CN101426030A - Method and terminal for acquiring network address - Google Patents
Method and terminal for acquiring network address Download PDFInfo
- Publication number
- CN101426030A CN101426030A CNA2008102198083A CN200810219808A CN101426030A CN 101426030 A CN101426030 A CN 101426030A CN A2008102198083 A CNA2008102198083 A CN A2008102198083A CN 200810219808 A CN200810219808 A CN 200810219808A CN 101426030 A CN101426030 A CN 101426030A
- Authority
- CN
- China
- Prior art keywords
- network address
- configuration load
- ike
- ike configuration
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The embodiment of the invention discloses a method for acquiring network address comprising: sending Internet key exchanging protocol configuration load request, the IKE configuration load request carrying preset indication information for acquiring network address; receiving response to IKE configuration load request, the IKE configuration load request response carrying network address information; resolving the IKE configuration load request response, acquiring network address information. Accordingly, the embodiment of the invention also discloses a terminal. IKE configuration request carrying indication information for acquiring network address is transmitted to target terminal through simply extending IKEv2 protocol. Network address can be conveniently acquired by interacting with target terminal about IKE configuration load, thereby avoiding high cost of acquiring network address through STUN technology and satisfying demand of people for low cost.
Description
Technical field
The present invention relates to the communications field, relate in particular to a kind of method and terminal of obtaining the network address.
Background technology
In communication technical field, Internet Protocol (IP, Internet Protocol) address, be commonly referred to the network address, be limited, network address translation (NAT, Network Address Translation) technology is one of the method that solves the shortage problem of IP address, the NAT technology is by changing the IP address, make the multiple host in the same local area network (LAN) use less public network address visit external resource, yet the NAT technology is carried out on the NAT server the conversion of IP address, and this transparent address transition is handled the public network address that each main frame that makes in the local area network (LAN) of NAT can not directly be learnt the reality of using when local terminal sends to destination.But, in the network application of current NAT, upper layer application often needs to carry out business-binding by the IP address of reality, perhaps checks whether exist NAT to pass through by the IP address of judging actual use, therefore, how obtaining actual public network address is the hot issue that people study always.
Current, the public network address that obtains local terminal has had relevant technical scheme, as User Datagram Protoco (UDP) (UDP, User Datagram Protocol) to network address translater simple traversal STUN (SimpleTraversal of UDP Through Network Address Translators), promptly UDP is to the simple traversal mode of NAT.Particularly, STUN client (Client) sends request STUN message by the STUN service end (Server) of UDP outside NAT, STUN Server produces response message after receiving request message, and return response message to STUN Client, STUN Client learns the external address that it is corresponding on NAT, the network address of using when promptly obtaining sending information by the content in the response message body.Yet, utilize Simple Traversal of UDP Through Network Address Translators to finish and obtain the process need application program support STUN Client function of the network address, and handle, promptly will obtain the support of STUN Server simultaneously by STUN Server, therefore for some low-end products, increased product cost.
Summary of the invention
The purpose of the embodiment of the invention is to provide a kind of method and terminal of obtaining the network address, to obtain the network address simply and easily.
The embodiment of the invention has proposed a kind of method of obtaining the network address, and this method comprises:
Send the request of internet key exchange protocol (IKE, Internet Key Exchange Protocol) configuration load, the request of described IKE configuration load carries default indication information for acquiring network address;
Receive IKE configuration load request response, described IKE configuration load request response carries network address information;
Resolve described IKE configuration load request response, obtain network address information.
Correspondingly, the embodiment of the invention also discloses a kind of terminal, it comprises:
Sending module is used to send the request of internet key exchange protocol IKE configuration load, and the request of described IKE configuration load carries default indication information for acquiring network address;
Receiver module is used to receive IKE configuration load request response, and described IKE configuration load request response carries network address information;
Resolve acquisition module, be used to resolve the IKE configuration load request response that described receiver module receives, obtain network address information.
The embodiment of the invention is by expanding the IKEv2 agreement simply, send the IKE configuration load request that carries indication information for acquiring network address to destination, promptly by carrying out the mutual of IKE configuration load with destination, can obtain the network address simply and easily, avoided obtaining the expensive problem that cause the network address, satisfied people's demand cheaply by the STUN technology.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, to do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art below, apparently, accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the method flow diagram that obtains the network address of the embodiment of the invention;
Fig. 2 is the structural representation of the terminal of the embodiment of the invention.
Embodiment
The embodiment of the invention provides a kind of method and terminal of obtaining the network address, can obtain the network address simply and easily, has avoided obtaining the expensive problem that cause the network address by the STUN technology, has satisfied people's demand cheaply.
Describe the preferred embodiments of the present invention in detail below in conjunction with accompanying drawing.
See also the method flow diagram that obtains the network address of the embodiment of the invention shown in Fig. 1, this method comprises:
Step S101: send the request of IKE configuration load, the request of described IKE configuration load carries default indication information for acquiring network address;
Step S102: receive IKE configuration load request response, described IKE configuration load request response carries network address information;
Step S103: resolve described IKE configuration load request response, obtain network address information.
Need to prove; between subscriber access termination and business service access server, dispose internet security agreement (IPSec; Internet Protocol Security); and provide security guarantee by the IKE tunnel; the IKE agreement is on the framework that is based upon by Internet Security Association and IKMP ISAKMP (Internet SecurityAssociation and Key Management Protocol) definition; have a cover self-protection mechanism, can be on network safely distributed key, identity verification, set up ipsec security alliance.Clear and definite standard uses the exchange of configuration load can obtain incoming end private network IP address in the IKEv2 agreement, dns server address information, and keep extended field for other purposes.
Particularly, among the step S101, user's incoming end sends the IKE message to destination, and described IKE message includes the request of IKE configuration load, described user's incoming end and destination are the IKEv2 peer-to-peer, they communicate based on IKEv2, and particularly, described user's incoming end can be access point (AP, Access Point), as: access devices such as modulator-demodulator Modem, base station, described destination can be access server security gateway (SEGW, Security Gateway) equipment.Need to prove, user's incoming end sends before the IKE configuration load request that carries default indication information for acquiring network address to destination, set in advance indication information for acquiring network address, described indication information for acquiring network address is to support this request by equipment vendor oneself Digital ID of definition of agreement regulation or enforcement butt joint.Described indication information for acquiring network address can be shown sign or the identify label (ID that obtains the network address for being used in reference to, Identification/Identity) value, particularly, the ID value of the ID value of the network address for the attribute type of described IKE configuration load obtained in described indication.Current, the IKEv2 protocol specification configuration load exchange process, define the ID value of a series of attribute types, for supporting the attribute type expansion, the ID value that has kept 16-16383 is Internet distributor gear (IANA, Internet Assigned Numbers Authority) uses, and the ID value of 16384-32767 can be used privately by the user, therefore, user's incoming end is before destination sends the request of IKE configuration load, and both sides both can select the ID value of a 16384-32767 voluntarily, ID value as 16390, it is carried out standard, define the public network IP address that its attribute type is a local terminal, promptly this ID value is used to indicate the public network IP address that obtains local terminal; Also can file an application to IANA, obtain the ID value of a 16-16383, it is carried out standard, define the public network IP address that its attribute type is a local terminal, promptly this ID value is used to indicate the public network IP address that obtains local terminal.
Need to prove, user's incoming end (being transmitting terminal) often needs through NAT device to the IKE message that carries the request of IKE configuration load that destination (being the IKE opposite end) sends, be to carry out the NAT conversion after NAT device receives the IKE message that user's incoming end sends, send to destination then, after destination receives described IKE message, obtain the indication information for acquiring network address in the request of IKE configuration load, from the IKE message that receives, obtain the network address then, the network address (transmitting terminal public network IP address) of using when promptly obtaining through NAT device conversion back transmission IKE message, and return the IKE that carries described public network IP address to user's incoming end and dispose load request response, user's incoming end parses described public network IP address after receiving described IKE configuration load request response.
Implement the foregoing description, expand by attribute type the configuration payload field of IKEv2 agreement, access point sends the IKE configuration load request that carries indication information for acquiring network address to the access server security gateway, promptly by carrying out the mutual of IKE configuration load with destination, can obtain the network address simply and easily, satisfy the application of upper-layer service, avoided obtaining the expensive problem that cause the network address, satisfied people's demand cheaply by the STUN technology; Obtaining the network address by present embodiment can also judge whether to exist NAT to pass through, the network address when network address that is about to obtain and access point send compares, if network address unanimity does not then exist NAT to pass through, if the network address is inconsistent, then there is the NAT conversion; Present embodiment is by the mutual realization of the IKE configuration load of expansion, and whole process has been subjected to the encipherment protection of IKE, has improved fail safe.
Above-mentionedly describe the method flow that obtains the network address of the present invention in detail, correspondingly, below in conjunction with Fig. 2 the structure of the terminal of the embodiment of the invention is described, described terminal comprises: sending module 21, receiver module 22, resolve acquisition module 23 and module 24 is set, wherein:
Sending module 21 is used to send the request of internet key exchange protocol IKE configuration load, and the request of described IKE configuration load carries default indication information for acquiring network address;
Resolve acquisition module 23 and be used to resolve the IKE configuration load request response that receiver module 22 receives, obtain the public network IP address information of this terminal;
Particularly, described terminal is user's incoming end, send the IKE message to destination, be that described user's incoming end and destination are the IKEv2 peer-to-peer, they communicate based on IKEv2, particularly, described user's incoming end can be AP, as: access devices such as modulator-demodulator Modem, base station, described destination can be SEGW equipment, the IKE message that the sending module 21 of user's incoming end sends to destination includes the request of IKE configuration load, and this IKE configuration load request carries default indication information for acquiring network address.Need to prove, send before the IKE configuration load request that carries default indication information for acquiring network address at sending module 21, module 24 is set sets in advance indication information for acquiring network address, described indication information for acquiring network address is to support this request by equipment vendor oneself Digital ID of definition of agreement regulation or enforcement butt joint.Described indication information for acquiring network address can be shown the ID value of obtaining the network address for being used in reference to, and particularly, the ID value of the ID value of the network address for the attribute type of described IKE configuration load obtained in described indication.Current, the IKEv2 protocol specification configuration load exchange process, define the ID value of a series of attribute types, for supporting the attribute type expansion, the ID value that has kept 16-16383 is used for IANA, and the ID value of 16384-32767 can be used privately by the user, therefore, user's incoming end is before destination sends the request of IKE configuration load, both sides both can select the ID value of a 16384-32767 privately, and the ID value as 16390 is carried out standard to it, defining its attribute type is the local terminal network address, and promptly this ID value is used for indication and obtains the network address; Also can file an application to IANA, obtain the ID value of a 16-16383, it is carried out standard, defining its attribute type is the local terminal network address, and promptly this ID value is used for indication and obtains the network address.
Need to prove, the sending module 21 of user's incoming end (being transmitting terminal) often needs through NAT device to the IKE message that carries the request of IKE configuration load that destination (being the IKE opposite end) sends, be to carry out the NAT conversion after NAT device receives the IKE message that user's incoming end sends, send to destination then, after destination receives described IKE message, obtain the indication information for acquiring network address in the request of IKE configuration load, from the IKE message that receives, obtain the network address then, the network address (transmitting terminal public network IP address) of using when promptly obtaining through NAT device conversion back transmission IKE message, and return the IKE that carries described public network IP address to user's incoming end and dispose load request response, the receiver module 22 of user's incoming end parses described public network IP address by resolving acquisition module 23 after receiving described IKE configuration load request response.
In sum, implement the embodiment of the invention, expand by attribute type the configuration payload field of IKEv2 agreement, user's incoming end sends the IKE configuration load request that carries indication information for acquiring network address to destination (being the IKE opposite end), promptly by carrying out the mutual of IKE configuration load with the IKE opposite end, can obtain the network address simply and easily, satisfy the application of upper-layer service, avoided obtaining the expensive problem that cause the network address, satisfied people's demand cheaply by the STUN technology; Obtaining the network address by present embodiment can also judge whether to exist NAT to pass through, the network address when network address that is about to obtain and access device send compares, if network address unanimity then exists NAT to pass through, if the network address is inconsistent, then there is the NAT conversion; Present embodiment is by the mutual realization of the IKE configuration load of expansion, and whole process has been subjected to the encipherment protection of IKE, has improved fail safe.
Need to prove that through the above description of the embodiments, those skilled in the art can be well understood to the present invention and can realize by the mode that software adds essential hardware platform, can certainly all implement by hardware.Based on such understanding, all or part of can the embodying that technical scheme of the present invention contributes to background technology with the form of software product, this computer software product can be stored in the storage medium, as ROM/RAM, magnetic disc, CD etc., comprise that some instructions are with so that a computer equipment (can be a personal computer, server, the perhaps network equipment etc.) carry out the described method of some part of each embodiment of the present invention or embodiment.
Above disclosed only is preferred embodiment in the embodiment of the invention, can not limit the present invention's interest field certainly with this, and therefore the equivalent variations of doing according to claim of the present invention still belongs to the scope that the present invention is contained.
Claims (10)
1, a kind of method of obtaining the network address is characterized in that, described method comprises:
Send the request of internet key exchange protocol IKE configuration load, the request of described IKE configuration load carries default indication information for acquiring network address;
Receive IKE configuration load request response, described IKE configuration load request response carries network address information;
Resolve described IKE configuration load request response, obtain network address information.
2, the method for claim 1 is characterized in that, also comprises before the step of described transmission internet key exchange protocol IKE configuration load request:
Indication information for acquiring network address is set.
3, method as claimed in claim 2 is characterized in that, described indication information for acquiring network address is: be used to indicate sign or the identify label ID value of obtaining the network address.
4, method as claimed in claim 3 is characterized in that, the ID value of the ID value of the network address for the attribute type of described IKE configuration load obtained in described indication.
As arbitrary described method among the claim 1-4, it is characterized in that 5, the described network address is the public network Internet Protocol IP address of transmit leg.
6, a kind of terminal is characterized in that, described terminal comprises:
Sending module is used to send the request of internet key exchange protocol IKE configuration load, and the request of described IKE configuration load carries default indication information for acquiring network address;
Receiver module is used to receive IKE configuration load request response, and described IKE configuration load request response carries network address information;
Resolve acquisition module, be used to resolve the IKE configuration load request response that described receiver module receives, obtain network address information.
7, terminal as claimed in claim 6 is characterized in that, described terminal also comprises:
Module is set, is used to be provided with indication information for acquiring network address.
8, terminal as claimed in claim 7 is characterized in that, described indication information for acquiring network address is: be used to indicate sign or the identify label ID value of obtaining the network address.
9, terminal as claimed in claim 8 is characterized in that, the ID value of the ID value of the network address for the attribute type of described IKE configuration load obtained in described indication.
As arbitrary described terminal among the claim 6-9, it is characterized in that 10, the described network address is the public network Internet Protocol IP address of local terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008102198083A CN101426030B (en) | 2008-12-09 | 2008-12-09 | Method and terminal for acquiring network address |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008102198083A CN101426030B (en) | 2008-12-09 | 2008-12-09 | Method and terminal for acquiring network address |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101426030A true CN101426030A (en) | 2009-05-06 |
| CN101426030B CN101426030B (en) | 2012-06-27 |
Family
ID=40616358
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008102198083A Active CN101426030B (en) | 2008-12-09 | 2008-12-09 | Method and terminal for acquiring network address |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101426030B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2012171430A1 (en) * | 2011-06-14 | 2012-12-20 | 中兴通讯股份有限公司 | Method for obtaining tunnel information, a security gateway(segw) and an evolved home base station/ a home base station |
| CN103477605A (en) * | 2011-02-15 | 2013-12-25 | 中兴通讯股份有限公司 | Internet protocol mapping resolution in fixed mobile convergence networks |
| CN104703211A (en) * | 2013-12-04 | 2015-06-10 | 华为技术有限公司 | A virtualization accessing method and apparatus |
| CN113572766A (en) * | 2021-07-23 | 2021-10-29 | 南方电网数字电网研究院有限公司 | Power data transmission method and system |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100556027C (en) * | 2004-11-01 | 2009-10-28 | 华为技术有限公司 | A kind of address renewing method of IKE Network Based |
| CN1855924A (en) * | 2005-04-27 | 2006-11-01 | 华为技术有限公司 | Method for network layer safety text going through address changing device |
| US20080172582A1 (en) * | 2007-01-12 | 2008-07-17 | David Sinicrope | Method and system for providing peer liveness for high speed environments |
| CN101227494B (en) * | 2008-01-09 | 2013-06-12 | 中兴通讯股份有限公司 | Method for establishing Internet safety protocol safe alliance when accessing multi grouping data network |
-
2008
- 2008-12-09 CN CN2008102198083A patent/CN101426030B/en active Active
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103477605A (en) * | 2011-02-15 | 2013-12-25 | 中兴通讯股份有限公司 | Internet protocol mapping resolution in fixed mobile convergence networks |
| US9401888B2 (en) | 2011-02-15 | 2016-07-26 | Zte Corporation | Internet protocol mapping resolution in fixed mobile convergence networks |
| CN103477605B (en) * | 2011-02-15 | 2017-02-22 | 中兴通讯股份有限公司 | Internet protocol mapping resolution in fixed mobile convergence networks |
| WO2012171430A1 (en) * | 2011-06-14 | 2012-12-20 | 中兴通讯股份有限公司 | Method for obtaining tunnel information, a security gateway(segw) and an evolved home base station/ a home base station |
| CN104703211A (en) * | 2013-12-04 | 2015-06-10 | 华为技术有限公司 | A virtualization accessing method and apparatus |
| WO2015081785A1 (en) * | 2013-12-04 | 2015-06-11 | 华为技术有限公司 | Method and device for virtualized access |
| CN104703211B (en) * | 2013-12-04 | 2018-06-19 | 华为技术有限公司 | A kind of virtualization cut-in method and equipment |
| CN113572766A (en) * | 2021-07-23 | 2021-10-29 | 南方电网数字电网研究院有限公司 | Power data transmission method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101426030B (en) | 2012-06-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101141420B (en) | Method and system for performing data communication between private network and public network | |
| CN102934410B (en) | DS-LITE is strengthened by private IPV4 accessibility | |
| CN103634314B (en) | A kind of service access control method and equipment based on virtual router VSR | |
| CN103688516B (en) | There is provided the method for public accessibility and in relation to system and device | |
| CN104427010A (en) | NAT (network address translation) method and device applied to DVPN (dynamic virtual private network) | |
| CN106790098B (en) | IPv4/IPv6 intercommunication system based on HTTP ALG and NAT64 technology | |
| CN101252509A (en) | Dynamic system and method for virtual private network (VPN) information packet level routing using dual-NAT method | |
| JP2011024065A (en) | Cryptographic communication system and gateway device | |
| CN106604119B (en) | Network penetration method and system for private cloud equipment of smart television | |
| CN102437946B (en) | Access control method, network access server (NAS) equipment and authentication server | |
| WO2022002069A1 (en) | Method for accessing network, media gateway, electronic device, and storage medium | |
| CN102404293A (en) | Dual-stack user managing method and broadband access server | |
| CN102984300A (en) | Distributed gateway system in 4-6-4 hybrid protocol network and access method | |
| CN103338213A (en) | Method, system and access gateway for intercommunication between local equipment and IMS (IP Multimedia Subsystem) network | |
| CN101426030B (en) | Method and terminal for acquiring network address | |
| CN102684969A (en) | VPN (virtual private network) node, VPN node identification analysis agency and VPN node identification analysis, VPN server | |
| CN103581350A (en) | Method, terminals, equipment and system for publishing Internet services across NAT | |
| EP2451131B1 (en) | Method, apparatus and system for obtaining local domain name | |
| CN101083594A (en) | Method and system for managing network appliance | |
| US20150319134A1 (en) | Method And Apparatus For Accessing Demilitarized Zone Host On Local Area Network | |
| CN103812868B (en) | The method and its system of Free Internet Access are realized based on IPv4/IPv6 conversions | |
| CN104735073A (en) | IPv4-IPv6 transitional protocol dispatching method and device | |
| US9705794B2 (en) | Discovery of network address allocations and translations in wireless communication systems | |
| CN102480476A (en) | Multi-service access method based on DHCP protocol extension | |
| CN111182071A (en) | Method for intranet penetration and service release |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |