情報処理学会Acta Medica Okayama1882-78375232011内部ネットワーク上のホストを外部から識別するためのMACアドレス中継型NATルータ13481356ENNariyoshiYamaiRyoMurakamiKiyohikoOkayamaMotonoriNakamuraIPv4アドレスの枯渇問題の軽減策の1つとして,NAT(Network Address Translation)がある.NATは複数の内部ホストが1つのグローバルIPアドレスを共用できるため,必要なグローバルIPアドレスの数を節約できる.しかし,外部ネットワーク側では個々の内部ホストを識別できないため,たとえば外部ネットワーク側でアクセス制御を行うと,1台の内部ホストが外部ネットワークに対するアクセス許可を受けただけで他の内部ホストまで外部ネットワークにアクセス可能な状態になるなどの問題が生じる.そこで,本論文ではデータリンク層での送信元識別子である送信元MACアドレスが基本的にはレイヤ2機器のMACアドレス学習機能にしか使われていない点に着目し,内部ホストから送信されたフレームに含まれる送信元MACアドレスをそのまま外部ネットワーク側に中継する機能を持つNATルータを提案する.本提案に基づいて試作したNATルータを評価した結果,MACアドレスに基づいて内部ホストを個別にアクセス制御でき,また十分なスループットが得られることを確認した.No potential conflict of interest relevant to this article was reported.Acta Medica Okayama2005Performance Improvement of TCP using Performance Enhancing Proxies — Effect of Premature ACK Transmission Timing on Throughput —712ENShigeyukiOsadaTokumiYokohiraWangHuiKiyohikoOkayamaNariyoshiYamai<p>In order to improve TCP performance, a method using a PEP (Perfonnance Enhancing Proxy) is proposed. The PEP operates on a router along a TCP connection. When a data packet arrives at the PEP, it forwards the packet to the destination host, transmits the corresponding ACK (premature ACK) to the source host in behalf of the destination host and stores the copy of the packet into its own buffer (PEP buffer) in case of the retransmission of the packet. In this paper, under the strategy which keeps the number of packets in the PEP buffer for which premature ACKs have been returned being less than or equal to a fixed threshold value (watermark value), we investigate the relation between the watermark value and the maximum throughput. Extensive simulation runs show that the simulation results are roughly classified into two cases. One case is that the maximum throughput becomes larger for larger watermark value and becomes a constant value when the watermark value is over a value. The other case is that though the maximum throughput becomes larger for lager watermark value in the same way, it reversely decreases when the watermark value is over a value. We also show that the latter (former) case is easier to occur as the propagation delay in the input side network ofthe PEP becomes smaller (larger) and the propagation delay in the output side network of the PEP becomes larger (smaller) and the PEP buffer capacity becomes smaller (larger).</p>
No potential conflict of interest relevant to this article was reported.Acta Medica Okayama2001A dynamic traffic sharing with minimal administration on multihomed networks15061510ENNariyoshiYamaiKiyohikoOkayamaHiroshiShimamotoTakujiOkamoto<p>Multihomed network is one of the most efficient configuration to improve the response time of network services. However, it is hard to introduce or manage because the existing configuration methods have several problems in that they require much technical skill, involve administrative over-burden for the administrator and so on. In this paper, we propose a dynamic traffic sharing technique and suitable backbone selection metrics to address some of these problems. Using the proposed technique, an appropriate backbone can be selected per connection with minimal technical skill and low administrative cost. In addition, the proposed metrics performs more efficient traffic sharing as compared to others techniques that were investigated </p>
No potential conflict of interest relevant to this article was reported.IEEE Computer SocietyActa Medica Okayama2005A protection method against massive error mails caused by sender spoofed spam mails384390ENNariyoshiYamaiKiyohikoOkayamaTakuyaMiyashitaShinMaruyamaMotonoriNakamuraWide spread of spam mails is one of the most serious problems on e-mail environment. Particularly, spam mails with a spoofed sender address should not be left alone, since they make the mail server corresponding to the spoofed address be overloaded with massive error mails generated by the spam mails, and since they waste a lot of network and computer resources. In this paper, we propose a protection method of the mail server against such massive error mails. This method introduces an additional mail server that mainly deals with the error mails in order to reduce the load of the original mail server. This method also provide a function that refuses error mails to these two mail servers to save the network and computer resources.No potential conflict of interest relevant to this article was reported.Acta Medica Okayama2005A Method of Dynamic Interconnection of VLANs for Large Scale VLAN Environment427432ENKiyohikoOkayamaNariyoshiYamaiTakuyaMiyashitaKeitaKawanoTakujiOkamoto<p>VLAN (Virtual LAN) is a technology which can configure logical networks independent of the physi cal network structure. With VLAN, users in common spaces (such as meeting rooms) can access to their department networks temporarily because changing of logical network structure is achieved only by con figuration of VLAN switches. However, in the general configuration method, because VLANs are managed statically by admin istrators, various problems such as high adminis trative cost and conflict or insufficiency of VLAN IDs may arise especially in large scale organiza tions where VLANs are managed by each depart ment. To solve these problems, we propose a method which provides an interconnection between a tem porary configured VLAN in a common space and a VLAN of a user’s department. In the proposed method, a user in a common space can access to his/her department network seamlessly by convert ing a temporary VLAN-ID in the common space and a VLAN-ID used in his/her department each other automatically. The effectiveness of the pro posed method is confirmed by the experiment on the actual network using VLAN managers, VLAN ID converters and authentication servers based on the proposed method. </p>
No potential conflict of interest relevant to this article was reported.