CN101465852A - Method for implementing network inner penetration in network videoconference system - Google Patents
Method for implementing network inner penetration in network videoconference system Download PDFInfo
- Publication number
- CN101465852A CN101465852A CNA2008102186387A CN200810218638A CN101465852A CN 101465852 A CN101465852 A CN 101465852A CN A2008102186387 A CNA2008102186387 A CN A2008102186387A CN 200810218638 A CN200810218638 A CN 200810218638A CN 101465852 A CN101465852 A CN 101465852A
- Authority
- CN
- China
- Prior art keywords
- rtp
- control unit
- multipoint control
- address
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention provides a method for realizing intra-network penetration in a network video conference system, which is characterized in that the method includes the following steps: (1)a program starts and the system reads a configuration file to obtain the port mapping configuration on NAT to a local; (2)after the mapping configuration is acquired, a terminal entity intercepts a default TCP port; (3)if a terminal is switched in, the connection is put into a connection management table, a 225 thread is started up for the connection, then the next step is carried out, and if no terminal is switched in, the next step is directly carried out; (4) if a user chooses to exit the program, then the program is exited, otherwise, the default port continues to be intercepted. The method for realizing intra-network penetration can correctly establish RTP conversations; the system is high in security; the data packets are little in delay; and the method reduces the possibility of losing the packets and is safe and reliable.
Description
[technical field]
The present invention relates to compunication and network teleconference system field, especially relate to a kind of method that penetrates based on the inter-entity Intranet of H323 protocol architecture.
[background technology]
In video conferencing system, for security consideration, multipoint control unit (MCU, multipoint control unit, h323 end entity a kind of) is deployed in Intranet usually, and has fire compartment wall that public network is separated.Coexisting with multipoint control unit, (H323 Endpoint/H323 EndPort:h323 end entity a kind of is abbreviated as EP usually, also can be described as client for the client of Intranet.) can directly connect server.And will be stopped by fire compartment wall in the connection of the client of public network.If the open all ports of fire compartment wall still can't add meeting in the client of public network.Private network IP address can't be from the public network addressing, RAS, and Q.931 and H.245 the address information in the signaling need be carried out network address translation, and the Intranet transport address that is about to multipoint control unit changes the transport address of public network into.In like manner, also may be in the fire compartment wall back of certain Intranet in the client of outer net.The situation described in Fig. 1 for example: multipoint control unit is arranged in the private network after the fire compartment wall NAT1, and client EP1 is positioned on the public network, and client EP2 is arranged in the private network after the fire compartment wall NAT2.Generally speaking, when client EP1 dials in multipoint control unit, will be tackled by fire compartment wall NAT1.In order to address this problem, configurable firewall NAT1, fire compartment wall NAT1 and multipoint control unit carry out port mapping.Port mapping has solved client EP1 and has dialled in the situation of multipoint control unit, dials in multipoint control unit but can not solve client EP2.Yet only do port mapping, the sound of client EP2 is looked data can enter multipoint control unit, but looking data, the sound of multipoint control unit can't arrive client EP2, because client EP2 does not know the network environment of oneself, thus client EP2 give multipoint control unit what open logical channel parameter band is private net address.Because multipoint control unit obtains the public network address less than the other side's reality, so can not correctly set up the RTP session.
The calling of the H323 inter-entity after how solving from Intranet to the Intranet fire compartment wall and sound are looked data and are transmitted, and mainly have following two kinds of schemes at present:
First kind is, the H323 entity in the private network obtains the address of service on the public network in advance, directly fills in the external address on the outlet NAT (equipment such as route, fire compartment wall) in signaling.Such as STUN mode and TURN mode, on public network, hang a Server server.As when using the STUN mode to carry out fire compartment wall when penetrating, must on public network, set up a STUN server with two public network IP of two network interface cards.After dialling in the multipoint control unit (MCU) that is in another Intranet when the client that is in Intranet (EP), H323 end entity (no matter being client or multipoint control unit) is opened logical channel parameter (OLC filling in, open the logical channel parameter, consist predominantly of the IP address and the communication port numbers of transmit leg) before, must communicate (send STUN signaling) with the STUN server.Communication process is as follows: 1, client 1 first network interface card (IP1:PORT1) on the STUN server sends Simple Traversal of UDP Through Network Address Translators signaling 1.2, after the STUN server is received signaling 1, send signaling 2 to client 1 from second network interface card (IP2:PORT2).3, client receives that signaling 3 backs are to second network interface card of STUN server (IP2:PORT2) answer signaling 5.4, after the STUN server is received signaling 5, think that this fire compartment wall can penetrate, then reply signaling 6, tell client by signaling 6, the fire compartment wall address before this client; If can not receive signaling 5, the STUN server thinks that this fire compartment wall can't penetrate.STUN obtains the fire compartment wall address of this H323 end entity by current communication, and replys H323 end entity packet, tells this H323 end entity with the IP address of H323 end entity fire compartment wall of living in.The H323 end entity is filled in according to the address that obtains and is opened the logical channel parameter, and sends to the other side.The other side just according to the public network address that obtains, sets up the RTP session with the initiator like this.In the STUN mode, send RTP service data bag by STUN, be in active state in order to safeguard the port on the fire compartment wall.The shortcoming of this kind mode: need on public network, set up server, increase system cost, server is exposed to reduce security of system on the public network.
Second kind is, transmits the standard of existence: H460 by believable third party relay.Wherein, H460.17/H460.18 is corresponding to signaling, and H460.19 media data such as looks corresponding to sound.
The H460 agreement need be used to close and keep (Gatekeeper).The pass is kept and is played the part of internuncial role therein.H460.17 uses already present H225 passage transmitting signaling data.Fire compartment wall refusal is usually dialled in, and general looser to transfering to.H460.18 keeps by the pass and allows the H323 entity of Intranet initiate connection to the H323 of outer net.If the H323 entity of outer net is also in the fire compartment wall back, H460.18 closes and keeps the role who serves as the agency so.The shortcoming of this kind mode: the possibility that has increased packet delay and packet loss.
Therefore, provide a kind of and can correctly set up the RTP session, the decorum is safe, and packet postpones little, and the method that penetrates in the net is real in necessary to reduce possible a kind of safe and reliable the realizing in network teleconference system of packet loss.
[summary of the invention]
The object of the present invention is to provide and a kind ofly can correctly set up the Internet video session, the decorum is safe, and packet postpones little, reduces possible a kind of safe and reliable of packet loss and realize the method that penetrates in the net in network teleconference system.
For realizing the object of the invention, provide following technical scheme:
A kind of method that penetrates in the realization net in network teleconference system is provided, comprises the steps:
(1) program begins, and system reads configuration file, obtains NAT and upward the port mapping of this machine is disposed;
(2) obtain mapping configuration after, end entity is intercepted the acquiescence tcp port;
(3) if there is terminal to insert, the connection management tabulation is put in this connection, and connect unlatching 225 threads for this reason and enter next step, then directly enter next step if endless inserts;
(4) if user's option program withdraws from, then quit a program, otherwise continue to intercept default port.Idiographic flow is as follows:
Port on the multipoint control unit (MCU) and the port on the fire compartment wall are shone upon, be divided into two mapped segments, be respectively applied for UDP and TCP.One of them tcp port is all terminals listening port in common knowledge in the system, and all can intercept this port, this example employing 1720 when H.323 end entity starts.After mapping is finished, need as firewall configuration is write configuration file, can allow application program know current firewall configuration by certain form.Multipoint control unit starts, and intercepts default port, and wait client (EP) is dialled in.
Client terminal start-up, and dial in multipoint control unit.After multipoint control unit accept to connect, just set up one 225 between client and the multipoint control unit and be connected.After connect setting up, client is filled in to call out and is connected packet (setup bag), particularly RTP Data Receiving address is filled in to open logical channel parameter (OLC) in this bag.On RTP Data Receiving address, start client RTP receiving thread, receive the RTP data that the other side sends.Connect this packet of transmission to multipoint control unit 225.
Multipoint control unit connects packet according to the calling of receiving, resolves to obtain client RTP receiver address.On this receiver address, start multipoint control unit RTP and send thread, and send to judge send data destination address and after whether destination interface be in fire compartment wall, if, then do not send data immediately, wait for the notice of multipoint control unit RTP receiving thread, when notified, dynamically adjust the purpose transport address, begin to send data again.
The multipoint control unit answering call connects reply data bag (connect bag), judge self whether be in fire compartment wall after, if then write available address calling out opening in the logical channel parameter of packet of connection, if not then writing this machine transport address.Opening startup multipoint control unit RTP receiving thread on the logical channel parameter.This calls out connection reply data bag to connect transmission 225.
Client receives that calling connects the reply data bag, resolves the receiver address that obtains multipoint control unit, starts client RTP and sends thread, to the other side's receiver address transmission data.
Multipoint control unit RTP receiving thread is after receiving first RTP data that the other side sends.Obtain the other side's public network address by this RTP session UDP socket, the logical channel parameter of opening that is connected in the packet (setup bag) with calling compares, after if client is in fire compartment wall, then the client public network is told multipoint control unit RTP to send thread, notify it dynamically to adjust port.
The present invention contrasts prior art and has following advantage:
The method that the present invention penetrates in realizing netting in based on the network teleconference system of H323 agreement can correctly be set up the RTP session, and the decorum is safe, and packet postpones little, reduces the packet loss possibility, realizes the safe and reliable network teleconference.
[description of drawings]
Fig. 1 network structure;
Fig. 2 multipoint control unit main thread of the present invention flow process figure;
Fig. 3 multipoint control unit 225 thread flow charts of the present invention;
Fig. 4 multipoint control unit RTP of the present invention sends the thread flow chart;
Fig. 5 multipoint control unit RTP of the present invention receiving thread flow chart.
[embodiment]
See also Fig. 2~5, the schematic flow sheet of the method that the present invention penetrates in realizing netting in based on the network teleconference system of H323 agreement.
1. after multipoint control unit (MCU) starts, start main thread (referring to Fig. 2), main thread fetch program configuration file obtains fire compartment wall upper port map information.Profile information is as follows: mapping 50000~60000 ports are used for the UDP transmission to server; Mapping 25000~26000 ports are used for the TCP transmission; Shine upon 1720 ports be used for the acquiescence intercept.
2. multipoint control unit is intercepted 1720 ports, and the wait client is dialled in:
A works as no client and dials in repeating step 2;
B dials in when client, then opens 225 thread (see figure 3)s, main thread execution in step 2.
3. client (EP) starts, and dials in the known multipoint control unit in address [220.200.54.16:1720], sets up 225 and connects.This machine address (do not need do available address judge) [10.1.4.74:4080] write to call out to connect open logical channel parameter (OLC) field in the packet (setup bag).RTP receiving thread in [10.1.4.74:4080] startup client receives the RTP data that arrive [10.1.4.74:4080].This calls out the connection packet to connect transmission by 225.
4. multipoint control unit is handled to receive to call out in 225 threads and is connected packet:
A opens the logical channel parameter field from calling out to connect to obtain the packet, can obtain the transport address [10.1.4.74:4080] of client from opening the logical channel parameter, starting destination address on available address is the RTP transmission thread (referring to Fig. 4) of [10.1.4.74:4080], and judges whether destination address is public network address:
(1), can directly send data to the other side the other side RTP receiving thread if be public network address;
(2) if be private net address, then temporarily do not send data, wait multipoint control unit RTP receiving thread is notified the RTP receiver address of the other side's reality:
A is after the notice of receiving multipoint control unit RTP receiving thread, carrying out dynamic address replaces, be about to present destination address [10.1.4.74:4080] and replace with address notified [220.68.27.46:2050], can send the RTP data to the other side RTP receiving thread after finishing.
Logical the opening of the logic of b multipoint control unit in calling out connection response bag (connect bag) writes available address [220.200.54.13:50000] in the parameter, at this point start RTP receiving thread (referring to Fig. 5) on the location, after starting successfully, multipoint control unit sends to call out to connect to client responds bag.
5. client connects receipt of call 225 and connects the response bag, the logic of opening that analysis is called out in the connection response bag is led to parameter, obtain the public network address [220.200.54.13:50000] of multipoint control unit, start client RTP according to this address and send thread, and send the RTP data to this address immediately.Send this application RTP data when the RTP that uses sends, if the RTP data that do not have to use send, then sent the RTP data of a maintenance every 15 seconds, purpose is in order to keep the port on the fire compartment wall 2 to be in active state.
6. the RTP receiving thread of multipoint control unit is receiving the RTP data that client sends, and analyzes:
The current RTP data of a for receiving for the first time, from this UDP communication socket, obtain the public network transport address [220.68.27.46:2050] of the other side's reality, with being connected the transport address [10.1.4.74:4080] of opening the acquisition of logical channel parameter field the packet and comparing before this from calling out, if in open address in the logical channel parameter for public network address, then the RTP with public network address [220.68.27.46:2050] the notice multipoint control unit of reality sends thread.Do other processing to receiving data.
B directly does other processing to receiving data if not the data that receive for the first time the other side.
The above is preferred embodiment of the present invention only, and protection scope of the present invention is not limited thereto, and anyly all belongs within the protection range of the present invention based on the equivalent transformation on the technical solution of the present invention.
Claims (7)
1, a kind of method that penetrates in the realization net in network teleconference system is characterized in that it comprises the steps:
(1) program begins, and system reads configuration file, obtains NAT and upward the port mapping of this machine is disposed;
(2) obtain mapping configuration after, end entity is intercepted the acquiescence tcp port;
(3) if there is terminal to insert, the connection management tabulation is put in this connection, and connect unlatching 225 threads for this reason and enter next step, then directly enter next step if endless inserts;
(4) if user's option program withdraws from, then quit a program, otherwise continue to intercept default port.
2, the method that in network teleconference system, penetrates in the realization net as claimed in claim 1, it is characterized in that, port on the multipoint control unit and the port on the fire compartment wall are shone upon, be divided into two mapped segments, be respectively applied for UDP and TCP, one of them tcp port is all terminals listening port in common knowledge in the system.
3, the method that in network teleconference system, penetrates in the realization net as claimed in claim 2, it is characterized in that, after client inserts this multipoint control unit, client is filled in to call out and is connected packet, RTP Data Receiving address filled in open the logical channel parameter in this bag, on RTP Data Receiving address, start client RTP receiving thread, receive the RTP data that the other side sends, connect this packet of transmission to multipoint control unit 225.
4, the method that penetrates in the realization net in network teleconference system as claimed in claim 3 is characterized in that multipoint control unit connects packet according to the calling of receiving, resolves and obtains client RTP receiver address.On this receiver address, start multipoint control unit RTP and send thread, and send to judge send data destination address and after whether destination interface be in fire compartment wall, if, then do not send data immediately, wait for the notice of multipoint control unit RTP receiving thread, when notified, dynamically adjust the purpose transport address, begin to send data again.
5, the method that in network teleconference system, penetrates in the realization net as claimed in claim 4, it is characterized in that, the multipoint control unit answering call connects the reply data bag, judge self whether be in fire compartment wall after, write available address if then connect opening in the logical channel parameter of packet in calling, if not then writing this machine transport address, opening startup multipoint control unit RTP receiving thread on the logical channel parameter, this calls out connection reply data bag to connect transmission 225.
6, the method that in network teleconference system, penetrates in the realization net as claimed in claim 5, it is characterized in that client is received to call out and connected the reply data bag, resolves the receiver address that obtains multipoint control unit, start client RTP and send thread, to the other side's receiver address transmission data.
7, the method that in network teleconference system, penetrates in the realization net as claimed in claim 6, it is characterized in that, multipoint control unit RTP receiving thread is after receiving first RTP data that the other side sends, obtain the other side's public network address by this RTP session UDP socket, the logical channel parameter of opening that is connected in the packet with calling compares, after if client is in fire compartment wall, then the client public network is told multipoint control unit RTP to send thread, notify it dynamically to adjust port.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008102186387A CN101465852B (en) | 2008-10-24 | 2008-10-24 | Method for implementing network inner penetration in network videoconference system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008102186387A CN101465852B (en) | 2008-10-24 | 2008-10-24 | Method for implementing network inner penetration in network videoconference system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101465852A true CN101465852A (en) | 2009-06-24 |
| CN101465852B CN101465852B (en) | 2012-10-31 |
Family
ID=40806214
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008102186387A Expired - Fee Related CN101465852B (en) | 2008-10-24 | 2008-10-24 | Method for implementing network inner penetration in network videoconference system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101465852B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103414875A (en) * | 2013-07-26 | 2013-11-27 | 国家电网公司 | Method for uniformly controlling conference scene showing of video conference system |
| CN104836980A (en) * | 2015-05-08 | 2015-08-12 | 烽火通信科技股份有限公司 | System and method for implementing video calls based on intelligent terminals and IP (Internet Protocol) cameras |
| CN106791992A (en) * | 2016-12-23 | 2017-05-31 | 广东威创视讯科技股份有限公司 | Signal source method for pushing and system |
| CN110365701A (en) * | 2019-07-30 | 2019-10-22 | 深圳前海达闼云端智能科技有限公司 | The management method of customer terminal equipment, calculates equipment and storage medium at device |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100571203C (en) * | 2006-02-23 | 2009-12-16 | 中兴通讯股份有限公司 | A kind of data business routing method |
| CN101136910B (en) * | 2006-08-30 | 2010-09-29 | 中国电信股份有限公司 | Network address and protocol translating equipment and application layer gateway equipment |
| CN101227507B (en) * | 2008-01-28 | 2010-06-23 | 中国科学院计算技术研究所 | Method and system for obtaining service resource address in same root multi-layer NAT network |
| CN101242413B (en) * | 2008-01-30 | 2012-12-12 | 中国科学院计算技术研究所 | Service resource address acquisition system and method in multi-layer NAT network under one root |
-
2008
- 2008-10-24 CN CN2008102186387A patent/CN101465852B/en not_active Expired - Fee Related
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103414875A (en) * | 2013-07-26 | 2013-11-27 | 国家电网公司 | Method for uniformly controlling conference scene showing of video conference system |
| CN103414875B (en) * | 2013-07-26 | 2017-11-03 | 国家电网公司 | It is a kind of to be uniformly controlled the method that video conferencing system conference scenario shows |
| CN104836980A (en) * | 2015-05-08 | 2015-08-12 | 烽火通信科技股份有限公司 | System and method for implementing video calls based on intelligent terminals and IP (Internet Protocol) cameras |
| CN104836980B (en) * | 2015-05-08 | 2018-02-16 | 烽火通信科技股份有限公司 | The system and method for video calling is realized based on intelligent terminal and IP cameras |
| CN106791992A (en) * | 2016-12-23 | 2017-05-31 | 广东威创视讯科技股份有限公司 | Signal source method for pushing and system |
| CN106791992B (en) * | 2016-12-23 | 2019-10-11 | 广东威创视讯科技股份有限公司 | Signal source method for pushing and system |
| CN110365701A (en) * | 2019-07-30 | 2019-10-22 | 深圳前海达闼云端智能科技有限公司 | The management method of customer terminal equipment, calculates equipment and storage medium at device |
| CN110365701B (en) * | 2019-07-30 | 2021-12-31 | 达闼机器人有限公司 | Client terminal equipment management method and device, computing equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101465852B (en) | 2012-10-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2005201075B2 (en) | Apparatus and method for voice processing of voice over internet protocol (VOIP) | |
| EP2039127B1 (en) | Method for enabling communication between two network nodes via a network address translation device (nat) | |
| US7072341B2 (en) | Real time streaming media communication system | |
| JP5655009B2 (en) | NAT passage that can be scaled | |
| US20080267096A1 (en) | Tunnel Device, Relay Device, Terminal Device, Call Control System, Ip Telephone System, Conference Device, and Their Control Method and Program | |
| US7639668B2 (en) | Method for securing RTS communications across middleboxes | |
| US7890749B2 (en) | System and method for providing security in a telecommunication network | |
| US20130308628A1 (en) | Nat traversal for voip | |
| CN101465850A (en) | Control of transmission interface of SIP response message | |
| CN102685141B (en) | Based on the fusion traversing method of voice accessibility in a kind of VoIP | |
| US20020114322A1 (en) | System and method for providing real time connectionless communication of media data through a firewall | |
| CA2674098C (en) | Method and system for network address translation (nat) traversal of real time protocol (rtp) media | |
| EP1865676A1 (en) | Relay device, communication system, and control method and program for them | |
| US20050125532A1 (en) | Traversing firewalls and nats | |
| TW201002018A (en) | Method for predicting port number of NAT apparatus based on two STUN server inquiry results | |
| US7948890B2 (en) | System and method for providing a communication channel | |
| CN105721570A (en) | Point to point data transmission method and device | |
| US7542475B2 (en) | Communication between users located behind a NAT device | |
| CN101465852B (en) | Method for implementing network inner penetration in network videoconference system | |
| US20040133772A1 (en) | Firewall apparatus and method for voice over internet protocol | |
| US20070233901A1 (en) | Methods and systems for integrating network services with multiple communication protocols | |
| KR100397547B1 (en) | An internet voice communication method using WebCallAgent | |
| CN100384168C (en) | Method for multimedium session transition NAT equipment of IL323 system | |
| CN100452769C (en) | System of soft exchange network passing through firewall based on ALG+MP and its method | |
| CN105100086B (en) | A kind of VoIP speech monitoring methods and system based on symmetric NAT |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 510670 Guangdong Province, Guangzhou high tech Industrial Development Zone Kezhu Road No. 233 Patentee after: Wei Chong group Limited by Share Ltd Address before: 510663 Guangzhou province high tech Industrial Development Zone, Guangdong, Cai road, No. 6, No. Patentee before: Guangdong Weichuangshixun Science and Technology Co., Ltd. |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20121031 Termination date: 20171024 |