WO2008153193A1 - アドレス変換装置及びアドレス変換方法 - Google Patents
アドレス変換装置及びアドレス変換方法 Download PDFInfo
- Publication number
- WO2008153193A1 WO2008153193A1 PCT/JP2008/061078 JP2008061078W WO2008153193A1 WO 2008153193 A1 WO2008153193 A1 WO 2008153193A1 JP 2008061078 W JP2008061078 W JP 2008061078W WO 2008153193 A1 WO2008153193 A1 WO 2008153193A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- port
- session
- address
- network
- outgoing
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2517—Translation of Internet protocol [IP] addresses using port numbers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/255—Maintenance or indexing of mapping tables
Definitions
- the present invention relates to a packet switching network communication device such as a gateway device, and more particularly to an address translation device, an address translation system, a control method thereof, and a control program for interconnecting networks having different address spaces.
- a network constructed using such a private address space is referred to as a private network.
- Fig. 15 is an explanatory diagram showing a configuration example of interconnection between private and global networks.
- the transport relay based on NAT (Network Address Translator) and NAP T (Network Address and Port Translator) N SOCKS (RFC1928) is used to connect the private network and the global network.
- Address translation such as ALG (Application Level Gateway) such as HTTP proxy server is used.
- ALG Application Level Gateway
- HTTP proxy server devices that perform address conversion in order to interconnect networks having different address spaces are collectively referred to as address conversion devices.
- the port numbers of the major transport layer protocols are 16-bit data, approximately 65,000.
- TCP major transport layer protocol
- UDP User Datagram Protocol
- SCTP SCTP
- DCCP DCCP
- port numbers are assigned as follows in NAPT and ALG.
- the allocation method differs depending on the direction of communication.
- the allocation is divided into “transmission” that establishes a connection by specifying the partner and “waiting” that accepts a connection from an unspecified partner to its specific port.
- the connection partner of such a connection is usually identified by the pair of the address and port number of the opposite node.
- the connection destination identified by the pair of address and port number is called the end point of the connection.
- the standby Since the standby accepts connections from unspecified connection sources, it occupies port numbers for all opposing endpoints (see Figure 17). In FIG. 17, for example, it is shown that the port 80 for standby from the global network is occupied by the host node 2-1 in the private network. On the other hand, for outgoing calls, it is only necessary to assign a port number to the endpoint of a specific connection destination, and other connections can use the same port number for different endpoints (see Figure 18). For example, in Figure 18 Port 49153 for outgoing calls from the host network is a host node 2-1, 1, 2-2, 2— in the private network that communicates with different global network host nodes 1 1, 2, 1—3, 1—4. 3 shows that it is shared. For this reason, standby generally uses more port number resources than outgoing calls.
- the standby port has a role to transfer connections from unspecified opposite end points.
- the outgoing port has a role of assigning a specific port number and transferring it to the global network side for outgoing calls from the end points of unspecified hosts in the private network. Therefore, the port allocation method is the same as that described above.
- the port of the address converter may be used up for standby. If the address conversion device port is used up for standby, calls from the private network cannot be made.
- Patent Document 1 describes information about ports that a NAS server prepares for protocol packet transmission / reception by a stream server device installed in a LAN. It describes that an address management table containing real port information (a distinction between static and dynamic ports and available port numbers) is maintained.
- Patent Document 2 also states that in order to make it possible to efficiently obtain a standby port number, the standby port number is set using identification information uniquely assigned to the device and a common function, and It describes that one common function is acquired from a plurality of common functions at fixed time intervals and the standby port number is reset.
- Patent Document 1 Japanese Patent Application Laid-Open No. 2004-259225 (paragraphs 01 1 5-01 25, FIG. 9)
- Patent Document 2 JP 2006-319384 A (paragraphs 001 1, 0017) Disclosure of the invention Problems to be solved by the invention
- Patent Document 2 states that the port number is reset every fixed time, but the purpose is to eliminate the need for a port number introduction server and improve security while improving security. The purpose is to obtain a port number, but it is not considered to efficiently use finite port resources in the address conversion device. In other words, the port number assigned to each node only changes over time, and there is no change in that a standby port number is always assigned to each node. It is not necessarily illustrated.
- the present invention provides an address that allows more efficient use of port resources, which are finite global address resources allocated to an address conversion device, even when connected to a large-scale private network.
- the purpose is to provide a conversion device.
- An address conversion device is an address conversion device for interconnecting a private network and a global network located at a boundary between a private network and a global network having different address spaces.
- a port allocation rule storage unit for storing port allocation rules indicating port allocations 1 on a global address that can be allocated by the address conversion device for outgoing calls from a private network and standbys from a global network;
- a session that stores a session-port assignment table in which information indicating an existing session is associated with information indicating a port resource on a global address assigned to a session endpoint on the private network side of the session.
- the control method according to the present invention is a method for controlling an apparatus for interconnecting a private network and a global network at the boundary between a private network and a global network having different address spaces.
- Port resources on possible global addresses are managed separately for outgoing calls from the private network and standbys from the global network.
- Information indicating existing sessions and the private network side of the session It manages the information indicating the port resources on the global address assigned to the session endpoint, and converts the address information of the received bucket according to the correspondence between the existing session and the port resources.
- the existing session and the port resource It is characterized by changing the port assignment rule while maintaining the correspondence.
- the control program according to the present invention is a private program having different address spaces.
- This is a program for controlling a device that interconnects a private network and a global network at the boundary between a private network and a global network, and is a port on the global address that can be assigned as a port allocation rule.
- Resources are managed separately for sending from the private network and waiting for the global network, and information indicating the existing session is allocated to the session end point on the private network side of the session. Converts the address information of the bucket received according to the correspondence between the existing session and the port resource to a computer that manages the information indicating the port resources on the global address in association with each other.
- the port resource which is a finite global address resource allocated to the address conversion device.
- FIG. 1 is a block diagram showing a configuration example of the address conversion device in the first embodiment.
- FIG. 2 is a block diagram showing a specific configuration example of the address translation device 1 in the first embodiment.
- FIG. 3 is a flowchart showing an operation example of the address conversion device 1 in the first embodiment.
- FIG. 4 is a flowchart showing an operation example of the session entry deletion process in the address conversion device 1 of the first embodiment.
- FIG. 5 is a flowchart showing an operation example of the outgoing call waiting port assignment changing process performed by the assignment rule updating unit 12.
- FIG. 6 is an explanatory diagram showing an example of an allocation distribution table.
- FIG. 7 is a block diagram showing a configuration example of the address conversion device 1 in the second embodiment.
- FIG. 8 is a flowchart showing an operation example of the address conversion process in the address conversion device 1 of the second embodiment.
- FIG. 9 is a block diagram showing a configuration example of the address conversion device 1 in the third embodiment.
- FIG. 10 is a flowchart showing an operation example of address conversion processing in the address conversion device 1 of the third embodiment.
- FIG. 11 is a flowchart showing an operation example of the session entry deletion process in the address conversion device 1 of the third embodiment.
- Fig. 12 is an explanatory diagram showing an example of the configuration of an address translation system that automatically adjusts the port usage allocation ratio.
- FIG. 13 is an explanatory diagram showing a configuration example of an address translation system including a plurality of address translation devices.
- Fig. 14 is an explanatory diagram showing an example of the global network, which is a feature of the initial Internet configuration.
- FIG. 15 is an explanatory diagram showing an example of interconnection, which is a feature of the recent Internet configuration.
- Figure 16 is an explanatory diagram showing changes in the future Internet configuration.
- FIG. 17 is an explanatory diagram showing an example of how to use the port number (for standby) in the address translation device.
- FIG. 18 is an explanatory diagram showing an example of how to use the port number (for outgoing call) in the address translation device.
- FIG. 1 is a block diagram illustrating a configuration example of an address conversion device according to the present embodiment.
- the address conversion device 1 in this embodiment is a global network 1 0 W
- Session-port assignment table 21 shows the session to which the port is currently assigned and the oral endpoint of the address converter 1 (the global address assigned by the address converter 1 to the session endpoint on the private network side of the session).
- the upper endpoint which here refers to the port resource).
- the port allocation rule 2 2 includes at least information indicating the port usage (standby power transmission power) of the port that can be allocated by the address translation device 1.
- the address conversion unit 1 1 converts the address information of the received packet according to the correspondence between the existing session and the port resource shown in the session-port assignment table 21. On the other hand, ports are allocated according to the port usage shown in port allocation rule 2 2. Allocation rule updating unit 1 2 changes the port usage ratio according to a predetermined procedure.
- the address conversion unit 11 and the allocation rule update unit 12 are specifically realized by an information processing device that operates according to a program such as a CPU provided in the address conversion device 1.
- the session-port allocation table 21 and the port allocation rule 2 2 are realized by allocating a predetermined area to the storage device included in the address conversion device 1. ., '
- the allocation rule update unit 1 2 changes the port usage allocation ratio based on the estimated amount of transmission per unit time, such as for each time zone or day of the week, without affecting the operation. . Specifically, the ratio of port usage in port allocation rule 22 is changed while maintaining the correspondence between existing sessions and port resources in session-port allocation table 21.
- FIG. 2 is a block diagram showing a specific configuration example of the address conversion device 1 in the present embodiment.
- the global network side network interface hereafter Below, it is called the GRANOPORE network side network I / F. 3 1, private network side network interface (hereinafter referred to as private network side network I / F) 3 2, address translation unit 1 1, allocation rule update unit 1 2, session-one port allocation table 2 1 and port allocation rule 2 2 are provided.
- the address conversion unit 1 1 includes a session search unit 1 1 1, a bucket conversion unit 1 1 2, a standby control unit 1 1 3, a transmission control unit 1 1 4, and a session monitoring timer unit 1 1 5.
- the port assignment rule 2 2 includes a private endpoint assignment table 2 2 1 and an outgoing port assignment rule 2 2 2.
- the address conversion unit 1 1, the session search unit 1 1 1, the bucket conversion unit 1 1 2, the standby control unit 1 1 3, the transmission control unit 1 1 4, and the session monitoring timer unit 1 1 5 shows an example in the case of being configured.
- port allocation rule 2 2 is composed of private endpoint allocation table 2 2 1 and outgoing port allocation rule 2 2 2.
- Network 1 side network I // F 3 1 and private network side network IZF 3 2 are connected to address translation device 1 s , global network 1 0 0, private network 2 0 0, and send / receive packets Do.
- the global network side network I / F 3 1 and the private network side network I / F 3 2 are shown one by one, but the address translation device 1 has a plurality of interfaces. It ’s good.
- the session search unit 1 1 1 1 selects the session to which the bucket belongs in the session port assignment table 2 1 from the packet that arrived from the network interface of either the global network 1 0 0 or the private network 2 0 0. Identify registered entries.
- the packet conversion unit 1 1 2 rewrites the packet address information and the like based on the entry information registered in the specified session-port allocation table 21 and rewrites the packet for the private network 2 0 0. Performs conversion for the global network 100 or vice versa.
- the outgoing call control unit 1 1 4 is responsible for the session when a bucket arrives from the private network 2 0 0 to the global network 1 0 0 to open a new session. Create an entry in the Session Point Assignment Table 21.
- the standby control unit 1 1 3 creates an entry for the session in the session 1 port allocation table 2 1 .
- Session-to-port assignment table 21 shows the correspondence between the port resource of the address converter 1 and the session in which the address converter 1 relays communication between the global network 1 0 0 and the private network 2 0 0.
- the table may have the following set of values as elements.
- 2 1 a Private network 2 0 0 session end point (private end point) information
- 2 1 b Global network 1 0 0 side session end point (global end point) information
- the end point information is generally a pair of an address and a transport layer port number, but may include additional information as necessary.
- the local end point information 21c of the address translation device 1 includes at least a set of an address assigned to the address translation device 1 in the global network 100 and a port number assigned to the corresponding session. In addition to this, if the endpoint on the private network 200 side of the address conversion device 1 is necessary for relaying a session, such as transport relay, this information may be included.
- the session-to-port allocation table 2 1 shows the practical efficiency with the session endpoint information 2 1 a on the private network 200 side and the session endpoint information 2 1 b on the global network 100 side as keys. It is desirable to be configured so that it can be searched. Specifically, it can be realized by creating a hash table based on the values calculated from both session endpoint information 2 1 a and 2 1 b and preparing a reference to each entry from the hash table.
- Outgoing port assignment rule 2 2 2 contains information for creating an entry element to be registered in session-one port assignment table 2 1 for a new session from the private network 2 0 0 side to the global network 1 0 0 side. Including.
- Outgoing port assignment Rule 2 2 2 includes at least information 2 2 2 a of the local end port number available for outgoing calls.
- Port number information 2 1 3 a that can be used for outgoing calls For example, it may be a value of 491 52 (O xCO 00) to 65535 (O xFFFF) in the range of port numbers assigned for outgoing calls.
- the private endpoint assignment table 22 1 contains information for creating the entry elements recorded in the session-port damage allocation table 21 for a new session from the global network 100 side to the private network 200 side. Including.
- the private endpoint assignment table 221 includes at least the following information.
- the port number information 221a of the local endpoint that can be used for standby shows, for example, the value 1 (0 x 0001) to 49151 (0 xBFFF) as the range of port numbers assigned for standby, of which port 80 Is information indicating forwarding to port 80 of address 10. 0. 0. 50.
- the private endpoint assignment table 221 is configured so that it can be efficiently searched from the port number of the local endpoint.
- the allocation rule updating unit 12 stores the local endpoint port number information 222 a that can be used for outgoing calls included in the outgoing port damage IJ allocation rule 22 2 and the private endpoint allocation table 221.
- the port number information 221a of the local endpoint that can be used for standby included is updated by a predetermined procedure. Note that when the local endpoint port number information 221a available for standby is updated, the forwarding destination private endpoint information 221b for each port number is also updated.
- the session monitoring timer unit 1 15 has a timekeeping function and monitors each entry in the session-one port allocation table 21 to detect the entry for which a timer has been set (started). Delete it. Note that the setting of the timer in the session-one-port allocation table 21 is performed when the bucket conversion unit 112 determines that there is a possibility that the session will be terminated by the bucket when the session of the received bucket is specified. In other words, the session monitoring timer unit 1 1 5 detects the end of the session by measuring the no-communication time after sending and receiving the packet, and deletes the corresponding entry to release the port assignment. T / JP2008 / 061078
- FIG. 3 is a flowchart showing the operation of the address conversion process in the address conversion apparatus 1 in this embodiment.
- step S 1 0 1 when a packet arrives at one of the network interfaces (network I / F 3 1 on the network side, IZF 3 2 on the private network side) (step S 1 0 1), the address
- the session search unit 1 1 1 of the conversion unit 1 1 is a session-one port allocation table in which information about the corresponding session is registered from the combination of the IP address and port number stored in the received bucket ⁇ header. 2 Searches for an entry of 1 (step S 1 0 2).
- the bucket conversion unit 1 1 2 rewrites the packet header (address information) according to the end point information in the entry (Steps S 1 0 3 Y es, S 1 0 4 ). Specifically, if the packet is for a private network 2 0 0, the packet destination address and port number are set to the session endpoint (2 1 a on the private network 2 0 0 side indicated by the entry). ). On the other hand, in the case of a bucket for the global network 100, the source address and port number of the bucket are rewritten to those of the local end point (2 1 c) indicated by the entry. In addition to the above, if the address conversion method requires rewriting the address, further rewriting is performed.
