1. Field of the Invention
The present invention relates to a duplicate private address translating system for connecting a plurality of network spaces constructed by private network addresses with a space having a global network address such as the Internet.
The present invention also relates to a network system constructed such that, in a plurality of networks in which apparatuses use private addresses based on a specific protocol such as, for example, private IP addresses in each network and also a duplicate of private addresses between the respective networks are permitted, servers for processing requests from such apparatuses are connected to these networks.
2. Description of Related Art
The Internet assigns unique addresses referred to as IP (Internet Protocol) addresses to various network apparatuses including computers, thereby enabling communications between apparatuses. The IP addresses are integral values used for identification between apparatuses that perform communications in networks connected using TCP/IP as protocols. The integral value has, for example, a 4-byte length under a specification of IPv4 and a 16-byte length under the subsequent specification of IPv6.
For carrying out communications between the respective apparatuses, since it is necessary to discriminate a respective apparatus according to IP addresses, all apparatuses connected to an identical network must have an IP address that are different from each other. Therefore, apparatuses connected to the Internet must have unique IP addresses. As a matter of course, if the network is not connected to the Internet, IP addresses that do not overlap within the network can be freely assigned.
As IP addresses, there are special addresses referred to as private addresses and it is assured that these addresses are not used on the Internet. Private addresses can be used when constructing a network that is independent of the Internet. For carrying out communications between a network composed of private addresses and the Internet, a method for relaying by means of the Proxy and NAT (Network Address Translation) is generally employed.
Herein, NAT is a technique that can be used when connecting a network composed of private addresses to the Internet and has a role to mutually translate a global IP address and the private addresses. Moreover, the Proxy has functions as a proxy server that makes, based on a request from a client in a private address space, a request to a global address space in place of the client and also sends, in response to the client in the private address space, a response from the global address space to the request.
As an example of such a proxy server, the HTTP Proxy will be described. HTTP Proxy plays a role to receive, from a client, an HTTP request to a Web server, issue the HTTP request to the Web server on the Internet in place of the client, and sends a response from the server back to the client. Since it is the Proxy that actually issues the HTTP request to the Web server on the Internet, communications using an HTTP protocol can be performed between the server and client even if the client side is of a private address.
On the other hand, as a technique for constructing a large-scale private network at low cost, a VPN (Virtual Private Network) is provided. For example, according to the VPN by an MPLS (Multi Protocol Label Switching) technique, foundation of an MPLS network is carried out on the carrier's side. On the subscriber's side, private networks respectively possessed by the subscriber's locally independent units, such as a head office and branch offices, are connected with the MPLS network independently. In this way, each subscriber can construct a large-scale independent private network, while maintaining a high-degree of security.
However, in a case where it is intended to connect such a plurality of IP address spaces composed of private addresses to the Internet, for example, if the carrier, which has provided the VPN services as described above, further carries out an access service to the Internet, the following problem has been experienced.
Since the plurality of private address spaces are independent of each other, there in general is a possibility that private addresses of one address space have been used in other address spaces. In such a case, if it is intended to simply connect the plurality of independent private address spaces and perform translation by means of NAT, a collision between IP addresses occurs, therefore the expected process cannot be performed.
Therefore, as a means for solving such a problem, installation of apparatuses for NAT, that is equivalent to the private address spaces in number, can be considered. However, if the above-described VPN carrier has, for example, 1000 subscribers, 1000 apparatuses for NAT become necessary. If the scale is large, such a solution cannot be a realistic solution.
In addition thereto, there are techniques disclosed, for example, in Japanese Patent Kokai No. Hei 11-127217, Japanese Patent Kokai No. Hei 10-308762 and the like. However, these techniques are not techniques for connecting a plurality of private address spaces with a global address space and therefore could not become solutions to the above-described problem in that private addresses collide with each other.
Furthermore, in a case where consideration is given to providing a plurality of private address spaces as mentioned above with Proxy functions, for example, if the carrier, which has provided the above-described VPN services, intends to further provide, by means of the Proxy functions, a home page browsing service on the Internet as one of its access services, the following problem has existed.
As mentioned above, since the plurality of private address spaces are independent of each other, there is, in general, a possibility that private addresses of one address space have been used in other address spaces. If it is intended to simply connect the plurality of independent private address spaces and provide Proxy functions, a collision between IP addresses occurs, therefore the expected process cannot be performed.
Therefore, as a means for solving such a problem, installation of apparatuses for NAT, that is equivalent to the private address spaces in number, can be considered. However, for example, if the above-described VPN carrier has 1000 subscribers, 1000 apparatuses for NAT become necessary. When the scale is large, such a solution cannot be a realistic solution.