CN106888198B - A kind of configuration method of Packet Filtering rule, apparatus and system - Google Patents

A kind of configuration method of Packet Filtering rule, apparatus and system Download PDF

Info

Publication number
CN106888198B
CN106888198B CN201510946745.1A CN201510946745A CN106888198B CN 106888198 B CN106888198 B CN 106888198B CN 201510946745 A CN201510946745 A CN 201510946745A CN 106888198 B CN106888198 B CN 106888198B
Authority
CN
China
Prior art keywords
pcp
address information
request message
client
network address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510946745.1A
Other languages
Chinese (zh)
Other versions
CN106888198A (en
Inventor
张展
樊辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201510946745.1A priority Critical patent/CN106888198B/en
Publication of CN106888198A publication Critical patent/CN106888198A/en
Application granted granted Critical
Publication of CN106888198B publication Critical patent/CN106888198B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the present invention provides a kind of configuration method of Packet Filtering rule, apparatus and system, is related to field of communication technology, can dynamic configuration data packet filtering rules, thus improve intercept protection effect.This method comprises: PCP server receives the first PCP request message that the PCP client in private network is sent, first PCP request message carries filter operation code, the life cycle of the first PCP request message and the global network address information of the host in global network, the life cycle of first PCP request message is greater than zero, and the source address information of the first PCP request message is the private network address information of PCP client;For PCP server according to the life cycle and filter operation code of the first PCP request message, generation includes the Packet Filtering rule of the global network address information of host and the private network address information of PCP client;PCP server sends the first confirmation message to PCP client.

