JP2019033350A - Communication system and address setting method - Google Patents

Abstract

To provide a network environment enabling simple VPN connection of an arbitrary user terminal in a base with a user terminal in another base.SOLUTION: A VPN construction control apparatus 10 receives a VPN connection request for requesting VPN connection from a user terminal 50A in a site A to a user terminal 50B in a site B. Then, when the VPN construction control apparatus 10 receives the VPN connection request, the VPN construction control apparatus 10 acquires an IP address band assignable to the user terminal 50A and the user terminal 50B. Subsequently, an address band payout processor 30 determines the IP addresses of the user terminal 50A and the user terminal 50B from the assignable IP address band so that the managed IP addresses do not overlap between a plurality of CPEs do not overlap, and the determined IP address is paid out to a CPE 40A accommodating the user terminal 50A and a CPE 40B accommodating the user terminal 50B.SELECTED DRAWING: Figure 1

Description

  The present invention relates to a communication system and an address setting method.

  Conventionally, as a mechanism for constructing a closed network, a VPN (Virtual Private Network) service provider tunnels the Internet VPN, and an NW (Network) carrier establishes a dedicated GW (Gateway) in the carrier network and establishes L3 between the bases. There are an IP (Internet Protocol) -VPN to be connected in the network, and a NW carrier connects bases in the carrier network with L2 to construct a closed network, and L3 is a closed network designed by the user.

  For example, in a company, it is assumed that various organizations promote different business operations and cooperate with related organizations at different bases depending on the business content. At that time, there may be a user need that a plurality of organizations related to a certain business want to make the NW independent from an organization unrelated to the business.

  In such a case, when the VPN connection is made between some users in the site and some users in another site, the above-mentioned IP-VPN technology and the closed network technology that uniquely designs L3 are used by the user. By manually designing the L3 address, a network environment in which an arbitrary user terminal in the base is VPN-connected to a user terminal in another base is constructed.

“Building the 1st Internet VPN environment”, [online], Digital Advantage, [Search August 1, 2017], Internet <http://www.atmarkit.co.jp/ait/articles/0303/ 06 / news002_2.html> “What are the points for mastering FLET'S VPN Wide”, [online], Nikkei Communication, [August 1, 2017 search], Internet <http://itpro.nikkeibp.co.jp/article/COLUMN/ 20100316/345855 /? Rt = nocnt> “Document”, [online], OpenVPN.JP, [August 1, 2017 search], Internet <https://www.openvpn.jp/document/>

  However, in the conventional technology, since the user manually designs the address of L3, there is a problem that any user terminal in the base cannot be easily connected to the user terminal in another base by VPN connection. In other words, according to the conventional technology, when some users in a base and some users in another base are VPN-connected, the management operation increases and the design increases as the number of bases and terminals to which VPN connection is made increases. There was a concern about mistakes, and the network environment for VPN connection could not be provided easily.

  In order to solve the above-described problems and achieve the object, the communication system of the present invention is located at the boundary between a first network that is a wide area network connecting bases and a second network that is a network in each base. A communication system having a plurality of network devices provided, and accepting a VPN connection request for requesting a VPN connection with a second user terminal in a second base from a first user terminal in the first base A reception processing unit, and a VPN construction control unit that acquires an IP address band that can be allocated to the first user terminal and the second user terminal when the VPN connection request is received by the reception processing unit; Duplicate IP addresses managed among a plurality of network devices from the assignable IP address band acquired by the VPN construction control unit So that the IP addresses of the first user terminal and the second user terminal are determined, and the network equipment accommodating the first user terminal and the network accommodating the second user terminal And a payout processing unit for paying out the determined IP address to the device.

  Also, the address setting method of the present invention is a communication system having a plurality of network devices provided at the boundary between a first network that is a wide area network connecting bases and a second network that is a network in each base. An accepting process for accepting a VPN connection request for requesting a VPN connection with a second user terminal in the second base from the first user terminal in the first base; A VPN construction control step for acquiring an IP address band that can be assigned to the first user terminal and the second user terminal when the VPN connection request is accepted by the acceptance processing step; and the VPN construction control. IP addresses managed between multiple network devices from the assignable IP address band acquired by the process In order to avoid duplication, the IP addresses of the first user terminal and the second user terminal are determined, and the network equipment accommodating the first user terminal and the second user terminal are accommodated. And a payout process step of paying out the determined IP address to the network device.

  Advantageous Effects of Invention According to the present invention, there is an effect that it is possible to provide a network environment in which an arbitrary user terminal in a base can be easily connected to a user terminal at another base by VPN.

FIG. 1 is a diagram illustrating an example of a configuration of a communication system according to the first embodiment. FIG. 2 is a diagram for explaining the processing of the VPN construction acceptance processing unit. FIG. 3 is a diagram illustrating an example of the VPN construction table. FIG. 4 is a diagram for explaining processing of the VPN construction control unit. FIG. 5 is a diagram illustrating an example of the VPN construction table. FIG. 6 is a diagram for explaining the processing of the address band payout processing device. FIG. 7 is a diagram illustrating an example of the VPN construction table. FIG. 8 is a diagram for explaining the processing of the processing unit in the CPE. FIG. 9 is a diagram illustrating an example of the VPN construction table for each CPE. FIG. 10 is a diagram for explaining the outline of the address setting process in the communication system according to the first embodiment. FIG. 11 is a sequence diagram showing a flow of address setting processing of the communication system according to the first embodiment. FIG. 12 is a diagram illustrating a computer that executes an address setting program.

  Hereinafter, embodiments of a communication system and an address setting method according to the present application will be described in detail with reference to the drawings. The embodiment does not limit the communication system and the address setting method according to the present application.

[First embodiment]
In the following embodiments, the configuration of the communication system according to the first embodiment, the configuration of each processing unit, the processing flow of the communication system will be described in order, and finally the effects of the first embodiment will be described. .

[Configuration of communication system]
FIG. 1 is a diagram illustrating an example of a configuration of a communication system according to the first embodiment. The communication system according to the first embodiment includes a VPN construction control device 10, a payable address band management device 20, an address band payout processing device 30, a plurality of CPEs 40A and 40B, and a plurality of user terminals 50A to 50C. In addition, the number of each apparatus shown in FIG. 1 is an example to the last, and is not restricted to this. In addition, when the plurality of CPEs 40A and 40B are described without particular distinction, they are appropriately described as CPE40, and when the plurality of user terminals 50A to 50C are also explained without particular distinction, they are appropriately described as user terminals 50. .

  The VPN construction control device 10 is connected to a WAN (Wide Area Network) that is a wide area network connecting bases, and includes a VPN construction reception processing unit 11 and a VPN construction control unit 12. The VPN construction control device 10 controls the construction of a VPN that connects the CPEs 50.

  The payable address band management device 20 performs address band management for the VPN of the carrier NW. The payable address band management device 20 transmits an available IP address band to the VPN construction control device 10 when receiving an inquiry from the VPN construction control device 10 about an IP address band that can be assigned to a user terminal that wants to construct a VPN.

  The address band payout processing device 30 is, for example, a DHCP (Dynamic Host Configuration Protocol) server, and pays out information such as an IP address to the user terminals 50A to 50C. For example, when receiving the usable address band from the VPN construction control apparatus 10, the address band payout processing apparatus 30 determines the address band for VPN assigned to each CPE and pays the IP address so as not to overlap between the CPEs. put out.

  The CPEs 40A and 40B are provided at the boundary between a WAN, which is a wide area network connecting bases, and a LAN, which is a network in each base, and includes a VPN target communication address management unit 41 and a VPN target communication identification unit 42. In the example of FIG. 1, it is assumed that the CPE 40A and the user terminals 50A and 50C belong to the base A, and the CPE 40B and the user terminal 50B belong to the base B.

  In the communication system according to the first embodiment, when the VPN construction control device 10 receives a VPN connection request including a combination of the user terminal 50 that wants to construct a VPN and the CPE 40 that accommodates the user terminal, the VPN construction controller 10 automatically Therefore, it is possible to provide a network environment in which a user terminal 50 in a base is VPN-connected to a user terminal 50 in another base without considering address design. The processing of each device will be described below with reference to the drawings.

  FIG. 2 is a diagram for explaining the processing of the VPN construction acceptance processing unit. As shown in FIG. 2, the VPN construction reception processing unit 11 includes a UI providing unit 11a and a reception request serializing unit 11b. For example, the VPN construction acceptance processing unit 11 accepts a VPN connection request for requesting a VPN connection from the user terminal 50A in the base A to the user terminal 50B in the base B. Further, when receiving a plurality of VPN connection requests, the VPN construction reception processing unit 11 issues processing requests to the VPN construction control unit 12 in order from the oldest time stamp included in each VPN connection request.

  Thus, the VPN construction acceptance processing unit 11 is a processing unit that prevents inconsistencies (duplication) of address bands to be paid out at the time of VPN construction by serializing VPN requests from a plurality of user terminals 50. The “VPN construction table” describing the information of user terminals and CPEs that want to construct a VPN is serialized by the VPN construction acceptance processing unit 11 and then transferred to the VPN construction control unit 12.

  Specifically, in registering the user terminal 50 that wants to construct a VPN, the UI providing unit 11a provides a registration interface to the user terminal 50 using a GUI ((Graphical User Interface) or CUI (Character User Interface). The UI providing unit 11a accepts registration of VPN target user terminals and CPE information from the plurality of user terminals 50 via the registration interface (see (1) in FIG. 2).

  Then, the UI providing unit 11a transmits only the VPN construction request that each user has completed registration to the reception request serializing unit 11b (see (2) in FIG. 2). Subsequently, the reception request serialization unit 11b serializes the received plurality of reception requests in the order of time stamps, and issues a request to the VPN construction control unit 12 (see (3) in FIG. 2).

  Here, an example of a VPN construction table that is updated with information received by the VPN construction reception processing unit 11 will be described with reference to FIG. FIG. 3 is a diagram illustrating an example of the VPN construction table. As illustrated in FIG. 3, the VPN construction table includes a “VPN target terminal” that is information for identifying a VPN construction target user terminal and a CPE that accommodates the VPN target terminal as an identifier that requires user setting. The “accommodating CPE (MAC address)” that is the MAC address and the “user terminal MAC address” that is the MAC address of the VPN target terminal are associated with the “payout address band” updated by the VPN construction control unit 12 described later. Remember.

  FIG. 4 is a diagram for explaining processing of the VPN construction control unit. As shown in FIG. 4, the VPN construction control unit 12 includes an address band inquiry unit 12a, a process availability notification unit 12b, and a VPN construction table update unit 12c. For example, when a VPN connection request is accepted by the VPN construction acceptance processing unit 11, the VPN construction control unit 12 acquires an IP address band that can be assigned to the user terminal 50A and the user terminal 50B. In addition, the VPN construction control unit 12 sequentially performs a process of acquiring IP address bands that can be assigned to the user terminal 50A and the user terminal 50B, with the VPN connection request issued by the VPN construction acceptance processing unit 11 being processed. Do.

  Specifically, as illustrated in FIG. 4, when the address band inquiry unit 12 a receives a VPN construction request from the VPN construction reception processing unit 11, an address band that can be used for the payable address band management device 20 is displayed. An inquiry is made (see (1) in FIG. 4). Then, the payable address band management device 20 notifies the processability notification unit 12b of usable address bands. Further, when there is no usable address band, the payable address band management device 20 notifies the processing availability notification unit 12b that there is no usable address band (see (2) in FIG. 4).

  Then, if there is no usable address band, the process availability notification unit 12b notifies the user terminal 50 that the VPN configuration is not possible via the UI providing unit 11a of the VPN configuration acceptance processing unit 11. To do. Even if there is an available address band, the process availability notification unit 12b notifies the fact via the UI providing unit 11a, and then requests the VPN construction table update unit 12c to perform the process ((3) in FIG. 4). reference).

  The VPN construction table update unit 12c requested to process updates the usable address band information in the payout address band column of the VPN construction table (see (4) in FIG. 4). For example, as illustrated in FIG. 5, the VPN construction table update unit 12 c registers “192.200.1 / 24” in the payout address band column of the VPN construction table corresponding to the user terminals A to D of the VPN target terminal. FIG. 5 is a diagram illustrating an example of the VPN construction table. Then, after the VPN construction table is updated, the VPN construction table update unit 12c transfers the VPN construction table to the address band issue processing device 30 (see (5) in FIG. 4).

  In this way, the VPN construction control unit 12 determines whether the VPN can be constructed by confirming whether the VPN address band can be used. If possible, the VPN construction controller 12 notifies the user to that effect, and then the VPN. Continue processing for construction. If the VPN cannot be constructed, the user is notified that the VPN cannot be constructed, and the process is terminated.

  FIG. 6 is a diagram for explaining the processing of the address band payout processing device. As shown in FIG. 6, the address band payout processing device 30 has a payout address band adjustment unit 31 for each CPE. For example, the address band payout processing device 30 includes the user terminal 50A and the user terminal so that the IP addresses managed between the plurality of CPEs 40A and 40B are not duplicated from the assignable IP address band acquired by the VPN construction control unit 12. 50B IP address is determined, and the determined IP address is paid out to CPE 40A accommodating user terminal 50A and CPE 40B accommodating user terminal 50B.

  Specifically, as illustrated in FIG. 6, the payout address band adjustment unit 31 for each CPE assigns a VPN assigned to each CPE 40 so that addresses are not duplicated between the CPEs 40 in the VPN construction table received from the VPN construction control unit 12. An address band for use is determined and the VPN construction table is updated (see (1) in FIG. 6).

  For example, as illustrated in FIG. 7, the payout address band adjustment unit 31 for each CPE updates the payout address band column of the VPN construction table to “192.200.1 / 26” so that addresses do not overlap between the CPEs 40. That is, in the example of FIG. 7, the VPN address band assigned to the CPEs # 1 to # 3 accommodating the user terminals A to D is “192.200.1 / 26”, and the address band “192.200.1 / 26” In particular, addresses assigned to the CPEs # 1 to # 3 are not duplicated. FIG. 7 is a diagram illustrating an example of the VPN construction table. Then, the payout address band adjusting unit 31 for each CPE designates an address band for each of the CPEs 40A and 40B based on the updated VPN construction table (see (2) in FIG. 6).

  In this manner, the address band payout processing device 30 distributes the VPN address band received from the VPN construction control unit 12 to each of the CPEs 40A and 40B, and causes the user terminal 50 to distribute the VPN address. At this time, the address band payout processing device 30 specifies an address band to be allocated between the CPEs 40 so that the addresses do not overlap among the plurality of CPEs 40.

  FIG. 8 is a diagram for explaining the processing of the processing unit in the CPE. As illustrated in FIG. 8, the CPE 40 includes a VPN target communication address management unit 41 and a VPN target communication identification unit 42. The VPN target communication address management unit 41 pays out a VPN address to the corresponding user terminal 50 using the VPN address band assigned to each CPE 40 from the address band payout processing device 30. At this time, the VPN payout address paid to each user terminal 50 is recorded in the VPN construction table for each CPE (see (1) in FIG. 8).

  For example, as illustrated in FIG. 9, “VPN payout address” that is an IP address for VPN to be paid out to each user terminal 50 is registered in the VPN construction table for each CPE. In the example of FIG. 9, “192.200.1.1” is registered in the VPN construction table for each CPE as the IP address for VPN issued to “user terminal A”. FIG. 9 is a diagram illustrating an example of the VPN construction table for each CPE. In the VPN construction table for each CPE, “192.200.1.2” is registered as the IP address for VPN issued to “user terminal B”.

  Further, the VPN target communication address management unit 41 registers address information in the VPN target communication identification unit 42 based on the updated VPN construction table for each CPE (see (2) in FIG. 8). And the VPN object communication address management part 41 pays out an address to the user terminal 50 based on the VPN construction table for each CPE (see (3) in FIG. 8).

  By providing a VPN target communication identification unit 42 in the CPE 40 and allowing all communications to pass through here, the non-VPN and the VPN target user terminal 50 can be configured with the MAC addresses described in the VPN construction table and the corresponding users that can be constructed therefrom. It is discriminated by an identifier such as a source address.

  Here, the outline of the address setting process in the communication system according to the first embodiment will be described with reference to FIG. FIG. 10 is a diagram for explaining the outline of the address setting process in the communication system according to the first embodiment. As illustrated in FIG. 10, an identifier of a user terminal for which a VPN is to be constructed is registered in the VPN construction acceptance processing unit 11 from the user terminal 50 </ b> A (see (1) in FIG. 10).

  Then, if the requests are simultaneously received from the user terminals 50, the VPN construction acceptance processing unit 11 issues a VPN construction request to the VPN construction control unit 12 in the order of the time stamp (see FIG. 10 (2)). This prevents inconsistency of addresses to be paid out for VPN.

  Subsequently, the VPN construction control unit 12 inquires the payable address band management device 20 that manages the address band management for the VPN of the carrier NW for the address band that can be assigned to the VPN construction terminal group that has received the request. An address band is received (see (3) in FIG. 10).

  The VPN construction control unit 12 notifies the address band payout processing device 30 of the received usable address band together with the information of the user terminal 50 and the information of the CPE 40 that accommodates the user terminal 50 ((4 in FIG. 10). )reference). The address band payout processing device 30 pays out addresses to the CPEs 40A and 40B accommodating the user terminals 50A and 50B targeted for VPN construction (see (5) in FIG. 10).

  Then, in the CPEs 40A and 40B, the VPN target communication address management unit 41 registers address information in the VPN target communication identification unit 42 based on the updated VPN configuration table for each CPE (see (6) in FIG. 10). The VPN target communication identifying unit 42 has a management table in which address information indicating whether the communication is a VPN target or not is specified. Based on the management table, whether the communication of each user terminal 50 in the base is a non-VPN or VPN target By identifying the above, identification of ordinary communication between bases, communication for the Internet, and VPN communication between the bases is performed. The VPN target communication address management unit 41 pays out an address to the subordinate user terminal 50 based on the VPN construction table for each CPE (see (7) in FIG. 10).

[Processing flow of communication system]
Next, a processing flow of the communication system according to the first embodiment will be described with reference to FIG. FIG. 11 is a sequence diagram showing a flow of address setting processing of the communication system according to the first embodiment. As illustrated in FIG. 11, the VPN construction control device 10 accepts registration of a user terminal that wants to construct a VPN from the user terminal 50 (step S <b> 101). Then, the VPN construction control apparatus 10 requests an available address band from the payable address band management apparatus 20 (step S102), and acquires the usable address band from the payable address band management apparatus 20 (step S103). .

  Subsequently, the VPN construction control apparatus 10 notifies the address band payout processing apparatus 30 of usable address bands (step S104). Then, the address band payout processing device 30 determines the IP address of the user terminal 50 from the usable address band so that the IP address managed between the CPEs is not duplicated, and sends it to the CPE 40 that accommodates the user terminal 50. The determined IP address is paid out (step S105). Then, the CPE 40 pays out to the user terminal 50 the IP address assigned by the address band payout processing device 30 to the user terminal 50 (step S106).

[Effect of the first embodiment]
Thus, in the communication system according to the first embodiment, for example, the VPN construction control device 10 requests a VPN connection request for requesting a VPN connection from the user terminal 50A in the site A to the user terminal 50B in the site B. Accept. Then, when the VPN connection request is accepted, the VPN construction control device 10 acquires an IP address band that can be assigned to the user terminal 50A and the user terminal 50B. Subsequently, the address band payout processing device 30 determines the IP addresses of the user terminal 50A and the user terminal 50B from the assignable IP address band so that the IP addresses managed between the plurality of CPEs do not overlap, and the user The determined IP address is paid out to the CPE 40A accommodating the terminal 50A and the CPE 40B accommodating the user terminal 50B. Thereby, it is possible to easily provide a network environment in which an arbitrary user terminal in a base is VPN-connected to a user terminal in another base.

  That is, for example, in the communication system according to the first embodiment, when the VPN construction control device 10 receives a VPN connection request including a combination of the user terminal 50 that wants to construct a VPN and the CPE 40 that accommodates the user terminal, Since an L3 address for VPN is automatically assigned, it is possible to provide a network environment in which an arbitrary user terminal 50A in a base can be easily connected to a user terminal 50B in another base without considering the address design. it can.

  Further, when receiving a plurality of VPN connection requests, the VPN construction reception processing unit 11 of the VPN construction control device 10 processes the VPN construction control unit 12 in order from the oldest time stamp included in each VPN connection request. Issue a request. For this reason, it is possible to prevent inconsistencies in the address band to be paid out at the time of VPN construction.

  Further, the process availability notification unit 12b of the VPN construction control device 10 provides the UI of the VPN construction acceptance processing unit 11 to the effect that the VPN construction cannot be performed for the user terminal 50 when there is no usable address band. Notification is made via the unit 11a. For this reason, it is possible to easily grasp that the user cannot construct the VPN.

[System configuration, etc.]
Further, each component of each illustrated apparatus is functionally conceptual, and does not necessarily need to be physically configured as illustrated. In other words, the specific form of distribution / integration of each device is not limited to that shown in the figure, and all or a part thereof may be functionally or physically distributed or arbitrarily distributed in arbitrary units according to various loads or usage conditions. Can be integrated and configured. Further, all or any part of each processing function performed in each device is realized by a CPU (Central Processing Unit) and a program analyzed and executed by the CPU, or hardware by wired logic. Can be realized as

  In addition, among the processes described in this embodiment, all or part of the processes described as being automatically performed can be manually performed, or the processes described as being manually performed All or a part of the above can be automatically performed by a known method. In addition, the processing procedure, control procedure, specific name, and information including various data and parameters shown in the above-described document and drawings can be arbitrarily changed unless otherwise specified.

[program]
FIG. 12 is a diagram illustrating a computer that executes an address setting program. The computer 1000 includes a memory 1010 and a CPU 1020, for example. The computer 1000 also includes a hard disk drive interface 1030, a disk drive interface 1040, a serial port interface 1050, a video adapter 1060, and a network interface 1070. These units are connected by a bus 1080.

  The memory 1010 includes a ROM (Read Only Memory) 1011 and a RAM (Random Access Memory) 1012. The ROM 1011 stores a boot program such as BIOS (Basic Input Output System). The hard disk drive interface 1030 is connected to the hard disk drive 1090. The disk drive interface 1040 is connected to the disk drive 1100. For example, a removable storage medium such as a magnetic disk or an optical disk is inserted into the disk drive 1100. The serial port interface 1050 is connected to a mouse 1051 and a keyboard 1052, for example. The video adapter 1060 is connected to the display 1061, for example.

  The hard disk drive 1090 stores, for example, an OS 1091, an application program 1092, a program module 1093, and program data 1094. That is, a program that defines each process of the VPN construction control device 10 is implemented as a program module 1093 in which a code executable by a computer is described. The program module 1093 is stored in the hard disk drive 1090, for example. For example, a program module 1093 for executing processing similar to the functional configuration in the apparatus is stored in the hard disk drive 1090. The hard disk drive 1090 may be replaced by an SSD (Solid State Drive).

  The setting data used in the processing of the above-described embodiment is stored as program data 1094 in, for example, the memory 1010 or the hard disk drive 1090. Then, the CPU 1020 reads the program module 1093 and the program data 1094 stored in the memory 1010 and the hard disk drive 1090 to the RAM 1012 and executes them as necessary.

  The program module 1093 and the program data 1094 are not limited to being stored in the hard disk drive 1090, but may be stored in, for example, a removable storage medium and read out by the CPU 1020 via the disk drive 1100 or the like. Alternatively, the program module 1093 and the program data 1094 may be stored in another computer connected via a network (LAN (Local Area Network), WAN, etc.). Then, the program module 1093 and the program data 1094 may be read by the CPU 1020 from another computer via the network interface 1070.

DESCRIPTION OF SYMBOLS 10 VPN construction control apparatus 11 VPN construction reception process part 11a UI provision part 11b Acceptance request serialization part 12 VPN construction control part 12a Address band inquiry part 12b Process availability notification part 12c VPN construction table update part 20 Payable address band management apparatus 30 Address band payout processing device 31 CPE payout address band adjustment unit 40, 40A, 40B CPE
41 VPN target communication address management unit 42 VPN target communication identification unit 50, 50A to 50C User terminal

Claims (4)

A communication system having a plurality of network devices provided at the boundary between a first network that is a wide area network connecting bases and a second network that is a network within each base,
A reception processing unit that receives a VPN connection request for requesting a VPN connection with a second user terminal in the second base from the first user terminal in the first base;
A VPN construction control unit that acquires an IP address band that can be allocated to the first user terminal and the second user terminal when the VPN connection request is received by the reception processing unit;
The IP addresses of the first user terminal and the second user terminal are set so that the IP addresses managed between a plurality of network devices are not duplicated from the assignable IP address band acquired by the VPN construction control unit. And a payout processing unit for paying out the determined IP address to the network device accommodating the first user terminal and the network device accommodating the second user terminal. system. The reception processing unit, when receiving a plurality of VPN connection requests, issues a processing request to the VPN construction control unit in order from the oldest time stamp included in each VPN connection request,
The VPN construction control unit obtains an IP address band that can be assigned to the first user terminal and the second user terminal with a VPN connection request issued by the reception processing unit as a processing target. The communication system according to claim 1, wherein the communication is performed sequentially.   The VPN construction control unit notifies the first user terminal that VPN construction is impossible when there is no IP address band that can be assigned to the first user terminal and the second user terminal. The communication system according to claim 1. An address setting method executed by a communication system having a plurality of network devices provided at a boundary between a first network that is a wide area network connecting bases and a second network that is a network within each base. ,
An acceptance processing step of accepting a VPN connection request for requesting a VPN connection with a second user terminal in the second base from a first user terminal in the first base;
VPN construction control step of acquiring an IP address band that can be assigned to the first user terminal and the second user terminal when the VPN connection request is accepted by the acceptance processing step;
The IP addresses of the first user terminal and the second user terminal are set so that the IP addresses managed among a plurality of network devices are not duplicated from the assignable IP address band acquired by the VPN construction control step. And a payout processing step of paying out the determined IP address to the network device accommodating the first user terminal and the network device accommodating the second user terminal. Address setting method.

Images