CN101136910B - Network address and protocol translating equipment and application layer gateway equipment - Google Patents
Network address and protocol translating equipment and application layer gateway equipment Download PDFInfo
- Publication number
- CN101136910B CN101136910B CN2006101151822A CN200610115182A CN101136910B CN 101136910 B CN101136910 B CN 101136910B CN 2006101151822 A CN2006101151822 A CN 2006101151822A CN 200610115182 A CN200610115182 A CN 200610115182A CN 101136910 B CN101136910 B CN 101136910B
- Authority
- CN
- China
- Prior art keywords
- equipment
- alg
- nat
- information
- ipv4
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
Being able to communicate with one or more application layer gateway (ALG), the network address (Add) and protocol translation (NAT-PT) equipment includes devices: aiming at each dialog process, mapping maintenance device (MMD) is in use for buffering IPv4 Add and port numbers of source and destination (APNSD) associated to dialog ID as well as corresponding (Corr) IPv6 APNSD; based on IPv4/IPv6 Add mapping info of dialog ID of the dialog belonging to Corr input data packet (DP) buffered by MMD, the IP translation device is in use for translating IP head of input DP; NAP protocol device (NAPD) is in use for communicating with ALG device; flow feature recognition device is in use for checking whether the translated DP is matched to flow feature related to one of ALG devices; if not, sending the DP normally; if yes, then NAPD forwards the DP to the matched ALG device. Responding to request of ALG device, NAPD can provide mapping info of IPv4/IPv6 Add Corr to dialog ID.
Description
Technical field
The present invention relates generally to network interworking and the business intercommunication field of IPv4 and IPv6, relate in particular to the communication means of the network address and protocol translation (NAT-PT) and ALG (ALG) equipment, and NAP (NAT-PT and ALG Protocol:NAT-PT and ALG agreement) agreement.
Background technology
The NAT-PT technology defines in RFC2766, is applied to pure IPv4 network and communicates by letter with pure IPv6 is internetwork.NAT-PT equipment is reserved the address pool of IPv4 and the address pool of IPv6, is respectively applied for sign IPv6 node in the IPv4 network, and identifies the IPv4 node in the IPv6 network.Simultaneously, at conversation procedure each time, NAT-PT equipment buffer memory source, purpose IPv4 address and port numbers are with 8 tuple map informations of source, purpose IPv6 address and port numbers, to guarantee the consistency of each IPv4/IPv6 protocol translation.As shown in Figure 1, NAT-PT adopts SIIT agreement (Stateless IP/ICMP Translator: the mutual translation between realization IPV4 header and the ipv6 header seamless IP/ICMP translater).
But NAT-PT equipment is only translated the IP header, does not translate user's Payload Unit as shown in Figure 1.This implementation can be worked for example Web, online request etc. to the internet, applications of part; But for some other application, embedded the IP address information of server end or client in user's Payload Unit of these application, as DNS, SIP, FTP etc., this implementation can not be worked.At this situation, the Internet task group (IETF) has proposed the notion of ALG (ALG).The effect of ALG is exactly user's Payload Unit of checking packet, and according to the 8 tuple map addresses information that NAT-PT equipment has generated, revises the domain of dependence of user's Payload Unit.
In the realization of present industry, ALG is implemented in the same equipment with NAT-PT as just the attach feature of NAT-PT.This implementation has following shortcoming:
1. current NAT-PT equipment does not also know which data flow need be carried out user's pay(useful) load translation by the ALG module, and which does not need is translated.So common way is that NAT-PT equipment is all issued the ALG module to all through the data flow of oneself and handled.Because at specific business, ALG will be deep into user's Payload Unit and carry out IP address check and coupling, this processing is the consumer device resource very; Simultaneously, in real network, what need the ALG conversion mostly is signaling message, and most medium stream information does not need the ALG conversion.So all being sent to the implementation method that the ALG module checks, all packets make NAT-PT equipment decline to a great extent to the translation processing speed of data flow.Main flow producer also is difficult to reach the surface speed forwarding of little byte data bag with hard-wired NAT-PT equipment at present.
2.ALG it is relevant with concrete business.This means that a kind of new business occurring may just need new ALG support, and NAT-PT equipment and ALG are implemented in and also mean together and support new business need carry out the upgrading of software version to NAT-PT equipment.For example present NAT-PT equipment is only supported DNS ALG, if support FTP ALG and SIP ALG then to need the renewal to the NAT-PT software version, deployment on Operation Network brings great inconvenience for NAT-PT for this.
Summary of the invention
For overcoming the above-mentioned deficiency of prior art, the purpose of this invention is to provide a kind of improved NAT-PT equipment and ALG equipment, to support that NAT-PT separates with the function of ALG equipment, Each performs its own functions to make NAT-PT equipment and ALG equipment, final expectation can significantly improve the handling property of NAT-PT equipment, and the use flexibility and the extensibility of NAT-PT equipment.
The invention provides a kind of network address and protocol translation NAT-PT equipment, can with one or more ALG ALG devices communicating, comprise: the map maintenance device, be used for the conversation procedure at each time, with session id buffer memory source, purpose IPv4 address and port numbers explicitly, and corresponding source, purpose IPv6 address and port numbers; The IP translating equipment, be used for according to map maintenance device institute buffer memory, corresponding to the IPv4/IPv6 map addresses information of the session id that imports the session under the packet into, the IP header that imports packet into is translated; The NAP protocol apparatus is used for and described ALG devices communicating; With the traffic characteristic recognition device, be used to check whether the traffic characteristic relevant with one of described ALG equipment mates for packet through translation, if make not coupling, then this packet is normally transmitted, if and coupling arranged, then via the NAP protocol apparatus this packet is forwarded to the ALG equipment relevant with the traffic characteristic that is mated, wherein said NAP protocol apparatus can be answered the request of described ALG equipment and IPv4/IPv6 map addresses information corresponding to specified session ID is provided.
The present invention also provides a kind of ALG ALG equipment, can with the network address and protocol translation NAT-PT devices communicating, comprise: the NAP protocol apparatus, be used for from described NAT-PT equipment receiving data bag, and the corresponding IPv4/IPv6 map addresses of the session id information of the session under acquisition and this packet; The map maintenance device is used for and the described session id described IPv4/IPv6 map addresses of buffer memory information explicitly; With the protocol translation device, be used for according to this packet under the corresponding IPv4/IPv6 map addresses of the session id information of session this packet is carried out corresponding protocol translation, thereby the packet after will translating is transmitted back to NAT-PT equipment through the NAP protocol apparatus.
According to the present invention, NAT-PT equipment only is responsible for the header translation of IPv4/IPv6 packet and is transmitted fast, and only the packet that needs ALG to handle is sent to the translation that ALG equipment carries out user's Payload Unit.In addition, for fear of introducing new network security problem, the NAP protocol method can adopt the security authentication mechanism of NAT-PT equipment and ALG equipment room.
The present invention is independent of application layer protocol, can cover the application intercommunication of various protocols such as comprising SIP, DNS, FTP, MMS.
According to the present invention, if increase new business, only need on NAT-PT equipment, increase configuration and get final product, and the software version of the NAT-PT equipment of upgrading before not needing to resemble.On equipment, increase configuration information and can be equivalent to carry out an order, can come into force immediately.But restarting equipment is wanted in the upgrading of device software version usually.
Description of drawings
By below in conjunction with the description of this invention that accompanying drawing carried out, can understand above-mentioned and other purpose of the present invention, feature and advantage, wherein:
The schematic view illustrating of Fig. 1 among the NAT-PT about IPv4 node and the internodal translation of IPv6.
The schematic diagram of Fig. 2 has illustrated the basic principle according to the NAP protocol method of the embodiment of the invention.
The module map of Fig. 3 has illustrated the example of structure according to the NAT-PT equipment of the embodiment of the invention.
The module map of Fig. 4 has illustrated the example of structure according to the ALG equipment of the embodiment of the invention.
The view specification of Fig. 5 according to the common header field of the employed message of NAP protocol method of the embodiment of the invention.
The view specification of Fig. 6 according to the example of the employed response message form of NAP protocol method of the embodiment of the invention.
Embodiment
Below in conjunction with accompanying drawing specific embodiments of the invention are described.
In the following description, provided some detail so that fully understanding the embodiment of the invention is provided.But, those skilled in the art do not have these details can realize the present invention as can be known yet.In other cases, there are not detailed expression or description and relevant known configurations such as network, server, agreement, to avoid unnecessarily disturbing description to the embodiment of the invention.
Referring to Fig. 2, be separated by NAP agreement ALG function and NAT-PT equipment 20, to form independent ALG equipment 40.This ALG equipment 40 can be professional at a certain specially, or multinomial business is comprehensive.ALG equipment 40 is interconnected by the IP agreement of standard with NAT-PT equipment 20, need support IPv4 and IPv6 agreement simultaneously.In addition, the number that NAT-PT equipment 20 connects ALG equipment 40 can be expanded, and for example connects one or more ALG equipment 40 by some ports or certain several port.
In the NAP agreement, data by NAT-PT equipment 20 are divided into three classes: the first kind is not need to carry out ALG data converted stream (shown in band arrow solid line among Fig. 2), and these class data are directly undertaken entering opposite end IPv4/IPv6 network behind the protocol translation by NAT-PT; Second class is to carry out ALG data converted stream (shown in band arrow dotted line among Fig. 2), and this class data elder generation is routed to certain ALG equipment and handles after judging through NAT-PT equipment, and receives the packet after ALG handles, and is forwarded to the opposite end network then.The 3rd class is the signaling message (shown in band arrow chain-dotted line among Fig. 2) of NAP agreement itself, these class data are only transmitted between NAT-PT equipment 20 and ALG equipment 40, are used for upgrading to ALG equipment 40 8 tuple binding informations of IPv4 address+port, IPv6 address+port.
The module map of Fig. 3 has illustrated the example of structure according to the NAT-PT equipment 200 of the embodiment of the invention.As shown in Figure 3, NAT-PT equipment 200 comprises IP translating equipment 201, traffic characteristic recognition device 202, NAP protocol apparatus 203, inking device 204 and map maintenance device 205.
At conversation procedure each time, map maintenance device 205 and session id be buffer memory source, purpose IPv4 address and port numbers explicitly, and corresponding source, purpose IPv6 address and port numbers.
The foundation of initial mapping can be the process of standard N AT-PT protocol translation, for example referring to RFC2766.For example when NAT-PT received an IPv6 packet, it can note the source address+source port number of this IPv6 packet, destination address+destination slogan; Then it from the IPv4 address pool of oneself (this IPv4 address pool be pre-configured enter) IPv4 address of selection as the source address of this packet, from the IPv6 destination address that has write down, extrapolate IPv4 destination address (last 32 of agreement regulation IPv6 destination address is exactly purpose IPv4 address), usually keep port numbers constant, carry out the translation of packet according to these mapping relations.So just formed mapping: IPv6 source address+port numbers, IPv6 destination address+port numbers, IPv4 source address+port numbers, IPv4 destination address+port numbers.
If NAT-PT equipment receives the IPv4 packet, the process that forms mapping is similar.
In operation, IP translating equipment 201 receives from IPv4 network and IPv6 output packet by unshowned interface, (for example determine the protocol translation direction according to the type that receives, if receive the IPv4 bag, then determine to be translated as IPv6, vice versa), and the IP header of packet carried out protocol translation, wherein IP translating equipment 201 obtains IPv4/IPv6 map addresses information according to the session id of the session under this packet from map maintenance device 205, and the IP header is translated.
Administrative staff can need the traffic characteristic of the packet that ALG handles and the IP address of corresponding ALG equipment via inking device 204 configuration by input operation.Alternatively, can be via the information of the authentication between inking device 204 relevant NAT-PT equipment of configuration and the ALG.Traffic characteristic for example is defined as the TCP/UDP+ port numbers.The traffic characteristic professional as domain name mapping (DNS) is UDP, port numbers 53; The traffic characteristic of ftp business is TCP/UDP, port numbers 21; The traffic characteristic of SIP business is TCP/UDP, and port numbers is 5060.
Traffic characteristic recognition device 202 checked whether packet meets the traffic characteristic of the flow that relates to the corresponding ALG processing of needs process that has disposed in the inking device 204 before the packet after 201 translations of IP translating equipment is transmitted again.If do not meet, this packet is normally transmitted by unshowned interface; If meet, then according to the IP address of the corresponding ALG that has disposed in the inking device 204 this packet is forwarded to this ALG equipment by NAP protocol apparatus 203.
The module map of Fig. 4 has illustrated the example of structure according to the ALG equipment 300 of the embodiment of the invention.As shown in Figure 4, ALG equipment 300 comprises protocol translation device 303, NAP protocol apparatus 301, inking device 302 and map maintenance device 304.
NAP protocol apparatus 301 receives the packet that sends from the NAT-PT equipment NAP protocol apparatus 203 of NAT-PT equipment 200 (for example via), and carries out other NAP protocol communication (back can be described in detail) with NAP protocol apparatus 203.
Administrative staff can specify the IP address of NAT-PT equipment via inking device 302 configurations by input operation.Alternatively, also configurable information about the authentication between NAT-PT equipment and the ALG.
According to the information that obtains from NAT-PT equipment via NAP protocol apparatus 301, session under the packet of being handled for protocol translation device 303, source, purpose IPv4 address and port numbers that session id this session of buffer memory explicitly of map maintenance device 304 and this session relates to, and corresponding source, purpose IPv6 address and port numbers.
The NAP protocol apparatus of NAT-PT equipment and ALG equipment communicates affairs each other by the NAP agreement.The NAP agreement comprises four kinds of type of messages, is respectively request message, response message, ACK message and keeps alive messages, and comprise the packet of NAT-PT equipment and ALG exchanged between equipment.As shown in Figure 5, these four kinds of message have following common header fields:
(1) Class1 00:4 (0~3) position, value type is a signless integer, is used for the identification message type.Can be defined as follows:
1) 0x1, request message;
2) 0x2, response message;
3) 0x3, Ack message;
4) 0x4 keeps alive messages.
Other values are undefined.NAT-PT or ALG equipment side NAP protocol apparatus receive the NAP message of type for other values, and static state abandons immediately.
(2) session id 101:28 (4~31) position, value type is a signless integer, an IPv4/IPv6 session mapping item in the unique identification NAT-PT equipment.Be worth 0 undefinedly, it is 0 NAP message that NAT-PT or ALG equipment side NAP protocol apparatus receive session id, and static state abandons immediately.
(3) authenticate key 102 (optional): position, 32 (0~31), value type is a signless integer, is used for the mutual identity verification information of NAT-PT and ALG equipment side NAP protocol apparatus.Can adopt for example md5 authentication algorithm, concrete implementation is defined by RFC1321, not at discussion category of the present invention.If NAT-PT and ALG equipment need not to be configured to authentication, this value must be made as 0.
According to the shared header of above-mentioned NAP agreement, four kinds of signaling message forms are as follows:
1. request message
The form of request message comprises:
Type field=0x1, the expression request message;
Session id and optional authenticate key are according to the shared header definition of NAP agreement.
Request message is used for the IPv4/IPv68 tuple information of NAP protocol apparatus in ALG side to the some mapping sessions of NAT-PT equipment side NAP protocol apparatus request, this session in NAT-PT equipment by the session id unique identification.NAP protocol apparatus in NAT-PT equipment side sends to NAP protocol apparatus in ALG side with 8 tuple information with the form of response message.
2. response message
With reference to Fig. 6, the form of request message comprises:
Type field=0x2, the expression response message;
Session id and optional authenticate key are according to the shared header definition of NAP agreement;
IPv4 address, source, purpose IPv4 address, source IPv4 port, purpose IPv4 port, IPv6 address, source, purpose IPv6 address, source IPv6 port, 8 fields of purpose IPv6 port correspond respectively to IPv4 address, source, purpose IPv4 address, source IPv4 port numbers, purpose IPv4 port numbers, IPv6 address, source, purpose IPv6 address, source IPv6 port numbers, purpose IPv6 port numbers by the NAT-PT mapping session of above-mentioned session id sign.
Response message is used for NAT-PT equipment side NAP protocol apparatus to the session map information of ALG equipment side NAP protocol apparatus answer by request message requests.NAP protocol apparatus in NAT-PT equipment side is according to the session query mappings attending device (for example local data base) in the request message, and the result after the inquiry is filled into response message.
3.Ack message
The form of Ack message comprises:
Type field=0x3, expression Ack message;
Session id and optional authenticate key are according to the shared header definition of NAP agreement.
Ack message is used for ALG equipment is kept the response of alive messages in NAT-PT equipment, it is still effective in NAT-PT equipment to identify a certain session map information; In ALG equipment, be used for response from the response message of NAT-PT equipment.
4. maintenance alive messages
Keep the form of alive messages to comprise:
Type field=0x4, expression keeps alive messages;
Session id and optional authenticate key are according to the shared header definition of NAP agreement.
Keep alive messages to be used for ALG equipment side NAP protocol apparatus and confirm to NAT-PT equipment side NAP protocol apparatus whether a certain session map information be still effective at NAT-PT equipment.If this map information is still effective, NAP protocol apparatus in NAT-PT equipment side is replied Ack message; If map information is expired, keep alive messages to be abandoned by static state.
With reference to Fig. 3,4 and 5, NAP protocol apparatus in NAT-PT equipment side is as follows to the processing procedure of NAP signaling message:
1. if receive the request message of NAP agreement from ALG side's NAP protocol apparatus, then NAP protocol apparatus in NAT-PT equipment side is responded response message.Response message has comprised the session id of this session and 8 tuple information (from the map maintenance device) of the mapping of session this time;
2. if receive the maintenance alive messages from ALG equipment side NAP protocol apparatus, NAP protocol apparatus in NAT-PT equipment side checks according to the session id that keeps the alive messages the inside whether map maintenance device (for example local data base) has corresponding 8 tuple mapping messages, if exist, respond Ack message; If there is no, the then static maintenance alive messages of receiving that abandons;
3. if receive other NAP protocol message from ALG equipment side NAP protocol apparatus, then static state abandons; If receive the data-message that does not belong to the NAP agreement, transmit according to normal packet by unshowned interface from ALG.
With reference to Fig. 3,4 and 5, the workflow of ALG equipment is as follows:
1. if NAP protocol apparatus in ALG side receives the packet (being packet to be translated) that does not belong to the NAP agreement from NAT-PT equipment side NAP protocol apparatus, protocol translation device elder generation this packet of buffer memory is according to the source address+port numbers of packet, the mapping session id that destination address+port numbers is determined this session;
2. whether exist corresponding IPv4/IPv6 session to shine upon 8 tuple information according to session id through map maintenance device (for example local data base) inspection;
2.1. if exist, then the protocol translation device carries out application level translation according to map information to packet, and the packet after will translating through the NAP protocol apparatus then sends to NAT-PT equipment side NAP protocol apparatus normally to transmit;
2.2. if there is no, send a request message to NAT-PT equipment side NAP protocol apparatus, and the response message that awaits a response; After ALG side's NAP protocol apparatus is received the response message of NAT-PT equipment side NAP protocol apparatus, the map maintenance device upgrades internal database (being local data base) according to 8 yuan of group session map informations in the message, and the protocol translation device carries out application level translation according to map information to packet, and the packet after will translating through the NAP protocol apparatus then sends to NAT-PT equipment side NAP protocol apparatus normally to transmit.
Preferably, the map maintenance device is safeguarded the validity of map information.For example, the map maintenance device can be each map information the counter Lifetime that the corresponding cycle on schedule successively decreases is set, and when newly-increased this map information counter Lifetime is made as predetermined initial value.When the protocol translation device will use map information that the map maintenance device provides, check this information whether effectively (being whether counter Lifetime is not 0).If effectively, then packet is carried out processing such as application level translation according to map information, otherwise send the maintenance alive messages to NAT-PT equipment side NAP protocol apparatus by the NAP protocol apparatus, keep alive messages not respond if send pre-determined number (for example 3 times) continuously, then remove this map information, and abandon this packet from local data base.If NAP protocol apparatus in ALG side receives Ack message from NAT-PT equipment side NAP protocol apparatus, confirm that then this map information is effective and reset counter Lifetime for being scheduled to initial value.
Preferentially, in the inking device of ALG equipment, configurable described predetermined initial value.
Notice that the NAP agreement here is the example of the data exchange ways of NAT-PT equipment and ALG equipment, the present invention is not limited to the concrete form and the process of this agreement.It may occur to persons skilled in the art that many other makes that ALG equipment can exchange data packets and obtain the communication protocol of the required map information of protocol translation.And because whether map information is effectively final according to coming from NAT-PT equipment among the decision ALG, so those skilled in the art can expect that other confirms whether effective and efficient manner of map information.
In addition, NAT-PT and ALG equipment can link to each other by any connected mode that is fit to data communication, and can adopt the agreement of IP for example or other suitable exchanges data.
Inking device in described NAT-PT equipment and the ALG equipment can be optional.In this case, relevant configuration information can be programming that be scheduled to or static.
Can realize NAT-PT equipment and ALG equipment by for example computer system.Computer system generally includes processing unit, system storage, and will comprise the system bus that each system unit of system storage links to each other with processing unit.Herein, it is single that computer system is considered to sometimes, but this and do not mean that application of the present invention is confined to single-computer system because in exemplary embodiments, will be referred to a more than computer or other equipment.Processing unit can be any Logical processing unit, and for example one or more CPU (CPU), digital signal processor (DSP), application-specific integrated circuit (ASIC) (ASIC) etc. can be realized the processing capacity of each device of NAT-PT equipment and ALG equipment.
Should be appreciated that the specific function device of indication can be realized by hardware and/or software here.For example, utilize the executable specific step of software performed on one or more processing unit and/or firmware.Processing unit can be single treatment facility or a plurality of treatment facility.Such treatment facility can be any equipment of part, state machine, logical circuit and/or the operation signal of microprocessor, microcontroller, digital processing unit, microcomputer, CPU.The operation of this signal is normally based on operational order.Memory can be single storage component part or a plurality of storage component part.Such storage component part can be the part of read-only memory, random access storage device, diskette file, magnetic tape storage, erasable memory, system storage, and/or with any equipment of number format storage operation instruction.Notice, when processing unit realizes that one or more its functions become state machine or logical circuit, be embedded in the circuit that comprises this state machine and/or other logical circuits with corresponding operating instruction mode memory storing.The division of above-mentioned functions device is not unique, and those skilled in the art can principle according to the present invention make up these devices arbitrarily.
The above content that discloses is illustrative with being considered, rather than restrictive, and additional claim is intended to contain all these classes modifications that belong to true spirit of the present invention and scope, improves and other embodiment.Therefore, allowed at utmost with law, scope of the present invention will be determined by following claim and the most extensive permissible explanation that is equal to thereof, and should or not limit by above-mentioned embodiment constraint.
Claims (14)
1. the network address and protocol translation NAT-PT equipment, can with one or more ALG ALG devices communicating, comprising:
The map maintenance device is used for the conversation procedure at each time, with session id buffer memory source, purpose IPv4 address and port numbers explicitly, and corresponding source, purpose IPv6 address and port numbers;
The IP translating equipment, be used for according to map maintenance device institute buffer memory, corresponding to the IPv4/IPv6 map addresses information of the session id that imports the session under the packet into, the IP header that imports packet into is translated;
The NAP protocol apparatus is used for and described ALG devices communicating; With
The traffic characteristic recognition device, be used to check whether the traffic characteristic relevant with one of described ALG equipment mates for packet through translation, if make not coupling, then this packet is normally transmitted, if and coupling arranged, then this packet is forwarded to the ALG equipment relevant with the traffic characteristic that is mated via the NAP protocol apparatus
Wherein said NAP protocol apparatus can be answered the request of described ALG equipment and IPv4/IPv6 map addresses information corresponding to specified session ID is provided;
Described NAP agreement is NAT-PT and ALG agreement.
2. according to the equipment of claim 1, also comprise inking device, be used to store and/or dispose described traffic characteristic and the relevant information that relates to ALG equipment.
3. according to the equipment of claim 1 or 2, wherein said traffic characteristic comprises protocol type and port numbers.
4. according to the equipment of claim 2, wherein said inking device also is used to store and/or dispose the information of the authentication between relevant NAT-PT equipment and the ALG equipment, and described NAP protocol apparatus information and ALG equipment based on described authentication with the ALG devices communicating time authenticates mutually.
5. according to the equipment of claim 1, wherein said NAP protocol apparatus is used for receiving the request message be used to ask corresponding to the IPv4/IPv6 map information of specified session ID from ALG equipment, and by response message the map information of being asked is sent to this ALG equipment.
6. according to the equipment of claim 5, wherein said response message comprises IPv4 address, source, purpose IPv4 address, source IPv4 port, purpose IPv4 port, IPv6 address, source, purpose IPv6 address, source IPv6 port and 8 fields of purpose IPv6 port.
7. according to the equipment of claim 1, wherein said NAP protocol apparatus is used for being used to ask to confirm whether the IPv4/IPv6 map information corresponding to specified session ID still effectively keeps alive messages at NAT-PT equipment from the reception of ALG equipment, if and this map information is still effective, then replys Ack message.
8. according to the equipment of claim 1, wherein said NAP protocol apparatus is used for when when ALG equipment receives packet this packet being transmitted as the outgoi8ng data bag.
9. ALG ALG equipment, can with the network address and protocol translation NAT-PT devices communicating, comprising:
The NAP protocol apparatus is used for from described NAT-PT equipment receiving data bag, and the corresponding IPv4/IPv6 map addresses of the session id information of the session under acquisition and this packet;
The map maintenance device is used for and the described session id described IPv4/IPv6 map addresses of buffer memory information explicitly; With
The protocol translation device, be used for according to this packet under the corresponding IPv4/IPv6 map addresses of the session id information of session this packet is carried out corresponding protocol translation, thereby the packet after will translating is transmitted back to NAT-PT equipment through the NAP protocol apparatus;
Described NAP agreement is NAT-PT and ALG agreement.
10. according to the equipment of claim 9, also comprise inking device, be used to store and/or dispose the address of NAT-PT equipment.
11. equipment according to claim 10, the information of the authentication between relevant NAT-PT equipment and the ALG is also stored and/or disposed to wherein said inking device, and described NAP protocol apparatus information and NAT-PT equipment based on described authentication with the NAT-PT devices communicating time authenticates mutually.
12. according to the equipment of claim 11, wherein said protocol translation device also is used for:
Whether inspection exists corresponding IPv4/IPv6 map addresses information through the map maintenance device according to session id;
If there is no, send the request message of asking to NAT-PT equipment with the corresponding IPv4/IPv6 map addresses of this session id information via the NAP protocol apparatus, and the response message that awaits a response, and
Described map maintenance device also is used for the IPv4/IPv6 map addresses information updating local data base that comprises according to response message.
13. equipment according to claim 12, wherein said map maintenance device also is used to safeguard the validity of map information, wherein map maintenance device corresponding validity indication for each map information is provided with, make when this map information is not used at the appointed time, it is invalid to it indicates that, and
Described protocol translation device also is used for checking the validity of this information in the time will using map information, if it is invalid, then send the maintenance alive messages that is used to ask to confirm to specify map information validity to NAT-PT equipment, to confirm its validity via the NAP protocol apparatus.
14. according to the equipment of claim 13, keep alive messages not respond if wherein send pre-determined number continuously, then described map maintenance device is removed this map information from local data base, and abandons this packet; If receive the confirmation effective Ack message from NAT-PT equipment side, then the map maintenance device is made as this information effectively again.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2006101151822A CN101136910B (en) | 2006-08-30 | 2006-08-30 | Network address and protocol translating equipment and application layer gateway equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2006101151822A CN101136910B (en) | 2006-08-30 | 2006-08-30 | Network address and protocol translating equipment and application layer gateway equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101136910A CN101136910A (en) | 2008-03-05 |
| CN101136910B true CN101136910B (en) | 2010-09-29 |
Family
ID=39160741
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2006101151822A Active CN101136910B (en) | 2006-08-30 | 2006-08-30 | Network address and protocol translating equipment and application layer gateway equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101136910B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111565237A (en) * | 2020-07-15 | 2020-08-21 | 腾讯科技(深圳)有限公司 | Network parameter determination method and device, computer equipment and storage medium |
Families Citing this family (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101729388B (en) * | 2008-10-22 | 2012-01-25 | 华为技术有限公司 | Method, media gateway and network system for realizing network address conversion |
| CN101465852B (en) * | 2008-10-24 | 2012-10-31 | 广东威创视讯科技股份有限公司 | Method for implementing network inner penetration in network videoconference system |
| CN102148773B (en) * | 2010-02-08 | 2014-03-12 | 中国联合网络通信集团有限公司 | Method and system for converting IPv6 (Internet Protocol Version 6) protocol and IPv4 (Internet Protocol Version 4) protocol |
| CN102843439B (en) * | 2011-06-23 | 2017-11-10 | 中兴通讯股份有限公司 | Equipment communication method and device |
| CN103905312B (en) * | 2012-12-26 | 2017-06-16 | 中国电信股份有限公司 | IPv6/IPv4 protocol translations gateway and data message processing method |
| CN104579954B (en) * | 2013-10-16 | 2018-03-13 | 华为技术有限公司 | The cross-domain retransmission method of message, device and communication equipment |
| CN105376338B (en) * | 2014-08-22 | 2019-05-31 | 深圳市中兴微电子技术有限公司 | Interpretation method and device between a kind of IPv4 and IPv6 |
| CN105450515B (en) * | 2015-11-12 | 2018-06-12 | 清华大学 | A kind of IPv4/IPv6 data translations gateway and method for application layer protocol |
| CN106713528B (en) * | 2017-03-15 | 2019-08-13 | 烽火通信科技股份有限公司 | A kind of method of home gateway and IPv6 host access network server |
| CN109782631B (en) * | 2019-03-08 | 2021-06-18 | 重庆邮电大学 | Intelligent household equipment identification method based on characteristic value comparison |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20030018445A (en) * | 2001-08-28 | 2003-03-06 | 주식회사 휴니드 테크놀러지스 | Method and Apparatus for Internet Protocol Translation using NAT-PT |
| CN1529481A (en) * | 2003-10-14 | 2004-09-15 | �й���ѧԺ�����о��� | Method for realizing distributed application tier conversion gate-link in network processor |
| CN1674565A (en) * | 2005-05-10 | 2005-09-28 | 中国科学院计算技术研究所 | Method for applying layer gateway used for network address conversion and in protocol translation |
-
2006
- 2006-08-30 CN CN2006101151822A patent/CN101136910B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20030018445A (en) * | 2001-08-28 | 2003-03-06 | 주식회사 휴니드 테크놀러지스 | Method and Apparatus for Internet Protocol Translation using NAT-PT |
| CN1529481A (en) * | 2003-10-14 | 2004-09-15 | �й���ѧԺ�����о��� | Method for realizing distributed application tier conversion gate-link in network processor |
| CN1674565A (en) * | 2005-05-10 | 2005-09-28 | 中国科学院计算技术研究所 | Method for applying layer gateway used for network address conversion and in protocol translation |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111565237A (en) * | 2020-07-15 | 2020-08-21 | 腾讯科技(深圳)有限公司 | Network parameter determination method and device, computer equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101136910A (en) | 2008-03-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101136910B (en) | Network address and protocol translating equipment and application layer gateway equipment | |
| US7339895B2 (en) | Gateway device and control method for communication with IP and IPV6 protocols | |
| US7701952B2 (en) | Packet communication method and apparatus and a recording medium storing a packet communication program | |
| US7158526B2 (en) | Packet communication method and apparatus and a recording medium storing a packet communication program | |
| JP4173401B2 (en) | Router, address identification information management server | |
| JP5335886B2 (en) | Method and apparatus for communicating data packets between local networks | |
| US7245622B2 (en) | Allowing IPv4 clients to communicate over an IPv6 network when behind a network address translator with reduced server workload | |
| US8228848B2 (en) | Method and apparatus for facilitating push communication across a network boundary | |
| US7313632B2 (en) | Apparatus for converting internet protocal address, and communication method using the same | |
| US20060056397A1 (en) | Access management apparatus, program and remote start-up method of terminal device | |
| EP1583323A1 (en) | Communications apparatus, name resolution method and program | |
| CN101795303A (en) | Can be connected to the method and system of network with local address territory | |
| JP2004179812A (en) | Address translation apparatus and address translation rule management system | |
| JP2003174466A (en) | Address conversion device, message processing method and device | |
| TWI279682B (en) | Data transfer system, communication protocol conversion cradle, address conversion method used therefor, and storage medium storing a computer executable program thereof | |
| TW200924462A (en) | System and method for connection of hosts behind NATs | |
| JP2013532438A (en) | 4TO6 network stack for IPv4 applications | |
| US7023847B2 (en) | Network address translation based mobility management | |
| US6757734B1 (en) | Method of communication | |
| JP3612049B2 (en) | How to use a unique internet protocol address in a private internet protocol address domain | |
| US20100131631A1 (en) | Method for management of a secured transfer session through an address translation device, corresponding server and computer program | |
| CN109076022A (en) | Network address conversion device, setting request unit, communication system, communication means and the storage medium for storing program | |
| JP3548157B2 (en) | Relay device, address conversion control method, and program | |
| CN101969478A (en) | Intelligent DNS message processing method and processing device | |
| JP5241665B2 (en) | COMMUNICATION DEVICE, COMMUNICATION SYSTEM, AND COMMUNICATION METHOD |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |