JP2000156710A - Ip address converter - Google Patents

Abstract

PROBLEM TO BE SOLVED: To attain communication between networks in which a same number is used for private IP addresses, without revision of the private IP address in an address converter by which communication between the networks using the private IP addresses is attained. SOLUTION: When communication is made between networks that respectively contain terminals to each of which a private IP address is given, an IP address converter 10 is provided between the networks where communication is conducted, and when the network number of a sender IP address of the header part of datagrams 30-1, to 30-4 is the same as a network number used by a destination network, the network number of the sender IP address is converted into a network number which is not used by the destination network, and the data gram is transmitted.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

[0001] 1. Field of the Invention [0002] The present invention relates to an address translator that enables communication between networks using private IP addresses.

[0002] IP addresses used for Internet communication are managed internationally, and when performing Internet communication, an international organization that centrally manages IP addresses or a management organization commissioned by the organization ( In the case of Japan, the Japan Network Information Center JPNIC or a provider approved as its agent) will provide a unique I
P address (also called the official IP address,
Global IP addresses) and domain names. Therefore, unless a global IP address is obtained, Internet communication cannot be performed, and communication must not be performed.

On the other hand, a network such as a LAN (local area network) that does not perform Internet communication has an arbitrary IP address (hereinafter referred to as a global IP address).
An IP address other than the P address is referred to as an unofficial IP address). However, the Internet technology standardization organization IETF (InternationalEng)
RFC (Request) published by the ineering Task Force
For Comments), in order to prevent a problem from occurring when a terminal using an unofficial IP address makes an incorrect connection to the Internet, a specific IP address that can be identified as not a global IP address in a LAN that does not have an Internet connection It is recommended to use an IP address having a number (a kind of unofficial address, but hereinafter referred to as a private IP address) (details will be described later).

On the other hand, with the rapid increase of Internet communication in recent years, there has been a concern that global IP addresses will be depleted. Therefore, global networks for companies and local governments that require a large number of IP addresses have There has been a situation where IP addresses cannot be distributed sufficiently. In order to cope with such a shortage of global IP addresses, private IP addresses (or unofficial IP addresses) are used inside a LAN in companies and the like.
In general, a method of using a global IP address when performing Internet communication with an external network using the Internet is being used.

However, with the rapid increase of LANs (private networks) and the spread of Internet communications, private I / Os are assumed only for connections within LANs.
Increasingly, it is desired to connect a LAN constructed using a P address to another network similarly constructed using a private IP address. In this case, there are the following problems. Private I mentioned above
In the P address, the network number portion that is a part of the address is fixed to a specific number, and the range of numbers that can be used as a private IP address is relatively narrow.
It is highly likely that the same private IP address is used in different networks. When directly connecting networks that may be using the same private IP address without going through the global Internet, configure settings such as the private IP address assigned to each terminal and the servers involved in the address. It is desirable not to change the content. Under such circumstances, it is desired to realize an IP address translator that can connect different networks independently using private IP addresses without changing the environment of each network that is already operating. It is rare.

[0006]

2. Description of the Related Art (1) Configuration of IP Address As is well known, an IP address in Internet communication using a TCP / IP protocol is composed of an address portion for identifying a network (hereinafter, referred to as a network number), and the network. It consists of 32 bits consisting of an address part (hereinafter, referred to as a host number) for identifying each host (terminal) in the server. But,
While corporate networks include large-scale networks with a large number of internal hosts, many have individual networks (local networks) with a small number of hosts but many networks (local networks) in a wide area. For,
The number of digits of the network number varies depending on the size and configuration of the network. The "class" indicates how many digits are used for the network number in the network.

FIG. 16A shows the configuration of the IP address of each class. As shown in FIG. 16, in the class A, the first bit is "0" and the subsequent 7 bits are the network number (others). The network number is NW
The remaining 24 bits are the host number. The numbers in parentheses in FIG. 16 indicate the number of bits used for the network number and the host number. Class B is the first 2
The bits are "10" in binary, the following 14 bits are the network number, and the first three bits of class C are "11" in binary.
In the case of "1", the following 21 bits are the network number. In addition to this, there is a class D and the like, but illustration is omitted.

[0008] As shown in FIG.
Although 4 bits can be used for the host number, in reality, the host number is rarely assigned to the terminals in the network, and the network is usually hierarchized. The hierarchized network is called a sub-network (hereinafter, referred to as “subnet”), and a portion of the IP address assigned to each subnet is called a subnet number. The subnet number uses a part of the host number, and the relationship with the host number is shown in (1) of FIG. The number of subnets and the number of bits of the subnet number assigned to each subnet are optional, but the subnet number is
As described in (1), it is most common to allocate the data in units of 8 bits.

A 32-bit IP address is conventionally displayed in four decimal numbers, divided into eight bits (hereinafter, each of the four decimal numbers, that is, an 8-bit unit number is referred to as a "digit"). However, the numerical value of the bit indicating the class is displayed in decimal together with the network number in the first 8 bits. According to this display method, the range of the numbers used for the IP addresses of each class has a value as shown in (2) of FIG. The digits are in the range of "0 to 127" in decimal (actually usable are "0 to 126") (hereinafter, the numerical value of each digit is described in decimal unless otherwise specified).

[0010] In class B, the first two bits are "1" in binary.
0 ”, the first digit is in the range“ 128-191 ”
Becomes The same applies to class C. However, the first digit is used because there are class D (the first 4 bits are binary "1110") and class E (the first 5 bits are binary "11110"). The range of numbers that can be used for
5 "instead of" 192-223 ". The range of numerical values that can be used for the network number or the host number (subnet number) of three digits other than the first digit is "0 to 255". The IP address of each class is expressed in decimal as "10.HHH" (example of class A) as shown on the right side of FIG. so,
It is actually represented by a number from 0 to 255). Therefore, the class of the IP address can be identified by the numerical value of the first digit.

The above IP address configuration is the same for both official and unofficial IP addresses.
The ETF's published RFC 1597 recommends the use of private IP addresses that can be identified as not global IP addresses. FIG. 17 shows the numerical values of the private IP address specified in RFC 1597. As shown in the figure, the usable numerical value range of the private IP address is defined for the hatched portion. For example, class A private IP
The first eight digits of the address are limited to "10" (decimal number), and the numbers used for the first digit and the next digit are limited in class B and class C. In the case of class C, the first two digits are each limited to one numerical value, so that there are only 256 network numbers and 256 host numbers that can be used arbitrarily.

The probability that the same address is used in different networks is greatly influenced by the number of hosts in the network, so that it cannot be said that any class is high. Because of the existence, the selection range is narrowed, so that the probability that the same address is used in different networks in the private IP address is increased. Therefore, when communication is performed on two networks to which private IP addresses are uniquely assigned, it is necessary to assume that the same address exists in both networks.

(2) Internet Connection Method of Terminal Using Private IP Address Next, a conventional technique for connecting terminals belonging to two networks using a private IP address will be described. In the prior art, when a network using a private IP address communicates with another network, a connection method is established via the global Internet. This method is disclosed in
Although described in Japanese Patent Application Laid-Open No. 233112, the connection method of the related art will be described below using an example in which one terminal described in the Japanese Patent Application Publication is a terminal (including a server) having a global IP address. I do.

FIG. 18 is a block diagram of the internetwork environment described in FIG. 1 in the above publication, in which the contents of the publication are summarized and added. The “official IP address” in the publication is the same as the “global IP address” described in the present specification, but in the description of FIG. Write. In addition, the “unofficial IP address” described in the publication is the same as the “unofficial IP address” (which has a wider range than the private IP address) in this specification, so that it is used as it is.

Now, the private network shown in FIG.
Each of the terminals 225 in the terminal 202 (each terminal is described as terminal A, etc.) is assigned only an unofficial IP address. Hereinafter, it is assumed that connection is made to the server S).

Since the terminal A of the transmission source knows the domain name of the transmission destination, the domain name of the server S (“ftp.out.c
o.jp ") as the destination address. A router 224 (hereinafter referred to as a router K) to which the terminal A is connected is connected to a terminal (hereinafter referred to as a router N) provided in the internetwork 201 through a known method by a terminal having the domain name (hereinafter referred to as a router N). A query is made to the internetwork 201 for the IP address of the server (including the server). As a result, the official IP address of the server S having the domain name ("150.96.10.1") is returned from the internetwork 201 side.

Here, assuming that there is no address translator 204 and the router N notifies the terminal A of this official IP address "150.96.10.1" via the router K, the terminal A will thereafter transmit This IP address is set as the destination address of the transmission. However, in the example shown in the figure, since the terminal B in the private network 202 has an unofficial IP address having exactly the same number as the IP-D, if the terminal A sets "150.96.10.1" as the transmission destination address, May be transmitted to the terminal B.

In order not to cause such a situation,
At 18, an address conversion is performed by an address conversion device 204 provided between the private network 202 and the router N. The address translator 204, upon receiving an IP packet having the destination address of the domain name of the server S from the terminal A, inquires the IP address of the server S to the internetwork 201 side, and as a private network address of the server S, Valid only within 202 and private network 20
2 An unofficial IP address not currently used within
9.99.30.1 "and abbreviated as" IP-C ") to notify terminal A. Thereafter, the terminal A sets the unofficial IP address “IP-C” as the destination IP address and transmits the packet.

Next, in response to the above inquiry, the internetwork 201 side obtains the official IP address “150.
96.10.1 ”(hereinafter abbreviated as“ IP-D ”), the address translator 204 sends the official IP address“ I
"P-D" and the unofficial IP address "IP-C" are stored in association with each other, and the destination address "IP-C" of the packet transmitted from the terminal A is converted into "IP-D". It is sent to the internetwork 201 side.

On the other hand, since the terminal A is given an unofficial IP address ("154.100.10.1" and abbreviated as "IP-A"), the "IP-A" Is set. Internetwork20
Since an unofficial IP address is not accepted for 1, the address translator 204 obtains the official IP address ("150.47.1.1" and abbreviated as "IP-E") for the terminal A by a known method, The correspondence between “IP-A” and “IP-E” is stored. Thereafter, “IP-A” set as the source IP address of the packet transmitted from terminal A is changed to “I
To "PE" and transmit.

When a packet is transmitted from the server S to the terminal A, the official IP of the terminal A is used as the destination IP address.
Set the address "IP-E", but use the address translator
204 converts the destination address “IP-E” of the packet received from the server S into “IP-A” and converts
Send to network 202. Therefore, private
The official IP address "IP
Terminal 225 having an unofficial IP address with the same number as “-E”
Does not transmit a packet to the terminal.

(3) IP Address Conversion Method The conventional address conversion technology when a terminal in a network using a private IP address (private network) makes an Internet connection has been described above mainly in connection procedures. Next, an address conversion method according to the related art will be described.

In the above example, an address translation device is provided to perform the address translation.
There is generally known a method of performing address conversion by incorporating a technique called P masquerade (or multi-NAT) in a router or a firewall server.

NAT: First, NAT (Network Ad
dress Translation). NAT is RF
This function converts a private IP address and a global IP address using the address conversion method defined in C1631. Many low-cost routers have the NAT function as one feature. FIG. 19 is a diagram for explaining the NAT function, and shows a model of a network configuration and a usage form of an IP address. In FIG. 19, each of a plurality of terminals 321 (terminal A, etc. when pointing to a specific terminal) connected to a private network (hereinafter, referred to as LAN) 320 has a private terminal It is assumed that an IP address has been assigned.

In such a configuration, the private IP address “10.1.1.10” connected to the LAN 320
When performing Internet communication (specifically, connection to a terminal in another network not shown via the global network 380) from the terminal A having
Obtains, for example, "20.1.1.10" as a global IP address used on the Internet side via the router 310.

Although the router 310 has a built-in NAT function, the terminal A uses the NAT function in the router 310 to send a private IP address “1” to the Internet side.
0.1.1.10 "is the global IP address" 20.1.1.10
And the packet having the global IP address “20.1.1.10” of the destination address sent from the Internet side is sent to the private I / O by the NAT function.
It is converted to the P address “10.1.1.10” and sent to the terminal A. Therefore, in this example, the global IP address “20.1.1.10” and the private IP address “10.1.
1.10 "is the corresponding form used. The IP address conversion method described with reference to FIG. 18 can be considered to be a method using NAT.

The method of giving a global IP address at the time of connection and making an Internet connection is called a terminal-type dial-up IP connection service or the like. In this method, only the terminal making the connection is a global IP address.
Since the address is used, one global IP address can be commonly used by a plurality of terminals 321 in the LAN. However, the number of global IP addresses that one LAN 320 can use at the same time is determined in advance by a contract with JPNIC or its agent (provider or the like), so that more terminals cannot access the Internet at the same time. Also, since the global IP address is shared by a plurality of terminals 221, it is not possible to set a global IP address (for example, “20.1.1.10”) as the destination address from the Internet side and specify a specific terminal in the LAN 320. .

IP Masquerade (Multi NAT):
Next, IP masquerade (also called multi-NAT) will be described. IP masquerade is also similar to NAT, but NAT translates between a private IP address and a global IP address, that is, translates only the IP address portion, whereas IP masquerade performs address translation using a port number. As is well known, an IP address is located at the third layer in the OSI reference model, and a destination address and a source address are set in an IP header defined by RFC791. On the other hand, the port is assigned to the application corresponding to the fifth layer, which is the highest level of the OSI reference model, and the port number is assigned to the IP layer (third layer).
This is set by the TCP protocol located in the fourth layer, which is higher than the layer. Therefore, the port number is not set in the IP header. Port numbers are assigned locally by each host (terminal), but specific port numbers are fixedly fixed for port numbers used for application services that cannot be processed first without knowing them in advance. Have been.

FIGS. 20 and 21 are diagrams for explaining IP masquerade. FIG. 20 shows a network configuration and a model of the use form of IP addresses. FIG. 21 shows an example of correspondence between private IP addresses and global IP addresses. ing. In the example of FIG. 20, a private network (LAN
Each of a plurality of terminals 421 (indicating a specific terminal, such as terminal A) connected to 420 is assigned a private IP address as shown in the figure. In the same figure, port numbers used for some of the applications used in each terminal 421 are described. Since port numbers are assigned corresponding to applications, it is common to set multiple port numbers for one terminal.
In the figure, the port number "23" fixedly assigned to Telnet which is a kind of application is used for all terminals 421, and the terminal E is fixedly assigned to FTP (File Transfer Protocol) for terminal E. An example in which “21” is used in combination is shown.

In the IP masquerade, one (or a predetermined number) global IP address is shared by a plurality of terminals 421, but a port number by which the terminal can be identified is set on the global IP address side. For example, terminal A to terminal E
When connecting to the Internet,
“20.1.1.10” is assigned as the P address, and an individual port number is assigned to each combination of the private IP address of each terminal 421 and a port number (corresponding to the type of application). FIG. 21 shows an example of correspondence between a private IP address including a port number and a global IP address. In this example, when Telnet is used as an application, "100" is assigned to terminal A and "101" is assigned to terminal B as Internet-side port numbers.
"104" is similarly assigned to the terminal E. If FTP is also used as an application like the terminal E, for example, the port number "Telnet (port number" 23 "on the terminal side) A port number "105" is assigned to 104 "and FTP (port number" 21 "on the terminal side).

[0031]

As described above, in the prior art, a private IP address is converted into a global IP address when a plurality of terminals each having a private IP address are connected to each other. Is there a way to connect via the Internet (global network), and for that, it is necessary to obtain the necessary number of global IP addresses so that the Internet connection can be made, and the accompanying procedures (Contract) and cost.

Even if the above procedure is performed, if NAT is used for address translation, private IP
Address and global IP address are converted on a one-to-one basis.
If only the P address can be used, there is a restriction that only one terminal can communicate with the Internet via the router. When using IP masquerade for address translation, combine IP address and port number
Since the conversion of n is performed, even when only one global IP address can be used on the Internet side, a plurality of terminals can communicate simultaneously via a router. However, even if the Internet attempts to associate a plurality of port numbers used by each of the plurality of terminals only with the port numbers, there is a limit on the number of port numbers.

In both NAT and IP masquerade, since global IP addresses and port numbers are dynamically assigned at the time of connection, terminals cannot be designated from the Internet side, and connection between the global Internet and private networks is not possible. Was a one-way street where you could connect from the private network but not from the Internet. Also,
At the time of address conversion, since the entire private IP address is converted to a global IP address, it is necessary to manage all digits of the private IP address, so that the size of the address conversion table increases and the amount of address conversion processing increases. There was a problem of becoming.

For this reason, when communication is performed between networks to which a plurality of terminals each having a private IP address are connected, the private IP address is changed even if the same private IP address is used in two networks. Therefore, there is a need for an address translation device that can perform communication without using a global Internet and can mutually connect networks without going through the global Internet and that does not require a large-scale address translation table.

It is an object of the present invention to provide an IP address conversion apparatus which enables communication between networks using the same private IP address without changing the private IP address.

[0036]

FIG. 1 is a diagram showing the basic configuration of an IP address translator according to the present invention, which also serves as an explanatory diagram of the operation principle of the present invention. In the figure, reference numeral 20 denotes a network accommodating a terminal to which a private IP address is assigned, 21 denotes a terminal accommodated in the network 20, 10 denotes an IP address converter installed between the networks 20 in which communication is performed, 30 _-1 -30 to _-4 are IP datagrams (IP datagrams are collectively referred to as IP datagrams 30), 31 and
32 is a part of the header part of the IP datagram 30,
31 is the source IP address, 32 is the destination IP address, 40
Is a server for converting a domain name and an IP address (referred to as a domain name server).

Numerals 11 to 13 denote means provided in the IP address translator 10, and 11 records network numbers including subnet numbers of private IP addresses used in the two networks used for communication, and includes network numbers. Is a network number management means for recording the correspondence between the network numbers before and after the conversion when the conversion is performed.

Reference numeral 12 denotes a source IP address 31 set in the header of the received IP datagram 30 when the IP datagram 30 transmitted from one of the networks 20 to the other network 20 is received. And the network number in the transmission destination IP address 32 is compared with the network number recorded in the network number management means 11, and the same network number as the network number in the transmission source IP address 31 is transmitted to the network number management means 11. If recorded as the network number used in the network, the received IP datagram 30
The network number in the source IP address 31 is converted to a network number that is not used in the destination network 20, and the network numbers before and after the conversion are recorded in the network number management means 11 in association with each other. If the same network number as the network number in the address 32 has been recorded as the converted network number in the network number management means 11, the received network number in the destination IP address 32 is referred to as the converted network number. This is an IP address conversion means for transmitting the IP datagram 30 to the destination network after converting it to the corresponding network number before conversion and recorded.

Reference numeral 13 denotes a domain name server 40 which can retrieve a private IP address from a domain name when a domain name of a terminal 21 in another network 20 is input from a terminal 21 in one network 20 as a destination address. When the domain name server 40 answers the private IP address of the destination terminal 21, the same network number as the private IP address of the answered destination terminal 21 is transmitted. The network number management means 11 confirms whether or not the original terminal 21 is used in the network 20 in which the terminal 21 is accommodated. If the same network number is used, the private IP address returned from the domain name server 40 The terminal 21 of the transmission source of the network number is accommodated. Network number management means by converting to a network number not used in the network and associating the network numbers before and after the conversion
11 is a domain information conversion unit that records the converted private IP address to the terminal 21 of the transmission source.

Next, the operation of the IP address translator according to the present invention will be described by taking as an example a case where communication is performed from a terminal 21 in one network 20 to a terminal 21 in another network 20 in FIG. However, hereinafter, the transmitting network 20 and the terminal 21 are referred to as a network P and a terminal A, and the transmitting networks 20 and 21 are referred to as a network Q and a terminal B, respectively. Since neither of the networks 20 in FIG. 1 is assumed to perform Internet communication, only a private IP address is assigned as an IP address to the terminals A and B accommodated in the two networks 20, respectively. Hereinafter, the IP address of the terminal A is described as “A”, and the IP address of the terminal B is described as “B”. Further, in Internet communication, it is general that the transmission source transmits using the domain name of the transmission destination, but the domain name of the terminal B is described as “b”.

When the terminal A transmits to the terminal B, the transmission is first started by using the domain name "b" of the terminal B. In the configuration of FIG. 1, the domain name is an IP address translator.
Upon receipt of the domain name, the domain information conversion means 13 of the IP address conversion device 10 queries the domain name server 40 for the IP address of the terminal having the domain name "b". The domain name server 40 is often provided in a network in which terminals having the domain name are accommodated. The IP address conversion device 10 is notified that the address is “B”. Since this notification is a response to the inquiry, it is notified not in the form of address information but in the form of data.

When receiving the IP address “B”, the domain information conversion means 13 of the IP address conversion apparatus 10 sends the same network number as the network number in the IP address “B” via the network number management means 11 to the inquiry source (transmission It is confirmed whether or not it is used in the original) network P. In this example, since the IP address translation device 10 is installed between the network P and the network Q, the network number management means 11 in the IP address translation device 10 stores the network numbers used in the networks P and Q. are doing. As described above, private IP is used in the network P and the network Q.
Since only the address is used, the same network number may be used. However, it is confirmed that the same network number as the network number in the IP address “B” is used in the network P. In this case, the domain information conversion means 13 searches for a network number not used in the network P via the network number management means 11.

As a result, when a network number that is not used in the network P is obtained, a new IP address is created by replacing the network number in the IP address “B” with the obtained network number (new I
P address is "D"), and this IP address "D"
To the terminal A, and stores the network number before conversion in the IP address “B” and the network number after conversion in the network number management means 11 in association with each other. The terminal A notified of the IP address “D” understands that the IP address of the terminal having the domain name “b” is “D”, and thereafter transmits an IP datagram to the terminal B.
The destination IP address 32 of the 30 _-1 and transmits the set "D". Therefore, even if a terminal having the same private IP address as the IP address “B” exists in the network P, the IP datagram 30 transmitted from the terminal A
Is not transmitted to the terminals in the own network P.

The terminals 30 _-1 to 30 _-4 shown in FIG.
4 shows IP datagrams transmitted and received between the terminal B and the terminal B. Although the transmission direction of the IP datagram 30 is shown by an arrow, the IP address of the transmission source is described in the part 31 described at the head of the transmission direction, and the IP address of the transmission destination is described in the part 32. I have. The source IP address 31 and the destination IP address 32 correspond to the header (IP
Although described as a header, the detailed description is omitted).

As described above, the terminal A that understands the destination IP address as "D" transmits necessary information by IP datagram _30-1 . In this example, the source IP address 31
Is the IP address “A” of the terminal A and the destination IP address 32
Is set to the converted IP address “D” of terminal B,
It is sent to the IP address translator 10. In FIG. 1, for ease of explanation, the route through which the domain name is sent and the route through which the IP datagram 30 is transmitted / received are described separately or are actually the same.

When receiving the IP datagram _30-1 , the IP address conversion means 12 of the IP address conversion device 10 sets the same network number as the network number in the IP address “A” in the transmission source IP address 31 as the transmission destination. Whether it is used in the network Q or not is confirmed via the network number management means 11. If the same network number has been used, a network number not used in the network Q is confirmed in the same manner as in the domain information conversion means 13, and the network number in the IP address "A" is replaced with this. . It is assumed that the IP address of the terminal A whose network number part has been converted is “C”. The IP address conversion means 12 converts the source IP address "A" in the received IP datagram _30-1 into "C", and the network number before conversion and the converted network number in the IP address "A". The numbers are stored in the network number management means 11 in association with each other.

Next, the IP address conversion means 12 checks the IP address of the transmission destination. IP datagram 30
“D” is set in the destination IP address 32 of ₋₁ , but since the IP address “D” does not exist in the network Q, it must be changed to a regular IP address. Therefore, the IP address conversion means 12 checks whether or not the same number as the network number in the IP address “D” is stored in the place where the network number before and after the conversion is stored in the network number management means 11.

As described above, in this example, when obtaining the IP address from the domain name "b", the IP address "B"
Is converted to the network number used in the IP address “D”. At this time, since the network number in the IP address “D” is stored in the storage as the converted network number, it is necessary to obtain the stored network number corresponding to the network number in “D” before conversion. Can be. IP address "D"
The IP address obtained by replacing the network number in the IP address with the network number before the conversion becomes the legitimate IP address “B” of the terminal B.
Set to P address 32. As a result, as shown in FIG. 1, the source IP address 31 is “C” and the destination IP address is
An IP datagram _{30-2 in} which 32 is "B" is transmitted.

IP datagram 30 from terminal A_-2Receive
After that, terminal B side sends some IP data to terminal A.
Datagram is usually returned,
B uses “C” as the IP address of the terminal A that is the destination
And set the source IP address to your regular IP address.
Address "B" and send. IP datagram 30 _-3
Indicates this IP datagram. Network Q
In the I, the same number as “C” (especially the network number)
Since there is no terminal with P address, network
A terminal with the same IP address as “A” exists in Q
Even IP datagram 30_-3Is a terminal in network Q
Will not be sent to

The IP address conversion of the IP address translator 10
The exchange means 12 outputs the IP datagram 30 _-3Is received, I
Replace the network number part of P address "B"
Converted to IP address "D" and converted to source IP address 31
Set. Also, the network of the destination IP address “C”
IP address "A"
Set to the destination IP address 32. IP datagram 30_-Four
Is “D” as the source IP address 31 and the destination IP address
Indicates an IP datagram with "A" set as the address 32
are doing. As shown, this IP datagram 30_-FourIs sent
Since the destination IP address 31 has been converted to "A",
It is sent to end A correctly. Also, if the source IP address is
"D", so the same IP address as terminal B
Even if the terminal having the terminal exists in the network P, the terminal
A is the IP datagram 30_-FourIs the end in the network P
It does not judge that it was sent from the end.

As described above, according to the present invention, terminals having private IP addresses can be connected to each other without going through the global Internet. Further, since there is no need to acquire a global IP address, the number of simultaneous communications between networks is not limited by the number of acquired global IP addresses. In addition, since the connection can be performed by specifying the partner terminal from either network, the communication direction is private I / O, such as communication via the global Internet.
The present invention is not limited to one-way traffic from the network using the P address.

Further, even if a terminal having the same private IP address exists in two networks accommodating a terminal having a private IP address, the private IP
To convert the network number part of the address, the same private IP as the destination in the source network
Even if there is a terminal with an address, it is not accidentally connected. For this reason, it is possible to connect between networks using private IP addresses without changing the environment of a network that is already operating, such as changing the private IP address.

Further, since the conversion of the private IP address is performed by managing only the network number portion, there is no need to provide a large-scale conversion table for the IP address conversion.

[0054]

DESCRIPTION OF THE DRAWINGS FIG.
Is a hardware configuration diagram of the embodiment of the present invention, FIGS. 3 and 4 are functional configuration diagrams of the embodiment of the present invention, and FIG.
FIG. 6 is a flow chart of a domain information conversion process according to the embodiment of the present invention, FIG. 7 is a diagram of a network configuration according to the embodiment of the present invention, and FIGS. 10 is a flowchart of network number information update processing according to the embodiment of the present invention; FIGS. 11 to 13 are diagrams of installation form of the IP address translator according to the embodiment of the present invention; FIGS.
FIG. 5 is a flowchart of the IP address conversion necessity determination process according to the embodiment of the present invention.

Throughout the drawings, the same reference numerals indicate the same object, 10 is an IP address conversion device, 11 to 19 are provided in the IP address conversion device 10, 11 is a network number management unit, and 12 is an IP address conversion process. Unit, 13 is a domain information conversion processing unit, 14 is a processor (hereinafter, referred to as CPU), 15
Is a memory (MEM), 16 is a processing unit, 17 is a line interface unit, 18 is a line control unit, and 19 is a bus.

Also, 20 is a network using a private IP address, 30 _-1 to 30 _-4 are IP datagrams,
31 is the source IP address, 32 is the destination IP address, 40
Is a domain name server (DNS), 50 _-1 to 50 _-4 are domain name information packets, 111 and 112 are tables provided in the network number management unit 11, 111 is a network number management table, and 112 is a number conversion record It is a table.

[Configuration of IP Address Translating Apparatus of Embodiment]
First, an embodiment of the hardware configuration of the IP address translator according to the present invention will be described with reference to FIG. IP of the present invention
Although the address translation device is basically provided between two networks for connection, the IP address translation device 10 of FIG. 2 is also connected to two networks 20 (one at the transmission source and the other at the transmission destination) via the line interface unit 17. Is shown in the figure. The line interface unit 17 is connected to a bus 19 via a line control unit 18, and the bus 19 is connected to the CPU 14, the memory 15, and the processing unit 16.

The memory 15 is provided with a network number management section 11 for storing information for managing network numbers. The processing unit 16 stores the procedures of various processes performed in the IP address translator 10, and is specifically configured by a hard disk or the like. The processing unit 16 includes an IP address conversion processing unit 12 and a domain information conversion processing unit.
13 is provided, a procedure for performing an IP address conversion process is set in the former, and a procedure for performing a domain information conversion process is set in the latter.

When the CPU 14 receives an IP datagram or the like from one of the networks 20 (transmission source network) via the line interface unit 17 and the line control unit 18, it accesses the processing unit 16 to access the IP address conversion processing unit 12 or Read the necessary procedure from the domain information conversion processing unit 13,
After performing processing by referring to the network number information stored in the network number management unit 11 in the memory 15 according to the procedure instructed there, it converts the IP address of the received IP datagram and The network number is transmitted to the network, and the information of the changed network number is stored in the network number management unit 11.

FIGS. 3 and 4 show the configuration of the IP address translation device 10 shown in FIG. 2 in functional units. FIG. 3 shows the functional parts related to the IP address translation processing unit 12,
FIG. 4 mainly describes functional parts related to the domain information conversion processing unit 13. 3 and 4 both show an example in which the IP address translator 10 is provided between two networks 20 (each network is referred to as a network P and a network Q). 3 and 4 show FIG.
As a specific configuration of the network number management unit 11 shown in FIG.
Two number conversion record tables 112 are shown. Each of these is provided corresponding to the network P or Q. In the drawings and the following description, if it is necessary to clarify which network information is stored in the table, the table name is used. (P) or (Q).

Network number management table (P) 111
Contains the private I used in the network P
The network number in the P address is stored. The network number management table (Q) 111 stores the network number in the private IP address used in the network P. The number conversion record table (P) 112 and the number conversion record table (Q) 112 contain, when a network number of a private IP address used in the network P or Q is converted to another network number, before and after the conversion. A network number is stored correspondingly.

[Function and operation of the IP address translator of the embodiment] Next, the function and operation of the IP address translator 10 will be described. The operation of each part of the hardware configuration shown in FIG. Therefore, the operation of the hardware will not be described below, and will be described with reference to the functional configuration diagrams of FIGS. 3 and 4 and the processing flowcharts of FIGS. 5 and 6. Although terminals in the networks P and Q in FIGS. 3 and 4 are all assigned private IP addresses, terminals in the networks P and Q to which identical private IP addresses are assigned It will be described as being present.

The domain information conversion processing function of the IP address conversion apparatus 10 will be described first with reference to FIGS. 4 and 6 in accordance with the order in which the processing is performed.
S36 are the numbers of the processing steps in FIG. 6 corresponding to the description contents.

In FIG. 4, the terminal 21 in the network P
(Hereinafter, described as terminal A, the IP address of terminal A is represented by A. The same applies to FIG. 3) to terminal 21 in network Q (hereinafter, described as terminal B, and the IP address of terminal B is represented by B). In the case of transmitting a packet to the other party, the sender usually uses the domain name of the partner terminal B (the domain name of the terminal B is represented by b) as the destination. However, since the actual transmission / reception of the IP datagram is performed using the IP address, the network on the transmitting side (specifically, the transmitting terminal or a router not shown in the drawing) first transmits the IP address of the terminal having this domain name “b”. IP
An inquiry is made to a domain name server (hereinafter, referred to as DNS) which stores the address in association with the domain name and the IP address. The operation of confirming the IP address from the domain name is called "forward lookup", and the operation of confirming the domain name from the IP address is called "reverse lookup". A domain name is a combination of a domain, that is, a name indicating a region or an organization and a host name, and is displayed in a form such as abc. Xyz. Co. Jp. Is simply referred to as a domain name.

[0065] 50 _-1 4 does not convert the IP address in the header is the domain information conversion depicted in the packet (FIG. 4 to query the IP address of the domain name in DNS "b", the header portion is described I as in Figure 3
A message transmitted and received is referred to as a packet in order to distinguish it from a P datagram). If domain information conversion processing unit 13 of the IP address conversion unit 10 receives the packet 50 _-1, inquires the IP address of the terminal having the domain name "b" by the packet 50 _-2 DNS40 (DNS
The connection method to 40 and the inquiry processing method are performed by a known technique, so that the description of the processing flow diagram is omitted). DNS40
DNS 40 stores the domain name and the IP address corresponding to each other, so that the DNS 40 stores the I / O address of the terminal having the domain name "b".
The P-address is "B" (the IP address of the terminal B is B), and the packet _50-3 replies to the IP address translation device 10. The packet 50 _-3 also referred to as "reply packet a Forward" or "reply packet".

When the reply packet _50-3 is received (see step S21 in FIG. 6), the IP address translator 10 determines whether the received packet is a packet of communication information between terminals or not.
It is confirmed whether the packet is an inquiry to NS or a response packet from DNS (S22). In the case of a DNS-related packet, since the port number set in the TCP layer in the packet has a specific numerical value (for example, port number = 53), the above confirmation is performed based on the port number. If it is confirmed that the packet is not a DNS inquiry or answer packet, it is determined that the packet is a communication information packet, and the process proceeds to an IP address conversion process (S23). The IP address conversion process will be described later with reference to FIG. .

In this case, it is confirmed that the received packet is a DNS inquiry or response packet.
Whether the packet is a forward reply packet or a reverse query packet is confirmed using a known technique (detailed description is omitted) (S24). In this case, since the answer packet is a forward answer packet, the process starts to convert the IP address in the answer data in the packet (S25). In FIGS. 5 and 6, the steps indicated by the dotted lines are not the steps for performing the processing, but indicate the contents of the subsequent processing.

In this process, the domain information conversion processing unit 13 shown in FIG. 4 accesses the network number management table (P) 111 in the network number management unit 11 and sets the IP address set in the data part of the reply packet. It is confirmed whether or not the same network number as the network number in "B" (referred to as B ') is used in the inquiry source network P (S26). In this example, the network number used in the network P is stored in the network number management table (P) 111, including the network number (A ') which is a part of the IP address "A". Is the network number management table (P)
If the network number of the same number as the network number "B '" is not stored in 111, the IP address in the data of the reply packet is transmitted to the destination (terminal A which is the inquiry source) without conversion (S27).

Although not used here, the network number management table (Q) 111 has the IP address "B"
Network Q including the network number "B '" in the
The network number used in the server is stored. Hereinafter, for the sake of simplicity, the description will be made assuming that the network number “A ′” and the network number “B ′” are the same.

Based on this premise, the domain information conversion processing unit
13 confirms that the same network number (A ') as the network number "B'" of the IP address "B" is also used in the network P, and is not recorded in the network number management table (P) 111. A network number, that is, a network number not used in the network P is searched (S28), and it is assumed that a new network number "D '" has been obtained (S30). If a network number not used in the network P is not found, the class of the IP address “B” is changed, and a network number not used in the network P is acquired (S28 → S29 → S30). The class change will be described later. It is possible that an appropriate network number cannot be found even if the class is changed.However, in this case, communication between networks cannot be performed. It is assumed that the private IP address of the network is changed. Therefore, it is assumed in the following that there is always an available empty network number.

When the domain number conversion processing unit 13 can acquire the network number “D ′” not used in the network P, the network information conversion unit 13 sets the network of the IP address “B” set in the data part in the reply packet _50-3 . Number "B '"
Is replaced with "D '", and the fact that the network number "B'" has been converted to "D '" is stored in the number conversion record table (Q) 112 (S31). This allows I
An IP address in which the network number in the P address “B” has been replaced with “D ′” is represented by “D”. The fact that the terminal having the IP address “B” is accommodated in the network Q is determined by, for example, defining a response range between DNSs (when a plurality of networks exist), by using a domain name. Can be confirmed at the time of making an inquiry about or when a response is received from the DNS 40.

As described above, when the IP address in the data of the reply packet _50-3 is converted from "B" to "D", the domain information conversion processing unit 13 changes the IP address of the terminal having the domain name "b" to "D". Is notified to the terminal A which is the inquiry source in the packet _50-4 (S32). After receiving this notification, the terminal A sets the transmission destination IP address in the header of the packet (IP datagram) to be transmitted to the transmission destination terminal B to “D” and performs transmission. 3 and FIG.

Next, reverse DNS lookup will be described. It is assumed that the terminal A needs to reverse the domain name of the terminal B. The terminal A understands that the IP address of the terminal B is “D” and does not know the regular IP address “B” of the terminal B by the above processing. "D" is set as the IP address to be inquired and is transmitted. Hereinafter, packet 50 in FIG.
_-1 is assumed to be a reverse query packet, the content of the query in this case is “IP of b” described in the figure.
(address)? "Instead of" D domain name? "

When the domain information conversion processing unit 13 of the IP address conversion apparatus 10 receives this packet, it performs the same operation as described above (S21 → S24 in FIG. 6), but this time, the IP address in the reverse query data is The conversion process is started (S24 → S33). In this case, the domain information conversion processing unit 13
Accesses the number conversion record table (Q) 112 which is paired with the number conversion record table (P) 112 storing the number conversion information on the network P in which the terminal A making the inquiry is accommodated. It is confirmed whether or not the network number “D ′” of the IP address “D” is stored in the converted network number in (S34).
.

If the network number “D ′” is not stored, the IP address in the inquiry data is
The message is transmitted to the NS 40 (S34 → S27). In this case, since “D ′” is stored in the network number after conversion, the network number before conversion (“in this case,“ B ')), and replaces the network number "D'" in the IP address "D" in the inquiry data with "B '" (S35). Although the IP address whose network number has been converted to “B ′” becomes “B”, the domain information conversion processing unit 13 sends the query data (IP
The packet of the reverse query in which the (address) is converted to "B" is transmitted to the DNS 40 (S36). In FIG. 6, the packet _50-2 corresponds to this, but the content of the inquiry is "IP of b
address? "Instead of"B's domain name? " The following processing is performed by a known technique, and a description thereof will be omitted.

Next, when the IP address translator 10 transmits and receives a packet (hereinafter referred to as “I
P datagram ") in the header portion of
Regarding the IP address conversion processing for converting addresses, a terminal A in the network P to a terminal B in the network Q
FIG. 3 and FIG. 5 show an example of transmitting an IP datagram to
Will be described together. Note that the network number portion in the IP address “A” of the terminal A (referred to as “A ′”)
It is assumed that the network number portion (referred to as “B ′”) in the IP address “B” of the terminal B is the same number. S1 to S15 in parentheses are the numbers of the processing steps in FIG. 5 corresponding to the description.

In FIG. 3, when terminal A in network P sends an IP datagram to terminal B in network Q, even if terminal A knows only the domain name of terminal B, terminal A Since the address can be known, the IP address of the terminal B is set as the destination address of the packet to be transmitted thereafter. However, in the present invention, as described above, the terminal A is notified by the IP address translator 10 of “D” instead of the regular IP address “B” as the IP address of the terminal B. As shown in Gram _30-1 , destination address 31 in the header part
Is set to the IP address "D".

[0078] When the IP address converter 10 receives the IP datagram 30 _-1, to start the conversion process of the source IP address (see S1, S2 in FIG. 5). First source IP
It is confirmed whether the network number "A '" in the address "A" is stored as the network number before conversion in the network number conversion record table (Q) 112 (S3). If it is the first call from the terminal A to the terminal B, "A '" is not stored, so the process proceeds to step S5 in FIG. Steps S3 and S4 are necessary when, for example, the terminal B sends a reply to the terminal A, which will be described later.

[0079] has been set to "A" in source IP address 31 of the IP datagram 30 _-1 as shown in FIG. 3,
Upon receiving the IP datagram _30-1 , the IP address conversion processing unit 12 determines whether the same network number as the network number "A '" in the source IP address "A" is used in the destination network Q. It is confirmed in the network number management table (Q) 111 (S5). If it is not used, the process proceeds to the next process without converting the source IP address (S5 → S6 → S11).
Since it is assumed that the same network number is used for the network Q and the network Q, the process proceeds to step S7 in FIG.

Here, the IP address conversion processing unit 12 searches for a network number (empty network number) not stored in the network number management table (Q) 111 (S
7) However, this search method follows an arbitrary selection method determined in advance. For example, it is possible to select the available network numbers sequentially from the youngest or the oldest, or to create a table (not shown) in which the available network numbers are described in advance for each network and select them in the order described in the table or randomly. Good.

When an unused network number is found in the network Q, the IP address conversion processing section 12 replaces the network number (C ′) with the network number “A ′” of the IP address “A”. The network numbers "A '" and "C'" before and after the conversion are stored in the number conversion record table (P) 112 in association with each other (S9). If the network P also communicates with a network other than the network Q, a table describing the empty network numbers as described above is provided, and identification information is added to or obtained from unused empty network numbers in the table. It is desirable to provide a table for storing an empty network number, display that "C '" in the empty network number has been used, and prevent the same number from being used for another IP address thereafter.

Next, the IP address conversion processing unit 12 replaces the network number "A '" of the source IP address 31 of the received IP datagram _30-1 with "C'" (S1).
0). The IP address of the terminal A whose network number has been replaced with “C ′” from “A ′” is “C”. If the replacement network number is not found, change the class of the IP address and select the replacement network number (S
7 → S8 → S9), which will be described later.

When the conversion of the transmission source IP address is completed, the IP address conversion processing section 12 shifts to the conversion processing of the transmission destination IP address (S11), and the network number of the transmission destination IP address "D" (in this case, "D '") ) Is confirmed in the number conversion record table 112 (S12).
In this example, since the only network that communicates with the transmission source network A is Q, the number conversion record table (Q)
When the network A communicates with a plurality of networks (n), there are n number of network networks provided corresponding to the n number conversion record tables (P) 112 of the network A. Are sequentially indexed. However, when the network number “D ′” to be replaced is selected in the above-described domain information conversion processing or the like, the identification information of the network (the network Q in this example) using the network number “D ′” is changed to the network number “D ′”. , The number conversion record table 112 to be accessed can be easily identified.

If the network number “D ′” is not recorded, the IP address conversion processing section 12 does not convert the destination IP address (S12 → S13), but the processing described with reference to FIGS. Accordingly, when the network number “B ′” is converted to “D ′”, the converted network number “D ′” is stored in the number conversion record table (Q) 112 in the network number “B ′” before the conversion. ”, The IP address conversion processing unit 12
Replaces the network number "D '" in the destination IP address "D" with "B'" (S14).

[0085] networks destination IP address the network number has been replaced with "B '" becomes IP address "B", IP address, conversion processing section 12 is the IP datagram 30 _-2 to convert the destination IP address Q (S15). For convenience of explanation, FIG. 5 shows that the processing in step S10 and the processing in step S14 are performed at different times, but it is practical that the two processings are performed simultaneously.

[0086] The above manner is IP datagrams 30 _-1 from the terminal A source, converts the destination with the IP address, but as an IP datagram 30 _-2 is transmitted to the terminal B, and this The operation when the IP datagram is returned from terminal B to terminal A will be described with reference to FIGS. The terminal B recognizes the IP address of the source terminal A as “C” by receiving the IP datagram 30 _-1 . Therefore, when transmitting a packet to the terminal A, the terminal B receives the IP datagram 30-1 in FIG. _As shown in _-3 , the transmission destination IP address 32 is set to "C", and the transmission source IP address 31 is set to its own private IP address "B" and transmitted. , Upon receiving the IP datagram _30-3 ,
The IP address conversion processing unit 12 transmits the source IP
The address conversion process is started (S1, S2 in FIG. 5).
First, it is determined whether or not the network number “B ′” in the source IP address “B” of the received IP datagram _30-3 is stored in the number conversion record table (Q) 112 as the network number before conversion. Confirmation (S3). In this example, since the network number “B ′” is converted to “D ′” when the IP datagram is transmitted from the terminal A to the terminal B first, “B ′” is stored in the network number before the conversion. ing. Therefore, the converted network number “D ′” stored corresponding to “B ′” is replaced with the network number “B ′” in the source address “B” (S
4). Since this conversion reverses the network number converted when transmitting from terminal A to terminal B,
Unlike when the IP datagram _30-1 is received, an operation for acquiring a new network number is not performed. When the above conversion is completed, the process proceeds to a destination IP address conversion process (S4 → S11).

When the IP address conversion processing section 12 starts the conversion processing of the destination IP address, the number conversion record table (P)
It is confirmed whether or not the network number "C '" of the transmission destination IP address is stored in the converted network number of 112 (S12). In this example, terminal A sends an IP
When the datagram is transmitted, the network number of terminal A is converted from "A '" to "C'" and stored in the number conversion record table (P) 112 table. So IP
The address conversion processing unit 12 converts the network number “C ′” of the transmission destination IP address into the network number “A ′” before the conversion.
(S14). The IP address conversion processing unit 12 sends out the IP datagram _30-4 whose destination IP address is "A" due to the conversion of the network number to "A '" to the destination terminal A (S15). ).

In the present invention, the IP address is converted as described above. When the address is converted, a process of deleting the content recorded in the network number conversion record table 112 for a predetermined period or deleting the content is performed. If the data is stored until the communication is performed, it is not necessary to search for a new network number for address conversion when performing communication with the same partner again after the communication is completed. Further, since only the network number is changed in the present invention, when communication from another terminal in the network P to another terminal in the network Q occurs, for example, the communication is performed from the terminal A to the terminal B. If the conversion contents of the network number are used as they are and only the host number is set to the number of the terminal that newly performs communication, it is not necessary to obtain a new network number every time communication is performed.
Steps S3 and S4 in FIG. 5 are necessary steps for performing such processing in addition to the processing of the returned IP datagram.

[Embodiment of IP Address Conversion Method]
An embodiment of a method of converting a P address will be described with reference to a network model of FIG. 7 using specific numerical examples. FIG. 7 shows network groups 20 _-1 and 20 _-2 as two networks that communicate with each other. Each of the network groups 20 _-1 and 20 _-2 has a plurality of subnets (sub-networks) therein. ) 22, and routers 23 are provided between the subnets 22. The network groups 20 _-1 and 20 _-2 correspond to the networks described so far (for example, the network 20 in FIG. 1), and hereinafter, between the network group _20-1 and the network group _20-2 , FIG. An example in which the IP address translation device 10 is provided as shown in FIG. In the following, the network group _20-1 and the network
20 _-2 are referred to as a network P and a network Q, respectively, and when individually indicating the subnet 22, the symbols described in the figure are used, and the subnets P _i and Q _j (i, j = 1 to 1 in the example of FIG. 7) 6).

Although the private IP addresses are assigned to the IP addresses of the subnet 22 and the terminal 21 in the networks P and Q, both the networks P and Q use the class B private IP addresses for convenience of explanation. It is assumed that the network numbers are the same. FIG.
In, for example, "172.16.1.0" to the subnet P _1, IP address of "172.16.1.5" to the terminal A in a subnet P ₁ is given. The first "17" of this IP address
2.16 ”corresponds to the network number, the next“ 1 ”corresponds to the subnet number, and the last“ 0 ”(subnet P ₁ ) or“ 5 ”(terminal A) corresponds to the host number. (1 depending on the subnet
It is assumed that the digits of “−6” are also host numbers. As described in FIG. 17, since the first digit of the network number of the private IP address that can be used in class B is “172”, “172.16” to “172.
31 ". Therefore, the range of network numbers that can be selected when converting the network number “172.16” in FIG. 7 is “172.17” to “172.31”.

Now, it is assumed that communication is performed from terminal A in network P to terminal B in network Q. The terminal B is in the subnet Q ₃ and has an IP address of “172.16.3.7”. However, from the precondition, the same IP address is assigned to the subnet P ₃ in the network P.
It is assumed that there is a possibility that the same IP address as the IP address of the terminal A exists in the subnet Q ₁ in the network Q.

[0092] terminal A previously query the IP address from the domain name of the terminal B to transmit the IP datagram 30 _-1 7, it is assumed that the IP address translation apparatus 10 is notified of the IP address of the terminal B . At this time, the IP address conversion device 10 confirms that the network number “172.16” of the IP address “172.16.3.7” of the terminal B shown in FIG. It is assumed that “172.16” is converted to “172.21”, and the terminal A is notified of the IP address “172.21.3.7” as the IP address of the terminal B.

For this reason, the terminal A transmits the IP
Set the IP address of the own regular "172.16.1.5" is the source IP address 31 of the datagram 30 _-1, destination IP
The translated IP address “172.21.3.7” is used for address 32
Is set.

[0094] IP datagrams 30 IP address converting apparatus 10 receives the _-1 according to the procedure described by FIG. 5, converts the network number of the source IP address 31 to the network number that is not used by the destination network Q At the same time, the destination IP address 31 is returned to the regular IP address, and then transmitted to the network Q as the IP datagram _30-2 . In FIG. 7, the source IP address 31 is changed from “172.16.1.5” to “172.20.1.5”, and the destination IP address 32 is changed from “172.21.3.7” to “172.16.3.7”.
(Regular IP address of terminal B). Here, to avoid confusion, an example was described in which the source address "16" was converted to "20" and the destination address "16" was converted to "21". There is no problem if you change the number (for example, both are "20").

As described above, when only the network number of the private IP address is converted in class B, the first 8 bits are fixed to "172" (decimal number). It is only necessary to check which one of "16 to 31" can be used for the 8-bit network number, and there is a simple selection method of using the network numbers that are not used, for example, in order of the oldest number. Can be used. Therefore, the management of an empty network number is extremely easy, and the network number management table 111 of FIGS. 3 and 4 also has a very small scale.

Here, the network number conversion between class A and class C will be described. Figure 8 shows a fixed class IP
5 illustrates a conversion example when an address is converted. FIG. 8 (1) shows an example of a method of changing only the network number without changing the class, but the example described with reference to FIG. In the figure, a subnet mask is information for identifying a range of network numbers including a subnet number (the details are omitted because they are well-known), and a digit (8 bits) to which "255" is set is usually used. Although the digits of the network number and the subnet number are shown, since (1) in the figure is an example where the subnet number is not subject to conversion, set the subnet number digit to "0" instead of "255". I have.

The class A private IP address is
As described in 15, the network number is only the first digit (8 bits) including the class identification information and "10"
, The network number cannot be converted to another network number. Therefore, for class A, the network number is always changed including the subnet number. 3 digits for class C (8 for each
Since the first two digits of the network number of (bit) are fixed, the network number to be replaced is selected in the last digit. Therefore, also in this case, the management of the network number (only 256 numbers including the used number) is easy.

FIG. 8 (2) shows an example in which the network number including the subnet number is changed, but FIG. 8 (2) shows an example in which the subnet number is used to the maximum as apparent from the subnet mask. ing. When the subnet number is set to the maximum, the class A network number has three digits, but since the first digit “10” is fixed, the next two digits are used.
The digits are the selection range for the conversion. In the figure, there are three types of IP address “10.1.3.H” before conversion, “1” is converted to “100”, “3” is converted to “200”, and both are performed. However, as is clear from this example, the use of the subnet number greatly widens the selection range of the number to be converted. However, since it is not necessary to manage the entire IP address for IP address conversion, the size of the network number management table 111 does not become so large.

In the class B, since the third digit of the subnet number is added to the selectable range, the selection range of the vacant network number is wider than when the subnet number shown in (1) is not included, but the usable range of the second digit is Is smaller, the size of the network number management table 111 is smaller than that of class A. Since there is no subnet number for class C,
As in the example of (1), the selectable range is 2 including the existing number.
It becomes 56 pieces. Although the number of selectable network numbers varies depending on the number of used network numbers, it can be generally said that class A is the largest and class C the least.

As described above, since the number of available free network numbers differs depending on the class, the present invention can change the class when a required free network number cannot be obtained. FIG. 9 illustrates a part of a conversion example of an IP address accompanied by a class change. In the example of converting from class A to class B, if there is an empty number in the second digit (a selectable range of 16 to 31) of the class B network number, the first two digits "10.1" are changed to "172.31", for example. It is only necessary to change the third digit subnet number from "3" to "200" (e.g., an empty number) even if all of the second digit "16-31" is used. Thus, the IP address can be converted.

The other examples will be apparent from the figure, and a detailed description will be omitted. When the subnet number is to be converted, it can be said that, in principle, when the class is changed to a higher order (for example, from class B to class A), the selectable numbers increase, and when the class is changed to a lower order, the selectable numbers decrease. . Although not shown in FIG. 9, FIG.
Are all “255.255.255.0”. If the number to be converted cannot be obtained, it is possible to change the range of the subnet number (including the change of the subnet mask) in addition to the class change, but the detailed description is omitted.

[Embodiment of Network Number Management Method] In the IP address conversion apparatus of the present invention, it is necessary to know the network number used in each network in order to convert the network number. The description has been made on the premise that the network number used in (1) is stored in the network number management table 111 (see FIGS. 3 and 4) provided for the network. Here, a method of managing network numbers will be described.

As the simplest configuration example, there is a case of class B in which only the network number described in FIG. 8A is converted (subnet numbers are not converted).
In this example, the conversion target of the network number is only the “16” digit of “172.16.HH” of the IP address, and the selectable range is only “16 to 31”. And FIG. 4) is very simple. Specific network number management table
As 111, it is sufficient that information indicating the range of the network number (specifically, a subnet mask) and the like are stored as necessary, in addition to the information for identifying the network number used for the network P.

The network number management table 111
Instead of storing the network numbers used in each network, the empty network numbers may be stored in a table, or some of the empty network numbers may be used as network numbers that can be used for network number conversion instead of all of them. It may be stored in advance, and the use order may be specified depending on the use mode.

From the viewpoint of the management of network numbers, when the number of network numbers used for the network is small as described above, the network number management table 111 or a table instead of this (for example, an empty network number management table) Can be created in advance by manual work or the like. However, when a large-scale network such as class A or a large number of networks for communication is used, or when the network number is frequently changed, the network number (including the subnet number) is manually set. Off-line management not only imposes a heavy burden on the network administrator, but also tends to cause mistakes, and may not be able to follow changes in the network.

Hereinafter, the network number management table 111
How to manage online. When communication is performed between networks, it is necessary to determine a communication path each time communication is performed, and a router or the like installed between networks is provided with a routing table for selecting a communication route. Since the network configuration is constantly changing, such as new addition or abolition of the network, failure of the network, addition or deletion of a router, the routing table is generally updated frequently.

One of the methods for automatically updating the routing table is RIP (Routing Information Protocol).
l) There is. In the RIP, each router periodically sends its own routing information to an adjacent router or the like, so that all routers have the same information on the network configuration. Since the routing information transmitted by the RIP includes the network number (including the subnet number) and the subnet mask,
By receiving the IP, it is possible to grasp all the network numbers of the network in which the Internet communication is performed.

When a connection is made between networks even in a network having a private IP address,
Since it is necessary to exchange routing information between networks, the present invention employs a network number when a network to be applied exchanges network information by RIP or a similar method as in the global Internet. Can be managed online.

FIG. 10 shows an operation flow of the network number information update processing of the embodiment. Hereinafter, the operation of updating the network number information according to the present invention will be described with reference to FIG. 10, FIG. 2 and FIG. In the following, S41 to S49 in parentheses are the numbers of the processing steps in FIG. 10 corresponding to the contents of the description.

Although the routing information is sent from a router of an adjacent network according to a protocol such as RIP, in the IP address translator 10 of the present invention, the line interface unit 17 shown in FIG. . Now, the line interface unit 17 of FIG.
It is assumed that routing information by RIP or the like is received from one of the networks 20 connected to the network (see S41 in FIG. 10). This routing information is temporarily stored in an appropriate area in the memory 15 via the line control unit 18 and the bus 19.

A routing table (the routing table has well-known contents, so that its illustration and description will be omitted) is stored in the memory 15 of FIG.
The CPU 14 compares the contents of the received routing information with the contents stored in the routing table (S42). As a result, if it is confirmed that the received routing information does not change from the contents stored in the routing table, the received routing information is directly processed without performing any processing, and is directly transmitted to an adjacent network (for example, the network Q in FIG. 2). ), And enters a standby state for receiving the next routing information (S43 → S44 → S45).

If the received routing information is different from the contents stored in the routing table, the routing table is rewritten using the received routing information (S43 → S46), and the rewritten routing information is transmitted to the adjacent network. After that, the process enters a standby state for receiving the next routing information (S47 → S45).

After rewriting the routing table and transmitting the routing information, the CPU 14 edits the received routing information and extracts a network number including a subnet number (S48). In the received routing information, the routing information of which network is recorded, and it is possible to identify which network the network number recorded in the routing information belongs to, so the CPU 14 uses the extracted network number. Network number management table for the corresponding network
111 (see FIG. 3) is updated (S48). In this way, the IP address translator 10
The network numbers used in the network communicating via 10 can be collected online and updated in short intervals.

[Installation form of IP address translator] The above description has been made on the case where the IP address translator of the present invention is installed between two networks using private IP addresses, but three networks are used. The case where there is the above will be described.

FIGS. 11 to 13 show examples of installation forms of the IP address translator 11 when there are three or more networks (including relay networks) for communication (FIG. 11 to FIG. 13) Also describes three networks 20, but when individually referring to the networks 20, they are described as networks P, Q, and R, respectively).

FIG. 11 shows an example of installation of the IP address translator 10 and a situation of IP address conversion when two networks 20 communicate with each other by relaying another network. This configuration is an example of relaying the network R when performing communication from the network P to the network Q.
In this case, the IP address translator 10 is connected to the networks P to
It is installed between R and networks R to Q. Below, IP
When the address translators 10 are individually indicated, they are denoted by the reference numerals in the drawing and are referred to as IP address translators (PR) or IP address translators (RQ). In the following, it is assumed that the IP address translator 10 has the function of a normal router.

In the figure, P-1 to P-8 indicate IP datagrams, and the lower part of FIG. Have been. In the table, a double-lined arrow indicates that address conversion is performed, and a dotted-lined arrow indicates that the address is not converted. As is clear from the figure, both the source address and the destination address are converted only by the IP address translator on the source side of the packet. Hereinafter, FIG. 14 and FIG. 15 are also used,
Some explanation is supplemented.

The IP address translator (PR) outputs the IP datagram P-2 to the network R after performing the address translation of the IP datagram P-1. Although the destination address of the IP datagram P-2 is “172.16.3.7”, in the example of FIG. 11, there are two networks having the IP address “172.16.0.0”, the network P and the network Q. In a general router, when transmitting an IP datagram, a destination router (next router) is selected using a routing table. However, when there are a plurality of networks having the same network number as in this example, a destination is determined. May not be possible. However, the IP address translator (PR) converts the IP address of the IP datagram P-2 by itself, and
-2 can recognize that the destination is not the network P, so that the IP address translator (R
-Q) is selected and the IP datagram P-2 is transmitted.

In the present invention, when two IP address translators 10 are involved in the communication between networks as shown in FIG. 11, when the IP address translator 10 on the transmission side converts the IP address, the contents of the translation are transmitted. This is transmitted to the IP address conversion device 10 connected to the destination network.
Specifically, the contents of the number conversion record table (P) 112 and the number conversion record table (Q) 112 (FIG. 3) are transferred from the IP address conversion device (P-R) to the IP address conversion device (R-
Q). Since the network number management table 111 is also created in the IP address translation device (PR) from routing information such as RIP, the two IP address translation devices 10 record the same contents for the combination of the network P and Q. It has a network number management table 111 and a number conversion record table 112. As shown in FIG. 2, the network number conversion record table 112 is stored in the memory 15 as the network management unit 11, and the stored contents are transmitted to another network via the line interface unit 17. Since the conversion can be easily realized by a known technique, the transfer of the conversion contents is not particularly illustrated.

As shown in FIG. 11, the IP datagram P-2 is received by the IP address translator (PR) as the IP datagram P-3 without changing the source and destination addresses. Is done. The source IP address translation device (PR) has translated both the source IP address and the destination IP address of the received IP datagram P-1, but the reception-side IP address translation device (RQ) In IP datagram P-4 without converting the IP address
To the destination terminal B.

As described above, the IP address translator 10 of the present invention may or may not perform the translation of the IP address. However, there are several methods for determining whether or not to perform the translation. is there. FIG. 14 and FIG. 15 are flow charts of an embodiment of a method for judging the necessity of IP address conversion.
Is a flow chart of the process of determining whether or not the source IP address needs to be converted.
FIG. 15 illustrates a flow of a process of determining whether or not to convert a destination IP address. FIGS. 14 and 15 detail the address translation portion in the flow chart shown in FIG. 5 so that it can be applied to the usage form of the IP address translation device 10 as shown in FIG. S51, S53 (including S52), S55, and S57 in FIG. 14 correspond to S1, S3, S4, and S5 in FIG. 5, respectively.
S58 corresponds to S7 to S10 in FIG. In addition, S6 in FIG.
1, S63 (including S62), S64 to S65, and S67 correspond to S1, S12, S14, and S13 in FIG. 5, respectively. Therefore, the figure
Regarding 14 and FIG. 15, the description of the parts already described with reference to FIG.

Hereinafter, the conversion of the source IP address of IP datagram P-3 in the IP address translator (RQ) will be described. In the conversion necessity determination method of FIG. 14, when the received IP datagram P-3 is received (S51).
Then, it is confirmed whether or not the same network number as the network number of the transmission source IP address is recorded in the network number conversion record table (S52). As described above, since the IP address translator (RQ) stores the network number translation record table 112 sent from the source IP address translator (PR), it checks this table. The network number of the source address of the IP datagram P-3 in FIG. 11 is “172.20”, which is the network number after the conversion.
Follow steps 52 → S53 → S54 → S56. Therefore, in this example, the source IP address is not converted. This rule is that once converted source IP address is not re-converted. Whether the network number is the converted network number can also be determined from the fact that the same network number as the network number of the received source IP address is not registered in the regular routing table.

Next, the destination IP address will be described.
The destination address of the IP datagram P-3 is “172.16.
3.7 ", but there is a possibility that a conventional router cannot determine whether the datagram is addressed to the network Q or the network P using the same network number" 172.16 ". However, in the IP address translator (RQ), as described above, the IP datagram P-3
Of the transmission source network is P and the transmission destination is translated because the transmission source address of the transmission destination is the translated IP address stored in the network number translation record table (P) 112 Is network P
Can be identified. Therefore, it can be determined that the transmission destination is the own network Q.

Regarding the necessity of the conversion of the destination IP address, since the destination address “172.16.3.7” is recorded as the converted network number in the network number conversion record table (Q) 112, the step of FIG. S62 → S
Follow 63 → S64 → S66. Therefore, in this example, the destination I
Also do not translate the P address. Then, the packet is transmitted to the terminal B as an IP datagram P-4 without IP address conversion.

Whether or not to convert the IP address of the reply packet (IP datagram) from the terminal B to the terminal A is determined according to the conversion necessity judging method shown in FIGS. Since this is the same as the case, the description is omitted, and the conversion contents of the IP address are described only in the table of FIG. As described with reference to FIG. 5, in the case of a reply, the IP address translation device (P
Since the conversion of the IP address is performed using the number conversion record table 112 transmitted from -R), the process of newly acquiring the network number to be converted in the IP address conversion device (RQ) is not performed. In this case, the address conversion is performed for the source IP address in step S52 of FIG.
→ S53 → S54 → S55, destination IP address
It is performed according to the steps S62 → S63 → S64 → S65 of the fifteenth step.

In a network configuration as shown in FIG.
For example, if network P and network Q are class B,
When the network R is a class A, communication between the network P and the network R and communication between the network R and the network Q are possible in the related art.
Could not communicate with the network Q via the network R. However, since the IP address translation apparatus 10 of the present invention can change the class at the time of address translation as described above, even if the network number for translation cannot be secured, the class of the network P and the network Q can be changed to the class A. , Communication via the network R can be performed (an example of performing class conversion is omitted in FIG. 11).

Next, the case where there are a plurality of destination networks will be described with reference to FIGS. FIGS. 12 and 13 show an example in which two partner networks to be transmitted from the network P exist, the network Q and the network R. The installation form of the IP address translator 10 is shown in FIGS. There are two types.

FIG. 12 shows a mode in which an IP address translator 10 is installed for each destination network (when referring to individual IP address translators 10, it is like an IP address translator (PQ)). Described in). Now, it is assumed that a packet is transmitted from terminal A in network P to terminal B in network P or terminal C in network R, and the IP addresses of terminals A, B, and C are respectively
Addresses A, B, and C are used. Although the IP addresses A, B, and C are all private IP addresses, for convenience of explanation, the description will be made assuming that the three IP addresses are the same.

Although the source terminal usually knows the IP address of the other party from the domain name, when terminal A knows the IP address B of terminal B from the domain name of terminal B, as described above, Since it can be confirmed that B is a terminal in the network Q, the IP address B (= A =
The conversion of C) is performed by an IP address conversion device (PQ) provided between the network and the network Q. When the IP address B is converted into, for example, the IP address E by the method described above, the IP address conversion device (PQ) sends the IP address E to the network P (specifically, the default router of the terminal A). That a device equivalent to a router used for communication with the IP address is an IP address translation device (PQ).

Therefore, the terminal A sets the destination IP address to I
When the P address E is designated, the IP address translator (P-R) is not selected, and the IP address translator (P-Q) is selected. Thereafter, when the terminal A communicates with the terminal C in the network R, the communication is performed via the IP address translation device (PR) in the same manner as described above. Note that the IP address translator (PQ)
When the address B is converted to the IP address E (actually, only the network number is converted), the IP address conversion device (PR) is notified that the network number used for the IP address E has been used, I of other terminal
The same network number should not be used more than once during P address conversion. Thus, when communication is performed from terminal A to terminal C, the IP address conversion device (PR) changes the network number of the IP address of terminal C to a network number other than the network number used for IP address E. Convert to Therefore, the communication from the terminal in the network P to the terminal B and the communication to the terminal C do not get confused.

FIG. 13 illustrates an embodiment in which one IP address translator 10 is shared by a plurality of networks. In this case, as described above, a network number management table 111 and a number conversion record table 112 are provided for each combination of two networks that perform communication (however, the two network number management tables (P) described are for communication). If the other party's network can be clearly identified, it may be shared.) In this embodiment, the terminal A
Receives the converted IP address E of the IP address B as the destination IP address for the terminal B from
It is necessary to select the number conversion record table 112 from which the IP address B can be obtained from the P address E. However, if the converted IP address used once is not used repeatedly, there is no problem at all. Absent.

In this way, for example, the IP address of terminal B
When the address B is converted into the IP address E, the number conversion record table 11 in which the IP address E (actually, only the network number portion) is recorded corresponding to the IP address B
2 is only the number conversion record table (Q).
When sequentially searching all the number conversion record tables 111 when searching for the IP address before the conversion of the address E, the number conversion record table (Q) can be found. However, when the IP address is converted, if the network identification information using the converted network number is separately recorded, the desired number conversion record table can be directly entered without searching all the number conversion tables 111. 112 can be accessed.

[Supplementary Information] The embodiment of the IP address translator according to the present invention has been described with reference to FIGS.
The illustrated contents are only a part of the embodiment, and the present invention is not limited to the illustrated contents.
For example, although the IP address translation device of the present invention is illustrated as a single device, it is apparent that the effects of the present invention can be obtained even if the functions of the IP address translation device of the present invention are provided inside a router or the like. It is.

FIG. 2 illustrates the hardware configuration of the IP address translator according to the present invention. However, there are various methods for configuring the hardware, and the present invention is not limited to the illustrated configuration. That is natural. For example, even if a part of the function of the network number management unit 11 is provided in the processing unit 13 or a part of the function of the IP address conversion processing unit 12 or the domain information conversion processing unit 13 is provided in the memory 15, The effect remains the same.

Although FIG. 4 and the like describe that the domain name server is provided on a separate I from the two networks with which the communication is performed, the domain name server is provided on one of the two networks. The function of the present invention does not change even if the function is provided inside the IP address translator.

Although the network number to be converted in the present invention has been described by way of an example of an integral multiple of 8 bits including the subnet number, the subnet number is not set in units of 8 bits, and the network number to be converted in the present invention is not set. Is not limited to an integral multiple of 8 bits. In this connection, it is needless to say that the IP address conversion pattern may be variously modified in addition to the illustrated example, and the present invention is not limited to the described conversion pattern.

Further, the method of determining whether or not to convert the IP address may be a method other than the method of determining whether or not to convert the IP address shown in FIGS. 14 and 15, and the effect of the present invention does not change.

[0138]

As described above, the IP address conversion apparatus of the present invention is provided between networks when performing communication between networks using private IP addresses, but is similarly provided between networks. Unlike routers that only forward packets and select routes,
Since it has the function of translating the source and destination IP addresses set in the header of the P packet, the following effects are exhibited.

In other words, according to the conventional method of connecting via the Internet, communication is performed by acquiring a global IP address only during communication. Therefore, a network using a private IP address is outside the network due to the limitation of the number of obtainable global IP addresses. At the same time, the number of terminals that can communicate is limited, and the communication direction is limited to calling from the network side. However, in the present invention, it is possible to connect between networks without going through the Internet, and it is not necessary to obtain a global IP address Therefore, the number of simultaneous communications is not limited by the number of acquired global IP addresses, and connection can be performed by specifying a partner terminal from either network.

Also, according to the present invention, even if a terminal having the same private IP address exists in two networks accommodating a terminal having a private IP address, the
You are not connected to the wrong terminal to translate addresses. Therefore, when communicating between networks,
There is no need to change the environment of an already operating network, such as changing the private IP address.

Since only the network number is converted when the IP address is converted, the size of a table required for the conversion can be reduced, and conversion processing including a table index can be performed efficiently.

Further, since the class of the IP address can be changed at the time of the IP address conversion, the number of network numbers that can be used at the time of the IP address conversion is less restricted. Can communicate via different networks.

As described above, according to the present invention, the private I
In order to enable efficient communication between networks using P-addresses with less restrictions and to reduce the use of global IP addresses, global networking has become a bottleneck in Internet communication development. It greatly contributes to the development of inter-network communication, such as contributing to alleviating the shortage of IP addresses.

[Brief description of the drawings]

FIG. 1 is a basic configuration diagram of the present invention.

FIG. 2 is a hardware configuration diagram of an embodiment of the present invention.

FIG. 3 is a functional configuration diagram of an embodiment of the present invention (1).

FIG. 4 is a functional configuration diagram of an embodiment of the present invention (2).

FIG. 5 is a flowchart of an IP address conversion process according to an embodiment of the present invention;

FIG. 6 is a flowchart of a domain information conversion process according to an embodiment of the present invention.

FIG. 7 is a configuration diagram of a network model according to an embodiment of the present invention;

FIG. 8 shows an embodiment of the present invention;

FIG. 9 shows an embodiment of the present invention;

FIG. 10 is a flowchart of a network number information update process according to an embodiment of the present invention.

FIG. 11 is a diagram showing an installation form of an IP address translator according to an embodiment of the present invention (1).

FIG. 12 is a diagram showing an installation form of an IP address translator according to an embodiment of the present invention (2).

FIG. 13 is a diagram showing an installation form of an IP address translator according to an embodiment of the present invention (3).

FIG. 14 is a flowchart (1) of an IP address conversion necessity determination process according to the embodiment of the present invention;

FIG. 15 is a flowchart (2) of an IP address conversion necessity determination process according to the embodiment of the present invention;

FIG. 16 is a diagram for explaining the configuration of an IP address (1)

FIG. 17 is an explanatory diagram of a configuration of an IP address (2)

FIG. 18 is a model configuration diagram of a conventional Internet connection.

FIG. 19 is an explanatory diagram of a conventional Internet connection method (1).

FIG. 20 is an explanatory diagram of a conventional Internet connection method (2).

FIG. 21 is an explanatory view of a conventional Internet connection method (3).

[Explanation of symbols]

10 IP address translator 11 network number management means (network number manager) 12 IP address converting means (IP address conversion processing unit) 13 domain information converting unit (domain information conversion processing unit) 20 network 21 terminal 30 _-1 30 _{- 4} IP datagram 31 Source IP address 32 Destination IP address 40 Domain name server (DNS)

Claims (5)

[Claims] When communication is performed between a plurality of networks each accommodating a terminal to which a private IP address is assigned, the communication terminal is installed between two communication networks and used in two communication networks. Network number management means for storing a network number including a subnetwork number of a private IP address, and recording correspondence of network numbers before and after the conversion when the network number is converted; When an IP datagram transmitted to the network is received, the network number in the source IP address and the destination IP address set in the header of the received IP datagram is recorded in the network number management means. Network number and ratio If the same network number as the network number in the source IP address is stored in the network number management means as the network number used in the destination network, the source IP address of the received IP datagram Is converted to a network number that is not used in the destination network, and the network number before and after the conversion is recorded in the network number management means in association with the network number before and after conversion, and is the same as the network number in the destination IP address. If the network number is recorded as the converted network number in the network number management means, the network number in the received destination IP address is stored in correspondence with the converted network number before the conversion. Network After converting the number, IP address conversion device characterized by comprising an IP address converting means for transmitting the IP datagram to the destination network. 2. When a domain name of a terminal in another network is input as a destination address from a terminal in one network, a private IP address is obtained from the domain name.
An IP address is inquired to a server capable of searching for an address, and when the private IP address of the destination terminal is answered from the server, the same network number as the private IP address of the answered destination terminal is returned. Is used by the network number management means to determine whether or not is used in the network in which the source terminal is accommodated. If the same network number is used, the network number of the private IP address returned from the server is used. Is converted to a network number that is not used in the network in which the source terminal is accommodated, and the network numbers before and after conversion are recorded in the network number management means in association with each other, and the converted private IP address is used as the transmission source terminal. Notify device IP address conversion apparatus according to claim 1, comprising the domain information conversion means. 3. The network number management unit according to claim 1, wherein the network address before and after the conversion is recorded for a predetermined period or before and after the conversion, when the IP address conversion unit or the domain information conversion unit converts the private IP address. The network number record is retained until an instruction to delete it is input, and the IP address conversion means or the domain information conversion means records the network numbers of the source network and the destination network before and after the conversion in the network number management means. When the network number of the source IP address of the IP datagram is the same as the network number before conversion of the source network of the network number management means when the IP datagram that is the same as the network being received is received. Is the source IP address Scan network number corresponding to the network number before conversion into a network number after conversion are stored in,
If the network number of the destination IP address of the IP datagram is the same as the network number before conversion by the network number management means, the network number of the destination IP address is stored in correspondence with the converted network number. And the network number in the source private IP address is the same as the network number in the destination private IP address. 3. The IP address conversion device according to claim 1, wherein the conversion is performed to the same network number. 4. The IP header conversion means or the domain information conversion means is used in a destination or source network in a process of performing a process of converting a source or destination IP address via the network number management means. If a network number cannot be converted while the class of the source or destination IP address to be converted cannot be converted when a network number that is not obtained is obtained, the class of the private IP address must be changed. 3. The method according to claim 1, wherein the network number is converted.
P address translator. 5. The network number management means receives the routing information when the exchange of the routing information is automatically performed among a plurality of networks with which communication is performed, and is included in the routing information. 2. The IP address translation device according to claim 1, wherein a network number used in each network is extracted from the network number and recorded.