JP2005184110A - Packet transfer apparatus and packet transfer method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a packet transfer apparatus and method capable of transferring a domain name resolution request packet to an appropriate DNS server capable of resolving a domain name.
A plurality of DNS servers and a plurality of logical connections 27a and 27b are established, and a connection is established for acquiring a DNS server IP address 57 and domain name information 48 managed by the DNS server included in additional information 51 of a connection control protocol. Relay unit 41, storage device 43 that stores acquired IP address 57, domain name information 48, and destination logical connection 59 in association with each other, and DNS query 40 including inquiry destination domain name 56 from the user terminal are relayed. The relay unit 45 includes a relay unit 45. When the relay unit 45 receives the DNS query 40, the relay unit 45 refers to the correspondence table in the storage device 43, selects the logical connection 59 and the IP address 57 corresponding to the query destination domain name 56, and selects the DNS. Transfer the query 40.
[Selection] Figure 2

Description

  The present invention relates to a packet transfer apparatus and a packet transfer method for transferring a domain name resolution request packet from a client to a domain name system server.

  The World Wide Web (hereinafter abbreviated as “Web”) is known as an information providing method on the Internet. Web information can be received by a user terminal having a Web browser function accessing a Web server.

  When a user terminal having a Web browser function accesses a Web server on the Internet, it is necessary to specify the location of the Web server by a URL (Uniform Resource Locator). An IP (Internet Protocol) address or a domain name can be specified as the URL, but a domain name including a server name is usually used so that the user can easily understand it intuitively. DNS (Domein Name System) is a device that uses a DNS server as a server program that associates a domain name, which is a device name on a network, with a device-specific IP address used for communication, and one or more DNS servers. This system is configured by a DNS client that performs name / address conversion, and uses this IP address / domain name correspondence table to obtain an IP address from a domain name.

  When a Web server on the Internet is specified by a domain name by a user terminal having a Web browser function, a domain name resolution request packet is transmitted to the DNS server in order to request conversion from the domain name to an IP address. The user terminal can access the Web server by using the IP address returned from the DNS server as a destination and view Web information.

  Further, when a user accesses the Internet, it is common to access via a network provided by an Internet service provider. There is PPPoE as a protocol used in the access network. This is a standard created for checking the user name and password of a user by dial-up connection (PPP connection: Point to Point Protocol) on a network such as Ethernet (registered trademark). Task Force) RFC2516 (Request For Comment 2516). The user's terminal becomes a PPPoE client, and a PPPoE server (also referred to as a broadband access server: BAS) checks the user name and password, and an Internet service provider (hereinafter referred to as “ISP”) designated for the user. Connect to or adjust the bandwidth.

  PPPoE also provides a service for selecting an ISP, and the user can change the connection destination provider by changing the user name and password to be input. At this time, a control protocol called IPCP (Internet Protocol Control Protocol) defined by RFC1332 is used to support additional functions such as assignment of an IP address to a PPPoE client and presence / absence of data compression.

  In addition, when there are a plurality of user terminals trying to connect to the Internet, a device for relaying packets such as a gateway device is required. A gateway device generally has a simple DNS server function and a function of relaying a domain name resolution request packet (hereinafter also referred to as “DNS query”).

  FIG. 10 shows an example of a network including a conventional gateway device. In FIG. 10, a conventional gateway device 2 is connected to user terminals 3 a and 3 b having web browsers for browsing web pages, and constitutes a user network 1.

  The gateway device 2 establishes a logical connection 7 a, here a PPPoE session A, with the provider A via the PPPoE server 6 in the carrier network 5. In FIG. 10, the gateway apparatus 2 has established only the PPPoE session A with the network 11a of the provider A, and has not established a logical connection with the network 11b of the provider B.

  In the provider A network 11 a, a DNS server 12 a and a WEB server 13 a independently constructed by the provider A are arranged, and the provider A network 11 a is connected to the Internet 18. In the provider B network 11 b, a DNS server 12 b and a WEB server 13 b that are independently constructed by the provider B are arranged, and the provider B network 11 b is connected to the Internet 18. That is, the provider A network 11 a and the provider B network 11 b are connected to each other via the Internet 18.

  There is only one information about the DNS server that is the transfer destination of the DNS query 20 that can be managed by the gateway device 2. Here, only the DNS server 12 a that is managed by the provider A, and the DNS server 12 b that is managed by the provider B cannot be managed. .

  In FIG. 10, a case where the user terminal 3a accesses the WEB server 13b managed by the provider B is considered. The user is a member of provider A, and normally registers DNS server 12 a managed by provider A as an inquiry DNS server of gateway device 2. When the DNS query 20 from the user terminal 3a is transmitted to the gateway device 2, it is relayed to the DNS server 12a managed by the gateway device 2. Since the DNS server 12a basically knows only the information in the domain managed by itself and the DNS server name of the subdomain, the DNS server 12a has no information on the WEB server 13b in the zone information managed by the DNS server 12a. An inquiry is made to the other DNS server 12d and the highest DNS server (not shown) called a route server, and DNS resolution is performed to the end.

  In FIG. 10, the provider A network 11 a and the provider B network 11 b are connected via the Internet 18. Therefore, when accessing the WEB server 13b managed by the provider B from the user terminal 3a, the domain name inquiry is repeated until the DNS server 12b is finally reached. Then, the DNS server 12b resolves the domain name of the WEB server 13b, and a DNS response packet notifying the corresponding IP address is returned to the user terminal 3a. Thereby, the user terminal 3a can see the information of the WEB server 13b.

  On the other hand, broadband networks have become widespread in recent years, and there has been an increasing demand for users who want to view large-capacity content such as video on network terminals such as personal computers. In order to send packets with video information to video receiving terminals without interruption, a provider that secures communication quality by constructing a provider's own CDN (Contents Delivary Network) separated from a network that does not guarantee communication quality such as the Internet is there.

  FIG. 11 shows a network configuration diagram including a provider-specific CDN separated from the Internet. The gateway apparatus 2 can establish a plurality of logical connections 7a and 7b (in FIG. 11, PPPoE session A and PPPoE session B) simultaneously with networks 11a and 11c of a plurality of providers (in FIG. 11, two providers A and C). Here, it is assumed that provider C constructs the above-described CDN. Since the CDN is a closed network separated from the Internet 18, the domain name of the WEB server 13c in the CDN of the provider C is managed only by the DNS server 12c in the CDN. Therefore, when accessing the WEB server 13c in the CDN managed by the provider C by using a domain name, the user terminals 3a and 3b as DNS clients can make a DNS query to the DNS server 12c in the CDN. 20 need to be transmitted.

  However, since there is only one DNS server that can be managed by the gateway device 2 in the conventional technology, either the DNS server 12a of provider A or the DNS server 12c of provider C can be set as a DNS server that relays the DNS query 20. Only one of them.

  For example, when the DNS server 12a of the provider A is set as a DNS server that relays the DNS query 20, even if an inquiry is made to the upper DNS server 12d, the DNS query 20 cannot be transferred to the DNS server 12c and the domain name cannot be resolved. When the gateway device 2 sets the DNS server 12c of the provider C as a DNS server that relays the DNS query 20, the domain name managed by the DNS server 12a or the DNS server 12d cannot be resolved.

Patent Document 1 proposes a method for improving search efficiency by appropriately allocating DNS servers that make inquiries based on domain names.
JP 2001-175561 A

  However, in such a conventional packet transfer apparatus, there is a problem in that it is necessary to manually set the information for distributing the DNS server inquiring by the domain name.

  The present invention has been made to solve the conventional problems, and an object of the present invention is to provide a packet transfer apparatus that can transfer a domain name resolution request packet to an appropriate DNS server that can resolve a domain name. To do.

  The packet transfer apparatus of the present invention includes a connection establishment means for establishing a plurality of logical connections, a logical connection established with a domain name server by the connection establishment means, and included in additional information of a connection control protocol with the domain name server Obtaining means for obtaining an IP address of the domain name server and domain name information managed by the domain name server, the IP address of the domain name server obtained by the obtaining means, the domain name information, and the logic Storage means for associating and storing the connection in a correspondence table; and relay means for relaying a domain name resolution request packet including an inquiry destination domain name from a user terminal, wherein the relay means transmits the domain name resolution request packet to the domain name resolution request packet. A user When received from the end, the correspondence table stored in the storage means is referred to, the domain name information corresponding to the inquired domain name of the received domain name resolution request packet is searched, and the searched The IP address and the logical connection of the domain name server corresponding to the domain name information are selected, and the domain name resolution request packet is forwarded to the IP address of the domain name server via the selected logical connection. It has the structure characterized by this.

  With this configuration, a packet can be transferred by selecting a logical connection in which an appropriate inquiry destination DNS server exists from a plurality of logical connections.

  Thereby, for example, even if a domain name resolution request packet addressed to a Web server in a network separated from a network where the root server is located (for example, the Internet network) and a domain name resolution request packet addressed to a Web server on the Internet are mixed. , Those packets can be sorted appropriately.

  Further, in the packet transfer apparatus, the storage means receives the domain name resolution request not corresponding to the stored domain name information and uses the default IP address and logical connection of the domain name server used. Is stored in the correspondence table in advance, and when the relay means receives the domain name resolution request packet from the user terminal and searches the correspondence table stored in the storage means, it corresponds to the inquiry domain name. When the domain name information to be included is not included in the correspondence table, the IP address and the logical connection of the default domain name server can be selected.

  With this configuration, the domain name resolution request packet is not forwarded and discarded, so that packet retransmission is repeated, domain name resolution from the user terminal cannot be performed, and information is not displayed on the browser or the like Can be reduced, and web information can be accessed comfortably.

  The packet transfer method of the present invention includes a connection establishment step for establishing a plurality of logical connections, and an addition of a connection control protocol between the domain name server and the domain name server when the logical connection is established in the connection establishment step. An acquisition step of acquiring an IP address of the domain name server included in the information and domain name information managed by the domain name server, the IP address of the domain name server acquired in the acquisition step, the domain name information, And a storage step of associating and storing the logical connection in a correspondence table, a reception step of receiving a domain name resolution request packet including a query domain name from a user terminal, When the packet is received from the user terminal, the domain name information corresponding to the inquiry destination domain name of the domain name resolution request packet received in the reception step is referred to the correspondence table stored in the storage step. A search step for searching, a selection step for selecting the IP address and the logical connection of the domain name server corresponding to the domain name information searched in the search step, and a logical connection selected in the selection step Transferring the domain name resolution request packet to the IP address of the domain name server.

  Thereby, it is possible to select a logical connection in which an appropriate inquiry destination DNS server exists from a plurality of logical connections and transfer the packet.

  Further, in the packet transfer method, the IP address and the logical connection of the default domain name server used when the domain name resolution request not corresponding to the stored domain name is received in the correspondence table in advance. And when searching the correspondence table stored in the storage means in the searching step and the domain name information corresponding to the inquiry destination domain name is not included in the correspondence table, the default Selecting the IP address of the domain name server and the logical connection.

  With this configuration, the domain name resolution request packet is not forwarded and discarded, so that packet retransmission is repeated, domain name resolution from the user terminal cannot be performed, and information is not displayed on the browser or the like Can be reduced, and web information can be accessed comfortably.

  It should be noted that any combination of the above-described constituent elements and a conversion of the expression of the present invention between a method, an apparatus, a system, a recording medium, a computer program, etc. are also effective as an aspect of the present invention.

  The present invention can provide a packet transfer apparatus capable of transferring a domain name resolution request packet to an appropriate DNS server capable of resolving a domain name and having an effect of realizing an efficient network connection environment. Is.

Hereinafter, a packet transfer apparatus according to an embodiment of the present invention will be described with reference to the drawings. In all the drawings, the same constituent elements are denoted by the same reference numerals.
(First embodiment)
FIG. 1 is a schematic block diagram of the entire network including the packet transfer apparatus according to the first embodiment of this invention.

  In FIG. 1, the packet transfer apparatus according to the present embodiment is included in a gateway apparatus 22 that enables connection between networks of different standards. The gateway device 22 is connected to a plurality of (two in FIG. 1) user terminals 23 a and 23 b having web browsers for browsing web pages, and constitutes a user network 21.

  The gateway device 22 can establish a plurality of logical connections 27a and 27b with a plurality of providers' networks 31a and 31b via the PPPoE server 26 in the carrier network 25, respectively. In the present embodiment, the logical connections 27a and 27b are PPPoE sessions.

  In FIG. 1, two logical connections of a PPPoE session A and a PPPoE session B are established for two provider networks, a provider A network 31a and a provider B network 31b, respectively. In the present embodiment, there are two provider networks with which the gateway device 22 has established logical connections. However, the present invention is not limited to this, and a plurality of logical connections are simultaneously made between a plurality of networks. Can be established.

  In the provider A network 31 a, a DNS server 32 a and a WEB server 33 a independently constructed by the provider A are arranged, and the provider A network 31 a is connected to the Internet 38.

  In the network 31b of the provider B, a DNS server 32b and a WEB server 33b that are independently constructed by the provider B are arranged, and the network 31b of the provider B constitutes a closed network that is not connected to the Internet 38.

  FIG. 2 is a block diagram of a schematic configuration of the gateway device 22 of FIG.

  In FIG. 2, the gateway device 22 includes a connection establishment unit 41 that establishes a plurality of logical connections 27 a and 27 b, and a domain name resolution request packet (hereinafter referred to as “DNS”) including an inquiry domain name from a user terminal in the user network 21. It is called a “query”.) A relay unit 45 that relays 40 is provided.

  The connection establishment unit 41 includes a plurality of logical connections 27a and 27b (here, the DNS servers 32a and 32b arranged in the networks 31a and 31b of the plurality of providers shown in FIG. 1 and the PPPoE server 26 of the carrier network 25). , PPPoE session A and PPPoE session B) are established respectively.

  When the DNS servers 32a and 32b and the PPPoE sessions A and B are established, the connection establishment unit 41 uses the domain name information 48 included in the additional information 51 of the connection control protocol with the DNS servers 32a and 32b, respectively, in the carrier network 25. Obtained from the PPPoE server 26. In this embodiment, the connection control protocol with the DNS server is IPCP (Internet Protocol Control Protocol) defined by RFC1332. Hereinafter, the connection control protocol additional information 51 is referred to as IPCP protocol additional information 51. Details of the acquisition of the domain name information 48 will be described later.

  The gateway device 22 further includes a storage device 43 that associates the domain name information 48 of the DNS servers 32a and 32b acquired by the connection establishment unit 41 with the corresponding destination logical connection and stores them in the correspondence table.

  FIG. 3 shows an example of the correspondence table stored in the storage device 43. As shown in FIG. 3, in the correspondence table, a plurality of domain names 56, an IP address 57 of a destination DNS server corresponding to the destination of the domain name 56, and a destination logical connection 59 are associated. For example, if the domain name 56 is “PPPoE.AAA.NE.JP” in the first row L1 of the correspondence table, the IP address 57 “100.100.100.100” of the DNS server 32a that is the destination DNS server. ”And“ PPPoE session A ”indicating the destination logical connection of the destination DNS server.

  Further, as shown in the last row L4 of the correspondence table, when the corresponding domain name 56 does not exist in the correspondence table, the IP address 57 “000.000.000.100” of the destination DNS server used as a default is used. ”And the destination logical connection 59“ PPPPE session X ”can be stored in the correspondence table. In this way, when the domain name 56 included in the DNS query 40 received from the user terminals 23a and 23b does not exist in the correspondence table stored in the storage device 43, the destination logical connection set as default is set. The DNS query 40 can be forwarded to the destination DNS server IP address 57 set as a default via 59.

  As a result, the DNS query 40 is not transferred and discarded, so that retransmission of the packet is repeated, domain name resolution from the user terminals 23a and 23b cannot be performed, and information is not displayed on the browser or the like. Can be reduced, the Web information can be accessed comfortably, and an efficient network connection environment can be realized.

  FIG. 4 is a diagram showing an example of the data structure of the IPCP protocol additional information 51 acquired by the gateway device 22 of FIG. 2 when the logical connection is established. The IPCP protocol additional information 51 is preceded by a type 52 (shown as “Type” in the figure) indicating the type of the information (for example, IP address), and then a packet length 53 (“Length” in the figure). Followed by a payload 54 where the actual information is stored.

  The DNS servers 32a and 32b include, for example, the domain name information 48 managed by the DNS server 32a and 32b and store it in the payload 54 of the IPCP protocol additional information 51 shown in FIG. The domain name 56 to be notified can be notified. The gateway device 22 receives the IPCP protocol additional information 51, extracts the domain name information 48 stored in the payload 54, and acquires the domain name 56 included in the domain name information 48 and the IP address 57 of the destination DNS server (hereinafter referred to as the DNS information). , Called “DNS server IP address 57”) and the destination logical connection 59 are stored in the correspondence table of the storage device 43 in FIG.

  As described above, in this embodiment, the DNS server managed by the provider and the PPPoE center server cooperate with each other using the PPPoE mechanism widely used for Internet connection, so that domain name information appropriate for the user can be obtained. Since the notification can be made, the network connection environment can be realized at a lower introduction cost.

  The operation of the packet transfer apparatus of the present embodiment configured as described above will be described with reference to FIGS.

  FIG. 5 is a flowchart showing an example of the operation of the gateway device 22 of FIG. 2 when acquiring domain information. First, the connection establishment unit 41 of the gateway device 22 establishes a logical connection with each provider (step S1). For example, in FIG. 1, PPPoE session A and PPPoE session B are established between provider A and provider B, respectively.

  Next, the domain name information 48 managed by the DNS servers 32a and 32b included in the IPCP protocol additional information 51, which is the PPPoE session connection control protocol shown in FIG. Obtained from the server 26 (step S2).

  Next, the domain name 56, DNS server IP address 57, and destination logical connection 59 included in the acquired domain name information 48 are associated and stored in the correspondence table of the storage device 43 shown in FIG. 3 (step S3). .

  As described above, in the gateway device 22, the domain name information 48 is acquired from the PPPoE server 26, and a correspondence table in which the domain name 56, the DNS server IP address 57, and the destination logical connection 59 are associated is stored in the storage device 43. The

  FIG. 6 is a flowchart showing an example of the operation of the gateway device 22 of FIG. 2 when the DNS query 40 is transferred. In the gateway device 22, when the DNS query 40 is received from the user terminals 23 a and 23 b by the relay unit 45 (step S 11: YES), the relay unit 45 uses the inquiry domain name 56 included in the DNS query 40. Then, the corresponding table stored in the storage device 43 is referred to and the corresponding domain name 56 is searched (step S12).

  When the corresponding domain name 56 is found (step S12: YES), the corresponding DNS server IP address 57 and the destination logical connection 59 are selected by the relay unit 45 (step S13). On the other hand, when the corresponding domain name 56 is not found (step S12: NO), the DNS server IP address 57 and the destination logical connection 59 set as default are selected by the relay unit 45 (step S14).

  Here, if the inquiry domain name 56 included in the DNS query 40 is “PPPoE.AAA.NE.JP”, “100” is set as the DNS server IP address 57 based on the correspondence table of the storage device 43 in FIG. .100.100.100 "and" PPPoE session A "is obtained as its destination logical connection.

  Returning to FIG. 6, the DNS query 40 is forwarded to the DNS server IP address 57 via the destination logical connection 59 obtained by the relay unit 45 (step S <b> 15).

  As described above, the DNS query 40 is transferred to the desired DNS server by the gateway device 22.

  FIG. 7 is a flowchart showing an example of the operation at the time of DNS query 40 response in the DNS server. Here, the case where the DNS query 40 is transferred to the DNS server 32a by the gateway device 22 in FIG. 1 will be described.

  As shown in FIG. 7, when the DNS query 40 transferred from the gateway device 22 is received by the DNS server 32a (step S21: YES), the query server domain name 56 included in the DNS query 40 is received by the DNS server 32a. Is converted into the IP address of the WEB server 33a (step S22). Next, a DNS response packet 42 including this IP address is returned to the user terminal 23a of the user network 21 via the gateway device 22 (step S23).

  As described above, the DNS server 32a that has received the DNS query 40 transferred from the gateway device 22 can return the DNS response packet 42 including the IP address of the WEB server 33a to the user terminal 23a. The user terminal 23a can acquire an IP address and can access a desired WEB server 33a.

  As described above, according to the packet transfer apparatus of the first exemplary embodiment of the present invention, a plurality of logical connections 27a and 27b are established with the DNS servers 32a and 32b, and are connection control protocols with the DNS servers 32a and 32b. A connection establishment unit 41 for obtaining the IP addresses of the DNS servers 32a and 32b included in the IPCP protocol additional information 51 and the domain name information 48 managed by the DNS servers 32a and 32b, and the DNS server 32a obtained by the connection establishment unit 41, The storage device 43 that associates the IP address of 32b, the domain name information 48, and the logical connections 27a and 27b and stores them in the correspondence table, and the DNS query 40 including the inquiry destination domain name from the user terminals 23a and 23b are relayed. A relay unit 45, and a relay unit 5, when the DNS query 40 is received from the user terminal, the correspondence table stored in the storage device 43 is referred to, and the domain name information 48 corresponding to the inquiry domain name of the received DNS query 40 is searched and searched. By selecting the DNS server IP address and logical connection corresponding to the domain name information 48 and transferring the DNS query 40 to the DNS server IP address via the selected logical connection, Thus, it is possible to select a logical connection in which an appropriate inquiry destination DNS server exists and transfer the packet, and to reliably perform domain name resolution.

  Thereby, for example, the DNS query 40 addressed to the WEB server (WEB server 33b in the network 31b of the provider B in FIG. 1) and the Internet 38 on the Internet 38 are separated from the network where the route server is located (for example, the Internet network). Even if the DNS query 40 addressed to the WEB server (the WEB server 33a in the network 31a of the provider A in FIG. 1) is mixed, the packets can be appropriately distributed.

As described above, according to the packet transfer apparatus of this embodiment, it is possible to transfer a domain name resolution request packet to an appropriate DNS server that can resolve a domain name, thereby realizing an efficient network connection environment. it can.
(Second Embodiment)
Next, FIG. 8 shows an example of a network configuration including the packet transfer apparatus according to the second embodiment of the present invention. This is different from the first embodiment shown in FIG. 1 in that the gateway device 60 has a plurality of logical connections 65a with a plurality of business office networks via the IKE connection control device 63 in the corporate network 61. , 65b can be established. In addition, the same code | symbol is attached | subjected to the structure similar to the said 1st Embodiment, and detailed description is abbreviate | omitted.

  In FIG. 8, the packet transfer apparatus according to the present embodiment is included in the gateway apparatus 60. In the present embodiment, the plurality of logical connections 65a and 65b established with a plurality of business networks are IPsec connections.

  In FIG. 8, two logical connections, that is, an IPsec connection A and an IPsec connection B, are established with respect to the two business site networks, that is, the business site A network 71a and the business site B network 71b. In the present embodiment, there are two office networks in which the gateway device 60 has established logical connections. However, the present invention is not limited to this, and a plurality of logical connections are simultaneously made between a plurality of networks. Can be established.

  A DNS server 72 a and a WEB server 73 a that are independently constructed by the business site A are arranged in the network 71 a of the business site A, and the network 71 a of the business site A is connected to the network 78 of the business site C. A DNS server 72b and a WEB server 73b independently constructed by the business site B are arranged in the network 71b of the business site B, and the network 71b of the business site B is connected to the network 78 of the business site C.

  In the present embodiment, the gateway device 60 has the same configuration as the gateway device 22 of the above-described embodiment shown in FIG. 2, but the connection establishment unit 41 includes a plurality of DNS servers 32a and 32b and a plurality of PPPoE sessions 27a. , 27b, and a plurality of DNS servers 72a, 72b and a plurality of IPsec connections 65a, 65b, respectively.

  In addition, when the DNS servers 72a and 72b and the IPsec connections 65a and 65b are established, the connection establishment unit 41 acquires the domain name information 48 included in the additional information of the connection control protocol with the DNS servers 72a and 72b. In this embodiment, the connection control protocol with the DNS server is IKE (Internet Key Exchange) ISAKMP (Internet Security Association and Key Management Protocol). The gateway device 60 uses the IPsec connection connection control protocol to provide information necessary for encryption and information on the domain name where the WEB servers 73a and 73b managed independently by each business site are also added as IKE connection control. Receive from device 63.

  FIG. 9 is a diagram illustrating an example of the data structure of the IKE (ISAKMP) protocol additional information of the gateway device 60 according to the present embodiment. The IKE protocol additional information 81 includes a next header 82, a reservation 83, a payload length 84, and a payload 85 in which actual information subsequent thereto is stored. In ISAKMP, 13 types of payloads 85 are defined. In the present embodiment, a payload 85 for newly notifying the domain name information 48 is defined. As shown in FIG. 9, domain name information 48 is stored in the payload 85.

  As described above, in this embodiment, the DNS server and the IKE connection control device managed by each site in the company using the IPsec mechanism constructed to secure the secure communication path between the companies. By cooperating with each other, it is possible to notify the user of an appropriate domain name, so that an in-house network connection environment can be realized more efficiently.

  The operation of the packet transfer apparatus of the present embodiment configured as described above will be described. The operation of the packet transfer apparatus according to this embodiment is the same as that shown in FIGS. 5 to 7 of the first embodiment.

  The operation at the time of domain information acquisition in the gateway device 60 of the present embodiment will be described with reference to FIG. First, the connection establishment unit 41 of the gateway device 60 establishes logical connections 65a and 65b with each business site (step S1). For example, in FIG. 8, an IPsec connection A and an IPsec connection B are established between the business place A and the business place B, respectively.

  Next, the connection establishing unit 41 of the gateway device 60 uses the IKE protocol additional information 81 which is the IPsec connection connection control protocol shown in FIG. 9 to obtain the IKE connection control of the corporate network 61 from the domain name information 48 managed by the DNS servers 72a and 72b. Obtained from the device 63 (step S2).

  Next, the domain name 56, DNS server IP address 57, and destination logical connection 59 included in the acquired domain name information 48 are associated and stored in the correspondence table of the storage device 43 (step S3). Here, the correspondence table of the storage device 43 is the same as that in the first embodiment.

  As described above, in the gateway device 60, the domain name information 48 is acquired from the IKE connection control device 63, and a correspondence table in which the domain name 56, the DNS server IP address 57, and the destination logical connection 59 are associated is stored in the storage device 43. Remembered.

  Next, the operation of the gateway device 60 when the DNS query 40 is transferred will be described with reference to FIG. In the gateway device 60, when the DNS query 40 is received from the user terminals 23a and 23b by the relay unit 45 (step S11: YES), the relay unit 45 uses the inquiry domain name 56 included in the DNS query 40. Then, the corresponding table stored in the storage device 43 is referred to and the corresponding domain name 56 is searched (step S12).

  When the corresponding domain name 56 is found (step S12: YES), the corresponding DNS server IP address 57 and the destination logical connection 59 are selected by the relay unit 45 (step S13). On the other hand, when the corresponding domain name 56 is not found (step S12: NO), the DNS server IP address 57 and the destination logical connection 59 set as default are selected by the relay unit 45 (step S14).

  Next, the DNS query 40 is forwarded to the DNS server IP address 57 by the relay unit 45 via the obtained destination logical connection 59 (step S15).

  As described above, the DNS query 40 is transferred to the desired DNS server by the gateway device 60.

  Next, the operation at the time of DNS query 40 response in the DNS server will be described with reference to FIG. Here, a description will be given assuming that the DNS query 40 is transferred to the DNS server 72b by the gateway device 60 of FIG.

  When the DNS query 72 transferred from the gateway device 60 is received by the DNS server 72b (step S21: YES), the DNS server 72b sets the inquiry destination domain name 56 included in the DNS query 40 to the IP address of the WEB server 73b. (Step S22). Next, a DNS response packet 42 including this IP address is returned to the user terminal 23a of the user network 21 via the gateway device 60 (step S23).

  As described above, the DNS server 72b that has received the DNS query 40 transferred from the gateway device 60 can return the DNS response packet 42 including the IP address of the WEB server 73b to the user terminal 23a. The terminal 23a acquires the IP address and can access the desired WEB server 73b.

  As described above, according to the packet transfer apparatus of the second exemplary embodiment of the present invention, a plurality of logical connections 65a and 65b are established with the DNS servers 72a and 72b, and are connection control protocols with the DNS servers 72a and 72b. A connection establishment unit 41 for obtaining the IP addresses of the DNS servers 72a and 72b and the domain name information 48 managed by the DNS servers 72a and 72b included in the IKE protocol additional information 81, and the DNS server 72a obtained by the connection establishment unit 41, The storage device 43 that associates the IP address 72b, the domain name information 48, and the logical connections 65a and 65b and stores them in the correspondence table, and the DNS query 40 including the inquiry destination domain names from the user terminals 23a and 23b are relayed. A relay unit 45, and a relay unit 4 When the DNS query 40 is received from the user terminal, the correspondence table stored in the storage device 43 is referred to, and the domain name information 48 corresponding to the inquiry domain name of the received DNS query 40 is retrieved and retrieved. By selecting the DNS server IP address and logical connection corresponding to the domain name information 48 and transferring the DNS query 40 to the DNS server IP address via the selected logical connection, a plurality of logical connections are selected. It is possible to select a logical connection having an appropriate inquiry destination DNS server and transfer the packet, and it is possible to reliably perform domain name resolution even in a packet transfer apparatus or the like that simultaneously connects each base network in the company.

  In the above description, an example in which the packet transfer device of the present invention is configured as a gateway device has been described. However, other devices that transfer packets, such as broadband routers, VPN (Virtual Private Network) routers, modems, software routers, etc. The same can be applied to a personal computer or the like that operates as follows.

  The present invention has been described based on the embodiments. It is to be understood by those skilled in the art that this embodiment is merely an example, and that various modifications are possible and that such modifications are within the scope of the present invention.

  As will be apparent to those skilled in the art, the present invention can be implemented using a typical commercially available digital computer and microprocessor programmed according to the techniques described in the above embodiments. Further, as will be apparent to those skilled in the art, the present invention includes a computer program created by a person skilled in the art based on the technique described in the above embodiment. Also included in the scope of the invention are computer program products that are storage media containing instructions used to program a computer implementing the invention.

  As described above, the packet transfer apparatus according to the present invention can transfer a domain name resolution request packet to an appropriate DNS server that can resolve a domain name, and can realize an efficient network connection environment. And is useful as a packet transfer device that transfers a domain name resolution request packet from a client to a DNS server.

1 is a schematic configuration block diagram showing an example of a network configuration including a packet transfer apparatus according to a first embodiment of this invention. Schematic configuration block diagram of the gateway device of FIG. Configuration diagram showing an example of a correspondence table stored in the storage device of the gateway device of FIG. The figure which shows an example of the data structure of the IPCP protocol additional information of the gateway apparatus of FIG. The flowchart which shows an example of the operation | movement at the time of the domain information acquisition of the gateway apparatus of FIG. The flowchart which shows an example of the operation | movement at the time of the domain name resolution request packet transfer of the gateway apparatus of FIG. The flowchart which shows an example of the operation | movement at the time of the DNS response of the domain name server of FIG. Schematic configuration block diagram showing an example of a network configuration including a packet transfer apparatus according to a second embodiment of the present invention The figure which shows an example of the data structure of the IKE protocol additional information of the gateway apparatus of FIG. Schematic configuration block diagram showing an example of a network configuration including a conventional packet transfer device Schematic configuration block diagram showing another example of a network configuration including a conventional packet transfer apparatus

Explanation of symbols

21 User network 22 Gateway device (packet transfer device)
23a, 23b User terminal 25 Carrier network 26 PPPoE server 27a, 27b PPPoE session (logical connection)
31a Provider A network 31b Provider B network 32a, 32b DNS server (domain name server)
33a, 33b WEB server 38 Internet 40 DNS query (domain name resolution request packet)
41 Connection establishment unit (connection establishment means, acquisition means)
42 DNS response packet 43 Storage device (storage means)
45 Relay section (relay means)
48 Domain Name Information 51 IPCP Protocol Additional Information 56 Domain Name 57 DNS Server IP Address 59 Destination Logical Connection 60 Gateway Device (Packet Transfer Device)
61 Corporate network 63 IKE connection controller 65a, 65b IPsec connection (logical connection)
71a Network of business site A 71b Network of business site B 72a, 72b DNS server (domain name server)
73a, 73b WEB server 78 Network of business office C 81 IKE protocol additional information

Claims (5)

A connection establishment means for establishing a plurality of logical connections;
The logical connection is established with a domain name server by the connection establishing means, and the IP address of the domain name server and the domain name information managed by the domain name server are included in the additional information of the connection control protocol with the domain name server. Acquisition means for acquiring;
Storage means for associating and storing the IP address of the domain name server acquired by the acquisition means, the domain name information, and the logical connection in a correspondence table;
A relay means for relaying a domain name resolution request packet including an inquiry destination domain name from a user terminal,
When the relay means receives the domain name resolution request packet from the user terminal, the relay means refers to the correspondence table stored in the storage means, and sets the inquiry destination domain name in the received domain name resolution request packet. The corresponding domain name information is searched, the IP address and the logical connection of the domain name server corresponding to the searched domain name information are selected, and the domain name server of the domain name server is selected through the selected logical connection. A packet transfer apparatus for transferring the domain name resolution request packet to the IP address. The storage means stores in advance in the correspondence table the IP address and the logical connection of the default domain name server used when the domain name resolution request not corresponding to the stored domain name information is received. ,
When the relay means receives the domain name resolution request packet from the user terminal and searches the correspondence table stored in the storage means, the domain name information corresponding to the inquired domain name is the correspondence table. 2. The packet transfer apparatus according to claim 1, wherein the IP address and the logical connection of the default domain name server are selected when the IP address is not included in the domain name server. A connection establishment step for establishing a plurality of logical connections;
When the logical connection is established with the domain name server in the connection establishing step, the IP address of the domain name server included in the additional information of the connection control protocol with the domain name server and the domain managed by the domain name server An acquisition step for acquiring name information;
A storage step of associating and storing the IP address of the domain name server acquired in the acquisition step, the domain name information, and the logical connection in a correspondence table;
A receiving step of receiving from the user terminal a domain name resolution request packet including the inquired domain name;
When receiving the domain name resolution request packet from the user terminal in the receiving step, refer to the correspondence table stored in the storing step and refer to the inquiry destination of the domain name resolution request packet received in the receiving step A search step of searching for the domain name information corresponding to a domain name;
A selection step of selecting the IP address and the logical connection of the domain name server corresponding to the domain name information searched in the search step;
And a forwarding step of forwarding the domain name resolution request packet to the IP address of the domain name server via the logical connection selected in the selection step. Storing in advance in the correspondence table the IP address and the logical connection of the default domain name server used when the domain name resolution request not corresponding to the stored domain name is received;
When searching the correspondence table stored in the storage means in the search step, if the domain name information corresponding to the query domain name is not included in the correspondence table, the default of the domain name server The packet transfer method according to claim 3, further comprising selecting an IP address and the logical connection. A packet transfer control program that causes a computer to execute the steps of the packet transfer method according to claim 3 or 4.

Images