CN106559504A - A kind of address conversion method and device - Google Patents

A kind of address conversion method and device Download PDF

Info

Publication number
CN106559504A
CN106559504A CN201510626118.XA CN201510626118A CN106559504A CN 106559504 A CN106559504 A CN 106559504A CN 201510626118 A CN201510626118 A CN 201510626118A CN 106559504 A CN106559504 A CN 106559504A
Authority
CN
China
Prior art keywords
address
terminal
lan
message
probe messages
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510626118.XA
Other languages
Chinese (zh)
Other versions
CN106559504B (en
Inventor
常诚
袁燕龙
高振江
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201510626118.XA priority Critical patent/CN106559504B/en
Publication of CN106559504A publication Critical patent/CN106559504A/en
Application granted granted Critical
Publication of CN106559504B publication Critical patent/CN106559504B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/2514Translation of Internet protocol [IP] addresses between local and global IP addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/256NAT traversal

Abstract

The present invention relates to communication technical field, discloses a kind of address conversion method and device, to the process load for reducing NAT device.The method is:NAT device receives the message that first terminal sends or that second terminal is sent to first terminal in LAN, obtain the LAN IP address of first terminal, and determine that the LAN IP address of first terminal is corresponding and pass through state attribute value, if it is to characterize the first value that first terminal can realize that NAT is passed through to pass through state attribute value, then omit and ASPF process is performed to message, and E-Packet.So, the NAT ride-through capabilities of the terminal in LAN are known by active probe, NAT device is passively processed the address conversion of multichannel protocol massages, it is replaced by active process, the treating capacity and load of NAT device can not only be reduced, increase address conversion treatment effeciency, it is also possible to reduce service disconnection equivalent risk being brought due to ASPF process.

Description

A kind of address conversion method and device
Technical field
The present invention relates to communication technical field, more particularly to a kind of address conversion method and device.
Background technology
Terminal in terminal in LAN and wide area network in communication process, in order to ensure the network address Correctly to realize proper communication, interactive message is through network address translation (Network Address Transform, NAT) equipment when, NAT device is by the wan protocol of automatically modification packet outer layer head (Internet Protocol, IP) address information.But some are based on distinguishing signaling and the multichannel agreement of media Message data division in also carry IP address, that is, the IP address of the internal layer head of message, so NAT Equipment is also needed to while modify to the data division of message, that is, change the IP address of the internal layer head of message, So that the IP address of the internal layer head of message is identical with the IP address of packet outer layer head, otherwise, message will be sent out Give birth to mistake and cause communication failure.
But, common NAT device cannot analytic message internal layer head.For problems, existing skill In art, some NAT device are exclusively with the specific packet filtering of application layer (Application Specific Packet Filter, ASPF) technology, the internal layer head for treating analytic message point decoded, and obtains internal layer header, The such as information such as IP address, port, protocol type.When message needs to carry out address conversion process, will obtain The internal layer header got carries out an ALG (Application Layer Gatewary, ALG) Process, the IP address of internal layer head, port are replaced accordingly according to address conversion strategy, is compiled again Code is simultaneously forwarded.
Wherein, LAN is also referred to as Intranet or private network, and such as home network or corporate networks, wide area network also may be used Referred to as public network, such as the Internet.
Real time streaming transport protocol (Real Time Streaming Protocol, RTSP) is a kind of typical area Divide the multichannel agreement of signaling and media.Below with the communication between RTSP client and RTSP server As a example by process, the method that address conversion is realized in introducing prior art.
Refering to shown in Fig. 1 a, client is located in wide area network, and the wide area network IP address of client is 59.151.1.1, server is located in LAN, and server IP address in a local network is 128.18.51.1, Wide area network IP address on NAT for server-assignment is 59.151.1.100.NAT device is configured for office The address conversion strategy of domain net.
User end to server is initiated a session request first, and the purpose IP address carried in request are 59.151.1.100, NAT device, during the request is processed, is purpose IP included during guarantee is asked Address is reachable, and the destination address that the outer layer head of above-mentioned request message is included is modified, will wherein server Wide area network address be revised as the lan address of server, i.e. the destination address that outer layer head is included by 59.151.1.100 it is revised as 128.18.51.1.And ASPF technologies are used, the internal layer head of message is carried out Decoding, the internal layer header to getting carry out ALG process, carry out accordingly according to address conversion strategy Replace.In final request after the modification, the destination address and internal layer head that the outer layer head of IP messages is included is included Destination address it is consistent, be 128.18.51.1.
NAT device when the response message of server return is received, the source that the outer layer head of response message is included IP address is 128.18.51.1, be ensure reach wide area network after it is reachable, the source address that outer layer head is included is carried out Modification, is revised as server address 59.151.1.100 in the wide area network.And with ASPF technologies, The source address of internal layer head is modified, which is revised as into clothes by the lan address 128.18.51.1 of server The wide area network address 59.151.1.100 of business device.
In practical application, the NAT device resource-constrained of ASPF technologies itself is supported, at more than equipment Give the correct time in a large amount of requests simultaneously of reason specification, NAT device can meet with process bottleneck, it is impossible to all request reports Text is parsed with ASPF technologies and address conversion.
The content of the invention
The embodiment of the present invention provides a kind of address conversion method and device, turns to solve address in prior art Exchange device own resource is limited and cannot correctly process the problem of request in time.
Concrete technical scheme provided in an embodiment of the present invention is as follows:
A kind of first aspect, there is provided address conversion method, including:
Network address translation device receives message, and the message is to come from the first end in LAN The message at end, or the message sent to the first terminal for second terminal;
NAT device is parsed to the message, and the LAN for obtaining the first terminal that the message is carried is mutual Networking protocol IP address;
LAN IP address and the corresponding relation that pass through state attribute value of the NAT device according to local record, Determine that the LAN IP address of the first terminal is corresponding and pass through state attribute value, the state of passing through belongs to Property value be for characterizing the first value that the corresponding terminal of LAN IP address can realize that NAT is passed through, or It is for characterizing the second value that the corresponding terminal of LAN IP address can not realize that NAT is passed through;
If it is determined that it is described pass through state attribute value for the first value, then NAT device omission is held to the message The specific packet filtering ASPF process of row application layer, and forward the message.
With reference in a first aspect, in the first possible implementation of first aspect, the NAT device Before receiving message, also include:
NAT device records the LAN IP address of the first terminal in the following manner and passes through state category The corresponding relation of property value:
NAT device generates probe messages, and the purpose IP address that the internal layer head of the probe messages is included are NAT A wide area network IP address in the wide area network IP address pond of equipment, the outer layer head of the probe messages are included Purpose IP address be the first terminal LAN IP address;
The probe messages for generating are sent by NAT device to the first terminal;
If NAT device receives the response message for the probe messages of the first terminal feedback, The corresponding state attribute value that passes through of LAN IP address for recording the first terminal is first value;
If NAT device does not receive the response message for the probe messages of the first terminal feedback, The corresponding state attribute value that passes through of LAN IP address for then recording the first terminal is the second value.
With reference to the first possible implementation of first aspect, in second possible realization of first aspect In mode, the purpose IP address that the internal layer head of the probe messages is included for it is following any one:
Address is specified in the wide area network IP address pond of NAT device;Or
Any one address in the wide area network IP address pond of NAT device;Or
Selected successively in the wide area network IP address pond of NAT device in order according to one probe messages of every generation The principle of an address is selected, the address that the probing message for being currently generated is selected.
With reference to the first or second possible implementation of first aspect, the third in first aspect can In the implementation of energy, the probe messages for generating to before first terminal transmission, are also wrapped by NAT device Include:
NAT device is sent to the simple traversal STUN server of the UDP UDP on NAT UDP bind requests, carry the purpose that the outer layer head of the probe messages is included in the UDP bind requests Corresponding relation between the purpose IP address that IP address and internal layer head are included;
The UDP bind requests are used for the STUN servers and carry according in the UDP bind requests Corresponding relation LAN IP address that the STUN servers are preserved and wide area network IP address Transitional information is updated.
With reference in a first aspect, or first aspect the first to arbitrary in the third possible implementation Kind, in the 4th kind of possible implementation of first aspect, also include:
If it is determined that it is described pass through property value for second value, then NAT device performs ASPF to the message Process;And
Forwarding performs the message after ASPF is processed.
A kind of second aspect, there is provided address conversion method, including:
Terminal in LAN receives the probe messages that network address translation device sends, described Wide area network IP address of the purpose internet protocol address that the internal layer head of probe messages is included for NAT device A wide area network IP address in pond, the purpose IP address that the outer layer head of the probe messages is included are described The LAN IP address of terminal;
The mesh that the purpose IP address that the outer layer head of the probe messages is included by the terminal are included with internal layer head IP address between corresponding relation, with local record the terminal LAN IP address and wide area network The corresponding relation of IP address is matched, if the match is successful, feeds back the probe messages to NAT device Response message.
With reference to second aspect, in the first possible implementation of second aspect, the terminal is to NAT Before equipment feeds back the response message of the probe messages, also include:
The terminal is sent to the simple traversal STUN server of the UDP UDP on NAT STUN connection requests;
The terminal receives the STUN servers and disappears for the response of STUN connection requests feedback Breath, carries the corresponding wide area network IP address of LAN IP address of the terminal in the response message;
Wherein, the corresponding wide area network IP of LAN IP address of the terminal for carrying in the response message Address, it is consistent with the purpose IP address that the internal layer head of the probe messages is included;
The terminal according to the response message, locally record the LAN IP address of the terminal with it is wide The corresponding relation of domain net IP address.
A kind of third aspect, there is provided address converting device, including:
Receiving unit, for receiving message, the message is the message for coming from the first terminal in LAN, Or the message sent to the first terminal for second terminal;
Resolution unit, for parsing to the message, obtains the office of the first terminal that the message is carried Domain net internet protocol address;
Determining unit, for according to local record LAN IP address with pass through the corresponding of state attribute value Relation, determines that the LAN IP address of the first terminal is corresponding and passes through state attribute value, described to pass through State attribute value be for characterize that the corresponding terminal of LAN IP address can realize that NAT is passed through first Value, or be for characterizing the second value that the corresponding terminal of LAN IP address can not realize that NAT is passed through;
Processing unit, if being the first value for state attribute value is passed through described in determining unit determination, Omit and the specific packet filtering ASPF process of application layer is performed to the message, and forward the message.
With reference to the third aspect, in the first possible implementation of the third aspect, described device also includes:
Recording unit, for recording the LAN IP address of the first terminal and passing through state attribute value Corresponding relation;
Wherein, the recording unit was recording the first terminal before the receiving unit receives message LAN IP address with the corresponding relation of state attribute value is passed through when, specifically for:
Probe messages are generated, the purpose IP address that the internal layer head of the probe messages is included are described device A wide area network IP address in wide area network IP address pond, the purpose that the outer layer head of the probe messages is included IP address is the LAN IP address of the first terminal;
The probe messages for generating are sent to the first terminal;
If receiving the response message for the probe messages of the first terminal feedback, record is described The LAN IP address of first terminal is corresponding to pass through state attribute value for first value;
If not receiving the response message for the probe messages of the first terminal feedback, institute is recorded The corresponding state attribute value that passes through of LAN IP address for stating first terminal is the second value.
With reference to the first possible implementation of the third aspect, in second possible realization of the third aspect In mode, the purpose IP address that the internal layer head of the probe messages is included for it is following any one:
Address is specified in the wide area network IP address pond of described device;Or
Any one address in the wide area network IP address pond of described device;Or
Selected successively in the wide area network IP address pond of described device in order according to one probe messages of every generation The principle of an address is selected, the address that the probing message for being currently generated is selected.
With reference to the first or second possible implementation of the third aspect, the third in the third aspect can In the implementation of energy, also include:
Interference unit, for the probe messages of generation are sent it to the first terminal in the recording unit Before, UDP is sent to the simple traversal STUN server of the UDP UDP on NAT tie up It is fixed to ask, the purpose IP address that the outer layer head of the probe messages is included are carried in the UDP bind requests Corresponding relation between the purpose IP address included with internal layer head;
The UDP bind requests are used for the STUN servers and carry according in the UDP bind requests Corresponding relation LAN IP address that the STUN servers are preserved and wide area network IP address Transitional information is updated.
It is with reference to the third aspect or arbitrary in the first of the third aspect to the third possible implementation Kind, in the 4th kind of possible implementation of the 3rd fermentation, the processing unit is additionally operable to:
If it is determined that it is described pass through property value for second value, then ASPF process is performed to the message;And
Forwarding performs the message after ASPF is processed.
Fourth aspect provides a kind of address converting device, and described device is located in LAN, including:
Receiving unit, for receiving the probe messages of network address translation device transmission, the detection The purpose internet protocol address that the internal layer head of message is included is in the wide area network IP address pond of NAT device A wide area network IP address, the purpose IP address that the outer layer head of the probe messages is included are the terminal LAN IP address;
Matching unit, for the purpose IP address and the internal layer head bag that include the outer layer head of the probe messages Corresponding relation between the purpose IP address for containing, with local record the terminal LAN IP address with The corresponding relation of wide area network IP address is matched;
Response unit, for when the match is successful for the matching unit, feeding back the detection to NAT device The response message of message.
With reference to fourth aspect, in the first possible implementation of fourth aspect, the terminal is to NAT Before equipment feeds back the response message of the probe messages, also include:
Determining unit, services for simple traversal STUN to the UDP UDP on NAT Device sends STUN connection requests;And
Receive response message of the STUN servers for STUN connection requests feedback, the sound The corresponding wide area network IP address of LAN IP address of the terminal is carried in answering message;
Wherein, the corresponding wide area network IP of LAN IP address of the described device for carrying in the response message Address, it is consistent with the purpose IP address that the internal layer head of the probe messages is included;
Recording unit, for according to the response message local record described device LAN IP address With the corresponding relation of wide area network IP address.
In terms of 5th, there is provided a kind of network address translation device, including:Network interface, memorizer And processor, wherein, it is described for calling that batch processing, and the processor are stored in the memorizer The program stored in memorizer so that the NAT device performs the of above-mentioned first aspect and first aspect A kind of arbitrary described method in the 4th kind possible implementation.
In terms of 6th, there is provided a kind of terminal, including:Network interface, memorizer and processor, wherein, Batch processing, and the journey stored during the processor is used to call the memorizer are stored in the memorizer Sequence so that the terminal performs the side of the first possible implementation of above-mentioned second aspect or second aspect Method.
In the embodiment of the present invention, NAT device is belonged to state of passing through according to the LAN IP address of local record Property value corresponding relation, judge whether the terminal in the LAN possesses ride-through capability, it is determined that terminal tool During standby ride-through capability, the ASPF process to message is omitted, so can effectively reduce NAT device utilization The treating capacity of ASPF technologies, so as to reduce the operating load of NAT device, improves operational efficiency, and also Can reduce bringing service disconnection equivalent risk due to ASPF process.
Description of the drawings
Fig. 1 a are to realize the method schematic diagram of address conversion in prior art;
Fig. 1 b are embodiment of the present invention address conversion system structural representation;
Fig. 2 a are the first address conversion method flow chart in the embodiment of the present invention;
Fig. 2 b are second address conversion method flow chart in the embodiment of the present invention;
Fig. 3 be the embodiment of the present invention in record the first LAN IP address with the corresponding relation of the state of passing through Mode flow chart;
Fig. 4 is RTSP message address conversion networking structure figure in the embodiment of the present invention;
Fig. 5 is the first address converting device structure chart in the embodiment of the present invention;
Fig. 6 is second address converting device structure chart in the embodiment of the present invention;
Fig. 7 is NAT device structure chart in the embodiment of the present invention;
Fig. 8 is terminal structure figure in the embodiment of the present invention.
Specific embodiment
In order that the object, technical solutions and advantages of the present invention are clearer, below in conjunction with accompanying drawing to this It is bright to be described in further detail, it is clear that described embodiment is only a part of embodiment of the invention, Rather than the embodiment of whole.Based on the embodiment in the present invention, those of ordinary skill in the art are not doing The all other embodiment obtained under the premise of going out creative work, belongs to the scope of protection of the invention.
For the multichannel agreement in prior art based on distinguishing signaling and media, such as RTSP, conversation initial During the protocol transmission messages such as agreement (Session Initiation Protocol, SIP), due in net load IP address is carried, NAT device is needed to perform ASPF process, causes NAT to set when message is received Standby when a large amount of request is processed, resource meets with the problem of bottleneck, and the embodiment of the present invention proposes a kind of address and turns Change method and device.By NAT device active probe communication terminal, go deep into the disposal ability of perception terminal, When the message for receiving is processed, with reference to the disposal ability of terminal, when terminal has NAT ride-through capabilities, ASPF process is not performed to message, directly E-Packeted, when terminal does not have NAT ride-through capabilities, After ASPF process is performed to message, then forwarded.So, when have a large amount of requests and meanwhile on give the correct time, can Effectively to reduce treating capacity of the NAT device with ASPF technologies, so as to the operation for reducing NAT device is born Lotus, improves operational efficiency.
In the embodiment of the present invention, the communication between terminal refers to based on distinguishing signaling and media protocol transmit report The communication of text, in the embodiment of the present invention, terminal could alternatively be other communication equipments such as server.
Fig. 1 b are the structural representation of address conversion system provided in an embodiment of the present invention.As shown in Figure 1 b, The system includes:Terminal 101 and NAT device 102;Wherein, terminal 101 is located in LAN, is used for Message is sent to other-end 101 ' by NAT device 102, or, receiving the forwarding of NAT device 102 Come from the message of other-end 101 ';NAT device 102 is for the message of sending the terminal 101 of reception Forward to other-end 101 ', or the message that other-end 101 ' is sent is forwarded to terminal 101, also, In repeating process, the address conversion between LAN and wide area network is carried out to message.
The system also includes simple traversal mode (Simple Traversal of UDPs of the UDP to NAT Through Network Address Translators, STUN) server 103, STUN servers 103 For the STUN connection requests that receiving terminal 101 sends, and to the local of 101 feedback terminal 101 of terminal The corresponding wide area network IP address of net IP address.
The method and device of address conversion provided in an embodiment of the present invention is entered below in conjunction with specific embodiment Row is described in detail.
Fig. 2 a are the flow chart of the first address conversion method provided in an embodiment of the present invention, and executive agent is NAT device.As shown in Figure 2 a, the method comprises the steps:
Step 200a:NAT device receives message, wherein, the message is to come from the in LAN The message of one terminal, or the message that the message is sent to the first terminal for second terminal.
In practical application, the terminal in LAN is intended to be communicated with other-end, and the message of transmission is needed Forwarded through NAT device, equally, other-end is intended to be communicated with the terminal in LAN, The message of transmission is also required to be forwarded through NAT device, wherein, the other-end may be located at office In the net of domain, it is also possible in wide area network, illustrate so that other-end is located in wide area network as an example below.
For example, first terminal is located in LAN, and first terminal is intended to enter with the second terminal in wide area network Row communication, then first terminal need to be forwarded through NAT device to the message that second terminal sends, wherein, The source IP address that the source IP address and internal layer head that the outer layer head of the message that first terminal sends is included is included, For the lan address of first terminal, and it is located at the second terminal in wide area network and can only knows that first terminal is external Disclosed address, i.e. wide area network address, therefore, NAT device needs the source IP for including the outer layer head of message The source IP address that address and internal layer head are included is converted to corresponding wide area by the lan address of first terminal Net address.
Again for example, second terminal is located in wide area network, and second terminal is intended to and the first terminal being located in LAN Communicated, then second terminal also needs to be forwarded through NAT device to the message that first terminal sends, Wherein, the purpose that the purpose IP address and internal layer head that the outer layer head of the message that second terminal sends is included are included IP address, is the wide area network address of first terminal, in order that the message that second terminal sends smoothly reaches the One terminal, NAT device need the purpose IP address that include of outer layer head of the message that second terminal is sent and The purpose IP address that internal layer head is included are converted to lan address by the wide area network address of first terminal.
Wherein, the conversion of the IP address for including for outer layer head can apply common address translation technique, existing There is the NAT device in technology all to possess this address translation capabilities, and be directed to the IP address that internal layer head is included Conversion need to possess the NAT device of ASPF disposal abilities parsing is carried out to internal layer head and could realize.This The bright NAT device being related to refers to the NAT device for possessing ASPF disposal abilities.
Step 210a:NAT device is parsed to the message, and obtain the message carrying first is whole The LAN IP address at end.
NAT device obtains the corresponding LAN IP address of first terminal according to the message for receiving.For example, NAT device receives the message that the first terminal in LAN sends, and determines the outer layer head bag in message LAN IP address of the source address for containing for first terminal;Again for example, NAT device is received positioned at wide area The message that second terminal in net sends, according to the destination address that the outer layer head in message is included, and NAT The information of address conversion of equipment local record, determines the LAN IP address of first terminal.Wherein, message In destination address for first terminal wide area network IP address, in information of address conversion comprising wide area network IP ground Location and the mapping relations of LAN IP address.
Step 220a:NAT device according to local record LAN IP address with pass through state attribute value Corresponding relation, determines that the LAN IP address of the first terminal is corresponding and passes through state attribute value, described Pass through state attribute value be for characterize that the corresponding terminal of LAN IP address can realize that NAT is passed through One value, or be for characterizing the second value that the corresponding terminal of LAN IP address can not realize that NAT is passed through.
When the internal layer head IP address for message is changed, except having described in step 200a The NAT device of ASPF disposal abilities is parsed to internal layer head, and another treatment mechanism is that NAT wears More.In order to be better understood from the scheme of the embodiment of the present invention, below the NAT mechanism of passing through is introduced, The present embodiments relate to NAT pass through mechanism and pass through for STUN.
Specifically, the terminal in LAN is previously obtained its wide area network address by STUN mechanism, When generating message, the source IP address that internal layer head is included is extended this as into wide area network address directly in net load, this Sample, when message is through NAT device, the source IP address that the internal layer head in net load is included avoids the need for being repaiied Change, only the source IP address that outer layer head is included need to be changed by common NAT flow processs.
The address translation capabilities and the mechanism of utilization that the NAT device disposed in real network possesses are inconsistent, The function that terminal is supported is also inconsistent, possesses the NAT device of ASPF disposal abilities when message is received, Source IP address that the internal layer head of message includes whether modified mistake can not be known, i.e., can not be perceived and be sent out Whether literary terminal of delivering newspaper possesses NAT ride-through capabilities.Therefore, the NAT for possessing ASPF disposal abilities sets The standby message to receiving is required for performing ASPF process, and this undoubtedly increases the treating capacity of NAT device.
In the embodiment of the present invention, NAT device is detected for the terminal in the whole network in advance, determines that terminal is It is no to possess NAT ride-through capabilities, and belong to state of passing through in the corresponding LAN IP address of local record terminal The corresponding relation of property value.
Specifically, refering to shown in Fig. 3, by taking first terminal as an example, record the first LAN IP address and wear The mode of the more corresponding relation of state attribute value is as described below:
Step 30:NAT device generates probe messages, purpose IP that the internal layer head of the probe messages is included Address is an address in the wide area network IP address pond of NAT device, the outer layer head bag of the probe messages The purpose IP address for containing are the LAN IP address of the first terminal.
Specifically, NAT device is in advance in the wide area network IP address pond of locally configured NAT device, and in advance Several configuration mechanisms for generating probe messages of setting, NAT device selected wherein one before probe messages are generated Configuration mechanism is planted, and probe messages is generated according to the configuration mechanism for selecting.Wherein, below in three kinds of configuration mechanisms The configuration mode of the purpose IP address that the internal layer head of probe messages is included is as an example.
1) address is specified in the wide area network IP address pond of NAT device;
2) any one address in the wide area network IP address pond of NAT device;
3) according to it is every generation one probe messages in the wide area network IP address pond of NAT device in order according to The secondary principle for selecting an address, the address that the probing message for being currently generated is selected.
For example, the address number in the wide area network IP address pond of NAT device is respectively 0,1,2 ... 99. NAT device selects address to include as the internal layer head of probe messages according to 0,1,2 ... 99 numbering successively Purpose IP address.
Step 31:The probe messages for generating are sent by NAT device to the first terminal.
Step 32:If NAT device receives the response report for probe messages of the first terminal feedback Text, it is determined that the first terminal can realize that NAT is passed through, and record the LAN IP ground of first terminal Location is corresponding to pass through state attribute value for the first value.
The purpose IP address and outer layer head included due to the internal layer head of the probe messages of NAT device transmission are included Purpose IP address it is different, therefore, if can receive first terminal feedback the sound for probe messages Message is answered, then illustrates that the purpose IP address of the probe messages that first terminal can be to receiving are corrected, Or explanation first terminal can pass through the purpose IP address for asking adjacent server acquisition to probe messages The method corrected, that is to say, that first terminal possesses and switchs to the LAN IP address of first terminal In the wide area network IP address pond of the NAT device of the purpose IP address configuration of probe messages, the NAT of address wears More ability.Wherein, message of the response message such as answer code for 200OK.
Specifically, the corresponding state attribute value that passes through of terminal can be recorded with transition status parameter, for example, will Can realize that the transition status parameter that NAT is passed through is to be recorded as 1;Will not be able to realize that what NAT passed through turns Change state parameter and be recorded as 0.The LAN IP address of NAT device record first terminal is corresponding to pass through shape State property value is the first value, i.e. the corresponding transition status parameter of LAN IP address of record first terminal For 1.
Step 33:If NAT device does not receive the response for probe messages of the first terminal feedback Message, it is determined that the first terminal can not realize that NAT is passed through, and record the local of the first terminal Net IP address is corresponding to pass through state attribute value for second value.
Specifically, if failing to receive the response message for probe messages of first terminal feedback, illustrate First terminal does not possess the purpose IP address configuration that the LAN IP address of first terminal is switched to probe messages NAT device wide area network IP address pond in address NAT ride-through capabilities.Wherein, fail to receive The response message for probe messages of one terminal feedback, responds including not receiving response and receiving other Situations such as.
The corresponding state attribute value that passes through of the LAN IP address of NAT device record first terminal is second value, That is, the corresponding transition status parameter of LAN IP address for recording first terminal is 0.
NAT device is detected to other all terminals in the whole network according to the method described above successively, is obtained each The corresponding LAN IP address of individual terminal is corresponding to pass through state attribute value.
Return to accompanying drawing 2a, step 230a:If the state attribute value that passes through determined in step 220a is the first value, Then NAT device is omitted and performs ASPF process to the message, and forwards the message.
In the embodiment of the present invention, NAT device is not using traditional processing mode, to the message for receiving ASPF process is carried out, but corresponding processing mode is taken according to the ride-through capability of terminal.
For example, for the message received in step 200a, NAT device is by determining in step 220a The LAN IP address of first terminal corresponding pass through state attribute value, however, it is determined that first terminal can be real Existing NAT is passed through, that is, know that first terminal possesses and the LAN IP address of first terminal is switched to probe messages Purpose IP address configuration NAT device wide area network IP address pond in address NAT ride-through capabilities, Then NAT device is omitted and performs ASPF process to first message, and the message is directly forwarded.
The message is then performed ASPF if it is determined that first terminal can not realize that NAT is passed through by NAT device After process, forwarding performs the message after ASPF is processed.
In addition, in a network, terminal can know the wide area network address of itself by STUN servers, and STUN servers locally have the mapping item of NAT, i.e. information of address conversion at which, in order that STUN The information of address conversion of the information of address conversion of server storage and NAT device itself configuration is identical, to reach To unified purpose, NAT device before probe messages are sent to first terminal, NAT device actively to STUN servers initiate " interference ".
Specifically, " interference " in the application refers to that NAT device sends STUN to STUN servers Request, such as sends UDP bind requests, and LAN IP address and wide area are carried in the UDP bind requests Corresponding relation between net IP address, in the probe messages that the corresponding relation is sent to terminal with NAT device Corresponding relation between the purpose IP address that the purpose IP address and internal layer head that the outer layer head of carrying is included are included Unanimously.UDP bind requests be used for the STUN servers according to the UDP bind requests carry it is right Should be related to, the address conversion to the LAN IP address and wide area network IP address of the preservation of STUN servers Information is updated.
So, address conversion strategy of the STUN servers according to NAT device, by local LAN IP After the information of address conversion of address and wide area network IP address updates, the terminal in LAN is to STUN Server sends STUN requests, to obtain during itself wide area network IP address, it is possible to taken according to STUN Information of address conversion after business device renewal, gets the terminal consistent with the address conversion strategy of NAT device The corresponding wide area network IP address of LAN IP address, so as to realize that NAT is passed through, in NAT device to end When end sends the probe messages according to its address conversion strategy generation, the response of terminal feedback can be received Message, and then ASPF process is omitted, reduce the process load of NAT device.
Based on above-described embodiment, flow process such as Fig. 2 b of second address conversion method provided in an embodiment of the present invention Shown, executive agent is the terminal in LAN, and the method comprises the steps:
Step 200b:Terminal in LAN receives the probe messages that NAT device sends, the spy The purpose internet protocol address that includes of internal layer head for observing and predicting text is the wide area network IP of the NAT device A wide area network IP address in address pool, the purpose IP address that the outer layer head of the probe messages is included are The LAN IP address of the terminal.
Step 210b:Purpose IP address and internal layer that the outer layer head of the probe messages is included by the terminal Corresponding relation between the purpose IP address that head is included, the LAN IP ground with the terminal of local record Location is matched with the corresponding relation of wide area network IP address, if the match is successful, feeds back institute to NAT device State the response message of probe messages.
Specifically, before terminal feeds back the response message of the probe messages to NAT device, terminal can be with In the following manner to the wide area network IP address of STUN server request terminals:
(1) terminal sends STUN connection requests to STUN servers, and the STUN connection requests are used for The wide area network IP address of oneself is inquired to STUN servers;
(2) terminal receives response message of the STUN servers for the STUN connection requests feedback, institute State the corresponding wide area network IP address of LAN IP address of carried terminal in response message;
Wherein, the corresponding wide area network IP of LAN IP address of the terminal for carrying in the response message Address, it is consistent with the purpose IP address that the internal layer head of the probe messages is included.
Specifically, STUN servers are in the local mapping for preserving LAN IP address and wide area network IP address Relation list item, i.e. information of address conversion, terminal are sent after STUN connection requests to STUN servers, STUN servers determine the wide area network IP address of terminal by the local information of address conversion for preserving of inquiry, And to terminal feedback response message.
(3) response message of the terminal according to STUN server feedbacks, determines the wide area network IP address of itself, And the corresponding relation of the LAN IP address and wide area network IP address in local record terminal.
Terminal is parsed to probe messages after probe messages are received, and obtains the outer layer head of probe messages Comprising the purpose IP address that include of purpose IP address and internal layer head between corresponding relation, and will obtain The LAN IP address of the terminal that corresponding relation is recorded with terminal local and the corresponding relation of wide area network IP address Compare, if unanimously, to the response message of NAT device feedback detection message.
The embodiment of the present invention is described in further detail with reference to specific application scenarios.
As a example by based on RTSP transmitting messages, as shown in figure 4, RTSP server is located in LAN, RTSP client is located in wide area network, total interface normal operation in the whole network.In transmission RTSP messages The method of location conversion is as follows.
S1, NAT device configuration RTSP probe messages.
The source IP address that the source IP address and outer layer head that the internal layer head of configuration RTSP probe messages is included is included Unanimously, the address of NAT device interface is, the purpose IP address that the internal layer head of RTSP messages is included Modify so as to inconsistent with the purpose IP address that outer layer head is included, i.e. Destination locations assignment Difference, concrete modification are an address in the wide area network IP address pond of NAT device, can be any one Individual address, or a fixed address, it is also possible to for being selected successively in address pool in order Address.
For example, in the RTSP probe messages of configuration, address of the source address for NAT interfaces;Outer layer head is included Purpose IP address be the locally stored session of NAT device five-tuple in the corresponding source port of source address be The address of well-known port 554, wherein, well-known port 554 is given tacit consent to for RTSP;The mesh that internal layer head is included IP address for NAT device wide area network IP address pond in an address;Source port is any legal end Mouth (such as 55316);Destination interface is 554.
S2, NAT device according to RTSP probe messages identical address conversion strategies, generate UDP tie up It is fixed to ask, and the UDP bind requests are sent to STUN servers, the address for itself configuring is turned Policy synchronization is changed to STUN servers.
Wherein, purpose IP address and internal layer that the outer layer head of probe messages is included are carried in UDP bind requests Corresponding relation between the purpose IP address that head is included, it is, carrying NAT in UDP bind requests The information of the address conversion strategy of device configuration.As such, it is possible to so that STUN servers are set according to NAT The address conversion strategy of standby configuration, the LAN IP address that STUN servers are preserved and wide area network IP ground The information of address conversion of location is locally being updated.
S3, NAT device simultaneously send RTSP probe messages to RTSP server.
The RTSP probe messages for having configured are asked to RTSP server to send by NAT device by Setup.
If the answer code for receiving RTSP server feedback is the response message of 200OK, RTSP is taken The corresponding transition status parameter value of business device is designated as 1, and in the corresponding LAN of local record RTSP server The corresponding relation of IP address and transition status parameter value 1;
If not receiving the response message of the answer code for 200OK of RTSP server feedback, by RTSP The corresponding transition status parameter value of server is designated as 0, and in the corresponding local of local record RTSP server The corresponding relation of net IP address and transition status parameter value 0.
Wherein, RTSP server to NAT device feedback response code for 200OK response message before, Warp-wise STUN servers send STUN requests, ask the wide area network IP address of RTSP server, And due to the address conversion strategy before STUN servers according to NAT device configuration, by STUN The information of address conversion of LAN IP address and wide area network IP address that server is preserved being locally updated, So, wide area network IP address and the address conversion of NAT that STUN servers are returned to RTSP server It is tactful consistent.
In this, by probe messages being sent to the RTSP server in the whole network, can obtain the RTSP in the whole network Corresponding relation between the corresponding LAN IP address of server and transition status parameter value, it is right by what is obtained Should be related in local cache.
S4, RTSP client are initiated to access, and NAT device receives the access of RTSP client transmission please Ask, access request is parsed, the purpose IP address included in obtaining access request, and further really Determine the corresponding LAN IP address of purpose IP address, locally stored LAN IP address is inquired about with conversion shape Access request, if transition status parameter is 1, is directly pressed normal routing forwarding by the corresponding relation of state parameter, ASPF process is not performed.If transition status parameter is 0, access request is performed into ASPF process.
Based on above-described embodiment, as shown in figure 5, the first address converting device provided in an embodiment of the present invention 50 include:
Receiving unit 51, for receiving message, the message is the report for coming from the first terminal in LAN Text, or the message sent to the first terminal for second terminal;
Resolution unit 52, for parsing to the message, obtains the first terminal that the message is carried LAN Monitoring System fidonetFido IP address;
Determining unit 53, for according to local record LAN IP address with pass through the right of state attribute value Should be related to, determine that the LAN IP address of the first terminal is corresponding and pass through state attribute value, it is described to wear More state attribute value be for characterize that the corresponding terminal of LAN IP address can realize that NAT is passed through first Value, or be for characterizing the second value that the corresponding terminal of LAN IP address can not realize that NAT is passed through;
Processing unit 54, if for passing through state attribute value for first described in the determination of the determining unit 43 Value, then omit and the specific packet filtering ASPF process of application layer performed to the message, and forward the message.
Optionally, described device also includes:
Recording unit 55, for recording the LAN IP address of the first terminal and passing through state attribute value Corresponding relation;
Wherein, recording unit 55 was recording described first eventually before the receiving unit 51 receives message When the LAN IP address at end is with the corresponding relation of state attribute value is passed through, specifically for:
Probe messages are generated, the purpose IP address that the internal layer head of the probe messages is included are described device A wide area network IP address in wide area network IP address pond, the purpose that the outer layer head of the probe messages is included IP address is the LAN IP address of the first terminal;
The probe messages for generating are sent to the first terminal;
If receiving the response message for the probe messages of the first terminal feedback, record is described The LAN IP address of first terminal is corresponding to pass through state attribute value for first value;
If not receiving the response message for the probe messages of the first terminal feedback, institute is recorded The corresponding state attribute value that passes through of LAN IP address for stating first terminal is the second value.
Optionally, the purpose IP address that the internal layer head of the probe messages is included for it is following any one:
Address is specified in the wide area network IP address pond of described device;Or
Any one address in the wide area network IP address pond of described device;Or
Selected successively in the wide area network IP address pond of described device in order according to one probe messages of every generation The principle of an address is selected, the address that the probing message for being currently generated is selected.
Optionally, also include:
Interference unit 56, for the recording unit 55 by generate probe messages to the first terminal Before transmission, UDP bind requests are sent to STUN servers, carry institute in the UDP bind requests It is right between the purpose IP address that the outer layer head of probe messages includes and the purpose IP address that internal layer head is included to state Should be related to;
The UDP bind requests are used for the STUN servers and carry according in the UDP bind requests Corresponding relation LAN IP address that the STUN servers are preserved and wide area network IP address Transitional information is updated.
Optionally, processing unit 54 is additionally operable to:
If it is determined that it is described pass through property value for second value, then ASPF process is performed to the message;And
Forwarding performs the message after ASPF is processed.
Based on above-described embodiment, as shown in fig. 6, second address converting device provided in an embodiment of the present invention 60, device 60 is located in LAN, including:
Receiving unit 61, for receiving the probe messages of network address translation device transmission, the spy Observe and predict the wide area network IP address pond of the purpose internet protocol address that includes of internal layer head for NAT device of text In a wide area network IP address, the purpose IP address that the outer layer head of the probe messages is included are the end The LAN IP address at end;
Matching unit 62, for the purpose IP address and the internal layer head that include the outer layer head of the probe messages Comprising purpose IP address between corresponding relation, with local record the terminal LAN IP address Matched with the corresponding relation of wide area network IP address;
Response unit 63, it is for when the match is successful for the matching unit 62, described to NAT device feedback The response message of probe messages.
Optionally, device 60, also include:
Determining unit 64, for feeding back the response report of the probe messages in response unit 63 to NAT device Before text, STUN connection requests are sent to STUN servers;And
Receive response message of the STUN servers for STUN connection requests feedback, the sound The corresponding wide area network IP address of LAN IP address of the terminal is carried in answering message;
Wherein, the corresponding wide area network IP of LAN IP address of the described device for carrying in the response message Address, it is consistent with the purpose IP address that the internal layer head of the probe messages is included;
Recording unit 65, for according to the response message, in the LAN IP of local record described device Address and the corresponding relation of wide area network IP address.
Based on above-described embodiment, as shown in fig. 7, embodiments providing a kind of NAT device 70, wrap Include:Transceiver 71, processor 72, memorizer 73 and bus 74, wherein, transceiver 71, processor 72, Memorizer 73 is connected with bus 74, wherein:
Transceiver 71, for receiving message, the message is the message for coming from the first terminal in LAN, Or the message sent to the first terminal for second terminal;
Memorizer 73 stores batch processing;
Processor 72, for the program for calling memorizer 73 to store, performs following process:
The message is parsed, the LAN IP address of the first terminal that the message is carried is obtained;
According to the LAN IP address and the corresponding relation for passing through state attribute value of local record, it is determined that described The LAN IP address of first terminal is corresponding to pass through state attribute value, and the state attribute value that passes through is use The first value that NAT is passed through can be realized in the corresponding terminal of sign LAN IP address, or be for table Levy the second value that the corresponding terminal of LAN IP address can not realize that NAT is passed through;
If it is determined that it is described pass through state attribute value for the first value, then omit and application layer spy performed to the message Determine packet filtering ASPF process, and the message is forwarded by transceiver 71.
Optionally, processor 72 is additionally operable to:
The LAN IP address for recording the first terminal and the corresponding relation for passing through state attribute value;
Wherein, before transceiver 71 receives message, in the LAN IP address for recording the first terminal During with passing through the corresponding relation of state attribute value, specifically for:
Probe messages are generated, the purpose IP address that the internal layer head of the probe messages is included are described device A wide area network IP address in wide area network IP address pond, the purpose that the outer layer head of the probe messages is included IP address is the LAN IP address of the first terminal;
The probe messages for generating are sent from transceiver 71 to the first terminal;
If it is determined that transceiver 71 receives the response report for the probe messages of the first terminal feedback Text, then the corresponding state attribute value that passes through of LAN IP address for recording the first terminal is described first Value;
If not receiving the response message for the probe messages of the first terminal feedback, institute is recorded The corresponding state attribute value that passes through of LAN IP address for stating first terminal is the second value.
Optionally, the purpose IP address that the internal layer head of the probe messages is included for it is following any one:
Address is specified in the wide area network IP address pond of the NAT device;Or
Any one address in the wide area network IP address pond of the NAT device;Or
Selected successively in the wide area network IP address pond of described device in order according to one probe messages of every generation The principle of an address is selected, the address that the probing message for being currently generated is selected.
Optionally, processor 72 is additionally operable to:
Before sending to the first terminal, UDP bind requests are sent to STUN servers, it is described Carry the purpose IP address that the outer layer head of the probe messages includes to include with internal layer head in UDP bind requests Purpose IP address between corresponding relation;
The UDP bind requests are used for the STUN servers and carry according in the UDP bind requests Corresponding relation LAN IP address that the STUN servers are preserved and wide area network IP address Transitional information is updated.
Optionally, processor 72 is additionally operable to:
If it is determined that it is described pass through property value for second value, then ASPF process is performed to the message;And
The message after ASPF is processed is performed as transceiver 71 is forwarded.
Based on above-described embodiment, as shown in figure 8, embodiments providing a kind of terminal 80, terminal 80 are located in LAN, and terminal 80 includes:
Including transceiver 81, processor 82, memorizer 83 and bus 84, wherein, transceiver 81, processor 82nd, memorizer 83 is connected with bus 84, wherein,
Transceiver 81, for receiving the probe messages of NAT device transmission, the internal layer head bag of the probe messages The purpose internet protocol address for containing is a wide area network IP ground in the wide area network IP address pond of NAT device Location, the purpose IP address that the outer layer head of the probe messages is included are the LAN IP address of the terminal;
Memorizer 83, for storing batch processing;
Processor 82, for the program for calling memorizer 83 to store, performs following process:
The purpose IP address that the purpose IP address that the outer layer head of the probe messages is included are included with internal layer head Between corresponding relation, with LAN IP address and the wide area network IP address of the terminal of local record Corresponding relation is matched;
When the match is successful, the response message of the probe messages is fed back to NAT device from transceiver 81.
Optionally, transceiver 81 is additionally operable to:
Before the response message of the probe messages is fed back to NAT device, send to STUN servers STUN connection requests;And the STUN servers are received for STUN connection requests feedback Response message, carries the corresponding wide area network IP ground of LAN IP address of the terminal in the response message Location;Wherein, the corresponding wide area network of LAN IP address of the terminal 80 for carrying in the response message IP address is consistent with the purpose IP address that the internal layer head of the probe messages is included;
The processor 82 is additionally operable to, in the LAN IP address and wide area network IP of local record described device The corresponding relation of address.
In sum, in the embodiment of the present invention, the first terminal that NAT device is received in LAN sends Or second terminal be intended to the first terminal accessed in LAN and the message for sending, NAT device is obtained The LAN IP address of first terminal, the first NAT device according to local record LAN IP address with wear More the corresponding relation of state attribute value, determines that the LAN IP address of the first terminal is corresponding and passes through shape State property value, it is described pass through state attribute value be can be real for characterizing the corresponding terminal of LAN IP address The first value that existing NAT is passed through, or NAT can be realized for characterizing the corresponding terminal of LAN IP address The second value passed through, if the LAN IP address of the first terminal is corresponding to pass through state attribute value for the One value, then NAT device omission perform the specific packet filtering ASPF process of application layer to the message, and turn Send out message described.So, the NAT ride-through capabilities of the terminal in LAN are known by active probe, NAT device is passively processed the address conversion of multichannel protocol massages, active process is replaced by, can not only Enough reduce NAT device treating capacity and load, increase address conversion treatment effeciency, it is also possible to reduce due to ASPF is processed and is brought service disconnection equivalent risk.
Those skilled in the art are it should be appreciated that embodiments of the invention can be provided as method, system or meter Calculation machine program product.Therefore, the present invention can be using complete hardware embodiment, complete software embodiment or knot The form of the embodiment in terms of conjunction software and hardware.And, the present invention can be using wherein wrapping at one or more Computer-usable storage medium containing computer usable program code (including but not limited to disk memory, CD-ROM, optical memory etc.) on the form of computer program implemented.
The present invention be with reference to method according to embodiments of the present invention, equipment (system), and computer program produce The flow chart and/or block diagram of product is describing.It should be understood that can by computer program instructions flowchart and / or block diagram in each flow process and/or square frame and flow chart and/or the flow process in block diagram and/ Or the combination of square frame.These computer program instructions can be provided to general purpose computer, special-purpose computer, embedded The processor of formula datatron or other programmable data processing devices is producing a machine so that by calculating The instruction of the computing device of machine or other programmable data processing devices is produced for realizing in flow chart one The device of the function of specifying in individual flow process or one square frame of multiple flow processs and/or block diagram or multiple square frames.
These computer program instructions may be alternatively stored in and computer or other programmable datas process can be guided to set In the standby computer-readable memory for working in a specific way so that be stored in the computer-readable memory Instruction produce and include the manufacture of command device, command device realization is in one flow process or multiple of flow chart The function of specifying in one square frame of flow process and/or block diagram or multiple square frames.
These computer program instructions can be also loaded in computer or other programmable data processing devices, made Obtain and series of operation steps is performed on computer or other programmable devices to produce computer implemented place Reason, so as to the instruction performed on computer or other programmable devices is provided for realizing in flow chart one The step of function of specifying in flow process or one square frame of multiple flow processs and/or block diagram or multiple square frames.
, but those skilled in the art once know base although preferred embodiments of the present invention have been described This creative concept, then can make other change and modification to these embodiments.So, appended right will Ask and be intended to be construed to include preferred embodiment and fall into the had altered of the scope of the invention and change.
Obviously, those skilled in the art can carry out various changes and modification and not take off to the embodiment of the present invention From the spirit and scope of the embodiment of the present invention.So, if these modifications of the embodiment of the present invention and modification belong to Within the scope of the claims in the present invention and its equivalent technologies, then the present invention be also intended to comprising these change and Including modification.

Claims (15)

1. a kind of address conversion method, it is characterised in that include:
Network address translation device receives message, and the message is to come from the first end in LAN The message at end, or the message sent to the first terminal for second terminal;
NAT device is parsed to the message, and the LAN for obtaining the first terminal that the message is carried is mutual Networking protocol IP address;
LAN IP address and the corresponding relation that pass through state attribute value of the NAT device according to local record, Determine that the LAN IP address of the first terminal is corresponding and pass through state attribute value, the state of passing through belongs to Property value be for characterizing the first value that the corresponding terminal of LAN IP address can realize that NAT is passed through, or It is for characterizing the second value that the corresponding terminal of LAN IP address can not realize that NAT is passed through;
If it is determined that it is described pass through state attribute value for the first value, then NAT device omission is held to the message The specific packet filtering ASPF process of row application layer, and forward the message.
2. the method for claim 1, it is characterised in that before the NAT device receives message, Also include:
NAT device records the LAN IP address of the first terminal in the following manner and passes through state category The corresponding relation of property value:
NAT device generates probe messages, and the purpose IP address that the internal layer head of the probe messages is included are NAT A wide area network IP address in the wide area network IP address pond of equipment, the outer layer head of the probe messages are included Purpose IP address be the first terminal LAN IP address;
The probe messages for generating are sent by NAT device to the first terminal;
If NAT device receives the response message for the probe messages of the first terminal feedback, The corresponding state attribute value that passes through of LAN IP address for recording the first terminal is first value;
If NAT device does not receive the response message for the probe messages of the first terminal feedback, The corresponding state attribute value that passes through of LAN IP address for then recording the first terminal is the second value.
3. method as claimed in claim 2, it is characterised in that the internal layer head of the probe messages is included Purpose IP address for it is following any one:
Address is specified in the wide area network IP address pond of NAT device;Or
Any one address in the wide area network IP address pond of NAT device;Or
Selected successively in the wide area network IP address pond of NAT device in order according to one probe messages of every generation The principle of an address is selected, the address that the probing message for being currently generated is selected.
4. method as claimed in claim 2 or claim 3, it is characterised in that the detection that NAT device will be generated Message also includes to before first terminal transmission:
NAT device is sent to the simple traversal STUN server of the UDP UDP on NAT UDP bind requests, carry the purpose that the outer layer head of the probe messages is included in the UDP bind requests Corresponding relation between the purpose IP address that IP address and internal layer head are included;
The UDP bind requests are used for the STUN servers and carry according in the UDP bind requests The corresponding relation, to the STUN servers preserve LAN IP address and wide area network IP address Transitional information be updated.
5. the method as described in any one of claim 1-4, it is characterised in that also include:
If it is determined that it is described pass through property value for second value, then NAT device performs ASPF to the message Process;And
Forwarding performs the message after ASPF is processed.
6. a kind of address conversion method, it is characterised in that include:
Terminal in LAN receives the probe messages that network address translation device sends, described The purpose internet protocol address that the internal layer head of probe messages is included is the wide area network IP of the NAT device A wide area network IP address in address pool, the purpose IP address that the outer layer head of the probe messages is included are The LAN IP address of the terminal;
The mesh that the purpose IP address that the outer layer head of the probe messages is included by the terminal are included with internal layer head IP address between corresponding relation, with local record the terminal LAN IP address and wide area network The corresponding relation of IP address is matched, if the match is successful, feeds back the probe messages to NAT device Response message.
7. method as claimed in claim 6, it is characterised in that the terminal feeds back institute to NAT device Before stating the response message of probe messages, also include:
The terminal is sent to the simple traversal STUN server of the UDP UDP on NAT STUN connection requests;
The terminal receives the STUN servers and disappears for the response of STUN connection requests feedback Breath, carries the corresponding wide area network IP address of LAN IP address of the terminal in the response message;
Wherein, the corresponding wide area network IP of LAN IP address of the terminal for carrying in the response message Address, it is consistent with the purpose IP address that the internal layer head of the probe messages is included;
The terminal according to the response message, locally record the LAN IP address of the terminal with it is wide The corresponding relation of domain net IP address.
8. a kind of address converting device, it is characterised in that include:
Receiving unit, for receiving message, the message is the message for coming from the first terminal in LAN, Or the message sent to the first terminal for second terminal;
Resolution unit, for parsing to the message, obtains the office of the first terminal that the message is carried Domain net internet protocol address;
Determining unit, for according to local record LAN IP address with pass through the corresponding of state attribute value Relation, determines that the LAN IP address of the first terminal is corresponding and passes through state attribute value, described to pass through State attribute value be for characterize that the corresponding terminal of LAN IP address can realize that NAT is passed through first Value, or be for characterizing the second value that the corresponding terminal of LAN IP address can not realize that NAT is passed through;
Processing unit, if being the first value for state attribute value is passed through described in determining unit determination, Omit and the specific packet filtering ASPF process of application layer is performed to the message, and forward the message.
9. device as claimed in claim 8, it is characterised in that described device also includes:
Recording unit, for recording the LAN IP address of the first terminal and passing through state attribute value Corresponding relation;
Wherein, the recording unit was recording the first terminal before the receiving unit receives message LAN IP address with the corresponding relation of state attribute value is passed through when, specifically for:
Probe messages are generated, the purpose IP address that the internal layer head of the probe messages is included are described device A wide area network IP address in wide area network IP address pond, the purpose that the outer layer head of the probe messages is included IP address is the LAN IP address of the first terminal;
The probe messages for generating are sent to the first terminal;
If receiving the response message for the probe messages of the first terminal feedback, record is described The LAN IP address of first terminal is corresponding to pass through state attribute value for first value;
If not receiving the response message for the probe messages of the first terminal feedback, institute is recorded The corresponding state attribute value that passes through of LAN IP address for stating first terminal is the second value.
10. device as claimed in claim 9, it is characterised in that also include:
Interference unit, for the probe messages of generation are sent it to the first terminal in the recording unit Before, UDP is sent to the simple traversal STUN server of the UDP UDP on NAT tie up It is fixed to ask, the purpose IP address that the outer layer head of the probe messages is included are carried in the UDP bind requests Corresponding relation between the purpose IP address included with internal layer head;
The UDP bind requests are used for the STUN servers and carry according in the UDP bind requests Corresponding relation LAN IP address that the STUN servers are preserved and wide area network IP address Transitional information is updated.
11. devices as described in any one of claim 8-10, it is characterised in that the processing unit is also used In:
If it is determined that it is described pass through property value for second value, then ASPF process is performed to the message;And
Forwarding performs the message after ASPF is processed.
12. a kind of address converting devices, it is characterised in that described device is located in LAN, including:
Receiving unit, for receiving the probe messages of network address translation device transmission, the detection The purpose internet protocol address that the internal layer head of message is included is in the wide area network IP address pond of NAT device A wide area network IP address, the purpose IP address that the outer layer head of the probe messages is included are the terminal LAN IP address;
Matching unit, for the purpose IP address and the internal layer head bag that include the outer layer head of the probe messages Corresponding relation between the purpose IP address for containing, with local record the terminal LAN IP address with The corresponding relation of wide area network IP address is matched;
Response unit, for when the match is successful for the matching unit, feeding back the detection to NAT device The response message of message.
13. devices as claimed in claim 12, it is characterised in that described device also includes:
Determining unit, for feeding back the response report of the probe messages in the response unit to NAT device Before text, STUN is sent to the simple traversal STUN server of the UDP UDP on NAT Connection request;And
Receive response message of the STUN servers for STUN connection requests feedback, the sound The corresponding wide area network IP address of LAN IP address of the terminal is carried in answering message;
Wherein, the corresponding wide area network IP of LAN IP address of the described device for carrying in the response message Address, it is consistent with the purpose IP address that the internal layer head of the probe messages is included;
Recording unit, for according to the response message local record described device LAN IP address With the corresponding relation of wide area network IP address.
14. a kind of network address translation devices, it is characterised in that include:Memorizer and process Device, wherein, batch processing is stored in the memorizer, and during the processor is used to call the memorizer The program of storage so that the NAT device performs the method as described in claim 1 to 5 is arbitrary.
15. a kind of terminals, it is characterised in that include:Memorizer and processor, wherein, the storage Batch processing, and the program stored during the processor is used to call the memorizer are stored in device so that institute State terminal execution method as claimed in claims 6 or 7.
CN201510626118.XA 2015-09-25 2015-09-25 Address translation method and device Active CN106559504B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510626118.XA CN106559504B (en) 2015-09-25 2015-09-25 Address translation method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510626118.XA CN106559504B (en) 2015-09-25 2015-09-25 Address translation method and device

Publications (2)

Publication Number Publication Date
CN106559504A true CN106559504A (en) 2017-04-05
CN106559504B CN106559504B (en) 2020-09-08

Family

ID=58415307

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510626118.XA Active CN106559504B (en) 2015-09-25 2015-09-25 Address translation method and device

Country Status (1)

Country Link
CN (1) CN106559504B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107454210A (en) * 2017-09-15 2017-12-08 成都西加云杉科技有限公司 Communication means and system
CN111371666A (en) * 2018-12-26 2020-07-03 华为技术有限公司 Method, device and system for processing message
CN111866110A (en) * 2020-07-13 2020-10-30 浙江捷创方舟数字技术有限公司 Industrial equipment communication method and 5G gateway
CN112118207A (en) * 2019-06-20 2020-12-22 华为技术有限公司 Data transmission method, server and electronic equipment
CN114697300A (en) * 2022-04-15 2022-07-01 武汉中元通信股份有限公司 Data multicast implementation method of high-timeliness communication system
WO2024021714A1 (en) * 2022-07-29 2024-02-01 华为技术有限公司 Network address translation (nat) traversal method, device, and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102447748A (en) * 2010-10-15 2012-05-09 华为技术有限公司 Method, equipment and system for allocating outer Internet protocol IP addresses during network address translation (NAT)
CN102685261A (en) * 2011-03-15 2012-09-19 中国移动通信集团公司 Method, system and device for controlling address mapping state of equipment
CN103281406A (en) * 2013-04-24 2013-09-04 杭州华三通信技术有限公司 Message forwarding method for inter-cloud VM (virtual machine) migration, NAT (Network Address Translation) server and network

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102447748A (en) * 2010-10-15 2012-05-09 华为技术有限公司 Method, equipment and system for allocating outer Internet protocol IP addresses during network address translation (NAT)
US20130227170A1 (en) * 2010-10-15 2013-08-29 Huawei Technologies Co., Ltd. Method for allocating an external network ip address in nat traversal, and device and system
CN102685261A (en) * 2011-03-15 2012-09-19 中国移动通信集团公司 Method, system and device for controlling address mapping state of equipment
CN103281406A (en) * 2013-04-24 2013-09-04 杭州华三通信技术有限公司 Message forwarding method for inter-cloud VM (virtual machine) migration, NAT (Network Address Translation) server and network

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107454210A (en) * 2017-09-15 2017-12-08 成都西加云杉科技有限公司 Communication means and system
CN107454210B (en) * 2017-09-15 2020-12-01 成都西加云杉科技有限公司 Communication method and system
CN111371666A (en) * 2018-12-26 2020-07-03 华为技术有限公司 Method, device and system for processing message
CN112118207A (en) * 2019-06-20 2020-12-22 华为技术有限公司 Data transmission method, server and electronic equipment
CN112118207B (en) * 2019-06-20 2021-12-28 华为技术有限公司 Data transmission method, server and electronic equipment
CN111866110A (en) * 2020-07-13 2020-10-30 浙江捷创方舟数字技术有限公司 Industrial equipment communication method and 5G gateway
CN111866110B (en) * 2020-07-13 2023-12-19 浙江捷创方舟数字技术有限公司 Industrial equipment communication method and 5G gateway
CN114697300A (en) * 2022-04-15 2022-07-01 武汉中元通信股份有限公司 Data multicast implementation method of high-timeliness communication system
WO2024021714A1 (en) * 2022-07-29 2024-02-01 华为技术有限公司 Network address translation (nat) traversal method, device, and system

Also Published As

Publication number Publication date
CN106559504B (en) 2020-09-08

Similar Documents

Publication Publication Date Title
CN106559504A (en) A kind of address conversion method and device
CN110933180B (en) Communication establishment method, device, load equipment and storage medium
US20180295164A1 (en) Data Processing Method in Webpage-Based Real-Time Communication Media and Device Utilizing Same
CN102223365A (en) User access method and device based on SSL (Secure Socket Layer) VPN (Virtual Private Network) gateway cluster
RU2014112197A (en) HOME ROUTING FOR IMS ROAMING USING BINDING IN VPLMN
CN103384181B (en) The transmission method and equipment of data packet
US20130091291A1 (en) Method and apparatus for improving voice or video transmission quality in cloud computing mode
CN108040134A (en) A kind of method and device of DNS Transparent Proxies
CN104717131B (en) Information interacting method and server
CN103685332B (en) File uploading method, client, server and system
CN109995721A (en) Service request processing method, device and communication system
CN105262847B (en) Communication means and system between terminal device
CN101236553A (en) Web page information synergistic browsing system and method
CN110855424B (en) Method and device for synthesizing asymmetric flow xDR in DPI field
CN106302847A (en) Network transmission method and system for multi-layer network address translator structure
CN103905380B (en) Service call method, device and system
CN103812957B (en) ARP record management method and apparatus
CN103581361A (en) Domain name resolution proxy method, device and system
US8321592B2 (en) Methods, systems, and computer readable media for generating and using statelessly reversible representations of session initiation protocol (SIP) information by SIP cluster entities
US20170163809A1 (en) Method and Device for Recording Multimedia Data
CN104219257B (en) A kind of webpage real-time communication method, system and server and client side
CN104184565B (en) A kind of method and device of processing retransmission information
CN107528932A (en) A kind of data transmission method, network address translation apparatus
CN104158806B (en) Session connection method for building up and equipment, session-orient E-Service network element
CN101471938B (en) Authentication method, system and device for point-to-point network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant