CN101719859B - Method, device and system for realizing equipment conversion of IPv6 tunnel passing through network address - Google Patents
Method, device and system for realizing equipment conversion of IPv6 tunnel passing through network address Download PDFInfo
- Publication number
- CN101719859B CN101719859B CN2009102539595A CN200910253959A CN101719859B CN 101719859 B CN101719859 B CN 101719859B CN 2009102539595 A CN2009102539595 A CN 2009102539595A CN 200910253959 A CN200910253959 A CN 200910253959A CN 101719859 B CN101719859 B CN 101719859B
- Authority
- CN
- China
- Prior art keywords
- ipv4
- node
- network address
- message
- public network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention provides a method, a device and a system for realizing the equipment conversion of IPv6 tunnel passing through a network address. The method comprises the following steps: receiving a first IPv4 message sent by a first node; acquiring an IPv4 public network address of the first node according to an IPv4 private network address of the first node; carrying out address conversion on the first IPv4 message; adding the mapping relationship of the IPv4 private network address and the IPv4 public network address of the first node to the first IPv4 message; and sending the first IPv4 message to a second node. By adding the IPv4 private network address and the IPv4 public network address of the first node to the first IPv4 message of the first node, the embodiment of the invention ensures that the second node establishes an IPv6 tunnel passing through a network address conversion device according to the received first IPv4 message to communicate with the first node. The scheme is easy to be realized, and has higher practicability.
Description
Technical field
The present invention relates to communication technical field, particularly a kind of method, equipment and system that realizes the IPv6 tunnel crossing network address translation apparatus.
Background technology
The fast development of the Internet makes the public network address depletion rate of internet protocol (Internet Protocol Version 4 is hereinafter to be referred as IPv4) of version number 4 accelerate, and causes IPv4 public network address problem in short supply.Network address translation (Network Address Translation is hereinafter to be referred as NAT) technology is one of technology that solves IPv4 address problem in short supply.
The NAT technology can be the private net address of the computer distributing IP v4 in the private network, converts the IPv4 private net address of computer into public network address at NAT device, so that computer can access external network.The NAT technology has been alleviated IPv4 public network address problem in short supply to a certain extent; But the more effective solution of IPv4 public network address problem in short supply is to adopt internet protocol (the Internet Protocol Version 6 of version number 6; Hereinafter to be referred as IPv6), IPv6 has huge address space.In the period of IPv4 to the IPv6 progressive transition, need to consider IPv6 network and the network coexisted problem of IPv4, if be provided with NAT device in the IPv4 network, then need set up can cross-over NAT equipment the IPv6 tunnel, with the interconnection among all networks of realization IPv6 node.
Prior art has proposed Teredo (Tunneling IPv6 over UDP through Network Address Translations) scheme; This scheme has adopted UDP (User Datagram Protocol; Hereinafter to be referred as UDP) encapsulation of data is with the mechanism of cross-over NAT equipment; Through setting up the Teredo tunnel for IPv6 node and the overseas IPv6 node of NAT in the NAT territory; With IPv6 data encapsulation cross-over NAT equipment in UDP load, make the IPv6 node intercommunication that IPv6 node in the NAT territory can be overseas with NAT.
The inventor finds in realizing embodiment of the invention process, sets up the Teredo tunneling technique of passing through NAT, is based on udp protocol to realize, need carry out bigger change to the node in IPv4 or the IPv6 network, the complexity that scheme realizes is higher.
Summary of the invention
The embodiment of the invention provides a kind of method, equipment and system of the IPv6 of realization tunnel crossing network address translation apparatus, to reduce the implementation complexity of IPv6 node passing through network address switching device.
The embodiment of the invention provides a kind of method of the IPv6 of realization tunnel crossing network address translation apparatus, comprising:
Receive the IPv4 message that first node sends, a said IPv4 message comprises the IPv4 private net address and the first node authentication information of said first node;
Said first node is carried out the authentication of fail safe and reliability according to said first node authentication information; Obtain the IPv4 public network address of first node according to the IPv4 private net address of said first node; A said IPv4 message is carried out address transition, be added into a said IPv4 message to the IPv4 private net address of the said first node of major general and the mapping relations and the network address translation apparatus authentication information of IPv4 public network address;
Send a said IPv4 message to Section Point; A said IPv4 message comprises the IPv4 private net address of said first node and the mapping relations and the network address translation apparatus authentication information of IPv4 public network address at least, and the IPv4 public network address of said first node can be used for setting up the IPv6 tunnel of Section Point and said first node.
