| 摘要 |
A relay server includes a VPN group information storage unit, an address filter information storage unit, and a communication control unit. The VPN group information storage unit stores routing session information indicating identification information of routing apparatuses that define a VPN group and the routing apparatuses that are connected to one another. The address filter information storage unit stores address filter information, which indicates a partner that the routing apparatus is able to designate as a packet destination, in association with identification information of the routing apparatus. The communication control unit is programmed to perform a control to, when a VPN is started in the VPN group, update a content stored in the address filter information storage unit based on the address filter information received from the routing apparatus, and establish a routing session based on the routing session information. |
| 主权项 |
1. A relay server comprising:
a relay group information storage unit that stores relay group information concerning a relay group including another relay server that is mutually connectable with the relay server; a relay server information storage unit that stores relay server information including relay server start-up information, client terminal start-up information, and client terminal registration information, the relay server start-up information concerning the relay server belonging to the relay group, the client terminal start-up information and the client terminal registration information concerning a client terminal that is connected to the relay server belonging to the relay group; a VPN group information storage unit that relates to a VPN group including routing apparatuses that are relay servers and client terminals being set as routing points among relay servers and client terminals included in a relay communication system based on the relay group information and the relay server information, the VPN group being configured to perform communication in a virtual private network via the routing apparatuses, the VPN group information storage unit storing identification information of the routing apparatuses included in the VPN group and routing session information indicating the routing apparatuses that are connected to one another to establish a routing session; an address filter information storage unit that stores address filter information indicating a partner that the routing apparatus is able to designate as a packet destination, in association with identification information of the routing apparatus; and a communication control unit arranged and programmed to perform control to:
cause information stored in the VPN group information storage unit to be shared among the routing apparatuses;when a virtual private network is started in the VPN group, transmit the address filter information to the other routing apparatuses and receive the address filter information from the other routing apparatuses, and update a content stored in the address filter information storage unit based on the address filter information, and establish a routing session for routing a packet based on the routing session information stored in the VPN group information storage unit;after the routing session is established, refer to a partner that the routing apparatus is able to designate as a destination based on the address filter information, and perform routing according to the following conditions:
in a case where a destination of a received packet is designated in the address filter information associated with identification information of the relay server, the communication control unit is programmed to transmit the packet to the destination;in a case where a destination of a received packet is designated in the address filter information associated with identification information of the routing apparatus different from the relay server, the communication control unit is programmed to transmit the packet to the routing apparatus via a routing session established between the relay server and the routing apparatus; andin a case where a destination of a received packet is not designated in the address filter information associated with identification information of the routing apparatuses, the communication control unit is programmed not to transmit the packet; wherein the VPN group information storage unit stores, as the routing session information, identification information of the routing apparatus classified into start points that takes initiative to perform a communication control to establish a routing session and identification information of the routing apparatus classified into end points that receives the communication control; and each of the routing apparatuses does not perform an initial communication control for establishing a routing session unless indicated in the routing session information to be a start point. |
