CN101557336B - Method for establishing network tunnel, data processing method and relevant equipment - Google Patents

Method for establishing network tunnel, data processing method and relevant equipment Download PDF

Info

Publication number
CN101557336B
CN101557336B CN2009101376586A CN200910137658A CN101557336B CN 101557336 B CN101557336 B CN 101557336B CN 2009101376586 A CN2009101376586 A CN 2009101376586A CN 200910137658 A CN200910137658 A CN 200910137658A CN 101557336 B CN101557336 B CN 101557336B
Authority
CN
China
Prior art keywords
section point
node
message
log
network tunnel
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN2009101376586A
Other languages
Chinese (zh)
Other versions
CN101557336A (en
Inventor
王雨晨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Huawei Technology Co Ltd
Original Assignee
Huawei Symantec Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Symantec Technologies Co Ltd filed Critical Huawei Symantec Technologies Co Ltd
Priority to CN2009101376586A priority Critical patent/CN101557336B/en
Publication of CN101557336A publication Critical patent/CN101557336A/en
Priority to PCT/CN2010/072424 priority patent/WO2010127610A1/en
Priority to US13/289,552 priority patent/US8769661B2/en
Application granted granted Critical
Publication of CN101557336B publication Critical patent/CN101557336B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the invention relates to the technical field of communication, and discloses a method for establishing a network tunnel, a data processing method and relevant equipment, wherein the method for establishing the network tunnel comprises the following steps: a first node searches the registration information of a second node from a virtual private network server so as to determine whether the second node accepts external connection; the registration information of the second node at least comprises the information specifying whether the second node accepts external connection; and the first node establishes a corresponding network tunnel with the second node according to the registration information found out. The technical proposal of the embodiment of the invention causes a node in a virtual private network (VPN) to be capable of knowing the registration information of other nodes, thereby being capable of establishing a corresponding network tunnel with other nodes, reducing the waste of network resources and improving network tunnel establishing efficiency.

Description

A kind of method of setting up network tunnel, data processing method and relevant device
Technical field
The present invention relates to communication technical field, relate in particular to a kind of method of setting up network tunnel, data processing method and relevant device.
Background technology
VPN (VPN, Virtual Private Network) is interim, a safe connection of setting up through a common network (normally internet), is safe, a stable tunnel that passes chaotic common network.Usually, the VPN network is the expansion to intranet, can help long-distance user, corporate branch office, business parnter and supplier to set up believable safety with the in-house network of company through it and connect, and guarantee the safe transmission of data.
Current, the communication mode in the VPN network between the node has virtual switch pattern and direct channel pattern.Wherein, the virtual switch pattern is meant that all nodes are all set up network tunnel with a vpn server in the VPN network, need carry out transfer by vpn server when carrying out data communication between the different nodes; VPN network under the virtual switch pattern is a star network; The direct channel pattern is meant between some nodes and other node directly sets up network tunnel, and two data between nodes communications need not through the vpn server transfer through the directly-connected network tunnel transmission; VPN network under the direct channel pattern is a mesh network.It is thus clear that the VPN network under the direct channel pattern can not form the network performance bottleneck owing to need not the concentrated switching task of data in the vpn server burden VPN network in the VPN network, be easy under the same band condition, set up more massive VPN network.Therefore; Prior art usually at node when inserting the VPN network; At first attempt directly setting up the directly-connected network tunnel, if after attempting directly setting up the failure of directly-connected network tunnel, communicate with the virtual switch pattern with the needs nodes in communication again with the needs nodes in communication.
Yet the inventor finds that the communication mode that each node is supported in the existing VPN network possibly be inequality; All be in various network address transition (NAT, the NetworkAddress Translation) equipment such as two nodes, do not possess legitimate network agreement (IP; Internet Protocol) during the address; Can only communicate with the virtual switch pattern between these two nodes, in this case, if also attempt directly setting up the directly-connected network tunnel between two nodes; Not only waste Internet resources, also can reduce the efficient of setting up network tunnel.
Summary of the invention
The embodiment of the invention provides a kind of method of setting up network tunnel, data processing method and relevant device, make in the VPN network node and other node between when setting up network tunnel, reduce the wasting of resources, improve the efficient that network is set up network tunnel.
For realizing above-mentioned purpose, the embodiment of the invention provides following technical scheme:
The method of setting up network tunnel that the embodiment of the invention provides; Comprise: first node is to the log-on message of virtual special network server inquiry Section Point; To confirm whether said Section Point accepts outside the connection, and the log-on message of said Section Point comprises at least whether said Section Point accepts the outside information that connects; First node is set up corresponding network tunnel according to the said log-on message that inquires with said Section Point.
The data processing method that the embodiment of the invention provides comprises: receive the query messages that first node sends, said query messages comprises the log-on message of inquiring about Section Point; The log-on message of the said Section Point of storing in advance is sent to said first node; So that said first node and said Section Point are set up corresponding network tunnel, the log-on message of said Section Point comprises at least whether said Section Point accepts the outside information that connects.
The VPN node that the embodiment of the invention provides; Comprise: query unit; Be used for log-on message to virtual special network server inquiry Section Point; To confirm whether said Section Point accepts outside the connection, and the log-on message of said Section Point comprises at least whether said Section Point accepts the outside information that connects; Set up the network tunnel unit, be used for setting up corresponding network tunnel with said Section Point according to the said log-on message that inquires.
The virtual special network server that the embodiment of the invention provides comprises: receiving element, be used to receive the message that first node sends, and said message is used to inquire about the log-on message of Section Point; Transmitting element; The log-on message of the Section Point that is used for storing in advance is sent to said first node; So that said first node and said Section Point are set up corresponding network tunnel, the log-on message of said Section Point comprises at least whether said Section Point accepts the outside information that connects.
The virtual private network system that the embodiment of the invention provides comprises: VPN node and virtual special network server; Said VPN node; Be used for log-on message to said virtual special network server inquiry Section Point; To confirm whether said Section Point accepts outside the connection, and the log-on message of said Section Point comprises at least whether said Section Point accepts the outside information that connects; According to the said log-on message that inquires, set up corresponding network tunnel with said Section Point; Said virtual special network server is used to receive the message that said VPN node sends, and said message is used to inquire about the log-on message of Section Point; The log-on message of the Section Point of storing in advance is sent to said VPN node; So that said VPN node and said Section Point are set up corresponding network tunnel, the log-on message of said Section Point comprises at least whether said Section Point accepts the outside information that connects.
Compared with prior art; The embodiment of the invention makes the first node in the VPN network can understand the log-on message of Section Point; Comprise Section Point in this log-on message and whether accept the outside information that connects; Thereby first node can be set up corresponding network tunnel according to the log-on message and the Section Point of this Section Point, has avoided when Section Point is not accepted outside the connection, still carrying out the trial that the directly-connected network tunnel is set up; Thereby can reduce waste of network resources, and improve the efficient of setting up network tunnel.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art; To do to introduce simply to the accompanying drawing of required use among the embodiment below; Obviously, the accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills; Under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
A kind of method flow diagram of setting up network tunnel of Fig. 1 for providing in the embodiment of the invention;
The flow chart of setting up in network tunnel process query node log-on message of Fig. 2 for providing in the embodiment of the invention;
A kind of method flow diagram of setting up network tunnel of Fig. 3 for providing in the embodiment of the invention;
A kind of method flow diagram of setting up network tunnel of Fig. 4 for providing in the embodiment of the invention;
A kind of method flow diagram of setting up network tunnel of Fig. 5 for providing in the embodiment of the invention;
A kind of data processing method flow chart of Fig. 6 for providing in the embodiment of the invention;
Fig. 7 is the structure chart of a kind of VPN node of providing in the embodiment of the invention;
Fig. 8 is the structure chart of a kind of query unit of providing in the embodiment of the invention;
A kind of structure chart of setting up network tunnel unit of Fig. 9 for providing in the embodiment of the invention;
Figure 10 is the structure chart of a kind of virtual special network server of providing in the embodiment of the invention;
Figure 11 is the structure chart of a kind of virtual private network system of providing in the embodiment of the invention;
A kind of VPN network diagram of Figure 12 for providing in the embodiment of the invention.
Embodiment
To combine the accompanying drawing in the embodiment of the invention below, the technical scheme in the embodiment of the invention is carried out clear, intactly description, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills are not making the every other embodiment that is obtained under the creative work prerequisite, all belong to the scope of the present invention's protection.
Embodiment one:
See also Fig. 1, a kind of method flow diagram of setting up network tunnel that Fig. 1 provides for the embodiment of the invention.As shown in Figure 1, this method can comprise:
101: whether first node accepts outside the connection to the log-on message of virtual special network server inquiry Section Point to confirm Section Point, and the log-on message of Section Point comprises at least whether Section Point accepts the outside information that connects;
Wherein, the node described in present embodiment and the follow-up embodiment includes but not limited to computer and other user terminals in the VPN network etc.
In the present embodiment; When first node request and Section Point communicate; Can be from the log-on message of virtual special network server inquiry Section Point; At least comprise in the log-on message whether Section Point accepts the outside information that connects, and this information is used to indicate Section Point whether can set up the directly-connected network tunnel.
For instance, please consult Fig. 2 in the lump, the method flow diagram of setting up query node log-on message in the network tunnel process that Fig. 2 provides for present embodiment.As shown in Figure 2, first node to the log-on message of virtual special network server inquiry Section Point specifically can for:
201: first node sends query messages to virtual special network server, and this query messages is used to inquire about the log-on message of Section Point;
202: the log-on message that receives the Section Point of virtual special network server transmission.
Further, be sent in the query messages of virtual special network server, can also comprise the title of Section Point and/or the current real IP address of Section Point at first node.
For instance; The current real IP address of Section Point is meant the legal address of Section Point in internet (Internet); Specifically can be Internet protocol (IP) address of Section Point in the Internet network; Or IP address and address transmission control protocol (TCP, Transmission Control Protocol)/UDP (UDP, User DatagramProtocol) port combination after of Section Point in the Internet network; Or Section Point other addresss of service in the Internet network with web page address (URL, Uniform Resource Locator) expression.
For instance, the log-on message of the Section Point that sends of the reception virtual special network server in 202 specifically can for:
Current real IP address, the virtual ip address of the Section Point that the reception virtual special network server sends and the information of whether accepting outside connection.
Wherein, if Section Point is accepted the outside information that connects, then first node can be set up the directly-connected network tunnel under the direct channel pattern according to the current real IP address and the Section Point of Section Point; Otherwise if Section Point is not accepted outside the connection, then first node can be set up the indirect network tunnel under the virtual switch pattern according to the virtual ip address and the Section Point of Section Point.
If, the current real IP address and the virtual ip address of the known Section Point of first node, then the log-on message of the Section Point that sends of the reception virtual special network server in 202 can be the outside information that connects of whether accepting of Section Point.
The log-on message of the Section Point in the present embodiment can also comprise other relevant information of Section Point except comprising the current real IP of Section Point address, virtual ip address and whether accepting the outside information that connects.
102:, set up corresponding network tunnel with Section Point according to the log-on message that inquires.
For instance, after first node receives the log-on message of Section Point, can accept outside the connection, then set up corresponding network tunnel with Section Point if find Section Point.Please consult Fig. 3 in the lump, a kind of method flow diagram of setting up network tunnel that Fig. 3 provides for present embodiment.As shown in Figure 3, first node and Section Point are set up corresponding network tunnel and can be comprised:
301: first node sends the network tunnel request of setting up to Section Point;
302: first node receives the response that Section Point sends, thus the network tunnel between foundation and the Section Point.
In addition, first node can also be inquired about the log-on message of first node to virtual special network server;
Wherein, the log-on message of first node comprises at least whether first node accepts the outside information that connects;
For instance, after first node receives the log-on message of Section Point, can accept outside the connection if find Section Point, and first node is accepted outside the connection, then sets up corresponding network tunnel with Section Point.Please consult Fig. 4 in the lump, a kind of method flow diagram of setting up network tunnel that Fig. 4 provides for present embodiment.As shown in Figure 4, first node and Section Point are set up corresponding network tunnel and can be comprised:
401: first node sends to Section Point and is used to point out Section Point to set up the message of network tunnel to first node;
402: first node receives the network tunnel request of setting up that Section Point sends;
403: first node sends response to Section Point, thus the network tunnel between foundation and the Section Point.
For instance, after first node receives the log-on message of Section Point, do not accept outside the connection, and first node do not accept outside the connection yet, then set up corresponding network tunnel with Section Point if find Section Point.Please consult Fig. 5 in the lump, a kind of method flow diagram of setting up network tunnel that Fig. 5 provides for present embodiment.As shown in Figure 5, first node and Section Point are set up corresponding network tunnel and can be comprised:
501: first node sends the network tunnel request of setting up to virtual special network server;
502: first node receives the response that virtual special network server sends, thereby sets up the network tunnel between first node and the virtual special network server;
503: first node sends to Section Point and sets up network tunnel message, so that Section Point and virtual special network server are set up network tunnel.
At this moment; Virtual special network server is as the transferring equipment between first node and the Section Point; Be used to receive the communication data of first node transmission and be forwarded to Section Point; Receive the communication data of Section Point transmission simultaneously and be forwarded to first node, like this, set up the network tunnel between first node and the Section Point indirectly.
Need to prove that understanding at first node after the registration message of Section Point and first node, the concrete real process of setting up network tunnel with Section Point is that those skilled in the art are familiar with, present embodiment is not further described at this.
Above-mentioned a kind of method of setting up network tunnel that the embodiment of the invention one is provided has been carried out detailed introduction; The embodiment of the invention makes first node in the VPN network before setting up network tunnel with Section Point; Can from virtual special network server, inquire about the log-on message of Section Point and the log-on message of first node; Thereby can understand Section Point and first node and whether accept outside the connection; And then set up corresponding network tunnel with Section Point, and to have avoided when two nodes can only connect with the virtual switch pattern, such two nodes also carry out the trial that the directly-connected network tunnel is set up; From can having reduced waste of network resources, and improve the efficient of setting up network tunnel.
Embodiment two:
See also Fig. 6, a kind of data processing method flow chart that Fig. 6 provides for the embodiment of the invention.As shown in Figure 6, this method can comprise:
601: virtual special network server receives the message that first node sends, and this message is used to inquire about the log-on message of Section Point;
In the present embodiment, the message that first node sends can also be further used for inquiring about the log-on message of first node.
602: the log-on message of the Section Point that virtual special network server will be stored in advance is sent to first node, so that first node and Section Point are set up corresponding network tunnel.
For instance, first node can receive the current real IP of Section Point address, the virtual ip address of virtual special network server transmission and whether accept the outside information that connects;
And receive the current real IP of first node address, the virtual ip address of virtual special network server transmission and whether accept the outside information that connects.
Wherein, the log-on message of the Section Point in the present embodiment includes but not limited to the current real IP of Section Point address, virtual ip address and whether accepts the outside information that connects;
Equally, the log-on message of the first node in the present embodiment includes but not limited to the current real IP of first node address, virtual ip address and whether accepts the outside information that connects.
Further; The current real IP address of Section Point is meant the legal address of Section Point in the Internet network; Specifically can be the net IP address of Section Point in the Internet network; Or IP address and address TCP/UDP port combination after of Section Point in the Internet network, or Section Point other addresss of service of representing with URL in the Internet network;
In like manner; The current real IP address of first node is meant the legal address of first node in the Internet network; Specifically can be the IP address of first node in the Internet network; Or IP address and address TCP/UDP port combination after of first node in the Internet network, or first node other addresss of service of representing with URL in the Internet network.
Method according to the embodiment of the invention provides before above-mentioned 201, can also comprise:
Virtual special network server receives the access request message of first node transmission and the access request message that Section Point sends, and wherein, the access request message that first node sends comprises the nodename and the current real IP address of first node;
The access request message that Section Point sends comprises the nodename and the current real IP address of Section Point;
Virtual special network server distributes virtual ip address to first node, and whether definite first node accept outside the connection, and distributes virtual ip address to Section Point, and whether definite Section Point accepts outside the connection;
The virtual ip address of virtual special network server storage first node title, current real IP address, distribution and the corresponding relation of whether accepting the outside information that is connected, and the virtual ip address of storage Section Point title, current real IP address, distribution and the corresponding relation of whether accepting the information that the outside is connected.And; With the nodename of said first node and Section Point, current true Internet protocol address, virtual Internet protocol address and indicate said first node and whether Section Point accepts the log-on message of the outside information that connects as first node and Section Point.
Wherein, above-mentioned definite first node whether accept outside connect specifically can for:
After having distributed virtual ip address to first node; Connection request from network tunnel to the first node transmission that once set up is to judge whether first node accepts outside the connection; After receiving the response that first node returns; Confirm the outside connection of first node acceptance, promptly " whether accepting outside the connection " attribute of first node is " OK "; Otherwise if can't receive the response that first node returns at the appointed time, the affirmation first node is not accepted outside the connection, and promptly " whether accepting outside the connection " attribute of first node is " NO ".
Equally, can confirm in a manner mentioned above whether Section Point accepts outside the connection.
In the present embodiment, it is identical that first node and Section Point are set up the method for introducing among concrete realization and the embodiment one of corresponding network tunnel, no longer repeats here.
Above-mentioned a kind of data processing method that the embodiment of the invention two is provided has been carried out detailed introduction; In the embodiment of the invention; Virtual special network server can be according to the request of first node, and the log-on message of Section Point and first node is sent to first node, makes that like this first node can be before setting up network tunnel with Section Point; Understand Section Point and first node and whether accept outside the connection; And then set up corresponding network tunnel with Section Point, and to have avoided when two nodes can only connect with the virtual switch pattern, such two nodes also carry out the trial that the directly-connected network tunnel is set up; From can having reduced waste of network resources, and improve the efficient of setting up network tunnel.
Embodiment three:
See also Fig. 7, the structure chart of a kind of VPN node that Fig. 7 provides for the embodiment of the invention.As shown in Figure 7, the VPN node can comprise:
Query unit 701 is used for the log-on message to virtual special network server inquiry Section Point, whether accepts outside the connection to confirm Section Point, and the log-on message of Section Point comprises at least whether Section Point accepts the outside information that connects;
Set up network tunnel unit 702, be used for setting up corresponding network tunnel with Section Point according to the log-on message that inquires.
For instance, the described corresponding network tunnel of present embodiment comprises directly-connected network tunnel and the indirect network tunnel under the virtual switch pattern under the direct channel pattern.
Please consult Fig. 8, the structural representation of a kind of query unit that Fig. 8 provides for the embodiment of the invention three in the lump.As shown in Figure 8, query unit 701 can comprise:
Send subelement 7011, be used for sending query messages to virtual special network server, said query messages comprises the log-on message of inquiring about Section Point;
Receive subelement 7012, be used to receive the log-on message of the Section Point that virtual special network server sends.
Preferably, the log-on message of Section Point can include but not limited to the current real IP of Section Point address, virtual ip address and whether accept the outside information that connects.
Please consult Fig. 9 in the lump, a kind of structural representation of setting up the network tunnel unit that Fig. 9 provides for the embodiment of the invention.As shown in Figure 9, setting up network tunnel unit 702 can comprise:
First sets up subelement 7021, is used for when Section Point is accepted outside the connection, sending the network tunnel request of setting up to Section Point; Receive the response that Section Point sends, thus the network tunnel between foundation and the Section Point.
For instance, query unit 701 can also be used for the log-on message to virtual special network server inquiry first node; Wherein, the log-on message of first node comprises at least whether first node accepts the outside information that connects.
Like this, setting up network tunnel unit 702 can comprise:
Second sets up subelement 7022; Be used for not accepting outside the connection at Section Point; And when first node is accepted outside the connection, send to Section Point and to be used to point out Section Point to set up the message of network tunnel, receive the network tunnel request of setting up that Section Point sends to first node; To the response of Section Point transmission, thus the network tunnel between foundation and the Section Point.
The 3rd sets up subelement 7023, be used for not accepting outside the connection at Section Point, and first node sends the network tunnel request of setting up to virtual special network server when not accepting outside the connection; Receive the response that virtual special network server sends, thus the network tunnel between foundation and the virtual special network server; Set up network tunnel message to the Section Point transmission,, thereby set up the network tunnel between first node and the Section Point so that Section Point is set up network tunnel to virtual special network server.
At this moment; Virtual special network server is as the transferring equipment between first node and the Section Point; Be used to receive the communication data of first node transmission and be forwarded to Section Point; Receive the communication data of Section Point transmission simultaneously and be forwarded to first node, like this, set up the network tunnel between first node and the Section Point indirectly.
Need to prove that method and the process that Section Point is set up network tunnel to virtual special network server is that method and the process of setting up network tunnel to virtual special network server with first node are identical, present embodiment is not given unnecessary details at this.
Above-mentioned a kind of VPN node that the embodiment of the invention three is provided has carried out detailed introduction; Reception subelement 7012 in the query unit 701 of the first node that the embodiment of the invention provides can be before first node and Section Point be set up network tunnel; The log-on message of inquiry Section Point and the log-on message of first node from virtual special network server; Thereby make and to set up that Section Point can be understood in network tunnel unit 702 and whether first node accepts outside the connection; And then set up corresponding network tunnel with Section Point, and to have avoided when two nodes can only connect with the virtual switch pattern, two nodes also carry out the trial that the directly-connected network tunnel is set up; From can having reduced waste of network resources, and improve the efficient of setting up network tunnel.
Embodiment four:
See also Figure 10, the structure chart of a kind of virtual special network server that Figure 10 provides for the embodiment of the invention.Shown in figure 10, virtual special network server can comprise:
Receiving element 1001 is used to receive the message that first node sends, and said message is used to inquire about the log-on message of Section Point;
Transmitting element 1002; The log-on message of the Section Point that is used for storing in advance is sent to said first node; So that said first node and said Section Point are set up corresponding network tunnel, the log-on message of said Section Point comprises at least whether said Section Point accepts the outside information that connects.
In the present embodiment; The message that the first node that receiving element 1001 receives sends can also be further used for inquiring about the log-on message of first node; Then transmitting element 1002 can also further send the log-on message of first node to first node, and the log-on message of first node comprises at least whether first node accepts the outside information that connects
For instance, the described corresponding network tunnel of present embodiment comprises directly-connected network tunnel and the indirect network tunnel under the virtual switch pattern under the direct channel pattern.
Preferably, the log-on message of Section Point can include but not limited to the current real IP of Section Point address, virtual ip address and whether accept the outside information that connects;
Equally, the log-on message of first node can include but not limited to current real IP address, the virtual ip address of first node and whether accept the outside information that connects.
Preferably, receiving element 1001 can also be used to receive the access request message of first node transmission and the access request message that Section Point sends;
Wherein, the access request message of first node transmission comprises the nodename and the current real IP address of first node; The access request message that Section Point sends comprises the nodename and the current real IP address of Section Point;
Then the virtual special network server that provides of the embodiment of the invention can also comprise:
Allocation units 1003, the access request message that the first node that is used for receiving according to access unit 1001 sends distributes virtual ip address to first node, and the information of whether accepting outside connection of definite first node;
And the access request message that sends of the Section Point that is used for receiving according to access unit 1001, distribute the virtual ip address of Section Point, and definite Section Point whether accept the outside information that connects.
Memory cell 1004, virtual ip address that is used to store the nodename of first node, current real IP address, distribution and the corresponding relation of whether accepting the outside information that is connected;
And the virtual ip address of nodename, the current real IP address of storage Section Point, distribution and the corresponding relation of whether accepting the outside information that is connected; And with the nodename of said first node and Section Point, current true Internet protocol address, virtual Internet protocol address and indicate said first node and whether Section Point accepts the log-on message of the outside information that connects as first node and Section Point.
Preferably; Allocation units 1003 are being given after first node and Section Point distributed virtual ip address respectively; Connection request from network tunnel to the first node transmission that once set up is to judge whether first node accepts outside the connection; After receiving the response that first node returns at the appointed time, confirm that then first node accepts outside the connection; Otherwise,, confirm that then first node do not accept outside the connection if can't receive the response that first node returns at the appointed time;
And, send the connection request once set up network tunnel to Section Point judging whether Section Point accepts outside the connection, after receiving the response that Section Point returns at the appointed time, confirm that then Section Point accepts outside connection; Otherwise,, confirm that then Section Point do not accept outside the connection if can't receive the response that Section Point returns at the appointed time.
Further; The current real IP address of Section Point is meant the legal address of Section Point in the Internet network; Specifically can be the net IP address of Section Point in the Internet network; Or IP address and address TCP/UDP port combination after of Section Point in the Internet network, or Section Point other addresss of service of representing with URL in the Internet network;
In like manner; The current real IP address of first node is meant the legal address of first node in the Internet network; Specifically can be the IP address of first node in the Internet network; Or IP address and address TCP/UDP port combination after of first node in the Internet network, or first node other addresss of service of representing with URL in the Internet network.
Above-mentioned a kind of virtual special network server that the embodiment of the invention four is provided has carried out detailed introduction; Receiving element 1001 in the virtual special network server that the embodiment of the invention provides can receive the request of first node; Transmitting element 1002 can be according to the request of first node, and the log-on message of Section Point and first node is sent to first node, makes that like this first node can be before setting up network tunnel with Section Point; Understand Section Point and first node and whether accept outside the connection; And then set up corresponding network tunnel with Section Point, and to have avoided when two nodes can only connect with the virtual switch pattern, such two nodes also carry out the trial that the directly-connected network tunnel is set up; From can having reduced waste of network resources, and improve the efficient of setting up network tunnel.
Embodiment five:
See also Figure 11, the structure chart of a kind of virtual private network system that Figure 11 provides for the embodiment of the invention.Shown in figure 11, virtual private network system can comprise:
VPN node 1101 and virtual special network server 1102; Wherein,
VPN node 1101; Be used for log-on message to virtual special network server 1102 inquiry Section Points; To confirm whether Section Point accepts outside the connection, and the log-on message of Section Point comprises at least whether Section Point accepts the outside information that connects; According to the log-on message that inquires, set up corresponding network tunnel with Section Point;
Virtual special network server 1102 is used to receive the message that VPN node 1101 sends, and this message is used to inquire about the log-on message of Section Point; The log-on message of the Section Point of storing in advance is sent to VPN node 1101; So that VPN node 1101 is set up corresponding network tunnel with Section Point, the log-on message of Section Point comprises at least whether Section Point accepts the outside information that connects.
Need to prove, the VPN node structure that the structure of the VPN node 1101 that present embodiment is introduced and the foregoing description three are introduced, function is identical, and present embodiment is not repeated at this; The virtual special network server structure that the structure of the virtual special network server 1102 that present embodiment is introduced and the foregoing description four are introduced, function is identical, and present embodiment is not repeated at this yet.
See also Figure 12, a kind of VPN network diagram that Figure 12 provides for the embodiment of the invention.Shown in figure 12, the VPN network that present embodiment provided can comprise vpn server and VPN node.
Wherein, the VPN node can include but not limited to computer and other user terminals; Wherein, Vpn server must have legal address in the Internet network (address format can be IP address, IP address and TCP/UDP port combination, or other addresss of service of representing with URL), and can use its legal Internet address to receive the data message from the Internet network.
Wherein, vpn server need possess node registering functional and information searching function.Promptly when some nodes inserts the VPN network, the virtual ip address that vpn server need distribute first node in the VPN network, to use for node; And with the nodename of first node, current real IP address and the virtual ip address that distributes, whether accept outside connect even information such as encryption parameter are registered;
Vpn server allows node in the VPN network according to the log-on message of other VPN node of information inquiries such as virtual ip address of the nodename of other VPN node and/or other VPN node.
Wherein, the node in the present embodiment should possess and vpn server between communication function; And the request function of setting up network tunnel in initiation and the VPN network between other node; Simultaneously, the node in the present embodiment also should possess and receives in the VPN network other node and set up the function of the request of network tunnel with it; Simultaneously, the node in the present embodiment also should possess so more can, promptly can know the log-on message of other node and the log-on message of first node, and set up corresponding network tunnel with other node.
Wherein, corresponding network tunnel comprises directly-connected network tunnel and the indirect network tunnel under the virtual switch pattern under the direct channel pattern.
Shown in figure 12, have 4 Net-connected computers in the VPN network, title is respectively: ID-1, ID-2ID-3, ID-4; Wherein ID-1 and ID-2 are the computers that has legitimate ip address in the Internet net, allow to accept to connect from the Internet network; ID-3 and ID-4 are in the NAT network, do not possess the Internet legal address, and the network that does not allow to accept from Internet connects.
In VPN network shown in Figure 7, the network service between each node has following three kinds of different situations:
1), can directly set up network bi-directional between the node and connect, between ID-1 and ID-2, any node can initiatively be set up network tunnel to another node;
2), only can directly set up unidirectional connection between the node; Between ID-1 and ID-3; Because ID-3 is in and does not possess legitimate ip address within the NAT network, therefore only allow initiatively to set up network tunnel, and do not allow to set up network tunnel to ID-3 by ID-1 to ID-1 by ID-3;
3), can not directly connect between the node; Between ID-3 and ID-4; Because ID-3 and ID-4 are in and do not possess legitimate ip address in the NAT network; Therefore can't set up direct tunnel between ID-3 and the ID-4, ID-3 and ID-4 can only respectively and set up network tunnel between the vpn server, and the communication data between ID-3 and the ID-4 must be via the vpn server transfer.
Suppose that ID-1 need communicate with ID-2, ID-3 in the VPN network shown in Figure 12, then:
1) ID-1 inquires about the log-on message of ID-2, ID-3 to vpn server.
2) ID-1 is to the log-on message of vpn server inquiry ID-1.
Wherein, for 1), ID-1 sends out query messages to vpn server, and this query messages is used for the log-on message to vpn server inquiry ID-2; Wherein, the current real IP address of this query messages title that can comprise ID-2 and/ID-2;
ID-1 sends out query messages to vpn server, and this query messages is used for the log-on message to vpn server inquiry ID-3; Wherein, the current real IP address of this query messages title that can comprise ID-3 and/ID-3;
For 2), ID-1 sends out query messages to vpn server, and this query messages is used for the log-on message to vpn server inquiry ID-1; Wherein, the current real IP address of this query messages title that can comprise ID-1 and/ID-1.
Vpn server receives after the query messages of ID-1 transmission, the log-on message of inquiry ID-2, ID-3, and ID-1 takes place to give.The registration message of node ID-1, ID-2ID-3, ID-4 in the VPN network shown in Figure 3 that table 1 expression vpn server is stored in advance.
Table 1
Node Nodename Current real IP address Virtual ip address Whether accept outside the connection
ID-1 NID-1 IP1:P1 VIP1 OK
ID-2 NID-2 IP2:P2 VIP2 OK
ID-3 NID-3 IP3:P3 VIP3 NO
ID-4 NID-4 IP4:P4 VIP4 NO
Wherein, because ID-3, ID-4 be in the NAT device, so the current real IP address of ID-3, ID-4 is actually the real IP address of ID-3, NAT device that ID-4 uses.
3) vpn server receives respectively after the query messages of ID-1 transmission, and the log-on message of inquiry ID-2 is: title is NID-2, and true address is IP2:P2, and virtual ip address VIP2 allows to accept outside connection;
The log-on message of inquiry ID-3 is: title is NID-3, and true address is IP3:P3, and virtual ip address VIP3 does not allow to accept outside the connection;
The log-on message of inquiry ID-1 is: title is NID-1, and true address is IP1:P1, and virtual ip address VIP1 allows to accept outside the connection.
4) vpn server is according to the log-on message of the ID-2 that inquires, ID-3, ID-1, and the log-on message with ID-2, ID-3, ID-1 sends to ID-1 respectively.
Certainly; Vpn server also can a selected part ID-2, the log-on message of ID-3, ID-1 sends to ID-1; Such as being IP2:P2 with the true address in the log-on message of ID-2, allowing the acceptance outside to connect; Not allowing in the log-on message of ID-3 accepted outside the connection, and the true address in the log-on message of ID-1 is IP1:P1, allows to accept outside the connection to send to ID-1.
5) ID-1 receives after the log-on message of ID-2 that vpn server sends, ID-3, ID-1, finds that ID-2 point accepts outside the connection, and then ID-1 sets up the network tunnel request to the ID-2 transmission; If receive the response that ID-2 sends, then accomplish the directly-connected network tunnel under the direct channel pattern between ID-1 and the ID-2;
Find that ID-3 does not accept outside the connection, and ID-1 accepts outside the connection, then ID-1 sends to ID-3 and is used to point out ID-3 initiatively to set up the message of network tunnel to ID-1; Receive the network tunnel request of setting up that ID-3 sends; After the response that ID-3 sends, accomplish the indirect network tunnel under the virtual switch pattern between ID-1 and the ID-3.
Suppose that again ID-3 need communicate with ID-4 in the VPN network shown in Figure 12, then:
1) ID-3 is to the log-on message of vpn server inquiry ID-4.
2) ID-3 is to the log-on message of vpn server inquiry ID-4.
Wherein, for 1), ID-3 sends out query messages to vpn server, and this query messages is used for the log-on message to vpn server inquiry ID-4; Wherein, the current real IP address of this query messages title that can comprise ID-4 and/ID-4;
ID-3 sends out query messages to vpn server, and this query messages is used for the log-on message to vpn server inquiry ID-3; Wherein, the current real IP address of this query messages title that can comprise ID-3 and/ID-3.
3) vpn server receives after the query messages of ID-3 transmission, and the log-on message of inquiry ID-4 is: title is NID-4, and true address is IP4:P4, and virtual ip address VIP4 does not allow to accept outside the connection;
The log-on message of inquiry ID-3 is: title is NID-3, and true address is IP3:P3, and virtual ip address VIP3 does not allow to accept outside the connection.
4) vpn server is according to the ID-4 that inquires, the log-on message of ID-3, and the log-on message with ID-4, ID-3 sends to ID-3 respectively.
Certainly, vpn server also can a selected part ID-4, the log-on message of ID-3 sends to ID-3, and such as not allowing in the log-on message of ID-4 being accepted outside the connection, not allowing in the log-on message of ID-3 accepted outside the connection to send to ID-3.
5) ID-3 receives after the log-on message of ID-4 that vpn server sends, ID-3; Find that ID-4 does not accept outside the connection; And ID-3 does not accept outside the connection yet, explains between ID-3 and the ID-4 and can't set up direct-connected network tunnel, and then ID-3 sends the network tunnel request of setting up to vpn server; After the response that receives the vpn server transmission, the network tunnel between completion and the vpn server;
And; ID-3 sends to ID-4 and sets up network tunnel message; So that ID-4 sets up network tunnel to vpn server, thereby set up the network tunnel of ID-4 and vpn server, at this moment; Vpn server receives the communication data of ID-3 transmission and is forwarded to ID-4 as the transferring equipment between ID-3 and the ID-4; Simultaneously, receive the communication data of ID-4 transmission and be forwarded to ID-3, like this, set up the network tunnel between ID-3 and the ID-4 indirectly.
Need to prove, the registration message of the ID-1 of vpn server storage in advance, ID-2, ID-3, ID-4 in the present embodiment, particularly:
The access request message that vpn server reception ID-1, ID-2, ID-3, ID-4 send respectively, wherein, the access request message that ID-1, ID-2, ID-3, ID-4 send separately comprises nodename and current real IP address separately;
Distributes virtual ip address for respectively ID-1, ID-2, ID-3, ID-4, and confirm ID-1 respectively, the information of whether accepting outside connection of ID-2, ID-3, ID-4;
The virtual ip address of separately nodename of storage ID-1, ID-2, ID-3, ID-4, current real IP address, distribution and the corresponding relation of whether accepting the outside information that is connected.
Wherein, the above-mentioned outside information that connects of whether accepting of confirming ID-1, ID-2, ID-3, ID-4 respectively is specially:
Giving respectively after ID-1, ID-2, ID-3, ID-4 distributed virtual ip address separately, respectively to ID-1, ID-2, ID-3, ID-4 send once set up network tunnel connection request to judge whether ID-1, ID-2, ID-3, ID-4 accept outside connection;
After receiving the response that ID-1, ID-2 return at the appointed time, think that ID-1, ID-2 accept outside the connection, promptly ID-1, ID-2, " whether accepting outside the connection " attribute are " OK "; When receiving the response that ID-3, ID-4 return at the appointed time, think that ID-3, ID-4 do not accept outside the connection, promptly " whether accepting outside the connection " attribute of ID-3, ID-4 is " NO ".
In addition, if node itself has been stored the log-on message of first node, then node only needs to get final product to the log-on message of vpn server inquiry Section Point, need not to inquire about to vpn server once more the log-on message of first node.
Above-mentioned a kind of VPN network that the embodiment of the invention five is provided is introduced; In the VPN network that the embodiment of the invention provides, node can be inquired about the log-on message of other node and the log-on message of first node from vpn server before setting up network tunnel with other node; Thereby can understand other node and first node and whether accept outside the connection; And then set up corresponding network tunnel with other node, and to have avoided when two nodes can only connect with the virtual switch pattern, such two nodes also carry out the trial that the directly-connected network tunnel is set up; From can having reduced waste of network resources, and improve the efficient of setting up network tunnel.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can be accomplished through the relevant hardware of program command; Aforesaid program can be stored in the computer read/write memory medium; This program the step that comprises said method embodiment when carrying out; And aforesaid storage medium comprises: various media that can be program code stored such as read-only memory (ROM), random access device (RAM), magnetic disc or CD.
More than to a kind of method of setting up network tunnel that the embodiment of the invention provided; Data processing method and relevant device have carried out detailed introduction; Used concrete example among this paper principle of the present invention and execution mode are set forth, the explanation of above embodiment just is used for helping to understand method of the present invention and core concept thereof; Simultaneously, for one of ordinary skill in the art, according to thought of the present invention, the part that on embodiment and range of application, all can change, in sum, this description should not be construed as limitation of the present invention.

Claims (13)

1. a method of setting up network tunnel is characterized in that, comprising:
Whether first node accepts outside the connection to the log-on message of virtual special network server inquiry Section Point to confirm said Section Point, and the log-on message of said Section Point comprises at least whether said Section Point accepts the outside information that connects;
First node is set up corresponding network tunnel according to the log-on message of the said Section Point that inquires with said Section Point;
Said first node is to the log-on message of said virtual special network server inquiry first node; To confirm whether said first node accepts outside the connection, and the log-on message of said first node comprises at least whether said first node accepts the outside information that connects;
Wherein, do not accept outside the connection as if said Section Point, and the outside connection of said first node acceptance, then said and said Section Point is set up corresponding network tunnel and is comprised:
First node sends to said Section Point and is used to point out said Section Point to set up the message of network tunnel to first node;
First node receives the network tunnel request of setting up that said Section Point sends;
First node sends response to said Section Point, the network tunnel between foundation and the said Section Point.
2. method according to claim 1 is characterized in that, said first node comprises to the log-on message of virtual special network server inquiry Section Point:
First node sends query messages to said virtual special network server, comprises the current true Internet protocol address of the nodename and/or the Section Point of Section Point in the said query messages;
First node receives the log-on message of the said Section Point of said virtual special network server transmission, and the log-on message of said Section Point is obtained according to the nodename of said Section Point and/or the current true Internet protocol address inquiry of Section Point by said virtual special network server.
3. method according to claim 1 is characterized in that, if said Section Point is accepted outside the connection, the step that then said and said Section Point is set up corresponding network tunnel comprises:
First node sends the network tunnel request of setting up to said Section Point;
First node receives the response that said Section Point sends, the network tunnel between foundation and the said Section Point.
4. method according to claim 1 is characterized in that, said method also comprises:
If said Section Point is not accepted outside the connection, and said first node do not accept outside the connection, and then said and said Section Point is set up corresponding network tunnel and comprised:
First node sends the network tunnel request of setting up to said virtual special network server;
First node receives the response that said virtual special network server sends, the network tunnel between foundation and the said virtual special network server;
First node sends to said Section Point and sets up network tunnel message, so that said Section Point is set up network tunnel to said virtual special network server, thereby sets up the network tunnel between first node and the said Section Point.
5. a data processing method is characterized in that, comprising:
Virtual special network server receives the query messages that first node sends, and said query messages comprises the log-on message of inquiring about Section Point;
The log-on message of the said Section Point that said virtual special network server will be stored in advance is sent to said first node; So that said first node and said Section Point are set up corresponding network tunnel, the log-on message of said Section Point comprises at least whether said Section Point accepts the outside information that connects;
Said method also comprises:
Said virtual special network server and said first node and Section Point are set up network tunnel, if set up successfully, then confirm the outside connection of said first node and Section Point acceptance; Otherwise then definite said first node and Section Point are not accepted outside the connection.
6. method according to claim 5 is characterized in that, said method also comprises:
Said virtual special network server receives the access request message that said first node sends, and comprises the nodename of first node, current true Internet protocol address in the said access request message;
For said first node distributes the virtual Internet protocol address, and confirm whether said first node accepts outside the connection;
Store the nodename of said first node, current true Internet protocol address; Virtual Internet protocol address and indicate said first node whether to accept the outside information that connects; With the nodename of said first node, current true Internet protocol address, virtual Internet protocol address and indicate said first node whether to accept the log-on message of the outside information that connects as first node; And
Receive the access request message that said Section Point sends, comprise the nodename of Section Point, current true Internet protocol address in the said access request message;
For said Section Point distributes the virtual Internet protocol address, and confirm whether said Section Point accepts outside the connection;
Store the nodename of said Section Point, current true Internet protocol address; Virtual Internet protocol address and indicate said Section Point whether to accept the outside information that connects; With the nodename of said Section Point, current true Internet protocol address, virtual Internet protocol address and indicate said Section Point whether to accept the log-on message of the outside information that connects as Section Point.
7. a VPN node is characterized in that, comprising:
Query unit is used for the log-on message to virtual special network server inquiry Section Point, whether accepts outside the connection to confirm said Section Point, and the log-on message of said Section Point comprises at least whether said Section Point accepts the outside information that connects;
Set up the network tunnel unit, be used for log-on message, set up corresponding network tunnel with said Section Point according to the said Section Point that inquires;
Wherein, the said network tunnel unit of setting up comprises:
First sets up subelement, is used for when said Section Point is accepted outside the connection, sending the network tunnel request of setting up to said Section Point; Receive the response that said Section Point sends, the network tunnel between foundation and the said Section Point;
Second sets up subelement; Be used for not accepting outside the connection at said Section Point; And when said VPN node is accepted outside the connection; Send to said Section Point and to be used to point out said Section Point to set up the message of network tunnel, receive the network tunnel request of setting up that said Section Point sends to said VPN node; To the response that said Section Point sends, the network tunnel between foundation and the said Section Point.
8. VPN node according to claim 7 is characterized in that, said query unit comprises:
Send subelement, be used for sending query messages to virtual special network server, said query messages comprises the log-on message of inquiring about Section Point;
Receive subelement, be used to receive the log-on message of the said Section Point that said virtual special network server sends.
9. VPN node according to claim 7; It is characterized in that; Said query unit also is used for the log-on message to said virtual special network server inquiry first node; To confirm whether said first node accepts outside the connection, and the log-on message of said first node comprises at least whether said first node accepts the outside information that connects; Said first node is said VPN node.
10. VPN node according to claim 7 is characterized in that, the said network tunnel unit of setting up also comprises:
The 3rd sets up subelement, be used for not accepting outside the connection at said Section Point, and said VPN node sends the network tunnel request of setting up to said virtual special network server when not accepting outside the connection; Receive the response that said virtual special network server sends, the network tunnel between foundation and the said virtual special network server; Set up network tunnel message to said Section Point transmission,, thereby set up the network tunnel between said VPN node and the said Section Point so that said Section Point is set up network tunnel to said virtual special network server.
11. a virtual special network server is characterized in that, comprising:
Receiving element is used to receive the message that first node sends, and said message is used to inquire about the log-on message of Section Point;
Transmitting element; The log-on message of the Section Point that is used for storing in advance is sent to said first node; So that said first node and said Section Point are set up corresponding network tunnel, the log-on message of said Section Point comprises at least whether said Section Point accepts the outside information that connects;
Allocation units are used for setting up network tunnel with said first node and Section Point, if set up successfully, then confirm the outside connection of said first node and Section Point acceptance; Otherwise then definite said first node and Section Point are not accepted outside the connection.
12. virtual special network server according to claim 11; It is characterized in that; Said receiving element also is used to receive the access request message that said first node sends, and comprises the nodename of first node in the said access request message, current true Internet protocol address;
Said virtual special network server also comprises:
Memory cell; Be used to store the nodename of said first node; Current true Internet protocol address; Virtual Internet protocol address and indicate said first node whether to accept the outside information that connects, with the nodename of said first node, current true Internet protocol address, virtual Internet protocol address and indicate said first node whether to accept the log-on message of the outside information that connects as first node;
Said allocation units also are used to distribute the virtual Internet protocol address of said first node;
Said receiving element also is used to receive the access request message that said Section Point sends, and comprises the nodename of Section Point in the said access request message, current true Internet protocol address;
Said allocation units also are used to distribute the virtual Internet protocol address of said Section Point;
Said memory cell; Be used to store the nodename of said Section Point; Current true Internet protocol address; Virtual Internet protocol address and indicate said Section Point whether to accept the outside information that connects, with the nodename of said Section Point, current true Internet protocol address, virtual Internet protocol address and indicate said Section Point whether to accept the log-on message of the outside information that connects as Section Point.
13. a virtual private network system is characterized in that, comprising:
VPN node and virtual special network server;
Said VPN node; Be used for log-on message to said virtual special network server inquiry Section Point; To confirm whether said Section Point accepts outside the connection, and the log-on message of said Section Point comprises at least whether said Section Point accepts the outside information that connects; According to the said log-on message that inquires, set up corresponding network tunnel with said Section Point;
Said virtual special network server is used to receive the message that said VPN node sends, and said message is used to inquire about the log-on message of Section Point; The log-on message of the Section Point of storing in advance is sent to said VPN node; So that said VPN node and said Section Point are set up corresponding network tunnel, the log-on message of said Section Point comprises at least whether said Section Point accepts the outside information that connects;
Said VPN node also comprises sets up the network tunnel unit:
Wherein, the said network tunnel unit of setting up comprises:
First sets up subelement, is used for when said Section Point is accepted outside the connection, sending the network tunnel request of setting up to said Section Point; Receive the response that said Section Point sends, the network tunnel between foundation and the said Section Point;
Second sets up subelement is used for not accepting outside the connection at said Section Point; And when said VPN node is accepted outside the connection; Send to said Section Point and to be used to point out said Section Point to set up the message of network tunnel, receive the network tunnel request of setting up that said Section Point sends to said VPN node; To the response that said Section Point sends, the network tunnel between foundation and the said Section Point.
CN2009101376586A 2009-05-04 2009-05-04 Method for establishing network tunnel, data processing method and relevant equipment Active CN101557336B (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CN2009101376586A CN101557336B (en) 2009-05-04 2009-05-04 Method for establishing network tunnel, data processing method and relevant equipment
PCT/CN2010/072424 WO2010127610A1 (en) 2009-05-04 2010-05-04 Method, equipment and system for processing visual private network node information
US13/289,552 US8769661B2 (en) 2009-05-04 2011-11-04 Virtual private network node information processing method, relevant device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2009101376586A CN101557336B (en) 2009-05-04 2009-05-04 Method for establishing network tunnel, data processing method and relevant equipment

Publications (2)

Publication Number Publication Date
CN101557336A CN101557336A (en) 2009-10-14
CN101557336B true CN101557336B (en) 2012-05-02

Family

ID=41175287

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2009101376586A Active CN101557336B (en) 2009-05-04 2009-05-04 Method for establishing network tunnel, data processing method and relevant equipment

Country Status (1)

Country Link
CN (1) CN101557336B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010127610A1 (en) * 2009-05-04 2010-11-11 成都市华为赛门铁克科技有限公司 Method, equipment and system for processing visual private network node information
CN102263704B (en) 2011-09-01 2014-03-26 杭州华三通信技术有限公司 Topology construction method and device supporting layer 2 interconnection of data centers
CN105282003B (en) * 2014-06-20 2019-03-22 中国电信股份有限公司 Establish the method and system and tunnel control device and virtual switch in tunnel

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1476204A (en) * 2002-08-16 2004-02-18 华为技术有限公司 Virtual specsel net realizing method based on dynamic IP address and system
CN1747436A (en) * 2005-10-24 2006-03-15 杭州华为三康技术有限公司 Access method and system for client end of virtual private network
CN101151849A (en) * 2005-03-28 2008-03-26 客得富移动通信股份有限公司 Method for mobile node's connection to virtual private network using mobile IP
CN101212374A (en) * 2006-12-29 2008-07-02 北大方正集团有限公司 Method and system for remote access to campus network resources

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1476204A (en) * 2002-08-16 2004-02-18 华为技术有限公司 Virtual specsel net realizing method based on dynamic IP address and system
CN101151849A (en) * 2005-03-28 2008-03-26 客得富移动通信股份有限公司 Method for mobile node's connection to virtual private network using mobile IP
CN1747436A (en) * 2005-10-24 2006-03-15 杭州华为三康技术有限公司 Access method and system for client end of virtual private network
CN101212374A (en) * 2006-12-29 2008-07-02 北大方正集团有限公司 Method and system for remote access to campus network resources

Also Published As

Publication number Publication date
CN101557336A (en) 2009-10-14

Similar Documents

Publication Publication Date Title
CN101557337B (en) Network tunnel establishing method, data transmission method, communication system and relevant equipment
CN101510853B (en) Method and apparatus for implementing WLAN wireless bridge, and wireless access client terminal
CN104350725A (en) Method of seamless integration and independent evolution of information-centric networking via software defined networking
CN102845123B (en) Virtual private cloud connection method and tunnel proxy server
CN100454905C (en) Method for passing through network address switching
CN102790813B (en) Communication method as well as system and terminal equipment based on IPv6 (internet protocol version 6) network
CN102611763A (en) DNS (Domain Name Server) inquiring method and equipment
JP4479647B2 (en) Route generation system, route generation method, route management server, relay device, terminal device, and control program
CN104243627A (en) Domain name resolution method, device and system
CN102484639A (en) A method and host node for multiple nat64 environments
CN101150502A (en) A NAT-PT device and its load share method
CN101119382A (en) Method of mutual communication of IPv4 network and IPv6 network and communication network element system
CN102281180A (en) Virtual network interface card (NIC) communication device applied in mutual communication of terminals in different local area networks
CN102055816A (en) Communication method, business server, intermediate equipment, terminal and communication system
CN101491063A (en) Method and arrangement for data transmission between peer-to-peer networks
CN104980528A (en) Method, system and apparatus for realizing communication between nodes
CN1812398B (en) Method for realizing DHCP server loading sharing based on DHCP relay
CN102820977A (en) Multicast method, multicast device and network device
CN101425958A (en) Request answering method, apparatus and system in P2P overlapping network
CN103312749A (en) Discovery method, equipment and system for application layer flow optimization (ALTO) server
CN101557336B (en) Method for establishing network tunnel, data processing method and relevant equipment
US9413590B2 (en) Method for management of a secured transfer session through an address translation device, corresponding server and computer program
CN105681249A (en) Network access method and network conversion equipment
CN112968965B (en) Metadata service method, server and storage medium for NFV network node
CN102025797A (en) Address prefix processing method, device, system and network equipment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C56 Change in the name or address of the patentee

Owner name: HUAWEI DIGITAL TECHNOLOGY (CHENGDU) CO., LTD.

Free format text: FORMER NAME: CHENGDU HUAWEI SYMANTEC TECHNOLOGIES CO., LTD.

CP01 Change in the name or title of a patent holder

Address after: 611731 Chengdu high tech Zone, Sichuan, West Park, Qingshui River

Patentee after: HUAWEI DIGITAL TECHNOLOGIES (CHENG DU) Co.,Ltd.

Address before: 611731 Chengdu high tech Zone, Sichuan, West Park, Qingshui River

Patentee before: CHENGDU HUAWEI SYMANTEC TECHNOLOGIES Co.,Ltd.

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20220905

Address after: No. 1899 Xiyuan Avenue, high tech Zone (West District), Chengdu, Sichuan 610041

Patentee after: Chengdu Huawei Technologies Co.,Ltd.

Address before: 611731 Qingshui River District, Chengdu hi tech Zone, Sichuan, China

Patentee before: HUAWEI DIGITAL TECHNOLOGIES (CHENG DU) Co.,Ltd.