1. Field of the Invention
The present invention generally relates to a communication control system that controls communication carried out via a network. The present invention, specifically relates to carrying out path control while using a technology such as Internet Gateway Protocol (IGP).
2. Description of the Related Art
Generally, when carrying out data communication between a plurality of networks, communication devices such as a router and a gateway carry out a relay process of data between the networks.
FIG. 20 is a block diagram of an example of the data communication that is carried out between the networks. The data communication is carried out between a network of a company (a company network 1), Internet 2a, an extranet 2b that is constructed between the company and another company, and an experimental network 2c that is temporarily included for experiment of communication.
Thus, when connecting the company network 1 to an external network, a control of the data communication is called for such that the data communication can be carried out only between the company network 1 and a specified network. In a service control network disclosed in Japanese Patent Application Laid-Open No. 2003-134145, a router, which carries out filtering of packets, allocates an Internet Protocol (IP) address to a terminal that is authenticated by a server that carries out authentication of the terminal, and rejects packets from terminals other than the authenticated terminal.
However, in the aforementioned method, the router carries out allocation of the IP address, and if allocation of the IP address is carried out by a network administrator or by a device other than the router, the allocation of the IP address cannot be efficiently detected.
Interior Gateway Protocol (IGP) has been developed as a protocol for carrying out communication control of packets. In the IGP, routing information that includes prefix data is transacted between routers. A prefix indicates a network address that serves as a destination of the packet.
FIG. 21 is a block diagram of a conventional network that uses the IGP. In the network shown in FIG. 21, the routing information (a Routing Information Protocol (RIP) message 6), which includes the prefix data of the networks under IGP routers 3a to 3d, is transacted between the IGP routers 3a to 3d. 
The network administrator uses a network control server 4 to carry out filtering of the routing information by setting in the IGP routers 3a to 3d, prefix filters 5a, 5c, and 5d that include a recorded destination address of the routing information that permits transfer. Thus, the network administrator can control distribution of the routing information to the IGP routers 3a to 3d, thereby enabling to restrict the networks that carry out the data communication.
The prefix filters 5a, 5c, and 5d shown in FIG. 21 are set to discard all the routing information by default (“default deny”). If passage of the routing information corresponding to a predetermined prefix “prefix” via a predetermined communication interface “IF” is permitted, data of the prefix and data of the communication interface is recorded in the prefix filters 5a, 5c, and 5d (“permit prefix for IF”).
However, even in the conventional network that uses the IGP, if a structure of the network is modified, the network administrator needs to reset the prefix filters 5a, 5c, and 5d, thus requiring considerable efforts. Especially in the network that is externally connected to the company network, the network structure may be modified without a notification to the company, and the network administrator finds it difficult to grasp a prefix that is newly allocated to the network.
Border Gate Protocol (BGP) is used as a path control protocol that can carry out path control without getting affected due to modification of the prefix of the network. In the BGP, using extended community attributes that are installed by a Request For Comments (RFC) 2547, a destination of distribution of the routing information can be restricted to a specific community. A community indicates a group of destination addresses of the networks that are grouped under a BGP router.
FIG. 22 is a block diagram of the conventional network that uses the BGP. In the network shown in FIG. 22, the routing information (a BGP update message 8), which includes the prefix data of the networks under BGP routers 7a to 7c, is transacted between the BGP routers 7a to 7c. 
For example, upon receiving the BGP update message 8 from a community, the BGP routers 7a to 7c transmit to the other BGP routers 7a to 7c the BGP update message 8 that includes added community attributes. The community attributes are data of community names (“10:1” etc.) that are recorded in an export target policy of community attributes filters 9a to 9c. 
The BGP routers 7a to 7c set as import targets the community attributes that are included in the BGP update message 8, and prior set in the community attributes filters that define passage of the routing information from a path.
Thus, in the network that uses the BGP, data of the community attributes is used instead of the prefix data to set filters that include recorded data related to whether to permit a passage of the routing information. Thus, the destination of distribution of the routing information can be easily restricted.
However, in the conventional technology that uses the BGP, although by using the community attributes path control can be carried out without getting affected due to a modification of the prefix of the network, installing the BGP in the company network significantly increases the cost.
In other words, the BGP is a protocol that is designed for distribution of the routing information across the networks of large scale organizations (Autonomous Systems: AS) such as during communication between providers, and the hierarchical management method of the BGP is not fit for management of a networks within an AS such as the company networks that applies a simple path control policy.
Due to this, operations in the company network are generally carried out using the IGP that is appropriate for a networks within an AS that applies a simple path control policy, and the IGP routers need to be replaced to the BGP routers for using the BGP, thereby significantly increasing the cost.
Thus, a technology needs to be developed that can be used by the network administrator to efficiently carry out complicated path control using the technology such as the IGP that is commonly used in the company network, without resetting the prefix filters even if a structure of the network is modified.