CN105635335A - Social resource access method, apparatus, and system - Google Patents
Social resource access method, apparatus, and system Download PDFInfo
- Publication number
- CN105635335A CN105635335A CN201511021063.6A CN201511021063A CN105635335A CN 105635335 A CN105635335 A CN 105635335A CN 201511021063 A CN201511021063 A CN 201511021063A CN 105635335 A CN105635335 A CN 105635335A
- Authority
- CN
- China
- Prior art keywords
- address
- access
- access device
- virtual
- client terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a social resource access method, apparatus, and system. An access information obtaining module obtains access information of all access devices, wherein the access information includes private network IP addresses of the access devices and access device IDs; an access information sending module sends the IDs of all access devices to an access information receiving module; after a virtual IP address distribution module distributes virtual IP addresses to access devices corresponding to all access device IDs, a data interaction module sends the virtual IP addresses of all access devices to an IP address mapping module, and the IP address mapping module establishes an IP mapping relationship between private network IP addresses and virtual IP addresses of all access devices according to the virtual IP addresses of all access devices; and an access server and all access devices carry out interaction based on the IP mapping relationship. With the method, apparatus, and system, a problem of a private network IP address conflict among a plurality of websites during the access to the network by access devices can be solved.
Description
Technical field
The invention belongs to society's resource access field, specifically, it relates to society resource access method, Apparatus and system.
Background technology
Along with the development of video monitoring technology, monitoring equipment is applied to Internet bar more and more, hotel, supermarket, the regions such as bus station, different zones is by by NVR (NetworkVideoRecorder and the network hard disk video recorder)/DVR (DigitalVideoRecorder of each manufacturer, HD recording machine) it is arranged in the private net in this region, the data resource (such as video data) of these access devices (i.e. society's resource) in private net cannot directly be accessed by public network, to realize converging to the data resource of dispersion independent access device the problem that public security inside (i.e. another private net) carries out integrating. in the prior art, as these NVR/DVR are linked into public security inside by needs, what first to be solved is NAT (NetworkAddressTranslation, the network address translation) problem of the private net of public network access.
The method of existing access device (NVR/DVR) is by DA (DeviceAgent, proxy for equipment) access server calls the SDK (SoftwareDevelopmentKit of access device, Software development tool kit) interface, thus realize the long-range access of access device. and access device is often in private net, public network cannot directly be accessed, this just needs the access device that configuration port mapping accesses on the router to needs, thus realize SDK interface accessing, but owing to the SDK monitoring interface of each manufacturer is unique, router cannot be the multiple port mapping of same port arrangement, when needing the multiple access device accessed in NAT in multiple private net, existing networking just cannot adapt to the demand of a large amount of access device access, and by configuring port mapping, also access device is exposed on public network simultaneously, there is great potential safety hazard.
Summary of the invention
It is an object of the invention to overcome the deficiencies in the prior art, society resource access method, Apparatus and system are provided, in time solving in prior art by accessing access device in the way of configuring port mapping, the problem that the access device existed is exposed on public network, simultaneously, when the access device of multiple site is accessed networking by dynamic routing mode by solution, the private network IP address conflict problem of the access device of multiple sites of existence.
The object of the present invention is achieved like this: a kind of society resource access method, the access client terminal being applied in society's resource connecting system, described society resource connecting system also comprises access server and at least one access device, described each access device is arranged in same site with access client terminal, described each access device is arranged in different site from access server
The method comprises: the access information obtaining each access device, and described access information comprises private network IP address and the access device ID of access device; Each access device ID is sent to access server, the access device distribution virtual IP address address giving each access device ID corresponding by access server;
Virtual IP address address according to each access device that access server sends, sets up the IP between the private network IP address of each access device and virtual IP address address and maps relation so that access server and each access device map relation by described IP to carry out alternately.
Further, the method also comprises: by the virtual IP address address configuration of each access device on self virtual network interface card, and sets up the IP between the private network IP address of each access device and virtual IP address address by NAT rule and map relation;
Described NAT rule comprises DNAT rule, when access server access switch in device, receive after access server is sent to the data packet of this access device virtual IP address address and converts virtual IP address address to private network IP address by DNAT rule, data packet is redirected and is sent to corresponding access device;
Described NAT rule also comprises SNAT rule, when access device accesses access server, receive access device be sent to this access server data packet and by SNAT rule convert private network IP address to virtual IP address address after, by data packet be redirected be sent to access server.
Present invention also offers a kind of social resource access method being implemented in access server, match with the social resource access method being implemented in access client terminal.
A kind of society resource access method, the access server being applied in society's resource connecting system, described society resource connecting system also comprises access client terminal and at least one access device, described each access device is arranged in same site with access client terminal, and described each access device is arranged at from access server in different site;
The method comprises: after receiving each access device ID that access client terminal sends, and to the access device distribution virtual IP address address that each access device ID is corresponding, and the virtual IP address address of each access device is sent to access client terminal,
After setting up the mapping relation between the private network IP address of each access device and virtual IP address address by access client terminal, carry out alternately according to described IP mapping relation and each access device.
Further, the private network IP address of the virtual IP address address and described access server that each access device distributed to by described access server belongs to the same network segment;
The virtual IP address address configuration of each access device on self virtual network interface card, and is set up the IP between the private network IP address of each access device and virtual IP address address by NAT rule and is mapped relation by described access client terminal;
Described NAT rule comprises DNAT rule, when access server access switch in device, described access server will issue the data packet of this access device virtual IP address address, it is sent to access client terminal, after converting virtual IP address address to private network IP address by access client terminal by DNAT rule, data packet is redirected and is sent to corresponding access device;
Described NAT rule also comprises SNAT rule, when access device accesses access server, access device will issue the data packet of this access server, it is sent to access client terminal, after converting private network IP address to virtual IP address address by access client terminal by SNAT rule, data packet is redirected and is sent to access server.
Utilize the method for the present invention, present invention also offers a kind of social resource access device being implemented in access client terminal.
A kind of society resource access device, the access client terminal being applied in society's resource connecting system, described society resource connecting system also comprises access server and at least one access device, described each access device is arranged in same site with access client terminal, described each access device is arranged at from access server in different site, and this device comprises:
Access information acquisition module, obtains the access information of each access device, and described access information comprises private network IP address and the access device ID of access device;
Access information sending module, is sent to access server by each access device ID;
IP address mapping module, behind the access device distribution virtual IP address address that access server gives each access device ID corresponding, virtual IP address address according to each access device that access server sends, set up the IP between the private network IP address of each access device and virtual IP address address and map relation so that access server and each access device map relation by described IP to carry out alternately.
Further, this device also comprises: virtual network interface card, configures the virtual IP address address of each access device;
Described IP address mapping module is set up the IP between the private network IP address of each access device and virtual IP address address by NAT rule and is mapped relation;
Described NAT rule comprises DNAT rule, when access server access switch in device, described IP address mapping module receives after access server is sent to the data packet of this access device virtual IP address address and converts virtual IP address address to private network IP address by DNAT rule, is redirected by data packet and is sent to corresponding access device;
Described NAT rule also comprises SNAT rule, when access device accesses access server, described IP address mapping module receive access device be sent to this access server data packet and by SNAT rule convert private network IP address to virtual IP address address after, by data packet be redirected be sent to access server.
Present invention also offers a kind of social resource access device being implemented in access server, match with the social resource connecting system being implemented in access client terminal.
A kind of society resource access device, the access server being applied in society's resource connecting system, described society resource connecting system also comprises access client terminal and at least one access device, described each access device is arranged in same site with access client terminal, described each access device is arranged at from access server in different site, and this device comprises:
Access information receiver module, receives each access device ID that access client terminal sends;
Virtual IP address address assignment module, to the access device distribution virtual IP address address that each access device ID is corresponding;
Data interaction module, is sent to access client terminal by the virtual IP address address of each access device, set up the mapping relation between the private network IP address of each access device and virtual IP address address by client terminal after, carries out alternately according to described IP mapping relation and each access device.
Further, the private network IP address of virtual IP address address and described access server that described virtual IP address address assignment module distributes to each access device belongs to the same network segment;
The virtual IP address address configuration of each access device on self virtual network interface card, and is set up the IP between the private network IP address of each access device and virtual IP address address by NAT rule and is mapped relation by described access client terminal;
Described NAT rule comprises DNAT rule, when access server access switch in device, described data exchange module will issue the data packet of this access device virtual IP address address, it is sent to access client terminal, after converting virtual IP address address to private network IP address by access client terminal by DNAT rule, data packet is redirected and is sent to corresponding access device;
Described NAT rule also comprises SNAT rule, when access device accesses access server, access device will issue the data packet of data interaction module, it is sent to access client terminal, after converting private network IP address to virtual IP address address by access client terminal by SNAT rule, data packet is redirected and is sent to data interaction module.
Present invention also offers a kind of social resource connecting system always, specific as follows:
A kind of society resource connecting system, comprises access client terminal, access server and at least one access device, and described each access device is arranged in same site with access client terminal, and described each access device is arranged at from access server in different site; Described access client terminal comprises access information acquisition module, access information sending module and IP address mapping module; Described access server comprises access information receiver module, virtual IP address address assignment module and data interaction module;
Access information acquisition module obtains the access information of each access device, and described access information comprises private network IP address and the access device ID of access device;
By access information sending module, each access device ID is sent to access information receiver module;
Behind the access device distribution virtual IP address address that virtual IP address address assignment module gives each access device ID corresponding, by data interaction module, IP address mapping module is issued in the virtual IP address address of each access device, IP address mapping module, according to the virtual IP address address of each access device, is set up the IP between the private network IP address of each access device and virtual IP address address and is mapped relation;
Access server and each access device map relation by described IP to carry out alternately.
Further, described access client terminal also comprises the virtual network interface card of the virtual IP address address configuring each access device;
Described IP address mapping module is set up the IP between the private network IP address of each access device and virtual IP address address by NAT rule and is mapped relation;
Described NAT rule comprises DNAT rule, when access server access switch in device, the described IP of stating address mapping module receives after data interaction module is sent to the data packet of this access device virtual IP address address and converts virtual IP address address to private network IP address by DNAT rule, is redirected by data packet and is sent to corresponding access device;
Described NAT rule also comprises SNAT rule, when access device accesses access server, described IP address mapping module receive access device be sent to data interaction module data packet and by SNAT rule convert private network IP address to virtual IP address address after, by data packet be redirected be sent to data interaction module.
The useful effect of the present invention: the present invention is that the access device that each access device ID is corresponding all distributes a virtual IP address address by access server, the private network IP address of access switch in device direct in prior art is converted to the virtual IP address address of first access switch in device, then access, by being arranged at the IP mapping relation of access client terminal, the corresponding access device being positioned at same site with access client terminal, the private network IP address conflict problem of multiple site when this kind of mode can solve access device access networking thoroughly. The present invention can be linked into access server by the reliable and effective access device by site each in society, by the access device in each site of access server unified management and gather the information of the access device in each site.
It is be configured on the virtual network interface card of access client terminal due to virtual IP address address, so access device corresponding to these virtual IP address addresses accessed by access server, it is exactly logically remote lan access in fact, access server just without the need to adding the dynamic routing of access switch in device on this access server, frequent and that interpolation route table items brings the in a large number system performance expense of thorough settlement server, a large amount of route table items can be saved, server is added Route error probability simultaneously and has dropped to 0, reduce the performance requriements to access server, also the reliability of access server is substantially increased.
The IP address of the virtual IP address address that the access server of the present invention is distributed unitedly to access device and this access server belongs to a network segment, therefore access server access these virtual IP address addresses be equal to local area network inside access, the VPN of access client terminal address of dialling virtual IP address address with access device there is no association in fact, access server is also indifferent to the access client terminal situation that VPN tunnel IP address changes after again dialling, like this can by the virtual IP address address of access device and VPN dialing procedure decoupling zero and, the i.e. strong binding relationship of the virtual IP address address of decoupling zero access device and the IP address (the IP address produced by access client terminal VPN dial-up connection access server) of access client terminal, make the stalwartness of entire society's resource connecting system better, also more stable.
Accompanying drawing explanation
Fig. 1 is the networking schematic diagram of prior art society resource access;
Fig. 2 is the schema of embodiment of the present invention society resource access method.
Embodiment
Below in conjunction with accompanying drawing, also by specific embodiment, the invention will be further described, and following examples are descriptive, are not limited, can not limit protection scope of the present invention with this.
What society's resource access primarily solved is the network access problem that the access device of another site accessed by access server, the method solving this problem in prior art is by arranging access client terminal (can be gateway equipment) in site, access device place, access client terminal dials in access server by VPN, gets through the network between access device and access server by access client terminal.
See Fig. 1, access client terminal can simply manage and access the access device (NVR/DVR) being arranged in same site with this access client terminal, and the access server eventually through another site manages a large amount of access client terminals and the access device of access client terminal access concentratedly.
Get through the network of access client terminal to access server by VPN (VirtualPrivateNetwork, virtual private network) dialing, but can not really solve the network problem that the access device of another site accessed by access server. such as, access server (private network IP address is 172.16.1.1) needs to access the NVR to be accessed (private network IP address of NVR1 is 192.168.0.20) that another site access device ID is NVR1 here, dial at access client terminal (private network IP address is 192.168.0.10) VPN and get through a upper access server of VPN tunnel connection, the IP address in the VPN tunnel that access client terminal VPN dialing obtains is 172.16.1.2, then in the routing table of access server, add the route that is pointed to NVR1 private network IP address, route ID is made up of the IP address of the IP address/port of NVR1 and VPN tunnel, the route ID of the NVR1 of routing table record is 192.168.0.20/31172.16.1.2, simultaneously, the route of redirected access device response data packet is needed in access client terminal, this route is made to return access server by VPN tunnel, so just can directly access NVR1 at access server, without the need to router again (private network IP address is 192.168.0.1) configures port mapping, also NVR1 can not be exposed to public network simultaneously. but this kind is by dynamically adding the mode of access device route so that with access device not when this access device accessed by the access server of same site, there is following defect:
(1) site, access server place and site, a large amount of access device place all belong to different private nets, connected by VPN tunnel between each private net, the private network IP address of the access device of different site may be identical, so just there is private network IP address conflict problem, this kind of scheme needs very reasonably to plan each network, the feasibility of ability assured plan, but the exploitativeness for engineering brings huge challenge undoubtedly.
(2) when access device quantity is very huge, need to be added dynamically by each access device a route, a large amount of routes adds the consuming time of access server table of query and routing, this proposes very high requirement for the performance of access server, is unfavorable for upgrading and the dilatation of whole system.
(3) owing to the access client terminal IP address in VPN tunnel obtained of dialling is not fixing every time, access each dial-up success of client terminal like this, access server just needs the route again upgrading these all access devices being access in client terminal access, the fault-tolerant rate of whole system there is higher requirement, access server access switch in device and VPN dialing have the relation of tight coupling so that the robustness of whole system is not good.
The social resource access method of the present embodiment, device and system, society's resource connecting system networking is identical with the networking of prior art, see Fig. 1, comprise access client terminal, access server and at least one access device, each access device is arranged in same site with access client terminal, and each access device is arranged in different site from access server. Wherein, access client terminal and comprise access information acquisition module, access information sending module and IP address mapping module; Access server comprises access information receiver module, virtual IP address address assignment module and data interaction module. Need between different site to be set up with the cooperation of public network by router to communicate.
Same site arranges access client terminal, and the access device in this site is linked in this access client terminal. Wherein, access device can be monitoring equipment, such as NVR or DVR etc., and the monitoring equipment in this site establishes a communications link by the access client terminal of exchange board or router and this site. The present embodiment is that 4 NVR that the equipment I D in same site is respectively NVR1, NVR2, NVR3 and NVR4 directly connect in the access client terminal accessing this site, it is not necessary to the configuration of NVR1, NVR2, NVR3 and NVR4 changed.
When networking, access device and access server are positioned at different site, and namely different private nets, the access server of the present embodiment can access the access device of multiple site, and the access device quantity in same site can specifically set according to actual needs. Being respectively arranged with access client terminal in monitoring site, equipment place, each access device of each site is carried out unified management by the access server being positioned at another site.
During networking, the access server of the access client terminal and another site that are positioned at site, monitoring equipment place is established a communications link, thus get through the network between two private nets. Specifically, access client terminal is dialed in by VPN to set up a VPN tunnel between access client terminal and access server, thus sets up the communication connection between access client terminal and access server, gets through the network between access device and access server.
See Fig. 2, the social resource access method of the present embodiment, after access client terminal in site, each access device and this each access device place establishes a communications link, the access information acquisition module of access client terminal obtains the access information of each access device, wherein, access information comprises private network IP address and the access device ID of access device, then, by accessing the access information sending module of client terminal, each access device ID is sent to the access information receiver module being positioned at another site access server; Next, the access device distribution virtual IP address address that access server virtual IP address address assignment module gives each access device ID corresponding, by the data interaction module of access server, the virtual IP address address of each access device is issued the IP address mapping module of access client terminal again, IP address mapping module is after receiving virtual IP address address, virtual IP address address according to each access device, set up the IP between the virtual IP address address of each access device and private network IP address and map relation so that access server and each access device map relation by described IP to carry out alternately.
Certainly, when monitor site, equipment place exist at least two or more time, each monitoring site, equipment place is provided with access client terminal, each access client terminal is all established a communications link with access server by VPN dialing, and each access client terminal is sent to access server after the access device ID of each access device getting corresponding site, by the unified access device distribution virtual IP address address corresponding for each access device ID of different site of access server, make when there is the access device of identical private network IP address during the private of two private nets or two or more is netted, owing to virtual IP address address is distributed unitedly by access server, the access device of the identical private network IP address in two private nets or two or more private net is made to be allocated to different virtual IP address addresses, such access server is when the access device accessed in different site, just the access device in corresponding site accurately is found by the unique virtual IP address address of access device, so just, equipment private network IP address in different private nets can be solved identical, and access service is when access switch in device, the problem of the IP address conflict existed.
Access client terminal also comprise virtual network interface card, access client terminal IP address mapping module receive access server virtual IP address address assignment module send virtual IP address address after, by virtual IP address address configuration on the virtual network interface card of this access client terminal. it is be configured on the virtual network interface card of access client terminal due to virtual IP address address, so access device corresponding to these virtual IP address addresses accessed by access server, it is exactly logically remote lan access in fact, access server just without the need to adding the dynamic routing of access switch in device on this access server, frequent and that interpolation route table items brings the in a large number system performance expense of thorough settlement server, a large amount of route table items can be saved, server is added Route error probability simultaneously and has dropped to 0, reduce the performance requriements to access server, also the reliability of access server is substantially increased.
Access server is that the virtual IP address address of the access device distribution that each access device ID is corresponding and the private network IP address of this access server are positioned at the same network segment, wherein in embodiment, access server is that equipment I D is respectively NVR1, NVR2, 4 NVR of NVR3 and NVR4 distribute corresponding virtual IP address address, it is respectively 172.16.1.3, 172.16.1.4, and 172.16.1.6 172.16.1.5, the IP address of access server is 172.16.1.1, the VPN tunnel IP address that the VPN dialing of access client terminal produces is 172.16.1.2, virtual IP address address and the access server IP address of access device just belong to the same network segment, access server is made to access access device corresponding to these virtual IP address addresses, it is equal to the access of local area network inside, the virtual IP address address of the VPN tunnel IP address that the VPN dialing of access client terminal produces and each access device there is no association, access server is also indifferent to the situation that access client terminal changes VPN tunnel IP address after VPN dial-up connection again, by the social resource access method of the present embodiment and device, when access server accesses access device, access server and VPN are dialled decoupling zero and, the i.e. strong binding relationship of the virtual IP address address of decoupling zero access device and the VPN tunnel IP address of access client terminal, make the stalwartness of entire society's resource connecting system better, also more stable.
Wherein in an embodiment, the virtual network interface card that tap0 creates after being access client terminal VPN dial-up success, the VPN tunnel IP address of access client terminal is 172.16.1.2, access server be access device distribution virtual IP address address be 172.16.1.3, access client terminal this virtual IP address is configured to virtual network interface card tap0 from IP. On the virtual network interface card of access client terminal, configuration virtual IP address is as follows:
tap0Linkencap:EthernetHWaddrF6:01:7D:36:43:0B
inetaddr:172.16.1.2Bcast:172.16.1.255Mask:255.255.255.0
inet6addr:fe80::f401:7dff:fe36:430b/64Scope:Link
UPBROADCASTRUNNINGMULTICASTMUT:1500
Metric:1
RXpackets:37errors:0dropped:0overrubs:0frame:0
TXpackets:31errors:0dropped:0overruns:0carrier:0
Collisions:0txqueuelen:100
RXbytes:3124(3.0KiB)TXbytes:5131(5.0KiB)
tap0:0Linkencap:EthernetHWaddrF6:01:7D:36:43:0B
inetaddr:172.16.1.3Bcast:172.16.255.255Mask:255.255.0.0
UPBROADCASTRUNNINGMULTICASTMTU:1500
Metric:1
Specifically, the IP address mapping module of access client terminal is that the IP setting up between the private network IP address of each access device and virtual IP address address by NAT rule maps relation, and then gets through the network of access server to access device. NAT rule comprises iptables (IP packet filtering system) rule and ebtables rule. Wherein, for needing the access device of access to add DNAT (DestinationNetworkAddressTranslation respectively on PREROUTING and the POSTROUTING chain of the nat table of iptables, object address is changed) regular and SNAT (SourceNetworkAddressTranslation, source address is changed) rule. Such as, the PREROUTING chain of the nat table of iptables is arranged successively the corresponding relation of the private network IP address of access server, the virtual IP address address of access device, the private network IP address of access device. During the access device of access server (private network IP address 172.16.1.1) accesses virtual IP address 172.16.1.3, the Packet Generation being sent to this access device virtual IP address address is extremely accessed the IP address mapping module of client terminal by access server, data packet is redirected route and is sent to corresponding access device after converting virtual IP address address to private network IP address by DNAT rule by IP address mapping module. DNAT rule is specially:
ChainPREROUTING(policyACCEPT)
targetprotoptsourcedestination
DNATall--172.16.1.1172.16.1.3to:192.168.0.3
The POSTROUTING chain of the nat table of iptables arranges the corresponding relation of the virtual IP address address of the private network IP address of access device, the private network IP address of access server and access device successively. When access device accesses access server (private network IP address 172.16.1.1), access device sends the IP address mapping module of data packet to access client terminal, data packet is heavily determined route to being sent to access server after converting private network IP address to virtual IP address address by SNAT rule by the IP address mapping module of access client terminal. SNAT rule is specially:
ChainPOSTROUTING(policyACCEPT)
targetprotoptsourcedestination
SNATall--192.168.0.3172.16.1.1to:172.16.1.3
Adding the rule being redirected route on the nat table of ebtables (Ethernet bridge fireproof brickwork), ebtables rule is as follows:
Bridgetable:nat
Bridgechain:PREROUTING, entries:1, policy:ACCEPT
-pIPv4�Cip-src192.168.0.3�Cip-dst172.16.1.1�Cjredirect
Bridgechain:OUTPUT, entries:0, policy:ACCEPT
When access server access switch in device, the virtual IP address address distributing to access device corresponding to each access device ID is sent to corresponding access client terminal by access server, access client terminal is redirected after mapping private network IP address corresponding to this virtual IP address address of Relation acquisition by IP and is routed to corresponding access device so that this access device and access server carry out alternately. In a specific embodiment, access server needs accesses virtual IP address to be the NVR of 172.16.1.3, owing to the virtual IP address address 172.16.1.3 and access server private network IP address 172.16.1.1 of NVR belongs to the same network segment, ARP (the AddressResolutionProtocol of virtual IP address address 172.16.1.3 is got at access server, address resolution protocol) after, it is addressed directly to target address (i.e. 172.16.1.3).
After access client terminal receives the data packet that access server is sent to access device virtual IP address address, after converting virtual IP address address to private network IP address by the DNAT of configuration on this virtual network interface card of access client terminal rule, the data packet that target address is 172.16.1.3 is redirected route and is sent to corresponding NVR (here the private network IP address 192.168.0.3 of NVR), NVR responds after the data packet receiving access client terminal transmission, and response data is redirected route through access client terminal, send back access server by VPN tunnel. Namely, during access server access switch in device, the data packet that access server sends, after receiving the data packet that access server sends, is redirected, by DNAT rule, the access device being sent to correspondence by access client terminal.
During access device access access server, access device will be sent to the data packet of access server data interaction module, the access client terminal being sent in same site, data packet is redirected, after the private network IP address of access device being converted to virtual IP address address by SNAT rule, the data interaction module being sent to access server by access client terminal. Such as, NVR (access device) needs initiatively to access access server, after Packet Generation is given access client terminal by NVR, by the SNAT of configuration in the virtual network interface card of access client terminal rule, NVR private network IP address is replaced to virtual IP address address, then, access after client terminal is redirected route and it is sent to access server by VPN tunnel.
The above; it it is only the better embodiment of the present invention; not the present invention being imposed any restrictions, every any simple modification, change and equivalent structure change above embodiment done according to the technology of the present invention essence, all still belongs to the protection domain of technical solution of the present invention.
Claims (10)
1. a social resource access method, the access client terminal being applied in society's resource connecting system, described society resource connecting system also comprises access server and at least one access device, it is characterized in that, described each access device is arranged in same site with access client terminal, described each access device is arranged in different site from access server
The method comprises: the access information obtaining each access device, and described access information comprises private network IP address and the access device ID of access device; Each access device ID is sent to access server, the access device distribution virtual IP address address giving each access device ID corresponding by access server;
Virtual IP address address according to each access device that access server sends, sets up the IP between the private network IP address of each access device and virtual IP address address and maps relation so that access server and each access device map relation by described IP to carry out alternately.
2. society as claimed in claim 1 resource access method, it is characterized in that, also comprise: by the virtual IP address address configuration of each access device on self virtual network interface card, and set up the IP between the private network IP address of each access device and virtual IP address address by NAT rule and map relation;
Described NAT rule comprises DNAT rule, when access server access switch in device, receive after access server is sent to the data packet of this access device virtual IP address address and converts virtual IP address address to private network IP address by DNAT rule, data packet is redirected and is sent to corresponding access device;
Described NAT rule also comprises SNAT rule, when access device accesses access server, receive access device be sent to this access server data packet and by SNAT rule convert private network IP address to virtual IP address address after, by data packet be redirected be sent to access server.
3. a social resource access method, the access server being applied in society's resource connecting system, described society resource connecting system also comprises access client terminal and at least one access device, it is characterized in that, described each access device is arranged in same site with access client terminal, described each access device is arranged in different site from access server
The method comprises: after receiving each access device ID that access client terminal sends, and to the access device distribution virtual IP address address that each access device ID is corresponding, and the virtual IP address address of each access device is sent to access client terminal,
After setting up the mapping relation between the private network IP address of each access device and virtual IP address address by access client terminal, carry out alternately according to described IP mapping relation and each access device.
4. society as claimed in claim 3 resource access method, it is characterised in that, the private network IP address of the virtual IP address address and described access server that each access device distributed to by described access server belongs to the same network segment;
The virtual IP address address configuration of each access device on self virtual network interface card, and is set up the IP between the private network IP address of each access device and virtual IP address address by NAT rule and is mapped relation by described access client terminal;
Described NAT rule comprises DNAT rule, when access server access switch in device, described access server will issue the data packet of this access device virtual IP address address, it is sent to access client terminal, after converting virtual IP address address to private network IP address by access client terminal by DNAT rule, data packet is redirected and is sent to corresponding access device;
Described NAT rule also comprises SNAT rule, when access device accesses access server, access device will issue the data packet of this access server, it is sent to access client terminal, after converting private network IP address to virtual IP address address by access client terminal by SNAT rule, data packet is redirected and is sent to access server.
5. a social resource access device, the access client terminal being applied in society's resource connecting system, described society resource connecting system also comprises access server and at least one access device, it is characterized in that, described each access device is arranged in same site with access client terminal, described each access device is arranged at from access server in different site, and this device comprises:
Access information acquisition module, obtains the access information of each access device, and described access information comprises private network IP address and the access device ID of access device;
Access information sending module, is sent to access server by each access device ID;
IP address mapping module, behind the access device distribution virtual IP address address that access server gives each access device ID corresponding, virtual IP address address according to each access device that access server sends, set up the IP between the private network IP address of each access device and virtual IP address address and map relation so that access server and each access device map relation by described IP to carry out alternately.
6. society as claimed in claim 5 resource access device, it is characterised in that, also comprise:
Virtual network interface card, configures the virtual IP address address of each access device;
Described IP address mapping module is set up the IP between the private network IP address of each access device and virtual IP address address by NAT rule and is mapped relation;
Described NAT rule comprises DNAT rule, when access server access switch in device, described IP address mapping module receives after access server is sent to the data packet of this access device virtual IP address address and converts virtual IP address address to private network IP address by DNAT rule, is redirected by data packet and is sent to corresponding access device;
Described NAT rule also comprises SNAT rule, when access device accesses access server, described IP address mapping module receive access device be sent to this access server data packet and by SNAT rule convert private network IP address to virtual IP address address after, by data packet be redirected be sent to access server.
7. a social resource access device, the access server being applied in society's resource connecting system, described society resource connecting system also comprises access client terminal and at least one access device, it is characterized in that, described each access device is arranged in same site with access client terminal, described each access device is arranged at from access server in different site, and this device comprises:
Access information receiver module, receives each access device ID that access client terminal sends;
Virtual IP address address assignment module, to the access device distribution virtual IP address address that each access device ID is corresponding;
Data interaction module, the virtual IP address address of each access device is sent to access client terminal, after setting up the mapping relation between the private network IP address of each access device and virtual IP address address by access client terminal, carry out alternately according to described IP mapping relation and each access device.
8. society as claimed in claim 7 resource access device, it is characterised in that, the private network IP address of virtual IP address address and described access server that described virtual IP address address assignment module distributes to each access device belongs to the same network segment;
The virtual IP address address configuration of each access device on self virtual network interface card, and is set up the IP between the private network IP address of each access device and virtual IP address address by NAT rule and is mapped relation by described access client terminal;
Described NAT rule comprises DNAT rule, when access server access switch in device, described data exchange module will issue the data packet of this access device virtual IP address address, it is sent to access client terminal, after converting virtual IP address address to private network IP address by access client terminal by DNAT rule, data packet is redirected and is sent to corresponding access device;
Described NAT rule also comprises SNAT rule, when access device accesses access server, access device will issue the data packet of data interaction module, it is sent to access client terminal, after converting private network IP address to virtual IP address address by access client terminal by SNAT rule, data packet is redirected and is sent to data interaction module.
9. a social resource connecting system, comprise access client terminal, access server and at least one access device, it is characterized in that, described each access device is arranged in same site with access client terminal, and described each access device is arranged at from access server in different site; Described access client terminal comprises access information acquisition module, access information sending module and IP address mapping module; Described access server comprises access information receiver module, virtual IP address address assignment module and data interaction module;
Access information acquisition module obtains the access information of each access device, and described access information comprises private network IP address and the access device ID of access device;
By access information sending module, each access device ID is sent to access information receiver module;
Behind the access device distribution virtual IP address address that virtual IP address address assignment module gives each access device ID corresponding, by data interaction module, IP address mapping module is issued in the virtual IP address address of each access device, IP address mapping module, according to the virtual IP address address of each access device, is set up the IP between the private network IP address of each access device and virtual IP address address and is mapped relation;
Access server and each access device map relation by described IP to carry out alternately.
10. society as claimed in claim 9 resource connecting system, it is characterised in that, described access client terminal also comprises the virtual network interface card of the virtual IP address address configuring each access device;
Described IP address mapping module is set up the IP between the private network IP address of each access device and virtual IP address address by NAT rule and is mapped relation;
Described NAT rule comprises DNAT rule, when access server access switch in device, the described IP of stating address mapping module receives after data interaction module is sent to the data packet of this access device virtual IP address address and converts virtual IP address address to private network IP address by DNAT rule, is redirected by data packet and is sent to corresponding access device;
Described NAT rule also comprises SNAT rule, when access device accesses access server, described IP address mapping module receive access device be sent to data interaction module data packet and by SNAT rule convert private network IP address to virtual IP address address after, by data packet be redirected be sent to data interaction module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201511021063.6A CN105635335B (en) | 2015-12-30 | 2015-12-30 | Social resources cut-in method, apparatus and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201511021063.6A CN105635335B (en) | 2015-12-30 | 2015-12-30 | Social resources cut-in method, apparatus and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105635335A true CN105635335A (en) | 2016-06-01 |
| CN105635335B CN105635335B (en) | 2019-06-11 |
Family
ID=56049801
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201511021063.6A Active CN105635335B (en) | 2015-12-30 | 2015-12-30 | Social resources cut-in method, apparatus and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105635335B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106533984A (en) * | 2016-11-25 | 2017-03-22 | 浙江宇视科技有限公司 | Social resource accessing method and device |
| CN106559271A (en) * | 2016-12-02 | 2017-04-05 | 浙江宇视科技有限公司 | A kind of resource access method and system |
| CN108833435A (en) * | 2018-07-03 | 2018-11-16 | 郑州云海信息技术有限公司 | A kind of method for network access control and device, network system |
| CN111385113A (en) * | 2018-12-28 | 2020-07-07 | 浙江宇视科技有限公司 | Differential access method and system of VPN server cluster |
| CN111786870A (en) * | 2019-04-04 | 2020-10-16 | 厦门网宿有限公司 | Data transmission method and strongswan server |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2003003664A1 (en) * | 2001-06-27 | 2003-01-09 | Hyglo Ab | System and method for address and key distribution in virtual networks |
| US20080144625A1 (en) * | 2006-12-14 | 2008-06-19 | Array Networks, Inc. | Dynamic system and method for virtual private network (VPN) application level content routing using dual-proxy method |
| CN102281180A (en) * | 2011-07-14 | 2011-12-14 | 冶金自动化研究设计院 | Virtual network interface card (NIC) communication device applied in mutual communication of terminals in different local area networks |
| CN103973826A (en) * | 2013-02-01 | 2014-08-06 | 深圳市中联创新自控系统有限公司 | Online video device access system and method |
| CN104468625A (en) * | 2014-12-26 | 2015-03-25 | 浙江宇视科技有限公司 | Dialing tunnel broker device and method for NAT traversal by means of dialing tunnel |
-
2015
- 2015-12-30 CN CN201511021063.6A patent/CN105635335B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2003003664A1 (en) * | 2001-06-27 | 2003-01-09 | Hyglo Ab | System and method for address and key distribution in virtual networks |
| US20080144625A1 (en) * | 2006-12-14 | 2008-06-19 | Array Networks, Inc. | Dynamic system and method for virtual private network (VPN) application level content routing using dual-proxy method |
| CN102281180A (en) * | 2011-07-14 | 2011-12-14 | 冶金自动化研究设计院 | Virtual network interface card (NIC) communication device applied in mutual communication of terminals in different local area networks |
| CN103973826A (en) * | 2013-02-01 | 2014-08-06 | 深圳市中联创新自控系统有限公司 | Online video device access system and method |
| CN104468625A (en) * | 2014-12-26 | 2015-03-25 | 浙江宇视科技有限公司 | Dialing tunnel broker device and method for NAT traversal by means of dialing tunnel |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106533984A (en) * | 2016-11-25 | 2017-03-22 | 浙江宇视科技有限公司 | Social resource accessing method and device |
| CN106533984B (en) * | 2016-11-25 | 2019-10-18 | 浙江宇视科技有限公司 | A kind of cut-in method and device of social resources |
| CN106559271A (en) * | 2016-12-02 | 2017-04-05 | 浙江宇视科技有限公司 | A kind of resource access method and system |
| CN106559271B (en) * | 2016-12-02 | 2019-10-18 | 浙江宇视科技有限公司 | A kind of resource access method and system |
| CN108833435A (en) * | 2018-07-03 | 2018-11-16 | 郑州云海信息技术有限公司 | A kind of method for network access control and device, network system |
| CN108833435B (en) * | 2018-07-03 | 2021-10-01 | 郑州云海信息技术有限公司 | Network access control method and device and network system |
| CN111385113A (en) * | 2018-12-28 | 2020-07-07 | 浙江宇视科技有限公司 | Differential access method and system of VPN server cluster |
| CN111385113B (en) * | 2018-12-28 | 2023-08-25 | 浙江宇视科技有限公司 | Differential access method and system for VPN server cluster |
| CN111786870A (en) * | 2019-04-04 | 2020-10-16 | 厦门网宿有限公司 | Data transmission method and strongswan server |
| CN111786870B (en) * | 2019-04-04 | 2022-01-04 | 厦门网宿有限公司 | Data transmission method and strongswan server |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105635335B (en) | 2019-06-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10574484B2 (en) | Method for implementing residential gateway service function, and server | |
| CN104468625B (en) | Dialing tunnel agent device, the method for utilizing the tunnel pass through NAT that dials | |
| EP2253123B1 (en) | Method and apparatus for communication of data packets between local networks | |
| CN105635335A (en) | Social resource access method, apparatus, and system | |
| CN101662511B (en) | Network address distributing method, DHCP server, access system and method thereof | |
| CN101971573B (en) | Remote access method in a network comprising a nat device | |
| US8458303B2 (en) | Utilizing a gateway for the assignment of internet protocol addresses to client devices in a shared subset | |
| RO126258A2 (en) | Method and system for providing ip-based packet communications in a utility network | |
| CN102684969B (en) | VPN (virtual private network) node, VPN node identification analysis agency and method, VPN server | |
| JP2004510358A (en) | Method and apparatus for handling network data transmission | |
| EP2451125B1 (en) | Method and system for realizing network topology discovery | |
| CN104519097B (en) | The acquisition of port block resource, port block resource distribution method and device | |
| EP2756411A1 (en) | Deterministic mapping | |
| CN105376299A (en) | A network communication method, an apparatus and a network attached storage apparatus | |
| KR101880346B1 (en) | Relay device, communication scheme selection method, and storage medium for storing program | |
| KR101319418B1 (en) | Information providing method, home gateway and home network system | |
| CN103747116A (en) | Business access method and device based on Layer 2 Tunneling Protocol (L2TP) | |
| CN103973569A (en) | Data message forwarding method, customer premises equipment and system | |
| AU2004201677A1 (en) | Network Access System | |
| CN103095705B (en) | The method and apparatus of isolated area main frame in access local area network (LAN) | |
| CN106713528B (en) | A kind of method of home gateway and IPv6 host access network server | |
| CN107547467B (en) | Circuit authentication processing method, system and controller | |
| CN105049404A (en) | Dynamic IP addressing method and system for home gateway equipment | |
| CN103001929A (en) | Terminal communication system and terminal communication method on basis of different internet protocols | |
| CN105812499B (en) | Communication means and communication system and virtual client terminal device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |