WO2016119464A1 - Method and corresponding gateway for implementing tcp transmission in satellite network environment - Google Patents

Method and corresponding gateway for implementing tcp transmission in satellite network environment Download PDF

Info

Publication number
WO2016119464A1
WO2016119464A1 PCT/CN2015/089060 CN2015089060W WO2016119464A1 WO 2016119464 A1 WO2016119464 A1 WO 2016119464A1 CN 2015089060 W CN2015089060 W CN 2015089060W WO 2016119464 A1 WO2016119464 A1 WO 2016119464A1
Authority
WO
WIPO (PCT)
Prior art keywords
connection
tcp
tcp connection
message
server
Prior art date
Application number
PCT/CN2015/089060
Other languages
French (fr)
Chinese (zh)
Inventor
常伟
唐雄
刘亮
麦伟鹏
晏文彬
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2016119464A1 publication Critical patent/WO2016119464A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Definitions

  • Embodiments of the present invention relate to, but are not limited to, satellite communications, and in particular, to a method for implementing TCP transmission based on a satellite network environment and a corresponding gateway.
  • TCP Transmission Control Protocol
  • TCP Transmission Control Protocol
  • the satellite channel is different from the inherent characteristics of the terrestrial link, which seriously affects the performance of the TCP and reduces the utilization of the satellite channel bandwidth.
  • the method for improving the TCP performance in the satellite system in the related art mainly adopts the method of PEP (Performe Enhancement Proxy), which is divided into single-ended and Both ends.
  • the double-ended PEP includes two gateways respectively placed at the two ends of the satellite network. As shown in FIG. 1 , all the TCP connections are divided into three segments: the server and the primary PEP (set in the gateway connected to the server) are connected. The primary station PEP and the small station PEP (set in the gateway connected to the client) are connected, and the small station PEP is connected to the client.
  • the double-ended PEP scheme does not modify the protocol stack and application of the communication parties.
  • the two gateways use other protocols than TCP for data transmission. In this case, how to implement the client and TCP transmission between servers is a technical problem that needs to be solved urgently.
  • the embodiment of the invention provides a method for implementing TCP transmission in a satellite network environment, which is applied to a gateway connected to a client in a double-end acceleration proxy PEP, and the method includes the following connection establishment processing:
  • connection information as a data part and encapsulating the conversion message TMSG header, generating a message requesting to establish a connection and sending the message to the opposite gateway connected to the server by using a satellite link, where the TMSG header is carried by the identifier Determining a first TCP connection identifier of the first TCP connection;
  • the second TCP connection identifier carried in the TMSG header is recorded and associated with the first TCP connection identifier, where the second TCP connection identifier is The identifier of the TCP connection established between the peer gateway and the server.
  • the TMSG header includes a message type, a connection identifier, and a message length field, where the TMSG header length is smaller than a length of the TCP header.
  • the method further comprises the following processing of data transmission:
  • connection identifier of the TMSG header is the first TCP connection identifier
  • extracting a data part from the data transmission message and encapsulating a corresponding TCP header and generating a TCP A data message is sent to the client over the first TCP connection.
  • the method further includes the following disconnection processing:
  • a communication interruption of the first TCP connection is detected
  • the first TCP connection is disconnected.
  • the process of establishing the connection further includes: connecting the first TCP connection with the Satellite link association;
  • the method also includes the following process of disconnection: detecting that the satellite link is down, disconnecting all TCP connections associated with the satellite link.
  • the embodiment of the invention further provides a gateway for connecting to a client in a double-ended acceleration proxy PEP, comprising a user side protocol entity and a first satellite side protocol entity, wherein:
  • the user side protocol entity includes an underlying packet filtering module and an upper layer socket Socket server;
  • the packet filtering module includes:
  • the reverse forwarding unit is configured to intercept the connection request message and the ACK message sent when the client establishes a TCP connection with the server, and replace the destination IP address and the destination port in the packet with the IP address and port of the Socket server. Sending to the Socket server; wherein, when the connection request message is intercepted, the first connection information including the source IP address, the source port, the destination IP address, and the destination port is also recorded and sent to the Socket server;
  • a forward forwarding unit configured to replace the source IP address and the source port in the ACK packet sent by the Socket server to the client with the destination IP address and the destination port in the first connection information, and send the The client;
  • the Socket server includes: a first connection establishing module, configured to: after receiving the connection request message and the first connection information sent by the packet filtering module, send an ACK message to the client; and send the packet filtering module After the ACK message, the first TCP connection with the client is established, and a first TCP connection identifier is generated to notify the first satellite side protocol entity that the first TCP connection is successfully established, and the first connection information is carried. ;
  • the first satellite side protocol entity includes: a second connection establishing module, configured to: after receiving the notification that the first TCP connection is successfully established by the Socket server, using the first connection information as a data part and encapsulating the conversion message TMSG a header, generating a message requesting to establish a connection and transmitting the message to the opposite gateway through a satellite link, the TMSG header carrying the first TCP connection identifier; and being configured to receive the peer gateway to return through the satellite link
  • the second TCP connection identifier carried in the TMSG header is recorded and associated with the first TCP connection identifier.
  • the second TCP connection identifier is an identifier of a TCP connection established by the peer gateway and the server.
  • the TMSG header encapsulated by the second connection establishing module of the first satellite side protocol entity includes a message type, a connection identifier, and a message length field, where the TMSG header length is smaller than a length of the TCP header.
  • the reverse forwarding unit in the packet filtering module is further configured to intercept the passed TCP data packet, where the connection information matches the first connection information, where the TCP data packet is from The first TCP connection, the destination IP address and the destination port in the TCP data packet are replaced with the IP address and port of the Socket server, and sent to the Socket server;
  • the Socket server further includes: a message processing module, configured to receive the TCP data packet from the first TCP connection and send a TCP response message;
  • the forward forwarding unit in the packet filtering module is further configured to replace the source IP address and the source port in the TCP response message sent by the Socket server to the client with the destination IP in the first connection information. After the address and the destination port are sent to the client;
  • the first satellite side protocol entity further includes: a first packet sending and receiving module, configured to encapsulate a TMSG header before the data portion of the TCP data packet from the first TCP connection, and the generated data sending message passes the A satellite link is sent to the correspondent gateway, and the TMSG header carries the second TCP connection identifier associated with the first TCP connection identifier.
  • the first packet transceiver module of the first satellite side protocol entity is further configured to receive a data transmission message sent to the client from the satellite link;
  • the packet processing module in the Socket server is further configured to identify a data transmission message received by the first satellite side protocol entity, where the connection identifier of the TMSG header is the first TCP connection identifier, then the data is sent from the data. Extracting a data part in the sending message and encapsulating a corresponding TCP header, and the generated TCP data message is sent to the client through the first TCP connection;
  • the forward forwarding unit in the packet filtering module is further configured to replace the source IP address and the source port in the TCP data packet sent by the Socket server to the client with the destination IP in the first connection information. After the address and destination port are sent to the client.
  • the Socket server further includes: a first connection maintenance module, configured to notify the first satellite side protocol entity that the first TCP connection protocol entity is interrupted when detecting that the first TCP connection communication is interrupted Disconnecting the TCP connection; and after receiving the notification that the connection of the first satellite side protocol entity is successfully closed, disconnecting the first TCP connection;
  • a first connection maintenance module configured to notify the first satellite side protocol entity that the first TCP connection protocol entity is interrupted when detecting that the first TCP connection communication is interrupted Disconnecting the TCP connection; and after receiving the notification that the connection of the first satellite side protocol entity is successfully closed, disconnecting the first TCP connection;
  • the first satellite side protocol entity further includes: a second connection maintenance module, configured to send a request to the peer gateway to close by using the satellite link after receiving the notification that the first TCP connection is interrupted by the Socket server The connected message, wherein the TMSG header carries the second TCP connection identifier; and is configured to notify the Socket server that the connection is successfully closed after receiving the response message that the connection returned by the peer gateway is successfully closed.
  • a second connection maintenance module configured to send a request to the peer gateway to close by using the satellite link after receiving the notification that the first TCP connection is interrupted by the Socket server The connected message, wherein the TMSG header carries the second TCP connection identifier; and is configured to notify the Socket server that the connection is successfully closed after receiving the response message that the connection returned by the peer gateway is successfully closed.
  • the second connection maintenance module of the first satellite side protocol entity is further configured to send the notification that the satellite link is disconnected to the Socket server when detecting that the satellite link is disconnected ;
  • the first connection maintenance module of the Socket server is further configured to associate the first TCP connection with the satellite link; after receiving the notification that the satellite link is disconnected, the node is associated with the satellite link All TCP connections are broken.
  • the embodiment of the invention further provides a method for implementing TCP transmission in a satellite network environment, which is applied to a gateway connected to a server in a double-end acceleration proxy PEP, and the method includes the following connection establishment processing:
  • the peer gateway After receiving the packet of the connection establishment request sent by the peer gateway connected to the client via the satellite link, recording the first TCP connection identifier carried by the switching message TMSG header and the client carried by the data part and the pair The first connection information of the first TCP connection established by the end gateway, where the first TCP connection identifier is used to identify the first TCP connection;
  • a second TCP connection identifier associating the second TCP connection identifier with the first TCP connection identifier.
  • the TMSG header includes a message type, a connection identifier, and a message length field, where the TMSG header length is smaller than a length of the TCP header.
  • the method further comprises the following processing of data transmission:
  • the satellite link Receiving, by the satellite link, a data transmission message sent to the server, where the connection identifier carried by the TMSG header is the second TCP connection identifier, extracting a data part from the data transmission message and encapsulating The corresponding TCP header, the generated TCP data message is sent to the server through the second TCP connection.
  • the method further includes the following disconnection processing:
  • a communication interruption of the second TCP connection is detected
  • the second TCP connection is disconnected.
  • the process of establishing the connection further includes: associating the second TCP connection with the satellite link;
  • the method also includes the following process of disconnection: detecting that all of the TCP connections associated with the satellite link are disconnected after the satellite link is disconnected.
  • the embodiment of the invention further provides a gateway for connecting to a server in a double-end acceleration proxy PEP, comprising a server side protocol entity and a second satellite side protocol entity, wherein:
  • the second satellite side protocol entity includes: a third connection establishing module configured to: after receiving the message of the connection establishment request sent by the peer gateway connected to the client via the satellite link, record the message carried by the converted message TMSG header Corresponding to the first TCP connection identifier and the first connection information carried in the data part, and notifying the server side protocol entity to establish a second TCP connection with the server; the first connection information is established by the peer gateway and the client Connection information of the first TCP connection, the first TCP connection identifier is used to identify the first TCP connection;
  • the server side protocol entity includes: a fourth connection establishing module, configured to receive the establishment After the notification of the TCP connection, establishing the second TCP connection with the server, generating a second TCP connection identifier for identifying the second TCP connection, and returning a connection establishment to the peer gateway by using the satellite link a successful response message carrying the second TCP connection identifier, and notifying the second satellite side protocol entity that the second TCP connection is successfully established, and carrying the second TCP connection identifier;
  • the third connection establishing module of the second satellite side protocol entity is further configured to: after receiving the notification that the second TCP connection is successfully established by the server side protocol entity, returning the connection establishment to the peer gateway by using the satellite link a successful response message, wherein the TMSG header carries the second TCP connection identifier; and the second TCP connection identifier is associated with the first TCP connection identifier.
  • the server-side protocol entity further includes: a second packet sending and receiving module, configured to receive and respond to the TCP data packet sent by the server to the client by using the second TCP connection;
  • the second satellite side protocol entity further includes: a third packet sending and receiving module, configured to extract a data part from the TCP data packet received by the server side protocol entity, and encapsulate a TMSG header, and generate a data sending message. And transmitting, by the satellite link, the peer gateway, where the TMSG header carries the first TCP connection identifier associated with the second TCP connection identifier.
  • the third message sending and receiving module of the second satellite side protocol entity is further configured to receive a data sending message sent to the server from the satellite link;
  • the second packet sending and receiving module of the server side protocol entity is further configured to identify a data sending message received by the second satellite side protocol entity, where the connection identifier carried by the TMSG head is the second TCP connection identifier. And extracting a data part from the data sending message and encapsulating a corresponding TCP header, and the generated TCP data message is sent to the server by using the second TCP connection.
  • the TMSG header encapsulated by the third packet transceiver module of the second satellite side protocol entity includes a message type, a connection identifier, and a message length field, where the TMSG header length is smaller than a length of the TCP header.
  • the server side protocol entity further includes: a third connection maintenance module, configured to notify the second satellite side protocol entity that the second TCP connection is interrupted when detecting that the communication of the second TCP connection is interrupted And disconnecting the second TCP connection after receiving the notification that the connection of the second satellite side protocol entity is successfully closed;
  • a third connection maintenance module configured to notify the second satellite side protocol entity that the second TCP connection is interrupted when detecting that the communication of the second TCP connection is interrupted And disconnecting the second TCP connection after receiving the notification that the connection of the second satellite side protocol entity is successfully closed;
  • the second satellite side protocol entity further includes: a fourth connection maintenance module, configured to send a message requesting to close the connection to the opposite gateway through the satellite link after receiving the notification that the second TCP connection is interrupted,
  • the TMSG header carries the first TCP connection identifier; and after receiving the response message that the connection returned by the peer gateway is successfully closed, the server side protocol entity is notified that the connection is successfully closed.
  • connection maintenance module of the second satellite side protocol entity is further configured to send the satellite link disconnection to the server side protocol entity when detecting that the satellite link is disconnected announcement of;
  • the third connection maintenance module of the server side protocol entity is further configured to associate the second TCP connection with the satellite link; and after receiving the notification that the satellite link is disconnected, the satellite chain All TCP connections associated with the road are broken.
  • the two gateways use TCP spoofing for servers and clients respectively, and implement TCP transmission between the client and the server without changing the protocol stack of the server and the client. Processing can also reduce bandwidth usage by replacing the TCP header with a simpler TMSG header.
  • FIG. 1 is a schematic diagram of a typical satellite communication application scenario in accordance with an embodiment of the present invention.
  • FIG. 2 is a flow chart of connection establishment of a method according to an embodiment of the present invention.
  • FIG. 3 is a schematic diagram of a TMSG head structure according to an embodiment of the present invention.
  • FIG. 5 is a flowchart of a connection disconnection process according to a method of the embodiment of the present invention.
  • FIG. 6 is a block diagram of a gateway connected to a client according to Embodiment 1 of the present invention.
  • FIG. 9 is a flowchart of a connection disconnection process of the method of the second embodiment of the present invention.
  • FIG. 10 is a block diagram of a gateway connected to a server according to Embodiment 2 of the present invention.
  • 11 is a schematic diagram of a protocol stack of each network element in an application example of the present invention.
  • the embodiment relates to a method for implementing TCP transmission in a satellite network environment, and is applied to a gateway connected to a client in a double-end acceleration proxy PEP.
  • the method includes the following connection establishment process:
  • Step 110 intercepting a TCP connection request sent by the client to the server, extracting the first connection information therefrom, and sending a pseudo response to the client, and establishing a first TCP connection with the client;
  • Step 120 The first connection information is used as a data part, and a header of a conversion message (TMSG, a transport message interaction format) is encapsulated, and a message requesting to establish a connection is generated and sent to a pair connected to the server through a satellite link.
  • TMSG a conversion message
  • End gateway the TMSG header carries a first TCP connection identifier
  • the first TCP connection identifier is used to identify the first TCP connection.
  • the TMSG header of this embodiment includes a message type, a connection identifier, and a message length field, and the TMSG header length is smaller than the length of the TCP header. among them:
  • the message type includes the request to establish a connection message, the connection establishment success response message, the request to close the connection message, the connection success response message, the closing of all connection messages, the data transmission message, and the like, but the message name is not in the embodiment of the present invention. limit.
  • the connection identifier includes a first TCP connection identifier for identifying a first TCP connection between the client and the gateway, and a second TCP connection identifier for identifying a second TCP connection between the gateway and the server.
  • Step 130 After receiving the response message that the connection returned by the peer gateway is successfully established, record the response message.
  • the second TCP connection identifier carried by the medium TMSG header is associated with the first TCP connection identifier.
  • the second TCP connection identifier is an identifier of a TCP connection established by the peer gateway and the server.
  • the method in this embodiment further includes a process of transmitting data by using a gateway connected to the client, as shown in FIG. 4, including:
  • Step 210 intercepting and responding to the TCP data packet sent by the client to the server by using the first TCP connection, extracting the data part from the TCP data packet, and encapsulating the TMSG header, and the generated data transmission packet is passed. Sending the satellite link to the peer gateway, where the TMSG header carries the second TCP connection identifier associated with the first TCP connection identifier;
  • Step 220 Receive a data transmission message from the satellite link, where the connection identifier of the TMSG header is the first TCP connection identifier, extract a data portion from the data transmission packet, and encapsulate a corresponding TCP header.
  • the generated TCP data message is sent to the client over the first TCP connection.
  • the method in this embodiment further includes a process of disconnecting the gateway connected to the client, as shown in FIG. 5, including:
  • Step 310 detecting that the communication of the first TCP connection is interrupted
  • Step 320 sending, by the satellite link, a packet requesting to close the connection to the peer gateway, where the TMSG header carries the second TCP connection identifier;
  • Step 330 After receiving the response message that the connection returned by the peer gateway is successfully closed, disconnect the first TCP connection.
  • the gateway connected to the client disconnects all TCP connections associated with the satellite link.
  • the first TCP connection needs to be associated with the satellite link after establishing the first TCP connection.
  • the embodiment further provides a gateway for connecting to a client in a double-ended acceleration proxy PEP.
  • the user side protocol entity 10 and the satellite side protocol entity 20 are included, where:
  • the user side protocol entity 10 includes a packet filtering module 101 and an upper layer of an underlying layer (referring to a physical layer). Socket (socket) server 103 (TCP protocol layer);
  • the packet filtering module 101 includes:
  • the reverse forwarding unit 1011 is configured to intercept the connection request message and the ACK message sent when the client establishes a TCP connection with the server, and replace the destination IP address and the destination port in the packet with the IP address of the Socket server 103. After the port is sent to the Socket server 103, the first connection information including the source IP address, the source port, the destination IP address, and the destination port is also recorded and sent to the Socket server. 103; and
  • the forward forwarding unit 1013 is configured to replace the source IP address and the source port in the ACK packet sent by the Socket server 103 to the client with the destination IP address and the destination port in the first connection information, Sent to the client;
  • the Socket server 103 includes:
  • the connection establishing module 1031 is configured to: after receiving the connection request message and the first connection information sent by the packet filtering module 101, send an ACK message to the client; and receive the ACK message sent by the packet filtering module 101. After the first TCP connection is established, the first TCP connection is established, and the first TCP connection identifier is generated, and the first TCP connection is successfully established, and the first connection information is carried.
  • the satellite side protocol entity 20 includes:
  • the connection establishing module 201 is configured to: after receiving the notification that the first TCP connection establishment of the Socket server 103 is successful, using the first connection information as a data part and encapsulating the conversion message TMSG header, generating a message requesting to establish a connection and Sending to the peer gateway through a satellite link, the TMSG header carries the first TCP connection identifier; and is configured to receive a response message that the peer gateway successfully establishes a connection returned by the satellite link, Recording a second TCP connection identifier carried in the TMSG header and associating with the first TCP connection identifier, where the second TCP connection identifier is an identifier of a TCP connection established by the peer gateway and the server.
  • the TMSG header includes a message type, a connection identifier, and a message length field, where the TMSG header length is smaller than a length of the TCP header.
  • the reverse forwarding unit 1011 in the packet filtering module 101 is further configured to intercept the passed TCP data packet, and if the connection information matches the first connection information, the TCP datagram
  • the text is from the first TCP connection, the destination IP address and the destination port in the TCP data packet are replaced with the IP address and port of the Socket server 103, and sent to the Socket server 103;
  • the Socket server 103 further includes:
  • the message processing module 1033 is configured to receive the TCP data packet from the first TCP connection and send a TCP response message;
  • the forward forwarding unit 1013 in the packet filtering module 101 is further configured to replace the source IP address and the source port in the TCP response message sent by the Socket server 103 to the client into the first connection information. After the destination IP address and the destination port are sent to the client;
  • the satellite side protocol entity 20 further includes:
  • the packet sending and receiving module 203 is configured to encapsulate the TMSG header before the data portion of the TCP data packet from the first TCP connection, and the generated data transmission packet is sent to the opposite gateway through the satellite link.
  • the TMSG header carries the second TCP connection identifier associated with the first TCP connection identifier.
  • the message transceiver module 203 of the satellite side protocol entity 20 is further configured to receive a data transmission message sent to the client from the satellite link;
  • the message processing module 1033 in the Socket server 103 is further configured to identify a data transmission message received by the satellite side protocol entity 20, such as the connection identifier of the TMSG header being the first TCP connection identifier, Extracting a data part in a data transmission message and encapsulating a corresponding TCP header, and the generated TCP data message is sent to the client through the first TCP connection;
  • the forward forwarding unit 1013 in the packet filtering module 101 is further configured to replace the source IP address and the source port in the TCP data packet sent by the Socket server 103 to the client into the first connection information. After the destination IP address and destination port are sent to the client.
  • the Socket server 103 further includes:
  • the connection maintenance module 1035 is configured to notify the satellite side protocol entity 20 that the first TCP connection is interrupted when the first TCP connection communication interruption is detected; and after receiving the notification that the connection of the satellite side protocol entity 20 is successfully closed Disconnecting the first TCP connection;
  • the satellite side protocol entity 20 further includes:
  • the connection maintenance module 205 is configured to: after receiving the notification that the first TCP connection is interrupted by the Socket server, send, by using the satellite link, a message requesting to close the connection to the opposite gateway, where the TMSG header carries the And the second TCP connection identifier is configured to notify the Socket server 103 that the connection is successfully closed after receiving the response message that the connection returned by the peer gateway is successfully closed.
  • connection maintenance module 205 of the satellite side protocol entity 20 is further configured to send a notification that the satellite link is disconnected to the Socket server 103 when detecting that the satellite link is disconnected;
  • the connection maintenance module 1035 of the Socket server 103 is further configured to associate the first TCP connection with the satellite link; after receiving the notification that the satellite link is disconnected, the node associated with the satellite link All TCP connections are broken.
  • the embodiment relates to a method for implementing TCP transmission in a satellite network environment, and is applied to a gateway connected to a server in a double-end acceleration proxy PEP.
  • the method includes the following connection establishment process:
  • Step 410 After receiving the packet of the connection establishment request sent by the peer gateway connected to the client via the satellite link, record the first TCP connection identifier carried by the TMSG header and the client and the data part carried by the data part.
  • the TMSG header includes a message type, a connection identifier, and a message length field, where the TMSG header length is smaller than a length of the TCP header.
  • Step 420 Establish a second TCP connection with the server, and after the connection is established, return a connection response message to the peer gateway through the satellite link, where the TMSG header carries the identifier a second TCP connection identifier of the two TCP connections; associating the second TCP connection identifier with the first TCP connection identifier.
  • the method further includes processing of data transmission, as shown in FIG. 8, including:
  • Step 510 After receiving the TCP data packet sent by the server to the client by using the second TCP connection, the system responds, extracts a data part from the TCP data packet, and encapsulates the TMSG header to generate a data transmission report. And sending, by the satellite link, the peer gateway, where the TMSG header carries the first TCP connection identifier associated with the second TCP connection identifier;
  • Step 520 Receive a data transmission message sent from the satellite link to the server, where the connection identifier carried by the TMSG header is the second TCP connection identifier, and extract data from the data transmission message.
  • the corresponding TCP header is partially encapsulated, and the generated TCP data packet is sent to the server through the second TCP connection.
  • the method may further include a process of disconnection, as shown in FIG. 9, comprising:
  • Step 610 The communication interruption of the second TCP connection is detected.
  • Step 620 Send, by the satellite link, a packet requesting to close the connection to the peer gateway, where the TMSG header carries the first TCP connection identifier;
  • Step 630 After receiving the response message that the peer gateway returns a successful connection returned by the satellite link, disconnect the second TCP connection.
  • the gateway connected to the server disconnects all TCP connections associated with the satellite link.
  • the gateway needs to associate the second TCP connection with the satellite link after establishing a second TCP connection.
  • the embodiment further provides a gateway connected to the server in the double-ended acceleration proxy PEP.
  • the server side protocol entity 50 and the satellite side protocol entity 60 are included, where:
  • the satellite side protocol entity 60 includes:
  • the connection establishing module 601 is configured to: after receiving the packet of the connection establishment request sent by the peer gateway connected to the client via the satellite link, record the first TCP connection identifier carried in the TMSG header and the data part carried in the data packet a connection information, and notifying the server side protocol entity 50 to establish a second TCP connection with the server;
  • the first connection information is connection information of the first TCP connection established by the peer gateway and the client,
  • the first TCP connection identifier is used to identify the first TCP connection;
  • the server side protocol entity 50 includes:
  • the connection establishing module 501 is configured to: after receiving the notification of establishing the TCP connection, establish the second TCP connection with the server, and generate a second TCP connection identifier for identifying the second TCP connection, by using the The satellite link returns a response message that the connection establishment is successful to the peer gateway, carries the second TCP connection identifier, and notifies the satellite side protocol entity 60 that the second TCP connection is successfully established, and carries the second TCP connection.
  • the connection establishing module 601 of the satellite side protocol entity 60 is further configured to: after receiving the notification that the second TCP connection is successfully established by the server side protocol entity, returning the connection to the peer gateway through the satellite link. a response message, wherein the TMSG header carries the second TCP connection identifier; and the second TCP connection identifier is associated with the first TCP connection identifier.
  • the server side protocol entity 50 further includes:
  • the packet sending and receiving module 503 is configured to receive a TCP data packet sent by the server to the client by using the second TCP connection, and respond;
  • the satellite side protocol entity 60 further includes:
  • the packet sending and receiving module 603 is configured to extract a data part from the TCP data packet received by the server side protocol entity, and encapsulate a TMSG header, and the generated data sending message is sent to the peer end by using the satellite link.
  • a gateway wherein the TMSG header carries the first TCP connection identifier associated with the second TCP connection identifier.
  • the message transceiver module 603 of the satellite side protocol entity 60 is further configured to receive a data transmission message sent to the server from the satellite link;
  • the packet sending and receiving module 503 of the server side protocol entity 50 is further configured to identify the data sending message received by the satellite side protocol entity 60, such as the connection identifier carried by the TMSG head being the second TCP connection identifier. And extracting a data part from the data sending message and encapsulating a corresponding TCP header, and the generated TCP data message is sent to the server by using the second TCP connection.
  • the TMSG header encapsulated by the message transceiver module 603 of the satellite side protocol entity 60 includes The message type, the connection identifier, and the message length field, the TMSG header length being less than the length of the TCP header.
  • the server side protocol entity 50 further includes:
  • the connection maintenance module 505 is configured to notify the satellite side protocol entity 60 that the second TCP connection is interrupted when the communication interruption of the second TCP connection is detected, and notify that the connection of the satellite side protocol entity 60 is closed successfully. Afterwards, disconnecting the second TCP connection;
  • the satellite side protocol entity 60 further includes:
  • the connection maintenance module 605 is configured to: after receiving the notification that the second TCP connection is interrupted, send, by the satellite link, a message requesting to close the connection to the opposite gateway, where the TMSG header carries the first TCP connection identifier After receiving the response message that the connection returned by the peer gateway is successfully closed, the server side protocol entity is notified that the connection is successfully closed.
  • connection maintenance module 605 of the satellite side protocol entity 60 is further configured to send a notification that the satellite link is disconnected to the server side protocol entity 50 when detecting that the satellite link is disconnected;
  • the connection maintenance module 505 of the server side protocol entity 50 is further configured to associate the second TCP connection with the satellite link; after receiving the notification that the satellite link is disconnected, the satellite chain All TCP connections associated with the road are broken.
  • the two gateways use TCP spoofing for the server and the client respectively, and implement TCP transmission between the client and the server without modifying the protocol stack of the server and the client. Correlation processing can also reduce the bandwidth occupation by replacing the TCP header with a simpler TMSG header to convert and compress the IP+TCP header.
  • FIG. 11 is a diagram showing a client according to the above embodiment, a gateway connected to the client, a gateway connected to the server, and a protocol stack on the server.
  • the protocol stack on both the client and the server includes TCP, IP, and MAC. Chemical.
  • the protocol stack on the side connected to the client includes: TCP, IP, and MAC, and the physical layer protocol stack is not shown.
  • the packet filtering module 101 needs to be set in the physical layer, and cooperates with the Socket server 103 in the TCP layer to implement TCP spoofing to the client (that is, when the client communicates with the gateway, it is considered to be The end is the server).
  • the protocol stack on the side of the gateway and the satellite network includes: TMSG and RMAC (Reliable Physical Layer Transport Protocol).
  • the TMSG protocol is used to encapsulate and decapsulate the TMSG header.
  • the RMAC protocol can use multiple satellite-based links.
  • the communication protocol for example, may be a TCP protocol modified for a satellite link, or a proprietary protocol designed specifically for a satellite network, etc., which is not limited by the embodiment of the present invention.
  • the protocol stack on the side connected to the satellite network includes: TMSG and RMAC.
  • the TMSG protocol is used to encapsulate and decapsulate the TMSG header of the message
  • the RMAC protocol is a communication protocol based on the satellite link.
  • connection establishment The processing steps of connection establishment, data transmission, and connection shutdown of this example are described below. among them:
  • the establishment process includes:
  • GW1 intercepts the request message and records the TCP connection information
  • GW1 performs TCP spoofing on the client, sends a pseudo-answer, and initiates a chain-building request to GW2;
  • An exemplary processing step comprising:
  • the GW1 underlying protocol stack packet filtering module 101 intercepts the request packet, and records the TCP connection information, including the source IP address, the source port, the destination IP address, and the destination port.
  • the GW1 packet filtering module 101 replaces the destination IP of the request packet with the IP of the GW1.
  • the port is replaced by 10086, and is sent to the Socket server 103 of the upper layer of the GW1.
  • the Socket server 103 receives the TCP request message, responds to the request, and sends a response message to the client, passing through the GW1 bottom layer, and the packet filtering module 101 records from the port. Find the connection information recorded in the second step in the table. If it can be found, replace the source IP address and source port of the response message with the IP address and port of the server recorded in the table.
  • the client receives the response message and considers that it is sent by the real server, and responds to the third packet in the TCP three-way handshake.
  • the underlying packet capture module is also replaced with the destination IP and destination.
  • the port is sent to the upper Socket server 103 of the GW1.
  • the Socket ID corresponding to the connection is generated on the GW1, and is used as the connection identifier in the TMSG header.
  • GW1 After the TCP Socket is established between the client and GW1, GW1 sends a connection request to GW2, encapsulates the TMSG header, and the message type is to request to establish a connection.
  • the connection identifier fills in the Socket ID (GW1SID) recorded in the fourth step, and the message content.
  • the source IP source port of the client recorded in the second step, and the IP address and port of the server;
  • GW2 After receiving the request, GW2 records the source IP address, source port, destination IP address, destination port, and Socket ID carried in the packet, and then establishes a TCP connection to the server. After the TCP three-way handshake is successfully established, a local Socket ID is generated.
  • GW2SID responding to the GW1 to establish a link success message, encapsulating the TMSG header, the message type is successful, the connection identifier is filled in as GW2SID, and the message content is empty;
  • GW1 receives the message that the connection is successfully established, and records the GW2SID;
  • the client->server direction data transfer process includes:
  • the GW1 After receiving the GW1, the GW1 intercepts the data packet, extracts the content to be transmitted, encapsulates the TMSG header, and sends it to the GW2 through the RMAC protocol, and simultaneously performs a pseudo-response to the client;
  • the server After receiving the data, the server forwards it to the application layer for processing.
  • An exemplary processing step comprising:
  • GW1 After receiving the packet, GW1 receives the TCP data packet sent by the client through the packet filtering module 101, and then checks whether the connection request record exists through the source IP address, the source port, the destination IP address, and the destination port. Discard if it exists. If yes, the destination IP address of the modified TCP data packet is changed to the IP address of GW1, the destination port is modified to 10086, and sent to the upper layer Socket server 103. The GW1 upper layer Socket server 103 responds to the data packet to the underlying packet filtering module. 101. The lookup table replaces the source IP source port and sends it to the client, and the processing step is similar to the connection establishment process;
  • GW1 upper layer Socket server 103 takes out the TCP packet data content, encapsulates the TMSG hair to be sent to GW2, and the message type encapsulation is data transmission, and the identifier connection encapsulation is the GW2SID recorded when the connection is established;
  • GW2 After receiving the message, GW2 extracts the data content, searches for the corresponding TCP connection according to the GW2SID in the TSMG header, and forwards the data to the server.
  • the server->client direction data transfer process includes:
  • the data content is taken out, and the TMSG header is encapsulated and sent to GW1 through the RMAC protocol. Since the server is a TCP connection established with GW2, the protocol stack directly sent by GW2 directly sends a response to the server;
  • GW1 receives the RMAC packet sent by GW2, extracts the data, converts it into a TCP packet, and replaces the source IP address and the source port with the source IP address and source port of the server, and sends the source IP address and the source port to the client.
  • the customer receives the data and forwards it to the application layer for processing.
  • An exemplary processing step comprising:
  • GW2 receives the data sent by the server, extracts the data, encapsulates the TMSG hair and sends it to GW1, and the message type is data transmission, and identifies the GW1SID recorded when the connection is established;
  • GW1 After receiving the packet, GW1 takes out the GW1SID, finds the corresponding TCP connection, and sends the packet to the client.
  • the underlying packet filtering module intercepts the packet, and then searches for the table information recorded during the connection establishment process, replacing the source IP with the server IP, and the source port is the server port;
  • the process of disconnecting a client includes:
  • GW1 detects a communication interruption of the TCP connection with the client, and sends a disconnection request to GW2;
  • GW1 receives the message, closes the corresponding TCP connection with the client, and clears the relevant information.
  • An exemplary processing step comprising:
  • GW1 detects a communication interruption with the client's TCP connection:
  • GW1 sends a close connection request to GW2, encapsulates the TMSG header, the message type is closed, the connection identifier is GW2SID, and the message content is empty;
  • GW2 After receiving the request, GW2 takes out the GW2SID, closes the TCP connection with the server, and sends a shutdown success message to GW1, encapsulating the TMSG header, and the message type is that the connection is successfully closed;
  • GW1 receives the response message and closes the TCP connection with the client.
  • the process of disconnecting the server includes:
  • GW2 detects a communication interruption of the TCP connection with the server, and sends a disconnection request to GW1;
  • GW1 After receiving the request, GW1 closes the TCP connection with the client, and clears the recorded connection related information, and sends a shutdown success message to GW2 after completion;
  • GW2 receives the message, closes the connection with the server, and clears the relevant information.
  • An exemplary processing step comprising:
  • GW2 detects that the communication of the TCP connection with the server is interrupted
  • GW2 sends a close connection request to GW1, encapsulates the TMSG header, the message type is closed, the connection identifier is GW1SID, and the message content is empty;
  • GW1 After receiving the request, GW1 takes out the GW1SID, closes the TCP connection with the client, and sends a shutdown success message to GW2, encapsulating the TMSG header, and the message type is that the connection is successfully closed;
  • GW2 receives the response message and disconnects the TCP connection with the server.
  • the processing after the satellite link is disconnected includes:
  • the underlying RMAC protocol of GW2 detects the disconnection of the satellite link and closes all TCP connections associated with the satellite link with the server.
  • the two gateways use TCP spoofing for servers and clients respectively, and implement TCP transmission between the client and the server without changing the protocol stack of the server and the client. Processing can also reduce bandwidth usage by replacing the TCP header with a simpler TMSG header.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Radio Relay Systems (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Disclosed are a method and a corresponding gateway for implementing TCP transmission in a satellite network environment. The method comprises: a gateway that is in a PEP and that is connected to a client performs the following processing: intercepting a TCP connection request sent by the client to a server, extracting first connection information from the TCP connection request and sending a pseudo response to the client, and establishing a first TCP connection with the client; using the first connection information as a data part and encapsulating a TMSG header, generating a packet for requesting the establishment of a connection and sending, through a satellite link, the packet to a peer-end gateway connected to the server, the TMSG header carrying a first TCP connection identifier; and after a connection establish success response packet returned by the peer-end gateway is received, recording a second TCP connection identifier carried by the TMSG header and associating the second TCP connection identifier with the first TCP connection identifier.

Description

一种卫星网络环境下实现TCP传输的方法及相应的网关Method for implementing TCP transmission in satellite network environment and corresponding gateway 技术领域Technical field
本发明实施例涉及但不限于卫星通信,尤其涉及一种基于卫星网络环境下实现TCP传输的方法及相应的网关。Embodiments of the present invention relate to, but are not limited to, satellite communications, and in particular, to a method for implementing TCP transmission based on a satellite network environment and a corresponding gateway.
背景技术Background technique
由于卫星技术在现代通讯基础设施中发挥越来越重要的作用,卫星网与地面IP网的结合是当今卫星通信领域最热门的发展趋势。TCP(Transmission Control Protocol传输控制协议)是面向连接的传输层协议,向有关应用提供可靠的数据传输。据统计,目前Internet上95%以上的数据流使用TCP作为传输协议。然而当将TCP协议应用于卫星网络环境时,由于卫星信道区别于地面链路的一些固有特点,严重影响了TCP的性能,降低了卫星信道带宽的利用率。As satellite technology plays an increasingly important role in modern communication infrastructure, the combination of satellite networks and terrestrial IP networks is the hottest trend in satellite communications today. TCP (Transmission Control Protocol) is a connection-oriented transport layer protocol that provides reliable data transmission to related applications. According to statistics, more than 95% of data streams on the Internet currently use TCP as a transport protocol. However, when the TCP protocol is applied to the satellite network environment, the satellite channel is different from the inherent characteristics of the terrestrial link, which seriously affects the performance of the TCP and reduces the utilization of the satellite channel bandwidth.
关于如何提高卫星网络环境下TCP的性能,人们已经进行了许多研究,相关技术中提高卫星系统中TCP性能的方法主要采取加速代理(PEP,Performe Enhancment Proxy)的方式,该方式分为单端和双端两种。其中,双端PEP包括分别放置在卫星网络两端的两个网关,如图1所示,所有的TCP连接分割成三段:服务器和主站端PEP(设置在与服务器连接的网关中)连接,主站端PEP和小站端PEP(设置在与客户机连接的网关中)连接,小站端PEP和客户机连接。双端PEP方案不对通信双方的协议栈和应用程序做改动,但是,为了适合于卫星链路的特点,两个网关之间采用不同于TCP的其他协议进行数据传输,此时如何实现客户机和服务器之间的TCP传输,是急待解决的技术问题。Many studies have been carried out on how to improve the performance of TCP in the satellite network environment. The method for improving the TCP performance in the satellite system in the related art mainly adopts the method of PEP (Performe Enhancement Proxy), which is divided into single-ended and Both ends. The double-ended PEP includes two gateways respectively placed at the two ends of the satellite network. As shown in FIG. 1 , all the TCP connections are divided into three segments: the server and the primary PEP (set in the gateway connected to the server) are connected. The primary station PEP and the small station PEP (set in the gateway connected to the client) are connected, and the small station PEP is connected to the client. The double-ended PEP scheme does not modify the protocol stack and application of the communication parties. However, in order to adapt to the characteristics of the satellite link, the two gateways use other protocols than TCP for data transmission. In this case, how to implement the client and TCP transmission between servers is a technical problem that needs to be solved urgently.
发明内容Summary of the invention
以下是对本文详细描述的主题的概述。本概述并非是为了限制权利要求的保护范围。 The following is an overview of the topics detailed in this document. This Summary is not intended to limit the scope of the claims.
本发明实施例提供了一种卫星网络环境下实现TCP传输的方法,应用于双端加速代理PEP中与客户机连接的网关,所述方法包括以下连接建立的处理:The embodiment of the invention provides a method for implementing TCP transmission in a satellite network environment, which is applied to a gateway connected to a client in a double-end acceleration proxy PEP, and the method includes the following connection establishment processing:
截取客户机发送给服务器的TCP连接请求,从中提取第一连接信息并向所述客户机发送伪应答,与所述客户机建立第一TCP连接;Intercepting a TCP connection request sent by the client to the server, extracting the first connection information therefrom, and sending a pseudo response to the client, establishing a first TCP connection with the client;
以所述第一连接信息为数据部分并封装转换消息TMSG头,生成请求建立连接的报文并通过卫星链路发送给与所述服务器连接的对端网关,所述TMSG头携带用于标识所述第一TCP连接的第一TCP连接标识;And using the first connection information as a data part and encapsulating the conversion message TMSG header, generating a message requesting to establish a connection and sending the message to the opposite gateway connected to the server by using a satellite link, where the TMSG header is carried by the identifier Determining a first TCP connection identifier of the first TCP connection;
接收到所述对端网关返回的连接建立成功的应答报文后,记录其中TMSG头携带的第二TCP连接标识并与所述第一TCP连接标识关联,所述第二TCP连接标识为所述对端网关和所述服务器建立的TCP连接的标识。After receiving the response message that the connection is successfully established by the peer gateway, the second TCP connection identifier carried in the TMSG header is recorded and associated with the first TCP connection identifier, where the second TCP connection identifier is The identifier of the TCP connection established between the peer gateway and the server.
可选地,其中,所述TMSG头包括消息类型、连接标识和消息长度字段,所述TMSG头长度小于TCP头的长度。Optionally, the TMSG header includes a message type, a connection identifier, and a message length field, where the TMSG header length is smaller than a length of the TCP header.
可选地,所述方法还包括以下数据传输的处理:Optionally, the method further comprises the following processing of data transmission:
截取所述客户机通过第一TCP连接发送给所述服务器的TCP数据报文并进行应答,从所述TCP数据报文中提取数据部分并封装TMSG头,生成的数据发送报文通过所述卫星链路发送给所述对端网关,所述TMSG头携带与所述第一TCP连接标识关联的所述第二TCP连接标识;及Intercepting and responding to the TCP data packet sent by the client to the server through the first TCP connection, extracting a data part from the TCP data packet, and encapsulating the TMSG header, and generating the generated data transmission message through the satellite Sending a link to the peer gateway, the TMSG header carrying the second TCP connection identifier associated with the first TCP connection identifier; and
从所述卫星链路接收数据发送报文,如其中TMSG头的连接标识为所述第一TCP连接标识,则从所述数据发送报文中提取数据部分并封装相应的TCP头,生成的TCP数据报文通过所述第一TCP连接发送给所述客户机。Receiving a data transmission message from the satellite link, where the connection identifier of the TMSG header is the first TCP connection identifier, extracting a data part from the data transmission message and encapsulating a corresponding TCP header, and generating a TCP A data message is sent to the client over the first TCP connection.
可选地,所述方法还包括以下连接断开的处理:Optionally, the method further includes the following disconnection processing:
检测到所述第一TCP连接的通信中断;A communication interruption of the first TCP connection is detected;
通过所述卫星链路向所述对端网关发送请求关闭连接的报文,其中的TMSG头携带所述第二TCP连接标识;Transmitting, by the satellite link, a packet requesting to close the connection to the peer gateway, where the TMSG header carries the second TCP connection identifier;
接收到所述对端网关返回的连接关闭成功的应答报文后,断开所述第一TCP连接。After receiving the response message that the connection returned by the peer gateway is successfully closed, the first TCP connection is disconnected.
可选地,其中,所述连接建立的处理还包括:将所述第一TCP连接与所 述卫星链路关联;Optionally, the process of establishing the connection further includes: connecting the first TCP connection with the Satellite link association;
所述方法还包括以下连接断开的处理:检测到所述卫星链路断开,将与所述卫星链路关联的所有TCP连接断开。The method also includes the following process of disconnection: detecting that the satellite link is down, disconnecting all TCP connections associated with the satellite link.
本发明实施例还提供了一种应用于双端加速代理PEP中与客户机连接的网关,包括用户侧协议实体和第一卫星侧协议实体,其中:The embodiment of the invention further provides a gateway for connecting to a client in a double-ended acceleration proxy PEP, comprising a user side protocol entity and a first satellite side protocol entity, wherein:
所述用户侧协议实体包括底层的包过滤模块和上层的套接字Socket服务器;The user side protocol entity includes an underlying packet filtering module and an upper layer socket Socket server;
所述包过滤模块包括:The packet filtering module includes:
反向转发单元,设置为截取客户机与服务器建立TCP连接时发送的连接请求报文和ACK报文,将报文中的目的IP地址和目的端口替换为所述Socket服务器的IP地址和端口后发送给所述Socket服务器;其中,截取所述连接请求报文时,还记录其中包括源IP地址、源端口、目的IP地址和目的端口的第一连接信息并发送给所述Socket服务器;以及The reverse forwarding unit is configured to intercept the connection request message and the ACK message sent when the client establishes a TCP connection with the server, and replace the destination IP address and the destination port in the packet with the IP address and port of the Socket server. Sending to the Socket server; wherein, when the connection request message is intercepted, the first connection information including the source IP address, the source port, the destination IP address, and the destination port is also recorded and sent to the Socket server;
前向转发单元,设置为将所述Socket服务器发送给所述客户机的ACK报文中的源IP地址和源端口替换为所述第一连接信息中的目的IP地址和目的端口后,发送给所述客户机;a forward forwarding unit, configured to replace the source IP address and the source port in the ACK packet sent by the Socket server to the client with the destination IP address and the destination port in the first connection information, and send the The client;
所述Socket服务器包括:第一连接建立模块,设置为收到包过滤模块发送的所述连接请求报文和第一连接信息后,向客户机发送ACK报文;及在收到包过滤模块发送的所述ACK报文后,建立与所述客户机的第一TCP连接并生成第一TCP连接标识,通知所述第一卫星侧协议实体第一TCP连接建立成功,携带所述第一连接信息;The Socket server includes: a first connection establishing module, configured to: after receiving the connection request message and the first connection information sent by the packet filtering module, send an ACK message to the client; and send the packet filtering module After the ACK message, the first TCP connection with the client is established, and a first TCP connection identifier is generated to notify the first satellite side protocol entity that the first TCP connection is successfully established, and the first connection information is carried. ;
所述第一卫星侧协议实体包括:第二连接建立模块,设置为收到所述Socket服务器的第一TCP连接建立成功的通知后,以所述第一连接信息为数据部分并封装转换消息TMSG头,生成请求建立连接的报文并通过卫星链路发送给对端网关,所述TMSG头携带所述第一TCP连接标识;及设置为收到所述对端网关通过所述卫星链路返回的连接建立成功的应答报文后,记录其中TMSG头携带的第二TCP连接标识并与所述第一TCP连接标识关联,所 述第二TCP连接标识为所述对端网关和所述服务器建立的TCP连接的标识。The first satellite side protocol entity includes: a second connection establishing module, configured to: after receiving the notification that the first TCP connection is successfully established by the Socket server, using the first connection information as a data part and encapsulating the conversion message TMSG a header, generating a message requesting to establish a connection and transmitting the message to the opposite gateway through a satellite link, the TMSG header carrying the first TCP connection identifier; and being configured to receive the peer gateway to return through the satellite link After establishing a successful response message, the second TCP connection identifier carried in the TMSG header is recorded and associated with the first TCP connection identifier. The second TCP connection identifier is an identifier of a TCP connection established by the peer gateway and the server.
可选地,其中,所述第一卫星侧协议实体的第二连接建立模块封装的所述TMSG头包括消息类型、连接标识和消息长度字段,所述TMSG头长度小于TCP头的长度。Optionally, the TMSG header encapsulated by the second connection establishing module of the first satellite side protocol entity includes a message type, a connection identifier, and a message length field, where the TMSG header length is smaller than a length of the TCP header.
可选地,其中,所述包过滤模块中的反向转发单元还设置为截取经过的TCP数据报文,如其中的连接信息与所述第一连接信息匹配,则所述TCP数据报文来自第一TCP连接,将所述TCP数据报文中的目的IP地址和目的端口替换为所述Socket服务器的IP地址和端口,发送给所述Socket服务器;Optionally, the reverse forwarding unit in the packet filtering module is further configured to intercept the passed TCP data packet, where the connection information matches the first connection information, where the TCP data packet is from The first TCP connection, the destination IP address and the destination port in the TCP data packet are replaced with the IP address and port of the Socket server, and sent to the Socket server;
所述Socket服务器还包括:报文处理模块,设置为接收来自第一TCP连接的所述TCP数据报文并发送TCP应答报文;The Socket server further includes: a message processing module, configured to receive the TCP data packet from the first TCP connection and send a TCP response message;
所述包过滤模块中的前向转发单元还设置为将所述Socket服务器发送给所述客户机的TCP应答报文中的源IP地址和源端口替换为所述第一连接信息中的目的IP地址和目的端口后,发送给所述客户机;The forward forwarding unit in the packet filtering module is further configured to replace the source IP address and the source port in the TCP response message sent by the Socket server to the client with the destination IP in the first connection information. After the address and the destination port are sent to the client;
所述第一卫星侧协议实体还包括:第一报文收发模块,设置为在来自第一TCP连接的所述TCP数据报文的数据部分前封装TMSG头,生成的数据发送报文通过所述卫星链路发送给所述对端网关,所述TMSG头携带与所述第一TCP连接标识关联的所述第二TCP连接标识。The first satellite side protocol entity further includes: a first packet sending and receiving module, configured to encapsulate a TMSG header before the data portion of the TCP data packet from the first TCP connection, and the generated data sending message passes the A satellite link is sent to the correspondent gateway, and the TMSG header carries the second TCP connection identifier associated with the first TCP connection identifier.
可选地,其中,所述第一卫星侧协议实体的第一报文收发模块还设置为从所述卫星链路接收发送给所述客户机的数据发送报文;Optionally, the first packet transceiver module of the first satellite side protocol entity is further configured to receive a data transmission message sent to the client from the satellite link;
所述Socket服务器中的报文处理模块还设置为识别所述第一卫星侧协议实体接收的数据发送报文,如其中TMSG头的连接标识为所述第一TCP连接标识,则从所述数据发送报文中提取数据部分并封装相应的TCP头,生成的TCP数据报文并通过所述第一TCP连接发送给所述客户机;The packet processing module in the Socket server is further configured to identify a data transmission message received by the first satellite side protocol entity, where the connection identifier of the TMSG header is the first TCP connection identifier, then the data is sent from the data. Extracting a data part in the sending message and encapsulating a corresponding TCP header, and the generated TCP data message is sent to the client through the first TCP connection;
所述包过滤模块中的前向转发单元还设置为将所述Socket服务器发送给所述客户机的TCP数据报文中的源IP地址和源端口替换为所述第一连接信息中的目的IP地址和目的端口后,发送给所述客户机。The forward forwarding unit in the packet filtering module is further configured to replace the source IP address and the source port in the TCP data packet sent by the Socket server to the client with the destination IP in the first connection information. After the address and destination port are sent to the client.
可选地,其中,所述Socket服务器还包括:第一连接维护模块,设置为检测到所述第一TCP连接通信中断时,通知所述第一卫星侧协议实体第一 TCP连接中断;及收到所述第一卫星侧协议实体的连接关闭成功的通知后,断开所述第一TCP连接;Optionally, the Socket server further includes: a first connection maintenance module, configured to notify the first satellite side protocol entity that the first TCP connection protocol entity is interrupted when detecting that the first TCP connection communication is interrupted Disconnecting the TCP connection; and after receiving the notification that the connection of the first satellite side protocol entity is successfully closed, disconnecting the first TCP connection;
所述第一卫星侧协议实体还包括:第二连接维护模块,设置为收到所述Socket服务器的第一TCP连接中断的通知后,通过所述卫星链路向所述对端网关发送请求关闭连接的报文,其中的TMSG头携带所述第二TCP连接标识;及设置为在接收到所述对端网关返回的连接关闭成功的应答报文后,通知所述Socket服务器连接关闭成功。The first satellite side protocol entity further includes: a second connection maintenance module, configured to send a request to the peer gateway to close by using the satellite link after receiving the notification that the first TCP connection is interrupted by the Socket server The connected message, wherein the TMSG header carries the second TCP connection identifier; and is configured to notify the Socket server that the connection is successfully closed after receiving the response message that the connection returned by the peer gateway is successfully closed.
可选地,其中,所述第一卫星侧协议实体的第二连接维护模块还设置为在检测到所述卫星链路断开时,向所述Socket服务器发送所述卫星链路断开的通知;Optionally, the second connection maintenance module of the first satellite side protocol entity is further configured to send the notification that the satellite link is disconnected to the Socket server when detecting that the satellite link is disconnected ;
所述Socket服务器的第一连接维护模块还设置为将所述第一TCP连接与所述卫星链路关联;收到所述卫星链路断开的通知后,将与所述卫星链路关联的所有TCP连接断开。The first connection maintenance module of the Socket server is further configured to associate the first TCP connection with the satellite link; after receiving the notification that the satellite link is disconnected, the node is associated with the satellite link All TCP connections are broken.
本发明实施例还提供一种卫星网络环境下实现TCP传输的方法,应用于双端加速代理PEP中与服务器连接的网关,所述方法包括以下连接建立的处理:The embodiment of the invention further provides a method for implementing TCP transmission in a satellite network environment, which is applied to a gateway connected to a server in a double-end acceleration proxy PEP, and the method includes the following connection establishment processing:
接收到与客户机连接的对端网关经卫星链路发送的连接建立请求的报文后,记录其中转换消息TMSG头携带的第一TCP连接标识及数据部分携带的所述客户机与所述对端网关建立的第一TCP连接的第一连接信息,所述第一TCP连接标识用于标识所述第一TCP连接;After receiving the packet of the connection establishment request sent by the peer gateway connected to the client via the satellite link, recording the first TCP connection identifier carried by the switching message TMSG header and the client carried by the data part and the pair The first connection information of the first TCP connection established by the end gateway, where the first TCP connection identifier is used to identify the first TCP connection;
与所述服务器建立第二TCP连接,连接建立完成后,通过所述卫星链路向所述对端网关返回连接建立成功的应答报文,其中的TMSG头携带用于标识所述第二TCP连接的第二TCP连接标识;将所述第二TCP连接标识和所述第一TCP连接标识关联。Establishing a second TCP connection with the server, and after the connection is established, returning a connection establishment success message to the opposite gateway through the satellite link, where the TMSG header carries the identifier for identifying the second TCP connection. a second TCP connection identifier; associating the second TCP connection identifier with the first TCP connection identifier.
可选地,其中,所述TMSG头包括消息类型、连接标识和消息长度字段,所述TMSG头长度小于TCP头的长度。Optionally, the TMSG header includes a message type, a connection identifier, and a message length field, where the TMSG header length is smaller than a length of the TCP header.
可选地,所述方法还包括以下数据传输的处理: Optionally, the method further comprises the following processing of data transmission:
接收到所述服务器通过所述第二TCP连接发送给所述客户机的TCP数据报文后进行应答,从所述TCP数据报文中提取数据部分并封装TMSG头,生成数据发送报文并通过所述卫星链路发送给所述对端网关,所述TMSG头携带与所述第二TCP连接标识关联的所述第一TCP连接标识;及Receiving, by the server, the TCP data packet sent to the client by using the second TCP connection, responding, extracting the data part from the TCP data packet, and encapsulating the TMSG header, generating a data transmission packet and passing the packet Sending the satellite link to the peer gateway, the TMSG header carrying the first TCP connection identifier associated with the second TCP connection identifier; and
从所述卫星链路接收到发送给所述服务器的数据发送报文,如其中TMSG头携带的连接标识为所述第二TCP连接标识,则从所述数据发送报文中提取数据部分并封装相应的TCP头,生成的TCP数据报文通过所述第二TCP连接发送给所述服务器。Receiving, by the satellite link, a data transmission message sent to the server, where the connection identifier carried by the TMSG header is the second TCP connection identifier, extracting a data part from the data transmission message and encapsulating The corresponding TCP header, the generated TCP data message is sent to the server through the second TCP connection.
可选地,所述方法还包括以下连接断开的处理:Optionally, the method further includes the following disconnection processing:
检测到所述第二TCP连接的通信中断;A communication interruption of the second TCP connection is detected;
通过所述卫星链路向所述对端网关发送请求关闭连接的报文,其中的TMSG头携带所述第一TCP连接标识;Transmitting, by the satellite link, a packet requesting to close the connection to the peer gateway, where the TMSG header carries the first TCP connection identifier;
接收到所述对端网关经所述卫星链路返回的连接关闭成功的应答报文后,断开所述第二TCP连接。After receiving the response message that the peer gateway returns a successful connection returned by the satellite link, the second TCP connection is disconnected.
可选地,其中,所述连接建立的处理还包括:将所述第二TCP连接与所述卫星链路相关联;Optionally, the process of establishing the connection further includes: associating the second TCP connection with the satellite link;
所述方法还包括以下连接断开的处理:检测到所述卫星链路断开后,将所述卫星链路关联的所有TCP连接断开。The method also includes the following process of disconnection: detecting that all of the TCP connections associated with the satellite link are disconnected after the satellite link is disconnected.
本发明实施例还提供了一种应用于双端加速代理PEP中与服务器连接的网关,包括服务器侧协议实体和第二卫星侧协议实体,其中:The embodiment of the invention further provides a gateway for connecting to a server in a double-end acceleration proxy PEP, comprising a server side protocol entity and a second satellite side protocol entity, wherein:
所述第二卫星侧协议实体包括:第三连接建立模块,设置为接收到与客户机连接的对端网关经卫星链路发送的连接建立请求的报文后,记录其中转换消息TMSG头携带的第一TCP连接标识及数据部分携带的第一连接信息,并通知所述服务器侧协议实体建立与服务器的第二TCP连接;所述第一连接信息为所述对端网关与所述客户机建立的第一TCP连接的连接信息,所述第一TCP连接标识用于标识所述第一TCP连接;The second satellite side protocol entity includes: a third connection establishing module configured to: after receiving the message of the connection establishment request sent by the peer gateway connected to the client via the satellite link, record the message carried by the converted message TMSG header Corresponding to the first TCP connection identifier and the first connection information carried in the data part, and notifying the server side protocol entity to establish a second TCP connection with the server; the first connection information is established by the peer gateway and the client Connection information of the first TCP connection, the first TCP connection identifier is used to identify the first TCP connection;
所述服务器侧协议实体包括:第四连接建立模块,设置为收到所述建立 TCP连接的通知后,与所述服务器建立所述第二TCP连接,生成用于标识所述第二TCP连接的第二TCP连接标识,通过所述卫星链路向所述对端网关返回连接建立成功的应答报文,携带所述第二TCP连接标识,并通知所述第二卫星侧协议实体第二TCP连接建立成功,携带所述第二TCP连接标识;The server side protocol entity includes: a fourth connection establishing module, configured to receive the establishment After the notification of the TCP connection, establishing the second TCP connection with the server, generating a second TCP connection identifier for identifying the second TCP connection, and returning a connection establishment to the peer gateway by using the satellite link a successful response message carrying the second TCP connection identifier, and notifying the second satellite side protocol entity that the second TCP connection is successfully established, and carrying the second TCP connection identifier;
所述第二卫星侧协议实体的第三连接建立模块还设置为收到服务器侧协议实体所述第二TCP连接建立成功的通知后,通过所述卫星链路向所述对端网关返回连接建立成功的应答报文,其中的TMSG头携带所述第二TCP连接标识;将所述第二TCP连接标识和所述第一TCP连接标识关联。The third connection establishing module of the second satellite side protocol entity is further configured to: after receiving the notification that the second TCP connection is successfully established by the server side protocol entity, returning the connection establishment to the peer gateway by using the satellite link a successful response message, wherein the TMSG header carries the second TCP connection identifier; and the second TCP connection identifier is associated with the first TCP connection identifier.
可选地,其中,所述服务器侧协议实体还包括:第二报文收发模块,设置为接收所述服务器通过所述第二TCP连接发送给所述客户机的TCP数据报文并进行应答;Optionally, the server-side protocol entity further includes: a second packet sending and receiving module, configured to receive and respond to the TCP data packet sent by the server to the client by using the second TCP connection;
所述第二卫星侧协议实体还包括:第三报文收发模块,设置为从所述服务器侧协议实体接收的所述TCP数据报文中提取数据部分并封装TMSG头,生成的数据发送报文通过所述卫星链路发送给所述对端网关,其中的TMSG头携带与所述第二TCP连接标识关联的所述第一TCP连接标识。The second satellite side protocol entity further includes: a third packet sending and receiving module, configured to extract a data part from the TCP data packet received by the server side protocol entity, and encapsulate a TMSG header, and generate a data sending message. And transmitting, by the satellite link, the peer gateway, where the TMSG header carries the first TCP connection identifier associated with the second TCP connection identifier.
可选地,其中,所述第二卫星侧协议实体的第三报文收发模块还设置为从所述卫星链路接收发送给所述服务器的数据发送报文;Optionally, the third message sending and receiving module of the second satellite side protocol entity is further configured to receive a data sending message sent to the server from the satellite link;
所述服务器侧协议实体的第二报文收发模块还设置为识别所述第二卫星侧协议实体接收的数据发送报文,如其中的TMSG头携带的连接标识为所述第二TCP连接标识,则从所述数据发送报文中提取数据部分并封装相应的TCP头,生成的TCP数据报文通过所述第二TCP连接发送给所述服务器。The second packet sending and receiving module of the server side protocol entity is further configured to identify a data sending message received by the second satellite side protocol entity, where the connection identifier carried by the TMSG head is the second TCP connection identifier. And extracting a data part from the data sending message and encapsulating a corresponding TCP header, and the generated TCP data message is sent to the server by using the second TCP connection.
可选地,其中,所述第二卫星侧协议实体的第三报文收发模块封装的所述TMSG头包括消息类型、连接标识和消息长度字段,所述TMSG头长度小于TCP头的长度。Optionally, the TMSG header encapsulated by the third packet transceiver module of the second satellite side protocol entity includes a message type, a connection identifier, and a message length field, where the TMSG header length is smaller than a length of the TCP header.
可选地,其中,所述服务器侧协议实体还包括:第三连接维护模块,设置为检测到所述第二TCP连接的通信中断时,通知所述第二卫星侧协议实体第二TCP连接中断;及收到所述第二卫星侧协议实体的连接关闭成功的通知后,断开所述第二TCP连接; Optionally, the server side protocol entity further includes: a third connection maintenance module, configured to notify the second satellite side protocol entity that the second TCP connection is interrupted when detecting that the communication of the second TCP connection is interrupted And disconnecting the second TCP connection after receiving the notification that the connection of the second satellite side protocol entity is successfully closed;
所述第二卫星侧协议实体还包括:第四连接维护模块,设置为收到第二TCP连接中断的通知后,通过所述卫星链路向所述对端网关发送请求关闭连接的报文,其中的TMSG头携带所述第一TCP连接标识;及收到所述对端网关返回的连接关闭成功的应答报文后,通知所述服务器侧协议实体连接关闭成功。The second satellite side protocol entity further includes: a fourth connection maintenance module, configured to send a message requesting to close the connection to the opposite gateway through the satellite link after receiving the notification that the second TCP connection is interrupted, The TMSG header carries the first TCP connection identifier; and after receiving the response message that the connection returned by the peer gateway is successfully closed, the server side protocol entity is notified that the connection is successfully closed.
可选地,其中,所述第二卫星侧协议实体的第四连接维护模块还设置为在检测到所述卫星链路断开时,向所述服务器侧协议实体发送所述卫星链路断开的通知;Optionally, wherein the fourth connection maintenance module of the second satellite side protocol entity is further configured to send the satellite link disconnection to the server side protocol entity when detecting that the satellite link is disconnected announcement of;
所述服务器侧协议实体的第三连接维护模块还设置为将所述第二TCP连接与所述卫星链路关联;在收到所述卫星链路断开的通知后,将与所述卫星链路关联的所有TCP连接断开。The third connection maintenance module of the server side protocol entity is further configured to associate the second TCP connection with the satellite link; and after receiving the notification that the satellite link is disconnected, the satellite chain All TCP connections associated with the road are broken.
上述方案在双端PEP场景下,两个网关分别针对服务器和客户机使用TCP欺骗,在无需对服务器和客户机的协议栈进行改动的情况下,实现了客户机和服务器之间TCP传输的相关处理,还可以通过将TCP头置换为更为简单的TMSG头,减少了对带宽的占用。In the dual-ended PEP scenario, the two gateways use TCP spoofing for servers and clients respectively, and implement TCP transmission between the client and the server without changing the protocol stack of the server and the client. Processing can also reduce bandwidth usage by replacing the TCP header with a simpler TMSG header.
在阅读并理解了附图和详细描述后,可以明白其他方面。Other aspects will be apparent upon reading and understanding the drawings and detailed description.
附图概述BRIEF abstract
图1是根据本发明实施例的典型的卫星通讯应用场景的示意图;1 is a schematic diagram of a typical satellite communication application scenario in accordance with an embodiment of the present invention;
图2是本发明实施例一方法的连接建立的流程图;2 is a flow chart of connection establishment of a method according to an embodiment of the present invention;
图3是本发明实施例一TMSG头结构的示意图;3 is a schematic diagram of a TMSG head structure according to an embodiment of the present invention;
图4是本发明实施例一方法的数据传输的流程图;4 is a flow chart of data transmission in a method according to an embodiment of the present invention;
图5是本发明实施例一方法的连接断开处理的流程图;FIG. 5 is a flowchart of a connection disconnection process according to a method of the embodiment of the present invention; FIG.
图6是本发明实施例一与客户机连接的网关的模块图;6 is a block diagram of a gateway connected to a client according to Embodiment 1 of the present invention;
图7是本发明实施例二方法的连接建立的流程图;7 is a flowchart of connection establishment of a method according to Embodiment 2 of the present invention;
图8是本发明实施例二方法的数据传输的流程图; 8 is a flowchart of data transmission in a method according to Embodiment 2 of the present invention;
图9是本发明实施例二方法的连接断开处理的流程图;9 is a flowchart of a connection disconnection process of the method of the second embodiment of the present invention;
图10是本发明实施例二与服务器连接的网关的模块图;10 is a block diagram of a gateway connected to a server according to Embodiment 2 of the present invention;
图11是本发明应用示例中每个网元的协议栈的示意图。11 is a schematic diagram of a protocol stack of each network element in an application example of the present invention.
本发明的实施方式Embodiments of the invention
下文中将结合附图对本发明实施例进行详细说明。需要说明的是,在不冲突的情况下,本发明实施例及实施例中的特征可以相互任意组合。The embodiments of the present invention will be described in detail below with reference to the accompanying drawings. It should be noted that, in the case of no conflict, the features in the embodiments and the embodiments of the present invention may be arbitrarily combined with each other.
实施例一Embodiment 1
本实施例涉及卫星网络环境下实现TCP传输的方法,应用于双端加速代理PEP中与客户机连接的网关。The embodiment relates to a method for implementing TCP transmission in a satellite network environment, and is applied to a gateway connected to a client in a double-end acceleration proxy PEP.
如图2所示,所述方法包括以下连接建立的处理:As shown in FIG. 2, the method includes the following connection establishment process:
步骤110,截取客户机发送给服务器的TCP连接请求,从中提取第一连接信息并向所述客户机发送伪应答,与所述客户机建立第一TCP连接; Step 110, intercepting a TCP connection request sent by the client to the server, extracting the first connection information therefrom, and sending a pseudo response to the client, and establishing a first TCP connection with the client;
步骤120,以所述第一连接信息为数据部分并封装转换消息(TMSG,一种传输消息交互格式)头,生成请求建立连接的报文并通过卫星链路发送给与所述服务器连接的对端网关,所述TMSG头携带第一TCP连接标识;Step 120: The first connection information is used as a data part, and a header of a conversion message (TMSG, a transport message interaction format) is encapsulated, and a message requesting to establish a connection is generated and sent to a pair connected to the server through a satellite link. End gateway, the TMSG header carries a first TCP connection identifier;
上述第一TCP连接标识用于标识所述第一TCP连接。The first TCP connection identifier is used to identify the first TCP connection.
如图3所示,本实施例的TMSG头包括消息类型、连接标识和消息长度字段,所述TMSG头长度小于TCP头的长度。其中:As shown in FIG. 3, the TMSG header of this embodiment includes a message type, a connection identifier, and a message length field, and the TMSG header length is smaller than the length of the TCP header. among them:
消息类型,包括请求建立连接消息,连接建立成功应答消息,请求关闭连接消息,关闭连接成功应答消息,关闭所有连接消息,数据发送报文等类型的消息,但本发明实施例对消息名称并不限制。The message type includes the request to establish a connection message, the connection establishment success response message, the request to close the connection message, the connection success response message, the closing of all connection messages, the data transmission message, and the like, but the message name is not in the embodiment of the present invention. limit.
连接标识,包括用于标识客户机与网关之间的第一TCP连接的第一TCP连接标识,及用于标识网关与服务器之间的第二TCP连接的第二TCP连接标识。The connection identifier includes a first TCP connection identifier for identifying a first TCP connection between the client and the gateway, and a second TCP connection identifier for identifying a second TCP connection between the gateway and the server.
消息长度–报文长度,即包含TMSG在内的消息长度。Message length – the length of the message, ie the length of the message including TMSG.
步骤130,接收到对端网关返回的连接建立成功的应答报文后,记录其 中TMSG头携带的第二TCP连接标识并与所述第一TCP连接标识关联。Step 130: After receiving the response message that the connection returned by the peer gateway is successfully established, record the response message. The second TCP connection identifier carried by the medium TMSG header is associated with the first TCP connection identifier.
所述第二TCP连接标识为所述对端网关和所述服务器建立的TCP连接的标识。The second TCP connection identifier is an identifier of a TCP connection established by the peer gateway and the server.
可选地,本实施例方法还包括与客户机连接的网关传输数据的处理,如图4所示,包括:Optionally, the method in this embodiment further includes a process of transmitting data by using a gateway connected to the client, as shown in FIG. 4, including:
步骤210,截取所述客户机通过第一TCP连接发送给所述服务器的TCP数据报文并进行应答,从所述TCP数据报文中提取数据部分并封装TMSG头,生成的数据发送报文通过所述卫星链路发送给对端网关,所述TMSG头携带与所述第一TCP连接标识关联的所述第二TCP连接标识;Step 210: intercepting and responding to the TCP data packet sent by the client to the server by using the first TCP connection, extracting the data part from the TCP data packet, and encapsulating the TMSG header, and the generated data transmission packet is passed. Sending the satellite link to the peer gateway, where the TMSG header carries the second TCP connection identifier associated with the first TCP connection identifier;
步骤220,从所述卫星链路接收数据发送报文,如其中TMSG头的连接标识为所述第一TCP连接标识,则从所述数据发送报文中提取数据部分并封装相应的TCP头,生成的TCP数据报文通过所述第一TCP连接发送给所述客户机。Step 220: Receive a data transmission message from the satellite link, where the connection identifier of the TMSG header is the first TCP connection identifier, extract a data portion from the data transmission packet, and encapsulate a corresponding TCP header. The generated TCP data message is sent to the client over the first TCP connection.
可选地,本实施例方法还包括与客户机连接的网关断开连接的处理,如图5所示,包括:Optionally, the method in this embodiment further includes a process of disconnecting the gateway connected to the client, as shown in FIG. 5, including:
步骤310,检测到所述第一TCP连接的通信中断; Step 310, detecting that the communication of the first TCP connection is interrupted;
步骤320,通过所述卫星链路向所述对端网关发送请求关闭连接的报文,其中的TMSG头携带所述第二TCP连接标识; Step 320, sending, by the satellite link, a packet requesting to close the connection to the peer gateway, where the TMSG header carries the second TCP connection identifier;
步骤330,接收到所述对端网关返回的连接关闭成功的应答报文后,断开所述第一TCP连接。Step 330: After receiving the response message that the connection returned by the peer gateway is successfully closed, disconnect the first TCP connection.
如果检测到所述卫星链路断开,则与客户机连接的网关将与所述卫星链路关联的所有TCP连接断开。当然在此之前,需要在建立第一TCP连接后将所述第一TCP连接与所述卫星链路关联。If it is detected that the satellite link is down, the gateway connected to the client disconnects all TCP connections associated with the satellite link. Of course, prior to this, the first TCP connection needs to be associated with the satellite link after establishing the first TCP connection.
相应地,本实施例还提供了一种应用于双端加速代理PEP中与客户机连接的网关,如图6所示,包括用户侧协议实体10和卫星侧协议实体20,其中:Correspondingly, the embodiment further provides a gateway for connecting to a client in a double-ended acceleration proxy PEP. As shown in FIG. 6, the user side protocol entity 10 and the satellite side protocol entity 20 are included, where:
所述用户侧协议实体10包括底层(指物理层)的包过滤模块101和上层 (TCP协议层)的Socket(套接字)服务器103;The user side protocol entity 10 includes a packet filtering module 101 and an upper layer of an underlying layer (referring to a physical layer). Socket (socket) server 103 (TCP protocol layer);
所述包过滤模块101包括:The packet filtering module 101 includes:
反向转发单元1011,设置为截取客户机与服务器建立TCP连接时发送的连接请求报文和ACK报文,将报文中的目的IP地址和目的端口替换为所述Socket服务器103的IP地址和端口后发送给所述Socket服务器103;其中,截取所述连接请求报文时,还记录其中包括源IP地址、源端口、目的IP地址和目的端口的第一连接信息并发送给所述Socket服务器103;以及The reverse forwarding unit 1011 is configured to intercept the connection request message and the ACK message sent when the client establishes a TCP connection with the server, and replace the destination IP address and the destination port in the packet with the IP address of the Socket server 103. After the port is sent to the Socket server 103, the first connection information including the source IP address, the source port, the destination IP address, and the destination port is also recorded and sent to the Socket server. 103; and
前向转发单元1013,设置为将所述Socket服务器103发送给所述客户机的ACK报文中的源IP地址和源端口替换为所述第一连接信息中的目的IP地址和目的端口后,发送给所述客户机;The forward forwarding unit 1013 is configured to replace the source IP address and the source port in the ACK packet sent by the Socket server 103 to the client with the destination IP address and the destination port in the first connection information, Sent to the client;
所述Socket服务器103包括:The Socket server 103 includes:
连接建立模块1031,设置为收到包过滤模块101发送的所述连接请求报文和第一连接信息后,向客户机发送ACK报文;及在收到包过滤模块101发送的所述ACK报文后,建立与所述客户机的第一TCP连接并生成第一TCP连接标识,通知所述卫星侧协议实体20第一TCP连接建立成功,携带所述第一连接信息;The connection establishing module 1031 is configured to: after receiving the connection request message and the first connection information sent by the packet filtering module 101, send an ACK message to the client; and receive the ACK message sent by the packet filtering module 101. After the first TCP connection is established, the first TCP connection is established, and the first TCP connection identifier is generated, and the first TCP connection is successfully established, and the first connection information is carried.
所述卫星侧协议实体20包括:The satellite side protocol entity 20 includes:
连接建立模块201,设置为收到所述Socket服务器103的第一TCP连接建立成功的通知后,以所述第一连接信息为数据部分并封装转换消息TMSG头,生成请求建立连接的报文并通过卫星链路发送给对端网关,所述TMSG头携带所述第一TCP连接标识;及设置为收到所述对端网关通过所述卫星链路返回的连接建立成功的应答报文后,记录其中TMSG头携带的第二TCP连接标识并与所述第一TCP连接标识关联,所述第二TCP连接标识为所述对端网关和所述服务器建立的TCP连接的标识。可选地,所述TMSG头包括消息类型、连接标识和消息长度字段,所述TMSG头长度小于TCP头的长度。The connection establishing module 201 is configured to: after receiving the notification that the first TCP connection establishment of the Socket server 103 is successful, using the first connection information as a data part and encapsulating the conversion message TMSG header, generating a message requesting to establish a connection and Sending to the peer gateway through a satellite link, the TMSG header carries the first TCP connection identifier; and is configured to receive a response message that the peer gateway successfully establishes a connection returned by the satellite link, Recording a second TCP connection identifier carried in the TMSG header and associating with the first TCP connection identifier, where the second TCP connection identifier is an identifier of a TCP connection established by the peer gateway and the server. Optionally, the TMSG header includes a message type, a connection identifier, and a message length field, where the TMSG header length is smaller than a length of the TCP header.
可选地,Optionally,
所述包过滤模块101中的反向转发单元1011还设置为截取经过的TCP数据报文,如其中的连接信息与所述第一连接信息匹配,则所述TCP数据报 文来自第一TCP连接,将所述TCP数据报文中的目的IP地址和目的端口替换为所述Socket服务器103的IP地址和端口,发送给所述Socket服务器103;The reverse forwarding unit 1011 in the packet filtering module 101 is further configured to intercept the passed TCP data packet, and if the connection information matches the first connection information, the TCP datagram The text is from the first TCP connection, the destination IP address and the destination port in the TCP data packet are replaced with the IP address and port of the Socket server 103, and sent to the Socket server 103;
所述Socket服务器103还包括:The Socket server 103 further includes:
报文处理模块1033,设置为接收来自第一TCP连接的所述TCP数据报文并发送TCP应答报文;The message processing module 1033 is configured to receive the TCP data packet from the first TCP connection and send a TCP response message;
所述包过滤模块101中的前向转发单元1013还设置为将所述Socket服务器103发送给所述客户机的TCP应答报文中的源IP地址和源端口替换为所述第一连接信息中的目的IP地址和目的端口后,发送给所述客户机;The forward forwarding unit 1013 in the packet filtering module 101 is further configured to replace the source IP address and the source port in the TCP response message sent by the Socket server 103 to the client into the first connection information. After the destination IP address and the destination port are sent to the client;
所述卫星侧协议实体20还包括:The satellite side protocol entity 20 further includes:
报文收发模块203,设置为在来自第一TCP连接的所述TCP数据报文的数据部分前封装TMSG头,生成的数据发送报文通过所述卫星链路发送给所述对端网关,所述TMSG头携带与所述第一TCP连接标识关联的所述第二TCP连接标识。The packet sending and receiving module 203 is configured to encapsulate the TMSG header before the data portion of the TCP data packet from the first TCP connection, and the generated data transmission packet is sent to the opposite gateway through the satellite link. The TMSG header carries the second TCP connection identifier associated with the first TCP connection identifier.
可选地,Optionally,
所述卫星侧协议实体20的报文收发模块203还设置为从所述卫星链路接收发送给所述客户机的数据发送报文;The message transceiver module 203 of the satellite side protocol entity 20 is further configured to receive a data transmission message sent to the client from the satellite link;
所述Socket服务器103中的报文处理模块1033还设置为识别所述卫星侧协议实体20接收的数据发送报文,如其中TMSG头的连接标识为所述第一TCP连接标识,则从所述数据发送报文中提取数据部分并封装相应的TCP头,生成的TCP数据报文并通过所述第一TCP连接发送给所述客户机;The message processing module 1033 in the Socket server 103 is further configured to identify a data transmission message received by the satellite side protocol entity 20, such as the connection identifier of the TMSG header being the first TCP connection identifier, Extracting a data part in a data transmission message and encapsulating a corresponding TCP header, and the generated TCP data message is sent to the client through the first TCP connection;
所述包过滤模块101中的前向转发单元1013还设置为将所述Socket服务器103发送给所述客户机的TCP数据报文中的源IP地址和源端口替换为所述第一连接信息中的目的IP地址和目的端口后,发送给所述客户机。The forward forwarding unit 1013 in the packet filtering module 101 is further configured to replace the source IP address and the source port in the TCP data packet sent by the Socket server 103 to the client into the first connection information. After the destination IP address and destination port are sent to the client.
可选地,Optionally,
所述Socket服务器103还包括:The Socket server 103 further includes:
连接维护模块1035,设置为检测到所述第一TCP连接通信中断时,通知所述卫星侧协议实体20第一TCP连接中断;及收到所述卫星侧协议实体20的连接关闭成功的通知后,断开所述第一TCP连接; The connection maintenance module 1035 is configured to notify the satellite side protocol entity 20 that the first TCP connection is interrupted when the first TCP connection communication interruption is detected; and after receiving the notification that the connection of the satellite side protocol entity 20 is successfully closed Disconnecting the first TCP connection;
所述卫星侧协议实体20还包括:The satellite side protocol entity 20 further includes:
连接维护模块205,设置为收到所述Socket服务器的第一TCP连接中断的通知后,通过所述卫星链路向所述对端网关发送请求关闭连接的报文,其中的TMSG头携带所述第二TCP连接标识;及用于在接收到所述对端网关返回的连接关闭成功的应答报文后,通知所述Socket服务器103连接关闭成功。The connection maintenance module 205 is configured to: after receiving the notification that the first TCP connection is interrupted by the Socket server, send, by using the satellite link, a message requesting to close the connection to the opposite gateway, where the TMSG header carries the And the second TCP connection identifier is configured to notify the Socket server 103 that the connection is successfully closed after receiving the response message that the connection returned by the peer gateway is successfully closed.
可选地,Optionally,
所述卫星侧协议实体20的连接维护模块205还设置为在检测到所述卫星链路断开时,向所述Socket服务器103发送所述卫星链路断开的通知;The connection maintenance module 205 of the satellite side protocol entity 20 is further configured to send a notification that the satellite link is disconnected to the Socket server 103 when detecting that the satellite link is disconnected;
所述Socket服务器103的连接维护模块1035还设置为将所述第一TCP连接与所述卫星链路关联;收到所述卫星链路断开的通知后,将与所述卫星链路关联的所有TCP连接断开。The connection maintenance module 1035 of the Socket server 103 is further configured to associate the first TCP connection with the satellite link; after receiving the notification that the satellite link is disconnected, the node associated with the satellite link All TCP connections are broken.
实施例二Embodiment 2
本实施例涉及卫星网络环境下实现TCP传输的方法,应用于双端加速代理PEP中与服务器连接的网关。The embodiment relates to a method for implementing TCP transmission in a satellite network environment, and is applied to a gateway connected to a server in a double-end acceleration proxy PEP.
如图7所示,所述方法包括以下连接建立的处理:As shown in FIG. 7, the method includes the following connection establishment process:
步骤410,接收到与客户机连接的对端网关经卫星链路发送的连接建立请求的报文后,记录其中转换消息TMSG头携带的第一TCP连接标识及数据部分携带的所述客户机与所述对端网关建立的第一TCP连接的第一连接信息,所述第一TCP连接标识用于标识所述第一TCP连接;Step 410: After receiving the packet of the connection establishment request sent by the peer gateway connected to the client via the satellite link, record the first TCP connection identifier carried by the TMSG header and the client and the data part carried by the data part. The first connection information of the first TCP connection established by the peer gateway, where the first TCP connection identifier is used to identify the first TCP connection;
可选地,所述TMSG头包括消息类型、连接标识和消息长度字段,所述TMSG头长度小于TCP头的长度。Optionally, the TMSG header includes a message type, a connection identifier, and a message length field, where the TMSG header length is smaller than a length of the TCP header.
步骤420,与所述服务器建立第二TCP连接,连接建立完成后,通过所述卫星链路向所述对端网关返回连接建立成功的应答报文,其中的TMSG头携带用于标识所述第二TCP连接的第二TCP连接标识;将所述第二TCP连接标识和所述第一TCP连接标识关联。Step 420: Establish a second TCP connection with the server, and after the connection is established, return a connection response message to the peer gateway through the satellite link, where the TMSG header carries the identifier a second TCP connection identifier of the two TCP connections; associating the second TCP connection identifier with the first TCP connection identifier.
可选地,所述方法还包括数据传输的处理,如图8所示,包括: Optionally, the method further includes processing of data transmission, as shown in FIG. 8, including:
步骤510,接收到所述服务器通过所述第二TCP连接发送给所述客户机的TCP数据报文后进行应答,从所述TCP数据报文中提取数据部分并封装TMSG头,生成数据发送报文并通过所述卫星链路发送给所述对端网关,所述TMSG头携带与所述第二TCP连接标识关联的所述第一TCP连接标识;Step 510: After receiving the TCP data packet sent by the server to the client by using the second TCP connection, the system responds, extracts a data part from the TCP data packet, and encapsulates the TMSG header to generate a data transmission report. And sending, by the satellite link, the peer gateway, where the TMSG header carries the first TCP connection identifier associated with the second TCP connection identifier;
步骤520,从所述卫星链路接收到发送给所述服务器的数据发送报文,如其中TMSG头携带的连接标识为所述第二TCP连接标识,则从所述数据发送报文中提取数据部分并封装相应的TCP头,生成的TCP数据报文通过所述第二TCP连接发送给所述服务器。Step 520: Receive a data transmission message sent from the satellite link to the server, where the connection identifier carried by the TMSG header is the second TCP connection identifier, and extract data from the data transmission message. The corresponding TCP header is partially encapsulated, and the generated TCP data packet is sent to the server through the second TCP connection.
可选地,所述方法还可包括连接断开的处理,如图9所示,包括:Optionally, the method may further include a process of disconnection, as shown in FIG. 9, comprising:
步骤610,检测到所述第二TCP连接的通信中断;Step 610: The communication interruption of the second TCP connection is detected.
步骤620,通过所述卫星链路向所述对端网关发送请求关闭连接的报文,其中的TMSG头携带所述第一TCP连接标识;Step 620: Send, by the satellite link, a packet requesting to close the connection to the peer gateway, where the TMSG header carries the first TCP connection identifier;
步骤630,接收到所述对端网关经所述卫星链路返回的连接关闭成功的应答报文后,断开所述第二TCP连接。Step 630: After receiving the response message that the peer gateway returns a successful connection returned by the satellite link, disconnect the second TCP connection.
如果检测到所述卫星链路断开后,则与服务器连接的网关将所述卫星链路关联的所有TCP连接断开。当然,该网关需要在建立第二TCP连接后,将所述第二TCP连接与所述卫星链路相关联。If it is detected that the satellite link is disconnected, the gateway connected to the server disconnects all TCP connections associated with the satellite link. Of course, the gateway needs to associate the second TCP connection with the satellite link after establishing a second TCP connection.
相应地,本实施例还提供了一种应用于双端加速代理PEP中与服务器连接的网关,如图10所示,包括服务器侧协议实体50和卫星侧协议实体60,其中:Correspondingly, the embodiment further provides a gateway connected to the server in the double-ended acceleration proxy PEP. As shown in FIG. 10, the server side protocol entity 50 and the satellite side protocol entity 60 are included, where:
所述卫星侧协议实体60包括:The satellite side protocol entity 60 includes:
连接建立模块601,设置为接收到与客户机连接的对端网关经卫星链路发送的连接建立请求的报文后,记录其中转换消息TMSG头携带的第一TCP连接标识及数据部分携带的第一连接信息,并通知所述服务器侧协议实体50建立与服务器的第二TCP连接;所述第一连接信息为所述对端网关与所述客户机建立的第一TCP连接的连接信息,所述第一TCP连接标识用于标识所述第一TCP连接; The connection establishing module 601 is configured to: after receiving the packet of the connection establishment request sent by the peer gateway connected to the client via the satellite link, record the first TCP connection identifier carried in the TMSG header and the data part carried in the data packet a connection information, and notifying the server side protocol entity 50 to establish a second TCP connection with the server; the first connection information is connection information of the first TCP connection established by the peer gateway and the client, The first TCP connection identifier is used to identify the first TCP connection;
所述服务器侧协议实体50包括:The server side protocol entity 50 includes:
连接建立模块501,设置为收到所述建立TCP连接的通知后,与所述服务器建立所述第二TCP连接,生成用于标识所述第二TCP连接的第二TCP连接标识,通过所述卫星链路向所述对端网关返回连接建立成功的应答报文,携带所述第二TCP连接标识,并通知所述卫星侧协议实体60第二TCP连接建立成功,携带所述第二TCP连接标识;The connection establishing module 501 is configured to: after receiving the notification of establishing the TCP connection, establish the second TCP connection with the server, and generate a second TCP connection identifier for identifying the second TCP connection, by using the The satellite link returns a response message that the connection establishment is successful to the peer gateway, carries the second TCP connection identifier, and notifies the satellite side protocol entity 60 that the second TCP connection is successfully established, and carries the second TCP connection. Identification
所述卫星侧协议实体60的连接建立模块601还设置为收到服务器侧协议实体所述第二TCP连接建立成功的通知后,通过所述卫星链路向所述对端网关返回连接建立成功的应答报文,其中的TMSG头携带所述第二TCP连接标识;将所述第二TCP连接标识和所述第一TCP连接标识关联。The connection establishing module 601 of the satellite side protocol entity 60 is further configured to: after receiving the notification that the second TCP connection is successfully established by the server side protocol entity, returning the connection to the peer gateway through the satellite link. a response message, wherein the TMSG header carries the second TCP connection identifier; and the second TCP connection identifier is associated with the first TCP connection identifier.
可选地,Optionally,
所述服务器侧协议实体50还包括:The server side protocol entity 50 further includes:
报文收发模块503,设置为接收所述服务器通过所述第二TCP连接发送给所述客户机的TCP数据报文并进行应答;The packet sending and receiving module 503 is configured to receive a TCP data packet sent by the server to the client by using the second TCP connection, and respond;
所述卫星侧协议实体60还包括:The satellite side protocol entity 60 further includes:
报文收发模块603,设置为从所述服务器侧协议实体接收的所述TCP数据报文中提取数据部分并封装TMSG头,生成的数据发送报文通过所述卫星链路发送给所述对端网关,其中的TMSG头携带与所述第二TCP连接标识关联的所述第一TCP连接标识。The packet sending and receiving module 603 is configured to extract a data part from the TCP data packet received by the server side protocol entity, and encapsulate a TMSG header, and the generated data sending message is sent to the peer end by using the satellite link. a gateway, wherein the TMSG header carries the first TCP connection identifier associated with the second TCP connection identifier.
可选地,Optionally,
所述卫星侧协议实体60的报文收发模块603还设置为从所述卫星链路接收发送给所述服务器的数据发送报文;The message transceiver module 603 of the satellite side protocol entity 60 is further configured to receive a data transmission message sent to the server from the satellite link;
所述服务器侧协议实体50的报文收发模块503还设置为识别所述卫星侧协议实体60接收的数据发送报文,如其中的TMSG头携带的连接标识为所述第二TCP连接标识,则从所述数据发送报文中提取数据部分并封装相应的TCP头,生成的TCP数据报文通过所述第二TCP连接发送给所述服务器。The packet sending and receiving module 503 of the server side protocol entity 50 is further configured to identify the data sending message received by the satellite side protocol entity 60, such as the connection identifier carried by the TMSG head being the second TCP connection identifier. And extracting a data part from the data sending message and encapsulating a corresponding TCP header, and the generated TCP data message is sent to the server by using the second TCP connection.
可选地,Optionally,
所述卫星侧协议实体60的报文收发模块603封装的所述TMSG头包括 消息类型、连接标识和消息长度字段,所述TMSG头长度小于TCP头的长度。The TMSG header encapsulated by the message transceiver module 603 of the satellite side protocol entity 60 includes The message type, the connection identifier, and the message length field, the TMSG header length being less than the length of the TCP header.
可选地,Optionally,
所述服务器侧协议实体50还包括:The server side protocol entity 50 further includes:
连接维护模块505,设置为检测到所述第二TCP连接的通信中断时,通知所述卫星侧协议实体60第二TCP连接中断;及收到所述卫星侧协议实体60的连接关闭成功的通知后,断开所述第二TCP连接;The connection maintenance module 505 is configured to notify the satellite side protocol entity 60 that the second TCP connection is interrupted when the communication interruption of the second TCP connection is detected, and notify that the connection of the satellite side protocol entity 60 is closed successfully. Afterwards, disconnecting the second TCP connection;
所述卫星侧协议实体60还包括:The satellite side protocol entity 60 further includes:
连接维护模块605,设置为收到第二TCP连接中断的通知后,通过所述卫星链路向所述对端网关发送请求关闭连接的报文,其中的TMSG头携带所述第一TCP连接标识;及收到所述对端网关返回的连接关闭成功的应答报文后,通知所述服务器侧协议实体连接关闭成功。The connection maintenance module 605 is configured to: after receiving the notification that the second TCP connection is interrupted, send, by the satellite link, a message requesting to close the connection to the opposite gateway, where the TMSG header carries the first TCP connection identifier After receiving the response message that the connection returned by the peer gateway is successfully closed, the server side protocol entity is notified that the connection is successfully closed.
可选地,Optionally,
所述卫星侧协议实体60的连接维护模块605还设置为在检测到所述卫星链路断开时,向所述服务器侧协议实体50发送所述卫星链路断开的通知;The connection maintenance module 605 of the satellite side protocol entity 60 is further configured to send a notification that the satellite link is disconnected to the server side protocol entity 50 when detecting that the satellite link is disconnected;
所述服务器侧协议实体50的连接维护模块505还设置为将所述第二TCP连接与所述卫星链路关联;在收到所述卫星链路断开的通知后,将与所述卫星链路关联的所有TCP连接断开。The connection maintenance module 505 of the server side protocol entity 50 is further configured to associate the second TCP connection with the satellite link; after receiving the notification that the satellite link is disconnected, the satellite chain All TCP connections associated with the road are broken.
上述实施例在双端PEP场景下,两个网关分别针对服务器和客户机使用TCP欺骗,在无需对服务器和客户机的协议栈进行改动的情况下,实现了客户机和服务器之间TCP传输的相关处理,还可以通过将TCP头置换为更为简单的TMSG头,对IP+TCP头部进行转换和压缩,减少了对带宽的占用。In the above embodiment, in the dual-ended PEP scenario, the two gateways use TCP spoofing for the server and the client respectively, and implement TCP transmission between the client and the server without modifying the protocol stack of the server and the client. Correlation processing can also reduce the bandwidth occupation by replacing the TCP header with a simpler TMSG header to convert and compress the IP+TCP header.
下面再以一个应用示例,从整体上对本发明实施例方法和网关进行说明。The method and gateway of the embodiment of the present invention will be described as a whole with an application example.
图11示出了上述实施例涉及的客户机、与客户机连接的网关、与服务器连接的网关以及服务器上的协议栈的示意图。11 is a diagram showing a client according to the above embodiment, a gateway connected to the client, a gateway connected to the server, and a protocol stack on the server.
客户机(Client)和服务器上的协议栈均包括TCP、IP和MAC,无需变 化。The protocol stack on both the client and the server includes TCP, IP, and MAC. Chemical.
与客户机连接的网关上,与客户机连接的一侧的协议栈包括:TCP、IP和MAC,物理层协议栈未示出。如上述实施例一中的说明,需要在物理层中设置包过滤模块101,与TCP层中的Socket服务器103配合,实现对客户机的TCP欺骗(即客户机与该网关通信时,会认为对端就是服务器)。该网关与卫星网络连接一侧的协议栈包括:TMSG和RMAC(可靠的物理层传输协议),TMSG协议用于对报文进行TMSG头的封装和解封装,RMAC协议可以使用多种基于卫星链路的通信协议,如可以是针对卫星链路改进的TCP协议,或者专门针对卫星网络而设计的专有协议等,本发明实施例不做局限。On the gateway connected to the client, the protocol stack on the side connected to the client includes: TCP, IP, and MAC, and the physical layer protocol stack is not shown. As described in the first embodiment, the packet filtering module 101 needs to be set in the physical layer, and cooperates with the Socket server 103 in the TCP layer to implement TCP spoofing to the client (that is, when the client communicates with the gateway, it is considered to be The end is the server). The protocol stack on the side of the gateway and the satellite network includes: TMSG and RMAC (Reliable Physical Layer Transport Protocol). The TMSG protocol is used to encapsulate and decapsulate the TMSG header. The RMAC protocol can use multiple satellite-based links. The communication protocol, for example, may be a TCP protocol modified for a satellite link, or a proprietary protocol designed specifically for a satellite network, etc., which is not limited by the embodiment of the present invention.
与服务器连接的网关上,与卫星网络连接一侧的协议栈包括:TMSG和RMAC,同样,TMSG协议用于对报文进行TMSG头的封装和解封装,RMAC协议是基于卫星链路的通信协议。On the gateway connected to the server, the protocol stack on the side connected to the satellite network includes: TMSG and RMAC. Similarly, the TMSG protocol is used to encapsulate and decapsulate the TMSG header of the message, and the RMAC protocol is a communication protocol based on the satellite link.
下面描述本示例的连接建立、数据传输以及连接关闭的处理步骤。其中:The processing steps of connection establishment, data transmission, and connection shutdown of this example are described below. among them:
建立过程包括:The establishment process includes:
1)客户机向服务器发起TCP连接请求;1) The client initiates a TCP connection request to the server;
2)连接请求经过GW1时,GW1截获请求报文,记录TCP连接信息;2) When the connection request passes through GW1, GW1 intercepts the request message and records the TCP connection information;
3)GW1对客户机进行TCP欺骗,发送伪应答,同时向GW2发起建链请求;3) GW1 performs TCP spoofing on the client, sends a pseudo-answer, and initiates a chain-building request to GW2;
4)GW2收到后,记录相关信息,然后根据GW1发送的建链请求里面所带的信息,由GW2与服务器建立TCP连接,TCP建立成功后向GW1回应建链成功消息;4) After receiving the GW2, record the relevant information, and then establish a TCP connection with the server according to the information contained in the link establishment request sent by GW1, and after the TCP is successfully established, respond to the GW1 with a link establishment success message;
5)双方建立连接成功。5) The two parties have established a successful connection.
一种示例性的处理步骤,包括:An exemplary processing step comprising:
1)客户向服务器发起TCP连接请求;1) The client initiates a TCP connection request to the server;
2)连接请求经过GW1时,GW1底层协议栈包过滤模块101截获请求报文,记录TCP连接信息,包括源IP,源端口,目的IP和目的端口;2) When the connection request passes through GW1, the GW1 underlying protocol stack packet filtering module 101 intercepts the request packet, and records the TCP connection information, including the source IP address, the source port, the destination IP address, and the destination port.
3)GW1上包过滤模块101将该请求报文的目的IP替换GW1的IP,目 的端口替换为10086,送到GW1上层的Socket服务器103,Socket服务器103收到TCP请求消息,对该请求进行应答,应答消息发送给客户机的过程中,经过GW1底层,包过滤模块101从记录表里查找第二步中记录的连接信息,如果能找到,则将该应答消息的源IP和源端口替换为表中记录的服务器的IP和端口;3) The GW1 packet filtering module 101 replaces the destination IP of the request packet with the IP of the GW1. The port is replaced by 10086, and is sent to the Socket server 103 of the upper layer of the GW1. The Socket server 103 receives the TCP request message, responds to the request, and sends a response message to the client, passing through the GW1 bottom layer, and the packet filtering module 101 records from the port. Find the connection information recorded in the second step in the table. If it can be found, replace the source IP address and source port of the response message with the IP address and port of the server recorded in the table.
4)客户机收到该应答消息,认为是真实服务器发送过来的,回应TCP三次握手中的第三条报文,该报文经过GW1时底层抓包模块时同样也被替换掉目的IP和目的端口,发往GW1的上层Socket服务器103,至此客户机与GW1之间的TCP连接建立完毕,GW1上会生成一个该连接对应的Socket ID,用作TMSG头中的连接标识;4) The client receives the response message and considers that it is sent by the real server, and responds to the third packet in the TCP three-way handshake. When the packet passes through the GW1, the underlying packet capture module is also replaced with the destination IP and destination. The port is sent to the upper Socket server 103 of the GW1. After the TCP connection between the client and the GW1 is established, the Socket ID corresponding to the connection is generated on the GW1, and is used as the connection identifier in the TMSG header.
5)客户机与GW1之间TCP Socket建立完成后,GW1向GW2发送连接请求,封装TMSG头,消息类型为请求建立连接,连接标识填第四步中记录的Socket ID(GW1SID),报文内容为第二步中记录的客户机的源IP源端口,以及服务器的IP和端口;5) After the TCP Socket is established between the client and GW1, GW1 sends a connection request to GW2, encapsulates the TMSG header, and the message type is to request to establish a connection. The connection identifier fills in the Socket ID (GW1SID) recorded in the fourth step, and the message content. The source IP source port of the client recorded in the second step, and the IP address and port of the server;
6)GW2收到后请求,记录报文中携带的源IP,源端口,目的IP,目的端口以及Socket ID,然后向服务器建立TCP连接,TCP三次握手建立成功后,生成一个本端的Socket ID(GW2SID),向GW1回应建链成功消息,封装TMSG头,消息类型为连接建立成功,连接标识填写为GW2SID,报文内容为空;6) After receiving the request, GW2 records the source IP address, source port, destination IP address, destination port, and Socket ID carried in the packet, and then establishes a TCP connection to the server. After the TCP three-way handshake is successfully established, a local Socket ID is generated. GW2SID), responding to the GW1 to establish a link success message, encapsulating the TMSG header, the message type is successful, the connection identifier is filled in as GW2SID, and the message content is empty;
7)GW1收到连接建立成功的报文,记录下GW2SID;7) GW1 receives the message that the connection is successfully established, and records the GW2SID;
8)双方建立连接成功。8) The two parties have established a successful connection.
客户机->服务器方向的数据传输过程包括:The client->server direction data transfer process includes:
1)客户机发送数据到服务器上;1) The client sends data to the server;
2)GW1收到后,截获数据报文,取出需要传输的内容,封装TMSG头,通过RMAC协议发送到GW2上去,同时对客户机进行伪应答;2) After receiving the GW1, the GW1 intercepts the data packet, extracts the content to be transmitted, encapsulates the TMSG header, and sends it to the GW2 through the RMAC protocol, and simultaneously performs a pseudo-response to the client;
3)GW2收到后,取出数据内容,通过和服务器建好的TCP链路发送给服务器; 3) After receiving GW2, the data content is taken out and sent to the server through a TCP link established with the server;
4)服务器收到数据后转发到应用层进行处理。4) After receiving the data, the server forwards it to the application layer for processing.
一种示例性的处理步骤,包括:An exemplary processing step comprising:
1)客户发送数据到服务器上;1) The client sends the data to the server;
2)GW1收到该报文后,通过包过滤模101块收到客户发送的TCP数据报文后,查表通过源IP,源端口,目的IP,目的端口来判断是否存在连接请求记录,不存在则丢弃。存在,则修改TCP数据报文的目的IP地址修改为GW1的IP地址,目的端口修改为10086,送至上层Socket服务器103,GW1上层Socket服务器103对该数据报文进行应答,至底层包过滤模块101,查表替换源IP源端口送至客户机,其处理步骤类似连接建立过程;2) After receiving the packet, GW1 receives the TCP data packet sent by the client through the packet filtering module 101, and then checks whether the connection request record exists through the source IP address, the source port, the destination IP address, and the destination port. Discard if it exists. If yes, the destination IP address of the modified TCP data packet is changed to the IP address of GW1, the destination port is modified to 10086, and sent to the upper layer Socket server 103. The GW1 upper layer Socket server 103 responds to the data packet to the underlying packet filtering module. 101. The lookup table replaces the source IP source port and sends it to the client, and the processing step is similar to the connection establishment process;
3)GW1上层Socket服务器103取出TCP报文数据内容,封装TMSG头发送到GW2上,消息类型封装为数据发送,标识连接封装为建立连接时记录的GW2SID;3) GW1 upper layer Socket server 103 takes out the TCP packet data content, encapsulates the TMSG hair to be sent to GW2, and the message type encapsulation is data transmission, and the identifier connection encapsulation is the GW2SID recorded when the connection is established;
3)GW2收到该报文后,从中取出数据内容,根据TSMG头中的GW2SID,查找对应的TCP连接,将数据转发到服务器上。3) After receiving the message, GW2 extracts the data content, searches for the corresponding TCP connection according to the GW2SID in the TSMG header, and forwards the data to the server.
服务器->客户机方向的数据传输过程包括:The server->client direction data transfer process includes:
1)服务器发送数据到客户机上;1) The server sends data to the client;
2)GW2收到后,取出数据内容,封装TMSG头,通过RMAC协议发送到GW1上,由于服务器是与GW2建立的TCP连接,所以直接由GW2的协议栈直接给服务器回送应答;2) After receiving GW2, the data content is taken out, and the TMSG header is encapsulated and sent to GW1 through the RMAC protocol. Since the server is a TCP connection established with GW2, the protocol stack directly sent by GW2 directly sends a response to the server;
3)GW1收到GW2发送的RMAC报文,取出数据,转换成TCP报文,同时将源IP和源端口换成服务器的源IP和源端口,发送给客户;3) GW1 receives the RMAC packet sent by GW2, extracts the data, converts it into a TCP packet, and replaces the source IP address and the source port with the source IP address and source port of the server, and sends the source IP address and the source port to the client.
4)客户收到数据,转发到应用层进行处理。4) The customer receives the data and forwards it to the application layer for processing.
一种示例性的处理步骤,包括:An exemplary processing step comprising:
1)服务器发送数据到客户机;1) The server sends data to the client;
2)GW2收到服务器发送过来的数据,取出数据,封装TMSG头发送到GW1上,消息类型为数据发送,标识连接为建立连接时记录的GW1SID; 2) GW2 receives the data sent by the server, extracts the data, encapsulates the TMSG hair and sends it to GW1, and the message type is data transmission, and identifies the GW1SID recorded when the connection is established;
3)GW1收到该报文后,取出GW1SID,查找对应的TCP连接,将报文发送至客户机;3) After receiving the packet, GW1 takes out the GW1SID, finds the corresponding TCP connection, and sends the packet to the client.
4)底层包过滤模块截获该报文,后查找连接建立过程中记录的表信息,替换源IP为服务器IP,源端口为服务器端口;4) The underlying packet filtering module intercepts the packet, and then searches for the table information recorded during the connection establishment process, replacing the source IP with the server IP, and the source port is the server port;
5)客户收到数据后,送至上层应用。5) After the customer receives the data, it is sent to the upper application.
客户机断开连接的过程包括:The process of disconnecting a client includes:
1)GW1检测到与客户机之间的TCP连接的通信中断,向GW2发送断开连接请求;1) GW1 detects a communication interruption of the TCP connection with the client, and sends a disconnection request to GW2;
2)GW2收到后关闭与服务器之间的TCP连接,同时清除记录的该连接相关信息,完成后向GW1发送关闭成功消息;2) After receiving the GW2, the TCP connection between the server and the server is closed, and the recorded connection related information is cleared, and the shutdown success message is sent to the GW1 after completion;
3)GW1收到消息,关闭与客户之间对应的TCP连接,同时清除相关信息。3) GW1 receives the message, closes the corresponding TCP connection with the client, and clears the relevant information.
一种示例性的处理步骤,包括:An exemplary processing step comprising:
1)GW1检测到与客户机的TCP连接的通信中断:1) GW1 detects a communication interruption with the client's TCP connection:
2)GW1向GW2发送关闭连接请求,封装TMSG头,消息类型为连接关闭,连接标示符为GW2SID,报文内容为空;2) GW1 sends a close connection request to GW2, encapsulates the TMSG header, the message type is closed, the connection identifier is GW2SID, and the message content is empty;
3)GW2收到该请求后,取出GW2SID,关闭与服务器之间的TCP连接,同时向GW1发送关闭成功消息,封装TMSG头,消息类型为连接关闭成功;3) After receiving the request, GW2 takes out the GW2SID, closes the TCP connection with the server, and sends a shutdown success message to GW1, encapsulating the TMSG header, and the message type is that the connection is successfully closed;
4)GW1收到回应消息,关闭与客户机之间的TCP连接。4) GW1 receives the response message and closes the TCP connection with the client.
服务器断开连接的过程包括:The process of disconnecting the server includes:
1)GW2检测到与服务器之间的TCP连接的通信中断,向GW1发送断开连接请求;1) GW2 detects a communication interruption of the TCP connection with the server, and sends a disconnection request to GW1;
2)GW1收到请求后,关闭与客户机之间的TCP连接,同时清除记录的该连接相关信息,完成后向GW2发送关闭成功消息;2) After receiving the request, GW1 closes the TCP connection with the client, and clears the recorded connection related information, and sends a shutdown success message to GW2 after completion;
3)GW2收到消息,关闭与服务器之间的连接,同时清除相关信息。 3) GW2 receives the message, closes the connection with the server, and clears the relevant information.
一种示例性的处理步骤,包括:An exemplary processing step comprising:
1)GW2检测到与服务器之间的TCP连接的通信中断;1) GW2 detects that the communication of the TCP connection with the server is interrupted;
2)GW2向GW1发送关闭连接请求,封装TMSG头,消息类型为连接关闭,连接标示符为GW1SID,报文内容为空;2) GW2 sends a close connection request to GW1, encapsulates the TMSG header, the message type is closed, the connection identifier is GW1SID, and the message content is empty;
3)GW1收到该请求后,取出GW1SID,关闭与客户机之间的TCP连接,同时向GW2发送关闭成功消息,封装TMSG头,消息类型为连接关闭成功;3) After receiving the request, GW1 takes out the GW1SID, closes the TCP connection with the client, and sends a shutdown success message to GW2, encapsulating the TMSG header, and the message type is that the connection is successfully closed;
4)GW2收到回应消息,断开与服务器之间的TCP连接。4) GW2 receives the response message and disconnects the TCP connection with the server.
卫星链路断开后的处理包括:The processing after the satellite link is disconnected includes:
1)GW1底层RMAC协议检测到卫星链路断开,关闭与客户机之间所有与该卫星链路关联的TCP连接;1) The underlying RMAC protocol of GW1 detects that the satellite link is disconnected, and closes all TCP connections associated with the satellite link with the client;
2)GW2底层RMAC协议检测到卫星链路断开,关闭与服务器之间所有与该卫星链路关联的TCP连接。2) The underlying RMAC protocol of GW2 detects the disconnection of the satellite link and closes all TCP connections associated with the satellite link with the server.
本领域普通技术人员可以理解上述方法中的全部或部分步骤可通过程序来指令相关硬件完成,所述程序可以存储于计算机可读存储介质中,如只读存储器、磁盘或光盘等。可选地,上述实施例的全部或部分步骤也可以使用一个或多个集成电路来实现,相应地,上述实施例中的各模块/单元可以采用硬件的形式实现,也可以采用软件功能模块的形式实现。本发明实施例不限制于任何特定形式的硬件和软件的结合。One of ordinary skill in the art will appreciate that all or a portion of the steps described above can be accomplished by a program that instructs the associated hardware, such as a read-only memory, a magnetic or optical disk, and the like. Optionally, all or part of the steps of the foregoing embodiments may also be implemented by using one or more integrated circuits. Accordingly, each module/unit in the foregoing embodiment may be implemented in the form of hardware, or may be implemented by using a software function module. Formal realization. Embodiments of the invention are not limited to any specific form of combination of hardware and software.
工业实用性Industrial applicability
上述方案在双端PEP场景下,两个网关分别针对服务器和客户机使用TCP欺骗,在无需对服务器和客户机的协议栈进行改动的情况下,实现了客户机和服务器之间TCP传输的相关处理,还可以通过将TCP头置换为更为简单的TMSG头,减少了对带宽的占用。 In the dual-ended PEP scenario, the two gateways use TCP spoofing for servers and clients respectively, and implement TCP transmission between the client and the server without changing the protocol stack of the server and the client. Processing can also reduce bandwidth usage by replacing the TCP header with a simpler TMSG header.

Claims (22)

  1. 一种卫星网络环境下实现传输控制协议TCP传输的方法,其特征在于,应用于双端加速代理PEP中与客户机连接的网关,所述方法包括以下连接建立的处理:A method for implementing a transmission control protocol TCP transmission in a satellite network environment, characterized in that it is applied to a gateway connected to a client in a double-ended acceleration proxy PEP, and the method includes the following connection establishment processing:
    截取客户机发送给服务器的TCP连接请求,从中提取第一连接信息并向所述客户机发送伪应答,与所述客户机建立第一TCP连接;Intercepting a TCP connection request sent by the client to the server, extracting the first connection information therefrom, and sending a pseudo response to the client, establishing a first TCP connection with the client;
    以所述第一连接信息为数据部分并封装转换消息TMSG头,生成请求建立连接的报文并通过卫星链路发送给与所述服务器连接的对端网关,所述TMSG头携带用于标识所述第一TCP连接的第一TCP连接标识;And using the first connection information as a data part and encapsulating the conversion message TMSG header, generating a message requesting to establish a connection and sending the message to the opposite gateway connected to the server by using a satellite link, where the TMSG header is carried by the identifier Determining a first TCP connection identifier of the first TCP connection;
    接收到所述对端网关返回的连接建立成功的应答报文后,记录其中TMSG头携带的第二TCP连接标识并与所述第一TCP连接标识关联,所述第二TCP连接标识为所述对端网关和所述服务器建立的TCP连接的标识。After receiving the response message that the connection is successfully established by the peer gateway, the second TCP connection identifier carried in the TMSG header is recorded and associated with the first TCP connection identifier, where the second TCP connection identifier is The identifier of the TCP connection established between the peer gateway and the server.
  2. 如权利要求1所述的方法,其中:The method of claim 1 wherein:
    所述TMSG头包括消息类型、连接标识和消息长度字段,所述TMSG头长度小于TCP头的长度。The TMSG header includes a message type, a connection identifier, and a message length field, and the TMSG header length is less than a length of the TCP header.
  3. 如权利要求1或2所述的方法,所述方法还包括以下数据传输的处理:The method of claim 1 or 2, the method further comprising the following processing of data transmission:
    截取所述客户机通过第一TCP连接发送给所述服务器的TCP数据报文并进行应答,从所述TCP数据报文中提取数据部分并封装TMSG头,生成的数据发送报文通过所述卫星链路发送给所述对端网关,所述TMSG头携带与所述第一TCP连接标识关联的所述第二TCP连接标识;及Intercepting and responding to the TCP data packet sent by the client to the server through the first TCP connection, extracting a data part from the TCP data packet, and encapsulating the TMSG header, and generating the generated data transmission message through the satellite Sending a link to the peer gateway, the TMSG header carrying the second TCP connection identifier associated with the first TCP connection identifier; and
    从所述卫星链路接收数据发送报文,如其中TMSG头的连接标识为所述第一TCP连接标识,则从所述数据发送报文中提取数据部分并封装相应的TCP头,生成的TCP数据报文通过所述第一TCP连接发送给所述客户机。Receiving a data transmission message from the satellite link, where the connection identifier of the TMSG header is the first TCP connection identifier, extracting a data part from the data transmission message and encapsulating a corresponding TCP header, and generating a TCP A data message is sent to the client over the first TCP connection.
  4. 如权利要求1或2所述的方法,所述方法还包括以下连接断开的处理:The method of claim 1 or 2, further comprising the following process of disconnection:
    检测到所述第一TCP连接的通信中断;A communication interruption of the first TCP connection is detected;
    通过所述卫星链路向所述对端网关发送请求关闭连接的报文,其中的TMSG头携带所述第二TCP连接标识; Transmitting, by the satellite link, a packet requesting to close the connection to the peer gateway, where the TMSG header carries the second TCP connection identifier;
    接收到所述对端网关返回的连接关闭成功的应答报文后,断开所述第一TCP连接。After receiving the response message that the connection returned by the peer gateway is successfully closed, the first TCP connection is disconnected.
  5. 如权利要求1或2所述的方法,其中,所述连接建立的处理还包括:将所述第一TCP连接与所述卫星链路关联;The method of claim 1 or 2, wherein the process of establishing the connection further comprises associating the first TCP connection with the satellite link;
    所述方法还包括以下连接断开的处理:检测到所述卫星链路断开,将与所述卫星链路关联的所有TCP连接断开。The method also includes the following process of disconnection: detecting that the satellite link is down, disconnecting all TCP connections associated with the satellite link.
  6. 一种应用于双端加速代理PEP中与客户机连接的网关,包括用户侧协议实体和第一卫星侧协议实体,其中:A gateway for connecting to a client in a double-ended acceleration proxy PEP, comprising a user side protocol entity and a first satellite side protocol entity, wherein:
    所述用户侧协议实体包括底层的包过滤模块和上层的套接字Socket服务器;The user side protocol entity includes an underlying packet filtering module and an upper layer socket Socket server;
    所述包过滤模块包括:The packet filtering module includes:
    反向转发单元,设置为截取客户机与服务器建立TCP连接时发送的连接请求报文和ACK报文,将报文中的目的IP地址和目的端口替换为所述Socket服务器的IP地址和端口后发送给所述Socket服务器;其中,截取所述连接请求报文时,还记录其中包括源IP地址、源端口、目的IP地址和目的端口的第一连接信息并发送给所述Socket服务器;以及The reverse forwarding unit is configured to intercept the connection request message and the ACK message sent when the client establishes a TCP connection with the server, and replace the destination IP address and the destination port in the packet with the IP address and port of the Socket server. Sending to the Socket server; wherein, when the connection request message is intercepted, the first connection information including the source IP address, the source port, the destination IP address, and the destination port is also recorded and sent to the Socket server;
    前向转发单元,设置为将所述Socket服务器发送给所述客户机的ACK报文中的源IP地址和源端口替换为所述第一连接信息中的目的IP地址和目的端口后,发送给所述客户机;a forward forwarding unit, configured to replace the source IP address and the source port in the ACK packet sent by the Socket server to the client with the destination IP address and the destination port in the first connection information, and send the The client;
    所述Socket服务器包括:第一连接建立模块,设置为收到包过滤模块发送的所述连接请求报文和第一连接信息后,向客户机发送ACK报文;及在收到包过滤模块发送的所述ACK报文后,建立与所述客户机的第一TCP连接并生成第一TCP连接标识,通知所述第一卫星侧协议实体第一TCP连接建立成功,携带所述第一连接信息;The Socket server includes: a first connection establishing module, configured to: after receiving the connection request message and the first connection information sent by the packet filtering module, send an ACK message to the client; and send the packet filtering module After the ACK message, the first TCP connection with the client is established, and a first TCP connection identifier is generated to notify the first satellite side protocol entity that the first TCP connection is successfully established, and the first connection information is carried. ;
    所述第一卫星侧协议实体包括:第二连接建立模块,设置为收到所述Socket服务器的第一TCP连接建立成功的通知后,以所述第一连接信息为数据部分并封装转换消息TMSG头,生成请求建立连接的报文并通过卫星链路发送给对端网关,所述TMSG头携带所述第一TCP连接标识;及设置为收到 所述对端网关通过所述卫星链路返回的连接建立成功的应答报文后,记录其中TMSG头携带的第二TCP连接标识并与所述第一TCP连接标识关联,所述第二TCP连接标识为所述对端网关和所述服务器建立的TCP连接的标识。The first satellite side protocol entity includes: a second connection establishing module, configured to: after receiving the notification that the first TCP connection is successfully established by the Socket server, using the first connection information as a data part and encapsulating the conversion message TMSG Header, generating a message requesting to establish a connection and transmitting the message to the opposite gateway through a satellite link, the TMSG header carrying the first TCP connection identifier; and being set to receive After the peer gateway establishes a successful response message through the connection returned by the satellite link, the second TCP connection identifier carried in the TMSG header is recorded and associated with the first TCP connection identifier, and the second TCP connection is Identifying an identifier of a TCP connection established by the peer gateway and the server.
  7. 如权利要求6所述的网关,其中:The gateway of claim 6 wherein:
    所述第一卫星侧协议实体的第二连接建立模块封装的所述TMSG头包括消息类型、连接标识和消息长度字段,所述TMSG头长度小于TCP头的长度。The TMSG header encapsulated by the second connection establishment module of the first satellite side protocol entity includes a message type, a connection identifier, and a message length field, and the TMSG header length is smaller than a length of the TCP header.
  8. 如权利要求6或7所述的网关,其中:A gateway as claimed in claim 6 or claim 7, wherein:
    所述包过滤模块中的反向转发单元还设置为截取经过的TCP数据报文,如其中的连接信息与所述第一连接信息匹配,则所述TCP数据报文来自第一TCP连接,将所述TCP数据报文中的目的IP地址和目的端口替换为所述Socket服务器的IP地址和端口,发送给所述Socket服务器;The reverse forwarding unit in the packet filtering module is further configured to intercept the passed TCP data packet. If the connection information matches the first connection information, the TCP data packet is from the first TCP connection, and the TCP data packet is sent from the first TCP connection. The destination IP address and the destination port in the TCP data packet are replaced with the IP address and port of the Socket server, and sent to the Socket server;
    所述Socket服务器还包括:报文处理模块,设置为接收来自第一TCP连接的所述TCP数据报文并发送TCP应答报文;The Socket server further includes: a message processing module, configured to receive the TCP data packet from the first TCP connection and send a TCP response message;
    所述包过滤模块中的前向转发单元还设置为将所述Socket服务器发送给所述客户机的TCP应答报文中的源IP地址和源端口替换为所述第一连接信息中的目的IP地址和目的端口后,发送给所述客户机;The forward forwarding unit in the packet filtering module is further configured to replace the source IP address and the source port in the TCP response message sent by the Socket server to the client with the destination IP in the first connection information. After the address and the destination port are sent to the client;
    所述第一卫星侧协议实体还包括:第一报文收发模块,设置为在来自第一TCP连接的所述TCP数据报文的数据部分前封装TMSG头,生成的数据发送报文通过所述卫星链路发送给所述对端网关,所述TMSG头携带与所述第一TCP连接标识关联的所述第二TCP连接标识。The first satellite side protocol entity further includes: a first packet sending and receiving module, configured to encapsulate a TMSG header before the data portion of the TCP data packet from the first TCP connection, and the generated data sending message passes the A satellite link is sent to the correspondent gateway, and the TMSG header carries the second TCP connection identifier associated with the first TCP connection identifier.
  9. 如权利要求8所述的网关,其中:The gateway of claim 8 wherein:
    所述第一卫星侧协议实体的第一报文收发模块还设置为从所述卫星链路接收发送给所述客户机的数据发送报文;The first packet transceiver module of the first satellite side protocol entity is further configured to receive a data transmission message sent to the client from the satellite link;
    所述Socket服务器中的报文处理模块还设置为识别所述第一卫星侧协议实体接收的数据发送报文,如其中TMSG头的连接标识为所述第一TCP连接标识,则从所述数据发送报文中提取数据部分并封装相应的TCP头,生成的TCP数据报文并通过所述第一TCP连接发送给所述客户机;The packet processing module in the Socket server is further configured to identify a data transmission message received by the first satellite side protocol entity, where the connection identifier of the TMSG header is the first TCP connection identifier, then the data is sent from the data. Extracting a data part in the sending message and encapsulating a corresponding TCP header, and the generated TCP data message is sent to the client through the first TCP connection;
    所述包过滤模块中的前向转发单元还设置为将所述Socket服务器发送给 所述客户机的TCP数据报文中的源IP地址和源端口替换为所述第一连接信息中的目的IP地址和目的端口后,发送给所述客户机。The forward forwarding unit in the packet filtering module is further configured to send the Socket server to After the source IP address and the source port in the TCP data packet of the client are replaced with the destination IP address and the destination port in the first connection information, the source IP address and the destination port are sent to the client.
  10. 如权利要求6或7或9所述的网关,其中:A gateway as claimed in claim 6 or 7 or 9 wherein:
    所述Socket服务器还包括:第一连接维护模块,设置为检测到所述第一TCP连接通信中断时,通知所述第一卫星侧协议实体第一TCP连接中断;及收到所述第一卫星侧协议实体的连接关闭成功的通知后,断开所述第一TCP连接;The Socket server further includes: a first connection maintenance module, configured to notify the first satellite side protocol entity that the first TCP connection is interrupted when detecting that the first TCP connection communication is interrupted; and receiving the first satellite After the connection of the side protocol entity is closed successfully, the first TCP connection is disconnected;
    所述第一卫星侧协议实体还包括:第二连接维护模块,设置为收到所述Socket服务器的第一TCP连接中断的通知后,通过所述卫星链路向所述对端网关发送请求关闭连接的报文,其中的TMSG头携带所述第二TCP连接标识;及设置为于在接收到所述对端网关返回的连接关闭成功的应答报文后,通知所述Socket服务器连接关闭成功。The first satellite side protocol entity further includes: a second connection maintenance module, configured to send a request to the peer gateway to close by using the satellite link after receiving the notification that the first TCP connection is interrupted by the Socket server The connected message, wherein the TMSG header carries the second TCP connection identifier; and is configured to notify the Socket server that the connection is successfully closed after receiving the response message that the connection returned by the opposite gateway is successfully closed.
  11. 如权利要求10所述的网关,其中:The gateway of claim 10 wherein:
    所述第一卫星侧协议实体的第二连接维护模块还设置为在检测到所述卫星链路断开时,向所述Socket服务器发送所述卫星链路断开的通知;The second connection maintenance module of the first satellite side protocol entity is further configured to send a notification that the satellite link is disconnected to the Socket server when detecting that the satellite link is disconnected;
    所述Socket服务器的第一连接维护模块还设置为将所述第一TCP连接与所述卫星链路关联;收到所述卫星链路断开的通知后,将与所述卫星链路关联的所有TCP连接断开。The first connection maintenance module of the Socket server is further configured to associate the first TCP connection with the satellite link; after receiving the notification that the satellite link is disconnected, the node is associated with the satellite link All TCP connections are broken.
  12. 一种卫星网络环境下实现TCP传输的方法,其特征在于,应用于双端加速代理PEP中与服务器连接的网关,所述方法包括以下连接建立的处理:A method for implementing TCP transmission in a satellite network environment, characterized in that it is applied to a gateway connected to a server in a double-end acceleration proxy PEP, and the method includes the following connection establishment processing:
    接收到与客户机连接的对端网关经卫星链路发送的连接建立请求的报文后,记录其中转换消息TMSG头携带的第一TCP连接标识及数据部分携带的所述客户机与所述对端网关建立的第一TCP连接的第一连接信息,所述第一TCP连接标识用于标识所述第一TCP连接;After receiving the packet of the connection establishment request sent by the peer gateway connected to the client via the satellite link, recording the first TCP connection identifier carried by the switching message TMSG header and the client carried by the data part and the pair The first connection information of the first TCP connection established by the end gateway, where the first TCP connection identifier is used to identify the first TCP connection;
    与所述服务器建立第二TCP连接,连接建立完成后,通过所述卫星链路向所述对端网关返回连接建立成功的应答报文,其中的TMSG头携带用于标识所述第二TCP连接的第二TCP连接标识;将所述第二TCP连接标识和所述第一TCP连接标识关联。 Establishing a second TCP connection with the server, and after the connection is established, returning a connection establishment success message to the opposite gateway through the satellite link, where the TMSG header carries the identifier for identifying the second TCP connection. a second TCP connection identifier; associating the second TCP connection identifier with the first TCP connection identifier.
  13. 如权利要求12所述的方法,其中:The method of claim 12 wherein:
    所述TMSG头包括消息类型、连接标识和消息长度字段,所述TMSG头长度小于TCP头的长度。The TMSG header includes a message type, a connection identifier, and a message length field, and the TMSG header length is less than a length of the TCP header.
  14. 如权利要求11或12所述的方法,所述方法还包括以下数据传输的处理:The method of claim 11 or 12, the method further comprising the following processing of data transmission:
    接收到所述服务器通过所述第二TCP连接发送给所述客户机的TCP数据报文后进行应答,从所述TCP数据报文中提取数据部分并封装TMSG头,生成数据发送报文并通过所述卫星链路发送给所述对端网关,所述TMSG头携带与所述第二TCP连接标识关联的所述第一TCP连接标识;及Receiving, by the server, the TCP data packet sent to the client by using the second TCP connection, responding, extracting the data part from the TCP data packet, and encapsulating the TMSG header, generating a data transmission packet and passing the packet Sending the satellite link to the peer gateway, the TMSG header carrying the first TCP connection identifier associated with the second TCP connection identifier; and
    从所述卫星链路接收到发送给所述服务器的数据发送报文,如其中TMSG头携带的连接标识为所述第二TCP连接标识,则从所述数据发送报文中提取数据部分并封装相应的TCP头,生成的TCP数据报文通过所述第二TCP连接发送给所述服务器。Receiving, by the satellite link, a data transmission message sent to the server, where the connection identifier carried by the TMSG header is the second TCP connection identifier, extracting a data part from the data transmission message and encapsulating The corresponding TCP header, the generated TCP data message is sent to the server through the second TCP connection.
  15. 如权利要求11或12所述的方法,所述方法还包括以下连接断开的处理:The method according to claim 11 or 12, further comprising the following process of disconnection:
    检测到所述第二TCP连接的通信中断;A communication interruption of the second TCP connection is detected;
    通过所述卫星链路向所述对端网关发送请求关闭连接的报文,其中的TMSG头携带所述第一TCP连接标识;Transmitting, by the satellite link, a packet requesting to close the connection to the peer gateway, where the TMSG header carries the first TCP connection identifier;
    接收到所述对端网关经所述卫星链路返回的连接关闭成功的应答报文后,断开所述第二TCP连接。After receiving the response message that the peer gateway returns a successful connection returned by the satellite link, the second TCP connection is disconnected.
  16. 如权利要求11或12所述的方法,其中,所述连接建立的处理还包括:将所述第二TCP连接与所述卫星链路相关联;The method of claim 11 or 12, wherein the process of establishing the connection further comprises associating the second TCP connection with the satellite link;
    所述方法还包括以下连接断开的处理:检测到所述卫星链路断开后,将所述卫星链路关联的所有TCP连接断开。The method also includes the following process of disconnection: detecting that all of the TCP connections associated with the satellite link are disconnected after the satellite link is disconnected.
  17. 一种应用于双端加速代理PEP中与服务器连接的网关,包括服务器侧协议实体和第二卫星侧协议实体,其中:A gateway for connecting to a server in a double-ended acceleration proxy PEP, comprising a server side protocol entity and a second satellite side protocol entity, wherein:
    所述第二卫星侧协议实体包括:第三连接建立模块,设置为接收到与客户机连接的对端网关经卫星链路发送的连接建立请求的报文后,记录其中转 换消息TMSG头携带的第一TCP连接标识及数据部分携带的第一连接信息,并通知所述服务器侧协议实体建立与服务器的第二TCP连接;所述第一连接信息为所述对端网关与所述客户机建立的第一TCP连接的连接信息,所述第一TCP连接标识用于标识所述第一TCP连接;The second satellite side protocol entity includes: a third connection establishing module, configured to receive the message of the connection establishment request sent by the peer gateway connected to the client via the satellite link, and record the transfer Transmitting the first TCP connection identifier carried by the TMSG header and the first connection information carried in the data part, and notifying the server side protocol entity to establish a second TCP connection with the server; the first connection information is the peer gateway Connection information of the first TCP connection established with the client, the first TCP connection identifier is used to identify the first TCP connection;
    所述服务器侧协议实体包括:第四连接建立模块,设置为收到所述建立TCP连接的通知后,与所述服务器建立所述第二TCP连接,生成用于标识所述第二TCP连接的第二TCP连接标识,通过所述卫星链路向所述对端网关返回连接建立成功的应答报文,携带所述第二TCP连接标识,并通知所述第二卫星侧协议实体第二TCP连接建立成功,携带所述第二TCP连接标识;The server-side protocol entity includes: a fourth connection establishing module, configured to establish the second TCP connection with the server after receiving the notification of establishing the TCP connection, and generate a second TCP connection for identifying the second TCP connection And the second TCP connection identifier, the response message that the connection establishment is successful is returned to the opposite gateway by the satellite link, the second TCP connection identifier is carried, and the second satellite side protocol entity is notified of the second TCP connection. Successfully established, carrying the second TCP connection identifier;
    所述第二卫星侧协议实体的第三连接建立模块还设置为收到服务器侧协议实体所述第二TCP连接建立成功的通知后,通过所述卫星链路向所述对端网关返回连接建立成功的应答报文,其中的TMSG头携带所述第二TCP连接标识;将所述第二TCP连接标识和所述第一TCP连接标识关联。The third connection establishing module of the second satellite side protocol entity is further configured to: after receiving the notification that the second TCP connection is successfully established by the server side protocol entity, returning the connection establishment to the peer gateway by using the satellite link a successful response message, wherein the TMSG header carries the second TCP connection identifier; and the second TCP connection identifier is associated with the first TCP connection identifier.
  18. 如权利要求17所述的网关,其中:The gateway of claim 17 wherein:
    所述服务器侧协议实体还包括:第二报文收发模块,设置为接收所述服务器通过所述第二TCP连接发送给所述客户机的TCP数据报文并进行应答;The server-side protocol entity further includes: a second packet transceiver module, configured to receive a TCP data packet sent by the server to the client through the second TCP connection, and respond;
    所述第二卫星侧协议实体还包括:第三报文收发模块,设置为从所述服务器侧协议实体接收的所述TCP数据报文中提取数据部分并封装TMSG头,生成的数据发送报文通过所述卫星链路发送给所述对端网关,其中的TMSG头携带与所述第二TCP连接标识关联的所述第一TCP连接标识。The second satellite side protocol entity further includes: a third packet sending and receiving module, configured to extract a data part from the TCP data packet received by the server side protocol entity, and encapsulate a TMSG header, and generate a data sending message. And transmitting, by the satellite link, the peer gateway, where the TMSG header carries the first TCP connection identifier associated with the second TCP connection identifier.
  19. 如权利要求18所述的网关,其中:The gateway of claim 18 wherein:
    所述第二卫星侧协议实体的第三报文收发模块还设置为从所述卫星链路接收发送给所述服务器的数据发送报文;The third packet transceiver module of the second satellite side protocol entity is further configured to receive a data transmission message sent to the server from the satellite link;
    所述服务器侧协议实体的第二报文收发模块还设置为识别所述第二卫星侧协议实体接收的数据发送报文,如其中的TMSG头携带的连接标识为所述第二TCP连接标识,则从所述数据发送报文中提取数据部分并封装相应的TCP头,生成的TCP数据报文通过所述第二TCP连接发送给所述服务器。The second packet sending and receiving module of the server side protocol entity is further configured to identify a data sending message received by the second satellite side protocol entity, where the connection identifier carried by the TMSG head is the second TCP connection identifier. And extracting a data part from the data sending message and encapsulating a corresponding TCP header, and the generated TCP data message is sent to the server by using the second TCP connection.
  20. 如权利要求18或19所述的网关,其中: A gateway as claimed in claim 18 or 19, wherein:
    所述第二卫星侧协议实体的第三报文收发模块封装的所述TMSG头包括消息类型、连接标识和消息长度字段,所述TMSG头长度小于TCP头的长度。The TMSG header encapsulated by the third packet transceiver module of the second satellite side protocol entity includes a message type, a connection identifier, and a message length field, and the TMSG header length is smaller than a length of the TCP header.
  21. 如权利要求17或18或19所述的网关,其中:A gateway as claimed in claim 17 or 18 or 19, wherein:
    所述服务器侧协议实体还包括:第三连接维护模块,设置为检测到所述第二TCP连接的通信中断时,通知所述第二卫星侧协议实体第二TCP连接中断;及收到所述第二卫星侧协议实体的连接关闭成功的通知后,断开所述第二TCP连接;The server-side protocol entity further includes: a third connection maintenance module, configured to notify the second satellite-side protocol entity that the second TCP connection is interrupted when detecting that the communication of the second TCP connection is interrupted; and receiving the After the connection of the second satellite side protocol entity is successfully closed, disconnecting the second TCP connection;
    所述第二卫星侧协议实体还包括:第四连接维护模块,设置为收到第二TCP连接中断的通知后,通过所述卫星链路向所述对端网关发送请求关闭连接的报文,其中的TMSG头携带所述第一TCP连接标识;及收到所述对端网关返回的连接关闭成功的应答报文后,通知所述服务器侧协议实体连接关闭成功。The second satellite side protocol entity further includes: a fourth connection maintenance module, configured to send a message requesting to close the connection to the opposite gateway through the satellite link after receiving the notification that the second TCP connection is interrupted, The TMSG header carries the first TCP connection identifier; and after receiving the response message that the connection returned by the peer gateway is successfully closed, the server side protocol entity is notified that the connection is successfully closed.
  22. 如权利要求21所述的网关,其中:The gateway of claim 21 wherein:
    所述第二卫星侧协议实体的第四连接维护模块还设置为在检测到所述卫星链路断开时,向所述服务器侧协议实体发送所述卫星链路断开的通知;The fourth connection maintenance module of the second satellite side protocol entity is further configured to: when detecting that the satellite link is disconnected, send a notification that the satellite link is disconnected to the server side protocol entity;
    所述服务器侧协议实体的第三连接维护模块还设置为将所述第二TCP连接与所述卫星链路关联;在收到所述卫星链路断开的通知后,将与所述卫星链路关联的所有TCP连接断开。 The third connection maintenance module of the server side protocol entity is further configured to associate the second TCP connection with the satellite link; and after receiving the notification that the satellite link is disconnected, the satellite chain All TCP connections associated with the road are broken.
PCT/CN2015/089060 2015-01-26 2015-09-07 Method and corresponding gateway for implementing tcp transmission in satellite network environment WO2016119464A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510038936.8A CN105897665B (en) 2015-01-26 2015-01-26 Method for realizing TCP transmission in satellite network environment and corresponding gateway
CN201510038936.8 2015-01-26

Publications (1)

Publication Number Publication Date
WO2016119464A1 true WO2016119464A1 (en) 2016-08-04

Family

ID=56542328

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/089060 WO2016119464A1 (en) 2015-01-26 2015-09-07 Method and corresponding gateway for implementing tcp transmission in satellite network environment

Country Status (2)

Country Link
CN (1) CN105897665B (en)
WO (1) WO2016119464A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106850576A (en) * 2016-12-30 2017-06-13 中国人民解放军理工大学 Virtualization link layer IP Message processings converting system and method with stream control function
CN108243196B (en) * 2018-01-22 2020-09-25 北京启明星辰信息安全技术有限公司 Method and system for introducing TCP protocol stack under Netfilter architecture, intermediate device and medium
CN109639340B (en) * 2018-12-11 2021-05-28 成都天奥信息科技有限公司 TCP acceleration method suitable for satellite link
CN110035112A (en) * 2019-01-15 2019-07-19 广东交通职业技术学院 A kind of Transmission Control Protocol both-end in wireless network environment acts on behalf of acceleration system and method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1476181A (en) * 2003-07-14 2004-02-18 中国科学院计算技术研究所 Distribution type satellite network TLP performance acceleration protocol mode and method
WO2008043106A2 (en) * 2006-10-06 2008-04-10 Viasat, Inc. Dynamic feedback for outbound link rate adjustment in multi-rate downstream
US20100121957A1 (en) * 2008-11-13 2010-05-13 Hughes Network Systems, Llc Performance enhancing proxy handover
CN102694810A (en) * 2012-05-31 2012-09-26 航天恒星科技有限公司 TCP ground acceleration method for satellite network

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1151375A4 (en) * 1999-02-02 2003-10-22 Mentat Inc Internet over satellite
CN101854297B (en) * 2010-05-21 2013-01-02 南京邮电大学 Method for designing transmission control protocol (tcp) cross-layer in satellite network
CN102377473B (en) * 2010-08-23 2014-02-19 熊猫电子集团有限公司 Network control center of satellite mobile communication network
CN102263687A (en) * 2011-08-11 2011-11-30 武汉思为同飞网络技术有限公司 VPN (virtual private network) speed-up gateway in WAN (wide area network) as well as speed-up communication and method thereof

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1476181A (en) * 2003-07-14 2004-02-18 中国科学院计算技术研究所 Distribution type satellite network TLP performance acceleration protocol mode and method
WO2008043106A2 (en) * 2006-10-06 2008-04-10 Viasat, Inc. Dynamic feedback for outbound link rate adjustment in multi-rate downstream
US20100121957A1 (en) * 2008-11-13 2010-05-13 Hughes Network Systems, Llc Performance enhancing proxy handover
CN102694810A (en) * 2012-05-31 2012-09-26 航天恒星科技有限公司 TCP ground acceleration method for satellite network

Also Published As

Publication number Publication date
CN105897665A (en) 2016-08-24
CN105897665B (en) 2020-01-14

Similar Documents

Publication Publication Date Title
CN106716951B (en) Method and device for optimizing tunnel traffic
US8396954B2 (en) Routing and service performance management in an application acceleration environment
US10021034B2 (en) Application aware multihoming for data traffic acceleration in data communications networks
US8942619B2 (en) Relay device
US6415329B1 (en) Method and apparatus for improving efficiency of TCP/IP protocol over high delay-bandwidth network
US7684397B2 (en) Symmetric network address translation system using STUN technique and method for implementing the same
JP4627669B2 (en) Packet transfer apparatus and transfer control method thereof
US20210226884A1 (en) Router device using flow duplication
WO2019007209A1 (en) Multipath data transmission processing method, and network device
US10911413B2 (en) Encapsulating and tunneling WebRTC traffic
US20010017862A1 (en) IP router device having a TCP termination function and a medium thereof
US8611354B2 (en) Method and apparatus for relaying packets
US8484331B2 (en) Real time protocol packet tunneling
EP3574617B1 (en) Method and apparatus for managing routing disruptions in a computer network
US8724630B2 (en) Method and system for implementing network intercommunication
US20210014153A1 (en) Techniques for efficient multipath transmission
US6182149B1 (en) System for managing dynamic processing resources in a network
WO2016119464A1 (en) Method and corresponding gateway for implementing tcp transmission in satellite network environment
JP4903780B2 (en) Protecting data delivered out of order
CN104184646A (en) VPN data interaction method and system and VPN data interaction device
US10601602B2 (en) Hybrid data transport solution, in particular for satellite links
CN104363149A (en) SIP (session initiation protocol)-based system and method for achieving VOIP (voice over Internet protocol) network state monitoring
CN114553567B (en) Network transmission method, system, storage medium and computing device in multiparty security computing
CN109792408B (en) Gateway for efficient management of transport connections in a data network
Park et al. The Implementation of Layer-three Site Multihoming Protocol (L3SHIM)

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15879662

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15879662

Country of ref document: EP

Kind code of ref document: A1