CN102571861B - Remote access method, server and network system - Google Patents
Remote access method, server and network system Download PDFInfo
- Publication number
- CN102571861B CN102571861B CN201010612482.8A CN201010612482A CN102571861B CN 102571861 B CN102571861 B CN 102571861B CN 201010612482 A CN201010612482 A CN 201010612482A CN 102571861 B CN102571861 B CN 102571861B
- Authority
- CN
- China
- Prior art keywords
- message
- equipment
- default
- filter table
- local network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Abstract
The invention discloses a kind of remote access method, server and network system, belong to networking technology area.The method comprises: the first message that the equipment that RAS receives local network sends; Judge that whether this first message is from default equipment, when this first message is from default equipment, this first message is sent to the far-end network of this local network by the access tunnel set up in advance, makes the control appliance in this far-end network receive this first message.This server comprises: the first receiver module and the first forwarding module.The present invention sends to the far-end network of local network by the access tunnel that the message sent by local network device passes through to set up in advance, reach the object of real-time remote monitoring equipment state, avoid and cannot know equipment event in time due to control appliance and incur loss through delay the situation in processing time, farthest remain the primary characteristic of UPnP, avoid some UPnP function when remote access to use.
Description
Technical field
The present invention relates to networking technology area, particularly the remote access method of one, server and network system.
Background technology
UPnP (Universal Plug and Play, UPnP) realizes peer-to-peer network to smart machine, wireless device and PC etc. to be connected and a kind of framework designed.In UPnP, define remote access standard, namely in two networks, support that the equipment of UPnP can be accessed mutually by RAS (Remote AccessService, RAS).
After analyzing prior art, inventor finds that prior art at least has following shortcoming:
Far-end network cannot learn equipment event in local network in time, cannot the object of real-time remote monitoring equipment state, makes control appliance to know equipment event in time and to incur loss through delay the processing time.
Summary of the invention
In order to make far-end network learn equipment event in local network in time, embodiments provide a kind of remote access method, server and network system.Described technical scheme is as follows:
A kind of remote access method, comprising:
The first message that the equipment that RAS receives local network sends;
Judge that whether described first message is from default equipment, when described first message is from default equipment, described first message is sent to the far-end network of described local network by the access tunnel set up in advance, makes the control appliance in described far-end network receive described first message;
Wherein, described first message is for declare message online, or multicast event message, or off-line declaration message.
A kind of server, comprising:
First receiver module, the first message that the equipment for receiving local network sends;
First forwarding module, for judging that whether described first message is from default equipment, when described first message is from default equipment, described first message is sent to the far-end network of described local network by the access tunnel set up in advance, makes the control appliance in described far-end network receive described first message;
Wherein, described first message is for declare message online, or multicast event message, or off-line declaration message.
A kind of network system, comprising:
Server, the first message that the equipment for receiving local network sends; And judge that whether described first message is from default equipment, when described first message is from default equipment, described first message is sent to the far-end network of described local network by the access tunnel set up in advance, makes the control appliance in described far-end network receive described first message;
At least one local device, for sending described first message;
Automatic Configuration Server, for being configured at least one local device described and managing;
Wherein, described first message is for declare message online, or multicast event message, or off-line declaration message.
The beneficial effect of the technical scheme that the embodiment of the present invention provides is:
The access tunnel passing through to set up in advance by the message sent by local network device sends to the far-end network of local network, the control appliance in far-end network is made to learn the event of equipment institute timely, reach the object of real-time remote monitoring equipment state, avoid and cannot know equipment event in time due to control appliance and incur loss through delay the situation in processing time, farthest remain the primary characteristic of UPnP, avoid some UPnP function when remote access to use.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is the flow chart of a kind of remote access method that the embodiment of the present invention provides;
Fig. 2 is the flow chart of a kind of remote access method that the embodiment of the present invention provides;
Fig. 3 is the flow chart of a kind of remote access method that the embodiment of the present invention provides;
Fig. 4 is the flow chart of a kind of remote access method that the embodiment of the present invention provides;
Fig. 5 is the flow chart of a kind of remote access method that the embodiment of the present invention provides;
Fig. 6 is the flow chart of a kind of remote access method that the embodiment of the present invention provides;
Fig. 7 is the structural representation of a kind of server that the embodiment of the present invention provides;
Fig. 8 is the structural representation of a kind of server that the embodiment of the present invention provides;
Fig. 9 is the structural representation of a kind of server that the embodiment of the present invention provides;
Figure 10 is the structural representation of a kind of server that the embodiment of the present invention provides;
Figure 11 is the structural representation of a kind of server that the embodiment of the present invention provides.
Embodiment
For making the object, technical solutions and advantages of the present invention clearly, below in conjunction with accompanying drawing, embodiment of the present invention is described further in detail.
Before introducing remote access methods, devices and systems provided by the invention, first concise and to the point introduction is carried out to rudimentary knowledge of the present invention:
1, CP (Control Point, control point), refers to a kind of control appliance or management equipment, for supporting the equipment of UPnP in net control.
2, ACS (Auto-Configuration Server, Automatic Configuration Server), for being configured terminal equipment and managing.
3, VPN (Virtual Private Network, VPN (virtual private network)), refers to the network connection of being set up a safety by a common network (normally internet).
4, GRE (Generic Routing Encapsulation, generic route encapsulation) defines the agreement encapsulating any one other network layer protocol on any one network layer protocol.
5, TR-069 is one of technical specification developed by Broadband Forum (Broadband Forum), and its full name is " CPE wide area network management agreement ".It provide general framework and the agreement of the network equipment in next generation network being carried out to administration configuration, for carrying out remote centralized management from network side to equipment such as the gateway in network, router, Set Top Box.
Embodiment 1
In order to simplify remote access flow process, save Internet resources, embodiments provide a kind of remote access method, the executive agent of this embodiment is RAS, in this embodiment, the network at this RAS place is called local network, the network at other the server places mutual with this RAS is called far-end network, see Fig. 1, comprising:
101: the first message that the equipment that RAS receives local network sends;
102: judge that whether this first message is from default equipment, when this first message is from default equipment, this first message is sent to the far-end network of this local network by the access tunnel set up in advance, makes the control appliance in this far-end network receive this first message.
The access tunnel passing through to set up in advance by the message sent by local network device sends to the far-end network of local network, the control appliance in far-end network is made to learn the event of equipment institute timely, reach the object of real-time remote monitoring equipment state, avoid and cannot know equipment event in time due to control appliance and incur loss through delay the situation in processing time, farthest remain the primary characteristic of UPnP, avoid some UPnP function when remote access to use.
See Fig. 2, embodiments provide a kind of remote access method, the embodiment of the present invention is only described for the remote access carried out between the first RAS (the Remote Access Server) RAS1 in first network and the second RAS RAS2 in second network, first network and second network one of them be local network, then another is the far-end network of this local network, wherein, a control appliance CP1 is had in first network, equipment Device2 and Device3 supporting UPnP is had in second network, see Fig. 2, the method comprises:
2001: the first RAS RAS1 send the foundation request of the vpn tunneling requiring to set up between RAS1 and the second RAS RAS2 to ACS;
Preferably, require to be notified by the case mechanism of TR-069 when setting up vpn tunneling to ACS.Those skilled in the art can be known, the case mechanism of TR-069 is generally changed by monitor certain parameters value, and when this particular parameter value changes, initiate the notice of dependent event.
In embodiments of the present invention, initiate access for the first RAS RAS1 to the second RAS RAS2 to be described, when RAS1 initiates access, namely send for asking the foundation request of setting up vpn tunneling to RAS2, the form of this foundation request has multiple, and this process setting up tunnel can be triggered by event, also can be the process setting up tunnel initiatively, the embodiment of the present invention be not specifically limited this.Such as, when a control appliance of RAS1 place network side to have sent the control message of the equipment for requiring control RAS2 place network side to RAS1, then can trigger by this message the process setting up tunnel; Can also realize setting up tunnel in order to using with the server interaction between latter two network.
2002:ACS obtains the VPN ability information that RAS1 supports after receiving the foundation request of the first RAS RAS1 transmission;
2003:ACS obtains the VPN ability information that RAS2 supports;
Wherein, in above-mentioned steps 2002-2003, before ACS obtains its VPN ability information respectively to RAS1 and RAS2, first can judge the VPN ability information that self whether known RAS1 supports, if not, inquire about its VPN ability information supported to RAS1 and/or RAS2; If so, then do not need to inquire about its VPN information supported to RAS1.
Those skilled in the art can be known, the reciprocal process that ACS inquires about the VPN ability information that RAS1 and RAS2 supports is prior art, does not repeat them here.And, when ACS once obtained the VPN ability information of RAS1 support, this VPN ability information can be retained, thus directly can apply in follow-up access process.
2004:RAS1 and RAS2 carries out VPN capability negotiation, and selects that RAS1 and RAS2 supports and can encapsulate the VPN agreement of multicast message;
Those skilled in the art can be known, this carries out VPN capability negotiation is prior art, and in embodiments of the present invention, when carrying out this VPN capability negotiation, RAS1 and RAS2 carries out message interaction by ACS.
2005: according to VPN parameter, the Multicast Routing of the VPN protocol configuration RAS1 selected, and UUID (Universally Unique Identifier, the general unique identifier) filter table (presetting general unique identifier filter table) of RAS1 place equipment in network is set;
It should be noted that, this UUID filter table is the filtering rule pre-set, it is blacklist or white list that this filtering rule specifically can show as UUID filter table, in embodiments of the present invention, this UUID filter table is white list, also namely, the equipment that the ID existed in this UUID filter table is corresponding all allows to be accessed remotely through computer networks.In this step, owing to not needing accessed equipment in the network at RAS1 place, therefore do not need when configuring RAS1 to increase UUID filtering meter item.
2006: according to VPN parameter, the Multicast Routing of the VPN protocol configuration RAS2 selected, the UUID filter table of RAS2 place equipment in network is set;
In embodiments of the present invention, UUID filter table is white list, supposes that equipment Device2 is the equipment allowing to be accessed remotely through computer networks, and when configuring RAS2, is configured in the UUID filter table of equipment by equipment Device2.
In step 2005 and step 2006, the equipment that the UUID filter table of equipment is used for sending message filters, in embodiments of the present invention, this UUID filter table can be white list, namely the equipment arranged in this UUID filter table is the equipment allowing to be accessed remotely through computer networks, the message that this kind equipment is sent is forwarded, when the first message such as the declaration message receiving this equipment from local network (comprises and declares message online, or off-line declaration message), when search response message and multicast event message, forward this message, if equipment is not in this UUID filter table, then this equipment is the equipment not allowing to be accessed remotely through computer networks, when receiving the first message of equipment from local network as declaration message, when search response message and multicast event message, not by this first message repeating to far-end network.
By when setting up vpn tunneling, RAS1 and RAS2 place equipment in network filtering rule and UUID filter table is separately set, the security mechanism in remote access can be improved, network can be filtered, to reach the object controlling the access that local network is undertaken by far-end network to the control appliance/equipment of reaching the standard grade or access.
2007: between RAS1 and RAS2, set up access tunnel vpn tunneling.
Those skilled in the art can be known, the process setting up this vpn tunneling is prior art, does not repeat them here.
In embodiments of the present invention, be gre tunneling by this access tunnel configuration, gre tunneling gets final product transport multicast message, also can transmit unicast message, have wide range of applications.
Above-mentioned steps 2001 ~ 2007 is the access tunnel vpn tunneling set up between RAS1 and RAS2 and configures the process of remote access filter table, this process difference from prior art is, respectively to the UUID filter table RAS1 and RAS2 being arranged place equipment in network before setting up vpn tunneling, by filter table, the control appliance/equipment sending message is filtered, improve network and remote access fail safe.In following inventive embodiments, the first message can be declaration message, search response message or multicast reporting events message.Second message is for controlling message, event subscription message, obtaining device description message or designated equipment search message.
SSDP:alive multicast message is sent every preset duration after 2008:Device2 reaches the standard grade;
Wherein, SSDP:alive multicast message, for declare message online, is the one of the first message, for the presence message notice of equipment being given other control appliance in the network at this equipment place, comprise RAS, in the present embodiment, RAS2 can receive the SSDP:alive message that Device2 sends.
Those skilled in the art can be known, this preset duration can be arranged according to equipment self performance, and also can arrange according to the message processing capability of RAS, the embodiment of the present invention is not specifically limited this.
After 2009:RAS2 receives the SSDP:alive multicast message of the Device2 in local network, judge whether this Device2 allows to be accessed by RAS1 place network-based control apparatus remote according to the UUID filter table pre-set, if allowed, then forward the SSDP:alive multicast message of this Device2, if do not allowed, then do not forward;
Wherein, namely the UUID filter table pre-set is default equipment filtering rule, and this judgement is specially: judge whether described equipment is default equipment according to described device identification and equipment filtering rule, if so, then described first message is from default equipment.It is accessed that this default equipment is permission.
In embodiments of the present invention, Device2 is set to and allows accessed equipment, if after then receiving the SSDP:alive multicast message of Device2, judged it, can obtain judged result allows accessed for this equipment, then forward this SSDP:alive multicast message.
Further, generate according to described first message or upgrade and preset five-tuple filter table, generate or update the equipment default five-tuple filter table, and this default five-tuple filter table generates by presetting UUID filter table:
When this equipment is for presetting equipment and not in default five-tuple filter table, then obtaining the IP address of this equipment, port numbers from the preset field of this first message, and joined in this default five-tuple filter table; Or, when this equipment is for presetting equipment and in default five-tuple filter table, if different from this equipment five-tuple filter table of the IP address of this equipment in the preset field of this first message, port numbers, namely the IP address, port numbers etc. of this equipment have changed, then upgrade IP address and port numbers that in this default five-tuple filter table, this equipment is corresponding.This preset field is preferably location field.
Those skilled in the art can be known, five-tuple typically refers to by number set that these five amounts form of source IP address, source port, object IP address, destination interface and transport layer protocol.
It should be noted that, the five-tuple filter table of equipment generates according to UUID filter table, and equipment may add UUID filter table, but does not add five-tuple filter table in time, and dynamic change five-tuple filter table can improve the flexibility of server.UUID filter table is used for filtering the first message, when using UUID filter table to filter, application layer need be resolved to, carry out comprising and the operations such as extraction are carried out to message content, and in subsequent process, use the five-tuple filter table generated by UUID filter table, then do not need to be resolved to application layer, do not need to operate message content, efficiency is higher.
Alternatively, can according to the ability of network, change RAS forwards the frequency of SSDP:alive multicast message, as poor in network capabilities or busy at present, the frequency reducing this forwarding can alleviate the burden of network, as network capabilities better or the free time longer, also can improve the frequency of forwarding with the state making bipartite network know equipment sooner more timely.Such as: when initial setting up RAS2 often receives the SSDP:alive multicast message of 1 RASDevice2 transmission, forwarded once to RAS1 by gre tunneling, in order to alleviate the burden of network, initial setting up can be changed into 5 the SSDP:alive message often receiving Device2 and send, forward 1 time by gre tunneling to RAS1.
Further, the method also comprises: after the SSDP:alive multicast message after encapsulation is transferred to RAS1 by the access tunnel gre tunneling set up in advance, this message of RAS1 decapsulation, and the SSDP:alive multicast message after decapsulation is forwarded to the first network at CP1 place, make CP1 receive this SSDP:alive multicast message.
In inventive embodiments, after RAS1 is forwarded to the first network at CP1 place the SSDP:alive multicast message after decapsulation, CP1 can receive this SSDP:alive multicast message, and namely CP1 knows its state.
In embodiments of the present invention, encapsulation is the form be encapsulated as by multicast message needed for gre tunneling, so that RAS2 is by the direct transport multicast message of gre tunneling.
It should be noted that, when Device2 will off-line time, SSDP:byebye multicast message can be sent, i.e. off-line declaration message, RAS2 is identical with handling process when reaching the standard grade to Device2 to the handling process of SSDP:byebye multicast message, because SSDP:byebye multicast message only sends when rolling off the production line, namely not needing periodically to send, therefore not needing the transmission frequency changing SSDP:byebye multicast message.The five-tuple filter table generating according to SSDP:byebye multicast message or update the equipment is not needed in addition yet.
Above-mentioned steps 2008 ~ 2009 is the declaration flow process for the discovering device stage, in this flow process, when equipment is reached the standard grade, RAS2 is forwarded to far-end network in time the declaration message of this equipment, control appliance in far-end network can be known timely, and the state of equipment in local network changes, improve the periodically distally network time delay that reports local device state to cause of RAS2 in prior art, add real-time.
See Fig. 3, the embodiment of the present invention additionally provides a remote access method, the method is on the basis that step 2001-step 2007 establishes access tunnel, when network application UPnP protocol, network also has the function of multicast reporting events, when Device2 has multicast event to produce, need to notify RAS1 CP1 in a network, then the method comprises:
3001: when Device2 has multicast event to produce, send the multicast event message for notifying this multicast event;
In embodiments of the present invention, this multicast event is predeterminable event, and when there is this predeterminable event, equipment can send multicast event message.
Wherein, multicast event message is the first message carrying predeterminable event.
Determine whether to allow to forward to RAS1 according to the UUID filter table pre-set after 3002:RAS2 receives multicast event message, if allow to forward, then multicast message is encapsulated, and the gre tunneling being passed through to set up in advance by the multicast message after encapsulation is to RAS1 place forwarded;
Wherein, namely the UUID filter table pre-set is default equipment filtering rule;
3003: after multicast message is transferred to RAS1 by gre tunneling, RAS1 carry out decapsulation to the multicast message after encapsulation, and the multicast message after decapsulation is transmitted to the network at RAS1 place, make CP1 know this multicast event.
Above-mentioned steps 3001 ~ 3003 is by the multicast event distally handling process that reports of control appliance, in this flow process, when equipment generation multicast event, RAS2 is forwarded to multicast event message in far-end network, control appliance in far-end network can be known timely and solve multicast event in local network device between RAS1 and RAS2 of the prior art and do not support the problem that multicast event is mutual.
In the above-described embodiments, the access tunnel passing through to set up in advance by the message sent by local network device sends to the far-end network of local network, the control appliance in far-end network is made to learn the event of equipment institute timely, reach the object of real-time remote monitoring equipment state, avoid and cannot know equipment event in time due to control appliance and incur loss through delay the situation in processing time, farthest remain the primary characteristic of UPnP.
See Fig. 4, the embodiment of the present invention additionally provides a kind of remote access method, establishes on the basis in access tunnel in step 2001-step 2007, when RAS1 CP1 in a network reach the standard grade time, need to know online Upnp equipment by search, then the method comprises:
Access tunnel by setting up in advance after 4001:CP1 reaches the standard grade sends SSDP:M-SEARCH multicast message;
Wherein, this SSDP:M-SEARCH multicast message, for inquiring about local network or the online equipment of telecommunication network;
The SSDP:M-SEARCH multicast message that the 4002:RAS2 RAS1 received in far-end network forwards after carrying out GRE encapsulation, this message of RAS2 decapsulation, and the SSDP:M-SEARCH multicast message after decapsulation is forwarded to the second network at RAS2 place, make the equipment in local network, comprise Device2 and can receive this SSDP:M-SEARCH multicast message.
4003: after Device2 receives this SSDP:M-SEARCH multicast message, Device2 to CP1 respond search response message;
In embodiments of the present invention, the state of Device2 is defaulted as online, after the Device2 of presence receives SSDP:M-SEARCH multicast message, the presence of self can be passed through search response message notifying to RAS2.
Wherein, this search response message is unicast message, also belongs to the first message.
Further, the further comprising the steps of 4004-4005 of the embodiment of the present invention:
According to UUID filter table, this search response message is filtered after 4004:RAS2 receives search response message, if allow forward, then by this search response message by gre tunneling to RAS1 place forwarded.
Further, if search response message allows to forward, also need the method according to step 2009, the IP address current according to equipment and port numbers, generate or update the equipment five-tuple filter table.
4005: after this search response message is transferred to RAS1 by gre tunneling, RAS1 is search response message repeating to CP1, and CP1 is known, and Device2 is online.
Above-mentioned steps 4001 ~ 4003 is the flow process for the search equipment stage, in this flow process, after control appliance is reached the standard grade, the equipment on-line which supports UPnP is inquired about by the search message sending UPnP, so that network can know the state of equipment in correspondent network timely, the RAS2 improved in RAS1 of the prior art periodicity far-end network obtains the time delay that equipment state causes, and adds real-time.Step 4004-4005 is that the distally process of response message described in network-based control device forwards, can allow control appliance learn the state of equipment in real time when receiving the response message that the object equipment in local network sends.
See Fig. 5, the method also comprises:
5001: the second message that the control appliance that this RAS receives far-end network is sent by the access tunnel set up in advance;
5002: whether the object equipment judging this second message is default equipment, when the object equipment of this second message is for presetting equipment, this second message is forwarded to local network, makes this object equipment in this local network receive this second message.
In one embodiment of the invention, step shown in Fig. 5 can be specially: see Fig. 6, establishes on the basis in access tunnel in step 2001-step 2007, and when the CP1 in far-end network needs to control the Device2 in local network, the method also comprises:
6001: when CP1 needs management Device2, send the control message for control Device2 to Device2;
Wherein, namely this control message is the second message carrying order, and is unicast message, for managing Device2.
After 6002:RAS2 receives the control message of the access tunnel transmission by setting up in advance, five-tuple and equipment five-tuple filter table according to controlling message judge whether object equipment is default equipment, if, then will control message repeating to local network, and make the object equipment Device2 in local network receive this control message.
After 6003:Device2 receives this control message, after processing accordingly according to this control message, send the control response message for responding this control message to CP1;
Wherein, this control response message is unicast message.
Further, the further comprising the steps of 6004-6005 of the embodiment of the present invention:
After 6004:RAS2 receives this control response message, determine whether to allow to forward to RAS1 according to the five-tuple filter table of equipment, if allow to forward, then by control response message according to needed for gre tunneling form encapsulation after, by encapsulation after control response message by gre tunneling to RAS1 place forwarded.
Optionally, in this step, also can not filter the five-tuple filter table of control response message according to equipment.
After 6005:RAS1 receives the control response message after this encapsulation by gre tunneling, decapsulation is carried out to the control response message after encapsulation, and by the control response message repeating after decapsulation to CP1.
Above-mentioned steps 6001 ~ 6003 is the handling process that control appliance manages equipment, and in this flow process, control appliance controls the equipment in far-end network by gre tunneling.Step 6004-6005 is when receiving the response message that the object equipment in local network sends, the distally process of response message described in network-based control device forwards.
It should be noted that, the method that this inventive embodiments provides can also be used for obtaining device description file, event subscription and designated equipment search, when obtaining device description file, the effect controlling message is control appliance feedback description document, and when event subscription, the effect controlling message is subscription event on equipment, when designated equipment is searched for, the effect controlling message is the presence of query device specific, and its flow process is similar, repeats no more.
In the above-described embodiments, by changing the processing method to message, when the access tunnel by setting up in advance sends message, message is encapsulated, make do not need too much process and understand UPnP protocol, decrease the close-coupled with UPnP protocol, thus simplify internetwork browsing process.
In above-described embodiment, when table configurating filtered for RAS1 and RAS2, only be configured with the UUID filter table of equipment, in another embodiment provided by the invention, when being configured RAS1 and RAS2, can the UUID filter table of both configuration devices, the five-tuple filter table of configuration device again, five yuan of filter table of this equipment are owing to being static configuration, so dynamically can not change because of the change of the IP address of equipment or other parameters, in addition, when applying, application mode in the embody rule mode of filter table and above-described embodiment in like manner, all for filtering the equipment or control appliance that send message, do not repeat them here.
Foregoing invention embodiment is described based on UPnP protocol, as network application IGRS (IntelligentGrouping and Resource Sharing, information equipment resource-sharing cooperation with service) agreement time, flow process and UPnP similar, but do not comprise the function of multicast reporting events, do not repeat them here.
The method that the present embodiment provides, the access tunnel passing through to set up in advance by the message sent by local network device sends to the far-end network of local network, reach the object of real-time remote monitoring equipment state, avoid and cannot know equipment event in time due to control appliance and incur loss through delay the situation in processing time, farthest remain the primary characteristic of UPnP, avoid some UPnP function when remote access to use.
Embodiment 2
In order to simplify remote access flow process, saving Internet resources, embodiments providing a kind of server, see Fig. 7, comprising:
First receiver module 701, the first message that the equipment for receiving local network sends;
First forwarding module 702, for judging that whether this first message is from default equipment, when this first message is from default equipment, this first message is sent to the far-end network of this local network by the access tunnel set up in advance, makes the control appliance in this far-end network receive this first message.
This first message carries the device identification of this equipment, and correspondingly, see Fig. 8, this first forwarding module 702 comprises:
First filter element 702a, for according to this device identification and preset general unique identifier filter table, judge whether this equipment is default equipment, if so, then this first message is from default equipment.
First retransmission unit 702b, for when this first filter element judges this first message from default equipment, this first message is sent to the far-end network of this local network by the access tunnel set up in advance, makes the control appliance in this far-end network receive this first message.This first message is for declare message or search response message online.
This first filter element 702a also for receive this local network equipment send the first message after, according to described first message generate or upgrade preset five-tuple filter table, described default five-tuple filter table by preset general unique identifier filter table generate.
This first filter element 702a is specifically for when when described equipment is for presetting equipment and not in described default five-tuple filter table, from the preset field of described first message, then obtain IP address, the port numbers of described equipment, and joined in described default five-tuple filter table; Or
This first filter element 702a is used for when described equipment is for presetting equipment and in described default five-tuple filter table, if different from described equipment five-tuple filter table of the IP address of the described equipment in the preset field of described first message, port numbers, then upgrade IP address and port numbers that described in described default five-tuple filter table, equipment is corresponding.
Specifically for working as, this first forwarding module 702 judges that whether this first message is from default equipment, when this first message is from default equipment, and this first message is for declare message online, off-line declaration message or multicast reporting events message time, this first message is encapsulated, and the first message after encapsulation is sent to the far-end network of this local network by the access tunnel set up in advance.
See Fig. 9, this server also comprises:
Second receiver module 703, the second message that the control appliance for receiving far-end network is sent by the access tunnel set up in advance;
Second forwarding module 704, for judging whether the object equipment of this second message is default equipment, when the object equipment of this second message is for presetting equipment, this second message is forwarded to local network, makes this object equipment in this local network receive this second message.
See Figure 10, the second forwarding module 704 comprises:
Second filter element 704a, for judging whether described object equipment is default equipment according to the five-tuple of described second message and described equipment five-tuple filter table, if, then described object equipment is default equipment, and described equipment five-tuple filter table generates by presetting general unique identifier filter table;
Second retransmission unit 704b, during for judging the object equipment of described second message when described second filter element as presetting equipment, being forwarded to local network by described second message, making the described object equipment in described local network receive described second message.
See Figure 11, this server also comprises:
3rd forwarding module 705, for when receiving the response message that this object equipment in this local network sends, the control appliance to this far-end network forwards this response message.
This second message is for controlling message, event subscription message, obtaining device description message or designated equipment search message.
The server that the present embodiment provides, is specifically as follows RAS, belongs to same design with embodiment of the method, and its specific implementation process refers to embodiment of the method, repeats no more here.
The server that the present embodiment provides, the access tunnel passing through to set up in advance by the message sent by local network device sends to the far-end network of local network, reach the object of real-time remote monitoring equipment state, avoid and cannot know equipment event in time due to control appliance and incur loss through delay the situation in processing time, farthest remain the primary characteristic of UPnP, avoid some UPnP function when remote access to use.
The embodiment of the present invention additionally provides a kind of network system, comprising:
Server, the first message that the equipment for receiving local network sends; And judge that whether described first message is from default equipment, when described first message is from default equipment, described first message is sent to the far-end network of described local network by the access tunnel set up in advance, makes the control appliance in described far-end network receive described first message;
At least one local device, for sending described first message.
Automatic Configuration Server, for being configured this at least one local device and managing.
This network system can be the system such as regional network, local area network (LAN), and local device can be control point (control appliance) and equipment (various terminal) etc., and the embodiment of the present invention is not specifically limited this.The embodiment of this network system and embodiment of the method belong to same design, and its specific implementation process refers to embodiment of the method, repeats no more here.
The network system that the present embodiment provides, the access tunnel passing through to set up in advance by the message sent by local network device sends to the far-end network of local network, reach the object of real-time remote monitoring equipment state, avoid and cannot know equipment event in time due to control appliance and incur loss through delay the situation in processing time, farthest remain the primary characteristic of UPnP, avoid some UPnP function when remote access to use.
The all or part of of the technique scheme that the embodiment of the present invention provides can have been come by the hardware that program command is relevant, described program can be stored in the storage medium that can read, and this storage medium comprises: ROM, RAM, magnetic disc or CD etc. various can be program code stored medium.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (12)
1. a remote access method, is characterized in that, comprising:
The first message that the equipment that RAS receives local network sends, described first message carries the device identification of described equipment;
According to described device identification and default general unique identifier filter table, judge whether described equipment is default equipment, if so, then described first message is from default equipment;
When described first message is from default equipment, described first message is sent to the far-end network of described local network by the access tunnel set up in advance, makes the control appliance in described far-end network receive described first message;
Wherein, described first message is for declare message online, or multicast event message, or off-line declaration message;
When described first message is online declaration message, described method also comprises:
After the first message that the equipment that described RAS receives described local network sends, generate according to described first message or upgrade and preset five-tuple filter table, described default five-tuple filter table generates by presetting general unique identifier filter table.
2. method according to claim 1, is characterized in that, generates or upgrades and preset five-tuple filter table, specifically comprise according to described first message:
When described equipment is for presetting equipment and not in described default five-tuple filter table, then obtaining IP address, the port numbers of described equipment from the preset field of described first message, and joined in described default five-tuple filter table; Or,
When described equipment is for presetting equipment and in described default five-tuple filter table, if different from described equipment five-tuple filter table of the IP address of the described equipment in the preset field of described first message, port numbers, then upgrade IP address and port numbers that described in described default five-tuple filter table, equipment is corresponding.
3. method according to claim 1 and 2, is characterized in that, described first message is sent to the far-end network of described local network by the access tunnel set up in advance, specifically comprises:
When described first message is for declare message online, or when off-line declares message or multicast reporting events message, described first message is encapsulated, and the first message after encapsulation is sent to the far-end network of described local network by the access tunnel set up in advance.
4. method according to claim 1 and 2, is characterized in that, described method also comprises:
The second message that the control appliance that described RAS receives far-end network is sent by the access tunnel set up in advance;
Judge whether the object equipment of described second message is default equipment according to the five-tuple of described second message and equipment five-tuple filter table, described equipment five-tuple filter table generates by presetting general unique identifier filter table;
When the object equipment of described second message is for presetting equipment, described second message is forwarded to local network, makes the described object equipment in described local network receive described second message.
5. method according to claim 4, is characterized in that, described method also comprises:
When the response message that the described object equipment received in described local network sends, the control appliance to described far-end network forwards described response message.
6. method according to claim 4, is characterized in that, described second message is for controlling message, event subscription message, obtaining device description message or designated equipment search message.
7. a server, is characterized in that, comprising:
First receiver module, the first message that the equipment for receiving local network sends, described first message carries the device identification of described equipment;
First forwarding module, for judging that whether described first message is from default equipment, when described first message is from default equipment, described first message is sent to the far-end network of described local network by the access tunnel set up in advance, makes the control appliance in described far-end network receive described first message;
Wherein, described first message is for declare message online, or multicast event message, or off-line declaration message;
Correspondingly, described first forwarding module comprises:
First filter element, for according to described device identification and preset general unique identifier filter table, judge whether described equipment is default equipment, if so, then described first message is from default equipment;
First retransmission unit, for when described first filter element judges described first message from default equipment, described first message is sent to the far-end network of described local network by the access tunnel set up in advance, makes the control appliance in described far-end network receive described first message;
Described first filter element also for receive described local network equipment send the first message after, according to described first message generate or upgrade preset five-tuple filter table, described default five-tuple filter table by preset general unique identifier filter table generate.
8. server according to claim 7, it is characterized in that, described first filter element is specifically for when described equipment is for presetting equipment and not in described default five-tuple filter table, from the preset field of described first message, then obtain IP address, the port numbers of described equipment, and joined in described default five-tuple filter table; Or
Described first filter element is used for when described equipment is for presetting equipment and in described default five-tuple filter table, if different from described equipment five-tuple filter table of the IP address of the described equipment in the preset field of described first message, port numbers, then upgrade IP address and port numbers that described in described default five-tuple filter table, equipment is corresponding.
9. the server according to claim 7 or 8, it is characterized in that, specifically for working as, described first forwarding module judges that whether described first message is from default equipment, when described first message is from default equipment, and described first message is for declare message online, off-line declaration message or multicast reporting events message time, described first message is encapsulated, and the first message after encapsulation is sent to the far-end network of described local network by the access tunnel set up in advance.
10. the server according to claim 7 or 8, is characterized in that, described server also comprises:
Second receiver module, the second message that the control appliance for receiving far-end network is sent by the access tunnel set up in advance;
Second forwarding module, for judging whether the object equipment of described second message is default equipment, when the object equipment of described second message is for presetting equipment, described second message is forwarded to local network, makes the described object equipment in described local network receive described second message;
Second forwarding module comprises:
Second filter element, for judging whether described object equipment is default equipment according to the five-tuple of described second message and described equipment five-tuple filter table, described equipment five-tuple filter table generates by presetting general unique identifier filter table;
Second retransmission unit, during for judging the object equipment of described second message when described second filter element as presetting equipment, being forwarded to local network by described second message, making the described object equipment in described local network receive described second message.
11. servers according to claim 10, is characterized in that, described server also comprises:
3rd forwarding module, for when receiving the response message of the described object equipment transmission in described local network, the control appliance to described far-end network forwards described response message.
12. 1 kinds of network systems, is characterized in that, comprising:
Server, the first message that the equipment for receiving local network sends, described first message carries the device identification of described equipment; According to described device identification and default general unique identifier filter table, judge whether described equipment is default equipment, if so, then described first message is from default equipment; When described first message is from default equipment, described first message is sent to the far-end network of described local network by the access tunnel set up in advance, makes the control appliance in described far-end network receive described first message;
At least one local device, for sending described first message;
Automatic Configuration Server, for being configured at least one local device described and managing;
Wherein, described first message is for declare message online, or multicast event message, or off-line declaration message;
When described first message is online declaration message, described server also for receive described local network equipment send the first message after, generate according to described first message or upgrade and preset five-tuple filter table, described default five-tuple filter table generates by presetting general unique identifier filter table.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010612482.8A CN102571861B (en) | 2010-12-23 | 2010-12-23 | Remote access method, server and network system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010612482.8A CN102571861B (en) | 2010-12-23 | 2010-12-23 | Remote access method, server and network system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102571861A CN102571861A (en) | 2012-07-11 |
| CN102571861B true CN102571861B (en) | 2015-09-30 |
Family
ID=46416333
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010612482.8A Expired - Fee Related CN102571861B (en) | 2010-12-23 | 2010-12-23 | Remote access method, server and network system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102571861B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104158877A (en) * | 2014-08-15 | 2014-11-19 | 杭州古北电子科技有限公司 | Remote control method, and device and system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB2445791A (en) * | 2007-01-17 | 2008-07-23 | Electricpocket Ltd | Interconnection of Universal Plug and Play Networks using eXtensible Messaging and Presence Protocol Streams |
| CN101627601A (en) * | 2007-01-18 | 2010-01-13 | 艾利森电话股份有限公司 | A method and apparatus for remote access to a home network |
| CN101779418A (en) * | 2007-05-30 | 2010-07-14 | 三星电子株式会社 | Method and apparatus for providing remote device with service of universal plug and play network |
-
2010
- 2010-12-23 CN CN201010612482.8A patent/CN102571861B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB2445791A (en) * | 2007-01-17 | 2008-07-23 | Electricpocket Ltd | Interconnection of Universal Plug and Play Networks using eXtensible Messaging and Presence Protocol Streams |
| CN101627601A (en) * | 2007-01-18 | 2010-01-13 | 艾利森电话股份有限公司 | A method and apparatus for remote access to a home network |
| CN101779418A (en) * | 2007-05-30 | 2010-07-14 | 三星电子株式会社 | Method and apparatus for providing remote device with service of universal plug and play network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102571861A (en) | 2012-07-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9154378B2 (en) | Architecture for virtualized home IP service delivery | |
| EP2448185B1 (en) | Internet connection system and server for routing connections to client device | |
| CN101473597B (en) | Method and system for remote access to universal plug and play devices | |
| US8751614B2 (en) | Providing virtualized visibility through routers | |
| KR101188037B1 (en) | Remote management method, a related auto configuration server, a related further auto configuration server, a related routing gateway and a related device | |
| EP2854374B1 (en) | Method and device for managing terminal in home network and home network | |
| CN103095749A (en) | Method and system used for achieving discovery of cross-network-segment equipment | |
| EP1774702A1 (en) | System, network entities and computer programs for configuration management of a dynamic host configuration protocol framework | |
| CN105338023A (en) | Intelligent equipment control method, apparatus and system | |
| CN105807617A (en) | Control method and control device for intelligent household devices | |
| KR20120031303A (en) | Method, system and apparatus for providing automation management services | |
| CA2774568A1 (en) | Auto-configuration of network devices | |
| CN107623752A (en) | Network management and device based on link layer | |
| CN106936935A (en) | A kind of long-range control method and device | |
| CN109510717B (en) | Method, device, equipment and storage medium for acquiring information of node equipment | |
| Kovac et al. | Keeping eyes on your home: Open-source network monitoring center for mobile devices | |
| CN102571861B (en) | Remote access method, server and network system | |
| EP2466814B1 (en) | Method, remote access server and system for configuring quality of service | |
| Nguyen et al. | S-MANAGE protocol for software-defined IoT | |
| TWI511496B (en) | System of wireless communication, and method of management | |
| CN106712994B (en) | Software defined network management method and communication system | |
| CN113039752A (en) | Network node and method for supporting a service-based architecture | |
| KR101643512B1 (en) | Data transmission method, multi-medium access point and multi-medium client | |
| CN113170530B (en) | Cross-regional network slice peering for 5G networks | |
| US20140215040A1 (en) | Apparatus and Method for Network Control |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20180202 Address after: California Patentee after: Tanous Co. Address before: 518129 Longgang District, Guangdong, Bantian HUAWEI base B District, building 2, building No. Patentee before: HUAWEI DEVICE Co.,Ltd. Effective date of registration: 20180202 Address after: California, USA Patentee after: Global innovation polymerization LLC Address before: California, USA Patentee before: Tanous Co. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20180211 Address after: California, USA Patentee after: Tanous Co. Address before: 518129 Longgang District, Guangdong, Bantian HUAWEI base B District, building 2, building No. Patentee before: HUAWEI DEVICE Co.,Ltd. Effective date of registration: 20180211 Address after: California, USA Patentee after: Global innovation polymerization LLC Address before: California, USA Patentee before: Tanous Co. |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20150930 Termination date: 20211223 |