There is a known technology for using a virtual machine on a cloud data center via a customer's intranet (for example, Japanese Laid-open Patent Publication No. 2011-250209).
FIG. 12 is a diagram for explaining an example of the conventional technology. As illustrated in FIG. 12, when a router 200 connected to a customer's intranet is connected to a carrier communication network, the router 200 transmits pre-registered virtual-machine (VM) device information to a data center 100 connected to the carrier communication network. The router 200 establishes a connection to a gateway (GW) cell 110 in the data center 100 based on information acquired from the data center 100. In addition, the router 200 acquires, from the data center 100, an Internet protocol (IP) address of a virtual router 130 connected to a virtual machine 120 activated in the data center 100, based on the VM device information. The router 200 communicates with the virtual router 130 via the connection to the GW cell 110 based on the IP address of the virtual router 130. Therefore, the router 200 allows a customer to communicate with the virtual machine 120 operating in the data center 100 as if the virtual machine 120 serves as a server directly connected to a local area network (LAN).
Meanwhile, the Internet protocol includes IPv4 and IPv6. In IPv6, there is a technology for identifying each of networks (link-locals) connected to a plurality of link-local addresses assigned to a single server, based on an identifier. The identifier is referred to as, for example, a zone index. Specifically, a plurality of network interfaces are virtually generated in a server, and a link-local address is assigned to each of the generated network interfaces. The server uses the zone index to identify each of customer's link-locals using the link-local addresses.
A process on the virtual machine activated in the data center recognizes a zone index. FIG. 13 is a diagram for explaining an IPv6 zone index. As illustrated in FIG. 13, a plurality of customer's intranets are connected to a virtual machine. The same IPv6 link-local address of “fe80::1234” is assigned to a PC in a customer's intranet A and a PC in a customer's intranet B. Even in this case, the process on the virtual machine can identify each of the customer's link-locals by using a zone index added to each of the IPv6 link-local addresses. In this example, the process on the virtual machine can recognize the customer's link-local of the intranet A by using a zone index of “0” added to “fe80::1234”. Furthermore, the process on the virtual machine can recognize the customer's link-local of the intranet B by using a zone index of “1” added to “fe80::1234”.
Incidentally, the process on the virtual machine does not recognize a zone index in IPv4. Therefore, in IPv4, there is a problem in that it is difficult to enable secure communication between a single virtual machine and a plurality of customer's networks. Specifically, if IPv4 link-local addresses on the customer side are the same, it is difficult to identify each of the customer's link-locals for the process on the virtual machine. Therefore, it is impossible to enable secure communication between a single virtual machine and a plurality of customer networks.