- the destination address information is the end point on the private network 2 0 0 side of the address translation device 1 in the bucket from the private network 2 0 0 to the global network 1 0 0.
- the destination address and port number are rewritten to the address and port number of the corresponding global network 100 end point.
- the packet conversion unit 1 1 2 determines that the session may be terminated by the packet (Yes in step S 1 0 5)
- the packet conversion unit 1 1 2 prepares to delete the entry of the corresponding session.
- the deletion timer is set in the corresponding entry (step S 1 0 6). For example, by setting a timer value that corresponds to the time until the entry is deleted, the deletion timer set informs the session monitoring timer unit 1 15 that the timer is operating and decrements the timer value. You can let it Yes.
- the session search unit 1 1 1 may determine whether there is a possibility that the session will be terminated when the entry is specified.
- step S 1 0 7 the packet after address translation is sent out from an appropriate interface (opposite network interface) (step S 1 0 7).
- step S 1 0 3 if there is no entry corresponding to session-one port allocation table 21, a new session establishment process is performed.
- the session search unit 1 1 1 1 determines the direction of communication, and if it is a packet destined for the global network 1 0 0, outgoing control Have 1 1 4 perform session opening process
- Step S 1 0 8 The outgoing call control unit 1 1 4 assigns one port number (speak port) as a local end point from the range of assignable port numbers according to the outgoing port assignment rule 2 2 2 (step S 1 0 9). For example, it is sufficient to determine one port number as a low-power endpoint from the range of assignable port numbers indicated by outgoing port assignment rule 2 2 2.
- step S1 1 0 If the port number to be used as the local end point can be assigned (Yes of step S1 1 0), the session end point of the private network 2 0 0 side indicated by the information of the low end point and the source address information Information is created by associating the information with the information of the session endpoint on the global network 1 0 0 side indicated by the destination address information, and registered in the session-port allocation table 21 as an entry for the session ( Step S 1 1 1).
- step S 1 1 1 Predetermined processing such as sending a relay impossible error to the sender is performed (step S 1 1 4).
- the session search unit 1 1 1 performs a session opening process to the standby control unit 1 1 3 if the packet is addressed to the private network 2 0 0. (Step S 1 0 8).
- the standby control unit 1 1 3 refers to the private endpoint assignment table 2 2 1 and confirms whether or not a standby port is assigned to the local endpoint indicated by the destination address information of the packet ( Step S 1 1 2). That is, it is confirmed whether or not there is an entry indicating the session end point on the private network 200 side associated with the oral end point indicated by the destination address information of the packet. If it exists (Y es in step S 11 13), the local endpoint information, the global network 100 0 session endpoint information indicated by the source address information, and the destination address information indicated by the destination address information. Information that correlates with the information of the session endpoint on the web network 200 side is created and registered in the session-port allocation table 21 as an entry for the session (step S 1 1 1).
- a session on the private network 2 0 0 side corresponding to the specified local end point is not performed, or for other reasons (such as a packet that does not open a session). If the end point cannot be identified (No in step S 1 1 3), as in the case of outgoing call processing, predetermined processing such as sending a relay impossible error to the sender is performed (step S 1 1 4 ).
- Step S1 0 3 Address conversion processing by the bucket conversion unit 1 1 2, etc., set a deletion timer if necessary, and send the address-converted packet from the appropriate interface (opposite network interface) (Steps S 1 0 4 to S 1 0 7).
- the entry registered in the session-to-port allocation table 21 may be deleted at the end of the session, but the determination at the end of the session depends on the protocol and the address translation method. For example, connectionless protocol such as UDP In the network, there is no information indicating the end of the session in the packet, so the entry in the Session / Port Allocation Table 21 cannot be deleted when the packet passes. In this embodiment, even in such a case, a deletion timer is set (started) every time a packet passes so that the end of the session can be detected. When it detects that it has passed, it deletes the entry.
- FIG. 4 is a flowchart showing an operation example of the session entry deletion process in the address conversion device 1 of the present embodiment.
- the session monitoring timer unit 1 1 5 periodically monitors whether or not a deletion timer is set for each entry in the session-one port allocation table 2 1 (step S 2 0 1). . If there is an entry for which a delete timer is set, the timer process (eg, decrementing the timer value) corresponding to the timer value is performed, and a timeout is detected. If there is an entry for which a timeout has occurred as a result of the timing process, the entry is deleted from the session port assignment table 21 (step S 2 0 3).
- deletion timer for the entry in the session-one port allocation table 21 resets the timer value at that point if the bucket passes in the session indicated by the entry. In this way, session information is maintained while packets are passing at intervals shorter than the timer value of the deletion timer.
- FIG. 5 is a flowchart showing an operation example of the allocation change processing of the outgoing call waiting port performed by the allocation rule updating unit 12.
- the allocation rule update unit 12 executes allocation change processing for the outgoing Z waiting port based on an instruction from the user or a predetermined distribution plan (step S 3 0 1).
- the allocation plan is, for example, that many port resources are allocated for outgoing calls during the daytime and evening when outgoing calls from the private network 200 are frequently performed, and in the early morning when outgoing calls are low, the standby port is assigned.
- a method such as increasing the allocation can be considered.
- the actual ratio to be allocated can be determined by calculating the demand from the stand-by in the past and the usage of each outgoing port. In addition, like this It is also possible that the allocation rule updater 1 2 automatically calculates the ratio for each time period using past data.
- the allocation change instruction or allocation plan includes, for example, a set of port numbers to be used for standby and information for each element of the set (for each port number for standby) as information that becomes an entry in the private endpoint allocation table 2 2 1
- Information indicating the network endpoint (session endpoint on the private network 200 side) may be given.
- an allocation distribution table as shown in FIG. 6 is prepared, and the allocation rule update unit 12 changes the allocation at each specified time according to the table shown in FIG.
- the port number 1 of the local end point is assigned to the private end point 10.1.0.1:80 for the standby end point in the time zone of 0:00:00 to: L: 00: 00 It is shown.
- private end point information is associated with each port number of the local end point as a standby port in each time zone.
- the allocation rule update unit 1 2 updates the entry in the private endpoint allocation table 2 2 1 according to such allocation change instruction or allocation plan. For example, the allocation rule updating unit 1 2 detects the change point between the standby port allocation status and the new standby port allocation instruction shown in the current private endpoint allocation table 2 2 1. . If the change is the addition of a standby port (that is, a change from a trusted port to a standby port) (Yes in step S 3 0 2), the outgoing port assignment rule 2 2 2 As a result, the information indicating that the port to be changed for standby can be assigned is deleted, and the entry of the port associated with the private endpoint to be assigned is added to the private endpoint assignment table 2 2 1 (Step S 3 0 3, 3 0 4).
- the private endpoint assignment table 2 2 1) Delete the entry of the port to be changed for outgoing call, and add information to the port assignment rule for outgoing call 2 2 2 that indicates that the port can be assigned (step S 3 0 5, 3 0 6).
- This embodiment is an example of the address translation device 1 having a charging function. Assuming a situation where port numbers are exhausted, it may be desirable to be able to charge users for fair port resource distribution. When charging for the use of port resources given to the address conversion device 1, it is preferable to consider the difference in port usage (for outgoing or standby) as described above.
- the port number is assigned to be fixedly reserved, so it is only necessary to charge the port user from the start of standby until the end of standby.
- the standby setting is usually set in a predetermined reservation method (for example, a port reservation system). More done. Therefore, charging for the use of the standby port can be done by incorporating charging processing into the reservation processing of the system, and no special mechanism is required for that purpose.
- a predetermined reservation method for example, a port reservation system. More done. Therefore, charging for the use of the standby port can be done by incorporating charging processing into the reservation processing of the system, and no special mechanism is required for that purpose.
- the outgoing port is assigned to be used for a specific global network end point that is the destination when a session is established. Also, the private network side endpoint of the sender is uniquely determined. For these reasons, it is appropriate to charge the outgoing port for each user who can be identified from the source or destination endpoint for each session.
- FIG. 7 is a block diagram showing a configuration example of the address conversion device 1 in the present embodiment.
- the address translation device 1 in this embodiment includes an outgoing billing unit 23 in addition to the address translation device 1 in the first embodiment shown in FIG.
- the outgoing billing unit 23 stores billing information for communication for the global network 100 side.
- the outgoing billing unit 23 is realized by a storage device included in the address translation device 1.
- the outgoing port assignment rule 2 2 2 includes user specifying information for identifying the user for each end point on the private network 2 0 0 side.
- the outgoing call control unit 1 14 is the private network side endpoint information obtained from the header information of the bucket that triggered the session, and the outgoing port.
- the user to be charged is specified based on the user specifying information included in the allocation rule, and charging information is created and stored in the outgoing billing unit 23.
- FIG. 8 is a flowchart showing an operation example of the address translation process in the address translation apparatus 1 of the present embodiment. Note that steps S 1 0 1 to S 1 1 0 and steps S 1 1 1 to S 1 1 4 in FIG. 8 are the same as those in the first embodiment shown in FIG.
- the bucket for establishing a session in the global network direction When the call control unit 1 1 4 generates the entry for the session to which the port number as the local end point is assigned, it stores the charging information for the call in the call charging unit 2 3 (step S 4 0 1).
- the outgoing call control unit 1 1 4 acquires the private network 2 0 0 end point information from the received bucket header, and based on the information, searches the corresponding user identification information from the outgoing port assignment rule. In this way, the user to be charged can be specified.
- the charging information stored in the outgoing billing unit 23 may be information in which a user identifier is associated with the number of outgoing calls, for example. In addition, information such as call time and destination information may be held for each call.
- the port in the address translation device 1 can be charged more according to the actual usage.
- the transmission control unit 1 1 4 stores the charging information including the session information (at least a set of session endpoints) and the start time in the transmission charging unit 23, and the session monitoring timer unit 1 1 5
- the end time is added to the billing information that matches the session information indicated by the entry to be deleted. You may make it register.
- This embodiment is an example of the address translation device 1 having a call waiting queue.
- the port resources can be assigned more efficiently than the standby due to the statistical multiplexing effect.
- the duration of a session related to a single call such as a call for establishing a connection, is short and there are many sessions, and the amount of calls within a short period of time varies greatly. For this reason, even if the average demand is predicted and port resources are secured for transmission, there is a possibility that transmission will exceed that.
- the address translation device 1 can prepare a queue for the outgoing queue and perform sequential control so that the outgoing ports can be assigned fairly. If you do.
- FIG. 9 is a block diagram illustrating a configuration example of the address conversion device 1 in the present embodiment.
- the address translator 1 in this embodiment adds a call waiting queue 24 to the configuration of the address translator 1 in the first embodiment shown in FIG.
- the configuration in which 5 is changed to the session monitoring unit 1 1 6 is adopted.
- Outgoing queue 2 4 is a packet (session establishment packet) to which a port number (that is, a port resource for outgoing calls) that is a local endpoint is not assigned to a packet for establishing a session for the global network 100 side. Is temporarily saved.
- the outgoing call queue 24 has a control unit (not shown) having a function of inspecting the header information of the held bucket and a function of taking out a specific bucket while maintaining the order of holding. Including.
- Session monitoring unit 1 1 6 has a timekeeping function, similar to session monitoring timer unit 1 1 5, and monitors the deletion timer for each entry in session-one port allocation table 2 1 and deletes the entry that has timed out. And has a function of notifying the transmission control unit 1 1 4 of the deleted entry information.
- the transmission control unit 1 1 4 cannot assign a port number as a local end point to the session establishment packet for the global network 100 0 side because there is no space in the transmission port.
- the packet (session establishment packet) is held in the call waiting queue 24.
- the session monitoring unit 1 1 6 notifies the deletion of the entry related to the end of the session, the outgoing call queue 2 2 is released by deleting the entry. Attempt to assign a port.
- the call waiting queue 24 is specifically realized by a storage device included in the address translation device 1 and an information processing device that operates according to a program such as CPU.
- the session monitoring unit 1 16 is specifically realized by an information processing device that operates according to a program such as CPU provided in the address translation device 1.
- the operations according to the present embodiment include packet reception trigger processing and entry deletion trigger processing.
- FIG. 10 is a flowchart showing an operation example of the address conversion process in the address conversion device 1 of the present embodiment. Steps S 1 0 1 to S 1 1 0 and steps S 1 1 1 to S 1 1 4 in FIG. 10 are the same as those in the first embodiment shown in FIG. .
- a port number as a local endpoint is not assigned.
- the transmission control unit 1 1 4 determines whether or not the transmission port has not been assigned because there is no available space (step S 5 0 1). If the cause is other than that there is no free space, the same processing as in the case where the port assignment has failed in the first embodiment is performed (step S 1 14).
- step S 5 0 2 If no port number is assigned as a local end point because there is no available space, the received packet is not discarded but stored in the call waiting queue 24 (step S 5 0 2).
- step S 5 0 2 When a session opening packet not assigned to a port is stored in the outgoing queue 24, the processing for the bucket reception trigger according to this embodiment is completed.
- FIG. 11 is a flowchart showing an operation example of the session entry deletion process in the address conversion device 1 of the present embodiment. Note that steps S 2 0 1 to S 2 0 3 in FIG.
- steps S 2 0 1 to S 2 0 3 are performed by the session monitoring unit 1 16.
- the session monitoring unit 1 1 6 is registered in the session 1 port allocation table 2 1 in the same way as the session monitoring timer unit 1 1 5 in the first embodiment.
- the deletion timer setting status of each entry is monitored, timed as necessary, and deleted if there is a time-out entry (steps S 2 0 1 to S 2 0 3).
- the local endpoint and global endpoint information used by the deleted entry is stored.
- the session monitoring unit 1 1 6 inspects the packets held in the outgoing queue 2 4 in order from the oldest (registration order) (step S 6 0 1), and based on the end point information indicated by the deletion entry It is checked whether there is anything that can be transmitted (step S 6 0 2). Specifically, if the global endpoints indicated by the destination address information match, it is determined that the oral port can be assigned. In this case (Y e s in step S 6 0 2), the processing from step S 1 1 1 in FIG. 10 is executed.
- the local endpoint used in the deleted entry is assigned to the packet that can be sent out of the buckets held in the outgoing queue 24 and opened by the packet.
- An entry for the session is created and registered in the session-to-port assignment table 21 (step S 1 1 1). Then, after creating a new entry in the session-port assignment table 21, as in the case of the existing session, the address translation processing is performed by the packet translation unit 1 1 2 and the appropriate interface (on the other side) The address converted bucket is transmitted from the network interface (steps S 104 to S 107).
- step S 6 0 2 if there is no packet with a matching global endpoint (No in step S 6 0 2), the local endpoint with the global endpoint that is the destination of all buckets held in the outgoing queue 24 as the opposite endpoint Since all ports are in use, processing is terminated without assigning ports to the packets held in the outgoing queue 24.
- Example 4 Next, a fourth embodiment of the address translation device according to the present invention will be described.
- This embodiment is an example of the address translation device 1 that controls a transmission queue in consideration of priority.
- the address conversion device 1 in this embodiment includes a plurality of call waiting queues 24 for each priority.
- information that associates private endpoints with priority information is included in the outgoing port assignment rules.
- the outgoing call control unit 1 1 4 specifies the priority based on the header information of the bucket when the local port is not allocated because the outgoing port is not available, and the specified priority is specified.
- the packet is held in the outgoing queue 2 4 corresponding to each time.
- the priority of the transmission by the packet is specified by searching the priority information of the port assignment rule for the transmission using the private endpoint information of the transmission source obtained from the header of the packet. To do.
- the session monitoring unit 1 1 6 detects a packet that can be allocated from the high-priority outgoing queue 2 24 when the entry in the session-one port allocation table 21 is free.
- outgoing ports can be assigned with priority to outgoing calls from specific users.
- the outgoing port can be assigned in preference to the traffic of the user who pays a large amount.
- This embodiment is an example of the address conversion device 1 that automatically adjusts the allocation ratio for port usage.
- the allocation rule updating unit 12 has a function of adjusting the allocation of port resources between outgoing and standby by rewriting the port allocation rule 2 2.
- the usage ratio is determined based on a predetermined procedure (specifically, an instruction from the user or an allocation plan).
- a predetermined procedure specifically, an instruction from the user or an allocation plan.
- the policy of this embodiment is as follows.
- FIG. 12 is a block diagram showing an example of the configuration of the address conversion system in the present embodiment. As shown in FIG. 12, this embodiment further includes a transmission amount measuring unit 51 and a standby reservation system 52. In FIG. 12, the transmission amount measuring unit 51 and the standby reservation system 52 are shown as separate devices, but they may be incorporated in the address conversion device 1.
- Outgoing volume measuring unit 51 determines the amount of traffic in the outgoing direction (the amount of sessions that performed outgoing processing) from the traffic that passes through address converter 1 to the global network 100 side.
- the transmission amount measurement unit 51 is realized by, for example, a device that observes traffic passing through the address translation device 1.
- the amount of sessions in the outgoing direction to the global network 100 side is observed by notification from the packet converter 1 1 2 and the outgoing controller 1 1 4. Also good. '
- the standby reservation system 5 2 is a means for reserving the standby port of the address conversion device 1, and reserves the standby port of the address conversion device 1 by receiving the following information from an external system or user through a network or the like. To do. 5 2 a. Set of local endpoint port number used for standby and destination private endpoint
- the standby reservation system 52 does not only make a reservation, but also sends the reserved port information (including the number of reserved ports) to the address translation device 1 (specifically, the allocation rule update unit 1 2). , Set an upper limit for the reservation quota, obtain the upper limit value from the address converter 1, and charge for each port when executing the reservation. Or set the port usage fee for each time slot.
- the allocation rule updating unit 1 2 automatically assigns port resources (including determining the allocation ratio) as follows.
- the allocation rule update unit 12 periodically acquires the transmission processing amount from the transmission amount measurement unit 51 and the reservation amount of the standby port from the standby reservation system 52. Then, using these, statistics are calculated in a predetermined unit where the traffic volume is expected to change, such as the time of day and the day of the week.
- the expected value of the standby reservation amount in a certain time zone (also this) of a certain day of the week P r Get t and the expected value ps-t for outgoing processing.
- the allocation rule update unit 1 2 classifies the upper limit p ⁇ t of the number of standby ports in the future time zone t from the expected value and the standby port unit price V r ⁇ t as follows. To decide.
- the reserved allocation upper limit for the number of standby ports set at a predetermined initial value is P-0
- the unit price for outgoing calls is V s -1
- the standby port unit price is V r _ 0. Yes.
- p ⁇ t and V r ⁇ t are determined so as to satisfy p ⁇ t> p ⁇ 0 and v r ⁇ t and v r ⁇ .
- the standby reservation amount is waiting P ⁇ t is determined so that P ⁇ t and p ⁇ 0 are satisfied as long as the receiving port resources are not used up.
- the port resource for standby is assumed to be surplus. Part of it. Specifically, P ⁇ t is determined so that P ⁇ t> p ⁇ 0 is satisfied as long as the transmission volume does not use the port resources for transmission.
- p ⁇ t and V r ⁇ t are determined so as to satisfy p ⁇ t ⁇ p ⁇ 0 and V r ⁇ t> v r ⁇ 0.
- the allocation rule update unit 1 2 keeps the result of the above-mentioned case determination from the expected value for a predetermined number of times, If it is determined that there is no change in the situation (that is, the result of the decision of case classification) even if the automatic process is executed, the long-term process should be executed.
- the ratio of demand for each transmission and standby and the demand for the entire port resource can be adjusted to be optimal.
- port resources can be allocated automatically and efficiently.
- Example 6 Next, a sixth embodiment of the address conversion device according to the present invention will be described.
- This embodiment is an example of interconnecting networks using a plurality of address conversion devices.
- the address translation device 1 has been shown to operate as a single device.
- a large-scale private network 2 0 0 and a global network 1 0 0 are connected, a large amount of traffic must be relayed, so a single address conversion device may not be able to achieve sufficient performance. There is also.
- a method may be considered in which a plurality of address translation devices are prepared and the local end point space is divided and assigned to each address translation device. For example, it is possible to prepare a dedicated address translation device for outgoing calls and standby devices, and adjust the distribution of port usage according to the ratio of the number of devices. However, even in such a case, it is necessary to protect the existing session when switching the port usage, and also control the call waiting when the call port is full or the call queue with priority. Control is also desired.
- the present invention can obtain the same effect by applying the present invention to each address conversion device even in a network configuration including a plurality of address conversion devices.
- FIG. 13 is an explanatory diagram showing a configuration example of an address translation system including a plurality of address translation devices.
- the address translation system shown in FIG. 13 includes a plurality of address translation devices 1 (address translation devices 1 to 1 to 1-n), a global network side packet distributor 3 1 0, and a private network side packet distributor 3 2 0. Then, the allocation rule update unit 2 works.
- Addressless conversion device in this embodiment 1 1 1 ⁇ ! ! Is obtained by removing the allocation rule updating unit 12 from the address conversion device 1 configured as the single device described above.
- the packet distributors 3 1 0 and 3 2 0 are communication devices having functions equivalent to L 4 switches, which are connected to the global network 1 0 0 and private network 2 0 0, respectively, and are given by the allocation rule update unit 2 According to the distribution rule, the target address conversion device 1 is specified from the header information of the bucket that arrives from the network, and the packet is delivered to the address conversion device 1.
- Allocation rule update unit 2 sets the port number space for calling and waiting according to a predetermined procedure.
- a port usage is specified and a list of port numbers to be processed is assigned.
- distribution rules are set for the bucket distributors 3 1 0 and 3 2 0 according to the allocation of the processing target ports to each address translation device 1.
- the global network side bucket distributor 3 10 has a packet addressed to the address conversion device 1 assigned a port number as a local endpoint that can be used for standby. The distribution rule should be set so that it is distributed.
- the private network side packet distributor 3 2 0 converts the address of the private endpoint that is the source, for example, to the address converter 1 to which the port number as the local endpoint that can be used for transmission is assigned.
- the distribution rule may be set so that it is distributed according to the number of devices 1 and distributed to a predetermined address conversion device 1.
- the present invention can be applied as an address conversion system even in a network configuration including a plurality of address conversion devices.
- the method of efficiently allocating port resources on the global network side to the example of the address conversion device 1 that connects the private network and the global network has been described. This method can also be applied to address translation devices that connect networks that employ different address spaces other than the private network and the IP V 4 global network.
- an address translation device such as NAT-PT or transport relay is installed at the boundary.
- This address translation device mainly removes the IPV 4 header of the bucket and attaches the IP v 6 header, and vice versa, so that the session can pass between the IPV 4 network and the IPV 6 network. It is aimed.
- the host nodes are constructed as networks that can reach each other without going through the IP v 4 network. There is relatively little communication between host nodes, and there is a possibility that the port resources of the address conversion device will not be insufficient.
- the port depletion of the address translation device becomes a problem.
- the port can be efficiently allocated using the method of the present invention.
- the port allocation rule storage unit stores the port allocation rules indicating the port resources on the global address that can be allocated for outgoing from the private network and for standby from the global network. And a session-to-port allocation table that associates information indicating existing sessions with information indicating port resources on the global address assigned to the session endpoints on the private network side of the session.
- a session-port allocation table storage unit for converting the address information of the received bucket according to the correspondence between the existing session and the port resource registered in the session-port allocation table, and the session-port allocation table Open a new session that is not registered with
- an address conversion unit that allocates port resources according to the port usage indicated by the port allocation rule for the session, and a ratio of the allocation number of the outgoing port and the standby port are set to a predetermined value. It shows the configuration of an address conversion device with a port usage ratio changing unit that changes according to the procedure.
- the port allocation rule storage unit is realized by the port allocation rule 2 2 (specifically, the storage device of the address translation device 1 to which a storage area is allocated as the port allocation rule 2 2). .
- the session-port assignment table storage unit is realized by the session-port assignment table 21 (specifically, the storage device of the address translation device 1 to which a storage area is assigned as the session-one port assignment table 21).
- the address conversion unit is realized by the address conversion unit 11.
- the port usage ratio changing part is realized by the allocation rule updating part 1 2.
- the port usage ratio changing unit changes the ratio of the allocation number of the outgoing port and the standby port, and shows the correspondence between the existing session and the port resource in the session-port allocation table.
- the configuration is shown by changing the port assignment rules while retaining them.
- the port usage ratio changing unit changes the port usage ratio based on fluctuations in the demand for port resources for each predetermined time period predicted from the past usage. Additional configurations are shown. With such a configuration, it is possible to control the allocation ratio for port usage to be optimum.
- a user specific information storage unit for storing user specific information for identifying a user for each end point on the private network side, and a usage record for use in a charging mechanism for each user are stored.
- the address conversion unit is responsible for making a call to the user specified from the information of the session end point indicated by the bucket that opened the session when the port for outgoing call is assigned to the new session.
- a configuration including a transmission control unit for recording a usage record is shown.
- the user specific information storage unit assigns a storage area as the outgoing port assignment rule 2 2 2 including the user specific information (specifically, the storage area is assigned as the outgoing port assignment rule 2 2 2). It is realized by the storage device of the address translation device 1).
- the usage record storage unit is realized by the outgoing billing unit 23. Further, the transmission control unit is realized by the transmission control unit 1 14 in the second embodiment. With this configuration, it is possible to identify and charge the calling user during outgoing call processing, and it is possible to prevent useless use of port resources.
- the port usage ratio changing unit determines the port usage ratio and the charging mechanism based on the demand amount and the actual supply amount of the port resources for each predetermined time period predicted from the past usage amount.
- the configuration for changing the port resource usage unit price for each port usage in is shown.
- the port usage ratio changing unit is realized by the allocation rule updating unit 12 in the fifth embodiment. With such a configuration, the ratio of demand for each transmission and standby, port resources, and overall demand can be adjusted optimally. Therefore, port resources can be allocated more efficiently.
- the above embodiment includes a call waiting queue that temporarily stores packets waiting to be assigned to a call port. When the address translation unit receives a packet for opening a new session, the call port is set.
- the packet When the outgoing port is not assigned because there is no free space, the packet is held in the outgoing queue, and when the outgoing port is free, the packets held in the outgoing queue are ordered. And a transmission control unit that assigns the outgoing port if the outgoing port can be assigned to a session that the bucket is about to open. It is.
- the transmission waiting queue is realized by the transmission waiting queue 24.
- the transmission control unit is realized by the transmission control unit 1 1 4 in the third embodiment.
- the above embodiment includes a plurality of outgoing call queues corresponding to different priorities, and when the outgoing call control unit holds the packet in the outgoing call queue, the private network side end point indicated by the packet is provided.
- the priority of the user identified based on the priority is determined, the packet is held in the outgoing queue corresponding to the determined priority, and when the outgoing port is free, the queue queue with higher priority is set.
- a configuration for attempting to assign the outgoing port is shown.
- the call waiting queue is realized by the call waiting queue 24 in the fourth embodiment.
- the transmission control unit is realized by the transmission control unit 1 1 4 in the fourth embodiment. With this configuration, for example, the degree of freedom of port resource distribution can be increased by linking with the billing function.
- the address conversion unit includes a session monitoring timer unit that determines the end of the session by a timer processing that starts according to a predetermined condition for each entry in the session-port allocation table.
- the configuration is shown.
- the session monitoring timer unit is realized by the session monitoring timer unit 1 15.
- the address space of one network P includes the address space of the other network G, or there is a mapping from the address space of the network P onto the address space of the network G 2
- An address conversion device that is located at the boundary of two bucket switching networks and interconnects the networks, and port resources in the transport layer port number space on the network G side that can be allocated by the address conversion device are A port allocation rule storage unit for storing port allocation rules separately for outgoing calls used for session establishment from network P to network G and standby use used for session establishment from network G to network P; and an existing session Information indicating the session end point of the session and the network G side transport layer port number space assigned to the network P side session end point of the session Session-port allocation table storage unit that stores a session-port allocation table that correlates information indicating port resources, and received according to the correspondence between existing sessions and port resources registered in the session-port allocation table When a packet for converting a packet address information and opening a new session that is not registered in the session-port assignment table is received, the port is assigned to the
- a configuration of an address conversion device includes an address conversion unit that allocates resources and a port usage ratio change unit that changes the ratio of the number of outgoing ports and standby ports assigned according to a predetermined procedure.
- the address space of the other network G is included in the address space of the other network P here, or there is a mapping from the address space of the network P onto the address space of the network G.
- the relationship is, for example, a relationship between an IPv6 network (corresponding to network P) and an IPv4 global network (corresponding to network G). According to such a configuration, not only for the interconnection between the global network and the private network, but also for the network connection in which the global address resource may be exhausted in the interconnection of networks with different address spaces. Resources can be used more efficiently.
- one or more address conversion devices that perform address conversion and transfer packets, and all or part of the port resources on the global address that can be allocated by the address conversion system
- a port assignment management device that is designated and assigned to the address translation device.
- the address translation device includes information indicating the session end point of the existing session and the global address assigned to the session end point of the session on the private network.
- Session-to-port allocation table storage unit that stores the session-to-port allocation table that correlates information indicating the above port resources, and the correspondence between existing sessions and port resources registered in the session-to-port allocation table Convert bucket address information received according to When a packet for opening a new session that is not registered in the session-port allocation table is received, the port resource allocated from the port allocation management device is allocated to the session according to its use.
- An address translation unit, and the port assignment management device is connected to the address translation device. It shows the configuration of an address conversion system equipped with a port usage ratio changing unit that changes the ratio of the number of allocated ports according to a predetermined procedure.
- the port assignment management device is realized by an information processing device including the assignment rule update unit 2.
- the address translation device is realized by the address translation devices 1 1 1 to 1 1 n. With such a configuration, when a large-scale private network and the global network are connected, if a single device cannot achieve sufficient performance, it is configured with multiple address conversion devices.
- the present invention can also be applied. In addition, for example, it is possible to prepare address translation devices dedicated for outgoing calls and standbys, and adjust the port usage according to the ratio of the number of devices.
- the present invention can be applied to an address translation apparatus having an address translation function for interconnecting networks having different address spaces.
- it is suitable for use in routers, switches, and session relay devices equipped with the NA PT function that connects the IPv4 global network and the private network and dynamically assigns port numbers, and the transport relay function.
- the NA that connects the IPV 6 network and the IPV 4 network
- the present invention can also be suitably applied to the same type of device having a P T -P T function and a transport relay function.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/602,545 US8458338B2 (en) | 2007-06-15 | 2008-06-11 | Address translation device and address translation method |
JP2009519338A JP5163910B2 (ja) | 2007-06-15 | 2008-06-11 | アドレス変換装置及びアドレス変換方法 |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2007158477 | 2007-06-15 | ||
JP2007-158477 | 2007-06-15 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2008153193A1 true WO2008153193A1 (ja) | 2008-12-18 |
Family
ID=40129790
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2008/061078 WO2008153193A1 (ja) | 2007-06-15 | 2008-06-11 | アドレス変換装置及びアドレス変換方法 |
Country Status (3)
Country | Link |
---|---|
US (1) | US8458338B2 (ja) |
JP (1) | JP5163910B2 (ja) |
WO (1) | WO2008153193A1 (ja) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2011210032A (ja) * | 2010-03-30 | 2011-10-20 | Hitachi Ltd | 仮想マシンのマイグレーション方法およびシステム |
US8717884B2 (en) | 2009-04-16 | 2014-05-06 | Nec Corporation | Address-sharing system |
Families Citing this family (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP5163910B2 (ja) * | 2007-06-15 | 2013-03-13 | 日本電気株式会社 | アドレス変換装置及びアドレス変換方法 |
CN105100299A (zh) * | 2010-11-25 | 2015-11-25 | 华为技术有限公司 | 报文发送方法、nat表项建立方法及nat设备 |
US8473625B1 (en) * | 2010-12-10 | 2013-06-25 | Sprint Communications Company L.P. | Preservation of network address translation (NAT) state across wireless sessions |
US8693327B2 (en) * | 2011-05-03 | 2014-04-08 | Novell, Inc. | Techniques for privileged network routing |
US8806033B1 (en) | 2011-06-30 | 2014-08-12 | Juniper Networks, Inc. | Effective network identity pairing |
US9258272B1 (en) * | 2011-10-21 | 2016-02-09 | Juniper Networks, Inc. | Stateless deterministic network address translation |
US9178846B1 (en) | 2011-11-04 | 2015-11-03 | Juniper Networks, Inc. | Deterministic network address and port translation |
US9003002B2 (en) * | 2012-01-18 | 2015-04-07 | Microsoft Technology Licensing, Llc | Efficient port management for a distributed network address translation |
US20130185430A1 (en) * | 2012-01-18 | 2013-07-18 | LineRate Systems, Inc. | Multi-level hash tables for socket lookups |
US8891540B2 (en) | 2012-05-14 | 2014-11-18 | Juniper Networks, Inc. | Inline network address translation within a mobile gateway router |
EP2743857A1 (en) * | 2012-12-13 | 2014-06-18 | Gemalto SA | Methof for allowing establishment of a secure session between a device and a server |
JP6127618B2 (ja) * | 2013-03-15 | 2017-05-17 | 株式会社リコー | 情報処理装置、情報処理システム、中継方法およびプログラム |
US20150223157A1 (en) * | 2013-06-28 | 2015-08-06 | Intel Corporation | Seamless connectivity across devices with heterogeneous transports |
US9882877B2 (en) * | 2014-05-12 | 2018-01-30 | Michael C. Wood | Transparent traffic control device and method for securing internet-connected devices |
US9237129B2 (en) | 2014-05-13 | 2016-01-12 | Dell Software Inc. | Method to enable deep packet inspection (DPI) in openflow-based software defined network (SDN) |
JP2016019156A (ja) * | 2014-07-08 | 2016-02-01 | キヤノン株式会社 | 通信装置およびその制御方法 |
US9537872B2 (en) | 2014-12-31 | 2017-01-03 | Dell Software Inc. | Secure neighbor discovery (SEND) using pre-shared key |
US9998425B2 (en) * | 2015-01-27 | 2018-06-12 | Sonicwall Inc. | Dynamic bypass of TLS connections matching exclusion list in DPI-SSL in a NAT deployment |
CN104811473B (zh) * | 2015-03-18 | 2018-03-02 | 华为技术有限公司 | 一种创建虚拟非易失性存储介质的方法、系统及管理系统 |
US10129207B1 (en) | 2015-07-20 | 2018-11-13 | Juniper Networks, Inc. | Network address translation within network device having multiple service units |
US10469446B1 (en) | 2016-09-27 | 2019-11-05 | Juniper Networks, Inc. | Subscriber-aware network address translation |
CN114124773B (zh) * | 2021-11-24 | 2024-01-23 | 北京天融信网络安全技术有限公司 | 一种端口块地址转换的测试系统及方法 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH11150566A (ja) * | 1997-11-14 | 1999-06-02 | Hitachi Ltd | インタネットワーク装置 |
JP2005286600A (ja) * | 2004-03-29 | 2005-10-13 | Fujitsu Fip Corp | 通信処理装置 |
JP2006094038A (ja) * | 2004-09-22 | 2006-04-06 | Fuji Xerox Co Ltd | 情報通信装置及び情報通信装置に設定されたipアドレスの修正方法 |
JP2006319384A (ja) * | 2005-05-10 | 2006-11-24 | Brother Ind Ltd | ネットワークシステム、接続確立方法、及びノード装置等 |
Family Cites Families (43)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6496567B1 (en) * | 1998-05-07 | 2002-12-17 | Mci Communications Corporation | Interactive voice response service node with advanced resource management |
US6771610B1 (en) * | 1999-01-19 | 2004-08-03 | 3Com Corporation | Spanning tree with protocol for bypassing port state transition timers |
US7016363B1 (en) * | 2000-10-19 | 2006-03-21 | Interactic Holdings, Llc | Scaleable interconnect structure utilizing quality-of-service handling |
US7290283B2 (en) * | 2001-01-31 | 2007-10-30 | Lancope, Inc. | Network port profiling |
AU2002242043B2 (en) * | 2001-01-31 | 2006-12-14 | Cisco Technology, Inc. | Network port profiling |
US7281043B1 (en) * | 2001-05-31 | 2007-10-09 | Cisco Technology, Inc. | System for sharing resources among RSVP sessions |
US20020198850A1 (en) * | 2001-06-26 | 2002-12-26 | International Business Machines Corporation | System and method for dynamic price determination in differentiated services computer networks |
US7225271B1 (en) * | 2001-06-29 | 2007-05-29 | Cisco Technology, Inc. | System and method for recognizing application-specific flows and assigning them to queues |
US20030035371A1 (en) * | 2001-07-31 | 2003-02-20 | Coke Reed | Means and apparatus for a scaleable congestion free switching system with intelligent control |
US7644151B2 (en) * | 2002-01-31 | 2010-01-05 | Lancope, Inc. | Network service zone locking |
JP3868815B2 (ja) * | 2002-01-10 | 2007-01-17 | 富士通株式会社 | 通信システム |
JP3872716B2 (ja) * | 2002-04-30 | 2007-01-24 | 富士通株式会社 | パケット出力制御装置 |
KR100442627B1 (ko) * | 2002-05-20 | 2004-08-02 | 삼성전자주식회사 | 네트워크 프로세서에서의 패킷 리디랙션 방법 |
US7930423B2 (en) * | 2002-06-14 | 2011-04-19 | Alcatel-Lucent Usa Inc. | Dynamic load balancing within a network |
JP4528116B2 (ja) * | 2002-06-25 | 2010-08-18 | インターナショナル・ビジネス・マシーンズ・コーポレーション | 分散環境中でアプリケーションの性能を監視するための方法およびシステム |
US7280557B1 (en) * | 2002-06-28 | 2007-10-09 | Cisco Technology, Inc. | Mechanisms for providing stateful NAT support in redundant and asymetric routing environments |
US20040015408A1 (en) * | 2002-07-18 | 2004-01-22 | Rauen Philip Joseph | Corporate content management and delivery system |
JP4374202B2 (ja) | 2003-02-28 | 2009-12-02 | 株式会社日立製作所 | ストリーム配信計算機、プログラム、nas装置 |
US7769994B2 (en) * | 2003-08-13 | 2010-08-03 | Radware Ltd. | Content inspection in secure networks |
US8285881B2 (en) * | 2003-09-10 | 2012-10-09 | Broadcom Corporation | System and method for load balancing and fail over |
EP1671469A1 (en) * | 2003-09-30 | 2006-06-21 | Koninklijke Philips Electronics N.V. | Client requested external address mapping |
US7397792B1 (en) * | 2003-10-09 | 2008-07-08 | Nortel Networks Limited | Virtual burst-switching networks |
US7436832B2 (en) * | 2004-05-05 | 2008-10-14 | Gigamon Systems Llc | Asymmetric packets switch and a method of use |
KR100603567B1 (ko) * | 2004-09-02 | 2006-07-24 | 삼성전자주식회사 | 스위치에서의 대역폭 예약을 통한 QoS 보장 방법 및 그시스템 |
US7784096B2 (en) * | 2004-11-15 | 2010-08-24 | Microsoft Corporation | Outgoing connection attempt limiting to slow down spreading of viruses |
US7542473B2 (en) * | 2004-12-02 | 2009-06-02 | Nortel Networks Limited | High-speed scheduling apparatus for a switching node |
US7912046B2 (en) * | 2005-02-11 | 2011-03-22 | Microsoft Corporation | Automated NAT traversal for peer-to-peer networks |
US7518987B2 (en) * | 2005-07-25 | 2009-04-14 | Cisco Technology, Inc. | Mechanisms for providing connectivity in NAT redundant/fail-over scenarios in unshared address-space |
US20070079103A1 (en) * | 2005-10-05 | 2007-04-05 | Yasuyuki Mimatsu | Method for resource management in a logically partitioned storage system |
US7817580B2 (en) * | 2005-12-07 | 2010-10-19 | Cisco Technology, Inc. | Preventing transient loops in broadcast/multicast trees during distribution of link state information |
US8448162B2 (en) * | 2005-12-28 | 2013-05-21 | Foundry Networks, Llc | Hitless software upgrades |
JP2007243300A (ja) * | 2006-03-06 | 2007-09-20 | Fujitsu Ltd | 帯域制御プログラム、帯域制御装置、帯域制御方法 |
CN101014005B (zh) * | 2007-01-22 | 2010-09-22 | 华为技术有限公司 | 一种减少链路聚合组中业务损伤的方法和装置 |
JP5163910B2 (ja) * | 2007-06-15 | 2013-03-13 | 日本電気株式会社 | アドレス変換装置及びアドレス変換方法 |
US8181238B2 (en) * | 2007-08-30 | 2012-05-15 | Software Ag | Systems and/or methods for streaming reverse HTTP gateway, and network including the same |
JP2009111437A (ja) * | 2007-10-26 | 2009-05-21 | Hitachi Ltd | ネットワークシステム |
US8103346B2 (en) * | 2008-05-22 | 2012-01-24 | Cardiac Pacemakers, Inc. | Regulatory compliant transmission of medical data employing a patient implantable medical device and a generic network access device |
US20100161827A1 (en) * | 2008-12-23 | 2010-06-24 | Griesmer Stephen J | Methods and apparatus to manage port resources |
WO2011079182A2 (en) * | 2009-12-23 | 2011-06-30 | Citrix Systems, Inc. | Systems and methods for managing ports for rtsp across cores in a multi-core system |
JP5440210B2 (ja) * | 2010-01-28 | 2014-03-12 | 富士通株式会社 | アクセス制御プログラム、アクセス制御方法およびアクセス制御装置 |
US8707440B2 (en) * | 2010-03-22 | 2014-04-22 | Tenable Network Security, Inc. | System and method for passively identifying encrypted and interactive network sessions |
US20110307541A1 (en) * | 2010-06-10 | 2011-12-15 | Microsoft Corporation | Server load balancing and draining in enhanced communication systems |
JP5338765B2 (ja) * | 2010-07-27 | 2013-11-13 | ブラザー工業株式会社 | 通信装置、通信方法、及び通信プログラム |
-
2008
- 2008-06-11 JP JP2009519338A patent/JP5163910B2/ja not_active Expired - Fee Related
- 2008-06-11 WO PCT/JP2008/061078 patent/WO2008153193A1/ja active Application Filing
- 2008-06-11 US US12/602,545 patent/US8458338B2/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH11150566A (ja) * | 1997-11-14 | 1999-06-02 | Hitachi Ltd | インタネットワーク装置 |
JP2005286600A (ja) * | 2004-03-29 | 2005-10-13 | Fujitsu Fip Corp | 通信処理装置 |
JP2006094038A (ja) * | 2004-09-22 | 2006-04-06 | Fuji Xerox Co Ltd | 情報通信装置及び情報通信装置に設定されたipアドレスの修正方法 |
JP2006319384A (ja) * | 2005-05-10 | 2006-11-24 | Brother Ind Ltd | ネットワークシステム、接続確立方法、及びノード装置等 |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8717884B2 (en) | 2009-04-16 | 2014-05-06 | Nec Corporation | Address-sharing system |
JP5488591B2 (ja) * | 2009-04-16 | 2014-05-14 | 日本電気株式会社 | 通信システム |
JP2011210032A (ja) * | 2010-03-30 | 2011-10-20 | Hitachi Ltd | 仮想マシンのマイグレーション方法およびシステム |
Also Published As
Publication number | Publication date |
---|---|
US20100175123A1 (en) | 2010-07-08 |
JP5163910B2 (ja) | 2013-03-13 |
JPWO2008153193A1 (ja) | 2010-08-26 |
US8458338B2 (en) | 2013-06-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2008153193A1 (ja) | アドレス変換装置及びアドレス変換方法 | |
JP4523381B2 (ja) | パケット通信装置 | |
JP5621778B2 (ja) | コンテンツベーススイッチシステム、及びコンテンツベーススイッチ方法 | |
US8861359B2 (en) | Network system, control method thereof and controller | |
JP4796157B2 (ja) | ネットワーク通信における資源配分を実施するためのシステム及び方法 | |
EP2479941B1 (en) | Communication apparatus and communication system for enhancing speed of communications between terminals | |
JP4033773B2 (ja) | ネットワークルーティングを実行する方法および装置 | |
JP4394590B2 (ja) | パケット中継装置および通信帯域制御方法 | |
JP5757324B2 (ja) | コンピュータシステム、及び通信方法 | |
JP4351449B2 (ja) | Ipテレフォニーを実行するためのシステムおよび方法 | |
WO2013177891A1 (zh) | 一种分配公网地址的方法及装置 | |
WO2001003380A1 (fr) | Dispositif d'attribution de services | |
JP2005537764A (ja) | 優先度及びリザーブ帯域幅プロトコルを利用したネットワークにおけるQoSを提供する機構 | |
WO2005004407A1 (ja) | 伝送容量割当方法、通信網および網資源管理装置 | |
JP2000253049A (ja) | ルーティング装置およびルーティング方法 | |
JP2013009406A (ja) | インターネットにアクセスする加入者への所望のサービス・ポリシーの提供 | |
JP2003060691A (ja) | ネットワークルータおよび交換機におけるリソースの割当て方法および装置 | |
JP7103883B2 (ja) | 通信システム、通信制御方法、及び通信装置 | |
WO2016194089A1 (ja) | 通信ネットワーク、通信ネットワークの管理方法および管理システム | |
JP2000312226A (ja) | 通信品質を保証する方法 | |
JP2007201564A (ja) | 推定システム、端末、推定方法、およびプログラム | |
JP3662768B2 (ja) | 網間接続方法及び装置 | |
JP2006245894A (ja) | 転送経路制御装置および転送経路制御プログラム | |
EP2882167B1 (en) | Method for management of ip (internet protocol) addresses in a telecommunications network, and telecommunications network | |
JP3865175B2 (ja) | Ipアドレス変換装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 08777297 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 12602545 Country of ref document: US |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2009519338 Country of ref document: JP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 08777297 Country of ref document: EP Kind code of ref document: A1 |