1. Field of the Invention
The present invention relates to a router, and in particular to a router supporting a packet relay function based on a routing table, and also a VPN (Virtual Private Network) function.
Together with recent rapid developments of communication technologies, communication networks have been complicated. When a router is newly added to a communication network for example, it is required to check to see that the router does not badly influence other devices and to perform path monitoring for detecting whether or not the router brings about a problem such as a path fault.
Also, in an enterprise or the like with distributed locations in many places, VPN networks have been increasing recently where the locations are connected through the Internet network to virtually form a single network. Together with the increase of the VPN networks, provider networks or the like which render VPN connection services have been rapidly increasing. A provider edge router located on the border of the provider networks relays a communication from a user network, and transfers it into the provider network. However, it is required to confirm whether or not a communication with an opposed user can be performed by relaying the provider edge router every time e.g. a user network is newly added.
2. Description of the Related Art
FIG. 11A shows a general IP network 500, which is composed of routers 100z_1-100z_4 connected in series, and routers 100z_5 and 100z_6 branched from the router 100z_2 and connected in series.
When the router 100z_2 is newly added to the IP network 500, it is required to perform a communication test for confirming a normality of the communication between the router 100z_2 and the routers 100z_1, 100z_3, and 100z_5 connected to the router 100z_2. For this test, the following methods (1)-(3) and the like are applied:
Method (1): Although a software relay can be performed by a ping (packet internet groper) or the like transmitted from the router 100z_2, a confirmation of a hardware relay path can not be performed. Therefore, for confirming a communication of hardware relay routing setting of the router 100z_2 having a hardware relay function, it is required to check all of the paths when a partial defect occurs in the routing table due to a hardware fault or the like. Therefore, in this method (1), a communication packet 810 using the ping or the like is transmitted from the adjoining router 100z_1, to perform the communication confirmation among the routers 100z_1, 100z_2, and 100z_3.
Method (2): A communication confirming device 200 (see FIG. 11A) is connected to the router 100z_2, the communication confirming packet 810 is transmitted from the communication confirming device 200, and the communication confirmation between e.g. the routers 100z_2 and 100z_3 is performed based on a communication confirming packet (response packet) 811 for the packet 810.
Method (3): A tester is placed at each router, whereby test data addressed to a virtual network are transmitted by using the tester to confirm the relay function of the router (see e.g. patent document 1). [Patent document 1] Japanese patent application laid-open No.09-200209 (page 5, FIG. 1)
In the communication confirmation from the adjoining router by the above-mentioned method (1), a confirmation operation in consideration of the routing setting is required per routing information as an object, procedures become complicated, and the management of the communication confirmation becomes intricate.
FIG. 11B shows a network in which the routers 100z_2, 100z_3, and 100z_5 belong to a provider network 300, and the router 100z_1, and routers 100z_4 and 100z_6 respectively belong to user networks 400_1 and 400_2.
In such a network, the provider edge router 100z_2 is required to transmit a communication packet from the user network 400_1 in order to confirm the normality of the communication with the customer edge router 100z_1 located on the border of the user network 400_1.
Namely, the communication confirmation by using the ping or the like from the customer edge router 100z_1 connected to the edge router 100z_2 is required.
Furthermore, the security management of the user network 400_1 accommodating the router 100z_1 is different from that of a provider network 300 accommodating the router 100z_2. Therefore, the provider's use of the adjoining router 100z_1 on the user side raises a problem. Also, when the router 100z_1 is at a distant location, the use of the router 100z_1 raises a problem.
Furthermore, it is impossible to confirm all of the paths in the network having several tens of thousands of paths unless the communication confirming device 200 is externally connected thereto in the same way as the method (2), which leads to poor convenience and high cost.
However, in the method (2), the expensive communication confirming device 200 has to be connected, the confirmation operation by a method of considering the routing setting per routing information as an object is required in the same way as the method (1), and the management becomes complicated.
Also, in the method (3), it is required to set the tester to each of the routers respectively, and in order to apply the method to the existing network for example, it is required to connect the tester to each router. Furthermore, in the method (3), virtual network information is inputted for testing, which is for confirming the communication to the virtual network and not for performing the communication confirmation for the actually existing path.
Furthermore, in the conventional communication confirmation technology including the methods (1)-(3), the provider network 300 which provides the VPN, i.e. the provider network 300 which provides a VPN tunnel connecting the user networks 400_1 and 400_2 can not perform the communication confirmation or the like including the VPN tunnel.