CN101483657A - Implementation method and system for same side private network device access by private user - Google Patents
Implementation method and system for same side private network device access by private user Download PDFInfo
- Publication number
- CN101483657A CN101483657A CNA2009100797056A CN200910079705A CN101483657A CN 101483657 A CN101483657 A CN 101483657A CN A2009100797056 A CNA2009100797056 A CN A2009100797056A CN 200910079705 A CN200910079705 A CN 200910079705A CN 101483657 A CN101483657 A CN 101483657A
- Authority
- CN
- China
- Prior art keywords
- information
- gateway
- network device
- private
- private network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2514—Translation of Internet protocol [IP] addresses between local and global IP addresses
Abstract
The invention discloses a method for realizing that a private network subscriber accesses a private network device at the same side. The method comprises that a gateway configures access rule configuration information comprising that a private network subscriber can access the information of a private network device at the same side through accessing a public network of the gateway; the gateway controls the private network device accessing of private network subscribers. The invention also discloses a device for realizing that a private network subscriber accesses a private network device at the same side. The system comprises a configuration unit and a control unit, wherein, the configuration unit is used by a gateway for configuring access rule configuration information; the control unit is used by the gateway for controlling the private network device accessing of private network subscribers according to the access rule configuration information. By adopting the method and the system of the invention, requirements of public network accessing to private network devices at the same side by private network subscribers can be satisfied.
Description
Technical field
The present invention relates to the access technique of computer network communication field, relate in particular under a kind of gateway private user the implementation method and the system of the visit of same side private network device public network.
Background technology
Along with the continuous development of the Internet and application technology thereof, people utilize the Internet can carry out more and more abundanter application and service.Door as people's access internet---gateway also more and more is commonly used.The appearance of gateway has just produced the private of network and public branch; Thereby network has also just had the branch of private network and public network.
Private network is positioned at the inboard of gateway, the network environment of being protected by gateway.Because the networking information of private network inside is shielded by gateway, so these information are not known by user beyond the private network, thereby the internet security of private network is higher.Public network is then opposite, and public network is positioned at the outside of gateway, because the networking information of public network is open, therefore known by all users, thereby the internet security of public network is lower.Because the difference of private network and public network, increasing network service is positioned on the private network device that is positioned at private network one side, and offers extraneous visit.General, in order to solve the privacy concerns of the private network network information, also satisfying the addressable requirement of the network server device on the private network simultaneously, network address translation (NAT, Network AddressTranslation) technology is commonly used.The NAT technology is the technology that provides on gateway, by the NAT technology, user beyond the private user, the network address of public network user by the public network that provides of visit gateway also is provided, just can be mapped on the inboard private network of gateway the specific network service equipment of service is provided, thereby realize the accessibility of private network device.
The NAT technology that provides on the present gateway, generally the networking scene of Xie Jueing comprises: private network device, gateway and public network user, private network device provide the network server device of service.Requirements for access under this networking scene is the accessibility that public network user is realized private network device, its solution is: the NAT technology that public network user provides by gateway, public network address or public network address on the visit gateway add the service port, thereby the visit to the network service that provides on the private network device on the private network or this private network device is provided.
Yet, following networking scene and demand, present gateway product also can't solve.Networking scene comprises: private user, private network device, and gateway and public network user, this networking scene is the networking scene that private network visit public network is mapped to private network again.Requirements for access under this networking scene is: private user is realized the public network visit to same side private network device.That is to say that the private user that is positioned on the private network wants to visit identical private network device or the different private network device that is positioned at same gateway inboard, and the network service that identical private network device or different private network device provided; And, because private user does not know that the private net address information of this network service or networking scene do not allow private user to get around gateway and directly visit private network device, so private user wishes to have access to this private network device indirectly by the public network of visit gateway.Along with popularizing and development of Network, this private network visit public network is mapped to the networking scene and the requirements for access of private network again will be more and more general, and to the solution of this requirements for access, also more and more is of practical significance and urgent.
Summary of the invention
In view of this, main purpose of the present invention is to provide implementation method and the system of a kind of private user to same side private network device access, satisfied private user and realized demand, the user that is positioned at private network is realized being positioned at the visit of same side private network device by the mode of the public network of visit gateway the visit of same side private network device public network.
For achieving the above object, technical scheme of the present invention is achieved in that
A kind of private user is to the implementation method of same side private network device access, and this method comprises:
Gateway configuration access rule configuration information; Described access rule configuration information comprises: private user realizes visiting the information of same side private network device by the public network of visiting described gateway;
Gateway is controlled the visit of described private user realization to described same side private network device according to described access rule configuration information.
Wherein, the configuration needs of described access rule configuration information derives from: user and/or operator.
Wherein, described gateway configuration access rule configuration information specifically comprises: initiatively described access rule configuration information is handed down to described gateway with the form of configuration file, gateway is resolved described configuration file, obtains access rule configuration information and configuration; Perhaps,
Gateway is from user and/or operator, and the passive access rule configuration information that obtains also disposes; Perhaps,
Gateway dynamically generates access rule configuration information and configuration according to the network organizing situation.
Wherein, described access rule configuration information further comprises: private user information, public network information and same side private network device information;
Have mapping relations between described private user information, described public network information and the described same side private network device information three, the form of expression of described mapping relations is all data structure forms of sign mapping relations, comprises table or array.
Wherein, described private user information is the information of the described private user of unique identification, comprising: the address information of private user or the access device information of private user;
The public network information that described public network information is the described public network of unique identification comprises: public network access address information or private user request visit public network realize visiting the employed protocol information of visit message and the port information of same side private network device;
The information of the service that provides on described private network device of unique identification or the described private network device is provided described same side private network device information, comprising: the relevant information of the service that provides on the address information of private network device or the private network device.
Wherein, described gateway is realized the visit of described same side private network device is specially according to access rule configuration information control private user:
A, gateway obtain the visit message from described private user, extract the effective information in the described visit message, with described effective information and described access rule configuration information coupling; If retrieve the access rule configuration information of coupling, then carry out B; Otherwise, finish the visit of current control private user realization to same side private network device;
B, gateway revise the address information that the visit message is transmitted according to the access rule configuration information of described coupling by network address translation NAT mechanism, and control visit message is forwarded to described public network earlier, and then is forwarded to described same side private network device by public network.
Wherein, described effective information is the information of the described visit message of unique identification, comprising: the domain-name information that the field information of entrained configuration information or visit message are visited in the DHCP of the source address information/destination address information of the medium access control address information of described visit message, visit message, the access device information of visiting message, visit message;
Described visit message is: private user request visit public network realizes visiting the visit message of same side private network device.
Wherein, in the steps A, the source address information of visit message is specially the address information of private user in the described effective information, and destination address information is a public network access address information; The access rule configuration information of described coupling specifically comprises: the address information of the address information of private user, public network access address information and private network device; Then step B is specially:
Before B1, the route, by NAT mechanism, the destination address information that gateway will be visited message is revised as the address information of described private network device;
B2, by routing mechanism, gateway is determined to need the visit message is forwarded on the same side private network device;
After B3, the route and before transmitting the visit message, by NAT mechanism, the source address information that gateway will be visited message is revised as described public network access address information;
B4, by routing mechanism, the visit message that gateway will be revised after source address information and the destination address information is forwarded on the same side private network device.
Wherein, described access rule configuration information further upgrades according to networking mode and trafficwise; Described renewal is manually upgraded with static mode or is upgraded automatically with dynamical fashion.
A kind of private user is to the realization system of same side private network device access, and this system comprises: dispensing unit and control unit; Wherein,
Dispensing unit is used for gateway configuration access rule configuration information;
Control unit is used for gateway according to described access rule configuration information, and the control private user is realized the visit to same side private network device.
Wherein, described dispensing unit is further used for initiatively described access rule configuration information is handed down to described gateway with the form of configuration file, and gateway is resolved described configuration file, obtains access rule configuration information and configuration; Perhaps,
Gateway also disposes from the passive access rule configuration information that obtains of user and/or operator; Perhaps,
Gateway dynamically generates access rule configuration information and configuration according to the network organizing situation.
The present invention is in gateway configuration and preserve the access rule configuration information, and this access rule configuration information comprises: private user realizes visiting the information of same side private network device by the public network of visit gateway.Gateway is according to this access rule configuration information, and the control private user is realized the visit to the private user same side private network device.
Owing to the present invention is based on this access rule configuration information, address information when the NAT mechanism that provides by gateway self is revised message and come and gone, the visit message of control private user is according to the correct trip path that meets this access rule configuration information, the routing mechanism that provides by gateway self is forwarded to public network earlier with message, and then is forwarded to the private user same side private network device by public network.Wherein, the visit message of private user is: private user request visit public network realizes visiting the visit message of same side private network device.Therefore, adopt the present invention, according to the access rule configuration information of preserving on the gateway, can control the private user request and realize that the message of visit same side private network device is according to correct trip path forwarding and transmission, satisfied private user and realized demand, the user that is positioned at private network is realized being positioned at the visit of same side private network device by the mode of the public network of visit gateway the visit of same side private network device public network.
Description of drawings
Fig. 1 is the realization flow schematic diagram of the inventive method;
Fig. 2 is the networking structure schematic diagram of networking scene one example used in the present invention;
Fig. 3 is the realization flow schematic diagram of the present invention one method embodiment.
Embodiment
Basic thought of the present invention is: realize visiting the access rule configuration information of same side private network device according to private user by the public network of visit gateway, gateway control also realizes the visit of private user to the private user same side private network device.
Be described in further detail below in conjunction with the enforcement of accompanying drawing technical scheme.
As shown in Figure 1, a kind of private user is to the implementation method of same side private network device access, and this method may further comprise the steps:
Step 101, gateway initialization, and the network environment of structure private network and public network.
Here, at gateway, this gateway is that private network and gateway insert unique passage that extraneous public network is linked up, and promptly all private users of private network side and private network device finally all pass through the communication of this gateway and public network.
At the private network that is positioned at the gateway inboard, at least one private network access point is provided on the gateway, can provide a plurality of private network access points under the normal condition, by the private user and the private network device IAD of private network access point private network side.Be provided with gateway at the private network access point and be private net address information that private user and private network device provided; Gateway can be supported a plurality of subnet partition functionality of private network; Gateway is to the networking information of external shield private network.
At the public network that is positioned at the gateway outside, can set up at least one on the gateway and insert extraneous public network access point, a plurality of public network access points can be provided under the normal condition, the public network access point is provided with at least one public network address information.
Gateway self provides routing forwarding mechanism to realize the Route Selection and the forwarding of message.Gateway self also provides NAT mechanism, can realize the address translation feature of the source address information and the destination address information of message.Source address information can add the information of port form for the address, and destination address information also can add the information of port form for the address.
Wherein, with regard to the private user and private network device of private network side, private user refers to: any network equipment that can work in the Internet is the client role in the client/server model.Private network device refers to: any network equipment that can work in the Internet is the role server in the client/server model.And private user and private network device both can be positioned under the same subnet of same side private network, can be positioned under the different sub-network of same side private network again.Here, so-called same side private network refers to: private user and private network device all are to insert extraneous public network by same gateway and gateway to connect each other.Private user does not require or cannot directly visit private network device; And private user knows the public network address information of gateway, and promptly private user is wanted or the mode of public network address that must be by the visit gateway just can have access to private network device.
Step 102, gateway configuration access rule configuration information also are kept on the gateway; This access rule configuration information comprises: private user realizes visiting the information of private user same side private network device by the mode of the public network of visit gateway.
Here, in the step 102, the specific implementation process of gateway configuration access rule configuration information comprises following three kinds of modes.First kind of mode is: gateway initiatively is handed down to the access rule configuration information with the form of configuration file in user and/or operator, and gateway is resolved configuration file, obtains access rule configuration information and configuration.The second way is: gateway also disposes from the passive access rule configuration information that obtains of user and/or operator by network.The third mode is: gateway dynamically generates access rule configuration information and configuration according to the network organizing situation.Wherein, the networking situation of describing in the third mode refers to: the networking situation of gateway network of living in, and such as the network equipment environment of hanging down or the routing iinformation on the gateway or the like.And gateway according to the concrete processing procedure that the network organizing situation dynamically generates the access rule configuration information is: gateway is by the DHCP (DHCP of himself, Dynamic Host Configuration Protocol) service, can know the user profile of hanging the user down, hang the ability information that address information fully and these equipment can provide service down.Then, gateway in view of the above can with under hang the user with under hang carry out fully related.The dynamic access rule configuration information of formulating or adjusting correspondence.
Here, the configuration needs of access rule configuration information derives from: user and/or operator.
Here, the access rule configuration information further comprises: private user information, public network information and private network device information; Have mapping relations between private user information, public network information and this three of private network device information, the form of expression of mapping relations is all data structure forms of sign mapping relations, comprises table or array.
Here, private user information is the information of the described private user of unique identification, comprising: the address information of private user or the access device information of private user.Public network information is the public network information of the described public network of unique identification, comprising: public network access address information or private user request visit public network realize visiting the employed protocol information of visit message and the port information of same side private network device.The information of the service that provides on described private network device of unique identification or the described private network device is provided private network device information, comprising: the relevant information of the service that provides on the address information of private network device or the private network device.Wherein, the relevant information of the service that provides can be the protocol information and the port information of this service on the private network device.
Step 103, gateway are according to this access rule configuration information, and the control private user is realized the visit to the private user same side private network device.
Also comprise after the step 103: the access rule configuration information upgrades according to networking mode and trafficwise, upgrades with static mode and manually upgrades or upgrade automatically with dynamical fashion; Gateway is according to the access rule configuration information that upgrades, and the control private user is realized the visit to the private user same side private network device.
Wherein, when upgrading the employing static mode, can adopt the human configuration mode manually to upgrade; When upgrade adopting dynamical fashion, the automatic renewal that can Network Environment changes.Here, the automatic renewal of Network Environment variation comprises: the interpolation of the access rule that brings of reaching the standard grade or roll off the production line of equipment or deletion are upgraded in the network; The content update of access rule or the like that brings is enabled or is stopped in service in the network on the equipment.
More than in the technical scheme that constitutes by step 101~step 103, the concrete processing procedure of step 103 comprises:
Step 1031, gateway obtain the visit message from private user, extract the effective information in the visit message, with effective information and access rule configuration information coupling; If retrieve the access rule configuration information of coupling, then execution in step 1032; Otherwise, finish the visit of current control private user realization to private network device.
Here, this effective information is the information of the described visit message of unique identification, comprise: the access device information of medium access control (MAC, Media Access Control) address information of visit message, the source address information/destination address information of visit message, visit message, the field information of the DHCP Option of visit message or the domain-name information that the visit message is visited.Wherein, DHCP Option is a configuration set information entrained in the DHCP.And this visit message is: private user request visit public network realizes visiting the visit message of same side private network device.
Step 1032, corresponding to the access rule configuration information that retrieves coupling, revise the address information that the visit message is transmitted by the NAT mechanism that gateway self provides, gateway control visit message is according to the access rule configuration information that retrieves coupling, be forwarded to public network earlier, and then be forwarded to the private network device of private user homonymy by public network.
Here, in the step 1031, the source address information of visit message is specially the address information of private user in effective information, and destination address information is a public network access address information; The access rule configuration information that retrieves coupling comprises: the address information of the address information of private user, public network access address information and private network device; Then step 1032 is specially:
Before step 10321, the route, by the NAT mechanism that gateway self provides, the destination address information that gateway will be visited message is revised as: the address information of the private network device in the access rule configuration information of this coupling.
Step 10322, the routing mechanism that provides by gateway self, gateway are determined to need the visit message is forwarded on the private network device.
After step 10323, the route and before transmitting the visit message, by the NAT mechanism that gateway self provides, the source address information that gateway will be visited message is revised as: the public network access address information in the access rule configuration information of this coupling.
Step 10324, by the routing mechanism that gateway self provides, the visit message that gateway will have been revised after source address information and the destination address information is forwarded on the private network device.
Be illustrated in figure 2 as the networking structure schematic diagram of an example of networking scene used in the present invention, among Fig. 2, comprise: be positioned at private user 11 and private network device 21 under the same subnet of same side private network, be positioned at private user 12 and private network device 22, gateway 41 and public network 61 under the different sub-network of same side private network.Public network is the Internet.And private user 11 and private network device 21 all pass through private network access point 31 IADs 41; Private user 12 is by private network access point 32 IADs 41; Private network device 22 is by private network access point 33 IADs 41.Gateway 41 inserts public network 61, and sets up two on the gateway 41 and insert extraneous public network access point, respectively with 51 and 52 signs.
Method embodiment: with reference to networking structure schematic diagram shown in Figure 2, among this method embodiment, private user may further comprise the steps to the realization flow of same side private network device access as shown in Figure 3:
Step 201, gateway 41 initialization, the network environment of structure private network and public network 61.
Here, being provided with gateway at the private network access point is the private net address information that private user and private network device provided usually, and the public network access point is provided with at least one public network address information.Then when gateway 41 initialization, gateway 41 starts, and gateway 41 inserts all private user and private network device; Around gateway 41, gateway 41 is set up public network address information on all public network access points, and sets up private net address information on all private network access points, thereby puts up the complete private network and the network environment of public network.
Step 202, gateway 41 initialization finish, after setting up complete network environment, according to user or Carrier Requirements, thereby on gateway 41, dispose private user can be visited private network device by the mode of the public network address of visit gateway access rule configuration information.
Here, the access rule configuration information can be the access rule allocation list, comprises a plurality of clauses and subclauses.After follow-up gateway obtains the visit message of private user, retrieve each clauses and subclauses in this access rule allocation list,,, the address information of visit message is made amendment by NAT mechanism then according to the content in the clauses and subclauses if retrieve the clauses and subclauses of coupling.
Step 203, private user 11 send the visit message.
Here, this visit message is used for: the public network access address information of the public network access point 51 of private user 11 visit gateways 41 and then realization visit private network device 21.
Step 204, access rule allocation list are started working, detect the visit message that step 203 is sent, by extracting the effective information in the visit message, so that filter out the public network access address information of private user 11 request visit public network access points 51 and then the visit message of realization visit private network device 21.
Here, this visit message refers to original visit message, has promptly just entered the visit message of gateway.
Here, comprise in the effective information of this visit message: the destination address information of the source address information of this visit message and this visit message.And the source address information of this visit message is: the address information of private user 11; This visit message destination address information be: the public network access address information of public network access point 51.
Each clauses and subclauses in step 205, the retrieval access rule allocation list, and the clauses and subclauses that find the effective information with this visit message to be complementary.
Step 206, the access rule of describing according to the coupling clauses and subclauses that found in the step 205 dispose, by the NAT mechanism on the gateway, gateway is changed the destination address information of visit message, and is revised as the address information of the service 1 of the described private network device 21 of coupling clauses and subclauses.
Here the service that it is pointed out that private network device and private network device is provided is the relation of one-to-many, promptly can provide a plurality of services on a private network device.Then be depicted as an example of access rule allocation list as following table 1, the access rule allocation list comprises three contents, and there are mapping relations in these three contents.In the table 1, from left to right, first content is the address information of private user; Second content is public network access address information; The address information of the service that provides on the private network device is provided for the 3rd content.
| The address information of private user | Public network access address information | The address information of the service that provides on the private network device |
| The address information of private user 11 | The public network access address information of public network access point 51 | The address information of service 1 is provided on the private network device 21 |
| The address information of private user 11 | The public network access address information of public network access point 52 | The address information of service 2 is provided on the private network device 21 |
| The address information of private user 21 | The public network access address information of public network access point 51 | The address information of service 1 is provided on the private network device 22 |
| The address information of private user 21 | The public network access address information of public network access point 52 | The address information of service 2 is provided on the private network device 22 |
Table 1
Step 207, the routing mechanism by gateway self can determine this visit message will mail to this private network device 21.
Step 208, after having determined the route trend of this visit message, and should visit before real the transmission, the access rule configuration of describing according to the coupling clauses and subclauses that found in the step 205 once more, by the NAT mechanism on the gateway, revise the source address information of visit message, and be revised as the public network access address information of the described public network access point 51 of coupling clauses and subclauses.
Step 209, will revise the visit message after source address information and the destination address information,, send to private network device 21 by the routing mechanism on the gateway.
Step 210, follow-up private user 11 and the mutual message between the private network device 21 can continue to dispose according to the access rule of the coupling clauses and subclauses description of being found in the step 205, and NAT mechanism and routing mechanism on the gateway, carry out message address change and transmit and handle, thus realize private user 11 by the public network access point 51 of visit gateway 41 public network access address information so that the purpose of the service that provides on the visit private network device 21 is provided.
It is to be noted, private user 11 visit except that private network device 21 other private network devices or private network device on the service that provided, and the service that is provided on private user 21 visit private network devices or the private network device, the know-why that technical scheme disclosed that can adopt above step 201~step 210 to constitute is handled, and does not do concrete elaboration at this.
A kind of private user is to the realization system of same side private network device access, and this system comprises: dispensing unit and control unit.Wherein, dispensing unit is used for gateway configuration access rule configuration information.Control unit links to each other with dispensing unit, and control unit is used for gateway according to the access rule configuration information, and the control private user is realized the visit to the private network same side private network device.
Here, dispensing unit is further used for initiatively the access rule configuration information is handed down to gateway with the form of configuration file, and gateway is resolved configuration file, obtains access rule configuration information and configuration.Perhaps gateway also disposes from the passive access rule configuration information that obtains of user and/or operator.Perhaps gateway dynamically generates access rule configuration information and configuration according to the network organizing situation.
The above is preferred embodiment of the present invention only, is not to be used to limit protection scope of the present invention.
Claims (11)
1, a kind of private user is characterized in that the implementation method of same side private network device access, and this method comprises:
Gateway configuration access rule configuration information; Described access rule configuration information comprises: private user realizes visiting the information of same side private network device by the public network of visiting described gateway;
Gateway is controlled the visit of described private user realization to described same side private network device according to described access rule configuration information.
2, method according to claim 1 is characterized in that, the configuration needs of described access rule configuration information derives from: user and/or operator.
3, method according to claim 1, it is characterized in that, described gateway configuration access rule configuration information specifically comprises: initiatively described access rule configuration information is handed down to described gateway with the form of configuration file, gateway is resolved described configuration file, obtains access rule configuration information and configuration; Perhaps,
Gateway is from user and/or operator, and the passive access rule configuration information that obtains also disposes; Perhaps,
Gateway dynamically generates access rule configuration information and configuration according to the network organizing situation.
4, method according to claim 1 is characterized in that, described access rule configuration information further comprises: private user information, public network information and same side private network device information;
Have mapping relations between described private user information, described public network information and the described same side private network device information three, the form of expression of described mapping relations is all data structure forms of sign mapping relations, comprises table or array.
5, method according to claim 4 is characterized in that, described private user information is the information of the described private user of unique identification, comprising: the address information of private user or the access device information of private user;
The public network information that described public network information is the described public network of unique identification comprises: public network access address information or private user request visit public network realize visiting the employed protocol information of visit message and the port information of same side private network device;
The information of the service that provides on described private network device of unique identification or the described private network device is provided described same side private network device information, comprising: the relevant information of the service that provides on the address information of private network device or the private network device.
6, method according to claim 1 is characterized in that, described gateway is realized the visit of described same side private network device is specially according to access rule configuration information control private user:
A, gateway obtain the visit message from described private user, extract the effective information in the described visit message, with described effective information and described access rule configuration information coupling; If retrieve the access rule configuration information of coupling, then carry out B; Otherwise, finish the visit of current control private user realization to same side private network device;
B, gateway revise the address information that the visit message is transmitted according to the access rule configuration information of described coupling by network address translation NAT mechanism, and control visit message is forwarded to described public network earlier, and then is forwarded to described same side private network device by public network.
7, method according to claim 6, it is characterized in that, described effective information is the information of the described visit message of unique identification, comprising: the domain-name information that the field information of entrained configuration information or visit message are visited in the DHCP of the source address information/destination address information of the medium access control address information of described visit message, visit message, the access device information of visiting message, visit message;
Described visit message is: private user request visit public network realizes visiting the visit message of same side private network device.
8, method according to claim 7 is characterized in that, in the steps A, the source address information of visit message is specially the address information of private user in the described effective information, and destination address information is a public network access address information; The access rule configuration information of described coupling specifically comprises: the address information of the address information of private user, public network access address information and private network device; Then step B is specially:
Before B1, the route, by NAT mechanism, the destination address information that gateway will be visited message is revised as the address information of described private network device;
B2, by routing mechanism, gateway is determined to need the visit message is forwarded on the same side private network device;
After B3, the route and before transmitting the visit message, by NAT mechanism, the source address information that gateway will be visited message is revised as described public network access address information;
B4, by routing mechanism, the visit message that gateway will be revised after source address information and the destination address information is forwarded on the same side private network device.
According to each described method in the claim 1 to 8, it is characterized in that 9, described access rule configuration information further upgrades according to networking mode and trafficwise; Described renewal is manually upgraded with static mode or is upgraded automatically with dynamical fashion.
10, a kind of private user is characterized in that the realization system of same side private network device access, and this system comprises: dispensing unit and control unit; Wherein,
Dispensing unit is used for gateway configuration access rule configuration information;
Control unit is used for gateway according to described access rule configuration information, and the control private user is realized the visit to same side private network device.
11, system according to claim 10, it is characterized in that described dispensing unit is further used for initiatively described access rule configuration information is handed down to described gateway with the form of configuration file, gateway is resolved described configuration file, obtains access rule configuration information and configuration; Perhaps,
Gateway also disposes from the passive access rule configuration information that obtains of user and/or operator; Perhaps,
Gateway dynamically generates access rule configuration information and configuration according to the network organizing situation.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910079705A CN101483657B (en) | 2009-03-06 | 2009-03-06 | Implementation method and system for same side private network device access by private user |
| PCT/CN2009/073533 WO2010099680A1 (en) | 2009-03-06 | 2009-08-26 | Method and system for enabling private network user to access private network device at the same side |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910079705A CN101483657B (en) | 2009-03-06 | 2009-03-06 | Implementation method and system for same side private network device access by private user |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101483657A true CN101483657A (en) | 2009-07-15 |
| CN101483657B CN101483657B (en) | 2012-10-10 |
Family
ID=40880584
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910079705A Expired - Fee Related CN101483657B (en) | 2009-03-06 | 2009-03-06 | Implementation method and system for same side private network device access by private user |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN101483657B (en) |
| WO (1) | WO2010099680A1 (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2010099680A1 (en) * | 2009-03-06 | 2010-09-10 | 中兴通讯股份有限公司 | Method and system for enabling private network user to access private network device at the same side |
| CN102447747A (en) * | 2010-10-09 | 2012-05-09 | 中国移动通信集团公司 | Method, device and system for interacting with private network |
| CN105376309A (en) * | 2015-10-30 | 2016-03-02 | 青岛海尔智能家电科技有限公司 | Access gateway distribution method and device |
| CN107547687A (en) * | 2017-08-31 | 2018-01-05 | 新华三技术有限公司 | A kind of message transmitting method and device |
| CN114007193A (en) * | 2021-12-31 | 2022-02-01 | 亿次网联(杭州)科技有限公司 | Communication method and system for distributed network nodes |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104468280B (en) * | 2014-12-19 | 2018-04-06 | 上海市共进通信技术有限公司 | The method that standby upper down status rapid detection is hung under realizing in intelligent gateway |
| CN114301873A (en) * | 2020-09-22 | 2022-04-08 | 华为云计算技术有限公司 | Network intercommunication method and equipment based on private network and computer cluster |
| CN114340046B (en) * | 2021-11-19 | 2024-03-29 | 南京瀚元科技有限公司 | Multi-network card equipment networking communication method based on Android system |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101060493B (en) * | 2007-05-14 | 2011-10-26 | 中兴通讯股份有限公司 | A method of private network user access the server in a private network through domain name |
| CN101483657B (en) * | 2009-03-06 | 2012-10-10 | 中兴通讯股份有限公司 | Implementation method and system for same side private network device access by private user |
-
2009
- 2009-03-06 CN CN200910079705A patent/CN101483657B/en not_active Expired - Fee Related
- 2009-08-26 WO PCT/CN2009/073533 patent/WO2010099680A1/en active Application Filing
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2010099680A1 (en) * | 2009-03-06 | 2010-09-10 | 中兴通讯股份有限公司 | Method and system for enabling private network user to access private network device at the same side |
| CN102447747A (en) * | 2010-10-09 | 2012-05-09 | 中国移动通信集团公司 | Method, device and system for interacting with private network |
| CN105376309A (en) * | 2015-10-30 | 2016-03-02 | 青岛海尔智能家电科技有限公司 | Access gateway distribution method and device |
| CN105376309B (en) * | 2015-10-30 | 2021-08-13 | 青岛海尔智能家电科技有限公司 | Access gateway allocation method and device |
| CN107547687A (en) * | 2017-08-31 | 2018-01-05 | 新华三技术有限公司 | A kind of message transmitting method and device |
| CN114007193A (en) * | 2021-12-31 | 2022-02-01 | 亿次网联(杭州)科技有限公司 | Communication method and system for distributed network nodes |
| CN114007193B (en) * | 2021-12-31 | 2022-05-13 | 亿次网联(杭州)科技有限公司 | Communication method and system for distributed network nodes |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101483657B (en) | 2012-10-10 |
| WO2010099680A1 (en) | 2010-09-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101483657B (en) | Implementation method and system for same side private network device access by private user | |
| US10469442B2 (en) | Adaptive resolution of domain name requests in virtual private cloud network environments | |
| CN102577256B (en) | For the method and apparatus of transparent cloud computing in virtual network infrastructure situation | |
| US9219638B2 (en) | Apparatus and method for applying network policy at a network device | |
| CN104350725B (en) | The Seamless integration- and independent evolution method of information centre's network are carried out by software defined network | |
| CN102447752B (en) | Service access method, system and device based on layer 2 tunnel protocol (L2TP) | |
| CN101383855B (en) | Method for obtaining computer accurate geological position information based on IP address information | |
| US10389628B2 (en) | Exposing a subset of hosts on an overlay network to components external to the overlay network without exposing another subset of hosts on the overlay network | |
| CN105245629B (en) | Host communication method based on DHCP and device | |
| CN105591820A (en) | Container network management system and method with high scalability | |
| CN105323173A (en) | Network rule entry setting method and device | |
| WO2015121617A1 (en) | Methods, apparatus and systems for processing service requests | |
| CN102209121A (en) | Method and device for intercommunication between Internet protocol version 6 (IPv6) network and Internet protocol version 4 (IPv4) network | |
| CN102148879A (en) | Port mapping method and device and communication system | |
| CN108063837A (en) | Dynamic IP addressing distribution method and device | |
| CN102158421A (en) | Method and unit for creating layer three interface | |
| CN104113602B (en) | Object name based Internet of Things device access management system and method | |
| CN103763407A (en) | Method for achieving address resolution protocol proxy through two-layer virtual local area network and local area network system | |
| CN108063839A (en) | A kind of method for accessing network and the device for accessing network | |
| CN105991440A (en) | Method and device for preventing flow interruption caused by virtual machine (VM) migration | |
| CN105939267A (en) | Out-of-band management method and device | |
| CN1863193B (en) | Method for implementing safety tactics of network safety apparatus | |
| CN104702591A (en) | Method and system for penetrating through firewall based on port forwarding multiplexing technology | |
| CN104506665B (en) | Distinguish method and system in a kind of IPv4/IPv6 addresses | |
| CN104683491B (en) | A kind of method and system for the Internet Protocol address for obtaining virtual machine |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20121010 Termination date: 20180306 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |