualified single labenole).
- character IJ which is a character string registered in S-1 (2000) and not a host name or a URI scheme, is also a substitute for B.
- An X509 certificate or simply the public key of T (4100) may be used, and it is not always necessary to use a host name as a base. That is, even if it is not a host name, ⁇ (4100) only needs to give its own fiSlj information. Furthermore, this identification information only needs to be agreed between TSs.
- the agreement between TSs here includes the case where T (4100) is simply a character string that has been determined and announced to the public. Therefore, unlike the age of FQDN and URI, it does not need to be globally unique.
- the countersign is a signal that functions to make S aggregate the reachability of ⁇ (4100). Answers to be answered ⁇
- the answer to be answered is not the password. That is, it cannot be a security threat. Therefore, there is no need to keep it secret.
- Static painter (host name, number)
- a system that outputs a static IP by transforming it into a dynamic IP address.
- ⁇ becomes reachable not only to the end-to-end ⁇ , but also to the host in the intermediate process in the name search process (this: ⁇ is DNS) be able to.
- ⁇ is DNS
- nodes in the middle stage of the name transformation process can return more than one countersign to increase traceability.
- a response to be answered indicating ⁇ (4100) in question may be extracted from the response generated by the intermediate node force S.
- the reachability of intermediate nodes can be reduced by ⁇ as in the case of traceroute, which can be useful for specifying the location of a failure in the event of a failure.
- network management itself is a general management concept that also includes so-called configuration management and billing management, and ⁇ ⁇ ⁇ is a network. You.
- ⁇ (4100) is a boundary node of the customer network to which the dynamic IP address is assigned! / ⁇ is a host referred to integrally with the boundary node, and is a very small one. is there.
- ⁇ ⁇ since it aims to provide a powerful TCP / IP service, there is a problem if it is not noticed despite the fact that the service has been disabled due to a circuit system failure or the like. Therefore, when some kind of failure occurred ⁇ ⁇ , it was thought that it should be notified promptly and the network should be restored, and it was decided that network management was necessary even in such a small network, and it was impossible to manage it in the past. Let's manage even if the host whose IP address changes changes! / ⁇ ⁇ thing. The meaning of ping
- Ping is a program that implements the echo request of the ICMP protocol, and has been used for host reachability (live / dead) ⁇ .
- a ping is like a swarm detector, and when it bounces, it knows that a school of fish (or a host) is there. '
- the present invention has been designed as an alternative to "ing which cannot be used for a host whose IP address changes (different from the conventional host)". In other words, it is not intended to completely replace ping (in fact, many functions implemented by ping are implemented in the present invention! /, Nare, etc.), and reachability can be known by ping. For the first time, the present invention is used in place of Ping!
- the reachability of T (4100) is as follows: ⁇ is the age at which the communication partner is correctly reached and ⁇ is returned. , Equivalent to Thus, reachability can replace ping.
- the route trip time (round trip time) and the like included in the output of the ping are not considered, it is easy for those skilled in the art to add the calculation of the route trip time to the implementation of the present invention. .
- a redundant output such as a path circulating time and the like is desirable as a mounting point.
- the aim was to make use of the autonomy of the network of accumulation and exchange.
- the present invention has become popular because it can be implemented with a small start and can be implemented regardless of the scale, and it can be implemented without discarding any conventional technology, with high compatibility with the conventional technology.
- the possibilities are Les, and! /, L. Scope of application
- the mobile phone of the IP address [ ⁇ raw] is to turn off the Utsuhara of the laptop computer once, move (hotels on business trips or visits to the destination) and use the power again by AL ! U.
- the mobility of the IP address is defined as ⁇ handed over like an IP address while maintaining communication (for example, at the end of a move, at the end of a forest, etc.).
- Mopile IP IP Mobility, RFC2002 to 2006 is one of the most confusing IP address mobility.
- Mobinore IP is a technology that aims to receive a call originated by itself without receiving the return * 3 ⁇ 4r, and at least the main purpose is to send the originating terminal to the originating (that is, the mopil) terminal. is not.
- Mopile IP differs from that of the present invention in that a dynamic address is associated with a static address.
- the present invention verifies the static iS element and the dynamic address ⁇ regardless of the address movement that is not appropriate for the IP address mobility.
- the invention operates at the application layer and does not depend on the transport layer! ⁇ .
- OSI pen System Interconnection 0 ISO and a standard according to ITU-T.
- the present specification is to be understood in accordance with a series of UNIX standards that follow, and that it conforms to other standards such as OSI.
- the fact that the operation at the application layer is not restricted is not a limitation. Even though the present invention was later proposed as an alternative to a protocol operating at the network layer such as ICMP, this ⁇ is the first implementation of the present invention. It is assumed that the device operated in the application layer is within the scope of the concept of the present invention.
- Embodiments 1 to 7 illustrate what kind of communication can be used as a signing method.
- the way of signing is expressed as a previously agreed communication method.
- the communication port normally follows the protocol that uses the port.
- the communication ports have been described by diverting existing ( ⁇ unknown) ports.
- Example 1 the idea and algorithm that would be good! /
- Example 3 the age at which ⁇ (4100) is the network connection wisteria, typically ⁇ of ⁇ .
- Embodiments 5 to 7 show that the outline of ⁇ (4100) does not matter.
- Example 8 the structure and position of the net are shown.
- SNMP is used as a communication method agreed upon in advance.
- T (4100) is a computer, which has a direct dial-up connection. It is assumed that the SNMP agent is installed and normal correct relay settings are made. 38 shows connection state 1 of FIG. 37 described in detail in Example 8.
- the experimental fiber can be constructed by implementing only this part, so we experimented on UNIX.
- For Windows-based OSs replace DNS with ISC-version BIND (the Internet's standard DNS since it was adopted by Parkley-version UNI as the first implementation of DNS). Or replace it with the ISC version of BIN D.
- An alternative is a DNS server information such as the dig command included in the ISC version of BIND. Information that can be scrutinized externally.
- SNMP manager a Microsoft manager may be used, or a product such as OpenView (registered trademark, the same applies hereinafter) or the like may be newly introduced.
- a Windows-based OS In the case of a character string processing environment, a Windows-based OS is not fully included in the OS, so it has the ability to prepare a separate character string processing environment, and a program for implementing the present invention. It may be better to incorporate it during development. (However, this ⁇ is included in the ISC version of BIND; there is also a problem with the program interface for the output of the ⁇ 1 ⁇ 2dig command. It may be less effort.)
- T (4100) a PC is used: for the age of the Windows-based OS, WindowsNT and Windows2000 can be used as they are because SNMP agents are included.
- the present invention can be difficult regardless of the type of the OS.
- ⁇ is the same as or similar to the ⁇ el known 'port specified in RFC1700 ASSIGNED NUMBERS.
- the RFC originated from a document published as "Request For Comments" in the AR PANET development era to make it easier to agree on a communication method. It functions as a standard summary in communications.
- SNMP Simple Network Management Protocol
- the community ID and the object ID to be used for confirming the reachability of T (4100) are agreed as the communication method, and the value of the object ID set in T (4100) is returned as a response to be answered. Agree.
- PUBLIC is used as the initial value for the community name
- sysName indicating the host name is used for the object ID.
- sysName is not set explicitly in SNMP Agent settings, but simply quotes the host name of the system.
- the host name set in T (4100) is the fully qualified domain name (Fully Qualified Domain Name. Host name + subdomain name + domain name) registered in D (IOOO). ) Force S is assumed to be set. Few DNs can be set on only a few devices, and only host names that do not include a domain name can be set. This is ⁇ , but B is used for the answer value to be answered. For the desired age, see Example 2. It is simpler to use the alternative to B as the answer value to be answered.
- Table 02 shows the items required for communication settings such as ⁇ (4100) name registered in S-1 (2000) and the reply to be returned.
- S the sequence in the communication model is executed by receiving the countersign. After that, S reads the answer to be answered stored in S and compares it with the answer to be answered by T (4100) force, which is cleared by the counter sign. Then, based on the truth of the result of comparing the answer received (the answer to be answered by T) with the internally stored answer to be answered, whether or not the force has the correct reachability to T (4100) is determined. . It should be noted that a variable is required to temporarily store the received reply when the return * ⁇ f is received, but this is also self-evident in Kagome Engineering, and this variable itself is included in the present invention! / For the most important reason, simply a reply to be received.
- ⁇ ⁇ May be stored as a record in a sequential file, or accessed through a DBMS. It can be a database. Also, prepare a program for each T (4100) and describe the settings in the program It's also a way. These can be selected according to the volume of T (4100) managed in S-1 (2000).
- the method of embedding directly in the program is a relatively good choice, where the number of T (4100) is relatively small, at most several hundred.
- the content set here only needs to include the required power S per ⁇ (4100), and additional information may be added. As an example of additional information, D (1000) Sumito who operates the domain name used by ⁇ (4100) can be considered.
- the address of the IP address information notification server is stored. Also, the order in which the items are arranged is not limited to that shown in Table 02, and may be stored so as to be confusing as T (4100).
- the storage device indicates the external unit ftg.
- the external storage device does not need to be a local device built in the memory of S-1 (2000) or T (4100)! /
- the temporary storage is a record that does not need to be deleted when ⁇ is restarted, etc., and is deleted in a relatively short time.
- T file which is expanded as a temporary file on a hard disk drive or the like.
- Non-volatile memory in ⁇ memory cards such as CF cards and smart cards, storage devices such as hard disk drives with PCMCIA interface or ordinary hard disk drives, diskette drives, MO drives, tape devices (or DVD-RAM) Storage device using a removable storage medium, such as a CD-RW or a CD-R or a CD-R to create an image), and the frequency of masturbation is extremely low.
- Removable storage such as CD-R ⁇ M, DVD-ROM, ROM cartridge, etc. ⁇ It is possible to use a body to write a letter.
- the type of the interface must be the same as in the case of a hard disk drive that does not require EBIJ to determine whether it is a SCSI interface or an interface. Need not be distinguished.
- a name query ⁇ : must be performed for D (1000) operating the domain name used by T (4100).
- D (IOOO) in terms of »
- the DNS that uses the domain name used by T1 (4101) is D1 (1001)
- the DNS that uses the domain name used by T2 (4102) is D2 (1002).
- D1 1001
- D2 1002
- T3 44103 If the DNS that operates the domain used by D1 is D1 (1001), it is better to summarize the name queries of T1 (4101) and T3 (4103) to D1 (1001).
- S202 and S204 are address confirmation. This solves the problem of cache lifetime.
- Figure 25 shows an example of the output of the name question ⁇ :.
- the underlined part is the IP address of T (4100) that was last updated for D (1000).
- the sentence I is applied to this output result, and only the underlined portion is extracted, and the IP address of T (4100) is obtained (S204). This is temporarily stored in the storage device. More precisely, in order to confirm the reachability in the next step, substitute the address indicating the destination T (4100).
- Figure 26 shows an example of the output of ⁇ that resulted in an error in the name query ⁇ ⁇ .
- the DNS server is correct, or the DNS server is down.
- Figure 27 shows an example of the output when a name query error occurs. This is an example of a case where T (4100) is not found (information indicating ⁇ (4100) is not found in the DNS record). From the actual case of the cache problem, the IP address of ⁇ (4100) is calculated by the resolver of S-1 (2000) pointing to D (1000) or the TTL of D (1000) (cache lifetime). ) Are very short, and # ⁇ etc. can be omitted.
- an error check as shown in FIG. 24 may be performed as necessary. If the failure has occurred at D (1000), the response received at S204 will be irregular. The age at which ⁇ ⁇ ⁇ ⁇ is detected in S402, in which the data received in S204 does not include the data indicating ⁇ (4100), is treated as an error. Also, ⁇ ⁇ ⁇ which has no response from D is treated as an error in S402. At this time, switch to another D (1000) within the range of the redundant D (1000) (S408 to S410), and if that is not possible, stop the processing. Stopped here: ⁇ is judged to have no reachability to T (4100) even if the state of T (4100) is normal. If the reliability of D (IOOO) is sufficient, this error check can be omitted. In this section, we explained about the tour within the redundancy range of D (1000)! / ⁇ . Sign & 'Counter Sign
- S206 communication, that is, a signature is performed with the IP address of T (4100) obtained in S204 by a method agreed in advance. If the address can be omitted, it is not necessary to transform it into an IP address. (Even with ⁇ , make an inquiry using the IP address obtained when DNS is looked up.)
- the reply of S206 is returned: ⁇ is temporarily stored in the reply, and if the reply of S206 is not returned, the end code of S206 is temporarily stored. Then, proceed to the error processing of S216.
- FIG. 28 shows an output example when the host name of T (4100) is subtracted by the SNMP GetRequest instruction.
- Figure 29 shows that the communication in S206 failed, the host name was incorrect due to the influence of the cache life time, etc.! /, Or: ⁇ That is, the destination host was set to accept SNMP! /, A certain age shows an example of a host that has failed.
- FIG. 30 shows an example of the age at which the communication in S206 failed, the partner was the one who accepted SNMP, and the community name was wrong: ⁇ .
- T performs error processing in which S-1 (2000) SNMP GetRequest commands cannot be received. GetRe of SNMP as shown in Fig. 29 and Fig. 30 If an error occurs in the quest instruction, the response in S206 is returned only to the error output, and nothing is returned to the standard output. In such a case, the end code (indicating an error) may be substituted as a flag.
- Figure 31 shows the age of SNMP object ID designation errors. This: ⁇ should be determined in S212 because the value of the corresponding object ID is returned normally and does not result in an error in the SNMP GetRequest command. In the example, sysLocation is used.
- this response is compared with the response set in S-1 (2000), which should be a response of ⁇ (4100) force, and which should be answered in the communication in the agreed upon system. Is determined.
- T (4100) is a host that operates normally, has correctness, and has reachability at the age of S214 when T (4100) actually responded to (communication using the above method).
- the output means of the result display of S214 and S216 includes a standard output, a normal console comprising a keyboard and a display device, or a log file stored in a storage device. It may be output to another host via a communication line on TCP or IP such as Syslog, X, SNMPTRAP, etc. Also, by connecting as an input to the SMTP server program, you can send e-mail, which is convenient when linking to maintenance described later. These may be output in combination of two or more, or of course, printed out on a paper medium. In order to carry out the present invention, the above-mentioned output method is to output the force to the fiber in a unique way, or to use a certain! / To proceed to the subsequent processing! /.
- the output is classified according to the authenticity of the result of the reachability check.
- the output of ⁇ is intended for fault detection: ⁇ is not output and T is good.
- T (4100) happens to overlap with the timing of requesting update to D (1000)
- a failure occurs in 4 (4100) and it looks like it is ⁇ . If so, it should naturally converge to a normal state. If you consider such, there is a power S better ⁇ which is not detected as a failure at this time.
- the monitoring program is executed by the timer, so by setting an error flag at the step next to S216, not shown, the force passing through the step of S216 is the first time or the second time. It is possible to detect whether it is later. At the time of normal recovery, it is better to clear the error flag in the step following S214, which is not shown.
- T (4100) is lost, not a timing issue, so it is not just to write to a log file, but to raise an alert, to ring a pager, or to mail It may be advisable to prompt maintenance or recovery by such means as notification. This age cannot be reached and cannot be notified to ⁇ (4100) itself, and should be communicated to the administrator of ⁇ (4100) by contact. However, in this case, it will be notified to ⁇ (4100) in the following expressions. At this time, if it is necessary to move to the maintenance or recovery stage, if ⁇ (4100) is disconnected from the Internet for some reason, etc., can ⁇ ⁇ (4100) be found?
- SNMP can know almost anything about the state of the T (4100) system as long as it can communicate. It is also possible to change the settings.
- the present invention does not aim to utilize the powerful management function of SNMP, but rather to identify a host that cannot be identified otherwise and receives a dynamic IP address assignment that is often overlooked. It is to try to determine whether the bacteria.
- the subsequent management method is likely to be SNMP.
- SNMP should have already been available in T (4100), so assuming that ⁇ ⁇ ⁇ ⁇ ⁇ is used as is, SNMP was used to determine authenticity. (The age at which reachability by methods other than SNMP is unnecessary, which will be described later.)
- PUBLIC which is the initial value of the community name
- PRIVATE the initial value of PUBLIC
- T (4100) side the IP address of S-1 (2000) is forgotten, and if the IP address of S-1 (2000) is not accepted, the access is not accepted. Control should also be performed.
- T (4100) dialed up.
- a network connection is made while T (4100) does not directly dial up, and this network connection ⁇ is dialed up.
- IP address can be obtained by a dial-up router called an ISDN router, or a PP PoE, PPPoA, DHCP, etc. called a broadband router, etc. Dynamic network address conversion such as IP masquerade (NAT).
- Network connection ⁇ (hereinafter referred to as “ ⁇ ”) that allows multiple computers on the LA to receive the global service using T (4100) is only in contact with the customer's LAN (see connection type 4 to connection type 6 in Fig. 37) .
- ⁇ configure static NAT or port forwarding.
- T (4100) dials up male! /, And T3 ⁇ 4 (even if not directly connected to the Internet, even if not) From S-1 (2000) as in Example 1 and Example 2 You can determine the authenticity.
- any device that can be assigned an IP address is called a host.
- a router or a NATBOX is referred to as a host if it is assigned an IP address (that is, as long as it is a communication node), using this concept. That is, in the fourth embodiment, the host is the router power ST (4100) for dial-up.
- T (4100) is a network connection such as a dial-up router because it implements SNMP (see state 2 in Fig. 37). At this time, the operation of IP masquerade etc. If there is a dynamic NAT function, even if the ffS / lator does not have a function to dynamically update the DNS, a PC on the LAN can update the DNS (see connection 3 in Fig. 37).
- DOMAIN (DNS) is used for; ⁇ of communication agreed in advance.
- T (4100) is a computer, which implements BIND, and that version information is set (explicitly changed) and reported.
- DOMAIN DNS
- this version information is used for the reply agreed by both parties.
- T (4100) is a direct dial-up connection, a network connection, a network connection; It is assumed that port forwarding has been set.
- the watching program is timer ⁇ ⁇ ⁇ f.
- the answer to be set in T (4100), which is to be answered in the communication in the agreed-upon method, is the version information changed to any sentence returned by the BIND operating in ⁇ (4100).
- T (4100) can share DNS service with Hi for a local LAN environment.
- FIG. 32 shows how to set the version information in BIND, which is set in T (4100).
- this version information is explicitly set and returns the version of the program itself as shown in Figure 35.
- the version information of the program was strong, it would be clear how to attack the attacker via the network, so the version information was intentionally changed to increase the effort of the attacker. It is. However, since it can be set arbitrarily, here is an example as a reply to answer the material after replacement of B
- S202 and S204 are addresses. This is the same as in the first embodiment.
- Fig. 33 shows an output example when the purge information in BIND is retrieved by dig.
- the underlined part is the answer that must be answered in response to the previously agreed ⁇ : communication, which should be the response from T (4100), set to S-1 (2000) (Fig. 32 Underlined part) )
- T (4100) has been assigned, the IP address is currently damaged, no host exists, and T (4100) has been assigned.
- (4200) indicates: ⁇ indicates that the BIND was not operating at T '(4200).
- T (4100) is assigned and IP address is assigned.
- IP address is assigned.
- ⁇ Indicates that BIND was operating at T, (4200). This ⁇ should not be an error in the output of the dig command, so it should be determined in S212.
- this reply is compared with the reply to be answered stored in S-1 (2000) to make a determination.
- T (4100) is the host with the correct reachability at T (4100) power, with the answer to be carried carried by the countersign and the answer to be answered stored in S-1 (2000) coincident 214.
- S214 as in the first embodiment, it is better to write to a log file or the like or to proceed to the subsequent normal monitoring.
- SMTP is used as a communication method agreed in advance.
- T (4100) is a total of ⁇ t, and it is assumed that an SMTP server is mounted. Here, it is assumed that SMTP is used for the communication method agreed in advance, and the host name (FQDN) of T (4100) is used for the reply agreed by both parties.
- FQDN host name
- T (4100) has a direct NAT connection or has been set for static NAT or port forwarding via a network connection! /.
- the monitoring program is set with a timer.
- the reply to be sent to the communication in the agreed-upon method set in T (4100) is the host name itself set in ⁇ (4100).
- HTTP is used as a communication method agreed in advance.
- T (4100) is a total and it is assumed that a web server is implemented.
- HTTP is used for the communication method agreed beforehand.
- any sentence ij can be used for the reply agreed by both parties.
- T (4100) it is assumed that direct dial-up connection is established, or that a certain NAT is a static NAT via a network connection, or that port forwarding is set.
- any sentence can be $ SI, so this can be used as a reply to the agreed upon communication.
- Many web servers do not allow you to specify a file name, in which case it will open a file with the name index, html, etc. (from the Epsano to the client). All you have to do is write the character string to be answered here.
- the sentence ⁇ ij of the third word of the text is agreed.
- the third sentence of the text may be mistakenly changed at the time of updating, so agree on a different file name and agree on a specific character string in that file as a reply.
- HTTPS HyperText Transfer Protocol
- the serial number or fingerprint of the SSL server certificate or simply It is also possible to use an organization name, a company name, or a server name.
- the direction of restricting access from other than S-1 (2000), which performs the operation of T (4100), is different from the first embodiment and the second embodiment.
- HTTP is used for the method. As a paper, it would be effective for a group of people to be able to ⁇ .
- HTTP usually has the ability to listen on TCP port number 80. Often, HTTP is intentionally changed to another port number and listened on. In such a case, the changed TCP port number is agreed between S-1 (2000) and T (4100)! / ⁇ can be used to determine if ⁇ (4100) is correct! / ⁇ Host is reachable or not.
- NATBOX accepts web access to change the settings of NATBOX itself on port 88, for example, and reverse proxy on port 80.
- the communication agreed in advance in the seventh embodiment can be implemented by returning to the destination web server by the reverse proxy.
- ⁇ (4100) has a dial-up router! /, Connect via NATBOX! /, Ru 3 ⁇ 4 ⁇ and T (4100) dial up directly! Regardless of /, 3 ⁇ 4 3 ⁇ 4, any information is stored in the storage device of T (4100) as a reply to be answered, and the tirt self-stored information is transmitted for communication in any method agreed in advance.
- T (4100) is correct regardless of the communication method as long as it can be read from the storage device and at least a reply including the above information can be returned! /, Can be used to determine if it is a reachable host! /
- This example is normal for Example 7! /
- the example of the web server that listens on the TCP port has already been given.
- T (4100) can be functionally divided into: A host that dials up a, a host that dynamically updates b to D (1000), and a host that has the function of T (4100) in c. These functions may be distributed to different hosts for each function, or may be aggregated to hosts of each functional capability sl . These relationships are affected by the topology of the network.
- FIG. 37 shows the connection state of T (4100) in the customer network.
- the lightning-shaped line above the modem represents a telecommunication line, and the ellipse above it represents a network cloud.
- the small square at the top is S-1 (2000).
- a modem usually refers to a modem, but here it refers to a cable modem, ADSL modem (or ⁇ ), etc. (some are digital line terminators (two Digital Service Units), optical terminators (-Optical Network Units), etc. When there is, it refers to a device that includes a physical boundary on a communication path without including a routing function (including this for convenience of explanation).
- the modem is depicted as an independent device in Fig. 37, there is 3 ⁇ 4 ⁇ incorporated in the network connection computer.
- a function similar to a modem is built into the network connection ⁇ and the computer, and in the case of ⁇ : ⁇ , it is assumed that the function is as a network connection view and a computer. Therefore, in the present invention, the modem is a communication function _ £ i. Even if it is necessary, the modem does not constitute a TCPZIP-like network boundary. Shall be.
- the one drawn just below the modem has the function of always dialing up.
- the one belonging to this is the network connection ⁇ and the computer.
- a network connecting bacterium refers to a device that has a routing function or a protocol inability to form a TCP / IP-like network boundary. In FIG. 37, it is described as "router etc.”
- a computer is defined as a computer that can be programmed by the user. If it is assumed that the computer has the same function as a network connection T, the network connection indicator is referred to as a computer. Shall be distinguished. This includes user terminals and the like. The following description will focus on which device T (4100) is, depending on the situation.
- Example 1 A typical example of Example 1 is referred to as Connection 1. This is where the calculator dials up directly.
- Example 2 is also the same.
- the host that updates D (1000) in b and the host that has the function of T (4100) in c are the same as the host that dials up.
- the host that dials up a that is, a total, constitutes the network boundary. For this reason, for example, if you implement NAT: ⁇ or VPN tunneling, you can configure the application gateway with the function of network connection ⁇ , such as However, it is also possible to establish a network connection to the meter sea at the spring.
- the network is connected through a network connection view: t is the age at which the network connection ⁇ is a host having the function of T (4100) in c.
- a typical example is contact state 2.
- the network connection target could not update D (1000). It is.
- a host that dials up a, a host that updates D (1000) in b, a host that has a function of T (4100) in c, and S are functionally divided. This function is distributed to computers and network connections. This is a typical force connection 6 of: ⁇ .
- connection 4 ⁇ means that the network connection ⁇ can update D (1000), and ⁇ (4100) is not feasible (that is, there is a function of b and no function of c. ! / ⁇ )
- This configuration can be adopted for the age.
- a host to be dialed up by a is a router or the like.
- this can be replaced by a computer.
- the cage has a T ( Since it can be used both as a host having the function of 4100) and as a host for updating D (1000) of b, mrni can be used in any embodiment. That is, Example 3 and Example
- the router at the position a may be a computer.
- the host that performs the dial-up for a has a static NAT for a host having at least the function of T (4100) in c, and that port forwarding or the like is set.
- FIG 37 there is a host dialing up a just below the modem, but under this network there may be a network connection ⁇ that is not just Kamenada! / ⁇ . This indicates that the LAN configuring the customer network configures a multi-stage LAN, and that the configuration is different.
- Embodiments 5 to 7 can be used in all contact states. However, Embodiments 5 to 7 are applied to the return form 2 ⁇ contact form 3: For ⁇ , return the counter sign that carries the answer to be answered by the web-connecting bacteria. Must be configurable. A host that dials up a, a host that dynamically updates b to D (1000), and a host that has the function of T (4100) c) must be installed on the same LAN (or the same location). Then, from the point of view of the wide area network, this LAN is on the edge of the network. Here, the wide area network is assumed to be the Internet. (Actually, NAT is required.
- a, b, and c In communication via the wide area network, a, b, and c cannot be fSIJ each. It is a collection of computers connected to the network that behaves like a single communication node to the Internet (they do not have an LA, such as a terminal-type dial-up to the Internet, services, and In the present invention, this is referred to as a customer network or an end site.
- the end site is particularly the edge side of the wide-area network: 1 ⁇ It is the same as the customer network except for the point of interest.
- wide-area networks include Type 1 telecommunications carriers and Type 2 telecommunications difficulties.
- a network based on TCP / IP is conceivable. Since this 3 ⁇ 4 ⁇ is based on NAT, it is possible to access T (4100) directly from T (4100) from D (1000) or S-1 (2000) on another network by routing without using NAT.
- the Internet is used for description. However, the present invention is not practicable only on the global Internet, but only needs to be communication using TCP / IP.
- Table 03 shows the relationship between the customer network and the external network. (Table 03)
- (1) refers to ⁇ with only one terminal, which does not constitute a LAN like terminal-type dial-up to the Internet 'service provider. It is considered to be connected to the network (not a stand-alone) because it is connected to the Internet. LAN is configured Therefore, it may be argued that the customer network will not be used. It can be considered that the customer network with only the loop pack is covered and connected to the WAN. 3 and ⁇ 5 shall conform to 1.
- TCP / IP network that is not connected to the Internet, which is a type 1 telecommunication or type 2 telecommunication affair, and is a WAN. This is the case with the Noscon Communications FLET'S (registered trademark) office. There is no problem to treat it as ⁇ in 2.
- D (1000) is private is limited only by the naming rules of the domain names used for the conventional private network, and does not affect the present invention.
- a private network generally means a dedicated line (and similar services, such as ATM ⁇ Gallink and IP-VPN etc.) that are routed for use in paper weaving.
- IP-VPN the routing to the customer network (inside. Because it reaches the end of the network naturally) is not set.
- the type 1 telecommunications H ⁇ and the type 2 telecommunications S are services that collaborate, and the age at which routing is performed should be considered in 6! / ⁇ .
- the external network can directly access hosts on the customer network by routing ⁇ .
- this age means that even if T (4100) is not located directly below the modem, the dial-up host of a will not be dynamically assigned an IP address from the upstream network, but will be on the customer network.
- the IP address is also dynamically assigned to the DHCP server (relayed by DHCP! /, ⁇ R ⁇ r ⁇ S! ⁇ ⁇ ⁇ ). This would be equivalent to 3.
- the RAN having multiple stages means that the logical segments are divided and routed in addition to the multiple stages merely by haps or the like. this:! ⁇ , S—1 (2000) is connected to T (4100) If the LAN connected to is different from the LAN connected to, consider the LAN connected to T (4100) to be a customer network and consider it the same as 46.
- both the physical segment and the logical segment are separated.
- the present invention can be practiced, when the LAN is only one step, that is, when there is no external network ⁇ , the host does not need TCPZIP-like relay, and all the hosts can communicate male and local, so dynamic IP Even if it is a host with address assignment, it would be more realistic to use reachability 3 ⁇ 43 ⁇ 4 with a protocol other than TCP / IP without referring to the private D (1000).
- the force T (4100) is a stand-alone ⁇ ⁇ , which is not considered in the present invention. This is because there is no partner to communicate.
- the age of 246 shall be 8.
- Fig. 38 mainly explains the points that can be a problem with: ⁇ in a multi-stage LAN.
- Fig. 38 shows the breakdown of the LAN in the customer network, but the same applies to the Tsuruno 3 ⁇ 4 ⁇ of the private network, which is not connected to the Internet, and suffers from telecommunication difficulties. It is considered that T (4100) indicates a portion directly connected to the relay.
- Network 1 and Network 2 may be LAN and WA, respectively.
- FIG. 38 shows patterns 1 to 3. Pattern 2 and pattern 3 are similar to those in Table 03. Turn is no problem.
- the 3 ⁇ 4 ⁇ that can be a problem here is that of Noturn 1, and Network 1 is the LAN's ⁇ ". Similar to the single LAN # ⁇ listed in 7 in Table 03, T (4100) and S ( — Since 1 (2000) is on the same LAN, it can be considered more realistic to achieve reachability using a protocol other than TCP / IP, but this means that on another network (4100), and if S-1 (2000) here also controls
- P (4000) is considered to be a network that includes T (4100), we will explain the features when functions are combined from the viewpoint of P (4000).
- network 1 including T (4100) corresponds to P (4000).
- P (4000) is a ⁇ which is DHCP T ⁇ , and the following description is based on the assumption that network 1 is a network including a DHCP server.
- network 2 is simply a network, not network 1.
- S-1 (2000) and P (4000) are the body: ⁇ . This is the pattern 1 in Fig. 38.
- S-1 (2000) can confirm the reachability of T (4100) without using the present invention according to Condition 1 described later.
- S-1 (2000) cannot determine the correctness of the relationship between the real image and the mapping. That is, the reachability ⁇ of the present invention is required for the host I obtained by D (1000) for ⁇ ⁇ ⁇ ⁇ (4100).
- P (4000) is the one that assigns an IP address to T (4100) here! / U.
- P (4000) can also understand whether or not T (4100) is connected and switched.
- P—D (4500) can be set for reverse lookup.
- P (4000) can know the change in the state of T (4100), and can reflect the change in the state of T (4100) in D (1000).
- the host name itself in the dynamic DNS is an age that has the followability and the iglj property.
- the host i ⁇ ⁇ refers to the possibility of reference from an external network by a static child.
- D (1000) is a DNS
- accesses from external networks are affected by the cache.
- the power that has been described separately so far » is hard and difficult. This is thought to be due to the difficulty in comprehensively explaining how the networks are connected, and can be broadly classified according to where the routing stops, regardless of whether it is a LAN or WAN, as follows.
- S-1 (2000) can identify each host of ⁇ (4100) as another host if T (4100) can be reached directly by the knowledge.
- ⁇ (4100) has a function of dialing up (receiving dynamic address assignment), a function of updating D (1000), and a function of being ⁇ (4100).
- dial-up host Due to port forwarding, etc., the external network power must be S-1 (2000) to reach ⁇ (4100) ⁇ 1 ”or the host to dial up to ⁇ (4100) It can be reached by routing: it is a little more complicated than ⁇ , and has been described in more detail in the examples, including the ability to dial up (receive dynamic address assignment) and (1000) update function and ⁇ (4100) barrel function That is, the function of returning the counter sign or the function of increasing reachability) may be carried out by three independent hosts r3 ⁇ 4 or one other host. There is a townhouse in that ⁇ (4100) is ⁇ .
- a router with a web interface for changing the settings which has a web interface for changing settings.
- Some »such as firewalls have a ⁇ that listens to web access for setting change at port 88 (for example, a port other than 80 # ⁇ — port).
- these products for end sites have separate interfaces for the WAN side and LAN side, and access control is applied to many ports on the WA side.
- the network connection device (even if it is not a firewall) waits for web access for setting change at port 88 (a port other than port 80, such as port 80), and the access is controlled. At this time, normal web access is awaited on port 80, and no access control is performed for this. It is a good idea to run a reverse proxy on port 80 and to use the reverse proxy to implement the
- the method can be used as a method that combines the embodiments, such as a method in which FQDN is agreed as a reply (instead of the sysName of SNMP but HTTP) as in the first embodiment.
- FQDN is agreed as a reply
- it is located on the customer network, it also functions as described above even if it is located at the computer in the expanded state 6 that can be connected only to all the locations in the connection form in Fig. 37. It is conceivable that the device was connected to a network, but another network is under its control. Also, always no need to be a host wherein configure the device dials up a in flame Figure 37.
- ⁇ described here is the dial-up host of a, as shown in FIG. # ⁇ Is a network that requires NAT, and if port 80 is used for the above-mentioned sign 'and' counter "sign", port forwarding etc. is required when providing web services Therefore, it is necessary to announce the port !, which means that you will not be able to connect to the customer network and try to use the web service. In such a case, it is advisable to wait for a signature on a similar port, that is, a port for HTTP setting, a port for device setting, and a port for network management using the sign 'and' counter sign. Ports that provide web services for public browsing. El-known ports (However, the port forwarding It may be configured to listen on three types of ports.
- Example 9 the communication is fixed at HTTP and the reply is FQDN, thereby simplifying the communication.
- scalability is inferior to a so-called computer. This does not mean, for example, that it is only necessary to implement additional programs when adding functions, but it is necessary to obtain firmware, etc., which may not be easy for some users. There is a problem. Therefore, in the ninth embodiment, it is possible to compactly implement in advance T ⁇ for a network connection view such as a router or a NATBOX, which has a limited storage device capacity.
- ⁇ (4100) may be, of course, not only the network connection ⁇ , but also a computer, or a dedicated device only for returning the countersign because it can be implemented compactly.
- the dedicated device only needs to have the function to make the S-1 (2000) reachable, and of course the interface may be one.
- the interface may be one.
- connection 6 in FIG. 37 if it is located at c (which is difficult in FIG. 37, but this is the dedicated device), the network outside the dial-up host is connected to the Internet, etc. ⁇ ⁇ ⁇ ⁇ ⁇ (4100) is reached by the routing of 3 ⁇ 4 "C Kina! /, If the network ⁇ is set to static NAT or port forwarding etc.
- the device can be reached from the external network
- the system is simply assigned an IP address on the LAN, it will be referred to as a unit from the external network, and a dedicated device will be reachable here.
- the customer network and its boundary nodes have correct reachability, that is, here, we have one interface that simply implements Example 9.
- reachability ⁇ simply by making a host that dials up settings such as port forwarding, etc.
- Such a device can be manufactured at low cost because of its simplicity. It can be used as a base or a kit, and if it is implemented as software, it can be used for a cage, Can be omitted. This should be a removable storage medium that is mounted on the storage medium weaving device described in the section! / ⁇ .
- Example 10
- T (4100) proposes a method that is effective for a mopile terminal.
- the mopile terminal is, for example, a mobile worker itself and a so-called PC.
- the “relay PC” simply refers to a terminal that is used by a U user and that is difficult to use.
- T (4100) may be implemented as application programs.
- the browser software In order to incorporate the browser software, it is advisable to use the browser software as a control for answer setting to be answered, etc., and to return the answer to be answered by resident software for standby called separately from the browser software. .
- Example 7 a web server has already been installed, and it is of course acceptable to use it for 3 ⁇ 4 ⁇ , but a ⁇ ⁇ You may wait for the sign at the port.
- the browser software also displays the result of reachability ⁇ by a separately called reachability ⁇ program.
- browser software can be used as a user interface that performs both ⁇ (4100) and s functions, whether it is an external program or an internal program. (Practical application)
- the destination to display the result is i / e! /, And from the viewpoint of ⁇ (4 ⁇ ), s-i (2ooo), s-2 (5300) and D (1000). This is expressed as an object. (Of course, the object of the leak is always T (4100), where the object means who benefits from using the result display.)
- the difference and reachability ⁇ are used as a substitute for ping.
- T Failure detection for T (4100) is a more restrictive concept, and as described in Example 1, T It is to detect the failure of (4100) and prompt the failure pair to T (4100).
- This 3 ⁇ 4 ⁇ ⁇ (4100) is not ⁇ (4100) as a communication node, but is the owner of ⁇ or a human such as ⁇ tube ballot
- the display for S-2 (00) is simpler and broader, and simply displays whether or not the force correctly reaches 1 to T (4100).
- a filter is not just a display, it attempts to use reachability results in subsequent actions.
- the subsequent action was a human recovery process.
- the subsequent action is a program and is executed by being incorporated into a series of processes.
- a description will be given as to whether or not ⁇ (4100) should be considered to be an obstacle when inability to reach ⁇ (4100) is detected.
- # ⁇ is detected as abnormal.
- failure detection is the same concept.
- other ⁇ for example, the age of the filter and the display, etc., are intermittently repeated connection and disconnection. The stance that it is normal as ST (4100) is not taken, and the unreachable age is also normal.
- T (4100) The status that the node (4100) must always maintain accessibility from other hosts is a failure if the node (4100) cannot access the node. It is not always necessary to access because of repeated connection and disconnection to the network. At the age of ⁇ (4100) ⁇ , it is not possible to access, the state is not T, and it is not a special obstacle. Failure detection
- Notifications to the owner of the tube include emails and pagers. Notifications for management include SYSL0G and SNMPtrap. Although these are notifications that refer to humans, they are actually assignments to subsequent programs, so they may be included in filters described later. This is explained in detail in Wei Example 1. Of the display:
- V a place to use as a so-called ping alternative (i.e. just to know if the host is correct! / It is.
- the indication for the public is to indicate to S-2 (5300) whether the result of reachability T of T (4100) is true or false.
- the age at S-1 (2000) is the client's behavior.
- S—2 (5300), which is the terminal used by the one boat 1J user 3 ⁇ 4 ⁇ is the peer-to-peer-peer model.
- the S-2 (5300) of the client 'Sano' model may be an unspecified majority.
- S-2 (5300) of this; ⁇ is a mere communication node on the network, and does not need to implement the function of S, that is, the function of recommending reachability.
- this :! ⁇ Is an indication for the public rather than for S-2 (5300) itself.
- the subject S—1 (2000) that ⁇ of the encounter of: ⁇ is not necessary to be the same as the one that detects a fault because of ⁇ (4100).
- the subject is S— Even if it is 2 (5300), what displays the result of reachability confirmation for other S-2 (5300) can be considered to be S-1 (2000), where S-2 ( 5300): ⁇ is generally simply reachable for itself.
- the present invention is used as a means to ⁇ the reach of the S-2 (5300) force ST (4100):
- FIG. 39 shows an image of 1 ⁇ 2.
- S-2 indicates the host name or IP address of the other party to be directly examined.
- the first corresponds to the phase of 1 in Fig. 39 (b), and S-2 (5300) has entered 14 ⁇ on the web page! This is an example of a screen for specifying /, ⁇ (4100).
- the second is a screen displaying and displaying the resulting 4 in FIG. 39 (b), where T (4100) is correct and reachable.
- the message content may be "online” or “attendance” like an instant messenger, or "reachable” like a ping.
- Method Connect to normal SNMP management by assigning a reachable host.
- V so-called, operate as a filter.
- the concept of a filter is to use the output of the preceding program as the input of the following program. It is equivalent to the concept of a pipe in UNIX. For example, it is similar to a sort program.
- the sort program reorders some output results and connects to the next process.
- use the present invention as a sensor. Detect changes in the relegation and connect the results to conventional management.
- ⁇ (4100) is a host having the correct reachability, it can be connected to subsequent processing.
- the conventional monitoring process by MRTG or OpenView ( ⁇ (4100) is a fixed IP address and is equivalent to the case where reachability is not required) is given.
- ⁇ (4100) is a fixed IP address and is equivalent to the case where reachability is not required
- ucd-snmp-4.2.1 and rartg ⁇ 2.9.17 were used.
- MRTG is a software tool that graphically displays information (eg, CPU load factor, etc.) that changes with the current network traffic status and time.
- MRTG includes the functionality of an SNMP manager (and is therefore treated here as an SNMP manager). Usually used separately with the SNMP manager.
- the result of the filter age and the reach of the filter performed in S-1 (2000) is processed as an object.
- the owner or administrator of T (4100) operates a separately accessible management system.
- the object is the owner or manager of T (4100); see ⁇ for failure detection: ⁇ .
- the static IJ child and the dynamic address at the time that it has the correct reachability are included in SNMPTRAP etc. and notified to the owner or manager of T (4100). Do it! / ,.
- S-1 (2000) same as ⁇ .
- the subsequent processing is not limited to the conventional management.
- This ⁇ J ⁇ is the second example of the filter, which is a more filtering use than the first example.
- the following is an example of the user terminal S-2 (5300).
- IP essengerJ there is freeware that runs on a PC such as “IP essengerJ. Server-less (that is, peer-to-peer) real-time message transmission / reception software realized by directly specifying the message. (Note: Even if the application is the same, the server is unnecessary, so "IP Messengerj is an instant. It is not included in the category of messaging (RFC2778, RFC2779)! / ⁇ ).
- IP Messengerj is not an IP address and! /, A dynamic address, but simply a static identifier such as a host name. You can now specify your move.
- resolver operates as a pre-process of all sorts of application software
- present invention can also be operated as a pre-process of any program.
- the subject may be S-1 (2000) instead of S-2 (5300) only.
- IP Messengerj can now specify a host name as a destination. However, the problem disclosed in the present invention has been solved.
- Announced MA Announce the association of B.
- the mapping of the thread 1 ⁇ : ⁇ at T (4100) is not announced in the mapping announcement system D (1000).
- the resource record for ⁇ (4100) is deleted (hereinafter, the deletion of the resource record in DNS is included in the update as one form of update).
- ⁇ (4100) cannot be reached 3 ⁇ 4 ⁇ , other hosts cannot reach ⁇ (4100) as well Should be.
- the possibility of reaching the misidentified host ⁇ , (4200) has already been described.
- the mapping notification system D (1000) the mapping of iA: B to T (4100) is not disclosed, thereby preventing the occurrence of erroneous recognition.
- Patent Document 1 a keep-alive signal is described from ⁇ (4100) to D (1000), and this signal is no longer received by D (1000). Is not announced. This idea is to fiber the signal from the terminal like Beacon Notebeat. Same Patent Document 5 and the like are examples of such cases.
- Health check, check, and processing are performed on a force D (1000) force S, which is a unique system that does not use DNS.
- the entity of the health check encrypts the password used by T (4100) when setting thread 1A: B for D (1000) in a challenge-sponse form to prevent eavesdropping.
- the password is the basis of the idea.
- the reachability ⁇ realized by the present invention only needs to be a value automatically obtained in the first place due to the characteristics of the network.
- the personal shelf typified by a password (not a concept that is tied to J.
- the reason for accepting a proxy in the present invention and replying should be answered.
- This is a way to increase flexibility, which is woven into the basic philosophy, as described in the type of the password. Therefore, the password, the letter D (1000) and the letter S become a body! / It is naturally different from Patent Document 2, which cannot be known unless it is based.
- encryption is not mandatory. There is no need to keep the answer that should be answered as secret, as derived from the evidence and theory. That the answer to be answered is not a password means that the answer to be answered is strong even if it is known to a third party who can be leaked. Rather, it has a point that reachability can be achieved with the announced character string.
- Patent Literature 1 and Patent Literature 2 are bound by a fixed relation of D and ⁇ .
- S-1 (2000) or S-2 5300
- S S can detect that the reachability to (4100) has been lost, and this can be used as a trigger to update (consume) D (1000).
- S # 1 (2000) and S # 2 (5300) know the password that # (4100) uses when updating this # ⁇ ! / I need to. Knowing the password! /, As for the person who knows, the smaller the number, the better the quality.
- FIG. 40 shows an example of using TSIG in BIND.
- the method of deleting the entry indicating B itself ($ TARGETH0ST in the above script example, where ⁇ is the B itself as a destination) and the address of B 3 ⁇ 4 "to 0.0.0.0.0 or a private address
- the former was adopted.
- GNUDIP Using a package such as GNUDIP: should be implemented on the host running GNUDIP. If D (1000) and GNUDIP are running on different hosts, T3 ⁇ 4 should be considered as one.
- the update method is implemented individually according to the program running on the host that accepts the update. Good.
- the process should use a method that can be linked with the dial-up function shown in Fig. 37a.
- the update process itself is a conventional technique. Reachability can be used to detect T (4100) inequality on the network that triggers the update of clearing in D (IOOO).
- the reachability that D (1000) implements the S function: t does not involve the steps (2) and (3) as external host-to-host communications. But this only needs to be matched by D (1000) internally to itself. Therefore, the actual image and the mapping of the yarn 1A: B to be compared are not considered to be insufficient.
- D (1000) keeps announcing the last updated resource record even after T (4100) is disconnected. ⁇ Explicit offline from (4100) If processing is performed, D (1000) will not continue to announce information about ⁇ (4100) that does not exist, but if ⁇ ⁇ (4100) breaks the line, offline processing is performed. I can't do it! /
- D (1000) is T (4100) exclusive to (1000). If it was not a terminal for communication, it would not be possible to detect that T (4100) was no longer on the network. Since D (1000) is ⁇ (4100), it is ⁇ (4100) that is established only on the relationship between D (1000) and T (4100). D (1000) required that (4100) have a dedicated edge.
- this problem has also been solved by the present invention. That is, the present invention eliminates the need for a dedicated terminal.
- the present invention has a feature in that the source and destination in communication can make end-to-end reachability cranes, that is, the basis of the present invention is reachability.
- step 1 On the Web server side, first register T (4100) as a member of a specific group.
- the set of ⁇ (4100) registered in this way is called a database.
- Step 2 ⁇ (4100) Performs reachability ⁇ when power is also accessed.
- ⁇ (4100) returns the host name (that is, ⁇ itself) as the answer to be answered.
- Step 3 The Web server searches for a group that matches the host name whose database strength was also disliked.
- Step 4 The access permission according to the matched group is permitted to T (4100) as the transmission source.
- Step 5. The age of access from a terminal that does not implement the functions of T (4100), T (4100) that was imitated by the incoming I "raw, or T (4100) that did not match any of the groups Refuse the connection.
- the called party cannot automatically receive the calling number, so it replaces the reception of the caller ID with reachability confirmation.
- the counter sign is the caller number, a carrier signal that carries the answer to be answered.
- A which is a dynamic address
- B which is a static! S child. Therefore, in order to have the function of replacing call notification in the sense of circuit switching, an incoming “I” student is required.
- a Web server is used in the above description, but processing that can be closed following reachability is not limited to only the Web server.
- the host name was used in Step 2 of the t & IB procedure, but it is an alternative to B.
- T function and the S function can be mutually performed between TSs. Refer to Example 10. By doing so, it is possible to create a more closed circuit than the age of Jingjiang who touched it. By the way, in the case of circuit switching ⁇ , the called side selectively responds to the calling You can allow or deny.
- S can also permit or reject an incoming call from T (4100), depending on the answer to be answered by T (4100). Note that the positions of T (4100) and S are reversed, as if they were hated. With such an application, it is possible to replace access control. Since this method simply satisfies the reverse pattern of closing a job, it is thought that it will be easily conceived in the explanation so far.
- the cache mechanism is a device to reduce the traffic woven into the DNS. Therefore, just invalidating the cache can increase traffic; ⁇ rf.
- the traffic here refers to only DNS traffic. Therefore, the aim is to reduce only DNS traffic.
- the public service, DNS, and increasing the load unnecessarily, is a social request and responds to this.
- the traffic between TSs corresponds to the frequency of communication between TSs.
- steps (2) and (3) are omitted, and when S does not reach T (4100), that is, after the correctness of reachability 3 ⁇ 4S3 ⁇ 4 is no longer reached, (2) and (3 )).
- the dynamic address for the destination T (4100) after reachability has been stored is stored in this local memory, rather than performing name resolution or the address ⁇ shown in Embodiment 1. After that, please send your signature to the address showing ⁇ (4100).
- a dedicated memory [f ⁇ ⁇ ] may be newly secured in the process of address confirmation in S, or a cache may be expanded on S.
- the former method of reserving a new dedicated storage area is an application program solution.
- the process returns to the address; ⁇ immediately without waiting for a fixed time. At this time, a flag or the like may be used to implement the separation.
- next time reachability is reached, before S202, it is determined whether or not the flag is standing, and the process branches. If the flag is set, the address that has been memorized is substituted into the address indicating ⁇ (4100) in S204. And start with S206. If the flag is not set, start from S202 as usual.
- the flag was set in the case of reachability (S214), but may be reversed (S216)! /. At this time, naturally, reverse the steps before S202.
- S S-1 (2000) and S-2 (5300) as S.
- S be the third filter example D (1000) shown in the practical application: similar to ⁇ .
- Setting D (1000) to S is the same as omitting the communication between hosts, because the name query is internal rather than omitting the name query ⁇ :.
- D (IOOO) internal name resolution is not possible, S-1 (2000) or S-2 (5300) In, the internal name resolution was made by memorizing the address of T (4100) which arrived correctly.
- S-2 (5300) in the case of the client 'server' model can be an unspecified number and does not need to be implemented and implemented in S functions.
- the reason for adopting the client-server model is to make it possible to collaborate with reachability and! / Service for existing communication nodes that do not implement the S function.
- Figure 41 (a) shows the 3 ⁇ 4 ⁇ that adopts the peer-to-peer model.
- the age of the peer-to-peer can be either S-1 (2000) or S-2 (5300). Therefore, S-2 (5300) in the figure may be read as S-1 (2000).
- Fig. 41 (b) shows 3 ⁇ 4 ⁇ that adopts the client-server model.
- the peer-to-peer model is for small-scale communications
- the client-server model is for large-scale communications.
- the 'client-server' model is not an ingenuity to reduce traffic related to name queries, but contributes to coordinating the relationship between invalidating the power cache and increasing traffic.
- Human authentication is a password.
- the host can be authenticated by using an X509 certificate or an IPSec authentication header.
- the reachability ⁇ of Ken (communication node) on the network is the sign 'and' counter sign It is.
- human recognition, testimony, host authentication, and host reachability are parallel concepts.
- reachability confirmation of a machine is a looser concept than authentication in that it is not a special permission (for example, not permission of access right). It is a process of recommending something.
- Condition 1 T (4100) is not on the net! / ,.
- the reachability wister can be modularized.
- Interface power If S is standardized, it can be further theoreticalized, for example, by using a program running on S as a manager and a program running on T (4100) as an agent.
- the purpose doesn't matter! / ⁇ .
- # ⁇ where the communication channel itself and the disk itself are encrypted, only a few books need to be kept secret, and most of them are kept secret.
- the power that might need to be done might be. Or, it may contain only things you don't need to keep secret.
- the purpose of encrypting the necessary and confidential information is not to prevent leakage.
- the power that needs to be kept secret is a matter of information quality.
- the answer to be answered by ⁇ is a variant of 3 ⁇ 4 ⁇ ⁇ ⁇ ⁇ ⁇ 3 ⁇ 4 ⁇ 3 ⁇ 4 ⁇ 3 ⁇ 4 ⁇ 3 ⁇ 4 ⁇ 3 ⁇ 4 ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ 3 ⁇ 4 ⁇ 3 ⁇ 4 ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ . It is not possible to aim at it. As mentioned in the text, this is an ingenuity incorporated into the basic philosophy to increase flexibility.
- Authentication means that the user is the user of the contact. For example, if you have the right to log in to the system, you will have access to the Huai Nole system.
- the password belongs to what is called authentication by knowledge, and if the password corresponding to the user ID is known, the user is judged to be a legitimate user based on the fact that! / Things. In other words, the purpose is to correctly identify the person.
- the password is usually used for the individual shelf IJ together with the individual shelf IJ name. In other words, both the authentication and the password were conceived based on the individual (shelf-based).
- one-time such as password or S / KEY encrypted by challenge / response format
- the password is also included in the password.
- the password of the DNS which is used for updating, includes TSIG (RFC2845) for convenience. This is because T (4100) and D (1000) share a secret key, so it is safe to assume that it is in accordance with the recognition and proof of knowledge.
- the term host includes not only difficulties but also gateways.
- gateway of the application gateway is used as a gateway
- routers, application gateways, protocol changes, and the like that constitute an IP-like network boundary are collectively referred to.
- a customer network is a network managed by the owner of T (4100) and not a public network.
- the certain range can substitute a specific function.
- This also includes 3 ⁇ 4 ⁇ , which forms a higher-level function by grouping independent functions.
- FIG. 01 is a diagram showing dial-up in a customer network.
- FIG. 02 is a diagram showing address assignment in the customer network.
- FIG. 03 is a diagram showing DNS update in a customer network.
- FIG. 04 is a diagram showing a normal state in the customer network.
- FIG. 05 is a diagram showing occurrence of line disconnection in a customer network.
- FIG. 06 is a diagram showing the S connection in the customer network.
- FIG. 07 is a diagram showing address assignment (re) in the customer network or customer network.
- FIG. 9 is a diagram showing DNS update (re).
- FIG. 09 is a diagram showing a state in which hosts appear to be switched in a customer network.
- Figure 10 is a diagram showing the DNS that is referenced in each network.
- FIG. 11 is a diagram showing misidentification in a ⁇ or customer network.
- FIG. 12 is a diagram showing a normal state (convergence) in the customer network.
- FIG. 13 is a diagram showing a state where the line is disconnected (different pattern after FIG. 06) on the customer network.
- FIG. 14 is a diagram showing erroneous recognition of the age of the line being disconnected or maintenance by the second maintenance route in the customer network.
- FIG. 15 is a diagram showing the correspondence status between (1) and (D).
- Fig. 16 is a diagram showing the DNS search order when caching is enabled when a forward query is performed on (1).
- FIG. 17 is a diagram showing the DNS search order when the cache is not valid at the age of forward name query ⁇ in ⁇ .
- FIG. 18 is a diagram showing cache lifetime.
- FIG. 19 is a diagram showing convergence 1 (measurement program) of cache lifetime.
- FIG. 20 is a diagram showing convergence 2 (measurement result 1) of cache lifetime.
- FIG. 21 is a diagram showing convergence 4 (continuation of measurement result 2) of cache lifetime.
- FIG. 22 is a diagram showing a communication model.
- FIG. 23 is a flowchart showing a means for determining the problem 3 ⁇ 4f ⁇ .
- FIG. 24 is a flowchart showing the means 2 for making a decision (S204: optional processing).
- FIG. 25 is a diagram showing a normal output example of a DIG command.
- FIG. 26 is a diagram showing an example of DIG command error output (DNS server failed).
- FIG. 27 is a diagram illustrating an example of a DIG command error output (T does not work: ⁇ ).
- FIG. 28 is a diagram showing an example of normal SNMP output (when T is correct and reachability).
- Fig. 29 is a diagram showing an example of SNMP error output (host is wrong! /,).
- FIG. 31 is a diagram showing an example of an SNMP error output (incorrect object ID specification: ⁇ ).
- FIG. 32 is a diagram showing a changed part of a setting file for setting version information in BIND.
- FIG. 33 is a diagram showing a normal output example of a DIG command.
- FIG. 34 is a diagram showing a DIG command error output example (when T does not exist).
- Fig. 36 is a diagram showing an example of the first message when connecting to the SMTP server (SENDMAIL).
- FIG. 37 is a diagram showing a connection form in the customer network of FIG. 37T.
- Figure 38 is a diagram showing the positional relationship between each host and the network.
- FIG. 39 is a diagram showing a difference in operation between the present invention and a so-called ping 3 ⁇ 4.
- FIG. 40 is a diagram showing a DNS update script sal.
- FIG. 41 is a diagram showing the stir effect in the client 'server' model.
- DNS is not a representative example. It does not refer only to the power DNS. 3 ⁇ 4 ⁇ written as DNS indicates DNS only, but DNS There is a ⁇ that advertises the mapping of HA: B.
- S- l is 0 originating management server. Together with S-2 (5300), it is abstracted into the concept of S, the source. In this case, the source is to try to obtain the correctness of reachability to T.
- Provider P is a user (or host) who is assigned an address and is a user who does not manage ⁇ . A host that may be mistaken as an administrator at the point of the possibility that an address may be assigned after the address has been assigned.
- Provider P is a provider.
- the provider other than the connection destination of the pipe ⁇ ⁇ ⁇ . In other words, it is a provider to which the Internet Win II user (5300) connects. This concept is valid only if the provider is connected to the Internet or if the provider is interconnected with other networks.
- 5300 S—2 5300. It is a source that is a general user.
- Management server DNS administrator and administrator of the service a. Viewers are one ⁇ ⁇ users).
- a provider that dynamically assigns addresses to the sculpture is connected to the Internet and the provider II-2 is connected to the Internet and has the ability to connect to the Internet.
- Provider ⁇ and Provider ⁇ -2 are interconnected. Only one wins.
- the mind of the IJ user (5300) is established on provider ⁇ -2 (as viewed from the tube). In other words, Provider I-2 only needs to be another network reached by routing (from the perspective of Provider I). This is the node that starts communication in response to a rise in the price.
Abstract
Description
Claims
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2004562903A JP4417850B2 (ja) | 2002-12-24 | 2003-12-24 | 静的な識別子と動的な住所が関連付けられることによってホスト到達性が得られる網にあって、到達性を確認するための通信モデル、信号、方法および装置 |
CN200380109971XA CN1754351B (zh) | 2002-12-24 | 2003-12-24 | 用于证实可达性的通信系统和通信节点 |
US10/540,633 US7831697B2 (en) | 2002-12-24 | 2003-12-24 | Mapping notification system for relating static identifier to dynamic address |
AU2003296079A AU2003296079A1 (en) | 2002-12-24 | 2003-12-24 | Communication model, signal, method, and device for confirming reachability in network where host reachability is accomplished by relating static identifier to dynamic address |
EP03786261A EP1578068A4 (en) | 2002-12-24 | 2003-12-24 | A COMMUNICATION MODEL, SIGNAL, METHOD AND DEVICE FOR CONFIRMING THE ACCESSIBILITY OF A NETWORK WHICH HOST ACCESSIBILITY IS OBTAINED BY RELATIONSHIP OF A STATIC RECOGNITION WITH DYNAMIC ADDRESSES |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2002-371448 | 2002-12-24 | ||
JP2002371448A JP3577067B2 (ja) | 2002-12-24 | 2002-12-24 | 動的ipアドレス割当てを受けた機器を管理する方法およびシステム |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2004059925A1 true WO2004059925A1 (ja) | 2004-07-15 |
Family
ID=32677197
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2003/016538 WO2004059925A1 (ja) | 2002-12-24 | 2003-12-24 | 静的な識別子と動的な住所が関連付けられることによってホスト到達性が得られる網にあって、到達性を確認するための通信モデル、信号、方法および装置 |
Country Status (7)
Country | Link |
---|---|
US (1) | US7831697B2 (ja) |
EP (1) | EP1578068A4 (ja) |
JP (2) | JP3577067B2 (ja) |
KR (2) | KR100838911B1 (ja) |
CN (1) | CN1754351B (ja) |
AU (1) | AU2003296079A1 (ja) |
WO (1) | WO2004059925A1 (ja) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2005125101A1 (en) * | 2004-06-16 | 2005-12-29 | Nokia Corporation | Global community naming authority |
JP2011109688A (ja) * | 2005-10-24 | 2011-06-02 | Hajime Fukushima | 通信ノード |
CN104427009A (zh) * | 2013-08-30 | 2015-03-18 | 鸿富锦精密工业(深圳)有限公司 | 主机动态ip地址管理系统及方法 |
TWI738253B (zh) * | 2020-03-18 | 2021-09-01 | 華南商業銀行股份有限公司 | 網域名稱系統服務之客戶端連線方法 |
Families Citing this family (59)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7761570B1 (en) | 2003-06-26 | 2010-07-20 | Nominum, Inc. | Extensible domain name service |
US7769826B2 (en) | 2003-06-26 | 2010-08-03 | Nominum, Inc. | Systems and methods of providing DNS services using separate answer and referral caches |
FI20031339A0 (fi) * | 2003-09-18 | 2003-09-18 | Nokia Corp | Menetelmä ja laite tiedon osoittamiseksi langattomassa verkossa |
US20050251684A1 (en) * | 2004-02-02 | 2005-11-10 | Hitachi, Ltd. | Storage control system and storage control method |
JP2005303914A (ja) * | 2004-04-15 | 2005-10-27 | Murata Mach Ltd | 通信装置及びプログラム |
US7865617B1 (en) * | 2004-06-10 | 2011-01-04 | Infoblox Inc. | Maintaining consistency in a database |
US7877476B2 (en) * | 2004-06-25 | 2011-01-25 | Hajime Fukushima | Communication model, counter sign signal, method, and device |
JP4598462B2 (ja) * | 2004-09-16 | 2010-12-15 | 富士通株式会社 | L2−vpnサービスを提供するプロバイダ網、及びエッジルータ |
US8261341B2 (en) * | 2005-01-27 | 2012-09-04 | Nokia Corporation | UPnP VPN gateway configuration service |
JP4285420B2 (ja) * | 2005-02-22 | 2009-06-24 | 株式会社日立製作所 | センサネット管理システム |
JP4151661B2 (ja) * | 2005-02-28 | 2008-09-17 | 村田機械株式会社 | 通信装置及びプログラム |
JP2008541632A (ja) * | 2005-05-18 | 2008-11-20 | ナインティー9.コム ピーティーワイ リミテッド | 動的アドレスマッピング |
US7619989B2 (en) * | 2005-08-26 | 2009-11-17 | Alcatel Lucent | Routing configuration validation apparatus and methods |
US7843911B2 (en) * | 2005-11-15 | 2010-11-30 | Nominum, Inc. | Data grouping approach to telephone number management in domain name systems |
US20070110049A1 (en) * | 2005-11-15 | 2007-05-17 | Nominum, Inc. | Data compression approach to telephone number management in domain name systems |
US20070110051A1 (en) * | 2005-11-15 | 2007-05-17 | Nominum, Inc. | Numeric approach to telephone number management in domain name systems |
KR100671484B1 (ko) | 2006-04-05 | 2007-01-19 | (주)동국일렉콘스 | 유동아이피 환경의 인터넷상에서 원격감시제어 시스템용네트워크 관리장비 또는 네트워크 관리모듈 및 이를 이용한통신방법 |
US8713188B2 (en) * | 2007-12-13 | 2014-04-29 | Opendns, Inc. | Per-request control of DNS behavior |
US8606926B2 (en) | 2006-06-14 | 2013-12-10 | Opendns, Inc. | Recursive DNS nameserver |
US7706278B2 (en) * | 2007-01-24 | 2010-04-27 | Cisco Technology, Inc. | Triggering flow analysis at intermediary devices |
US7694016B2 (en) * | 2007-02-07 | 2010-04-06 | Nominum, Inc. | Composite DNS zones |
JP4988915B2 (ja) * | 2007-03-29 | 2012-08-01 | テレフオンアクチーボラゲット エル エム エリクソン(パブル) | アドレス解決データベース |
US8311042B2 (en) * | 2007-06-15 | 2012-11-13 | Mformation | System and method for automatic detection and reporting of the mapping between device identity and network address in wireless networks |
WO2009102323A1 (en) * | 2008-02-12 | 2009-08-20 | Hewlett-Packard Development Company, L.P. | Color detector |
JP4734356B2 (ja) * | 2008-02-22 | 2011-07-27 | 株式会社沖データ | 印刷装置および印刷システム |
US7860982B2 (en) * | 2008-03-14 | 2010-12-28 | Microsoft Corporation | Internet connectivity verification |
US8724486B2 (en) * | 2008-05-02 | 2014-05-13 | Pine Valley Investments, Inc. | System and method for heartbeat signal generation |
FR2932044B1 (fr) * | 2008-06-02 | 2010-08-20 | Sagem Comm | Procede et dispositif d'attribution d'adresses mac dans un reseau de communication sur courants porteurs |
US9122533B2 (en) * | 2009-03-13 | 2015-09-01 | Novell, Inc. | System and method for reducing cloud IP address utilization using a distributor registry |
US8386603B2 (en) * | 2008-09-11 | 2013-02-26 | Panasonic Corporation | Information processing terminal device and network connection method |
US8676989B2 (en) | 2009-04-23 | 2014-03-18 | Opendns, Inc. | Robust domain name resolution |
US9501329B2 (en) * | 2009-05-08 | 2016-11-22 | Rackspace Us, Inc. | Methods and systems for cloud computing management |
US8762518B2 (en) * | 2009-07-10 | 2014-06-24 | Telcordia Technologies, Inc. | Program and method for adaptively maintaining a local peer group in a dynamic environment |
JP5531517B2 (ja) * | 2009-09-04 | 2014-06-25 | ヤマハ株式会社 | 通信装置および通信方法 |
US8296403B2 (en) * | 2009-10-23 | 2012-10-23 | Novell, Inc. | Network address allocation using a user identity |
US8356346B2 (en) | 2010-01-30 | 2013-01-15 | Fatpipe, Inc. | VPN secure sessions with dynamic IP addresses |
JP4802295B1 (ja) * | 2010-08-31 | 2011-10-26 | 株式会社スプリングソフト | ネットワークシステム及び仮想プライベート接続形成方法 |
EP2645261B1 (en) * | 2010-11-26 | 2018-09-26 | Fujitsu Limited | Management apparatus, management system, management method and set of an application source program, a first program and a second program |
JPWO2012086571A1 (ja) * | 2010-12-22 | 2014-05-22 | 日本電気株式会社 | 通信装置、通信装置の設定方法及びプログラム |
WO2012094602A1 (en) * | 2011-01-07 | 2012-07-12 | Interdigital Patent Holdings, Inc. | Client and server group sso with local openid |
US9515986B2 (en) * | 2011-05-05 | 2016-12-06 | Telefonaktiebolaget Lm Ericsson (Publ) | Methods providing public reachability and related systems and devices |
JP5760736B2 (ja) | 2011-06-22 | 2015-08-12 | 富士通株式会社 | 通信装置 |
JP5617108B2 (ja) * | 2011-07-14 | 2014-11-05 | 岩▲崎▼ 哲夫 | 静的nat形成装置、リバースプロキシサーバ及び仮想接続制御装置 |
JP5644710B2 (ja) * | 2011-07-26 | 2014-12-24 | 株式会社Pfu | ノード検出装置、ノード検出方法、及びプログラム |
JP2013012225A (ja) * | 2012-08-30 | 2013-01-17 | Hitachi Ltd | 名称特定プログラム、構成管理サーバおよび情報処理システム |
CN105340247B (zh) * | 2013-04-09 | 2020-10-16 | 罗伯特·博世有限公司 | 用于计算机网络中网络容变服务发现的方法 |
US9380019B2 (en) * | 2013-08-26 | 2016-06-28 | Verisign, Inc. | Command performance monitoring |
US20150073998A1 (en) * | 2013-09-09 | 2015-03-12 | Apple Inc. | Use of a Biometric Image in Online Commerce |
US9584367B2 (en) * | 2013-11-05 | 2017-02-28 | Solarwinds Worldwide, Llc | Node de-duplication in a network monitoring system |
US9851999B2 (en) | 2015-07-30 | 2017-12-26 | At&T Intellectual Property I, L.P. | Methods, systems, and computer readable storage devices for handling virtualization of a physical telephone number mapping service |
US10277736B2 (en) | 2015-07-30 | 2019-04-30 | At&T Intellectual Property I, L.P. | Methods, systems, and computer readable storage devices for determining whether to handle a request for communication services by a physical telephone number mapping service or a virtual telephone number mapping service |
US9866521B2 (en) | 2015-07-30 | 2018-01-09 | At&T Intellectual Property L.L.P. | Methods, systems, and computer readable storage devices for determining whether to forward requests from a physical telephone number mapping service server to a virtual telephone number mapping service server |
US9888127B2 (en) | 2015-07-30 | 2018-02-06 | At&T Intellectual Property I, L.P. | Methods, systems, and computer readable storage devices for adjusting the use of virtual resources providing communication services based on load |
EP3148239A1 (en) * | 2015-09-23 | 2017-03-29 | Technische Universität Dresden | Method for managing available communication resource in a communication network via node-to-node resource-trading and node for a communication network |
US10582002B2 (en) * | 2016-12-09 | 2020-03-03 | Arris Enterprises Llc | Cache proxy for a network management information base |
US20190081924A1 (en) * | 2017-09-11 | 2019-03-14 | Linkedin Corporation | Discovering address mobility events using dynamic domain name services |
JP7440747B2 (ja) * | 2020-01-27 | 2024-02-29 | 富士通株式会社 | 情報処理装置、情報処理システムおよびネットワーク疎通確認方法 |
CN114629881A (zh) * | 2020-12-14 | 2022-06-14 | 中兴通讯股份有限公司 | 一种sip网元多地址学习方法及装置、信令监测系统 |
CN113596159B (zh) * | 2021-07-30 | 2023-10-13 | 北京南凯自动化系统工程有限公司 | 基于k8s云容器平台的集群通信方法及装置 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH11122283A (ja) * | 1997-10-15 | 1999-04-30 | Toshiba Corp | ネットワーク管理システム |
JP2002135301A (ja) * | 2000-10-23 | 2002-05-10 | Nippon Telegr & Teleph Corp <Ntt> | Ipアドレス情報通知方法及びipアドレス情報通知装置並びにこのプログラムを格納した記憶媒体 |
JP2002318737A (ja) * | 2001-04-23 | 2002-10-31 | Index:Kk | 管理サーバ |
Family Cites Families (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH02239743A (ja) * | 1989-03-13 | 1990-09-21 | Nec Corp | データ伝送システム |
JPH07200502A (ja) | 1993-12-28 | 1995-08-04 | Omron Corp | トランザクション処理システムにおける二重化装置 |
JPH10336177A (ja) * | 1997-06-02 | 1998-12-18 | Nec Corp | 通信ネットワークにおけるヘルスチェック方式 |
US5974453A (en) * | 1997-10-08 | 1999-10-26 | Intel Corporation | Method and apparatus for translating a static identifier including a telephone number into a dynamically assigned network address |
US8516055B2 (en) * | 1998-05-29 | 2013-08-20 | Research In Motion Limited | System and method for pushing information from a host system to a mobile data communication device in a wireless data network |
US6614774B1 (en) * | 1998-12-04 | 2003-09-02 | Lucent Technologies Inc. | Method and system for providing wireless mobile server and peer-to-peer services with dynamic DNS update |
US6621798B1 (en) * | 1999-04-21 | 2003-09-16 | Lucent Technologies Inc. | Method to sequence changes for IP network configuration |
WO2000078001A2 (en) * | 1999-06-11 | 2000-12-21 | Microsoft Corporation | General api for remote control of devices |
US7069320B1 (en) * | 1999-10-04 | 2006-06-27 | International Business Machines Corporation | Reconfiguring a network by utilizing a predetermined length quiescent state |
KR20020013051A (ko) * | 2000-08-10 | 2002-02-20 | 유길종 | 네트워크 시스템에서의 메일 주소 확인 방법 |
JP2002281032A (ja) | 2001-03-16 | 2002-09-27 | Toshiba Corp | 監視対象切替プログラム、方法及び監視システム |
US7359987B2 (en) * | 2001-07-05 | 2008-04-15 | Enom, Inc. | Method and system for providing static addresses for Internet connected devices even if the underlying address is dynamic |
US7613811B1 (en) * | 2001-09-17 | 2009-11-03 | Cisco Technology, Inc. | Selecting a communications protocol |
US20030103482A1 (en) * | 2001-12-04 | 2003-06-05 | Van Bosch James A. | Method of enabling communication with a wireless communication device |
US7260645B2 (en) * | 2002-04-26 | 2007-08-21 | Proficient Networks, Inc. | Methods, apparatuses and systems facilitating determination of network path metrics |
-
2002
- 2002-12-24 JP JP2002371448A patent/JP3577067B2/ja not_active Expired - Fee Related
-
2003
- 2003-12-24 JP JP2004562903A patent/JP4417850B2/ja not_active Expired - Fee Related
- 2003-12-24 WO PCT/JP2003/016538 patent/WO2004059925A1/ja active Application Filing
- 2003-12-24 AU AU2003296079A patent/AU2003296079A1/en not_active Abandoned
- 2003-12-24 KR KR20057011757A patent/KR100838911B1/ko not_active IP Right Cessation
- 2003-12-24 CN CN200380109971XA patent/CN1754351B/zh not_active Expired - Fee Related
- 2003-12-24 US US10/540,633 patent/US7831697B2/en not_active Expired - Fee Related
- 2003-12-24 EP EP03786261A patent/EP1578068A4/en not_active Withdrawn
- 2003-12-24 KR KR1020087007408A patent/KR20080040784A/ko not_active Application Discontinuation
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH11122283A (ja) * | 1997-10-15 | 1999-04-30 | Toshiba Corp | ネットワーク管理システム |
JP2002135301A (ja) * | 2000-10-23 | 2002-05-10 | Nippon Telegr & Teleph Corp <Ntt> | Ipアドレス情報通知方法及びipアドレス情報通知装置並びにこのプログラムを格納した記憶媒体 |
JP2002318737A (ja) * | 2001-04-23 | 2002-10-31 | Index:Kk | 管理サーバ |
Non-Patent Citations (1)
Title |
---|
TAGO T: "Ima kara demo maniau UNIX & linux nyumon dai 5 kai network no settei (Sono 2)", DB MAGAZINE, vol. 11, no. 11, 1 January 2002 (2002-01-01), pages 168 - 174, XP002980194 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2005125101A1 (en) * | 2004-06-16 | 2005-12-29 | Nokia Corporation | Global community naming authority |
JP2011109688A (ja) * | 2005-10-24 | 2011-06-02 | Hajime Fukushima | 通信ノード |
CN104427009A (zh) * | 2013-08-30 | 2015-03-18 | 鸿富锦精密工业(深圳)有限公司 | 主机动态ip地址管理系统及方法 |
TWI738253B (zh) * | 2020-03-18 | 2021-09-01 | 華南商業銀行股份有限公司 | 網域名稱系統服務之客戶端連線方法 |
Also Published As
Publication number | Publication date |
---|---|
US20060101026A1 (en) | 2006-05-11 |
CN1754351B (zh) | 2010-04-28 |
US7831697B2 (en) | 2010-11-09 |
JP3577067B2 (ja) | 2004-10-13 |
JP2004266305A (ja) | 2004-09-24 |
KR20080040784A (ko) | 2008-05-08 |
AU2003296079A1 (en) | 2004-07-22 |
EP1578068A1 (en) | 2005-09-21 |
KR100838911B1 (ko) | 2008-06-16 |
CN1754351A (zh) | 2006-03-29 |
JPWO2004059925A1 (ja) | 2006-05-11 |
KR20050084465A (ko) | 2005-08-26 |
JP4417850B2 (ja) | 2010-02-17 |
EP1578068A4 (en) | 2006-09-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2004059925A1 (ja) | 静的な識別子と動的な住所が関連付けられることによってホスト到達性が得られる網にあって、到達性を確認するための通信モデル、信号、方法および装置 | |
US8559448B2 (en) | Method and apparatus for communication of data packets between local networks | |
AU2009304186B2 (en) | NAT traversal method and apparatus | |
JP3848198B2 (ja) | ネームサーバ、ネットワーク・システム、逆引き要求処理方法、正引き要求処理方法及び通信制御方法 | |
Baker et al. | Internet protocols for the smart grid | |
CN101911652B (zh) | 增强enum安全性 | |
EP1848150B1 (en) | Method and apparatus for hiding network topology | |
CN109076082A (zh) | 面向身份的网络和协议中的匿名身份 | |
Yan et al. | Is DNS ready for ubiquitous Internet of Things? | |
Alani et al. | Tcp/ip model | |
FI120927B (fi) | Autentikointi- ja salausprotokolla langattomassa viestintäjärjestelmässä | |
JP4420057B2 (ja) | 通信方法、情報処理システム及び情報処理装置 | |
JP2004200822A (ja) | 通信方法および情報処理装置 | |
KR100838912B1 (ko) | 정적인 식별자와 동적인 주소가 관련되어지는 것에 의해호스트 도달성을 얻을 수 있는 망에 있어서, 도달성을확인하기 위한 통신 모델, 신호, 방법 및 장치 | |
Kak | Lecture 17: DNS and the DNS Cache Poisoning Attack | |
Abegaz | DNS Services, alternative ways of using DNS infrastructures | |
SCHEERDER et al. | SHAPING DNS SECURITY WITH CURVES | |
Hunek | NAT64/DNS64 in the Networks with DNSSEC | |
JP2006197360A (ja) | アクセス制御システム、アクセス制御方法、およびアクセス制御プログラム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): BW GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2004562903 Country of ref document: JP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 535/MUMNP/2005 Country of ref document: IN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2003786261 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1020057011757 Country of ref document: KR |
|
ENP | Entry into the national phase |
Ref document number: 2006101026 Country of ref document: US Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 10540633 Country of ref document: US |
|
WWE | Wipo information: entry into national phase |
Ref document number: 20038A9971X Country of ref document: CN |
|
WWP | Wipo information: published in national office |
Ref document number: 1020057011757 Country of ref document: KR |
|
WWP | Wipo information: published in national office |
Ref document number: 2003786261 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 10540633 Country of ref document: US |