CN104468625B - Dialing tunnel agent device, the method for utilizing the tunnel pass through NAT that dials - Google Patents

Dialing tunnel agent device, the method for utilizing the tunnel pass through NAT that dials Download PDF

Info

Publication number
CN104468625B
CN104468625B CN201410833313.5A CN201410833313A CN104468625B CN 104468625 B CN104468625 B CN 104468625B CN 201410833313 A CN201410833313 A CN 201410833313A CN 104468625 B CN104468625 B CN 104468625B
Authority
CN
China
Prior art keywords
tunnel
address
client
dialing
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410833313.5A
Other languages
Chinese (zh)
Other versions
CN104468625A (en
Inventor
周迪
徐婷婷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Uniview Technologies Co Ltd
Original Assignee
Zhejiang Uniview Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Uniview Technologies Co Ltd filed Critical Zhejiang Uniview Technologies Co Ltd
Priority to CN201410833313.5A priority Critical patent/CN104468625B/en
Publication of CN104468625A publication Critical patent/CN104468625A/en
Application granted granted Critical
Publication of CN104468625B publication Critical patent/CN104468625B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/2592Translation of Internet protocol [IP] addresses using tunnelling or encapsulation

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

This application discloses the dialing tunnel agent devices of no public network IP, including monitoring module, address information for monitoring connected client and when the purpose IP address for the message that client is sent is in the IP address section of monitoring system, packet forwarding module is transmitted to by message;Tunnel building module applies tunnel for being established using the IP address of one of client, and the address information for the tunnel server that dials is to be pre-configured with;And receive the virtual ip address that dialing tunnel server is distributed;Packet forwarding module, for the client ip address in message to be converted into virtual ip address, by being forwarded the packet to dialing tunnel server using tunnel;And the virtual ip address of the message returned from dialing tunnel server is converted into client ip address.Disclosed herein as well is the methods using dialing tunnel pass through NAT.The application can mitigate the pressure of dialing tunnel server, promote user experience.

Description

Dialing tunnel agent device, the method for utilizing the tunnel pass through NAT that dials
Technical field
This application involves dialing tunneling techniques, more particularly to the dialing tunnel agent device without public network IP and utilization dialing tunnel The method of road passing through NAT.
Background technology
With the continuous development of the Video Supervision Technique and development of Mobile Internet technology of IP based network, monitoring remote video is It is more strong across the demand of the monitoring of wide area network connection as new industrial hot spot.The considerations of for protection internal network security And the purpose of public network IP quantity is saved, operator all can dispose NAT gateway equipment, long-distance video prison in the outlet port of private network The problem of control inevitably encounters passing through provider public network NAT.
Currently, being directed to video monitoring system cross-over NAT equipment, fire wall and security ViGap, there is a kind of dialing application tunnel Solution, dialing application tunnel scheme are the schemes that a video monitoring system passes through public and private net, it is with application layer channel skill Based on art, in conjunction with monitoring double netcard scheme, monitoring system is allowed easily to pass through various gateways, fire wall and NAT device, allowed multiple Miscellaneous monitoring network becomes simple, while improving the network security of user, saves user's budget.Dialing application tunnel scheme is logical It crosses between the monitoring device in client and monitoring system, establish an application layer channel between the superior and the subordinate's domain monitoring device, The channel is all walked when communicating between the equipment at further channel both ends to be forwarded, and is not needed user and is carried out drainage procedure, does not need User increases additional public network address, is significantly reduced the second-time development workload of gateway producer.
But in dialing application tunnel scheme in use, each client wants with dialing tunnel server establish connect, All necessary there are one independent dialing, in this way since excessive connection number can be too big according to the pressure at dialing tunnel server, separately Outer user must first carry out dialing before accessing monitoring equipment and establish a connection manually, and user experience is bad.
Invention content
The application provides a kind of dial tunnel agent device and the method using dialing tunnel pass through NAT of no public network IP, The pressure of dialing tunnel server can be mitigated, promote user experience.
According to the embodiment of the present application in a first aspect, a kind of dialing tunnel agent device of no public network IP is provided, for leading to It crosses to establish with dialing tunnel server and applies tunnel, realize the communication between client and monitoring system, the dialing tunnel Agent apparatus is without public network IP address comprising:
Module is monitored, the message that the address information and client for monitoring connected client are sent;The visitor The address information at family end includes IP address;When the client send message purpose IP address monitoring system IP address When in section, then the message is transmitted to packet forwarding module;
Tunnel building module, the IP address for utilizing one of them client and the dialing tunnel server IP address, which is established, applies tunnel, and the address information of the dialing tunnel server is pre-configured in dialling for the no public network IP address In number tunnel agent device;And receive the virtual ip address that the dialing tunnel server is distributed;
Packet forwarding module passes through for the client ip address in the message to be converted into the virtual ip address The message is forwarded to the dialing tunnel server by the application tunnel;And it will be returned from the dialing tunnel server Message the virtual ip address be converted into the client ip address after, the message is sent to the client.
The application also provides a kind of method using dialing tunnel pass through NAT, for by being built with dialing tunnel server It is vertical to apply tunnel, realize the communication between client and monitoring server, including step:
Monitor the address information of connected client;The address information of the client includes IP address;
It is established with the dialing tunnel server using the address information of client described in one of them and applies tunnel, it is described The address of dialing tunnel server is to be pre-configured with;And receive the virtual ip address that the dialing tunnel server is distributed;
If the destination address for the message that the client is sent, will be in the message in the address field of monitoring system Client ip address is converted into the virtual ip address, and the message is forwarded to the dialing tunnel by the application tunnel Server;And the virtual ip address of the message returned from the dialing tunnel server is converted into the client ip Behind address, the message is sent to the client.
The application establishes one with dialing tunnel server by the dialing tunnel agent device of no public network IP and applies tunnel, Forward the message interacted between client and monitoring system using tunnel by this, without as each client of the prior art with Dialing tunnel server establishes one and applies channel, therefore significantly reduces the pressure of dialing tunnel server, in addition, due to answering It is automatically performed by the dialing tunnel agent device of no public network IP with the process of establishing in tunnel, is not necessarily to subscriber dialing, therefore improve The experience of user.Simultaneously as the dialing tunnel agent device need not have public network IP address without public network IP, when no public network IP When the tunnel agent device that dials needs to establish using tunnel with dialing tunnel server, one of acquired client is utilized Address information with dialing tunnel server initiate the connection request.Due to the shortage of current public network IP resource, apply for a public network IP address needs to spend many funds, and public network is greatly reduced in networking using the dialing tunnel agent device without public network IP The use of IP has saved the resource of public network IP, has reduced equipment cost.
Description of the drawings
Fig. 1 is networking diagram in an application scenarios in the embodiment of the present application;
Fig. 2 is flow chart of the application using the method for dialing tunnel pass through NAT;
Fig. 3 a are that the signaling diagram using tunnel is established in dialing in advance in the embodiment of the present application;
Fig. 3 b are that dynamically the signaling diagram using tunnel is established in dialing in the embodiment of the present application;
Fig. 4 a are the structure chart of tunnel list item in the embodiment of the present application;
Fig. 4 b are the flow chart for the client address that tunnel is established in update in the embodiment of the present application;
Fig. 5 a are the schematic diagram that client address information is converted in the embodiment of the present application;
Fig. 5 b are to build the message format schematic diagram to E-Packet in the embodiment of the present application;
Fig. 6 is the hardware architecture diagram of the dialing tunnel agent device without public network IP in the embodiment of the present application;
Fig. 7 is the internal structure logic diagram of the dialing tunnel agent device without public network IP in the embodiment of the present application.
Specific implementation mode
Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment Described in embodiment do not represent all embodiments consistent with the application.On the contrary, they be only with it is such as appended The example of consistent device and method of some aspects be described in detail in claims, the application.
It is the purpose only merely for description specific embodiment in term used in this application, is not intended to be limiting the application. It is also intended to including majority in the application and "an" of singulative used in the attached claims, " described " and "the" Form, unless context clearly shows that other meanings.
Referring to Fig. 1, to use scheme provided by the present application to establish the application scenarios schematic diagram using tunnel.Each client It is located in different private networks from each monitoring device in monitoring system, passes through the gateway accessing wide area network of two private networks respectively. In this application, each client is connect with the dialing tunnel agent device of no public network IP, passes through the dialing tunnel of no public network IP The dialing tunnel server of road agent apparatus and monitoring system institute in a network, which is established, applies tunnel, realizes client and monitoring system Communication between system.Dialing tunnel client end can be institute's main body in need accessed using dialing tunnel scheme, may wrap It includes:Front monitoring front-end, monitoring client, monitoring server etc..Dialing tunnel server can refer to allowing the tunnel client termination that dials Enter and carry out the equipment that message forwards between different application layer tunnel, may include:Router device, Linux server.Without public affairs The dialing tunnel agent device for netting IP can be the equipment for having two layers/three-tier message forwarding capability concurrently simultaneously.
The method flow diagram that Fig. 2 passes through the application by the dialing tunnel agent device realization NAT of no public network IP.Below By taking the application scenarios that the flow in Fig. 2 is applied in Fig. 1 as an example, the application is carried out by the method for the tunnel pass through NAT that dials It elaborates.
The dialing tunnel agent device of S201, no public network IP monitor the address letter of the one or more clients connected Breath;And using the address information of one of them client connected as foundation using the dialing tunnel generation without public network IP when tunnel Manage address information used in device;
The dialing tunnel agent device of no public network IP is connect with multiple client, monitors the ground of each client connected Location information.In one example, DHCP (the Dynamic Host Configuration of detecting client can be passed through Protocol, dynamic host configuration protocol) interactive process obtains the address information of client, and acquired address information is at least The IP address of IP address and gateway including client.In a preferred approach, it can obtain that each client is all to pass through DHCP The dynamic IP addressing and MAC Address of acquisition and and record.Acquired address information makes in alternative and preferred embodiment With mode reference can be made to hereinafter corresponding embodiment.
S202, the address information of used client takes to preconfigured dialing tunnel when by foundation using tunnel The foundation of device address be engaged in using tunnel;And receive the virtual ip address that dialing tunnel server is distributed.
The address of dialing tunnel server is pre-configured on the dialing tunnel agent device of no public network IP, is generally filled in and is dialled Public network IP address where number tunnel server on the router of private network.
The dialing tunnel agent device need not have public network IP address without public network IP of the application, when the dialing of no public network IP When tunnel agent device needs to establish using tunnel with dialing tunnel server, the ground of one of acquired client is utilized Location information initiates the connection request with dialing tunnel server.Due to the shortage of current public network IP resource, with applying for a public network IP Location needs to spend many funds, and public network IP is greatly reduced in networking using the dialing tunnel agent device without public network IP It uses, has saved the resource of public network IP, reduced equipment cost.Dialing tunnel is established using the address information of one of client Multiple choices are provided in this application at the time of road, can get first visitor for dialling in advance and dynamic dials The flow in dialing tunnel is established in triggering when the address information at family end, can also be to issue monitoring system receiving first client The flow in dialing tunnel is established in triggering when message, is certainly not limited to this two kinds of triggering modes.Dialing in advance and dynamic, which dial, to be touched Hair dialing tunnel flow can Fig. 3 a and Fig. 3 b as detailed below related embodiment.
Dialing tunnel server receive no public network IP dialing tunnel agent device connection request after, first to its into Row access identity is verified, and as an example, the dialing tunnel agent device of no public network IP can be given tacit consent to user name and close Code can take user name and password when being initiated the connection to dialing tunnel server, and dialing tunnel server is to user name password It is authenticated, certification is established again with the dialing tunnel agent device of no public network IP after passing through and connected.With the dialing tunnel of the prior art Road technology is similar, establishes using behind tunnel, one is selected in the virtual address pond that dialing tunnel server can be used from nobody Virtual address distributes to the dialing tunnel agent device of no public network IP, and the virtual address distributed is issued dialling for no public network IP Number tunnel agent device.It is virtual to be used between the dialing tunnel agent device subsequently without public network IP and dialing tunnel server IP address carries out message interaction, and mutual message forwards in application tunnel, will not be by go-between fire wall, NAT device, net These networks are passed through in the interference of lock, realization.
S203, it is when the dialing tunnel agent device of no public network IP needs E-Packet to dialing tunnel server, i.e., objective When the destination address for the message that family end is sent is in the address field of monitoring system, the client ip address in message is converted into nothing The virtual ip address of the dialing tunnel agent device of public network IP, according to gateway ip address, by using tunnel forward the packet to The dialing tunnel server;
The address field of monitoring system can be recorded in the dialing tunnel agent device of no public network IP.According to different foundation The mode (such as dialing in advance, dynamic are dialled) in tunnel, can be different at the time of recording the address field of monitoring system, can be with Understand detailed process with reference to following FIG. 3 a and Fig. 3 b related embodiments.
Carried in the message for the client that the dialing tunnel agent device of no public network IP receives client IP address and The IP address of some equipment in the monitoring system accessed is needed, in one example, the client ip address in message is turned Changing the virtual ip address of the dialing tunnel agent device of no public network IP into and being encapsulated into can be using the process in tunnel:It dials generation Reason device listens to the message for some equipment that client is sent in monitoring system, first converts the source address in its heading For the virtual address of the dialing tunnel agent device of no public network IP, it is virtual source address (group of no public network IP to be packaged into the heads IP The virtual address of number tunnel agent device) and virtual destination address (client needs some of the monitoring system address field accessed IP address) message.In order to which this message can carry out three layers of forwarding in the wide area network, packet outer layer needs to encapsulate one again really The IP heads of address and Tunnel Identifier head.True source IP address can establish to apply tunnel in the IP heads of this true address When used client IP address, true destination address can be the IP of tunnel server mapped public network of dialling Location.After this message gives dialing tunnel server by routing forwarding, dialing tunnel server will be outside message according to Tunnel Identifier The heads true address IP of layer encapsulation and the stripping of Tunnel Identifier head, further according to its purpose virtual address, IP forward the message to Some monitoring device in monitoring system, to be monitored business.
It establishes using S204 when tunnel, by the dialing tunnel generation without public network IP from the message that dialing tunnel server returns After the virtual ip address of reason device is converted into the client ip address, the message is sent to the client.
From dialing tunnel server issue no public network IP dialing tunnel agent device message encapsulation and processing mode and Step S203 is similar.The virtual source address that internal layer encapsulates in message at this time is the IP address of certain equipment in dialing monitoring system, and Virtual destination address is the virtual address of the tunnel agent device that dials of no public network IP.Dialing tunnel agent device without public network IP After receiving the message after encapsulation messages head twice, the heads IP of outer envelope and Tunnel Identifier head are removed, then will be empty Quasi- destination address is converted to the real IP address of client, is transmitted to the client.
Fig. 3 a and Fig. 3 b are the signaling diagrams of two different application examples for establishing the opportunity using tunnel.
Fig. 3 a describe to apply the Establishing process in tunnel in the application example to dial in advance.
In the application example, the dialing tunnel agent device of no public network IP is when detecting the IP address of first client Just request is initiated the connection to dialing tunnel server.The address letter of used client when being established using tunnel in the embodiment Breath is the address information of the first client for being detected dynamic IP addressing.The address field of monitoring system can be using tunnel Road is handed down to no public network IP dialing tunnel agent device after establishing is recorded.Monitoring system address field issues step and general It can be same step to distribute to the step of the virtual ip address of the dialing tunnel agent device of no public network IP issues, and can also be Different step.
Fig. 3 b describe to apply the Establishing process in tunnel in the application example that dynamic dials.
In this embodiment, the dialing tunnel agent device of no public network IP be when detecting the message for needing to forward also It is to initiate the connection request to dialing tunnel server when some client is initiated to be directed toward the session of monitoring system address.At this In embodiment, the address information of used client is the first visitor that message is sent to monitoring system when establishing using tunnel The address information at family end.Due to needing to judge whether the address of the message transmitted by client is directed to monitoring system, It needs the address field of monitoring system being pre-configured in the dialing tunnel agent device of no public network IP in the embodiment.
Preferably, the dialing tunnel agent device of no public network IP monitors all messages of connected client, according to five Tuple determines whether the message for being directed toward monitoring system.Five-tuple refers to source IP address, source port, purpose IP address, destination Mouthful, a set of this five amount compositions of transport layer protocol number.And other unmonitored control system address fields are accessed for client It, can will be in session by the dialing tunnel agent device of no public network IP for the client session of monitoring system is directed toward when address Source address is converted to the virtual address of the dialing tunnel agent device of no public network IP, is then encapsulated into and carries out three layers turns using tunnel When sending out, and the address of other unmonitored control system address fields accessed for client, the dialing tunnel agent device profit of no public network IP It is forwarded the packet away according to two layers of (datalink layer connection) message pass-through mode with the addresses mac of client, specific repeating process The flow for being referred to revealed two layers of forwarding in the prior art executes, and details are not described herein.
Preferably, if the message that the dialing tunnel agent device without public network IP listens to more than one client is directed to When monitoring system, since dialing tunnel agent device and the tunnel proxy server of no public network IP only establish an application layer tunnel Road, therefore the dialing tunnel agent device without public network IP is by each IP address for needing the client in the message that forwards and port It is converted, is the virtual ip address of the dialing tunnel agent device of no public network IP by the IP address conversion of client, it will be objective The port translation at family end is a not used port on the dialing tunnel agent device of no public network IP as the client port Mapped port, and record transformation table entries.Then the dialing tunnel agent device without public network IP is receiving dialing tunnel server Return come message when, further according in message port numbers and transformation table entries judge which client this forwards the message to, into And purpose virtual ip address is converted to the IP address of the client, message is given to the client.
As a preferred embodiment of S201 in Fig. 2, the dialing tunnel agent device record of no public network IP is each connected Client all dynamic IP addressings obtained by DHCP.When the dialing tunnel agent device of no public network IP passes through step After the MAC Address that S201 is obtained is listened to for establishing the address information update for the client for applying tunnel, no public network IP The mark structure tunnel for the address information and application tunnel that one of client is being currently used dialing tunnel agent device Road new information, and the address information for establishing the client using tunnel for notifying dialing tunnel server that will record before It is updated to the address information being being currently used, detailed process is referring to Fig. 4 b.
In the present embodiment, the tunnel list item of dialing tunnel server and the dialing tunnel agent device record without public network IP Structure is as shown in fig. 4 a.It can be multiple no public network IPs in multiple private networks to be established using tunnel with dialing tunnel server Dial tunnel agent device, therefore tunnel ID is used for recording the application that the dialing tunnel agent device of each no public network IP is established The mark in tunnel." opposite end real IP address " and " real ports " and no public network IP in the tunnel list item of dialing tunnel server Dialing tunnel agent device tunnel list item in " real IP address " and " real ports " it is consistent, record is answered for establishing With the IP address and port numbers of the client in tunnel.Dial tunnel server tunnel list item in " opposite end virtual ip address " and " virtual port " and without public network IP dialing tunnel agent device tunnel list item in " virtual ip address " and " virtual port " It is consistent, it records the virtual ip address of the dialing tunnel agent device without public network IP and is made when sending certain client message Virtual port on the dialing tunnel agent device of no public network IP.
Such as Fig. 4 b, S401, when the client for dialling due to restarting or network again etc. leading to dynamic IP addressing When changing, client can send broadcasting packet to Dynamic Host Configuration Protocol server, and the dialing tunnel agent device of no public network IP listens to Message;
S402 is used for dialling establishing the client ip address in tunnel according to what the MAC Address lookup in message was stored;
S403 is found out according to the tunnel list item of the client IP address lookup for establishing tunnel that is used for dialling recorded itself Tunnel ID.
The dialing tunnel agent device of S404, no public network IP update tunnel list item, and it includes tunnel ID and one to encapsulate one The IP address of a new client and the privately owned signaling message of port are as tunnel new information, by being transmitted to service using tunnel Device.The IP address of new client can be the updated dynamic IP addressing of client for being previously used for establishing dialing tunnel, It can be the dynamic IP addressing of other clients.
Dial tunnel server according to the tunnel ID in this privately owned signaling message by the opposite end real IP in corresponding table item Address and real ports are substituted for new IP address and port.
By this preferred embodiment, may be implemented after the dialing IP address update of client, dialing tunnel server is not necessarily to Again it dials, realizes that seamless switching, original tunnel traffic are unaffected by above-mentioned renewal process.
It is the dialing tunnel agent device and client and dialing tunnel server by no public network IP of the application below Interactive customer case, tunnel creation flow is dialing in advance in this customer case.
Monitoring system is located at main office network, and monitoring system address field is 192.168.1.1/24, and gateway is 192.168.1.1, dial tunnel server the public network address after router mappings be 15.0.0.2. 192.168.1.129/25 subnet address is unmanned uses, therefore is the dialing tunnel generation of no public network IP as dialing tunnel server Manage the address pool of device distribution virtual ip address.
The address of dialing tunnel proxy server is configured in the dialing tunnel agent device of no public network IP in advance 15.0.0.2。
The DHCP interactive processes of the dialing tunnel agent device detecting client of no public network IP, obtain the IP address of client And MAC Address, the IP address that client is obtained are the IP address (10.0.0.1) of 10.0.0.2 and gateway, record is connected Each client it is all by DHCP obtain dynamic IPs.In this example, the DHCPREQUEST of monitoring client can be passed through Message obtains the address information of client." the Request IP of " option " field of client in the message Dynamic Host Configuration Protocol server can be inserted in Address " options distributes to its IP address.It can be filled out in " server identifier " option Enter the IP address of Dynamic Host Configuration Protocol server (i.e. gateway).
The dialing tunnel agent device of no public network IP is with the dynamic IP (10.0.0.2) of client, to dialing tunnel server True address (15.0.0.2) initiate the connection.
After the tunnel server that dials carries out access identity certification, tunnel is established, and to the dialing tunnel agent of no public network IP Device distributes virtual IP address (such as 192.168.1.129).
The address field (192.168.1.1/24) of monitoring system is handed down to box by dialing tunnel server.
Dialing tunnel server can intercept the session message of client initiation.When client accesses other addresses, box Directly pass through link layer transparent transmission using client mac address;Such as Fig. 5 a, when the ground of monitoring system is directed toward in the session that client is initiated Location, the i.e. source address of client be the IP address of itself, destination address be monitoring system address field in an IP address (such as IP address is the monitoring device of 192.168.1.128), then the client ip address in the session is converted into dialling for no public network IP The virtual ip address of number tunnel agent device, if there is currently the session that more than one is directed toward monitoring system, also need to by The port translation of client is an idle port of the dialing tunnel agent device of no public network IP, and records the visitor of current sessions IP address, port and the transformed virtual ip address at family end and port;Message after conversion address information is encapsulated into tunnel Road.Message structure after encapsulation is as shown in Figure 5 b.
The dialing tunnel agent device of no public network IP to monitor it is all dialing tunnel servers return messages, according to its five Tuple judges, is not that the message of monitoring business directly is continued to forward by two layers of link layer, then first will be outer for monitoring business message The encapsulation in layer tunnel is to stripping, then matches transformation table entries, turns after purpose virtual ip address is converted into client real IP address Give client (such as Fig. 5 a).
The dialing tunnel agent device of no public network IP listens to original dynamic IP for being used for dialling according to MAC Address and becomes When change, the IP address of the client of the dialing originally recorded can be first searched according to MAC Address, then looks up the tunnel of itself List item finds out tunnel ID.If each client former IP address is no longer valid or is used by other machines, DHCP service Device can then respond a DHCPNACK package to client, it is desirable that it executes Dhcpdiscover from new.Client is sent out Dhcpdiscover message broadcasting messages, and with the MAC Address of itself in message, therefore in this example, tunnel dialing agency Device judges whether the IP of client changes by monitoring Dhcpdiscover.
And it dials and acts on behalf of the IP address, MAC Address that record has PC machine original on box.So when box receives one When Dhcpdiscover messages, it can find out which original IP address is changed from the MAC Address in message.
After the IP address of client recorded in tunnel list item to be updated to the address of new client, encapsulation one includes The privately owned signaling message of tunnel ID and new IP address and port is transmitted to server by tunnel.So that server is according in message Tunnel ID by corresponding table item opposite end real IP and port be substituted for new IP address and port.
Realize that the method that NAT is passed through is corresponding with the dialing tunnel agent device above by no public network IP, the application is also Provide the dialing tunnel agent device of no public network IP.
The embodiment of the dialing tunnel agent device without public network IP of the application can be applied on network devices.Without public network The dialing tunnel agent device embodiment of IP can be by software realization, can also be by way of hardware or software and hardware combining It realizes.For implemented in software, as the device on a logical meaning, being will be non-volatile by the processor of equipment where it Property memory in corresponding computer program instructions read in memory what operation was formed.For hardware view, such as Fig. 6 institutes Show, is a kind of hardware structure diagram of equipment where dialing tunnel agent device of the application without public network IP, in addition to place shown in fig. 6 It manages except device, network interface, memory and nonvolatile memory, the equipment in embodiment where device usually can also include Other hardware.
Fig. 7 is the logical box of internal structure when dialing tunnel agent device of the application without public network IP passes through software realization Figure.In this embodiment, the dialing tunnel agent device 700 of no public network IP includes monitoring module 701, tunnel building module 702 With packet forwarding module 703.It monitors module 701 to connect with multiple client, can be used for monitoring each client connected Address information and each client transmitted by message, and judge the message transmitted by client whether be need monitor system The message of system processing.Tunnel building module 702 can utilize address information and the dialing for monitoring the client acquired in module 701 Tunnel server, which is established, applies tunnel.After application tunnel building, dialing tunnel server can distribute to the dialing of no public network IP One virtual ip address of tunnel agent device, tunnel building module 702 are transmitted to message after receiving this virtual ip address and turn Send out module.Packet forwarding module can will need to issue the message of monitoring system processing by virtual ip address using application tunnel It issues dialing tunnel server to be handled, and after receiving the message that dialing tunnel server is replied, virtual ip address is turned The client is issued after being changed to the IP address of purpose client.
The function of each module of the dialing tunnel agent device 700 of no public network IP is illustrated below.
Module is monitored, the report that the address information and client for monitoring at least one connected client are sent Text;When the destination address for the message that client is sent is in the address field of monitoring system, then the message is transmitted to message and turned Send out module;
Tunnel building module, for by the address information of one of client to preconfigured dialing tunnel service Device address, which is established, applies tunnel;And receive the virtual ip address that the dialing tunnel server is distributed;
Packet forwarding module, for the client ip address in message to be converted into the virtual ip address, by described The message is forwarded to the dialing tunnel server using tunnel;And the report that will be returned from the dialing tunnel server After the virtual ip address of text is converted into the client ip address, the message is sent to the client.
In one embodiment, the address information of used client is received for the monitoring module when establishing using tunnel To the address information of the client of first address information;Tunnel building module is further used for when establishing using tunnel from described The address field that the monitoring system is received using tunnel server is transmitted to monitoring module.
The address field of the monitoring system is to be pre-configured in another embodiment;It is used when establishing using tunnel Destination address in the message for the first transmission that the address information of client receives for the monitoring module is in the monitoring system Address field in client address information.
Preferably, it monitors module and is further used for obtaining and each of connected the institute that the client is obtained by DHCP There is the MAC Address of address information and the client;Module is monitored to listen to for establishing using tunnel when according to the MAC Address After the address information update of the client in road, the tunnel building module is notified;Tunnel building module is according to the MAC Location finds the mark using tunnel for establishing corresponding to the address information using the client in tunnel;And it will The address information and the mark using tunnel that one of client is being currently used build tunnel new information, and lead to Know that the dialing tunnel server is updated to described work as establishing by described using the address information of the client in tunnel Preceding address information currently in use.
Preferably, the destination address of the message sent when at least two clients is in the address field of monitoring system When, the packet forwarding module is further used for for the client port in the message being converted into the dialing of the no public network IP Mapped port on tunnel agent device, and the mapped port of the message returned from the dialing tunnel server is turned Change the client port into.
Those skilled in the art after considering the specification and implementing the invention disclosed here, will readily occur to its of the application Its embodiment.This application is intended to cover any variations, uses, or adaptations of the application, these modifications, purposes or Person's adaptive change follows the general principle of the application and includes the undocumented common knowledge in the art of the application Or conventional techniques.The description and examples are only to be considered as illustrative, and the true scope and spirit of the application are by following Claim is pointed out.
It should be understood that the application is not limited to the precision architecture for being described above and being shown in the accompanying drawings, and And various modifications and changes may be made without departing from the scope thereof.Scope of the present application is only limited by the accompanying claims.

Claims (10)

1. a kind of dialing tunnel agent device of no public network IP, real for applying tunnel by being established with dialing tunnel server Existing communication between client and monitoring system, which is characterized in that the dialing tunnel agent device without public network IP address, Including:
Module is monitored, the message that the address information and client for monitoring connected client are sent;The client Address information include IP address;When the purpose IP address for the message that the client is sent is in the IP address section of monitoring system When, then the message is transmitted to packet forwarding module;
Tunnel building module, with the IP of the dialing tunnel server for the IP address using one of them client Location, which is established, applies tunnel, and the address information of the dialing tunnel server is pre-configured in the dialing tunnel of the no public network IP address In road agent apparatus;And receive the virtual ip address that the dialing tunnel server is distributed;
Packet forwarding module, for the client ip address in the message to be converted into the virtual ip address, by described The message is forwarded to the dialing tunnel server using tunnel;And the report that will be returned from the dialing tunnel server After the virtual ip address of text is converted into the client ip address, the message is sent to the client.
2. the apparatus according to claim 1, which is characterized in that the monitoring module be further used for obtain connected it is every The MAC Address that a client passes through the DHCP all address informations and the client obtained;
The address for monitoring module used client when listening to foundation using tunnel according to the MAC Address After information update, the tunnel building module is notified;
The tunnel building module is found according to the MAC Address to be established using used client when tunnel The mark using tunnel corresponding to address information;And address information that one of client is being currently used and described Tunnel new information is built using the mark in tunnel, and notifies the dialing tunnel server that will be used when establishing using tunnel The address information of the client be updated to the address information being being currently used.
3. the apparatus according to claim 1, which is characterized in that when the purpose for the message that at least two clients are sent When address is in the address field of monitoring system, the packet forwarding module is further used for the client port in the message The mapped port being converted on the dialing tunnel agent device of the no public network IP, and will be returned from the dialing tunnel server The mapped port of the message returned is converted into the client port.
4. the apparatus according to claim 1, which is characterized in that the address information of one of them client is the prison Module is listened to receive the address information of the client of first address information;
The tunnel building module is further used for receiving the prison from the application tunnel server when establishing using tunnel The address field of control system is transmitted to monitoring module.
5. the apparatus according to claim 1, which is characterized in that the address field of the monitoring system is to be pre-configured with;
The address information of one of them client is the destination in the message for the first transmission that the monitoring module receives The address information of client of the location in the address field of the monitoring system.
6. a kind of method using dialing tunnel pass through NAT is realized for applying tunnel by being established with dialing tunnel server Communication between client and monitoring server, which is characterized in that including step:
Monitor the address information of connected client;The address information of the client includes IP address;
It is established with the dialing tunnel server using the address information of client described in one of them and applies tunnel, the dialing The address of tunnel server is to be pre-configured with;And receive the virtual ip address that the dialing tunnel server is distributed;
If the destination address for the message that the client is sent is in the address field of monitoring system, by the client in the message It holds IP address conversion at the virtual ip address, the message is forwarded to by the dialing tunnel service by the application tunnel Device;And the virtual ip address of the message returned from the dialing tunnel server is converted into the client ip address Afterwards, the message is sent to the client.
7. according to the method described in claim 6, it is characterized in that, monitoring the address information of at least one connected client It specifically includes:Monitor MAC Address of the client by the DHCP all address informations and the client obtained;
When listening to foundation according to the MAC Address using tunnel after the address information update of the used client, The application established corresponding to the address information using used client when tunnel is found according to the MAC Address The mark in tunnel;And the address information that one of client is being currently used and the mark using tunnel build tunnel Road new information, and the dialing tunnel server is notified to believe the address of used client when establishing using tunnel Breath is updated to the address information being being currently used.
8. according to the method described in claim 6, it is characterized in that, the purpose of the message when at least two clients transmissions When address is in the address field of monitoring system, the method further includes:
Client port in the message is converted into corresponding mapped port, and will be returned from the dialing tunnel server The mapped port of the message returned is converted into the client port.
9. according to the method described in claim 6, it is characterized in that, the address field of the monitoring system is to be pre-configured with;
The address information of one of them client is destination address in the message of the first transmission received in the monitoring The address information of client in the address field of system.
10. according to the method described in claim 6, it is characterized in that, the address information of one of them client is to receive First address information client address information;
The method still further comprises:When establishing using tunnel the monitoring system is received from the application tunnel server Address field.
CN201410833313.5A 2014-12-26 2014-12-26 Dialing tunnel agent device, the method for utilizing the tunnel pass through NAT that dials Active CN104468625B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410833313.5A CN104468625B (en) 2014-12-26 2014-12-26 Dialing tunnel agent device, the method for utilizing the tunnel pass through NAT that dials

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410833313.5A CN104468625B (en) 2014-12-26 2014-12-26 Dialing tunnel agent device, the method for utilizing the tunnel pass through NAT that dials

Publications (2)

Publication Number Publication Date
CN104468625A CN104468625A (en) 2015-03-25
CN104468625B true CN104468625B (en) 2018-07-13

Family

ID=52913997

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410833313.5A Active CN104468625B (en) 2014-12-26 2014-12-26 Dialing tunnel agent device, the method for utilizing the tunnel pass through NAT that dials

Country Status (1)

Country Link
CN (1) CN104468625B (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105635335B (en) * 2015-12-30 2019-06-11 浙江宇视科技有限公司 Social resources cut-in method, apparatus and system
CN105915662B (en) * 2016-04-13 2019-10-18 浙江宇视科技有限公司 A kind of data transmission method and device
CN105897542B (en) * 2016-05-13 2019-12-13 浙江宇视科技有限公司 Tunnel establishment method and video monitoring system
CN105872128B (en) * 2016-05-31 2019-03-08 浙江宇视科技有限公司 The distribution method and device of virtual ip address
CN108737271B (en) * 2017-04-14 2021-06-01 华为技术有限公司 Message routing method, device and system
CN111262784B (en) * 2020-01-13 2022-05-17 杭州朗和科技有限公司 Message forwarding method, message forwarding device, storage medium and electronic equipment
CN111586200B (en) * 2020-04-29 2022-05-17 平安科技(深圳)有限公司 Method and system for transmitting real IP address of client
CN112511805B (en) * 2020-11-27 2022-07-08 成都鼎安华智慧物联网股份有限公司 Audio and video monitoring system for network cross-domain transmission and communication method thereof
CN113329033A (en) * 2021-06-23 2021-08-31 广东利元亨智能装备股份有限公司 Method for establishing communication connection between local area networks, user side equipment and gateway equipment
CN114448670B (en) * 2021-12-27 2023-06-23 天翼云科技有限公司 Data transmission method and device and electronic equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1633100A (en) * 2003-12-24 2005-06-29 华为技术有限公司 Method of multimedia service NAT traversing and system thereof
CN101159657A (en) * 2007-10-16 2008-04-09 华为技术有限公司 Method, equipment and server of implementing private network cross-over
CN102377629A (en) * 2010-08-20 2012-03-14 成都市华为赛门铁克科技有限公司 Method and device for communicating with server in IMS (IP multimedia subsystem) core network by using terminal to pass through private network as well as network system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1633100A (en) * 2003-12-24 2005-06-29 华为技术有限公司 Method of multimedia service NAT traversing and system thereof
CN101159657A (en) * 2007-10-16 2008-04-09 华为技术有限公司 Method, equipment and server of implementing private network cross-over
CN102377629A (en) * 2010-08-20 2012-03-14 成都市华为赛门铁克科技有限公司 Method and device for communicating with server in IMS (IP multimedia subsystem) core network by using terminal to pass through private network as well as network system

Also Published As

Publication number Publication date
CN104468625A (en) 2015-03-25

Similar Documents

Publication Publication Date Title
CN104468625B (en) Dialing tunnel agent device, the method for utilizing the tunnel pass through NAT that dials
US11128493B2 (en) Method for implementing residential gateway service function, and server
EP2253123B1 (en) Method and apparatus for communication of data packets between local networks
US9037691B1 (en) Managing use of intermediate destination computing nodes for provided computer networks
US10084851B1 (en) Managing use of intermediate destination hardware devices for provided computer networks
US10454880B2 (en) IP packet processing method and apparatus, and network system
JP2015095894A (en) Management server and management method thereof for managing cloud appliances in virtual local area networks
KR20120071121A (en) Virtual tunnel router, ip camera management server and ip camera service method based on position information
WO2009143729A1 (en) Method, system and apparatus for realizing dhcp user service wholesale
EP2675117A1 (en) Routing method and device for host in multi-homing site
CN105635335B (en) Social resources cut-in method, apparatus and system
US10652204B2 (en) ReNAT systems and methods
AU2023203289A1 (en) Systems and methods for providing a ReNAT communications environment
TWI491209B (en) Router and security system using the same
CN108322400B (en) Message processing method, system and routing equipment
CN111629079B (en) System and device for realizing network access acceleration
KR20100034933A (en) Terminal and terminal management apparatus, packet transmission method of terminal, terminal management method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant