In recent years, a network employing Internet Protocol Version 6 (IPv6) is introduced. However, many users use Internet Protocol Version 4 (IPv4) addresses. Therefore, a technique for performing communication employing IPv4 via a communication network corresponding to IPv6 is proposed in the Internet Engineering Task Force (IETF). Further, since it is likely that IPv4 addresses are exhausted, a technique for sharing one IPv4 global address among plural users is also developed.
For example, in a system employing Stateless Address Mapping (SAM), plural users can use one IPv4 global address to perform IPv4 communication by IPv6 tunneling. In the system employing SAM, an apparatus serving as an endpoint of a tunnel does not include a table or the like that records communication information such as mapping of IPv6 addresses and IPv4 addresses concerning individual users and conditions for permitting communication. Since the information such as the mapping of the addresses and the conditions for permitting communication increases according to the number of users, if the number of users increases, an amount of information stored in the table becomes enormous. When the information is changed according to an increase of users, a change of addresses, or the like, the table that records the mapping is also changed. Therefore, the system employing SAM is easily managed compared with a system in which individual tunnel routers include a table that records information concerning communication of users.
On the other hand, there is also known a system that includes, in communication information, information used for determining propriety of communication of individual users to thereby determine whether a tunnel router or the like permits connection of a user. For example, there is known a packet relay device that can determine propriety of passage of an IPv6 packet on the basis of stored policy information.