1. Field of the Invention
The present invention relates to a gateway apparatus, a packet forwarding method, and a program for rewriting and forwarding data in a packet flowing on a TIP connection between terminals.
2. Description of Related At
A mechanism for rewriting an application header (hereinafter referred to as an AP header) is widely used in a gateway for forwarding a message sent and received between a client and a server.
For example, according to the SIP, when a client connected to a private network sends a message to a server provided in a global network, an AP header is rewritten in the gateway. According to the SIP, the IP address of the client is contained in the AP header of a message to be sent by the client, and the server sends the message to the client using the IP address as the destination address. If the IP address contained in the message sent to the server by the client remains the private address as is, the message transmission fails. Therefore, as described above, the gateway converts the IP address contained in the AP header of the message sent by the client to the global address.
Alternatively, in order to achieve the use of the multi-tenant server (a use mode of securely sharing a single server among a plurality of client groups (tenant) as if the server is the tenant-dedicated server), the gateway may rewrite the AP header of a message.
For example, the Japanese Patent Laid Open Publication No. 2004-30309 discloses a method for a gateway to perform AP header rewriting to allow a multi-tenant to use a Web cache server when the gateway forwards a message. The gateway forcibly inserts the identifier of a tenant to which the client belongs into a destination URL contained in the AP header of an HTTP message which the client sends to the Web cache server. By doing so, a cache is accumulated in the Web cache server by the URI with the tenant identifier, as well as cache access is performed by the URI with the tenant identifier. Accordingly, the cache can be viewed only by the clients belonging to the same tenant, and thereby a single Web cache server can be securely shared among a plurality of tenants.
Moreover, the Japanese Patent Laid Open Publication No. 2007-157085 discloses a method for a gateway to perform AP header rewriting to allow a multi-tenant to use a SIP server when the gateway transfers a message. The gateway forcibly inserts the identifier of a tenant to which the client belongs into the source URI and the destination URI contained in the AP header of the SIP message which the client sends to the SIP server. By doing so, client information is accumulated in the SIP server by the URI with the tenant identifier, as well as client information access is performed by the URI with the tenant identifier. Accordingly, the client information can be viewed only by the clients in the same tenant, and thereby a single SIP server can be securely shared among a plurality of tenants.
As described above, when a message is sent and received between the client and the server, the gateway may rewrite the AP header of the message before transfer. If the packet size is changed due to the AP header rewriting, the size of a packet at the time when the client or the server sent the packet may differ from the size of the packet at the time when the server or the client received the packet. For this reason, if TCP is used as a protocol of the transport layer and the gateway transfers a packet to the server or the client as is without rewriting the sequence number (hereinafter referred to as Seq#) and the acknowledgement number (hereinafter referred to as Ack#) of a packet received from the client or the server, the server and the client cannot properly know packet loss from the Seq# and the Ack#. Therefore, if the packet size is changed due to the AP header rewriting, the gateway performs the termination process of the TCP connection.
On the contrary, if the gateway does not rewrite the AP header, or the packet size is not changed due to the AP header rewriting, the gateway does not perform the termination process of the TCP connection so as to be relieved from the processing load thereof. An example of such a technique is disclosed in the Japanese Patent No. 3642305. According to the technique disclosed therein, an exchange is provided as a switching device between the client and the server, and a TCP connection established between the client and the exchange and a TCP connection established between the exchange and the server are unified into one connection. Then, each of the client and the server performs packet retransmission and flow control by the TCP, eliminating the need for the exchange to perform retransmission control and flow control about the TCP connection. More specifically, assuming that an initial Seq# of the client is SC and an initial Seq# of the exchange is SU at the time when a TCP connection is established between the client and the exchange; and an initial Seq# of the server is SS and an initial Seq# of the exchange is SV at the time when a TCP connection is established between the server and the exchange, the Seq/Ack# is rewritten as follows. First, the Seq# of the packet sent from the server to the client is rewritten to “Seq#+SU−SS in the packet”, and the Ack# is rewritten to “Ack#+SC−SV in the packet”. In addition, the Seq# of the packet sent from the client to the server is rewritten to “Seq#+SV−SC in the packet”, and the Ack# is rewritten to “Ack#+S−SU in the packet”.