The embodiment of the invention also provides a kind of IPV6 of being used for the network address translation apparatus that the tunnel passes through, and comprising:
First receiver module is used to receive the IPv4 message that first node sends, and a said IPv4 message comprises the IPv4 private net address and the first node authentication information of said first node;
Authentication module is used for the first node authentication information that comprises according to an IPv4 message, said first node is carried out the authentication of fail safe and reliability; Acquisition module, the IPv4 private net address of the first node that is used for comprising according to the IPv4 message that receives obtains the IPv4 public network address of first node;
Address conversion module is used for the IPv4 public network address according to the first node that obtains, and an IPv4 message is carried out address transition;
Mapping block; Be used for IPv4 private net address according to this first node; And the IPv4 public network address of the first node that gets access to, add in the IPv4 message to the mapping relations of the IPv4 public network address of the IPv4 private net address of the said first node of major general and said first node;
Network address translation authentication information module is used for adding the network address translation apparatus authentication information to a said IPv4 message;
First sending module; Be used for sending an IPv4 message through address transition to Section Point; The mapping relations and the said network address translation apparatus authentication information of the IPv4 private net address that comprises first node in the one IPv4 message at least and the IPv4 public network address of this first node, the IPv4 public network address of said first node can be used for setting up the IPv6 tunnel of Section Point and said first node.
The embodiment of the invention also provides a kind of system of the IPv6 of realization tunnel crossing network address translation apparatus, comprising: first node, network address translation apparatus and Section Point;
Said first node is used for sending an IPv4 message to said network address translation apparatus, and a said IPv4 message comprises the IPv4 private net address and the first node authentication information of said first node;
Said network address translation apparatus; Be used to receive the IPv4 message that first node sends; Said first node is carried out the authentication of fail safe and reliability according to said first node authentication information; Obtain the IPv4 public network address of first node according to the IPv4 private net address of first node; The one IPv4 message is carried out address transition, be added into a said IPv4 message to the mapping relations and the network address translation apparatus authentication information of the IPv4 public network address of the IPv4 private net address of the said first node of major general and said first node, and send to said Section Point;
Said Section Point; Said network address translation apparatus is carried out the authentication of fail safe and reliability according to said network address translation apparatus authentication information; Obtain the IPv4 public network address of said first node according to the mapping relations of the IPv4 public network address of the IPv4 private net address of the said first node in the said IPv4 message and said first node, and set up the IPv6 tunnel with said first node according to the IPv4 public network address of said first node.
The embodiment of the invention also provides a kind of Section Point of the IPv6 of realization tunnel crossing network address translation apparatus, comprising:
The 3rd receiver module is used to receive the IPv4 message that network address translation apparatus sends, and comprises the IPv4 public network address of first node and the mapping relations and the network address translation apparatus authentication information of IPv4 private network in the said IPv4 message;
The public network address acquisition module; Be used for said network address translation apparatus being carried out the authentication of fail safe and reliability according to said network address translation apparatus authentication information; According to the IPv4 public network address of the said first node that comprises in the said IPv4 message that receives and the mapping relations of IPv4 private network, obtain the IPv4 public network address of said first node;
Module is set up in the tunnel, is used for the IPv4 public network address according to the said first node that gets access to, and sets up the IPv6 tunnel with said first node.
Present embodiment when setting up the IPv6 tunnel of passing through network address switching device in; The information of the IPv4 private net address through in an IPv4 message of first node, adding first node and the mapping relations of IPv4 public network address; Make Section Point to be connected, communicate with first node according to the IPv6 tunnel that an IPv4 message of receiving and first node are set up passing through network address switching device.Scheme is easy to realize having advantages of high practicability.
Description of drawings
Fig. 1 a is the scene sketch map of the realization IPv6 tunnel pass through NAT equipment that provides of one embodiment of the invention;
Fig. 1 b is the method flow diagram of the realization IPv6 tunnel pass through NAT equipment that provides of one embodiment of the invention;
The method flow diagram of the realization IPv6 tunnel pass through NAT equipment that Fig. 2 provides for one embodiment of the invention;
The method flow diagram of the realization IPv6 tunnel pass through NAT equipment that Fig. 3 provides for one embodiment of the invention;
The structural representation one of the NAT device that Fig. 4 provides for one embodiment of the invention;
Fig. 5 a is the structural representation two of the NAT device that provides of one embodiment of the invention;
Fig. 5 b is the structural representation three of the NAT device that provides of one embodiment of the invention;
Fig. 5 c is the structural representation four of the NAT device that provides of one embodiment of the invention;
The system configuration sketch map of the realization IPv6 tunnel pass through NAT equipment that Fig. 6 provides for one embodiment of the invention;
The node structure sketch map of the realization IPv6 tunnel pass through NAT equipment that Fig. 7 provides for one embodiment of the invention.
Embodiment
For the purpose, technical scheme and the advantage that make the embodiment of the invention clearer; To combine the accompanying drawing in the embodiment of the invention below; Technical scheme in the embodiment of the invention is carried out clear, intactly description; Obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills are not paying the every other embodiment that is obtained under the creative work prerequisite, all belong to the scope of the present invention's protection.
For ease of describing, in an embodiment of the present invention, the source end node of initiation being set up the connection of IPv6 tunnel is called first node, and peer node corresponding and that first node connects is called Section Point.
In a concrete scene of the embodiment of the invention; Shown in Fig. 1 a; First node belongs to an IPv6 network and an IPv4 private network simultaneously; Section Point belongs to an IPv6 network and an IPv4 global network simultaneously, and above-mentioned IP v4 private network links to each other with above-mentioned IP v4 global network through NAT device.Therefore, first node and the Section Point IPv6 tunnel that need set up cross-over NAT equipment communicates.Fig. 1 b is the method flow diagram of the realization IPv6 tunnel pass through NAT equipment that provides of one embodiment of the invention, and this method comprises:
11, receive the IPv4 message that first node sends.
The source IP address of the one IPv4 message is the IPv4 private net address of first node, and purpose IP address is the IPv4 public network address of Section Point.
Optional, can also carry the suggestion port information in the IPv4 message.Further, can also carry the first node authentication information in the IPv4 message, for example, above-mentioned first node authentication information can be for adopt encrypting or signature algorithm generates is used for information that the fail safe and the reliability of first node are carried out authentication.
The IPv4 private net address of the first node that 12, carries according to an IPv4 message obtains the IPv4 public network address of first node.
After receiving an IPv4 message, just can obtain the IPv4 public network address of first node, the row address of going forward side by side conversion according to the IPv4 private net address of first node.
Optional, if carried the suggestion port information in the IPv4 message, can also directly adopt and should advise port, as the port after the conversion of first node.
Optional, if carried the first node authentication information in the IPv4 message, just can carry out the authentication of fail safe and reliability to first node according to the first node authentication information in the IPv4 message.
13, an above-mentioned IPv4 message is carried out address transition, be added into an IPv4 message to the IPv4 private net address of major general's first node and the mapping relations of IPv4 public network address, and send to this Section Point.
In an embodiment of the present invention; Because an IPv4 message transmitting party is to being to send from the private network of the IPv4 global network to IPv4; Therefore an above-mentioned IPv4 message is carried out address transition, specifically be meant: the IPv4 public network address that the IPv4 private net address of the first node in the IPv4 address information is converted into first node.
Optional, can also the mapping relations of the port after port before the conversion and the conversion be added in the IPv4 message.
Optional, can also protocol number be added in the IPv4 message.
Optional, can also in an IPv4 message, add the NAT device authentication information, NAT device is carried out the authentication of fail safe and reliability for Section Point.
In an embodiment of the present invention, first node and Section Point can be automatic tunnel addressing protocol between the station (Intra-Site Automatic Tunnel Addressing Protocol is hereinafter to be referred as Isatap) client; Or 6to4 router (router that connects IPv6 network and IPv4 network); Or generic route encapsulation (Generic Routing Encapsulation is hereinafter to be referred as GRE) node.
Optional, if carried the first node authentication information in the IPv4 message, then Section Point just can carry out the authentication of fail safe and reliability according to the first node authentication information in the IPv4 message to first node.
In the present embodiment; Through in an IPv4 message of first node, adding the IPv4 private net address of first node and the mapping relations of IPv4 public network address; Make Section Point can set up the IPv6 tunnel of cross-over NAT equipment, communicate with first node according to an IPv4 message of receiving.Scheme is easy to realize having advantages of high practicability.
For introducing embodiments of the invention in more detail, with reference to the scene shown in Fig. 1 a, do further explanation below.Suppose in this scene that the IPv4 private net address of first node is a, the IPv4 public network address is A; The IPv4 public network address of Section Point is B.As shown in Figure 2:
21, first node sends an IPv4 message to NAT device.
The source IP address of the one IPv4 message is the IPv4 private net address of first node, and purpose IP address is the IPv4 public network address of Section Point.
Optional, can also carry suggestion port information and first node authentication information in the IPv4 message.
22, after NAT device is received an IPv4 message; Obtain the IPv4 public network address of first node according to the IPv4 private net address of first node; An above-mentioned IPv4 message is carried out address transition, and be added in the IPv4 message to the mapping relations of the IPv4 public network address of the IPv4 private net address of major general's first node and first node.
In an embodiment of the present invention; Because an IPv4 message transmitting party is to being to send from the private network of the IPv4 global network to IPv4; Therefore an above-mentioned IPv4 message is carried out address transition, specifically be meant: the IPv4 public network address that the IPv4 private net address of the first node in the IPv4 address information is converted into first node.
Optional, if carried the suggestion port information in the IPv4 message, can also directly adopt and should advise port, as the port after the conversion of first node.
Optional, can also the mapping relations of the port after port before the conversion and the conversion be added in the IPv4 message.
Optional, can also protocol number be added in the IPv4 message.
23, NAT device sends an IPv4 message to Section Point.
Optional, NAT device can also add the NAT device authentication information in an IPv4 message, so that Section Point can carry out the authentication of fail safe and reliability to NAT device.
24, after Section Point is received an IPv4 message,, set up the IPv6 tunnel according to the IPv4 public network address of first node.
25, Section Point sends the 2nd IPv4 message to first node, comprises the mapping relations of IPv4 public network address of IPv4 private net address and the first node of first node in the 2nd IPv4 message at least.
The source IP address of the 2nd IPv4 message is the IPv4 public network address of Section Point, and purpose IP address is the IPv4 public network address of first node.
Optional, Section Point can also add the Section Point authentication information in the 2nd IPv4 message, so that first node can carry out the authentication of fail safe and reliability to Section Point.
26, after NAT device is received the 2nd IPv4 message, the 2nd IPv4 message is carried out address transition, and the 2nd IPv4 message is sent to first node.
In the present embodiment; Because the 2nd IPv4 message transmitting party is to being to send from the global network of the IPv4 private network to IPv4; Then above-mentioned the 2nd IPv4 message is carried out address transition, specifically be meant: the IPv4 private net address that the IPv4 public network address of the first node in the IPv4 address information is converted into first node.
27, after first node is received the 2nd IPv4 message; Mapping relations according to the IPv4 public network address of the IPv4 private net address of the first node in the 2nd IPv4 message and first node; Obtain the IPv4 public network address of first node self, and set up the IPv6 tunnel according to this IPv4 public network address.
So far, first node and Section Point have just been set up the IPv6 tunnel of cross-over NAT equipment, and first node and Section Point communicate through this tunnel.In follow-up communication message mutual, when the protocol number that detects message when NAT device is IPv6, then directly carry out the conversion of message IPv4 private net address and IPv4 public network address according to the mapping relations of having obtained.
Present embodiment is when setting up the IPv6 tunnel of cross-over NAT equipment; In an IPv4 message of first node, add the mapping relations of IPv4 public network address of IPv4 private net address and the first node of first node by NAT device at least, make Section Point after receiving an IPv4 message, to set up the IPv6 tunnel with first node.Send the 2nd IPv4 message of the IPv4 private net address comprise first node at least and the mapping relations of the IPv4 public network address of first node afterwards by Section Point to first node, make first node also can set up and the tunnel of Section Point according to the 2nd IPv4 message.The scheme of present embodiment is easy to realize having advantages of high practicability and fail safe.
In another concrete scene of the present invention, as shown in Figure 3, relate to a plurality of (, only illustrating two among the figure) NAT device for ease of introducing.In this scene, first node belongs to an IPv6 network and an IPv4 private network simultaneously, and Section Point belongs to an IPv6 network and an IPv4 private network simultaneously; Above-mentioned two IPv4 private networks through first NAT device and second NAT device, link to each other with an IPv4 global network respectively.The IPv4 network that the IPv6 tunnel of setting up in this scene passes through is: IPv4 private network-first NAT device-IPv4 global network-second NAT device-IPv4 private network.
Suppose in this scene that the IPv4 private net address of first node is a, the IPv4 public network address is A; The IPv4 private net address of Section Point is b, and the IPv4 public network address is B.As shown in Figure 3:
31, first node sends an IPv4 message to first NAT device.
The source IP address of the one IPv4 message is the IPv4 private net address of first node just, and the purpose IP address of an IPv4 message is the IPv4 public network address of Section Point just.
Optional, can also carry suggestion port information and first node authentication information in the IPv4 message.
32, after first NAT device is received an IPv4 message; Obtain the IPv4 public network address of first node according to the IPv4 private net address of the first node in the IPv4 message; An above-mentioned IPv4 message is carried out address transition, and be added in the IPv4 message to the mapping relations of the IPv4 public network address of the IPv4 private net address of major general's first node and first node.
In an embodiment of the present invention; Because an IPv4 message transmitting party is to being to send from the private network of the IPv4 global network to IPv4; Therefore an above-mentioned IPv4 message is carried out address transition, specifically be meant: the IPv4 public network address that the IPv4 private net address of the first node in the IPv4 address information is converted into first node.
When in the IPv4 message suggestion port information being arranged, the port after first NAT device can also directly adopt this suggestion port as the conversion of first node.
Optional, can also the mapping relations of the port after port before the conversion and the conversion be added in the IPv4 message.
Optional, can also protocol number be added in the IPv4 message.
33, first NAT device sends an IPv4 message to second NAT device.
Optional, first NAT device can also add the authentication information of first NAT device in an IPv4 message, so that first node or Section Point can carry out the authentication of fail safe and reliability to first NAT device.
34, after second NAT device is received the IPv4 message that first NAT device is sent, obtain the IPv4 private net address of Section Point, an IPv4 message is carried out address transition according to the IPv4 public network address of the Section Point in the IPv4 message.
35, second NAT device sends to Section Point with an IPv4 message.
Optional, second NAT device can also add the authentication information of second NAT device in an IPv4 message, so that first node or Section Point can carry out the authentication of fail safe and reliability to second NAT device.
36, after Section Point is received an IPv4 message, obtain the IPv4 public network address of first node, and set up the IPv6 tunnel with first node according to the IPv4 public network address of first node according to the mapping relations in the IPv4 message.
Optional; Section Point can also carry out the authentication of fail safe and reliability to first node according to the authentication information of the first node in the IPv4 message, first NAT device and/or second NAT device is carried out the authentication of fail safe and reliability according to the authentication information of first NAT device and/or second NAT device.
37, Section Point sends the 2nd IPv4 message to first node, comprises the mapping relations of IPv4 public network address of IPv4 private net address and the first node of first node in the 2nd IPv4 message at least.
The source IP address of the 2nd IPv4 message is the IPv4 private net address of Section Point, and purpose IP address is the IPv4 public network address of first node.
Optional, Section Point can also add the authentication information of Section Point in the 2nd IPv4 message, so that first node can carry out the authentication of fail safe and reliability to Section Point.
Optional, the 2nd IPv4 message can also comprise the authentication information of first NAT device and second NAT device.
38, after second NAT device is received the 2nd IPv4 message, obtain the IPv4 public network address of Section Point, above-mentioned the 2nd IPv4 message is carried out address transition according to the IPv4 private net address of Section Point.
39, second NAT device is transmitted to first NAT device with the 2nd IPv4 message.
310, after first NAT device is received the 2nd IPv4 message, obtain the IPv4 private net address of first node, the 2nd IPv4 message is carried out address transition according to the IPv4 public network address of the first node in the 2nd IPv4 message.
311, first NAT device is transmitted to first node with the 2nd IPv4 message.
312, after first node is received the 2nd IPv4 message; Mapping relations according to the IPv4 public network address of the IPv4 private net address of first node in the 2nd IPv4 message and first node; Obtain the IPv4 public network address of first node self, and according to the IPv6 tunnel of this IPv4 public network address foundation with Section Point.
Optional; First node can also be according to the authentication information of the Section Point in the IPv4 message; Section Point is carried out the authentication of fail safe and reliability, first NAT device and/or second NAT device are carried out the authentication of fail safe and reliability according to the authentication information of first NAT device and/or second NAT device.
Similarly, an IPv4 message also can be sent by Section Point, and the IPv4 private net address of second NAT device to major general's Section Point and the mapping relations of IPv4 public network address are added in the IPv4 message, send to first node; After first node receives an IPv4 message, feed back the 2nd IPv4 message to Section Point.Concrete process and said process are similar, repeat no more here.
It is that example describes that present embodiment only passes through the IPv4 network with two NAT device with the IPv6 tunnel, and the method that IPv6 passes through in the tunnel IPv4 network with a plurality of NAT device similarly repeats no more.
So far, first node and Section Point have just been set up the IPv6 tunnel of cross-over NAT equipment, and first node and Section Point communicate through this tunnel.In follow-up communication message mutual, when first NAT device when the protocol number that detects message is IPv6, then directly the mapping relations obtained of basis are carried out the conversion of message IPv4 private net address and IPv4 public network address.
Present embodiment is when setting up the IPv6 tunnel of cross-over NAT equipment; In an IPv4 message of first node, add the mapping relations of IPv4 public network address of IPv4 private net address and the first node of first node at least by first NAT device; Make Section Point after receiving an IPv4 message, can set up IPv6 tunnel according to the IPv4 public network address of first node with first node.Send the 2nd IPv4 message of the IPv4 private net address comprise first node at least and the IPv4 public network address mapping relations of first node afterwards by Section Point to first node, make first node also can set up and the IPv6 tunnel of Section Point according to the IPv4 public network address of first node.The scheme of present embodiment is easy to realize having advantages of high practicability and fail safe.
The structural representation of the NAT device that Fig. 4 provides for one embodiment of the invention, as shown in Figure 4, the NAT device of present embodiment can comprise:
First sending module 45 is used for sending the IPv4 message through address transition to Section Point, comprises the mapping relations of IPv4 public network address of IPv4 private net address and this first node of first node in the IPv4 message at least.
Optional, mapping block 44 also is used for adding the mapping relations of the port after port before the conversion and the conversion to an IPv4 message.
Optional, when comprising the authentication information of first node in the IPv4 message that receiver module 41 receives, shown in Fig. 5 a, this NAT device can also comprise:
Optional, shown in Fig. 5 b, this NAT device can also comprise:
NAT authentication information module 47 is used for the authentication information with this NAT device, adds in the IPv4 message.
Optional, can also comprise like this NAT device of Fig. 5 c:
Second receiver module 48 is used to receive the 2nd IPv4 message that Section Point sends, and the 2nd IPv4 message comprises the mapping relations of IPv4 public network address of IPv4 private net address and this first node of first node at least.
Second sending module 49 is used for sending the 2nd IPv4 message to first node, the mapping relations of the IPv4 private net address that the 2nd IPv4 message comprises first node at least and the IPv4 public network address of this first node.
Optional, can also comprise the authentication information of Section Point in the 2nd IPv4 message.
In the present embodiment; After Section Point is received an IPv4 message; Just can be according to the mapping relations of the IPv4 public network address of the IPv4 private net address of the first node that comprises in the IPv4 message and this first node; Confirm the IPv4 public network address of first node, and according to the IPv4 public network address foundation of this first node and the IPv6 tunnel of first node.And after first node receives the 2nd IPv4 message; Can be according to these mapping relations of the IPv4 public network address of the IPv4 private net address of the first node that comprises in the 2nd IPv4 message and this first node; Confirm the IPv4 public network address of first node self, thereby according to the IPv4 public network address foundation of this first node self and the IPv6 tunnel of this Section Point.
Present embodiment is when setting up the IPv6 tunnel of cross-over NAT equipment; Mapping relations by NAT device adds private net address and public network address in an IPv4 message of first node make Section Point after receiving an IPv4 message, to set up the IPv6 tunnel with first node and are connected.The scheme of present embodiment is easy to realize having advantages of high practicability and fail safe.
The system configuration sketch map of the realization IPv6 tunnel pass through NAT equipment that Fig. 6 provides for one embodiment of the invention.As shown in Figure 6, native system comprises first node 61, NAT device 62 and Section Point 63.
This Section Point 63 also is used for sending the 2nd IPv4 message to this first node 61, comprises the mapping relations of IPv4 public network address of IPv4 private net address and the first node 61 of first node 61 in the 2nd IPv4 message at least.
Present embodiment is when setting up the IPv6 tunnel of cross-over NAT equipment; In an IPv4 message of first node, add the IPv4 private net address of first node and the mapping relations of IPv4 public network address by NAT device, make Section Point after receiving an IPv4 message, to set up the IPv6 tunnel with first node.Send the 2nd IPv4 message of the mapping relations of the IPv4 private net address comprise first node and IPv4 public network address afterwards by Section Point to first node, make first node also can set up and the IPv6 tunnel of Section Point according to the 2nd IPv4 message.The scheme of present embodiment is easy to realize having advantages of high practicability and fail safe.
One embodiment of the present of invention also provide a kind of structural representation of node of the IPv6 of realization tunnel crossing network address conversion NAT device, and are as shown in Figure 7, comprising:
The 3rd receiver module 71 is used to receive the IPv4 message that NAT device sends, and comprises the mapping relations of the IPv4 public network address and the IPv4 private network of this node in this message.
Public network address acquisition module 72, the IPv4 public network address of this node that is used for comprising according to the above-mentioned IP v4 message that receives and the mapping relations of IPv4 private network are obtained the IPv4 public network address of this node self.
Present embodiment is when setting up the IPv6 tunnel of cross-over NAT equipment; Node is according to the IPv4 public network address of this node self that comprises in the IPv4 message that receives and the mapping relations of IPv4 private network; Obtain the IPv4 public network address of this node self; And set up the IPv6 tunnel thus, the scheme of present embodiment is easy to realize having advantages of high practicability and fail safe.
One of ordinary skill in the art will appreciate that: accompanying drawing is the sketch map of an embodiment, and module in the accompanying drawing or flow process might not be that embodiment of the present invention is necessary.
One of ordinary skill in the art will appreciate that: the module in the device among the embodiment can be described according to embodiment and be distributed in the device of embodiment, also can carry out respective change and be arranged in the one or more devices that are different from present embodiment.The module of the foregoing description can be merged into a module, also can further split into a plurality of submodules.
The invention described above embodiment sequence number is not represented the quality of embodiment just to description.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can be accomplished through the relevant hardware of program command; Aforesaid program can be stored in the computer read/write memory medium; This program the step that comprises said method embodiment when carrying out; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
What should explain at last is: above embodiment is only in order to explaining technical scheme of the present invention, but not to its restriction; Although with reference to previous embodiment the present invention has been carried out detailed explanation, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that previous embodiment is put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these are revised or replacement, do not make the spirit and the scope of the essence disengaging embodiment of the invention technical scheme of relevant art scheme.
Claims (9)
1. a method that realizes the IPv6 tunnel crossing network address translation apparatus is characterized in that, comprising:
Receive the IPv4 message that first node sends, a said IPv4 message comprises the IPv4 private net address and the first node authentication information of said first node;
Said first node is carried out the authentication of fail safe and reliability according to said first node authentication information; Obtain the IPv4 public network address of first node according to the IPv4 private net address of said first node; A said IPv4 message is carried out address transition, be added into a said IPv4 message to the IPv4 private net address of the said first node of major general and the mapping relations and the network address translation apparatus authentication information of IPv4 public network address;
Send a said IPv4 message to Section Point; A said IPv4 message comprises the IPv4 private net address of said first node and the mapping relations and the network address translation apparatus authentication information of IPv4 public network address at least, and the IPv4 public network address of said first node can be used for setting up the IPv6 tunnel of Section Point and said first node.
2. the method for realization IPv6 tunnel crossing network address translation apparatus according to claim 1 is characterized in that after said Section Point sent a said IPv4 message, said method also comprised:
Receive the 2nd IPv4 message that said Section Point sends, said the 2nd IPv4 message comprises the mapping relations of IPv4 public network address of IPv4 private net address and the said first node of said first node;
Said the 2nd IPv4 message is carried out address transition, said the 2nd IPv4 message is sent to said first node.
3. the method for realization IPv6 tunnel crossing network address translation apparatus according to claim 1; It is characterized in that; Saidly be added into a said IPv4 message to the IPv4 private net address of the said first node of major general and the mapping relations of IPv4 public network address, comprise:
The IPv4 private net address of said first node and the mapping relations of IPv4 public network address and at least one in the following information are added into a said IPv4 message:
The mapping relations of the port after port before the conversion and the conversion;
The protocol number of message;
The authentication information of network address translation apparatus.
4. one kind is used for the network address translation apparatus that the IPV6 tunnel passes through, and it is characterized in that, comprising:
First receiver module is used to receive the IPv4 message that first node sends, and a said IPv4 message comprises the IPv4 private net address and the first node authentication information of said first node;
Authentication module is used for the first node authentication information that comprises according to an IPv4 message, said first node is carried out the authentication of fail safe and reliability; Acquisition module, the IPv4 private net address of the first node that is used for comprising according to the IPv4 message that receives obtains the IPv4 public network address of first node;
Address conversion module is used for the IPv4 public network address according to the first node that obtains, and an IPv4 message is carried out address transition;
Mapping block; Be used for IPv4 private net address according to this first node; And the IPv4 public network address of the first node that gets access to, add in the IPv4 message to the mapping relations of the IPv4 public network address of the IPv4 private net address of the said first node of major general and said first node;
Network address translation authentication information module is used for adding the network address translation apparatus authentication information to a said IPv4 message;
First sending module; Be used for sending an IPv4 message through address transition to Section Point; The mapping relations and the said network address translation apparatus authentication information of the IPv4 private net address that comprises first node in the one IPv4 message at least and the IPv4 public network address of this first node, the IPv4 public network address of said first node can be used for setting up the IPv6 tunnel of Section Point and said first node.
5. network address translation apparatus according to claim 4 is characterized in that, said mapping block also is used for adding the mapping relations of the port after port before the conversion and the conversion to an IPv4 message.
6. network address translation apparatus according to claim 4 is characterized in that, said equipment also comprises:
Second receiver module is used to receive the 2nd IPv4 message that said Section Point sends, and said the 2nd IPv4 message comprises the mapping relations of IPv4 public network address of IPv4 private net address and this first node of said first node at least;
Second sending module is used for sending said the 2nd IPv4 message to said first node, and said the 2nd IPv4 message comprises the mapping relations of IPv4 public network address of IPv4 private net address and the said first node of said first node at least.
7. a system that realizes the IPv6 tunnel crossing network address translation apparatus is characterized in that, comprising: first node, network address translation apparatus and Section Point;
Said first node is used for sending an IPv4 message to said network address translation apparatus, and a said IPv4 message comprises the IPv4 private net address and the first node authentication information of said first node;
Said network address translation apparatus; Be used to receive the IPv4 message that first node sends; Said first node is carried out the authentication of fail safe and reliability according to said first node authentication information; Obtain the IPv4 public network address of first node according to the IPv4 private net address of first node; The one IPv4 message is carried out address transition, be added into a said IPv4 message to the mapping relations and the network address translation apparatus authentication information of the IPv4 public network address of the IPv4 private net address of the said first node of major general and said first node, and send to said Section Point;
Said Section Point; Said network address translation apparatus is carried out the authentication of fail safe and reliability according to said network address translation apparatus authentication information; Obtain the IPv4 public network address of said first node according to the mapping relations of the IPv4 public network address of the IPv4 private net address of the said first node in the said IPv4 message and said first node, and set up the IPv6 tunnel with said first node according to the IPv4 public network address of said first node.
8. system according to claim 7 is characterized in that,
Said Section Point also is used for sending the 2nd IPv4 message to said first node, comprises the mapping relations of IPv4 public network address of IPv4 private net address and the said first node 61 of said first node in said the 2nd IPv4 message at least;
Said network address translation apparatus also is used for the 2nd IPv4 message is carried out address transition, and said the 2nd IPv4 message is sent to first node;
Said first node; Also be used for obtaining the IPv4 public network address of said first node, and set up the IPv6 tunnel with said Section Point according to the IPv4 public network address of said first node according to the mapping relations of the IPv4 public network address of the IPv4 private net address of the said first node of said the 2nd IPv4 message and said first node.
9. a Section Point of realizing the IPv6 tunnel crossing network address translation apparatus is characterized in that, comprising:
The 3rd receiver module is used to receive the IPv4 message that network address translation apparatus sends, and comprises the IPv4 public network address of first node and the mapping relations and the network address translation apparatus authentication information of IPv4 private network in the said IPv4 message;
The public network address acquisition module; Be used for said network address translation apparatus being carried out the authentication of fail safe and reliability according to said network address translation apparatus authentication information; According to the IPv4 public network address of the said first node that comprises in the said IPv4 message that receives and the mapping relations of IPv4 private network, obtain the IPv4 public network address of said first node;
Module is set up in the tunnel, is used for the IPv4 public network address according to the said first node that gets access to, and sets up the IPv6 tunnel with said first node.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2009102539595A CN101719859B (en) | 2009-12-09 | 2009-12-09 | Method, device and system for realizing equipment conversion of IPv6 tunnel passing through network address |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2009102539595A CN101719859B (en) | 2009-12-09 | 2009-12-09 | Method, device and system for realizing equipment conversion of IPv6 tunnel passing through network address |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101719859A CN101719859A (en) | 2010-06-02 |
CN101719859B true CN101719859B (en) | 2012-06-06 |
Family
ID=42434380
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2009102539595A Active CN101719859B (en) | 2009-12-09 | 2009-12-09 | Method, device and system for realizing equipment conversion of IPv6 tunnel passing through network address |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101719859B (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101938531A (en) * | 2010-09-14 | 2011-01-05 | 北京星网锐捷网络技术有限公司 | Method, system and device for communicating IPv4 network and IPv6 network |
CN104378301B (en) * | 2013-08-15 | 2018-08-14 | 华为终端有限公司 | A kind of data processing method and data processing equipment |
CN112804285B (en) * | 2020-11-08 | 2023-08-04 | 北京明瑞之光科技有限公司 | Landscape lighting system and file transmission method thereof |
CN112532762B (en) * | 2020-11-25 | 2023-04-21 | 中盈优创资讯科技有限公司 | Method and device for avoiding IPv4 private network address conflict by IPv6 address |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1697421A (en) * | 2004-05-10 | 2005-11-16 | 华为技术有限公司 | Method for implementing tunnel relay in network for carrying out conversion of network address |
-
2009
- 2009-12-09 CN CN2009102539595A patent/CN101719859B/en active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1697421A (en) * | 2004-05-10 | 2005-11-16 | 华为技术有限公司 | Method for implementing tunnel relay in network for carrying out conversion of network address |
Also Published As
Publication number | Publication date |
---|---|
CN101719859A (en) | 2010-06-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102447748B (en) | Method, equipment and system for allocating outer Internet protocol IP addresses during network address translation (NAT) | |
CN108718278B (en) | Message transmission method and device | |
CN102447617A (en) | Method, terminals and gateway for transmitting IPv6 (Internet Protocol version 6) message in IPv4 network | |
CN102461134A (en) | Handheld device capable of providing data tethering services while maintaining suite of handheld service functions | |
CN104113879A (en) | WiFi communication system deployed with cloud ACs (access controllers) and communication method adopting WiFi communication system deployed with cloud ACs | |
CN110324437B (en) | Original address transmission method, system, storage medium and processor | |
CN101719859B (en) | Method, device and system for realizing equipment conversion of IPv6 tunnel passing through network address | |
CN104079486A (en) | Gateway and method of transmitting data through gateway | |
CN102739541A (en) | Method, device and system for starting routing function and transmitting data | |
CN102404418A (en) | Method, device and system for distributing IP (internet protocol) address for user terminal | |
CN103414798B (en) | The communication means of address transition Network Based, equipment and system | |
CN102257776A (en) | Load balancing | |
CN104994022A (en) | Message transmission method and service board | |
CN102821165A (en) | Method and device for converting internet protocol (IP) address | |
CN103369065B (en) | A kind of message forwarding method and equipment | |
CN102882781A (en) | Method, route bridge and system for transmitting message | |
CN102291305A (en) | Method and device for implementing 6 to 4 relay routing, and message forwarding method | |
CN102201996B (en) | Method and equipment for forwarding message in network address translation (NAT) environment | |
CN102413052B (en) | A kind of method of access network, Apparatus and system | |
CN102143241A (en) | Access method, device and system between hosts | |
CN102487407A (en) | Network address translating method and equipment and system | |
CN102387221B (en) | Data forwarding method and system | |
CN103503413A (en) | Method and device for transmitting network information | |
CN102857574A (en) | Information processing method and apparatus for Internet of Things | |
CN105610672A (en) | Information transmission method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |