In general, a packet transfer device, such as a router, in an IP (Internet Protocol) network has a mechanism that identifies a host node by means of the destination IP address of a packet, selects a packet distribution path according to the IP address and thus provides accessibility.
It is expected that addresses for IP version 4 (IPv4) will be exhausted in the near future. After exhaustion of addresses for IP version 4, no IPv4 address can be newly acquired. Thus, measures against a shortage of IPv4 addresses have been taken.
A NAPT (Network Address and Port Translator) device is widely used as means for connecting a network and the like constructed using private addresses to the Internet.
The NAPT device rewrites terminal point information of a packet passing though this device on the private network side. This allows host nodes connected to the private network to share one global address assigned to this device. Accordingly, consumption of IPv4 can be suppressed in comparison with a case of directly assigning a global address to the host node. Here, the terminal point information means a set of an IP address, a type of a transport protocol and a port number.
The NAPT device, however, shares the IP address. This generally prevents bidirectional accessibility from being secured between devices with intervention of the NAPT device. Further, the NAPT device requires managing the association between pieces of terminal point information before and after rewriting for each communication session. This increases the cost for processing packet transfer in comparison with routers. A table managing this association is hereinafter referred to as an address conversion table. Here, the communication session is a series of communications between two terminal points. Typically, a TCP (Transmission Control Protocol) connection is categorized as a session.
Accordingly, NAPT devices have widely been used in units of individuals and companies. However, an ISP (Internet Service Provider) and the like have not introduced the NAPT devices on a large scale. Here, the ISP is a connection provider that accommodates individuals, companies and the like and provides connection services therefor.
FIG. 1 is a diagram showing an example of a way of using a present Internet connection service.
Referring to FIG. 1, a configuration is shown where the ISP constructs an own network (ISP network 1000) to provide a connection service to the Internet, connects an end thereof to a device in Internet 3000 and another network via a router 2000, and arranges access routers 4000-1 and 4000-2 at another end and thereby accommodate individuals and companies, or users. Access routers 4000-1 and 4000-2 are connected to pieces of CPE (Customer Premises Equipment) 5000-1 to 5000-4, which are a user device having a function of connection with the ISP. CPE 5000-1 to 5000-4 of users are assigned with different global addresses GA1 to GA4, respectively.
However, in recent years, in order to address shortage of IPv4 addresses, an implementation where the ISP installs the NAPT device and provides users of the ISP with private addresses has been considered (e.g., see Non Patent Literature 1). In this case, the ISP installs the NAPT device at a border between a network for accommodating the users and the Internet. Since this network is typically large, this NAPT device is significantly larger than that widely used at present. Accordingly, this NAPT device is referred to as CGNAT (Carrier Grade Network Address Translator) discriminated from a typical NAPT device.
FIG. 2 is a diagram showing an example of a way of using an Internet connection service utilizing the CGNAT.
As shown in FIG. 2, CGNAT (CGNAT router) 6000 is installed at a border between ISP network 1000 and Internet 3000. ISP network 1000 may be configured using private addresses. Pieces of CPE 5000-1 to 5000-4 are assigned with different private addresses PA1 to PA4, respectively. When a packet of each user passes through CGNAT 6000, the private address assigned to this packet is reassigned with any one of global addresses GA1 to GAn assigned to CGNAT 6000. In this case, the port number is also rewritten. This allows users to share one global address using different port numbers on the single global address.
Here, the concern is that introduction of the CGNAT by the ISP causes following problems.
(1) It is generally difficult to realize a large NAPT device. One of causes thereof is the difficulty of designing a device having a large address conversion table and maintaining high throughput. Another cause is that, since appearance and disappearance of a connection in a transport layer is based on the appearance and disappearance of a session, an entry is required to be edited each time and thus it is difficult to secure redundancy of the address conversion table. Even if the device can be realized, the above problems cannot completely be solved. Accordingly, it is thought that this becomes a bottleneck of performance and a single point of failure.
(2) In a case where a user of the ISP has already introduced the NAPT device, the address is doubly converted. Accordingly, communication efficiency is reduced. Installation of the NAPT device by the ISP also prevents operation of a protocol (UPnP (Universal Plug and Play) etc.) for allowing access to a device presently on a private network side such as a NAPT device from the Internet side.
(3) The concern is that a private address used in the ISP network may overlap with a private address used by a user in an own network.
In order to solve the above problems, a system has been proposed that, instead of installing the NAPT device to accommodate the entire network, assigns the same IPv4 address to users, divides a port number space and assigns a divided part to each user (e.g. see Non Patent Literature 2). According to this system, each user accepts an IPv4 address where the extent of the port number is restricted. This allows the users to share the IPv4 address, thereby enables the amount of usage of the IPv4 address to be reduced.
Since the present device has not been designed to enable communication while restricting the extent of the port number, Non Patent Literature 2 proposes a following system.
(a) A port number converting device is installed between the host node and the access router of the ISP for each user. The port number is rewritten using the port number converting device.
(b) A protocol (DHCP (Dynamic Host Configuration Protocol) etc.) for issuing an address is extended, allowing the extent of the port number to be notified together with the address.
(c) The border router of the ISP for the Internet distributes a packet for those users who share the single address using not only the destination address but also the destination port. Here, a tunnel is set between the border router and the port number converting device of the user. This allows the address to be shared without modifying a router in the ISP network other than the border router.
FIG. 3 is a diagram showing an example of a way of using an Internet connection service utilizing the above systems (a) to (c).
As shown in FIG. 3, this configuration is provided with port resource assigning device 7000, which is the port number converting device described in above (a). Further, this configuration is also provided with tunnels 8000-1 to 8000-4 described in above (c).
The configuration shown in FIG. 3 can solve the problems in the aforementioned CGNAT in a following manner.
First, this negates the need for CGNAT 6000 residing at the border between Internet 3000 and ISP network 1000 as shown in FIG. 2. Accordingly, the difficulty of realizing CGNAT 6000 and the problems that may arise if it is introduced can be avoided.
In a case where the user has already introduced the NAPT device, the port number is rewritten in the NAPT device. Accordingly, address conversion does not become redundant.
The address issued by the ISP to the user is a global address. Accordingly, this address does not overlap with the private address space used by the user.