CN106888198B - A kind of configuration method of Packet Filtering rule, apparatus and system - Google Patents
A kind of configuration method of Packet Filtering rule, apparatus and system Download PDFInfo
- Publication number
- CN106888198B CN106888198B CN201510946745.1A CN201510946745A CN106888198B CN 106888198 B CN106888198 B CN 106888198B CN 201510946745 A CN201510946745 A CN 201510946745A CN 106888198 B CN106888198 B CN 106888198B
- Authority
- CN
- China
- Prior art keywords
- pcp
- address information
- request message
- client
- network address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the present invention provides a kind of configuration method of Packet Filtering rule, apparatus and system, is related to field of communication technology, can dynamic configuration data packet filtering rules, thus improve intercept protection effect.This method comprises: PCP server receives the first PCP request message that the PCP client in private network is sent, first PCP request message carries filter operation code, the life cycle of the first PCP request message and the global network address information of the host in global network, the life cycle of first PCP request message is greater than zero, and the source address information of the first PCP request message is the private network address information of PCP client;For PCP server according to the life cycle and filter operation code of the first PCP request message, generation includes the Packet Filtering rule of the global network address information of host and the private network address information of PCP client;PCP server sends the first confirmation message to PCP client.
Description
Technical field
The present invention relates to the configuration method of field of communication technology more particularly to a kind of Packet Filtering rule, device and it is
System.
Background technique
The port control protocols (PCP, Port Control Protocol) of RFC6887 description define Internet protocol
Fourth edition (IPV4, Internet Protocol Version 4)/Internet protocol sixth version (IPV6, Internet
Protocol Version 6) a kind of new network address translation (NAT, Network Address in network
Translation) mechanism changes gateway or carrier-class NAT (CGN, Carrier in the past with nat feature
Grade NAT), firewall etc. during executing nat feature, for the host in private network hardly known to can not
The situation of control can be completed NAT conversion by the host initiative NAT gateway equipment in private network and inform NAT gateway
Equipment this how to complete NAT conversion.
Host in private network passes through PCP as PCP client and the NAT gateway equipment with PCP server capability
Message negotiates the private network address of creation PCP client and the mapping relations of global network address, is based on above-mentioned mapping relations
Can realize PCP client to other hosts or global network in global network other hosts to PCP client industry
Business interaction.
PCP message between PCP client and PCP server utilizes User Datagram Protocol (UDP, User Datagram
Protocol it) carries, is a kind of stateless negotiations process.PCP message mainly include PCP client send request message with
And the response message that PCP server is replied.
The negotiation mode that RFC6887 defines MAP (matching) operation code is primarily adapted for use in the host conduct in private network
Server provides the application scenarios of service for the host in global network.
PCP server in addition to be able to carry out network address translation (NAT, Network Address Translation) with
Outside, it is also used as safety equipment, such as firewall box, plays security protection.PCP server as safety equipment
Packet Filtering rule can be generally provided, the Packet Filtering rule of its storage of PCP server by utilizing can forbid certain business
Access intercepts malice or non-essential flowing of access.
The Packet Filtering rule of existing PCP server storage is preconfigured by equipment manager, and is grasped in MAP
Make under the negotiation mode of code, for the business initiated by the host in global network, equipment manager can not obtain in advance
Know global network address information used in the host in global network, therefore, equipment manager can not configure and the type industry
It is engaged in corresponding Packet Filtering rule, certain not expected industry can not be forbidden so as to cause existing PCP server
Business access, it is poor so as to cause the effect for intercepting protection.
Summary of the invention
The embodiment of the present invention provides a kind of configuration of Packet Filtering rule, apparatus and system, being capable of dynamic configuration number
According to packet filtering rules, to improve the effect for intercepting protection.
In order to achieve the above objectives, the embodiment of the present invention adopts the following technical scheme that
The embodiment of the present invention provides a kind of configuration method of Packet Filtering rule, comprising: port control protocols PCP service
Device receives the carrying filter operation code of PCP client transmission, the life cycle of the first PCP request message and in global network
Host global network address information the first PCP request message, the life cycle of the first PCP request message is greater than
Zero, the source address information of the first PCP request message is the private network address information of the PCP client;Then, described
Life cycle and the filter operation code of the PCP server according to the first PCP request message, generation includes the public affairs of the host
There is the Packet Filtering rule of the private network address information of network address information and the PCP client, in order to described
PCP server is in the life cycle of the first PCP request message using the Packet Filtering rule to via the PCP
The target packet of server is filtered, wherein the source address information of target packet is the global network of the host
Location information, the destination address information of the target packet is the private network address information of the PCP client, finally, institute
It states PCP server and sends the first confirmation message to the PCP client.
PCP request message in the embodiment of the present invention is in the content that PCP request message includes as defined in existing PCP,
Filter operation code is increased, the filter operation code is for requesting PCP server to carry out respective handling to data packet filtering rules.
Can include life cycle in PCP request message, the life cycle be used to indicate include host in the request publicly-owned net
The Packet Filtering rule maintained time of the private network address information of network address information and PCP client.PCP service
Device receive include filter operation code, the life cycle greater than zero and the host in global network global network
After first PCP request message of address information, according to the life cycle and filter operation code, generation includes the publicly-owned net of host
The Packet Filtering rule of the private network address information of network address information and PCP client, so that PCP server exists
Using Packet Filtering rule to the target packet progress via PCP server in the life cycle of first PCP request message
Filtering, plays safety protection function.
Further, after the PCP server sends the first confirmation message to the PCP client, the configuration
Method further include: in the life cycle of the first PCP request message, the PCP server receives the PCP client
The global network address letter of the carrying filter operation code of transmission, the life cycle of the 2nd PCP request message and the host
The life cycle of 2nd PCP request message of breath, the 2nd PCP request message is equal to zero, the 2nd PCP request message
Source address information is the private network address information of the PCP client;Then, the PCP server deletion includes described
The Packet Filtering rule of the private network address information of the global network address information of host and the PCP client is to institute
It states PCP client and sends the second confirmation message.
Further, after the PCP server sends the first confirmation message to the PCP client, the configuration
Method further include: determine that the life cycle of the first PCP request message terminates, the PCP server is then deleted comprising
State the Packet Filtering rule of the global network address information of host and the private network address information of the PCP client.
It is understood that the life cycle of the first PCP request message terminates to mean according to the life of the first PCP request message
At include the host global network address information and the PCP client private network address information data
Packet filtering rules failure, the deletion of PCP server include the global network address information and the PCP client of the host
Private network address information Packet Filtering rule, it can be ensured that resource is rationally discharged.
Another embodiment of the present invention provides a kind of configuration methods of Packet Filtering rule, comprising: port control protocols PCP
Client is sent to PCP server carries filter operation code, the life cycle of the first PCP request message and in global network
Host global network address information the first PCP request message, the life cycle of the first PCP request message is greater than
Zero, the source address information of the first PCP request message is the private network address information of the PCP client, described first
PCP request message is for requesting the PCP server according to the life of the filter operation code and the first PCP request message
It includes the global network address information of the host and the private network address information of the PCP client that period, which generates,
Packet Filtering rule;The global network address information for including the host and the PCP client are generated in PCP server
After the Packet Filtering rule of the private network address information at end, the PCP client receive that the PCP server sends the
One confirmation message.
PCP client in the embodiment of the present invention sends the first PCP request message to PCP server according to business demand,
For requesting PCP server according to the life cycle of filter operation code and the first PCP request message in the first PCP request message
Generation includes the global network address information of the host in global network and the private network of the PCP client
The Packet Filtering rule of location information, in order to which PCP server can be according to the Packet Filtering rule of generation to from being located at
The target packet of host in global network is filtered, to improve the effect for intercepting protection.
Further, described after the first confirmation message that the PCP client receives that the PCP server is sent
Configuration method further include: the PCP client is sent to the PCP server carries the filter operation code, the 2nd PCP request
2nd PCP request message of the life cycle of message and the global network address information of the host, the 2nd PCP request disappear
The life cycle of breath is equal to zero, and the 2nd PCP request message includes the host for requesting the PCP server deletion
Global network address information and the PCP client private network address information Packet Filtering rule;It is taken in PCP
It includes the global network address information of the host and the private network address information of the PCP client that business device, which is deleted,
After Packet Filtering rule, the PCP client receives the second confirmation message that the PCP server is sent.
The embodiment of the present invention provides a kind of port control protocols PCP server, comprising: receiving unit, processing unit and hair
Send unit.
Specifically, the function that each unit module provided in an embodiment of the present invention is realized is specific as follows:
Receiving unit, the first PCP request message sent for receiving the PCP client in private network, described first
PCP request message carries filter operation code, the life cycle of the first PCP request message and the host in global network
Global network address information, the source address information of the first PCP request message is the private network of the PCP client
The life cycle of location information, the first PCP request message is greater than zero;
Processing unit, the life cycle of the first PCP request message for being received according to the receiving unit and
The filter operation code, generation include the global network address information of the host and the privately owned net of the PCP client
The Packet Filtering rule of network address information, in order to which the PCP server is in the life cycle of the first PCP request message
It is interior that the target packet via the PCP server is filtered using the Packet Filtering rule, the target data
The source address information of packet is the global network address information of the host, and the destination address information of the target packet is described
The private network address information of PCP client;
Transmission unit, for sending the first confirmation message to the PCP client.
The technical effect of PCP server provided in an embodiment of the present invention may refer to PCP server in above-described embodiment and hold
The technical effect of PCP server described in the configuration method of capable Packet Filtering rule, details are not described herein again.
Further, the receiving unit is also used to send the first confirmation to the PCP client in the transmission unit
After message, the 2nd PCP that the PCP client is sent is received in the life cycle of the first PCP request message and is asked
Seek message, the 2nd PCP request message carry the filter operation code, the 2nd PCP request message life cycle and
The global network address information of the host, the source address information of the 2nd PCP request message are the private of the PCP client
There is network address information, the life cycle of the 2nd PCP request message is equal to zero.
Further, the processing unit, be also used to delete include the host global network address information and
The Packet Filtering rule of the private network address information of the PCP client.
Further, the transmission unit is also used to send the second confirmation message to the PCP client.
Further, the processing unit is also used to send the second confirmation to the PCP client in the transmission unit
After message, determine that the life cycle of the first PCP request message terminates, then deletion includes the global network of the host
The Packet Filtering rule of the private network address information of address information and the PCP client.
Another embodiment of the present invention provides a kind of port control protocols PCP clients, including transmission unit and receiving unit.
Specifically, the function that each unit module provided in an embodiment of the present invention is realized is specific as follows:
Transmission unit, for sending the first PCP request message to PCP server, the first PCP request message was carried
Filter the global network address letter of operation code, the life cycle of the first PCP request message and the host in global network
Breath, the source address information of the first PCP request message are the private network address information of the PCP client, described first
The life cycle of PCP request message is greater than zero, and the first PCP request message is for requesting the PCP server according to
The generation of the life cycle of filter operation code and the first PCP request message includes the global network address information of the host
And the Packet Filtering rule of the private network address information of the PCP client.
Receiving unit, described first sent in response to the transmission unit sent for receiving the PCP server
First confirmation message of PCP request message.
The technical effect of PCP client provided in an embodiment of the present invention may refer to PCP client in above-described embodiment and hold
The technical effect of PCP client described in the configuration method of capable Packet Filtering rule, details are not described herein again.
Further, the transmission unit is also used to receive the response that the PCP server is sent in the receiving unit
After the first confirmation message of the first PCP request message, Xiang Suoshu PCP server sends the 2nd PCP request message, institute
It states the 2nd PCP request message and carries the filter operation code, the life cycle of the 2nd PCP request message and the host
Global network address information, the source address information of the 2nd PCP request message are the private network address of the PCP client
Information, the life cycle of the 2nd PCP request message are equal to zero, and the 2nd PCP request message is for requesting the PCP to take
It includes the global network address information of the host and the private network address information of the PCP client that business device, which is deleted,
Packet Filtering rule.
Further, the receiving unit, is also used to receive that the PCP server sends in response to the transmission unit
Second confirmation message of the 2nd PCP request message sent.
Another embodiment of the present invention provides a kind of configuration systems of Packet Filtering rule, including such as above-mentioned any one institute
The PCP server stated and the PCP client as described in above-mentioned any one, wherein the PCP client and the PCP take
Pass through network connection between business device.
The technical effect of network system provided in an embodiment of the present invention may refer to PCP server in above-described embodiment and execute
Packet Filtering rule configuration method described in PCP server technical effect and above-described embodiment in PCP client
The technical effect of PCP client described in the configuration method of the Packet Filtering rule of execution, details are not described herein again.
Optionally, the private network address information of PCP client described in any one above-mentioned embodiment includes the PCP
The private network internet protocol address information of client and port information corresponding with the private network IP address information,
The global network address information of the host in the global network include the global network IP address information of the host with
And port information corresponding with the global network IP address information.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention.
Fig. 1 is the structural schematic diagram one of the configuration system of Packet Filtering rule provided in an embodiment of the present invention;
Fig. 2 is the composition schematic diagram of the configuration system of Packet Filtering rule provided in an embodiment of the present invention;
Fig. 3 is the flow diagram one of configuration method provided in an embodiment of the present invention;
Fig. 4 is the flow diagram two of configuration method provided in an embodiment of the present invention;
Fig. 5 is the structural schematic diagram one of PCP server provided in an embodiment of the present invention;
Fig. 6 is the structural schematic diagram two of PCP server provided in an embodiment of the present invention;
Fig. 7 is the structural schematic diagram one of PCP client provided in an embodiment of the present invention;
Fig. 8 is the structural schematic diagram two of PCP client provided in an embodiment of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention is clearly retouched
It states.
Description and claims of this specification and term " first ", " second ", " third " and " in above-mentioned attached drawing
Four " etc. be for distinguishing different objects, rather than for limiting particular order.In addition, term " includes " and " having " and it
Any deformation, it is intended that cover and non-exclusive include.Such as it contains the process, method of a series of steps or units, be
System, product or equipment are not limited to listed step or unit, but optionally further comprising the step of not listing or list
Member, or optionally further comprising other step or units intrinsic for these process, methods, product or equipment.
In being described below, for illustration and not for limitation, propose such as specific system structure, interface, technology it
The detail of class understands the present invention to cut thoroughly.However, it will be clear to one skilled in the art that there is no these specific
The present invention also may be implemented in the other embodiments of details.In other situations, omit to well-known device, circuit and
The detailed description of method, in case unnecessary details interferes description of the invention.
In addition, the terms "and/or", only a kind of incidence relation for describing affiliated partner, indicates may exist
Three kinds of relationships, for example, A and/or B, can indicate: individualism A exists simultaneously A and B, these three situations of individualism B.Separately
Outside, character "/" herein typicallys represent the relationship that forward-backward correlation object is a kind of "or".
Fig. 1 is the structural schematic diagram of the configuration system of Packet Filtering rule provided in an embodiment of the present invention.Referring to Fig. 1,
The configuration system includes PCP server 10, one or more PCP client 11 connecting with PCP server 10, and one or more
A Internet Service Provider (ISP, Internet Service Provider) equipment 12 being connect with PCP server 10.
PCP client 11 belongs to private network 1, and ISP equipment 12 belongs to global network 2, and PCP server 10 is located at private network 1
With the interface of global network 2.Wherein, private network can be the local area network of enterprise, and global network can be internet.It is privately owned
Network is connected to global network by the access device with nat feature.
Wherein, the PCP server 10 in the embodiment of the present invention is the server device for referring to support PCP, PCP client
11 be the client device for referring to support PCP.
Optionally, the PCP server 10 in the embodiment of the present invention can be firewall (FW, Firewall) equipment, have
The gateway or CGN equipment of nat feature.
Optionally, the PCP client 11 in the embodiment of the present invention can be user terminal, or home gateway.
Fig. 2 is the composition schematic diagram of the configuration system of Packet Filtering rule provided in an embodiment of the present invention.
Referring to fig. 2, the PCP server 10 in the configuration system includes Packet Filtering rule database 20, data packet mistake
Filter rule database 20 is used to save the Packet Filtering rule of PCP server generation.
The PCP server 10 further includes interface circuit 100, processor 101 and memory 102.Interface circuit 100 is used for
It is communicated with the PCP client 11 being connected with the PCP server 10, and and the ISP that is connected with the PCP server 10
Equipment 12 is communicated.Processor 101 is used to carry out respective handling to data packet filtering rules.Memory 102 is for storing number
According to library 20.
PCP client 11 in the configuration system includes interface circuit 110, processor 111 and memory 112.Interface
The PCP server 10 that circuit 110 is used for and is connected with the PCP client 11 is communicated.
Embodiment one
Fig. 3 is a kind of flow diagram of the configuration method of Packet Filtering rule provided in an embodiment of the present invention, this is matched
The method of setting can be applied in application scenarios shown in fig. 1 or fig. 2.
Referring to Fig. 3, which includes:
S100, PCP client send the life cycle for carrying filter operation code, the first PCP request message to PCP server
With the first PCP request message of the global network address information for the host being located in global network, wherein the first PCP request disappears
The life cycle of breath is greater than zero, and the source address information of the first PCP request message is the private network address information of PCP client.
Optionally, the private network address information of the PCP client in the embodiment of the present invention includes the privately owned of PCP client
Network Internet Protocol (IP, Internet Protocol) address information and end corresponding with private network IP address information
Message breath, the global network address information of the host in global network include the global network IP address information of the host with
And port information corresponding with global network IP address information.
Wherein, the life cycle of the first PCP request message is used to indicate the public affairs according to the host in the first PCP request message
Have the private network address information of network address information and PCP client generate Packet Filtering rule hold time or
Ageing time.It may refer to RFC6887 about being specifically defined for life cycle, no longer this be described in detail herein.
Specifically, the filter operation code in the embodiment of the present invention is used to request the global network of PCP server pair with host
The corresponding Packet Filtering rule of the private network address information of address information and PCP client is handled.
Operation code as defined in existing PCP only has MAP and PEER, both operation codes are only used for matching and exchange.This
PCP request message in inventive embodiments is in the content basis that PCP request message includes as defined in existing PCP, further
Filter operation code is increased, specifically the value of filter operation code can be 10, i.e. Opcode=10, as long as guaranteeing filter operation
The value of code is different from the value of existing operation code MAP and PEER.
In practical application, it can also include following that PCP client was sent, which includes the PCP request message of filter operation code,
Field:
It maps random number (Mapping Nonce), specially the random number of PCP client selection, for identification request
Uniqueness;
Agreement (Protocol), for indicating that PCP requests the agreement that can be supported, if the value of Protocol is zero, table
Any agreement can be supported by showing;
Internal port (Internal Port), for indicating the port of PCP client, if the value of Internal Port is
Zero, then it represents that all of the port of PCP client.
On this basis, which can also include several reserved (Reserved) fields.
About being specifically defined for Mapping Nonce, Protocol, Internal Port and Reserved, can refer to
RFC6887 is no longer described in detail herein.
Illustratively, table 1 show include in the embodiment of the present invention filter operation code PCP request message specific lattice
Formula.(byte label is eliminated in table 1) as shown in table 1, which includes above-mentioned all fields and several
Reserved field.
Table 1
It should be noted that the format of the PCP request message in the embodiment of the present invention shown in table 1, only of the invention
Format citing in embodiment.In practical applications, the position of the length of above-mentioned field and each field can be according to association
View, which is realized, needs flexible setting, will not enumerate herein.
For S101, PCP server according to the life cycle and filter operation code of the first PCP request message, generation includes master
The Packet Filtering rule of the private network address information of the global network address information and PCP client of machine.
When the life cycle of first PCP request message is greater than zero, PCP server is according to the life of the first PCP request message
Period and filter operation code, generation include the global network address information of host and the private network address of PCP client
The Packet Filtering rule of information.
Further, in the life cycle of the first PCP request message, the data packet mistake of its generation of PCP server by utilizing
Filter rule is filtered the target packet via PCP server, realizes the interception to malicious traffic stream.Wherein, target data
The source address information of packet is the global network address information of host, and the destination address information of target packet is PCP client
Private network address information.
Specifically, PCP server after receiving service message, judge the service message source address information whether and
The global network address information of host in the Packet Filtering rule of generation is identical, and judges the destination address letter of service message
Whether breath is identical with the private network address information of PCP client in generated Packet Filtering rule, if all the same,
Received service message is sent to PCP client by PCP server.
Illustratively, include in the first PCP request message that PCP server receives: filter operation code, PCP client
Private network IP address information be 1.1.1.1, the port of PCP client is 8000, the publicly-owned net of the host in global network
Network IP address information is 2.2.2.2, and the port of host is 5000, and life cycle is 5 minutes.PCP server is according to the first PCP
The Packet Filtering rule that request message generates are as follows: only allowing IP address information in global network is that the host of 2.2.2.2 passes through
It is 1.1.1.1 that 5000 this port, which access IP address in private network, and port is 8000 PCP client, the data packet mistake
The life cycle of filter rule is 5 minutes.PCP server only allows publicly-owned after generating Packet Filtering rule within 5 minutes
It is 1.1.1.1 that the host that IP address information is 2.2.2.2 in network, which accesses IP address in private network by 5000 this port,
And the PCP client that port is 8000, realize the interception to not expected business.
S102, PCP server send the first confirmation message to PCP client.
For PCP server according to the life cycle and filter operation code of the first PCP request message, generation includes the public affairs of host
After having the Packet Filtering rule of the private network address information of network address information and PCP client, sent out to PCP client
The first confirmation message is sent, so that PCP client knows that PCP server has generated the global network address letter comprising host
The Packet Filtering rule of the private network address information of breath and PCP client.
Further, PCP server generate include host global network address information and PCP client it is privately owned
After the Packet Filtering rule of network address information, it includes filter operation that PCP client can also be sent to PCP server
Code, life cycle are equal to the 2nd PCP request message of the global network address information of zero, above-mentioned host, and request PCP server is deleted
Except the private network of the global network address information and above-mentioned PCP client that include the above-mentioned host in global network
The Packet Filtering rule of address information.
Specifically, in conjunction with Fig. 3, as shown in figure 4, the configuration method of Packet Filtering provided in an embodiment of the present invention rule exists
After S102, further includes:
S103, PCP client send the life comprising the filter operation code, the 2nd PCP request message to PCP server
2nd PCP request message of the global network address information of period and the host, wherein the life of the 2nd PCP request message
Period is equal to zero, and the source address information of the 2nd PCP request message is the private network address information of PCP client.
The life cycle of 2nd PCP request message is zero, then illustrates that PCP client no longer carried out target packet
Filter, wherein the source address information of target packet is the global network address information of above-mentioned host, the destination of target packet
Location information is the private network address information of above-mentioned PCP client, that is to say, that includes the master in the 2nd PCP request message
The Packet Filtering rule of the private network address information of the global network address information and PCP client of machine fails, therefore,
PCP server is needed the Packet Filtering redundant rule elimination.
The deletion of S104, PCP server includes the global network address information and the PCP client of the host
The Packet Filtering rule of private network address information.
The address information phase for including with the first PCP request message due to the address information for including in the 2nd PCP request message
Together, therefore, even if the life cycle of the first PCP request message is not over, PCP server receive the 2nd PCP request disappear
After breath, it is also desirable to the Packet Filtering redundant rule elimination that will be generated according to the first PCP request message.
S105, PCP server send the second confirmation message to PCP client.
Further, PCP server generate include host global network address information and PCP client it is privately owned
After the Packet Filtering rule of network address information, determine that the life cycle of the first PCP request message terminates in PCP server
When, it includes the global network address information of host and the private network address information of PCP client that PCP server, which is deleted,
Packet Filtering rule.
It is understood that when PCP server generates Packet Filtering rule according to the first PCP request message, PCP service
Device starts timing, to guarantee to take using the Packet Filtering rule to via PCP in the life cycle of the first PCP request message
The target packet of business device is filtered.
Wherein, the method for PCP server timing can be timing of progressively increasing since 0 until arrival the in the embodiment of the present invention
The value of the life cycle of one PCP request message stops timing, or from the value of the life cycle of the first PCP request message
Start to successively decrease timing up to being 0, stops timing.
PCP server in the embodiment of the present invention, which is generated or deleted according to the filter operation code and life cycle received, to be wrapped
The Packet Filtering rule of the private network address information of global network address information and PCP client containing host, so as to
Dynamic interception is carried out to via the target packet of itself in PCP server, to improve the effect for intercepting protection.
Embodiment two
The embodiment of the present invention provides a kind of port control protocols PCP server 1, and the PCP server 1 is used for execution or more
Step performed by PCP server in method.The PCP server 1 may include module corresponding to corresponding steps.Such as figure
Shown in 5, which includes:
Receiving unit 50, for receiving the first PCP request message of the transmission of the PCP client in private network, described the
One PCP request message carries filter operation code, the life cycle of the first PCP request message and the master in global network
The global network address information of machine, the source address information of the first PCP request message are the private network of the PCP client
The life cycle of address information, the first PCP request message is greater than zero.
Processing unit 51, the Life Cycle of the first PCP request message for being received according to the receiving unit 50
Phase and the filter operation code, generation include the private of the global network address information and the PCP client of the host
There is the Packet Filtering rule of network address information, in order to which the PCP server is in the life of the first PCP request message
The target packet via the PCP server is filtered using the Packet Filtering rule in period, the target
The source address information of data packet is the global network address information of the host, and the destination address information of the target packet is
The private network address information of the PCP client.
Transmission unit 52, for sending the first confirmation message to the PCP client.
Further, the receiving unit 50 is also used to send first to the PCP client in the transmission unit 52
After confirmation message, the PCP client is sent second is received in the life cycle of the first PCP request message
PCP request message, the 2nd PCP request message carry the Life Cycle of the filter operation code, the 2nd PCP request message
Phase, the host global network address information, the source address information of the 2nd PCP request message is the PCP client
Private network address information, the life cycle of the 2nd PCP request message is equal to zero.
Further, the processing unit 51, be also used to delete include the host global network address information with
And the Packet Filtering rule of the private network address information of the PCP client.
Further, the transmission unit 52 is also used to send the second confirmation message to the PCP client.
Further, the processing unit 51 is also used to send second to the PCP client in the transmission unit 52
After confirmation message, determine that the life cycle of the first PCP request message terminates, then deleting includes the publicly-owned of the host
The Packet Filtering rule of the private network address information of network address information and the PCP client.
Optionally, the private network address information of the PCP client in the embodiment of the present invention includes the PCP client
The private network internet protocol address information at end and port information corresponding with the private network IP address information, are located at
The global network address information of host in global network include the host global network IP address information and with publicly-owned net
The corresponding port information of network IP address information.
It is understood that the PCP server 1 of the present embodiment only according to the PCP server 1 realize function carry out
Logical partitioning in practical application, can carry out the superposition or fractionation of said units.And the PCP server 1 that the embodiment provides
The configuration method for the Packet Filtering rule that the function and above-described embodiment one realized provide corresponds, which is taken
The more detailed process flow that business device 1 is realized, has been described in detail in above method embodiment one, herein no longer in detail
Description.
Another embodiment of the present invention provides a kind of PCP servers, as shown in fig. 6, the PCP server includes interface circuit
100, processor 101, memory 102 and system bus 103.
Wherein, pass through the system bus between the interface circuit 100, the processor 101 and the memory 102
103 connections, and complete communication each other.
PCP server shown in fig. 6 is identical as PCP server in Fig. 2, and system bus 103 is not shown in Fig. 2.
It will be understood by those skilled in the art that the structure of PCP server shown in fig. 6 is not the limit to PCP server
It is fixed, it may include perhaps combining certain components or different component layouts than illustrating more or fewer components.
Specifically, the PCP server executes data packet described in embodiment one when PCP server operation
The configuration method of filtering rule.The configuration method of specific Packet Filtering rule can be found in above-mentioned reality as shown in Figure 3 or Figure 4
The associated description in example is applied, details are not described herein again.
Specifically, interface circuit 100 is for realizing the PCP server respectively between PCP client and global network
Communication connection, wherein internet can be used in communication connection of the PCP server respectively between PCP client and global network,
Wide area network, local network, Metropolitan Area Network (MAN) etc..
Specifically, the memory 102 can be used for storing software program and application module, processor 101 passes through operation
It is stored in the software program and application module of memory 102, thereby executing the various function application and data of PCP server
Processing.Memory 102 can mainly include storing program area and storage data area, wherein storing program area can storage program area,
Application program needed at least one function (for example sending confirmation message function) etc.;Storage data area can store PCP server
Data (such as Packet Filtering rule database 20) of creation etc..
Wherein, the memory 102 may include volatile memory, such as high-speed random access memory (RAM,
Random Access Memory), the memory 102 also may include nonvolatile memory, for example, at least a disk
Memory device, flush memory device or other volatile solid-state parts.
Specifically, the processor 101 is the control centre of PCP server, it is entire using various interfaces and connection
The various pieces of PCP server, by running or executing the software program being stored in memory 102 and/or application module, with
And the data being stored in memory 102 are called, the various functions and processing data of PCP server are executed, to service PCP
Device carries out integral monitoring.
Wherein, processor 101 can be central processing unit (CPU, Central Processing Unit).The processing
Device 101 can also for other general processors, digital signal processor (DSP, Digital Signal Processing) or
Other programmable logic device or transistor logic, discrete hardware components etc..General processor can be microprocessor
Or the processor is also possible to any conventional processor etc..
The system bus 103 may include data/address bus, power bus, control bus and signal condition bus etc..This
For clear explanation in embodiment, various buses are all illustrated as system bus 103 in Fig. 6.
PCP server in the embodiment of the present invention, which is generated or deleted according to the filter operation code and life cycle received, to be wrapped
The Packet Filtering rule of the private network address information of global network address information and PCP client containing host, so as to
Dynamic interception is carried out to via the target packet of itself in PCP server, to improve the effect for intercepting protection.
Embodiment three
The embodiment of the present invention provides a kind of port control protocols PCP client 1, and the PCP client 1 is used for execution or more
Step performed by PCP client in method.The PCP client 1 may include module corresponding to corresponding steps.Such as figure
Shown in 7, which includes:
Transmission unit 60, for sending the first PCP request message to PCP server, the first PCP request message is carried
Filter operation code, the life cycle of the first PCP request message, host in global network global network address letter
Breath, the source address information of the first PCP request message are the private network address information of the PCP client, described first
The life cycle of PCP request message is greater than zero, and the first PCP request message is for requesting the PCP server according to
The generation of the life cycle of filter operation code and the first PCP request message includes the global network address information of the host
And the Packet Filtering rule of the private network address information of the PCP client.
Receiving unit 61, send for receiving that the PCP server sends in response to the transmission unit 60 described in
First confirmation message of the first PCP request message.
Further, the transmission unit 60 is also used to receive what the PCP server was sent in the receiving unit 61
After the first confirmation message of the first PCP request message, Xiang Suoshu PCP server sends the 2nd PCP request and disappears
Breath, the 2nd PCP request message carry the filter operation code, the life cycle of the 2nd PCP request message, the master
The global network address information of machine, the source address information of the 2nd PCP request message are the private network of the PCP client
Address information, the life cycle of the 2nd PCP request message are equal to zero, and the 2nd PCP request message is described for requesting
It includes the global network address information of the host and the private network address of the PCP client that PCP server, which is deleted,
The Packet Filtering rule of information.
Further, the receiving unit 61 is also used to receive the single in response to the transmission of the PCP server transmission
Second confirmation message of the 2nd PCP request message that member 60 is sent.
Optionally, the private network address information of the PCP client in the embodiment of the present invention includes the PCP client
The private network internet protocol address information at end and port information corresponding with the private network IP address information, are located at
The global network address information of host in global network include the host global network IP address information and with publicly-owned net
The corresponding port information of network IP address information.
It is understood that the PCP client 1 of the present embodiment only according to the PCP client 1 realize function carry out
Logical partitioning in practical application, can carry out the superposition or fractionation of said units.And the PCP client 1 that the embodiment provides
The configuration method for the Packet Filtering rule that the function and above-described embodiment one realized provide corresponds, for PCP visitor
The more detailed process flow that family end 1 is realized, has been described in detail in above method embodiment one, herein no longer in detail
Description.
Another embodiment of the present invention provides a kind of PCP clients, as shown in figure 8, the PCP client includes interface circuit
110, processor 111, memory 112 and system bus 113.
Wherein, pass through the system bus between the interface circuit 110, the processor 111 and the memory 112
113 connections, and complete communication each other.
PCP client shown in Fig. 8 is identical as PCP client in Fig. 2, and system bus 113 is not shown in Fig. 2.
It will be understood by those skilled in the art that the structure of PCP client shown in Fig. 8 is not the limit to PCP client
It is fixed, it may include perhaps combining certain components or different component layouts than illustrating more or fewer components.
Specifically, when PCP client operation, the embodiment of the PCP client executing as described in fig 3
Distribution public network address method.The method of specific distribution public network address can be found in above-mentioned embodiment as shown in Figure 3 or Figure 4
In associated description, details are not described herein again.
Specifically, interface circuit 110 is for realizing the communication connection between the PCP client and PCP server, the two it
Between communication internet, wide area network, local network, Metropolitan Area Network (MAN) etc. can be used.
Specifically, the memory 112 can be used for storing software program and application module, processor 111 passes through operation
It is stored in the software program and application module of memory 112, thereby executing the various function application and data of PCP client
Processing.Memory 112 can mainly include that the storing program area storing program area can be needed for storage program area, at least one function
Application program (for example send confirmation message function) etc..
Wherein, the memory 112 may include volatile memory, such as high-speed random access memory (RAM,
Random Access Memory), the memory 112 also may include nonvolatile memory, for example, at least a disk
Memory device, flush memory device or other volatile solid-state parts.
Specifically, the processor 111 is the control centre of PCP client, it is entire using various interfaces and connection
The various pieces of PCP client, by running or executing the software program being stored in memory 112 and/or application module, with
And the data being stored in memory 112 are called, the various functions and processing data of PCP client are executed, thus to PCP client
End carries out integral monitoring.
Wherein, processor 111 can be central processing unit (CPU, Central Processing Unit).The processing
Device 111 can also for other general processors, digital signal processor (DSP, Digital Signal Processing) or
Other programmable logic device or transistor logic, discrete hardware components etc..General processor can be microprocessor
Or the processor is also possible to any conventional processor etc..
The system bus 113 may include data/address bus, power bus, control bus and signal condition bus etc..This
For clear explanation in embodiment, various buses are all illustrated as system bus 113 in fig. 8.
PCP client in the embodiment of the present invention sends comprising filter operation code, life cycle and is located to PCP server
First PCP request message of the global network address information of the host in global network, for requesting PCP server according to filtering
It includes the global network address information of host and the private network address information of PCP client that operation code and life cycle, which generate,
Packet Filtering rule, in order to which PCP server can be according to the Packet Filtering rule of generation to via PCP server
Target packet is filtered, to improve the effect for intercepting protection.
Example IV
The embodiment of the present invention provides a kind of configuration system of Packet Filtering rule, which includes such as embodiment two
The PCP server and the PCP client as described in embodiment three, wherein lead between PCP server and PCP client
Cross network connection.
For the more detailed process flow that PCP server is realized, it has been described in detail in above-described embodiment two,
It is not described in detail herein.
For the more detailed process flow that PCP client is realized, it has been described in detail in above-described embodiment three,
It is not described in detail herein.
It is apparent to those skilled in the art that for convenience and simplicity of description, only with above-mentioned each function
The division progress of module can according to need and for example, in practical application by above-mentioned function distribution by different function moulds
Block is completed, i.e., the internal structure of device is divided into different functional modules, to complete all or part of function described above
Energy.The specific work process of the system, apparatus, and unit of foregoing description, can be with reference to corresponding in preceding method embodiment
Journey, details are not described herein.
In several embodiments provided herein, it should be understood that disclosed system, device and method can be with
It realizes by another way.For example, the apparatus embodiments described above are merely exemplary, for example, module or unit
Division, only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or group
Part can be combined or can be integrated into another system, or some features can be ignored or not executed.Another point, it is shown
Or the mutual coupling, direct-coupling or communication connection discussed can be through some interfaces, device or unit it is indirect
Coupling or communication connection can be electrical property, mechanical or other forms.
Unit may or may not be physically separated as illustrated by the separation member, shown as a unit
Component may or may not be physical unit, it can and it is in one place, or may be distributed over multiple networks
On unit.It can some or all of the units may be selected to achieve the purpose of the solution of this embodiment according to the actual needs.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of software functional units.
Those of ordinary skill in the art will appreciate that: realize that all or part of the steps of above method embodiment can pass through
The relevant hardware of program instruction is completed, and program above-mentioned can be stored in a computer readable storage medium, the program
When being executed, step including the steps of the foregoing method embodiments is executed;And storage medium above-mentioned includes: ROM, RAM, magnetic disk or light
The various media that can store program code such as disk.
Although the alternative embodiment of the application has been described, created once a person skilled in the art knows basic
Property concept, then additional changes and modifications can be made to these embodiments.So the following claims are intended to be interpreted as include can
It selects embodiment and falls into all change and modification of the application range.
Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the art
Mind and range.In this way, if these modifications and changes of the present invention belongs to the range of the claims in the present invention and its equivalent technologies
Within, then the present invention is also intended to include these modifications and variations.
Claims (11)
1. a kind of configuration method of Packet Filtering rule characterized by comprising
Port control protocols PCP server receives the first PCP request message that the PCP client in private network is sent, described
First PCP request message carries filter operation code, the life cycle of the first PCP request message and in global network
The global network address information of host, the source address information of the first PCP request message are the privately owned net of the PCP client
Network address information, the life cycle of the first PCP request message are greater than zero, the filter operation code for request to it is described
The corresponding Packet Filtering rule of the private network address information of global network address information and the PCP client carries out
Processing, the life cycle of the first PCP request message is for indicating according to the global network address information and the PCP
The Packet Filtering rule that the private network address information of client generates hold time or ageing time;
Life cycle and the filter operation code of the PCP server according to the first PCP request message, generation include described
The Packet Filtering rule of the private network address information of the global network address information of host and the PCP client, with
Utilize the Packet Filtering rule to warp in the life cycle of the first PCP request message convenient for the PCP server
It is filtered by the target packet of the PCP server, the source address information of the target packet is the public affairs of the host
There is network address information, the destination address information of the target packet is the private network address information of the PCP client;
The PCP server sends the first confirmation message to the PCP client.
2. configuration method according to claim 1, which is characterized in that the PCP server is sent to the PCP client
After first confirmation message, the configuration method further include:
In the life cycle of the first PCP request message, the PCP server receives what the PCP client was sent
2nd PCP request message, the 2nd PCP request message carry the life of the filter operation code, the 2nd PCP request message
The global network address information in period and the host is ordered, the source address information of the 2nd PCP request message is the PCP visitor
The life cycle of the private network address information at family end, the 2nd PCP request message is equal to zero;
The PCP server delete include the host global network address information and the PCP client it is privately owned
The Packet Filtering rule of network address information;
The PCP server sends the second confirmation message to the PCP client.
3. configuration method according to claim 1 or 2, which is characterized in that the PCP server is to the PCP client
After sending the first confirmation message, the configuration method further include:
Determine that the life cycle of the first PCP request message terminates, it includes the host that the PCP server, which is then deleted,
The Packet Filtering rule of the private network address information of global network address information and the PCP client.
4. a kind of configuration method of Packet Filtering rule characterized by comprising
Port control protocols PCP client sends the first PCP request message to PCP server, and the first PCP request message is taken
Global network with filter operation code, the life cycle of the first PCP request message and the host in global network
Location information, the source address information of the first PCP request message is the private network address information of the PCP client, described
The life cycle of first PCP request message be greater than zero, the first PCP request message for request the PCP server according to
The generation of the life cycle of the filter operation code and the first PCP request message includes the global network address of the host
The Packet Filtering rule of the private network address information of information and the PCP client, the filter operation code is for asking
It asks and the Packet Filtering rule is handled, the life cycle of the first PCP request message is for indicating the data
Packet filtering rules hold time or ageing time;
The PCP client receives the first confirmation in response to the first PCP request message that the PCP server is sent and disappears
Breath.
5. configuration method according to claim 4, which is characterized in that the PCP client receives the PCP server hair
After the first confirmation message in response to the first PCP request message sent, the configuration method further include:
The PCP client sends the 2nd PCP request message to the PCP server, and the 2nd PCP request message carries institute
State the global network address information of filter operation code, the life cycle of the 2nd PCP request message and the host, described
The source address information of two PCP request messages is the private network address information of the PCP client, and the 2nd PCP request disappears
The life cycle of breath is equal to zero, and the 2nd PCP request message includes the host for requesting the PCP server deletion
Global network address information and the PCP client private network address information Packet Filtering rule;
The PCP client receives the second confirmation in response to the 2nd PCP request message that the PCP server is sent and disappears
Breath.
6. a kind of port control protocols PCP server characterized by comprising
Receiving unit, for receiving the first PCP request message of the transmission of the PCP client in private network, the first PCP is asked
Message is asked to carry filter operation code, the life cycle of the first PCP request message and the public affairs of the host in global network
There is network address information, the source address information of the first PCP request message is that the private network address of the PCP client is believed
Breath, the life cycle of the first PCP request message are greater than zero, the filter operation code for request to the global network
The corresponding Packet Filtering rule of the private network address information of address information and the PCP client is handled, institute
The life cycle of the first PCP request message is stated for indicating according to the global network address information and the PCP client
Private network address information generate Packet Filtering rule hold time or ageing time;
Processing unit, the life cycle of the first PCP request message for being received according to the receiving unit and described
Filter operation code, generation include the global network address information of the host and the private network of the PCP client
The Packet Filtering rule of location information, in order to which the PCP server is sharp in the life cycle of the first PCP request message
The target packet via the PCP server is filtered with the Packet Filtering rule, the target packet
Source address information is the global network address information of the host, and the destination address information of the target packet is the PCP
The private network address information of client;
Transmission unit, for sending the first confirmation message to the PCP client.
7. PCP server according to claim 6, which is characterized in that
The receiving unit is also used to after the transmission unit sends the first confirmation message to the PCP client, in institute
It states and receives the 2nd PCP request message that the PCP client is sent in the life cycle of the first PCP request message, described the
Two PCP request messages carry the publicly-owned of the filter operation code, the life cycle of the 2nd PCP request message and the host
Network address information, the source address information of the 2nd PCP request message are that the private network address of the PCP client is believed
The life cycle of breath, the 2nd PCP request message is equal to zero;
The processing unit is also used to global network address information and the PCP client that deletion includes the host
Private network address information Packet Filtering rule;
The transmission unit is also used to send the second confirmation message to the PCP client.
8. PCP server according to claim 6 or 7, which is characterized in that
The processing unit is also used to after the transmission unit sends the second confirmation message to the PCP client, is determined
The life cycle of the first PCP request message terminates, then delete include the host global network address information and
The Packet Filtering rule of the private network address information of the PCP client.
9. a kind of port control protocols PCP client characterized by comprising
Transmission unit, for sending the first PCP request message to PCP server, the first PCP request message carries filtering behaviour
Make the global network address information of code, the life cycle of the first PCP request message and the host in global network, institute
The source address information for stating the first PCP request message is the private network address information of the PCP client, and the first PCP is asked
The life cycle of message is asked to be greater than zero, the first PCP request message is for requesting the PCP server to be grasped according to the filtering
The life cycle for making code and the first PCP request message generate include the host global network address information and institute
The Packet Filtering rule of the private network address information of PCP client is stated, the filter operation code is for requesting to the number
It is handled according to packet filtering rules, the life cycle of the first PCP request message is for indicating the Packet Filtering rule
Hold time or ageing time;
Receiving unit is asked for receiving the first PCP sent in response to the transmission unit that the PCP server is sent
Seek the first confirmation message of message.
10. PCP client according to claim 9, which is characterized in that
The transmission unit, be also used to the receiving unit receive that the PCP server sends in response to the first PCP
After first confirmation message of request message, Xiang Suoshu PCP server sends the 2nd PCP request message, the 2nd PCP request
Message carries the global network address of the filter operation code, the life cycle of the 2nd PCP request message and the host
Information, the source address information of the 2nd PCP request message are the private network address information of the PCP client, described the
The life cycle of two PCP request messages is equal to zero, and the 2nd PCP request message is for requesting the PCP server to delete packet
The Packet Filtering of the private network address information of global network address information containing the host and the PCP client
Rule;
The receiving unit, be also used to receive the PCP server sends sent in response to the transmission unit described the
Second confirmation message of two PCP request messages.
11. a kind of configuration system of Packet Filtering rule, which is characterized in that including any one in such as the claims 6-8
PCP server described in and the PCP client as described in any one of the claims 9-10, wherein the PCP
It is communicated between client and the PCP server by network.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510946745.1A CN106888198B (en) | 2015-12-16 | 2015-12-16 | A kind of configuration method of Packet Filtering rule, apparatus and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510946745.1A CN106888198B (en) | 2015-12-16 | 2015-12-16 | A kind of configuration method of Packet Filtering rule, apparatus and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106888198A CN106888198A (en) | 2017-06-23 |
CN106888198B true CN106888198B (en) | 2019-08-20 |
Family
ID=59175559
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510946745.1A Active CN106888198B (en) | 2015-12-16 | 2015-12-16 | A kind of configuration method of Packet Filtering rule, apparatus and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106888198B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108809766A (en) * | 2018-06-22 | 2018-11-13 | 北京奇艺世纪科技有限公司 | A kind of method, apparatus and system obtaining RTT |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102647483A (en) * | 2012-03-31 | 2012-08-22 | 中兴通讯股份有限公司 | Method for obtaining network address translation (NAT) types, peer-to-peer (P2P) endpoint entity and NAT entity |
CN103503413A (en) * | 2012-12-28 | 2014-01-08 | 华为技术有限公司 | Method and device for transmitting network information |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10320676B2 (en) * | 2014-02-28 | 2019-06-11 | Cisco Technology, Inc. | Smarter policy decisions based on metadata in data flows |
-
2015
- 2015-12-16 CN CN201510946745.1A patent/CN106888198B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102647483A (en) * | 2012-03-31 | 2012-08-22 | 中兴通讯股份有限公司 | Method for obtaining network address translation (NAT) types, peer-to-peer (P2P) endpoint entity and NAT entity |
CN103503413A (en) * | 2012-12-28 | 2014-01-08 | 华为技术有限公司 | Method and device for transmitting network information |
Non-Patent Citations (1)
Title |
---|
Port Control Protocol (PCP);Wing, et al.;《IETF RFC6887》;20130430;全文 |
Also Published As
Publication number | Publication date |
---|---|
CN106888198A (en) | 2017-06-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111066301B (en) | Method, system and storage medium for enforcing a unified global policy | |
US11563681B2 (en) | Managing communications using alternative packet addressing | |
CN103580980B (en) | The method and device thereof that virtual network finds and automatically configures automatically | |
US8396946B1 (en) | Managing integration of external nodes into provided computer networks | |
CN108287723B (en) | Application interaction method and device, physical machine and system | |
US8683023B1 (en) | Managing communications involving external nodes of provided computer networks | |
US10771309B1 (en) | Border gateway protocol routing configuration | |
CN107800743B (en) | Cloud desktop system, cloud management system and related equipment | |
CN104718723A (en) | A framework for networking and security services in virtual networks | |
US10178068B2 (en) | Translating network attributes of packets in a multi-tenant environment | |
CN108377199B (en) | Method, system, and medium for establishing end-to-end connections in a data center infrastructure | |
US10237235B1 (en) | System for network address translation | |
TW201541919A (en) | Scalable address resolution | |
CN109194525A (en) | A kind of network node configuration method and management node | |
CN112564994B (en) | Flow monitoring method and device, cloud server and storage medium | |
CN114070723A (en) | Virtual network configuration method and system of bare metal server and intelligent network card | |
CN115189920A (en) | Cross-network domain communication method and related device | |
US8612602B2 (en) | Automatic generation of reusable network configuration objects | |
EP3618407B1 (en) | Method for implementing three-layer communication | |
CN106888198B (en) | A kind of configuration method of Packet Filtering rule, apparatus and system | |
CN111158864B (en) | Data processing method, device, system, medium, and program | |
US8737413B2 (en) | Relay server and relay communication system | |
KR20190110719A (en) | Apparatus and method for concealing network | |
CN107070725A (en) | A kind of method that server two-level management intermodule communication is shaken hands | |
EP2788869A1 (en) | Hybrid virtual computing environments |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |