JP2018137612A - Communication method and communication system - Google Patents

Abstract

An efficient virtual CPE system can be constructed.
A communication method is a communication method executed by a communication system in which a user terminal connects to a virtual CPE (Customer Premises Equipment) via a relay device and communicates with an external device via the virtual CPE. An authentication process for authenticating whether or not the use of the communication system is valid, and a virtual CPE is activated for the user terminal authenticated to be valid for the use of the communication system, and the user is activated by the activated virtual CPE A virtual CPE setting step for setting user information related to the terminal, the address issued to the user terminal and the address of the activated virtual CPE are notified to the user terminal, and the switch connected to the user terminal and the activated virtual CPE And an establishing step of establishing an IP (Internet Protocol) tunnel in between.
[Selection] Figure 6

Description

  The present invention relates to a communication method and a communication system including virtual CPE (Customer Premises Equipment).

  CPE (Customer Premises Equipment) is used to provide communication services. In recent years, with the development of virtualization technology, it has been proposed to virtualize the CPE installed in the user's home and place it on the carrier side on the public network rather than in the service user's home (for example, Non-Patent Document 1).

NEC, “vCPE Solution”, [online], [Search February 3, 2017], Internet <URL: http://jpn.nec.com/tcs/vcpe/>

  FIG. 14 is a diagram for explaining CPE virtualization. For example, as shown in FIG. 14 (a), the function of the HGW (home gateway) 3P installed in the user's home is transferred to the virtualized CPE of the carrier network as shown in FIG. 14 (b). Deploy. The CPE installed in this carrier network is called a virtual CPE and has functions such as NAT (Network Address Translation) and DHCP (Dynamic Host Configuration Protocol) for connecting the user terminal 5P in the home to the carrier network ( (See frame C1).

  By using this virtual CPE, the home HGW can be simplified to a simple HGW 3P ′. By deploying the virtual CPE on the carrier side, it is possible to perform device renewal and maintenance support on the carrier side, so that it is possible to maintain services such as device renewal and increase the efficiency of maintenance support. On the other hand, in the conventional configuration, it is necessary to deploy the same number of virtual CPEs as the number of user terminals on the carrier side, which causes a problem that the system configuration becomes complicated.

  The present invention has been made in view of the above, and an object thereof is to provide a communication method and a communication system capable of constructing an efficient virtual CPE system.

  In order to solve the above-described problems and achieve the object, a communication method according to the present invention is a communication executed by a communication system in which a user terminal connects to a virtual CPE via a relay device and communicates with an external device via the virtual CPE. An authentication step of authenticating whether or not the use of the communication system by the user terminal is valid, and starting the virtual CPE for the user terminal authenticated to be valid of the use of the communication system In addition, the user terminal is notified of the virtual CPE setting step of setting user information related to the user terminal in the activated virtual CPE, the address issued to the user terminal and the address of the activated virtual CPE. An establishment step of establishing an IP (Internet Protocol) tunnel between the switch and the activated virtual CPE.

  According to the present invention, an efficient virtual CPE system can be constructed.

FIG. 1 is a diagram illustrating an example of a configuration of a communication system according to an embodiment. FIG. 2 is a diagram for explaining the flow of processing until the virtual CPE is activated in the information system according to the present embodiment. FIG. 3 is a diagram for explaining the flow of processing until the virtual CPE is activated in the information system according to the present embodiment. FIG. 4 is a diagram for explaining the flow of the virtual CPE deletion process in the information system according to the present embodiment. FIG. 5 is a diagram for explaining the flow of the virtual CPE deletion process in the information system according to the present embodiment. FIG. 6 is a sequence diagram showing a processing procedure of virtual CPE activation processing in the information system according to the present embodiment. FIG. 7 is a sequence diagram showing a processing procedure of virtual CPE deletion processing in the information system according to the present embodiment. FIG. 8 is a sequence diagram showing another processing procedure of the virtual CPE deletion processing in the information system according to the present embodiment. FIG. 9 is a diagram showing a schematic configuration of a conventional virtual CPE system. FIG. 10 is a diagram showing a schematic configuration of a conventional virtual CPE system. FIG. 11 is a diagram showing an outline of the configuration of the communication system according to the present embodiment. FIG. 12 is a diagram showing an outline of the configuration of the communication system according to the present embodiment. FIG. 13 is a diagram illustrating an example of a computer in which each device of the communication system is realized by executing a program. FIG. 14 is a diagram for explaining CPE virtualization.

  Hereinafter, an embodiment of the present invention will be described in detail with reference to the drawings. In addition, this invention is not limited by this embodiment. Moreover, in description of drawing, the same code | symbol is attached | subjected and shown to the same part.

[Embodiment]
Regarding the communication system according to the embodiment, a schematic configuration of the entire communication system and a communication method using the communication system will be described. Note that the numbers of user terminals, switches (SW), virtual CPEs, and the like described below are merely examples, and are not limited thereto.

  The communication system according to the present embodiment does not deploy a virtual CPE for each user terminal in advance, but activates a virtual CPE license using authentication for the user terminal as a trigger. That is, in the communication system, the virtual CPE is activated only for the user terminal that is authenticated that the use of the communication system is valid. Further, in the communication system according to the present embodiment, when there is no virtual CPE traffic or virtual CPE usage record for a certain period of time, the virtual CPE is deleted. Therefore, in the communication system according to the present embodiment, the virtual CPE is efficiently deployed by increasing / decreasing the virtual CPE according to the connection state and usage state of the user terminal.

[Configuration of communication system]
First, the configuration of a communication system according to an embodiment will be described with reference to FIG. FIG. 1 is a diagram illustrating an example of a configuration of a communication system according to an embodiment.

  As shown in FIG. 1, the communication system 1 according to the embodiment includes an authentication device 11, a virtual CPE control device 12, a DHCP function device 13, a virtual CPE resource management device 14, and a virtual CPE function control arranged in a data center network. The IP tunnel 4 is established between the virtual CPE 2 having the device 15 and activated in the data center network and the SW (relay device) 3 to which the user terminal 5 in the home is connected, thereby facilitating communication by the user terminal 5. Plan

  That is, the communication system 1 is a communication system in which the user terminal 5 is connected to the virtual CPE 2 via the SW 3 and communicates with an external device via the virtual CPE 2. Note that the virtual CPE control device 12, the DHCP function device 13, the virtual CPE resource management device 14, and the virtual CPE function control device 15 may be physical servers themselves or virtual machines configured on the physical servers. Also good.

  The user terminal 5 is a terminal that communicates with an external device via the IP tunnel 4 and is an information communication device such as a PC (Personal Computer), a smartphone, or a tablet terminal. For example, the user terminal 4 makes an authentication request to the authentication device 11 in advance using a login ID (Identification), a password, or a user certificate for receiving a service.

  SW3 is a relay device installed in the house, and is connected to the communication system 1 and connected to the user terminal 5 wirelessly or by wire. When the authentication device 11 authenticates that the use of the communication system 1 by the user terminal 5 is valid, the SW 3 corresponds to the user terminal 5 when the assigned address, virtual CPE address, PW, etc. are returned. An IP tunnel 4 is established with the virtual CPE 2 to be performed. The SW 3 transfers the packet from the user terminal 5 to the external device via the IP tunnel 4 and the virtual CPE 2. The SW 3 receives a packet transmitted from the external device via the virtual CPE 2 through the IP tunnel 4 and transfers the received packet to the user terminal 5.

  The virtual CPE 2 is a virtual CPE deployed in the data center network, and is activated by the virtual CPE control device 12. When the virtual CPE 2 is activated, only the tunnel termination function is provided, and a function required according to the authentication content is added for each authentication by the authentication device 11 (described later). The virtual CPE 2 is deleted when there is no traffic or usage record for a certain period of time.

  The authentication device 11 authenticates whether or not the use of the communication system 1 by the user terminal 5 is valid. The authentication device 11 receives the ID, PW, user certificate, and the like transmitted by the user terminal 5 and executes user authentication. Specifically, the authentication device 11 uses general authentication such as biometric authentication, certificate, ID and PW authentication, SIM (Subscriber Identity Module) authentication, line authentication, and MAC (Media Access Control) address as authentication information. . In the communication system 1, authentication settings are set in advance for the authentication function.

  When the authentication of the user terminal 5 is successful, the authentication device 11 requests the virtual CPE control device 12 to start the virtual CPE 2 corresponding to the user terminal 5 based on the authentication information and based on the user contract status. Then, the authentication device 11 notifies the user terminal 5 of the address issued to the user terminal 5 and the address of the activated virtual CPE 2 via the virtual CPE control device 12, and SW3 to which the user terminal 5 is connected, An IP tunnel 4 is established with the activated virtual CPE 2. The authentication device 11 returns to the user terminal 5 the address, ID, PW, virtual CPE2 address, etc. that have been paid out to the user terminal 5 as the authentication result.

  The virtual CPE control device 12 activates the virtual CPE 2 corresponding to the user terminal 5 for the user terminal 5 that is authenticated by the authentication device 11 to be valid for the use of the communication system 1, and User information related to the user terminal 5 is set. The virtual CPE control device 12 determines the virtual CPE 2 to be activated based on the physical resources of the CPE.

  The virtual CPE control device 12 assigns the virtual CPE2 to the authenticated user terminal 5, and also issues an address payout request to the DHCP function device 13, a resource payout request to the virtual CPE2 to the virtual CPE resource management device 14, A function setting request for the virtual CPE 2 is made to the virtual CPE function control device 15. The virtual CPE control device 12 provides the virtual CPE function control device 12 with a tunnel termination function to the activated virtual CPE 2 and adds a function required according to the authentication contents to the virtual CPE 2 for each authentication by the authentication device 11. Make a request. In other words, the virtual CPE control device 12 gives only the minimum function (tunnel termination function) required for communication processing to the activated virtual CPE 2 to save computer resources.

  Then, the virtual CPE control device 12 deletes the virtual CPE2 when the traffic of the virtual CPE2 or the usage record of the virtual CPE2 does not exist for a certain period of time. The virtual CPE control device 12 performs traffic management of the virtual CPE2, resource management of the virtual CPE2, and usage management of various functions of the virtual CPE2. If there is no usage history of the traffic of the virtual CPE2 or the virtual CPE2, the virtual CPE2 Perform deletion.

  The DHCP function device 13 pays out an address for the authenticated user terminal 5 based on the authentication information by the authentication device 11. The DHCP function device 13 notifies the virtual CPE control device 12 of the address that has been paid out.

  The virtual CPE resource management device 14 manages the resources of the virtual CPE2. The virtual CPE resource management device 14 sets resources for the virtual CPE 2 according to the control content of the virtual CPE control device 12.

  The virtual CPE function control device 15 manages the function to be given to the virtual CPE 2 according to the control content of the virtual CPE control device 12. For example, the virtual CPE function control device 15 gives only the tunnel termination function to the virtual CPE 2 when it is initially activated. Then, the virtual CPE function control device 15 adds functions necessary for the authentication contents to the virtual CPE 2 for each authentication by the authentication device 11. For example, the virtual CPE function control device 15 gives the virtual CPE 2 a function for confirming traffic communication with the virtual CPE 2, a function for managing the resources of the virtual CPE 2, or a function for managing the use of the functions of the virtual CPE 2. .

[Flow of virtual CPE startup processing]
Next, the flow of processing until the virtual CPE 2 for the user terminal 5 is activated in the communication system 1 will be described. 2 and 3 are diagrams for explaining the flow of processing until the virtual CPE 2 is activated in the communication system 1 according to the present embodiment.

  First, as shown in FIG. 2, when the user terminal 5 makes an authentication request to the authentication device 11 via the SW 3 (see (1) in FIG. 2), the authentication device 11 performs an authentication process for the user terminal 5. (See (2) in FIG. 2). When the authentication device 11 authenticates that the use of the communication system 1 by the user terminal 5 is valid, the authentication device 11 assigns the virtual CPE control device 12 with the authentication result and the user terminal 5. A request to activate the virtual CPE 2 is transmitted (see (3) in FIG. 2).

  The virtual CPE control device 12 activates a virtual CPE license using authentication as a trigger. Specifically, the virtual CPE control device 12 determines a virtual CPE to be activated based on the physical resources of the CPE, and sends resources and resources to the DHCP function device 13, the virtual CPE resource management device 14, and the virtual CPE function control device 15. Requests the DHCP payout and the setting of the function to be given to the virtual CPE 2 (see (4) in FIG. 2).

  Then, the virtual CPE control device 12 activates the virtual CPE 2 assigned to the user terminal 5 (see (5) in FIG. 2), and sets user information regarding the user terminal 5 in the activated virtual CPE 2.

  Further, the virtual CPE control device 12 causes the authentication device 11 to notify the address of the user terminal 5 and the address of the virtual CPE 2 (see (6) in FIG. 2). Then, the authentication device 11 notifies the user terminal 5 of the address and the address of the virtual CPE (see (7) in FIG. 2). The authentication device 11 notifies the IP address and tunnel ID, for example. Accordingly, the user terminal 5 establishes an IP tunnel 4 between the switch 3 and the activated virtual CPE 2 and performs tunnel connection (see (8) in FIG. 2).

  Here, the virtual CPE control device 12 requests the virtual CPE resource management device 14 to issue a resource to the virtual CPE2 and the virtual CPE2 to the virtual CPE function control device 15 so that the virtual CPE2 is started with only the minimum resources. Function setting request for.

  Specifically, as shown in FIG. 3, the virtual CPE control device 12 always sets the virtual CPE2 function to the virtual CPE resource management device 14 and the virtual CPE function control device 15 with the function of the virtual CPE2 only as the tunnel termination function. Resource and function are set (see (5 ′) in FIG. 3). As a result, the communication system 1 saves computer resources (see FIG. 3A). The virtual CPE control device 12 adds a function (for example, NAT) required for each authentication by the authentication device 11 to the function of the virtual CPE 2 (see (A) in FIG. 3). Thus, in the communication system 1, resources and functions are added to and added to the virtual CPE 2 according to the authentication result, so that the virtual CPE system can be efficiently operated.

[Flow of virtual CPE deletion processing]
Next, the flow of the deletion process of the virtual CPE 2 in the communication system 1 will be described. 4 and 5 are diagrams illustrating the flow of the virtual CPE deletion process in the communication system 1 according to the present embodiment.

  For example, a case where the virtual CPE 2 is deleted based on the traffic communication in the virtual CPE 2 will be described with reference to FIG. In this case, as shown in FIG. 4, the virtual CPE control device 12 adds a traffic communication confirmation function 21 to the virtual CPE 2 and causes the virtual CPE 2 to confirm the traffic communication. The virtual CPE 2 confirms its own traffic, and if there is no traffic for a certain period of time, it notifies the virtual CPE controller 12 that there is no traffic for a certain period of time (see (1) in FIG. 4). Note that the virtual CPE control device 12 may launch a VM (Virtual Machine) (not shown) in the vicinity of the virtual CPE 2 and add a traffic communication confirmation function 21 to this VM so as to confirm the traffic communication of the virtual CPE 2. .

  When the virtual CPE control device 12 receives a notification from the virtual CPE2 that there is no traffic for a certain period of time, it requests the authentication device 11 to delete the resources related to the virtual CPE2, and also requests the virtual CPE2 to be deleted (FIG. 4). (See (2) and (3)). Then, the authentication device 11 transmits a deletion notification of the virtual CPE 2 to the SW 3 (see (4) in FIG. 4).

  Subsequently, the virtual CPE control device 12 notifies the DHCP function device 13 and the virtual CPE resource management device 14 that the virtual CPE 2 has been deleted (see (5) in FIG. 4). Then, the virtual CPE control device 12 notifies the virtual CPE2 of virtual CPE deletion and deletes the virtual CPE2 (see (6) in FIG. 4).

  Next, with reference to FIG. 5, the case where the virtual CPE2 is deleted based on the usage record in the virtual CPE2 will be described. In this case, as shown in FIG. 5, the virtual CPE control device 12 adds the resource management function 22 and the NAT function 23 to the virtual CPE2, and the virtual CPE2 performs resource management of the virtual CPE2 and various functions of the virtual CPE2. Let us manage usage.

  Specifically, the virtual CPE 2 monitors the use of each resource and function (see (1) in FIG. 5), and when there is no use record for a certain period of time, that is, the use of the resource and the assigned function. When there is no use, the virtual CPE control device 12 is notified that there is no usage record for a certain period of time (see (2) in FIG. 5). The virtual CPE control device 12 starts a VM (not shown) in the vicinity of the virtual CPE2, adds a resource management function 22 and a NAT function 23 to the VM, and causes the virtual CPE2 to monitor the use of each resource and function. May be.

  When the virtual CPE control device 12 receives a notification from the virtual CPE2 that there is no usage record for a certain period of time, the virtual CPE control device 12 requests the authentication device 11 to delete resources related to the virtual CPE2 and to delete the virtual CPE2 (FIG. 5). (See (3) and (4)). Then, the authentication device 11 transmits a virtual CPE2 deletion notification to SW3 (see (5) in FIG. 5).

  Subsequently, the virtual CPE control device 12 notifies the DHCP function device 13 and the virtual CPE resource management device 14 that the virtual CPE 2 has been deleted (see (6) in FIG. 5). Then, the virtual CPE control device 12 notifies the virtual CPE2 of the virtual CPE deletion and deletes the virtual CPE2 (see (7) in FIG. 5).

[Virtual CPE startup processing procedure]
Next, a processing procedure of processing until the virtual CPE 2 for the user terminal 5 is activated in the communication system 1 will be described. FIG. 6 is a sequence diagram illustrating a processing procedure of the activation process of the virtual CPE 2 in the communication system 1 according to the present embodiment.

  First, as shown in FIG. 6, when the user terminal 5 makes an authentication request to the authentication device 11 via the SW 3 (steps S <b> 1 and S <b> 2), the authentication device 11 performs an authentication process for the user terminal 5. (Step S3). Then, when authenticating the user terminal 5, the authentication device 11 transmits a virtual CPE 2 activation request to be assigned to the user terminal 5 to the virtual CPE control device 12 (step S4).

  The virtual CPE control device 12 requests the DHCP function device 13, the virtual CPE resource management device 14, and the virtual CPE function control device 15 to issue an address, issue a resource, and set a function for the virtual CPE 2 (step S5 to step S5). S7). In response to this, the DHCP function device 13, the virtual CPE resource management device 14, and the virtual CPE function control device 15 execute address allocation, resource allocation, and function setting for the virtual CPE 2 (steps S8 to S10). .

  Then, the virtual CPE control device 12 activates the virtual CPE 2 assigned to the user terminal 5 (step S11), and sets user information regarding the user terminal 5 in the activated virtual CPE 2 (step S12). Then, the virtual CPE control device 12 notifies the authentication device 11 of the address of the user terminal 5 and the address of the virtual CPE (step S13). As a result, the authentication device 11 notifies the user terminal 5 of the address and the address of the virtual CPE via SW3 (steps S14 and S15). Accordingly, the user terminal 5 establishes an IP tunnel 4 between the switch 3 and the activated virtual CPE 2 (step S16), and performs a tunnel connection.

[Processing procedure for deleting virtual CPE]
Next, a processing procedure for deleting the virtual CPE 2 in the communication system 1 will be described. FIG. 7 is a sequence diagram showing a processing procedure of the virtual CPE 2 deletion processing in the communication system 1 according to the present embodiment.

  The virtual CPE control device 12 adds a traffic communication confirmation function 21 to the virtual CPE 2 and confirms the traffic communication with the virtual CPE 2. Then, as shown in FIG. 7, the virtual CPE 2 confirms its own traffic (step S21), and determines whether there is traffic for a certain period of time (step S22). If the virtual CPE 2 determines that there is traffic for a certain period of time (step S22: Yes), the virtual CPE 2 returns to step S21 and performs traffic confirmation processing. On the other hand, when it is determined that there is no traffic for a certain period of time (step S22: No), the virtual CPE 2 notifies the virtual CPE controller 12 that there is no traffic for a certain period of time (step S23).

  The virtual CPE control device 12 requests the authentication device 11 to delete the resource of the virtual CPE2 and delete the virtual CPE2 (steps S24 and S25). Then, the authentication device 11 transmits a virtual CPE deletion notification to SW3 (step S26).

  Subsequently, the virtual CPE control device 12 notifies the DHCP function device 13 and the virtual CPE resource management device 14 that the virtual CPE 2 has been deleted (steps S27 and S28). Then, the virtual CPE control device 12 notifies the virtual CPE2 of virtual CPE deletion, deletes the virtual CPE2 (step S29), and ends the virtual CPE2 deletion processing.

[Other processing procedures for deleting virtual CPE]
Next, another processing procedure for deleting the virtual CPE 2 in the communication system 1 will be described. FIG. 8 is a sequence diagram showing another processing procedure of the virtual CPE 2 deletion processing in the communication system 1 according to the present embodiment.

  The virtual CPE control device 12 adds a resource management function 22 and a NAT function 23 to the virtual CPE 2 so that the virtual CPE 2 performs resource management of the virtual CPE 2 and use management of various functions of the virtual CPE 2. The virtual CPE 2 monitors the usage for each resource and function (steps S31 and S32), and determines whether or not there is a usage record for a certain period of time (step S33). When it is determined that the virtual CPE 2 has been used for a certain period of time (step S33: Yes), the process returns to step S31 to perform resource management and function monitoring. On the other hand, when the virtual CPE 2 determines that there is no usage record for a certain time (step S33: No), the virtual CPE 2 notifies the virtual CPE control device 12 that there is no use record for a certain time (step S34). Steps S35 to S40 are steps S24 to S29 shown in FIG.

[Effect of the embodiment]
Here, the configuration of a conventional virtual CPE system will be described. 9 and 10 are diagrams showing an outline of the configuration of a conventional virtual CPE system. As shown in FIG. 9, in the conventional configuration, in order to establish IP tunnels 4A to 4F with the respective SWs 3A to 3F, virtual CPEs 2A to 2F corresponding to the number of user terminals 5A to 5F are provided on the carrier side. It was necessary to deploy in the data center network.

  On the other hand, as shown in FIG. 10, in a communication system, not all users always use the communication system. For example, in the example of FIG. 10, the user terminals 5B, 5C, and 5F do not use the virtual CPEs 2B, 2C, and 2F (see (1) to (3) of FIG. 10).

  FIG.11 and FIG.12 is a figure which shows the outline of a structure of the communication system 1 which concerns on this Embodiment. In the present embodiment, it is only necessary to secure the number of licenses corresponding to the number of combinations in which the user terminal 5 and the virtual CPE 2 are connected at the same time, and further, the virtual CPE function for the user terminal 5 and the virtual CPE 2 to be connected at the same time. And a computer resource are considered to be secured, and the virtual CPE is activated only at the time of use. That is, in the present embodiment, the virtual CPE 2 is activated only when the authenticated user terminal 5 is using the communication system (see (1) and (2) in FIG. 11). In other words, in the present embodiment, the virtual CPEs 2B, 2D, and 2E are activated only for the user terminals 5B, 5D, and 5E that are actually connected to the communication system among the user terminals 5A to 5F.

  Also, as shown in FIG. 12, in the present embodiment, for the activated virtual CPE2, the traffic communication is confirmed, the use of resources or functions is monitored, and the virtual CPE2 with no actual use is deleted (FIG. 12). 12 (1) and (2)).

  Thus, in this embodiment, a virtual CPE is not deployed on the carrier side for each of all user terminals, but is deployed on the carrier side according to the connection state and usage state of the user terminals. Is increased or decreased. As a result, according to the present embodiment, a virtual CPE can be efficiently deployed, and a virtual CPE system can be realized with a simple system configuration and low cost.

[System configuration of the embodiment]
Each component of the communication system 1 illustrated in FIG. 1 is functionally conceptual, and does not necessarily need to be physically configured as illustrated. That is, the specific form of distribution and integration of the functions of the communication system 1 is not limited to those shown in the drawings, and all or a part thereof may be functional or physical in arbitrary units according to various loads or usage conditions. Can be distributed or integrated.

  Each process performed in each device of the communication system 1 may be realized by a CPU (Central Processing Unit) and a program that is analyzed and executed by the CPU. Moreover, each process performed in each apparatus of the communication system 1 may be realized as hardware by wired logic.

  In addition, among the processes described in the embodiment, all or a part of the processes described as being automatically performed can be manually performed. Alternatively, all or part of the processing described as being performed manually can be automatically performed by a known method. In addition, the above-described and illustrated processing procedures, control procedures, specific names, and information including various data and parameters can be changed as appropriate unless otherwise specified.

[program]
FIG. 13 is a diagram illustrating an example of a computer in which each device of the communication system 1 is realized by executing a program. The computer 1000 includes a memory 1010 and a CPU 1020, for example. The computer 1000 also includes a hard disk drive interface 1030, a disk drive interface 1040, a serial port interface 1050, a video adapter 1060, and a network interface 1070. These units are connected by a bus 1080.

  The memory 1010 includes a ROM (Read Only Memory) 1011 and a RAM 1012. The ROM 1011 stores a boot program such as BIOS (Basic Input Output System). The hard disk drive interface 1030 is connected to the hard disk drive 1090. The disk drive interface 1040 is connected to the disk drive 1100. For example, a removable storage medium such as a magnetic disk or an optical disk is inserted into the disk drive 1100. The serial port interface 1050 is connected to a mouse 1110 and a keyboard 1120, for example. The video adapter 1060 is connected to the display 1130, for example.

  The hard disk drive 1090 stores, for example, an OS 1091, an application program 1092, a program module 1093, and program data 1094. That is, a program that defines each process of each device of the communication system 1 is implemented as a program module 1093 in which a code executable by the computer 1000 is described. The program module 1093 is stored in the hard disk drive 1090, for example. For example, a program module 1093 for executing processing similar to the functional configuration in each device of the communication system 1 is stored in the hard disk drive 1090. The hard disk drive 1090 may be replaced by an SSD (Solid State Drive).

  The setting data used in the processing of the above-described embodiment is stored as program data 1094 in, for example, the memory 1010 or the hard disk drive 1090. Then, the CPU 1020 reads the program module 1093 and the program data 1094 stored in the memory 1010 and the hard disk drive 1090 to the RAM 1012 and executes them as necessary.

  The program module 1093 and the program data 1094 are not limited to being stored in the hard disk drive 1090, but may be stored in, for example, a removable storage medium and read out by the CPU 1020 via the disk drive 1100 or the like. Alternatively, the program module 1093 and the program data 1094 may be stored in another computer connected via a network (LAN, WAN, etc.). Then, the program module 1093 and the program data 1094 may be read by the CPU 1020 from another computer via the network interface 1070.

  Although the embodiment to which the invention made by the present inventor is applied has been described above, the present invention is not limited by the description and the drawings that form part of the disclosure of the present invention according to this embodiment. That is, other embodiments, examples, operation techniques, and the like made by those skilled in the art based on the present embodiment are all included in the scope of the present invention.

1 Communication system 2, 2A-2F Virtual CPE
3, 3A-3F Switch (SW)
4,4A-4F IP tunnel 5,5A-5F User terminal 11 Authentication device 12 Virtual CPE control device 13 DHCP functional device 14 Virtual CPE resource management device 15 Virtual CPE function control device

Claims (6)

A communication method executed by a communication system in which a user terminal connects to a virtual CPE (Customer Premises Equipment) via a relay device and communicates with an external device via the virtual CPE,
An authentication step of authenticating whether or not the use of the communication system by the user terminal is valid;
A virtual CPE setting step for activating the virtual CPE for the user terminal that has been authenticated to use the communication system and setting user information regarding the user terminal in the activated virtual CPE;
The address issued to the user terminal and the address of the activated virtual CPE are notified to the user terminal, and an IP (Internet Protocol) tunnel is established between the switch connected to the user terminal and the activated virtual CPE. An establishment process for establishing
The communication method characterized by including.   The virtual CPE setting step adds a tunnel termination function to the activated virtual CPE, and adds a function required according to authentication contents to the virtual CPE for each authentication by the authentication step. The communication method according to 1.   The communication method according to claim 1 or 2, wherein the virtual CPE setting step determines the virtual CPE to be activated based on a physical resource of the CPE.   The communication method according to claim 1, further comprising a deletion step of deleting the virtual CPE when the traffic of the virtual CPE or the usage record of the virtual CPE has not been used for a predetermined time. . A usage management step of performing traffic management of the virtual CPE, resource management of the virtual CPE, and usage management of various functions of the virtual CPE;
5. The communication method according to claim 4, wherein the deletion step deletes the virtual CPE when the traffic of the virtual CPE or the usage record of the virtual CPE does not exist for a predetermined time in the use management step. A communication system in which a user terminal connects to a virtual CPE via a relay device and communicates with an external device via the virtual CPE,
A virtual CPE control device that activates the virtual CPE for the user terminal that has been authenticated to use the communication system, and sets user information related to the user terminal in the activated virtual CPE;
The user terminal is authenticated, the address issued to the user terminal and the address of the activated virtual CPE are notified to the user terminal, and the switch connected to the user terminal and the activated virtual CPE An authentication device for establishing an IP tunnel between,
A communication system comprising:

Images