CN103392316A

CN103392316A - Method of traversing firewall, client, and media traversing server

Info

Publication number: CN103392316A
Application number: CN2013800000698A
Authority: CN
Inventors: 张旭武; 孟斌
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2013-01-11
Filing date: 2013-01-11
Publication date: 2013-11-13
Anticipated expiration: 2033-01-11
Also published as: WO2014107894A1

Abstract

The invention provides a method of traversing firewall, a client, and a media traversing server. The method comprises: determining the address of the client in the LAN; sending the information comprising the address of the client to the session initiation protocol SIP server; receiving the information comprising the address of the media traversing server MTS of the network side to the SIP server; building the channel used for transmitting the SIP media data between the client and the MTS according to the address of the client and the address of the MTS, and the channel can traverse the firewall of the LAN between the client and the MTS. The SIP media data comprise the real-time transmission protocol RTP data and the real-time transmission control protocol RTCP data. In the embodiment of the invention, the traversing channel can be built in the media plane between the client and the MTS of the network side, and therefore the RTP, RTCP and other media data can be transmitted through the channel, and the time consumed by the calling process can be reduced, and the user experience can be improved.

Description

The method of passing fire wall, client and media pass through server

Technical field

The embodiment of the present invention relates to the communications field, and more specifically, the method, client, sip server and the media that relate to a kind of passing fire wall pass through server.

Background technology

Internet protocol multimedia subsystem (Internet Protocol Multimedia Subsystem, IMS), as mobile network and the foundation stone that fixed network merges mutually, is widely used in variety of network environments.IMS adopts conversation initialized protocol (Session Initiation Protocol, SIP) as the session signaling agreement, can set up a RTP (Real-Time Transport Protocol between client and IMS network, RTP) transmission channel, and RTCP Real-time Transport Control Protocol (Real-time Transport Control Protocol, RTCP) transmission channel, utilize this transmission channel can transmit VoIP(Voice of IP, Voice over IP) etc. real time data information; Also can set up message session trunk protocol (Message Session Relay Protocol, MSRP) transmission channel, utilize this passage can transmission of video, game, share the IP multimedia service such as content.

Consider the fail safe of network, generally disposed fire compartment wall between enterprise network or local area network (LAN) and public network and ensured the fail safe of Intranet.But, for security consideration, fire compartment wall is open a small amount of port only, perhaps by the HTTP Proxy mode, only allow HTML (Hypertext Markup Language) (HTTP, Hypertext Transfer Protocol) message to pass through, cause the RTP/RTCP message can't pass through fire compartment wall, cause making the client in Intranet to communicate with the IMS network, namely have the crossing problem of fire compartment wall between the client in Intranet and IMS network.

In prior art, common Firewall Traversing problem has: network address translation (Network Address Translation, NAT) problem and restricted Firewall Traversing problem.

In the NAT problem, client in local area network (LAN) is used private IP address and port, can not directly with the IMS network that is in public network, communicate, but by fire compartment wall, provide nat feature, for client is distributed a publicly-owned address, then with this publicly-owned address with just can communicate by letter with public network after the private address of this client is bound.Present third generation partner program (The3 ^rdGeneration Partnership, 3GPP) use interactive (Interactive Connectivity Establishment, the ICE) scheme of foundation that connects to solve the NAT crossing problem.The ICE scheme comprises STUN(Simple Traversal of UDP through NAT, the simple NAT of UDP bag passes through), TURN(Traversal Using Relay Network Address Translation, by Relay mode passing through NAT) and the various protocols such as ICE, its core concept is all to set up the private address of client and the binding relationship of publicly-owned address, utilizes the publicly-owned address of client and IMS network to communicate.

In restricted Firewall Traversing problem, fire compartment wall not only may limit and allow the wall port of passing through, and also may limit the type that allows by the message of fire compartment wall.At present, propose a kind of ICE over TLS (Transport Layer Security, Transport Layer Security) and pass through scheme.This scheme is optimized the ICE scheme based on TURN, consults between UE and TURN server to set up many TLS tunnels, and different media messages is realized Firewall Traversing by different TLS tunnel.But to set up the hand shaking process that TLS is connected very complicated due to UE and TURN, causes calling procedure length consuming time; And, due to the different Media Stream of different TLS tunnel encapsulation, so all need to set up many TLS tunnels between per call UE and TURN server, for example, transmit the VoIP business, UE need at least and the TRUN server between set up simultaneously the TLS tunnel of carrying TURN control information, the TLS tunnel of transmission RTP data and the TLS tunnel of transmission RTCP data, further increased calling procedure consuming time, poor user experience.

Summary of the invention

The embodiment of the present invention provides a kind of method, client, sip server and media of passing fire wall to pass through server, has reduced the consuming time of calling procedure, has improved user's experience.

First aspect, provide a kind of method of passing fire wall, comprising: the address of determining client in local area network (LAN); Send the information of the address that comprises described client to the Session initiation protocol SIP server; Receive the information that media that comprise network side that described sip server sends pass through the address of server MTS; According to the address of described client and the address of described MTS, set up the tunnel that is used for the transmitting SIP media data between described client and described MTS, the fire compartment wall of described Tunnel Passing local area network (LAN), described SIP media data comprise realtime transmission protocol RTP data and RTCP Real-time Transport Control Protocol RTCP data.

In conjunction with first aspect, in a kind of implementation of first aspect, in described definite local area network (LAN), the address of client comprises: determine the address of described client, the address of described client comprises the publicly-owned Internet protocol IP address of client and the publicly-owned port of client.

In conjunction with first aspect and above-mentioned implementation thereof, in the another kind of implementation of first aspect, the information of the address of the MTS that comprises network side that the described sip server of described reception sends comprises: receive the described information that comprises the address of described MTS, the address of described MTS comprises the public ip address of described MTS and the publicly-owned port of described MTS; ; described according to the address of described client and the address of described MTS; set up the tunnel that is used for the transmitting SIP media data between described client and described MTS; comprise:, according to the public ip address of the publicly-owned port of the public ip address of described client, described client, described MTS and the publicly-owned port of described MTS, set up described tunnel.

, in conjunction with first aspect and above-mentioned implementation thereof, in the another kind of implementation of first aspect, before the address of described definite described client, also comprise: judge whether described fire compartment wall needs to carry out network address translation NAT; , when definite described fire compartment wall need to carry out NAT, the address of described definite described client comprised: obtain the private IP address of described client, and distribute the privately owned port of described client; According to the public ip address of the described client of privately owned interface querying of the private IP address of described client and described client and the publicly-owned port of described client.

In conjunction with first aspect and above-mentioned implementation thereof, in the another kind of implementation of first aspect, the public ip address of the described client of privately owned interface querying of described private IP address according to described client and described client and the publicly-owned port of described client comprise: the public ip address of obtaining described MTS; According to the privately owned port of described client and the public ip address of described MTS, to set up transmission control protocol TCP with the particular port of described MTS and be connected, the port numbers of described particular port allows the port numbers of the port that passes through identical with described fire compartment wall; The address that connects the described client of inquiry by described TCP.

In conjunction with first aspect and above-mentioned implementation thereof, in the another kind of implementation of first aspect, the described public ip address of obtaining described MTS comprises: to the request message of described sip server transmission for the public ip address of asking described MTS; Receive the request response that described sip server sends, the public ip address of carrying described MTS in the described request response message.

In conjunction with first aspect and above-mentioned implementation thereof, in the another kind of implementation of first aspect, when definite described fire compartment wall did not need to carry out NAT, the address of described definite described client comprised: the public ip address of obtaining described client; Survey described fire compartment wall and allow the particular port that passes through; Described fire compartment wall is allowed the publicly-owned port of the particular port that passes through as described client.

, in conjunction with first aspect and above-mentioned implementation thereof, in the another kind of implementation of first aspect, also comprise: determine the host-host protocol that described fire compartment wall is supported, described host-host protocol comprises at least a in TCP and user datagram protocol UDP; Send the information that is used to indicate described host-host protocol to described sip server; When by described tunnel, to described MTS, sending data, utilize described host-host protocol to encapsulate described data; When receiving the data of described MTS by the transmission of described tunnel, utilize described host-host protocol to carry out decapsulation to described data.

Second aspect, provide a kind of method of passing fire wall, comprising: receive the information that comprises the address of client in local area network (LAN); Allocation medium is passed through the publicly-owned port of server MTS; Send the information of the address that comprises MTS to described client, described MTS address comprises the publicly-owned port of described MTS and the public ip address of the MTS that obtains, and send the information of the publicly-owned port of the address that comprises described client and described MTS to described MTS, in order to set up the tunnel that is used for transmission session initializtion protocol SIP media data between described client and described MTS, the fire compartment wall of the described objective local area network (LAN) of described Tunnel Passing, described SIP media data comprise realtime transmission protocol RTP data and RTCP Real-time Transport Control Protocol RTCP data.

In conjunction with second aspect, in a kind of implementation of second aspect, the information that described reception comprises the address of client in local area network (LAN) comprises: receive the described information that comprises the address of described client, the address of described client comprises the publicly-owned Internet protocol IP address of described client and the publicly-owned port of described client.

In conjunction with second aspect and above-mentioned implementation thereof, in the another kind of implementation of second aspect, the publicly-owned port of described distribution MTS comprises: described fire compartment wall is allowed the port numbers of the port numbers of the port that passes through as the publicly-owned port of described MTS.

In conjunction with second aspect and above-mentioned implementation thereof, in the another kind of implementation of second aspect, before the address of client, also comprise in described reception local area network (LAN): receive the request message for the public ip address of asking described MTS that described client sends; Send request response message to described client, carry the public ip address of described MTS in the described request response message.

In conjunction with second aspect and above-mentioned implementation thereof, in the another kind of implementation of second aspect, also comprise: the information that is used to indicate the host-host protocol that described fire compartment wall supports that receives that described client sends, described host-host protocol comprise at least a in TCP and user datagram protocol UDP; Send the information that is used to indicate described host-host protocol to described MTS.

, in conjunction with second aspect and above-mentioned implementation thereof, in the another kind of implementation of second aspect, also comprise: the information that sends the address of the address that comprises media gateway and described client to described MTS.

The third aspect, provide a kind of method of passing fire wall, comprising: the information that receives the publicly-owned port of the address that comprises client in local area network (LAN) that the Session initiation protocol SIP server sends and MTS; According to the address of described client and the address of described MTS, set up the tunnel that is used for the transmitting SIP media data between described MTS and described client, fire compartment wall in described Tunnel Passing local area network (LAN), described SIP media data comprise realtime transmission protocol RTP data and RTCP Real-time Transport Control Protocol RTCP data.

In conjunction with the third aspect, in a kind of implementation of the third aspect, the information of the address that comprises client in local area network (LAN) that described reception sip server sends and the publicly-owned port of MTS comprises: receive the information of the publicly-owned port of the described address that comprises described client and described MTS, the address of described client comprises the publicly-owned port of public ip address and the described client of described client; ; described according to the address of described client and the address of described MTS; the tunnel that is used for the transmitting SIP media data of setting up between described MTS and described client comprises: set up described tunnel according to the publicly-owned port of the public ip address of described client, described client and the address of described MTS, the address of described MTS comprises the public ip address of described MTS and the publicly-owned port of described MTS.

In conjunction with the third aspect and above-mentioned implementation thereof, in the another kind of implementation of the third aspect, described reception sip server send comprise local area network (LAN) in before the information of publicly-owned port of the address of client and MTS, also comprise: set up transmission control protocol TCP with described client and be connected, so that described client connects the public ip address of the described client of inquiry and the publicly-owned port of described client according to described TCP.

In conjunction with the third aspect and above-mentioned implementation thereof, in the another kind of implementation of the third aspect, also comprise: the information that is used to indicate the host-host protocol that described fire compartment wall supports that receives that described sip server sends, described host-host protocol comprise at least a in TCP and user datagram protocol UDP; When by described tunnel, to described client, sending data, utilize described host-host protocol to encapsulate described data; When receiving the data of described client by the transmission of described tunnel, utilize described host-host protocol to carry out decapsulation to described data.

, in conjunction with the third aspect and above-mentioned implementation thereof, in the another kind of implementation of the third aspect, also comprise: the information that receives the address of the address that comprises media gateway that described sip server sends and described client.

Fourth aspect, provide a kind of client, comprising: determining unit, for the address of determining the local area network (LAN) client; Transmitting element, for send the information of the address that comprises described client to the Session initiation protocol SIP server; Receiving element, be used for receiving the information that media that comprise network side that described sip server sends pass through the address of server MTS; Set up unit, be used for according to the address of described client and the address of described MTS, set up the tunnel that is used for the transmitting SIP media data between described client and described MTS, fire compartment wall in described Tunnel Passing local area network (LAN), described SIP media data comprise realtime transmission protocol RTP data and RTCP Real-time Transport Control Protocol RTCP data.

In conjunction with fourth aspect, in a kind of implementation of fourth aspect, described determining unit specifically is used for determining the address of described client, and the address of described client comprises the publicly-owned Internet protocol IP address of described client and the publicly-owned port of described client.

In conjunction with fourth aspect and above-mentioned implementation thereof, in the another kind of implementation of fourth aspect, described receiving element specifically is used for receiving the described information that comprises the address of described MTS, and the address of described MTS comprises the public ip address of described MTS and the publicly-owned port of described MTS; The described unit of setting up specifically is used for setting up described tunnel according to the public ip address of the public ip address of described client, the publicly-owned port of client, described MTS and the publicly-owned port of described MTS.

, in conjunction with fourth aspect and above-mentioned implementation thereof, in the another kind of implementation of fourth aspect, also comprise: judging unit is used for judging whether described fire compartment wall needs to carry out network address translation NAT; , when definite described fire compartment wall need to carry out NAT, described determining unit specifically was used for obtaining the private IP address of described client, and distributes the privately owned port of described client; According to the public ip address of the described client of privately owned interface querying of the private IP address of described client and described client and the publicly-owned port of described client.

In conjunction with fourth aspect and above-mentioned implementation thereof, in the another kind of implementation of fourth aspect, described determining unit specifically is used for obtaining the public ip address of described MTS; According to the privately owned port of described client and the public ip address of described MTS, to set up transmission control protocol TCP with the particular port of described MTS and be connected, the port numbers of described particular port allows the port numbers of the port that passes through identical with described fire compartment wall; The address that connects the described client of inquiry by described TCP.

In conjunction with fourth aspect and above-mentioned implementation thereof, in the another kind of implementation of fourth aspect, described determining unit specifically is used for to the request message of described sip server transmission for the public ip address of asking described MTS; Receive the request response that described sip server sends, the public ip address of carrying described MTS in the described request response message.

In conjunction with fourth aspect and above-mentioned implementation thereof, in the another kind of implementation of fourth aspect, when definite described fire compartment wall did not need to carry out NAT, described determining unit specifically was used for obtaining the public ip address of described client; Survey described fire compartment wall and allow the particular port that passes through; Described fire compartment wall is allowed the publicly-owned port of the particular port that passes through as described client.

In conjunction with fourth aspect and above-mentioned implementation thereof, in the another kind of implementation of fourth aspect, described determining unit also be used for to be determined the host-host protocol that described fire compartment wall is supported, described host-host protocol comprises at least a in TCP and user datagram protocol UDP; Described transmitting element also is used for sending to described sip server the information that is used to indicate described host-host protocol; Described client also comprises: encapsulation unit is used for utilizing described host-host protocol to encapsulate described data when by described tunnel, to described MTS, sending data; Decapsulation unit, be used for utilizing described host-host protocol to carry out decapsulation to described data when receiving the data of described MTS by the transmission of described tunnel.

the 5th aspect, provide a kind of Session initiation protocol SIP server, comprising: receiving element is used for reception and comprises the information of the address of local area network (LAN) client, allocation units, be used for allocation medium and pass through the publicly-owned port of server MTS, transmitting element, be used for sending to described client the information of the address that comprises described MTS, described MTS address comprises the publicly-owned port of described MTS and the public ip address of the MTS that obtains, and send the information of the publicly-owned port of the address that comprises described client and described MTS to described MTS, in order to set up the tunnel that is used for transmission session initializtion protocol SIP media data between described client and described MTS, the fire compartment wall of the local area network (LAN) between the described client of described Tunnel Passing and described MTS, described SIP media data comprises realtime transmission protocol RTP data and RTCP Real-time Transport Control Protocol RTCP data.

In conjunction with the 5th aspect, in a kind of implementation aspect the 5th, described receiving element specifically is used for receiving the described information that comprises the address of described client, and the address of described client comprises the publicly-owned Internet protocol IP address of described client and the publicly-owned port of described client; Described address to the described MTS of described client transmission comprises: send the address of described MTS to described client, the address of described MTS comprises the public ip address of described MTS and the publicly-owned port of described MTS.

In conjunction with the 5th aspect and above-mentioned implementation thereof, in the another kind of implementation aspect the 5th, described allocation units specifically are used for described fire compartment wall is allowed the port numbers of the port numbers of the port that passes through as the publicly-owned port of described MTS.

In conjunction with the 5th aspect and above-mentioned implementation thereof, in the another kind of implementation aspect the 5th, described receiving element also is used for receiving the request message for the public ip address of asking described MTS that described client sends; Send request response message to described client, carry the public ip address of described MTS in the described request response message.

In conjunction with the 5th aspect and above-mentioned implementation thereof, in another kind of implementation aspect the 5th, described receiving element also is used for receiving that described client sends is used to indicate the information of the host-host protocol that described fire compartment wall supports, described host-host protocol comprises at least a in TCP and user datagram protocol UDP; Described transmitting element also is used for sending to described MTS the information that is used to indicate described host-host protocol.

In conjunction with the 5th aspect and above-mentioned implementation thereof, in the another kind of implementation aspect the 5th, described transmitting element also is used for sending to described MTS the information of the address of the address that comprises media gateway and described client.

The 6th aspect, provide a kind of tunnel server MTS that passes through, and comprising: receiving element be used for to receive the information of the publicly-owned port of the address that comprises the local area network (LAN) client that the Session initiation protocol SIP server sends and MTS; Set up unit, be used for according to the address of described client and the address of described MTS, set up the tunnel that is used for the transmitting SIP media data between described MTS and described client, the fire compartment wall of described Tunnel Passing local area network (LAN), described SIP media data comprise realtime transmission protocol RTP data and RTCP Real-time Transport Control Protocol RTCP data.

In conjunction with the 6th aspect, in a kind of implementation aspect the 6th, described receiving element specifically is used for receiving the information of the publicly-owned port of the described address that comprises described client and described MTS, and the address of described client comprises the publicly-owned port of public ip address and the described client of described client; , the described unit of setting up specifically is used for setting up described tunnel according to the publicly-owned port of the public ip address of described client, described client and the address of described MTS, and the address of described MTS comprises the public ip address of described MTS and the publicly-owned port of described MTS.

In conjunction with the 6th aspect and above-mentioned implementation thereof, in another kind of implementation aspect the 6th, the described unit of setting up also is connected for described client, setting up transmission control protocol TCP, so that described client connects the public ip address of the described client of inquiry and the publicly-owned port of described client according to described TCP.

In conjunction with the 6th aspect and above-mentioned implementation thereof, in another kind of implementation aspect the 6th, described receiving element also is used for receiving that described sip server sends is used to indicate the information of the host-host protocol that described fire compartment wall supports, described host-host protocol comprises at least a in TCP and user datagram protocol UDP; Described MTS also comprises: encapsulation unit is used for utilizing described host-host protocol to encapsulate described data when by described tunnel, to described client, sending data; Decapsulation unit, be used for utilizing described host-host protocol to carry out decapsulation to described data when receiving the data of described client by the transmission of described tunnel.

In conjunction with the 6th aspect and above-mentioned implementation thereof, in the another kind of implementation aspect the 6th, described receiving element also is used for receiving the information of the address of the address that comprises media gateway that described sip server sends and described client.

In the invention process, set up one by the media plane between the MTS at client and network side and pass through tunnel, make the media datas such as RTP, RTCP to transmit by this tunnel, thereby reduced the consuming time of calling procedure, improved user's experience.

Description of drawings

In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, below will the accompanying drawing of required use in the embodiment of the present invention be briefly described, apparently, below described accompanying drawing be only some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain according to these accompanying drawings other accompanying drawing.

Fig. 1 is the system architecture diagram of a kind of passing fire wall of the embodiment of the present invention.

Fig. 2 is the flow chart of method of the passing fire wall of one embodiment of the invention.

Fig. 3 is the flow chart of method of the passing fire wall of another embodiment of the present invention.

Fig. 4 is the flow chart of method of the passing fire wall of another embodiment of the present invention.

Fig. 5 is the flow chart of method of the passing fire wall of another embodiment of the present invention.

Fig. 6 is the flow chart of method of the passing fire wall of another embodiment of the present invention.

Fig. 7 is the flow chart of method of the passing fire wall of another embodiment of the present invention.

Fig. 8 is the flow chart of the method for passing through tunnel of another embodiment of the present invention.

Fig. 9 is the flow chart of the method for passing through tunnel of another embodiment of the present invention.

Figure 10 is the schematic diagram of packaged type in the tunnel of one embodiment of the invention.

Figure 11 is the block diagram of the client of one embodiment of the invention.

Figure 12 is the block diagram of the sip server of one embodiment of the invention.

Figure 13 is the block diagram of the MTS of one embodiment of the invention.

Figure 14 is the block diagram of the client of another embodiment of the present invention.

Figure 15 is the block diagram of the sip server of another embodiment of the present invention.

Figure 16 is the block diagram of the MTS of another embodiment of the present invention.

Embodiment

Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is a part of embodiment of the present invention, rather than whole embodiment.Based on the embodiment in the present invention, those of ordinary skills obtain under the prerequisite of not making creative work every other embodiment, should belong to the scope of protection of the invention.

should understand, technical scheme of the present invention can be applied to various communication systems, for example: global system for mobile telecommunications (Global System of Mobile communication, GSM) system, code division multiple access (Code Division Multiple Access, CDMA) system, Wideband Code Division Multiple Access (WCDMA) (Wideband Code Division Multiple Access, WCDMA) system, GPRS (General Packet Radio Service, GPRS), Long Term Evolution (Long Term Evolution, LTE) system, advanced Long Term Evolution (Advanced long term evolution, LTE-A) system, universal mobile telecommunications system (Universal Mobile Telecommunication System, UMTS) etc.

Should also be understood that in embodiments of the present invention, client can be the entity that is arranged in local area network (LAN), can be for example UE, can also be the logical block in UE.。

Need to prove, the restricted fire compartment wall of mentioning in the present patent application file can refer to that the port restricted of fire compartment wall can be also that type of message is limited, and for example, fire compartment wall is a small amount of ports such as open 80 or 443 only; Also can refer to fire compartment wall to allowing the type of message that passes through limited, for example, only allow by the TCP message, or only allow by the UDP message; It can also be the combination of above-mentioned two situations.

Also need to prove, the fire compartment wall of mentioning in the present patent application file need to carry out NAT, and namely there is the NAT crossing problem in fire compartment wall, refers to that the client in local area network (LAN) is used private IP address, can not be directly and public network communicate.When needs communicated with public network, fire compartment wall provided nat feature,, for UE distributes a public ip address, then, with client private IP address and public ip address binding, could communicate with public network.

As described in Figure 1, client is arranged in local area network (LAN), and MTS is positioned at network side, and MTS can be integrated in media gateway, can be also entity independently.

The embodiment of the present invention utilizes sip server to set up the tunnel of a transmitting SIP media data between client and MTS, by this tunnel, both can transmit the RTP data, also can transmit the RTCP data.

Based on system architecture shown in Figure 1, one embodiment of the invention provides a kind of method of passing fire wall, and the method can, by the client executing in local area network (LAN), can be for example UE.As shown in Figure 2, the method comprises:

S201, determine the address of client in local area network (LAN);

S202, send the information of the address comprise client to the Session initiation protocol SIP server;

The information that the media that comprise network side that S203, reception sip server send pass through the address of server MTS;

S204, according to the address of client and the address of MTS, set up the tunnel that is used for the transmitting SIP media data between client and MTS, the fire compartment wall of Tunnel Passing local area network (LAN), SIP media data comprise realtime transmission protocol RTP data and RTCP Real-time Transport Control Protocol RTCP data.

Should be understood that the client in S201 is arranged in local area network (LAN), the address of client is used for setting up tunnel, namely as the address of tunnel at the destination node of local area network side.Wherein, client can be entity, can be for example UE, can be also the logical block that can realize each step in Fig. 2.The embodiment of the present invention is not construed as limiting the concrete form of the address of client, for example, can be the publicly-owned port of public ip address and the client of client.The publicly-owned port that should be understood that above-mentioned client refers to the port of the corresponding client of public ip address of client.

Should be understood that the MTS in S203 is positioned at network side, the address of MTS is be used to setting up tunnel, namely as the address of tunnel at the destination node of network side.Wherein, MTS can be entity independently, can be also the functional module that is integrated on existing IMS-AGW.The embodiment of the present invention is not construed as limiting the concrete form of the address of MTS, for example, can be public ip address and the publicly-owned port of MTS.Should understand, the publicly-owned port of MT reconnaissance S refers to that the port of the corresponding MTS of public ip address of MTS can be also other information that can identify this client location, and the embodiment of the present invention comprises that take the address of MTS the public ip address of MTS and publicly-owned port describe as example.

Should be understood that the tunnel in S204 is used for transmission of media data, be not used in the command transmitting data, so more meet the framework that in present 3GPP standard, media data separates with signaling data, in media and the growth of signaling data stream when asymmetric, easier dilatation.

Should be understood that the embodiment of the present invention is not construed as limiting the concrete mode of determining the address (being the publicly-owned port of public ip address and the client of client) of client in local area network (LAN).

Alternatively,, as an embodiment, when the fire compartment wall in local area network (LAN) need to carry out NAT, determine that the public ip address of client and the publicly-owned port of client can comprise: obtain the private IP address of client, and distribute the privately owned port of client; According to the public ip address of the privately owned interface querying client of the private IP address of client and client and the publicly-owned port of client.

Need to prove, the embodiment of the present invention is not construed as limiting the concrete mode of the publicly-owned port of the public ip address of above-mentioned privately owned interface querying client according to private IP address and client and client, for example, can inquire about according to existing Simple Traversal of UDP Through Network Address Translators or TURN agreement.

Alternatively, as another embodiment, can also be by obtaining the public ip address of MTS; According to the privately owned port of client and the public ip address of MTS, to set up transmission control protocol TCP with the particular port of the public ip address of MTS and be connected, the port numbers of particular port allows the port numbers of the port that passes through identical with fire compartment wall; The address that connects inquiring client terminal by TCP.By setting up in advance public ip address and the publicly-owned port of the mode inquiring client terminal that TCP connects, then set up tunnel on the basis that this TCP connects, make the tunnel of setting up between client-side and MTS need not to carry out tunnel path and survey, shortened the Signalling exchange flow process.

Need to prove, the embodiment of the present invention is not construed as limiting the concrete mode of the public ip address of the above-mentioned MTS of obtaining.For example, can send to sip server the request message of the public ip address that is used for request MTS; Receive the request response that sip server sends, the public ip address of carrying MTS in request response.Should be understood that above-mentioned request message can be the registration message of client to sip server (being P-CSCF in the IMS network) transmission, can be also call request message.

Alternatively,, as another embodiment, when the fire compartment wall in local area network (LAN) does not need to carry out NAT, determine that the public ip address of client and the publicly-owned port of client can comprise: the public ip address of obtaining client; Survey fire compartment wall and allow the particular port that passes through; Fire compartment wall is allowed the publicly-owned port of the particular port that passes through as client.

Alternatively, as an embodiment, the method for Fig. 2 also can comprise: determine the host-host protocol that fire compartment wall is supported, host-host protocol comprises at least a in TCP and user datagram protocol UDP; Send the information that is used to indicate host-host protocol to sip server; When by tunnel, to MTS, sending data, utilize host-host protocol to encapsulate data; When receiving the data that MTS sends by tunnel, utilize host-host protocol to carry out decapsulation to data.

Above in conjunction with Fig. 2, describe method according to the passing fire wall of the embodiment of the present invention in detail from the angle of client,, below in conjunction with Fig. 3, from the angle of sip server, method according to the passing fire wall of the embodiment of the present invention is described.

Mutual and the correlation properties, function etc. that should be understood that client that the sip server side describes and sip server are corresponding with the description of client-side, for simplicity, suitably omit the description of repetition.

Fig. 3 is the flow chart of method of the passing fire wall of another embodiment of the present invention.The method of Fig. 3 can be carried out by sip server, can be for example the P-CSCF in the IMS network.

S301, reception comprise the information of the address of client in local area network (LAN);

S302, allocation medium are passed through the publicly-owned port of server MTS;

S303, send the information of the address comprise MTS to client, described MTS address comprises the publicly-owned port of described MTS and the public ip address of the MTS that obtains, and to MTS, send and comprise the address of client and the publicly-owned port of MTS, in order to set up the information in the tunnel that is used for transmission session initializtion protocol SIP media data between client and MTS, fire compartment wall in the Tunnel Passing local area network (LAN), SIP media data comprise realtime transmission protocol RTP data and RTCP Real-time Transport Control Protocol RTCP data.

Alternatively, as an embodiment, the information that the reception in S301 comprises the address of client in local area network (LAN) comprises: receive the information of the address that comprises client, the address of client comprises the publicly-owned Internet protocol IP address of client and the publicly-owned port of client.

Alternatively, as another embodiment, the publicly-owned port of the distribution MTS in S302 can comprise: fire compartment wall is allowed the port numbers of the port numbers of the port that passes through as the publicly-owned port of MTS.Can also be with the publicly-owned port of the publicly-owned port of client as described MTS, the embodiment of the present invention is to this and be not construed as limiting.

Alternatively,, as another embodiment, before the address of client, also can comprise in receiving local area network (LAN): receive the request message for the public ip address of asking MTS that client sends; Send request response message to client, carry the public ip address of MTS in request response.

Alternatively, as another embodiment, the method for Fig. 3 also can comprise: the information that is used to indicate the host-host protocol that fire compartment wall supports that receives that client sends, host-host protocol comprise at least a in TCP and user datagram protocol UDP; Send the information that is used to indicate host-host protocol to MTS.

Alternatively, as another embodiment, the method for Fig. 3 also comprises: the information that sends the address of the address that comprises media gateway and described client to described MTS.Address above mentioned can comprise that client is used to carry out the IP address of RTP, RTCP transfer of data and port and media gateway and is used for carrying out IP address and the port of RTP, RTCP transfer of data.

Above in conjunction with Fig. 2 and Fig. 3, describe method according to the passing fire wall of the embodiment of the present invention in detail from the angle of client and sip server respectively, below in conjunction with Fig. 4, from the angle of MTS, method according to the passing fire wall of the embodiment of the present invention is described, MTS is integrated in media gateway (Media Gateway, MGW) the newly-increased logical block in can be also the new entity network element that is arranged in network side.

Mutual and the correlation properties, function etc. that should be understood that media gateway that the media gateway side describes and UE and sip server are corresponding with the description of UE side and sip server side, for simplicity, suitably omit the description of repetition.

Fig. 4 is the flow chart of method of the passing fire wall of another embodiment of the present invention.The method of Fig. 4 can be carried out by MTS.

The information of the publicly-owned port of S401, the address that comprises client in local area network (LAN) that receives the transmission of Session initiation protocol SIP server and MTS;

S402, according to the address of client and the address of MTS, set up the tunnel that is used for the transmitting SIP media data between MTS and client, the fire compartment wall of Tunnel Passing local area network (LAN), SIP media data comprise realtime transmission protocol RTP data and RTCP Real-time Transport Control Protocol RTCP data.

Alternatively, as an embodiment, the information that receives the publicly-owned port of the address that comprises client in local area network (LAN) that sip server sends and MTS can comprise: receive the information of the publicly-owned port of the address that comprises client and MTS, the address of client comprises the publicly-owned port of public ip address and the client of client; ; according to the address of client and the address of MTS; the tunnel that is used for the transmitting SIP media data of setting up between MTS and client comprises: set up tunnel according to the public ip address of client, the publicly-owned port of client and the address of MTS, the address of MTS comprises the public ip address of MTS and the publicly-owned port of MTS.

Alternatively, as another embodiment, receive that sip server sends comprise local area network (LAN) in before the information of publicly-owned port of the address of client and MTS, also can comprise: set up transmission control protocol TCP with client and be connected, so that client connects the public ip address of inquiring client terminal and the publicly-owned port of client according to TCP.

Alternatively, as another embodiment, the method for Fig. 4 also can comprise: the information that is used to indicate the host-host protocol that fire compartment wall supports that receives that sip server sends, host-host protocol comprise at least a in TCP and user datagram protocol UDP; When by tunnel, to client, sending data, utilize host-host protocol to encapsulate data; When receiving the data that client sends by tunnel, utilize host-host protocol to carry out decapsulation to data.

Alternatively, as another embodiment, the method for Fig. 4 also can comprise: the information of the address that comprises media gateway that the reception sip server sends and the address of client.

Below in conjunction with object lesson, the embodiment of the present invention is described in further detail.The example that it should be noted that Fig. 5 to Fig. 9 is only in order to help skilled in the art to understand the embodiment of the present invention, and leaves no choice but the embodiment of the present invention is limited to illustrated concrete numerical value or concrete scene.Those skilled in the art, according to the example of given Fig. 5 to Fig. 9, obviously can carry out modification or the variation of various equivalences, and such modification or variation also fall in the scope of the embodiment of the present invention.

Should also be noted that, the embodiment of Fig. 5 to Fig. 9 communicates illustrational with the client in local area network (LAN) and the IMS network in public network, but the embodiment of the present invention is not limited to this, for example, it can also be the SIP class business scenario of other non-IMS networks, in non-3GPP access EPC application scenario, UE uses the WiFi access way to carry out the voip call of non-IMS, because network side has been disposed fire compartment wall, 80 ports have only been opened, cause carrying out voip conversation, employing this programme can solve the crossing problem under above-mentioned scene.

Should also be noted that, media in Fig. 5 to Fig. 9 pass through client (Media Traversal Client, MTC) can be integrated on UE, for example, it can be the logical block on UE, can be also entity apparatus, the present invention describes as an example of the integrated MTC of UE example, i.e. each step by client executing in can execution graph 1-Fig. 4 of UE in Fig. 5-Fig. 9; MTS in Fig. 5-Fig. 9 can be the logical block that is integrated on IMS-AGW, can be also entity independently, and the embodiment of the present invention is not construed as limiting this.

It shall yet further be noted that media in Fig. 5 to Fig. 9 pass through client (Media Traversal Client, MTC) and are integrated on UE.UE can realize each step by client executing of the description in Fig. 1-Fig. 3.

Fig. 5 is the flow chart of method of the passing fire wall of another embodiment of the present invention.In the embodiment of Fig. 5, there is the NAT crossing problem in the fire compartment wall of client place local area network (LAN), and UE conversation type to be initiated is VoIP.

S501, UE complete the IMS registration according to prior art from 80 or 443 ports.

S502～S503, P-CSCF is according to receiving that UE sends registration (REGISTER) request and judges whether to exist the NAT crossing problem, if in the source port of the source IP address of network layer and transport layer and request message, IP address and the port of Contact is inconsistent, there is the NAT crossing problem, adopt the Firewall Traversing scheme (scheme of the passing fire wall that adopts while referring to have the NAT crossing problem) of heavyweight, it is the scheme of the embodiment of the present invention, if unanimously do not have the NAT crossing problem, adopt the scheme of passing through (scheme of the passing fire wall that adopts while referring to not have the NAT crossing problem) of lightweight, it is the scheme of passing through of Fig. 6 embodiment.

S504～S505, UE determine that the conversation type of preparing to initiate is VoIP, adopt tunnel style to pass through, turn S506, if determine that conversation type is the MSRP session, adopt the MSRP traversing method in non-tunnel, i.e. the scheme of S601 to S611 in Fig. 6 embodiment.

S506, client are distributed the privately owned PT1 of client, and the privately owned port of private IP address P1 that namely passes through the client MTC in tunnel is PT1.The method of distributing is: exist under the NAT scene and can use the Random assignment mode to distribute to pass through the tunnel port, do not exist under the NAT scene, carry out fire compartment wall before initiating a session request according to UE and can pass through the port result of detection and choose port, perhaps directly adopt specific port as 80 or 443 ports as passing through tunnel.

The public ip address that in S507～S509, UE, the MTC module adopts Simple Traversal of UDP Through Network Address Translators to inquire MTC is IP1n, the publicly-owned port PT1n of MTC, and the permission of definite fire compartment wall is Transmission Control Protocol or udp protocol by which kind of host-host protocol.

S510, UE initiate the INVITE request of VoIP, carry in SDP and set up the client-side information that passes through tunnel, comprise the publicly-owned address of MTC, private address and tunnel encapsulation type, the tunnel encapsulation type comprises UDP encapsulation mode (UDP-encaps), TCP encapsulation mode (TCP-encaps), the host-host protocol that the fire compartment wall of describing in the encapsulated type in above-mentioned tunnel and Fig. 1-Fig. 3 is supported is identical, certainly, this tunnel can also adopt the transparent transmission pattern (transp) of not carrying out tunnel encapsulation.SDP carries and passes through the tunnel client client information by following dual mode:

1) a=candidate in existing SDP agreement describes row, adds a special parametric description tunnel encapsulation type, and form is a=candidate: the parameter of＜existing protocol〉＜tunnel〉＜tunnel type 〉.

2) SDP of special interpolation describes row in SDP body, be specifically designed to describe and comprise that publicly-owned address, private address, tunnel encapsulation pattern etc. pass through the tunnel relevant information, the form that for example adopts is: a=tunnel:＜publicly-owned address〉＜private address〉＜tunnel type 〉.

S511, P-CSCF determine whether need the port for tunnel distributing MTS according to the tunnel encapsulation type information that UE sends, and, if be transparent transmission mode, to MTS, do not distribute port, only to MGW, distribute port; If be UDP or TCP encapsulation mode, according to tunnel client end address information, determine whether and exist NAT to pass through, method of discrimination is that in SDP, candidate indicates if any srflx in capable, there is the NAT problem, the port of MTS end is for specifically passing through port, as http protocol default port 80 or HTTPS default port 443; , if any the host sign, think that the NAT problem that do not exist, the port assignment of MTS become port the same as MTC or distribute and specifically pass through port, as 443 or 80 ports.

H.248, S512, P-CSCF will be by passing through both sides address, tunnel and encapsulation format, and the communicating pair address relevant information that will need the media data that encapsulates is by H.248 agreement or other control protocols are passed to MTS, MTS is according to the information that P-CSCF sent out, and sets up Media Stream and passes through corresponding relation between tunnel.

S513 is the same with normal IMS session, and P-CSCF will set up the RTP/RTCP media information and issue media gateway MGW, sets up RTP/RTCP and connects.

S514, P-CSCF issue UE by 1xx or 200OK conversational response message, and SDP carries publicly-owned address and the tunnel encapsulation pattern of MTS.

There is the NAT crossing problem in S515, MTS judgement, for example, the sign that can whether have by the indication fire compartment wall that sip server sends the NAT crossing problem is judged, with UE, is connected and connects reachability check, adopts the feasible checking mechanism in STUN path of prior art.

S516, UE send out ACK message after confirming that the tunnel connection can reach, and confirmation VoIP media negotiation is completed.

In S517～S518, UE, MTC module and MTS are as the business destination node that passes through tunnel, carry out the encapsulation of VoIP packet/untie processing, packaged type as shown in figure 10, whole VoIP packet is encapsulated in the tunneling data bag as payload, and the IP address of tunnel header is the publicly-owned address of MTS and MTC.After MTS/MTC unties the tunneling data bag, according to the address of former VoIP packet, forward.

It is mutual that in S519, communication process, UE and MTS carry out the keep-alive of periodicity NAT address binding.

Fig. 6 is the flow chart of method of the passing fire wall of another embodiment of the present invention.In the embodiment of Fig. 6, there is the NAT crossing problem in the restricted fire compartment wall of UE place local area network (LAN), and UE conversation type to be initiated is MSRP.Because MSRP can transmit by http port 80 or 443, so MSRP do not use the UDP/TCP tunnel style to pass through, and is connected with media gateway by UE to set up MSRP by the HTTP/HTTPS port negotiation and connect.

S601, UE determine to exist NA(P by registration message) T, the MSRP session is carried out in preparation, MSRP be used for to transmit the non-real-time service data such as IM, content share, file transmission, UE distributes special privately owned port PTx to the MSRP session, the special MSRP of MSRP passes through port and can arrange by open port actual in fire compartment wall, such as being arranged to http protocol default port 80 ports etc.

It is IP1n/PTxn that S602～S604, UE inquire by the STUN mode the publicly-owned address that MSRP passes through the tunnel client end.

S605, UE, by INVITE, pass through tunnel client end private IP address IP1 with MSRP, privately owned port PTx, and public ip address IP1n, publicly-owned port PTxn and tunnel encapsulation type are the information notice P-CSCF such as transparent transmission mode.

After S606, P-CSCF know that the tunnel encapsulation type is transparent transmission mode, also as UE, for distributing special MSRP, MGW passes through port, as 80 ports or 443 ports, for dividing, MTS is not used in the port that MSRP passes through, that is to say that MSRP passes through without MTS, UE and MGW directly set up MSRP and connect.

S607 is the same with normal IMS MSRP session scheme, and P-CSCF will set up the information of MSRP connection and tell MGW.

S608, P-CSCF, by 1xx or 200OK response message, tell UE with the address of MGW and port information, and the notice tunnel type is transparent transmission mode.

S609～S610, UE and MGW carry out the reachability check of MSRP path, and after confirming that MSRP connects and can arrive, UE sends out and sets up the MSRP passage and complete acknowledge message.

S611, MTC do not do any encapsulation process to receiving MSRP message, directly pass through the IMS client.

S612, MSRP transmitting procedure, UE and MGW use Simple Traversal of UDP Through Network Address Translators, carry out periodicity NA(P) keep-alive of T address binding is mutual.

Fig. 7 is the flow chart of method of the passing fire wall of another embodiment of the present invention.In the embodiment of Fig. 7, there is not the NAT crossing problem in the restricted fire compartment wall of UE place local area network (LAN).The NAT relevant treatment flow processs such as reachability check, STUN keep-alive are inquired about, connected to the main distinction with Fig. 4 embodiment for omitting publicly-owned address binding, it is the same distributing the port that passes through tunnel port and MTC of MTS, rather than Random assignment, pass through flow process and comprise following step:

S701～S702, UE are according to prior art, complete the IMS registration by 443 or 80 ports, P-CSCF, by checking that in sip message, network layer address is consistent with the address in contact, thinks that fire compartment wall does not have NAT, determines to adopt lightweight Firewall Traversing scheme.

S703～S704, UE adopt existing STUN technology or other Port Scanning Technologies after completing registration, survey port and its host-host protocol that fire compartment wall allows, and UE is according to state of the current network configured port investigative range, the port as 443,80.

S705, UE prepare to initiate voip conversation, for passing through the port PT1 of tunnel distributing MTC; Distribution method is: after UE determines not have NA (P) T scene, according to the fire compartment wall result of detection, the port that preferential selection UDP message can pass through, as passing through the tunnel port, perhaps directly distributes one and specifically is specifically designed to the port that passes through tunnel, as 80 or 443 ports.

S706, UE are by INVITE with client private IP address IP1, and privately owned port PT1 and tunnel encapsulation type (being the host-host protocol that fire compartment wall is supported) are notified P-CSCF, and the method for notice has following two kinds:

1) a=candidate in existing SDP agreement is capable, adds a special parametric description and describes the tunnel encapsulation type, and form is a=candidate: the parameter of＜existing protocol〉＜tunnel〉＜tunnel type 〉.

2) SDP of special interpolation describes row in SDP body, is specifically designed to describe and passes through the tunnel relevant information, and the form that for example adopts is: a=tunnel:＜publicly-owned IP〉＜publicly-owned port〉＜tunnel type 〉.

S707, P-CSCF, according to tunnel encapsulation type and tunnel client end address information that UE sends, know that tunnel is non-transparent transmission mode and is passing through under the scene under non-NAT, distributes the port numbers identical with MTC to MTS.

H.248, S708, P-CSCF will be by passing through both sides address, tunnel and encapsulation format, and the communicating pair address information that will need the media data that encapsulates passes to MTS by H.248 agreement or other control protocols, sets up Media Stream and passes through corresponding relation between tunnel.

S709 is the same with normal IMS session, and P-CSCF will set up the RTP/RTCP media information and issue media gateway MGW, sets up RTP/RTCP and connects.

S710, P-CSCF will pass through tunnel server end address by 1xx or 200OK response message, and namely the IP of MTS and port are that the tunnel encapsulation type is issued UE.

S711, MTS are judged to be passing through under non-NAT scene according to the tunnel client end address information that P-CSCF forwards, and do not carry out the access path reachability check.

Not execution route reachability check of S712, UE, directly send out building tunnel and complete with media negotiation and complete confirmation to P-CSCF.

In S713～S714, UE, MTC module and MTS are as the business destination node that passes through tunnel, carry out the encapsulation of VoIP packet/untie processing, packaged type as shown in Figure 10, whole VoIP packet is encapsulated in the tunneling data bag as payload, and the IP address of tunnel header is the publicly-owned address of MTS and MTC.After MTS/MTC unties the tunneling data bag, according to the address of former VoIP packet, forward.MTC and MTS no longer carry out NAT address binding keep-alive flow process.

S715, UE determine to initiate the MSRP session, distribute special Firewall Traversing port PTx for the MSRP session, and the special MSRP of MSRP passes through port and can arrange by open port actual in fire compartment wall, such as being arranged to http protocol default port 80 ports etc.

S716, UE, by INVITE, pass through tunnel client end public ip address IP1 with MSRP, and publicly-owned port PTx and tunnel encapsulation type are the information notice P-CSCF such as transparent transmission mode.

S717, P-CSCF pass through address, tunnel and encapsulation mode information according to UE's, know that tunnel is transparent transmission mode and non-NAT scene, to MGW, distribute the MSRP port the same with UE, do not distribute the MSRP port of MTS.

S718 is the same with normal IMS MSRP session scheme, and P-CSCF will set up the information of MSRP connection and tell MGW.

It is transparent transmission mode information notice UE that S719, P-CSCF have passed through tunnel by 1xx or 200 conversational response message with the IP of MGW and MSRP port.

Not execution route reachability check of S720, UE, directly send media negotiation and complete acknowledge message to P-CSCF.

S721, MTC are transparent transmission mode according to tunnel type, the message of this MSRP session connection is carried out transparent transmission process, and so far the MSRP session establishment of UE and IMS network is completed.

Fig. 8 is the flow chart of the method for passing through tunnel of another embodiment of the present invention.The main distinction with the embodiment of Fig. 4 is before UE does not initiate INVITE session request, first with MTS, being connected TCP connects, then passing through SDP offer/answer mode, UE and network negotiate with the VoIP Media Stream by this TCP connection encapsulation of building up in advance, UE and MTS need not pass through the path reachability check again, but the VoIP Media Stream can only adopt the TCP tunnel encapsulation, can not adopt the UDP tunnel encapsulation, and MGW and MTS want integrated ICE-lite function.

S801, UE initiate the IMS registration request.

S802, P-CSCF judge according to the address information of REGISTER message the NAT problem that exists, notify UE by registration reply message with MTS information, carry the IP address information of MTS and MGW at registration reply message, the method of carrying, for increasing an expansion header field or increase parameter in sip message on existing SIP header field basis, is carried MTS and MGW address information.If be judged to be non-NAT problem adopt the lightweight in embodiment two to pass through scheme.

S803, UE determine to initiate voip conversation, prepare to adopt TCP tunnel style passing fire wall, and UE distribution T CP passes through the port in tunnel, i.e. the port PT1 of MTC.

S804～S805, MTC initiate a TCP by the PT1 port to the particular port of MTS and connect, the particular port of MTS can be configured according to the port range that fire compartment wall allows to pass through, as be set to http protocol default port 80 or HTTPS agreement default port 443 ports, this TCP is keeping always in communication process, know end of conversation.

The integrated ICE-Lite function of S806～S807, MTS, UE connects by the TCP that step S805 sets up, public ip address IP1n to MTS inquiry MTC, publicly-owned port PT1n or request distribute the public ip address IPa of MTC, publicly-owned port PT1n, the present invention adopt the STUN mode to inquire about the publicly-owned address of MTC for example, adopt the publicly-owned address of TURN mode application MTC, method and STUN mode that tunnel is passed through in foundation are similar, no longer give an example here.

S808, UE play the INVITE request of VoIP, carry in SDP and set up the client-side information that passes through tunnel, comprise MTC public ip address and publicly-owned port (IP1n, PT1n), private IP address and privately owned port (IP1, PT1) and the tunnel encapsulation type be TCP tunnel encapsulation pattern, adopt following dual mode to carry and pass through the tunnel client client information:

It is the port in TCP tunnel that S809, P-CSCF distribute the particular port 80 that arranges, and namely the address of TCP tunneled network side is that S805 sets up the MTS address that TCP connects.

S810, P-CSCF are that TCP encapsulation and the communicating pair address relevant information that will need the media data that encapsulates are by H.248 agreement or other control protocols are passed to MTS with the address of the communicating pair in TCP tunnel and encapsulation mode, the information that MTS sent out according to P-CSCF, the corresponding relation 811 of setting up media and passing through between tunnel is the same with normal IMS session, P-CSCF will set up the RTP/RTCP media information and issue media gateway MGW, set up RTP/RTCP and connect.

S812, P-CSCF are that the TCP tunnel mode is by conversational response message 200OK or 1xx message informing UE with the address information of the MTS side in TCP tunnel and encapsulation mode.

S813, UE and MTS need not execution route, and UE directly sends out session success acknowledge message ACK to network.

S814, UE and MTS pass through the business destination node in tunnel as TCP, the TCP that carries out the VoIP packet encapsulates/unties processing, packaged type such as accompanying drawing 10, shown in the TCP encapsulation format, whole VoIP packet is encapsulated in TCP tunneling data bag as payload, and the IP address of tunnel header is the publicly-owned address of MTS and MTC.After MTS/MTC unties the tunneling data bag, according to the address of former VoIP packet, forward.

In S815, communication process, UE and MTS carry out periodicity NA(P) keep-alive of T address binding is mutual.

S816, UE determine to initiate the MSRP session, distribute port PTx for the MSRP session.

In S817, UE, the MTC module is connected TCP and is connected with the media gateway MGW particular port by the PTx port, and this TCP keeps long and connects, and knows just termination after conversation end, the integrated ICE-lite function of MGW.MGW can arrange according to the port range that fire compartment wall allows to pass through for the particular port that MSRP passes through, and for example is set to http protocol default port 80 or HTTPS agreement default port 443 ports, and the embodiment of the present invention is exemplified as 80 ports.

S818, MTC are by the publicly-owned address IP1n of the method identical with S806, S807 to MGW inquiry MSRP, PTxn.

S819, UE, by INVITE, pass through tunnel client end private IP address IP1 with MSRP, and privately owned port PTx, and public ip address IP1n and publicly-owned port PTxn and tunnel encapsulation type are the information notice P-CSCF such as transparent transmission mode.

After S820, P-CSCF know that the tunnel encapsulation type is transparent transmission mode, for MGW distributes specific MSRP, pass through port 80, for MTS divides, be not used in the port that MSRP passes through, that is to say that MSRP passes through without MTS, UE and MGW directly set up the MSRP connection.

S821 is the same with normal IMS MSRP session scheme, and P-CSCF will set up the information of MSRP connection and tell MGW.

S822, P-CSCF, by 1xx or 200OK response message, tell UE with the address information of MGW (IPb, 80), and the notice tunnel type is transparent transmission mode.

S823, UE and network need not to do the path reachability check, directly send out ACK session success acknowledge message to network.

S824, MTC do not do any encapsulation process to receiving MSRP message, directly pass through the IMS client.

Fig. 9 is the flow chart of the method for passing through tunnel of another embodiment of the present invention.Be with the main distinction of the embodiment of Fig. 8 that UE obtains the mode of MTS or MGW different, P-CSCF does not tell UE by registration message with MTS and MGW address, but by setting up in conversation procedure SDP message, carry MTS or MGW notice UE, UE MTS or MGW again sets up TCP and connects.

S901, UE and P-CSCF complete the IMS registration.

S902, UE determine to initiate voip conversation, and distribution T CP passes through tunnel port PT1, and notice is prepared notice P-CSCF need to do Firewall Traversing.

S903, UE describe row by special parameter or the special SDP that the SDP in INVITE carries, and notice P-CSCF need to do Firewall Traversing.

S904, P-CSCF describe row by special parameter or the special SDP of SDP in the 1xx response message, with the address information of MTC, tell UE, with the statement network side, also support Firewall Traversing.

S905, MTC initiate a TCP by the PT1 port to the particular port of MTS and connect, the particular port of MTS can be configured according to the port range that fire compartment wall allows to pass through, as be set to http protocol default port 80 or HTTPS agreement default port 443 ports, this TCP is keeping always in communication process, know end of conversation.

The integrated ICE-Lite function of S906～S907, MTS, UE connects by the TCP that step S905 sets up, public ip address IP1n to MTS inquiry MTC, with publicly-owned port PT1n or to the public ip address IPa of MTS application MTC, publicly-owned port PT1n, the present invention adopt the STUN mode to inquire about the publicly-owned address of MTC for example, adopt the publicly-owned address of TURN mode application MTC, method and STUN mode that tunnel is passed through in foundation are similar, no longer give an example here.。

S908, UE send PRACK message, carry in PRACK message SDP body and set up the client-side information that passes through tunnel, comprise MTC public ip address and publicly-owned port (IP1n, PT1n), private IP address and privately owned pants (IP1, PT1) and the tunnel encapsulation type be TCP tunnel encapsulation pattern, adopt following dual mode to carry and pass through the tunnel client client information:

It is the port in TCP tunnel that S909, P-CSCF distribute the particular port 80 that arranges, and namely the address of TCP tunneled network side is that step S905 sets up the MTS address that TCP connects.

S910, P-CSCF are the TCP encapsulation with the address of the communicating pair in TCP tunnel and encapsulation mode, and the communicating pair address relevant information that will need the media data that encapsulates is by H.248 agreement or other control protocols are passed to MTS, the information that MTS sent out according to P-CSCF, the corresponding relation 911 of setting up media and passing through between tunnel is the same with normal IMS session, P-CSCF will set up the RTP/RTCP media information and issue media gateway MGW, set up RTP/RTCP and connect.

S912, P-CSCF are that the TCP tunnel mode is by conversational response message 200OK message informing UE with the address information of the MTS side in TCP tunnel and encapsulation mode.

S913, UE and MTS need not execution route, and UE directly sends out session success acknowledge message ACK to network.

S914, UE and MTS pass through the business destination node in tunnel as TCP, the TCP that carries out the VoIP packet encapsulates/unties processing, packaged type such as accompanying drawing 10, shown in the TCP encapsulation format, whole VoIP packet is encapsulated in TCP tunneling data bag as payload, and the IP address of tunnel header is the publicly-owned address of MTS and MTC.After MTS/MTC unties the tunneling data bag, according to the address of former VoIP packet, forward.In communication process, UE and MTS carry out periodicity NA(P) keep-alive of T address binding is mutual.

S915, UE determine to initiate the MSRP session, distribute private network port PTx for the MSRP session.

S916, UE describe row by special parameter or the special SDP that the SDP in INVITE carries, and notice P-CSCF need to do Firewall Traversing.

S917, P-CSCF describe row by special parameter or the special SDP of SDP in the 1xx response message, with the address information of MGW, tell UE, with the statement network side, also support Firewall Traversing.

In S918, UE, the MTC module is connected TCP and is connected with the media gateway MGW particular port by the PTx port, and this TCP keeps long and connects, and knows just termination after conversation end, the integrated ICE-lite function of MGW.MGW can arrange according to the port range that fire compartment wall allows to pass through for the particular port that MSRP passes through, and for example is set to http protocol default port 80 or HTTPS agreement default port 443 ports, and the embodiment of the present invention is exemplified as 80 ports.

S919, MTC are by the public ip address IP1n of the method identical with step S906, S907 to MGW inquiry MSRP, publicly-owned port PTxn.

S920, UE, by PRACK message, pass through tunnel client end private IP address IP1 with MSRP, privately owned port PTx, and public ip address IP1n, publicly-owned PTxn and tunnel encapsulation type are the information notice P-CSCF such as transparent transmission mode.

After S921, P-CSCF know that the tunnel encapsulation type is transparent transmission mode, for MGW distributes specific MSRP, pass through port 80, for MTS divides, be not used in the port that MSRP passes through, that is to say that MSRP passes through without MTS, UE and MGW directly set up the MSRP connection.

S922 is the same with normal IMS MSRP session scheme, and P-CSCF will set up the information of MSRP connection and tell MGW.

S923, P-CSCF, by the 200OK response message, tell UE with the address information of MGW (IPb, 80), and the notice tunnel type is transparent transmission mode.

S924, UE and network need not to do the path reachability check, directly send out ACK session success acknowledge message to network.

S925, MTC does not do any encapsulation process to receiving MSRP message, directly passes through the IMS client.

Above, in conjunction with Fig. 1 to Figure 10, describe the method according to the passing fire wall of the embodiment of the present invention in detail,, below in conjunction with Figure 11 to Figure 16, describe client, sip server and MTS according to the embodiment of the present invention in detail.

Figure 11 is the block diagram of the client of one embodiment of the invention.This client comprises determining unit 1101, transmitting element 1102, receiving element 1103 and sets up unit 1104.

Determining unit 1101, for the address of determining the local area network (LAN) client;

Transmitting element 1102, for send the information of the address that comprises client to the Session initiation protocol SIP server;

Receiving element 1103, the information that the media that comprise network side that send for the reception sip server pass through the address of server MTS;

Set up unit 1104, be used for according to the address of client and the address of MTS, set up the tunnel that is used for the transmitting SIP media data between client and MTS, fire compartment wall in the Tunnel Passing local area network (LAN), SIP media data comprise realtime transmission protocol RTP data and RTCP Real-time Transport Control Protocol RTCP data.

Alternatively, as an embodiment, the concrete address that is used for determining client of determining unit 1101, the address of client comprises the publicly-owned Internet protocol IP address of client and the publicly-owned port of client.

Alternatively, as another embodiment, the concrete information that is used for receiving the address that comprises MTS of receiving element 1103, the address of MTS comprises the public ip address of MTS and the publicly-owned port of MTS; Set up unit 1104 concrete for according to the public ip address of client, the publicly-owned port of client, the public ip address of MTS and the publicly-owned port of MTS, setting up tunnel.

Alternatively, as another embodiment, client also can comprise: judging unit is used for judging whether fire compartment wall needs to carry out network address translation NAT; , when definite fire compartment wall need to carry out NAT, the concrete private IP address that is used for obtaining client of determining unit 1101, and distribute the privately owned port of client; According to the public ip address of the privately owned interface querying client of the private IP address of client and client and the publicly-owned port of client.

Alternatively, as another embodiment, the concrete public ip address that is used for obtaining MTS of determining unit 1101; According to the privately owned port of client and the public ip address of MTS, to set up transmission control protocol TCP with the particular port of the public ip address of MTS and be connected, the port numbers of particular port allows the port numbers of the port that passes through identical with fire compartment wall; The address that connects inquiring client terminal by TCP.

Alternatively, as another embodiment, the concrete request message that is used for sending to sip server the public ip address that is used for request MTS of determining unit 1101; Receive the request response that sip server sends, the public ip address of carrying MTS in request response.

Alternatively, as another embodiment, when definite fire compartment wall does not need to carry out NAT, the concrete public ip address that is used for obtaining client of determining unit 1101; Survey fire compartment wall and allow the particular port that passes through; Fire compartment wall is allowed the publicly-owned port of the particular port that passes through as client.

Alternatively, as another embodiment, determining unit 1101 also be used for to be determined the host-host protocol that fire compartment wall is supported, host-host protocol comprises at least a in TCP and user datagram protocol UDP; Transmitting element 1102 also is used for sending to sip server the information that is used to indicate host-host protocol;

Client also comprises: encapsulation unit is used for utilizing host-host protocol to encapsulate data when by tunnel, to MTS, sending data; Decapsulation unit, while being used for the data that send by tunnel as reception MTS, utilize host-host protocol to carry out decapsulation to data.

Figure 12 is the block diagram of the sip server of one embodiment of the invention.This sip server comprises receiving element 1201, allocation units 1202 and transmitting element 1203.

Receiving element 1201, be used for reception and comprise the information of the address of local area network (LAN) client;

Allocation units 1202, be used for allocation medium and pass through the publicly-owned port of server MTS;

Transmitting element 1203, be used for sending to client the information of the address that comprises MTS, described MTS address comprises the publicly-owned port of described MTS and the public ip address of the MTS that obtains, and send the information of the publicly-owned port of the address comprise client and MTS to MTS, in order to set up the tunnel that is used for transmission session initializtion protocol SIP media data between client and MTS, fire compartment wall in the Tunnel Passing local area network (LAN), SIP media data comprise realtime transmission protocol RTP data and RTCP Real-time Transport Control Protocol RTCP data.

Alternatively, as an embodiment, the concrete information that is used for receiving the address that comprises client of receiving element 1201, the address of client comprises the publicly-owned Internet protocol IP address of client and the publicly-owned port of client; The address that sends MTS to client comprises: send the address of MTS to client, the address of MTS comprises the public ip address of MTS and the publicly-owned port of MTS.

Alternatively, as another embodiment, allocation units 1202 are concrete for fire compartment wall is allowed the port numbers of the port numbers of the port that passes through as the publicly-owned port of MTS.

Alternatively, as another embodiment, receiving element 1201 also is used for receiving the request message for the public ip address of asking MTS that client sends; Send request response message to client, carry the public ip address of MTS in request response.

Alternatively, as another embodiment, receiving element 1201 also be used for to receive that client sends is used to indicate the information of the host-host protocol that fire compartment wall supports, host-host protocol comprises at least a in TCP and user datagram protocol UDP; Transmitting element 1203 also is used for sending to MTS the information that is used to indicate host-host protocol.

Alternatively, as another embodiment, transmitting element 1203 also is used for sending to described MTS the information of the address of the address that comprises media gateway and described client.

Figure 13 is the block diagram of the MTS of one embodiment of the invention.This MTS comprises receiving element 1301 and sets up unit 1302.

Receiving element 1301, be used for to receive the information of the publicly-owned port of the address that comprises the local area network (LAN) client that the Session initiation protocol SIP server sends and MTS;

Set up unit 1302, be used for according to the address of client and the address of MTS, set up the tunnel that is used for the transmitting SIP media data between MTS and client, the fire compartment wall of Tunnel Passing local area network (LAN), SIP media data comprise realtime transmission protocol RTP data and RTCP Real-time Transport Control Protocol RTCP data.

Alternatively, as an embodiment, receiving element 1301 is concrete is used for receiving the information of the publicly-owned port of the address that comprises client and MTS, and the address of client comprises the publicly-owned port of public ip address and the client of client; Set up unit 1302 concrete for according to the public ip address of client, the publicly-owned port of client and the address of MTS, setting up tunnel, the address of MTS comprises the public ip address of MTS and the publicly-owned port of MTS.

Alternatively,, as another embodiment, set up unit 1302 and also for client, setting up transmission control protocol TCP, be connected, so that client connects the public ip address of inquiring client terminal and the publicly-owned port of client according to TCP.

Alternatively, as another embodiment, receiving element 1301 also be used for to receive that sip server sends is used to indicate the information of the host-host protocol that fire compartment wall supports, host-host protocol comprises at least a in TCP and user datagram protocol UDP;

MTS also comprises: encapsulation unit is used for utilizing host-host protocol to encapsulate data when by tunnel, to client, sending data; Decapsulation unit, while being used for the data that send by tunnel when the reception client, utilize host-host protocol to carry out decapsulation to data.

Alternatively, as another embodiment, receiving element 1301 also is used for receiving the information of the address of the address that comprises media gateway that described sip server sends and described client.

Figure 14 is the block diagram of the client of another embodiment of the present invention.This client comprises processor 1401, transmitter 1402 and receiver 1403.

Processor 1401, for the address of determining the local area network (LAN) client;

Transmitter 1402, for send the information of the address that comprises client to the Session initiation protocol SIP server;

Receiver 1403, the information that the media that comprise network side that send for the reception sip server pass through the address of server MTS;

Processor 1401 also is used for according to the address of client and the address of MTS, set up the tunnel that is used for the transmitting SIP media data between client and MTS, fire compartment wall in the Tunnel Passing local area network (LAN), SIP media data comprise realtime transmission protocol RTP data and RTCP Real-time Transport Control Protocol RTCP data.

Alternatively, as an embodiment, the concrete address that is used for determining client of processor 1401, the address of client comprises the publicly-owned Internet protocol IP address of client and the publicly-owned port of client.

Alternatively, as another embodiment, the concrete information that is used for receiving the address that comprises MTS of receiver 1403, the address of MTS comprises the public ip address of MTS and the publicly-owned port of MTS; Processor 1401 is concrete for according to the public ip address of client, the publicly-owned port of client, the public ip address of MTS and the publicly-owned port of MTS, setting up tunnel.

Alternatively, as another embodiment, processor 1401 also is used for judging whether fire compartment wall needs to carry out network address translation NAT; When definite fire compartment wall need to carry out NAT, the concrete private IP address that is used for obtaining client of processor 1401, and distribute the privately owned port of client; According to the public ip address of the privately owned interface querying client of the private IP address of client and client and the publicly-owned port of client.

Alternatively, as another embodiment, the concrete public ip address that is used for obtaining MTS of processor 1401; According to the privately owned port of client and the public ip address of MTS, to set up transmission control protocol TCP with the particular port of MTS and be connected, the port numbers of particular port allows the port numbers of the port that passes through identical with fire compartment wall; The address that connects inquiring client terminal by TCP.

Alternatively, as another embodiment, the concrete request message that is used for sending to sip server the public ip address that is used for request MTS of processor 1401; Receive the request response that sip server sends, the public ip address of carrying MTS in request response.

Alternatively, as another embodiment, when definite fire compartment wall does not need to carry out NAT, the concrete public ip address that is used for obtaining client of processor 1401; Survey fire compartment wall and allow the particular port that passes through; Fire compartment wall is allowed the publicly-owned port of the particular port that passes through as client.

Alternatively, as another embodiment, processor 1401 also be used for to be determined the host-host protocol that fire compartment wall is supported, host-host protocol comprises at least a in TCP and user datagram protocol UDP; Transmitting element 1402 also is used for sending to sip server the information that is used to indicate host-host protocol;

Processor also is used for utilizing host-host protocol to encapsulate data when by tunnel, to MTS, sending data; When processor also is used for the data that send by tunnel as reception MTS, utilize host-host protocol to carry out decapsulation to data.

Figure 15 is the block diagram of the sip server of another embodiment of the present invention.This sip server comprises receiver 1501, processor 1502 and transmitter 1503.

Receiver 1501, be used for reception and comprise the information of the address of local area network (LAN) client;

Processor 1502, be used for allocation medium and pass through the publicly-owned port of server MTS;

Transmitter 1503, be used for sending to client the information of the address that comprises MTS, the MTS address comprises the publicly-owned port of MTS and the public ip address of the MTS that obtains, and send the information of the publicly-owned port of the address comprise client and MTS to MTS, in order to set up the tunnel that is used for transmission session initializtion protocol SIP media data between client and MTS, fire compartment wall in the Tunnel Passing local area network (LAN), SIP media data comprise realtime transmission protocol RTP data and RTCP Real-time Transport Control Protocol RTCP data.

Alternatively, as an embodiment, the concrete information that is used for receiving the address that comprises client of receiver 1501, the address of client comprises the publicly-owned Internet protocol IP address of client and the publicly-owned port of client.

Alternatively, as another embodiment, processor 1502 is concrete for fire compartment wall is allowed the port numbers of the port numbers of the port that passes through as the publicly-owned port of MTS.

Alternatively, as another embodiment, receiver 1501 also is used for receiving the request message for the public ip address of asking MTS that client sends; Send request response message to client, carry the public ip address of MTS in request response.

Alternatively, as another embodiment, receiver 1501 also be used for to receive that client sends is used to indicate the information of the host-host protocol that fire compartment wall supports, host-host protocol comprises at least a in TCP and user datagram protocol UDP; Transmitter 1503 also is used for sending to MTS the information that is used to indicate host-host protocol.

Alternatively, as another embodiment, transmitter 1503 also is used for sending to described MTS the information of the address of the address that comprises media gateway and described client.

Figure 16 is the block diagram of the MTS of another embodiment of the present invention.This MTS comprises receiver 1601 and processor 1602.

Receiver 1601, be used for to receive the information of the publicly-owned port of the address that comprises the local area network (LAN) client that the Session initiation protocol SIP server sends and MTS;

Processor 1602, be used for according to the address of client and the address of MTS, set up the tunnel that is used for the transmitting SIP media data between MTS and client, fire compartment wall in Tunnel Passing visitor local area network (LAN), the SIP media data comprises realtime transmission protocol RTP data and RTCP Real-time Transport Control Protocol RTCP data.

Alternatively, as an embodiment, receiver 1601 is concrete is used for receiving the information of the publicly-owned port of the address that comprises client and MTS, and the address of client comprises the publicly-owned port of public ip address and the client of client; Processor 1602 is concrete for according to the public ip address of client, the publicly-owned port of client and the address of MTS, setting up tunnel, and the address of MTS comprises the public ip address of MTS and the publicly-owned port of MTS.

Alternatively, as another embodiment, processor 1602 also is used for setting up transmission control protocol TCP with client and is connected, so that client connects the public ip address of inquiring client terminal and the publicly-owned port of client according to TCP.

Alternatively, as another embodiment, receiver 1601 also be used for to receive that sip server sends is used to indicate the information of the host-host protocol that fire compartment wall supports, host-host protocol comprises at least a in TCP and user datagram protocol UDP;

Processor 1602 also is used for utilizing host-host protocol to encapsulate data when by tunnel, to client, sending data; When receiving the data that client sends by tunnel, utilize host-host protocol to carry out decapsulation to data.

Alternatively, as another embodiment, receiver 1601 also is used for receiving the information of the address of the address that comprises media gateway that described sip server sends and described client.

Those of ordinary skills can recognize, unit and the algorithm steps of each example of describing in conjunction with embodiment disclosed herein, can realize with the combination of electronic hardware or computer software and electronic hardware.These functions are carried out with hardware or software mode actually, depend on application-specific and the design constraint of technical scheme.The professional and technical personnel can specifically should be used for realizing described function with distinct methods to each, but this realization should not thought and exceeds scope of the present invention.

The those skilled in the art can be well understood to, and for convenience and simplicity of description, the specific works process of the system of foregoing description, device and unit, can, with reference to the corresponding process in preceding method embodiment, not repeat them here.

In several embodiment that the application provides, should be understood that disclosed system, apparatus and method can realize by another way.For example, device embodiment described above is only schematic, for example, the division of described unit, be only that a kind of logic function is divided, during actual the realization, other dividing mode can be arranged, for example a plurality of unit or assembly can in conjunction with or can be integrated into another system, or some features can ignore, or do not carry out.Another point, shown or discussed coupling each other or direct-coupling or communication connection can be by some interfaces, indirect coupling or the communication connection of device or unit can be electrically, machinery or other form.

Described unit as separating component explanation can or can not be also physically to separate, and the parts that show as unit can be or can not be also physical locations, namely can be positioned at a place, perhaps also can be distributed on a plurality of network element.Can select according to the actual needs wherein some or all of unit to realize the purpose of the present embodiment scheme.

In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, can be also that the independent physics of unit exists, and also can be integrated in a unit two or more unit.

If described function uses that the form of SFU software functional unit realizes and during as production marketing independently or use, can be stored in a computer read/write memory medium.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words or the part of this technical scheme can embody with the form of software product, this computer software product is stored in a storage medium, comprise that some instructions are with so that a computer equipment (can be personal computer, server, the perhaps network equipment etc.) carry out all or part of step of the described method of each embodiment of the present invention.And aforesaid storage medium comprises: the various media that can be program code stored such as USB flash disk, portable hard drive, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disc or CD.

The above; be only the specific embodiment of the present invention, but protection scope of the present invention is not limited to this, anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; can expect easily changing or replacing, within all should being encompassed in protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion by described protection range with claim.

Claims

1. the method for a passing fire wall, is characterized in that, comprising:

Determine the address of client in local area network (LAN);

Send the information of the address that comprises described client to the Session initiation protocol SIP server;

Receive the information that media that comprise network side that described sip server sends pass through the address of server MTS;

According to the address of described client and the address of described MTS, set up the tunnel that is used for the transmitting SIP media data between described client and described MTS, fire compartment wall in the described local area network (LAN) of described Tunnel Passing, described SIP media data comprise realtime transmission protocol RTP data and RTCP Real-time Transport Control Protocol RTCP data.

2. the method for claim 1, is characterized in that, in described definite local area network (LAN), the address of client comprises:

Determine the address of described client, the address of described client comprises the publicly-owned Internet protocol IP address of described client and the publicly-owned port of described client.

3. method as claimed in claim 1 or 2, is characterized in that, the information of the address of the MTS that comprises network side that the described sip server of described reception sends comprises:

Receive the described information that comprises the address of described MTS, the address of described MTS comprises the public ip address of described MTS and the publicly-owned port of described MTS;

, described according to the address of described client and the address of described MTS, set up the tunnel that is used for the transmitting SIP media data between described client and described MTS, comprising:

, according to the public ip address of the publicly-owned port of the public ip address of described client, described client, described MTS and the publicly-owned port of described MTS, set up described tunnel.

4. method as claimed in claim 3, is characterized in that, before the address of described definite described client, also comprises:

Judge whether described fire compartment wall needs to carry out network address translation NAT;

, when definite described fire compartment wall need to carry out NAT, the address of described definite described client comprised:

Obtain the private IP address of described client, and distribute the privately owned port of described client;

According to the privately owned port of private IP address and the described client of described client, the public ip address of the described client of inquiry and the publicly-owned port of described client.

5. method as claimed in claim 4, is characterized in that, the privately owned port of described private IP address according to described client and described client, and the public ip address of the described client of inquiry and the publicly-owned port of described client comprise:

Obtain the public ip address of described MTS;

According to the privately owned port of described client and the public ip address of described MTS, to set up transmission control protocol TCP with the particular port of described MTS and be connected, the port numbers of described particular port allows the port numbers of the port that passes through identical with described fire compartment wall;

The address that connects the described client of inquiry by described TCP.

6. method as claimed in claim 5, is characterized in that, the described public ip address of obtaining described MTS comprises:

To the request message of described sip server transmission for the public ip address of asking described MTS;

Receive the request response that described sip server sends, the public ip address of carrying described MTS in the described request response message.

7. method as described in any one in claim 4-6, is characterized in that,

When definite described fire compartment wall did not need to carry out NAT, the address of described definite described client comprised:

Obtain the public ip address of described client;

Survey described fire compartment wall and allow the particular port that passes through;

Described fire compartment wall is allowed the publicly-owned port of the particular port that passes through as described client.

8. method as described in any one in claim 1-7, is characterized in that, also comprises:

Determine the host-host protocol that described fire compartment wall is supported, described host-host protocol comprises at least a in TCP and user datagram protocol UDP;

Send the information that is used to indicate described host-host protocol to described sip server;

When by described tunnel, to described MTS, sending data, utilize described host-host protocol to encapsulate described data;

When receiving the data of described MTS by the transmission of described tunnel, utilize described host-host protocol to carry out decapsulation to described data.

9. the method for a passing fire wall, is characterized in that, comprising:

Reception comprises the information of the address of client in local area network (LAN);

Allocation medium is passed through the publicly-owned port of server MTS;

Send the information of the address that comprises MTS to described client, described MTS address comprises the publicly-owned port of described MTS and the public ip address of the MTS that obtains, and send the information of the publicly-owned port of the address that comprises described client and described MTS to described MTS, in order to set up the tunnel that is used for transmission session initializtion protocol SIP media data between described client and described MTS, fire compartment wall in the described local area network (LAN) of described Tunnel Passing, described SIP media data comprise realtime transmission protocol RTP data and RTCP Real-time Transport Control Protocol RTCP data.

10. method as claimed in claim 9, is characterized in that, the information that described reception comprises the address of client in local area network (LAN) comprises:

Receive the described information that comprises the address of described client, the address of described client comprises the publicly-owned Internet protocol IP address of described client and the publicly-owned port of described client.

11. method as claimed in claim 10, is characterized in that, the publicly-owned port of described distribution MTS comprises:

Described fire compartment wall is allowed the port numbers of the port numbers of the port that passes through as the publicly-owned port of described MTS.

12. method as described in any one in claim 9-11, is characterized in that, before the address of client, also comprises in described reception local area network (LAN):

Receive the request message for the public ip address of asking described MTS that described client sends;

Send request response message to described client, carry the public ip address of described MTS in the described request response message.

13. method as described in any one in claim 9-12, is characterized in that, also comprises:

The information that is used to indicate the host-host protocol that described fire compartment wall supports that receives that described client sends, described host-host protocol comprise at least a in TCP and user datagram protocol UDP;

Send the information that is used to indicate described host-host protocol to described MTS.

14. method as described in any one in claim 9-13, is characterized in that, also comprises:

Send the information of the address of the address that comprises media gateway and described client to described MTS.

15. the method for a passing fire wall, is characterized in that, comprising:

The information of the address that comprises client in local area network (LAN) that reception Session initiation protocol SIP server sends and the publicly-owned port of MTS;

According to the address of described client and the address of described MTS, set up the tunnel that is used for the transmitting SIP media data between described MTS and described client, fire compartment wall in the described local area network (LAN) of described Tunnel Passing, described SIP media data comprise realtime transmission protocol RTP data and RTCP Real-time Transport Control Protocol RTCP data.

16. method as claimed in claim 15, is characterized in that, the information of the address that comprises client in local area network (LAN) that described reception sip server sends and the publicly-owned port of MTS comprises:

Receive the information of the publicly-owned port of the described address that comprises described client and described MTS, the address of described client comprises the publicly-owned port of public ip address and the described client of described client;

, described according to the address of described client and the address of described MTS, the tunnel that is used for the transmitting SIP media data of setting up between described MTS and described client comprises:

According to the publicly-owned port of the public ip address of described client, described client and the address of described MTS, set up described tunnel, the address of described MTS comprises the public ip address of described MTS and the publicly-owned port of described MTS.

17. method as described in claim 15 or 16, is characterized in that, described reception sip server send comprise local area network (LAN) in before the information of publicly-owned port of the address of client and MTS, also comprise:

Set up transmission control protocol TCP with described client and be connected, so that described client connects the public ip address of the described client of inquiry and the publicly-owned port of described client according to described TCP.

18. method as described in any one in claim 15-17, is characterized in that, also comprises:

The information that is used to indicate the host-host protocol that described fire compartment wall supports that receives that described sip server sends, described host-host protocol comprise at least a in TCP and user datagram protocol UDP;

When by described tunnel, to described client, sending data, utilize described host-host protocol to encapsulate described data;

When receiving the data of described client by the transmission of described tunnel, utilize described host-host protocol to carry out decapsulation to described data.

19. method as described in any one in claim 15-18, is characterized in that, also comprises:

Receive the information of the address of the address that comprises media gateway that described sip server sends and described client.

20. a client, is characterized in that, comprising:

Determining unit, for the address of determining the local area network (LAN) client;

Transmitting element, for send the information of the address that comprises described client to the Session initiation protocol SIP server;

Receiving element, be used for receiving the information that media that comprise network side that described sip server sends pass through the address of server MTS;

Set up unit, be used for according to the address of described client and the address of described MTS, set up the tunnel that is used for the transmitting SIP media data between described client and described MTS, fire compartment wall in the described local area network (LAN) of described Tunnel Passing, described SIP media data comprise realtime transmission protocol RTP data and RTCP Real-time Transport Control Protocol RTCP data.

21. client as claimed in claim 20, is characterized in that, described determining unit specifically is used for determining the address of described client, and the address of described client comprises the publicly-owned Internet protocol IP address of described client and the publicly-owned port of described client.

22. method as described in claim 20 or 21, is characterized in that, described receiving element specifically is used for receiving the described information that comprises the address of described MTS, and the address of described MTS comprises the public ip address of described MTS and the publicly-owned port of described MTS;

The described unit of setting up specifically is used for according to the public ip address of the publicly-owned port of the public ip address of described client, described client, described MTS and the publicly-owned port of described MTS, sets up described tunnel.

23. client as claimed in claim 22, is characterized in that, also comprises:

Judging unit, be used for judging whether described fire compartment wall needs to carry out network address translation NAT;

, when definite described fire compartment wall need to carry out NAT, described determining unit specifically was used for obtaining the private IP address of described client, and distributes the privately owned port of described client; According to the public ip address of the described client of privately owned interface querying of the private IP address of described client and described client and the publicly-owned port of described client.

24. client as claimed in claim 23, is characterized in that, described determining unit specifically is used for obtaining the public ip address of described MTS; According to the privately owned port of described client and the public ip address of described MTS, to set up transmission control protocol TCP with the particular port of described MTS and be connected, the port numbers of described particular port allows the port numbers of the port that passes through identical with described fire compartment wall; The address that connects the described client of inquiry by described TCP.

25. client as claimed in claim 24, is characterized in that, described determining unit specifically is used for to the request message of described sip server transmission for the public ip address of asking described MTS; Receive the request response that described sip server sends, the public ip address of carrying described MTS in the described request response message.

26. client as described in any one in claim 23-25, is characterized in that,

When definite described fire compartment wall did not need to carry out NAT, described determining unit specifically was used for obtaining the public ip address of described client; Survey described fire compartment wall and allow the particular port that passes through; Described fire compartment wall is allowed the publicly-owned port of the particular port that passes through as described client.

27. client as described in any one in claim 20-26, is characterized in that, described determining unit also be used for to be determined the host-host protocol that described fire compartment wall is supported, described host-host protocol comprises at least a in TCP and user datagram protocol UDP;

Described transmitting element also is used for sending to described sip server the information that is used to indicate described host-host protocol;

Described client also comprises:

Encapsulation unit, be used for utilizing described host-host protocol to encapsulate described data when by described tunnel, to described MTS, sending data;

Decapsulation unit, be used for utilizing described host-host protocol to carry out decapsulation to described data when receiving the data of described MTS by the transmission of described tunnel.

28. a Session initiation protocol SIP server, is characterized in that, comprising:

Receiving element, be used for reception and comprise the information of the address of local area network (LAN) client;

Allocation units, be used for allocation medium and pass through the publicly-owned port of server MTS;

Transmitting element, be used for sending to described client the information of the address that comprises MTS, described MTS address comprises the publicly-owned port of described MTS and the public ip address of the MTS that obtains, and send the information of the publicly-owned port of the address that comprises described client and described MTS to described MTS, in order to set up the tunnel that is used for transmission session initializtion protocol SIP media data between described client and described MTS, the fire compartment wall of the described local area network (LAN) of described Tunnel Passing, described SIP media data comprise realtime transmission protocol RTP data and RTCP Real-time Transport Control Protocol RTCP data.

29. sip server as claimed in claim 27, it is characterized in that, described receiving element specifically is used for receiving the described information that comprises the address of described client, and the address of described client comprises the publicly-owned Internet protocol IP address of described client and the publicly-owned port of described client.

30. sip server as claimed in claim 29, is characterized in that, described allocation units specifically are used for described fire compartment wall is allowed the port numbers of the port numbers of the port that passes through as the publicly-owned port of described MTS.

31. sip server as described in any one in claim 28-30, is characterized in that, described receiving element also is used for receiving the request message for the public ip address of asking described MTS that described client sends; Send request response message to described client, carry the public ip address of described MTS in the described request response message.

32. sip server as described in any one in claim 28-31, it is characterized in that, described receiving element also is used for receiving that described client sends is used to indicate the information of the host-host protocol that described fire compartment wall supports, described host-host protocol comprises at least a in TCP and user datagram protocol UDP;

Described transmitting element also is used for sending to described MTS the information that is used to indicate described host-host protocol.

33. sip server as described in any one in claim 28-32, is characterized in that, described transmitting element also is used for sending to described MTS the information of the address of the address that comprises media gateway and described client.

34. one kind is passed through tunnel server MTS, it is characterized in that, comprising:

Receiving element, be used for to receive the information of the publicly-owned port of the address that comprises the local area network (LAN) client that the Session initiation protocol SIP server sends and MTS;

Set up unit, be used for according to the address of described client and the address of described MTS, set up the tunnel that is used for the transmitting SIP media data between described MTS and described client, the fire compartment wall of described Tunnel Passing local area network (LAN), described SIP media data comprise realtime transmission protocol RTP data and RTCP Real-time Transport Control Protocol RTCP data.

35. MTS as claimed in claim 34, it is characterized in that, described receiving element specifically is used for receiving the information of the publicly-owned port of the described address that comprises described client and described MTS, and the address of described client comprises the publicly-owned port of public ip address and the described client of described client;

, the described unit of setting up specifically is used for setting up described tunnel according to the publicly-owned port of the public ip address of described client, described client and the address of described MTS, and the address of described MTS comprises the public ip address of described MTS and the publicly-owned port of described MTS.

36. MTS as described in claim 34 or 35, it is characterized in that, the described unit of setting up also is connected for described client, setting up transmission control protocol TCP, so that described client connects the public ip address of the described client of inquiry and the publicly-owned port of described client according to described TCP.

37. MTS as described in any one in claim 34-36, it is characterized in that, described receiving element also is used for receiving that described sip server sends is used to indicate the information of the host-host protocol that described fire compartment wall supports, described host-host protocol comprises at least a in TCP and user datagram protocol UDP;

Described MTS also comprises:

Encapsulation unit, be used for utilizing described host-host protocol to encapsulate described data when by described tunnel, to described client, sending data;

Decapsulation unit, be used for utilizing described host-host protocol to carry out decapsulation to described data when receiving the data of described client by the transmission of described tunnel.

38. MTS as described in any one in claim 34-37, is characterized in that, described receiving element also is used for receiving the information of the address of the address that comprises media gateway that described sip server sends and described client.