The Internet is a network enabling worldwide interconnection among users, the number of which is proliferating. In recent years, a variety of techniques have been developed actively to implement a VPN using the Internet.
The VPN, or virtual private network, is a service connecting intranets through the Internet. An example of a network configuration providing VPN is shown in FIG. 1. In this FIG. 1, a variety of network organizations including A-C are connected through routers 20-25 to a network 1 which is managed by a service provider. These routers are referred to as VPN edge routers.
Network 1 provided by the service provider generally interconnects with other networks provided by other service providers. As a VPN, a network for an organization A, as an example, is exclusively interconnected within this organization A only, separated from organizations B and C, through network 1 by the service provider. In other words, only each network inside organization A, B or C is logically interconnected.
Here, either a global address or a private address is used in an intranet whereas a global address is normally used in the Internet. The private address is an address to be applied in a network which is closed in the scope of an organization, and therefore an identical address may possibly be used in different organizations.
Accordingly, in an device accommodating VPN, it becomes necessary to provide the packet routing function for both Internet and intranet. Normally, in the direction from intranet to Internet, any packet for communication in an intranet is converted to a packet which can be processed in the Internet. In the direction from Internet to intranet, the packet format is converted in an opposite way to the above.
In the prior arts for performing such processing, as a first art, there is a method of either combining an IPv4 (Internet Protocol, version 4) header, the format of which includes a source address 26 and a destination address 27 shown in FIG. 2, with another IPv4 header, or combining with an IPv6 (Internet Protocol, version 6) header, the format of which includes a source address 28 and a destination address 29 shown in FIG. 3. Thus the headers are encapsulated as shown in FIGS. 4A and 4B, respectively (corresponding to the Internet standard recommendation document, RFC 1853). Further, as a second prior art, there is a method of employing an MPLS (MultiProtocol Label Switching) shim header shown in FIG. 5 to encapsulate both an IPv4 header and a shim header, as shown in FIG. 4C.
Both of the aforementioned prior arts employ a method of establishing a packet path on the boundary between the Internet and the intranet (which is referred to as tunnel).
More specifically, the encapsulation technique shown in FIG. 4 is realized by setting an IP address assigned at the boundary into an IP header for encapsulation.
Meanwhile, according to the encapsulation method by a shim header shown in FIG. 4C using a MPLS header shown in FIG. 5, the tunneling between both sides of the boundary is enabled by setting a unique value in a label field (Label) of the shim header on a link-by-link basis, and setting a virtual path by converting this value included in the label field in the device connecting the links.
However, according to the aforementioned prior arts, the number of settings in the device incorporating VPN becomes ‘the number of tunnels×2 (i.e. both end points of the tunnels)’. Therefore, there is a problem that a substantially large number of settings become necessary as the number of sites increases.
The number of the tunnels among N sites is (N−1)×2 in the case of a star connection network in which the number of tunnels is minimized. The number becomes N×(N−1) in case of a full mesh connection. If one site is added, it is necessary to add to two (2) settings in the case of star connection, or N settings in case of the full mesh connection.
In case of the star connection, the performance of a root node may cause a bottle neck. In addition, because a communication between nodes other than root has to be transmitted through the root, an identical packet has to be transmitted twice in the Internet. This raises a problem of additional bandwidth consumption, so use of full mesh connection is desirable.