CN104468625B - Dialing tunnel agent device, the method for utilizing the tunnel pass through NAT that dials - Google Patents
Dialing tunnel agent device, the method for utilizing the tunnel pass through NAT that dials Download PDFInfo
- Publication number
- CN104468625B CN104468625B CN201410833313.5A CN201410833313A CN104468625B CN 104468625 B CN104468625 B CN 104468625B CN 201410833313 A CN201410833313 A CN 201410833313A CN 104468625 B CN104468625 B CN 104468625B
- Authority
- CN
- China
- Prior art keywords
- tunnel
- address
- client
- dialing
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2592—Translation of Internet protocol [IP] addresses using tunnelling or encapsulation
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
This application discloses the dialing tunnel agent devices of no public network IP, including monitoring module, address information for monitoring connected client and when the purpose IP address for the message that client is sent is in the IP address section of monitoring system, packet forwarding module is transmitted to by message;Tunnel building module applies tunnel for being established using the IP address of one of client, and the address information for the tunnel server that dials is to be pre-configured with;And receive the virtual ip address that dialing tunnel server is distributed;Packet forwarding module, for the client ip address in message to be converted into virtual ip address, by being forwarded the packet to dialing tunnel server using tunnel;And the virtual ip address of the message returned from dialing tunnel server is converted into client ip address.Disclosed herein as well is the methods using dialing tunnel pass through NAT.The application can mitigate the pressure of dialing tunnel server, promote user experience.
Description
Technical field
This application involves dialing tunneling techniques, more particularly to the dialing tunnel agent device without public network IP and utilization dialing tunnel
The method of road passing through NAT.
Background technology
With the continuous development of the Video Supervision Technique and development of Mobile Internet technology of IP based network, monitoring remote video is
It is more strong across the demand of the monitoring of wide area network connection as new industrial hot spot.The considerations of for protection internal network security
And the purpose of public network IP quantity is saved, operator all can dispose NAT gateway equipment, long-distance video prison in the outlet port of private network
The problem of control inevitably encounters passing through provider public network NAT.
Currently, being directed to video monitoring system cross-over NAT equipment, fire wall and security ViGap, there is a kind of dialing application tunnel
Solution, dialing application tunnel scheme are the schemes that a video monitoring system passes through public and private net, it is with application layer channel skill
Based on art, in conjunction with monitoring double netcard scheme, monitoring system is allowed easily to pass through various gateways, fire wall and NAT device, allowed multiple
Miscellaneous monitoring network becomes simple, while improving the network security of user, saves user's budget.Dialing application tunnel scheme is logical
It crosses between the monitoring device in client and monitoring system, establish an application layer channel between the superior and the subordinate's domain monitoring device,
The channel is all walked when communicating between the equipment at further channel both ends to be forwarded, and is not needed user and is carried out drainage procedure, does not need
User increases additional public network address, is significantly reduced the second-time development workload of gateway producer.
But in dialing application tunnel scheme in use, each client wants with dialing tunnel server establish connect,
All necessary there are one independent dialing, in this way since excessive connection number can be too big according to the pressure at dialing tunnel server, separately
Outer user must first carry out dialing before accessing monitoring equipment and establish a connection manually, and user experience is bad.
Invention content
The application provides a kind of dial tunnel agent device and the method using dialing tunnel pass through NAT of no public network IP,
The pressure of dialing tunnel server can be mitigated, promote user experience.
According to the embodiment of the present application in a first aspect, a kind of dialing tunnel agent device of no public network IP is provided, for leading to
It crosses to establish with dialing tunnel server and applies tunnel, realize the communication between client and monitoring system, the dialing tunnel
Agent apparatus is without public network IP address comprising:
Module is monitored, the message that the address information and client for monitoring connected client are sent;The visitor
The address information at family end includes IP address;When the client send message purpose IP address monitoring system IP address
When in section, then the message is transmitted to packet forwarding module;
Tunnel building module, the IP address for utilizing one of them client and the dialing tunnel server
IP address, which is established, applies tunnel, and the address information of the dialing tunnel server is pre-configured in dialling for the no public network IP address
In number tunnel agent device;And receive the virtual ip address that the dialing tunnel server is distributed;
Packet forwarding module passes through for the client ip address in the message to be converted into the virtual ip address
The message is forwarded to the dialing tunnel server by the application tunnel;And it will be returned from the dialing tunnel server
Message the virtual ip address be converted into the client ip address after, the message is sent to the client.
The application also provides a kind of method using dialing tunnel pass through NAT, for by being built with dialing tunnel server
It is vertical to apply tunnel, realize the communication between client and monitoring server, including step:
Monitor the address information of connected client;The address information of the client includes IP address;
It is established with the dialing tunnel server using the address information of client described in one of them and applies tunnel, it is described
The address of dialing tunnel server is to be pre-configured with;And receive the virtual ip address that the dialing tunnel server is distributed;
If the destination address for the message that the client is sent, will be in the message in the address field of monitoring system
Client ip address is converted into the virtual ip address, and the message is forwarded to the dialing tunnel by the application tunnel
Server;And the virtual ip address of the message returned from the dialing tunnel server is converted into the client ip
Behind address, the message is sent to the client.
The application establishes one with dialing tunnel server by the dialing tunnel agent device of no public network IP and applies tunnel,
Forward the message interacted between client and monitoring system using tunnel by this, without as each client of the prior art with
Dialing tunnel server establishes one and applies channel, therefore significantly reduces the pressure of dialing tunnel server, in addition, due to answering
It is automatically performed by the dialing tunnel agent device of no public network IP with the process of establishing in tunnel, is not necessarily to subscriber dialing, therefore improve
The experience of user.Simultaneously as the dialing tunnel agent device need not have public network IP address without public network IP, when no public network IP
When the tunnel agent device that dials needs to establish using tunnel with dialing tunnel server, one of acquired client is utilized
Address information with dialing tunnel server initiate the connection request.Due to the shortage of current public network IP resource, apply for a public network
IP address needs to spend many funds, and public network is greatly reduced in networking using the dialing tunnel agent device without public network IP
The use of IP has saved the resource of public network IP, has reduced equipment cost.
Description of the drawings
Fig. 1 is networking diagram in an application scenarios in the embodiment of the present application;
Fig. 2 is flow chart of the application using the method for dialing tunnel pass through NAT;
Fig. 3 a are that the signaling diagram using tunnel is established in dialing in advance in the embodiment of the present application;
Fig. 3 b are that dynamically the signaling diagram using tunnel is established in dialing in the embodiment of the present application;
Fig. 4 a are the structure chart of tunnel list item in the embodiment of the present application;
Fig. 4 b are the flow chart for the client address that tunnel is established in update in the embodiment of the present application;
Fig. 5 a are the schematic diagram that client address information is converted in the embodiment of the present application;
Fig. 5 b are to build the message format schematic diagram to E-Packet in the embodiment of the present application;
Fig. 6 is the hardware architecture diagram of the dialing tunnel agent device without public network IP in the embodiment of the present application;
Fig. 7 is the internal structure logic diagram of the dialing tunnel agent device without public network IP in the embodiment of the present application.
Specific implementation mode
Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to
When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment
Described in embodiment do not represent all embodiments consistent with the application.On the contrary, they be only with it is such as appended
The example of consistent device and method of some aspects be described in detail in claims, the application.
It is the purpose only merely for description specific embodiment in term used in this application, is not intended to be limiting the application.
It is also intended to including majority in the application and "an" of singulative used in the attached claims, " described " and "the"
Form, unless context clearly shows that other meanings.
Referring to Fig. 1, to use scheme provided by the present application to establish the application scenarios schematic diagram using tunnel.Each client
It is located in different private networks from each monitoring device in monitoring system, passes through the gateway accessing wide area network of two private networks respectively.
In this application, each client is connect with the dialing tunnel agent device of no public network IP, passes through the dialing tunnel of no public network IP
The dialing tunnel server of road agent apparatus and monitoring system institute in a network, which is established, applies tunnel, realizes client and monitoring system
Communication between system.Dialing tunnel client end can be institute's main body in need accessed using dialing tunnel scheme, may wrap
It includes:Front monitoring front-end, monitoring client, monitoring server etc..Dialing tunnel server can refer to allowing the tunnel client termination that dials
Enter and carry out the equipment that message forwards between different application layer tunnel, may include:Router device, Linux server.Without public affairs
The dialing tunnel agent device for netting IP can be the equipment for having two layers/three-tier message forwarding capability concurrently simultaneously.
The method flow diagram that Fig. 2 passes through the application by the dialing tunnel agent device realization NAT of no public network IP.Below
By taking the application scenarios that the flow in Fig. 2 is applied in Fig. 1 as an example, the application is carried out by the method for the tunnel pass through NAT that dials
It elaborates.
The dialing tunnel agent device of S201, no public network IP monitor the address letter of the one or more clients connected
Breath;And using the address information of one of them client connected as foundation using the dialing tunnel generation without public network IP when tunnel
Manage address information used in device;
The dialing tunnel agent device of no public network IP is connect with multiple client, monitors the ground of each client connected
Location information.In one example, DHCP (the Dynamic Host Configuration of detecting client can be passed through
Protocol, dynamic host configuration protocol) interactive process obtains the address information of client, and acquired address information is at least
The IP address of IP address and gateway including client.In a preferred approach, it can obtain that each client is all to pass through DHCP
The dynamic IP addressing and MAC Address of acquisition and and record.Acquired address information makes in alternative and preferred embodiment
With mode reference can be made to hereinafter corresponding embodiment.
S202, the address information of used client takes to preconfigured dialing tunnel when by foundation using tunnel
The foundation of device address be engaged in using tunnel;And receive the virtual ip address that dialing tunnel server is distributed.
The address of dialing tunnel server is pre-configured on the dialing tunnel agent device of no public network IP, is generally filled in and is dialled
Public network IP address where number tunnel server on the router of private network.
The dialing tunnel agent device need not have public network IP address without public network IP of the application, when the dialing of no public network IP
When tunnel agent device needs to establish using tunnel with dialing tunnel server, the ground of one of acquired client is utilized
Location information initiates the connection request with dialing tunnel server.Due to the shortage of current public network IP resource, with applying for a public network IP
Location needs to spend many funds, and public network IP is greatly reduced in networking using the dialing tunnel agent device without public network IP
It uses, has saved the resource of public network IP, reduced equipment cost.Dialing tunnel is established using the address information of one of client
Multiple choices are provided in this application at the time of road, can get first visitor for dialling in advance and dynamic dials
The flow in dialing tunnel is established in triggering when the address information at family end, can also be to issue monitoring system receiving first client
The flow in dialing tunnel is established in triggering when message, is certainly not limited to this two kinds of triggering modes.Dialing in advance and dynamic, which dial, to be touched
Hair dialing tunnel flow can Fig. 3 a and Fig. 3 b as detailed below related embodiment.
Dialing tunnel server receive no public network IP dialing tunnel agent device connection request after, first to its into
Row access identity is verified, and as an example, the dialing tunnel agent device of no public network IP can be given tacit consent to user name and close
Code can take user name and password when being initiated the connection to dialing tunnel server, and dialing tunnel server is to user name password
It is authenticated, certification is established again with the dialing tunnel agent device of no public network IP after passing through and connected.With the dialing tunnel of the prior art
Road technology is similar, establishes using behind tunnel, one is selected in the virtual address pond that dialing tunnel server can be used from nobody
Virtual address distributes to the dialing tunnel agent device of no public network IP, and the virtual address distributed is issued dialling for no public network IP
Number tunnel agent device.It is virtual to be used between the dialing tunnel agent device subsequently without public network IP and dialing tunnel server
IP address carries out message interaction, and mutual message forwards in application tunnel, will not be by go-between fire wall, NAT device, net
These networks are passed through in the interference of lock, realization.
S203, it is when the dialing tunnel agent device of no public network IP needs E-Packet to dialing tunnel server, i.e., objective
When the destination address for the message that family end is sent is in the address field of monitoring system, the client ip address in message is converted into nothing
The virtual ip address of the dialing tunnel agent device of public network IP, according to gateway ip address, by using tunnel forward the packet to
The dialing tunnel server;
The address field of monitoring system can be recorded in the dialing tunnel agent device of no public network IP.According to different foundation
The mode (such as dialing in advance, dynamic are dialled) in tunnel, can be different at the time of recording the address field of monitoring system, can be with
Understand detailed process with reference to following FIG. 3 a and Fig. 3 b related embodiments.
Carried in the message for the client that the dialing tunnel agent device of no public network IP receives client IP address and
The IP address of some equipment in the monitoring system accessed is needed, in one example, the client ip address in message is turned
Changing the virtual ip address of the dialing tunnel agent device of no public network IP into and being encapsulated into can be using the process in tunnel:It dials generation
Reason device listens to the message for some equipment that client is sent in monitoring system, first converts the source address in its heading
For the virtual address of the dialing tunnel agent device of no public network IP, it is virtual source address (group of no public network IP to be packaged into the heads IP
The virtual address of number tunnel agent device) and virtual destination address (client needs some of the monitoring system address field accessed
IP address) message.In order to which this message can carry out three layers of forwarding in the wide area network, packet outer layer needs to encapsulate one again really
The IP heads of address and Tunnel Identifier head.True source IP address can establish to apply tunnel in the IP heads of this true address
When used client IP address, true destination address can be the IP of tunnel server mapped public network of dialling
Location.After this message gives dialing tunnel server by routing forwarding, dialing tunnel server will be outside message according to Tunnel Identifier
The heads true address IP of layer encapsulation and the stripping of Tunnel Identifier head, further according to its purpose virtual address, IP forward the message to
Some monitoring device in monitoring system, to be monitored business.
It establishes using S204 when tunnel, by the dialing tunnel generation without public network IP from the message that dialing tunnel server returns
After the virtual ip address of reason device is converted into the client ip address, the message is sent to the client.
From dialing tunnel server issue no public network IP dialing tunnel agent device message encapsulation and processing mode and
Step S203 is similar.The virtual source address that internal layer encapsulates in message at this time is the IP address of certain equipment in dialing monitoring system, and
Virtual destination address is the virtual address of the tunnel agent device that dials of no public network IP.Dialing tunnel agent device without public network IP
After receiving the message after encapsulation messages head twice, the heads IP of outer envelope and Tunnel Identifier head are removed, then will be empty
Quasi- destination address is converted to the real IP address of client, is transmitted to the client.
Fig. 3 a and Fig. 3 b are the signaling diagrams of two different application examples for establishing the opportunity using tunnel.
Fig. 3 a describe to apply the Establishing process in tunnel in the application example to dial in advance.
In the application example, the dialing tunnel agent device of no public network IP is when detecting the IP address of first client
Just request is initiated the connection to dialing tunnel server.The address letter of used client when being established using tunnel in the embodiment
Breath is the address information of the first client for being detected dynamic IP addressing.The address field of monitoring system can be using tunnel
Road is handed down to no public network IP dialing tunnel agent device after establishing is recorded.Monitoring system address field issues step and general
It can be same step to distribute to the step of the virtual ip address of the dialing tunnel agent device of no public network IP issues, and can also be
Different step.
Fig. 3 b describe to apply the Establishing process in tunnel in the application example that dynamic dials.
In this embodiment, the dialing tunnel agent device of no public network IP be when detecting the message for needing to forward also
It is to initiate the connection request to dialing tunnel server when some client is initiated to be directed toward the session of monitoring system address.At this
In embodiment, the address information of used client is the first visitor that message is sent to monitoring system when establishing using tunnel
The address information at family end.Due to needing to judge whether the address of the message transmitted by client is directed to monitoring system,
It needs the address field of monitoring system being pre-configured in the dialing tunnel agent device of no public network IP in the embodiment.
Preferably, the dialing tunnel agent device of no public network IP monitors all messages of connected client, according to five
Tuple determines whether the message for being directed toward monitoring system.Five-tuple refers to source IP address, source port, purpose IP address, destination
Mouthful, a set of this five amount compositions of transport layer protocol number.And other unmonitored control system address fields are accessed for client
It, can will be in session by the dialing tunnel agent device of no public network IP for the client session of monitoring system is directed toward when address
Source address is converted to the virtual address of the dialing tunnel agent device of no public network IP, is then encapsulated into and carries out three layers turns using tunnel
When sending out, and the address of other unmonitored control system address fields accessed for client, the dialing tunnel agent device profit of no public network IP
It is forwarded the packet away according to two layers of (datalink layer connection) message pass-through mode with the addresses mac of client, specific repeating process
The flow for being referred to revealed two layers of forwarding in the prior art executes, and details are not described herein.
Preferably, if the message that the dialing tunnel agent device without public network IP listens to more than one client is directed to
When monitoring system, since dialing tunnel agent device and the tunnel proxy server of no public network IP only establish an application layer tunnel
Road, therefore the dialing tunnel agent device without public network IP is by each IP address for needing the client in the message that forwards and port
It is converted, is the virtual ip address of the dialing tunnel agent device of no public network IP by the IP address conversion of client, it will be objective
The port translation at family end is a not used port on the dialing tunnel agent device of no public network IP as the client port
Mapped port, and record transformation table entries.Then the dialing tunnel agent device without public network IP is receiving dialing tunnel server
Return come message when, further according in message port numbers and transformation table entries judge which client this forwards the message to, into
And purpose virtual ip address is converted to the IP address of the client, message is given to the client.
As a preferred embodiment of S201 in Fig. 2, the dialing tunnel agent device record of no public network IP is each connected
Client all dynamic IP addressings obtained by DHCP.When the dialing tunnel agent device of no public network IP passes through step
After the MAC Address that S201 is obtained is listened to for establishing the address information update for the client for applying tunnel, no public network IP
The mark structure tunnel for the address information and application tunnel that one of client is being currently used dialing tunnel agent device
Road new information, and the address information for establishing the client using tunnel for notifying dialing tunnel server that will record before
It is updated to the address information being being currently used, detailed process is referring to Fig. 4 b.
In the present embodiment, the tunnel list item of dialing tunnel server and the dialing tunnel agent device record without public network IP
Structure is as shown in fig. 4 a.It can be multiple no public network IPs in multiple private networks to be established using tunnel with dialing tunnel server
Dial tunnel agent device, therefore tunnel ID is used for recording the application that the dialing tunnel agent device of each no public network IP is established
The mark in tunnel." opposite end real IP address " and " real ports " and no public network IP in the tunnel list item of dialing tunnel server
Dialing tunnel agent device tunnel list item in " real IP address " and " real ports " it is consistent, record is answered for establishing
With the IP address and port numbers of the client in tunnel.Dial tunnel server tunnel list item in " opposite end virtual ip address " and
" virtual port " and without public network IP dialing tunnel agent device tunnel list item in " virtual ip address " and " virtual port "
It is consistent, it records the virtual ip address of the dialing tunnel agent device without public network IP and is made when sending certain client message
Virtual port on the dialing tunnel agent device of no public network IP.
Such as Fig. 4 b, S401, when the client for dialling due to restarting or network again etc. leading to dynamic IP addressing
When changing, client can send broadcasting packet to Dynamic Host Configuration Protocol server, and the dialing tunnel agent device of no public network IP listens to
Message;
S402 is used for dialling establishing the client ip address in tunnel according to what the MAC Address lookup in message was stored;
S403 is found out according to the tunnel list item of the client IP address lookup for establishing tunnel that is used for dialling recorded itself
Tunnel ID.
The dialing tunnel agent device of S404, no public network IP update tunnel list item, and it includes tunnel ID and one to encapsulate one
The IP address of a new client and the privately owned signaling message of port are as tunnel new information, by being transmitted to service using tunnel
Device.The IP address of new client can be the updated dynamic IP addressing of client for being previously used for establishing dialing tunnel,
It can be the dynamic IP addressing of other clients.
Dial tunnel server according to the tunnel ID in this privately owned signaling message by the opposite end real IP in corresponding table item
Address and real ports are substituted for new IP address and port.
By this preferred embodiment, may be implemented after the dialing IP address update of client, dialing tunnel server is not necessarily to
Again it dials, realizes that seamless switching, original tunnel traffic are unaffected by above-mentioned renewal process.
It is the dialing tunnel agent device and client and dialing tunnel server by no public network IP of the application below
Interactive customer case, tunnel creation flow is dialing in advance in this customer case.
Monitoring system is located at main office network, and monitoring system address field is 192.168.1.1/24, and gateway is
192.168.1.1, dial tunnel server the public network address after router mappings be 15.0.0.2.
192.168.1.129/25 subnet address is unmanned uses, therefore is the dialing tunnel generation of no public network IP as dialing tunnel server
Manage the address pool of device distribution virtual ip address.
The address of dialing tunnel proxy server is configured in the dialing tunnel agent device of no public network IP in advance
15.0.0.2。
The DHCP interactive processes of the dialing tunnel agent device detecting client of no public network IP, obtain the IP address of client
And MAC Address, the IP address that client is obtained are the IP address (10.0.0.1) of 10.0.0.2 and gateway, record is connected
Each client it is all by DHCP obtain dynamic IPs.In this example, the DHCPREQUEST of monitoring client can be passed through
Message obtains the address information of client." the Request IP of " option " field of client in the message
Dynamic Host Configuration Protocol server can be inserted in Address " options distributes to its IP address.It can be filled out in " server identifier " option
Enter the IP address of Dynamic Host Configuration Protocol server (i.e. gateway).
The dialing tunnel agent device of no public network IP is with the dynamic IP (10.0.0.2) of client, to dialing tunnel server
True address (15.0.0.2) initiate the connection.
After the tunnel server that dials carries out access identity certification, tunnel is established, and to the dialing tunnel agent of no public network IP
Device distributes virtual IP address (such as 192.168.1.129).
The address field (192.168.1.1/24) of monitoring system is handed down to box by dialing tunnel server.
Dialing tunnel server can intercept the session message of client initiation.When client accesses other addresses, box
Directly pass through link layer transparent transmission using client mac address;Such as Fig. 5 a, when the ground of monitoring system is directed toward in the session that client is initiated
Location, the i.e. source address of client be the IP address of itself, destination address be monitoring system address field in an IP address (such as
IP address is the monitoring device of 192.168.1.128), then the client ip address in the session is converted into dialling for no public network IP
The virtual ip address of number tunnel agent device, if there is currently the session that more than one is directed toward monitoring system, also need to by
The port translation of client is an idle port of the dialing tunnel agent device of no public network IP, and records the visitor of current sessions
IP address, port and the transformed virtual ip address at family end and port;Message after conversion address information is encapsulated into tunnel
Road.Message structure after encapsulation is as shown in Figure 5 b.
The dialing tunnel agent device of no public network IP to monitor it is all dialing tunnel servers return messages, according to its five
Tuple judges, is not that the message of monitoring business directly is continued to forward by two layers of link layer, then first will be outer for monitoring business message
The encapsulation in layer tunnel is to stripping, then matches transformation table entries, turns after purpose virtual ip address is converted into client real IP address
Give client (such as Fig. 5 a).
The dialing tunnel agent device of no public network IP listens to original dynamic IP for being used for dialling according to MAC Address and becomes
When change, the IP address of the client of the dialing originally recorded can be first searched according to MAC Address, then looks up the tunnel of itself
List item finds out tunnel ID.If each client former IP address is no longer valid or is used by other machines, DHCP service
Device can then respond a DHCPNACK package to client, it is desirable that it executes Dhcpdiscover from new.Client is sent out
Dhcpdiscover message broadcasting messages, and with the MAC Address of itself in message, therefore in this example, tunnel dialing agency
Device judges whether the IP of client changes by monitoring Dhcpdiscover.
And it dials and acts on behalf of the IP address, MAC Address that record has PC machine original on box.So when box receives one
When Dhcpdiscover messages, it can find out which original IP address is changed from the MAC Address in message.
After the IP address of client recorded in tunnel list item to be updated to the address of new client, encapsulation one includes
The privately owned signaling message of tunnel ID and new IP address and port is transmitted to server by tunnel.So that server is according in message
Tunnel ID by corresponding table item opposite end real IP and port be substituted for new IP address and port.
Realize that the method that NAT is passed through is corresponding with the dialing tunnel agent device above by no public network IP, the application is also
Provide the dialing tunnel agent device of no public network IP.
The embodiment of the dialing tunnel agent device without public network IP of the application can be applied on network devices.Without public network
The dialing tunnel agent device embodiment of IP can be by software realization, can also be by way of hardware or software and hardware combining
It realizes.For implemented in software, as the device on a logical meaning, being will be non-volatile by the processor of equipment where it
Property memory in corresponding computer program instructions read in memory what operation was formed.For hardware view, such as Fig. 6 institutes
Show, is a kind of hardware structure diagram of equipment where dialing tunnel agent device of the application without public network IP, in addition to place shown in fig. 6
It manages except device, network interface, memory and nonvolatile memory, the equipment in embodiment where device usually can also include
Other hardware.
Fig. 7 is the logical box of internal structure when dialing tunnel agent device of the application without public network IP passes through software realization
Figure.In this embodiment, the dialing tunnel agent device 700 of no public network IP includes monitoring module 701, tunnel building module 702
With packet forwarding module 703.It monitors module 701 to connect with multiple client, can be used for monitoring each client connected
Address information and each client transmitted by message, and judge the message transmitted by client whether be need monitor system
The message of system processing.Tunnel building module 702 can utilize address information and the dialing for monitoring the client acquired in module 701
Tunnel server, which is established, applies tunnel.After application tunnel building, dialing tunnel server can distribute to the dialing of no public network IP
One virtual ip address of tunnel agent device, tunnel building module 702 are transmitted to message after receiving this virtual ip address and turn
Send out module.Packet forwarding module can will need to issue the message of monitoring system processing by virtual ip address using application tunnel
It issues dialing tunnel server to be handled, and after receiving the message that dialing tunnel server is replied, virtual ip address is turned
The client is issued after being changed to the IP address of purpose client.
The function of each module of the dialing tunnel agent device 700 of no public network IP is illustrated below.
Module is monitored, the report that the address information and client for monitoring at least one connected client are sent
Text;When the destination address for the message that client is sent is in the address field of monitoring system, then the message is transmitted to message and turned
Send out module;
Tunnel building module, for by the address information of one of client to preconfigured dialing tunnel service
Device address, which is established, applies tunnel;And receive the virtual ip address that the dialing tunnel server is distributed;
Packet forwarding module, for the client ip address in message to be converted into the virtual ip address, by described
The message is forwarded to the dialing tunnel server using tunnel;And the report that will be returned from the dialing tunnel server
After the virtual ip address of text is converted into the client ip address, the message is sent to the client.
In one embodiment, the address information of used client is received for the monitoring module when establishing using tunnel
To the address information of the client of first address information;Tunnel building module is further used for when establishing using tunnel from described
The address field that the monitoring system is received using tunnel server is transmitted to monitoring module.
The address field of the monitoring system is to be pre-configured in another embodiment;It is used when establishing using tunnel
Destination address in the message for the first transmission that the address information of client receives for the monitoring module is in the monitoring system
Address field in client address information.
Preferably, it monitors module and is further used for obtaining and each of connected the institute that the client is obtained by DHCP
There is the MAC Address of address information and the client;Module is monitored to listen to for establishing using tunnel when according to the MAC Address
After the address information update of the client in road, the tunnel building module is notified;Tunnel building module is according to the MAC
Location finds the mark using tunnel for establishing corresponding to the address information using the client in tunnel;And it will
The address information and the mark using tunnel that one of client is being currently used build tunnel new information, and lead to
Know that the dialing tunnel server is updated to described work as establishing by described using the address information of the client in tunnel
Preceding address information currently in use.
Preferably, the destination address of the message sent when at least two clients is in the address field of monitoring system
When, the packet forwarding module is further used for for the client port in the message being converted into the dialing of the no public network IP
Mapped port on tunnel agent device, and the mapped port of the message returned from the dialing tunnel server is turned
Change the client port into.
Those skilled in the art after considering the specification and implementing the invention disclosed here, will readily occur to its of the application
Its embodiment.This application is intended to cover any variations, uses, or adaptations of the application, these modifications, purposes or
Person's adaptive change follows the general principle of the application and includes the undocumented common knowledge in the art of the application
Or conventional techniques.The description and examples are only to be considered as illustrative, and the true scope and spirit of the application are by following
Claim is pointed out.
It should be understood that the application is not limited to the precision architecture for being described above and being shown in the accompanying drawings, and
And various modifications and changes may be made without departing from the scope thereof.Scope of the present application is only limited by the accompanying claims.
Claims (10)
1. a kind of dialing tunnel agent device of no public network IP, real for applying tunnel by being established with dialing tunnel server
Existing communication between client and monitoring system, which is characterized in that the dialing tunnel agent device without public network IP address,
Including:
Module is monitored, the message that the address information and client for monitoring connected client are sent;The client
Address information include IP address;When the purpose IP address for the message that the client is sent is in the IP address section of monitoring system
When, then the message is transmitted to packet forwarding module;
Tunnel building module, with the IP of the dialing tunnel server for the IP address using one of them client
Location, which is established, applies tunnel, and the address information of the dialing tunnel server is pre-configured in the dialing tunnel of the no public network IP address
In road agent apparatus;And receive the virtual ip address that the dialing tunnel server is distributed;
Packet forwarding module, for the client ip address in the message to be converted into the virtual ip address, by described
The message is forwarded to the dialing tunnel server using tunnel;And the report that will be returned from the dialing tunnel server
After the virtual ip address of text is converted into the client ip address, the message is sent to the client.
2. the apparatus according to claim 1, which is characterized in that the monitoring module be further used for obtain connected it is every
The MAC Address that a client passes through the DHCP all address informations and the client obtained;
The address for monitoring module used client when listening to foundation using tunnel according to the MAC Address
After information update, the tunnel building module is notified;
The tunnel building module is found according to the MAC Address to be established using used client when tunnel
The mark using tunnel corresponding to address information;And address information that one of client is being currently used and described
Tunnel new information is built using the mark in tunnel, and notifies the dialing tunnel server that will be used when establishing using tunnel
The address information of the client be updated to the address information being being currently used.
3. the apparatus according to claim 1, which is characterized in that when the purpose for the message that at least two clients are sent
When address is in the address field of monitoring system, the packet forwarding module is further used for the client port in the message
The mapped port being converted on the dialing tunnel agent device of the no public network IP, and will be returned from the dialing tunnel server
The mapped port of the message returned is converted into the client port.
4. the apparatus according to claim 1, which is characterized in that the address information of one of them client is the prison
Module is listened to receive the address information of the client of first address information;
The tunnel building module is further used for receiving the prison from the application tunnel server when establishing using tunnel
The address field of control system is transmitted to monitoring module.
5. the apparatus according to claim 1, which is characterized in that the address field of the monitoring system is to be pre-configured with;
The address information of one of them client is the destination in the message for the first transmission that the monitoring module receives
The address information of client of the location in the address field of the monitoring system.
6. a kind of method using dialing tunnel pass through NAT is realized for applying tunnel by being established with dialing tunnel server
Communication between client and monitoring server, which is characterized in that including step:
Monitor the address information of connected client;The address information of the client includes IP address;
It is established with the dialing tunnel server using the address information of client described in one of them and applies tunnel, the dialing
The address of tunnel server is to be pre-configured with;And receive the virtual ip address that the dialing tunnel server is distributed;
If the destination address for the message that the client is sent is in the address field of monitoring system, by the client in the message
It holds IP address conversion at the virtual ip address, the message is forwarded to by the dialing tunnel service by the application tunnel
Device;And the virtual ip address of the message returned from the dialing tunnel server is converted into the client ip address
Afterwards, the message is sent to the client.
7. according to the method described in claim 6, it is characterized in that, monitoring the address information of at least one connected client
It specifically includes:Monitor MAC Address of the client by the DHCP all address informations and the client obtained;
When listening to foundation according to the MAC Address using tunnel after the address information update of the used client,
The application established corresponding to the address information using used client when tunnel is found according to the MAC Address
The mark in tunnel;And the address information that one of client is being currently used and the mark using tunnel build tunnel
Road new information, and the dialing tunnel server is notified to believe the address of used client when establishing using tunnel
Breath is updated to the address information being being currently used.
8. according to the method described in claim 6, it is characterized in that, the purpose of the message when at least two clients transmissions
When address is in the address field of monitoring system, the method further includes:
Client port in the message is converted into corresponding mapped port, and will be returned from the dialing tunnel server
The mapped port of the message returned is converted into the client port.
9. according to the method described in claim 6, it is characterized in that, the address field of the monitoring system is to be pre-configured with;
The address information of one of them client is destination address in the message of the first transmission received in the monitoring
The address information of client in the address field of system.
10. according to the method described in claim 6, it is characterized in that, the address information of one of them client is to receive
First address information client address information;
The method still further comprises:When establishing using tunnel the monitoring system is received from the application tunnel server
Address field.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410833313.5A CN104468625B (en) | 2014-12-26 | 2014-12-26 | Dialing tunnel agent device, the method for utilizing the tunnel pass through NAT that dials |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410833313.5A CN104468625B (en) | 2014-12-26 | 2014-12-26 | Dialing tunnel agent device, the method for utilizing the tunnel pass through NAT that dials |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104468625A CN104468625A (en) | 2015-03-25 |
CN104468625B true CN104468625B (en) | 2018-07-13 |
Family
ID=52913997
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410833313.5A Active CN104468625B (en) | 2014-12-26 | 2014-12-26 | Dialing tunnel agent device, the method for utilizing the tunnel pass through NAT that dials |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104468625B (en) |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105635335B (en) * | 2015-12-30 | 2019-06-11 | 浙江宇视科技有限公司 | Social resources cut-in method, apparatus and system |
CN105915662B (en) * | 2016-04-13 | 2019-10-18 | 浙江宇视科技有限公司 | A kind of data transmission method and device |
CN105897542B (en) * | 2016-05-13 | 2019-12-13 | 浙江宇视科技有限公司 | Tunnel establishment method and video monitoring system |
CN105872128B (en) * | 2016-05-31 | 2019-03-08 | 浙江宇视科技有限公司 | The distribution method and device of virtual ip address |
CN108737271B (en) * | 2017-04-14 | 2021-06-01 | 华为技术有限公司 | Message routing method, device and system |
CN111262784B (en) * | 2020-01-13 | 2022-05-17 | 杭州朗和科技有限公司 | Message forwarding method, message forwarding device, storage medium and electronic equipment |
CN111586200B (en) * | 2020-04-29 | 2022-05-17 | 平安科技(深圳)有限公司 | Method and system for transmitting real IP address of client |
CN112511805B (en) * | 2020-11-27 | 2022-07-08 | 成都鼎安华智慧物联网股份有限公司 | Audio and video monitoring system for network cross-domain transmission and communication method thereof |
CN113329033A (en) * | 2021-06-23 | 2021-08-31 | 广东利元亨智能装备股份有限公司 | Method for establishing communication connection between local area networks, user side equipment and gateway equipment |
CN114448670B (en) * | 2021-12-27 | 2023-06-23 | 天翼云科技有限公司 | Data transmission method and device and electronic equipment |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1633100A (en) * | 2003-12-24 | 2005-06-29 | 华为技术有限公司 | Method of multimedia service NAT traversing and system thereof |
CN101159657A (en) * | 2007-10-16 | 2008-04-09 | 华为技术有限公司 | Method, equipment and server of implementing private network cross-over |
CN102377629A (en) * | 2010-08-20 | 2012-03-14 | 成都市华为赛门铁克科技有限公司 | Method and device for communicating with server in IMS (IP multimedia subsystem) core network by using terminal to pass through private network as well as network system |
-
2014
- 2014-12-26 CN CN201410833313.5A patent/CN104468625B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1633100A (en) * | 2003-12-24 | 2005-06-29 | 华为技术有限公司 | Method of multimedia service NAT traversing and system thereof |
CN101159657A (en) * | 2007-10-16 | 2008-04-09 | 华为技术有限公司 | Method, equipment and server of implementing private network cross-over |
CN102377629A (en) * | 2010-08-20 | 2012-03-14 | 成都市华为赛门铁克科技有限公司 | Method and device for communicating with server in IMS (IP multimedia subsystem) core network by using terminal to pass through private network as well as network system |
Also Published As
Publication number | Publication date |
---|---|
CN104468625A (en) | 2015-03-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104468625B (en) | Dialing tunnel agent device, the method for utilizing the tunnel pass through NAT that dials | |
US11128493B2 (en) | Method for implementing residential gateway service function, and server | |
EP2253123B1 (en) | Method and apparatus for communication of data packets between local networks | |
US9037691B1 (en) | Managing use of intermediate destination computing nodes for provided computer networks | |
US10084851B1 (en) | Managing use of intermediate destination hardware devices for provided computer networks | |
US10454880B2 (en) | IP packet processing method and apparatus, and network system | |
JP2015095894A (en) | Management server and management method thereof for managing cloud appliances in virtual local area networks | |
KR20120071121A (en) | Virtual tunnel router, ip camera management server and ip camera service method based on position information | |
WO2009143729A1 (en) | Method, system and apparatus for realizing dhcp user service wholesale | |
EP2675117A1 (en) | Routing method and device for host in multi-homing site | |
CN105635335B (en) | Social resources cut-in method, apparatus and system | |
US10652204B2 (en) | ReNAT systems and methods | |
AU2023203289A1 (en) | Systems and methods for providing a ReNAT communications environment | |
TWI491209B (en) | Router and security system using the same | |
CN108322400B (en) | Message processing method, system and routing equipment | |
CN111629079B (en) | System and device for realizing network access acceleration | |
KR20100034933A (en) | Terminal and terminal management apparatus, packet transmission method of terminal, terminal management method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |