1. Field of the Invention
The present invention relates to a communication control scheme for communications utilizing the transport layer.
2. Description of the Related Art
In recent years, there are increasing demands for data communications by using radio in addition to speech communications. TCP (Transmission Control Protocol) has been widely used as a reliable transport layer protocol in wired data communications, but the direct application of this protocol to radio communications causes the following problems.
A TCP packet loss in the wired communications implies a congestion of the network, so that TCP is designed to avoid the congestion by lowering the data transmission rate upon detecting the packet loss. The packet loss is detected when more than or equal to a prescribed number (usually three in addition to the original) of ACK having the same sequence number are received, and when a time-out of a timer that is set according to RTT (Round Trip Time) and its variance occurs.
As a consequence, the TCP packet loss due to a radio section error and a handoff, or the case where the error recovery at the link layer takes a considerable time, will be interpreted as the congestion and the congestion avoidance will be made more than necessary, so that the throughput often falls below the available radio bandwidth. Also, the end-to-end re-transmission by TCP with respect to a radio section error will be time consuming and wasting the bandwidth in the wired section. Also, in the case where the error recovery is made at the link layer, the same data will be transmitted redundantly.
In order to resolve these problems, there are some propositions of methods for inserting a proxy (PEP: Performance Enhancement Proxy) for improving the performance of TCP between a wired side terminal and a radio side terminal (at a border between a radio side and a wired side in many cases).
A method based on Split connection is a method for dividing the TCP connection at the Proxy (which will be referred to as TCP-GW hereafter) into a wired side TCP connection and a radio side TCP connection. Here, the case of transmitting data from the wired terminal to the radio terminal will be considered.
The TCP-GW returns ACK to the wired terminal on behalf of the radio terminal, so that the influence of a radio error (a packet loss or a large delay fluctuation) will be concealed from the wired terminal. When the TCP data packet is lost, the TCP-GW carries out the data re-transmission on behalf of the wired terminal. The radio side TCP may be tuned specifically for radio side use. For example, the the radio side TCP may use the selective ACK option (IETF RFC 2018) so as not to degrade the performance considerably even in the case of high packet loss rate. Also, the radio side TCP may use a modified congestion control algorithm so as not to excessively narrow the bandwidth even when the TCP packet loss occurs.
A method based on Snoop proxy is a method for dealing with a problem that the end-to-end semantics of TCP (i.e., when ACK of TCP returns to a transmitting terminal, data up to the sequence number of that ACK have reached to a receiving terminal) are violated when the TCP connection is regarded as terminated by the TCP-GW. The Snoop proxy buffers the TCP data packet but does not return ACK to the transmitting terminal at that point. When ACK is returned from the actual receiving terminal, the Snoop proxy relays ACK to the transmitting terminal and discards the buffered TCP data packet. Here, however, when ACK is a redundant ACK for triggering the re-transmission from the actual transmitting terminal, the Snoop proxy discards the redundant ACK and carries out the re-transmission of the TCP data packet. The Snoop proxy also carries out the time-out re-transmission. In this way, most of the influences of radio errors are concealed from the transmitting terminal.
On the other hand, in such radio data communications, there are great demands for the security because anyone in a vicinity can eavesdrop radio signals and the mobile environment is used in many cases.
One known method for ensuring the security on the Internet is the IPSec (IETF RFC 2401, 2402 and 2048). The security can be provided at various layers, and the IPsec is a scheme for ensuring the security at the IP layer. In the IPSec, there are functions for guaranteeing (1) that the IP header is not altered on the route, (2) that data of the IP payload are not altered on the route, and (3) that the data are generated by the actual sender. To this end, there is a need to insert AH (Authentication Header) between the IP header and the IP payload. There are also functions for guaranteeing the secrecy, the absence of alteration, and the generation by the sender with respect to the IP payload. To this end, ESP (Encapsulating Security Payload) is used. Note that AH and ESP can be used in combination.
Also, the IPSec and the Mobile IP utilize a technique for transmitting the actual packet by encapsulating it in another packet at a gateway device or an agent device that has functions of the IPSec of the Mobile IP, to a gateway device, an agent device, or a terminal that is the actual destination of that packet. A route through which the actual packet passes in an encapsulated form will be referred to as a tunnel.
As described, in the case of carrying out communications between a radio terminal device accommodated in a radio network and a wired terminal device accommodated in a wired network, there are great demands in the radio data communication environment for both a device for improving the performance of TCP such as TCP-GW or Snoop proxy and a method for providing the security such as IPSec, but a combined use of such a device and a method causes the following problem.
Namely, the TCP header is contained in the IP payload that is protected by the IPSec, but a proxy for improving the performance of TCP needs to know information contained in the TCP header and to change it whenever necessary. Moreover, when the absence of alteration in the data to be transmitted is guaranteed, it becomes impossible for the TCP-GW to transmit ACK on behalf of the actual receiving terminal, because there would be a need for the TCP-GW itself to generate ACK information. In addition, when the secrecy of the data to be transmitted is required, it becomes impossible for the TCP-GW or Snoop proxy to operate effectively because it becomes impossible to read the TCP header information.
Also, when the proxy device is located in a middle of the “tunnel” utilized in the IPSec or the Mobile IP, this proxy device does not function effectively. This is because, even when the TCP-GW checks the header of the encapsulated packet in order to realize the filtering as to whether the encapsulated packet should be processed or not, for example, this header does not indicate that the payload is the TCP packet.