CN103944795B - Virtual private networks communication system, route device and its method - Google Patents

Virtual private networks communication system, route device and its method Download PDF

Info

Publication number
CN103944795B
CN103944795B CN201310027123.XA CN201310027123A CN103944795B CN 103944795 B CN103944795 B CN 103944795B CN 201310027123 A CN201310027123 A CN 201310027123A CN 103944795 B CN103944795 B CN 103944795B
Authority
CN
China
Prior art keywords
route device
servomechanism
character string
virtual private
route
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201310027123.XA
Other languages
Chinese (zh)
Other versions
CN103944795A (en
Inventor
谈德华
赖明彦
黄敏维
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZHENGWEN SCI-TECH Co Ltd
Original Assignee
ZHENGWEN SCI-TECH Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZHENGWEN SCI-TECH Co Ltd filed Critical ZHENGWEN SCI-TECH Co Ltd
Priority to CN201310027123.XA priority Critical patent/CN103944795B/en
Publication of CN103944795A publication Critical patent/CN103944795A/en
Application granted granted Critical
Publication of CN103944795B publication Critical patent/CN103944795B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

The present invention provides a kind of virtual private networks communication system, route device and its method, and virtual private networks communication system includes servomechanism and multiple route devices.Multiple route devices are respectively transmitted a log-on message to servomechanism, and wherein log-on message includes an identification character string.Route device includes one first route device and a secondary route device, wherein the first route device sends a location requirement to servomechanism, servomechanism is part or all of according to identification character string biography location requirement to route device, when secondary route device receives location requirement, secondary route device returns a location information to the first route device according to location requirement by servomechanism.First route device, directly to set up a line with secondary route device, and transmits data according to location information after line foundation.

Description

Virtual private networks communication system, route device and its method
Technical field
The present invention relates to a kind of Internet communication system, more particularly to a kind of virtual private networks communication system, route dress Put and its method.
Background technology
With the quick popularization of internet (Internet), in Internet protocol (the Internet Protocol of fourth edition Version 4, hereinafter referred to as IPv4) under framework, publicly-owned Internet protocol address (Public Internet Protocol Address, hereinafter referred to as Public IP address) quantity be not enough to for the substantial amounts of network user that quickly occurs Use.Therefore, in the general of private network (Private Network) or Intranet (Enterprise Intranet) After thought is suggested, nowadays widely each organizational framework is used private network.
Sent out by Internet Engineering Task group (Internet Engineering Task Force, hereinafter referred to as IETF) Capable numbering 1918 solicits the book that revises one's view (Request For Comments, hereinafter referred to as RFC) then to above-mentioned privately owned The explanation that the configuration of network and the virtual IP address under private network is defined.Substantially, the quilt in private network The main frame for configuring virtual IP address can be not have IP using the modes such as gateway and the service for being linked to outside, but to outside network address The ability in joining wire of level.
When main frame inside private network is intended to a host computer line in internet, it is possible to use the network address turns The mechanism that (Network Address Translation, hereinafter referred to as NAT) turn location is changed to reach.But when inside private network The main frame another main frame to be in communication with each other equally when being in inside another private network, between two private networks Virtual private net (Virtual Private Network, hereinafter referred to as VPN) framework is then needed, is passed using internet Pass the information between two private networks.Virtual private net utilizes the channel protocol (Tunneling Protocol) encrypted To reach the private information security effects such as secrecy, transmission end certification, information accuracy, with reach the information in private network not by External host/user retrieves the target of change.However, being set up existing in the method for channel protocol, it is necessary to via cumbersome Line and setting could complete.The line of virtual private net is completed such as how more succinct mode, while but still Possess the security of transmission information, as the problem of urgent need is solved in this area.
The content of the invention
The present invention provides a kind of virtual private networks communication system, route device and its method so that difference adheres to difference separately Main frame under private network can directly carry out network service via simple connection mode.
The present invention provides a kind of virtual private networks communication system, including servomechanism and multiple route devices.Multiple roads One log-on message is respectively transmitted to servomechanism by device, wherein log-on message includes an identification character string.Wrapped in route device One first route device and a secondary route device are included, wherein the first route device sends a location requirement to servomechanism, is watched Device is taken according to the part or all of of identification character string biography location requirement to route device, when secondary route device receives location requirement When, secondary route device returns a location information to the first route device according to location requirement by servomechanism.The first via is by filling Put according to location information directly to set up a line with secondary route device, and data are transmitted after line foundation.
The present invention provides a kind of route device, it is adaptable to a virtual private networks communication system, including:One network interface list Member and a processing unit.NIU is connected to a servomechanism by internet.Processing unit coupled scheme interface unit, One log-on message is transmitted to servomechanism by NIU, wherein log-on message includes an identification character string.Processing unit A location requirement is also transmitted to servomechanism by NIU.Processing unit is received by NIU from servomechanism One location information, and processing unit according to location information by NIU directly with a distal end route device line, And transmit a data after line foundation.
The present invention provides a kind of virtual private networks communication means, comprises the following steps:First, a log-on message is transmitted extremely One servomechanism of virtual private networks communication system, wherein log-on message include an identification character string;Then, the positioning of transmission one is needed Ask to servomechanism;Then, the location information returned from servomechanism is received, and is directly route according to location information with a distal end Device line;Furthermore, a data are transmitted after line foundation.
Based on above-mentioned, the present invention provides a kind of virtual private networks communication system, route device and its method, with to utilization After location requirement and identification character string are registered to servomechanism, completed using servomechanism exchanging orientation information between private network Link up and set up line, reach effect of virtual private networks.
For the features described above and advantage of the present invention can be become apparent, special embodiment below, and it is detailed to coordinate accompanying drawing to make Carefully it is described as follows.
Brief description of the drawings
Fig. 1 is the system block diagram of the virtual private networks communication system according to shown by one embodiment of the invention;
Fig. 2 is the sequential flow chart of the virtual private networks communication system according to shown by one embodiment of the invention;
Fig. 3 is the data structure diagram of the location requirement according to shown by one embodiment of the invention;
Fig. 4 is the device block diagram of the route device according to shown by one embodiment of the invention;
Fig. 5 is the method flow diagram of the virtual private networks communication means according to shown by one embodiment of the invention.
Description of reference numerals:
10:Virtual private networks communication system;
110:Servomechanism;
120、130、40:Route device;
410:NIU;
420:Processing unit;
140:Internet;
150、160:Private network;
151~153,161~163:Main frame;
RI:Log-on message;
PR、30:Location requirement;
PI:Location information;
DAT:Data;
310:Head shelves;
311、321;Ethernet head;
312:IP heads;
313:UDP heads;
320:Data content;
322:Load;
S201~215, S501~S504:Step.
Embodiment
Fig. 1 is the system block diagram of the virtual private networks communication system according to shown by one embodiment of the invention.It please join According to Fig. 1, virtual private networks communication system 10 includes servomechanism 110 and route device 120,130.In fact, virtual privately owned Network communicating system 10 may include multiple route devices, for convenience of description, in the present embodiment then with route device 120,130 It is used as representative explanation.
Route device 120,130 is respectively the outlet of private network 150, internet 140 outside 160 pairs of private networks, And provide and serviced such as NAT for each main frame under private network 150,160.For example, private network 150 includes main frame 151~153, route device 120 be then respectively configured a virtual IP address in a virtual subnet network segment to main frame 151~ 153.When main frame 151~153 is intended to link to external the Internet 140 by route device 120, route device 120 then utilizes net Network Address Translation services, the virtual IP address in the virtual subnet network segment are converted to the physical address in internet, and Thus the transmission data of each main frame (main frame 151~153) in transmitting-receiving private network 150 are turned.
The relation of relation also with route device 120 and private network 150 between route device 130 and private network 160 Identical, in which not repeat.
Route device 120,130 as private network 150,160 export abroad, generally also with NAT service or in It there are the equipment serviced with NAT between internet.Therefore, for obtaining private network 150,160 turns into virtual privately owned Network further increases a little difficulty.And virtual private networks communication system provided by the present invention, that is, it is to provide a kind of simpler Mode allow between each private network and set up virtual private networks communication system, and pass through virtual private networks communication system Mechanism the end-to-end transmittability of the main frame between each private network is provided.
In an embodiment of the present invention, route device 120,130 is interconnected by internet 140 with servomechanism 110, and Log-on message RI is respectively transmitted to servomechanism 110, wherein log-on message RI includes recognizing character string.Wherein, the profit of servomechanism 110 With identification character string as whether by route device 120,130 respectively affiliated private network 150,160 be combined into it is virtual privately owned The foundation of network.
After servomechanism 110 receives the log-on message RI that multiple route devices are transmitted and records, route device 120 is sent Location requirement PR is to servomechanism 110.Servomechanism 110 is according to identification character string by location requirement PR to route device part or complete Portion's (such as route device 130).When one of route device, such as route device 130, when receiving location requirement PR, route device 130 return location information PI to route device 120 according to location requirement PR by servomechanism 110.Route device 120 is according to positioning Information PI transmits data DAT directly to set up line with route device 130 after line foundation.For more detailed description, The technology contents of the brief description of the drawings present invention will be coordinated with embodiment below.
Fig. 2 is the sequential flow chart of the virtual private networks communication system according to shown by one embodiment of the invention.It please join According to Fig. 2, the sequential flow of virtual private networks communication system 10 can be largely classified into three parts, and Part I corresponds to step The accreditation process of rapid S201~203, Part II is the finder corresponding to step S204~S212, and corresponding to step The line program of S213~S215 Part III.
First, in the accreditation process of Part I, each route device in virtual private networks communication system, such as road Log-on message will be transmitted to servomechanism 110 (step S201,202) by device 120,130.Wherein, log-on message includes identification Medium plan (Media Access Control Address, hereinafter referred to as MAC) address of character string, this route device And the MAC Address of servomechanism 110, each route device is then sent to servomechanism 110 according to the MAC Address of servomechanism 110.Servo Device 110 after the log-on message that each route device is transmitted is received, by the title of each route device, identification character string and MAC Address is stored among an enrollment form (step S203).
Servomechanism 110 can be used to while handle multiple virtual private networks, just to distinguish virtual using character string is recognized Whether each route device in private network communication system 10 belongs to different virtual private networks.If multiple route dresses Putting the log-on message that (such as route device 120 shown in Fig. 1) transmitted includes identical identification character string, and servomechanism 110 is just It can thus judge that above-mentioned these have the route device of identical identification character string to belong to identical virtual private network.And utilize Such premise carries out the step flow of following next parts.
Then it is the finder of Part II after accreditation process is completed.Fig. 2 is continued referring to, route device 120 is sent out Location requirement is sent to servomechanism 110 (step S204).Wherein, route device 120 may first connect before this location requirement is sent Receive one of main frame in affiliated private network (such as private network 150 shown in Fig. 1) (such as main frame 151 shown in Fig. 1~ 153) the line requirement with the main frame (such as one of main frame 161~163 in private network 160) in another private network is intended to, Require to send location requirement to servomechanism 110 in response to this line again.
Fig. 3 is the data structure diagram of the location requirement according to shown by one embodiment of the invention.Referring to Fig. 2 and figure 3, location requirement 30 includes head shelves (header) 310 and data content 320.Wherein, head shelves include Ethernet head Mark 311, Internet protocol (Internet Protocol, hereinafter referred to as IP) head 312, UDP (User Datagram Protocol, hereinafter referred to as UDP) head 313, location requirement 30 to be transported through mutually from route device 120 Networking is sent to servomechanism 110.Significantly, since it is simple and quick the advantages of, in this embodiment, location requirement 30 is adopted With transport layer as UDP (transport layer) agreement, but such as transmission control protocol can also be used in the present invention Other agreements such as (Transmission Control Protocol, hereinafter referred to as TCP), the present invention is not limited to this.
Data content 320 includes Ethernet head 321 and load (payload) 322.It is worth noting that, general For, described content includes the MAC Address (such as one in network of previous transmission object in Ethernet head 321 Node) and this packet next transmission object MAC Address.Included Ethernet head 321 in data content 320 MAC Address described in the inside is then the MAC Address for including conveyer (such as route device 120) and last recipient The MAC Address of (such as servomechanism 110).Because the final recipient of the location requirement 30 transmitted by route device 120 is to watch Device 110 is taken, in such event, when servomechanism 110 receives this location requirement 30, just can be passed through after head shelves 310 have been handled Ethernet head 321 learns that the last reception object of this location requirement 30 is servomechanism 110, just and then can understand follow-up number According to content.
Load 322 in data content then includes identification character string and address query information.Identification character string can be used to Servomechanism 110 is allowed to reaffirm the virtual private networks belonging to route device 120.Address query information is then an encryption information, Received which includes a virtual ip address, that is, above-mentioned route device 120, the main frame in its affiliated private network In the line requirement that (such as one of main frame 151~153 in private network 150 shown in Fig. 1) is sent, line object is intended to Virtual ip address.In the present embodiment, the address query information before encryption is to meet address resolution protocol (Address Resolution Protocol, hereinafter referred to as ARP) form write route device for reception, such as route device 130 Parsing.The present invention applied to internet communication reach an agreement on the 6th edition (Internet Protocol version6, hereinafter referred to as IPv6 in embodiment), address query information can also meet the internet control message protocol sixth version under IPv6 specifications The form of (Internet Control Message Protocol Version 6, hereinafter referred to as ICMPv6) is write, the present invention Do not limit embodiments thereof.
In addition, in the present embodiment, route device 120 encrypts above-mentioned address query as key by the use of character string is recognized Information, in other embodiment of the present invention, can also recognize character string or other are known altogether by multiple route devices with servomechanism Information coordinate specific algorithm to produce other keys, the present invention does not limit above-mentioned embodiment.
Fig. 2 and Fig. 3 are continued referring to, servomechanism 110 just parses location requirement after location requirement is received, and confirms ether The content of character string is recognized in network prefix 321 and load 322.(step S205).In the present embodiment, servomechanism 110 is straight Connect all route devices being forwarded to location requirement in virtual private networks, that is, in enrollment form, with route Identical recognizes all route devices of character string in device 110 or location requirement.
It is worth noting that, now in location requirement 30 the Ethernet head 321 of data content 320 then by servomechanism 110 are rewritten.Wherein, the final recipient of Ethernet head 321 is then rewritten as above-mentioned with identical identification by servomechanism 110 Each route device of character string, the position of sender is then still maintained the sender of location requirement, that is, route device 120.After Ethernet head 321 in respectively each route device rewrite data content 320 of servomechanism 110, just with list The mode that point propagates (unicast) is respectively transmitted each route device (step of location requirement into virtual private networks S206)。
In fact, such communication mode is similar to all routes dress that 110 pairs of servomechanism has identical identification character string Put the action for being broadcasted (broadcast), but be due to be sent to each route device content it is still each somewhat different, therefore Action with broadcast still has little bit different.There is identification identical with route device 120 in virtual private networks communication system 10 The route device of character string parses the location requirement and decrypts address query information therein after location requirement is received (step S207).Then, these route devices confirm whether the virtual ip address in address query information is positioned at affiliated private Have in the virtual subnet network segment of network (step S208).When route device judges virtual ip address in address query information not position When in the virtual subnet network segment of affiliated private network, this route device then directly abandons (discard)/ignore this location requirement (step S209).
And in the present embodiment, included virtual ip address is privately owned belonging to route device 130 in address query information The virtual ip address of one of main frame (such as main frame 161~163 in private network 160 shown in Fig. 1) in network.So, route Device 130 judges the virtual ip address in address query information in the virtual subnet network segment of affiliated private network.Now, Route device 130 can obtain the transmission of location requirement in the Ethernet head 321 in data content in location requirement 320 Person, that is, route device 120 MAC Address.Thus, route device 130 transmits location information to route by servomechanism 110 Device 120 (step S210,211).
The data structure of location information is identical with the data structure of location requirement, refers to the number of location requirement shown in Fig. 3 According to architecture.The field of the recipient of Ethernet head of the route device 130 in location information in data content is filled out The MAC Address of route device 120.Thus, servomechanism 110, then can be directly from data content when receiving location information Ethernet head judges that this location information need to transfer to route device 120.
In data content in location information in addition to Ethernet head, include the location information of an encryption, wherein Include the description that virtual ip address is the virtual subnet network segment for being located at the private network belonging to route device 130.Wherein positioning is believed The cipher mode and data format of breath refer to the cipher mode and data format of address above mentioned inquiry message, are not gone to live in the household of one's in-laws on getting married then at this State.
Route device 120 is received after location information, can be by parsing location information and decrypting the positioning in location information Information come obtain correspond to location requirement in virtual ip address private network entrance, that is, (the step of route device 130 S212).So far, virtual private networks communication system 10 then completes the finder of Part II.
After the location information that route device 120 obtains desire line object, and it can then carry out the company of Part III Sequence of threads.Route device 120 first first to directly transmit line requirement to route device 130 according to the content of location information, with Line (step S213) is set up in trial.Route device 130 verifies the line requirement after line requirement is received, and response should Line requirement, one echo message of passback to route device 120 (step S214).Thus, route device 120 is just then filled with route Put 130 and set up line (step S215).Wherein it is worth noting that, the line set up between route device 120,130 is symbol Close an end-to-end (Peer to of internet security agreement (Internet Protocol Security, hereinafter referred to as IPSec) Peer, hereinafter referred to as P2P) line, consequently, it is possible to which the private network belonging to route device 120,130 could combine unique virtual Private network.
In order to which the technology contents of the present invention are described in more detail, will simply it be illustrated with an actual embodiment below above-mentioned The process step content of virtual private networks communication system.In this actual embodiment, virtual private networks communication system is set The MAC Address such as following table of each device in system:
Device name MAC Address
Servomechanism 110 ff:ff:ff:ff:ff:ff
Route device 120 42:21:1a:f4:ea:27
Route device 130 00:ff:7f:0a:81:6d
Each device and its MAC Address in the system of table 1
First in the accreditation process of Part I, route device 120 is sent to the number in the log-on message of servomechanism 110 Then include according to content:
{42:21:1a:f4:ea:27,ff:ff:ff:ff:ff:ff,SMB}
Wherein it can be seen that, the first two be Ethernet head, i.e., respectively route device 120 (sender), watch Take the MAC Address of device 110 (recipient).3rd information is then identification character string SMB.
Similarly, the data content being sent to by route device 130 in the log-on message of servomechanism includes:
{00:ff:7f:0a:81:6d,ff:ff:ff:ff:ff:ff,SMB}
And the data content in log-on message is then recorded in by servomechanism 110 after above-mentioned log-on message is received In following enrollment form:
Device name Recognize character string MAC Address
Route device 120 SMB 42:21:1a:f4:ea:27
Route device 130 SMB 00:ff:7f:0a:81:6d
The enrollment form of the servomechanism of table 2
It is worth noting that, the field that device name is implemented for selectivity, can attach and be transmitted in log-on message.
Then, in the finder of Part II, the location requirement of transmission one of route device 120 is as follows:
{42:21:1a:f4:ea:27,ff:ff:ff:ff:ff:Ff, SMB, encryption information (ARP:who is10.2.3.100)}
Wherein, the 4th information is the address query information of encryption.
Location requirement is forwarded to virtual private networks after above-mentioned location requirement is received, i.e., and led to by servomechanism 110 Other in letter system 10 have identical identification character string " SMB " route device is route device among this embodiment 130。
{42:21:1a:f4:ea:27,00:ff:7f:0a:81:6d
, SMB, encryption information (ARP:who is 10.2.3.100)}
It is worth noting that, recipient's MAC Address of second information is to be rewritten as the MAC Address of route device 130.
And also have a line inventory on route device 130, and after above-mentioned location requirement is parsed, route device 130 are also stored in the connection mode of route device 120 in line inventory:
Device UDP connection modes
ff:ff:ff:ff:ff:ff Sock0 (servomechanism)
42:21:1a:f4:ea:27 Sock0
The line inventory of the route device 130 of table 3
The representation that UDP connection modes are Sock0 is then that route device 120 can be by connecting servomechanism at this stage Various data are sent to route device 130 by mode.
Due to the virtual ip address 10.2.3.100 in address query information belong to route device 130 the virtual subnet network segment it In, therefore route device 130 is with Sock0, that is, the path transferred by servomechanism, passback location information to route device 120.The data content of location information then includes following information:
{00:ff:7f:0a:81:6d,42:21:1a:f4:ea:27, SMB, encryption information (10.2.3.100is at42: 21:1a:f4:ea:27)}
And route device 120 can then be learnt virtual ip address 10.2.3.100 institutes by the location information in parsing location information Corresponding route device is route device 130.
Now, route device 120 then also adds route device 130 among line inventory:
Device UDP connection modes
ff:ff:ff:ff:ff:ff Sock0
00:ff:7f:0a:81:6d Sock0
The line inventory of the route device 120 of table 4
Then, route device 120 just tries to set up line with route device 130 according to location information.After line foundation, The line inventory of route device 120 and route device 130 is to be updated to:
Device UDP connection modes
ff:ff:ff:ff:ff:ff Sock0
00:ff:7f:0a:81:6d Sock1(P2P)
Table 5 sets up the line inventory of route device 120 after P2P lines
Device UDP connection modes
ff:ff:ff:ff:ff:ff Sock0
42:21:1a:f4:ea:27 Sock1(P2P)
Table 6 sets up the line inventory of route device 130 after P2P lines
Wherein, UDP connection modes Sock1 then represents route device 120,130 to intercourse in end-to-end mode Data.
The present invention also provides a kind of route device, it is adaptable to a virtual private networks communication system.Fig. 4 is according to the present invention The device block diagram of route device shown by one embodiment.Fig. 4 is refer to, route device 40 includes NIU 410 And processing unit 420.NIU 410 is connected to a servomechanism by internet.Processing unit 420, coupled scheme Interface unit 410, transmits log-on message RI to servomechanism, wherein log-on message includes an identification by NIU 410 Character string.Wherein, processing unit 420 more transmits location requirement PR to servomechanism by NIU 410.Processing unit 420 receive a location information PI by NIU 410 from servomechanism, and processing unit 420 is according to location information PI By NIU 410 directly with a distal end route device line, and line foundation after transmit a data.
Other detailed implementation contents of route device 40 can refer to the explanation of the illustrated embodiment of Fig. 1~3, not gone to live in the household of one's in-laws on getting married then at this State.Wherein it is worth noting that, when actually implementing, route device 40 (does not show also generally including a sub-network interface unit Go out), to connect and each main frame (such as private network 150 and main frame 151~153 shown in Fig. 1) in affiliated private network And exchange the data between it.
The present invention also provides a kind of virtual private networks communication means, it is adaptable to one in a virtual private networks communication system Route device.Fig. 5 is the method flow diagram of the virtual private networks communication means according to shown by one embodiment of the invention.It please join According to Fig. 5, virtual private networks communication means comprises the following steps.First, in step S501, one log-on message of transmission is to virtual One servomechanism of private network communication system, wherein log-on message include an identification character string.Then, in step S502, pass A location requirement is sent to servomechanism.Then, in step S503, the location information that reception is returned from servomechanism, and according to Location information directly with a distal end route device line.Furthermore, in step S504, a data are transmitted after line foundation.It is empty Other the detailed implementation contents for intending private network communication means can refer to the explanation of the illustrated embodiment of Fig. 1~3, not gone to live in the household of one's in-laws on getting married then at this State.
In summary, the present invention provides a kind of virtual private networks communication system, route device and its method, to be noted Volume program, finder and line program etc. act to complete the route device in virtual private networks communication system and its institute Belong to the communication cable between private network.The system simultaneously distinguishes virtual private networks, and lead to using an identification character string Cross location requirement and wherein included identification character string carries out the positioning of private network virtual ip address, with two privates There is the purpose that end-to-end transmission is completed between network.Even if two route devices, still can be in a straightforward manner all after NAT device Set up the line of virtual private networks.In addition, also causing the biography of key by the use of the basis for recognizing character string as encryption information Alternation is obtained simply.
Finally it should be noted that:Various embodiments above is merely illustrative of the technical solution of the present invention, rather than its limitations;To the greatest extent The present invention is described in detail with reference to foregoing embodiments for pipe, it will be understood by those within the art that:Its according to The technical scheme described in foregoing embodiments can so be modified, or which part or all technical characteristic are entered Row equivalent substitution;And these modifications or replacement, the essence of appropriate technical solution is departed from various embodiments of the present invention technology The scope of scheme.

Claims (20)

1. a kind of virtual private networks communication system, it is characterised in that including:
One servomechanism;And
Multiple route devices, are respectively transmitted a log-on message to the servomechanism, the wherein log-on message includes an identification character String,
Wherein, those route devices include one first route device and a secondary route device, and wherein the first via is by filling One location requirement of transmission is put to the servomechanism, the servomechanism transmits the location requirement to those routes according to the identification character string and filled There is the route device that character string is recognized with the first route device identical in putting, needed when the secondary route device receives the positioning When asking, the secondary route device according to the location requirement by the servomechanism return to should secondary route device one positioning believe Cease to first route device;And
First route device, directly to set up a line with secondary route device, and is set up according to the location information in the line After transmit a data;
Wherein, those route devices in those route devices with identical identification character string belong to the virtual private network of identical one Network.
2. virtual private networks communication system according to claim 1, it is characterised in that:
The log-on message includes head shelves and a data content, and the wherein data content includes the identification character string, the servo The MAC addresses of device, and to should log-on message the route device MAC addresses;And
When the servomechanism is received as those log-on messages transmitted by those route devices, the matchmaker of the respectively route device is stored Body access control address and the identification character string of the corresponding respectively route device.
3. virtual private networks communication system according to claim 2, it is characterised in that:
When the servomechanism receives the location requirement, the servomechanism parses the location requirement, and respectively passes the location requirement Deliver to those route devices with the identification character string being same as in the location requirement.
4. virtual private networks communication system according to claim 1, it is characterised in that:
The location requirement that first route device is transmitted includes head shelves and a data content, the wherein data content Including the identification character string, the MAC addresses of first route device and an address query information.
5. virtual private networks communication system according to claim 4, it is characterised in that:
The address query information is an encryption information, an including virtual IP address.
6. virtual private networks communication system according to claim 4, it is characterised in that:
The address query information is encrypted according to the identification character string in first route device.
7. virtual private networks communication system according to claim 5, it is characterised in that:
When the secondary route device parses the location requirement and decrypts the address query information, and confirm the address query information In the Internet protocol address be the virtual IP address in the private network belonging to the secondary route device When, MAC addresses of first route device of the secondary route device in the location requirement, by this Servomechanism returns the location information to first route device.
8. virtual private networks communication system according to claim 1, it is characterised in that:
When first route device receives the location information, first route device is according to the location information with an end-to-end company Line mode and the secondary route device line, the wherein end-to-end connection mode are an encryption line.
9. a kind of route device, it is adaptable to a virtual private networks communication system, the Virtual Private Network road communication system includes one Servomechanism and a distal end route device, it is characterised in that including:
One NIU, the servomechanism is connected to by internet;And
One processing unit, couples the NIU, and a log-on message is transmitted to the servomechanism by the NIU, Wherein the log-on message includes an identification character string,
Wherein, the processing unit also transmits a location requirement to the servomechanism by the NIU, so that the servomechanism Transmit the location requirement to with the identification character string identical recognize character string the distal end route device;And
When the distal end route device according to the location requirement by the servomechanism return to should distal end route device a positioning During information to the route device, the processing unit receives the location information by the NIU from the servomechanism, and The processing unit according to the location information by the NIU directly with the distal end route device line, and built in line A data are transmitted after vertical,
Wherein, the identification character string in the distal end route device is identical with the identification character string, and the distal end route device is with being somebody's turn to do Route device belongs to the identical virtual private network.
10. route device according to claim 9, it is characterised in that:
The log-on message includes head shelves and a data content, and the wherein data content includes the identification character string, the servo The MAC addresses of device, and to should log-on message the route device MAC addresses.
11. route device according to claim 9, it is characterised in that:
The location requirement includes head shelves and a data content, and the wherein data content includes the identification character string, the road By the MAC addresses and an address query information of device.
12. the route device according to claim 11, it is characterised in that:
The address query information is an encryption information, an including virtual IP address.
13. the route device according to claim 12, it is characterised in that:
The address query information is encrypted according to the identification character string in the processing unit.
14. route device according to claim 9, it is characterised in that:
When the processing unit receives the location information, the processing unit is according to the location information by the NIU with one End-to-end connection mode and the distal end route device line, the wherein end-to-end connection mode are an encryption line.
15. a kind of virtual private networks communication means a, it is adaptable to route device in a virtual private networks communication system, it is special Levy and be, including:
A log-on message is transmitted to a servomechanism of the virtual private networks communication system, the wherein log-on message includes an identification Character string;
A location requirement is transmitted to the servomechanism so that the servomechanism transmit the location requirement to with the identification character string Identical recognizes the distal end route device of character string;
When the distal end route device according to the location requirement by the servomechanism return to should distal end route device a positioning During information to the route device, receive from the servomechanism return to should distal end route device the location information, and according to The location information directly with a distal end route device line;And
A data are transmitted after line foundation;
Wherein, there is identical identification character string with the distal end route device and the route device and the distal end road in the route device The virtual private network of identical one is belonged to by device.
16. the virtual private networks communication means according to claim 15, it is characterised in that:
The log-on message includes head shelves and a data content, and the wherein data content includes the identification character string, the servo The MAC addresses of device, and to should log-on message the route device MAC addresses.
17. the virtual private networks communication means according to claim 15, it is characterised in that:
The location requirement includes head shelves and a data content, and the wherein data content includes the identification character string, the road By the MAC addresses and an address query information of device.
18. the virtual private networks communication means according to claim 17, it is characterised in that:
The address query information is an encryption information, an including Internet protocol address.
19. the virtual private networks communication means according to claim 18, it is characterised in that before transmitting the location requirement Step also includes:
The address query information is encrypted according to the identification character string.
20. the virtual private networks communication means according to claim 18, it is characterised in that:
When receiving the location information, according to the location information with an end-to-end connection mode and the distal end route device line, its In the end-to-end connection mode be one encryption line.
CN201310027123.XA 2013-01-18 2013-01-18 Virtual private networks communication system, route device and its method Active CN103944795B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310027123.XA CN103944795B (en) 2013-01-18 2013-01-18 Virtual private networks communication system, route device and its method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310027123.XA CN103944795B (en) 2013-01-18 2013-01-18 Virtual private networks communication system, route device and its method

Publications (2)

Publication Number Publication Date
CN103944795A CN103944795A (en) 2014-07-23
CN103944795B true CN103944795B (en) 2017-10-27

Family

ID=51192285

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310027123.XA Active CN103944795B (en) 2013-01-18 2013-01-18 Virtual private networks communication system, route device and its method

Country Status (1)

Country Link
CN (1) CN103944795B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105610667B (en) * 2015-12-23 2019-01-25 深圳市华云中盛科技有限公司 The method and apparatus for establishing Virtual Private Network channel
TWI639326B (en) * 2016-12-05 2018-10-21 財團法人資訊工業策進會 Network address translation server and network address translation method thereof
CN110691059B (en) * 2018-07-05 2021-09-17 资富电子股份有限公司 Apparatus and method for dynamic virtual private network

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1553642A (en) * 2003-05-26 2004-12-08 ��Ϊ�������޹�˾ Method for building special analog network

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7421736B2 (en) * 2002-07-02 2008-09-02 Lucent Technologies Inc. Method and apparatus for enabling peer-to-peer virtual private network (P2P-VPN) services in VPN-enabled network
US8683574B2 (en) * 2008-12-15 2014-03-25 Novell, Inc. Identity driven peer-to-peer (P2P) virtual private network (VPN)

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1553642A (en) * 2003-05-26 2004-12-08 ��Ϊ�������޹�˾ Method for building special analog network

Also Published As

Publication number Publication date
CN103944795A (en) 2014-07-23

Similar Documents

Publication Publication Date Title
CN104869042B (en) Message forwarding method and device
US8433900B2 (en) Secure transport of multicast traffic
EP1817882B1 (en) Home network bridge-based communications method and apparatus
US20020016926A1 (en) Method and apparatus for integrating tunneling protocols with standard routing protocols
CN103957287A (en) Internet of things device P2P connection method based on NAT penetration adapter
CN103905180B (en) Method for enabling classical application to have access to quantum communication network
CN103763207B (en) Band control connection establishment method and apparatus in software defined network
TWI322606B (en) Tunneling device, channel tunnel distribution method using the same and program
CN107040469A (en) The network equipment and method
JP2007522744A (en) Addressing method and apparatus for establishing a Host Identity Protocol (HIP) connection between a legacy node and a HIP node
WO2005112350A1 (en) A METHOD FOR MANAGING THE ROUTE IN THE VIRTUAL PRIVATE NETWORK BASED ON IPv6
CN106899500B (en) Message processing method and device for cross-virtual extensible local area network
KR20140099598A (en) Method for providing service of mobile vpn
CN104125244A (en) Information forwarding method and system in distributed network
US20120177049A1 (en) Method and system for implementing network intercommunication
TWI493946B (en) Virtual private network communication system, routing device and method thereof
CN103944795B (en) Virtual private networks communication system, route device and its method
CN104202398B (en) The method of remote control, apparatus and system
CN102546428A (en) System and method for internet protocol version 6 (IPv6) message switching based on dynamic host configuration protocol for IPv6 (DHCPv6) interception
CN109428949A (en) A kind of method and apparatus that ARP proxy is realized based on SDN
TWI558149B (en) Network transmission method and network transmission system for a multi-layer network address translator structure
CN106878259A (en) A kind of message forwarding method and device
TWI532353B (en) Method for establishing connection of community virtual network and network communication system thereof
EP1953951B1 (en) A data processing method in a bridged network, a network bridge and a bridged network
JP4344336B2 (en) Multihoming authentication communication system, multihoming authentication communication method, and management server

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant