1. Field of the Invention
The present invention relates to a communication device, and in particular to a communication device which transmits/receives data by using a communication protocol.
A protocol is a rule which defines a communication method, and is composed of an OSI reference model of seven layers in total. In each layer, processing information in compliance with each protocol is added as a header to transmission data received from an upper layer and is transferred to a lower layer. Also, the header added is extracted from data received from the lower layer, processing in compliance with the processing information is executed, and the data are transferred to the upper layer.
An individual communication device accommodates to only a single protocol. If various protocols need to be realized, it is required to prepare communication devices accommodating to each of the protocols. However, this method leads to much trouble and cost. Accordingly, means for realizing all kinds of protocols more easily are demanded.
2. Description of the Related Art
FIG. 18A shows a well-known conventional communication system connected through the Internet. In FIG. 18A, a reference numeral 10 indicates a personal computer (hereinafter, abbreviated as PC), a reference numeral 11 indicates an L2TP Access Control (hereinafter, abbreviated as LAC), a reference numeral 12 indicates an L2TP Network Server (hereinafter, abbreviated as LNS), and a reference numeral 13 indicates a LAN (Local Area Network) as an intranet. A PC 14 and a PC 15 as a mail server are provided in the LAN 13.
When transmitting a packet P1 to the PC 14 within the LAN 13 in such a communication system, the PC 10 generates an IP(a→b) frame in which an IP address (a) of the PC 10 which is a source, and an IP address (b) of the PC 14 which is a destination, are added to a payload, and transmits the packet P1 in which the IP(a→b) frame is capsuled with a PPP (Point To Point) protocol, in order to establish a connection with the LAC 11 provided by an ISP (Internet Service Provider).
In order to further transmit the PPP protocol packet received from this connection to the LNS 12, the LAC 11 transmits a packet P2 (capsuled with IP(x→y) protocol) in which an IP address (x) of the LAC 11 which is a source, and an IP address (y) of the LNS 12 which is a destination are added to the packet P1, to the LNS 12 on the destination network through a tunnel of the Internet INET.
The LNS 12 having received the packet P2 transmits to the LAN 13 a packet P3, to which decapsuling or removing the IP addresses of the LAC 11 and the LNS 12 from the packet P2 is performed.
The packet P3 is transmitted to the mail server PC 15 through the LAN 13, and the PC 15 transfers the packet P3 to the destination PC 14 to complete a data transmission.
Accordingly, the LNS 12 requires, as shown in FIG. 18B, IP(x→y) termination processing (at step S21), PPP termination processing (at step S22), and IP(a→b) termination processing (at step S23).
In a PPP protocol session {circle around (1)} of PC 10→KLNS 12 in this case, a user of the PC 10 has established a connection with a NAS (Network Access Server)(not shown) provided by an ISP with dial-up means or the like. Upon accessing the LAN 13 from remote sites such as foreign countries, dial-up accesses have to be performed to a PPP server within the LAN 13, which leads to a cost increase.
In FIGS. 19A and 19B, an intranet LAN 13a is connected to an intranet LAN 13b by using security gateways SG 1 and SG 2 instead of the LAC and the LNS of FIG. 18A. For this connection, a tunnel mode shown in FIG. 19A and a transport mode shown in FIG. 19B can be conceived.
Firstly, in case of the tunnel mode (1), the packet P1 is transmitted to the security gateway SG 1 with the IP(a→b) protocol from a PC 16 of the address (a) in the LAN 13a. The security gateway SG 1 encrypts the received packet P1 as shown by hatching, and capsules the packet P1 with the IP(x→y) protocol to be transmitted to the security gateway SG 2 through the tunnel of a security association SA 1 on the Internet INET.
In the security gateway SG 2, as shown in FIG. 19C, an IP(x→y) termination processing (at step S31) is firstly performed, encryption processing is further performed (at step S32), and then the packet 3 from which the IP(x→y) protocol is removed (decapsuled) is transmitted to the LAN 13b. In the LAN 13b, according to the IP(a→b) termination processing protocol in the packet P3, the packet P3 is transmitted to the PC 14 of the address (b).
In case of the transport mode (2), a packet P4 is transmitted to the PC 14 in the opposed LAN 13b from the PC 16. The packet P4 is subjected to encryption processing to the payload in the security gateway SG 1, and then is transmitted to the PC 14 of the address (b) in the LAN 13b through the Internet INET and the security gateway SG 2 (security association SA 2).
In such a communication system using security gateways shown in FIGS. 19A and 19B, the security gateway SG 2 can accommodate to the security association (tunnel mode) SA 1 and the security association (transport mode) SA 2 which perform processing shown in FIG. 19C, but can not accommodate to the other modes.
This is shown in FIGS. 20A and 20B. Namely, when the PC 10 and the LAC 11 shown in FIG. 18A are connected to the security gateway SG 2 with the PPP session {circle around (1)} or the L2TP session {circle around (2)}, the packet from the LAC 11 is required to be processed as the LNS as shown in FIGS. 18A and 18B, and IPsec (IP security) protocol processing is required to be performed to the packet from the security gateway SG 1 as the security gateway.
The LNS processing requires a protocol processing order of IP, UDP, L2TP, PPP, and IP (see FIG. 3). Since the security gateway SG 2 requires the order of the ESP decryption and the IP processing (see FIG. 3), these processings can not be executed when a communication device is provided with only a fixed protocol.
The PPP session, the L2TP session, and the security association modes have been taken as examples for the description in the above-mentioned case, while other various kinds of capsuling exist.
FIGS. 21A-21Q show examples of such various capsuling. FIG. 21A shows a standard Ethernet protocol, FIG. 21B shows an Ethernet protocol in a mobile terminal and a base station, FIG. 21C shows a protocol used for a PPPoE (ADSL etc.), FIGS. 21D and 21E show a combination protocol of an L2.5 Ethernet and an MPLS (Multiprotocol Label Switching).
Furthermore, FIG. 21F is a protocol for tunneling at an MAC layer, FIG. 21G is an L2TP protocol, FIG. 21H is a protocol for authentication (tunnel mode), FIG. 21I is a protocol for authentication (transport mode), FIG. 21J is a protocol for encryption (tunnel mode), FIG. 21K is a protocol for encryption (transport mode), FIG. 21L is a protocol indicating a key exchange, FIG. 21M is a protocol for tunneling at an IP layer, FIG. 21N is a protocol for tunneling at an IP layer, FIG. 21N is a protocol for tunneling with an IPv6 in an IPv4 network, FIG. 21O is a protocol of IPv6 extension header or the like, FIG. 21P is a protocol for tunneling of a global address/private address, and FIG. 21Q is a protocol for tunneling with an IPv4 in an IPv6 network.
Since the conventional communication device to which such various capsuled packets are inputted is provided with only a fixed protocol, it can not accommodate flexibly.
Also, in the conventional IPv4 and IPv6 processing as shown in FIG. 22C the IP processing is performed in the order of L2, L3, and L4or in the reverse order as shown in FIGS. 22A and 22B, so that capsuling only in such an order can be processed (protocol conversion can not be performed). Therefore, when there is another order processing, the need for preparing for the other order processing or for another hardware arises.
Furthermore, L3 processing is performed twice in the above example. However, unless a processing order of hardware-like protocols is preliminarily fixed, it has been impossible to design the protocols. Also, even if processing orders of protocols as many as one can conceive are incorporated, there has been a problem that the processing order of protocols which are not used has also to be designed.