CN105872128A - Virtual IP address allocation method and device - Google Patents
Virtual IP address allocation method and device Download PDFInfo
- Publication number
- CN105872128A CN105872128A CN201610380431.4A CN201610380431A CN105872128A CN 105872128 A CN105872128 A CN 105872128A CN 201610380431 A CN201610380431 A CN 201610380431A CN 105872128 A CN105872128 A CN 105872128A
- Authority
- CN
- China
- Prior art keywords
- address
- virtual
- vpn
- service terminal
- vpn service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2592—Translation of Internet protocol [IP] addresses using tunnelling or encapsulation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
Abstract
The invention relates to a virtual IP address allocation method and device. The method comprises the steps that a tunnel building request message is sent to a VPN server, wherein the tunnel building request message comprises a user name and a user password; an advice message which is used for indicating that a VPN tunnel is agreed to be built and sent by the VPN server according to the situation that verification of the user name and the user password is passed is received; after the advice message is received, the virtual IP address used for building the VPN tunnel is allocated to the VPN server from a preset address pool. Due to the fact that a VPN client is used for allocating corresponding virtual IP addresses for multiple VPN servers connected with the VPN client, the problem that in related technologies, due to the fact that the multiple VPN servers allocate the same virtual IP address for the VPN servers themselves, interconnection of monitoring systems cannot occur can be solved.
Description
Technical field
The present invention relates to communication technical field, particularly relate to distribution method and the device of a kind of virtual ip address.
Background technology
The network technology along with standardization and easily extended and the development of IP technology, based on IP and the intelligent monitoring of network
Technology is developed rapidly, and IP monitoring has become as the main flow of monitoring at present.Multistage multi-domain in public security GB agreement monitors
In networking, interconnect between each office of city platform and province's Room platform, but owing to province's Room platform and several office of city platforms pass through NAT
(Network Address Translation, network address translation) isolates, and province's Room platform is typically in inside NAT, because of
This, when office of city platform carries out data interaction with province's Room platform, need to use VPN (Virtual Private Network, void
Intend dedicated network) technology.
In correlation technique, between province's Room platform and several office of city platforms, vpn tunneling can be set up, so that these are some
Office of individual city platform can by vpn tunneling and province's Room platform carry out data interaction, such as office of city platform can by vpn tunneling to
Province's Room platform sends registration request etc..During vpn tunneling set up by province's Room platform and several office of city platforms, some by this
Office of individual city platform is self and the virtual ip address of province's Room platform distribution correspondence.But owing to different office of city platforms may be
The virtual ip address that self distribution is identical, therefore, correlation technique can cause the conflict of office of city platform virtual ip address, so that
The problem that interconnecting occurs in the multistage multi-domain monitoring system of public security GB agreement.
Summary of the invention
For overcoming problem present in correlation technique, the invention provides distribution method and the dress of a kind of virtual ip address
Put.
The present invention provides the distribution method of a kind of virtual ip address, described method to be applied to VPN (virtual private network) VPN client
End, wherein, described VPN client is isolated by NAT with several subordinate domain VPN service terminal, and described VPN client is in NAT
Inside, described method includes:
Send tunnel to described VPN service terminal and set up request message;Wherein, described tunnel is set up request message and is included user
Name and user cipher;
Receive that described VPN service terminal sends after being verified for described user name and user cipher for indicate with
Meaning sets up the notice message of vpn tunneling;
After receiving described notice message, it is used for setting up VPN tunnel for the distribution of described VPN service terminal from default address pool
The virtual ip address in road.
As improvement, described method also includes:
When described VPN service terminal detects new access device, receive that described VPN service terminal sends for described new access
The Address requests message of device request virtual ip address;
Based on the described Address requests message received equipment distribution use for described new access from default address pool
In the virtual ip address setting up vpn tunneling.
As improvement, described method also includes:
From described default address pool be described VPN service terminal distribution virtual ip address after, to described VPN service terminal with
And other VPN service terminal in territory, described VPN service terminal place issue corresponding with the described virtual ip address place network segment distributed
Route table items;
After being the new access device distribution virtual ip address of described VPN service terminal from described default address pool, to institute
State access device and issue the route table items corresponding with the described virtual ip address place network segment distributed.
As improvement, when in described default address pool allocated virtual ip address to account for virtual ip address in address pool total
When the ratio of number exceedes threshold value, based on default virtual ip address migration strategy by allocated virtual IP address ground in described address pool
Location migrates to other address pool preset;Wherein, described migration strategy include preferentially by VPN service terminal minimum for access device and
The virtual ip address of its access device is modified.
As improvement, described method also includes:
If after the access device of described VPN service terminal or described VPN service terminal rolls off the production line, not in allocated described void
Again reach the standard grade in intending the ageing time of IP address, then perform reclaimer operation for the most the allocated described virtual ip address.
The present invention also provides for the distributor of a kind of virtual ip address simultaneously, and described device is applied to VPN (virtual private network)
VPN client, wherein, described VPN client is isolated by NAT with several subordinate domain VPN service terminal, described VPN client
It is in inside NAT, it is characterised in that described device includes:
Sending module, sets up request message for sending tunnel to described VPN service terminal;Wherein, described tunnel is set up and is asked
Message is asked to include user name and user cipher;
Receiver module, is used for receiving described VPN service terminal and sends out after being verified for described user name and user cipher
That send agrees to set up the notice message of vpn tunneling for indicating;
Distribution module, after being used for receiving described notice message, is the distribution of described VPN service terminal from default address pool
For setting up the virtual ip address of vpn tunneling.
As improvement, described receiver module is further used for:
When described VPN service terminal detects new access device, receive that described VPN service terminal sends for described new access
The Address requests message of device request virtual ip address;
Described distribution module is further used for:
Based on the described Address requests message received equipment distribution use for described new access from default address pool
In the virtual ip address setting up vpn tunneling.
As improvement, described device also includes:
Issue module, after being described VPN service terminal distribution virtual ip address from described default address pool, to institute
State the described virtual ip address that other VPN service terminal in VPN service terminal and territory, described VPN service terminal place issue and distribute
The route table items that the place network segment is corresponding, and divide for the new access device of described VPN service terminal from described default address pool
After joining virtual ip address, issue the routing table corresponding with the described virtual ip address place network segment distributed to described access device
?.
As improvement, described device also includes:
Transferring module, is used for when in described default address pool, allocated virtual ip address accounts for virtual IP address ground in address pool
When the ratio of location sum exceedes threshold value, based on default virtual ip address migration strategy by allocated virtual in described address pool
IP address transfer is to other address pool preset;Wherein, described migration strategy includes preferentially by VPN service minimum for access device
The virtual ip address of end and access device thereof is modified.
As improvement, described device also includes:
Recycling module, if after the access device of described VPN service terminal or described VPN service terminal rolls off the production line, do not existed
Again reach the standard grade in the ageing time of allocated described virtual ip address, then perform for the most the allocated described virtual ip address
Reclaimer operation.
In the present invention, VPN client can send tunnel to VPN service terminal and set up request message, and wherein, this tunnel is built
Vertical request message can include user name and user cipher, and then, VPN client can receive coupled VPN service terminal
Send after being verified for above-mentioned user name and user cipher agrees to set up the notice message in tunnel for indicating, and receives
After this notice message, VPN client can be used for setting up VPN tunnel for the distribution of above-mentioned VPN service terminal from default address pool
The virtual ip address in road.The void using VPN client to be coupled several VPN service terminal distribution correspondence due to the present invention
Intend IP address, therefore, it can solve in correlation technique because several VPN service terminal are self to be assigned with identical virtual ip address
The problem that interconnecting occurs in the monitoring system caused.
It should be appreciated that it is only exemplary and explanatory, not that above general description and details hereinafter describe
The present invention can be limited.
Accompanying drawing explanation
Accompanying drawing herein is merged in description and constitutes the part of this specification, it is shown that meet the enforcement of the present invention
Example, and for explaining the principle of the present invention together with description.
Fig. 1 is the networking diagram of the multistage multi-domain monitoring system of a kind of public security GB agreement illustrated.
Fig. 2 is the flow chart of the distribution method of a kind of virtual ip address shown in one embodiment of the invention.
Fig. 3 is the application scenarios figure that the application present invention realizes virtual ip address distribution.
Fig. 4 is another application scenarios figure that the application present invention realizes virtual ip address distribution.
Fig. 5 is the hardware block diagram of the distributor of virtual ip address in the embodiment of the present invention.
Fig. 6 is the present invention block diagram according to the distributor of a kind of virtual ip address shown in an exemplary embodiment.
Detailed description of the invention
Here will illustrate exemplary embodiment in detail, its example represents in the accompanying drawings.Explained below relates to
During accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represents same or analogous key element.Following exemplary embodiment
Described in embodiment do not represent all embodiments consistent with the present invention.On the contrary, they are only with the most appended
The example of the apparatus and method that some aspects that described in detail in claims, the present invention are consistent.
See the networking diagram of the multistage multi-domain monitoring system that Fig. 1, Fig. 1 are a kind of public security GB agreement illustrated.
In monitoring system as shown in Figure 1, the server of province's Room platform is positioned at higher level territory, the server position of office of city platform
In subordinate domain.The server of the server of province's Room platform and several office of city platforms is isolated by NAT, and the service of province's Room platform
Device is in inside NAT.When the server of office of city platform needs the server with province's Room platform to carry out data interaction, owing to existing
NAT isolates, and therefore the server of office of city platform cannot access the server of province's Room platform.In order to solve the problems referred to above, relevant skill
Art employs VPN technologies.
In the related, the server of province's Room platform can set up vpn tunneling by the server with office of city platform, comes
Solve office of city Platform Server and cannot access the problem being in the province's Room Platform Server within NAT.At province's Room Platform Server
During setting up vpn tunneling with office of city Platform Server, being in the province's Room Platform Server within NAT can be as VPN visitor
Family end, sets up vpn tunneling with office of the city Platform Server as VPN service terminal.
When VPN client sets up vpn tunneling with corresponding VPN service terminal, VPN client can send to VPN service terminal
Request message is set up in tunnel, and wherein this message can include user name and user cipher.VPN service terminal receives this tunnel and sets up
After request message, the user name in this message and user cipher can be verified, and after being proved to be successful, for self and
VPN client is respectively allocated a virtual ip address.After VPN client and VPN service terminal are successfully established vpn tunneling, can be with base
Data interaction is carried out by vpn tunneling with the other side in respective virtual ip address.
But set up several VPN service terminal of some vpn tunnelings for self arranging virtual IP address ground with VPN client
During location, there is different VPN service terminal is the situation self being provided with identical virtual ip address.Now, connect when VPN client
When receiving the data that purpose IP is the virtual ip address that this is identical, it is possible to these data are forwarded to the VPN service terminal of mistake, from
And cause the problem that interconnecting occurs in this monitoring system.
In Fig. 1, when VPN service terminal 1, VPN service terminal 2 and VPN service terminal 3 set up 3 VPN tunnels with same VPN client
During road, can be respectively and a virtual ip address is set self.Wherein, VPN service terminal 1 and VPN service terminal 2 are arranged for self
Virtual ip address is all 1.1.1.1.When VPN client receives the data that destination address is 1.1.1.1, will be unable to determine this
Data are data or the data of VPN service terminal 2 mailing to VPN service terminal 1.In this case, VPN client likely will
Data send the VPN service terminal to mistake.When the multiple VPN service terminal being connected with same VPN client are the void that self is arranged
When plan IP address is all same virtual ip address, VPN client sends data to the probability of correct VPN service terminal can be the lowest,
Owing to correct VPN service terminal does not receive data, therefore these data cannot be processed, this monitoring system time serious, can be caused
The problem that interconnecting occurs in system.
In view of this, the present invention provides distribution method and the device of a kind of virtual ip address, solve in correlation technique because of
Different VPN service terminal is the problem that interconnecting occurs in the monitoring system that self identical virtual ip address of distribution causes.?
In the present invention, VPN client can send tunnel to VPN service terminal and set up request message, and wherein, request message is set up in this tunnel
Can include user name and user cipher, then, VPN client can receive coupled VPN service terminal for above-mentioned
What user name and user cipher sent after being verified agrees to set up the notice message in tunnel for indicating, and receives this notice report
Wen Hou, VPN client can be used for setting up the virtual IP address of vpn tunneling for the distribution of above-mentioned VPN service terminal from default address pool
Address.The virtual ip address using VPN client to be coupled several VPN service terminal distribution correspondence due to the present invention,
Therefore, it can solve in correlation technique because several VPN service terminal are self to be assigned with the prison that identical virtual ip address causes
The problem that interconnecting occurs in Ore-controlling Role.
Referring to Fig. 2, for the flow chart of the distribution method of a kind of virtual ip address shown in one embodiment of the invention, this is real
Execute example to be applied in VPN client, comprise the following steps:
Step 201: send tunnel to described VPN service terminal and set up request message;Wherein, request message is set up in described tunnel
Including user name and user cipher.
In the present invention, above-mentioned VPN client is isolated by NAT with several VPN service terminal, and is in inside NAT.Its
In, above-mentioned VPN client can be the higher level's domain server in video monitoring system, and above-mentioned VPN service terminal can be video prison
Subordinate domain server in Ore-controlling Role.Above-mentioned VPN client can be entered by setting up vpn tunneling with corresponding VPN service terminal
Row NAT passes through, thus realizes the data interaction with corresponding VPN service terminal.
In the present invention, VPN client can preset several address pool, and wherein, each address pool can include being positioned at
Several virtual ip address of the same network segment.The IP number of addresses of each address pool can be different.If VPN client can be from this
In dry address pool according to actual needs or User Defined arranges and selects an address pool to use as current vpn tunneling
The address realm of virtual ip address.
In one embodiment, VPN client can preset an address pool table, and wherein, this address pool table can include
The virtual gateway address of the address network segment of several address pool, mask address and correspondence that this VPN client is preset.Work as VPN
When client needs the quantity of the vpn tunneling set up less than the quantity of the virtual ip address in certain virtual address pond, Ke Yicong
For setting up several VPN service terminal and the access device thereof of vpn tunneling with this VPN client, such as NVR in this virtual address pond
The distribution such as (Network Video Recorder, network hard disk video recorder) or IPC (IP Camera, web camera) is virtual
IP address.
In the present invention, when VPN client sets up vpn tunneling with VPN service terminal, VPN client can service to VPN
End sends tunnel and sets up request message.Wherein, this tunnel set up request message can include the user name for this vpn tunneling and
User cipher.
Step 202: receive the use that described VPN service terminal sends after being verified for described user name and user cipher
Agree to set up the notice message of vpn tunneling in instruction.
Step 203: after receiving described notice message, is used for for the distribution of described VPN service terminal from default address pool
Set up the virtual ip address of vpn tunneling.
VPN client is after request message is set up in VPN service terminal transmission tunnel, and VPN service terminal can receive this message, and
User name in this message and user cipher are verified.After being verified, VPN service terminal can send to VPN client
For indicating the notice message agreeing to set up vpn tunneling.
It should be noted that when VPN client sets up vpn tunneling from different VPN service terminal, VPN client sends
Tunnel set up the user name in request message and user cipher can differ.
After VPN client receives this notice message, can be used for building for VPN service terminal distribution from default address pool
The virtual ip address of vertical vpn tunneling.Wherein, this address pool preset can be above-mentioned selection from several address pool preset
An address pool.VPN client, after the virtual ip address corresponding for VPN service terminal distribution, can set and service with this VPN
End sets up the virtual port of vpn tunneling, such as, virtual port PPP0.
In the present invention, send for indicating agreement to set up the logical of vpn tunneling when VPN client receives VPN service terminal
When knowing message, VPN client can obtain MAC (the Media Access of this VPN service terminal from this notice message
Control, media interviews control) address.After VPN client is this VPN service terminal distribution virtual ip address, VPN client can
So that address table to preserve the corresponding pass in the virtual ip address of this VPN service terminal, MAC Address and affiliated territory in default distributing
System.
In one embodiment, VPN client is corresponding VPN service terminal distribution void from above-mentioned default IP address pool
After intending IP address, can issue to other VPN service terminal in this VPN service terminal and this territory, VPN service terminal place and distribute
Route table items corresponding to the virtual ip address place network segment.Wherein, this route table items can include this virtual ip address place
Address pool, virtual gateway address, mask address and the corresponding relation of virtual interface.
In the present invention, when VPN service terminal detects new access device, VPN service terminal can receive this access and set
Request message is set up in the tunnel that preparation is sent, and wherein, request message is set up in this tunnel can include the user name for this vpn tunneling
And user cipher, this user name and user cipher can be verified by VPN service terminal.After being verified, VPN service terminal is permissible
Address requests message is sent to corresponding VPN client for this new access device.Wherein, this Address requests message can include
VPN service terminal sets up the MAC Address of this new access device got request message from the tunnel that new access device sends.
VPN client receives the Address requests for this new access device request virtual ip address that VPN service terminal sends
After message, can be used for setting up for the distribution of this new access device from above-mentioned default address pool based on this Address requests message
The virtual ip address of vpn tunneling.
After being this new access device distribution virtual ip address from default address pool, VPN client newly can connect to this
Enter equipment and issue the route table items corresponding with this virtual ip address place network segment distributed.
Certainly, VPN client can also right by the virtual ip address of this new access device, MAC Address and described territory
Should be related to and be saved in the default address table of distribution.
In the present invention, when in the address pool that VPN client is preset allocated virtual ip address account in this address pool empty
The ratio intending IP address sum exceedes threshold value, and during such as 80%, VPN client can be based on default virtual ip address migration strategy
Virtual ip address allocated in this address pool migrates to other address pool preset, and wherein, this migration strategy can include
Preferentially the virtual ip address of VPN service terminal minimum for access device and access device thereof is modified.
When the quantity of VPN service terminal and access device thereof is more than the virtual ip address sum in a certain preset address pond, VPN
Client can be the virtual port that this VPN service terminal and access device thereof arrange correspondence, and then, VPN client can will be somebody's turn to do
The virtual ip address of the part access devices of VPN service terminal is revised as the virtual ip address in other address pool, such that it is able to really
Protect the quantity distributing virtual ip address in above-mentioned preset address pond less than the sum of virtual ip address in this address pool.
In one embodiment, it can be assumed that in the address pool preset in VPN client, the sum of virtual ip address is
254, the quantity of the VPN service terminal and access device thereof of setting up vpn tunneling with this VPN client is 270, now, VPN client
Can be this VPN service terminal and access device arranges the virtual port of correspondence, such as virtual port PPP0, then, VPN client
At least 16 access devices in the equipment that can this VPN service terminal be accessed migrate to other address pool, and from other addresses
The equipment distribution virtual ip address of this migration of Chi Zhongwei.
In the present invention, if the access device of the VPN service terminal being connected with this VPN client or VPN service terminal rolls off the production line
After not in the ageing time of allocated virtual ip address, again reached the standard grade in 24 hours, then VPN client can be for
The virtual ip address of distribution performs reclaimer operation.Wherein, this ageing time having distributed virtual ip address can be default setting
Or being arranged by User Defined, the present invention is without limitation.
Certainly, if the access device of the VPN service terminal being connected with this VPN client or VPN service terminal roll off the production line after
Again reach the standard grade in the ageing time of the virtual ip address of distribution, then VPN client can be this VPN service terminal or this VPN service
The virtual ip address used when the access device of end is once reached the standard grade before preferentially distributing.Specifically, VPN client can be based on above-mentioned
Having distributed the corresponding relation of VPN service terminal and the MAC Address of access device and virtual ip address in address table is this VPN service
The virtual ip address used when end and access device thereof are once reached the standard grade before preferentially distributing.
From above-described embodiment, in the present invention, VPN client can send tunnel to VPN service terminal and set up request
Message, wherein, request message is set up in this tunnel can include user name and user cipher, then, VPN client can receive with
It is connected VPN service terminal send after being verified for above-mentioned user name and user cipher for indicating agreement to set up tunnel
The notice message in road, after receiving this notice message, VPN client can be above-mentioned VPN service terminal from default address pool
Distribution is for setting up the virtual ip address of vpn tunneling.Owing to the present invention uses VPN client to be several coupled VPN
The virtual ip address that service end distribution is corresponding, therefore, it can solve in correlation technique because several VPN service terminal are self distribution
The problem that interconnecting occurs in the monitoring system that identical virtual ip address causes.
Below in conjunction with application scenarios figure, above-described embodiment is described in detail:
Referring to Fig. 3, realize an application scenarios figure of virtual ip address distribution for the application present invention, meanwhile, Fig. 3 is also
A kind of networking diagram of the multistage multi-domain monitoring system of public security GB agreement.In the monitoring system shown in Fig. 3, the clothes of province's Room platform
Business device is positioned at higher level territory, and the server of office of city platform is positioned at subordinate domain.The server of province's Room platform and several office of city platforms
Server is isolated by NAT, and the server of province's Room platform is in inside NAT.Owing to there are NAT isolation, the clothes of office of city platform
Business device cannot access the server of province's Room platform.In order to solve the problems referred to above, office of city Platform Server and province's Room Platform Server
Between establish vpn tunneling.
During province's Room Platform Server and office of city Platform Server set up vpn tunneling, province's Room Platform Server can
Using the VPN client as vpn tunneling;Office of city Platform Server can be as the VPN service terminal of vpn tunneling.
In the present invention, VPN client can be preset the address pool that several virtual ip address quantity are different, eachly
Pond, location can include several virtual ip address being positioned at the same network segment.In one embodiment, VPN client can preset one
Individual address pool table, wherein, this address pool table can include this VPN client preset several address pool address network segment, cover
Code address and the virtual gateway address of correspondence.
In the embodiment illustrated, the address pool table that VPN client is preset can be as shown in table 1:
Sequence number | Address pool | Mask address | Gateway address |
1 | 1.1.1.0 | 24 | 1.1.1.1 |
2 | 2.1.1.0 | 24 | 2.1.1.1 |
3 | 1.1.0.0 | 16 | 1.1.0.1 |
Table 1
Certainly, table 1 can only illustrate the part list item of above-mentioned preset address pond table, in addition to the list item shown in table 1, above-mentioned pre-
If address pool table can include other list items.
When VPN client needs the vpn tunneling quantity set up less than the virtual ip address in certain address pool preset
During quantity, can be for setting up several VPN service terminal of vpn tunneling with this VPN client and connecing from this virtual address pond
Enter equipment distribution virtual ip address and corresponding virtual interface, wherein, the access device of above-mentioned VPN service terminal can include IPC,
NVR etc..
In the embodiment illustrated, it can be assumed that preset as shown in table 13 address pool in VPN client, then
When the quantity of VPN service terminal and access device thereof is 300, and this VPN service terminal and access device thereof are both needed to build with VPN client
During vertical vpn tunneling, VPN client can service for this VPN from address pool 1.1.0.0 that virtual ip address quantity is 65534
End and access device distribution virtual ip address thereof.
In the present invention, when VPN client sets up vpn tunneling with VPN service terminal, VPN client can service to VPN
End sends tunnel and sets up request message.Wherein, this tunnel set up request message can include the user name for this vpn tunneling and
User cipher.
VPN client is after request message is set up in VPN service terminal transmission tunnel, and VPN service terminal can receive this message, and
User name in this message and user cipher are verified.After being verified, VPN service terminal can send to VPN client
For indicating the notice message agreeing to set up vpn tunneling.
It should be noted that when VPN client sets up vpn tunneling from different VPN service terminal, VPN client sends
Tunnel set up the user name in request message and user cipher can differ.
After VPN client receives this notice message, can be used for building for VPN service terminal distribution from default address pool
The virtual ip address of vertical vpn tunneling.VPN client after the virtual ip address corresponding for VPN service terminal distribution, can set with
This VPN service terminal sets up the virtual port of vpn tunneling, such as, virtual port PPP0.
In the present invention, send for indicating agreement to set up the logical of vpn tunneling when VPN client receives VPN service terminal
When knowing message, VPN client can obtain MAC (the Media Access of this VPN service terminal from this notice message
Control, media interviews control) address.After VPN client is this VPN service terminal distribution virtual ip address, VPN client can
So that address table to preserve the corresponding pass in the virtual ip address of this VPN service terminal, MAC Address and affiliated territory in default distributing
System.
Referring to Fig. 3, in the embodiment illustrated, VPN client can set up vpn tunneling with VPN service terminal 1,
It is then possible to assume that the MAC Address of VPN client is 44-45-53-54-00-00, VPN client sends from VPN service terminal 1
Above-mentioned notice message in the MAC Address that gets be 00-25-64-76-80-40.Then by VPN client be self distribution
Virtual ip address is 1.1.1.1 and the virtual ip address for VPN service terminal 1 distribution is that 1.1.1.2 understands, in VPN client
The part list item distributing address table preset can be as shown in table 2:
Sequence number | Virtual ip address | MAC Address | Affiliated territory |
1 | 1.1.1.1 | 44-45-53-54-00-00 | Province's Room platform |
2 | 1.1.1.2 | 00-25-64-76-80-40 | Office of city platform 1 |
Table 2
After VPN client is corresponding VPN service terminal distribution virtual ip address from default IP address pool, can be to this
Other VPN service terminal in VPN service terminal and this territory, VPN service terminal place issue and the virtual ip address place network segment distributed
Corresponding route table items.Wherein, this route table items can include the address pool at this virtual ip address place, virtual gateway address,
Mask address and the corresponding relation of virtual interface.
Continuing with seeing Fig. 3, in the embodiment illustrated, it can be assumed that VPN client and VPN service terminal 2 and
VPN service terminal 3 establishes vpn tunneling respectively, then when VPN client receive that VPN service terminal 1 sends for indicating agreement to build
The notice message of vertical vpn tunneling, and when distributing virtual ip address 1.1.1.2 for VPN service terminal 1, VPN client can take with VPN
Business end 1, VPN service terminal 2 and VPN service terminal 3 issue the routing table corresponding with this virtual ip address 1.1.1.2 place network segment
?.Wherein, this route table items can be as shown in table 3:
Table 3
In the present invention, when VPN service terminal detects new access device, VPN service terminal can receive this access and set
Request message is set up in the tunnel that preparation is sent, and wherein, request message is set up in this tunnel can include the user name for this vpn tunneling
And user cipher, this user name and user cipher can be verified by VPN service terminal.After being verified, VPN service terminal is permissible
Address requests message is sent to corresponding VPN client for this new access device.Wherein, this Address requests message can include
VPN service terminal sets up the MAC Address of this new access device got request message from the tunnel that new access device sends.
VPN client receives the Address requests for this new access device request virtual ip address that VPN service terminal sends
After message, can be used for setting up for the distribution of this new access device from above-mentioned default address pool based on this Address requests message
The virtual ip address of vpn tunneling.Now, VPN client can by the virtual ip address of this new access device, MAC Address and
The corresponding relation in described territory is saved in the default address table of distribution.
After being this new access device distribution virtual ip address from default address pool, VPN client can also be new to this
Access device issues the route table items corresponding with this virtual ip address place network segment distributed.
In the embodiment illustrated, continuing with seeing Fig. 3, with the VPN service terminal 1 that VPN client sets up vpn tunneling
New access device NVR can be detected, request message is set up in the tunnel that VPN service terminal 1 can receive from NVR, and to this
User name and user cipher in message are verified.After being verified, VPN service terminal 1 can set up vpn tunneling with NVR, and
It is that NVR sends Address requests message, wherein, this Address requests to VPN client by the vpn tunneling between VPN client
Message can include the MAC Address 03-42-12-34-22-31 of NVR.After VPN client receives this request message, Ke Yicong
The IP address pool preset distributes virtual ip address 1.1.1.5, now, the address of distribution preset in VPN client for NVR
The part list item of table can be as shown in table 4:
Table 4
After VPN client is the virtual ip address that NVR is assigned with correspondence, can issue and virtual address 1.1.1.5 to NVR
The route table items that the place network segment is corresponding.Wherein, this route table items can be as shown in table 3, therefore the present invention does not repeats them here.
In the present invention, when in the address pool that VPN client is preset allocated virtual ip address account in this address pool empty
The ratio intending IP address sum exceedes threshold value, and during such as 80%, VPN client can be based on default virtual ip address migration strategy
Virtual ip address allocated in this address pool migrates to other address pool preset, and wherein, this migration strategy can include
Preferentially the virtual ip address of VPN service terminal minimum for access device and access device thereof is modified.
In the embodiment illustrated, it can be assumed that virtual IP address ground in some address pool preset in VPN client
The sum of location is 254, and in the virtual ip address that ought preset, allocated virtual ip address accounts for virtual ip address in this address pool
When the ratio of sum is more than 80%, VPN can be triggered and based on default migration strategy, allocated virtual ip address is moved
Move.Then when the VPN service terminal 1 in a certain VPN service terminal, such as Fig. 3, and access device needs to set up VPN with VPN client
The quantity in tunnel is 207, i.e. more than 254 80% time, VPN client can be based on default migration strategy in this address pool
Allocated virtual ip address migrates.Wherein, this migration strategy can include preferentially by VPN service minimum for access device
The virtual ip address of end and access device thereof is modified.Assume VPN client now with in another VPN service terminal, such as Fig. 3
VPN service terminal 3, and access device to set up the quantity of vpn tunneling be 10, then VPN client can be preferentially by VPN service terminal
3 and the virtual ip address of access device be revised as the virtual ip address in other address pool.For example, it is possible to this VPN is serviced
The virtual ip address 2.1.1.6 that the virtual ip address of end 3 is revised as in address pool 2.1.1.0.
When the quantity of VPN service terminal and access device thereof is more than the virtual ip address sum in a certain preset address pond, VPN
Client can be the virtual interface that this VPN service terminal and access device thereof arrange correspondence, and then, VPN client can will be somebody's turn to do
The virtual ip address of the part access devices of VPN service terminal is revised as the virtual ip address in other address pool, such that it is able to really
Protect the quantity distributing virtual ip address in above-mentioned preset address pond less than the sum of virtual ip address in this address pool.
Refer to Fig. 4, realize another application scenarios figure of virtual ip address distribution for the application present invention.In Fig. 4, VPN
Service end 1 and access device thereof can set up vpn tunneling with VPN client, and set up the quantity of vpn tunneling with VPN client
Exceed the quantity of virtual ip address in the address pool that VPN presets.Now, VPN client can be from multiple default addresses
Pond is VPN service terminal 1 and access device distribution virtual ip address thereof, distributes for VPN service terminal 1 and access device thereof meanwhile
Identical virtual interface PPP0;Similarly, the number of vpn tunneling is set up when VPN service terminal 2 and access device thereof with VPN client
When amount has exceeded the quantity of virtual ip address in the virtual ip address that VPN presets, VPN client can be from multiple default addresses
Pond is VPN service terminal 2 and access device distribution virtual ip address thereof, and is VPN service terminal 2 and access device distribution phase thereof
Same virtual interface PPP1;Similarly, the quantity of vpn tunneling is set up when VPN service terminal 3 and access device thereof with VPN client
When having exceeded the quantity of virtual ip address in the virtual ip address that VPN presets, VPN client can be from multiple default address pool
In be VPN service terminal 3 and access device distribution virtual ip address thereof, and it is identical be that VPN service terminal 3 and access device thereof distribute
Virtual interface PPP2.Now, VPN client can be such as table 5 to the route table items that VPN service terminal 1 and access device thereof issue
Shown in:
Corresponding address pool | Virtual gateway address | Mask address | Virtual interface |
1.1.1.0 | 1.1.1.1 | 255.255.255.0 | PPP0 |
2.1.1.0 | 1.1.1.1 | 255.255.255.0 | PPP0 |
3.1.1.0 | 1.1.1.1 | 255.255.255.0 | PPP0 |
Table 5
VPN client can be as shown in table 6 to the route table items that VPN service terminal 2 and access device thereof issue:
Corresponding address pool | Virtual gateway address | Mask address | Virtual interface |
1.1.1.0 | 2.1.1.1 | 255.255.255.0 | PPP1 |
2.1.1.0 | 2.1.1.1 | 255.255.255.0 | PPP1 |
3.1.1.0 | 2.1.1.1 | 255.255.255.0 | PPP1 |
Table 6
VPN client can be as shown in table 7 to the route table items that VPN service terminal 3 and access device thereof issue:
Table 7
In the present invention, if the access device of the VPN service terminal being connected with this VPN client or VPN service terminal rolls off the production line
After not in the ageing time of allocated virtual ip address, again reached the standard grade in 24 hours, then VPN client can be for
The virtual ip address of distribution performs reclaimer operation.Wherein, this ageing time having distributed virtual ip address can be default setting
Or being arranged by User Defined, the present invention is without limitation.
Certainly, if the access device of the VPN service terminal being connected with this VPN client or VPN service terminal roll off the production line after
Again reach the standard grade in the ageing time of the virtual ip address of distribution, then VPN client can be this VPN service terminal or this VPN service
The virtual ip address used when the access device of end is once reached the standard grade before preferentially distributing.Specifically, VPN client can be based on above-mentioned
Having distributed the corresponding relation of VPN service terminal and the MAC Address of access device and virtual ip address in address table is this VPN service
The virtual ip address used when end and access device thereof are once reached the standard grade before preferentially distributing.
From above-described embodiment, in the present invention, VPN client can send tunnel to VPN service terminal and set up request
Message, wherein, request message is set up in this tunnel can include user name and user cipher, then, VPN client can receive with
It is connected VPN service terminal send after being verified for above-mentioned user name and user cipher for indicating agreement to set up tunnel
The notice message in road, after receiving this notice message, VPN client can be above-mentioned VPN service terminal from default address pool
Distribution is for setting up the virtual ip address of vpn tunneling.Owing to the present invention uses VPN client to be several coupled VPN
The virtual ip address that service end distribution is corresponding, therefore, it can solve in correlation technique because several VPN service terminal are self distribution
The problem that interconnecting occurs in the monitoring system that identical virtual ip address causes.
Based on the inventive concept same with said method, the embodiment of the present invention additionally provides the distributor of virtual ip address
Embodiment.
The distributor of virtual ip address of the present invention can apply to VPN client.Wherein, the distribution of this virtual ip address
Device can be realized by software, it is also possible to realizes by the way of hardware or software and hardware combining.As a example by implemented in software, make
It is the device on a logical meaning, is the processor by its place, by computer journey corresponding in nonvolatile memory
Sequence instruction reads and runs formation in internal memory.For application, as it is shown in figure 5, be virtual IP address in the embodiment of the present invention
The hardware block diagram of the distributor of address, except the processor shown in Fig. 5, network interface, internal memory and non-volatile deposit
Outside reservoir, it is also possible to include other hardware, such as camera head, it is responsible for processing the forwarding chip etc. of message.
As shown in Figure 6, for the present invention according to the distributor of a kind of virtual ip address shown in an exemplary embodiment
Block diagram.Described device is applied to VPN client, and wherein, described VPN client and several subordinate domain VPN service terminal pass through NAT
Isolation, described VPN client is in inside NAT, and described device includes: sending module 610, receiver module 620 and distribution mould
Block 630.
Wherein, sending module 610, set up request message for sending tunnel to described VPN service terminal;Wherein, described tunnel
Road is set up request message and is included user name and user cipher;
Receiver module 620, is used for receiving described VPN service terminal after being verified for described user name and user cipher
The notice message being used for indicating agreement to set up vpn tunneling sent;
Distribution module 630, after being used for receiving described notice message, is described VPN service terminal from default address pool
Distribution is for setting up the virtual ip address of vpn tunneling.
In an optional implementation, described receiver module 620 can be further used for:
When described VPN service terminal detects new access device, receive that described VPN service terminal sends for described new access
The Address requests message of device request virtual ip address;
Described distribution module 630 can be further used for:
Based on the described Address requests message received equipment distribution use for described new access from default address pool
In the virtual ip address setting up vpn tunneling.
In an optional implementation, described device can also include (as shown in Figure 6):
Issue module 640, after being described VPN service terminal distribution virtual ip address from described default address pool,
Other VPN service terminal in described VPN service terminal and territory, described VPN service terminal place issue and the described virtual IP address distributed
The route table items that place, the address network segment is corresponding, and set for newly accessing of described VPN service terminal from described default address pool
After back-up joins virtual ip address, issue the route corresponding with the described virtual ip address place network segment distributed to described access device
List item.
In an optional implementation, described device can also include (as shown in Figure 6):
Transferring module 650, is used for when in described default address pool, allocated virtual ip address accounts in address pool virtual
When the ratio of IP address sum exceedes threshold value, based on default virtual ip address migration strategy by allocated in described address pool
Virtual ip address migrates to other address pool preset;Wherein, described migration strategy includes preferential by VPN minimum for access device
The virtual ip address of service end and access device thereof is modified.
In an optional implementation, described device can also include (as shown in Figure 6):
Recycling module 660, if after the access device of described VPN service terminal or described VPN service terminal rolls off the production line, not
Again reach the standard grade in the ageing time of allocated described virtual ip address, then hold for the most the allocated described virtual ip address
Row reclaimer operation.
In the present invention, VPN client can send tunnel to VPN service terminal and set up request message, and wherein, this tunnel is built
Vertical request message can include user name and user cipher, and then, VPN client can receive coupled VPN service terminal
Send after being verified for above-mentioned user name and user cipher agrees to set up the notice message in tunnel for indicating, and receives
After this notice message, VPN client can be used for setting up VPN tunnel for the distribution of above-mentioned VPN service terminal from default address pool
The virtual ip address in road.The void using VPN client to be coupled several VPN service terminal distribution correspondence due to the present invention
Intend IP address, therefore, it can solve in correlation technique because several VPN service terminal are self to be assigned with identical virtual ip address
The problem that interconnecting occurs in the monitoring system caused.
Those skilled in the art, after considering the invention that description and practice are invented here, will readily occur to its of the present invention
Its embodiment.It is contemplated that contain any modification, purposes or the adaptations of the present invention, these modification, purposes or
Person's adaptations is followed the general principle of the present invention and includes the common knowledge in the art that the present invention does not invents
Or conventional techniques means.Description and embodiments is considered only as exemplary, and true scope and spirit of the invention are by following
Claim is pointed out.
It should be appreciated that the invention is not limited in precision architecture described above and illustrated in the accompanying drawings, and
And various modifications and changes can carried out without departing from the scope.The scope of the present invention is only limited by appended claim.
The foregoing is only presently preferred embodiments of the present invention, not in order to limit the present invention, all essences in the present invention
Within god and principle, any modification, equivalent substitution and improvement etc. done, within should be included in the scope of protection of the invention.
Claims (10)
1. a distribution method for virtual ip address, described method is applied to VPN (virtual private network) VPN client, wherein, described
VPN client is isolated by NAT with several subordinate domain VPN service terminal, and described VPN client is in inside NAT, and its feature exists
In, described method includes:
Send tunnel to described VPN service terminal and set up request message;Wherein, described tunnel set up request message include user name and
User cipher;
Receive that described VPN service terminal sends after being verified for described user name and user cipher for indicating agreement to build
The notice message of vertical vpn tunneling;
After receiving described notice message, for the distribution of described VPN service terminal for setting up vpn tunneling from default address pool
Virtual ip address.
Method the most according to claim 1, it is characterised in that described method also includes:
When described VPN service terminal detects new access device, receive that described VPN service terminal sends for described new access device
The Address requests message of request virtual ip address;
Distribute for building based on the equipment that the described Address requests message received is described new access from default address pool
The virtual ip address of vertical vpn tunneling.
Method the most according to claim 2, it is characterised in that described method also includes:
After being described VPN service terminal distribution virtual ip address from described default address pool, to described VPN service terminal and institute
State other VPN service terminal in territory, VPN service terminal place and issue the road corresponding with the described virtual ip address place network segment distributed
By list item;
After being the new access device distribution virtual ip address of described VPN service terminal from described default address pool, connect to described
Enter equipment and issue the route table items corresponding with the described virtual ip address place network segment distributed.
Method the most according to claim 1, it is characterised in that when allocated virtual IP address ground in described default address pool
Location accounts for the ratio of the sum of virtual ip address in address pool when exceeding threshold value, based on default virtual ip address migration strategy by described
In address pool, allocated virtual ip address migrates to other address pool preset;Wherein, described migration strategy includes preferentially to
VPN service terminal and the virtual ip address of access device thereof that access device is minimum are modified.
Method the most according to claim 1, it is characterised in that described method also includes:
If after the access device of described VPN service terminal or described VPN service terminal rolls off the production line, not at allocated described virtual IP address
Again reach the standard grade in the ageing time of address, then perform reclaimer operation for the most the allocated described virtual ip address.
6. a distributor for virtual ip address, described device is applied to VPN (virtual private network) VPN client, wherein, described
VPN client is isolated by NAT with several subordinate domain VPN service terminal, and described VPN client is in inside NAT, and its feature exists
In, described device includes:
Sending module, sets up request message for sending tunnel to described VPN service terminal;Wherein, request report is set up in described tunnel
Literary composition includes user name and user cipher;
Receiver module, for receiving what described VPN service terminal sent after being verified for described user name and user cipher
For indicating the notice message agreeing to set up vpn tunneling;
Distribution module, after being used for receiving described notice message, is used for for the distribution of described VPN service terminal from default address pool
Set up the virtual ip address of vpn tunneling.
Device the most according to claim 6, it is characterised in that described receiver module is further used for:
When described VPN service terminal detects new access device, receive that described VPN service terminal sends for described new access device
The Address requests message of request virtual ip address;
Described distribution module is further used for:
Distribute for building based on the equipment that the described Address requests message received is described new access from default address pool
The virtual ip address of vertical vpn tunneling.
Device the most according to claim 7, it is characterised in that described device also includes:
Issue module, after being described VPN service terminal distribution virtual ip address from described default address pool, to described
Other VPN service terminal in VPN service terminal and territory, described VPN service terminal place issue and the described virtual ip address institute distributed
At the route table items that the network segment is corresponding, and it is the new access device distribution of described VPN service terminal from described default address pool
After virtual ip address, issue the route table items corresponding with the described virtual ip address place network segment distributed to described access device.
Device the most according to claim 6, it is characterised in that described device also includes:
Transferring module, for when in described default address pool allocated virtual ip address to account for virtual ip address in address pool total
When the ratio of number exceedes threshold value, based on default virtual ip address migration strategy by allocated virtual IP address ground in described address pool
Location migrates to other address pool preset;Wherein, described migration strategy include preferentially by VPN service terminal minimum for access device and
The virtual ip address of its access device is modified.
Device the most according to claim 6, it is characterised in that described device also includes:
Recycling module, if after the access device of described VPN service terminal or described VPN service terminal rolls off the production line, do not divided
Again reach the standard grade in the ageing time of the described virtual ip address joined, then perform recovery for the most the allocated described virtual ip address
Operation.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610380431.4A CN105872128B (en) | 2016-05-31 | 2016-05-31 | The distribution method and device of virtual ip address |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610380431.4A CN105872128B (en) | 2016-05-31 | 2016-05-31 | The distribution method and device of virtual ip address |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105872128A true CN105872128A (en) | 2016-08-17 |
CN105872128B CN105872128B (en) | 2019-03-08 |
Family
ID=56675628
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610380431.4A Active CN105872128B (en) | 2016-05-31 | 2016-05-31 | The distribution method and device of virtual ip address |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105872128B (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106453690A (en) * | 2016-11-24 | 2017-02-22 | 浙江宇视科技有限公司 | IP address allocation method and apparatus |
CN106788749A (en) * | 2017-02-09 | 2017-05-31 | 上海斐讯数据通信技术有限公司 | A kind of method and system for automatically configuring and reclaiming of FTTH terminals vlan information |
CN107154865A (en) * | 2017-04-13 | 2017-09-12 | 上海寰创通信科技股份有限公司 | A kind of method based on outer net managing intranet equipment |
CN109194575A (en) * | 2018-08-23 | 2019-01-11 | 新华三技术有限公司 | Route selection method and device |
CN109660439A (en) * | 2018-12-14 | 2019-04-19 | 深圳市信锐网科技术有限公司 | A kind of terminal mutual visit management system and method |
CN109688124A (en) * | 2018-12-20 | 2019-04-26 | 高新兴国迈科技有限公司 | A kind of method for interchanging data based on video boundaries |
CN110650065A (en) * | 2019-09-24 | 2020-01-03 | 中国人民解放军战略支援部队信息工程大学 | Internet-oriented network equipment public testing system and testing method |
CN111404801A (en) * | 2020-03-27 | 2020-07-10 | 四川虹美智能科技有限公司 | Data processing method, device and system for cross-cloud manufacturer |
CN114556868A (en) * | 2019-11-08 | 2022-05-27 | 华为云计算技术有限公司 | Private sub-network for Virtual Private Network (VPN) clients |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101572729A (en) * | 2009-05-04 | 2009-11-04 | 成都市华为赛门铁克科技有限公司 | Processing method of node information of virtual private network, interrelated equipment and system |
CN102377629A (en) * | 2010-08-20 | 2012-03-14 | 成都市华为赛门铁克科技有限公司 | Method and device for communicating with server in IMS (IP multimedia subsystem) core network by using terminal to pass through private network as well as network system |
CN103607403A (en) * | 2013-11-26 | 2014-02-26 | 北京星网锐捷网络技术有限公司 | Method, device and system for using safety domain in NAT network environment |
CN104468625A (en) * | 2014-12-26 | 2015-03-25 | 浙江宇视科技有限公司 | Dialing tunnel broker device and method for NAT traversal by means of dialing tunnel |
CN105072213A (en) * | 2015-08-28 | 2015-11-18 | 迈普通信技术股份有限公司 | IPSec NAT bidirection traversing method, IPSec NAT bidirection traversing system and VPN gateway |
-
2016
- 2016-05-31 CN CN201610380431.4A patent/CN105872128B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101572729A (en) * | 2009-05-04 | 2009-11-04 | 成都市华为赛门铁克科技有限公司 | Processing method of node information of virtual private network, interrelated equipment and system |
CN102377629A (en) * | 2010-08-20 | 2012-03-14 | 成都市华为赛门铁克科技有限公司 | Method and device for communicating with server in IMS (IP multimedia subsystem) core network by using terminal to pass through private network as well as network system |
CN103607403A (en) * | 2013-11-26 | 2014-02-26 | 北京星网锐捷网络技术有限公司 | Method, device and system for using safety domain in NAT network environment |
CN104468625A (en) * | 2014-12-26 | 2015-03-25 | 浙江宇视科技有限公司 | Dialing tunnel broker device and method for NAT traversal by means of dialing tunnel |
CN105072213A (en) * | 2015-08-28 | 2015-11-18 | 迈普通信技术股份有限公司 | IPSec NAT bidirection traversing method, IPSec NAT bidirection traversing system and VPN gateway |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106453690A (en) * | 2016-11-24 | 2017-02-22 | 浙江宇视科技有限公司 | IP address allocation method and apparatus |
CN106788749A (en) * | 2017-02-09 | 2017-05-31 | 上海斐讯数据通信技术有限公司 | A kind of method and system for automatically configuring and reclaiming of FTTH terminals vlan information |
CN107154865A (en) * | 2017-04-13 | 2017-09-12 | 上海寰创通信科技股份有限公司 | A kind of method based on outer net managing intranet equipment |
CN109194575A (en) * | 2018-08-23 | 2019-01-11 | 新华三技术有限公司 | Route selection method and device |
CN109660439A (en) * | 2018-12-14 | 2019-04-19 | 深圳市信锐网科技术有限公司 | A kind of terminal mutual visit management system and method |
CN109660439B (en) * | 2018-12-14 | 2021-08-13 | 深圳市信锐网科技术有限公司 | Terminal mutual access management system and method |
CN109688124A (en) * | 2018-12-20 | 2019-04-26 | 高新兴国迈科技有限公司 | A kind of method for interchanging data based on video boundaries |
CN109688124B (en) * | 2018-12-20 | 2021-08-24 | 高新兴国迈科技有限公司 | Data exchange method based on video boundary |
CN110650065A (en) * | 2019-09-24 | 2020-01-03 | 中国人民解放军战略支援部队信息工程大学 | Internet-oriented network equipment public testing system and testing method |
CN114556868A (en) * | 2019-11-08 | 2022-05-27 | 华为云计算技术有限公司 | Private sub-network for Virtual Private Network (VPN) clients |
CN114556868B (en) * | 2019-11-08 | 2023-11-10 | 华为云计算技术有限公司 | Private subnetworks for virtual private network VPN clients |
CN111404801A (en) * | 2020-03-27 | 2020-07-10 | 四川虹美智能科技有限公司 | Data processing method, device and system for cross-cloud manufacturer |
Also Published As
Publication number | Publication date |
---|---|
CN105872128B (en) | 2019-03-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105872128A (en) | Virtual IP address allocation method and device | |
CN111030912B (en) | Method for intercommunication between virtual private cloud VPCs | |
US10361970B2 (en) | Automated instantiation of wireless virtual private networks | |
CN104468574B (en) | A kind of method, system and device of virtual machine dynamic access IP address | |
WO2017214883A1 (en) | Network system and method for cross region virtual private network peering | |
CN107547351B (en) | Address allocation method and device | |
CN103259736A (en) | Tunnel building method and network equipment | |
CN105610675A (en) | Creating method and device of virtual VPN gateway | |
US20210321253A1 (en) | Virtual tenant for multiple dwelling unit | |
CN106453690A (en) | IP address allocation method and apparatus | |
CN105979202B (en) | Data transmission method and device | |
CN106535160A (en) | Method and system for isolated transmission of dual-system dual-SIM card network | |
CN103001953A (en) | Method and device for allocating network resources of virtual machines | |
CN103401787B (en) | Static route issuing method and UPE (Ultimate Provider Edge) | |
CN104539752A (en) | Access method and system between multiple level domain platforms | |
WO2016074478A1 (en) | Method and device for identifying service chain path, and service chain | |
US8566587B2 (en) | Network system and method for operating network system | |
CN112019573B (en) | Distributed management system and management method of intelligent card management device | |
KR101538737B1 (en) | Method for IP allocation in DHCP | |
CN109561170B (en) | Address pool creating method and device, address pool management system and storage medium | |
CN108306807B (en) | Account opening management method and device | |
CN106411928A (en) | Authentication method and device of client access server and VDI system | |
JP2002232449A (en) | Method and system for outsourcing floating office management in company and association | |
CN105610717A (en) | Cross-SDN routing release method and device | |
CN113438334B (en) | Port PVID configuration method, device and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |