CN101436947A - Expandable island type multicast transmission system suitable for IPTV stream medium business - Google Patents
Expandable island type multicast transmission system suitable for IPTV stream medium business Download PDFInfo
- Publication number
- CN101436947A CN101436947A CNA2008102200806A CN200810220080A CN101436947A CN 101436947 A CN101436947 A CN 101436947A CN A2008102200806 A CNA2008102200806 A CN A2008102200806A CN 200810220080 A CN200810220080 A CN 200810220080A CN 101436947 A CN101436947 A CN 101436947A
- Authority
- CN
- China
- Prior art keywords
- main frame
- node
- island
- multicast
- new
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention provides a scalable island multicast system (SIM) suitable for IPTV streaming media service. The system comprises an SIM server, an authentication and authorization server, a client mainframe, an STUN server and an IP multicast route. The tree-type structure adopted by the system has low end-to-end delay and is easier to maintain. The system adopts a local IP multicast mode favorable for the multicast of a streaming media application layer, blends an application layer multicast protocol and peer-to-peer network technology, has high efficiency, high robustness, high practicability, deployability and maintainability and supports real-time television and interactive film in the IP network. Simultaneously, the invention provides a simple data distribution and transmission method which is easy to realize.
Description
Technical field
The invention belongs to digital home network technical field and stream media technology field, particularly relate to a kind of IPTV of being suitable for streaming media service expandable island type multicast transmission system.
Background technology
The P2P system constructing adopts two kinds of structures, i.e. tree and Gossip network structure usually.The Gossip network structure is by using the Gossip algorithm to set up the network structure of main frame, with adjacent host exchanging data.But because the Gossip structure is that data are sent to a main frame by a plurality of paths, the delay of its longest path has determined this structure can bring higher playback delay; On the contrary, tree has been introduced lower delay end to end, and is easier to safeguard.Tree is by setting up the data that many trees are distributed main frame, and existing most application layer multicast modular systems all adopt this structure to carry out the data distribution, as Narada, and NICE agreement and P2Cast, some P2P video on-demand systems such as P2VoD.
Great majority all were that the supposition router does not have the multicast function based on the agreement (as Narada, NICE, DT, Scribe, ALMI etc.) of application layer in the past, did not therefore consider the ip multicast of network layer.Global I P multicast is infeasible, but present many local area network (LAN)s have all possessed the multicast function.But these multicast fields, part, or be called " island " are usually coupled together by router that can not multicast.Because ip multicast is more effective than ALM,, will helps ip multicast and use if ALM can utilize the local multicast capability of setting up tree.
The present invention adopts the local I P multicast mode that helps the streaming media application layer multicast, and application layer multicast protocol and peer-to-peer network technology have been merged, have high-effect, high robust, high practicability, deployable and maintainability, support real-time television and interactive movie on the IP network.Existing many technology all need to be provided with special network node, and as acting server or router, and the connection between main frame need be carried out manual configuration.Support that main frame group of the present invention is fully autonomous, do not need special network node is set, reduced complexity and management cost, and can be expanded into more massive peer-to-peer network.Simultaneously, the invention provides simple data method for distributing and transmitting, and be easy to realize.
Summary of the invention
The objective of the invention is to overcome the deficiencies in the prior art, proposed a kind of low delay, be easy to safeguard, be beneficial to the system that ip multicast is used.
In order to realize goal of the invention, the technical scheme of employing is as follows.
A kind of IPTV streaming media service expandable island type multicast transmission system (ScalableIsland Multicast System that is suitable for, be called for short SIM), its part comprises: SIM server, authentication and authorization server, client host, STUN server and ip multicast router.
The connection situation of this system is as follows:
In SIM, main frame communicates transmission by the ip multicast mode in the island, and main frame then communicates transmission by mode of unicast between the island.The main frame of every system to be accessed at first will join in the tree of SIM, and this structure is used to monitor and safeguard the main frame of adding;
Then main frame joins the multicast island by detection, and then finishes whole access procedure.Each island among the SIM only possesses unique Ingress node, and Ingress node receives the packet that other islands send over, and transmits these packets in the mode of multicast in the island again.
Described SIM server, promptly media server as the medium source nodes main frame in the tree, is used for stream medium data storage and distribution in SIM.
Described client host as the node main frame of tree, is used for receiving, keeping in or the forwarding stream media data in SIM.
Described STUN server provides the differentiation service of mainframe network environment, and being used for the decision node main frame is to be in the public network environment, still is in the back of NAT or fire compartment wall.
Described ip multicast power router is used for multicast stream medium data in the island, and an ip multicast power router will be safeguarded in each multicast island.
This system is based upon on the application layer basis, and the single tree by all node main frames constitute is used to monitor the main frame of new access, and safeguards the association between each node main frame; This association is meant the set membership of keeping between the node main frame, such as father and son's node relation, ancestors descendants node relation.
Adopt the P2P network of tree type build mechanism generally all to have distributed nature, can make the easier expansion of system, and it is more easy to make up algorithm.
Technical characterstic of the present invention mainly embodies as follows:
1, adopt the local I P multicast mode help the streaming media application layer multicast, and based on the scalable distributed system of tree, SIM.
P2P of the present invention system adopts tree, postpones lowlyer end to end, and is easier to safeguard.Tree is by setting up the data that many trees are distributed main frame.The router that has the multicast function simultaneously by foundation is realized the ip multicast of network layer, thereby has been set up global I P multicast.Because ip multicast is more effective than ALM,, will helps ip multicast and use if ALM can utilize the local multicast capability of setting up tree.
2, application layer tree
Tree of the present invention is based upon on the application layer basis, and the single tree by all node main frames constitute is used to monitor the main frame of new access, and safeguards the association between each node main frame; This association is meant the set membership of keeping between the node main frame, such as father and son's node relation, ancestors descendants node relation.
Adopt the P2P network of tree type build mechanism generally all to have distributed nature, can make the easier expansion of system, and it is more easy to make up algorithm.
3, possesses good autgmentability
The present invention can increase the CDN super node on the existing basis of SIM, thereby improves the P2P network stabilization, guarantees service quality.
The present invention can be improved to the mesh topology that adopts a plurality of trees, and on two-layer tree topology architecture basics, each node can obtain stream data from a plurality of father nodes.The data content multi-source obtains, and node distributes and forms network structure.
Description of drawings
Fig. 1 is the SIM topology diagram;
Fig. 2 is tree type transmission structure example logic figure;
Fig. 3 is node main frame and STUN server interaction process view;
Fig. 4 is node main frame and meeting point main frame reciprocal process view;
Fig. 5 is new main frame when being the public network main frame and the reciprocal process view of each main frame of popping;
When Fig. 6 is limited main frame for new main frame and the reciprocal process view of each main frame of popping;
Fig. 7 is transmission path example logic figure in the multicast island;
Fig. 8 is according to the distribution logic exemplary plot;
Fig. 9 is deadlock situation example logic figure;
Figure 10 is a node host authorization view;
Figure 11 is node main frame authentication view.
Embodiment
The present invention is described further below in conjunction with accompanying drawing.
SIM network topology structure figure as shown in Figure 1.In SIM, main frame communicates transmission by the ip multicast mode in the island, and main frame then communicates transmission by mode of unicast between the island.The main frame of every system to be accessed at first will join in the tree of SIM, and this structure is used to monitor and safeguard the main frame of adding; Then main frame joins the multicast island by detection, and then finishes whole access procedure.Each island among the SIM only possesses unique Ingress node, and Ingress node receives the packet that other islands send over, and transmits these packets in the mode of multicast in the island again.
As shown in Figure 1, wherein there is following object:
(1) multicast island
The multicast island is to organize themselves into island structure by the localized network with ip multicast function, adopts the tree topology structure in the island.Simultaneously, the island is as the node on the macroscopic view, and constitutes tree between other islands again, adopts mode of unicast transport stream media data packet between island and the island, the employing ip multicast mode transport stream media data packet island in.
There is unique entry host on each island, be responsible for to receive the flow media data packet that the island outdoor main unit sends, and in the island this packet of multicast.
Router in each island all has two unique D class ip multicast addresses, and one is used for the multicast control messages, and another is used for the multicast flow media data packet.According to the difference of IP address, main frame can be formed control multicast group and data multicast group respectively in the island.Two Class D IP address are by the meeting point host maintenance.
(2) node main frame
The node main frame is to joining the another name of each main frame in the tree.
According to the residing network environment difference of main frame, the node main frame can be divided into public network node main frame and constrained nodes main frame.The public network main frame is meant the node main frame that is in the public network environment, and limited main frame is meant the node main frame that is in NAT or fire compartment wall back.
(3) Ingress node main frame
To safeguard a special node main frame in each multicast island, and be used to receive the flow media data packet that sends over through clean culture outside the island, and this packet is carried out multicast by the multicast router in the island.This main frame is called the Ingress node main frame.
(4) NAT penetrates
SIM is by using Simple Traversal of UDP Through Network Address Translators, promptly the simple through-transmission technique of NAT (Simple Traversal of UDP through NAT) based on udp protocol transmission detects the back whether main frame is positioned at NAT or fire compartment wall, and can detect the back whether two or many limited main frames are positioned at same NAT or fire compartment wall.
Concrete detection method is as follows:
A) add the ingress main frame and send bind request (Binding Requests) to the STUN server;
B) server produces binding feedback (Binding Response), and the mapping address and the port that obtain are turned back to client;
C) client judges by the address after the mapping relatively is whether identical with this machine address whether this machine is in public network, if identical this main frame that then illustrates is the public network main frame, if difference illustrates that then this main frame is limited main frame.
(5) father node main frame
New main frame will be through the source points of node main frame of the final selection of iterative process for several times as stream medium data after joining tree, because iterative process will cause the related set membership that is rendered as between new main frame and this node main frame, so this main frame is called the father node main frame.
(6) meeting point main frame
A kind of special node, the address that is used for safeguarding root node He joins the node listing of tree, its maximum capacity can be set up according to needs.Major function is that response initiates to obtain the node of start node request.
(7) authorization server
A server that is used for the distribution authorization key is safeguarded the map listing of all different program frequency range stream packets and its authorization key, and is had the certificate of certification recognition function.The node main frame can obtain the authorization key that can decipher stream packets by sending authorization requests to it.
(8) certificate server
A server that is used for the verified users identity can be used for distributing certificate of certification.The new node main frame of system to be added all must earlier carry out authentication by this server, to obtain authentication information such as certificate of certification.Certificate server and authorization server can be deployed on same the property server, topological structure shown in Figure 1 promptly be consider authenticate combine with mandate be deployed in authenticate and authorization server on.
(9) multicast group
A kind of main frame group who supports ip multicast.Each flow media session among the group all has two unique D class ip multicast addresses.One is used for the multicast control messages, and another is used for the multicast stream medium data.According to the IP address, can be called control multicast group and data multicast group.
(10) boundary node main frame
The father node not node main frame in the island is called the boundary node main frame.In SIM, boundary node main frame and Ingress node main frame all join control group and data set, but not the boundary node main frame only joins data set.
Fig. 2 is the tree logical view.As shown in the figure, each father node all can comprise a plurality of child nodes in the tree, but for each child node, his father's interstitial content is unique.
This structure is to be based upon on the application layer basis, and the single tree by all node main frames constitute is used to monitor the main frame of new access, and safeguards the association between each node main frame; This association is meant the set membership of keeping between the node main frame, such as father and son's node relation, ancestors descendants node relation.
Adopt the P2P network of tree type build mechanism generally all to have distributed nature, can make the easier expansion of system, and it is more easy to make up algorithm.
The process that main frame adds the application layer tree is as follows:
New main frame adds the process of tree, can regard the process of searching qualified father node main frame in tree as.
At first, newly main frame need determine whether it is public network main frame or limited main frame.Therefore, new main frame and STUN server connect and obtain testing result.This process as shown in Figure 3, the node main frame at first sends NAT to the STUN server and detects request.Then, the STUN server is passed the public network IP address of NAT router and NAT port that Intranet opens back and is encapsulated into NAT and detects in the feedback for allowing to import into flow, and sends to this node main frame.
Simultaneously, new main frame and medium source nodes connect, and obtain stream medium data.This connection is just stopped up to father node is found.Can add the source of media server of different channel in advance by this connection, reduce the time overhead of adition process.This mechanism is applicable to that the IPTV multichannel browses, because node can pre-loaded a lot of channels, thereby is minimized the stand-by period of converted channel.
Then, this new main frame and meeting point main frame connect, and obtain the tabulation of public network main frame in the system at random, process as shown in Figure 4, the node main frame sends Host List to the meeting point main frame and obtains request.After the meeting point main frame is received this request, will from the All hosts address, select k main frame randomly and form Host List to send to this node main frame.
When Fig. 6 is limited main frame for new main frame with the reciprocal process view of each main frame of popping, obtain this Host List after, newly main frame calculate one by one and tabulate in RTT value between each public network main frame, and by ascending order these host addresses are deposited among the storehouse Hp according to this value.
Then, new main frame will enter following iterative process:
(1) main frame ejects k the host address with minimum RTT time from Hp, and k is a system parameters.For each main frame of popping, new main frame will send NeighborQuery message to this main frame.
(2) carry out in two kinds of situation according to the type of new main frame:
A) if new main frame is the public network main frame, the main frame of popping that then receives NeighborQuery message will return the address of its adjacent public network node main frame, and notify its adjacent constrained nodes main frame and new main frame to connect.New main frame can be by force communicates with all adjacent node main frames of this k the main frame of popping, and obtains the RTT value that arrives these main frames.Then, new main frame is arranged the node host address that all get access to according to the RTT ascending order, and deposits Hp in.This process as shown in Figure 5.
B) if new main frame is limited main frame, the main frame of popping that then receives NeighborQuery message will return the IP address of its all adjacent public network node main frames and limited neighbors main frame.New main frame obtains all adjacent public network node host addresses of k the main frame of popping on the one hand, to build with the STUN server on the other hand and connect, and will before all adjacent constrained nodes host addresses of the k that get access to the main frame of popping send to this server, thereby judge that whether these constrained nodes main frames are in the back of same NAT or fire compartment wall with new main frame; If these constrained nodes main frames just can communicate with new main frame; And then k the main frame of popping will be notified their adjacent constrained nodes main frame once more, ask them that adjacent public network node host address is separately sent to new main frame.Then, new main frame will connect these main frames according to all host addresses that gets access to, and obtain the RTT value that arrives them.At last, new main frame is arranged the node host address that all get access to according to the RTT ascending order, and deposits Hp in.
(3) after above work is finished, new main frame will eject k the host address with minimum RTT time from Hp.
Whole iteration will continue until that the increment that finds minimum RTT will be lower than a fixing threshold value, or iterations just stops above a specific value t.
At last, new main frame will select a destination host as father node from current m nearest main frame, have the highest front end bandwidth between this destination host and its father node, thereby finish whole adition process.The m value is an adjustable system parameters.
Main frame also should be noted that following several situation when adding the application layer tree:
(1) consider a limited main frame can only select the public network main frame or and it be in limited main frame under same NAT or the fire compartment wall as father node; If all the public network main frames in the system all take place unusually, then a new limited main frame can't obtain the father node main frame, promptly can not add tree.Therefore, for avoiding this phenomenon, SIM will require the limited main frame of the preferential selection of public network main frame as its father node by force.
(2) the public network main frame can only be initiated by limited host side with being connected of limited main frame.The new main frame of public network during adding, need to keep its with limited main frame between be connected, limited new main frame during adding, also need to keep with the public network main frame between be connected.Only remain behind the success adding tree, new main frame just can abandon these connections.
(3) after new main frame joined tree, if its father node main frame takes place unusual or loses connection, then this main frame need be searched new father node again.The process of searching new father's node is similar to adition process, and new main frame sends NeighborQuery message to its grandfather's node, and enters above iterative process then, finally finds out qualified new father node.In searching the process of new father node, node can receive data from its recovery nodes temporarily.
The process that main frame adds the multicast island is as follows:
After a new main frame joins tree, at first it will detect current environment and whether have the multicast island, and testing process is as follows:
(1) if the island exists, this main frame will be received the KeepAlive message of Ingress node.Since the Ingress node main frame can be in the island regular multicast KeepAlive message.And then main frame detects whether itself is boundary node;
(2) new main frame multicast BorderIdentification message in data set, this message comprises the information of main frame.If the father node of this main frame is received this message, then this father node will utilize message of clean culture feedback to give new main frame.If new main frame is not received feedback message in certain hour, it just can conclude its father node not in same data set, promptly not in same island, then can determine it self is a boundary node.
(3) through after the above deterministic process, will make following operation according to the new main frame of result:
A) if, it still is retained in the control group, and joins data set, stops to receive the flow data from father node simultaneously, it only is used for transmitting control message with being connected of father node;
B) if not, then it just leaves the control group and joins data set, and receives the data of ip multicast.If main frame became an Ingress node afterwards, it will recover to connect and receive once more the data that father node sends so.
(4) if main frame does not find any island that adds, then itself will form an island (i.e. control group and data set), and become the Ingress node main frame on island.
At first, each main frame will write down its distance to the medium source nodes main frame, and to the distance the medium source nodes main frame, and it adds up and get to the distance between father node this distance by its father node; Wherein, between each main frame distance by RTT value representation two-way time of point-to-point transmission.
Ingress node main frame regular multicast KeepAlive message in the control group, this message comprise that it arrives the distance of medium source nodes.Simultaneously, its multicast media stream data in data set.Ingress node is to select in the border main frame from the control group.
When initial, the Ingress node main frame on island is first main frame that joins this island.And the condition of an alternative current Ingress node main frame of new border main frame is:
A) leave or lost efficacy to current Ingress node main frame by the KeepAlive message detection;
B) the boundary node main frame of a non-Ingress node of existence, it is shorter to source node main frame distance than current Ingress node main frame to the distance of medium source nodes.
Fig. 8 is a data distribution logic example of the present invention.After new main frame added the island, with the multi-case data that begins to receive in the island, and the unicast data between the island will be received by the Ingress node on this island.Among Fig. 8, different elliptic regions is pointed out different islands, and node 1, node 2, node 3 and node 5 belong to an island; Node 4, node 7 and node 11 belong to another island; Node 6, node 8, node 9 and node 10 belong to last island.Node in the same island is not in groups as node 8 with node 6,9,10 not necessarily always in groups.Only presentation logic association of solid line limit among the figure, and not representative data transmission.Data send by different island (being sent to scope shown in dotted lines in Figure 4) clean culture, then are to be multicast transmission in the island.
In the example of Fig. 8, suppose node 1 want to send packet to the tree in all nodes, at first, node 1 sends the node 2,3,5 of packet in the same island by ip multicast, node the 2, the 3rd is to exterior node, exterior node is sent packet to delivering to different islands by clean culture, and after node 4 received packet from node 2, this packet sent to node 7,11 by ip multicast; Equally, after node 6 received packet from node 3, this packet sent to node 8,9,10 by ip multicast.Node 4,6 is called Ingress node, is the node that receives packet from other island.
Multicast island Ingress node is selected to be described below with cancellation mechanism in SIM.
It is whether to have minimum-depth according to this node in the island that Ingress node is selected, and whether perhaps arrive the tree root distance minimum.If there are a plurality of nodes to have same minimum-depth, then SIM will therefrom select one as Ingress node at random.
Deadlock situation as shown in Figure 9 if SIM only selects a node as Ingress node at random, and does not consider whether it has minimum-depth in the island, or not nearest from the tree root node, then will cause deadlock.
Because having the node of minimum-depth is the nearest node of distance sources node in its island, place, any one grandfather's node of this node all can not be positioned at the island, therefore just can avoid above deadlock situation.
When no longer receiving packet, Ingress node then is cancelled.Ingress node is monitored by the potential Ingress node in the same island, and when Ingress node no longer received message in a period of time, the node of monitoring was thought Ingress node death, and notifies this Ingress node to end to receive packet outside island.
The following description of the mechanism for correcting errors that adopts among the present invention.
Recover neighbors
Search in tree in the process of new father node, main frame will recover principle temporarily, based on following rule:
A) root node does not have recovery nodes;
B) recovery nodes is not in the middle of subtree;
C) except root node, other recovery nodes is not in the middle of root path;
D) recovery nodes is not in same island.
Use these rules, might find a uncorrelated recovery nodes.Recovery nodes has following usage:
A) when detecting packet loss, node can require the packet of its recovery nodes retransmission of lost;
B) when the father node of node leaves, this node receives data temporarily from its recovery nodes, finds new father node up to it.
The licensing scheme that the present invention adopts is described below.
At first to pass through packaging ciphering before the flow data distribution, and then be distributed to each node in the network by source of media.When the terminal node user attempted playing the content of process packaging ciphering, player or terminal equipment can obtain a licence automatically, and this licence comprises the required key of decryption content.
Key is divided into two parts, i.e. PKI and private key, and PKI is used for the encrypt stream data content, and private key then is used to decipher this content.During the source of media encrypt stream data, the address of PKI sign and authorization server is encapsulated in the head of encrypted content, and uses a pair of signature key that this header information is signed, prevent that header information is illegally modified.After user node obtains this encrypted packets, player or the EM equipment module of carrying out this node when playing will be triggered and send authorization requests to authorization server, ask for the private key that is used to decipher.
Be licensing process as shown in figure 10, the node main frame sends authorization requests to authorization server, and this request has comprised the PKI sign of enciphered data head; After authorization server received this request, private key that will be complementary with this PKI and Authorization result information are packaged into authorized feedback to send to this node main frame; If there is not corresponding private key in this PKI, represent that then this node data source is illegal, therefore will only in authorizing feedback, comprise illegal mandate information.
Authorization server will produce a pair of PKI and private key in time cycle t, t is adjustable system parameters; After cycle time, existing key will be to storing in the cipher key list.
During encrypted content source of media encrypt stream data, at first communicate, obtain the PKI part of the current cipher key pair that produces, then this PKI and authorization server address are joined in the lump the head of encrypted content with authorization server.
The authentification of user mechanism that the present invention adopts is described below.
The new node main frame must connect with certificate server and carry out authentication in (before promptly adding tree) before the adding system.Authentication service and authorization service can be deployed on the same station server main frame.
Be verification process as shown in figure 11, the node main frame at first sends authentication request to certificate server, and this request comprises the subscriber terminal equipment identification information.Then, whether certificate server is registered state by the equipment identification information that this request of verification comprises, and returns to authentication feedback of this node main frame, and this feedback comprises check results.If this node is registered, then certificate server will allow its visit meeting point server, and comprise the IP address and the port of check results, meeting point main frame in the authentication feedback; If this node is not by checking, then authentication feedback only comprises check results.
Claims (10)
1, a kind of system that is suitable for IPTV streaming media service expandable island type multicast transmission is characterized in that part comprises: SIM server, authentication and authorization server, client host, STUN server and ip multicast router; This system adopts the local I P multicast mode that helps the streaming media application layer multicast, and based on the scalable distributed system of tree, wherein main frame communicates transmission by the ip multicast mode in the island, main frame then communicates transmission by mode of unicast between the island, is called the expandable island type multicast system again;
Described SIM server, promptly media server as the medium source nodes main frame in the tree, is used for stream medium data storage and distribution in SIM;
Described client host as the node main frame of tree, is used for receiving, keeping in or the forwarding stream media data in SIM;
Described STUN server provides the differentiation service of mainframe network environment, and being used for the decision node main frame is to be in the public network environment, still is in the back of NAT or fire compartment wall;
Described ip multicast power router is used for multicast stream medium data in the island, and an ip multicast power router will be safeguarded in each multicast island.
2, a kind of IPTV streaming media service expandable island type multicast transmission system that is suitable for according to claim 1 is characterized in that existing following object:
The multicast island organizes themselves into island structure by the localized network with ip multicast function;
The node main frame is to joining the another name of each main frame in the tree;
The Ingress node main frame will be safeguarded a special node main frame in each multicast island, be used to receive the flow media data packet that sends over through clean culture outside the island, and by the multicast router in the island this packet carried out multicast;
NAT penetrates, and SIM is by using Simple Traversal of UDP Through Network Address Translators, and promptly the simple through-transmission technique of NAT based on the udp protocol transmission detects the back whether main frame is positioned at NAT or fire compartment wall, and can detect the back whether two or many limited main frames are positioned at same NAT or fire compartment wall;
Father node main frame, new main frame will be through the source points of node main frame of the final selection of iterative process for several times as stream medium data after joining tree;
The meeting point main frame, a kind of special node, the address that is used for safeguarding root node He joins the node listing of tree, major function is that response initiates to obtain the node of start node request;
Authorization server, a server that is used for the distribution authorization key is safeguarded the map listing of all different program frequency range stream packets and its authorization key, and is had the certificate of certification recognition function; The node main frame can obtain the authorization key that can decipher stream packets by sending authorization requests to it;
Certificate server, a server that is used for the verified users identity can be used for distributing certificate of certification; The new node main frame of system to be added all must earlier carry out authentication by this server, to obtain authentication information such as certificate of certification;
The multicast group, a kind of main frame group who supports ip multicast;
The boundary node main frame, be in certain multicast island and father node not the node main frame in this island be called the boundary node main frame; In SIM, boundary node main frame and Ingress node main frame all join control group and data set, but not the boundary node main frame only joins data set.
3, a kind of IPTV streaming media service expandable island type multicast transmission system that is suitable for according to claim 2, it is characterized in that described multicast island, router in each island all has two unique D class ip multicast addresses, one is used for the multicast control messages, and another is used for the multicast flow media data packet; According to the difference of IP address, main frame can be formed control multicast group and data multicast group respectively in the island, and two Class D IP address are by the meeting point host maintenance.
4, a kind of IPTV streaming media service expandable island type multicast transmission system that is suitable for according to claim 1 and 2, it is characterized in that this system adopts the application layer tree, this structure is based upon on the application layer basis, the single tree that constitutes by all node main frames, be used to monitor the main frame of new access, and safeguard the association between each node main frame; This association is meant the set membership of keeping between the node main frame; The process that main frame adds the application layer tree is as follows,
(1) new main frame need determine whether it is public network main frame or limited main frame;
(2) new main frame sends Host List to the meeting point main frame and obtains request, and obtains the tabulation of public network main frame in the system at random;
(3) obtain this Host List after, new main frame calculate one by one and tabulate in RTT value between each public network main frame, and by ascending order these host addresses are deposited among the storehouse Hp according to this value;
(4) new main frame will enter iterative process;
(5) new main frame will select a destination host as father node from current m nearest main frame;
In the process of main frame adding application layer tree, wherein the iterative process of new main frame is as follows,
(1) main frame ejects k the host address with minimum RTT time from Hp, and k is a system parameters, and for each main frame of popping, new main frame will send NeighborQuery message to this main frame;
(2) carry out in two kinds of situation according to the type of new main frame;
(3) after above work is finished, new main frame will eject k the host address with minimum RTT time from Hp;
Whole iteration will continue until that the increment that finds minimum RTT will be lower than a fixing threshold value, or iterations just stops above a specific value t;
The iterative process of new main frame is carried out in two kinds of situation according to the type of new main frame, wherein,
A) if new main frame is the public network main frame, the main frame of popping that then receives NeighborQuery message will return the address of its adjacent public network node main frame, and notify its adjacent constrained nodes main frame and new main frame to connect; New main frame can be by force communicates with all adjacent node main frames of this k the main frame of popping, and obtains the RTT value that arrives these main frames; Then, new main frame is arranged the node host address that all get access to according to the RTT ascending order, and deposits Hp in;
B) if new main frame is limited main frame, the main frame of popping that then receives NeighborQuery message will return the IP address of its all adjacent public network node main frames and limited neighbors main frame; New main frame obtains all adjacent public network node host addresses of k the main frame of popping on the one hand, to build with the STUN server on the other hand and connect, and will before all adjacent constrained nodes host addresses of the k that get access to the main frame of popping send to this server, thereby judge that whether these constrained nodes main frames are in the back of same NAT or fire compartment wall with new main frame; If these constrained nodes main frames just can communicate with new main frame; And then k the main frame of popping will be notified their adjacent constrained nodes main frame once more, ask them that adjacent public network node host address is separately sent to new main frame; Then, new main frame will connect these main frames according to all host addresses that gets access to, and obtain the RTT value that arrives them; At last, new main frame is arranged the node host address that all get access to according to the RTT ascending order, and deposits Hp in;
Main frame adds the process of application layer tree, should be noted that following several situation:
(1) consider a limited main frame can only select the public network main frame or and it be in limited main frame under same NAT or the fire compartment wall as father node; If all the public network main frames in the system all take place unusually, then a new limited main frame can't obtain the father node main frame, promptly can not add tree; SIM will require the limited main frame of the preferential selection of public network main frame as its father node by force;
(2) being connected of public network main frame and limited main frame can only be initiated by limited host side, the new main frame of public network during adding, need to keep its with limited main frame between be connected, limited new main frame during adding, also need to keep with the public network main frame between be connected; Only remain behind the success adding tree, new main frame just can abandon these connections;
(3) after new main frame joined tree, if its father node main frame takes place unusual or loses connection, then this main frame need be searched new father node again; The process of searching new father's node is similar to adition process, and new main frame sends NeighborQuery message to its grandfather's node, and enters above iterative process then, finally finds out qualified new father node; In searching the process of new father node, node can receive data from its recovery nodes temporarily.
5, a kind of IPTV streaming media service expandable island type multicast transmission system that is suitable for according to claim 1 and 2, the process that it is characterized in that main frame adding multicast island is, after a new main frame joins tree, at first it will detect current environment and whether have the multicast island, each main frame will write down its distance to the medium source nodes main frame, to the distance the medium source nodes main frame, and it adds up and gets to the distance between father node this distance by its father node; Wherein, between each main frame distance by RTT value representation two-way time of point-to-point transmission;
The testing process that main frame adds the multicast island is as follows:
(1) if the island exists, this main frame will be received the KeepAlive message of Ingress node and since the Ingress node main frame can be in the island regular multicast KeepAlive message, and then main frame detects whether itself is boundary node;
(2) new main frame multicast BorderIdentification message in data set, this message comprises the information of main frame; If the father node of this main frame is received this message, then this father node will utilize message of clean culture feedback to give new main frame; If new main frame is not received feedback message in certain hour, it just can conclude its father node not in same data set, promptly not in same island, then can determine it self is a boundary node;
(3) through after the above deterministic process, will make corresponding operating according to the new main frame of result;
(4) if main frame does not find any island that adds, then itself will form an island, i.e. control group and data set, and become the Ingress node main frame on island;
The operation that the new main frame of deterministic process is made is as follows:
A) if, it still is retained in the control group, and joins data set, stops to receive the flow data from father node simultaneously, it only is used for transmitting control message with being connected of father node;
B) if not, then it just leaves the control group and joins data set, and receives the data of ip multicast; If main frame became an Ingress node afterwards, it will recover to connect and receive once more the data that father node sends so;
Add in the process on multicast island at main frame, the condition that new border main frame substitutes current Ingress node main frame is,
A) leave or lost efficacy to current Ingress node main frame by the KeepAlive message detection;
B) the boundary node main frame of a non-Ingress node of existence, it is shorter to source node main frame distance than current Ingress node main frame to the distance of medium source nodes.
6, a kind of IPTV streaming media service expandable island type multicast transmission system that is suitable for according to claim 1 and 2, it is characterized in that wherein the data distribution mechanisms is for after adding the island at new main frame, with the multi-case data that begins to receive in the island, and the unicast data between the island will be received by the Ingress node on this island; Data send by different island clean cultures, then are to be multicast transmission in the island.
According to claim item 1 described a kind of IPTV streaming media service expandable island type multicast transmission system that is suitable for, it is characterized in that 7, wherein multicast island Ingress node is selected to be described below with cancellation mechanism:
It is whether to have minimum-depth according to this node in the island that Ingress node is selected, and whether perhaps arrive the tree root distance minimum; If there are a plurality of nodes to have same minimum-depth, then SIM will therefrom select one as Ingress node at random;
When no longer receiving packet, Ingress node then is cancelled; Ingress node is monitored by the potential Ingress node in the same island, and when Ingress node no longer received message in a period of time, the node of monitoring was thought Ingress node death, and notifies this Ingress node to end to receive packet outside island.
8, according to claim item 1 described a kind of IPTV streaming media service expandable island type multicast transmission system that is suitable for, it is characterized in that use therein mechanism for correcting errors is, adopt the mechanism of recovering neighbors;
Search in tree in the process of new father node, main frame will recover principle temporarily, based on following rule:
A) root node does not have recovery nodes;
B) recovery nodes is not in the middle of subtree;
C) except root node, other recovery nodes is not in the middle of root path;
D) recovery nodes is not in same island;
Use the interim rule of recovering, might find a uncorrelated recovery nodes, recovery nodes has following usage:
A) when detecting packet loss, node can require the packet of its recovery nodes retransmission of lost;
B) when the father node of node leaves, this node receives data temporarily from its recovery nodes, finds new father node up to it.
9, according to claim item 1 described SIM, use therein licensing scheme is as follows,
The node main frame sends authorization requests to authorization server, and this request has comprised the PKI sign of enciphered data head; After authorization server received this request, private key that will be complementary with this PKI and Authorization result information are packaged into authorized feedback to send to this node main frame; If there is not corresponding private key in this PKI, represent that then this node data source is illegal, therefore will only in authorizing feedback, comprise illegal mandate information; Wherein key is divided into two parts, i.e. PKI and private key, and PKI is used for the encrypt stream data content, and private key then is used to decipher this content; During the source of media encrypt stream data, the address of PKI sign and authorization server is encapsulated in the head of encrypted content, and uses a pair of signature key that this header information is signed, prevent that header information is illegally modified; After user node obtains this encrypted packets, player or the EM equipment module of carrying out this node when playing will be triggered and send authorization requests to authorization server, ask for the private key that is used to decipher; Authorization server will produce a pair of PKI and private key in time cycle t, t is adjustable system parameters; After cycle time, existing key will be to storing in the cipher key list.
10, according to claim item 1 described a kind of IPTV streaming media service expandable island type multicast transmission system that is suitable for, it is characterized in that use therein authentification of user mechanism is described below:
The node main frame at first sends authentication request to certificate server, and this request comprises the subscriber terminal equipment identification information; Then, whether certificate server is registered state by the equipment identification information that this request of verification comprises, and returns to authentication feedback of this node main frame, and this feedback comprises check results; If this node is registered, then certificate server will allow its visit meeting point server, and comprise the IP address and the port of check results, meeting point main frame in the authentication feedback; If this node is not by checking, then authentication feedback only comprises check results.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2008102200806A CN101436947A (en) | 2008-12-17 | 2008-12-17 | Expandable island type multicast transmission system suitable for IPTV stream medium business |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2008102200806A CN101436947A (en) | 2008-12-17 | 2008-12-17 | Expandable island type multicast transmission system suitable for IPTV stream medium business |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101436947A true CN101436947A (en) | 2009-05-20 |
Family
ID=40711181
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2008102200806A Pending CN101436947A (en) | 2008-12-17 | 2008-12-17 | Expandable island type multicast transmission system suitable for IPTV stream medium business |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101436947A (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101795234A (en) * | 2010-03-10 | 2010-08-04 | 北京航空航天大学 | Streaming media transmission plan based on application layer multicast algorithm |
| WO2011054248A1 (en) * | 2009-11-06 | 2011-05-12 | 中兴通讯股份有限公司 | System and method for broadcasting message in structured peer-to-peer network |
| CN102770852A (en) * | 2010-02-18 | 2012-11-07 | 株式会社日立制作所 | Information and communication processing system, method, and network node |
| CN103581201A (en) * | 2013-11-15 | 2014-02-12 | 华为技术有限公司 | Authentication and authorization method and device |
| CN104105009A (en) * | 2014-08-05 | 2014-10-15 | 成都瑞博慧窗信息技术有限公司 | Digital multimedia broadcast control optimizing method |
| CN104144100A (en) * | 2013-05-10 | 2014-11-12 | 中国电信股份有限公司 | Massive group communication achieving method and system |
| CN104980815A (en) * | 2014-04-03 | 2015-10-14 | 南京汇智明华信息科技有限公司 | On-line video-on-demand system based on P2P |
| CN105282132A (en) * | 2014-07-25 | 2016-01-27 | 富士施乐株式会社 | Communication system and router |
| CN109195139A (en) * | 2018-09-04 | 2019-01-11 | 中国联合网络通信集团有限公司 | Data transmission method, device, platform and the medium of M2M management platform and eSIM card |
| CN109614397A (en) * | 2018-10-30 | 2019-04-12 | 阿里巴巴集团控股有限公司 | The method and apparatus of the sequence node of relational network are obtained based on distributed system |
| CN109951434A (en) * | 2018-12-28 | 2019-06-28 | 杭州电子科技大学 | A kind of industrial communication protocol high robust real-time encryption and decryption method |
-
2008
- 2008-12-17 CN CNA2008102200806A patent/CN101436947A/en active Pending
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2011054248A1 (en) * | 2009-11-06 | 2011-05-12 | 中兴通讯股份有限公司 | System and method for broadcasting message in structured peer-to-peer network |
| CN102770852B (en) * | 2010-02-18 | 2015-07-29 | 株式会社日立制作所 | Information communications processing system, method and network node |
| CN102770852A (en) * | 2010-02-18 | 2012-11-07 | 株式会社日立制作所 | Information and communication processing system, method, and network node |
| CN101795234A (en) * | 2010-03-10 | 2010-08-04 | 北京航空航天大学 | Streaming media transmission plan based on application layer multicast algorithm |
| CN104144100B (en) * | 2013-05-10 | 2017-06-16 | 中国电信股份有限公司 | The method and system of magnanimity group communication |
| CN104144100A (en) * | 2013-05-10 | 2014-11-12 | 中国电信股份有限公司 | Massive group communication achieving method and system |
| CN103581201A (en) * | 2013-11-15 | 2014-02-12 | 华为技术有限公司 | Authentication and authorization method and device |
| CN104980815A (en) * | 2014-04-03 | 2015-10-14 | 南京汇智明华信息科技有限公司 | On-line video-on-demand system based on P2P |
| CN105282132A (en) * | 2014-07-25 | 2016-01-27 | 富士施乐株式会社 | Communication system and router |
| CN104105009A (en) * | 2014-08-05 | 2014-10-15 | 成都瑞博慧窗信息技术有限公司 | Digital multimedia broadcast control optimizing method |
| CN109195139A (en) * | 2018-09-04 | 2019-01-11 | 中国联合网络通信集团有限公司 | Data transmission method, device, platform and the medium of M2M management platform and eSIM card |
| CN109614397A (en) * | 2018-10-30 | 2019-04-12 | 阿里巴巴集团控股有限公司 | The method and apparatus of the sequence node of relational network are obtained based on distributed system |
| CN109614397B (en) * | 2018-10-30 | 2023-06-20 | 创新先进技术有限公司 | Method and device for acquiring node sequence of relational network based on distributed system |
| CN109951434A (en) * | 2018-12-28 | 2019-06-28 | 杭州电子科技大学 | A kind of industrial communication protocol high robust real-time encryption and decryption method |
| CN109951434B (en) * | 2018-12-28 | 2021-01-26 | 杭州电子科技大学 | High-robustness real-time encryption and decryption method for industrial communication protocol |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101436947A (en) | Expandable island type multicast transmission system suitable for IPTV stream medium business | |
| Zhu et al. | GKMPAN: An efficient group rekeying scheme for secure multicast in ad-hoc networks | |
| CN110430043B (en) | Authentication method, system and device and storage medium | |
| WO2011047548A1 (en) | Key management and node authentication method for sensor network | |
| JP2007097044A (en) | Group communication method, utilization apparatus and management apparatus | |
| WO2011041933A1 (en) | Method for key pre-distribution and key establishment in a sensor network | |
| CN104811934B (en) | Wireless sensor network security method for routing based on IPv6 addressings | |
| CN101692637B (en) | Key management method for multicast | |
| CN101365014A (en) | Distributed adaptive listening system, generation and monitor control method | |
| Kulkarni et al. | Key-update distribution in secure group communication | |
| CN101795223B (en) | Multicast security control method, system and transmission node | |
| CN101588235B (en) | MIPv6 based security multicast method and steps | |
| Li et al. | MWBS: An efficient many-to-many wireless big data delivery scheme | |
| CN103997463B (en) | A kind of nerve of a covering safe multicasting method of low overhead | |
| Bouassida et al. | An enhanced hybrid key management protocol for secure multicast in ad hoc networks | |
| AT&T | ||
| Wang et al. | Hierarchy-based key management for secure group communications in mobile ad hoc networks | |
| Yu et al. | Nemor: A congestion-aware protocol for anonymous peer-based content distribution | |
| US20220360435A1 (en) | Method and apparatus for key relay control based on software defined networking in quantum key distribution network | |
| Zhu et al. | Distributed key management in Ad Hoc network based on mobile agent | |
| Palanisamy et al. | Secure group communication using multicast key distribution scheme in ad hoc network (SGCMKDS) | |
| Suganya et al. | Multicast Data Communication Based On Dynamic Clusteringinwsn Using Diffie-Hellman Algorithm | |
| Malla et al. | Multicast receiver access control in the automatic multicast tunneling (AMT) environment | |
| Wang et al. | Towards dynamic sender access control for bi-directional multicast trees | |
| CN115695307A (en) | Data transmission method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20090520 |