When carriers and companies construct their respective networks, a network for managing those networks (management network) is constructed. This management network has network supervisory apparatus connected to it which supervises if the constructed network is operating as expected. Note that there are a first case where this management network, i.e., management and control signal network, has a network topology the same as that of the networks to be supervised and controlled, i.e., the networks of the main signals, by multiplexing the supervision and control signals onto the main signals, and a second case where this management network is provided separately from the networks for the main signals.
As explained above, there is a case where the networks constructed by carriers and companies are made up of a plurality of areas having different network operators. As a specific example, there is assumed to be a case in which carriers having specified areas of operation construct a wide area network spanning different areas of operation. For example, local telephone companies in the U.S. and cable television companies in Japan are only licensed to operate in specific areas. Here, in order for these companies to service a wide area exceeding their areas of operation, the companies connect their operating networks to form a single network. Alternatively, in a company network, there is a case where the company sets up separate network management departments in the East and West to supervise the different areas.
FIG. 1 illustrates, as an example of a management network for managing these networks, a management network for managing a network (not illustrated) which is formed from network elements R-A to R-F managed by a branch A and network elements R-1 to R-3 managed by a branch B. To clarify the working ranges, the network elements managed by the branch A are allowed to be accessed from the network elements of the branch A, while the network elements of the branch B are allowed to be accessed from the network elements of the branch B. For this reason, each network apparatus compares the source information included in the received information with an access authorization list (refer to the following Table 1 and Table 2) registered in itself so as to determine whether a terminal (network element or supervisory apparatus) is allowed to access it and accepts and processes only information from receivable sources. By doing this, network elements of the branch A are prevented from being managed and operated from the branch B. This means that, from the viewpoint of the branch A, unintentional modification of network elements managed by itself (branch A) due to mistaken operation of a person at the branch B is prevented and, conversely, its mistaken operation of the network elements of the branch B is prevented. Note that, the “TID” in the following Table 1 and Table 2 is an abbreviation for “Target Identification” and is identification used for identifying network elements in an OSI protocol. Further, the (authorized/unauthorized) addresses are IP addresses. That is, in the examples illustrated in Table 1 and Table 2, authorization/unauthorization may be judged not only by the TIDs in the OSI protocol, but also the IP addresses in the IP protocol.
TABLE 1List of Authorization to Access NetworkElements Managed by Branch AAuthorizedUnauthorizedAuthorized IDaddressUnauthorized IDaddressR-AA.A.A.AR-11.1.1.1R-BB.B.B.BR-22.2.2.2R-CC.C.C.CR-33.3.3.3R-DD.D.D.DR-EE.E.E.ER-FF.F.F.F
TABLE 2List of Authorization to Access NetworkElements Managed by Branch BAuthorizedUnauthorizedAuthorized IDAddressUnauthorized IDAddressR-11.1.1.1R-AA.A.A.AR-22.2.2.2R-BB.B.B.BR-33.3.3.3R-CC.C.C.CR-DD.D.D.DR-EE.E.E.ER-FF.F.F.F
This conventional method focused on blocking access to one's own (for example, the branch A's) network elements from unauthorized parties. Therefore, through what route information, communicated between the network elements, actually reaches a destination network element is not taken into account. When not considering the routes in this way, the following inconveniences will occur.
[Inconvenience at the Side Passing Information]
1) Information instructing operations for management of network elements, for example, pass through the networks of other groups, so it is needed to encrypt information which one does not wish to be seen by other groups.
2) If unintended work is performed in a network inside the networks managed by another group due to deliberate change of a route in the management network of the other group, the expected information will sometimes not arrive at the destination.
[Inconveniences at the Side to Which Information is Passed]
3) The management information of another group is sent to the network of one's own group, so the throughput (available bandwidth etc.) for the information one wishes to be communicated within one's own group is not obtained as expected.
4) If the information of another group is abnormal, for example, the size of the information violates the standards, the management network of one's own group is liable to be destroyed.
[Inconveniences Common to the Side Passing Information and the Side to Which Information is Passed]
5) If physically disconnecting the connections relating to network management to avoid the aforementioned inconveniences 1) to 4), when management is required such as at the time of emergency maintenance of the network as a whole or establishment or deletion of communication paths exceeding the management area, the work of connecting and disconnecting the management network or reconfiguring the management network becomes necessary. This runs counter to the objective of combining a plurality of groups into a single network.
In actuality, this will be explained with reference to the example of FIG. 1. The supervisory apparatus 10 of the branch A is connected to the network element R-F. The branch A tries to supervise its own management area from this R-F. Therefore, the R-A, R-B, R-C, R-D, R-E, and R-F covered by management by the branch A are registered at the authorized side in the access authorization list illustrated in the above Table 1. Therefore, access from elements other than what the branch A has authorized is prohibited. However, when R-F tries to access information of R-A, no particular consideration is given to route calculation and route selection, so the following route may be considered.
R-F→R-1→R-2→R-3→R-A
If passing through the network elements (R-E, R-D . . . ) in the management area of the branch A, it is necessary to go through five network elements. On the other hand, if passing through the area of the branch B, it is only necessary to go through three network elements (R-1, R-2, and R-3).
Further, as a basic operation, access authorization lists are held by each of the network elements. Operators are required to register the network elements being managed, on one hand, as authorized network elements and, on the other hand, as the unauthorized network elements. Therefore, if the number of network elements managed increases, the trouble (the amount of work) involved for the registration, updating, and deletion will also increase. This trouble becomes an inconvenience to be overcome in the prior art.
Patent Literature 1: Japanese Laid-Open Patent Publication No. 2006-074307