經濟部中央標準局員工消費合作社印製 45 578 9 Λ7 B7 五、發明説明(l ) 本發明係有關於鋼路技術,特別是有關於一種使虛擬 網路與實際網路得以並存的閘道裝置及其控制方法。 網際網路協定(Internet Protocol : IP)係針對禽:封容靜 (packet-switching)通訊網路間的連結而設計,藉以實現網 際網路。此協定得以在來源和目的主機間,傳送來自上層 軟體的資料封包。然為方便網路系統内主機間的識別,各 主機皆被指定了一個網際網路協定位址(下以IP位址簡 稱),而一資料封包内便包含了來源IP位址和目的IP位 址,分別用以區分出資料的發送者和接收者。 若一區域網路(Local Area Network : LAN)欲取得網 際網路協定位址,可以向網際網路服務提供者(lnternet Service Provider : ISP)申請一組子網路位址,若以一等級 C之網路位址(139.175.200.0)為例,然後,便可以根據區域 網路各主機的需求,將(139.175.200.1)、(139.175.200.2)、 (139.175.200.3)、B(139.175.200.254)等主機位址分別指定 給區域網路内不同的主機。然而,習知網路位址的分配方 式有其先天數量上的限制,以上述等級C之網路位址為 例’區域網路内的主機數量便不得超過於254個,換句話 說’唯有合法申請之網路位址(139.175.200.0)下的主機方 得以使用網際網路。 因此,若能以一虛擬網路位址使用網際網路,將能克 服實際網路位址先天數量上的限制(此處所提到虛擬網 路,意指其網路位址非為向網際網路服務提供者申請的實 際網路位址,而是自行虛設者)’因此,RFC(Request for 本紙張尺度適用中國國家標準{ CNS ) A4規格(210X29?公釐) (請先閲讀背而之注意事项再填寫本頁) 裝. 訂 455789 A7 經濟部中央標準局員工消費合作社印製 B7 五、發明説明(2 ) Comments)-1631 文件裡,提出一種透過 NAT(Network IP …Address Translation Protocol)轉換方式,得將虛擬網路位址 轉換成實際的網際網路協定位址,使得虛擬網路内主機得 以使用網際網路的方法。 - 因此,習知有一種路由器(譬如Cisco公司所生產者), 具有兩個不同的實體通訊埠,以一者連接虛擬網路、另一 者連接至實際網路,使虛擬網路與實際網路分別以不同的 通訊埠使用網際網路。但是,此習知路由器因兩個實體通 訊埠的設置增加了生產成本,使市售的價格居高不下,難 為以價格做考量的區域網路所採用。 因此,本發明之一目的,便是提供一種使虛擬網路與 實際網路得以並存的閘道裝置及其控制方法,僅需一個實 體通訊埠,故可降低生產成本。 為獲致本發明上述目的,本發明可藉由提供一種閘道 裝置來完成。此一閘道裝置耦接於一網際網路和一區域網 路間,區域網路包括一虛擬網路和一實際網路.。閘道裝置 包括:一外部網路介面、一内部網路介面、以及一處理器。 此外部網路介面係耦接於網際網路,、而内部網路介面具有 一實體通訊埠,.並以實體通訊埠同耦接至虚擬網路和實際 網路。至於處理器則耦接至外部網路介面和内部網路介 面,以外部網路介面做為與網際網路間之介面,以内部網 路介面做為與區域網路間之介面。當虛擬網路與網際網路 間有資料傳輸時,處理器會對資料做NAT轉換;當實際網 路與網際網路間有資料傳輸時,處理器會對資料做轉送處 (請先間讀背雨之注意事項再填离本萸) 訂 本紙張尺度適用中國國家標準(CNS ) A4规格(2〗0'〆297公釐) 45 578 9 五、 Λ7 B7 發明説明( 理。 ’ 再者,本發明可藉由提供一種閘道裝置的控制方法 ^ '而閘道裝置係耦接於一網際網路和一區域網路間, 品域、再路包括—虛擬網路和—實際網路。閘道嚴置的控制 步驟:⑷當虛擬網路與網際網路間有資料傳 甲道裝置具有一處理器對資料做nat 間i首货¥夕 μ .啊你τ亚經 又置之一外部網路介面和一内部網路 網路與區域絪饺Μ# 万〜兴蜗ί際 網路間右-祖•曰建立連結以及’⑻當實際網路與網際 處理θ 傳輪時’閘道裝置具有處理11對資料做轉送 ,並經閘道裝置之外部網路介面和内部網路介 ㈣際網路與區域網路間建立連結。 顧县i讓本發明之上述和其他目的、特徵、和優點能更明 ,下文特舉一較佳實施例,並配合所附圖式’作詳 細說明如下: 圖示之簡單說明: 第1圖係顯示本發明之開道裝置位於一 際網路間的方塊示意圖; 和網 第2圖係顯示根據本發明之間道裝置的方塊示意圖;Printed by the Consumer Cooperatives of the Central Standards Bureau of the Ministry of Economic Affairs 45 578 9 Λ7 B7 V. Description of the Invention (l) The present invention relates to steel road technology, and in particular, to a gateway device for coexisting a virtual network and an actual network And its control methods. The Internet Protocol (IP) is designed for the connection between birds: packet-switching communication networks, so as to realize the Internet. This protocol enables the transmission of data packets from higher-level software between the source and destination hosts. However, in order to facilitate the identification between the hosts in the network system, each host is assigned an Internet Protocol address (hereinafter referred to as IP address), and a data packet contains the source IP address and the destination IP address Address, which is used to distinguish the sender and receiver of the data. If a Local Area Network (LAN) wants to obtain an Internet Protocol address, it can apply for a set of subnet addresses from an Internet Service Provider (ISP). Network address (139.175.200.0) as an example, then, according to the needs of each host in the local network, you can set (139.175.200.1), (139.175.200.2), (139.175.200.3), B (139.175.200.254) ) And other host addresses are assigned to different hosts in the LAN. However, the known network address allocation method has its inherent limit. Take the above-mentioned class C network address as an example. The number of hosts in the local area network must not exceed 254. In other words, only A host with a legally applied network address (139.175.200.0) can use the Internet. Therefore, if you can use the Internet with a virtual network address, you will be able to overcome the limitation of the actual number of actual network addresses (the virtual network mentioned here means that its network address is not directed to the Internet) The actual Internet address requested by the Internet service provider, but it is a fake one) 'Therefore, RFC (Request for this paper standard applies to Chinese National Standard {CNS) A4 specification (210X29? Mm) (Please read the back first (Notes on this page, please fill in this page again) Binding. Order 455789 A7 Printed by the Consumer Standards Cooperative of the Central Standards Bureau of the Ministry of Economic Affairs B7 V. Invention Description (2) Comments) -1631 In the document, a NAT (Network IP… Address Translation Protocol) In the conversion method, the virtual network address must be converted into an actual Internet protocol address, so that the host in the virtual network can use the Internet. -Therefore, it is known that there is a router (such as produced by Cisco), which has two different physical communication ports, one of which is connected to the virtual network and the other is connected to the actual network, so that the virtual network and the actual network The Internet uses different Internet ports. However, this conventional router has increased production costs due to the setting of the two physical communication ports, making the price on the market high, which is difficult to adopt for price-based local networks. Therefore, it is an object of the present invention to provide a gateway device and a control method for coexisting a virtual network and an actual network. Only one physical communication port is required, so the production cost can be reduced. To achieve the above object of the present invention, the present invention can be accomplished by providing a gateway device. The gateway device is coupled between an Internet and a local network. The local network includes a virtual network and a real network. The gateway device includes an external network interface, an internal network interface, and a processor. The external network interface is coupled to the Internet, and the internal network interface has a physical communication port. The physical communication port is also coupled to the virtual network and the actual network. As for the processor, it is coupled to the external network interface and the internal network interface. The external network interface is used as the interface between the Internet and the internal network interface is used as the interface between the local network. When there is data transmission between the virtual network and the Internet, the processor will NAT the data; when there is data transmission between the actual network and the Internet, the processor will transfer the data (please read it first) Note for back rain, please fill out this paper. 萸) The paper size of the book is applicable to the Chinese National Standard (CNS) A4 specification (2〗 0′〆297 mm) 45 578 9 V. Λ7 B7 Description of the invention (Re., The present invention can provide a control method for a gateway device. The gateway device is coupled between an Internet network and a local area network. The domain and reroute include-a virtual network and-an actual network. The control steps for the strict installation of the gateway: When there is data transmission between the virtual network and the Internet, the gateway device has a processor to make the first data of the data. Xi Xi. Ah you τ Ajing and another external Network interface and an intranet network and area 絪 絪 M # wan ~ xing suo right-to-ancestoring the Internet and establishing a connection and '⑻When the actual network and Internet processing θ transfer wheel' gateway device Has the ability to process 11 pairs of data for transfer, and through the external network interface and internal of the gateway device The connection between the Internet and the local area network is established. Guxian makes the above and other objects, features, and advantages of the present invention clearer. A preferred embodiment is given below, in conjunction with the accompanying drawings. 'A detailed description is as follows: A brief description of the figure: FIG. 1 is a block diagram showing the opening device of the present invention located on the Internet; and FIG. 2 is a block diagram showing the connection device according to the present invention;
^---_·---.I--t-------t (請先閲讀背面之注意事¾再填巧本耳;I 鯉濟部中央標準局員工消費合作杜印掣 咕 ,▼ μ,吻吗圖係顯示根據本發明自區域網路送出資料封包 ^虛擬網路和實際網路間傳遞資料封包的控制流程圖; 第4圖係顯示根據本發明自網際網路接收 控制流程圖。符號說明: _張尺賴财關家 以 資料封包的 A7 45 5 78 9 五、發明説明(4) 1〜區域網路;2〜閘道裝置;3〜網際網路,· 4〜網際網 路服務提供者;11〜虛擬網路;12〜實際網路;21〜内部網 路介面,2丨1〜實體通訊埠;22〜處理器;221〜第—邏輯 埠’· 222〜第二邏輯埠;23〜外部網路介面;以及, 表。 實施例·_ 根據本發明的閘道裝置及其控制方法,僅以單—實體 通訊埠(physical port)同連接區域網路内的虚擬網路和實際 網路,此實體通訊埠概念上可提供兩個邏輯通訊埠 ports),一個設定為虛擬網路的網際網路協定位址,另—個 設定為實際網路的網際網路協定位址。不論虛擬網路内的 主機、抑或實際網路内的主機,均分別設定本發明閘道裝 一為預設閘道器(default gateway)。本發明裝置會自動分辨 係由虛擬網路内的主機、抑或實際網路内的主機送來資料 封包;若是由虛擬網路内的主機送來資料封包,本發明果 置會將此資料封包做NAT轉換,方及於網際網路;若是^ 實際網路内的主機送來資料封包,本發明裝置僅做轉送處 理及於網際網路。此外,虛擬網路内主機與實際網路内主 機之間’亦可以經本發明襞置傳遞資料封包。因此,本發 .明的閘道裝置及其控制方法可降低生產成本。 請參照第1圖’所示為根據本發明之閘道裝置位於— 區域網路和網際網路間的方塊示意圖。第丨圖中,標號i 代表一區域網路’標號2係為本發明之閘道裝置,授號3 代表網際網路’本發明之閘道裝置2係位於區域網路i和 本紙張尺度適用中國國家標準(CNS ) A4规格(210 X 297公釐) (請先閱讀背面之注意事項界填寫本頁) 訂 經濟、部中央標準局工消費合作杜印製 45578 9 經濟部中央標準局貝工消费合作社印装 A7 五、發明説明(5 ) 網際網路3之間。圖示中,本發明之問道裝置2可經由一 網際網路服務提供者4耗接至網際網路3。至於本發明之 間道裝置2與網際網路服務提供者4間,譬如可以撥接或 專線的方式連接。而本發明之閑道裝置2是以單一實體通 Λ埠211 (容後詳述)與區域網路丨搞接。區域網路〗包括一 虛擬,洞路11與一實際網路12,至於虛擬網路Η包含主機 111矛112(第1圖中僅以兩個主機為例),而實際網路 亦包含主機121和122(第1圖中僅以兩個主機為例)。 為方便說明起見’假設虛擬網路U的網路位址為 (192·168·16.0)、實際網路u的網路位址為 〇39’175_200.0) ’其中’虛擬網路位址為自行擬定、非為 向網際網路服務提供者申請者,而實際網路俾址為向,際 網路服務提供者所申請者。據此,虛擬網路丨丨内主機u j 和Π2的ip位址,可分別指定為(192 168 16 2)和 (192· 168.16.3);實際網路12内主機121和122的IP位址, 可分別指定為(139.175.2〇〇·2)和(139.175.2〇0.3)。第 1 圖 中’本發明閘道裝置2之於網際網路3尚具有IP位址 (U0_92.61.100),做為閘道裝置2對外的辨識位址,此一 Ip 位址(140.92.61.100)亦是向網際網路服務提供者申請者, 或是由網際網路服務提供者指定。 第1圖中,虛擬網路11和實際網路12同連接至本發 明閘道裝置2之實體通訊埠211處,由於虛擬網路11和實 際網路12内的主機111、in、121、122均設定以閘道 裝置2為預設閘道器(default gateway),因此,虚擬網路Π 本紙張尺度適用中國國家樣準(CNS ) A4規格(210X297公釐) fl p^m. i - - n n y n^l I - «I Bn n· l . - 绛 i (諳先閱讀背面之注意事項再填寫本頁} 45 5 78 9 Λ7 經濟部中央標準局員工消費合作社印製 B7 五、發明説明(6 ) 和實際網路12内各主機可分別以(192.168.16.1)和 (139.175.200.1)的ip位址,將閘道裝置2設定為預設閉道 器。換句話說’雖然本發明閘道裝置2僅以單一實體通訊 埠211同連接虛擬網路u和實際網路12 ,但是藉由兩組 IP位址的指定,實體通訊埠211在概念上提供了兩個邏輯 通訊埠’分別予虛擬網路11和實際網路12。本例中,這 兩個邏輯通訊埠的IP位址分別是(192 168〗6 〇和 (Ϊ39.175.200.1)等’實則對應於實體通訊埠211單一的實體 位址(MAC address)。, 請參照第2圖,所示為根據本發明之閘道裝置的方塊 示意圖。根據本發明之閘道裝置2,包括:一内部網路介 面21、一處理器22、一外部網路介面23、以及一 Nat 表24 ^内部網路介面21(譬如是一網路卡)具有一實體通訊 埠211,而内部網路介面21便是以實體通訊埠2ιι同與虛 擬網路11和實際網路12連接。至於實體通訊埠2ΐι、虛 擬網路11 、以及實際網路12間連接的拓撲形狀 (Top〇l〇gles) ’可以是星狀拓撲形狀、環狀拓撲形狀、或匯 流排拓撲形狀等等。由於虛擬網路n和實際網路12内主 機均分別設定以閘道裝置2做為預設閘道器,故虚擬網路 Π或=際網路12所傳送出的㈣封包,由内部網路介面 21經貫體通訊蟀211接收後,處理器22就會判斷資料封 包=來自虛擬網路U内主機 '亦或是來自實際網路12内 主機。換句話說,本發明閘道裝置2可以單一實體通訊埠 叫’概念上提供了兩個邏輯通訊埠,分別對應於虚擬網 (讀先聞讀背面之注意寧¾再填两本頁) y裝. 訂 本紙張尺度適用' Λ7 B7 >5 78 9 五、發明説明(7 ) — 路U和實際網路12,如第2圖所示,便是以一第—邏輯 埠22丨對應於虛擬網路^、以—第二邏輯埠222對應於 際網路12。 ' ml· n^^li fl^it ϋ·^— ivn D 1-1 ' U3, 、vs ,--- {請先閱讀背面之注意事項再填寫本頁} 再請參照第2圖,第一邏輯埠221 .係與ΝΑτ表“耦 接,此NAT表24包含將虛擬網路Η諸主機巧位址映射 至閑道裝置2對外IP位址的對照,據此,將虛擬網路η 主機所發送的資料封包内來源ΪΡ位址,經ΝΑτ轉換變更 、為閘道裝對.外ΙΡ位址。而外部網路介面23係做為間 道裝置2對網際網路3的介面,可以是一網路卡或是串列 棒。 請參照第3圖’所示為根據本發明自區域網路送出資 料封包、或虛擬娜和實際網路12間欲傳遞資料封包 的控制流輕圖。首先,於步驟3〇經實體通訊埠2ιι對 網路介面21中斷請求,再於步驟3!藉内部網路介面21驅 動程式收入來自區域網路i之虛擬網路Γ1或實際網路^ ^主機所送出的資料封包。接著,於步㈣判斷資料封 包是否是傳送予閘道裝置2自身;若是,_❹驟33、 經濟部中央標準局員Η消費合作社印製 將此資料封包交由上層(諸如⑽模式下的傳輸層、會議 層、展現層、以及應用層等等)處理;若否,則於步驟別, 對資料封包的來源ϊΪΜ立址和目的jρ位址進行分析。^ ---_ · ---. I--t ------- t (Please read the notes on the back ¾ before filling in the ears; I The consumer cooperation of the Central Bureau of Standards of the Ministry of Economic Affairs, Du Yinhua Go, ▼ μ, kiss? The picture shows the data flow of sending data packets from the local area network according to the present invention ^ The control flow chart of transmitting data packets between the virtual network and the actual network; Figure 4 shows the receiving of data packets from the Internet according to the present invention Control flow chart. Symbol description: _Zhangchi Lai Caiguan's data packet A7 45 5 78 9 V. Description of the invention (4) 1 ~ local network; 2 ~ gateway device; 3 ~ Internet, 4 ~ Internet service provider; 11 ~ Virtual network; 12 ~ Real network; 21 ~ Intranet interface, 2 丨 1 ~ Physical communication port; 22 ~ Processor; 221 ~ No.-logical port '· 222 ~ Second logical port; 23 ~ external network interface; and, Table. Example · _ According to the gateway device of the present invention and its control method, only a single-physical communication port Virtual network and real network, this physical communication port can provide two logical communication ports conceptually, one is set as virtual The Internet Protocol address of the network. The other one is set to the Internet Protocol address of the actual network. Regardless of the host in the virtual network or the host in the actual network, the gateway of the present invention is set as a default gateway, respectively. The device of the present invention will automatically distinguish whether a data packet is sent by a host in the virtual network or a host in the actual network; if the data packet is sent by a host in the virtual network, the present invention will make the data packet NAT conversion is only available on the Internet; if the host within the actual network sends a data packet, the device of the present invention only performs the forwarding processing and is on the Internet. In addition, a data packet can be transmitted between the host in the virtual network and the host in the actual network via the present invention. Therefore, the present invention's gateway device and its control method can reduce production costs. Please refer to FIG. 1 ', which shows a block diagram of a gateway device according to the present invention located between a local area network and the Internet. In the figure, the symbol i represents a local area network. The symbol 2 is the gateway device of the present invention, and the designation 3 represents the Internet. The gateway device 2 of the present invention is located on the local area network i and this paper is applicable. China National Standard (CNS) A4 specification (210 X 297 mm) (Please read the notes on the back to fill out this page) Ordering and cooperation with the Ministry of Economy, Ministry of Economic Affairs, Central Standards Bureau, Du Printing 45578 9 Consumption cooperative printing A7 V. Invention description (5) Between the Internet 3. In the figure, the interrogation device 2 of the present invention can be connected to the Internet 3 through an Internet service provider 4. As for the gateway device 2 and the Internet service provider 4 of the present invention, it can be connected by dial-up or dedicated line, for example. The idle channel device 2 of the present invention is connected to the local area network through a single physical communication port 211 (described later). The local area network includes a virtual network, tunnel 11 and an actual network 12. As for the virtual network, it includes hosts 111 and 112 (only two hosts are taken as an example in Figure 1), and the actual network also includes host 121. And 122 (only two hosts are taken as an example in Figure 1). For the convenience of explanation, 'Assume that the network address of the virtual network U is (192 · 168 · 16.0) and the network address of the actual network u is 039'175_200.0)' wherein 'the virtual network address For the purpose of self-designed, not for applicants from the Internet service provider, and the actual Internet address is for applicants from the Internet service provider. According to this, the IP addresses of the hosts uj and Π2 in the virtual network 丨 丨 can be specified as (192 168 16 2) and (192 · 168.16.3); the IP addresses of the hosts 121 and 122 in the actual network 12 Can be specified as (139.175.2〇 · 2) and (139.175.2〇0.3), respectively. In the first figure, the gateway device 2 of the present invention has an IP address (U0_92.61.100) on the Internet 3, which is used as the external identification address of the gateway device 2. This IP address (140.92.61.100) It is also an applicant from the Internet service provider or specified by the Internet service provider. In FIG. 1, the virtual network 11 and the actual network 12 are connected to the physical communication port 211 of the gateway device 2 of the present invention. Because the hosts 111, in, 121, and 122 in the virtual network 11 and the actual network 12 The gateway device 2 is set as the default gateway. Therefore, the paper size of the virtual network Π is applicable to China National Standard (CNS) A4 (210X297 mm) fl p ^ m. I-- nnyn ^ l I-«I Bn n · l.-绛 i (谙 Please read the notes on the back before filling this page} 45 5 78 9 Λ7 Printed by the Consumers' Cooperative of the Central Standards Bureau of the Ministry of Economic Affairs B7 V. Invention Description (6 ) And each host in the actual network 12 can set the gateway device 2 as the default closer with IP addresses (192.168.16.1) and (139.175.200.1) respectively. In other words, 'Although the gateway of the present invention Device 2 only connects the virtual network u and the actual network 12 with a single physical communication port 211, but with the designation of two sets of IP addresses, the physical communication port 211 conceptually provides two logical communication ports' to the virtual Network 11 and actual network 12. In this example, the IP addresses of the two logical communication ports are (192 168 〖6 〇 and (Ϊ39.175.200.1) and other 'actually correspond to a single physical address (MAC address) of the physical communication port 211. Please refer to FIG. 2, which shows a block diagram of a gateway device according to the present invention. The gateway device 2 according to the present invention includes an internal network interface 21, a processor 22, an external network interface 23, and a Nat table 24. The internal network interface 21 (for example, a network card) There is a physical communication port 211, and the internal network interface 21 is connected to the virtual network 11 and the actual network 12 through the physical communication port 2m. As for the physical communication port 2m, the virtual network 11, and the actual network 12 Topological shape of the connection (Top〇glegles) can be a star topology, a ring topology, or a bus topology, etc. Since the hosts in the virtual network n and the actual network 12 are respectively set as gateways Device 2 is used as the default gateway, so the packet sent from the virtual network Π or Internet 12 is received by the intranet interface 21 through the serial communication 211, and the processor 22 will judge the data Packet = from host in virtual network U or from The host in the Internet 12. In other words, the gateway device 2 of the present invention can be called as a single physical communication port. Conceptually, two logical communication ports are provided, which respectively correspond to the virtual network. Fill in two pages) y. The paper size of the book is applicable. Λ7 B7 > 5 78 9 V. Description of the invention (7) — Road U and actual network 12, as shown in Figure 2, it is based on a first— The logical port 22 丨 corresponds to the virtual network ^, and the second logical port 222 corresponds to the Internet 12. 'ml · n ^^ li fl ^ it ϋ · ^ — ivn D 1-1' U3,, vs, --- {Please read the precautions on the back before filling this page} Then please refer to Figure 2 first Logical port 221 is coupled to the NAT table. This NAT table 24 contains a mapping of the virtual network addresses of hosts to the external IP address of idler device 2. Based on this, the virtual network The source IP address in the sent data packet is changed by NAT conversion to install the gateway IP address. The external network interface 23 is used as the interface between the gateway device 2 and the Internet 3, which can be a Network card or serial stick. Please refer to Figure 3 ', which shows a light flow diagram of the control flow of data packets sent from the local area network, or the virtual network and the actual network 12 to transmit data packets according to the present invention. First, In step 30, the network interface 21 is interrupted through the physical communication port 2m, and then in step 3! The internal network interface 21 driver is used to generate revenue from the local network i's virtual network Γ1 or the actual network ^ ^ Then, in step ㈣, determine whether the data packet is transmitted to the gateway device 2 itself; if so, _❹ 步骤 33 2. The member of the Central Standards Bureau of the Ministry of Economic Affairs and the Consumer Cooperative printed this data packet and handed it to the upper layers (such as the transmission layer, conference layer, presentation layer, and application layer in the ⑽ mode); The source and destination jρ addresses of the data packets are analyzed.
:步:34中’若所接收的資料封包是由虛擬網路u 内機欲傳送至實際網路12内主機、亦或由實際網路Η 内主機欲傳送至虛擬網路主機的話,則進行至步驟 35,將資料封包傳送至目的主機處,唯同位於虛擬網路U 本纸張尺度適用中國國家辦(CNS) Α傲格(210^^y Λ7 4 5 5 78 9 五、發明説明(8 ) 丨一:I-— — — 裝丨- (諳先閱讀背面之ΐΗ攀項再填寫本頁} 内主機間'或是同位於實際網路12内主機間的資料傳送, 則無需透過閘道裝置傳遞,將詳如後述。在步驟34中,奸 判斷資料封包係來自實際網路12内主機,則進行至步驟 36,本發明之閘道裝置2僅是將資料封包做轉送<relay), 並經由對外網路介面23傳送至網際網路3。在步驟34中, 若所接收資料封包係來自虛擬網路11内主機,則進行步% 37查詢NAT表24是否已有記錄?若已有記錄,則至步驟 39逕行NAT轉換’將此一資料封包内來源IP位址(此時為 虛擬網路11内一主機的IP位址)更動為閘道裝置2的對外 介面的IP位址,並經對外網路介面23傳送至網際網路3 ; 若NAT表24沒有記錄,則先進行至步驟38,將虛擬網路 Π内傳送此資料封包主機的IP位址與閘道裝置2的對外介 面的IP位址映射關係,記錄至NAT表24後,方及於步驟 39進行處理。 經濟部中央標準局貝工消費合作社印製 請參照第4圖,所示係根據本發明自網際網路接收資 料封包的控制流程圓。首先’於步驟4〇經外部網路介面 23中斷請求’接收來自網際網路3某一主機所送出的資料 封包。接著,於步驟41判斷資料封包是否是傳送予閘道裝 置2自身。若資料封包不是要傳送予閘道裝置2,便進行 至於步驟42 ’判斷資料封包是否欲傳送予實際網路丨2 ; 若是’則進行步驟43做轉送的動作’將資料封包將經由内 部網路介面21遞送至實際網路12内;若否,則進行步驟 44將該資料封包丟棄。 若於步驟41判斷得資料封包是欲傳送予閘道裝置2的 本紙張尺度適财關( ) 45578 9 Λ? Β7 經濟部中央標準局*:工消費合作社印製 五'發明説明(9) 話,則進行步驟45查詢NAT表24是否有記錄;若NAT表 24沒有記錄’表示此資料封包是欲傳送予閘道裝置2,因 此,進行至步驟46,將此資料封包交由上層(諸如〇si模 式下的傳輸層、會議層、展現層、以及應用層等等)處理; 若NAT表24有記錄.,則至步驟47將資料封包逕行NAT 轉換,將此資料封包内目的IP位址(此時為閘道裝置對外 的IP位址)更動為虛擬主機11内一主機的IP位址,並經由 對内網路介面21傳送至虛擬網路11。 對於同位於虛擬網路11内主機間、或是同位於實際網 路12内主機間的資料傳送方式,則僅需以習知網路中常用 的廣播(broadcasting)模式,發出一個位址轉換協定請求 (Address Resolution Protocol Request)信號,待欲為接收主 機發出一位址轉換協定回應(Address Resolution Protocol Response)信號後,即可進行傳輸,無需再透過閘道裝置2 傳遞。若位於虛擬網路11内主機,以廣播模式發出對閘道 裝置2位址轉換協定請求信號,閘道裝置2會回覆以位址 轉換協定回應信號。同理,若位於實際網路12内主機,以 廣播模式發出對閘道裝置2位址轉換協定請求信號,閘道 裝置2也會回覆以位址轉換協定回應信號。 綜合上述,本發明僅以單一實體通訊埠(physical port) 同連接區域網路内的虛擬網路和實際網路,此實體通訊埠 概念上可提供兩個邏輯通訊埠(logical ports),一個設定為 虚擬網路的網際網路協定位址,另一個設定為實際網路的 網際網路協定位址。不論虛擬網路内的主機、抑或實際網 11 (讀先閲讀背面之注意事項再填寫本頁) 、τ 本紙張尺度適用中國國家榡率(CNS } A4規格(2Ϊ0Χ 297公潑) 45 578 9 一'—___________B7 五、發明説明(ίο) 一" 路内的主機’均分別設定本發明閘道裝置為預設閘道器 (default gateway)。本發明裝置會自動分辨係由虛擬網路内 的主機、抑或實際網路内的主機送來資料封包;若是由虚 擬網路内的主機送來資料封包,本發明裝置會將此資料封 包做NAT轉換,方及於網際網路;若是由實際網路内的主 機送來資料封包,本發明裝置僅做轉送處理及於網際網 路。此外,虚擬網路内主機與實際網路内主機之間,亦可 以經本發明裝置傳遞實料封包。因此,本發明的閘道裝置 及其控制方法可降低生產成本。 雖然本發明已以較佳實施例揭露如上,然其並非用以 限疋本發明,任何熟習此技藝者,在不脫離本發明之精神 和範圍内,當可作更動與潤飾,因此本發明之保護範圍當 視後附之申請專利範圍所界定者為準。 -1 I. I l^n 、 ' n^i m^i fl^i 15i I I I -. > » - . 、" (請先間讀背面之注意事項再填寫本頁} 經濟部中央標準局員工消費合作社印製: Step: 34 'If the received data packet is to be transmitted from the virtual network u internal machine to the host in the actual network 12, or from the actual network Η internal host to the virtual network host, then proceed Go to step 35, send the data packet to the destination host, but it is only on the virtual network. The paper size is applicable to the China National Office (CNS) Α 傲 格 (210 ^^ y Λ7 4 5 5 78 9 5. Description of the invention ( 8) 丨 One: I-— — — Install 丨-((Read the ΐΗ climbing item on the back and then fill out this page} Internal host 'or data transmission between the hosts located in the actual network 12, you do not need to go through the gate The device transmission will be described in detail later. In step 34, it is determined that the data packet is from the host in the actual network 12, and then proceeds to step 36. The gateway device 2 of the present invention simply forwards the data packet < relay ), And send it to the Internet 3 via the external network interface 23. In step 34, if the received data packet is from a host in the virtual network 11, then proceed to step 37 to query whether there is a record in the NAT table 24? If there is a record, go to Step 39 to perform NAT conversion. The internal source IP address (in this case, the IP address of a host in the virtual network 11) is changed to the external interface IP address of the gateway device 2 and transmitted to the Internet 3 via the external network interface 23; if If there is no record in the NAT table 24, then proceed to step 38, and map the mapping between the IP address of the host transmitting the data packet in the virtual network and the IP address of the external interface of the gateway device 2, and record it in the NAT table 24. The processing is performed in step 39. Printed by the Central Laboratories of the Ministry of Economic Affairs, Shellfish Consumer Cooperative, please refer to Figure 4, which shows the control flow of receiving data packets from the Internet according to the present invention. The external network interface 23 interrupts the request to receive a data packet sent from a host on the Internet 3. Then, it is determined in step 41 whether the data packet is transmitted to the gateway device 2 itself. If the data packet is not to be transmitted to the gateway Device 2, then proceed to step 42 'determine whether the data packet is intended to be transmitted to the actual network 丨 2; if it is' then proceed to step 43 to perform the transfer action', the data packet will be delivered to the actual network via the internal network interface 21 Within 12; if not, proceed to step 44 to discard the data packet. If it is determined in step 41 that the data packet is to be transmitted to the gateway device 2, the paper size is suitable for financial management () 45578 9 Λ? Β7 Central Standard of the Ministry of Economic Affairs Bureau *: Industrial and consumer cooperatives print five 'Invention description (9), then go to step 45 to check whether there is a record in NAT table 24; if there is no record in NAT table 24, it means that this data packet is intended to be transmitted to the gateway device 2, so , Proceed to step 46, and hand over this data packet to the upper layers (such as the transport layer, conference layer, presentation layer, and application layer in the 0si mode); if there is a record in the NAT table 24, go to step 47 The data packet is converted by NAT, and the destination IP address in this data packet (in this case, the external IP address of the gateway device) is changed to the IP address of a host in the virtual host 11 and transmitted through the internal network interface 21 Go to virtual network 11. For data transmission methods that are co-located between hosts in the virtual network 11 or co-located in the actual network 12, only an address conversion protocol needs to be issued in a broadcast mode commonly used in known networks The Request (Address Resolution Protocol Request) signal is transmitted after the address resolution protocol response (Address Resolution Protocol Response) signal is sent to the receiving host, and does not need to be transmitted through the gateway device 2. If the host located in the virtual network 11 sends an address conversion protocol request signal to the gateway device 2 in a broadcast mode, the gateway device 2 will respond with an address conversion protocol response signal. Similarly, if the host located in the actual network 12 sends an address conversion protocol request signal to the gateway device 2 in a broadcast mode, the gateway device 2 will also respond with an address conversion protocol response signal. To sum up, the present invention only uses a single physical port to connect the virtual network and the actual network in the local area network. This physical communication port can conceptually provide two logical ports, one setting Is the Internet Protocol address of the virtual network, and the other is the Internet Protocol address of the actual network. Regardless of the host in the virtual network, or the actual network 11 (read the precautions on the back before filling out this page), τ This paper size applies to China's national standard (CNS) A4 specification (2Ϊ0 × 297 mm) 45 578 9 1 '—___________ B7 V. Description of the Invention (1) Hosts in the roads' have set the gateway device of the present invention as the default gateway. The device of the present invention will automatically distinguish the system from the virtual network. The host or the host in the actual network sends a data packet; if the host sends a data packet from the virtual network, the device of the present invention will perform NAT conversion on the data packet to the Internet; if it is sent by the actual network The host on the road sends a data packet. The device of the present invention only performs forwarding processing and is on the Internet. In addition, between the host in the virtual network and the host in the actual network, the actual packet can also be transmitted through the device of the present invention. The gateway device and the control method thereof of the present invention can reduce the production cost. Although the present invention has been disclosed as above with a preferred embodiment, it is not intended to limit the present invention. Anyone familiar with this technique In addition, without departing from the spirit and scope of the present invention, modifications and retouching can be made, so the protection scope of the present invention shall be determined by the scope of the appended patent application. -1 I. I l ^ n 、 ' n ^ im ^ i fl ^ i 15i III-. > »-., " (Please read the notes on the back before filling out this page} Printed by the Consumers' Cooperative of the Central Standards Bureau of the Ministry of Economic Affairs