The present invention relates to a communications network control system for effectively utilizing networks when connecting a plurality of networks to each other and transferring packets.
In recent years, with developments of Internet and Intranet, it has been a subject in the communications network control system to correspond to a diversification of networking mode and an increase in traffic through mutual connections of networks including a Local Area Network (LAN) and a Wide Area Network (WAN). Network connection devices such as routers and firewalls are needed for performing the network control such as routing access control, quality management and load balancing by connecting the plurality of networks to each other. The router controls the routing in the networks, and the firewall implements the access control in the networks. These connection devices transfer and receive control information of a network control protocol, thus managing the control information on the network. In the case of the router, the network control protocol involves the use of an international standard protocol such as a Routing Information Protocol (RIP) and an Open Shortest Path Fast (OSPF). In the case of the firewall, however, there exist no such international standard protocol at the present. Then, those connection devices connect the networks to each other, i.e., transfer packets, based on the control information of the network control protocol.
In the conventional communications network control system having the network connection device such as the router and the firewall, the packets to be transmitted are a transfer packet containing communications information and a control protocol packet (simply termed a control packet) containing the control information. A receiving-side, more precisely, transferred-side network connection device executes a process of the transfer packet and a process of the control protocol packet on the time-axis sequentially in series. Further, a transfer packet processing function and a control protocol packet processing function, are provided in a physically singly structured network connection device.
Thus, in the conventional network connection device, the function of controlling the network and the function of transferring the packets are integrally structured with no clear distinction therebetween, and the process for the control protocol packet and the process for the transfer packet are executed on the time-axis in series. Therefore, if any one of the processes exhibits a high load, there might be caused a delay and queuing in the other process. More specifically, the control protocol packet is being processed, during which the transfer packet can not be processed, and in the meantime the packet transfer might be delayed. This packet transfer delay turns out to be a delay of the network control. Further, a box body of the physically singly structured device incorporates the network control function and the packet transfer function, and hence there must be a less degree of freedom in terms of the architecture of the communications network control system.
Accordingly, it is a primary object of the present invention to provide a communications network control system capable of dispersing a processing load by separating a network control function from a packet transfer function which have hitherto been united into one function, or by separating a physically singly structured network connection device incorporating these functions into different devices (a network control device and a packet transfer device) corresponding to the functions.
It is another object of the present invention to provide a communications network control system capable of keeping a compatibility with conventional devices on a network even by separating the network control function from the packet transfer function which have hitherto been united into one function or by separating the singly structured device into different devices.
It is still another object of the present invention to provide a communications network control system capable of performing communications between the separated functions or between the devices described above. This object is intended to cope with a constraint that there is not so much degree of freedom in terms of an installation space because of a necessity for setting a packet transfer function and a device corresponding to the packet transfer function at points where a plurality of networks are connected to each other, and with a restraint that it is desirable to avoid the installation in a place with a comparatively low reliability because a network control function and a device corresponding to this function require storage devices such as hard disks for storing an enormous quantity of software in many cases.
It is a further object of the present invention to provide a communications network control system capable of ensuring a communications security because it is easy to lose a confidentiality when transmitting and receiving vital items of information such as control information on normal networks.
To accomplish the above objects, according to one aspect of the present invention, a communications network control system comprises a judging unit for judging whether a variable-length packet inputted via a first network is a control packet self-addressed and containing control information for network control, or a transfer packet addressed otherwise, a first managing unit for receiving the control packet judged to be the control packet by the judging unit via a communications medium, and managing and processing the control information, based on the received control packet, a second managing unit for storing the control information transmitted to the communications medium from the first managing unit in such a way that the control information can be updated as well as for controlling a transfer of the transfer packet, and a rewriting unit for executing a process of rewriting contents of the transfer packet in accordance with the control information stored in the second managing unit, in parallel with a process of the control packet by the first managing unit in order to transfer to a second network the transfer packet judged to be the transfer packet by the judging unit.
In this construction, the first managing unit may be provided in a first device, and the judging unit, the second managing unit and the rewriting unit may be provided in a second device having a physically different configuration from the first device. Further, the communications medium may involve the use of the first network, and a cable through which the first device and the second device are capable of communicating with each other. Each of the first device and the second device may further include a control packet encrypting/decrypting unit for making confidential the communications via the first network.
According to another aspect of the present invention, a communications network control system comprises a judging unit for judging whether a variable-length packet inputted via a network is a control packet self-addressed and containing control information for network control, or a transfer packet addressed otherwise, a first managing unit for receiving the control packet judged to be the ;control packet by the judging unit via a communications medium, and managing and processing the control information, based on the received control packet, a second managing unit for storing the control information transmitted to the communications medium from the first managing unit in such a way that the control information can be updated as well as for controlling a transfer of the transfer packet, and a rewriting unit for executing a process of rewriting contents of the transfer packet in accordance with the control information stored in the second managing unit in parallel with a process of the control packet by the first managing unit in order to transfer to the other network the transfer packet judged to be the transfer packet by the judging unit. The first managing unit is provided in at least one network control device. The judging unit, the second managing unit and the rewriting unit are provided in at least one packet transfer device. The communications medium is one of one of the network and the other network, and the cable through which the network control device and the packet transfer device are capable of communicating with each other.
According a further aspect of the present invention, a communications network control method comprises a first step of judging whether a variable-length packet inputted via a first network is a control packet self-addressed and containing control information for network control, or a transfer packet addressed otherwise, a second step of receiving the control packet judged to be the control packet in the first step via a communications medium, and managing and processing the control information, based on the received control packet, a third step of storing the control information transmitted to the communications medium by the process in the second step in such a way that the control information can be updated as well as for controlling a transfer of the transfer packet, and a fourth step of executing a process of rewriting contents of the transfer packet in accordance with the control information stored in the third step, in parallel with a process of the control packet in the second step in order to transfer to a second network the transfer packet judged to be the transfer packet in the first step.