CN106559504A - A kind of address conversion method and device - Google Patents
A kind of address conversion method and device Download PDFInfo
- Publication number
- CN106559504A CN106559504A CN201510626118.XA CN201510626118A CN106559504A CN 106559504 A CN106559504 A CN 106559504A CN 201510626118 A CN201510626118 A CN 201510626118A CN 106559504 A CN106559504 A CN 106559504A
- Authority
- CN
- China
- Prior art keywords
- address
- terminal
- lan
- message
- probe messages
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2514—Translation of Internet protocol [IP] addresses between local and global IP addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/256—NAT traversal
Abstract
The present invention relates to communication technical field, discloses a kind of address conversion method and device, to the process load for reducing NAT device.The method is:NAT device receives the message that first terminal sends or that second terminal is sent to first terminal in LAN, obtain the LAN IP address of first terminal, and determine that the LAN IP address of first terminal is corresponding and pass through state attribute value, if it is to characterize the first value that first terminal can realize that NAT is passed through to pass through state attribute value, then omit and ASPF process is performed to message, and E-Packet.So, the NAT ride-through capabilities of the terminal in LAN are known by active probe, NAT device is passively processed the address conversion of multichannel protocol massages, it is replaced by active process, the treating capacity and load of NAT device can not only be reduced, increase address conversion treatment effeciency, it is also possible to reduce service disconnection equivalent risk being brought due to ASPF process.
Description
Technical field
The present invention relates to communication technical field, more particularly to a kind of address conversion method and device.
Background technology
Terminal in terminal in LAN and wide area network in communication process, in order to ensure the network address
Correctly to realize proper communication, interactive message is through network address translation (Network Address
Transform, NAT) equipment when, NAT device is by the wan protocol of automatically modification packet outer layer head
(Internet Protocol, IP) address information.But some are based on distinguishing signaling and the multichannel agreement of media
Message data division in also carry IP address, that is, the IP address of the internal layer head of message, so NAT
Equipment is also needed to while modify to the data division of message, that is, change the IP address of the internal layer head of message,
So that the IP address of the internal layer head of message is identical with the IP address of packet outer layer head, otherwise, message will be sent out
Give birth to mistake and cause communication failure.
But, common NAT device cannot analytic message internal layer head.For problems, existing skill
In art, some NAT device are exclusively with the specific packet filtering of application layer (Application Specific Packet
Filter, ASPF) technology, the internal layer head for treating analytic message point decoded, and obtains internal layer header,
The such as information such as IP address, port, protocol type.When message needs to carry out address conversion process, will obtain
The internal layer header got carries out an ALG (Application Layer Gatewary, ALG)
Process, the IP address of internal layer head, port are replaced accordingly according to address conversion strategy, is compiled again
Code is simultaneously forwarded.
Wherein, LAN is also referred to as Intranet or private network, and such as home network or corporate networks, wide area network also may be used
Referred to as public network, such as the Internet.
Real time streaming transport protocol (Real Time Streaming Protocol, RTSP) is a kind of typical area
Divide the multichannel agreement of signaling and media.Below with the communication between RTSP client and RTSP server
As a example by process, the method that address conversion is realized in introducing prior art.
Refering to shown in Fig. 1 a, client is located in wide area network, and the wide area network IP address of client is
59.151.1.1, server is located in LAN, and server IP address in a local network is 128.18.51.1,
Wide area network IP address on NAT for server-assignment is 59.151.1.100.NAT device is configured for office
The address conversion strategy of domain net.
User end to server is initiated a session request first, and the purpose IP address carried in request are
59.151.1.100, NAT device, during the request is processed, is purpose IP included during guarantee is asked
Address is reachable, and the destination address that the outer layer head of above-mentioned request message is included is modified, will wherein server
Wide area network address be revised as the lan address of server, i.e. the destination address that outer layer head is included by
59.151.1.100 it is revised as 128.18.51.1.And ASPF technologies are used, the internal layer head of message is carried out
Decoding, the internal layer header to getting carry out ALG process, carry out accordingly according to address conversion strategy
Replace.In final request after the modification, the destination address and internal layer head that the outer layer head of IP messages is included is included
Destination address it is consistent, be 128.18.51.1.
NAT device when the response message of server return is received, the source that the outer layer head of response message is included
IP address is 128.18.51.1, be ensure reach wide area network after it is reachable, the source address that outer layer head is included is carried out
Modification, is revised as server address 59.151.1.100 in the wide area network.And with ASPF technologies,
The source address of internal layer head is modified, which is revised as into clothes by the lan address 128.18.51.1 of server
The wide area network address 59.151.1.100 of business device.
In practical application, the NAT device resource-constrained of ASPF technologies itself is supported, at more than equipment
Give the correct time in a large amount of requests simultaneously of reason specification, NAT device can meet with process bottleneck, it is impossible to all request reports
Text is parsed with ASPF technologies and address conversion.
The content of the invention
The embodiment of the present invention provides a kind of address conversion method and device, turns to solve address in prior art
Exchange device own resource is limited and cannot correctly process the problem of request in time.
Concrete technical scheme provided in an embodiment of the present invention is as follows:
A kind of first aspect, there is provided address conversion method, including:
Network address translation device receives message, and the message is to come from the first end in LAN
The message at end, or the message sent to the first terminal for second terminal;
NAT device is parsed to the message, and the LAN for obtaining the first terminal that the message is carried is mutual
Networking protocol IP address;
LAN IP address and the corresponding relation that pass through state attribute value of the NAT device according to local record,
Determine that the LAN IP address of the first terminal is corresponding and pass through state attribute value, the state of passing through belongs to
Property value be for characterizing the first value that the corresponding terminal of LAN IP address can realize that NAT is passed through, or
It is for characterizing the second value that the corresponding terminal of LAN IP address can not realize that NAT is passed through;
If it is determined that it is described pass through state attribute value for the first value, then NAT device omission is held to the message
The specific packet filtering ASPF process of row application layer, and forward the message.
With reference in a first aspect, in the first possible implementation of first aspect, the NAT device
Before receiving message, also include:
NAT device records the LAN IP address of the first terminal in the following manner and passes through state category
The corresponding relation of property value:
NAT device generates probe messages, and the purpose IP address that the internal layer head of the probe messages is included are NAT
A wide area network IP address in the wide area network IP address pond of equipment, the outer layer head of the probe messages are included
Purpose IP address be the first terminal LAN IP address;
The probe messages for generating are sent by NAT device to the first terminal;
If NAT device receives the response message for the probe messages of the first terminal feedback,
The corresponding state attribute value that passes through of LAN IP address for recording the first terminal is first value;
If NAT device does not receive the response message for the probe messages of the first terminal feedback,
The corresponding state attribute value that passes through of LAN IP address for then recording the first terminal is the second value.
With reference to the first possible implementation of first aspect, in second possible realization of first aspect
In mode, the purpose IP address that the internal layer head of the probe messages is included for it is following any one:
Address is specified in the wide area network IP address pond of NAT device;Or
Any one address in the wide area network IP address pond of NAT device;Or
Selected successively in the wide area network IP address pond of NAT device in order according to one probe messages of every generation
The principle of an address is selected, the address that the probing message for being currently generated is selected.
With reference to the first or second possible implementation of first aspect, the third in first aspect can
In the implementation of energy, the probe messages for generating to before first terminal transmission, are also wrapped by NAT device
Include:
NAT device is sent to the simple traversal STUN server of the UDP UDP on NAT
UDP bind requests, carry the purpose that the outer layer head of the probe messages is included in the UDP bind requests
Corresponding relation between the purpose IP address that IP address and internal layer head are included;
The UDP bind requests are used for the STUN servers and carry according in the UDP bind requests
Corresponding relation LAN IP address that the STUN servers are preserved and wide area network IP address
Transitional information is updated.
With reference in a first aspect, or first aspect the first to arbitrary in the third possible implementation
Kind, in the 4th kind of possible implementation of first aspect, also include:
If it is determined that it is described pass through property value for second value, then NAT device performs ASPF to the message
Process;And
Forwarding performs the message after ASPF is processed.
A kind of second aspect, there is provided address conversion method, including:
Terminal in LAN receives the probe messages that network address translation device sends, described
Wide area network IP address of the purpose internet protocol address that the internal layer head of probe messages is included for NAT device
A wide area network IP address in pond, the purpose IP address that the outer layer head of the probe messages is included are described
The LAN IP address of terminal;
The mesh that the purpose IP address that the outer layer head of the probe messages is included by the terminal are included with internal layer head
IP address between corresponding relation, with local record the terminal LAN IP address and wide area network
The corresponding relation of IP address is matched, if the match is successful, feeds back the probe messages to NAT device
Response message.
With reference to second aspect, in the first possible implementation of second aspect, the terminal is to NAT
Before equipment feeds back the response message of the probe messages, also include:
The terminal is sent to the simple traversal STUN server of the UDP UDP on NAT
STUN connection requests;
The terminal receives the STUN servers and disappears for the response of STUN connection requests feedback
Breath, carries the corresponding wide area network IP address of LAN IP address of the terminal in the response message;
Wherein, the corresponding wide area network IP of LAN IP address of the terminal for carrying in the response message
Address, it is consistent with the purpose IP address that the internal layer head of the probe messages is included;
The terminal according to the response message, locally record the LAN IP address of the terminal with it is wide
The corresponding relation of domain net IP address.
A kind of third aspect, there is provided address converting device, including:
Receiving unit, for receiving message, the message is the message for coming from the first terminal in LAN,
Or the message sent to the first terminal for second terminal;
Resolution unit, for parsing to the message, obtains the office of the first terminal that the message is carried
Domain net internet protocol address;
Determining unit, for according to local record LAN IP address with pass through the corresponding of state attribute value
Relation, determines that the LAN IP address of the first terminal is corresponding and passes through state attribute value, described to pass through
State attribute value be for characterize that the corresponding terminal of LAN IP address can realize that NAT is passed through first
Value, or be for characterizing the second value that the corresponding terminal of LAN IP address can not realize that NAT is passed through;
Processing unit, if being the first value for state attribute value is passed through described in determining unit determination,
Omit and the specific packet filtering ASPF process of application layer is performed to the message, and forward the message.
With reference to the third aspect, in the first possible implementation of the third aspect, described device also includes:
Recording unit, for recording the LAN IP address of the first terminal and passing through state attribute value
Corresponding relation;
Wherein, the recording unit was recording the first terminal before the receiving unit receives message
LAN IP address with the corresponding relation of state attribute value is passed through when, specifically for:
Probe messages are generated, the purpose IP address that the internal layer head of the probe messages is included are described device
A wide area network IP address in wide area network IP address pond, the purpose that the outer layer head of the probe messages is included
IP address is the LAN IP address of the first terminal;
The probe messages for generating are sent to the first terminal;
If receiving the response message for the probe messages of the first terminal feedback, record is described
The LAN IP address of first terminal is corresponding to pass through state attribute value for first value;
If not receiving the response message for the probe messages of the first terminal feedback, institute is recorded
The corresponding state attribute value that passes through of LAN IP address for stating first terminal is the second value.
With reference to the first possible implementation of the third aspect, in second possible realization of the third aspect
In mode, the purpose IP address that the internal layer head of the probe messages is included for it is following any one:
Address is specified in the wide area network IP address pond of described device;Or
Any one address in the wide area network IP address pond of described device;Or
Selected successively in the wide area network IP address pond of described device in order according to one probe messages of every generation
The principle of an address is selected, the address that the probing message for being currently generated is selected.
With reference to the first or second possible implementation of the third aspect, the third in the third aspect can
In the implementation of energy, also include:
Interference unit, for the probe messages of generation are sent it to the first terminal in the recording unit
Before, UDP is sent to the simple traversal STUN server of the UDP UDP on NAT tie up
It is fixed to ask, the purpose IP address that the outer layer head of the probe messages is included are carried in the UDP bind requests
Corresponding relation between the purpose IP address included with internal layer head;
The UDP bind requests are used for the STUN servers and carry according in the UDP bind requests
Corresponding relation LAN IP address that the STUN servers are preserved and wide area network IP address
Transitional information is updated.
It is with reference to the third aspect or arbitrary in the first of the third aspect to the third possible implementation
Kind, in the 4th kind of possible implementation of the 3rd fermentation, the processing unit is additionally operable to:
If it is determined that it is described pass through property value for second value, then ASPF process is performed to the message;And
Forwarding performs the message after ASPF is processed.
Fourth aspect provides a kind of address converting device, and described device is located in LAN, including:
Receiving unit, for receiving the probe messages of network address translation device transmission, the detection
The purpose internet protocol address that the internal layer head of message is included is in the wide area network IP address pond of NAT device
A wide area network IP address, the purpose IP address that the outer layer head of the probe messages is included are the terminal
LAN IP address;
Matching unit, for the purpose IP address and the internal layer head bag that include the outer layer head of the probe messages
Corresponding relation between the purpose IP address for containing, with local record the terminal LAN IP address with
The corresponding relation of wide area network IP address is matched;
Response unit, for when the match is successful for the matching unit, feeding back the detection to NAT device
The response message of message.
With reference to fourth aspect, in the first possible implementation of fourth aspect, the terminal is to NAT
Before equipment feeds back the response message of the probe messages, also include:
Determining unit, services for simple traversal STUN to the UDP UDP on NAT
Device sends STUN connection requests;And
Receive response message of the STUN servers for STUN connection requests feedback, the sound
The corresponding wide area network IP address of LAN IP address of the terminal is carried in answering message;
Wherein, the corresponding wide area network IP of LAN IP address of the described device for carrying in the response message
Address, it is consistent with the purpose IP address that the internal layer head of the probe messages is included;
Recording unit, for according to the response message local record described device LAN IP address
With the corresponding relation of wide area network IP address.
In terms of 5th, there is provided a kind of network address translation device, including:Network interface, memorizer
And processor, wherein, it is described for calling that batch processing, and the processor are stored in the memorizer
The program stored in memorizer so that the NAT device performs the of above-mentioned first aspect and first aspect
A kind of arbitrary described method in the 4th kind possible implementation.
In terms of 6th, there is provided a kind of terminal, including:Network interface, memorizer and processor, wherein,
Batch processing, and the journey stored during the processor is used to call the memorizer are stored in the memorizer
Sequence so that the terminal performs the side of the first possible implementation of above-mentioned second aspect or second aspect
Method.
In the embodiment of the present invention, NAT device is belonged to state of passing through according to the LAN IP address of local record
Property value corresponding relation, judge whether the terminal in the LAN possesses ride-through capability, it is determined that terminal tool
During standby ride-through capability, the ASPF process to message is omitted, so can effectively reduce NAT device utilization
The treating capacity of ASPF technologies, so as to reduce the operating load of NAT device, improves operational efficiency, and also
Can reduce bringing service disconnection equivalent risk due to ASPF process.
Description of the drawings
Fig. 1 a are to realize the method schematic diagram of address conversion in prior art;
Fig. 1 b are embodiment of the present invention address conversion system structural representation;
Fig. 2 a are the first address conversion method flow chart in the embodiment of the present invention;
Fig. 2 b are second address conversion method flow chart in the embodiment of the present invention;
Fig. 3 be the embodiment of the present invention in record the first LAN IP address with the corresponding relation of the state of passing through
Mode flow chart;
Fig. 4 is RTSP message address conversion networking structure figure in the embodiment of the present invention;
Fig. 5 is the first address converting device structure chart in the embodiment of the present invention;
Fig. 6 is second address converting device structure chart in the embodiment of the present invention;
Fig. 7 is NAT device structure chart in the embodiment of the present invention;
Fig. 8 is terminal structure figure in the embodiment of the present invention.
Specific embodiment
In order that the object, technical solutions and advantages of the present invention are clearer, below in conjunction with accompanying drawing to this
It is bright to be described in further detail, it is clear that described embodiment is only a part of embodiment of the invention,
Rather than the embodiment of whole.Based on the embodiment in the present invention, those of ordinary skill in the art are not doing
The all other embodiment obtained under the premise of going out creative work, belongs to the scope of protection of the invention.
For the multichannel agreement in prior art based on distinguishing signaling and media, such as RTSP, conversation initial
During the protocol transmission messages such as agreement (Session Initiation Protocol, SIP), due in net load
IP address is carried, NAT device is needed to perform ASPF process, causes NAT to set when message is received
Standby when a large amount of request is processed, resource meets with the problem of bottleneck, and the embodiment of the present invention proposes a kind of address and turns
Change method and device.By NAT device active probe communication terminal, go deep into the disposal ability of perception terminal,
When the message for receiving is processed, with reference to the disposal ability of terminal, when terminal has NAT ride-through capabilities,
ASPF process is not performed to message, directly E-Packeted, when terminal does not have NAT ride-through capabilities,
After ASPF process is performed to message, then forwarded.So, when have a large amount of requests and meanwhile on give the correct time, can
Effectively to reduce treating capacity of the NAT device with ASPF technologies, so as to the operation for reducing NAT device is born
Lotus, improves operational efficiency.
In the embodiment of the present invention, the communication between terminal refers to based on distinguishing signaling and media protocol transmit report
The communication of text, in the embodiment of the present invention, terminal could alternatively be other communication equipments such as server.
Fig. 1 b are the structural representation of address conversion system provided in an embodiment of the present invention.As shown in Figure 1 b,
The system includes:Terminal 101 and NAT device 102;Wherein, terminal 101 is located in LAN, is used for
Message is sent to other-end 101 ' by NAT device 102, or, receiving the forwarding of NAT device 102
Come from the message of other-end 101 ';NAT device 102 is for the message of sending the terminal 101 of reception
Forward to other-end 101 ', or the message that other-end 101 ' is sent is forwarded to terminal 101, also,
In repeating process, the address conversion between LAN and wide area network is carried out to message.
The system also includes simple traversal mode (Simple Traversal of UDPs of the UDP to NAT
Through Network Address Translators, STUN) server 103, STUN servers 103
For the STUN connection requests that receiving terminal 101 sends, and to the local of 101 feedback terminal 101 of terminal
The corresponding wide area network IP address of net IP address.
The method and device of address conversion provided in an embodiment of the present invention is entered below in conjunction with specific embodiment
Row is described in detail.
Fig. 2 a are the flow chart of the first address conversion method provided in an embodiment of the present invention, and executive agent is
NAT device.As shown in Figure 2 a, the method comprises the steps:
Step 200a:NAT device receives message, wherein, the message is to come from the in LAN
The message of one terminal, or the message that the message is sent to the first terminal for second terminal.
In practical application, the terminal in LAN is intended to be communicated with other-end, and the message of transmission is needed
Forwarded through NAT device, equally, other-end is intended to be communicated with the terminal in LAN,
The message of transmission is also required to be forwarded through NAT device, wherein, the other-end may be located at office
In the net of domain, it is also possible in wide area network, illustrate so that other-end is located in wide area network as an example below.
For example, first terminal is located in LAN, and first terminal is intended to enter with the second terminal in wide area network
Row communication, then first terminal need to be forwarded through NAT device to the message that second terminal sends, wherein,
The source IP address that the source IP address and internal layer head that the outer layer head of the message that first terminal sends is included is included,
For the lan address of first terminal, and it is located at the second terminal in wide area network and can only knows that first terminal is external
Disclosed address, i.e. wide area network address, therefore, NAT device needs the source IP for including the outer layer head of message
The source IP address that address and internal layer head are included is converted to corresponding wide area by the lan address of first terminal
Net address.
Again for example, second terminal is located in wide area network, and second terminal is intended to and the first terminal being located in LAN
Communicated, then second terminal also needs to be forwarded through NAT device to the message that first terminal sends,
Wherein, the purpose that the purpose IP address and internal layer head that the outer layer head of the message that second terminal sends is included are included
IP address, is the wide area network address of first terminal, in order that the message that second terminal sends smoothly reaches the
One terminal, NAT device need the purpose IP address that include of outer layer head of the message that second terminal is sent and
The purpose IP address that internal layer head is included are converted to lan address by the wide area network address of first terminal.
Wherein, the conversion of the IP address for including for outer layer head can apply common address translation technique, existing
There is the NAT device in technology all to possess this address translation capabilities, and be directed to the IP address that internal layer head is included
Conversion need to possess the NAT device of ASPF disposal abilities parsing is carried out to internal layer head and could realize.This
The bright NAT device being related to refers to the NAT device for possessing ASPF disposal abilities.
Step 210a:NAT device is parsed to the message, and obtain the message carrying first is whole
The LAN IP address at end.
NAT device obtains the corresponding LAN IP address of first terminal according to the message for receiving.For example,
NAT device receives the message that the first terminal in LAN sends, and determines the outer layer head bag in message
LAN IP address of the source address for containing for first terminal;Again for example, NAT device is received positioned at wide area
The message that second terminal in net sends, according to the destination address that the outer layer head in message is included, and NAT
The information of address conversion of equipment local record, determines the LAN IP address of first terminal.Wherein, message
In destination address for first terminal wide area network IP address, in information of address conversion comprising wide area network IP ground
Location and the mapping relations of LAN IP address.
Step 220a:NAT device according to local record LAN IP address with pass through state attribute value
Corresponding relation, determines that the LAN IP address of the first terminal is corresponding and passes through state attribute value, described
Pass through state attribute value be for characterize that the corresponding terminal of LAN IP address can realize that NAT is passed through
One value, or be for characterizing the second value that the corresponding terminal of LAN IP address can not realize that NAT is passed through.
When the internal layer head IP address for message is changed, except having described in step 200a
The NAT device of ASPF disposal abilities is parsed to internal layer head, and another treatment mechanism is that NAT wears
More.In order to be better understood from the scheme of the embodiment of the present invention, below the NAT mechanism of passing through is introduced,
The present embodiments relate to NAT pass through mechanism and pass through for STUN.
Specifically, the terminal in LAN is previously obtained its wide area network address by STUN mechanism,
When generating message, the source IP address that internal layer head is included is extended this as into wide area network address directly in net load, this
Sample, when message is through NAT device, the source IP address that the internal layer head in net load is included avoids the need for being repaiied
Change, only the source IP address that outer layer head is included need to be changed by common NAT flow processs.
The address translation capabilities and the mechanism of utilization that the NAT device disposed in real network possesses are inconsistent,
The function that terminal is supported is also inconsistent, possesses the NAT device of ASPF disposal abilities when message is received,
Source IP address that the internal layer head of message includes whether modified mistake can not be known, i.e., can not be perceived and be sent out
Whether literary terminal of delivering newspaper possesses NAT ride-through capabilities.Therefore, the NAT for possessing ASPF disposal abilities sets
The standby message to receiving is required for performing ASPF process, and this undoubtedly increases the treating capacity of NAT device.
In the embodiment of the present invention, NAT device is detected for the terminal in the whole network in advance, determines that terminal is
It is no to possess NAT ride-through capabilities, and belong to state of passing through in the corresponding LAN IP address of local record terminal
The corresponding relation of property value.
Specifically, refering to shown in Fig. 3, by taking first terminal as an example, record the first LAN IP address and wear
The mode of the more corresponding relation of state attribute value is as described below:
Step 30:NAT device generates probe messages, purpose IP that the internal layer head of the probe messages is included
Address is an address in the wide area network IP address pond of NAT device, the outer layer head bag of the probe messages
The purpose IP address for containing are the LAN IP address of the first terminal.
Specifically, NAT device is in advance in the wide area network IP address pond of locally configured NAT device, and in advance
Several configuration mechanisms for generating probe messages of setting, NAT device selected wherein one before probe messages are generated
Configuration mechanism is planted, and probe messages is generated according to the configuration mechanism for selecting.Wherein, below in three kinds of configuration mechanisms
The configuration mode of the purpose IP address that the internal layer head of probe messages is included is as an example.
1) address is specified in the wide area network IP address pond of NAT device;
2) any one address in the wide area network IP address pond of NAT device;
3) according to it is every generation one probe messages in the wide area network IP address pond of NAT device in order according to
The secondary principle for selecting an address, the address that the probing message for being currently generated is selected.
For example, the address number in the wide area network IP address pond of NAT device is respectively 0,1,2 ... 99.
NAT device selects address to include as the internal layer head of probe messages according to 0,1,2 ... 99 numbering successively
Purpose IP address.
Step 31:The probe messages for generating are sent by NAT device to the first terminal.
Step 32:If NAT device receives the response report for probe messages of the first terminal feedback
Text, it is determined that the first terminal can realize that NAT is passed through, and record the LAN IP ground of first terminal
Location is corresponding to pass through state attribute value for the first value.
The purpose IP address and outer layer head included due to the internal layer head of the probe messages of NAT device transmission are included
Purpose IP address it is different, therefore, if can receive first terminal feedback the sound for probe messages
Message is answered, then illustrates that the purpose IP address of the probe messages that first terminal can be to receiving are corrected,
Or explanation first terminal can pass through the purpose IP address for asking adjacent server acquisition to probe messages
The method corrected, that is to say, that first terminal possesses and switchs to the LAN IP address of first terminal
In the wide area network IP address pond of the NAT device of the purpose IP address configuration of probe messages, the NAT of address wears
More ability.Wherein, message of the response message such as answer code for 200OK.
Specifically, the corresponding state attribute value that passes through of terminal can be recorded with transition status parameter, for example, will
Can realize that the transition status parameter that NAT is passed through is to be recorded as 1;Will not be able to realize that what NAT passed through turns
Change state parameter and be recorded as 0.The LAN IP address of NAT device record first terminal is corresponding to pass through shape
State property value is the first value, i.e. the corresponding transition status parameter of LAN IP address of record first terminal
For 1.
Step 33:If NAT device does not receive the response for probe messages of the first terminal feedback
Message, it is determined that the first terminal can not realize that NAT is passed through, and record the local of the first terminal
Net IP address is corresponding to pass through state attribute value for second value.
Specifically, if failing to receive the response message for probe messages of first terminal feedback, illustrate
First terminal does not possess the purpose IP address configuration that the LAN IP address of first terminal is switched to probe messages
NAT device wide area network IP address pond in address NAT ride-through capabilities.Wherein, fail to receive
The response message for probe messages of one terminal feedback, responds including not receiving response and receiving other
Situations such as.
The corresponding state attribute value that passes through of the LAN IP address of NAT device record first terminal is second value,
That is, the corresponding transition status parameter of LAN IP address for recording first terminal is 0.
NAT device is detected to other all terminals in the whole network according to the method described above successively, is obtained each
The corresponding LAN IP address of individual terminal is corresponding to pass through state attribute value.
Return to accompanying drawing 2a, step 230a:If the state attribute value that passes through determined in step 220a is the first value,
Then NAT device is omitted and performs ASPF process to the message, and forwards the message.
In the embodiment of the present invention, NAT device is not using traditional processing mode, to the message for receiving
ASPF process is carried out, but corresponding processing mode is taken according to the ride-through capability of terminal.
For example, for the message received in step 200a, NAT device is by determining in step 220a
The LAN IP address of first terminal corresponding pass through state attribute value, however, it is determined that first terminal can be real
Existing NAT is passed through, that is, know that first terminal possesses and the LAN IP address of first terminal is switched to probe messages
Purpose IP address configuration NAT device wide area network IP address pond in address NAT ride-through capabilities,
Then NAT device is omitted and performs ASPF process to first message, and the message is directly forwarded.
The message is then performed ASPF if it is determined that first terminal can not realize that NAT is passed through by NAT device
After process, forwarding performs the message after ASPF is processed.
In addition, in a network, terminal can know the wide area network address of itself by STUN servers, and
STUN servers locally have the mapping item of NAT, i.e. information of address conversion at which, in order that STUN
The information of address conversion of the information of address conversion of server storage and NAT device itself configuration is identical, to reach
To unified purpose, NAT device before probe messages are sent to first terminal, NAT device actively to
STUN servers initiate " interference ".
Specifically, " interference " in the application refers to that NAT device sends STUN to STUN servers
Request, such as sends UDP bind requests, and LAN IP address and wide area are carried in the UDP bind requests
Corresponding relation between net IP address, in the probe messages that the corresponding relation is sent to terminal with NAT device
Corresponding relation between the purpose IP address that the purpose IP address and internal layer head that the outer layer head of carrying is included are included
Unanimously.UDP bind requests be used for the STUN servers according to the UDP bind requests carry it is right
Should be related to, the address conversion to the LAN IP address and wide area network IP address of the preservation of STUN servers
Information is updated.
So, address conversion strategy of the STUN servers according to NAT device, by local LAN IP
After the information of address conversion of address and wide area network IP address updates, the terminal in LAN is to STUN
Server sends STUN requests, to obtain during itself wide area network IP address, it is possible to taken according to STUN
Information of address conversion after business device renewal, gets the terminal consistent with the address conversion strategy of NAT device
The corresponding wide area network IP address of LAN IP address, so as to realize that NAT is passed through, in NAT device to end
When end sends the probe messages according to its address conversion strategy generation, the response of terminal feedback can be received
Message, and then ASPF process is omitted, reduce the process load of NAT device.
Based on above-described embodiment, flow process such as Fig. 2 b of second address conversion method provided in an embodiment of the present invention
Shown, executive agent is the terminal in LAN, and the method comprises the steps:
Step 200b:Terminal in LAN receives the probe messages that NAT device sends, the spy
The purpose internet protocol address that includes of internal layer head for observing and predicting text is the wide area network IP of the NAT device
A wide area network IP address in address pool, the purpose IP address that the outer layer head of the probe messages is included are
The LAN IP address of the terminal.
Step 210b:Purpose IP address and internal layer that the outer layer head of the probe messages is included by the terminal
Corresponding relation between the purpose IP address that head is included, the LAN IP ground with the terminal of local record
Location is matched with the corresponding relation of wide area network IP address, if the match is successful, feeds back institute to NAT device
State the response message of probe messages.
Specifically, before terminal feeds back the response message of the probe messages to NAT device, terminal can be with
In the following manner to the wide area network IP address of STUN server request terminals:
(1) terminal sends STUN connection requests to STUN servers, and the STUN connection requests are used for
The wide area network IP address of oneself is inquired to STUN servers;
(2) terminal receives response message of the STUN servers for the STUN connection requests feedback, institute
State the corresponding wide area network IP address of LAN IP address of carried terminal in response message;
Wherein, the corresponding wide area network IP of LAN IP address of the terminal for carrying in the response message
Address, it is consistent with the purpose IP address that the internal layer head of the probe messages is included.
Specifically, STUN servers are in the local mapping for preserving LAN IP address and wide area network IP address
Relation list item, i.e. information of address conversion, terminal are sent after STUN connection requests to STUN servers,
STUN servers determine the wide area network IP address of terminal by the local information of address conversion for preserving of inquiry,
And to terminal feedback response message.
(3) response message of the terminal according to STUN server feedbacks, determines the wide area network IP address of itself,
And the corresponding relation of the LAN IP address and wide area network IP address in local record terminal.
Terminal is parsed to probe messages after probe messages are received, and obtains the outer layer head of probe messages
Comprising the purpose IP address that include of purpose IP address and internal layer head between corresponding relation, and will obtain
The LAN IP address of the terminal that corresponding relation is recorded with terminal local and the corresponding relation of wide area network IP address
Compare, if unanimously, to the response message of NAT device feedback detection message.
The embodiment of the present invention is described in further detail with reference to specific application scenarios.
As a example by based on RTSP transmitting messages, as shown in figure 4, RTSP server is located in LAN,
RTSP client is located in wide area network, total interface normal operation in the whole network.In transmission RTSP messages
The method of location conversion is as follows.
S1, NAT device configuration RTSP probe messages.
The source IP address that the source IP address and outer layer head that the internal layer head of configuration RTSP probe messages is included is included
Unanimously, the address of NAT device interface is, the purpose IP address that the internal layer head of RTSP messages is included
Modify so as to inconsistent with the purpose IP address that outer layer head is included, i.e. Destination locations assignment
Difference, concrete modification are an address in the wide area network IP address pond of NAT device, can be any one
Individual address, or a fixed address, it is also possible to for being selected successively in address pool in order
Address.
For example, in the RTSP probe messages of configuration, address of the source address for NAT interfaces;Outer layer head is included
Purpose IP address be the locally stored session of NAT device five-tuple in the corresponding source port of source address be
The address of well-known port 554, wherein, well-known port 554 is given tacit consent to for RTSP;The mesh that internal layer head is included
IP address for NAT device wide area network IP address pond in an address;Source port is any legal end
Mouth (such as 55316);Destination interface is 554.
S2, NAT device according to RTSP probe messages identical address conversion strategies, generate UDP tie up
It is fixed to ask, and the UDP bind requests are sent to STUN servers, the address for itself configuring is turned
Policy synchronization is changed to STUN servers.
Wherein, purpose IP address and internal layer that the outer layer head of probe messages is included are carried in UDP bind requests
Corresponding relation between the purpose IP address that head is included, it is, carrying NAT in UDP bind requests
The information of the address conversion strategy of device configuration.As such, it is possible to so that STUN servers are set according to NAT
The address conversion strategy of standby configuration, the LAN IP address that STUN servers are preserved and wide area network IP ground
The information of address conversion of location is locally being updated.
S3, NAT device simultaneously send RTSP probe messages to RTSP server.
The RTSP probe messages for having configured are asked to RTSP server to send by NAT device by Setup.
If the answer code for receiving RTSP server feedback is the response message of 200OK, RTSP is taken
The corresponding transition status parameter value of business device is designated as 1, and in the corresponding LAN of local record RTSP server
The corresponding relation of IP address and transition status parameter value 1;
If not receiving the response message of the answer code for 200OK of RTSP server feedback, by RTSP
The corresponding transition status parameter value of server is designated as 0, and in the corresponding local of local record RTSP server
The corresponding relation of net IP address and transition status parameter value 0.
Wherein, RTSP server to NAT device feedback response code for 200OK response message before,
Warp-wise STUN servers send STUN requests, ask the wide area network IP address of RTSP server,
And due to the address conversion strategy before STUN servers according to NAT device configuration, by STUN
The information of address conversion of LAN IP address and wide area network IP address that server is preserved being locally updated,
So, wide area network IP address and the address conversion of NAT that STUN servers are returned to RTSP server
It is tactful consistent.
In this, by probe messages being sent to the RTSP server in the whole network, can obtain the RTSP in the whole network
Corresponding relation between the corresponding LAN IP address of server and transition status parameter value, it is right by what is obtained
Should be related in local cache.
S4, RTSP client are initiated to access, and NAT device receives the access of RTSP client transmission please
Ask, access request is parsed, the purpose IP address included in obtaining access request, and further really
Determine the corresponding LAN IP address of purpose IP address, locally stored LAN IP address is inquired about with conversion shape
Access request, if transition status parameter is 1, is directly pressed normal routing forwarding by the corresponding relation of state parameter,
ASPF process is not performed.If transition status parameter is 0, access request is performed into ASPF process.
Based on above-described embodiment, as shown in figure 5, the first address converting device provided in an embodiment of the present invention
50 include:
Receiving unit 51, for receiving message, the message is the report for coming from the first terminal in LAN
Text, or the message sent to the first terminal for second terminal;
Resolution unit 52, for parsing to the message, obtains the first terminal that the message is carried
LAN Monitoring System fidonetFido IP address;
Determining unit 53, for according to local record LAN IP address with pass through the right of state attribute value
Should be related to, determine that the LAN IP address of the first terminal is corresponding and pass through state attribute value, it is described to wear
More state attribute value be for characterize that the corresponding terminal of LAN IP address can realize that NAT is passed through first
Value, or be for characterizing the second value that the corresponding terminal of LAN IP address can not realize that NAT is passed through;
Processing unit 54, if for passing through state attribute value for first described in the determination of the determining unit 43
Value, then omit and the specific packet filtering ASPF process of application layer performed to the message, and forward the message.
Optionally, described device also includes:
Recording unit 55, for recording the LAN IP address of the first terminal and passing through state attribute value
Corresponding relation;
Wherein, recording unit 55 was recording described first eventually before the receiving unit 51 receives message
When the LAN IP address at end is with the corresponding relation of state attribute value is passed through, specifically for:
Probe messages are generated, the purpose IP address that the internal layer head of the probe messages is included are described device
A wide area network IP address in wide area network IP address pond, the purpose that the outer layer head of the probe messages is included
IP address is the LAN IP address of the first terminal;
The probe messages for generating are sent to the first terminal;
If receiving the response message for the probe messages of the first terminal feedback, record is described
The LAN IP address of first terminal is corresponding to pass through state attribute value for first value;
If not receiving the response message for the probe messages of the first terminal feedback, institute is recorded
The corresponding state attribute value that passes through of LAN IP address for stating first terminal is the second value.
Optionally, the purpose IP address that the internal layer head of the probe messages is included for it is following any one:
Address is specified in the wide area network IP address pond of described device;Or
Any one address in the wide area network IP address pond of described device;Or
Selected successively in the wide area network IP address pond of described device in order according to one probe messages of every generation
The principle of an address is selected, the address that the probing message for being currently generated is selected.
Optionally, also include:
Interference unit 56, for the recording unit 55 by generate probe messages to the first terminal
Before transmission, UDP bind requests are sent to STUN servers, carry institute in the UDP bind requests
It is right between the purpose IP address that the outer layer head of probe messages includes and the purpose IP address that internal layer head is included to state
Should be related to;
The UDP bind requests are used for the STUN servers and carry according in the UDP bind requests
Corresponding relation LAN IP address that the STUN servers are preserved and wide area network IP address
Transitional information is updated.
Optionally, processing unit 54 is additionally operable to:
If it is determined that it is described pass through property value for second value, then ASPF process is performed to the message;And
Forwarding performs the message after ASPF is processed.
Based on above-described embodiment, as shown in fig. 6, second address converting device provided in an embodiment of the present invention
60, device 60 is located in LAN, including:
Receiving unit 61, for receiving the probe messages of network address translation device transmission, the spy
Observe and predict the wide area network IP address pond of the purpose internet protocol address that includes of internal layer head for NAT device of text
In a wide area network IP address, the purpose IP address that the outer layer head of the probe messages is included are the end
The LAN IP address at end;
Matching unit 62, for the purpose IP address and the internal layer head that include the outer layer head of the probe messages
Comprising purpose IP address between corresponding relation, with local record the terminal LAN IP address
Matched with the corresponding relation of wide area network IP address;
Response unit 63, it is for when the match is successful for the matching unit 62, described to NAT device feedback
The response message of probe messages.
Optionally, device 60, also include:
Determining unit 64, for feeding back the response report of the probe messages in response unit 63 to NAT device
Before text, STUN connection requests are sent to STUN servers;And
Receive response message of the STUN servers for STUN connection requests feedback, the sound
The corresponding wide area network IP address of LAN IP address of the terminal is carried in answering message;
Wherein, the corresponding wide area network IP of LAN IP address of the described device for carrying in the response message
Address, it is consistent with the purpose IP address that the internal layer head of the probe messages is included;
Recording unit 65, for according to the response message, in the LAN IP of local record described device
Address and the corresponding relation of wide area network IP address.
Based on above-described embodiment, as shown in fig. 7, embodiments providing a kind of NAT device 70, wrap
Include:Transceiver 71, processor 72, memorizer 73 and bus 74, wherein, transceiver 71, processor 72,
Memorizer 73 is connected with bus 74, wherein:
Transceiver 71, for receiving message, the message is the message for coming from the first terminal in LAN,
Or the message sent to the first terminal for second terminal;
Memorizer 73 stores batch processing;
Processor 72, for the program for calling memorizer 73 to store, performs following process:
The message is parsed, the LAN IP address of the first terminal that the message is carried is obtained;
According to the LAN IP address and the corresponding relation for passing through state attribute value of local record, it is determined that described
The LAN IP address of first terminal is corresponding to pass through state attribute value, and the state attribute value that passes through is use
The first value that NAT is passed through can be realized in the corresponding terminal of sign LAN IP address, or be for table
Levy the second value that the corresponding terminal of LAN IP address can not realize that NAT is passed through;
If it is determined that it is described pass through state attribute value for the first value, then omit and application layer spy performed to the message
Determine packet filtering ASPF process, and the message is forwarded by transceiver 71.
Optionally, processor 72 is additionally operable to:
The LAN IP address for recording the first terminal and the corresponding relation for passing through state attribute value;
Wherein, before transceiver 71 receives message, in the LAN IP address for recording the first terminal
During with passing through the corresponding relation of state attribute value, specifically for:
Probe messages are generated, the purpose IP address that the internal layer head of the probe messages is included are described device
A wide area network IP address in wide area network IP address pond, the purpose that the outer layer head of the probe messages is included
IP address is the LAN IP address of the first terminal;
The probe messages for generating are sent from transceiver 71 to the first terminal;
If it is determined that transceiver 71 receives the response report for the probe messages of the first terminal feedback
Text, then the corresponding state attribute value that passes through of LAN IP address for recording the first terminal is described first
Value;
If not receiving the response message for the probe messages of the first terminal feedback, institute is recorded
The corresponding state attribute value that passes through of LAN IP address for stating first terminal is the second value.
Optionally, the purpose IP address that the internal layer head of the probe messages is included for it is following any one:
Address is specified in the wide area network IP address pond of the NAT device;Or
Any one address in the wide area network IP address pond of the NAT device;Or
Selected successively in the wide area network IP address pond of described device in order according to one probe messages of every generation
The principle of an address is selected, the address that the probing message for being currently generated is selected.
Optionally, processor 72 is additionally operable to:
Before sending to the first terminal, UDP bind requests are sent to STUN servers, it is described
Carry the purpose IP address that the outer layer head of the probe messages includes to include with internal layer head in UDP bind requests
Purpose IP address between corresponding relation;
The UDP bind requests are used for the STUN servers and carry according in the UDP bind requests
Corresponding relation LAN IP address that the STUN servers are preserved and wide area network IP address
Transitional information is updated.
Optionally, processor 72 is additionally operable to:
If it is determined that it is described pass through property value for second value, then ASPF process is performed to the message;And
The message after ASPF is processed is performed as transceiver 71 is forwarded.
Based on above-described embodiment, as shown in figure 8, embodiments providing a kind of terminal 80, terminal
80 are located in LAN, and terminal 80 includes:
Including transceiver 81, processor 82, memorizer 83 and bus 84, wherein, transceiver 81, processor
82nd, memorizer 83 is connected with bus 84, wherein,
Transceiver 81, for receiving the probe messages of NAT device transmission, the internal layer head bag of the probe messages
The purpose internet protocol address for containing is a wide area network IP ground in the wide area network IP address pond of NAT device
Location, the purpose IP address that the outer layer head of the probe messages is included are the LAN IP address of the terminal;
Memorizer 83, for storing batch processing;
Processor 82, for the program for calling memorizer 83 to store, performs following process:
The purpose IP address that the purpose IP address that the outer layer head of the probe messages is included are included with internal layer head
Between corresponding relation, with LAN IP address and the wide area network IP address of the terminal of local record
Corresponding relation is matched;
When the match is successful, the response message of the probe messages is fed back to NAT device from transceiver 81.
Optionally, transceiver 81 is additionally operable to:
Before the response message of the probe messages is fed back to NAT device, send to STUN servers
STUN connection requests;And the STUN servers are received for STUN connection requests feedback
Response message, carries the corresponding wide area network IP ground of LAN IP address of the terminal in the response message
Location;Wherein, the corresponding wide area network of LAN IP address of the terminal 80 for carrying in the response message
IP address is consistent with the purpose IP address that the internal layer head of the probe messages is included;
The processor 82 is additionally operable to, in the LAN IP address and wide area network IP of local record described device
The corresponding relation of address.
In sum, in the embodiment of the present invention, the first terminal that NAT device is received in LAN sends
Or second terminal be intended to the first terminal accessed in LAN and the message for sending, NAT device is obtained
The LAN IP address of first terminal, the first NAT device according to local record LAN IP address with wear
More the corresponding relation of state attribute value, determines that the LAN IP address of the first terminal is corresponding and passes through shape
State property value, it is described pass through state attribute value be can be real for characterizing the corresponding terminal of LAN IP address
The first value that existing NAT is passed through, or NAT can be realized for characterizing the corresponding terminal of LAN IP address
The second value passed through, if the LAN IP address of the first terminal is corresponding to pass through state attribute value for the
One value, then NAT device omission perform the specific packet filtering ASPF process of application layer to the message, and turn
Send out message described.So, the NAT ride-through capabilities of the terminal in LAN are known by active probe,
NAT device is passively processed the address conversion of multichannel protocol massages, active process is replaced by, can not only
Enough reduce NAT device treating capacity and load, increase address conversion treatment effeciency, it is also possible to reduce due to
ASPF is processed and is brought service disconnection equivalent risk.
Those skilled in the art are it should be appreciated that embodiments of the invention can be provided as method, system or meter
Calculation machine program product.Therefore, the present invention can be using complete hardware embodiment, complete software embodiment or knot
The form of the embodiment in terms of conjunction software and hardware.And, the present invention can be using wherein wrapping at one or more
Computer-usable storage medium containing computer usable program code (including but not limited to disk memory,
CD-ROM, optical memory etc.) on the form of computer program implemented.
The present invention be with reference to method according to embodiments of the present invention, equipment (system), and computer program produce
The flow chart and/or block diagram of product is describing.It should be understood that can by computer program instructions flowchart and
/ or block diagram in each flow process and/or square frame and flow chart and/or the flow process in block diagram and/
Or the combination of square frame.These computer program instructions can be provided to general purpose computer, special-purpose computer, embedded
The processor of formula datatron or other programmable data processing devices is producing a machine so that by calculating
The instruction of the computing device of machine or other programmable data processing devices is produced for realizing in flow chart one
The device of the function of specifying in individual flow process or one square frame of multiple flow processs and/or block diagram or multiple square frames.
These computer program instructions may be alternatively stored in and computer or other programmable datas process can be guided to set
In the standby computer-readable memory for working in a specific way so that be stored in the computer-readable memory
Instruction produce and include the manufacture of command device, command device realization is in one flow process or multiple of flow chart
The function of specifying in one square frame of flow process and/or block diagram or multiple square frames.
These computer program instructions can be also loaded in computer or other programmable data processing devices, made
Obtain and series of operation steps is performed on computer or other programmable devices to produce computer implemented place
Reason, so as to the instruction performed on computer or other programmable devices is provided for realizing in flow chart one
The step of function of specifying in flow process or one square frame of multiple flow processs and/or block diagram or multiple square frames.
, but those skilled in the art once know base although preferred embodiments of the present invention have been described
This creative concept, then can make other change and modification to these embodiments.So, appended right will
Ask and be intended to be construed to include preferred embodiment and fall into the had altered of the scope of the invention and change.
Obviously, those skilled in the art can carry out various changes and modification and not take off to the embodiment of the present invention
From the spirit and scope of the embodiment of the present invention.So, if these modifications of the embodiment of the present invention and modification belong to
Within the scope of the claims in the present invention and its equivalent technologies, then the present invention be also intended to comprising these change and
Including modification.
Claims (15)
1. a kind of address conversion method, it is characterised in that include:
Network address translation device receives message, and the message is to come from the first end in LAN
The message at end, or the message sent to the first terminal for second terminal;
NAT device is parsed to the message, and the LAN for obtaining the first terminal that the message is carried is mutual
Networking protocol IP address;
LAN IP address and the corresponding relation that pass through state attribute value of the NAT device according to local record,
Determine that the LAN IP address of the first terminal is corresponding and pass through state attribute value, the state of passing through belongs to
Property value be for characterizing the first value that the corresponding terminal of LAN IP address can realize that NAT is passed through, or
It is for characterizing the second value that the corresponding terminal of LAN IP address can not realize that NAT is passed through;
If it is determined that it is described pass through state attribute value for the first value, then NAT device omission is held to the message
The specific packet filtering ASPF process of row application layer, and forward the message.
2. the method for claim 1, it is characterised in that before the NAT device receives message,
Also include:
NAT device records the LAN IP address of the first terminal in the following manner and passes through state category
The corresponding relation of property value:
NAT device generates probe messages, and the purpose IP address that the internal layer head of the probe messages is included are NAT
A wide area network IP address in the wide area network IP address pond of equipment, the outer layer head of the probe messages are included
Purpose IP address be the first terminal LAN IP address;
The probe messages for generating are sent by NAT device to the first terminal;
If NAT device receives the response message for the probe messages of the first terminal feedback,
The corresponding state attribute value that passes through of LAN IP address for recording the first terminal is first value;
If NAT device does not receive the response message for the probe messages of the first terminal feedback,
The corresponding state attribute value that passes through of LAN IP address for then recording the first terminal is the second value.
3. method as claimed in claim 2, it is characterised in that the internal layer head of the probe messages is included
Purpose IP address for it is following any one:
Address is specified in the wide area network IP address pond of NAT device;Or
Any one address in the wide area network IP address pond of NAT device;Or
Selected successively in the wide area network IP address pond of NAT device in order according to one probe messages of every generation
The principle of an address is selected, the address that the probing message for being currently generated is selected.
4. method as claimed in claim 2 or claim 3, it is characterised in that the detection that NAT device will be generated
Message also includes to before first terminal transmission:
NAT device is sent to the simple traversal STUN server of the UDP UDP on NAT
UDP bind requests, carry the purpose that the outer layer head of the probe messages is included in the UDP bind requests
Corresponding relation between the purpose IP address that IP address and internal layer head are included;
The UDP bind requests are used for the STUN servers and carry according in the UDP bind requests
The corresponding relation, to the STUN servers preserve LAN IP address and wide area network IP address
Transitional information be updated.
5. the method as described in any one of claim 1-4, it is characterised in that also include:
If it is determined that it is described pass through property value for second value, then NAT device performs ASPF to the message
Process;And
Forwarding performs the message after ASPF is processed.
6. a kind of address conversion method, it is characterised in that include:
Terminal in LAN receives the probe messages that network address translation device sends, described
The purpose internet protocol address that the internal layer head of probe messages is included is the wide area network IP of the NAT device
A wide area network IP address in address pool, the purpose IP address that the outer layer head of the probe messages is included are
The LAN IP address of the terminal;
The mesh that the purpose IP address that the outer layer head of the probe messages is included by the terminal are included with internal layer head
IP address between corresponding relation, with local record the terminal LAN IP address and wide area network
The corresponding relation of IP address is matched, if the match is successful, feeds back the probe messages to NAT device
Response message.
7. method as claimed in claim 6, it is characterised in that the terminal feeds back institute to NAT device
Before stating the response message of probe messages, also include:
The terminal is sent to the simple traversal STUN server of the UDP UDP on NAT
STUN connection requests;
The terminal receives the STUN servers and disappears for the response of STUN connection requests feedback
Breath, carries the corresponding wide area network IP address of LAN IP address of the terminal in the response message;
Wherein, the corresponding wide area network IP of LAN IP address of the terminal for carrying in the response message
Address, it is consistent with the purpose IP address that the internal layer head of the probe messages is included;
The terminal according to the response message, locally record the LAN IP address of the terminal with it is wide
The corresponding relation of domain net IP address.
8. a kind of address converting device, it is characterised in that include:
Receiving unit, for receiving message, the message is the message for coming from the first terminal in LAN,
Or the message sent to the first terminal for second terminal;
Resolution unit, for parsing to the message, obtains the office of the first terminal that the message is carried
Domain net internet protocol address;
Determining unit, for according to local record LAN IP address with pass through the corresponding of state attribute value
Relation, determines that the LAN IP address of the first terminal is corresponding and passes through state attribute value, described to pass through
State attribute value be for characterize that the corresponding terminal of LAN IP address can realize that NAT is passed through first
Value, or be for characterizing the second value that the corresponding terminal of LAN IP address can not realize that NAT is passed through;
Processing unit, if being the first value for state attribute value is passed through described in determining unit determination,
Omit and the specific packet filtering ASPF process of application layer is performed to the message, and forward the message.
9. device as claimed in claim 8, it is characterised in that described device also includes:
Recording unit, for recording the LAN IP address of the first terminal and passing through state attribute value
Corresponding relation;
Wherein, the recording unit was recording the first terminal before the receiving unit receives message
LAN IP address with the corresponding relation of state attribute value is passed through when, specifically for:
Probe messages are generated, the purpose IP address that the internal layer head of the probe messages is included are described device
A wide area network IP address in wide area network IP address pond, the purpose that the outer layer head of the probe messages is included
IP address is the LAN IP address of the first terminal;
The probe messages for generating are sent to the first terminal;
If receiving the response message for the probe messages of the first terminal feedback, record is described
The LAN IP address of first terminal is corresponding to pass through state attribute value for first value;
If not receiving the response message for the probe messages of the first terminal feedback, institute is recorded
The corresponding state attribute value that passes through of LAN IP address for stating first terminal is the second value.
10. device as claimed in claim 9, it is characterised in that also include:
Interference unit, for the probe messages of generation are sent it to the first terminal in the recording unit
Before, UDP is sent to the simple traversal STUN server of the UDP UDP on NAT tie up
It is fixed to ask, the purpose IP address that the outer layer head of the probe messages is included are carried in the UDP bind requests
Corresponding relation between the purpose IP address included with internal layer head;
The UDP bind requests are used for the STUN servers and carry according in the UDP bind requests
Corresponding relation LAN IP address that the STUN servers are preserved and wide area network IP address
Transitional information is updated.
11. devices as described in any one of claim 8-10, it is characterised in that the processing unit is also used
In:
If it is determined that it is described pass through property value for second value, then ASPF process is performed to the message;And
Forwarding performs the message after ASPF is processed.
12. a kind of address converting devices, it is characterised in that described device is located in LAN, including:
Receiving unit, for receiving the probe messages of network address translation device transmission, the detection
The purpose internet protocol address that the internal layer head of message is included is in the wide area network IP address pond of NAT device
A wide area network IP address, the purpose IP address that the outer layer head of the probe messages is included are the terminal
LAN IP address;
Matching unit, for the purpose IP address and the internal layer head bag that include the outer layer head of the probe messages
Corresponding relation between the purpose IP address for containing, with local record the terminal LAN IP address with
The corresponding relation of wide area network IP address is matched;
Response unit, for when the match is successful for the matching unit, feeding back the detection to NAT device
The response message of message.
13. devices as claimed in claim 12, it is characterised in that described device also includes:
Determining unit, for feeding back the response report of the probe messages in the response unit to NAT device
Before text, STUN is sent to the simple traversal STUN server of the UDP UDP on NAT
Connection request;And
Receive response message of the STUN servers for STUN connection requests feedback, the sound
The corresponding wide area network IP address of LAN IP address of the terminal is carried in answering message;
Wherein, the corresponding wide area network IP of LAN IP address of the described device for carrying in the response message
Address, it is consistent with the purpose IP address that the internal layer head of the probe messages is included;
Recording unit, for according to the response message local record described device LAN IP address
With the corresponding relation of wide area network IP address.
14. a kind of network address translation devices, it is characterised in that include:Memorizer and process
Device, wherein, batch processing is stored in the memorizer, and during the processor is used to call the memorizer
The program of storage so that the NAT device performs the method as described in claim 1 to 5 is arbitrary.
15. a kind of terminals, it is characterised in that include:Memorizer and processor, wherein, the storage
Batch processing, and the program stored during the processor is used to call the memorizer are stored in device so that institute
State terminal execution method as claimed in claims 6 or 7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510626118.XA CN106559504B (en) | 2015-09-25 | 2015-09-25 | Address translation method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510626118.XA CN106559504B (en) | 2015-09-25 | 2015-09-25 | Address translation method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106559504A true CN106559504A (en) | 2017-04-05 |
CN106559504B CN106559504B (en) | 2020-09-08 |
Family
ID=58415307
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510626118.XA Active CN106559504B (en) | 2015-09-25 | 2015-09-25 | Address translation method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106559504B (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107454210A (en) * | 2017-09-15 | 2017-12-08 | 成都西加云杉科技有限公司 | Communication means and system |
CN111371666A (en) * | 2018-12-26 | 2020-07-03 | 华为技术有限公司 | Method, device and system for processing message |
CN111866110A (en) * | 2020-07-13 | 2020-10-30 | 浙江捷创方舟数字技术有限公司 | Industrial equipment communication method and 5G gateway |
CN112118207A (en) * | 2019-06-20 | 2020-12-22 | 华为技术有限公司 | Data transmission method, server and electronic equipment |
CN114697300A (en) * | 2022-04-15 | 2022-07-01 | 武汉中元通信股份有限公司 | Data multicast implementation method of high-timeliness communication system |
WO2024021714A1 (en) * | 2022-07-29 | 2024-02-01 | 华为技术有限公司 | Network address translation (nat) traversal method, device, and system |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102447748A (en) * | 2010-10-15 | 2012-05-09 | 华为技术有限公司 | Method, equipment and system for allocating outer Internet protocol IP addresses during network address translation (NAT) |
CN102685261A (en) * | 2011-03-15 | 2012-09-19 | 中国移动通信集团公司 | Method, system and device for controlling address mapping state of equipment |
CN103281406A (en) * | 2013-04-24 | 2013-09-04 | 杭州华三通信技术有限公司 | Message forwarding method for inter-cloud VM (virtual machine) migration, NAT (Network Address Translation) server and network |
-
2015
- 2015-09-25 CN CN201510626118.XA patent/CN106559504B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102447748A (en) * | 2010-10-15 | 2012-05-09 | 华为技术有限公司 | Method, equipment and system for allocating outer Internet protocol IP addresses during network address translation (NAT) |
US20130227170A1 (en) * | 2010-10-15 | 2013-08-29 | Huawei Technologies Co., Ltd. | Method for allocating an external network ip address in nat traversal, and device and system |
CN102685261A (en) * | 2011-03-15 | 2012-09-19 | 中国移动通信集团公司 | Method, system and device for controlling address mapping state of equipment |
CN103281406A (en) * | 2013-04-24 | 2013-09-04 | 杭州华三通信技术有限公司 | Message forwarding method for inter-cloud VM (virtual machine) migration, NAT (Network Address Translation) server and network |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107454210A (en) * | 2017-09-15 | 2017-12-08 | 成都西加云杉科技有限公司 | Communication means and system |
CN107454210B (en) * | 2017-09-15 | 2020-12-01 | 成都西加云杉科技有限公司 | Communication method and system |
CN111371666A (en) * | 2018-12-26 | 2020-07-03 | 华为技术有限公司 | Method, device and system for processing message |
CN112118207A (en) * | 2019-06-20 | 2020-12-22 | 华为技术有限公司 | Data transmission method, server and electronic equipment |
CN112118207B (en) * | 2019-06-20 | 2021-12-28 | 华为技术有限公司 | Data transmission method, server and electronic equipment |
CN111866110A (en) * | 2020-07-13 | 2020-10-30 | 浙江捷创方舟数字技术有限公司 | Industrial equipment communication method and 5G gateway |
CN111866110B (en) * | 2020-07-13 | 2023-12-19 | 浙江捷创方舟数字技术有限公司 | Industrial equipment communication method and 5G gateway |
CN114697300A (en) * | 2022-04-15 | 2022-07-01 | 武汉中元通信股份有限公司 | Data multicast implementation method of high-timeliness communication system |
WO2024021714A1 (en) * | 2022-07-29 | 2024-02-01 | 华为技术有限公司 | Network address translation (nat) traversal method, device, and system |
Also Published As
Publication number | Publication date |
---|---|
CN106559504B (en) | 2020-09-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106559504A (en) | A kind of address conversion method and device | |
CN110933180B (en) | Communication establishment method, device, load equipment and storage medium | |
US20180295164A1 (en) | Data Processing Method in Webpage-Based Real-Time Communication Media and Device Utilizing Same | |
CN102223365A (en) | User access method and device based on SSL (Secure Socket Layer) VPN (Virtual Private Network) gateway cluster | |
RU2014112197A (en) | HOME ROUTING FOR IMS ROAMING USING BINDING IN VPLMN | |
CN103384181B (en) | The transmission method and equipment of data packet | |
US20130091291A1 (en) | Method and apparatus for improving voice or video transmission quality in cloud computing mode | |
CN108040134A (en) | A kind of method and device of DNS Transparent Proxies | |
CN104717131B (en) | Information interacting method and server | |
CN103685332B (en) | File uploading method, client, server and system | |
CN109995721A (en) | Service request processing method, device and communication system | |
CN105262847B (en) | Communication means and system between terminal device | |
CN101236553A (en) | Web page information synergistic browsing system and method | |
CN110855424B (en) | Method and device for synthesizing asymmetric flow xDR in DPI field | |
CN106302847A (en) | Network transmission method and system for multi-layer network address translator structure | |
CN103905380B (en) | Service call method, device and system | |
CN103812957B (en) | ARP record management method and apparatus | |
CN103581361A (en) | Domain name resolution proxy method, device and system | |
US8321592B2 (en) | Methods, systems, and computer readable media for generating and using statelessly reversible representations of session initiation protocol (SIP) information by SIP cluster entities | |
US20170163809A1 (en) | Method and Device for Recording Multimedia Data | |
CN104219257B (en) | A kind of webpage real-time communication method, system and server and client side | |
CN104184565B (en) | A kind of method and device of processing retransmission information | |
CN107528932A (en) | A kind of data transmission method, network address translation apparatus | |
CN104158806B (en) | Session connection method for building up and equipment, session-orient E-Service network element | |
CN101471938B (en) | Authentication method, system and device for point-to-point network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |