CN101719859B - Method, device and system for realizing equipment conversion of IPv6 tunnel passing through network address - Google Patents

Method, device and system for realizing equipment conversion of IPv6 tunnel passing through network address Download PDF

Info

Publication number
CN101719859B
CN101719859B CN2009102539595A CN200910253959A CN101719859B CN 101719859 B CN101719859 B CN 101719859B CN 2009102539595 A CN2009102539595 A CN 2009102539595A CN 200910253959 A CN200910253959 A CN 200910253959A CN 101719859 B CN101719859 B CN 101719859B
Authority
CN
China
Prior art keywords
ipv4
node
network address
message
public network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN2009102539595A
Other languages
Chinese (zh)
Other versions
CN101719859A (en
Inventor
顾杜娟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN2009102539595A priority Critical patent/CN101719859B/en
Publication of CN101719859A publication Critical patent/CN101719859A/en
Application granted granted Critical
Publication of CN101719859B publication Critical patent/CN101719859B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention provides a method, a device and a system for realizing the equipment conversion of IPv6 tunnel passing through a network address. The method comprises the following steps: receiving a first IPv4 message sent by a first node; acquiring an IPv4 public network address of the first node according to an IPv4 private network address of the first node; carrying out address conversion on the first IPv4 message; adding the mapping relationship of the IPv4 private network address and the IPv4 public network address of the first node to the first IPv4 message; and sending the first IPv4 message to a second node. By adding the IPv4 private network address and the IPv4 public network address of the first node to the first IPv4 message of the first node, the embodiment of the invention ensures that the second node establishes an IPv6 tunnel passing through a network address conversion device according to the received first IPv4 message to communicate with the first node. The scheme is easy to be realized, and has higher practicability.

Description

Realize method, equipment and the system of IPv6 tunnel crossing network address translation apparatus
Technical field
The present invention relates to communication technical field, particularly a kind of method, equipment and system that realizes the IPv6 tunnel crossing network address translation apparatus.
Background technology
The fast development of the Internet makes the public network address depletion rate of internet protocol (Internet Protocol Version 4 is hereinafter to be referred as IPv4) of version number 4 accelerate, and causes IPv4 public network address problem in short supply.Network address translation (Network Address Translation is hereinafter to be referred as NAT) technology is one of technology that solves IPv4 address problem in short supply.
The NAT technology can be the private net address of the computer distributing IP v4 in the private network, converts the IPv4 private net address of computer into public network address at NAT device, so that computer can access external network.The NAT technology has been alleviated IPv4 public network address problem in short supply to a certain extent; But the more effective solution of IPv4 public network address problem in short supply is to adopt internet protocol (the Internet Protocol Version 6 of version number 6; Hereinafter to be referred as IPv6), IPv6 has huge address space.In the period of IPv4 to the IPv6 progressive transition, need to consider IPv6 network and the network coexisted problem of IPv4, if be provided with NAT device in the IPv4 network, then need set up can cross-over NAT equipment the IPv6 tunnel, with the interconnection among all networks of realization IPv6 node.
Prior art has proposed Teredo (Tunneling IPv6 over UDP through Network Address Translations) scheme; This scheme has adopted UDP (User Datagram Protocol; Hereinafter to be referred as UDP) encapsulation of data is with the mechanism of cross-over NAT equipment; Through setting up the Teredo tunnel for IPv6 node and the overseas IPv6 node of NAT in the NAT territory; With IPv6 data encapsulation cross-over NAT equipment in UDP load, make the IPv6 node intercommunication that IPv6 node in the NAT territory can be overseas with NAT.
The inventor finds in realizing embodiment of the invention process, sets up the Teredo tunneling technique of passing through NAT, is based on udp protocol to realize, need carry out bigger change to the node in IPv4 or the IPv6 network, the complexity that scheme realizes is higher.
Summary of the invention
The embodiment of the invention provides a kind of method, equipment and system of the IPv6 of realization tunnel crossing network address translation apparatus, to reduce the implementation complexity of IPv6 node passing through network address switching device.
The embodiment of the invention provides a kind of method of the IPv6 of realization tunnel crossing network address translation apparatus, comprising:
Receive the IPv4 message that first node sends, a said IPv4 message comprises the IPv4 private net address and the first node authentication information of said first node;
Said first node is carried out the authentication of fail safe and reliability according to said first node authentication information; Obtain the IPv4 public network address of first node according to the IPv4 private net address of said first node; A said IPv4 message is carried out address transition, be added into a said IPv4 message to the IPv4 private net address of the said first node of major general and the mapping relations and the network address translation apparatus authentication information of IPv4 public network address;
Send a said IPv4 message to Section Point; A said IPv4 message comprises the IPv4 private net address of said first node and the mapping relations and the network address translation apparatus authentication information of IPv4 public network address at least, and the IPv4 public network address of said first node can be used for setting up the IPv6 tunnel of Section Point and said first node.
The embodiment of the invention also provides a kind of IPV6 of being used for the network address translation apparatus that the tunnel passes through, and comprising:
First receiver module is used to receive the IPv4 message that first node sends, and a said IPv4 message comprises the IPv4 private net address and the first node authentication information of said first node;
Authentication module is used for the first node authentication information that comprises according to an IPv4 message, said first node is carried out the authentication of fail safe and reliability; Acquisition module, the IPv4 private net address of the first node that is used for comprising according to the IPv4 message that receives obtains the IPv4 public network address of first node;
Address conversion module is used for the IPv4 public network address according to the first node that obtains, and an IPv4 message is carried out address transition;
Mapping block; Be used for IPv4 private net address according to this first node; And the IPv4 public network address of the first node that gets access to, add in the IPv4 message to the mapping relations of the IPv4 public network address of the IPv4 private net address of the said first node of major general and said first node;
Network address translation authentication information module is used for adding the network address translation apparatus authentication information to a said IPv4 message;
First sending module; Be used for sending an IPv4 message through address transition to Section Point; The mapping relations and the said network address translation apparatus authentication information of the IPv4 private net address that comprises first node in the one IPv4 message at least and the IPv4 public network address of this first node, the IPv4 public network address of said first node can be used for setting up the IPv6 tunnel of Section Point and said first node.
The embodiment of the invention also provides a kind of system of the IPv6 of realization tunnel crossing network address translation apparatus, comprising: first node, network address translation apparatus and Section Point;
Said first node is used for sending an IPv4 message to said network address translation apparatus, and a said IPv4 message comprises the IPv4 private net address and the first node authentication information of said first node;
Said network address translation apparatus; Be used to receive the IPv4 message that first node sends; Said first node is carried out the authentication of fail safe and reliability according to said first node authentication information; Obtain the IPv4 public network address of first node according to the IPv4 private net address of first node; The one IPv4 message is carried out address transition, be added into a said IPv4 message to the mapping relations and the network address translation apparatus authentication information of the IPv4 public network address of the IPv4 private net address of the said first node of major general and said first node, and send to said Section Point;
Said Section Point; Said network address translation apparatus is carried out the authentication of fail safe and reliability according to said network address translation apparatus authentication information; Obtain the IPv4 public network address of said first node according to the mapping relations of the IPv4 public network address of the IPv4 private net address of the said first node in the said IPv4 message and said first node, and set up the IPv6 tunnel with said first node according to the IPv4 public network address of said first node.
The embodiment of the invention also provides a kind of Section Point of the IPv6 of realization tunnel crossing network address translation apparatus, comprising:
The 3rd receiver module is used to receive the IPv4 message that network address translation apparatus sends, and comprises the IPv4 public network address of first node and the mapping relations and the network address translation apparatus authentication information of IPv4 private network in the said IPv4 message;
The public network address acquisition module; Be used for said network address translation apparatus being carried out the authentication of fail safe and reliability according to said network address translation apparatus authentication information; According to the IPv4 public network address of the said first node that comprises in the said IPv4 message that receives and the mapping relations of IPv4 private network, obtain the IPv4 public network address of said first node;
Module is set up in the tunnel, is used for the IPv4 public network address according to the said first node that gets access to, and sets up the IPv6 tunnel with said first node.
Present embodiment when setting up the IPv6 tunnel of passing through network address switching device in; The information of the IPv4 private net address through in an IPv4 message of first node, adding first node and the mapping relations of IPv4 public network address; Make Section Point to be connected, communicate with first node according to the IPv6 tunnel that an IPv4 message of receiving and first node are set up passing through network address switching device.Scheme is easy to realize having advantages of high practicability.
Description of drawings
Fig. 1 a is the scene sketch map of the realization IPv6 tunnel pass through NAT equipment that provides of one embodiment of the invention;
Fig. 1 b is the method flow diagram of the realization IPv6 tunnel pass through NAT equipment that provides of one embodiment of the invention;
The method flow diagram of the realization IPv6 tunnel pass through NAT equipment that Fig. 2 provides for one embodiment of the invention;
The method flow diagram of the realization IPv6 tunnel pass through NAT equipment that Fig. 3 provides for one embodiment of the invention;
The structural representation one of the NAT device that Fig. 4 provides for one embodiment of the invention;
Fig. 5 a is the structural representation two of the NAT device that provides of one embodiment of the invention;
Fig. 5 b is the structural representation three of the NAT device that provides of one embodiment of the invention;
Fig. 5 c is the structural representation four of the NAT device that provides of one embodiment of the invention;
The system configuration sketch map of the realization IPv6 tunnel pass through NAT equipment that Fig. 6 provides for one embodiment of the invention;
The node structure sketch map of the realization IPv6 tunnel pass through NAT equipment that Fig. 7 provides for one embodiment of the invention.
Embodiment
For the purpose, technical scheme and the advantage that make the embodiment of the invention clearer; To combine the accompanying drawing in the embodiment of the invention below; Technical scheme in the embodiment of the invention is carried out clear, intactly description; Obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills are not paying the every other embodiment that is obtained under the creative work prerequisite, all belong to the scope of the present invention's protection.
For ease of describing, in an embodiment of the present invention, the source end node of initiation being set up the connection of IPv6 tunnel is called first node, and peer node corresponding and that first node connects is called Section Point.
In a concrete scene of the embodiment of the invention; Shown in Fig. 1 a; First node belongs to an IPv6 network and an IPv4 private network simultaneously; Section Point belongs to an IPv6 network and an IPv4 global network simultaneously, and above-mentioned IP v4 private network links to each other with above-mentioned IP v4 global network through NAT device.Therefore, first node and the Section Point IPv6 tunnel that need set up cross-over NAT equipment communicates.Fig. 1 b is the method flow diagram of the realization IPv6 tunnel pass through NAT equipment that provides of one embodiment of the invention, and this method comprises:
11, receive the IPv4 message that first node sends.
The source IP address of the one IPv4 message is the IPv4 private net address of first node, and purpose IP address is the IPv4 public network address of Section Point.
Optional, can also carry the suggestion port information in the IPv4 message.Further, can also carry the first node authentication information in the IPv4 message, for example, above-mentioned first node authentication information can be for adopt encrypting or signature algorithm generates is used for information that the fail safe and the reliability of first node are carried out authentication.
The IPv4 private net address of the first node that 12, carries according to an IPv4 message obtains the IPv4 public network address of first node.
After receiving an IPv4 message, just can obtain the IPv4 public network address of first node, the row address of going forward side by side conversion according to the IPv4 private net address of first node.
Optional, if carried the suggestion port information in the IPv4 message, can also directly adopt and should advise port, as the port after the conversion of first node.
Optional, if carried the first node authentication information in the IPv4 message, just can carry out the authentication of fail safe and reliability to first node according to the first node authentication information in the IPv4 message.
13, an above-mentioned IPv4 message is carried out address transition, be added into an IPv4 message to the IPv4 private net address of major general's first node and the mapping relations of IPv4 public network address, and send to this Section Point.
In an embodiment of the present invention; Because an IPv4 message transmitting party is to being to send from the private network of the IPv4 global network to IPv4; Therefore an above-mentioned IPv4 message is carried out address transition, specifically be meant: the IPv4 public network address that the IPv4 private net address of the first node in the IPv4 address information is converted into first node.
Optional, can also the mapping relations of the port after port before the conversion and the conversion be added in the IPv4 message.
Optional, can also protocol number be added in the IPv4 message.
Optional, can also in an IPv4 message, add the NAT device authentication information, NAT device is carried out the authentication of fail safe and reliability for Section Point.
In an embodiment of the present invention, first node and Section Point can be automatic tunnel addressing protocol between the station (Intra-Site Automatic Tunnel Addressing Protocol is hereinafter to be referred as Isatap) client; Or 6to4 router (router that connects IPv6 network and IPv4 network); Or generic route encapsulation (Generic Routing Encapsulation is hereinafter to be referred as GRE) node.
Optional, if carried the first node authentication information in the IPv4 message, then Section Point just can carry out the authentication of fail safe and reliability according to the first node authentication information in the IPv4 message to first node.
In the present embodiment; Through in an IPv4 message of first node, adding the IPv4 private net address of first node and the mapping relations of IPv4 public network address; Make Section Point can set up the IPv6 tunnel of cross-over NAT equipment, communicate with first node according to an IPv4 message of receiving.Scheme is easy to realize having advantages of high practicability.
For introducing embodiments of the invention in more detail, with reference to the scene shown in Fig. 1 a, do further explanation below.Suppose in this scene that the IPv4 private net address of first node is a, the IPv4 public network address is A; The IPv4 public network address of Section Point is B.As shown in Figure 2:
21, first node sends an IPv4 message to NAT device.
The source IP address of the one IPv4 message is the IPv4 private net address of first node, and purpose IP address is the IPv4 public network address of Section Point.
Optional, can also carry suggestion port information and first node authentication information in the IPv4 message.
22, after NAT device is received an IPv4 message; Obtain the IPv4 public network address of first node according to the IPv4 private net address of first node; An above-mentioned IPv4 message is carried out address transition, and be added in the IPv4 message to the mapping relations of the IPv4 public network address of the IPv4 private net address of major general's first node and first node.
In an embodiment of the present invention; Because an IPv4 message transmitting party is to being to send from the private network of the IPv4 global network to IPv4; Therefore an above-mentioned IPv4 message is carried out address transition, specifically be meant: the IPv4 public network address that the IPv4 private net address of the first node in the IPv4 address information is converted into first node.
Optional, if carried the suggestion port information in the IPv4 message, can also directly adopt and should advise port, as the port after the conversion of first node.
Optional, can also the mapping relations of the port after port before the conversion and the conversion be added in the IPv4 message.
Optional, can also protocol number be added in the IPv4 message.
23, NAT device sends an IPv4 message to Section Point.
Optional, NAT device can also add the NAT device authentication information in an IPv4 message, so that Section Point can carry out the authentication of fail safe and reliability to NAT device.
24, after Section Point is received an IPv4 message,, set up the IPv6 tunnel according to the IPv4 public network address of first node.
25, Section Point sends the 2nd IPv4 message to first node, comprises the mapping relations of IPv4 public network address of IPv4 private net address and the first node of first node in the 2nd IPv4 message at least.
The source IP address of the 2nd IPv4 message is the IPv4 public network address of Section Point, and purpose IP address is the IPv4 public network address of first node.
Optional, Section Point can also add the Section Point authentication information in the 2nd IPv4 message, so that first node can carry out the authentication of fail safe and reliability to Section Point.
26, after NAT device is received the 2nd IPv4 message, the 2nd IPv4 message is carried out address transition, and the 2nd IPv4 message is sent to first node.
In the present embodiment; Because the 2nd IPv4 message transmitting party is to being to send from the global network of the IPv4 private network to IPv4; Then above-mentioned the 2nd IPv4 message is carried out address transition, specifically be meant: the IPv4 private net address that the IPv4 public network address of the first node in the IPv4 address information is converted into first node.
27, after first node is received the 2nd IPv4 message; Mapping relations according to the IPv4 public network address of the IPv4 private net address of the first node in the 2nd IPv4 message and first node; Obtain the IPv4 public network address of first node self, and set up the IPv6 tunnel according to this IPv4 public network address.
So far, first node and Section Point have just been set up the IPv6 tunnel of cross-over NAT equipment, and first node and Section Point communicate through this tunnel.In follow-up communication message mutual, when the protocol number that detects message when NAT device is IPv6, then directly carry out the conversion of message IPv4 private net address and IPv4 public network address according to the mapping relations of having obtained.
Present embodiment is when setting up the IPv6 tunnel of cross-over NAT equipment; In an IPv4 message of first node, add the mapping relations of IPv4 public network address of IPv4 private net address and the first node of first node by NAT device at least, make Section Point after receiving an IPv4 message, to set up the IPv6 tunnel with first node.Send the 2nd IPv4 message of the IPv4 private net address comprise first node at least and the mapping relations of the IPv4 public network address of first node afterwards by Section Point to first node, make first node also can set up and the tunnel of Section Point according to the 2nd IPv4 message.The scheme of present embodiment is easy to realize having advantages of high practicability and fail safe.
In another concrete scene of the present invention, as shown in Figure 3, relate to a plurality of (, only illustrating two among the figure) NAT device for ease of introducing.In this scene, first node belongs to an IPv6 network and an IPv4 private network simultaneously, and Section Point belongs to an IPv6 network and an IPv4 private network simultaneously; Above-mentioned two IPv4 private networks through first NAT device and second NAT device, link to each other with an IPv4 global network respectively.The IPv4 network that the IPv6 tunnel of setting up in this scene passes through is: IPv4 private network-first NAT device-IPv4 global network-second NAT device-IPv4 private network.
Suppose in this scene that the IPv4 private net address of first node is a, the IPv4 public network address is A; The IPv4 private net address of Section Point is b, and the IPv4 public network address is B.As shown in Figure 3:
31, first node sends an IPv4 message to first NAT device.
The source IP address of the one IPv4 message is the IPv4 private net address of first node just, and the purpose IP address of an IPv4 message is the IPv4 public network address of Section Point just.
Optional, can also carry suggestion port information and first node authentication information in the IPv4 message.
32, after first NAT device is received an IPv4 message; Obtain the IPv4 public network address of first node according to the IPv4 private net address of the first node in the IPv4 message; An above-mentioned IPv4 message is carried out address transition, and be added in the IPv4 message to the mapping relations of the IPv4 public network address of the IPv4 private net address of major general's first node and first node.
In an embodiment of the present invention; Because an IPv4 message transmitting party is to being to send from the private network of the IPv4 global network to IPv4; Therefore an above-mentioned IPv4 message is carried out address transition, specifically be meant: the IPv4 public network address that the IPv4 private net address of the first node in the IPv4 address information is converted into first node.
When in the IPv4 message suggestion port information being arranged, the port after first NAT device can also directly adopt this suggestion port as the conversion of first node.
Optional, can also the mapping relations of the port after port before the conversion and the conversion be added in the IPv4 message.
Optional, can also protocol number be added in the IPv4 message.
33, first NAT device sends an IPv4 message to second NAT device.
Optional, first NAT device can also add the authentication information of first NAT device in an IPv4 message, so that first node or Section Point can carry out the authentication of fail safe and reliability to first NAT device.
34, after second NAT device is received the IPv4 message that first NAT device is sent, obtain the IPv4 private net address of Section Point, an IPv4 message is carried out address transition according to the IPv4 public network address of the Section Point in the IPv4 message.
35, second NAT device sends to Section Point with an IPv4 message.
Optional, second NAT device can also add the authentication information of second NAT device in an IPv4 message, so that first node or Section Point can carry out the authentication of fail safe and reliability to second NAT device.
36, after Section Point is received an IPv4 message, obtain the IPv4 public network address of first node, and set up the IPv6 tunnel with first node according to the IPv4 public network address of first node according to the mapping relations in the IPv4 message.
Optional; Section Point can also carry out the authentication of fail safe and reliability to first node according to the authentication information of the first node in the IPv4 message, first NAT device and/or second NAT device is carried out the authentication of fail safe and reliability according to the authentication information of first NAT device and/or second NAT device.
37, Section Point sends the 2nd IPv4 message to first node, comprises the mapping relations of IPv4 public network address of IPv4 private net address and the first node of first node in the 2nd IPv4 message at least.
The source IP address of the 2nd IPv4 message is the IPv4 private net address of Section Point, and purpose IP address is the IPv4 public network address of first node.
Optional, Section Point can also add the authentication information of Section Point in the 2nd IPv4 message, so that first node can carry out the authentication of fail safe and reliability to Section Point.
Optional, the 2nd IPv4 message can also comprise the authentication information of first NAT device and second NAT device.
38, after second NAT device is received the 2nd IPv4 message, obtain the IPv4 public network address of Section Point, above-mentioned the 2nd IPv4 message is carried out address transition according to the IPv4 private net address of Section Point.
39, second NAT device is transmitted to first NAT device with the 2nd IPv4 message.
310, after first NAT device is received the 2nd IPv4 message, obtain the IPv4 private net address of first node, the 2nd IPv4 message is carried out address transition according to the IPv4 public network address of the first node in the 2nd IPv4 message.
311, first NAT device is transmitted to first node with the 2nd IPv4 message.
312, after first node is received the 2nd IPv4 message; Mapping relations according to the IPv4 public network address of the IPv4 private net address of first node in the 2nd IPv4 message and first node; Obtain the IPv4 public network address of first node self, and according to the IPv6 tunnel of this IPv4 public network address foundation with Section Point.
Optional; First node can also be according to the authentication information of the Section Point in the IPv4 message; Section Point is carried out the authentication of fail safe and reliability, first NAT device and/or second NAT device are carried out the authentication of fail safe and reliability according to the authentication information of first NAT device and/or second NAT device.
Similarly, an IPv4 message also can be sent by Section Point, and the IPv4 private net address of second NAT device to major general's Section Point and the mapping relations of IPv4 public network address are added in the IPv4 message, send to first node; After first node receives an IPv4 message, feed back the 2nd IPv4 message to Section Point.Concrete process and said process are similar, repeat no more here.
It is that example describes that present embodiment only passes through the IPv4 network with two NAT device with the IPv6 tunnel, and the method that IPv6 passes through in the tunnel IPv4 network with a plurality of NAT device similarly repeats no more.
So far, first node and Section Point have just been set up the IPv6 tunnel of cross-over NAT equipment, and first node and Section Point communicate through this tunnel.In follow-up communication message mutual, when first NAT device when the protocol number that detects message is IPv6, then directly the mapping relations obtained of basis are carried out the conversion of message IPv4 private net address and IPv4 public network address.
Present embodiment is when setting up the IPv6 tunnel of cross-over NAT equipment; In an IPv4 message of first node, add the mapping relations of IPv4 public network address of IPv4 private net address and the first node of first node at least by first NAT device; Make Section Point after receiving an IPv4 message, can set up IPv6 tunnel according to the IPv4 public network address of first node with first node.Send the 2nd IPv4 message of the IPv4 private net address comprise first node at least and the IPv4 public network address mapping relations of first node afterwards by Section Point to first node, make first node also can set up and the IPv6 tunnel of Section Point according to the IPv4 public network address of first node.The scheme of present embodiment is easy to realize having advantages of high practicability and fail safe.
The structural representation of the NAT device that Fig. 4 provides for one embodiment of the invention, as shown in Figure 4, the NAT device of present embodiment can comprise:
First receiver module 41 is used to receive the IPv4 message that first node sends, and an IPv4 message comprises the IPv4 private net address of this first node.
Acquisition module 42, the IPv4 private net address of the first node that is used for comprising according to the IPv4 message that receives obtains the IPv4 public network address of first node.
Address conversion module 43 is used for the IPv4 public network address according to the first node that obtains, and an IPv4 message is carried out address transition.
Mapping block 44; Be used for IPv4 private net address according to this first node; And the IPv4 public network address of the first node that gets access to, add in the IPv4 message to the mapping relations of the IPv4 public network address of the IPv4 private net address of this first node of major general and this first node.
First sending module 45 is used for sending the IPv4 message through address transition to Section Point, comprises the mapping relations of IPv4 public network address of IPv4 private net address and this first node of first node in the IPv4 message at least.
Optional, mapping block 44 also is used for adding the mapping relations of the port after port before the conversion and the conversion to an IPv4 message.
Optional, when comprising the authentication information of first node in the IPv4 message that receiver module 41 receives, shown in Fig. 5 a, this NAT device can also comprise:
Authentication module 46 is used for the first node authentication information that comprises according to an IPv4 message, first node is carried out the authentication of fail safe and reliability.
Optional, shown in Fig. 5 b, this NAT device can also comprise:
NAT authentication information module 47 is used for the authentication information with this NAT device, adds in the IPv4 message.
Optional, can also comprise like this NAT device of Fig. 5 c:
Second receiver module 48 is used to receive the 2nd IPv4 message that Section Point sends, and the 2nd IPv4 message comprises the mapping relations of IPv4 public network address of IPv4 private net address and this first node of first node at least.
Second sending module 49 is used for sending the 2nd IPv4 message to first node, the mapping relations of the IPv4 private net address that the 2nd IPv4 message comprises first node at least and the IPv4 public network address of this first node.
Optional, can also comprise the authentication information of Section Point in the 2nd IPv4 message.
In the present embodiment; After Section Point is received an IPv4 message; Just can be according to the mapping relations of the IPv4 public network address of the IPv4 private net address of the first node that comprises in the IPv4 message and this first node; Confirm the IPv4 public network address of first node, and according to the IPv4 public network address foundation of this first node and the IPv6 tunnel of first node.And after first node receives the 2nd IPv4 message; Can be according to these mapping relations of the IPv4 public network address of the IPv4 private net address of the first node that comprises in the 2nd IPv4 message and this first node; Confirm the IPv4 public network address of first node self, thereby according to the IPv4 public network address foundation of this first node self and the IPv6 tunnel of this Section Point.
Present embodiment is when setting up the IPv6 tunnel of cross-over NAT equipment; Mapping relations by NAT device adds private net address and public network address in an IPv4 message of first node make Section Point after receiving an IPv4 message, to set up the IPv6 tunnel with first node and are connected.The scheme of present embodiment is easy to realize having advantages of high practicability and fail safe.
The system configuration sketch map of the realization IPv6 tunnel pass through NAT equipment that Fig. 6 provides for one embodiment of the invention.As shown in Figure 6, native system comprises first node 61, NAT device 62 and Section Point 63.
First node 61 is used for sending an IPv4 message to NAT device 62, and an IPv4 message comprises the IPv4 private net address of first node 61.
NAT device 62 is used to receive the IPv4 message that first node 61 sends; Obtain the IPv4 public network address of first node 61 according to the IPv4 private net address of first node 61; The one IPv4 message is carried out address transition; Mapping relations to the IPv4 public network address of the IPv4 private net address of major general's first node 61 and this first node 61 are added into an IPv4 message, and send to this Section Point 63.
Section Point 63 is used to receive the IPv4 message that NAT device 62 sends; Obtain the IPv4 public network address of first node 61 according to the mapping relations of the IPv4 public network address of the IPv4 private net address of the first node 61 in the IPv4 message and this first node 61, and set up the IPv6 tunnel with first node 61 according to the IPv4 public network address of first node 61.
This Section Point 63 also is used for sending the 2nd IPv4 message to this first node 61, comprises the mapping relations of IPv4 public network address of IPv4 private net address and the first node 61 of first node 61 in the 2nd IPv4 message at least.
NAT device 62 also is used for the 2nd IPv4 message is carried out address transition, and above-mentioned the 2nd IPv4 message is sent to first node 61.
First node 61 also is used for the IPv4 private network according to the first node 61 of the 2nd IPv4 message
First node 61 also is used for obtaining according to the mapping relations of the IPv4 public network address of the IPv4 private net address of the first node 61 of the 2nd IPv4 message and this first node 61 the IPv4 public network address of first node 61 self, and sets up the IPv6 tunnel with Section Point 63 according to the IPv4 public network address of first node 61.
Present embodiment is when setting up the IPv6 tunnel of cross-over NAT equipment; In an IPv4 message of first node, add the IPv4 private net address of first node and the mapping relations of IPv4 public network address by NAT device, make Section Point after receiving an IPv4 message, to set up the IPv6 tunnel with first node.Send the 2nd IPv4 message of the mapping relations of the IPv4 private net address comprise first node and IPv4 public network address afterwards by Section Point to first node, make first node also can set up and the IPv6 tunnel of Section Point according to the 2nd IPv4 message.The scheme of present embodiment is easy to realize having advantages of high practicability and fail safe.
One embodiment of the present of invention also provide a kind of structural representation of node of the IPv6 of realization tunnel crossing network address conversion NAT device, and are as shown in Figure 7, comprising:
The 3rd receiver module 71 is used to receive the IPv4 message that NAT device sends, and comprises the mapping relations of the IPv4 public network address and the IPv4 private network of this node in this message.
Public network address acquisition module 72, the IPv4 public network address of this node that is used for comprising according to the above-mentioned IP v4 message that receives and the mapping relations of IPv4 private network are obtained the IPv4 public network address of this node self.
Module 73 is set up in the tunnel, is used for the IPv4 public network address according to this node self that gets access to, and sets up the IPv6 tunnel.
Present embodiment is when setting up the IPv6 tunnel of cross-over NAT equipment; Node is according to the IPv4 public network address of this node self that comprises in the IPv4 message that receives and the mapping relations of IPv4 private network; Obtain the IPv4 public network address of this node self; And set up the IPv6 tunnel thus, the scheme of present embodiment is easy to realize having advantages of high practicability and fail safe.
One of ordinary skill in the art will appreciate that: accompanying drawing is the sketch map of an embodiment, and module in the accompanying drawing or flow process might not be that embodiment of the present invention is necessary.
One of ordinary skill in the art will appreciate that: the module in the device among the embodiment can be described according to embodiment and be distributed in the device of embodiment, also can carry out respective change and be arranged in the one or more devices that are different from present embodiment.The module of the foregoing description can be merged into a module, also can further split into a plurality of submodules.
The invention described above embodiment sequence number is not represented the quality of embodiment just to description.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can be accomplished through the relevant hardware of program command; Aforesaid program can be stored in the computer read/write memory medium; This program the step that comprises said method embodiment when carrying out; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
What should explain at last is: above embodiment is only in order to explaining technical scheme of the present invention, but not to its restriction; Although with reference to previous embodiment the present invention has been carried out detailed explanation, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that previous embodiment is put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these are revised or replacement, do not make the spirit and the scope of the essence disengaging embodiment of the invention technical scheme of relevant art scheme.

Claims (9)

1. a method that realizes the IPv6 tunnel crossing network address translation apparatus is characterized in that, comprising:
Receive the IPv4 message that first node sends, a said IPv4 message comprises the IPv4 private net address and the first node authentication information of said first node;
Said first node is carried out the authentication of fail safe and reliability according to said first node authentication information; Obtain the IPv4 public network address of first node according to the IPv4 private net address of said first node; A said IPv4 message is carried out address transition, be added into a said IPv4 message to the IPv4 private net address of the said first node of major general and the mapping relations and the network address translation apparatus authentication information of IPv4 public network address;
Send a said IPv4 message to Section Point; A said IPv4 message comprises the IPv4 private net address of said first node and the mapping relations and the network address translation apparatus authentication information of IPv4 public network address at least, and the IPv4 public network address of said first node can be used for setting up the IPv6 tunnel of Section Point and said first node.
2. the method for realization IPv6 tunnel crossing network address translation apparatus according to claim 1 is characterized in that after said Section Point sent a said IPv4 message, said method also comprised:
Receive the 2nd IPv4 message that said Section Point sends, said the 2nd IPv4 message comprises the mapping relations of IPv4 public network address of IPv4 private net address and the said first node of said first node;
Said the 2nd IPv4 message is carried out address transition, said the 2nd IPv4 message is sent to said first node.
3. the method for realization IPv6 tunnel crossing network address translation apparatus according to claim 1; It is characterized in that; Saidly be added into a said IPv4 message to the IPv4 private net address of the said first node of major general and the mapping relations of IPv4 public network address, comprise:
The IPv4 private net address of said first node and the mapping relations of IPv4 public network address and at least one in the following information are added into a said IPv4 message:
The mapping relations of the port after port before the conversion and the conversion;
The protocol number of message;
The authentication information of network address translation apparatus.
4. one kind is used for the network address translation apparatus that the IPV6 tunnel passes through, and it is characterized in that, comprising:
First receiver module is used to receive the IPv4 message that first node sends, and a said IPv4 message comprises the IPv4 private net address and the first node authentication information of said first node;
Authentication module is used for the first node authentication information that comprises according to an IPv4 message, said first node is carried out the authentication of fail safe and reliability; Acquisition module, the IPv4 private net address of the first node that is used for comprising according to the IPv4 message that receives obtains the IPv4 public network address of first node;
Address conversion module is used for the IPv4 public network address according to the first node that obtains, and an IPv4 message is carried out address transition;
Mapping block; Be used for IPv4 private net address according to this first node; And the IPv4 public network address of the first node that gets access to, add in the IPv4 message to the mapping relations of the IPv4 public network address of the IPv4 private net address of the said first node of major general and said first node;
Network address translation authentication information module is used for adding the network address translation apparatus authentication information to a said IPv4 message;
First sending module; Be used for sending an IPv4 message through address transition to Section Point; The mapping relations and the said network address translation apparatus authentication information of the IPv4 private net address that comprises first node in the one IPv4 message at least and the IPv4 public network address of this first node, the IPv4 public network address of said first node can be used for setting up the IPv6 tunnel of Section Point and said first node.
5. network address translation apparatus according to claim 4 is characterized in that, said mapping block also is used for adding the mapping relations of the port after port before the conversion and the conversion to an IPv4 message.
6. network address translation apparatus according to claim 4 is characterized in that, said equipment also comprises:
Second receiver module is used to receive the 2nd IPv4 message that said Section Point sends, and said the 2nd IPv4 message comprises the mapping relations of IPv4 public network address of IPv4 private net address and this first node of said first node at least;
Second sending module is used for sending said the 2nd IPv4 message to said first node, and said the 2nd IPv4 message comprises the mapping relations of IPv4 public network address of IPv4 private net address and the said first node of said first node at least.
7. a system that realizes the IPv6 tunnel crossing network address translation apparatus is characterized in that, comprising: first node, network address translation apparatus and Section Point;
Said first node is used for sending an IPv4 message to said network address translation apparatus, and a said IPv4 message comprises the IPv4 private net address and the first node authentication information of said first node;
Said network address translation apparatus; Be used to receive the IPv4 message that first node sends; Said first node is carried out the authentication of fail safe and reliability according to said first node authentication information; Obtain the IPv4 public network address of first node according to the IPv4 private net address of first node; The one IPv4 message is carried out address transition, be added into a said IPv4 message to the mapping relations and the network address translation apparatus authentication information of the IPv4 public network address of the IPv4 private net address of the said first node of major general and said first node, and send to said Section Point;
Said Section Point; Said network address translation apparatus is carried out the authentication of fail safe and reliability according to said network address translation apparatus authentication information; Obtain the IPv4 public network address of said first node according to the mapping relations of the IPv4 public network address of the IPv4 private net address of the said first node in the said IPv4 message and said first node, and set up the IPv6 tunnel with said first node according to the IPv4 public network address of said first node.
8. system according to claim 7 is characterized in that,
Said Section Point also is used for sending the 2nd IPv4 message to said first node, comprises the mapping relations of IPv4 public network address of IPv4 private net address and the said first node 61 of said first node in said the 2nd IPv4 message at least;
Said network address translation apparatus also is used for the 2nd IPv4 message is carried out address transition, and said the 2nd IPv4 message is sent to first node;
Said first node; Also be used for obtaining the IPv4 public network address of said first node, and set up the IPv6 tunnel with said Section Point according to the IPv4 public network address of said first node according to the mapping relations of the IPv4 public network address of the IPv4 private net address of the said first node of said the 2nd IPv4 message and said first node.
9. a Section Point of realizing the IPv6 tunnel crossing network address translation apparatus is characterized in that, comprising:
The 3rd receiver module is used to receive the IPv4 message that network address translation apparatus sends, and comprises the IPv4 public network address of first node and the mapping relations and the network address translation apparatus authentication information of IPv4 private network in the said IPv4 message;
The public network address acquisition module; Be used for said network address translation apparatus being carried out the authentication of fail safe and reliability according to said network address translation apparatus authentication information; According to the IPv4 public network address of the said first node that comprises in the said IPv4 message that receives and the mapping relations of IPv4 private network, obtain the IPv4 public network address of said first node;
Module is set up in the tunnel, is used for the IPv4 public network address according to the said first node that gets access to, and sets up the IPv6 tunnel with said first node.
CN2009102539595A 2009-12-09 2009-12-09 Method, device and system for realizing equipment conversion of IPv6 tunnel passing through network address Active CN101719859B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2009102539595A CN101719859B (en) 2009-12-09 2009-12-09 Method, device and system for realizing equipment conversion of IPv6 tunnel passing through network address

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2009102539595A CN101719859B (en) 2009-12-09 2009-12-09 Method, device and system for realizing equipment conversion of IPv6 tunnel passing through network address

Publications (2)

Publication Number Publication Date
CN101719859A CN101719859A (en) 2010-06-02
CN101719859B true CN101719859B (en) 2012-06-06

Family

ID=42434380

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2009102539595A Active CN101719859B (en) 2009-12-09 2009-12-09 Method, device and system for realizing equipment conversion of IPv6 tunnel passing through network address

Country Status (1)

Country Link
CN (1) CN101719859B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101938531A (en) * 2010-09-14 2011-01-05 北京星网锐捷网络技术有限公司 Method, system and device for communicating IPv4 network and IPv6 network
CN104378301B (en) * 2013-08-15 2018-08-14 华为终端有限公司 A kind of data processing method and data processing equipment
CN112804285B (en) * 2020-11-08 2023-08-04 北京明瑞之光科技有限公司 Landscape lighting system and file transmission method thereof
CN112532762B (en) * 2020-11-25 2023-04-21 中盈优创资讯科技有限公司 Method and device for avoiding IPv4 private network address conflict by IPv6 address

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1697421A (en) * 2004-05-10 2005-11-16 华为技术有限公司 Method for implementing tunnel relay in network for carrying out conversion of network address

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1697421A (en) * 2004-05-10 2005-11-16 华为技术有限公司 Method for implementing tunnel relay in network for carrying out conversion of network address

Also Published As

Publication number Publication date
CN101719859A (en) 2010-06-02

Similar Documents

Publication Publication Date Title
CN102447748B (en) Method, equipment and system for allocating outer Internet protocol IP addresses during network address translation (NAT)
CN108718278B (en) Message transmission method and device
CN102447617A (en) Method, terminals and gateway for transmitting IPv6 (Internet Protocol version 6) message in IPv4 network
CN102461134A (en) Handheld device capable of providing data tethering services while maintaining suite of handheld service functions
CN104113879A (en) WiFi communication system deployed with cloud ACs (access controllers) and communication method adopting WiFi communication system deployed with cloud ACs
CN110324437B (en) Original address transmission method, system, storage medium and processor
CN101719859B (en) Method, device and system for realizing equipment conversion of IPv6 tunnel passing through network address
CN104079486A (en) Gateway and method of transmitting data through gateway
CN102739541A (en) Method, device and system for starting routing function and transmitting data
CN102404418A (en) Method, device and system for distributing IP (internet protocol) address for user terminal
CN103414798B (en) The communication means of address transition Network Based, equipment and system
CN102257776A (en) Load balancing
CN104994022A (en) Message transmission method and service board
CN102821165A (en) Method and device for converting internet protocol (IP) address
CN103369065B (en) A kind of message forwarding method and equipment
CN102882781A (en) Method, route bridge and system for transmitting message
CN102291305A (en) Method and device for implementing 6 to 4 relay routing, and message forwarding method
CN102201996B (en) Method and equipment for forwarding message in network address translation (NAT) environment
CN102413052B (en) A kind of method of access network, Apparatus and system
CN102143241A (en) Access method, device and system between hosts
CN102487407A (en) Network address translating method and equipment and system
CN102387221B (en) Data forwarding method and system
CN103503413A (en) Method and device for transmitting network information
CN102857574A (en) Information processing method and apparatus for Internet of Things
CN105610672A (en) Information transmission method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant