CN101197856A - IP address space planning-free and private domain name access method in VPN network - Google Patents
IP address space planning-free and private domain name access method in VPN network Download PDFInfo
- Publication number
- CN101197856A CN101197856A CNA2007103043136A CN200710304313A CN101197856A CN 101197856 A CN101197856 A CN 101197856A CN A2007103043136 A CNA2007103043136 A CN A2007103043136A CN 200710304313 A CN200710304313 A CN 200710304313A CN 101197856 A CN101197856 A CN 101197856A
- Authority
- CN
- China
- Prior art keywords
- network
- vpn
- domain name
- information
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The present invention discloses a method for IP address space planning exemption among VPN networks and private domain name access, belonging to the computer network technical field. The method of the present invention uses a center server for the unified allocation of IP address spaces among independent VPN networks, and then uses a domain name analysis system to realize domain name access among networks. The present invention is widely applied to VPN systems and other point-to-point interconnected systems. On the basis of preserving the prior configuration among independent VPN networks, the present invention adds and removes an independent network with very low cost; by using a center management system to manage and configure the gateway information and network architecture information of interconnected networks, the present invention improves management efficiency and simplifies configuration steps; through the mode of private domain name access, the present invention ensures that the access of shared resources among networks accords with common access habits, and simplifies operation.
Description
Technical field
The invention belongs to technical field of the computer network, the method for particularly a kind of VPN network IP address space planning-free and private domain name access.
Background technology
Along with the Internet and fast development of information technology, and the needs of IT application in enterprises and network officeization, VPN (Virtual Private Network) technology has become one of main network interconnection technology.VPN is the expansion of Intranet normally, long-range branch, business parnter, mobile office personnel etc. can be coupled together, and a kind of wan technology of safe data communication end to end is provided.
Each interconnected network of traditional VPN all is independently, owing to can distribute and use intrinsic interior net address on each network, so the IP address space that must use has the problem of reusing, each branch that is enterprise has used identical privately owned address space, it is very big restricted to cause each internetwork resource access to have, and causes the instability of network service.When the scope of address space overlap conflict is smaller, can carry out single negotiation configuration, when the scope of conflict is bigger, when referring more particularly to the network equipment that need reconfigure bottom, just need lot of manpower and material resources adjustment.Therefore require the IP address space of each separate network not overlap, but reconfigure IP address between each separate network by unified mode of consulting, can bring the expensive of complexity in the configuration and maintenance, also cause the unsteadiness of whole network easily.
In addition in the interconnected network of VPN, can only carry out the visit of each internetwork resource by IP, do not meet usual custom, and it be bigger to work as interconnected network size by the domain name access resource, the resource kind more for a long time, it is very low that the efficient of this access mode just seems.
Summary of the invention
Purpose of the present invention provides the method for a kind of VPN network IP address space planning-free and private domain name access, to overcome the weak point that needs to consult configuration of IP address in the prior art, solve IP address conflict, use shared resource between the private domain name access network simultaneously on this basis.
For achieving the above object, the technical scheme taked of the present invention is as follows:
A kind of method of VPN network IP address space planning-free comprises:
Step 1 disposes a central server;
The method of private domain name access between a kind of VPN network comprises:
Step 1 is set up dns server at each vpn gateway server, and exchange resource private domain name and IP corresponding informance are set up the private domain name system between each gateway;
Described central server has the public network fixed address or has fixedly domain name, and WEB is provided service.
The inlet IP information of the unified record of described central server vpn gateway server and agency's the network information, and the virtual ip address space that disposes each network.
Each vpn gateway server obtains each other the network information from central server, sets up the tunnel by the inlet IP information of each gateway, and exchange and upgrade private domain name information; Utilize the characteristic of main frame route and the technology of Microsoft Loopback Adapter, internetwork communication is done virtual and mapping real ip address to VPN.
Described vpn gateway server is done first domain name resolution server of local network.
Adopt method of the present invention, on the basis that keeps original configuration between each separate network of VPN, use very low cost adding and remove an independently network; Manage and dispose the gateway information and the network architecture information of each interconnected network by a central management system, improved the efficiency of management, simplified configuration step; By the mode of private domain name access, allow the visit of shared resource meets usual access habits between each network, make simple to operateization.
Description of drawings
Fig. 1 is a network connection diagram of the present invention;
Fig. 2 is a vpn gateway server gateway application work schematic flow sheet of the present invention;
Fig. 3 is that vpn gateway server end of the present invention connects and the resource access schematic diagram to vpn gateway server end tunnel;
Fig. 4 is that client of the present invention connects and the resource access schematic diagram to vpn gateway server end tunnel;
Fig. 5 is a Microsoft Loopback Adapter operation principle schematic diagram of the present invention.
Embodiment
The invention will be further described below in conjunction with accompanying drawing:
Be illustrated in figure 1 as network connection diagram of the present invention, wherein application server A 1. 4, application server A 2. 5 and user A6 link to each other with vpn gateway server A 2 by network A 3, application server B 1. 9, application server B 2. 10 and user B11 link to each other with vpn gateway server B 7 by network B 8, between the vpn gateway server and between vpn gateway server and the central server 1 interconnected tunnel is arranged, between mobile client 12 and each vpn gateway server and the central server 1 interconnected tunnel is arranged also;
Each gateway server is communicated by letter with central server, reports oneself network information of agency, and central server writes down the inlet IP address information and the network information of each gateway, and according to the unified virtual ip address space that disposes each network of configuration file.Each gateway server obtains the information of demand separately with mobile client by communicating by letter with central server.
Be illustrated in figure 2 as vpn gateway server gateway application work schematic flow sheet of the present invention, on the vpn gateway server behind the gateway application program launching, be written into the configuration file of self earlier, start central server communication module and tunnel communication module simultaneously, central server module and central server communication statement self network information, and obtain the inlet IP information of other vpn gateway server and agency's the network information.The information of tunnel communication module by obtaining is provided with the mapping relations of self network, and sets up the routing relation of other vpn gateway server agent network.The tunnel that is undertaken between gateway by the inlet IP information of vpn gateway server makes up, and the connection of monitoring client simultaneously.For the packet of Intranet and other VPN inter-net communication, the packet that will need to handle by this machine routing function is routed to Microsoft Loopback Adapter and catches, and transfers to the tunnel communication resume module.
Being illustrated in figure 3 as vpn gateway server end of the present invention connects and the resource access schematic diagram to vpn gateway server end tunnel, the vpn gateway server is at first asked the entry address of each vpn gateway server to central server 1, be connected to each vpn gateway server with the entry address that obtains, and setting up the tunnel each other, obtain resource information available in the network simultaneously, upgrade domain-name information.In the VPN network in the network A 3 host subscriber A6 require resource among another network of network of visit B8, the network packet of access resources is routed to the vpn gateway server A 2 of local network by operating system, routing function on the vpn gateway server A 2 routes a data packet to Microsoft Loopback Adapter, Microsoft Loopback Adapter is sent to gateway application with packet, gateway application is done the mapping of an IP address, and by the destination of packet, packet is sent to corresponding tunnel, packet reaches the 1. vpn gateway server B 7 of the network at 9 places of application corresponding server B through the tunnel, vpn gateway server B 7 is done the mapping of an IP address, and packet is sent to application corresponding server B 1. 9; Application server B 1. 9 echo reply packet routes arrives vpn gateway server B 7, vpn gateway server B 7 is done the mapping of an IP address, packet is sent to corresponding tunnel, after vpn gateway server A 2 receives packet, do the mapping of an IP address once more, packet is turned back to user A6.
Being illustrated in figure 4 as mobile client of the present invention connects and the resource access schematic diagram to vpn gateway server end tunnel, mobile client 12 is at first asked the entry address of vpn gateway server to central server 1, be connected to the vpn gateway server with the entry address that obtains, and set up the tunnel, obtain resource information available in the network simultaneously.The application layer of mobile client 12 requires access resources, the network packet of access resources mails to vpn gateway server A 2 by the client software of user A6, vpn gateway server A 2 is done the mapping of an IP address, packet is sent to corresponding application server A 1. 4, application server A 1. 4 echo reply packets arrives vpn gateway server A 2, vpn gateway server A 2 is done the mapping of an IP address once more, packet is turned back to mobile client 12, and client software mails to application layer with packet.
Be illustrated in figure 5 as Microsoft Loopback Adapter operation principle schematic diagram of the present invention, a Microsoft Loopback Adapter 14 is installed on the vpn gateway server, the packet that Intranet network interface card 15 is caught, only be provided with the packet of route by upper strata gateway application 13, can be routed to Microsoft Loopback Adapter 14, Microsoft Loopback Adapter 14 sends to gateway application with packet, transfers to gateway application and finishs mapping and handle, encrypt (or deciphering back) and handle, send in the data queue 16 in corresponding tunnel.
Claims (6)
1. the method for a VPN network IP address space planning-free is characterized in that, comprising:
Step 1 disposes a central server;
Step 2, each vpn gateway server end node is connected to central server, and reports self network information of agency;
Step 3, central server distributes virtual IP address by the IP address information that each vpn gateway server end node provides, and each vpn gateway server end node obtains mutual inlet IP information and virtual IP address information;
Step 4 makes up interconnected VPN network tunnel between each node, comprise that mobile client node arrives between the vpn gateway server end node, and the tunnel between each vpn gateway server end node;
Step 5 exchanges the addressable resource information in each automatic network between each node, comprise the private domain name information of resource.
2. method according to claim 1 is characterized in that, described central server has the public network fixed address or has fixedly domain name, and WEB is provided service.
3. method according to claim 1 is characterized in that, the inlet IP information of the unified record of described central server vpn gateway server and agency's the network information, and the virtual ip address space that disposes each network.
4. method according to claim 1 is characterized in that, each vpn gateway server obtains each other the network information from central server, sets up the tunnel by the inlet IP information of each gateway, and exchange and upgrade private domain name information; Utilize the characteristic of main frame route and the technology of Microsoft Loopback Adapter, internetwork communication is done virtual and mapping real ip address to VPN.
5. the method for private domain name access between a VPN network is characterized in that, comprising:
Step 1 is set up dns server at each VPN gateway server, and exchange resource private domain name and IP corresponding informance are set up the private domain name system between each gateway;
Step 2, each vpn gateway server end node according to the principle of mapping, change the source address or the destination address of its packet to data packets for transmission in the packet that imports in the gateway or the tunnel, are sent to respective host resource in corresponding tunnel or the network.
6. method according to claim 5 is characterized in that, described vpn gateway server is done first domain name resolution server of local network.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007103043136A CN101197856B (en) | 2007-12-27 | 2007-12-27 | IP address space planning-free and private domain name access method in VPN network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007103043136A CN101197856B (en) | 2007-12-27 | 2007-12-27 | IP address space planning-free and private domain name access method in VPN network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101197856A true CN101197856A (en) | 2008-06-11 |
| CN101197856B CN101197856B (en) | 2011-04-20 |
Family
ID=39547997
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2007103043136A Expired - Fee Related CN101197856B (en) | 2007-12-27 | 2007-12-27 | IP address space planning-free and private domain name access method in VPN network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101197856B (en) |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101964799A (en) * | 2010-10-21 | 2011-02-02 | 神州数码网络(北京)有限公司 | Solution method of address conflict in point-to-network tunnel mode |
| CN101997875A (en) * | 2010-10-29 | 2011-03-30 | 北京大学 | Secure multi-party network communication platform and construction method and communication method thereof |
| CN101640607B (en) * | 2009-04-13 | 2012-02-22 | 山石网科通信技术(北京)有限公司 | Collocation method of virtual private network based on internet security protocol and system therefor |
| CN103001890A (en) * | 2012-12-28 | 2013-03-27 | 上海伟视清数字技术有限公司 | Network access control method |
| WO2014180069A1 (en) * | 2013-05-10 | 2014-11-13 | 烽火通信科技股份有限公司 | Service management apparatus for l3vpn |
| TWI482469B (en) * | 2012-05-23 | 2015-04-21 | Gemtek Technology Co Ltd | Routing device |
| CN105144642A (en) * | 2013-03-18 | 2015-12-09 | 雅马哈株式会社 | DNS server device, network machine, communication system, and communication method |
| CN106027354A (en) * | 2016-05-19 | 2016-10-12 | 杭州迪普科技有限公司 | Backflow method and device for VPN (Virtual Private Network) client |
| CN110545308A (en) * | 2019-08-05 | 2019-12-06 | 无锡华云数据技术服务有限公司 | Server connection method, resource downloading method, device, electronic equipment and medium |
| CN110943999A (en) * | 2019-12-05 | 2020-03-31 | 拉货宝网络科技有限责任公司 | Logistics multi-bin network intercommunication and monitoring method |
| CN111786868A (en) * | 2019-04-04 | 2020-10-16 | 厦门网宿有限公司 | Data transmission method between servers and strongswan server |
| CN112087361A (en) * | 2020-09-17 | 2020-12-15 | 宏图智能物流股份有限公司 | Method for realizing butt joint of different warehouse network platforms |
| CN112104763A (en) * | 2020-09-17 | 2020-12-18 | 宏图智能物流股份有限公司 | Method for realizing butt joint of different network platforms in warehouse |
| CN113300932A (en) * | 2021-05-25 | 2021-08-24 | 上海金途信息科技有限公司 | Wide area network multi-terminal management system based on reverse proxy and virtual link realization |
-
2007
- 2007-12-27 CN CN2007103043136A patent/CN101197856B/en not_active Expired - Fee Related
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101640607B (en) * | 2009-04-13 | 2012-02-22 | 山石网科通信技术(北京)有限公司 | Collocation method of virtual private network based on internet security protocol and system therefor |
| CN101964799A (en) * | 2010-10-21 | 2011-02-02 | 神州数码网络(北京)有限公司 | Solution method of address conflict in point-to-network tunnel mode |
| CN101964799B (en) * | 2010-10-21 | 2014-06-04 | 神州数码网络(北京)有限公司 | Solution method of address conflict in point-to-network tunnel mode |
| CN101997875A (en) * | 2010-10-29 | 2011-03-30 | 北京大学 | Secure multi-party network communication platform and construction method and communication method thereof |
| CN101997875B (en) * | 2010-10-29 | 2013-05-29 | 北京大学 | Secure multi-party network communication platform and construction method and communication method thereof |
| TWI482469B (en) * | 2012-05-23 | 2015-04-21 | Gemtek Technology Co Ltd | Routing device |
| US9130884B2 (en) | 2012-05-23 | 2015-09-08 | Gemtek Technology Co., Ltd. | Routing device |
| CN103001890B (en) * | 2012-12-28 | 2016-06-29 | 上海伟视清数字技术有限公司 | A kind of method for network access control |
| CN103001890A (en) * | 2012-12-28 | 2013-03-27 | 上海伟视清数字技术有限公司 | Network access control method |
| CN105144642A (en) * | 2013-03-18 | 2015-12-09 | 雅马哈株式会社 | DNS server device, network machine, communication system, and communication method |
| CN105144642B (en) * | 2013-03-18 | 2018-06-15 | 雅马哈株式会社 | Dns server device, net machine, communication system and communication means |
| WO2014180069A1 (en) * | 2013-05-10 | 2014-11-13 | 烽火通信科技股份有限公司 | Service management apparatus for l3vpn |
| CN106027354A (en) * | 2016-05-19 | 2016-10-12 | 杭州迪普科技有限公司 | Backflow method and device for VPN (Virtual Private Network) client |
| CN106027354B (en) * | 2016-05-19 | 2019-03-15 | 杭州迪普科技股份有限公司 | The reflow method and device of VPN client |
| CN111786868A (en) * | 2019-04-04 | 2020-10-16 | 厦门网宿有限公司 | Data transmission method between servers and strongswan server |
| CN111786868B (en) * | 2019-04-04 | 2022-04-22 | 厦门网宿有限公司 | Data transmission method between servers and strongswan server |
| CN110545308A (en) * | 2019-08-05 | 2019-12-06 | 无锡华云数据技术服务有限公司 | Server connection method, resource downloading method, device, electronic equipment and medium |
| CN110943999A (en) * | 2019-12-05 | 2020-03-31 | 拉货宝网络科技有限责任公司 | Logistics multi-bin network intercommunication and monitoring method |
| CN112087361A (en) * | 2020-09-17 | 2020-12-15 | 宏图智能物流股份有限公司 | Method for realizing butt joint of different warehouse network platforms |
| CN112104763A (en) * | 2020-09-17 | 2020-12-18 | 宏图智能物流股份有限公司 | Method for realizing butt joint of different network platforms in warehouse |
| CN113300932A (en) * | 2021-05-25 | 2021-08-24 | 上海金途信息科技有限公司 | Wide area network multi-terminal management system based on reverse proxy and virtual link realization |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101197856B (en) | 2011-04-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101197856B (en) | IP address space planning-free and private domain name access method in VPN network | |
| US10469442B2 (en) | Adaptive resolution of domain name requests in virtual private cloud network environments | |
| US10516590B2 (en) | External health checking of virtual private cloud network environments | |
| CN114374581B (en) | Enterprise Virtual Private Network (VPN) to Virtual Private Cloud (VPC) adhesion | |
| JP5710928B2 (en) | Network system, virtual network management method, and router | |
| US7242665B2 (en) | Network device virtual interface | |
| CN102447752B (en) | Service access method, system and device based on layer 2 tunnel protocol (L2TP) | |
| EP2351315B1 (en) | A virtualization platform | |
| CN102340447B (en) | Remote port mirroring realization system and method | |
| JP2016171591A (en) | Provision of logical networking function for managed computer network | |
| US11252126B1 (en) | Domain name resolution in environment with interconnected virtual private clouds | |
| KR20220134554A (en) | Virtual private cloud communication and configuration methods, and related devices | |
| US11625280B2 (en) | Cloud-native proxy gateway to cloud resources | |
| JP2002335265A (en) | Integrated service management system | |
| CN101159657A (en) | Method, equipment and server of implementing private network cross-over | |
| JP2011199796A (en) | Communication system, and control method for communication system | |
| CN103248720A (en) | Method and device for inquiring physical address | |
| US11296997B2 (en) | SDN-based VPN traffic scheduling method and SDN-based VPN traffic scheduling system | |
| CN109688241A (en) | IPv4/IPv6 dual stack conversion method and system based on SDN | |
| CN110098988A (en) | For handling the method and system of Internet Protocol packet | |
| JP6211975B2 (en) | Network extension system, control device, and network extension method | |
| CN107483333A (en) | A kind of universal across routed domain interworking unit and method | |
| CN111010457B (en) | Service type-based elastic public network IP classification method | |
| CN107124411B (en) | Virtual private cloud implementation method, device and system under classic network environment | |
| JP2015128325A (en) | Virtual network management server and edge router |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20110420 Termination date: 20121227 |