WO2017088628A1

WO2017088628A1 - Address converting method, device and system, network identity control method and device

Info

Publication number: WO2017088628A1
Application number: PCT/CN2016/104079
Authority: WO
Inventors: 郝振武; 朱超国; 丁馥昊
Original assignee: 中兴通讯股份有限公司
Priority date: 2015-11-24
Filing date: 2016-10-31
Publication date: 2017-06-01
Also published as: CN106790732A; CN106790732B

Abstract

An address converting method, device and system, network identity control method and device. The method comprises: when a first UE comes online, querying, by an identity management node, a network identity corresponding to a user identity of the first UE, and recording a mapping relationship between the found network identity and a private network IP address allocated to the first UE, wherein the network identity is a public network IP address, or a public network IP address and port number segment; when a converting node receives the first data packet from the first UE, querying the identity management node for a network identity corresponding to the private network IP address of the first UE; recording a mapping relationship between the private network IP address of the first UE and the found network identity, and performing address conversion and transmission on the data packet from the first UE and the data packet sent to the first UE according to the recorded mapping relationship. The present invention can identify UE in a public network through a fixed network identity.

Description

Address conversion method, device and system, network identification control method and device

Technical field

The present invention relates to the field of communications, and in particular, to an address translation method, device and system, and network identity control method and apparatus.

Background technique

Figure 1 is a schematic diagram of a typical Internet access network. The UE (User Equipment) connects to the access gateway through the access network, and the access gateway connects to the Internet through the switching node.

The UE may be a terminal with a fixed location, such as a home terminal, or a terminal in a mobile state, such as a mobile terminal, a portable digital device (PAD), and the like.

AGW (Access Gateway) implements user management, IP (Internet Protocol) address management allocation, user connection, packet processing, and forwarding. For mobile networks, it can be GGSN (Gateway General Packet Radio). Service Support Node, Gateway General Packet Radio Service Support Node), PGW (Packet Data Network Gateway), etc. For fixed access networks, it can be BRAS (Broad Band Remote Access Server). device. During the UE access process, the authentication server also interacts with the authentication server to ensure the validity of the access. Since the authentication server is independent of the technology of the present invention, it will not be mentioned later.

The management and allocation mechanism of the IP address is generally that the AGW establishes a local IP address pool. After the UE is successfully authenticated, the UE selects an unoccupied IP address from the local IP address pool and allocates it to the UE. When the UE goes offline, the UE is released. The assigned IP address. It can be seen from the above process that with this mechanism, the IP address of the UE is dynamically allocated, so each time the UE goes online, the assigned address may be different.

Considering the shortage of IP address resources, the operator changed the IP address allocation method for the UE. Further, it is changed from directly assigning the public network IP address to assigning the private network IP address. When the UE accesses the Internet, the network address translation (NAT) function is performed by using a pre-deployed TN (Translation Node) to perform the network address translation (NAT) function. Convert to a public IP address and send it to save IP address resources.

The AGW dynamically allocates the IP address of the private network and accesses the Internet through the TN. As a result, when the UE accesses the Internet, the private IP address assigned to the UE and the converted public IP address are different, especially the mobile UE may be This phenomenon is more pronounced when accessing the Internet through different AGWs or different NAT/NAPT devices.

The above IP address allocation mechanism increases the difficulty of Internet supervision, making it impossible for Internet operators to perform accurate and timely searching for illegal operation terminals. For the service provider, because the public network address of the same UE is not fixed, it is impossible to effectively track the mobile terminal and analyze the service access, and provide a better service.

Summary of the invention

The technical problem to be solved by the present invention is how to identify the UE in the public network through a fixed network identifier, thereby satisfying the requirements in terms of traceability and service services.

In order to solve the above problems, the following technical solutions are adopted.

An address translation method includes:

After the first user equipment UE is online, the identifier management node queries the network identifier corresponding to the user identifier of the first UE, and records the mapping between the queried network identifier and the private network IP address allocated to the first UE. Relationship; the network identifier is a public network IP address, or a public network IP address and a port number segment;

The switching node queries the identifier management node for the network identifier corresponding to the private network IP address of the first UE when the first data packet is received from the first UE, and records the private network IP of the first UE. a mapping relationship between the address and the queried network identifier, and the data packet from the first UE and the data packet sent to the first UE are performed according to the recorded mapping relationship Address translation and transmission.

Optionally, after the first UE is online, the network management node corresponding to the user identifier of the first UE includes:

After the first UE is online, the access gateway sends an online message of the first UE to the identity management node, where the online message includes the user identifier of the first UE, and the access gateway allocates The private network IP address of the first UE;

After receiving the online message, the identity management node queries the corresponding network identifier according to the user identifier of the first UE in the online message.

Optionally, the performing address translation and sending of the data packet from the first UE and the data packet sent to the first UE according to the recorded mapping relationship includes:

The switching node establishes a mapping relationship between the network address translation NAT and/or the network address port conversion NAPT data flow according to the relationship between the private network IP address of the first UE and the network identifier, and performs NAT and/or NAPT processing, including Transmitting the source IP address and the port in the data packet from the first UE into a public network IP address in the network identifier and a port in the port range defined by the network identifier, and sending the data packet to the first UE The destination IP address and port in the network are translated into a private network IP address and port corresponding to the corresponding network identifier.

Optionally, after the identifier management node queries the network identifier corresponding to the user identifier of the first UE, the method further includes:

When the identifier management node cannot find the network identifier corresponding to the user identifier of the first UE, select an idle public network IP address, or an idle public network IP address and an idle port number segment, or a non-idle public IP address. An address and an idle port number segment, as a network identifier allocated to the first UE, storing a correspondence between the user identifier of the first UE and the allocated network identifier; recording the assigned network identifier and assigning to Mapping relationship between the private network IP addresses of the first UE.

Optionally, after the querying the node to query the identifier management node for the network identifier corresponding to the private network IP address of the first UE, the method further includes:

The identifier management node queries the network identifier and the private network according to the private network IP address of the first UE. Mapping relationship between network IP addresses;

If the network identifier corresponding to the private network IP address of the first UE is queried, the network identifier is returned to the conversion node as a query result;

If the query is not available, return a query result indicating that there is no such UE to the conversion node; or, select an idle public network IP address, or an idle public network IP address and an idle port number segment, or a non-idle public network The IP address and the idle port number segment are used as the network identifier allocated to the first UE, and the correspondence between the user identifier of the first UE and the assigned network identifier is saved, and the private state of the first UE is saved. A mapping relationship between the network IP address and the assigned network identifier, and returning the allocated network identifier to the conversion node as a query result.

The identifier management node obtains the address information of the conversion node that queries the network identifier, and records the correspondence between the user identifier of the first UE and/or the network identifier and the address information of the conversion node.

Optionally, the method further includes:

And the identifier management node updates the user and/or the network of the first UE according to the address information of the new transition node when the new switch node queries the network identifier corresponding to the private network IP address of the first UE. Identifying a correspondence between the address information and the address information of the conversion node; notifying the first UE that the first UE corresponds to the first UE to go offline, and the notification carries the network identifier of the first UE and/or is originally allocated to the The private network IP address of the first UE.

Optionally, the method further includes:

When the first UE goes offline, the access gateway sends the offline message of the first UE to the identity management node, and carries the private network IP address originally allocated to the first UE;

After receiving the offline message, the identifier management node deletes a mapping relationship between the network identifier of the first UE and the private network IP address, and notifies the first node that the first UE corresponds to the conversion node. A UE is offline, and the notification carries the network identifier of the first UE and/or a private network IP address originally allocated to the first UE.

Optionally, the method further includes:

After receiving the notification that the first UE goes offline, the mapping node deletes the mapping relationship between the private network IP address of the first UE and the network identifier, and deletes the established NAT and/or NAPT data stream. Mapping relations.

An address translation method includes:

The switching node queries the network identifier corresponding to the private network IP address of the first UE when receiving the first data packet from the first user equipment UE; the network identifier is a public network IP address, or a public network IP address. Address and port number segment;

The switching node records a mapping relationship between the private network IP address of the first UE and the queried network identifier, and sends a data packet from the first UE to the first according to the recorded mapping relationship. A UE's data packet is address translated and transmitted.

The switching node establishes a mapping relationship between the network address translation NAT and/or the network address port conversion NAPT data flow according to the relationship between the private network IP address of the first UE and the network identifier, and performs NAT and/or NAPT processing, including Transmitting a source IP address and a port in the data packet from the first UE into a public network IP address in the network identifier and a port in a port range defined by the network identifier; and sending the data packet to the first UE The destination IP address and port in the network are translated into a private network IP address and port corresponding to the corresponding network identifier.

Optionally, the method further includes:

After receiving the notification that the first UE is offline, the switching node, according to the network identifier of the first UE carried in the notification, and/or the private network IP address originally allocated to the first UE, And deleting a mapping relationship between the private network IP address of the first UE and the network identifier, and deleting the established NAT and/or NAPT data flow mapping relationship.

A network identity control method includes:

After the first user equipment UE is online, the identifier management node queries the corresponding network identifier according to the user identifier of the first UE, and records between the queried network identifier and the private network IP address allocated to the first UE. Mapping relationship; the network identifier is a public network IP address, or a public network IP address and a port number segment;

After receiving the request for the conversion node to query the network identifier, the identifier management node queries the corresponding network identifier according to the private network IP address of the first UE that is carried in the request, and returns the result to the conversion node as a query result.

Optionally, after the identifier management node queries the corresponding network identifier according to the user identifier of the first UE, the method further includes:

Optionally, after the identifier management node queries the corresponding network identifier according to the private network IP address of the first UE that is carried in the request, the method further includes:

And if the identifier management node queries the network identifier corresponding to the private network IP address of the first UE, the network identifier is returned to the conversion node as a query result; if not, the return indicates that there is no such UE The query result is given to the conversion node; or, the idle public network IP address, or the idle public network IP address and the idle port number segment, or the non-idle public network IP address and the idle port number segment are allocated as the allocation. The network identifier of the first UE is saved, and the correspondence between the user identifier of the first UE and the allocated network identifier is saved, and the private network IP address of the first UE is saved and the allocated network identifier is saved. The mapping relationship and return the assigned network identifier to the conversion node as a query result.

Optionally, the identifier management node receives the request of the conversion node to query the network identifier. include:

Optionally, the method further includes:

When the new management node requests to query the network identifier corresponding to the private network IP address of the first UE, the identifier management node updates the user of the first UE according to the address information of the new transition node. Corresponding relationship between the network identifier and the address information of the switching node; notifying the first UE that the first UE corresponds to the first UE to go offline, the notification carrying the network identifier of the first UE and/or originally assigned to The private network IP address of the first UE.

Optionally, the method further includes:

After the first UE goes offline, the identity management node deletes the mapping relationship between the network identifier of the first UE and the private network IP address.

Optionally, after the mapping management node deletes the mapping relationship between the network identifier of the first UE and the private network IP address, the identifier management node further includes:

The identifier management node notifies the first UE that the first UE corresponds to the first node to go offline, and the notification carries the network identifier and/or the private network IP address originally allocated to the first UE.

An address translation system comprising: one or more conversion nodes;

The identifier management node is configured to query the network identifier corresponding to the user identifier of the first UE after the first user equipment UE is online, and record the queried network identifier and the private network IP address allocated to the first UE. The mapping relationship between the network identifiers is a public network IP address, or a public network IP address and a port number segment;

The switching node is configured to, when receiving the first data packet from the first UE, query the identifier management node for a network identifier corresponding to the private network IP address of the first UE; a mapping relationship between the private network IP address of the first UE and the queried network identifier, and the data packet from the first UE and the data packet sent to the first UE according to the recorded mapping relationship Address translation and sending.

Optionally, the system further includes:

One or more access gateways, configured to send an online message of the first UE to the identity management node when the first UE is online, where the online message carries the user identifier of the first UE, And a private network IP address assigned to the first UE.

An address conversion device, disposed on the conversion node, includes:

The query requesting module is configured to: when receiving the first data packet from the first user equipment UE, query the network identifier corresponding to the private network IP address of the first UE; the network identifier is a public network IP address, Or public network IP address and port number segment;

a conversion module, configured to record a mapping relationship between the private network IP address of the first UE and the queried network identifier, and send the data packet from the first UE to the foregoing according to the recorded mapping relationship The data packet of the first UE is subjected to address translation and transmission.

A network identifier control device is disposed on the identifier management node, and includes:

And an update module, configured to: after the first user equipment UE is online, query the corresponding network identifier according to the user identifier of the first UE, and record the queried network identifier and the private network IP address allocated to the first UE. The mapping relationship between the network identifiers is a public network IP address, or a public network IP address and a port number segment;

The query module is configured to query the corresponding network identifier according to the private network IP address of the first UE that is carried in the request, and then return the data identifier to the conversion node as a query result.

In the address translation method, device, and system, and network identity control method and apparatus provided by the embodiments of the present invention, since the network identifier is corresponding to the user identifier of the UE, it can be in the public network. The UE is represented by a fixed network identifier, thereby meeting the requirements in terms of traceability, security, and flexible deployment. The alternative of the embodiment of the present invention may also support the enhanced conversion node to form a device pool.

Another embodiment of the present invention provides a computer storage medium storing execution instructions for performing the method in the above embodiments.

Other features and advantages of the invention will be set forth in the description which follows, The objectives and other advantages of the invention may be realized and obtained by means of the structure particularly pointed in the appended claims.

DRAWINGS

The drawings are used to provide a further understanding of the technical solutions of the present invention, and constitute a part of the specification, which together with the embodiments of the present application are used to explain the technical solutions of the present invention, and do not constitute a limitation of the technical solutions of the present invention.

FIG. 1 is a schematic diagram of an existing Internet access;

2 is a schematic flowchart of an address conversion method according to Embodiment 1 of the present invention;

3 is a schematic flowchart of an address translation method according to Embodiment 2 of the present invention;

4 is a schematic flowchart of a network identity control method according to Embodiment 3 of the present invention;

FIG. 5 is a schematic diagram of an address translation system according to Embodiment 4 of the present invention; FIG.

6 is a schematic diagram of an address translation apparatus according to Embodiment 5 of the present invention;

FIG. 7 is a schematic diagram of a network identity control apparatus according to Embodiment 6 of the present invention; FIG.

8 is a schematic flowchart of Example 1 of an embodiment of the present invention;

9 is a schematic structural diagram of a system according to Embodiment 2 of the present invention;

FIG. 10 is a schematic diagram of deployment of multiple AGWs and multiple eTNs according to Embodiment 3 of the present invention; FIG.

11 is a schematic diagram of a UE online procedure and a data transmission process according to Embodiment 4 of the present invention;

12 is a schematic diagram of a UE user data packet receiving process according to Embodiment 5 of the present invention;

13 is a schematic diagram of a process of reselecting an eTN by an AGW according to Embodiment 6 of the present invention;

FIG. 14 is a schematic diagram of a UE offline process according to Embodiment 7 of the present invention.

detailed description

The technical solution of the present invention will be described in more detail below with reference to the accompanying drawings and embodiments.

It should be noted that, if not conflicting, the embodiments of the present invention and the various features of the embodiments may be combined with each other, and are all within the protection scope of the present invention. Additionally, although logical sequences are shown in the flowcharts, in some cases the steps shown or described may be performed in a different order than the ones described herein.

Embodiment 1 An address conversion method, as shown in FIG. 2, includes:

S110. The identifier management node queries the network identifier corresponding to the user identifier of the first UE after the first UE is online, and records a mapping between the queried network identifier and the private network IP address allocated to the first UE. Relationship; the network identifier is a public network IP address, or a public network IP address and a port number segment;

S120. The switching node, when receiving the first data packet from the first UE, query the identifier management node for a network identifier corresponding to the private network IP address of the first UE, and record the private information of the first UE. A mapping relationship between the network IP address and the queried network identifier, and performing address translation and transmission on the data packet from the first UE and the data packet sent to the first UE according to the recorded mapping relationship.

In this embodiment, the identifier management node may be, but is not limited to, receiving the online message of the first UE that is sent by the AGW to learn that the first UE is online; the online message carries the user identifier of the first UE, and The private network IP address assigned by the AGW to the first UE.

In this embodiment, the switching node may be, but is not limited to, sending a network identifier query request, and querying, by the identifier management node, a network identifier corresponding to the private network IP address of the first UE; The private network IP address of the first UE, that is, the source IP address in the data packet.

In this embodiment, the first data packet received by the switching node from the first UE The source IP address, that is, the private network IP address of the first UE.

The conversion node in this embodiment adds more functions than the existing conversion node, and is therefore referred to as an enhanced conversion node hereinafter.

Optionally, before step S110, the method may further include:

The identifier management node establishes a user identifier and a network identifier mapping table, and pre-stores a mapping relationship between the user identifier and the network identifier according to the configuration of the operator.

In the optional solution, the public network IP address and the port number segment of the public network may be pre-stored in the identifier management node. When the network identifier is selected for the first UE, the public network IP address of the network identifier or the public network address is selected. The network IP address and port number segment are marked as not idle.

Optionally, in the step S120, the scenario that the converting node receives the first data packet of the first UE includes: a first data packet sent after the first UE is online, and the first The first data packet sent after a UE switches to the switching node.

Optionally, before step S120, the method further includes:

When the switching node receives the data packet from the UE, firstly, according to the source IP address (that is, the private network IP address) in the data packet, the mapping relationship between the locally saved private network IP address and the network identifier is queried, and if the query can be queried, Decoding and transmitting a data packet from the first UE and a data packet sent to the first UE according to the queried mapping relationship, if not, determining that it is the first one from the first UE The data packet is executed in step S120.

The identifier management node queries the mapping relationship between the network identifier and the private network IP address according to the private network IP address of the first UE, and returns the query result to the conversion node.

In this alternative, if the network identifier corresponding to the private network IP address of the first UE is queried, the network identifier is returned to the conversion node as a query result; if the query is not found, the return indicates that there is no such The query result of the UE is sent to the conversion node; or, the idle public network IP address, or the idle public network IP address and the idle port number segment, or the non-idle public network IP address and the idle port number segment are selected as a network identifier that is allocated to the first UE, and a correspondence between the user identifier of the first UE and the assigned network identifier, and the private network IP address of the first UE and the allocated network identifier are saved. The mapping relationship between the two, and the assigned network identifier is returned to the conversion node as a query result.

The switching node is built according to the relationship between the private network IP address of the first UE and the network identifier. Performing NAT and/or NAPT data flow mapping, performing NAT and/or NAPT processing, including: converting source IP address and port in the data packet from the first UE into a public network IP address in the network identifier, and The network identifies the port within the port range defined by the port and establishes a NAT and/or NAPT data flow mapping relationship;

For the data packet sent to the UE, the destination public network IP address is converted into the private network IP address corresponding to the corresponding network identifier according to the previously established NAT and/or NAPT data flow mapping relationship, and the port in the data packet is Convert to a private network port.

In the alternative, when the network identifier is a public network IP address, the port range is all ports corresponding to the public network IP address; when the network identifier is a public network IP address and a port number segment, the port range is Refers to the port number segment.

In this alternative, for example, if the network identifier X is “180.100.220.210”, when the destination public network IP address is “180.100.220.210”, the determined network identifier is X, or “180.100.220.210” and port. If the destination public network IP address is "180.100.220.210" and the port is a value in the port number segment, such as 1026, the determined network identifier is X.

Optionally, step S120 further includes: the switching node discarding the data packet when the network identifier is not queried, or performing a NAT and/or NAPT conversion operation using the locally preset public network IP address.

Optionally, the method further includes:

When the first UE is offline, the identity management node deletes a mapping relationship between the network identifier of the first UE and the private network IP address, and notifies the first node that the first UE originally corresponds to the first node. The UE is offline, and the notification carries the network identifier of the first UE and/or the private network IP address originally allocated to the first UE.

In this alternative, the identifier management node may be, but is not limited to, receiving the offline message of the first UE that is sent by the AGW, and the first UE is offline; the AGW sends an offline message when the first UE goes offline. To the identity management node, the offline message carries the private network IP address originally allocated by the AGW to the first UE.

In this alternative, if the mapping management node has previously saved the mapping relationship between the network identifier of the first UE and the address information of the switching node, the mapping relationship needs to be deleted.

In this alternative, when the first UE goes offline, the AGW releases the private network IP address allocated to the first UE.

Optionally, the method further includes:

And the identifier management node updates the user and/or the network of the first UE according to the address information of the new transition node when the new switch node queries the network identifier corresponding to the private network IP address of the first UE. Identifying a correspondence between the address information and the address information of the conversion node; notifying the first UE that the first UE corresponds to the first UE to go offline, and the notification carries the network identifier of the first UE and/or is originally allocated to the The private network IP address of the first UE. In this alternative, the new conversion node queries the network identifier corresponding to the private network IP address of the first UE: the AGW reselects the conversion node for the first UE performing the service according to the policy; for the new conversion For the node, when the data packet from the first UE is received for the first time, it is considered to be the first data packet of the first UE, and therefore the network identity of the first UE is queried to the identity management node.

Optionally, the method may further include:

In this alternative, the notification that the first UE is offline may be, but is not limited to, a delete UE notification or a UE offline notification sent by the identifier management node, where the network identifier of the first UE to be deleted is carried and/or The private network IP address originally assigned to the first UE.

In this alternative, if the NAT and NAPT data flow mapping relationship is established for the network identifier of the first UE, both the NAT and the NAPT data flow mapping relationship need to be deleted; if the network identifier is used for the first UE Only the NAT or NAPT data flow mapping relationship is established, and the established NAT or NAPT data flow mapping relationship is deleted.

Embodiment 2, an address translation method, as shown in FIG. 3, includes:

S210. The switch node queries the network identifier corresponding to the private network IP address of the first UE when receiving the first data packet from the first UE. The network identifier is a public network IP address, or a public network IP address. Address and port number segment;

S220. The switching node records a mapping relationship between the private network IP address of the first UE and the queried network identifier, and sends a data packet and a destination to the first UE according to the recorded mapping relationship. The data packet of the first UE is subjected to address conversion and transmission.

The mapping node establishes a NAT and/or NAPT data flow mapping relationship according to the relationship between the private network IP address of the first UE and the network identifier, and performs NAT and/or NAPT processing, including: coming from the first The source IP address and port in the data packet of the UE are respectively converted into a public network IP address in the network identifier and a port in the port range defined by the network identifier, and the destination IP address and port in the data packet to be sent to the first UE. Convert to the private network IP address and port corresponding to the corresponding network identifier.

Optionally, the method further includes:

For other implementation details, refer to the first embodiment.

Embodiment 3: A network identity control method, as shown in FIG. 4, includes:

S310. After the first UE is online, the identifier management node queries the corresponding network identifier according to the user identifier of the first UE, and records between the queried network identifier and the private network IP address allocated to the first UE. Mapping relationship; the network identifier is a public network IP address, or a public network IP address and port number segment;

S320. After receiving the request for the switching node to query the network identifier, the identifier management node queries the corresponding network identifier according to the private network IP address of the first UE that is carried in the request, and returns the result to the conversion as a query result. node.

In this embodiment, the request for querying the network identifier may be referred to as a network identity query request.

In this alternative, the address information of the conversion node may also be referred to as a location identifier.

This alternative involves the following identifiers:

UID (User Identifier): The identity of the user or UE that can uniquely indicate the UE, such as MSISDN (Mobile Station Integrated Services Digital Network Number), IMSI (International Mobile Subscriber Identity, International Mobile) User ID), username/account number, etc. When the UE goes online, the user identifier is carried.

NID (Network Identifier): It can uniquely indicate the identity of the UE in the network layer of the public network. It can be the public network IP address assigned to the UE, or the public network IP address and port number segment, which are carried in the data packet. The public network IP address or the public network IP address plus the port can uniquely identify the user.

LID (Location Identifier): It can identify the eTN selected by the AGW to serve the UE. You can use any of the following parameters of the eTN as the location identifier of the eTN: IP address, URI (Uniform Resource Identifier). device ID.

Private network IP address: Allocated by the AGW. The access locations of the UEs are different and the online time is different. The assigned private IP addresses may be different.

Optionally, the method further includes:

In this alternative, the identifier management node may be, but is not limited to, receiving the offline message of the first UE that is sent by the AGW, and the first UE is offline; the offline message carries the AGW originally assigned to the The private network IP address of the first UE.

For other implementation details, refer to the first embodiment.

Embodiment 4, an address conversion system, as shown in Figure 5, comprising: one or more conversion nodes 41;

The identifier management node 42 is configured to query the network identifier corresponding to the user identifier of the first UE after the first UE is online, and record the network identifier between the queried network and the private network IP address allocated to the first UE. Mapping relationship; the network identifier is a public network IP address, or a public network IP address and a port number segment;

The switching node 41 is configured to: when the first data packet from the first UE is received, query the identifier management node for a network identifier corresponding to the private network IP address of the first UE; and record the first a mapping relationship between the private IP address of the UE and the queried network identifier, and performing address translation on the data packet from the first UE and the data packet sent to the first UE according to the recorded mapping relationship send.

In this embodiment, one or more conversion nodes in the system are located in a service area corresponding to the same identification management node.

Optionally, the converting, by the converting node, performing address translation and sending on the data packet from the first UE and the data packet sent to the first UE according to the recorded mapping relationship:

Optionally, the identifier management node is further configured to: when the network identifier corresponding to the user identifier of the first UE is not found, select an idle public network IP address, or an idle public network IP address and an idle port number segment. Or a non-idle public network IP address and an idle port number segment, as a network identifier allocated to the first UE, storing a correspondence between the user identifier of the first UE and the allocated network identifier; A mapping relationship between the assigned network identifier and a private network IP address assigned to the first UE.

Optionally, the identifier management node is further configured to query the network identifier and the private network according to the private network IP address of the first UE, after the switching node queries the network identifier corresponding to the private network IP address of the first UE. a mapping relationship between the network IP addresses; if the network identifier corresponding to the private network IP address of the first UE is queried, the network identifier is returned to the conversion node as a query result; if not, the method returns Indicates that there is no query result of the UE to the conversion node; or, select an idle public network IP address, or an idle public network IP address and an idle port number segment, or a non-idle public network IP address and an idle port number. a segment, as a network identifier allocated to the first UE, storing a correspondence between the user identifier of the first UE and the allocated network identifier, and saving the private network IP address of the first UE and the allocated A mapping relationship between network identifiers, and the assigned network identifier is returned to the conversion node as a query result.

Optionally, the identifier management node is further configured to: after the conversion node queries the network identifier corresponding to the private network IP address of the first UE, obtain the conversion node that queries the network identifier. The address information records a correspondence between a user identifier of the first UE and/or a network identifier and address information of the conversion node.

Optionally, the identifier management node is further configured to: when a new conversion node queries the network identifier corresponding to the private network IP address of the first UE, update the first according to the address information of the new conversion node. Corresponding relationship between the user and/or the network identifier of the UE and the address information of the switching node; notifying the first UE that the first UE corresponds to the first UE to go offline, and the notification carries the network identifier of the first UE And/or a private network IP address originally assigned to the first UE.

Optionally, the identifier management node is further configured to: when the first UE goes offline, delete a mapping relationship between the network identifier of the first UE and a private network IP address; and notify the first UE The first UE is offline, and the notification carries the network identifier of the first UE and/or the private network IP address originally allocated to the first UE.

Optionally, the converting node is further configured to: after receiving the notification that the first UE goes offline, delete the mapping relationship between the private network IP address of the first UE and the network identifier, and delete the established relationship. NAT and / or NAPT data flow mapping.

Optionally, the system further includes:

One or more access gateways, configured to send an online message of the first UE to the identity management node when the first UE is online, where the online message carries the user identifier of the first UE, And the private network IP address allocated to the first UE; when the first UE goes offline, sending the offline message of the first UE to the identity management node, where the offline message is carried and assigned The private network IP address of the first UE.

Optionally, the system further includes:

An interworking node, configured to receive, from the switching node, a data packet processed by the first UE through NAT and/or NAPT, and forward the data packet to the public network; and after receiving the data packet sent by the public network to the first UE, according to the The network identifier of the first UE queries the identifier management node for address information of the corresponding conversion node, and sends the data packet to the corresponding conversion node according to the queried address information.

Embodiment 5: An address translation apparatus is disposed on a conversion node, as shown in FIG. 6, and includes:

The query requesting module 51 is configured to: when receiving the first data packet from the first UE, query the network identifier corresponding to the private network IP address of the first UE; the network identifier is a public network IP address, or Public network IP address and port number segment;

The conversion module 52 is configured to record a mapping relationship between the private network IP address of the first UE and the queried network identifier, and send the data packet and the destination to the first UE according to the recorded mapping relationship. The data packet of the first UE is subjected to address conversion and transmission.

Optionally, the converting, by the conversion module, performing address translation and sending on the data packet from the first UE and the data packet sent to the first UE according to the recorded mapping relationship:

The converting module establishes a NAT and/or NAPT data flow mapping relationship according to the relationship between the private network IP address of the first UE and the network identifier, and performs NAT and/or NAPT processing, including: coming from the first The source IP address and port in the data packet of the UE are respectively converted into a public network IP address in the network identifier and a port in the port range defined by the network identifier, and the destination IP address and port in the data packet to be sent to the first UE. Convert to the private network IP address and port corresponding to the corresponding network identifier.

Optionally, the device further includes:

Deleting a module, configured to: after receiving the notification that the first UE is offline, according to the network identifier of the first UE carried in the notification, and/or the private network IP address originally allocated to the first UE And deleting a mapping relationship between the private network IP address of the first UE and the network identifier, and deleting the established NAT and/or NAPT data flow mapping relationship.

Embodiment 6 is a network identifier control device, which is disposed on the identifier management node, as shown in FIG. 7, and includes:

The update module 61 is configured to: after the first UE goes online, query the corresponding network identifier according to the user identifier of the first UE, record the queried network identifier, and allocate the identifier to the first UE. The mapping relationship between the private network IP addresses; the network identifier is a public network IP address, or a public network IP address and a port number segment;

The querying module 62 is configured to: after receiving the request for the conversion node to query the network identifier, query the corresponding network identifier according to the private network IP address of the first UE that is carried in the request, and return the result to the conversion node as a query result. .

Optionally, the updating module is further configured to: when the network identifier corresponding to the user identifier of the first UE is not found, select an idle public network IP address, or an idle public network IP address and an idle port number segment, or The non-idle public network IP address and the idle port number segment are used as the network identifiers allocated to the first UE, and the correspondence between the user identifiers of the first UE and the assigned network identifiers is saved; A mapping relationship between the network identifier and a private network IP address assigned to the first UE.

Optionally, the querying module is further configured to: after querying the corresponding network identifier according to the private network IP address of the first UE that is carried in the request, if the private network IP address corresponding to the first UE is queried The network identifier is returned to the conversion node as a query result; if not, the query returns a result of the query without the UE to the conversion node; or, the idle public IP address is selected. Or the idle public network IP address and the idle port number segment, or the non-idle public network IP address and the idle port number segment, as the network identifier allocated to the first UE, and the user identifier of the first UE is saved. Corresponding relationship between the assigned network identifier and the mapping between the private network IP address of the first UE and the allocated network identifier, and returning the allocated network identifier as a query result to the conversion node.

Optionally, the updating module is further configured to: after the query module receives the request for the conversion node to query the network identifier, obtain the address information of the conversion node that queries the network identifier, and record the user identifier of the first UE and / Correspondence between the network identifier and the address information of the conversion node.

Optionally, the updating module is further configured to: according to the address information of the new conversion node, when a new conversion node requests to query a network identifier corresponding to the private network IP address of the first UE Updating a correspondence between the user and/or the network identifier of the first UE and the address information of the switching node; notifying the first UE that the first UE corresponds to the first UE to go offline, and the notification carries the first A network identity of a UE and/or a private network IP address originally assigned to the first UE.

Optionally, the updating module is further configured to: after the first UE goes offline, delete a mapping relationship between the network identifier of the first UE and a private network IP address.

Optionally, the updating module is further configured to: after the mapping between the network identifier of the first UE and the private network IP address is deleted, notify the first UE that the first UE corresponds to the first node In the line, the notification carries the network identifier and/or the private network IP address originally allocated to the first UE.

The above embodiment will be further explained below with seven embodiment examples.

Embodiment 1, an address conversion method, as shown in FIG. 8, includes steps 101-104:

101. When the first UE is online, the AGW sends an online message of the first UE to the identity management node, where the user identifier of the first UE and the private network IP address allocated by the AGW to the first UE are included.

102. The identifier management node queries the network identifier corresponding to the user identifier of the first UE, and records a mapping relationship between the queried network identifier and the private network IP address of the first UE. The network identifier is a public network. IP address, or public network IP address and port number segment;

103. The enhanced switching node sends a network identity query request to the identity management node, where the first network packet from the first UE is received, where the private network IP address of the first UE is carried, that is, the data is Source IP address of the packet; the identity management node returns the queried network identifier;

The enhanced conversion node records the mapping relationship between the private network IP address of the first UE and the queried network identifier, and sends the data packet from the first UE to the foregoing according to the recorded mapping relationship. The data packet of the first UE is subjected to address translation and transmission.

In the example of the embodiment, the situation that the first UE goes offline and switches the enhanced conversion node can be referred to Example one. See also the first embodiment for other processing details.

Embodiment 2: A UE address translation system, the system includes an AGW, an Enhanced Translation Node, and an IDMN (Identifier Management Node) deployed in a service area; optionally, The system may also include an IWN (Interworking Node).

The AGW is configured to: when the UE goes online, allocate a private network IP address to the UE, and send a UE online message to the IDMN; when the UE goes offline, send a UE offline message to the IDMN; send the data packet from the UE to The eTN receives the data packet sent by the eTN and forwards the data packet to the corresponding UE.

Optionally, when there are multiple eTNs, the AGW selects the eTN corresponding to the UE according to the distribution policy, and sends all the data packets from the UE to the eTN;

Optionally, when the selected eTN cannot continue to serve due to a link or device failure, the AGW reselects the eTN corresponding to the UE, and sends all data packets from the UE to the reselected eTN.

The eTN is configured to: when receiving the first data packet sent by the first UE, query the IDMN for the corresponding network identifier according to the source IP address of the first data packet, and establish a private network IP address and the network identifier. The mapping relationship between the NAT and / or NAPT processing, conversion and transmission of packets from the UE and to the UE.

Optionally, multiple eTNs can form a pool of device nodes, and the device services in the pool are connected to the same IDMN by the AGW and the UE of the corresponding area.

The IDMN is configured to pre-store a mapping relationship between the user identifier and the network identifier. When receiving the first UE online message sent by the AGW, the network identifier corresponding to the user identifier of the first UE is searched, and the first UE is recorded. a mapping relationship between the private network IP address and the discovered network identifier; when receiving the UE offline message sent by the AGW, deleting the mapping relationship between the corresponding network identifier and the private network IP address; When the network identity query request from the eTN is returned, the network identifier corresponding to the private network IP address is returned, and the network identifier and the location identifier are established. Correspondence relationship.

Optionally, the IDMN is further configured to: when receiving the first UE online message sent by the AGW, notify the AGW if the user identifier of the first UE does not have a corresponding network identifier, or be the first UE The network identifier is selected, and the mapping relationship between the user identifier of the first UE and the selected network identifier is saved, and the mapping relationship between the private network IP address of the first UE and the selected network identifier is recorded.

Optionally, the IDMN is further configured to return the recorded eTN address, that is, the location identifier, when the IWN needs to query the eTN through which the user data stream flows.

The IWN is located on the interface between the access network and the public network (which may be, but is not limited to, the Internet), and is configured to receive the data packet sent by the UE to the public network and forward the data packet to the public network; after receiving the data packet sent by the public network to the UE, according to the The network identifier queries the IDMN for the location identifier of the UE, and sends the data packet to the corresponding eTN according to the queried location identifier.

FIG. 9 is a structural diagram of a system provided by an embodiment of the present invention, where:

(1) The function of the UE is the same as that of FIG. 1.

AGW, in addition to the basic functions listed in Figure 1, also needs to enable the following features:

1) When the first UE goes online or goes offline, the UE sends an uplink or offline message to the IDMN, where the message carries the user identifier and the private IP address assigned by the AGW;

2) When there are multiple eTNs, the AGW configures the distribution policy to select the eTN, and sends all the data packets from the first UE to the eTN;

3) When a link failure or eTN device failure occurs with the eTN, the AGW can reselect the eTN and send all data packets from the first UE to the eTN.

(b) eTN, enhanced on the basic functions of TN in Figure 1, including:

1) When receiving the data packet from the first UE, determining whether it is the first data packet from the first UE, and determining the corresponding network identifier according to the private network IP address carried in the data packet, if If the record can be queried, it is not the first data packet. If the record cannot be queried, it is considered to be the first data packet; or the NAT and/or NAPT data flow mapping relationship is first queried. (can be, but is not limited to, stored in the mapping entry table, one entry in the mapping entry table corresponds to a NAT and/or NAPT data flow mapping relationship), if there is a mapping entry corresponding to the data packet, it is not the first data packet, If it does not exist, further query the network identifier according to the private network IP address carried in the data packet. If the record can be queried, it is not the first data packet. If the record cannot be queried, it is considered to be the first data packet; Query the network identifier of the private network IP address query in the private network IP address and network identifier mapping table.

2) If it is determined to be the first data packet, the corresponding network identifier is queried to the IDMN according to the private network IP address of the data packet, and the mapping relationship between the private network IP address and the network identifier that is queried is saved; In the private network IP address and network identifier mapping table;

3) According to the mapping relationship between the private network IP address of the first UE and the network identifier, establish a NAT and/or NAPT data flow mapping relationship for the data packet from the first UE or the first UE, and perform NAT and/or Or NAPT processing, in which the source address and port in the IP packet sent to the public network are replaced by the IP address corresponding to the network identifier and a port in the port range.

When the mapping relationship between the private network IP address and the network identifier is stored in the private network IP address and the network identifier mapping table, the eTN is further configured to establish a private network IP address and a network identifier mapping table.

Multiple eTNs can form an eTN node pool, serve the AGW and UE of the corresponding area, and connect to the same IDMN.

(3) The functions of IDMN include:

1) The mapping relationship between the user identifier and the network identifier assigned to the user identifier is saved; and may be, but is not limited to, being saved in the user identifier and the network identifier mapping table;

2) When receiving the online message of the first UE from the AGW, searching for a corresponding network identifier according to the user identifier of the first UE, and recording a mapping relationship between the network identifier of the first UE and the private network IP address; When the offline message of the first UE of the AGW is deleted, the mapping relationship between the network identifier of the first UE and the private network IP address is deleted;

3), when receiving the network identity query request from the eTN, notifying the eTN of the network identifier corresponding to the private network IP address carried in the network identifier query request; and recording the eTN of the data flow of the UE corresponding to the network identifier Address information, that is, the location identifier; When the network relationship changes, such as when the UE goes offline, deletes the user ID, or changes the network identifier corresponding to the user ID, the eTN that the data stream of the corresponding UE passes is notified according to the change of the location identifier mapping relationship.

4) When the interworking node or other eTN needs to query the eTN through which the data stream of the UE flows, the address information of the recorded eTN, that is, the location identifier, is returned.

When the mapping relationship between the user identifier and the network identifier is saved in the user identifier and the network identifier mapping table, the eTN is further configured to establish a user identifier and a network identifier mapping table.

(4) IWN: an interface between the access network and the public network. The main functions are as follows:

1) receiving the data packet sent by the UE to the public network, and forwarding the data packet to the public network;

2) After receiving the data packet sent by the public network to the UE, query the corresponding location identifier to the IDMN according to the network identifier of the UE, and send the data packet to the eTN of the corresponding address according to the queried location identifier.

Implementation example 3

10 is a schematic diagram of deployment of a system provided by Embodiment 2 in multiple AGWs and eTNs;

On the current network, the AGW adopts a pooled deployment solution. Multiple AGWs form a device pool. In the service area where the AGW pool is responsible, the UE can access any AGW in the pool to increase deployment flexibility. The reliability of the service; regardless of which AGW the UE accesses, the accessed AGW will send the UE's online message to the IDMN, so that the IDMN can record the mapping relationship between the network identifier of the UE and the assigned private network IP address. The solution provided by the embodiment of the present invention can support the deployment scenario of the AGW pooling, and simultaneously support the eTN adopting the pooling deployment solution.

The AGWs in the AGW pool belong to the same IDMN (one IDMN can be distributed in one or more devices, and the existing devices can be multiplexed). When the UE in the service area goes online at any AGW in the pool, the AGW sends the The IDMN of the service area sends an online message of the UE. When the UE goes offline, the AGW sends the UE to the IDMN of the service area. Offline message.

On the forwarding plane, the AGW pool communicates with all eTNs in the same service area; when receiving the data packet from the first UE, an eTN in the eTN pool is selected according to the policy and all data packets from the first UE are forwarded. To the selected eTN. The specific policy may be, but is not limited to, performing a hash operation according to the private network IP address, and then selecting an eTN according to the calculated hash value, or adopting a round robin policy, selecting an eTN according to the order in which the UE goes online; and receiving the sending to the first UE. The data packet is sent to the first UE through the access network.

The eTN pool includes multiple eTNs in a service area, and belongs to the same IDMN. When receiving the first data packet from the first UE, the eTN pool queries the home IDMN for the network identifier corresponding to the private network IP address of the first UE. When receiving the data packet from the UE to the public network, including the first data packet, the appropriate interworking node is selected, and the NAT and/or NAPT operation is performed and then sent to the interworking node; when the data packet is sent to the user After performing NAT and/or NAPT, it will be sent to the AGW where the user is located according to the destination address of the data packet, that is, the private IP address of the user;

When a device in the eTN pool does not work, the AGW detects the device status, reselects the new eTN for the UE served by the eTN service, and forwards the subsequent data packet to the newly selected eTN, thereby ensuring that the service is not interrupted. Improve system reliability.

The IDMN is responsible for the allocation and management of network identifiers in an area. The area includes an AGW pool and an eTN pool, and further includes one or more interworking nodes, all devices in the IDMN and AGW pools, all devices in the eTN pool, and interworking nodes. Connected to provide functions such as identity management, identity mapping maintenance, network identity query, and location identifier query.

Implementation example 4

FIG. 11 is a schematic diagram of a process of uplinking a UE and a data forwarding process according to an embodiment of the present invention, showing a process of going online of a UE and a process of accessing a data. The specific steps include steps 400-412:

Step 400: The operator allocates a unique network identifier to the UE in the service area of the IDMN, and the IDMN establishes a mapping relationship between the user identifier and the network identifier, and saves the user identifier and the network. Identify the mapping table.

Step 401: The first UE goes online and initiates an access procedure to the AGW. In this process, the AGW authenticates the user identifier of the first UE, and assigns a private IP address to the UE.

The AGW may be any one of the AGW pools of the service area of the IDMN.

Step 402: After the UE successfully accesses, the AGW sends an online message of the first UE to the IDMN, where the user identifier of the first UE and the private network IP address are carried.

Step 403: The IDMN saves the private network IP address corresponding to the user identifier, and directly or indirectly establishes a mapping relationship between the network identifier and the private network IP address according to the relationship between the pre-stored user identifier and the network identifier.

The direct mapping relationship between the network identifier and the private network IP address is established. Specifically, the mapping relationship between the network identifier and the private network IP address can be added to the mapping between the user identifier and the network identifier. UID, NID, private network IP address, or the mapping between the network identifier and the private network IP address based on the user ID, which is expressed as (NID, private network IP address);

Indirectly establishing a mapping relationship means establishing a mapping relationship between a user identifier and a network identifier, and a mapping relationship between the user identifier and the private network IP address, and indirectly obtaining the network identifier and the private network IP address through the two mapping relationships. Mapping relationship.

If the network identifier corresponding to the user ID is not set in advance, you can select an idle public IP address, or an idle public IP address and an idle port number segment, or a non-idle public IP address and an idle port number segment. And as a network identifier corresponding to the identifier of the first UE, and storing a correspondence between the user identifier, the network identifier, and the private network IP address of the first UE.

Step 404: The IDMN returns an online response message of the first UE to the AGW.

Step 405, the first UE after the uplink initiates an Internet access procedure, and sends a data packet to the AGW, and the AGW selects the eTN according to the policy, and sends the data packet to the selected eTN.

Step 406: The eTN determines whether the data packet is the first data packet of the first UE. If it is the first data packet, step 407 is performed, otherwise step 412 is performed.

The specific judgment mode is to query the mapping table of the private network IP address and the network identifier according to the private network IP address carried in the source IP address field of the data packet. If the record can be queried, it is not the first data packet. It is considered to be the first data packet; or first query the NAT and/or NAPT data flow mapping relationship. If there is a mapping entry corresponding to the data packet, it is not the first data packet. If it does not exist, it is further based on the source IP address field of the data packet. The private network IP address carried in the private network IP address and network identifier mapping table. If the record can be queried, it is not the first data packet. If the query is not found, it is considered to be the first data packet.

The first data packet here refers to the first data packet received by the eTN from the UE, and does not specifically refer to the first data packet sent after the UE goes online.

Step 407: The eTN sends a network identity query request to the IDMN, where the private network IP address of the first UE is carried.

Step 408: The IDMN searches for the network identifier corresponding to the private network IP address from the mapping table of the network identifier and the private network IP address, and saves the address information of the eTN that sends the network identifier query request, that is, the RID, as the eTN passed by the first UE.

Specifically, if the network identifier corresponding to the private network IP address is queried, the network identifier is returned to the eTN as a query result; if the query is not found, the returned query result is empty.

The IDMN saves the RID and establishes a mapping relationship between the network identifier and the RID, which can be expressed as (UID, NID, private network IP address, RID), or (NID, RID), and is guaranteed to be sent to the first in other eTN or IWN. When the data packet of the UE is available, the IDMN can be queried for the current service eTN of the first UE.

Step 409: The IDMN returns a network identity query response message to the eTN, and carries the query result.

Step 410: The eTN caches the mapping relationship between the network identifier and the private network IP address.

Step 411: The eTN establishes a NAT and/or NAPT entry of the data flow according to the mapping relationship between the network identifier and the private network IP address, completes the NAT and/or NAPT operation, and forwards the operation to the selected interworking node.

The public network IP address in the NAT and/or NAPT entries can only be the IP address defined by the network identifier. The port can only select the port that is not occupied from the port range defined by the network identifier.

If the result of the query returned by the IDMN is empty in step 408, the eTN discards the data packet according to the local policy or performs a dynamic NAT and/or NAPT operation.

Step 412: After receiving the subsequent data packet from the first UE, the eTN performs NAT and/or NAPT operations according to the mapping relationship between the previously cached network identifier and the private network IP address, and forwards the operation to the selected interworking node.

For specific determination process as to whether it is a subsequent data packet, see step 406.

Through the above process, the network identity allocation process and the data packet transmission process are implemented, and the transmitted data packet carries the network identifier (ie, the public network IP address or the public network IP address and port) allocated to the UE.

Implementation example 5

FIG. 12 is a schematic diagram of a UE data packet receiving process according to an embodiment of the present invention. After the first UE goes online and successfully sends data to the Internet, the Internet or other UEs in the network send the first UE data packet. Scene. For the sake of simplicity, only the scenario in which the IWN sends a data packet to the first UE is shown in the figure, including steps 501-509; the sending process of the eTN is the same.

Step 501: The first UE is online, and the first UE online access procedure and the data packet sending process shown in FIG. 4 are completed.

Step 502: The IWN receives the data packet sent to the first UE, and locally queries the relationship between the network identifier and the location identifier according to the network identifier of the first UE carried in the destination address of the data packet. Then, step 503 is performed to query the IDMN. Otherwise, step 508 is executed to forward the data packet to the corresponding eTN according to the queried location identifier.

Step 503: The IWN sends a location query request to the IDMN, where the network identifier of the first UE is carried.

Step 504: The IDMN queries the location identifier corresponding to the network identifier, that is, the address information of the eTN currently serving the first UE.

Step 505: The IDMN returns a location query response message to the IWN, and carries the location identifier.

Step 506, the IWN saves the mapping relationship between the network identifier and the location identifier, and forwards the data packet to the corresponding eTN.

Step 507, the eTN performs NAT and/or NAPT conversion, and sends the converted data packet to the AGW, and the AGW sends the data to the first UE through the access network;

Step 508: If the IWN receives the subsequent data packet sent to the first UE, the mapping relationship between the network identifier and the location identifier can be locally queried in step 502; and the data packet is forwarded to the corresponding according to the result of the query. eTN;

Step 509 is the same as step 507.

Through the above process, the data packet with the network identifier as the destination address can be correctly sent to the corresponding UE.

Implementation example 6

FIG. 13 is a schematic diagram of a process for replacing an eTN according to an embodiment of the present invention, showing that an eTN reselection occurs during a UE communication process, such as an eTN downtime, a link terminal between an AGW and an eTN, and the AGW will The process of reselecting the appropriate eTN to continue the service for the UE includes steps 601-614.

Step 601: When the first UE is performing the communication service through the first eTN, and the data packet is being sent or the data packet is being received, the AGW detects that the first eTN exits the service, and selects another eTN in the eTN pool according to the routing policy, such as the second. eTN;

Step 602: After receiving the data packet, the second eTN determines whether the data packet is the first data packet of the first UE, because the AGW sends the data packet of the first UE to the second eTN for the first time, so it is determined to be the first The data packet, the specific judgment manner is shown in step 406 of FIG. 4;

Steps 603 to 608 are the same as steps 407 to 412, respectively, except that the eTN is changed to the second eTN, and the second eTN queries the mapping relationship between the private network IP address and the network identifier, and performs NAT and/or according to the mapping relationship. NAPT operation, performing data packets from the first UE Convert and send;

Step 609: After receiving the network identifier query request of the second eTN, the IDMN learns that the first UE has switched from the first eTN to the second eTN, and the IDMN sends a delete UE request message to the first eTN to notify the first eTN. The first UE has left the node;

Step 610: The first eTN deletes the mapping relationship between the network identifier of the locally saved first UE and the private network IP address, and the corresponding NAT and/or NAPT entry, and no longer provides services for the first UE.

Step 611: The first eTN returns a delete UE request response to the IDMN.

Step 612, the IDMN sends a location change notification message to the IWN, carrying the network identifier of the first UE and the location identifier of the second eTN, and informing the IWN that the first UE has moved to the second eTN;

Step 613: The IWN updates the mapping relationship between the network identifier of the first UE and the location identifier, and replaces the location identifier of the first eTN in the original mapping relationship with the location identifier of the second eTN.

In step 614, the IWN returns a location change notification response message to the IDMN.

The subsequent IWN receives the data packet sent to the first UE, and sends the data packet to the second eTN according to the updated mapping relationship.

Through the foregoing process, when the original eTN no longer provides the forwarding service, the new eTN can be selected to continue to provide services for the UE, ensuring uninterrupted services, and enabling pooled deployment.

Implementation example 7

FIG. 14 is a schematic diagram of a UE offline process according to an embodiment of the present invention, showing a process in which the first UE on the uplink leaves the network and goes offline, including steps 701-710.

Step 701: The first UE goes offline. Here, the first UE goes offline and/or the first UE is in a location switch, so that the first UE leaving the attached AGW can be regarded as the first UE going offline.

Step 702: The AGW sends an offline message of the first UE to the IDMN, where the user identifier of the first UE is carried.

Step 703: The IDMN deletes the corresponding network identifier and the private network IP address according to the user identifier. The mapping relationship between the mapping relationship and the location identifier;

Step 704, the IDMN returns an offline message response to the AGW.

Step 705: The IDMN sends a downlink notification message of the first UE to the corresponding eTN according to the location identifier, where the network identifier of the first UE and the private network IP address are carried.

Step 706: The eTN deletes a mapping relationship between the network identifier of the first UE and the private network IP address, and the established NAT and/or NAPT entry.

Step 707: The eTN returns an offline notification response to the IDMN.

Step 708: The IDMN sends an offline notification message of the first UE to the IWN, where the network identifier of the first UE is carried.

Step 709: The IWN deletes a mapping relationship between the network identifier of the first UE and the location identifier.

Step 710: The IWN returns an offline notification response to the IDMN.

Through the above process, the offline process of the first UE is completed, and the eTN and the IWN are no longer served by the first UE.

Embodiments of the present invention also provide a storage medium. Optionally, in this embodiment, an execution instruction is stored in the storage medium, and the execution instruction is used to execute the foregoing method.

Optionally, in the embodiment, the foregoing storage medium may include, but is not limited to, a USB flash drive, a Read-Only Memory (ROM), and a Random Access Memory (RAM). A variety of media that can store program code, such as a hard disk, a disk, or an optical disk.

One of ordinary skill in the art will appreciate that all or a portion of the steps described above can be accomplished by a program that instructs the associated hardware, such as a read-only memory, a magnetic or optical disk, and the like. Alternatively, all or part of the steps of the above embodiments may also be implemented using one or more integrated circuits. Correspondingly, each module/unit in the foregoing embodiment may be implemented in the form of hardware or in the form of a software function module. The invention is not limited to any specific form of combination of hardware and software.

Although the embodiments disclosed in the present invention are as above, the content described is only for facilitating understanding of the present invention. The embodiments employed are not intended to limit the invention. Any modification and variation in the form and details of the embodiments may be made by those skilled in the art without departing from the spirit and scope of the invention. The scope defined by the appended claims shall prevail.

Industrial applicability

As described above, an address translation method, apparatus, and system, and network identity control method and apparatus provided by the embodiments of the present invention have the following beneficial effects: since the network identifier is corresponding to the user identifier of the UE, it can be used in the public network. A fixed network identifier indicates the UE, thereby meeting the requirements in terms of traceability, security, and flexible deployment.

Claims

An address translation method includes:

After the first user equipment UE is online, the identifier management node queries the network identifier corresponding to the user identifier of the first UE, and records the mapping between the queried network identifier and the private network IP address allocated to the first UE. Relationship; the network identifier is a public network IP address, or a public network IP address and a port number segment;

The switching node queries the identifier management node for the network identifier corresponding to the private network IP address of the first UE when the first data packet is received from the first UE, and records the private network IP of the first UE. A mapping relationship between the address and the queried network identifier, and performing address translation and transmission on the data packet from the first UE and the data packet sent to the first UE according to the recorded mapping relationship.
The method of claim 1, wherein the identifier management node, when the first UE is online, queries the network identifier corresponding to the user identifier of the first UE, including:

After the first UE is online, the access gateway sends an online message of the first UE to the identity management node, where the online message includes the user identifier of the first UE, and the access gateway allocates The private network IP address of the first UE;

After receiving the online message, the identity management node queries the corresponding network identifier according to the user identifier of the first UE in the online message.
The method of claim 1, wherein the performing address translation and transmission of the data packet from the first UE and the data packet addressed to the first UE according to the recorded mapping relationship comprises:

The switching node establishes a mapping relationship between the network address translation NAT and/or the network address port conversion NAPT data flow according to the relationship between the private network IP address of the first UE and the network identifier, and performs NAT and/or NAPT processing, including Transmitting the source IP address and the port in the data packet from the first UE into a public network IP address in the network identifier and a port in the port range defined by the network identifier, and sending the data packet to the first UE The destination IP address and port in the network are translated into a private network IP address and port corresponding to the corresponding network identifier.
The method of claim 1, wherein the identifier management node further includes: after querying the network identifier corresponding to the user identifier of the first UE:

When the identifier management node cannot find the network identifier corresponding to the user identifier of the first UE, select an idle public network IP address, or an idle public network IP address and an idle port number segment, or a non-idle public IP address. An address and an idle port number segment, as a network identifier allocated to the first UE, storing a correspondence between the user identifier of the first UE and the allocated network identifier; recording the assigned network identifier and assigning to Mapping relationship between the private network IP addresses of the first UE.
The method of claim 1, wherein the converting node, after querying the identifier management node for the network identifier corresponding to the private network IP address of the first UE, further comprises:

The identifier management node queries the mapping relationship between the network identifier and the private network IP address according to the private network IP address of the first UE;

If the network identifier corresponding to the private network IP address of the first UE is queried, the network identifier is returned to the conversion node as a query result;

If the query is not available, return a query result indicating that there is no such UE to the conversion node; or, select an idle public network IP address, or an idle public network IP address and an idle port number segment, or a non-idle public network The IP address and the idle port number segment are used as the network identifier allocated to the first UE, and the correspondence between the user identifier of the first UE and the assigned network identifier is saved, and the private state of the first UE is saved. A mapping relationship between the network IP address and the assigned network identifier, and returning the allocated network identifier to the conversion node as a query result.
The method of claim 1, wherein the converting node, after querying the identifier management node for the network identifier corresponding to the private network IP address of the first UE, further comprises:

The identifier management node obtains the address information of the conversion node that queries the network identifier, and records the correspondence between the user identifier of the first UE and/or the network identifier and the address information of the conversion node.
The method of claim 5, further comprising:

And the identifier management node updates the user and/or the network of the first UE according to the address information of the new transition node when the new switch node queries the network identifier corresponding to the private network IP address of the first UE. Identifying a correspondence between the address information and the address information of the conversion node; notifying the first UE that the first UE corresponds to the first UE to go offline, and the notification carries the network identifier of the first UE and/or is originally allocated to the The private network IP address of the first UE.
The method of claim 1 further comprising:

When the first UE goes offline, the access gateway sends the offline message of the first UE to the identity management node, and carries the private network IP address originally allocated to the first UE;

After receiving the offline message, the identifier management node deletes a mapping relationship between the network identifier of the first UE and the private network IP address, and notifies the first node that the first UE corresponds to the conversion node. A UE is offline, and the notification carries the network identifier of the first UE and/or a private network IP address originally allocated to the first UE.
The method of claim 7 or 8, further comprising:

After receiving the notification that the first UE goes offline, the mapping node deletes the mapping relationship between the private network IP address of the first UE and the network identifier, and deletes the established NAT and/or NAPT data stream. Mapping relations.
An address translation method includes:

The switching node queries the network identifier corresponding to the private network IP address of the first UE when receiving the first data packet from the first user equipment UE; the network identifier is a public network IP address, or a public network IP address. Address and port number segment;

The switching node records a mapping relationship between the private network IP address of the first UE and the queried network identifier, and sends a data packet from the first UE to the first according to the recorded mapping relationship. A UE's data packet is address translated and transmitted.
The method of claim 10, wherein said translating a data packet from said first UE and a data packet addressed to said first UE according to said recorded mapping relationship Sending includes:

The switching node establishes a mapping relationship between the network address translation NAT and/or the network address port conversion NAPT data flow according to the relationship between the private network IP address of the first UE and the network identifier, and performs NAT and/or NAPT processing, including Transmitting a source IP address and a port in the data packet from the first UE into a public network IP address in the network identifier and a port in a port range defined by the network identifier; and sending the data packet to the first UE The destination IP address and port in the network are translated into a private network IP address and port corresponding to the corresponding network identifier.
The method of claim 10, further comprising:

After receiving the notification that the first UE is offline, the switching node, according to the network identifier of the first UE carried in the notification, and/or the private network IP address originally allocated to the first UE, And deleting a mapping relationship between the private network IP address of the first UE and the network identifier, and deleting the established NAT and/or NAPT data flow mapping relationship.
A network identity control method includes:

After the first user equipment UE is online, the identifier management node queries the corresponding network identifier according to the user identifier of the first UE, and records between the queried network identifier and the private network IP address allocated to the first UE. Mapping relationship; the network identifier is a public network IP address, or a public network IP address and a port number segment;

After receiving the request for the conversion node to query the network identifier, the identifier management node queries the corresponding network identifier according to the private network IP address of the first UE that is carried in the request, and returns the result to the conversion node as a query result.
The method of claim 13, wherein the identifier management node further includes: after querying the corresponding network identifier according to the user identifier of the first UE:

When the identifier management node cannot find the network identifier corresponding to the user identifier of the first UE, select an idle public network IP address, or an idle public network IP address and an idle port number segment, or a non-idle public IP address. An address and an idle port number segment, as a network identifier allocated to the first UE, storing a correspondence between the user identifier of the first UE and the allocated network identifier And recording a mapping relationship between the assigned network identifier and a private network IP address allocated to the first UE.
The method of claim 13, wherein the identifier management node further includes: after querying the corresponding network identifier according to the private network IP address of the first UE that is carried in the request:

And if the identifier management node queries the network identifier corresponding to the private network IP address of the first UE, the network identifier is returned to the conversion node as a query result; if not, the return indicates that there is no such UE The query result is given to the conversion node; or, the idle public network IP address, or the idle public network IP address and the idle port number segment, or the non-idle public network IP address and the idle port number segment are allocated as the allocation. The network identifier of the first UE is saved, and the correspondence between the user identifier of the first UE and the allocated network identifier is saved, and the private network IP address of the first UE is saved and the allocated network identifier is saved. The mapping relationship and return the assigned network identifier to the conversion node as a query result.
The method of claim 13, wherein the identification management node further comprises: after receiving the request of the conversion node to query the network identifier:

The identifier management node obtains the address information of the conversion node that queries the network identifier, and records the correspondence between the user identifier of the first UE and/or the network identifier and the address information of the conversion node.
The method of claim 16 further comprising:

When the new management node requests to query the network identifier corresponding to the private network IP address of the first UE, the identifier management node updates the user of the first UE according to the address information of the new transition node. Corresponding relationship between the network identifier and the address information of the switching node; notifying the first UE that the first UE corresponds to the first UE to go offline, the notification carrying the network identifier of the first UE and/or originally assigned to The private network IP address of the first UE.
The method of any of claims 13 to 17, further comprising:

The identifier management node deletes the network of the first UE after the first UE goes offline The mapping between the identifier and the private network IP address.
The method of claim 18, wherein the identifying the management node to delete the mapping between the network identifier of the first UE and the private network IP address further comprises:

The identifier management node notifies the first UE that the first UE corresponds to the first node to go offline, and the notification carries the network identifier and/or the private network IP address originally allocated to the first UE.
An address translation system comprising: one or more conversion nodes;

Also includes:

The identifier management node is configured to query the network identifier corresponding to the user identifier of the first UE after the first user equipment UE is online, and record the queried network identifier and the private network IP address allocated to the first UE. The mapping relationship between the network identifiers is a public network IP address, or a public network IP address and a port number segment;

The switching node is configured to: when the first data packet from the first UE is received, query the identifier management node for a network identifier corresponding to the private network IP address of the first UE; and record the first UE Mapping between the private network IP address and the queried network identifier, and performing address translation and transmission on the data packet from the first UE and the data packet sent to the first UE according to the recorded mapping relationship .
The system of claim 20, further comprising:

One or more access gateways, configured to send an online message of the first UE to the identity management node when the first UE is online, where the online message carries the user identifier of the first UE, And a private network IP address assigned to the first UE.
An address conversion device, disposed on the conversion node, includes:

The query requesting module is configured to: when receiving the first data packet from the first user equipment UE, query the network identifier corresponding to the private network IP address of the first UE; the network identifier is a public network IP address, Or public network IP address and port number segment;

a conversion module, configured to record a private network IP address of the first UE and the queried network A mapping relationship between the identifiers, and performing address translation and transmission on the data packet from the first UE and the data packet sent to the first UE according to the recorded mapping relationship.
A network identifier control device is disposed on the identifier management node, and includes:

And an update module, configured to: after the first user equipment UE is online, query the corresponding network identifier according to the user identifier of the first UE, and record the queried network identifier and the private network IP address allocated to the first UE. The mapping relationship between the network identifiers is a public network IP address, or a public network IP address and a port number segment;

The query module is configured to query the corresponding network identifier according to the private network IP address of the first UE that is carried in the request, and then return the data identifier to the conversion node as a query result.