Summary of the invention
The object of the present invention is to provide a kind of network address translation and/or Firewall Traversing method, oversimplify web application, do not needing to support to make web application pass through various NAT/FW under the prerequisite of any additional protocol.
The object of the invention also is to provide a kind of network address translation and/or firewall spanning platform, effectively passes through all types of NAT/FW under the safe prerequisite not losing, and provides administrative mechanism reducing the network access path, and the balancing network load.
The present invention also aims to provide a kind of network address translation and/or Firewall Traversing system, effectively pass through all types of NAT/FW under the safe prerequisite not losing, and provide administrative mechanism reducing the network access path, and the balancing network load.
The traversing method of a kind of network address translation and/or fire compartment wall comprises the steps:
Step 1, user side sends to spanning platform with the user side network environment information by network address translation apparatus and/or fire compartment wall by passing through the agency;
Step 2, described spanning platform is according to this user side network environment information and pass through policy information, determines the mode of passing through and will pass through mode information to return to described user side;
Step 3, described user side passes through mode accordingly by passing through agency's use, makes described user side and corresponding application server communication.
Described step 2 comprises:
Pass through the scheduling step, the network environment information of described user side that will be by passing through the agency is as passing through the input of strategy step, and the result that will pass through strategy step passes to described user side by passing through the agency;
Pass through strategy step, according to the network environment information of described user side with pass through policy information and determine the mode of passing through, and this mode of passing through is delivered a letter breath as described input of passing through the scheduling step.
Also comprise and pass through the load balance step, gather and to pass through the information of server and as described input of passing through strategy step;
When determining to pass through mode, use if desired and pass through server, then gather the pass through server of information that passes through server, and this information and the described mode information of passing through are together passed through the input of dispatching step as described to determine to use.
The described strategy step of passing through is according to the user side network environment information, passes through server info and passes through policy information, passes through server to determine traversing method and one, and with above-mentioned result as described input of passing through the scheduling step.
The described strategy step of passing through is according to the user side network environment information, pass through server info and pass through policy information, to determine that traversing method and two pass through server, one of them passes through the packet that server is used to transmit carrier signaling, another passes through the packet that server is used to transmit the carrying data, and with above-mentioned result as described input of passing through the scheduling step.
Also comprise operator's management process,, and formulate the described strategy that passes through by the described spanning platform of operator's management control.
Described pass through policy information comprise the designated user end use with its route distance near pass through server, perhaps the working load minimum passes through server.
Also comprise and pass through positioning step, store described strategy, described spanning platform, the described information of passing through server and described apps server of passing through, provide relevant information in the strategy step carrying out described passing through.
If user side has been set up signaling channel and data channel by passing through to act on behalf of and pass through server, and when not having data to transmit, then keeps signaling channel, remove data channel; When user side is nullified, then remove signaling channel and data channel.
Described information of passing through server comprises loading condition that passes through server and the address information of passing through server.
Described user side network environment is meant the type of the network address translation apparatus and/or the fire compartment wall of user side.
A kind of network address translation and/or firewall spanning platform comprise:
Pass through strategic server, be used for passing through policy information and determining the mode of passing through according to described user side network environment information;
Pass through dispatch server, be connected with described user side with passing through to act on behalf of by network address translation apparatus and/or fire compartment wall, the other end is connected with the described strategic server that passes through, be used for sending described user side network environment information to the described strategic server that passes through, and described result of passing through strategic server is passed through the agency and passed to described user side by described.
Described spanning platform also comprises: pass through the load balance server, be connected with the described strategic server that passes through, the other end with pass through server and be connected, be used to gather the information of passing through server and pass to the described strategic server that passes through;
Pass through server, be connected, after described spanning platform decision is passed through server and passed through mode, realize communicating by letter between described user side and the described apps server with the load balance server that passes through in the described spanning platform.
Described spanning platform also comprises: operator's management server, and respectively with the described dispatch server that passes through, pass through strategic server, pass through the load balance server and be connected, be used for the described spanning platform of operator's management control, and formulate and pass through strategy.
Described spanning platform also comprises: one passes through location-server, with describedly pass through strategic server, operator's management server is connected, storage is passed through strategy, spanning platform, is passed through the information of server and apps server, provides relevant information to the described strategic server that passes through.
A kind of network address translation and/or Firewall Traversing system comprise:
User side is communicated by letter with network address translation apparatus and/or fire compartment wall by passing through the agency;
Spanning platform, be connected with described user side with passing through to act on behalf of by network address translation apparatus and/or fire compartment wall, according to the user side network environment, pass through policy information, determine that user side passes through mode accordingly and this is passed through mode information returns to described user side;
Apps server is passed through the agency and is connected with described user side with described by described network address translation apparatus and/or fire compartment wall, provides service to described user side.
Described spanning platform comprises:
Pass through strategic server, be used for passing through policy information and determining the mode of passing through according to described user side network environment information;
Pass through dispatch server, pass through the agency and be connected with described by described network address translation apparatus and/or fire compartment wall with described user side, the other end is connected with the described strategic server that passes through, be used for sending described user side network environment information to the described strategic server that passes through, and described result of passing through strategic server is passed through the agency and passed to described user side by described.
Described spanning platform also comprises and passes through the load balance server, be connected with the described strategic server that passes through, the other end with pass through server and be connected, be used to gather the information of passing through server and pass to the described strategic server that passes through;
Pass through server, be connected, after described spanning platform decision is passed through server and passed through mode, realize communicating by letter between described user side and the described apps server with the load balance server that passes through in the described spanning platform.
Also comprise operator's management server, respectively with the described dispatch server that passes through, pass through strategic server, pass through the load balance server and be connected, be used for the described spanning platform of operator's management control, and formulate and pass through strategy.
Also comprise and pass through location-server, with describedly pass through strategic server, operator's management server is connected, storage is passed through strategy, spanning platform, is passed through the information of server and apps server, provides relevant information to the described strategic server that passes through.
Pass through the agency and be one and independently pass through acting server, be used for acting on behalf of the data of transmitting between described user side and other equipment of network with respect to user side.
Described pass through the agency be one be integrated in user side pass through agency service software, be used for acting on behalf of the data of transmitting between described user side and other equipment of network.
Described spanning platform is a computer.
Beneficial effect of the present invention is, make the user terminal program of local area network (LAN) inside can pass through all types of NAT and/or fire compartment wall, pass through with application software irrelevant, do not need to change existing application software, by selecting the best server that passes through, make NLB, and can obtain best route, application software is connected more fast, particularly better to the communication efficiency of some instant communication softwares.
Embodiment
Below, carry out following detailed description for the present invention in conjunction with the accompanying drawings.
The present invention can be used for the practical application of IPTV (IPTV), VoIP passing through NAT such as (Voice over InternetProtocol) and/or fire compartment wall.
Fig. 1 is a system construction drawing of the present invention.As shown in the figure, the user side application program sends packet (simultaneously to passing through acting server (TA:TraversalAgent), also can acting server be made into hardware or the software module form is integrated in user side with passing through), require to communicate by letter with apps server (AS:Application Server) by fire compartment wall or NAT.TA and user terminal can be able to be placed same computer, also can become the computer (being the computer of a platform independent in this example) of a platform independent.All application data bags relevant for network all pass through TA, can add the TA routed path in the routing table in local area network (LAN).The pass through dispatch server (TDS:Traversal Dispatch Server) of TA in spanning platform OAM transmits network environment information, and this information comprises that TA is after NAT (symmetry or asymmetry NAT device) in what type or the fire compartment wall.Simultaneously, collect the loading condition that passes through server (TS:Traversal Server) that this spanning platform is being managed by the load balance server (TBS:Traversal Balance Server) that passes through among the OAM, with information such as its addresses, and pass through strategic server (TPS:Traversal Policy Server) according to a scheduled time from trend and transmit this information.The strategy of storage TPS in passing through location-server (TLS:Traversal Location Server), the information that needs when the state information of the TS that TBS gathers and application program are passed through.Comprise that is also passed through a management server (TMS:Traversal Management Server), be used for operator's configuration and pass through strategy, distribute the qualified server TS that passes through to TA, for example, there are 5 to pass through server TS in the network, wherein 4 duty ratios of passing through server are bigger, then by operator decision be with route preferentially or with the load balance priority allocation give TA suitable pass through server, if operator decision with route preferentially distribute to TA on route from TA nearest pass through server, though distribute to the server that passes through that still load far away slightly but not really weighs on route of TA if selection is paid the utmost attention to load balance, this can realize according to the configuration of operator; But also can use corresponding application server A S according to type of application that will transmit and the decision of transfer data packets type of service, according to different application different strategies is set; Operator can also allow type of service by this spanning platform by regulation is set, Sip agreement or based on the business of other agreements; Pass through strategic server or the like strategy by the address choice of passing through strategic server.Pass through strategic server TPS and receiving the TA end place network condition of passing through dispatch server TDS transmission, with the load of passing through server TS and the address situation of passing through load balance server TBS collection, pass through mode according to the special strategy of operator's setting or the decision of acquiescence, and return best TS address to TA, so that communicate between TA and the TS.
As preferred embodiment, passing through server TS can be divided into two kinds and pass through server, a kind of is to be specifically designed to the server that the signaling data free clothing is got over, another kind is the server that passes through of the packet that is specifically designed to data content (for example packet RTP of real-time Transmission association), because the consumption of network resources of passing through of signaling is not very big in passing through, and the packet of multi-medium data bag or other data type is very big to the consumption of passing through server, so pass through strategic server TPS can according to the packet that will pass through belong to the signaling data bag still be the packet of multimedia type be assigned to respective type pass through server TS, make the load balance more of passing through server like this.
Figure 2 shows that the inventive method is used passes through server TS flow chart.Step 201 is passed through acting server TA and is transmitted the user side network environment information to passing through dispatch server TDS.Step 202 is passed through load balance server TBS and is gathered the information (comprising routing address information and load state information etc.) of passing through server TS.Step 203 is passed through the information of strategic server TPS according to TDS and TBS, determine to pass through the mode of passing through of acting server TA and to use pass through server TS.Step 204 is passed through strategic server TPS and is transmitted this information by passing through dispatch server TDS to passing through acting server TA.Step 205 is passed through acting server TA and is passed through between the server TS and set up channel, and transmits data.Step 206 is passed through server TS and apps server and is connected, and transmits data.
Exemplify most popular a kind of communication protocol session initiation protocol (SIP:Session Initiation Protocol) below and describe the result who determines the mode of passing through:
Table 1: decision condition and result table
The NAT type | The fire compartment wall type | Between TA and TS, whether use TCP/HTTP | Whether comprise TS | Application strategy |
Asymmetric | Do not forbid udp protocol | No | No | Use the stun mode to pass through |
Symmetry | Do not forbid udp protocol | No | Be | Use the turn mode to pass through |
Asymmetric | Forbid udp protocol | Be | Be | Setting up UDP channel mode passes through |
Symmetry | Forbid udp protocol | Be | Be | Setting up the TCP/HTTP channel passes through, and return in the network from the nearest TS address of TA, with it as passing through server.(negative effect when transmitting the RTP packet) to reduce Transmission Control Protocol |
Sip terminal among the following embodiment is the Intranet user terminal in fire compartment wall or NAT back;
UserA is the sign of Sip terminal, is called the Sip Termination ID;
UserA@userA.domain, the back be the routing address that can be routed to this Sip terminal, also have in an embodiment,, this routing address can be the IP address, also can be domain name.
UserB is the public network user terminal, also can be the Intranet user terminal in fire compartment wall or NAT back;
The Sip server can send the data of calling terminal to called end for Sip is provided the server of service.
Fig. 3 A is that the inventive method Session Initiation Protocol data are to asymmetric form NAT with do not forbid the Sip terminal use registration process figure of the Firewall Traversing of udp protocol.
The user side application program is the Sip terminal, sends register requirement to passing through acting server TA, and calling terminal From is described as: userA@register.domain, and wherein userA is the Sip Termination ID, register.domain is the Sip server address; The description of called end To is consistent with calling terminal; Signaling address Contact is: userA@userA.domain, and wherein userA is the Sip Termination ID, userA.domain is the Sip terminal address.
Passing through acting server TA passes NAT and/or fire compartment wall with the detection information (comprising the type of NAT and/or fire compartment wall etc.) of user profile and network environment and sends to and pass through dispatch server TDS, and by pass through dispatch server TDS request pass through strategic server TPS distribute to this registration Sip terminal one suitable pass through server and traversing method, pass through strategic server TPS and (comprise load according to passing through information that dispatch server TDS transmits and the state that passes through the TS of server, routing address etc.) return and pass through server TS and corresponding traversing method (being STUN in this example) what use.
After passing through dispatch server TDS and receiving this information, because this mode does not need to pass through server TS, so only transmit traversing method STUN to passing through acting server TA.After having determined the mode of passing through, passing through acting server TA utilizes the mode of passing through of STUN to send log-on message to the Sip server, pass through acting server TA and send being described as of calling terminal From of information: userA@register.domain, wherein userA is the Sip Termination ID, and register.domain is the Sip server address; The description of called end To is consistent with calling terminal; Signaling address Contact is: userA@NAT/FW.domain, and wherein userA is the Sip Termination ID, NAT/FW.domain is fire compartment wall or NAT address.And set up and the logical channel that keeps a UDP C.1.
The Sip server returns the 200OK confirmation to passing through acting server TA, and calling terminal From is described as: userA@register.domain, and wherein userA is the Sip Termination ID, register.domain is the Sip server address; The description of called end To is consistent with calling terminal; Signaling address Contact is: userA@NAT/FW.domain, and wherein userA is the Sip Termination ID, NAT/FW.domain is fire compartment wall or NAT address.
Revise the affirmation information of the Sip server receive by passing through acting server TA, the content of calling terminal and called end is constant, change the signaling address into userA@userA.domain, wherein userA is the Sip Termination ID, userA.domain is the Sip terminal address, and this 200OK is confirmed that packet is transmitted to the Sip terminal.
Fig. 3 B is that the inventive method Session Initiation Protocol data are to asymmetric form NAT with do not forbid the Sip terminal use invitation process figure of the Firewall Traversing of udp protocol.
The Sip terminal is sent to the Sip server and is invited request, and calling terminal From is described as: userA@register.domain, and wherein userA is the Sip Termination ID, register.domain is the Sip server address; Called end To is described as: userB@register.domain, and wherein userB is the called end user ID, register.domain is the Sip server address; Signaling address Contact is: userA@userA.domain, and wherein userA is the Sip Termination ID, userA.domain is the Sip terminal address; Media data packet address SDP is described as, IPA:PortA, the address of media data packet is Sip IP address of terminal: IPA, use be Sip terminal PortA port.
Pass through the invitation data bag that acting server TA transmits the Sip terminal, the description of calling terminal and called end does not change, and the signaling address modification is: userA@FW/NAT.domain, and wherein userA is the Sip Termination ID, FW/NAT.domain is the address of fire compartment wall or NAT; Media data packet SDP address modification is: IPFW/NAT:PortFW/NAT, and wherein IPFW/NAT is the IP address of fire compartment wall or NAT, PortFW/NAT is for using the port of fire compartment wall or NAT.
Like this, pass through UDP logic channel that acting server TA and Sip acting server set up a signaling C.1.
The Sip server returns a 200OK confirmation by fire compartment wall or NAT to passing through acting server TA, and calling terminal From is described as: userA@register.domain, and wherein userA is the Sip Termination ID, register.domain is the Sip server address; Called end To is described as: userB@register.domain, and wherein userB is called end user ID (user on the public network), register.domain is the Sip server address; Signaling address Contact is: userB@userB.domain, and wherein userB is the called end user ID, userB.domain is the called subscriber address; Data packet addressed SDP is described as, IPB:PortB, the address of packet is called subscriber address: IPB, use be called subscriber's PortB port.
Pass through acting server TA and transmit this information to the Sip terminal use, the information of calling terminal and called end does not change in 200OK confirms, the signaling address is: userB@TA.domain, userB are the called end user ID, and TA.domain is for passing through acting server TA address; The media data packet address is: IPTA:PortTA, and IPTA is for passing through acting server IP address, and PortTA is for passing through the acting server port.
The Sip terminal transmits the RTP packet to passing through acting server TA, passes through acting server TA and C.2 transmits data mutually by the UDP media channel with apps server (Sip server) foundation.When having the media data transmission, only do not close media channel C.2.
Fig. 3 C be the inventive method Session Initiation Protocol data to asymmetric form NAT and the Sip terminal use of Firewall Traversing who does not forbid udp protocol by invitation process figure.
C.1 send the request of inviting to the Sip terminal by the Sip server by the UDP logic channel, packet information when acting server TA is passed through in arrival, calling terminal From is described as: userB@register.domain, wherein userB is the calling terminal user ID, and register.domain is the Sip server address; Called end To is described as: userA@register.domain, and wherein userA is the Sip Termination ID, register.domain is the Sip server address; Signaling address Contact is: userB@userB.domain, and wherein userB is the calling terminal user ID, userB.domain is the calling terminal address; Media data packet address SDP is described as, IPB:PortB, the address of media data packet is calling terminal IP address: IPB, use be the PortB port of calling terminal.
Pass through acting server TA when the Sip terminal is transmitted this invitation request, calling terminal and called end information all do not have to change, be revised as the signaling address: userB@TA.domain, and wherein userB is the calling terminal user ID, TA.domain passes through the address of acting server TA for sending these data; Media data packet address SDP is described as, IPTA:PortTA, the address of media data packet is the IP address of passing through acting server TA: IPTA, use be the PortTA port that passes through acting server TA.
The Sip terminal is returned the 200OK confirmation to passing through acting server TA, calling terminal is identical with called end information with the invitation request calling terminal of called end information and reception, the signaling address is: userA@userA.domain, and wherein userA is the Sip Termination ID, userA.domain is the Sip terminal address; Media data packet address SDP is described as IPA:PortA; The address of media data packet is Sip IP address of terminal: IPA, use be Sip terminal PortA port.
C.1 passing fire wall or NAT transmit this 200OK to the Sip server and confirm by the UDP logic channel by passing through acting server TA, calling terminal and called end information do not change, the signaling address is: userA@FW/NAT.domain, wherein userA is the Sip Termination ID, and FW/NAT.domain is the public network address of fire compartment wall or NAT; Media data packet address SDP is described as IPFW/NAT:PortFW/NAT; The address of media data packet is: the public network IP address of fire compartment wall or NAT (IPFW/NAT), what port used is the port (PortFW/NAT) of fire compartment wall or NAT.
The Sip terminal transmits the RTP packet to passing through acting server TA, passes through acting server TA and C.3 transmits data mutually by the UDP media logical channel with apps server (Sip server) foundation.When having the media data transmission, only do not close media channel C.3.
Fig. 3 D is that the inventive method Session Initiation Protocol data are to asymmetric form NAT with do not forbid the Sip terminal use log off procedure figure of the Firewall Traversing of udp protocol.
The Sip terminal transmits log-off message to passing through acting server TA, and calling terminal From is described as: userA@register.domain, and wherein userA is the Sip Termination ID, register.domain is the Sip server address; Called end To is described as: userA@register.domain, and wherein userA is the Sip Termination ID, register.domain is the Sip server address; Signaling address Contact is: userA@userA.domain, and wherein userA is the Sip Termination ID, userA.domain is the Sip terminal address; The Sip terminal is 0 with the lifetime that is connected of Sip server.
Pass through acting server TA and transmit log-off message to the Sip server by fire compartment wall or NAT, calling terminal and called end information do not change, be revised as the signaling address: userA@NAT/FW.domain, userA is the Sip Termination ID, the signaling address is fire compartment wall or NAT address, and C.1 this information pass the server to Sip by the logic channel of UDP.
C.1, the Sip server returns the 200OK confirmation to passing through acting server TA by the logic channel of UDP, and the information of calling terminal, called end and signaling address is identical with the log-off message of its transmission.
Pass through acting server TA and return the 200OK confirmation to the Sip terminal use, calling terminal and called end information are constant, and be revised as the signaling address, userA@userA.domain, and wherein userA is the Sip Termination ID, userA.domain is the Sip terminal address.After the Sip terminal use receives the confirmation information, promptly disconnect the UDP logic channel C.1.
Fig. 4 A is that the data of the inventive method Session Initiation Protocol are to symmetric form NAT and the non-Sip terminal use registration process figure that forbids the Firewall Traversing of udp protocol.
The user side application program is the Sip terminal, sends register requirement to passing through acting server TA, and calling terminal From is described as: userA@register.domain, and wherein userA is the Sip Termination ID, register.domain is the Sip server address; The description of called end To is consistent with calling terminal; Signaling address Contact is: userA@userA.domain, and wherein userA is the Sip Termination ID, userA.domain is the Sip terminal address.
Passing through acting server passes NAT and/or fire compartment wall with the detection information of user profile and network environment and sends to and pass through dispatch server TDS, and by pass through dispatch server TDS request pass through strategic server TPS distribute to this registration Sip terminal use one suitable pass through server and traversing method, passing through strategic server TPS returns and passes through server TS and corresponding traversing method (using the TRUN method to pass through in this example) with what use according to passing through information that dispatch server TDS transmits and the state that passes through the TS of server.
After passing through dispatch server TDS and receiving this information, because this mode need be passed through server TS, so transmit traversing method TRUN to passing through acting server TA.After having determined the mode of passing through, pass through acting server TA and utilize the mode of passing through of TRUN passing through acting server TA and passing through and set up a logic channel between server TS C.4.
Pass through acting server TA and C.4 transmit log-on message to passing through server TS by logic channel, being described as of calling terminal From: userA@register.domain wherein, wherein userA is the Sip Termination ID, register.domain is the Sip server address; The description of called end To is consistent with calling terminal; Signaling address Contact is: userA@TA.domain, and wherein userA is the Sip Termination ID, TA.domain is for passing through acting server TA address.
Pass through server TS and send this log-on message to the Sip server, being described as of calling terminal From: userA@register.domain wherein, wherein userA is the Sip Termination ID, register.domain is the Sip server address; The description of called end To is consistent with calling terminal; Signaling address Contact is: userA@TS.domain, and wherein userA is the Sip Termination ID, TS.domain is for passing through proxy server address.
The Sip server returns 200OK and confirms to passing through server TS, being described as of calling terminal From: userA@register.domain wherein, and wherein userA is the Sip Termination ID, register.domain is the Sip server address; The description of called end To is consistent with calling terminal; Signaling address Contact is: userA@TS.domain, and wherein userA is the Sip Termination ID, TS.domain is for passing through proxy server address.
Pass through server TS and C.4 transmit this 200OK affirmation to passing through acting server TA by the UDP logic channel, being described as of calling terminal From: userA@register.domain wherein, wherein userA is the Sip Termination ID, and register.domain is the Sip server address; The description of called end To is consistent with calling terminal; Signaling address Contact is: userA@TA.domain, and wherein userA is the Sip Termination ID, TA.domain is for passing through proxy server address.
Pass through acting server TA and transmit this 200OK to the Sip terminal and confirm, being described as of calling terminal From: userA@register.domain wherein, wherein userA is the Sip Termination ID, register.domain is the Sip server address; The description of called end To is consistent with calling terminal; Signaling address Contact is: userA@userA.domain, and wherein userA is the Sip Termination ID, userA.domain is the Sip terminal address.
Fig. 4 B is that the inventive method Session Initiation Protocol data are to symmetric form NAT and the non-Sip terminal use invitation process figure that forbids the Firewall Traversing of udp protocol.
The Sip terminal is sent the invitation request to passing through acting server TA, and wherein, calling terminal From is described as: userA@register.domain, and wherein userA is the Sip Termination ID, register.domain is the Sip server address; Called end To is described as: userB@register.domain, and wherein userB is the called end user ID, register.domain is the Sip server address; Signaling address Contact is: userA@userA.domain, and wherein userA is the Sip Termination ID, userA.domain is the Sip terminal address; Media data packet address SDP is described as, IPA:PortA, the address of media data packet is Sip IP address of terminal: IPA, use be the PortA port of Sip terminal.
Pass through acting server TA and C.4 transmit message request to passing through server TS by the UDP logic channel, wherein, calling terminal From is described as: userA@register.domain, and wherein userA is the Sip Termination ID, register.domain is the Sip server address; Called end To is described as: userB@register.domain, and wherein userB is the called end user ID, register.domain is the Sip server address; Signaling address Contact is: TA@TA.domain, and wherein TA passes through the acting server user ID, and TA.domain is for passing through acting server TA address; Media data packet address SDP is described as, IPTA:PortTA, the address of media data packet is the IP address of passing through acting server TA: IPTA, use be the PortTA port that passes through acting server TA.
Pass through server TS and transmit message request to the Sip server, wherein, calling terminal From is described as: userA@register.domain, and wherein userA is the Sip Termination ID, register.domain is the Sip server address; Called end To is described as: userB@register.domain, and wherein userB is the called end user ID, register.domain is the Sip server address; Signaling address Contact is: TS@TS.domain, and wherein TS passes through server user ID, and TS.domain is for passing through server TS address; Media data packet address SDP is described as, IPTS:PortTS, the address of media data packet is the IP address of passing through server TS: IPTS, use be the PortTS port that passes through server TS.
The Sip server returns the 200OK confirmation to passing through server TS, and wherein, calling terminal From is described as: userA@register.domain, and wherein userA is the Sip Termination ID, register.domain is the Sip server address; Called end To is described as: userB@register.domain, and wherein userB is the called end user ID, register.domain is the Sip server address; Signaling address Contact is: userB@userB.domain, and wherein userB is the called end user ID, userB.domain is the called end address; Media data packet address SDP is described as, IPB:PortB, the address of media data packet is the IP address of called end: IPB, use be the PortB port of called end.
Pass through server TS and C.4 transmit this 200OK confirmation to passing through acting server TA by the UDP logic channel, wherein, calling terminal From is described as: userA@register.domain, and wherein userA is the Sip Termination ID, register.domain is the Sip server address; Called end To is described as: userB@register.domain, and wherein userB is the called end user ID, register.domain is the Sip server address; Signaling address Contact is: userB@TS.domain, and wherein userB is the called end user ID, TS.domain is for passing through server TS address; Media data packet address SDP is described as, IPTS:PortTS, the address of media data packet is the IP address of passing through server TS: IPTS, use be the PortTS port that passes through server TS.
Pass through acting server TA and transmit this 200OK confirmation to the Sip terminal, wherein, calling terminal From is described as: userA@register.domain, and wherein userA is the Sip Termination ID, register.domain is the Sip server address; Called end To is described as: userB@register.domain, and wherein userB is the called end user ID, register.domain is the Sip server address; Signaling address Contact is: userB@TA.domain, and wherein userB is the called end user ID, TA.domain is for passing through acting server TA address; Media data packet address SDP is described as, IPTA:PortTA, the address of packet is the IP address of passing through acting server TA: IPTA, use be the PortTA port that passes through acting server TA.
The Sip terminal with pass through acting server TA and transmit the RTP media data packet by UDP.Pass through acting server TA and pass through server TS and set up a media logical channel C.5, transmit the RTP media data packet.Pass through server TS and Sip server and transmit the RTP media data packet by UDP.
Fig. 4 C be the data of the inventive method Session Initiation Protocol to the Sip terminal use of symmetric form NAT and non-Firewall Traversing of forbidding udp protocol by invitation process figure.
The Sip server sends the invitation solicited message to passing through server TS, and wherein, calling terminal From is described as: userB@register.domain, and wherein userB is the calling terminal user ID, register.domain is the Sip server address; Called end To is described as: userA@register.domain, and wherein userA is the Sip Termination ID, register.domain is the Sip server address; Signaling address Contact is: userB@userB.domain, and wherein userB is the calling terminal user ID, userB.domain is the calling terminal address; Media data packet address SDP is described as, IPB:PortB, the address of packet is calling terminal IP address: IPB, use be the PortB port of calling terminal.
Pass through server TS and C.4 transmit message request to passing through acting server TA by the UDP logic channel, wherein, calling terminal From is described as: userB@register.domain, and wherein userB is the calling terminal user ID, register.domain is the Sip server address; Called end To is described as: userA@register.domain, and wherein userA is the Sip Termination ID, register.domain is the Sip server address; Signaling address Contact is: userB@TS.domain, and wherein userB is the calling terminal user ID, TS.domain is for passing through server TS address; Media data packet address SDP is described as, IPTS:PortTS, the address of media data packet is the IP address of passing through server TS: IPTS, use be the PortTS port that passes through server TS.
Pass through acting server TA and transmit message request to the Sip terminal, wherein, calling terminal From is described as: userB@register.domain, and wherein userB is the calling terminal user ID, register.domain is the Sip server address; Called end To is described as: userA@register.domain, and wherein userA is Si terminal use ID, register.domain is the Sip server address; Signaling address Contact is: userB@TA.domain, and wherein userB is the calling terminal user ID, TA.domain is for passing through acting server TA address; Media data packet address SDP is described as, IPTA:PortTA, the address of media data packet is the IP address of passing through acting server TA: IPTA, use be the PortTA port that passes through acting server TA.
The Sip terminal is returned the 200OK confirmation to passing through acting server TA, and wherein, calling terminal From is described as: userB@register.domain, and wherein userB is the calling terminal user ID, register.domain is the Sip server address; Called end To is described as: userA@register.domain, and wherein userA is the Sip Termination ID, register.domain is the Sip server address; Signaling address Contact is: userA@userA.domain, and wherein userA is the Sip Termination ID, userA.domain is the Sip terminal address; Media data packet address SDP is described as, IPA:PortA, the address of media data packet is the IP address of Sip terminal: IPA, use be the PortA port of Sip terminal.
Pass through acting server TA and C.4 transmit this 200OK confirmation to passing through server TS by the UDP logic channel, wherein, calling terminal From is described as: userB@register.domain, and wherein userB is the calling terminal user ID, register.domain is the Sip server address; Called end To is described as: userA@register.domain, and wherein userA is the Sip Termination ID, register.domain is the Sip server address; Signaling address Contact is: userA@TA.domain, and wherein userA is the Sip Termination ID, TA.domain is for passing through acting server TA address; Media data packet address SDP is described as, IPTA:PortTA, the address of media data packet is the IP address of passing through acting server TA: IPTA, use be the PortTA port that passes through acting server TA.
Pass through server TS and transmit this 200OK confirmation to the Sip server, wherein, calling terminal From is described as: userB@register.domain, and wherein userB is calling terminal end subscriber ID, register.domain is the Sip server address; Called end To is described as: userA@register.domain, and wherein userA is the Sip Termination ID, register.domain is the Sip server address; Signaling address Contact is: userA@TS.domain, and wherein useA is the Sip Termination ID, TS.domain is for passing through server TS address; Media data packet address SDP is described as, IPTS:PortTS, the address of media data packet is the IP address of passing through server TS: IPTS, use be the PortTS port that passes through server TS.
The Sip terminal with pass through acting server TA and transmit the RTP media data packet by UDP.Pass through acting server TA and pass through server TS and set up a media logical channel C.6, transmit the RTP media data packet.Pass through server TS and Sip server and transmit the RTP media data packet by UDP.When Sip terminal use userA and calling terminal user userB do not have media data to transmit, then close media channel C.6.
Fig. 4 D is that the inventive method Session Initiation Protocol data are to symmetric form NAT with do not forbid the Sip terminal use log off procedure figure of the Firewall Traversing of udp protocol.
The Sip terminal transmits log-off message to passing through acting server TA, and calling terminal From is described as: userA@register.domain, and wherein userA is the Sip Termination ID, register.domain is the Sip server address; Called end To is described as: userA@register.domain, and wherein userA is the Sip Termination ID, register.domain is the Sip server address; Signaling address Contact is: userA@userA.domain, and wherein userA is the Sip Termination ID, userA.domain is the Sip terminal address; The Sip terminal is 0 with the lifetime that is connected of Sip server.
C.4 passing fire wall or NAT transmit log-off message to passing through server TS by the UDP logic channel to pass through acting server TA, calling terminal and called end do not change, be revised as the signaling address: userA@TA.domain, userA is the Sip Termination ID, the signaling address is the address of passing through acting server TA, and life cycle is 0; C.4, this information transmits by the logic channel of UDP.
Pass through server TS and transmit log-off message to the Sip server, calling terminal and called end do not change, and be revised as the signaling address: userA@TS.domain, userA are the Sip Termination ID, and the signaling address is the address of passing through server TS, and life cycle is 0.
The Sip server returns the 200OK confirmation to passing through server TS, and calling terminal, called end and signaling address are all identical with the log-off message that it receives.
C.4, passing through the logic channel of server TS by UDP returns 200OK and confirms to passing through acting server TA, calling terminal and called end information are constant, be revised as the signaling address: userA@TA.domain, userA is the Sip Termination ID, the signaling address is the address of passing through acting server TA, and life cycle is 0.
Pass through acting server TA and return the 200OK affirmation to the Sip terminal use, calling terminal and called end information are constant, and be revised as the signaling address, userA@userA.domain, and wherein userA is the Sip Termination ID, userA.domain is the Sip terminal address; Life cycle is 0.After the Sip terminal use receives the confirmation information, promptly disconnect the UDP logic channel C.4.
Fig. 5 A is the inventive method Session Initiation Protocol data to symmetric form NAT and forbids the Sip terminal use registration process figure of the Firewall Traversing of udp protocol.
The user side application program is the Sip terminal, sends register requirement to passing through acting server TA, and calling terminal From is described as: userA@register.domain, and wherein userA is the Sip Termination ID, register.domain is the Sip server address; The description of called end To is consistent with calling terminal; Signaling address Contact is: userA@userA.domain, and wherein userA is the Sip Termination ID, userA.domain is the Sip terminal address.
Passing through acting server TA passes NAT and/or fire compartment wall with the detection information of user profile and network environment and sends to and pass through dispatch server TDS, and pass through strategic server TPS and distribute to this registered user and hold a suitable server and the traversing method of passing through by passing through dispatch server TDS request, passing through strategic server TPS returns and passes through server TS and traversing method (being HTTP/TCP channel mode in this example) accordingly with what uses according to passing through information that dispatch server TDS transmits and the state that passes through the TS of server.
After passing through dispatch server TDS and receiving this information, because this mode need be passed through server TS, so transmit HTTP/TCP channel traversing method to passing through acting server TA.After having determined the mode of passing through, pass through acting server TA and pass through server TS and set up a HTTP/TCP channel C.7.
Pass through acting server TA and C.7 transmit log-on message to passing through server TS by channel, being described as of calling terminal From: userA@register.domain wherein, wherein userA is the Sip Termination ID, register.domain is the Sip server address; The description of called end To is consistent with calling terminal; Signaling address Contact is: userA@TA.domain, and wherein userA is the Sip Termination ID, TA.domain is the address of passing through acting server TA.
Pass through server TS and send this log-on message to the Sip server, wherein, calling terminal From is described as: userA@register.domain, and wherein userA is the Sip Termination ID, register.domain is the Sip server address; The description of called end To is consistent with calling terminal; Signaling address Contact is: userA@TS.domain, and wherein userA is the Sip Termination ID, TS.domain is the address of passing through acting server TS.
The Sip server returns the 200OK confirmation to passing through server TS, and wherein, calling terminal From is described as: userA@register.domain, and wherein userA is the Sip Termination ID, register.domain is the Sip server address; The description of called end To is consistent with calling terminal; Signaling address Contact is: userA@TS.domain, and wherein userA is the Sip Termination ID, TS.domain is the address of passing through acting server TS.
Pass through server TS and C.7 transmit this 200OK affirmation to passing through acting server TA by the HTTP/TCP channel, wherein, calling terminal From is described as: userA@register.domain, and wherein userA is the Sip Termination ID, register.domain is the Sip server address; The description of called end To is consistent with calling terminal; Signaling address Contact is: userA@TA.domain, and wherein userA is the Sip Termination ID, TA.domain is the address of passing through acting server TA.
Pass through acting server TA and transmit this 200OK affirmation to the Sip terminal, wherein, calling terminal From is described as: userA@register.domain, and wherein userA is the Sip Termination ID, register.domain is the Sip server address; The description of called end To is consistent with calling terminal; Signaling address Contact is: userA@userA.domain, and wherein userA is the Sip Termination ID, userA.domain is the Sip terminal address.
Fig. 5 B is the inventive method Session Initiation Protocol data to symmetric form NAT and forbids the Sip terminal use invitation process figure of the Firewall Traversing of udp protocol.
The Sip terminal is sent the invitation request to passing through acting server TA, and wherein, calling terminal From is described as: userA@register.domain, and wherein userA is the Sip Termination ID, register.domain is the Sip server address; Called end To is described as: userB@register.domain, and wherein userB is the called end user ID, register.domain is the Sip server address; Signaling address Contact is: userA@userA.domain, and wherein userA is the Sip Termination ID, userA.domain is the Sip terminal address; Media data packet address SDP is described as, IPA:PortA, the address of packet is Sip IP address of terminal: IPA, use be the PortA port of Sip terminal.
Pass through acting server TA and C.7 transmit message request to passing through server TS by the TCP/HTTP channel, wherein, calling terminal From is described as: userA@register.domain, and wherein userA is the Sip Termination ID, register.domain is the Sip server address; Called end To is described as: userB@register.domain, and wherein userB is the called end user ID, register.domain is the Sip server address; Signaling address Contact is: userA@TA.domain, and wherein userA is the Sip Termination ID, TA.domain is for passing through acting server TA address; Media data packet address SDP is described as, IPTA:PortTA, the address of packet is the IP address of passing through acting server TA: IPTA, use be the PortTA port that passes through acting server TA.
Pass through server TS and transmit message request to the Sip server, wherein, calling terminal From is described as: userA@register.domain, and wherein userA is the Sip Termination ID, register.domain is the Sip server address; Called end To is described as: userB@register.domain, and wherein userB is the called end user ID, register.domain is the Sip server address; Signaling address Contact is: userA@TS.domain, and wherein userA is the Sip Termination ID, TS.domain is for passing through server TS address; Media data packet address SDP is described as, IPTS:PortTS, the address of media data packet is the IP address of passing through server TS: IPTS, use be the PortTS port that passes through server TS.
The Sip server returns the 200OK confirmation to passing through server TS, and wherein, calling terminal From is described as: userA@register.domain, and wherein userA is the Sip Termination ID, register.domain is the Sip server address; Called end To is described as: userB@register.domain, and wherein userB is the called end user ID, register.domain is the Sip server address; Signaling address Contact is: userB@userB.domain, and wherein userB is the called end user ID, userB.domain is the called end address; Media data packet address SDP is described as, IPB:PortB, the called end IP address, address of media data packet: IPB, use be the PortB port of called end.
Pass through server TS and C.7 transmit this 200OK confirmation to passing through acting server TA by the TCP/HTTP channel, wherein, calling terminal From is described as: TS@register.domain, and wherein TS passes through server user ID, and register.domain is the Sip server address; Called end To is described as: userB@register.domain, and wherein userB is the called end user ID, register.domain is the Sip server address; Signaling address Contact is: userB@TS.domain, and wherein userB is the called end user ID, TS.domain is for passing through server TS address; Media data packet address SDP is described as, IPTS:PortTS, the address of media data packet is the IP address of passing through server TS: IPTS, use be the PortTS port that passes through server TS.
Pass through acting server TA and transmit this 200OK confirmation to the Sip terminal, wherein, calling terminal From is described as: userA@register.domain, and Sip Termination ID wherein, register.domain is the Sip server address; Called end To is described as: userB@register.domain, and wherein userB is the called end user ID, register.domain is the Sip server address; Signaling address Contact is: userB@TA.domain, and wherein userB is the called end user ID, TA.domain is for passing through acting server TA address; Media data packet address SDP is described as, IPTA:PortTA, the address of media data packet is the IP address of passing through acting server TA: IPTA, use be the PortTA port that passes through acting server TA.
Pass through acting server TA and pass through and set up a TCP/HTTP media channel between the server TS C.8, and utilize and C.8 transmit the multi-medium data bag.When not having media information to transmit between Sip terminal and the Sip acting server, then close this TCP/HTTP channel C.8, but C.7 the TCP/HTTP channel keeps also connecting.
Fig. 5 C is the inventive method Session Initiation Protocol data to symmetric form NAT and the Sip terminal use of Firewall Traversing that forbids udp protocol by invitation process figure.
The Sip server sends the invitation solicited message to passing through server TS, and wherein, calling terminal From is described as: userB@register.domain, and wherein userB is the calling terminal user ID, register.domain is the Sip server address; Called end To is described as: userA@register.domain, and wherein userA is the Sip Termination ID, register.domain is the Sip server address; Signaling address Contact is: userB@userB.domain, and wherein userB is the calling terminal user ID, userB.domain is the calling terminal address; Media data packet address SDP is described as, IPB:PortB, the address of media data packet is calling terminal IP address: IPB, use be the PortB port of calling terminal.
Pass through server TS and C.7 transmit message request to passing through acting server TA by the TCP/HTTP channel, wherein, calling terminal From is described as: userB@register.domain, and wherein userB is the calling terminal user ID, register.domain is the Sip server address; Called end To is described as: userA@register.domain, and wherein userA is the Sip Termination ID, register.domain is the Sip server address; Signaling address Contact is: userB@TS.domain, and wherein userB is the calling terminal user ID, TS.domain is for passing through server TS address; Media data packet address SDP is described as, IPTS:PortTS, the address of media data packet is the IP address of passing through server TS: IPTS, use be the PortTS port that passes through server TS.
Pass through acting server TA and transmit message request to the Sip terminal, wherein, calling terminal From is described as: userB@register.domain, and wherein userB is the calling terminal user ID, register.domain is the Sip server address; Called end To is described as: userA@register.domain, and wherein userA is Si terminal use ID, register.domain is the Sip server address; Signaling address Contact is: userB@TA.domain, and wherein userB is the calling terminal user ID, TA.domain is for passing through acting server TA address; Media data packet address SDP is described as, IPTA:PortTA, the address of media data packet is the IP address of passing through acting server TA: IPTA, use be the PortTA port that passes through acting server TA.
The Sip terminal is returned the 200OK confirmation to passing through acting server TA, and wherein, calling terminal From is described as: userB@register.domain, and wherein userB is the calling terminal user ID, register.domain is the Sip server address; Called end To is described as: userA@register.domain, and wherein userA is the Sip Termination ID, register.domain is the Sip server address; Signaling address Contact is: userA@userA.domain, and wherein useA is the Sip Termination ID, userA.domain is the Sip terminal address; Media data packet address SDP is described as, IPA:PortA, the address of media data packet is the IP address of Sip terminal: IPA, use be the PortA port of Sip terminal.
Pass through acting server TA and C.7 transmit this 200OK confirmation to passing through server TS by the TCP/HTTP channel, wherein, calling terminal From is described as: userB@register.domain, and wherein userB is the calling terminal user ID, register.domain is the Sip server address; Called end To is described as: userA@register.domain, and wherein userA is the Sip Termination ID, register.domain is the Sip server address; Signaling address Contact is: userA@TA.domain, and wherein userA is the Sip Termination ID, TA.domain is for passing through acting server TA address; Media data packet address SDP is described as, IPTA:PortTA, the address of media data packet is the IP address of passing through acting server TA: IPTA, use be the PortTA port that passes through acting server TA.
Pass through server TS and transmit this 200OK confirmation to the Sip server, wherein, calling terminal From is described as: userB@register.domain, and wherein userB is the calling terminal user ID, register.domain is the Sip server address; Called end To is described as: userA@register.domain, and wherein userA is the Sip Termination ID, register.domain is the Sip server address; Signaling address Contact is: userA@TS.domain, and wherein useA is the Sip Termination ID, TS.domain is for passing through server TS address; Media data packet address SDP is described as, IPTS:PortTS, the address of media data packet is the IP address of passing through server TS: IPTS, use be the PortTS port that passes through server TS.
Pass through acting server TA and pass through and set up a TCP/HTTP channel between the server TS C.9, and utilize and C.9 transmit the multi-medium data bag.When not having media information to transmit between Sip terminal and the Sip server, then close this TCP/HTTP channel C.9, but C.7 the TCP/HTTP channel keeps also connecting.
Fig. 5 D is the inventive method Session Initiation Protocol data to symmetric form NAT and forbids the Sip terminal use log off procedure figure of the Firewall Traversing of udp protocol.
The Sip terminal transmits log-off message to passing through acting server TA, and calling terminal From is described as: userA@register.domain, and wherein userA is the Sip Termination ID, register.domain is the Sip server address; Called end To is described as: userA@register.domain, and wherein userA is the Sip Termination ID, register.domain is the Sip server address; Signaling address Contact is: userA@userA.domain, and wherein userA is the Sip Termination ID, userA.domain is the Sip terminal address; The Sip terminal is 0 with the lifetime that is connected of Sip server.
C.7 passing fire wall or NAT transmit log-off message to passing through server TS by the TCP/HTTP channel to pass through acting server TA, calling terminal and called end do not change, be revised as the signaling address: userA@TA.domain, userA is the Sip Termination ID, the signaling address is the address of passing through acting server TA, and the lifetime is 0.
Pass through server TS and transmit log-off message to the Sip server, calling terminal and called end do not change, and be revised as the signaling address: userA@TS.domain, userA are the Sip Termination ID, and the signaling address is the address of passing through server TS, and the lifetime is 0.
The Sip server returns the 200OK confirmation to passing through server TS, and calling terminal, called end and signaling address are all constant, and the lifetime is 0.
C.7 passing fire wall and NAT return 200OK and confirm to passing through acting server TA by the TCP/HTTP channel to pass through server TS, calling terminal and called end information are constant, be revised as the signaling address: userA@TA.domain, userA is the Sip Termination ID, the signaling address is the address of passing through acting server TA, and the lifetime is 0.
Pass through acting server TA and return the 200OK affirmation to the Sip terminal use, calling terminal and called end information are constant, and be revised as the signaling address, userA@userA.domain, and wherein userA is the Sip Termination ID, userA.domain is the Sip terminal address; Lifetime is 0.After the Sip terminal use receives the confirmation information, promptly disconnect the TCP/HTTP channel C.7.
Beneficial effect of the present invention is, be applicable to all types of NAT and/or fire compartment wall, and will pass through with application software in separate, application software does not need to support that any additional agreement just can passing fire wall and NAT, spanning platform is selected traversing method automatically and is passed through server, the feasible load balance that passes through server, optimize Internet resources, and the degree of safety of network is loss not, by operator to pass through the strategy configuration, can control flexibly and pass through, for having greatly improved property all in operation and the control.
Above embodiment only is used to illustrate the present invention, but not is used to limit the present invention.