Port mapping system based on reverse multi-connection and port mapping method thereof
Technical Field
The invention relates to the technical field of computer information processing, in particular to a port mapping system based on reverse multi-connection and a port mapping method thereof.
Background
The current approach to access NAT devices is to provide corresponding services for port mapping, i.e. one port of the IP address of the border gateway is mapped to one machine in the NAT intranet. Port mapping is problematic in remote area data acquisition, in two main aspects: firstly, multiple NAT conditions are more in the scene, the multiple NAT conditions span multiple networks, and the mapping of edge ports is not feasible; and secondly, the wired network and the mobile (4G) network are simultaneously redundantly backed up for improving the reliability, and port mapping cannot be directly used.
Disclosure of Invention
In view of the above problems in the background art, an object of the present invention is to provide a port mapping system based on reverse multi-connection and a port mapping method thereof, which solve the problem of port mapping between multiple NATs and multi-connections. Reverse connection is an NAT traversal method for initiating TCP connection to a server outside an NAT network by equipment under the NAT network, and reverse multi-connection establishes connection of multiple network paths to ensure the reliability of NAT traversal.
In order to achieve the purpose, the invention provides the following technical scheme:
a port mapping system based on reverse multi-connection comprises internal equipment needing to be mapped by ports, reverse multi-connection gateway equipment, a reverse multi-connection server and a client; the reverse multi-connection gateway equipment comprises a connection management module, a mobile network module, a data forwarding module and a wired network module;
internal equipment: the internal equipment provides TCP service for the client, the internal equipment and the client are not in the same network, and the internal equipment provides TCP connection for the reverse multi-connection gateway equipment to finally provide service for the client;
a client: the client is a terminal device which needs to access the internal device service, the client and the internal device are not in the same network, the client is connected to the reverse multi-connection server through a TCP, and the TCP server of the internal device is finally accessed;
reverse multi-connection server: the reverse multi-connection server is intermediate bridging equipment between the client and the reverse multi-connection gateway equipment, provides TCP connection service for the client and the reverse multi-connection gateway equipment, and is responsible for forwarding TCP data message forwarding service of the client and the reverse multi-connection gateway equipment;
reverse multi-connection gateway device: the reverse multi-connection gateway equipment is intermediate bridging equipment and management equipment of the reverse multi-connection server and the internal equipment, is simultaneously connected to the reverse multi-connection server and the internal equipment and is also responsible for forwarding TCP data message forwarding services of the reverse multi-connection server and the internal equipment; the reverse multi-connection gateway device manages the mapping relation from the TCP port of the internal device to the TCP port of the reverse multi-connection server;
a connection management module: the system comprises a reverse multi-connection gateway device, a reverse multi-connection server and a TCP port mapping relation, wherein the TCP port mapping relation is used for managing a TCP port of an internal device to a TCP port of the reverse multi-connection server, and managing TCP connection from the reverse multi-connection gateway device to the internal device and the reverse multi-connection server;
a data forwarding module: the system comprises a reverse multi-connection server, a TCP data message forwarding server and a multi-connection gateway device, wherein the reverse multi-connection server is used for managing TCP connections between the multi-connection gateway device and internal devices and between the multi-connection gateway device and the reverse multi-connection server and managing and forwarding TCP data message forwarding services between the reverse multi-connection server and the internal devices;
a mobile network module: the mobile communication system is used for realizing mobile communication connection between the reverse multi-connection gateway equipment and the reverse multi-connection server and respectively providing network services for the connection management module and the data forwarding module; the mobile network module can use mobile 4G and 3G, GPRS networks of mobile operators, and the network bandwidth is small and is used for connecting backup;
a wired network module: the system comprises a reverse multi-connection gateway device, a data forwarding module and a connection management module, wherein the reverse multi-connection gateway device is used for realizing wired communication connection between the reverse multi-connection gateway device and a reverse multi-connection server and respectively providing network services for the connection management module and the data forwarding module; the wired network module has larger network bandwidth and is a main data communication channel;
the invention also provides a port mapping method based on reverse multi-connection, which comprises the following steps:
step (a), the connection management module establishes redundant signaling connection of the reverse multi-connection server, and the wired network module and the mobile network module respectively establish TCP signaling connection of the reverse multi-connection server;
the connection management module preferentially uses the wired network module to communicate with the TCP signaling connection of the reverse multi-connection server; when the TCP signaling connection is interrupted, the connection management module uses the mobile network module to communicate with the TCP signaling connection of the reverse multi-connection server;
step (c), the connection management module sends the port mapping request of the internal device to the reverse multi-connection server;
step (d), the reverse multi-connection server receives the mapping request, maps the port of the internal device to the mapping port of the reverse multi-connection server, and stores the mapping relation into a hash mapping table h 1;
step (e), the reverse multi-connection server mapping port receives the client TCP connection, queries a hash mapping table h1 to obtain a mapping relation, and sends a client connection request to the connection management module;
step (f), the connection management module receives the connection request and informs the data forwarding module to establish reverse data connection;
step (g), the data forwarding module selects to establish TCP data connection of the port of the internal device;
step (h), the data forwarding module establishes a reverse data connection process with the reverse multi-connection server:
(h.1), when the wired network module is connected with the reverse multi-connection server in a TCP signaling connection state, selecting the wired network module to establish TCP data connection with the reverse multi-connection server;
(h.2) when the connection of the wired network module and the TCP signaling of the reverse multi-connection server is interrupted, selecting the mobile network module and establishing TCP data connection with the reverse multi-connection server;
(h.3) when the TCP signaling data of the wired network module and the reverse multi-connection server fails, switching to the mobile network module to establish TCP data connection to the reverse multi-connection server;
(h.4), when the TCP signaling data of the mobile network module and the reverse multi-connection server are also failed, the connection management module is informed of the connection interruption, and the TCP mapping connection service is ended;
(h.5) because the data forwarding module actively connects the TCP with the reverse multi-connection server, even if the reverse multi-connection gateway equipment still can realize NAT penetration in multiple NAT;
step (i), the client sends data message to the internal device:
(i.1) the client sends a data message of the reverse multi-connection server;
(i.2) after receiving the data packet message of the client, the reverse multi-connection server adds an eight-byte packet header and forwards a data forwarding module; the eight-byte packet header comprises a four-byte length and a four-byte sequence number, wherein the four-byte length is used for TCP sub-packets of the data forwarding module, and the four-byte sequence number is an increasing sequence number and is used for continuous transmission of TCP data connection switching messages of the wired network module, the mobile network module and the reverse multi-connection server;
(i.3), the reverse multi-connection server forwards the data packet to the data forwarding module to be stored in a packet sending cache; the reverse multi-connection server receives the sequence number confirmation request and clearly sends the cached data according to the sequence number;
(i.4) the data forwarding module receives the data packet message of the reverse multi-connection server, removes the eight-byte packet header and forwards the data packet message to the internal device; the data forwarding module takes out the four-byte sequence number of the eight-byte packet head, and sends a sequence number confirmation request through the connection management module and the TCP signaling connection of the reverse multi-connection server, so that the reverse multi-connection server can clearly send the packet cached data;
(i.5), when the TCP signaling data of the wired network module and the reverse multi-connection server fails, the mobile network module reestablishes the TCP data connection to the reverse multi-connection server; the reverse multi-connection server resends the packet-sending cached message to the data forwarding module, so that the data message sent to the internal equipment by the client is not lost when connection switching is carried out;
step (j), the flow of sending data message to the client by the internal device:
(j.1), the internal device sends the data message of the data forwarding module;
(j.2) after receiving the data packet of the internal device, the data forwarding module adds an eight-byte packet header and forwards the data forwarding module, wherein the eight-byte packet header comprises a four-byte length and a four-byte sequence number;
(j.3), the data forwarding module forwards the data packet to the reverse multi-connection server to store and send the packet in the buffer; the reverse data forwarding module receives the sequence number confirmation request and clearly sends the cached data according to the sequence number;
(j.4) the reverse multi-connection server receives the data packet message of the data forwarding module, removes the eight-byte packet header and forwards the data packet message to the client; the reverse multi-connection server takes out the four-byte sequence number of the eight-byte packet head, and transmits a sequence number confirmation request through the connection management module and the TCP signaling connection of the reverse multi-connection server;
(j.5), when the TCP signaling data of the wired network module and the reverse multi-connection server fails, the mobile network module reestablishes the TCP data connection to the reverse multi-connection server; the data forwarding module retransmits the packet-sending cached message to the reverse multi-connection server; when connection switching is carried out, the data message sent to the client by the internal equipment is not lost;
and (k) establishing a TCP actual connection of the reverse multi-connection server through the client, establishing a TCP actual connection of the internal equipment by the reverse multi-connection gateway equipment, and establishing two redundant backup reverse TCP actual connections from the reverse multi-connection gateway equipment to the reverse multi-connection server to provide a TCP virtual connection similar to direct connection between the client and the internal equipment, and finally realizing the port mapping between the redundant backup of the wired network and the mobile (4G) network and multiple NATs.
Compared with the prior art, the invention has the beneficial effects that:
by adopting the technical scheme of the invention, the problem of port mapping of multiple NAT and multiple NAT is effectively solved, the actual TCP connection of the reverse multi-connection server is established through the client, the actual TCP connection of the internal equipment is established through the reverse multi-connection gateway equipment, and two redundant backup reverse TCP actual connections from the reverse multi-connection gateway equipment to the reverse multi-connection server provide TCP virtual connections similar to direct connection for the client and the internal equipment, and finally, the port mapping of the redundant backup of the wired network and the mobile network and the multiple NAT is realized.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a block diagram of an overall functional structure of a port mapping system based on reverse multi-connection in the present invention.
The figures in the drawings are marked with numbers: the system comprises internal equipment (1), a connection management module (2), a mobile network module (3), a data forwarding module (4), a wired network module (5), a reverse multi-connection server (6) and a client (7)
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1: the invention provides a specific embodiment of a port mapping system based on reverse multi-connection, which comprises internal equipment (1) needing to be subjected to port mapping, reverse multi-connection gateway equipment, a reverse multi-connection server (6) and a client (7); the reverse multi-connection gateway equipment comprises a connection management module (2), a mobile network module (3), a data forwarding module (4) and a wired network module (5);
internal device (1): the internal device (1) is a device for providing TCP service for the client (7), the internal device (1) and the client (7) are not in the same network, and the internal device (1) finally provides service for the client (7) by providing TCP connection for the reverse multi-connection gateway device;
client (7): the client (7) is a terminal device which needs to access the service of the internal device (1), the client (7) and the internal device (1) are not in the same network, the client (7) is connected to the reverse multi-connection server (6) through TCP, and finally the TCP server of the internal device (1) is accessed;
reverse multi-connection server (6): the reverse multi-connection server (6) is intermediate bridging equipment between the client (7) and the reverse multi-connection gateway equipment, and the reverse multi-connection server (6) provides TCP connection service for the client (7) and the reverse multi-connection gateway equipment and is responsible for forwarding TCP data message forwarding service of the client (7) and the reverse multi-connection gateway equipment;
reverse multi-connection gateway device: the reverse multi-connection gateway equipment is intermediate bridging equipment and management equipment of the reverse multi-connection server (6) and the internal equipment (1), is simultaneously connected to the reverse multi-connection server (6) and the internal equipment (1) and is also responsible for forwarding TCP data message forwarding services of the reverse multi-connection server (6) and the internal equipment (1); the reverse multi-connection gateway device manages the mapping relation from the TCP port of the internal device (1) to the TCP port of the reverse multi-connection server (6);
connection management module (2): the system comprises a reverse multi-connection server (6), a TCP port mapping relation used for managing the TCP port of the internal device (1) to the TCP port of the reverse multi-connection server (6), and the TCP connection between the reverse multi-connection gateway device and the internal device (1) and the reverse multi-connection server (6);
data forwarding module (4): the TCP data message forwarding system is used for managing TCP connections between the multi-connection gateway equipment and the internal equipment (1) and between the multi-connection gateway equipment and the reverse multi-connection server (6) and managing TCP data message forwarding service for forwarding the reverse multi-connection server (6) and the internal equipment (1);
mobile network module (3): the mobile communication system is used for realizing mobile communication connection between the reverse multi-connection gateway equipment and the reverse multi-connection server (6) and respectively providing network services for the connection management module (2) and the data forwarding module (4); the mobile network module (3) can use mobile 4G and 3G, GPRS networks of mobile operators, and the network bandwidth is small and is used for connection backup;
wired network module (5): the system is used for realizing wired communication connection between the reverse multi-connection gateway equipment and the reverse multi-connection server (6) and respectively providing network services for the connection management module (2) and the data forwarding module (4); the wired network module (5) has larger network bandwidth and is a main data communication channel;
based on the above-mentioned port mapping system based on reverse multi-connection, the present invention further provides a specific embodiment of a port mapping method based on reverse multi-connection, which includes the following steps:
step (a), the connection management module (2) establishes a redundant signaling connection of the reverse multi-connection server (6), and the wired network module (5) and the mobile network module (3) respectively establish a TCP signaling connection of the reverse multi-connection server (6);
the connection management module (2) preferentially uses the wired network module (5) to communicate with the TCP signaling connection of the reverse multi-connection server (6); when the TCP signaling connection is interrupted, the connection management module (2) uses the mobile network module (3) to communicate with the TCP signaling connection of the reverse multi-connection server (6);
step (c), the connection management module (2) sends the port mapping request of the internal device (1) to the reverse multi-connection server (6);
step (d), the reverse multi-connection server (6) receives the mapping request, maps the port of the internal device (1) to the mapping port of the reverse multi-connection server (6), and stores the mapping relation in the hash mapping table h (1);
step (e), the mapping port of the reverse multi-connection server (6) receives the TCP connection of the client (7), queries the hash mapping table h (1) to obtain the mapping relation, and sends a client connection request to the connection management module (2);
step (f), the connection management module (2) receives the connection request and informs the data forwarding module (4) to establish reverse data connection;
step (g), the data forwarding module (4) selects to establish TCP data connection of the port of the internal device (1);
step (h), the data forwarding module (4) establishes a reverse data connection process with the reverse multi-connection server (6):
(h.1), when the wired network module (5) is in a TCP signaling connection communication state with the reverse multi-connection server (6), selecting the wired network module (5) to establish a TCP data connection with the reverse multi-connection server (6);
(h.2) selecting the mobile network module (3) to establish TCP data connection with the reverse multi-connection server (6) when the TCP signaling connection between the wired network module (5) and the reverse multi-connection server (6) is interrupted;
(h.3) when the TCP signaling data of the wired network module (5) and the reverse multi-connection server (6) fails, switching to the mobile network module (3) to establish a TCP data connection to the reverse multi-connection server ((6));
(h.4), when the TCP signaling data of the mobile network module (3) and the reverse multi-connection server (6) also fails, the connection management module (2) is informed of the connection interruption, and the TCP mapping connection service is ended;
(h.5) the data forwarding module (4) is actively connected with the reverse multi-connection server (6) through TCP, so that NAT penetration can be still realized even if the reverse multi-connection gateway equipment is subjected to multiple NAT;
step (i), the client (7) sends data message to the internal device (1):
(i.1) the client (7) sends a data message of the reverse multi-connection server (6);
(i.2) after receiving the data packet text of the client (7), the reverse multi-connection server (6) adds an eight-byte packet header and forwards the data forwarding module (4); the eight-byte packet header comprises a four-byte length and a four-byte sequence number, the four-byte length is used for TCP sub-packets of the data forwarding module (4), and the four-byte sequence number is an increasing sequence number and is used for TCP data connection switching message continuous transmission of the wired network module (5), the mobile network module (3) and the reverse multi-connection server (6);
(i.3), the reverse multi-connection server (6) forwards the data packet to the data forwarding module (4) to be stored in a packet sending cache; the reverse multi-connection server (6) receives the sequence number confirmation request and clearly sends the cached data according to the sequence number;
(i.4) the data forwarding module (4) receives the data packet message of the reverse multi-connection server (6), removes the eight-byte packet header, and forwards the data packet to the internal device (1); the data forwarding module (4) takes out the four-byte sequence number of the eight-byte packet header, and sends a sequence number confirmation request through the connection management module (2) and the TCP signaling connection of the reverse multi-connection server (6) for the reverse multi-connection server (6) to clearly send the packet cached data;
(i.5), when the TCP signaling data of the wired network module (5) and the reverse multi-connection server (6) fails, the mobile network module (3) reestablishes the TCP data connection to the reverse multi-connection server ((6)); the reverse multi-connection server (6) resends the packet-sending cached message to the data forwarding module (4), so that the data message sent to the internal equipment (1) by the client (7) is not lost during connection switching;
step (j), the internal device (1) sends data message flow to the client (7):
(j.1), the internal device (1) sends the data message of the data forwarding module (4);
(j.2) after receiving the data packet of the internal device (1), the data forwarding module (4) adds an eight-byte packet header, and forwards the data forwarding module (4), wherein the eight-byte packet header comprises a four-byte length and a four-byte sequence number;
(j.3), the data forwarding module (4) forwards the data packet to the data packet storage and packet sending cache of the reverse multi-connection server (6); the reverse data forwarding module (4) receives the sequence number confirmation request and clearly sends the cached data according to the sequence number;
(j.4), the reverse multi-connection server (6) receives the data packet message of the data forwarding module (4), removes the eight-byte packet header, and forwards the data packet to the client (7); the reverse multi-connection server (6) takes out the four-byte sequence number of the eight-byte packet header and sends a sequence number confirmation request through the connection management module (2) and the TCP signaling connection of the reverse multi-connection server (6);
(j.5), when the TCP signaling data of the wired network module (5) and the reverse multi-connection server (6) fails, the mobile network module (3) reestablishes the TCP data connection to the reverse multi-connection server (6); the data forwarding module (4) retransmits the packet-sending cache message to the reverse multi-connection server (6); when connection switching is carried out, the data message sent to the client (7) by the internal equipment (1) is ensured not to be lost;
and (k) establishing a TCP actual connection of the reverse multi-connection server (6) through the client (7), establishing a TCP actual connection of the internal equipment (1) by the reverse multi-connection gateway equipment, and establishing two redundant backup reverse TCP actual connections from the reverse multi-connection gateway equipment to the reverse multi-connection server (6) to provide a TCP virtual connection similar to direct connection between the client (7) and the internal equipment (1), and finally realizing port mapping between the wired network and the mobile (4G) network redundant backup and multiple NATs.
It is further noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.