Description

A kind of configuration method of Packet Filtering rule, apparatus and system
Technical field
The present invention relates to the configuration method of field of communication technology more particularly to a kind of Packet Filtering rule, device and it is System.
Background technique
The port control protocols (PCP, Port Control Protocol) of RFC6887 description define Internet protocol Fourth edition (IPV4, Internet Protocol Version 4)/Internet protocol sixth version (IPV6, Internet Protocol Version 6) a kind of new network address translation (NAT, Network Address in network Translation) mechanism changes gateway or carrier-class NAT (CGN, Carrier in the past with nat feature Grade NAT), firewall etc. during executing nat feature, for the host in private network hardly known to can not The situation of control can be completed NAT conversion by the host initiative NAT gateway equipment in private network and inform NAT gateway Equipment this how to complete NAT conversion.
Host in private network passes through PCP as PCP client and the NAT gateway equipment with PCP server capability Message negotiates the private network address of creation PCP client and the mapping relations of global network address, is based on above-mentioned mapping relations Can realize PCP client to other hosts or global network in global network other hosts to PCP client industry Business interaction.
PCP message between PCP client and PCP server utilizes User Datagram Protocol (UDP, User Datagram Protocol it) carries, is a kind of stateless negotiations process.PCP message mainly include PCP client send request message with And the response message that PCP server is replied.
The negotiation mode that RFC6887 defines MAP (matching) operation code is primarily adapted for use in the host conduct in private network Server provides the application scenarios of service for the host in global network.
PCP server in addition to be able to carry out network address translation (NAT, Network Address Translation) with Outside, it is also used as safety equipment, such as firewall box, plays security protection.PCP server as safety equipment Packet Filtering rule can be generally provided, the Packet Filtering rule of its storage of PCP server by utilizing can forbid certain business Access intercepts malice or non-essential flowing of access.
The Packet Filtering rule of existing PCP server storage is preconfigured by equipment manager, and is grasped in MAP Make under the negotiation mode of code, for the business initiated by the host in global network, equipment manager can not obtain in advance Know global network address information used in the host in global network, therefore, equipment manager can not configure and the type industry It is engaged in corresponding Packet Filtering rule, certain not expected industry can not be forbidden so as to cause existing PCP server Business access, it is poor so as to cause the effect for intercepting protection.
Summary of the invention
The embodiment of the present invention provides a kind of configuration of Packet Filtering rule, apparatus and system, being capable of dynamic configuration number According to packet filtering rules, to improve the effect for intercepting protection.
In order to achieve the above objectives, the embodiment of the present invention adopts the following technical scheme that
The embodiment of the present invention provides a kind of configuration method of Packet Filtering rule, comprising: port control protocols PCP service Device receives the carrying filter operation code of PCP client transmission, the life cycle of the first PCP request message and in global network Host global network address information the first PCP request message, the life cycle of the first PCP request message is greater than Zero, the source address information of the first PCP request message is the private network address information of the PCP client;Then, described Life cycle and the filter operation code of the PCP server according to the first PCP request message, generation includes the public affairs of the host There is the Packet Filtering rule of the private network address information of network address information and the PCP client, in order to described PCP server is in the life cycle of the first PCP request message using the Packet Filtering rule to via the PCP The target packet of server is filtered, wherein the source address information of target packet is the global network of the host Location information, the destination address information of the target packet is the private network address information of the PCP client, finally, institute It states PCP server and sends the first confirmation message to the PCP client.
PCP request message in the embodiment of the present invention is in the content that PCP request message includes as defined in existing PCP, Filter operation code is increased, the filter operation code is for requesting PCP server to carry out respective handling to data packet filtering rules. Can include life cycle in PCP request message, the life cycle be used to indicate include host in the request publicly-owned net The Packet Filtering rule maintained time of the private network address information of network address information and PCP client.PCP service Device receive include filter operation code, the life cycle greater than zero and the host in global network global network After first PCP request message of address information, according to the life cycle and filter operation code, generation includes the publicly-owned net of host The Packet Filtering rule of the private network address information of network address information and PCP client, so that PCP server exists Using Packet Filtering rule to the target packet progress via PCP server in the life cycle of first PCP request message Filtering, plays safety protection function.
Further, after the PCP server sends the first confirmation message to the PCP client, the configuration Method further include: in the life cycle of the first PCP request message, the PCP server receives the PCP client The global network address letter of the carrying filter operation code of transmission, the life cycle of the 2nd PCP request message and the host The life cycle of 2nd PCP request message of breath, the 2nd PCP request message is equal to zero, the 2nd PCP request message Source address information is the private network address information of the PCP client;Then, the PCP server deletion includes described The Packet Filtering rule of the private network address information of the global network address information of host and the PCP client is to institute It states PCP client and sends the second confirmation message.
Further, after the PCP server sends the first confirmation message to the PCP client, the configuration Method further include: determine that the life cycle of the first PCP request message terminates, the PCP server is then deleted comprising State the Packet Filtering rule of the global network address information of host and the private network address information of the PCP client.
It is understood that the life cycle of the first PCP request message terminates to mean according to the life of the first PCP request message At include the host global network address information and the PCP client private network address information data Packet filtering rules failure, the deletion of PCP server include the global network address information and the PCP client of the host Private network address information Packet Filtering rule, it can be ensured that resource is rationally discharged.
Another embodiment of the present invention provides a kind of configuration methods of Packet Filtering rule, comprising: port control protocols PCP Client is sent to PCP server carries filter operation code, the life cycle of the first PCP request message and in global network Host global network address information the first PCP request message, the life cycle of the first PCP request message is greater than Zero, the source address information of the first PCP request message is the private network address information of the PCP client, described first PCP request message is for requesting the PCP server according to the life of the filter operation code and the first PCP request message It includes the global network address information of the host and the private network address information of the PCP client that period, which generates, Packet Filtering rule;The global network address information for including the host and the PCP client are generated in PCP server After the Packet Filtering rule of the private network address information at end, the PCP client receive that the PCP server sends the One confirmation message.
PCP client in the embodiment of the present invention sends the first PCP request message to PCP server according to business demand, For requesting PCP server according to the life cycle of filter operation code and the first PCP request message in the first PCP request message Generation includes the global network address information of the host in global network and the private network of the PCP client The Packet Filtering rule of location information, in order to which PCP server can be according to the Packet Filtering rule of generation to from being located at The target packet of host in global network is filtered, to improve the effect for intercepting protection.
Further, described after the first confirmation message that the PCP client receives that the PCP server is sent Configuration method further include: the PCP client is sent to the PCP server carries the filter operation code, the 2nd PCP request 2nd PCP request message of the life cycle of message and the global network address information of the host, the 2nd PCP request disappear The life cycle of breath is equal to zero, and the 2nd PCP request message includes the host for requesting the PCP server deletion Global network address information and the PCP client private network address information Packet Filtering rule;It is taken in PCP It includes the global network address information of the host and the private network address information of the PCP client that business device, which is deleted, After Packet Filtering rule, the PCP client receives the second confirmation message that the PCP server is sent.
The embodiment of the present invention provides a kind of port control protocols PCP server, comprising: receiving unit, processing unit and hair Send unit.
Specifically, the function that each unit module provided in an embodiment of the present invention is realized is specific as follows:
Receiving unit, the first PCP request message sent for receiving the PCP client in private network, described first PCP request message carries filter operation code, the life cycle of the first PCP request message and the host in global network Global network address information, the source address information of the first PCP request message is the private network of the PCP client The life cycle of location information, the first PCP request message is greater than zero;
Processing unit, the life cycle of the first PCP request message for being received according to the receiving unit and The filter operation code, generation include the global network address information of the host and the privately owned net of the PCP client The Packet Filtering rule of network address information, in order to which the PCP server is in the life cycle of the first PCP request message It is interior that the target packet via the PCP server is filtered using the Packet Filtering rule, the target data The source address information of packet is the global network address information of the host, and the destination address information of the target packet is described The private network address information of PCP client;
Transmission unit, for sending the first confirmation message to the PCP client.
The technical effect of PCP server provided in an embodiment of the present invention may refer to PCP server in above-described embodiment and hold The technical effect of PCP server described in the configuration method of capable Packet Filtering rule, details are not described herein again.
Further, the receiving unit is also used to send the first confirmation to the PCP client in the transmission unit After message, the 2nd PCP that the PCP client is sent is received in the life cycle of the first PCP request message and is asked Seek message, the 2nd PCP request message carry the filter operation code, the 2nd PCP request message life cycle and The global network address information of the host, the source address information of the 2nd PCP request message are the private of the PCP client There is network address information, the life cycle of the 2nd PCP request message is equal to zero.
Further, the processing unit, be also used to delete include the host global network address information and The Packet Filtering rule of the private network address information of the PCP client.
Further, the transmission unit is also used to send the second confirmation message to the PCP client.
Further, the processing unit is also used to send the second confirmation to the PCP client in the transmission unit After message, determine that the life cycle of the first PCP request message terminates, then deletion includes the global network of the host The Packet Filtering rule of the private network address information of address information and the PCP client.
Another embodiment of the present invention provides a kind of port control protocols PCP clients, including transmission unit and receiving unit.
Specifically, the function that each unit module provided in an embodiment of the present invention is realized is specific as follows:
Transmission unit, for sending the first PCP request message to PCP server, the first PCP request message was carried Filter the global network address letter of operation code, the life cycle of the first PCP request message and the host in global network Breath, the source address information of the first PCP request message are the private network address information of the PCP client, described first The life cycle of PCP request message is greater than zero, and the first PCP request message is for requesting the PCP server according to The generation of the life cycle of filter operation code and the first PCP request message includes the global network address information of the host And the Packet Filtering rule of the private network address information of the PCP client.
Receiving unit, described first sent in response to the transmission unit sent for receiving the PCP server First confirmation message of PCP request message.
The technical effect of PCP client provided in an embodiment of the present invention may refer to PCP client in above-described embodiment and hold The technical effect of PCP client described in the configuration method of capable Packet Filtering rule, details are not described herein again.
Further, the transmission unit is also used to receive the response that the PCP server is sent in the receiving unit After the first confirmation message of the first PCP request message, Xiang Suoshu PCP server sends the 2nd PCP request message, institute It states the 2nd PCP request message and carries the filter operation code, the life cycle of the 2nd PCP request message and the host Global network address information, the source address information of the 2nd PCP request message are the private network address of the PCP client Information, the life cycle of the 2nd PCP request message are equal to zero, and the 2nd PCP request message is for requesting the PCP to take It includes the global network address information of the host and the private network address information of the PCP client that business device, which is deleted, Packet Filtering rule.
Further, the receiving unit, is also used to receive that the PCP server sends in response to the transmission unit Second confirmation message of the 2nd PCP request message sent.
Another embodiment of the present invention provides a kind of configuration systems of Packet Filtering rule, including such as above-mentioned any one institute The PCP server stated and the PCP client as described in above-mentioned any one, wherein the PCP client and the PCP take Pass through network connection between business device.
The technical effect of network system provided in an embodiment of the present invention may refer to PCP server in above-described embodiment and execute Packet Filtering rule configuration method described in PCP server technical effect and above-described embodiment in PCP client The technical effect of PCP client described in the configuration method of the Packet Filtering rule of execution, details are not described herein again.
Optionally, the private network address information of PCP client described in any one above-mentioned embodiment includes the PCP The private network internet protocol address information of client and port information corresponding with the private network IP address information, The global network address information of the host in the global network include the global network IP address information of the host with And port information corresponding with the global network IP address information.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention.
Fig. 1 is the structural schematic diagram one of the configuration system of Packet Filtering rule provided in an embodiment of the present invention;
Fig. 2 is the composition schematic diagram of the configuration system of Packet Filtering rule provided in an embodiment of the present invention;
Fig. 3 is the flow diagram one of configuration method provided in an embodiment of the present invention;
Fig. 4 is the flow diagram two of configuration method provided in an embodiment of the present invention;
Fig. 5 is the structural schematic diagram one of PCP server provided in an embodiment of the present invention;
Fig. 6 is the structural schematic diagram two of PCP server provided in an embodiment of the present invention;
Fig. 7 is the structural schematic diagram one of PCP client provided in an embodiment of the present invention;
Fig. 8 is the structural schematic diagram two of PCP client provided in an embodiment of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention is clearly retouched It states.
Description and claims of this specification and term " first ", " second ", " third " and " in above-mentioned attached drawing Four " etc. be for distinguishing different objects, rather than for limiting particular order.In addition, term " includes " and " having " and it Any deformation, it is intended that cover and non-exclusive include.Such as it contains the process, method of a series of steps or units, be System, product or equipment are not limited to listed step or unit, but optionally further comprising the step of not listing or list Member, or optionally further comprising other step or units intrinsic for these process, methods, product or equipment.
In being described below, for illustration and not for limitation, propose such as specific system structure, interface, technology it The detail of class understands the present invention to cut thoroughly.However, it will be clear to one skilled in the art that there is no these specific The present invention also may be implemented in the other embodiments of details.In other situations, omit to well-known device, circuit and The detailed description of method, in case unnecessary details interferes description of the invention.
In addition, the terms "and/or", only a kind of incidence relation for describing affiliated partner, indicates may exist Three kinds of relationships, for example, A and/or B, can indicate: individualism A exists simultaneously A and B, these three situations of individualism B.Separately Outside, character "/" herein typicallys represent the relationship that forward-backward correlation object is a kind of "or".
Fig. 1 is the structural schematic diagram of the configuration system of Packet Filtering rule provided in an embodiment of the present invention.Referring to Fig. 1, The configuration system includes PCP server 10, one or more PCP client 11 connecting with PCP server 10, and one or more A Internet Service Provider (ISP, Internet Service Provider) equipment 12 being connect with PCP server 10. PCP client 11 belongs to private network 1, and ISP equipment 12 belongs to global network 2, and PCP server 10 is located at private network 1 With the interface of global network 2.Wherein, private network can be the local area network of enterprise, and global network can be internet.It is privately owned Network is connected to global network by the access device with nat feature.
Wherein, the PCP server 10 in the embodiment of the present invention is the server device for referring to support PCP, PCP client 11 be the client device for referring to support PCP.
Optionally, the PCP server 10 in the embodiment of the present invention can be firewall (FW, Firewall) equipment, have The gateway or CGN equipment of nat feature.
Optionally, the PCP client 11 in the embodiment of the present invention can be user terminal, or home gateway.
Fig. 2 is the composition schematic diagram of the configuration system of Packet Filtering rule provided in an embodiment of the present invention.
Referring to fig. 2, the PCP server 10 in the configuration system includes Packet Filtering rule database 20, data packet mistake Filter rule database 20 is used to save the Packet Filtering rule of PCP server generation.
The PCP server 10 further includes interface circuit 100, processor 101 and memory 102.Interface circuit 100 is used for It is communicated with the PCP client 11 being connected with the PCP server 10, and and the ISP that is connected with the PCP server 10 Equipment 12 is communicated.Processor 101 is used to carry out respective handling to data packet filtering rules.Memory 102 is for storing number According to library 20.
PCP client 11 in the configuration system includes interface circuit 110, processor 111 and memory 112.Interface The PCP server 10 that circuit 110 is used for and is connected with the PCP client 11 is communicated.
Embodiment one
Fig. 3 is a kind of flow diagram of the configuration method of Packet Filtering rule provided in an embodiment of the present invention, this is matched The method of setting can be applied in application scenarios shown in fig. 1 or fig. 2.
Referring to Fig. 3, which includes:
S100, PCP client send the life cycle for carrying filter operation code, the first PCP request message to PCP server With the first PCP request message of the global network address information for the host being located in global network, wherein the first PCP request disappears The life cycle of breath is greater than zero, and the source address information of the first PCP request message is the private network address information of PCP client.
Optionally, the private network address information of the PCP client in the embodiment of the present invention includes the privately owned of PCP client Network Internet Protocol (IP, Internet Protocol) address information and end corresponding with private network IP address information Message breath, the global network address information of the host in global network include the global network IP address information of the host with And port information corresponding with global network IP address information.
Wherein, the life cycle of the first PCP request message is used to indicate the public affairs according to the host in the first PCP request message Have the private network address information of network address information and PCP client generate Packet Filtering rule hold time or Ageing time.It may refer to RFC6887 about being specifically defined for life cycle, no longer this be described in detail herein.
Specifically, the filter operation code in the embodiment of the present invention is used to request the global network of PCP server pair with host The corresponding Packet Filtering rule of the private network address information of address information and PCP client is handled.
Operation code as defined in existing PCP only has MAP and PEER, both operation codes are only used for matching and exchange.This PCP request message in inventive embodiments is in the content basis that PCP request message includes as defined in existing PCP, further Filter operation code is increased, specifically the value of filter operation code can be 10, i.e. Opcode=10, as long as guaranteeing filter operation The value of code is different from the value of existing operation code MAP and PEER.
In practical application, it can also include following that PCP client was sent, which includes the PCP request message of filter operation code, Field:
It maps random number (Mapping Nonce), specially the random number of PCP client selection, for identification request Uniqueness;
Agreement (Protocol), for indicating that PCP requests the agreement that can be supported, if the value of Protocol is zero, table Any agreement can be supported by showing;
Internal port (Internal Port), for indicating the port of PCP client, if the value of Internal Port is Zero, then it represents that all of the port of PCP client.
On this basis, which can also include several reserved (Reserved) fields.
About being specifically defined for Mapping Nonce, Protocol, Internal Port and Reserved, can refer to RFC6887 is no longer described in detail herein.
Illustratively, table 1 show include in the embodiment of the present invention filter operation code PCP request message specific lattice Formula.(byte label is eliminated in table 1) as shown in table 1, which includes above-mentioned all fields and several Reserved field.
Table 1
It should be noted that the format of the PCP request message in the embodiment of the present invention shown in table 1, only of the invention Format citing in embodiment.In practical applications, the position of the length of above-mentioned field and each field can be according to association View, which is realized, needs flexible setting, will not enumerate herein.
For S101, PCP server according to the life cycle and filter operation code of the first PCP request message, generation includes master The Packet Filtering rule of the private network address information of the global network address information and PCP client of machine.
When the life cycle of first PCP request message is greater than zero, PCP server is according to the life of the first PCP request message Period and filter operation code, generation include the global network address information of host and the private network address of PCP client The Packet Filtering rule of information.
Further, in the life cycle of the first PCP request message, the data packet mistake of its generation of PCP server by utilizing Filter rule is filtered the target packet via PCP server, realizes the interception to malicious traffic stream.Wherein, target data The source address information of packet is the global network address information of host, and the destination address information of target packet is PCP client Private network address information.
Specifically, PCP server after receiving service message, judge the service message source address information whether and The global network address information of host in the Packet Filtering rule of generation is identical, and judges the destination address letter of service message Whether breath is identical with the private network address information of PCP client in generated Packet Filtering rule, if all the same, Received service message is sent to PCP client by PCP server.
Illustratively, include in the first PCP request message that PCP server receives: filter operation code, PCP client Private network IP address information be 1.1.1.1, the port of PCP client is 8000, the publicly-owned net of the host in global network Network IP address information is 2.2.2.2, and the port of host is 5000, and life cycle is 5 minutes.PCP server is according to the first PCP The Packet Filtering rule that request message generates are as follows: only allowing IP address information in global network is that the host of 2.2.2.2 passes through It is 1.1.1.1 that 5000 this port, which access IP address in private network, and port is 8000 PCP client, the data packet mistake The life cycle of filter rule is 5 minutes.PCP server only allows publicly-owned after generating Packet Filtering rule within 5 minutes It is 1.1.1.1 that the host that IP address information is 2.2.2.2 in network, which accesses IP address in private network by 5000 this port, And the PCP client that port is 8000, realize the interception to not expected business.
S102, PCP server send the first confirmation message to PCP client.
For PCP server according to the life cycle and filter operation code of the first PCP request message, generation includes the public affairs of host After having the Packet Filtering rule of the private network address information of network address information and PCP client, sent out to PCP client The first confirmation message is sent, so that PCP client knows that PCP server has generated the global network address letter comprising host The Packet Filtering rule of the private network address information of breath and PCP client.
Further, PCP server generate include host global network address information and PCP client it is privately owned After the Packet Filtering rule of network address information, it includes filter operation that PCP client can also be sent to PCP server Code, life cycle are equal to the 2nd PCP request message of the global network address information of zero, above-mentioned host, and request PCP server is deleted Except the private network of the global network address information and above-mentioned PCP client that include the above-mentioned host in global network The Packet Filtering rule of address information.
Specifically, in conjunction with Fig. 3, as shown in figure 4, the configuration method of Packet Filtering provided in an embodiment of the present invention rule exists After S102, further includes:
S103, PCP client send the life comprising the filter operation code, the 2nd PCP request message to PCP server 2nd PCP request message of the global network address information of period and the host, wherein the life of the 2nd PCP request message Period is equal to zero, and the source address information of the 2nd PCP request message is the private network address information of PCP client.
The life cycle of 2nd PCP request message is zero, then illustrates that PCP client no longer carried out target packet Filter, wherein the source address information of target packet is the global network address information of above-mentioned host, the destination of target packet Location information is the private network address information of above-mentioned PCP client, that is to say, that includes the master in the 2nd PCP request message The Packet Filtering rule of the private network address information of the global network address information and PCP client of machine fails, therefore, PCP server is needed the Packet Filtering redundant rule elimination.
The deletion of S104, PCP server includes the global network address information and the PCP client of the host The Packet Filtering rule of private network address information.
