1. Field of the Invention
The present invention relates to a communication control method and system in which one physical server can be shared by a plurality of closed networks while various requests and conditions which cannot be satisfied by conventional techniques are satisfied.
2. Description of the Related Art
As a technique for constructing an intranet and an extranet by using closed networks to secure safety of communications between business bases of a company and between companies, VPN (Virtual Private Network) has spread. Recently, not only big companies but also small-and-medium-sized companies have considered the introduction of closed networks, and users thereof are increasing. When server services are provided to a closed network, as shown in FIG. 5, there is available a method in which servers A, B, and Care installed in closed networks NWa, NWb, and NWc, respectively. However, if a server is provided in each closed network, facility and operational costs increase.
For solving this technical problem, as in an example shown in FIG. 6, it is considered that one shared server is shared by the plurality of closed networks NWa, NWb, and NWc. However, if IP addresses are independently assigned to the respective closed networks NWa, NWb, and NWc, the IP addresses may duplicate. In this case, a plurality of hosts have the same IP address as viewed from the shared server, so that securing of connectivity to the hosts in the respective closed networks from the shared server comes into question. In Non-patent document 1 and Patent documents 1 to 4, in a system in which a plurality of closed networks share one server, a technique for solving duplication of IP addresses of hosts is disclosed.
Non-patent document 1 discloses, by using a situation of connection of a LAN to the Internet as a typical example, a technique for converting a private IP address to be used by the LAN side into a global IP address to be used by the Internet side.
Patent document 1 discloses, to realize communications between a plurality of closed networks and a server, a technique for enabling communications between a host and a server by assigning a unique IP address identifiable on the server side to a pair of the host in a closed network and the closed network and managing it, and making this IP address correspondent to an IP address assigned to the host in the closed network.
Patent document 2 discloses, to realize communications between hosts in a plurality of closed networks and a server, a technique for assigning an IP address that the server can uniquely identify for a pair of an ID for identifying a closed network and an IP address which is likely to be duplicated for a host in a closed network.
Patent document 3 discloses, to identify closed networks of the respective hosts, a technique for attaching an ID tag unique to each closed network to a packet to be transmitted from a host, and when the server receives the packet, identifying a source host according to the ID tag, and based on this ID tag, controlling packet transfer to a started server application of each user. This Patent document 3 also discloses a technique for attaching an ID tag unique to each user to a packet to be transmitted from a server application and then transmitting the packet when a server makes a connection to a host in a closed network.
Patent document 4 discloses a technique for realizing a response from a server to a host in a closed network having a duplicate IP address by setting a MAC address of a source gateway in a layer 2 frame of a received packet as a destination MAC address in the layer 2 frame regardless of an IP address of the response destination.
Non-patent document 1: RFC1631 “The IP Network Address Translator”
Patent document 1: Japanese Published Unexamined Patent Application No. 2001-16255
Patent document 2: Japanese Published Unexamined Patent Application No. 2002-204252
Patent document 3: Japanese Published Unexamined Patent Application No. 2003-167805
Patent document 4: Japanese Published Unexamined Patent Application No. 2004-179853
In the technique of Non-patent document 1, address conversion is dynamically performed in response to a connection request from a host in a closed network to a server, so that communications starting from the server are not possible. Further, the server cannot identify the closed network, so that it is difficult to provide services and information unique to each closed network.
In the above-described technique of Patent document 1, IP addresses of the server as viewed from the respective closed networks must be made different from each other, so that a user cannot freely determine the IP address of the server.
In the technique of Patent document 2, connection to a host in an arbitrary closed network from a server cannot be guaranteed, and the server cannot identify the closed network, so that it is difficult to provide services and information unique to each closed network.
In the technique of Patent document 3, a server must be equipped with a function for identifying an ID tag, a function for packet transfer to a specific server application by means of an ID tag, and a function for attaching an ID tag to each user in the case of sending from the server, so that it is difficult to divert a server which has already been used and applications thereof.
In the technique of Patent document 4 described above, in a general protocol stack, equipment to which the packet is transferred next is determined according to a destination IP address, and a MAC address of the destination is determined. Therefore, to realize the technique of Patent document 4, implementation of special routing of the layer 2 frame in the server is necessary, and it is difficult to divert a server which has already been used and applications thereof. Further, it is difficult to establish communications starting from the server.
Summarizing these, as listed in FIG. 7, to share one physical server by a plurality of closed networks, it is preferable that the following requirements (1) to (5) are satisfied, however, there is conventionally no technique satisfying all of these requirements:
(1) To enable communications starting from a server.
(2) A server can uniquely identify hosts in the respective closed networks.
(3) An IP address of the server can be freely determined for each closed network.
(4) Equipment with a new function in an existing server is unnecessary.
(5) An IP address of a host in each closed network as viewed from the server is identical to an address which has been used in the closed network.