The VPN is a network which constructs logical groups on a public network such as the INTERNET, wherein the logical groups are mutually closed.
Generally, the public network such as the INTERNET is connected by the non-specific masses. Therefore, there is a security problem that it is not possible to avoid a dishonest access by a third party, because principally it is not possible that only specific users telecommunicate each other.
Therefore, recently the VPN technique has received more attention. According to the VPN technique, a dedicated line is virtually constructed on the INTERNET by considering a counterplan of the security of end to end, and, the dedicated line is used as a mainstay between LAN and LAN (Local Area Network).
Concretely, in the prior art of the VPN, a security is carried out by an encryption of data between end and end, an authentication of a user and a control of an access, then a closed group is provided by connected specific points via the INTERNET.
By constructing VPN on the public network, it is possible for only specific users to communicate with each other, and it is possible to use the INTERNET as a dedicated line.
However, because of its specification, the prior VPN does not assure network resources such as a bandwidth.
Namely, the prior VPN is different from an original dedicated line in that the bandwidth is variable by an influence of other traffic and that it is difficult to predict its telecommunication characteristics.
On the other hand, an RSVP technique is known. Wherein, the RSVP is a resource reservation protocol which attaches importance to a QoS (Quality of Service: bandwidth, delay, flicker).
Concretely, as shown in FIG. 7, all host terminals 201 in the specific LAN 200A and 200B connected with the INTERNET 100 and all routers 300A, 300B and 300C between LAN 200A and 200B must support the RSVP in each application as a unit. In FIG. 7, a mark R indicates a support of RSVP.
Therefore, by the RSVP in each application, the user requests a network resource which satisfies a specific service quality for example a specific bandwidth to the network, then the user assures it.
Namely, in the prior art, the network resource has been reserved between end and end in each application as a unit by the RSVP.
By the way, as shown in FIG. 1, if the routers 300A, 300B and 300C only support the RSVP in each application, an application on the RSVP cannot be connected with both LAN 200A and 200B, because the application is terminated by the routers 300A and 300B at both ends.
In a case of intending to assure the bandwidth of the VPN by combining prior art VPN with the RSVP, there are following problems (1) and (2).
(1) Since the network resources are assured by RSVP between end and end, all hosts connected to VPN must support RSVP. PA0 (2) In the present utilization of VPN, a management in each host or sub-network as a unit is recommended than each application. In such case, an assurance of the bandwidth in each application is not proper. Wherein, the sub-network is a network which is made by further dividing a host part of the IP address into a network part and host part. For example, the LAN 200A or LAN 200B in FIGS. 7 and 8 is divided into sub-networks.
An object of the present invention is to provide a method for constructing a VPN which assures a bandwidth in each host or in each sub-network as a unit.