The address information phase for including with the first PCP request message due to the address information for including in the 2nd PCP request message Together, therefore, even if the life cycle of the first PCP request message is not over, PCP server receive the 2nd PCP request disappear After breath, it is also desirable to the Packet Filtering redundant rule elimination that will be generated according to the first PCP request message.
S105, PCP server send the second confirmation message to PCP client.
Further, PCP server generate include host global network address information and PCP client it is privately owned After the Packet Filtering rule of network address information, determine that the life cycle of the first PCP request message terminates in PCP server When, it includes the global network address information of host and the private network address information of PCP client that PCP server, which is deleted, Packet Filtering rule.
It is understood that when PCP server generates Packet Filtering rule according to the first PCP request message, PCP service Device starts timing, to guarantee to take using the Packet Filtering rule to via PCP in the life cycle of the first PCP request message The target packet of business device is filtered.
Wherein, the method for PCP server timing can be timing of progressively increasing since 0 until arrival the in the embodiment of the present invention The value of the life cycle of one PCP request message stops timing, or from the value of the life cycle of the first PCP request message Start to successively decrease timing up to being 0, stops timing.
PCP server in the embodiment of the present invention, which is generated or deleted according to the filter operation code and life cycle received, to be wrapped The Packet Filtering rule of the private network address information of global network address information and PCP client containing host, so as to Dynamic interception is carried out to via the target packet of itself in PCP server, to improve the effect for intercepting protection.
Embodiment two
The embodiment of the present invention provides a kind of port control protocols PCP server 1, and the PCP server 1 is used for execution or more Step performed by PCP server in method.The PCP server 1 may include module corresponding to corresponding steps.Such as figure Shown in 5, which includes:
Receiving unit 50, for receiving the first PCP request message of the transmission of the PCP client in private network, described the One PCP request message carries filter operation code, the life cycle of the first PCP request message and the master in global network The global network address information of machine, the source address information of the first PCP request message are the private network of the PCP client The life cycle of address information, the first PCP request message is greater than zero.
Processing unit 51, the Life Cycle of the first PCP request message for being received according to the receiving unit 50 Phase and the filter operation code, generation include the private of the global network address information and the PCP client of the host There is the Packet Filtering rule of network address information, in order to which the PCP server is in the life of the first PCP request message The target packet via the PCP server is filtered using the Packet Filtering rule in period, the target The source address information of data packet is the global network address information of the host, and the destination address information of the target packet is The private network address information of the PCP client.
Transmission unit 52, for sending the first confirmation message to the PCP client.
Further, the receiving unit 50 is also used to send first to the PCP client in the transmission unit 52 After confirmation message, the PCP client is sent second is received in the life cycle of the first PCP request message PCP request message, the 2nd PCP request message carry the Life Cycle of the filter operation code, the 2nd PCP request message Phase, the host global network address information, the source address information of the 2nd PCP request message is the PCP client Private network address information, the life cycle of the 2nd PCP request message is equal to zero.
Further, the processing unit 51, be also used to delete include the host global network address information with And the Packet Filtering rule of the private network address information of the PCP client.
Further, the transmission unit 52 is also used to send the second confirmation message to the PCP client.
Further, the processing unit 51 is also used to send second to the PCP client in the transmission unit 52 After confirmation message, determine that the life cycle of the first PCP request message terminates, then deleting includes the publicly-owned of the host The Packet Filtering rule of the private network address information of network address information and the PCP client.
Optionally, the private network address information of the PCP client in the embodiment of the present invention includes the PCP client The private network internet protocol address information at end and port information corresponding with the private network IP address information, are located at The global network address information of host in global network include the host global network IP address information and with publicly-owned net The corresponding port information of network IP address information.
It is understood that the PCP server 1 of the present embodiment only according to the PCP server 1 realize function carry out Logical partitioning in practical application, can carry out the superposition or fractionation of said units.And the PCP server 1 that the embodiment provides The configuration method for the Packet Filtering rule that the function and above-described embodiment one realized provide corresponds, which is taken The more detailed process flow that business device 1 is realized, has been described in detail in above method embodiment one, herein no longer in detail Description.
Another embodiment of the present invention provides a kind of PCP servers, as shown in fig. 6, the PCP server includes interface circuit 100, processor 101, memory 102 and system bus 103.
Wherein, pass through the system bus between the interface circuit 100, the processor 101 and the memory 102 103 connections, and complete communication each other.
PCP server shown in fig. 6 is identical as PCP server in Fig. 2, and system bus 103 is not shown in Fig. 2.
It will be understood by those skilled in the art that the structure of PCP server shown in fig. 6 is not the limit to PCP server It is fixed, it may include perhaps combining certain components or different component layouts than illustrating more or fewer components.
Specifically, the PCP server executes data packet described in embodiment one when PCP server operation The configuration method of filtering rule.The configuration method of specific Packet Filtering rule can be found in above-mentioned reality as shown in Figure 3 or Figure 4 The associated description in example is applied, details are not described herein again.
Specifically, interface circuit 100 is for realizing the PCP server respectively between PCP client and global network Communication connection, wherein internet can be used in communication connection of the PCP server respectively between PCP client and global network, Wide area network, local network, Metropolitan Area Network (MAN) etc..
Specifically, the memory 102 can be used for storing software program and application module, processor 101 passes through operation It is stored in the software program and application module of memory 102, thereby executing the various function application and data of PCP server Processing.Memory 102 can mainly include storing program area and storage data area, wherein storing program area can storage program area, Application program needed at least one function (for example sending confirmation message function) etc.;Storage data area can store PCP server Data (such as Packet Filtering rule database 20) of creation etc..
Wherein, the memory 102 may include volatile memory, such as high-speed random access memory (RAM, Random Access Memory), the memory 102 also may include nonvolatile memory, for example, at least a disk Memory device, flush memory device or other volatile solid-state parts.
Specifically, the processor 101 is the control centre of PCP server, it is entire using various interfaces and connection The various pieces of PCP server, by running or executing the software program being stored in memory 102 and/or application module, with And the data being stored in memory 102 are called, the various functions and processing data of PCP server are executed, to service PCP Device carries out integral monitoring.
Wherein, processor 101 can be central processing unit (CPU, Central Processing Unit).The processing Device 101 can also for other general processors, digital signal processor (DSP, Digital Signal Processing) or Other programmable logic device or transistor logic, discrete hardware components etc..General processor can be microprocessor Or the processor is also possible to any conventional processor etc..
The system bus 103 may include data/address bus, power bus, control bus and signal condition bus etc..This For clear explanation in embodiment, various buses are all illustrated as system bus 103 in Fig. 6.
PCP server in the embodiment of the present invention, which is generated or deleted according to the filter operation code and life cycle received, to be wrapped The Packet Filtering rule of the private network address information of global network address information and PCP client containing host, so as to Dynamic interception is carried out to via the target packet of itself in PCP server, to improve the effect for intercepting protection.
Embodiment three
The embodiment of the present invention provides a kind of port control protocols PCP client 1, and the PCP client 1 is used for execution or more Step performed by PCP client in method.The PCP client 1 may include module corresponding to corresponding steps.Such as figure Shown in 7, which includes:
Transmission unit 60, for sending the first PCP request message to PCP server, the first PCP request message is carried Filter operation code, the life cycle of the first PCP request message, host in global network global network address letter Breath, the source address information of the first PCP request message are the private network address information of the PCP client, described first The life cycle of PCP request message is greater than zero, and the first PCP request message is for requesting the PCP server according to The generation of the life cycle of filter operation code and the first PCP request message includes the global network address information of the host And the Packet Filtering rule of the private network address information of the PCP client.
Receiving unit 61, send for receiving that the PCP server sends in response to the transmission unit 60 described in First confirmation message of the first PCP request message.
Further, the transmission unit 60 is also used to receive what the PCP server was sent in the receiving unit 61 After the first confirmation message of the first PCP request message, Xiang Suoshu PCP server sends the 2nd PCP request and disappears Breath, the 2nd PCP request message carry the filter operation code, the life cycle of the 2nd PCP request message, the master The global network address information of machine, the source address information of the 2nd PCP request message are the private network of the PCP client Address information, the life cycle of the 2nd PCP request message are equal to zero, and the 2nd PCP request message is described for requesting It includes the global network address information of the host and the private network address of the PCP client that PCP server, which is deleted, The Packet Filtering rule of information.
Further, the receiving unit 61 is also used to receive the single in response to the transmission of the PCP server transmission Second confirmation message of the 2nd PCP request message that member 60 is sent.
Optionally, the private network address information of the PCP client in the embodiment of the present invention includes the PCP client The private network internet protocol address information at end and port information corresponding with the private network IP address information, are located at The global network address information of host in global network include the host global network IP address information and with publicly-owned net The corresponding port information of network IP address information.
It is understood that the PCP client 1 of the present embodiment only according to the PCP client 1 realize function carry out Logical partitioning in practical application, can carry out the superposition or fractionation of said units.And the PCP client 1 that the embodiment provides The configuration method for the Packet Filtering rule that the function and above-described embodiment one realized provide corresponds, for PCP visitor The more detailed process flow that family end 1 is realized, has been described in detail in above method embodiment one, herein no longer in detail Description.
Another embodiment of the present invention provides a kind of PCP clients, as shown in figure 8, the PCP client includes interface circuit 110, processor 111, memory 112 and system bus 113.
Wherein, pass through the system bus between the interface circuit 110, the processor 111 and the memory 112 113 connections, and complete communication each other.
PCP client shown in Fig. 8 is identical as PCP client in Fig. 2, and system bus 113 is not shown in Fig. 2.
It will be understood by those skilled in the art that the structure of PCP client shown in Fig. 8 is not the limit to PCP client It is fixed, it may include perhaps combining certain components or different component layouts than illustrating more or fewer components.
Specifically, when PCP client operation, the embodiment of the PCP client executing as described in fig 3 Distribution public network address method.The method of specific distribution public network address can be found in above-mentioned embodiment as shown in Figure 3 or Figure 4 In associated description, details are not described herein again.
Specifically, interface circuit 110 is for realizing the communication connection between the PCP client and PCP server, the two it Between communication internet, wide area network, local network, Metropolitan Area Network (MAN) etc. can be used.
Specifically, the memory 112 can be used for storing software program and application module, processor 111 passes through operation It is stored in the software program and application module of memory 112, thereby executing the various function application and data of PCP client Processing.Memory 112 can mainly include that the storing program area storing program area can be needed for storage program area, at least one function Application program (for example send confirmation message function) etc..
Wherein, the memory 112 may include volatile memory, such as high-speed random access memory (RAM, Random Access Memory), the memory 112 also may include nonvolatile memory, for example, at least a disk Memory device, flush memory device or other volatile solid-state parts.
Specifically, the processor 111 is the control centre of PCP client, it is entire using various interfaces and connection The various pieces of PCP client, by running or executing the software program being stored in memory 112 and/or application module, with And the data being stored in memory 112 are called, the various functions and processing data of PCP client are executed, thus to PCP client End carries out integral monitoring.
Wherein, processor 111 can be central processing unit (CPU, Central Processing Unit).The processing Device 111 can also for other general processors, digital signal processor (DSP, Digital Signal Processing) or Other programmable logic device or transistor logic, discrete hardware components etc..General processor can be microprocessor Or the processor is also possible to any conventional processor etc..
The system bus 113 may include data/address bus, power bus, control bus and signal condition bus etc..This For clear explanation in embodiment, various buses are all illustrated as system bus 113 in fig. 8.
PCP client in the embodiment of the present invention sends comprising filter operation code, life cycle and is located to PCP server First PCP request message of the global network address information of the host in global network, for requesting PCP server according to filtering It includes the global network address information of host and the private network address information of PCP client that operation code and life cycle, which generate, Packet Filtering rule, in order to which PCP server can be according to the Packet Filtering rule of generation to via PCP server Target packet is filtered, to improve the effect for intercepting protection.
Example IV
The embodiment of the present invention provides a kind of configuration system of Packet Filtering rule, which includes such as embodiment two The PCP server and the PCP client as described in embodiment three, wherein lead between PCP server and PCP client Cross network connection.
For the more detailed process flow that PCP server is realized, it has been described in detail in above-described embodiment two, It is not described in detail herein.
For the more detailed process flow that PCP client is realized, it has been described in detail in above-described embodiment three, It is not described in detail herein.
It is apparent to those skilled in the art that for convenience and simplicity of description, only with above-mentioned each function The division progress of module can according to need and for example, in practical application by above-mentioned function distribution by different function moulds Block is completed, i.e., the internal structure of device is divided into different functional modules, to complete all or part of function described above Energy.The specific work process of the system, apparatus, and unit of foregoing description, can be with reference to corresponding in preceding method embodiment Journey, details are not described herein.
In several embodiments provided herein, it should be understood that disclosed system, device and method can be with It realizes by another way.For example, the apparatus embodiments described above are merely exemplary, for example, module or unit Division, only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or group Part can be combined or can be integrated into another system, or some features can be ignored or not executed.Another point, it is shown Or the mutual coupling, direct-coupling or communication connection discussed can be through some interfaces, device or unit it is indirect Coupling or communication connection can be electrical property, mechanical or other forms.
Unit may or may not be physically separated as illustrated by the separation member, shown as a unit Component may or may not be physical unit, it can and it is in one place, or may be distributed over multiple networks On unit.It can some or all of the units may be selected to achieve the purpose of the solution of this embodiment according to the actual needs.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list Member both can take the form of hardware realization, can also realize in the form of software functional units.
Those of ordinary skill in the art will appreciate that: realize that all or part of the steps of above method embodiment can pass through The relevant hardware of program instruction is completed, and program above-mentioned can be stored in a computer readable storage medium, the program When being executed, step including the steps of the foregoing method embodiments is executed;And storage medium above-mentioned includes: ROM, RAM, magnetic disk or light The various media that can store program code such as disk.
Although the alternative embodiment of the application has been described, created once a person skilled in the art knows basic Property concept, then additional changes and modifications can be made to these embodiments.So the following claims are intended to be interpreted as include can It selects embodiment and falls into all change and modification of the application range.
Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the art Mind and range.In this way, if these modifications and changes of the present invention belongs to the range of the claims in the present invention and its equivalent technologies Within, then the present invention is also intended to include these modifications and variations.

Claims (11)

1. a kind of configuration method of Packet Filtering rule characterized by comprising
Port control protocols PCP server receives the first PCP request message that the PCP client in private network is sent, described First PCP request message carries filter operation code, the life cycle of the first PCP request message and in global network The global network address information of host, the source address information of the first PCP request message are the privately owned net of the PCP client Network address information, the life cycle of the first PCP request message are greater than zero, the filter operation code for request to it is described The corresponding Packet Filtering rule of the private network address information of global network address information and the PCP client carries out Processing, the life cycle of the first PCP request message is for indicating according to the global network address information and the PCP The Packet Filtering rule that the private network address information of client generates hold time or ageing time;
Life cycle and the filter operation code of the PCP server according to the first PCP request message, generation include described The Packet Filtering rule of the private network address information of the global network address information of host and the PCP client, with Utilize the Packet Filtering rule to warp in the life cycle of the first PCP request message convenient for the PCP server It is filtered by the target packet of the PCP server, the source address information of the target packet is the public affairs of the host There is network address information, the destination address information of the target packet is the private network address information of the PCP client;
The PCP server sends the first confirmation message to the PCP client.
2. configuration method according to claim 1, which is characterized in that the PCP server is sent to the PCP client After first confirmation message, the configuration method further include:
In the life cycle of the first PCP request message, the PCP server receives what the PCP client was sent 2nd PCP request message, the 2nd PCP request message carry the life of the filter operation code, the 2nd PCP request message The global network address information in period and the host is ordered, the source address information of the 2nd PCP request message is the PCP visitor The life cycle of the private network address information at family end, the 2nd PCP request message is equal to zero;
The PCP server delete include the host global network address information and the PCP client it is privately owned The Packet Filtering rule of network address information;
The PCP server sends the second confirmation message to the PCP client.
3. configuration method according to claim 1 or 2, which is characterized in that the PCP server is to the PCP client After sending the first confirmation message, the configuration method further include:
Determine that the life cycle of the first PCP request message terminates, it includes the host that the PCP server, which is then deleted, The Packet Filtering rule of the private network address information of global network address information and the PCP client.
4. a kind of configuration method of Packet Filtering rule characterized by comprising
Port control protocols PCP client sends the first PCP request message to PCP server, and the first PCP request message is taken Global network with filter operation code, the life cycle of the first PCP request message and the host in global network Location information, the source address information of the first PCP request message is the private network address information of the PCP client, described The life cycle of first PCP request message be greater than zero, the first PCP request message for request the PCP server according to The generation of the life cycle of the filter operation code and the first PCP request message includes the global network address of the host The Packet Filtering rule of the private network address information of information and the PCP client, the filter operation code is for asking It asks and the Packet Filtering rule is handled, the life cycle of the first PCP request message is for indicating the data Packet filtering rules hold time or ageing time;
The PCP client receives the first confirmation in response to the first PCP request message that the PCP server is sent and disappears Breath.
5. configuration method according to claim 4, which is characterized in that the PCP client receives the PCP server hair After the first confirmation message in response to the first PCP request message sent, the configuration method further include:
The PCP client sends the 2nd PCP request message to the PCP server, and the 2nd PCP request message carries institute State the global network address information of filter operation code, the life cycle of the 2nd PCP request message and the host, described The source address information of two PCP request messages is the private network address information of the PCP client, and the 2nd PCP request disappears The life cycle of breath is equal to zero, and the 2nd PCP request message includes the host for requesting the PCP server deletion Global network address information and the PCP client private network address information Packet Filtering rule;
The PCP client receives the second confirmation in response to the 2nd PCP request message that the PCP server is sent and disappears Breath.
6. a kind of port control protocols PCP server characterized by comprising
Receiving unit, for receiving the first PCP request message of the transmission of the PCP client in private network, the first PCP is asked Message is asked to carry filter operation code, the life cycle of the first PCP request message and the public affairs of the host in global network There is network address information, the source address information of the first PCP request message is that the private network address of the PCP client is believed Breath, the life cycle of the first PCP request message are greater than zero, the filter operation code for request to the global network The corresponding Packet Filtering rule of the private network address information of address information and the PCP client is handled, institute The life cycle of the first PCP request message is stated for indicating according to the global network address information and the PCP client Private network address information generate Packet Filtering rule hold time or ageing time;
Processing unit, the life cycle of the first PCP request message for being received according to the receiving unit and described Filter operation code, generation include the global network address information of the host and the private network of the PCP client The Packet Filtering rule of location information, in order to which the PCP server is sharp in the life cycle of the first PCP request message The target packet via the PCP server is filtered with the Packet Filtering rule, the target packet Source address information is the global network address information of the host, and the destination address information of the target packet is the PCP The private network address information of client;
Transmission unit, for sending the first confirmation message to the PCP client.
7. PCP server according to claim 6, which is characterized in that
The receiving unit is also used to after the transmission unit sends the first confirmation message to the PCP client, in institute It states and receives the 2nd PCP request message that the PCP client is sent in the life cycle of the first PCP request message, described the Two PCP request messages carry the publicly-owned of the filter operation code, the life cycle of the 2nd PCP request message and the host Network address information, the source address information of the 2nd PCP request message are that the private network address of the PCP client is believed The life cycle of breath, the 2nd PCP request message is equal to zero;
The processing unit is also used to global network address information and the PCP client that deletion includes the host Private network address information Packet Filtering rule;
The transmission unit is also used to send the second confirmation message to the PCP client.
8. PCP server according to claim 6 or 7, which is characterized in that
The processing unit is also used to after the transmission unit sends the second confirmation message to the PCP client, is determined The life cycle of the first PCP request message terminates, then delete include the host global network address information and The Packet Filtering rule of the private network address information of the PCP client.
9. a kind of port control protocols PCP client characterized by comprising
Transmission unit, for sending the first PCP request message to PCP server, the first PCP request message carries filtering behaviour Make the global network address information of code, the life cycle of the first PCP request message and the host in global network, institute The source address information for stating the first PCP request message is the private network address information of the PCP client, and the first PCP is asked The life cycle of message is asked to be greater than zero, the first PCP request message is for requesting the PCP server to be grasped according to the filtering The life cycle for making code and the first PCP request message generate include the host global network address information and institute The Packet Filtering rule of the private network address information of PCP client is stated, the filter operation code is for requesting to the number It is handled according to packet filtering rules, the life cycle of the first PCP request message is for indicating the Packet Filtering rule Hold time or ageing time;
Receiving unit is asked for receiving the first PCP sent in response to the transmission unit that the PCP server is sent Seek the first confirmation message of message.
10. PCP client according to claim 9, which is characterized in that
The transmission unit, be also used to the receiving unit receive that the PCP server sends in response to the first PCP After first confirmation message of request message, Xiang Suoshu PCP server sends the 2nd PCP request message, the 2nd PCP request Message carries the global network address of the filter operation code, the life cycle of the 2nd PCP request message and the host Information, the source address information of the 2nd PCP request message are the private network address information of the PCP client, described the The life cycle of two PCP request messages is equal to zero, and the 2nd PCP request message is for requesting the PCP server to delete packet The Packet Filtering of the private network address information of global network address information containing the host and the PCP client Rule;
The receiving unit, be also used to receive the PCP server sends sent in response to the transmission unit described the Second confirmation message of two PCP request messages.
11. a kind of configuration system of Packet Filtering rule, which is characterized in that including any one in such as the claims 6-8 PCP server described in and the PCP client as described in any one of the claims 9-10, wherein the PCP It is communicated between client and the PCP server by network.
CN201510946745.1A 2015-12-16 2015-12-16 A kind of configuration method of Packet Filtering rule, apparatus and system Active CN106888198B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510946745.1A CN106888198B (en) 2015-12-16 2015-12-16 A kind of configuration method of Packet Filtering rule, apparatus and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510946745.1A CN106888198B (en) 2015-12-16 2015-12-16 A kind of configuration method of Packet Filtering rule, apparatus and system

Publications (2)

Publication Number Publication Date
CN106888198A CN106888198A (en) 2017-06-23
CN106888198B true CN106888198B (en) 2019-08-20

Family

ID=59175559

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510946745.1A Active CN106888198B (en) 2015-12-16 2015-12-16 A kind of configuration method of Packet Filtering rule, apparatus and system

Country Status (1)

Country Link
CN (1) CN106888198B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108809766A (en) * 2018-06-22 2018-11-13 北京奇艺世纪科技有限公司 A kind of method, apparatus and system obtaining RTT

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102647483A (en) * 2012-03-31 2012-08-22 中兴通讯股份有限公司 Method for obtaining network address translation (NAT) types, peer-to-peer (P2P) endpoint entity and NAT entity
CN103503413A (en) * 2012-12-28 2014-01-08 华为技术有限公司 Method and device for transmitting network information

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10320676B2 (en) * 2014-02-28 2019-06-11 Cisco Technology, Inc. Smarter policy decisions based on metadata in data flows

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102647483A (en) * 2012-03-31 2012-08-22 中兴通讯股份有限公司 Method for obtaining network address translation (NAT) types, peer-to-peer (P2P) endpoint entity and NAT entity
CN103503413A (en) * 2012-12-28 2014-01-08 华为技术有限公司 Method and device for transmitting network information

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
Port Control Protocol (PCP);Wing, et al.;《IETF RFC6887》;20130430;全文

Also Published As

Publication number Publication date
CN106888198A (en) 2017-06-23

Similar Documents

Publication Publication Date Title
CN111066301B (en) Method, system and storage medium for enforcing a unified global policy
US11563681B2 (en) Managing communications using alternative packet addressing
CN103580980B (en) The method and device thereof that virtual network finds and automatically configures automatically
US8396946B1 (en) Managing integration of external nodes into provided computer networks
CN108287723B (en) Application interaction method and device, physical machine and system
US8683023B1 (en) Managing communications involving external nodes of provided computer networks
US10771309B1 (en) Border gateway protocol routing configuration
CN107800743B (en) Cloud desktop system, cloud management system and related equipment
CN104718723A (en) A framework for networking and security services in virtual networks
US10178068B2 (en) Translating network attributes of packets in a multi-tenant environment
CN108377199B (en) Method, system, and medium for establishing end-to-end connections in a data center infrastructure
US10237235B1 (en) System for network address translation
TW201541919A (en) Scalable address resolution
CN109194525A (en) A kind of network node configuration method and management node
CN112564994B (en) Flow monitoring method and device, cloud server and storage medium
CN114070723A (en) Virtual network configuration method and system of bare metal server and intelligent network card
CN115189920A (en) Cross-network domain communication method and related device
US8612602B2 (en) Automatic generation of reusable network configuration objects
EP3618407B1 (en) Method for implementing three-layer communication
CN106888198B (en) A kind of configuration method of Packet Filtering rule, apparatus and system
CN111158864B (en) Data processing method, device, system, medium, and program
US8737413B2 (en) Relay server and relay communication system
KR20190110719A (en) Apparatus and method for concealing network
CN107070725A (en) A kind of method that server two-level management intermodule communication is shaken hands
EP2788869A1 (en) Hybrid virtual computing environments

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant