1) Field of the Invention
The present invention relates to a technology for configuring a virtual path of a virtual private network (VPN).
2) Description of the Related Art
Recently, as the Internet spreads, companies that use the Internet (hereinafter, “user companies”) are able to connect their branches without utilizing a virtually leased line service such as Asynchronous Transfer Mode (ATM) and a frame relay.
As to utilization in wide area network (WAN), a commercial communication service has started in 1994 in the United States, and a service of “super relay CR” has started by Nippon Telegraph and Telephone Corporation (NTT) in 1995 in Japan. In the next-generation B-ISDN proposed by NTT, a transmission speed was supposed to be heightened and public communication lines were supposed to be integrated based on ATM technology.
On the other hand, the development of ATM-LAN in which the ATM technology is applied to local area network (LAN) already makes progress in the early part of the nineties, and the ATM-LAN with a maximum transmission speed of 25 mega bits per seconds was standardized by an ATM-LAN forum. The ATM-LAN has a function of “LANE (LAN emulation)” which virtually provides the same service as that of Ethernet (Registered Trademark).
Commercialization of the ATM-LAN has started in 1992. However, it has not widely spread because it has taken a long time to standardize enormous specifications and low-priced Ethernet (Registered Trademark) has spread quickly.
Although the ATM is now spreading in WAN, Gigabit Ethernet (Registered Trademark), Fiber Distributed Data Interface (FDDI), and the like are more popular than ATM in LAN. At present, an attention is paid to enhancement of compatibility with explosively widespread Internet Protocol (IP). In Internet Engineering Task Force (IETF), “IP over ATM” which treats IP protocol on ATM network is developed.
Working groups are formed in the ATM forum last year, and specifications of “FAST” (Frame Relay ATM over SONET Transport) and the like which can treat a variable length cell expandable up to 64 Kilo bite are established.
In general, a user network uses a private address, and thus packet cannot directly flow to the Internet using global address.
To make communication between user network sites via the global Internet, therefore, the following mechanism is required. In the mechanism, encapsulation is made by IP packet having a global address, and the packet is transmitted from the user network via a global network to the global Internet, and the packet is received by a global network connecting router in a destination site and simultaneously the encapsulation is released, so as to be routed to a destination host in the destination site.
In this case, a user should prepare an apparatus which can start and terminate a tunnel (capable of encapsulating and decapsulating), and thus renewal and upgrading of equipment are necessary. Further, packet processing becomes complicated, performance may not be able to be heightened, or expensive equipment is possibly necessary to heighten the performance.
Further, when many branches are present, configuration of routers connected with the global Internet becomes complicated (control of paths, setting of logical interface, and the like). In this case, since user companies should educate administrators and maintain network equipment, the overall operation becomes expensive.
A new VPN service is considered, in which the maintenance of VPN is outsourced to an Internet service provider(s) or carriers and users can directly utilize user's existent routers as it is.
In this service, provider's routers provide the starting/terminating function of tunnels, and simultaneously, when a plurality of user sites are present, the provider's routers provide control of paths in the user network, which determines a tunnel to which encapsulated packet should be transmitted according to a destination user network.
At this time, a provider edge router transmits packet based on path information for the user network separately from path information for a global network. Such a VPN service is called as IP-VPN.
FIG. 34 is to explain how a virtual path is constructed in the VPN conventionally. LAN segments S1, S2, S3, and S4 are user network used by VPN users. Virtual paths #11 to #44 are set between ports P1 to P4 related with the LAN segments S1 to S4, so that VPN is configured.
The LAN segment S1 is attached to the port P1 of a node N1. The LAN segment S2 is attached to the port P2 of the node N1. “10.1.1.1” is given as an IP address to the node N1. A console C1 is provided correspondingly to the node N1, and it is used when a virtual path related with the node N1 (ports P1 and P2) is set.
The LAN segment S3 is attached to the port P3 of a node N2. A console C2 is used when a virtual path related with the node N2 (port P3) is set. “10.2.1.1” is given as an IP address to the node N2.
The LAN segment S4 is attached to the port P4 of a node N3. A console C3 is used when a virtual path related with the node N3 (port P4) is configured. “10.3.1.1” is given as an IP address to the node N3. Communication with the nodes N1 to N3 is made via a network NET.
A network administrator uses all the consoles C1 to C3 so as to individually log into every node from N1 to N3 and set information for configuring VPN in each node, so that the virtual paths #11 to #44 are configured (See Japanese Patent Application Laid-Open No. 2002-176436).
In the conventional art shown in FIG. 34, when the virtual path on the VPN is configured, a network administrator should log into every node from N1 to N3 individually by using every console from C1 to C3 and should set information for configuring VPN in each node. A great load, therefore, rests on the network administrator, and this conventional art has less convenience.
Particularly, as a number of nodes and ports becomes larger, the load becomes greater. Consequently, this problem becomes more serious.