1. Technical Field
The present invention relates to a communication device, a communication method, an integrated circuit, and a program for communicating from a Wide Area Network (WAN) side beyond a network relay device which has a Network Address Translation (NAT) function.
2. Background Art
In a communication method using a conventional Internet technique, a global Internet Protocol version 4 (IPv4) address (hereafter described as global IP address) which is an address uniquely determined for each of the devices is assigned to the device directly connecting to the Internet.
However, the number of global IP addresses is limited, and especially Internet access services for households, there are many cases where only one global IP address is assigned per service contract. In other words, only one device can directly connect to the Internet per service contract.
Therefore, a network configuration using a private IP address and a router having the NAT function (hereafter referred to as NAT device) is widely used such that a plurality of devices whose number exceeds the number of available global IP addresses can simultaneously communicate with a device on the Internet.
It should be noted that the private IP address is an IP address for use in a closed (private) network such as a network device debugging and within businesses, although it cannot be used as a source IP address and a destination IP address of a packet on the global Internet.
Moreover, the NAT device is a network relay device which holds a Network Address Translation (NAT) function of performing a mutual conversion between a global IP address and a private IP address.
It should be noted that in the present identification, the claims, and the drawings, “NAT” is used by including a meaning of Network Address Port Translation (NAPT) which also performs a port translation.
The NAT function will be described with reference to FIG. 1. In the case where a communication packet bound for a communication device 104 on its own Wide Area Network (WAN) side are transmitted from a communication device 101 on its own Local Area Network (LAN) side, a NAT device 102, as the NAT function, has a function of transferring the communication packet to an upper level network (Internet 103).
The NAT device 102, in the transfer, rewrites the source IP address and the source port of the communication packet into a WAN-side IP address of the NAT device 102 itself and a newly assigned port number, respectively. Then, a reply packet which returns as a reply, after a rewrite of the destination IP address and the port number by the NAT device 102 according to an address translation table 105, is transferred to the communication device 101.
In an example of FIG. 1, the NAT device 102 having an IP address of “10.0.0.1” on the WAN side receives a packet bound for an 80 port of a destination IP address of “10.0.0.2” transmitted from a 10000 port of the communication device 101 having an IP address of “192.168.0.2”.
On the receiving of the packet, the NAT device 102, with reference to the address translation table 105, first checks whether or not the source IP address and the source port of the received packet already exist in the address translation table 105. As a result, in the case where there are no corresponding data in the address translation table 105, an address translation table 105 is newly generated.
In the example of FIG. 1, a case is assumed where there are no corresponding data and an address translation table 105 using a source port number 20000 is newly generated. It should be noted that the source port number to be used for newly generating the address translation table 105 may be any port number as long as the number is not used for another address translation.
After newly generating the address translation table 105, the NAT device 102, according to the generated address translation table 105, rewrites “192.168.0.2” which is the source IP address and the source port number “10000” of the received packet into an IP address of “10.0.0.1” and a port number “20000,” respectively, and then transmits the packet to the communication device 104 having an IP address of “10.0.0.2”.
Then, on the receiving of a reply packet bound for the 20000 port of the destination IP address of “10.0.0.1” transmitted, as the reply, from the communication device 104, the NAT device 102 refers to the address translation table 105 and then rewrites “10.0.0.1” which is the destination IP address and “20000” which is the destination port number into an IP address of “192.168.0.2” and a port number “10000,” respectively.
With this, the communication device 101 can communicate with the communication device 104 without the influence of the address translation performed in the NAT device 102, can transmit information with respect to the communication device 104, and can obtain information from the communication device 104.
However, a criterion for newly assigning a port number in an address translation of the NAT function or a port number issuance rule is different for each product.
Specifically, the criterion for assigning a port number in an address assignment of the NAT function is mainly classified into three kinds and the port number issuance rule is also mainly classified into three kinds.
FIG. 2 shows a criterion classification for assigning a port of the NAT function. FIG. 2 shows, in (1), an assignment criterion classification called a Cone type which is a classification for always assigning the same port in the address translation regardless of whether destination IP addresses of a server A, a server B, and the like that are communication partners and a destination port belongs to a port p or a port q.
FIG. 2 shows, in (2), a port assignment criterion classification called an Address Sensitive type which is a port assignment criterion classification which changes an assigned port according to the destination IP addresses of the server A and the server B that are communication partners. However, the same port is always assigned in the address translation without depending on whether the destination port of the communication partner is the port p or the port q.
FIG. 2 shows, in (3), a port assignment criterion classification called a Port Sensitive type which is a port assignment criterion classification which changes an assigned port according to the destination IP addresses of the server A and the server B that are communication partners and changes the port assignment also according to whether the destination port is the port p or the port q.
FIG. 3 shows a port number issuance rule classification of the NAT function. FIG. 3 shows, in (1), a port number issuance rule classification called a Port Reuse type which is a classification for assigning, also to the NAT device, the same port as a source port number of a communication packet transmitted by a terminal. It should be noted that another port is assigned in the case where a port is already used in the address translation table of the NAT device.
FIG. 3 shows, in (2), a port number issuance rule classification called a Sequential type and shows a case where each of the three communication packets, from the terminal, is sequentially transmitted with the use of a 1 port, a 3 port, and a 5 port as a source port.
In the Sequential type, regardless of the source port of the communication packet transmitted by the terminal, port numbers are assigned at a regular interval (in FIG. 3, regular interval Δ=5) in a sequence of the transmitted communication packets. The interval between the adjacent port numbers is different for each product.
FIG. 3 shows, in (3), a port number issuance rule classification called a Random type which is a port number issuance rule classification for irregularly assigning port numbers regardless of the source ports of communication packets transmitted by the terminal and their sequence.
Moreover, there is also a case where the NAT function of the NAT device, from a standpoint of security, has a function of filtering based on a source IP address or a port number of a communication packet that comes from the WAN side.
As described above, as long as communication is started from a terminal under control of the NAT device, the network configuration using the private IP address and the NAT device allows the terminal to directly communicate with another device on the Internet.
However, so as to perform communication from another device on the Internet or perform peer to peer (P2P) communication between two terminals under control of different NAT devices, communication must be mutually performed through a traversal of the NAT device by each of the terminals on the side of the communication partner terminal.
This is generally called “NAT traversal”. The NAT traversal is performed by using a NAT device corresponding to an Internet Gateway Device (IGD) of Universal Plug and Play (UPnP) which is disclosed in Non Patent Literature 1 or using a NAT device corresponding to NAT Port Mapping Protocol (NAT-PMP), or Simple Traversal of UDP through NATs (STUN) which is disclosed in Non Patent Literature 2. With this, it is possible for P2P communication to be performed.
However, the former method directly controls a port of the NAT device from a terminal and therefore stable communication and connection can be expected, but the NAT device without corresponding to the IGD of UPnP or the equivalent function cannot be used for P2P communication.
Moreover, there is a possibility that STUN can correspond to many NAT devices by using an external server. However, depending on NAT classifications of the NAT devices existing on a communication route and their combination, communication packets are blocked by the filtering function of the NAT device and the NAT traversal cannot be performed. In other words, the method using STUN is inferior in certainty to the method using UPnP.
Especially, in a multilayer NAT environment in which there are two or more NAT devices, a feature of the NAT device having the strictest restriction is dominant and therefore a connection success rate by STUN is further decreased.
Patent Literature 1 discloses a method for enhancing a connection rate, by exchanging, between terminals via an external server, NAT classification determination result information of the NAT device and information about the presence or absence of UPnP compatibility, and by then performing the NAT traversal using STUN, the NAT traversal using the IGD of UPnP or NAT Port Mapping Protocol (NAT-PMP), or the like, even in the multilayer NAT environment in which there are two or more NAT devices between the external server and the terminals.