CN102571861A - Method, server and network system for remote access - Google Patents
Method, server and network system for remote access Download PDFInfo
- Publication number
- CN102571861A CN102571861A CN2010106124828A CN201010612482A CN102571861A CN 102571861 A CN102571861 A CN 102571861A CN 2010106124828 A CN2010106124828 A CN 2010106124828A CN 201010612482 A CN201010612482 A CN 201010612482A CN 102571861 A CN102571861 A CN 102571861A
- Authority
- CN
- China
- Prior art keywords
- message
- equipment
- preset
- filter table
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method, a server and a network system for remote access, which belong to the technical field of networks. The method includes that a remote access server receives a first message sent by a local network device; whether the first message is from a preset device is judged; and when the first message is from the preset device, the first message is sent to a remote network of a local network through a pre-established access tunnel, and the first message is received by a control device in the remote network. The server comprises a first receiving module and a first transmitting module. The message sent by the local network device is sent to the remote network of the local network through the pre-established access tunnel. The method, the server and the network system achieve the purpose of real-time remote monitoring of device states, avoid processing time delay due to the fact that the control device cannot know events occurring on the device in time, keep primary characteristics of universal plug-n-play (UPnP) to the maximum extent, and avoid that some UPnP functions cannot be used during remote access.
Description
Technical field
The present invention relates to networking technology area, particularly a kind of remote access method, server and network system.
Background technology
UPnP (Universal Plug and Play, UPnP) is connected and a kind of framework of designing realization peer-to-peer networks such as smart machine, wireless device and PCs.In UPnP, defined remote access standard, promptly support the equipment of UPnP can pass through RAS (Remote Access Service, RAS) visit each other in two networks.
After prior art was analyzed, the inventor found that prior art has following shortcoming at least:
Far-end network can't in time be learnt equipment event in the local network, and purpose that can't the real-time remote monitoring equipment state makes control appliance in time to know the equipment event and incurs loss through delay the processing time.
Summary of the invention
In order to make far-end network in time learn equipment event in the local network, the embodiment of the invention provides a kind of remote access method, server and network system.Said technical scheme is following:
A kind of remote access method comprises:
RAS receives first message of the equipment transmission of local network;
Judge that whether said first message is from preset equipment; When said first message during from preset equipment; Said first message is sent to the far-end network of said local network through the visit tunnel of setting up in advance, makes that the control appliance in the said far-end network receives said first message.
A kind of server comprises:
First receiver module is used to receive first message that the equipment of local network sends;
First forwarding module; Be used to judge that whether said first message is from preset equipment; When said first message during from preset equipment; Said first message is sent to the far-end network of said local network through the visit tunnel of setting up in advance, makes that the control appliance in the said far-end network receives said first message.
A kind of network system comprises:
Server is used to receive first message that the equipment of local network sends; And judge that whether said first message is from preset equipment; When said first message during from preset equipment; Said first message is sent to the far-end network of said local network through the visit tunnel of setting up in advance, makes that the control appliance in the said far-end network receives said first message;
At least one local device is used to send said first message;
Automatic Configuration Server is used for said at least one local device is configured and manages.
The beneficial effect of the technical scheme that the embodiment of the invention provides is:
Send to the far-end network of local network through the visit tunnel of setting up in advance through the message that local network device is sent; Make the control appliance in the far-end network learn the event of equipment institute timely; Reached the purpose of real-time remote monitoring equipment state; Avoided in time to know the equipment event and incuring loss through delay the situation in processing time, farthest kept the primary characteristic of UPnP, avoided when remote access some UPnP function to use owing to control appliance.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art; To do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art below; Obviously, the accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills; Under the prerequisite of not paying creative work property, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the flow chart of a kind of remote access method of providing of the embodiment of the invention;
Fig. 2 is the flow chart of a kind of remote access method of providing of the embodiment of the invention;
Fig. 3 is the flow chart of a kind of remote access method of providing of the embodiment of the invention;
Fig. 4 is the flow chart of a kind of remote access method of providing of the embodiment of the invention;
Fig. 5 is the flow chart of a kind of remote access method of providing of the embodiment of the invention;
Fig. 6 is the flow chart of a kind of remote access method of providing of the embodiment of the invention;
Fig. 7 is the structural representation of a kind of server of providing of the embodiment of the invention;
Fig. 8 is the structural representation of a kind of server of providing of the embodiment of the invention;
Fig. 9 is the structural representation of a kind of server of providing of the embodiment of the invention;
Figure 10 is the structural representation of a kind of server of providing of the embodiment of the invention;
Figure 11 is the structural representation of a kind of server of providing of the embodiment of the invention.
Embodiment
For making the object of the invention, technical scheme and advantage clearer, will combine accompanying drawing that embodiment of the present invention is done to describe in detail further below.
Before introducing remote access method provided by the invention, server and network system, at first rudimentary knowledge of the present invention is carried out concise and to the point introduction:
1, CP (Control Point, control point) is meant a kind of control appliance or management equipment, is used for the equipment that Control Network is supported UPnP.
2, ACS (Auto-Configuration Server, Automatic Configuration Server) is used for terminal equipment is configured and manages.
3, VPN (Virtual Private Network, VPN) is meant the network connection of setting up a safety through a common network (normally internet).
4, GRE (Generic Routing Encapsulation, generic route encapsulation) has defined the agreement of any other network layer protocol of encapsulation on any one network layer protocol.
5, TR-069 is one of technical specification of being developed by broadband forum (Broadband Forum), and its full name is " a CPE wide area network management agreement ".It provides the general framework and the agreement of the network equipment in the next generation network being carried out administration configuration, is used for from network side equipment such as the gateway of network, router, STB being carried out the remote centralized management.
Embodiment 1
In order to simplify the remote access flow process, conserve network resources, the embodiment of the invention provide a kind of remote access method; The executive agent of this embodiment is a RAS; In this embodiment, the network that this RAS is belonged to is called local network, will be called far-end network with the network that other mutual servers of this RAS belong to; Referring to Fig. 1, comprising:
101: RAS receives first message of the equipment transmission of local network;
102: judge that whether this first message is from preset equipment; When this first message during from preset equipment; This first message is sent to the far-end network of this local network through the visit tunnel of setting up in advance, makes that the control appliance in this far-end network receives this first message.
Send to the far-end network of local network through the visit tunnel of setting up in advance through the message that local network device is sent; Make the control appliance in the far-end network learn the event of equipment institute timely; Reached the purpose of real-time remote monitoring equipment state; Avoided in time to know the equipment event and incuring loss through delay the situation in processing time, farthest kept the primary characteristic of UPnP, avoided when remote access some UPnP function to use owing to control appliance.
Referring to Fig. 2; The embodiment of the invention provides a kind of remote access method, and the embodiment of the invention is that example describes with the remote access of being carried out between the second RAS RAS2 in (the Remote Access Server) RAS1 of first RAS in first network and second network only, and one of them is local network for first network and second network; Then another is the far-end network of this local network; Wherein, a control appliance CP1 is arranged in first network, the equipment Device2 and the Device3 that support UPnP are arranged in second network; Referring to Fig. 2, this method comprises:
RAS RAS1 sent the foundation request that the vpn tunneling between the RAS1 and the second RAS RAS2 is set up in requirement to ACS in 2001: the first;
Preferably,, ACS can notify when requiring to set up vpn tunneling through the case mechanism of TR-069.Those skilled in the art can know that the case mechanism of TR-069 generally is to change through the monitor certain parameters value, and when this particular parameter value changes, initiate the notice of dependent event.
In embodiments of the present invention, initiating visit with the first RAS RAS1 to the second RAS RAS2 is that example describes, when RAS1 initiates visit; Promptly send the foundation request that is used to ask to set up vpn tunneling to RAS2; The form of this foundation request has multiple, and this process of setting up the tunnel can be by Event triggered; Can be the process of setting up the tunnel initiatively, the embodiment of the invention is not done concrete qualification to this yet.For example, a control appliance that belongs to network side as RAS1 then can trigger the process that set up the tunnel by this message to the control message that RAS1 has sent an equipment that is used for requirement control RAS2 place network side; Can also realize setting up the tunnel in order to using with the server interaction between latter two network.
After 2002:ACS receives the foundation request of first RAS RAS1 transmission, obtain the VPN ability information that RAS1 supports;
2003:ACS obtains the VPN ability information that RAS2 supports;
Wherein, among the above-mentioned steps 2002-2003, respectively before RAS1 and RAS2 obtain its VPN ability information, if the VPN ability information that can judge self earlier whether known RAS1 supports is not, to the VPN ability information of RAS1 and/or its support of RAS2 inquiry at ACS; If, VPN information from its support to RAS1 that then need not inquire about.
Those skilled in the art can know that the reciprocal process of the VPN ability information that ACS inquiry RAS1 and RAS2 support is prior art, repeats no more at this.And, when ACS once obtained the VPN ability information of RAS1 support, can keep this VPN ability information, thereby can in follow-up access process, directly use.
2004:RAS1 and RAS2 carry out the VPN capability negotiation, and select RAS1 and RAS2 is that support and VPN agreement that can encapsulate multicast message;
Those skilled in the art can know that this carries out the VPN capability negotiation is prior art, and in embodiments of the present invention, when carrying out this VPN capability negotiation, RAS1 and RAS2 carry out message interaction through ACS.
2005: according to the VPN parameter of the VPN protocol configuration RAS1 that has selected, multicast path by; And UUID (Universally Unique Identifier, the general unique identifier) filter table (preset general unique identifier filter table) of equipment in the network of RAS 1 place is set;
Need to prove; This UUID filter table is the filtering rule that is provided with in advance; It is blacklist or white list that this filtering rule specifically can show as the UUID filter table, and in embodiments of the present invention, this UUID filter table is a white list; Also promptly, the ID corresponding equipment that in this UUID filter table, exists all allows by remote access.In this step, because therefore the equipment that in the network at RAS1 place, need do not visited need not increase the UUID filtering meter item when configuration RAS1.
2006: according to the VPN parameter of the VPN protocol configuration RAS2 that has selected, multicast path by, the UUID filter table of equipment in the network of RAS2 place is set;
In embodiments of the present invention, the UUID filter table is a white list, supposes that equipment Device2 for allowing by remote access equipment, when configuration RAS2, is configured in equipment Device2 in the UUID filter table of equipment.
In step 2005 and step 2006, the UUID filter table of equipment is used for the equipment that sends message is filtered, in embodiments of the present invention; This UUID filter table can be white list; The equipment that promptly is provided with in this UUID filter table is transmitted this kind equipment message sent by remote access equipment for allowing, when first message that receives this equipment from local network (comprises online declaration message like the declaration message; Or off-line declaration message), when search response message and multicast event message; Transmit this message, if equipment not in this UUID filter table, then this equipment is not for allowing by remote access equipment; When first message that receives equipment from local network when message, search response message and multicast event message, is not forwarded to far-end network with this first message like declaration.
Through when setting up vpn tunneling; RAS1 and RAS2 are set belong to separately that the equipment filtering rule is the UUID filter table in the network; Can improve the security mechanism in the remote access; Make network to filter, to reach the purpose of the visit that the control local network undertaken by far-end network to the control appliance/equipment of reaching the standard grade or insert.
2007: between RAS1 and RAS2, set up visit tunnel vpn tunneling.
Those skilled in the art can know that the process of setting up this vpn tunneling is a prior art, repeats no more at this.
In embodiments of the present invention, should visit tunnel configuration is gre tunneling, and gre tunneling gets final product the transport multicast message, also can transmit unicast message, has wide range of applications.
Above-mentioned steps 2001~2007th is set up the visit tunnel vpn tunneling between RAS1 and RAS2 and is disposed the process of remote access filter table; This process difference from prior art is; On setting up before the vpn tunneling, the UUID filter table that belongs to equipment in the network is set respectively to RAS1 and RAS2; Through filter table the control appliance/equipment that sends message is filtered, improved network and remote access fail safe.In following inventive embodiments, first message can be declaration message, search response message or multicast reporting events message.Second message is for controlling message, event subscription message, obtaining device description message or designated equipment search message.
2008:Device2 reaches the standard grade, and the back is every sends the SSDP:alive multicast message at a distance from preset duration;
Wherein, the SSDP:alive multicast message is online declaration message, is a kind of of first message; Be used for notifying other control appliance to the network at this equipment place with the presence information of equipment; Comprise RAS, in the present embodiment, RAS2 can receive the SSDP:alive message that Device2 sends.
Those skilled in the art can know that this preset duration can be provided with according to the equipment self performance, also can be according to the message processing capability setting of RAS, and the embodiment of the invention is not done concrete qualification to this.
After 2009:RAS2 receives the SSDP:alive multicast message of the Device2 in the local network; Judge according to the UUID filter table that is provided with in advance whether this Device2 allows by the control appliance remote access of RAS1 place network; If allow; Then transmit the SSDP:alive multicast message of this Device2,, then do not transmit if do not allow;
Wherein, the UUID filter table that is provided with in advance promptly is the equipment filtering rule of presetting, and this judgement is specially: judge according to said device identification and equipment filtering rule whether said equipment is preset equipment, if then said first message is from preset equipment.The equipment of should presetting is permission and is visited.
In embodiments of the present invention; Device2 is made as the equipment that permission is visited, if after then receiving the SSDP:alive multicast message of Device2, it is judged; Can obtain judged result and allow to be visited, then transmit this SSDP:alive multicast message for this equipment.
Further, generate or the preset five-tuple filter table of renewal according to said first message, the preset five-tuple filter table that generates or update the equipment, this preset five-tuple filter table is generated by preset UUID filter table:
When this equipment for preset equipment and not in preset five-tuple filter table, then from the preset field of this first message, obtain IP address, the port numbers of this equipment, and it joined in this preset five-tuple filter table; Perhaps; When this equipment for preset equipment and in preset five-tuple filter table; If different in the IP address of this equipment in the preset field of this first message, port numbers and this equipment five-tuple filter table; Promptly the IP address of this equipment, port numbers etc. have changed, then upgrade corresponding IP address and the port numbers of this equipment in this preset five-tuple filter table.This preset field is preferably location field.
Those skilled in the art can know that five-tuple typically refers to by number these five set that amount is formed of source IP address, source port, purpose IP address, destination interface and transport layer protocol.
Need to prove that the five-tuple filter table of equipment generates according to the UUID filter table, equipment possibly add the UUID filter table, but does not in time add the five-tuple filter table, changes the flexibility that the five-tuple filter table can improve server dynamically.The UUID filter table is used for first message is filtered; When using the UUID filter table to filter, need be resolved to application layer, comprise operations such as message content extract; And the five-tuple filter table that use is generated by the UUID filter table in subsequent process; Then need not be resolved to application layer, need not operate message content, efficient is higher.
Alternatively; Can be according to the ability of network; Change RAS transmits the frequency of SSDP:alive multicast message, and relatively poor or busy at present like network capabilities, the frequency that reduces this forwarding can alleviate the burden of network; As network capabilities better or the free time longer, also can improve the frequency of forwarding so that bipartite network is known the state of equipment sooner more timely.For example: when initial setting up RAS2 whenever receives the SSDP:alive multicast message of 1 RASDevice2 transmission; Transmit once to RAS1 through gre tunneling; In order to alleviate the burden of network; Can change initial setting up into receive that whenever Device2 sends 5 SSDP:alive message, transmit 1 time to RAS1 through gre tunneling.
Further; This method also comprises: after the SSDP:alive multicast message after the encapsulation is transferred to RAS1 through the visit tunnel gre tunneling of setting up in advance; This message of RAS1 decapsulation; And be forwarded to first network at CP1 place to the SSDP:alive multicast message after the decapsulation, make CP1 receive this SSDP:alive multicast message.
In inventive embodiments, after the SSDP:alive multicast message after RAS1 is decapsulation was forwarded to first network at CP1 place, CP1 can receive this SSDP:alive multicast message, and promptly CP1 is known its state.
In embodiments of the present invention, encapsulation is that multicast message is encapsulated as the required form of gre tunneling, so that RAS2 is through the direct transport multicast message of gre tunneling.
Need to prove; When Device2 will off-line, can send the SSDP:byebye multicast message, i.e. off-line declaration message; RAS2 is identical to the handling process of the handling process of SSDP:byebye multicast message when Device2 is reached the standard grade; Because the SSDP:byebye multicast message only sends when rolling off the production line, promptly do not need periodically to send, therefore need not change the transmission frequency of SSDP:byebye multicast message.In addition need be according to generation of SSDP:byebye multicast message or the five-tuple filter table of updating the equipment yet.
Above-mentioned steps 2008~2009 is for being used for the declaration flow process in discovering device stage; In this flow process; When equipment was reached the standard grade, RAS2 in time was forwarded to far-end network to the declaration message of this equipment, made that the control appliance in the far-end network can know timely that the state of equipment in the local network changes; Improve the time delay that RAS2 periodically reports the local device state to cause to far-end network in the prior art, increased real-time.
Referring to Fig. 3; The embodiment of the invention also provides a remote access method, and this method is on the basis of having set up the visit tunnel in step 2001-step 2007, when network application UPnP agreement; Network also has the function of multicast reporting events; When Device2 has the multicast incident to produce, need the CP1 in the network of notice RAS1 place, then this method comprises:
3001: when Device2 has the multicast incident to produce, send the multicast event message that is used to notify this multicast incident;
In embodiments of the present invention, this multicast incident is a predeterminable event, and when this predeterminable event took place, equipment can send the multicast event message.
Wherein, the multicast event message is first message that carries predeterminable event.
3002:RAS2 determines whether to allow to transmit to RAS1 according to the UUID filter table that is provided with in advance after receiving the multicast event message; Transmit if allow; Then multicast message is encapsulated, and the multicast message after will encapsulating belongs to forwarded through the gre tunneling of setting up in advance to RAS1;
Wherein, the UUID filter table that is provided with in advance promptly is the equipment filtering rule of presetting;
3003: after multicast message was transferred to RAS1 through gre tunneling, RAS1 carried out decapsulation to the multicast message after encapsulating, and the multicast message after the decapsulation is transmitted to the network that RAS1 belongs to, and makes CP1 know this multicast incident.
The handling process of above-mentioned steps 3001~3003 for the multicast incident is reported to the far-end control appliance; In this flow process; When equipment generation multicast incident; RAS2 is forwarded to the multicast event message in the far-end network, makes that the control appliance in the far-end network can be known the multicast incident in the local network device timely, has solved and has not supported the problem that the multicast incident is mutual between RAS1 of the prior art and the RAS2.
In the above-described embodiments; Send to the far-end network of local network through the visit tunnel of setting up in advance through the message that local network device is sent; Make the control appliance in the far-end network learn the event of equipment institute timely; Reached the purpose of real-time remote monitoring equipment state, avoided in time to know the equipment event and incuring loss through delay the situation in processing time, farthest kept the primary characteristic of UPnP owing to control appliance.
Referring to Fig. 4; The embodiment of the invention also provides a kind of remote access method, has set up in step 2001-step 2007 on the basis in visit tunnel, when the CP1 in the network of RAS1 place reaches the standard grade; Need know online Upnp equipment through search, then this method comprises:
After reaching the standard grade, 4001:CP1 sends the SSDP:M-SEARCH multicast message through the visit tunnel of setting up in advance;
Wherein, this SSDP:M-SEARCH multicast message is used to inquire about local network or the online equipment of telecommunication network;
4002:RAS2 receives that the RAS1 in the far-end network carries out the SSDP:M-SEARCH multicast message that transmit GRE encapsulation back; This message of RAS2 decapsulation; And be forwarded to the SSDP:M-SEARCH multicast message after the decapsulation second network at RAS2 place; Make and equipment in the local network comprise that Device2 can receive this SSDP:M-SEARCH multicast message.
4003: after Device2 received this SSDP:M-SEARCH multicast message, Device2 responded the search response message to CP1;
In embodiments of the present invention, the state of Device2 is defaulted as online, after the Device2 of presence receives the SSDP:M-SEARCH multicast message, can give RAS2 through the search response message notifying with the presence of self.
Wherein, this search response message is a unicast message, also belongs to first message.
Further, the further comprising the steps of 4004-4005 of the embodiment of the invention:
4004:RAS2 filters this search response message according to the UUID filter table after receiving the search response message, if allow to transmit, then this search response message is belonged to forwarded through gre tunneling to RAS1.
Further, if the search response message allows to transmit, also need be according to the method for step 2009, IP address and the port numbers current according to equipment, the five-tuple filter table generates or updates the equipment.
4005: after this search response message was transferred to RAS1 through gre tunneling, RAS1 was transmitted to CP1 to the search response message, made CP1 know that Device2 is online.
Above-mentioned steps 4001~4003 is for being used for the flow process in search equipment stage; In this flow process; After control appliance is reached the standard grade, which is inquired about through the search message that sends UPnP and support that the equipment of UPnP is online, so that network can be known the state of equipment in the network of opposite end timely; The RAS2 that has improved in the RAS1 periodicity far-end network of the prior art obtains the time delay that equipment state causes, and has increased real-time.Step 4004-4005 be the destination device in receiving local network send response message the time, transmit the process of said response message to the control appliance of far-end network, can let control appliance learn the state of equipment in real time.
Referring to Fig. 5, this method also comprises:
5001: this RAS receives second message of the control appliance of far-end network through the visit tunnel transmission of foundation in advance;
5002: whether the destination device of judging this second message is preset equipment, when the destination device of this second message during for preset equipment, this second message is forwarded to local network, makes that this destination device in this local network receives this second message.
In one embodiment of the invention, step shown in Figure 5 can be specially: referring to Fig. 6, set up in step 2001-step 2007 on the basis in visit tunnel, when the CP1 in the far-end network need control the Device2 in the local network, this method also comprised:
6001: when CP1 need manage Device2, send the control message that is used to control Device2 to Device2;
Wherein, this control message promptly is second message that carries order, and is unicast message, is used to manage Device2.
After 6002:RAS2 receives the control message that sends through the visit tunnel of setting up in advance; Five-tuple and equipment five-tuple filter table according to the control message judge whether destination device is preset equipment; If; Then will control message and be forwarded to local network, make that the destination device Device2 in the local network receives this control message.
6003:Device2 receive should control message after, after handling accordingly according to this control message, be used to respond the control response message of this control message to the CP1 transmission;
Wherein, this control response message is a unicast message.
Further, the further comprising the steps of 6004-6005 of the embodiment of the invention:
After 6004:RAS2 receives this control response message; Five-tuple filter table according to equipment determines whether to allow to transmit to RAS1; Transmit if allow; After then the control response message being encapsulated according to the required form of gre tunneling, the control response message after the encapsulation is belonged to forwarded through gre tunneling to RAS1.
Optional, in this step, can the control response message not filtered according to the five-tuple filter table of equipment yet.
6005:RAS1 carries out decapsulation to the control response message after the encapsulation, and the control response message after the decapsulation is transmitted to CP1 after receiving the control response message after this encapsulation through gre tunneling.
The handling process that above-mentioned steps 6001~6003 is managed equipment for control appliance, in this flow process, control appliance is through the equipment in the gre tunneling control far-end network.When step 6004-6005 is the response message of the destination device transmission in receiving local network, transmit the process of said response message to the control appliance of far-end network.
Need to prove that the method that this inventive embodiments provides can also be used to obtain device description file, event subscription and designated equipment search, when obtaining device description file; The effect of control message is control appliance feedback description document, and when event subscription, the effect of control message is subscription incident on equipment; When designated equipment is searched for; The effect of control message is the presence of query device specific, and its flow process is similar, repeats no more.
In the above-described embodiments; Through changing processing method to message; When sending message through the visit tunnel of setting up in advance, message is encapsulated, making does not need too much processing and understands the UPnP agreement; Reduce the close-coupled with the UPnP agreement, thereby simplified internetwork browsing process.
In the foregoing description, when being RAS 1 and the configurating filtered table of RAS2, only disposed the UUID filter table of equipment; In another embodiment provided by the invention, when RAS1 and RAS2 are configured, both UUID filter table of configuration device; The five-tuple filter table of configuration device again, five yuan of filter table of this equipment be owing to be static configuration, so can not dynamically change because of the change of the IP address of equipment or other parameters; In addition, when using, the concrete application mode of filter table and the application mode in the foregoing description are in like manner; All be used for the equipment or the control appliance that send message are filtered, repeat no more at this.
Foregoing invention embodiment is based on that the UPnP agreement describes; As network application IGRS (Intelligent Grouping and Resource Sharing; Information equipment resource-sharing cooperation with service) during agreement; Flow process and UPnP are similar, but do not comprise the function of multicast reporting events, repeat no more at this.
The method that present embodiment provides; Send to the far-end network of local network through the visit tunnel of setting up in advance through the message that local network device is sent; Reached the purpose of real-time remote monitoring equipment state; Avoided in time to know the equipment event and incuring loss through delay the situation in processing time, farthest kept the primary characteristic of UPnP, avoided when remote access some UPnP function to use owing to control appliance.
Embodiment 2
In order to simplify the remote access flow process, conserve network resources, the embodiment of the invention provide a kind of server, referring to Fig. 7, comprising:
First receiver module 701 is used to receive first message that the equipment of local network sends;
First forwarding module 702; Be used to judge that whether this first message is from preset equipment; When this first message during from preset equipment; This first message is sent to the far-end network of this local network through the visit tunnel of setting up in advance, makes that the control appliance in this far-end network receives this first message.
This first message carries the device identification of this equipment, and correspondingly, referring to Fig. 8, this first forwarding module 702 comprises:
The first filter element 702a is used for according to this device identification and preset general unique identifier filter table, judges whether this equipment is preset equipment, if then this first message is from preset equipment.
The first retransmission unit 702b; Be used for when this first filter element is judged this first message from the equipment of presetting; This first message is sent to the far-end network of this local network through the visit tunnel of setting up in advance, makes that the control appliance in this far-end network receives this first message.This first message is online declaration message or search response message.
After this first filter element 702a also is used to receive first message that the equipment of this local network sends, generates or upgrade preset five-tuple filter table according to said first message, said preset five-tuple filter table is generated by preset general unique identifier filter table.
This first filter element 702a specifically is used for when working as said equipment for preset equipment and not in said preset five-tuple filter table; Then from the preset field of said first message, obtain IP address, the port numbers of said equipment, and it is joined in the said preset five-tuple filter table; Or
This first filter element 702a is used for working as said equipment for preset equipment and in said preset five-tuple filter table; If different in the IP address of the said equipment in the preset field of said first message, port numbers and the said equipment five-tuple filter table are then upgraded equipment described in the said preset five-tuple filter table corresponding IP address and port numbers.
This first forwarding module 702 specifically is used for when judging that whether this first message is from preset equipment; When this first message from preset equipment; And this first message is online declaration message; Or when off-line declaration message or multicast reporting events message, this first message is encapsulated, and first message after will encapsulate is sent to the far-end network of this local network through the visit tunnel of foundation in advance.
Referring to Fig. 9, this server also comprises:
Second receiver module 703 is used to receive second message of the control appliance of far-end network through the visit tunnel transmission of foundation in advance;
Second forwarding module 704; Be used to judge whether the destination device of this second message is preset equipment; When the destination device of this second message during for preset equipment, this second message is forwarded to local network, make that this destination device in this local network receives this second message.
Referring to Figure 10, second forwarding module 704 comprises:
The second filter element 704a; Be used for judging according to the five-tuple and the said equipment five-tuple filter table of said second message whether said destination device is preset equipment; If; Then said destination device is preset equipment, and said equipment five-tuple filter table is generated by preset general unique identifier filter table;
The second retransmission unit 704b, being used for judging the destination device of said second message when said second filter element is when presetting equipment, said second message to be forwarded to local network, makes that the said destination device in the said local network receives said second message.
Referring to Figure 11, this server also comprises:
The 3rd forwarding module 705 during the response message that is used for sending when this destination device that receives this local network, is transmitted this response message to the control appliance of this far-end network.
This second message is for controlling message, event subscription message, obtaining device description message or designated equipment search message.
The server that present embodiment provides specifically can be RAS, belongs to same design with method embodiment, and its concrete implementation procedure sees method embodiment for details, repeats no more here.
The server that present embodiment provides; Send to the far-end network of local network through the visit tunnel of setting up in advance through the message that local network device is sent; Reached the purpose of real-time remote monitoring equipment state; Avoided in time to know the equipment event and incuring loss through delay the situation in processing time, farthest kept the primary characteristic of UPnP, avoided when remote access some UPnP function to use owing to control appliance.
The embodiment of the invention also provides a kind of network system, comprising:
Server is used to receive first message that the equipment of local network sends; And judge that whether said first message is from preset equipment; When said first message during from preset equipment; Said first message is sent to the far-end network of said local network through the visit tunnel of setting up in advance, makes that the control appliance in the said far-end network receives said first message;
At least one local device is used to send said first message.
Automatic Configuration Server is used for this at least one local device is configured and manages.
This network system can be systems such as regional network, local area network (LAN), and local device can be control point (control appliance) and equipment (various terminal) etc., and the embodiment of the invention is not done concrete qualification to this.The embodiment of this network system and method embodiment belong to same design, and its concrete implementation procedure sees method embodiment for details, repeats no more here.
The network system that present embodiment provides; Send to the far-end network of local network through the visit tunnel of setting up in advance through the message that local network device is sent; Reached the purpose of real-time remote monitoring equipment state; Avoided in time to know the equipment event and incuring loss through delay the situation in processing time, farthest kept the primary characteristic of UPnP, avoided when remote access some UPnP function to use owing to control appliance.
The all or part of of the technique scheme that the embodiment of the invention provides can be accomplished through the relevant hardware of program command; Said program can be stored in the storage medium that can read, and this storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
The above is merely preferred embodiment of the present invention, and is in order to restriction the present invention, not all within spirit of the present invention and principle, any modification of being done, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (19)
1. a remote access method is characterized in that, comprising:
RAS receives first message of the equipment transmission of local network;
Judge that whether said first message is from preset equipment; When said first message during from preset equipment; Said first message is sent to the far-end network of said local network through the visit tunnel of setting up in advance, makes that the control appliance in the said far-end network receives said first message.
2. method according to claim 1 is characterized in that said first message carries the device identification of said equipment; Saidly judge that said first message whether from preset equipment, specifically comprises:
According to said device identification and preset general unique identifier filter table, judge whether said equipment is preset equipment, if then said first message is from preset equipment.
3. method according to claim 1 and 2 is characterized in that, said first message is online declaration message, or the search response message, or the multicast event message, or off-line declaration message.
4. method according to claim 1 and 2 is characterized in that, when said first message is online declaration message, or during the search response message, said method also comprises:
After said RAS receives first message that the equipment of said local network sends, generate or upgrade preset five-tuple filter table according to said first message, said preset five-tuple filter table is generated by preset general unique identifier filter table.
5. method according to claim 4 is characterized in that, generates or the preset five-tuple filter table of renewal according to said first message, specifically comprises:
When said equipment for preset equipment and not in said preset five-tuple filter table, then from the preset field of said first message, obtain IP address, the port numbers of said equipment, and it joined in the said preset five-tuple filter table; Perhaps,
When said equipment for preset equipment and in said preset five-tuple filter table; If different in the IP address of the said equipment in the preset field of said first message, port numbers and the said equipment five-tuple filter table are then upgraded equipment described in the said preset five-tuple filter table corresponding IP address and port numbers.
6. according to each described method of claim 1-5, it is characterized in that, said first message be sent to the far-end network of said local network through the visit tunnel of setting up in advance, specifically comprise:
When said first message is online declaration message, or when off-line declaration message or multicast reporting events message, said first message is encapsulated, and first message after will encapsulating is sent to the far-end network of said local network through the visit tunnel of foundation in advance.
7. according to each described method of claim 1-5, it is characterized in that said method also comprises:
Said RAS receives second message of the control appliance of far-end network through the visit tunnel transmission of foundation in advance;
Whether the destination device of judging said second message is preset equipment, when the destination device of said second message during for preset equipment, said second message is forwarded to local network, makes that the said destination device in the said local network receives said second message.
8. method according to claim 7 is characterized in that, whether the said destination device of judging said second message is preset equipment, specifically comprises:
Five-tuple and equipment five-tuple filter table according to said second message judge whether said destination device is preset equipment, if then said destination device is preset equipment, said equipment five-tuple filter table is generated by preset general unique identifier filter table.
9. method according to claim 7 is characterized in that, said method also comprises:
During response message that the said destination device in receiving said local network sends, transmit said response message to the control appliance of said far-end network.
10. according to each described method of claim 7 to 9, it is characterized in that said second message is for controlling message, event subscription message, obtaining device description message or designated equipment search message.
11. a server is characterized in that, comprising:
First receiver module is used to receive first message that the equipment of local network sends;
First forwarding module; Be used to judge that whether said first message is from preset equipment; When said first message during from preset equipment; Said first message is sent to the far-end network of said local network through the visit tunnel of setting up in advance, makes that the control appliance in the said far-end network receives said first message.
12. server according to claim 11 is characterized in that, said first message carries the device identification of said equipment, and correspondingly, said first forwarding module comprises:
First filter element is used for according to said device identification and preset general unique identifier filter table, judges whether said equipment is preset equipment, if then said first message is from preset equipment;
First retransmission unit; Be used for when said first filter element is judged said first message from the equipment of presetting; Said first message is sent to the far-end network of said local network through the visit tunnel of setting up in advance, makes that the control appliance in the said far-end network receives said first message.
13. server according to claim 12; It is characterized in that; After said first filter element also is used to receive first message that the equipment of said local network sends; Generate or the preset five-tuple filter table of renewal according to said first message, said preset five-tuple filter table is generated by preset general unique identifier filter table.
14. server according to claim 13; It is characterized in that; Said first filter element specifically is used for when working as said equipment for preset equipment and not in said preset five-tuple filter table; Then from the preset field of said first message, obtain IP address, the port numbers of said equipment, and it is joined in the said preset five-tuple filter table; Or
Said first filter element is used for working as said equipment for preset equipment and in said preset five-tuple filter table; If different in the IP address of the said equipment in the preset field of said first message, port numbers and the said equipment five-tuple filter table are then upgraded equipment described in the said preset five-tuple filter table corresponding IP address and port numbers.
15. according to each described server of claim 11-14; It is characterized in that said first forwarding module specifically is used for when whether judging said first message from preset equipment, when said first message from preset equipment; And said first message is online declaration message; Or when off-line declaration message or multicast reporting events message, said first message is encapsulated, and first message after will encapsulating is sent to the far-end network of said local network through the visit tunnel of foundation in advance.
16., it is characterized in that said server also comprises according to each described server of claim 11-14:
Second receiver module is used to receive second message of the control appliance of far-end network through the visit tunnel transmission of foundation in advance;
Second forwarding module; Be used to judge whether the destination device of said second message is preset equipment; When the destination device of said second message during for preset equipment, said second message is forwarded to local network, make that the said destination device in the said local network receives said second message.
17. server according to claim 17 is characterized in that, second forwarding module comprises:
Second filter element; Be used for judging according to the five-tuple and the said equipment five-tuple filter table of said second message whether said destination device is preset equipment; If then said destination device is preset equipment, said equipment five-tuple filter table is generated by preset general unique identifier filter table;
Second retransmission unit, being used for judging the destination device of said second message when said second filter element is when presetting equipment, said second message to be forwarded to local network, makes that the said destination device in the said local network receives said second message.
18. server according to claim 17 is characterized in that, said server also comprises:
The 3rd forwarding module during the response message that is used for sending when the said destination device that receives said local network, is transmitted said response message to the control appliance of said far-end network.
19. a network system is characterized in that, comprising:
Server is used to receive first message that the equipment of local network sends; And judge that whether said first message is from preset equipment; When said first message during from preset equipment; Said first message is sent to the far-end network of said local network through the visit tunnel of setting up in advance, makes that the control appliance in the said far-end network receives said first message;
At least one local device is used to send said first message;
Automatic Configuration Server is used for said at least one local device is configured and manages.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010612482.8A CN102571861B (en) | 2010-12-23 | 2010-12-23 | Remote access method, server and network system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010612482.8A CN102571861B (en) | 2010-12-23 | 2010-12-23 | Remote access method, server and network system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102571861A true CN102571861A (en) | 2012-07-11 |
| CN102571861B CN102571861B (en) | 2015-09-30 |
Family
ID=46416333
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010612482.8A Expired - Fee Related CN102571861B (en) | 2010-12-23 | 2010-12-23 | Remote access method, server and network system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102571861B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104158877A (en) * | 2014-08-15 | 2014-11-19 | 杭州古北电子科技有限公司 | Remote control method, and device and system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB2445791A (en) * | 2007-01-17 | 2008-07-23 | Electricpocket Ltd | Interconnection of Universal Plug and Play Networks using eXtensible Messaging and Presence Protocol Streams |
| CN101627601A (en) * | 2007-01-18 | 2010-01-13 | 艾利森电话股份有限公司 | A method and apparatus for remote access to a home network |
| CN101779418A (en) * | 2007-05-30 | 2010-07-14 | 三星电子株式会社 | Method and apparatus for providing remote device with service of universal plug and play network |
-
2010
- 2010-12-23 CN CN201010612482.8A patent/CN102571861B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB2445791A (en) * | 2007-01-17 | 2008-07-23 | Electricpocket Ltd | Interconnection of Universal Plug and Play Networks using eXtensible Messaging and Presence Protocol Streams |
| CN101627601A (en) * | 2007-01-18 | 2010-01-13 | 艾利森电话股份有限公司 | A method and apparatus for remote access to a home network |
| CN101779418A (en) * | 2007-05-30 | 2010-07-14 | 三星电子株式会社 | Method and apparatus for providing remote device with service of universal plug and play network |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104158877A (en) * | 2014-08-15 | 2014-11-19 | 杭州古北电子科技有限公司 | Remote control method, and device and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102571861B (en) | 2015-09-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9154378B2 (en) | Architecture for virtualized home IP service delivery | |
| EP2448185B1 (en) | Internet connection system and server for routing connections to client device | |
| KR100996309B1 (en) | Network device | |
| US8751614B2 (en) | Providing virtualized visibility through routers | |
| KR101188037B1 (en) | Remote management method, a related auto configuration server, a related further auto configuration server, a related routing gateway and a related device | |
| KR100681625B1 (en) | A method to realize dynamic networking and resource sharing among equipments | |
| WO2017067327A1 (en) | Method for establishing persistent connection between multiple smart devices and server, and smart device | |
| CN103095749A (en) | Method and system used for achieving discovery of cross-network-segment equipment | |
| CN105338023A (en) | Intelligent equipment control method, apparatus and system | |
| JP2014533384A (en) | Method and system for managing devices in batch | |
| KR20120031303A (en) | Method, system and apparatus for providing automation management services | |
| CN102006266B (en) | Method for configuring service quality parameter, remote access server and system | |
| CN102571861B (en) | Remote access method, server and network system | |
| CN113260072B (en) | Mesh networking traffic scheduling method, gateway equipment and storage medium | |
| CN102025576A (en) | Home automation system and control method thereof | |
| WO2015059128A1 (en) | A forwarder selection protocol for a network and a respective cpe device | |
| Nguyen et al. | S-MANAGE protocol for software-defined IoT | |
| KR100455123B1 (en) | Control message multicasting method and apparatus for universal plug and play network system | |
| KR20040055446A (en) | Control point and cognition method among control points | |
| CN104202186A (en) | Method and system for configuring parameters for embedded device | |
| Nguyen et al. | ECHONET Lite-based IoT Platform for Smart Homes | |
| US20140215040A1 (en) | Apparatus and Method for Network Control | |
| Kumar et al. | An architectural framework for mobile device interaction with consumer home network appliances | |
| CN117440056A (en) | Method for constructing public cloud network topology based on MQTT and LLDP protocols | |
| US9307030B2 (en) | Electronic apparatus, network system and method for establishing private network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20180202 Address after: California Patentee after: Tanous Co. Address before: 518129 Longgang District, Guangdong, Bantian HUAWEI base B District, building 2, building No. Patentee before: HUAWEI DEVICE Co.,Ltd. Effective date of registration: 20180202 Address after: California, USA Patentee after: Global innovation polymerization LLC Address before: California, USA Patentee before: Tanous Co. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20180211 Address after: California, USA Patentee after: Tanous Co. Address before: 518129 Longgang District, Guangdong, Bantian HUAWEI base B District, building 2, building No. Patentee before: HUAWEI DEVICE Co.,Ltd. Effective date of registration: 20180211 Address after: California, USA Patentee after: Global innovation polymerization LLC Address before: California, USA Patentee before: Tanous Co. |
|
| TR01 | Transfer of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20150930 Termination date: 20211223 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |