CN101557336A - Method for establishing network tunnel, data processing method and relevant equipment - Google Patents

Method for establishing network tunnel, data processing method and relevant equipment Download PDF

Info

Publication number
CN101557336A
CN101557336A CNA2009101376586A CN200910137658A CN101557336A CN 101557336 A CN101557336 A CN 101557336A CN A2009101376586 A CNA2009101376586 A CN A2009101376586A CN 200910137658 A CN200910137658 A CN 200910137658A CN 101557336 A CN101557336 A CN 101557336A
Authority
CN
China
Prior art keywords
section point
node
message
log
virtual
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CNA2009101376586A
Other languages
Chinese (zh)
Other versions
CN101557336B (en
Inventor
王雨晨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Huawei Technology Co Ltd
Original Assignee
Huawei Symantec Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Symantec Technologies Co Ltd filed Critical Huawei Symantec Technologies Co Ltd
Priority to CN2009101376586A priority Critical patent/CN101557336B/en
Publication of CN101557336A publication Critical patent/CN101557336A/en
Priority to PCT/CN2010/072424 priority patent/WO2010127610A1/en
Priority to US13/289,552 priority patent/US8769661B2/en
Application granted granted Critical
Publication of CN101557336B publication Critical patent/CN101557336B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The embodiment of the invention relates to the technical field of communication, and discloses a method for establishing a network tunnel, a data processing method and relevant equipment, wherein the method for establishing the network tunnel comprises the following steps: a first node searches the registration information of a second node from a virtual private network server so as to determine whether the second node accepts external connection; the registration information of the second node at least comprises the information specifying whether the second node accepts external connection; and the first node establishes a corresponding network tunnel with the second node according to the registration information found out. The technical proposal of the embodiment of the invention causes a node in a virtual private network (VPN) to be capable of knowing the registration information of other nodes, thereby being capable of establishing a corresponding network tunnel with other nodes, reducing the waste of network resources and improving network tunnel establishing efficiency.

Description

A kind of method of setting up network tunnel, data processing method and relevant device
Technical field
The present invention relates to communication technical field, relate in particular to a kind of method of setting up network tunnel, data processing method and relevant device.
Background technology
VPN (virtual private network) (VPN, Virtual Private Network) is interim, a safe connection of setting up by a common network (normally internet), is safe, a stable tunnel that passes chaotic common network.Usually, the VPN network is the expansion to intranet, can help long-distance user, corporate branch office, business parnter and supplier to set up believable safety with the in-house network of company by it and connect, and guarantee the safe transmission of data.
Current, the communication mode in the VPN network between the node has virtual switch pattern and direct channel pattern.Wherein, the virtual switch pattern is meant that all nodes are all set up network tunnel with a vpn server in the VPN network, need carry out transfer by vpn server when carrying out data communication between the different nodes; VPN network under the virtual switch pattern is a star network; The direct channel pattern is meant between some nodes and other node directly sets up network tunnel, and two data between nodes communications need not through the vpn server transfer by the directly-connected network tunnel transmission; VPN network under the direct channel pattern is a mesh network.As seen, the VPN network under the direct channel pattern can not form the network performance bottleneck owing to need not the concentrated switching task of data in the vpn server burden VPN network in the VPN network, be easy to set up under the same band condition more massive VPN network.Therefore, prior art usually at node when inserting the VPN network, at first attempt directly setting up the directly-connected network tunnel, if after attempting directly setting up the failure of directly-connected network tunnel, communicate with the virtual switch pattern with the needs nodes in communication again with the needs nodes in communication.
Yet, the inventor finds, the communication mode that each node is supported in the existing VPN network may be inequality, all be in different network address translation (NAT such as two nodes, NetworkAddress Translation) in the equipment, do not possess legitimate network agreement (IP, Internet Protocol) during the address, can only communicate with the virtual switch pattern between these two nodes, in this case, if also attempt between two nodes directly setting up the directly-connected network tunnel, not only waste Internet resources, also can reduce the efficient of setting up network tunnel.
Summary of the invention
The embodiment of the invention provides a kind of method of setting up network tunnel, data processing method and relevant device, make in the VPN network node and other node between when setting up network tunnel, reduce the wasting of resources, improve the efficient that network is set up network tunnel.
For achieving the above object, the embodiment of the invention provides following technical scheme:
The method of setting up network tunnel that the embodiment of the invention provides, comprise: first node is to the log-on message of virtual special network server inquiry Section Point, to determine whether described Section Point accepts outside the connection, and the log-on message of described Section Point comprises at least whether described Section Point accepts the outside information that connects; First node is set up corresponding network tunnel according to the described log-on message that inquires with described Section Point.
The data processing method that the embodiment of the invention provides comprises: receive the query messages that first node sends, described query messages comprises the log-on message of inquiring about Section Point; The log-on message of described Section Point of storage in advance is sent to described first node, so that described first node and described Section Point are set up corresponding network tunnel, the log-on message of described Section Point comprises at least whether described Section Point accepts the outside information that connects.
The VPN (virtual private network) node that the embodiment of the invention provides, comprise: query unit, be used for log-on message to virtual special network server inquiry Section Point, to determine whether described Section Point accepts outside the connection, and the log-on message of described Section Point comprises at least whether described Section Point accepts the outside information that connects; Set up the network tunnel unit, be used for setting up corresponding network tunnel with described Section Point according to the described log-on message that inquires.
The virtual special network server that the embodiment of the invention provides comprises: receiving element, be used to receive the message that first node sends, and described message is used to inquire about the log-on message of Section Point; Transmitting element, the log-on message that is used for the Section Point that will store in advance is sent to described first node, so that described first node and described Section Point are set up corresponding network tunnel, the log-on message of described Section Point comprises at least whether described Section Point accepts the outside information that connects.
The virtual private network system that the embodiment of the invention provides comprises: VPN (virtual private network) node and virtual special network server; Described VPN (virtual private network) node, be used for log-on message to described virtual special network server inquiry Section Point, to determine whether described Section Point accepts outside the connection, and the log-on message of described Section Point comprises at least whether described Section Point accepts the outside information that connects; According to the described log-on message that inquires, set up corresponding network tunnel with described Section Point; Described virtual special network server is used to receive the message that described VPN (virtual private network) node sends, and described message is used to inquire about the log-on message of Section Point; The log-on message of Section Point of storage in advance is sent to described VPN (virtual private network) node, so that described VPN (virtual private network) node and described Section Point are set up corresponding network tunnel, the log-on message of described Section Point comprises at least whether described Section Point accepts the outside information that connects.
Compared with prior art, the embodiment of the invention makes the first node in the VPN network can understand the log-on message of Section Point, comprise Section Point in this log-on message and whether accept the outside information that connects, thereby first node can be set up corresponding network tunnel according to the log-on message and the Section Point of this Section Point, avoided when Section Point is not accepted outside the connection, still carry out the trial that the directly-connected network tunnel is set up, thereby can reduce waste of network resources, and improve the efficient of setting up network tunnel.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, to do to introduce simply to the accompanying drawing of required use among the embodiment below, apparently, accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
A kind of method flow diagram of setting up network tunnel of Fig. 1 for providing in the embodiment of the invention;
The flow chart of setting up in network tunnel process query node log-on message of Fig. 2 for providing in the embodiment of the invention;
A kind of method flow diagram of setting up network tunnel of Fig. 3 for providing in the embodiment of the invention;
A kind of method flow diagram of setting up network tunnel of Fig. 4 for providing in the embodiment of the invention;
A kind of method flow diagram of setting up network tunnel of Fig. 5 for providing in the embodiment of the invention;
A kind of data processing method flow chart of Fig. 6 for providing in the embodiment of the invention;
The structure chart of a kind of VPN (virtual private network) node of providing in the embodiment of the invention is provided Fig. 7;
The structure chart of a kind of query unit of providing in the embodiment of the invention is provided Fig. 8;
A kind of structure chart of setting up network tunnel unit of Fig. 9 for providing in the embodiment of the invention;
The structure chart of a kind of virtual special network server of providing in the embodiment of the invention is provided Figure 10;
The structure chart of a kind of virtual private network system of providing in the embodiment of the invention is provided Figure 11;
A kind of VPN network diagram of Figure 12 for providing in the embodiment of the invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.
Embodiment one:
See also Fig. 1, a kind of method flow diagram of setting up network tunnel that Fig. 1 provides for the embodiment of the invention.As shown in Figure 1, this method can comprise:
101: whether first node accepts outside the connection to the log-on message of virtual special network server inquiry Section Point to determine Section Point, and the log-on message of Section Point comprises at least whether Section Point accepts the outside information that connects;
Wherein, the node described in present embodiment and the follow-up embodiment includes but not limited to computer in the VPN network and other user terminals etc.
In the present embodiment, when first node request and Section Point communicate, can be from the log-on message of virtual special network server inquiry Section Point, at least comprise in the log-on message whether Section Point accepts the outside information that connects, and this information is used to indicate Section Point whether can set up the directly-connected network tunnel.
For instance, see also Fig. 2, the method flow diagram of setting up query node log-on message in the network tunnel process that Fig. 2 provides for present embodiment.As shown in Figure 2, first node is specifically as follows to the log-on message of virtual special network server inquiry Section Point:
201: first node sends query messages to virtual special network server, and this query messages is used to inquire about the log-on message of Section Point;
202: the log-on message that receives the Section Point of virtual special network server transmission.
Further, be sent in the query messages of virtual special network server, can also comprise the title of Section Point and/or the current real IP address of Section Point at first node.
For instance, the current real IP address of Section Point is meant the legal address of Section Point in internet (Internet), specifically can be Internet protocol (IP) address of Section Point in the Internet network, or IP address and the transmission control protocol (TCP of Section Point in the Internet network, Transmission Control Protocol)/User Datagram Protoco (UDP) (UDP, User DatagramProtocol) address after the port combination, or Section Point other addresss of service in the Internet network with web page address (URL, Uniform Resource Locator) expression.
For instance, the log-on message of the Section Point that sends of the reception virtual special network server in 202 is specifically as follows:
Current real IP address, the virtual ip address of the Section Point that the reception virtual special network server sends and the information of whether accepting outside connection.
Wherein, if Section Point is accepted the outside information that connects, then first node can be set up directly-connected network tunnel under the direct channel pattern according to the current real IP address of Section Point and Section Point; Otherwise if Section Point is not accepted outside the connection, then first node can be set up indirect network tunnel under the virtual switch pattern according to the virtual ip address of Section Point and Section Point.
If, the current real IP address and the virtual ip address of the known Section Point of first node, then the log-on message of the Section Point that sends of the reception virtual special network server in 202 can be the outside information that connects of whether accepting of Section Point.
The log-on message of the Section Point in the present embodiment can also comprise other relevant information of Section Point except comprising the current real IP of Section Point address, virtual ip address and whether accepting the outside information that connects.
102:, set up corresponding network tunnel with Section Point according to the log-on message that inquires.
For instance, after first node receives the log-on message of Section Point, can accept outside the connection, then set up corresponding network tunnel with Section Point if find Section Point.See also Fig. 3, a kind of method flow diagram of setting up network tunnel that Fig. 3 provides for present embodiment.As shown in Figure 3, first node and Section Point are set up corresponding network tunnel and can be comprised:
301: first node sends the network tunnel request of setting up to Section Point;
302: first node receives the response that Section Point sends, thus the network tunnel between foundation and the Section Point.
In addition, first node can also be inquired about the log-on message of first node to virtual special network server; Wherein, the log-on message of first node comprises at least whether first node accepts the outside information that connects;
For instance, after first node receives the log-on message of Section Point, can accept outside the connection if find Section Point, and first node is accepted outside the connection, then sets up corresponding network tunnel with Section Point.See also Fig. 4, a kind of method flow diagram of setting up network tunnel that Fig. 4 provides for present embodiment.As shown in Figure 4, first node and Section Point are set up corresponding network tunnel and can be comprised:
401: first node sends to Section Point and is used to point out Section Point to set up the message of network tunnel to first node;
402: first node receives the network tunnel request of setting up that Section Point sends;
403: first node sends response to Section Point, thus the network tunnel between foundation and the Section Point.
For instance, after first node receives the log-on message of Section Point, do not accept outside the connection, and first node do not accept outside the connection yet, then set up corresponding network tunnel with Section Point if find Section Point.See also Fig. 5, a kind of method flow diagram of setting up network tunnel that Fig. 5 provides for present embodiment.As shown in Figure 5, first node and Section Point are set up corresponding network tunnel and can be comprised:
501: first node sends the network tunnel request of setting up to virtual special network server;
502: first node receives the response that virtual special network server sends, thereby sets up the network tunnel between first node and the virtual special network server;
503: first node sends to Section Point and sets up network tunnel message, so that Section Point and virtual special network server are set up network tunnel.
At this moment, virtual special network server is as the transferring equipment between first node and the Section Point, be used to receive the communication data of first node transmission and be forwarded to Section Point, receive the communication data of Section Point transmission simultaneously and be forwarded to first node, set up the network tunnel between first node and the Section Point like this, indirectly.
Need to prove that understanding at first node after the registration message of Section Point and first node, the concrete real process of setting up network tunnel with Section Point is that those skilled in the art are familiar with, present embodiment is not further described at this.
Above-mentioned a kind of method of setting up network tunnel that the embodiment of the invention one is provided is described in detail, the embodiment of the invention makes first node in the VPN network before setting up network tunnel with Section Point, can from virtual special network server, inquire about the log-on message of Section Point and the log-on message of first node, thereby can understand Section Point and first node and whether accept outside the connection, and then set up corresponding network tunnel with Section Point, avoided when two nodes can only connect with the virtual switch pattern, such two nodes also carry out the trial that the directly-connected network tunnel is set up, from can having reduced waste of network resources, and improve the efficient of setting up network tunnel.
Embodiment two:
See also Fig. 6, a kind of data processing method flow chart that Fig. 6 provides for the embodiment of the invention.As shown in Figure 6, this method can comprise:
601: virtual special network server receives the message that first node sends, and this message is used to inquire about the log-on message of Section Point;
In the present embodiment, the message that first node sends can also be further used for inquiring about the log-on message of first node.
602: the log-on message of the Section Point that virtual special network server will be stored in advance is sent to first node, so that first node and Section Point are set up corresponding network tunnel.
For instance, first node can receive the current real IP of Section Point address, the virtual ip address of virtual special network server transmission and whether accept the outside information that connects;
And receive the current real IP of first node address, the virtual ip address of virtual special network server transmission and whether accept the outside information that connects.
Wherein, the log-on message of the Section Point in the present embodiment includes but not limited to the current real IP of Section Point address, virtual ip address and whether accepts the outside information that connects;
Equally, the log-on message of the first node in the present embodiment includes but not limited to the current real IP of first node address, virtual ip address and whether accepts the outside information that connects.
Further, the current real IP address of Section Point is meant the legal address of Section Point in the Internet network, specifically can be the net IP address of Section Point in the Internet network, or Section Point in the Internet network the IP address and the address after the TCP/UDP port combination, or Section Point other addresss of service of representing with URL in the Internet network;
In like manner, the current real IP address of first node is meant the legal address of first node in the Internet network, specifically can be the IP address of first node in the Internet network, or first node in the Internet network the IP address and the address after the TCP/UDP port combination, or first node other addresss of service of representing with URL in the Internet network.
Method according to the embodiment of the invention provides before above-mentioned 201, can also comprise:
Virtual special network server receives the access request message of first node transmission and the access request message that Section Point sends, and wherein, the access request message that first node sends comprises the nodename and the current real IP address of first node;
The access request message that Section Point sends comprises the nodename and the current real IP address of Section Point;
Virtual special network server distributes virtual ip address to first node, and whether definite first node accept outside the connection, and distributes virtual ip address to Section Point, and whether definite Section Point accepts outside the connection;
The virtual ip address of virtual special network server storage first node title, current real IP address, distribution and the corresponding relation of whether accepting the outside information that is connected, and the virtual ip address of storage Section Point title, current real IP address, distribution and the corresponding relation of whether accepting the information that the outside is connected.And, with the nodename of described first node and Section Point, current true Internet protocol address, virtual Internet protocol address and indicate described first node and whether Section Point accepts the log-on message of the outside information that connects as first node and Section Point.
Whether wherein, above-mentioned definite first node is accepted to be specifically as follows outside the connection:
After having distributed virtual ip address to first node, connection request from network tunnel to the first node transmission that once set up is to judge whether first node accepts outside the connection, after receiving the response that first node returns, confirm the outside connection of first node acceptance, promptly " whether accepting outside the connection " attribute of first node is " OK "; Otherwise if can't receive the response that first node returns at the appointed time, the affirmation first node is not accepted outside the connection, and promptly " whether accepting outside the connection " attribute of first node is " NO ".
Equally, can confirm in a manner mentioned above whether Section Point accepts outside the connection.
In the present embodiment, it is identical that first node and Section Point are set up the method for introducing among the specific implementation of corresponding network tunnel and the embodiment one, no longer repeats herein.
Above-mentioned a kind of data processing method that the embodiment of the invention two is provided is described in detail, in the embodiment of the invention, virtual special network server can be according to the request of first node, the log-on message of Section Point and first node is sent to first node, make that like this first node can be before setting up network tunnel with Section Point, understand Section Point and first node and whether accept outside the connection, and then set up corresponding network tunnel with Section Point, avoided when two nodes can only connect with the virtual switch pattern, such two nodes also carry out the trial that the directly-connected network tunnel is set up, from can having reduced waste of network resources, and improve the efficient of setting up network tunnel.
Embodiment three:
See also Fig. 7, the structure chart of a kind of VPN (virtual private network) node that Fig. 7 provides for the embodiment of the invention.As shown in Figure 7, the VPN (virtual private network) node can comprise:
Query unit 701 is used for the log-on message to virtual special network server inquiry Section Point, whether accepts outside the connection to determine Section Point, and the log-on message of Section Point comprises at least whether Section Point accepts the outside information that connects;
Set up network tunnel unit 702, be used for setting up corresponding network tunnel with Section Point according to the log-on message that inquires.
For instance, the described corresponding network tunnel of present embodiment comprises directly-connected network tunnel under the direct channel pattern and the indirect network tunnel under the virtual switch pattern.
See also Fig. 8, the structural representation of a kind of query unit that Fig. 8 provides for the embodiment of the invention three.As shown in Figure 8, query unit 701 can comprise:
Send subelement 7011, be used for sending query messages to virtual special network server, described query messages comprises the log-on message of inquiring about Section Point;
Receive subelement 7012, be used to receive the log-on message of the Section Point that virtual special network server sends.
Preferably, the log-on message of Section Point can include but not limited to the current real IP of Section Point address, virtual ip address and whether accept the outside information that connects.
See also Fig. 9, a kind of structural representation of setting up the network tunnel unit that Fig. 9 provides for the embodiment of the invention.As shown in Figure 9, setting up network tunnel unit 702 can comprise:
First sets up subelement 7021, is used for sending the network tunnel request of setting up to Section Point when Section Point is accepted outside the connection; Receive the response that Section Point sends, thus the network tunnel between foundation and the Section Point.
For instance, query unit 701 can also be used for the log-on message to virtual special network server inquiry first node; Wherein, the log-on message of first node comprises at least whether first node accepts the outside information that connects.
Like this, setting up network tunnel unit 702 can comprise:
Second sets up subelement 7022, be used for not accepting outside the connection at Section Point, and when first node is accepted outside the connection, send to Section Point and to be used to point out Section Point to set up the message of network tunnel, receive the network tunnel request of setting up that Section Point sends to first node; To the response of Section Point transmission, thus the network tunnel between foundation and the Section Point.
The 3rd sets up subelement 7023, be used for not accepting outside the connection at Section Point, and first node sends the network tunnel request of setting up to virtual special network server when not accepting outside the connection; Receive the response that virtual special network server sends, thus the network tunnel between foundation and the virtual special network server; Send to Section Point and to set up network tunnel message,, thereby set up network tunnel between first node and the Section Point so that Section Point is set up network tunnel to virtual special network server.
At this moment, virtual special network server is as the transferring equipment between first node and the Section Point, be used to receive the communication data of first node transmission and be forwarded to Section Point, receive the communication data of Section Point transmission simultaneously and be forwarded to first node, set up the network tunnel between first node and the Section Point like this, indirectly.
Need to prove that it is that method and the process of setting up network tunnel to virtual special network server with first node is identical that Section Point is set up the method for network tunnel and process to virtual special network server, present embodiment is not given unnecessary details at this.
Above-mentioned a kind of VPN (virtual private network) node that the embodiment of the invention three is provided is described in detail, reception subelement 7012 in the query unit 701 of the first node that the embodiment of the invention provides can be before first node and Section Point be set up network tunnel, the log-on message of inquiry Section Point and the log-on message of first node from virtual special network server, thereby make and to set up that Section Point can be understood in network tunnel unit 702 and whether first node accepts outside the connection, and then set up corresponding network tunnel with Section Point, avoided when two nodes can only connect with the virtual switch pattern, two nodes also carry out the trial that the directly-connected network tunnel is set up, from can having reduced waste of network resources, and improve the efficient of setting up network tunnel.
Embodiment four:
See also Figure 10, the structure chart of a kind of virtual special network server that Figure 10 provides for the embodiment of the invention.As shown in figure 10, virtual special network server can comprise:
Receiving element 1001 is used to receive the message that first node sends, and described message is used to inquire about the log-on message of Section Point;
Transmitting element 1002, the log-on message that is used for the Section Point that will store in advance is sent to described first node, so that described first node and described Section Point are set up corresponding network tunnel, the log-on message of described Section Point comprises at least whether described Section Point accepts the outside information that connects.
In the present embodiment, the message that the first node that receiving element 1001 receives sends can also be further used for inquiring about the log-on message of first node, then transmitting element 1002 can also further send the log-on message of first node to first node, and the log-on message of first node comprises at least whether first node accepts the outside information that connects
For instance, the described corresponding network tunnel of present embodiment comprises directly-connected network tunnel under the direct channel pattern and the indirect network tunnel under the virtual switch pattern.
Preferably, the log-on message of Section Point can include but not limited to the current real IP of Section Point address, virtual ip address and whether accept the outside information that connects;
Equally, the log-on message of first node can include but not limited to current real IP address, the virtual ip address of first node and whether accept the outside information that connects.
Preferably, receiving element 1001 can also be used to receive the access request message of first node transmission and the access request message that Section Point sends;
Wherein, the access request message of first node transmission comprises the nodename and the current real IP address of first node; The access request message that Section Point sends comprises the nodename and the current real IP address of Section Point;
Then the virtual special network server that provides of the embodiment of the invention can also comprise:
Allocation units 1003, the access request message that the first node that is used for receiving according to access unit 1001 sends distributes virtual ip address to first node, and the information of whether accepting outside connection of definite first node;
And be used for the access request message that the Section Point that receives according to access unit 1001 sends, distribute the virtual ip address of Section Point, and definite Section Point whether accept the outside information that connects.
Memory cell 1004, virtual ip address that is used to store the nodename of first node, current real IP address, distribution and the corresponding relation of whether accepting the outside information that is connected;
And the virtual ip address of nodename, the current real IP address of storage Section Point, distribution and the corresponding relation of whether accepting the outside information that is connected, and with the nodename of described first node and Section Point, current true Internet protocol address, virtual Internet protocol address and indicate described first node and whether Section Point accepts the log-on message of the outside information that connects as first node and Section Point.
Preferably, allocation units 1003 are being given after first node and Section Point distributed virtual ip address respectively, connection request from network tunnel to the first node transmission that once set up is to judge whether first node accepts outside the connection, after receiving the response that first node returns at the appointed time, confirm that then first node accepts outside the connection; Otherwise,, confirm that then first node do not accept outside the connection if can't receive the response that first node returns at the appointed time;
And, send the connection request once set up network tunnel to Section Point judging whether Section Point accepts outside the connection, after receiving the response that Section Point returns at the appointed time, confirm that then Section Point accepts outside connection; Otherwise,, confirm that then Section Point do not accept outside the connection if can't receive the response that Section Point returns at the appointed time.
Further, the current real IP address of Section Point is meant the legal address of Section Point in the Internet network, specifically can be the net IP address of Section Point in the Internet network, or Section Point in the Internet network the IP address and the address after the TCP/UDP port combination, or Section Point other addresss of service of representing with URL in the Internet network;
In like manner, the current real IP address of first node is meant the legal address of first node in the Internet network, specifically can be the IP address of first node in the Internet network, or first node in the Internet network the IP address and the address after the TCP/UDP port combination, or first node other addresss of service of representing with URL in the Internet network.
Above-mentioned a kind of virtual special network server that the embodiment of the invention four is provided is described in detail, receiving element 1001 in the virtual special network server that the embodiment of the invention provides can receive the request of first node, transmitting element 1002 can be according to the request of first node, the log-on message of Section Point and first node is sent to first node, make that like this first node can be before setting up network tunnel with Section Point, understand Section Point and first node and whether accept outside the connection, and then set up corresponding network tunnel with Section Point, avoided when two nodes can only connect with the virtual switch pattern, such two nodes also carry out the trial that the directly-connected network tunnel is set up, from can having reduced waste of network resources, and improve the efficient of setting up network tunnel.
Embodiment five:
See also Figure 11, the structure chart of a kind of virtual private network system that Figure 11 provides for the embodiment of the invention.As shown in figure 11, virtual private network system can comprise:
VPN (virtual private network) node 1101 and virtual special network server 1102; Wherein,
VPN (virtual private network) node 1101, be used for log-on message to virtual special network server 1102 inquiry Section Points, to determine whether Section Point accepts outside the connection, and the log-on message of Section Point comprises at least whether Section Point accepts the outside information that connects; According to the log-on message that inquires, set up corresponding network tunnel with Section Point;
Virtual special network server 1102 is used to receive the message that VPN (virtual private network) node 1101 sends, and this message is used to inquire about the log-on message of Section Point; The log-on message of Section Point of storage in advance is sent to VPN (virtual private network) node 1101, so that VPN (virtual private network) node 1101 is set up corresponding network tunnel with Section Point, the log-on message of Section Point comprises at least whether Section Point accepts the outside information that connects.
Need to prove, the VPN (virtual private network) node structure that the structure of the VPN (virtual private network) node 1101 that present embodiment is introduced and the foregoing description three are introduced, function is identical, and present embodiment is not repeated at this; The virtual special network server structure that the structure of the virtual special network server 1102 that present embodiment is introduced and the foregoing description four are introduced, function is identical, and present embodiment is not repeated at this yet.
See also Figure 12, a kind of VPN network diagram that Figure 12 provides for the embodiment of the invention.As shown in figure 12, the VPN network that present embodiment provided can comprise vpn server and VPN node.Wherein, the VPN node can include but not limited to computer and other user terminals; Wherein, vpn server must have legal address in the Internet network (address format can be IP address, IP address and TCP/UDP port combination or other addresss of service of representing with URL), and can use its legal Internet address to receive data message from the Internet network.
Wherein, vpn server need possess node registering functional and information searching function.Promptly when some nodes inserts the VPN network, the virtual ip address that vpn server need distribute first node to use in the VPN network for node; And with the nodename of first node, current real IP address and the virtual ip address that distributes, whether accept outside connect even information such as encryption parameter are registered;
Vpn server allows node in the VPN network according to the log-on message of other VPN node of information inquiries such as virtual ip address of the nodename of other VPN node and/or other VPN node.
Wherein, the node in the present embodiment should possess and vpn server between communication function; And the request function of setting up network tunnel in initiation and the VPN network between other node; Simultaneously, the node in the present embodiment also should possess and receives in the VPN network other node and set up the function of the request of network tunnel with it; Simultaneously, the node in the present embodiment also should possess so more can, promptly can know the log-on message of other node and the log-on message of first node, and set up corresponding network tunnel with other node.
Wherein, corresponding network tunnel comprises directly-connected network tunnel under the direct channel pattern and the indirect network tunnel under the virtual switch pattern.
As shown in figure 12, have 4 Net-connected computers in the VPN network, title is respectively: ID-1, ID-2ID-3, ID-4; Wherein ID-1 and ID-2 are the computers that has legitimate ip address in the Internet net, allow to accept to connect from the Internet network; ID-3 and ID-4 are in the NAT network, do not possess the Internet legal address, and the network that does not allow to accept from Internet connects.
In VPN network shown in Figure 7, the network service between each node has following three kinds of different situations:
1), can directly set up network bi-directional between the node and connect, between ID-1 and ID-2, any one node can initiatively be set up network tunnel to another node;
2), only can directly set up unidirectional connection between the node, between ID-1 and ID-3, because ID-3 is in and does not possess legitimate ip address within the NAT network, therefore only allow initiatively to set up network tunnel, and do not allow to set up network tunnel to ID-3 by ID-1 to ID-1 by ID-3;
3), can not directly connect between the node, between ID-3 and ID-4, because ID-3 and ID-4 are in and do not possess legitimate ip address in the NAT network, therefore can't set up direct tunnel between ID-3 and the ID-4, ID-3 and ID-4 can only respectively and set up network tunnel between the vpn server, the communication data between ID-3 and the ID-4 must be via the vpn server transfer.
Suppose that ID-1 need communicate with ID-2, ID-3 in the VPN network shown in Figure 12, then:
1) ID-1 inquires about the log-on message of ID-2, ID-3 to vpn server.
2) ID-1 is to the log-on message of vpn server inquiry ID-1.
Wherein, for 1), ID-1 sends out query messages to vpn server, and this query messages is used for the log-on message to vpn server inquiry ID-2; Wherein, this query messages can comprise ID-2 title and/the current real IP address of ID-2;
ID-1 sends out query messages to vpn server, and this query messages is used for the log-on message to vpn server inquiry ID-3; Wherein, this query messages can comprise ID-3 title and/the current real IP address of ID-3;
For 2), ID-1 sends out query messages to vpn server, and this query messages is used for the log-on message to vpn server inquiry ID-1; Wherein, this query messages can comprise ID-1 title and/the current real IP address of ID-1.
Vpn server receives after the query messages of ID-1 transmission, the log-on message of inquiry ID-2, ID-3, and ID-1 takes place to give.The registration message of node ID-1, ID-2ID-3, ID-4 in the VPN network shown in Figure 3 that table 1 expression vpn server is stored in advance.
Table 1
Node Nodename Current real IP address Virtual ip address Whether accept outside the connection
ID-1 NID-1 IP1:P1 VIP1 OK
ID-2 NID-2 IP2:P2 VIP2 OK
ID-3 NID-3 IP3:P3 VIP3 NO
ID-4 NID-4 IP4:P4 VIP4 NO
Wherein, because ID-3, ID-4 be in the NAT device, so the current real IP address of ID-3, ID-4 is actually the real IP address of ID-3, NAT device that ID-4 uses.
3) vpn server receives respectively after the query messages of ID-1 transmission, and the log-on message of inquiry ID-2 is: title is NID-2, and true address is IP2:P2, and virtual ip address VIP2 allows to accept outside connection;
The log-on message of inquiry ID-3 is: title is NID-3, and true address is IP3:P3, and virtual ip address VIP3 does not allow to accept outside the connection;
The log-on message of inquiry ID-1 is: title is NID-1, and true address is IP1:P1, and virtual ip address VIP1 allows to accept outside the connection.
4) vpn server is according to the ID-2, the ID-3 that inquire, the log-on message of ID-1, and the log-on message with ID-2, ID-3, ID-1 sends to ID-1 respectively.
Certainly, vpn server also can selected part ID-2, ID-3, the log-on message of ID-1 sends to ID-1, such as being IP2:P2 with the true address in the log-on message of ID-2, allowing the acceptance outside to connect, not allowing in the log-on message of ID-3 accepted outside the connection, and the true address in the log-on message of ID-1 is IP1:P1, allows to accept outside the connection to send to ID-1.
5) ID-1 receives after the log-on message of ID-2, ID-3 that vpn server sends, ID-1, finds that ID-2 point accepts outside the connection, and then ID-1 sets up the network tunnel request to the ID-2 transmission; If receive the response that ID-2 sends, then finish the directly-connected network tunnel under the direct channel pattern between ID-1 and the ID-2;
Find that ID-3 does not accept outside the connection, and ID-1 accepts outside the connection, then ID-1 sends to ID-3 and is used to point out ID-3 initiatively to set up the message of network tunnel to ID-1; Receive the network tunnel request of setting up that ID-3 sends; After the response that ID-3 sends, finish the indirect network tunnel under the virtual switch pattern between ID-1 and the ID-3.
Suppose that again ID-3 need communicate with ID-4 in the VPN network shown in Figure 12, then:
1) ID-3 is to the log-on message of vpn server inquiry ID-4.
2) ID-3 is to the log-on message of vpn server inquiry ID-4.
Wherein, for 1), ID-3 sends out query messages to vpn server, and this query messages is used for the log-on message to vpn server inquiry ID-4; Wherein, this query messages can comprise ID-4 title and/the current real IP address of ID-4;
ID-3 sends out query messages to vpn server, and this query messages is used for the log-on message to vpn server inquiry ID-3; Wherein, this query messages can comprise ID-3 title and/the current real IP address of ID-3.
3) vpn server receives after the query messages of ID-3 transmission, and the log-on message of inquiry ID-4 is: title is NID-4, and true address is IP4:P4, and virtual ip address VIP4 does not allow to accept outside the connection;
The log-on message of inquiry ID-3 is: title is NID-3, and true address is IP3:P3, and virtual ip address VIP3 does not allow to accept outside the connection.
4) vpn server is according to the ID-4 that inquires, the log-on message of ID-3, and the log-on message with ID-4, ID-3 sends to ID-3 respectively.
Certainly, the log-on message that vpn server also can selected part ID-4, ID-3 sends to ID-3, and such as not allowing in the log-on message of ID-4 being accepted outside the connection, not allowing in the log-on message of ID-3 accepted outside the connection to send to ID-3.
5) ID-3 receives after the log-on message of ID-4, ID-3 that vpn server sends, find that ID-4 does not accept outside the connection, and ID-3 does not accept outside the connection yet, illustrates between ID-3 and the ID-4 and can't set up direct-connected network tunnel, and then ID-3 sends the network tunnel request of setting up to vpn server; After receiving the response that vpn server sends, finish and vpn server between network tunnel;
And, ID-3 sends to ID-4 and sets up network tunnel message, so that ID-4 sets up network tunnel to vpn server, thereby set up the network tunnel of ID-4 and vpn server, at this moment, vpn server receives the communication data of ID-3 transmission and is forwarded to ID-4 as the transferring equipment between ID-3 and the ID-4; Simultaneously, receive the communication data of ID-4 transmission and be forwarded to ID-3, like this, set up the network tunnel between ID-3 and the ID-4 indirectly.
Need to prove that vpn server needs ID-1, the ID-2 of storage in advance, the registration message of ID-3, ID-4 in the present embodiment, particularly:
The access request message that vpn server reception ID-1, ID-2, ID-3, ID-4 send respectively, wherein, the access request message that ID-1, ID-2, ID-3, ID-4 send separately comprises nodename and current real IP address separately;
Distribute virtual ip address for respectively ID-1, ID-2, ID-3, ID-4, and determine the outside information that connects of whether accepting of ID-1, ID-2, ID-3, ID-4 respectively;
The virtual ip address of separately nodename of storage ID-1, ID-2, ID-3, ID-4, current real IP address, distribution and the corresponding relation of whether accepting the outside information that is connected.
Wherein, the above-mentioned outside information that connects of whether accepting of determining ID-1, ID-2, ID-3, ID-4 respectively is specially:
After having distributed virtual ip address separately to ID-1, ID-2, ID-3, ID-4 respectively, once set up the connection request of network tunnel to judge whether ID-1, ID-2, ID-3, ID-4 accept outside the connection to ID-1, ID-2, ID-3, ID-4 transmission respectively;
After receiving the response that ID-1, ID-2 return at the appointed time, think that ID-1, ID-2 accept outside the connection, promptly ID-1, ID-2, " whether accepting outside the connection " attribute are " OK "; When receiving the response that ID-3, ID-4 return at the appointed time, think that ID-3, ID-4 do not accept outside the connection, promptly " whether accepting outside the connection " attribute of ID-3, ID-4 is " NO ".
In addition, if node itself has been stored the log-on message of first node, then node only needs to get final product to the log-on message of vpn server inquiry Section Point, need not to inquire about to vpn server once more the log-on message of first node.
Above-mentioned a kind of VPN network that the embodiment of the invention five is provided is introduced, in the VPN network that the embodiment of the invention provides, node is before setting up network tunnel with other node, can from vpn server, inquire about the log-on message of other node and the log-on message of first node, thereby can understand other node and first node and whether accept outside the connection, and then set up corresponding network tunnel with other node, avoided when two nodes can only connect with the virtual switch pattern, such two nodes also carry out the trial that the directly-connected network tunnel is set up, from can having reduced waste of network resources, and improve the efficient of setting up network tunnel.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can be finished by the relevant hardware of program command, aforesaid program can be stored in the computer read/write memory medium, this program is carried out the step that comprises said method embodiment when carrying out; And aforesaid storage medium comprises: various media that can be program code stored such as read-only memory (ROM), random access device (RAM), magnetic disc or CD.
More than to a kind of method of setting up network tunnel that the embodiment of the invention provided, data processing method and relevant device are described in detail, used specific case herein principle of the present invention and execution mode are set forth, the explanation of above embodiment just is used for helping to understand method of the present invention and core concept thereof; Simultaneously, for one of ordinary skill in the art, according to thought of the present invention, the part that all can change in specific embodiments and applications, in sum, this description should not be construed as limitation of the present invention.

Claims (17)

1, a kind of method of setting up network tunnel is characterized in that, comprising:
Whether first node accepts outside the connection to the log-on message of virtual special network server inquiry Section Point to determine described Section Point, and the log-on message of described Section Point comprises at least whether described Section Point accepts the outside information that connects;
First node is set up corresponding network tunnel according to the described log-on message that inquires with described Section Point.
2, method according to claim 1 is characterized in that, described first node comprises to the log-on message of virtual special network server inquiry Section Point:
First node sends query messages to described virtual special network server, comprises the current true Internet protocol address of the nodename and/or the Section Point of Section Point in the described query messages;
First node receives the log-on message of the described Section Point of described virtual special network server transmission, and the log-on message of described Section Point is obtained according to the nodename of described Section Point and/or the current true Internet protocol address inquiry of Section Point by described virtual special network server.
3, method according to claim 1 is characterized in that, if described Section Point is accepted outside the connection, the step that then described and described Section Point is set up corresponding network tunnel comprises:
First node sends the network tunnel request of setting up to described Section Point;
First node receives the response that described Section Point sends, the network tunnel between foundation and the described Section Point.
4, method according to claim 1 is characterized in that, described method also comprises:
Described first node is to the log-on message of described virtual special network server inquiry first node, to determine whether described first node accepts outside the connection, and the log-on message of described first node comprises at least whether described first node accepts the outside information that connects;
Do not accept outside the connection as if described Section Point, and the outside connection of described first node acceptance, then described and described Section Point is set up corresponding network tunnel and is comprised:
First node sends to described Section Point and is used to point out described Section Point to set up the message of network tunnel to first node;
First node receives the network tunnel request of setting up that described Section Point sends;
First node sends response to described Section Point, the network tunnel between foundation and the described Section Point.
5, method according to claim 1 is characterized in that, described method also comprises:
Described first node is inquired about the log-on message of described first node to described virtual special network server, to determine whether described first node accepts outside the connection, and the log-on message of described first node comprises at least whether described first node accepts the outside information that connects;
If described Section Point is not accepted outside the connection, and described first node do not accept outside the connection, and then described and described Section Point is set up corresponding network tunnel and comprised:
First node sends the network tunnel request of setting up to described virtual special network server;
First node receives the response that described virtual special network server sends, the network tunnel between foundation and the described virtual special network server;
First node sends to described Section Point and sets up network tunnel message, so that described Section Point is set up network tunnel to described virtual special network server, thereby sets up network tunnel between first node and the described Section Point.
6, a kind of data processing method is characterized in that, comprising:
Receive the query messages that first node sends, described query messages comprises the log-on message of inquiring about Section Point;
The log-on message of described Section Point of storage in advance is sent to described first node, so that described first node and described Section Point are set up corresponding network tunnel, the log-on message of described Section Point comprises at least whether described Section Point accepts the outside information that connects.
7, method according to claim 6 is characterized in that, described method also comprises:
Receive the access request message that described first node sends, comprise the nodename of first node, current true Internet protocol address in the described access request message;
For described first node distributes the virtual Internet protocol address, and determine whether described first node accepts outside the connection;
Store the nodename of described first node, current true Internet protocol address, virtual Internet protocol address and indicate described first node whether to accept the outside information that connects, with the nodename of described first node, current true Internet protocol address, virtual Internet protocol address and indicate described first node whether to accept the log-on message of the outside information that connects as first node;
Receive the access request message that described Section Point sends, comprise the nodename of Section Point, current true Internet protocol address in the described access request message;
For described Section Point distributes the virtual Internet protocol address, and determine whether described Section Point accepts outside the connection;
Store the nodename of described Section Point, current true Internet protocol address, virtual Internet protocol address and indicate described Section Point whether to accept the outside information that connects, with the nodename of described Section Point, current true Internet protocol address, virtual Internet protocol address and indicate described Section Point whether to accept the log-on message of the outside information that connects as Section Point.
8, method according to claim 7 is characterized in that, whether described definite described first node and Section Point accept outside step of connecting comprises:
Set up network tunnel to described first node and Section Point,, determine that then described first node and Section Point receive outside the connection if set up successfully; Otherwise, determine that then described first node and Section Point do not receive outside the connection.
9, a kind of VPN (virtual private network) node is characterized in that, comprising:
Query unit is used for the log-on message to virtual special network server inquiry Section Point, whether accepts outside the connection to determine described Section Point, and the log-on message of described Section Point comprises at least whether described Section Point accepts the outside information that connects;
Set up the network tunnel unit, be used for setting up corresponding network tunnel with described Section Point according to the described log-on message that inquires.
10, VPN (virtual private network) node according to claim 9 is characterized in that, described query unit comprises:
Send subelement, be used for sending query messages to virtual special network server, described query messages comprises the log-on message of inquiring about Section Point;
Receive subelement, be used to receive the log-on message of the described Section Point that described virtual special network server sends.
11, VPN (virtual private network) node according to claim 9 is characterized in that, the described network tunnel unit of setting up comprises:
First sets up subelement, is used for sending the network tunnel request of setting up to described Section Point when described Section Point is accepted outside the connection; Receive the response that described Section Point sends, the network tunnel between foundation and the described Section Point.
12, VPN (virtual private network) node according to claim 9, it is characterized in that, described query unit also is used for inquiring about to described virtual special network server the log-on message of described first node, to determine whether described first node accepts outside the connection, and the log-on message of described first node comprises at least whether described first node accepts the outside information that connects.
13, VPN (virtual private network) node according to claim 12 is characterized in that, the described network tunnel unit of setting up comprises:
Second sets up subelement, be used for not accepting outside the connection at described Section Point, and when described first node is accepted outside the connection, send to described Section Point and to be used to point out described Section Point to set up the message of network tunnel, receive the network tunnel request of setting up that described Section Point sends to described first node; To the response that described Section Point sends, the network tunnel between foundation and the described Section Point.
14, VPN (virtual private network) node according to claim 12 is characterized in that, the described network tunnel unit of setting up comprises:
The 3rd sets up subelement, be used for not accepting outside the connection at described Section Point, and described first node sends the network tunnel request of setting up to described virtual special network server when not accepting outside the connection; Receive the response that described virtual special network server sends, the network tunnel between foundation and the described virtual special network server; Send to described Section Point and to set up network tunnel message,, thereby set up network tunnel between first node and the described Section Point so that described Section Point is set up network tunnel to described virtual special network server.
15, a kind of virtual special network server is characterized in that, comprising:
Receiving element is used to receive the message that first node sends, and described message is used to inquire about the log-on message of Section Point;
Transmitting element, the log-on message that is used for the Section Point that will store in advance is sent to described first node, so that described first node and described Section Point are set up corresponding network tunnel, the log-on message of described Section Point comprises at least whether described Section Point accepts the outside information that connects.
16, virtual special network server according to claim 15, it is characterized in that, described receiving element also is used to receive the access request message that described first node sends, and comprises the nodename of first node in the described access request message, current true Internet protocol address;
Described virtual special network server also comprises:
Allocation units are used to distribute the virtual Internet protocol address of described first node, and determine whether described first node accepts outside the connection;
Memory cell, be used to store the nodename of described first node, current true Internet protocol address, virtual Internet protocol address and indicate described first node whether to accept the outside information that connects, with the nodename of described first node, current true Internet protocol address, virtual Internet protocol address and indicate described first node whether to accept the log-on message of the outside information that connects as first node;
Described receiving element also is used to receive the access request message that described Section Point sends, and comprises the nodename of Section Point in the described access request message, current true Internet protocol address;
Described virtual special network server also comprises:
Allocation units are used to distribute the virtual Internet protocol address of described Section Point, and determine whether described Section Point accepts outside the connection;
Memory cell, be used to store the nodename of described Section Point, current true Internet protocol address, virtual Internet protocol address and indicate described Section Point whether to accept the outside information that connects, with the nodename of described Section Point, current true Internet protocol address, virtual Internet protocol address and indicate described Section Point whether to accept the log-on message of the outside information that connects as Section Point.
17, a kind of virtual private network system is characterized in that, comprising:
VPN (virtual private network) node and virtual special network server;
Described VPN (virtual private network) node, be used for log-on message to described virtual special network server inquiry Section Point, to determine whether described Section Point accepts outside the connection, and the log-on message of described Section Point comprises at least whether described Section Point accepts the outside information that connects; According to the described log-on message that inquires, set up corresponding network tunnel with described Section Point;
Described virtual special network server is used to receive the message that described VPN (virtual private network) node sends, and described message is used to inquire about the log-on message of Section Point; The log-on message of Section Point of storage in advance is sent to described VPN (virtual private network) node, so that described VPN (virtual private network) node and described Section Point are set up corresponding network tunnel, the log-on message of described Section Point comprises at least whether described Section Point accepts the outside information that connects.
CN2009101376586A 2009-05-04 2009-05-04 Method for establishing network tunnel, data processing method and relevant equipment Active CN101557336B (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CN2009101376586A CN101557336B (en) 2009-05-04 2009-05-04 Method for establishing network tunnel, data processing method and relevant equipment
PCT/CN2010/072424 WO2010127610A1 (en) 2009-05-04 2010-05-04 Method, equipment and system for processing visual private network node information
US13/289,552 US8769661B2 (en) 2009-05-04 2011-11-04 Virtual private network node information processing method, relevant device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2009101376586A CN101557336B (en) 2009-05-04 2009-05-04 Method for establishing network tunnel, data processing method and relevant equipment

Publications (2)

Publication Number Publication Date
CN101557336A true CN101557336A (en) 2009-10-14
CN101557336B CN101557336B (en) 2012-05-02

Family

ID=41175287

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2009101376586A Active CN101557336B (en) 2009-05-04 2009-05-04 Method for establishing network tunnel, data processing method and relevant equipment

Country Status (1)

Country Link
CN (1) CN101557336B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010127610A1 (en) * 2009-05-04 2010-11-11 成都市华为赛门铁克科技有限公司 Method, equipment and system for processing visual private network node information
CN102263704A (en) * 2011-09-01 2011-11-30 杭州华三通信技术有限公司 Topology construction method and device supporting layer 2 interconnection of data centers
CN105282003A (en) * 2014-06-20 2016-01-27 中国电信股份有限公司 Tunnel establishing method and system, tunnel controller and virtual switch

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1231024C (en) * 2002-08-16 2005-12-07 华为技术有限公司 Virtual specsel net realizing method based on dynamic IP address and system
KR100667502B1 (en) * 2005-03-28 2007-01-10 주식회사 케이티프리텔 Method of mobile node's connection to virtual private network using Mobile IP
CN100401706C (en) * 2005-10-24 2008-07-09 杭州华三通信技术有限公司 Access method and system for client end of virtual private network
CN101212374A (en) * 2006-12-29 2008-07-02 北大方正集团有限公司 Method and system for remote access to campus network resources

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010127610A1 (en) * 2009-05-04 2010-11-11 成都市华为赛门铁克科技有限公司 Method, equipment and system for processing visual private network node information
US8769661B2 (en) 2009-05-04 2014-07-01 Chengdu Huawei Symantec Technologies Co., Ltd. Virtual private network node information processing method, relevant device and system
CN102263704A (en) * 2011-09-01 2011-11-30 杭州华三通信技术有限公司 Topology construction method and device supporting layer 2 interconnection of data centers
CN102263704B (en) * 2011-09-01 2014-03-26 杭州华三通信技术有限公司 Topology construction method and device supporting layer 2 interconnection of data centers
US9264305B2 (en) 2011-09-01 2016-02-16 Hangzhou H3C Technologies Co., Ltd. Constructing a network enabling layer-2 interconnection of data centers
US9716620B2 (en) 2011-09-01 2017-07-25 Hewlett Packard Enterprise Development Lp Constructing a network enabling layer-2 interconnection of data centers
CN105282003A (en) * 2014-06-20 2016-01-27 中国电信股份有限公司 Tunnel establishing method and system, tunnel controller and virtual switch
CN105282003B (en) * 2014-06-20 2019-03-22 中国电信股份有限公司 Establish the method and system and tunnel control device and virtual switch in tunnel

Also Published As

Publication number Publication date
CN101557336B (en) 2012-05-02

Similar Documents

Publication Publication Date Title
CN101557337B (en) Network tunnel establishing method, data transmission method, communication system and relevant equipment
CN101692674B (en) Method and equipment for double stack access
CN101510853B (en) Method and apparatus for implementing WLAN wireless bridge, and wireless access client terminal
CN104350725A (en) Method of seamless integration and independent evolution of information-centric networking via software defined networking
JP4479647B2 (en) Route generation system, route generation method, route management server, relay device, terminal device, and control program
CN101150502A (en) A NAT-PT device and its load share method
CN102790813B (en) Communication method as well as system and terminal equipment based on IPv6 (internet protocol version 6) network
CN104243627A (en) Domain name resolution method, device and system
CN101119382A (en) Method of mutual communication of IPv4 network and IPv6 network and communication network element system
CN102611763A (en) DNS (Domain Name Server) inquiring method and equipment
CN102055816A (en) Communication method, business server, intermediate equipment, terminal and communication system
CN107959620B (en) Fully mechanized mining equipment identification method, device, system, gateway and storage medium
CN104980528A (en) Method, system and apparatus for realizing communication between nodes
US20090296706A1 (en) Method, system and processor for processing network address translation service
CN105245629A (en) DHCP-based host communication method and device
CN102820977A (en) Multicast method, multicast device and network device
CN103441932A (en) Host routing table entry generating method and device
CN1812398B (en) Method for realizing DHCP server loading sharing based on DHCP relay
CN100473073C (en) Network system based on layer structure and node positioning method therefor
US9413590B2 (en) Method for management of a secured transfer session through an address translation device, corresponding server and computer program
CN101557336B (en) Method for establishing network tunnel, data processing method and relevant equipment
CN103503413A (en) Method and device for transmitting network information
CN112968965B (en) Metadata service method, server and storage medium for NFV network node
CN105681249A (en) Network access method and network conversion equipment
CN104756462A (en) Method and system for tcp turn operation behind a restrictive firewall

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C56 Change in the name or address of the patentee

Owner name: HUAWEI DIGITAL TECHNOLOGY (CHENGDU) CO., LTD.

Free format text: FORMER NAME: CHENGDU HUAWEI SYMANTEC TECHNOLOGIES CO., LTD.

CP01 Change in the name or title of a patent holder

Address after: 611731 Chengdu high tech Zone, Sichuan, West Park, Qingshui River

Patentee after: HUAWEI DIGITAL TECHNOLOGIES (CHENG DU) Co.,Ltd.

Address before: 611731 Chengdu high tech Zone, Sichuan, West Park, Qingshui River

Patentee before: CHENGDU HUAWEI SYMANTEC TECHNOLOGIES Co.,Ltd.

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20220905

Address after: No. 1899 Xiyuan Avenue, high tech Zone (West District), Chengdu, Sichuan 610041

Patentee after: Chengdu Huawei Technologies Co.,Ltd.

Address before: 611731 Qingshui River District, Chengdu hi tech Zone, Sichuan, China

Patentee before: HUAWEI DIGITAL TECHNOLOGIES (CHENG DU) Co.,Ltd.